Author: joeyh
Date: 2009-12-07 21:14:22 +0000 (Mon, 07 Dec 2009)
New Revision: 13482
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-07 16:12:29 UTC (rev 13481)
+++ data/CVE/list 2009-12-07 21:14:22 UTC (rev 13482)
@@ -1,3 +1,35 @@
+CVE-2009-4213
+ RESERVED
+CVE-2009-4212
+ RESERVED
+CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security
Readiness ...)
+ TODO: check
+CVE-2009-4210
+ RESERVED
+CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in
admin/index.php ...)
+ TODO: check
+CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school
(OS) ...)
+ TODO: check
+CVE-2009-4207 (Cross-site scripting (XSS) vulnerability in the Webform module
5.x ...)
+ TODO: check
+CVE-2009-4206 (SQL injection vulnerability in admin.link.modify.php in Million
Dollar ...)
+ TODO: check
+CVE-2009-4205 (Directory traversal vulnerability in admin.php in Flashlight
Free ...)
+ TODO: check
+CVE-2009-4204 (SQL injection vulnerability in read.php in Flashlight Free
Edition ...)
+ TODO: check
+CVE-2009-4203 (Multiple SQL injection vulnerabilities in
admin/aclass/admin_func.php ...)
+ TODO: check
+CVE-2009-4202 (Directory traversal vulnerability in the Omilen Photo Gallery
...)
+ TODO: check
+CVE-2009-4201 (Multiple stack-based buffer overflows in Mp3 Tag Assistant ...)
+ TODO: check
+CVE-2009-4200 (SQL injection vulnerability in the Seminar (com_seminar)
component ...)
+ TODO: check
+CVE-2009-4199 (Multiple SQL injection vulnerabilities in the Mambo Resident
(aka Mos ...)
+ TODO: check
+CVE-2009-4198 (SQL injection vulnerability in my_orders.php in MyMiniBill
allows ...)
+ TODO: check
CVE-2009-4197 (rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running
firmware ...)
NOT-FOR-US: Huawei MT882 V100R002B020
CVE-2009-4196 (Multiple cross-site scripting (XSS) vulnerabilities in multiple
...)
@@ -94,8 +126,8 @@
NOT-FOR-US: IBM DB2
CVE-2009-4149
RESERVED
-CVE-2009-4148
- RESERVED
+CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote
attackers ...)
+ TODO: check
CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
TODO: check
CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
@@ -191,7 +223,7 @@
- firefox-sage <unfixed> (low; bug #559267)
CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs
certain ...)
NOT-FOR-US: infoRSS extension for Firefox
-CVE-2009-4100 (Yoono extension 6.1.1 for Firefox performs certain operations
with ...)
+CVE-2009-4100 (Yoono extension before 6.1.1 for Firefox performs certain
operations ...)
NOT-FOR-US: Yoono extension for Firefox
CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar
...)
NOT-FOR-US: Joomla! Component
@@ -396,8 +428,7 @@
NOTE: <https://www.isc.org/node/504>
NOTE: Only affects installations with trust anchors, but then the
NOTE: consequences are quite severe.
-CVE-2009-4020 [linux-2.6: hfs buffer overflow]
- RESERVED
+CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux
kernel ...)
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does
not ...)
@@ -1661,8 +1692,8 @@
NOT-FOR-US: Xerver HTTP Server
CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32
allows ...)
NOT-FOR-US: Xerver HTTP Server
-CVE-2009-3560
- RESERVED
+CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat
2.0.1, ...)
+ TODO: check
CVE-2009-3559 (** DISPUTED ** ...)
- php5 <unfixed> (unimportant)
NOTE: safe_mode regression
@@ -2293,8 +2324,7 @@
NOT-FOR-US: ClearSite
CVE-2009-3305
RESERVED
-CVE-2009-3304 [gforge: symlink attack]
- RESERVED
+CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to
overwrite ...)
{DSA-1945-1}
- gforge 4.8.2-1
CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php
in ...)