thr3ads.net - Secure testing commits - [Secure-testing-commits] r13441

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Dec-03 21:14 UTC
[Secure-testing-commits] r13441 - data/CVE

Author: joeyh
Date: 2009-12-03 21:14:22 +0000 (Thu, 03 Dec 2009)
New Revision: 13441

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-03 18:34:22 UTC (rev 13440)
+++ data/CVE/list	2009-12-03 21:14:22 UTC (rev 13441)
@@ -1,3 +1,93 @@
+CVE-2009-4175 (CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows
remote ...)
+	TODO: check
+CVE-2009-4174 (The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews
...)
+	TODO: check
+CVE-2009-4173 (Cross-site request forgery (CSRF) vulnerability in CutePHP
CuteNews ...)
+	TODO: check
+CVE-2009-4172 (Cross-site scripting (XSS) vulnerability in index.php in CutePHP
...)
+	TODO: check
+CVE-2009-4171 (An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger
...)
+	TODO: check
+CVE-2009-4170 (WP-Cumulus Plug-in 1.20 for WordPress, and possibly other
versions, ...)
+	TODO: check
+CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in
the ...)
+	TODO: check
+CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in tagcloud.swf in the
...)
+	TODO: check
+CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl
...)
+	TODO: check
+CVE-2009-4166 (SQL injection vulnerability in the Trips (mchtrips) extension
2.0.0 ...)
+	TODO: check
+CVE-2009-4165 (SQL injection vulnerability in the simple Glossar
(simple_glossar) ...)
+	TODO: check
+CVE-2009-4164 (Cross-site scripting (XSS) vulnerability in the simple Glossar
...)
+	TODO: check
+CVE-2009-4163 (SQL injection vulnerability in the TW Productfinder
(tw_productfinder) ...)
+	TODO: check
+CVE-2009-4162 (Unspecified vulnerability in the DB Integration (wfqbe)
extension ...)
+	TODO: check
+CVE-2009-4161 (Cross-site scripting (XSS) vulnerability in the [AN] Search it!
...)
+	TODO: check
+CVE-2009-4160 (Unspecified vulnerability in the Simple download-system with
counter ...)
+	TODO: check
+CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter ...)
+	TODO: check
+CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension
...)
+	TODO: check
+CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php
in ...)
+	TODO: check
+CVE-2009-4155 (Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow
remote ...)
+	TODO: check
+CVE-2009-4154 (Directory traversal vulnerability in
includes/feedcreator.class.php in ...)
+	TODO: check
+CVE-2009-4153 (Unspecified vulnerability in the XMLAccess component in IBM
WebSphere ...)
+	TODO: check
+CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration
...)
+	TODO: check
+CVE-2009-4151 (Session fixation vulnerability in
html/Elements/SetupSessionCookie in ...)
+	TODO: check
+CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before
FP4, and ...)
+	TODO: check
+CVE-2009-4149
+	RESERVED
+CVE-2009-4148
+	RESERVED
+CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
+	TODO: check
+CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
+	TODO: check
+CVE-2009-4145
+	RESERVED
+CVE-2009-4144
+	RESERVED
+CVE-2009-4143
+	RESERVED
+CVE-2009-4142
+	RESERVED
+CVE-2009-4141
+	RESERVED
+CVE-2009-4140
+	RESERVED
+CVE-2009-4139
+	RESERVED
+CVE-2009-4138
+	RESERVED
+CVE-2009-4137
+	RESERVED
+CVE-2009-4136
+	RESERVED
+CVE-2009-4135
+	RESERVED
+CVE-2009-4134
+	RESERVED
+CVE-2009-4133
+	RESERVED
+CVE-2009-4132
+	RESERVED
+CVE-2009-4131
+	RESERVED
 CVE-2009-XXXX [monkey DoS]
 	- monkey 0.9.3-1 (low)
 	[lenny] - monkey <no-dsa> (Minor issue, fringe package)
@@ -5,10 +95,10 @@
 	RESERVED
 CVE-2009-4129
 	RESERVED
-CVE-2009-4128
-	RESERVED
-CVE-2009-4127
-	RESERVED
+CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the
submitted ...)
+	TODO: check
+CVE-2009-4127 (Unspecified vulnerability in Wikipedia Toolbar extension before
...)
+	TODO: check
 CVE-2009-4126
 	RESERVED
 CVE-2009-4125
@@ -160,10 +250,10 @@
 	NOT-FOR-US: component for Joomla!
 CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy
CMS 3.5 ...)
 	NOT-FOR-US: Betsy CMS
-CVE-2009-4055 [asterisk DoS]
-	RESERVED
+CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before
...)
 	- asterisk <unfixed> (bug filed)
-CVE-2009-4054 (Microsoft Internet Explorer 6 and 7 allows remote attackers to
execute ...)
+CVE-2009-4054
+	REJECTED
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server
...)
 	NOT-FOR-US: Home FTP Server
@@ -229,10 +319,9 @@
 	RESERVED
 CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL
5.0.x ...)
 	TODO: check
-CVE-2009-4027
-	RESERVED
-CVE-2009-4026 [linux-2.6: remotely exploitable flaw in mac80211]
-	RESERVED
+CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel
before ...)
+	TODO: check
+CVE-2009-4026 (The mac80211 subsystem in the Linux kernel before ...)
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.30)
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.30)
@@ -1146,8 +1235,8 @@
 	RESERVED
 CVE-2009-3673
 	RESERVED
-CVE-2009-3672
-	RESERVED
+CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 allows remote attackers to
execute ...)
+	TODO: check
 CVE-2009-3671
 	RESERVED
 CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1
...)
@@ -1377,8 +1466,8 @@
 	NOT-FOR-US: eTrust Antivirus
 CVE-2009-3586
 	RESERVED
-CVE-2009-3585 [request-tracker: session fixation issue]
-	RESERVED
+CVE-2009-3585 (Session fixation vulnerability in
html/Elements/SetupSessionCookie in ...)
+	{DSA-1944-1}
 	- request-tracker3.4 <removed>
 	- request-tracker3.6 3.6.9-2 (low)
 CVE-2009-3584
@@ -2103,6 +2192,7 @@
 	RESERVED
 CVE-2009-3304 [gforge: symlink attack]
 	RESERVED
+	{DSA-1945-1}
 	- gforge  4.8.2-1
 CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php
in ...)
 	{DSA-1937-1}
@@ -4421,8 +4511,7 @@
 	[etch] - xscreensaver <no-dsa> (Minor issue)
 	[lenny] - xscreensaver <no-dsa> (Minor issue)
 	TODO: next point release [lenny] - xscreensaver 5.05-3+lenny1
-CVE-2009-2626 [php5: remote memory disclosure]
-	RESERVED
+CVE-2009-2626 (The zend_restore_ini_entry_cb function in zend_ini.c in PHP
5.3.0, ...)
 	{DSA-1940-1}
 	- php5 5.2.11.dfsg.1-1 (low; bug #540605)
 	[etch] - php5 <no-dsa> (too risky to fix it there)
@@ -4520,8 +4609,8 @@
 	- xemacs21 <unfixed> (low; bug #540470)
 	[etch] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
 	[lenny] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
-CVE-2009-2686
-	RESERVED
+CVE-2009-2686 (Unspecified vulnerability in HP NonStop G06.12.00 through
G06.32.00, ...)
+	TODO: check
 CVE-2009-2685 (Stack-based buffer overflow in the login form in the management
web ...)
 	NOT-FOR-US: HP Power Manager
 CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect
and ...)
Secure testing commits - Dec 2009 - r13441 - data/CVE

[Secure-testing-commits] r13441 - data/CVE
