thr3ads.net - Secure testing commits - [Secure-testing-commits] r13506

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Dec-10 21:14 UTC
[Secure-testing-commits] r13506 - data/CVE

Author: joeyh
Date: 2009-12-10 21:14:16 +0000 (Thu, 10 Dec 2009)
New Revision: 13506

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-10 20:34:29 UTC (rev 13505)
+++ data/CVE/list	2009-12-10 21:14:16 UTC (rev 13506)
@@ -1,3 +1,53 @@
+CVE-2009-4261
+	RESERVED
+CVE-2009-4260
+	RESERVED
+CVE-2009-4259
+	RESERVED
+CVE-2009-4258
+	RESERVED
+CVE-2009-4257
+	RESERVED
+CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in
AlefMentor 2.0 ...)
+	TODO: check
+CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit!
template ...)
+	TODO: check
+CVE-2009-4254 (PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive
...)
+	TODO: check
+CVE-2009-4253 (Cross-site scripting (XSS) vulnerability in dspStats.php in ...)
+	TODO: check
+CVE-2009-4252 (Cross-site scripting (XSS) vulnerability in images.php in Image
...)
+	TODO: check
+CVE-2009-4251 (Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka
Corel ...)
+	TODO: check
+CVE-2009-4250 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP
...)
+	TODO: check
+CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP
...)
+	TODO: check
+CVE-2009-4248
+	RESERVED
+CVE-2009-4247
+	RESERVED
+CVE-2009-4246
+	RESERVED
+CVE-2009-4245
+	RESERVED
+CVE-2009-4244
+	RESERVED
+CVE-2009-4243
+	RESERVED
+CVE-2009-4242
+	RESERVED
+CVE-2009-4241
+	RESERVED
+CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in
the ...)
+	TODO: check
+CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in
IBM ...)
+	TODO: check
+CVE-2009-4238
+	RESERVED
+CVE-2009-4237
+	RESERVED
 CVE-2009-4236 (The process function in ...)
 	NOT-FOR-US: EC-CUBE
 CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local
users ...)
@@ -176,8 +226,8 @@
 	TODO: check
 CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before
FP4, and ...)
 	NOT-FOR-US: IBM DB2
-CVE-2009-4149
-	RESERVED
+CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in
CA ...)
+	TODO: check
 CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote
attackers ...)
 	TODO: check
 CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
@@ -1419,20 +1469,20 @@
 	RESERVED
 CVE-2009-3678
 	RESERVED
-CVE-2009-3677
-	RESERVED
+CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows
2000 ...)
+	TODO: check
 CVE-2009-3676 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7
allows ...)
 	NOT-FOR-US: Microsoft Windows Server
-CVE-2009-3675
-	RESERVED
-CVE-2009-3674
-	RESERVED
-CVE-2009-3673
-	RESERVED
-CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 allows remote attackers to
execute ...)
+CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service
(LSASS) in ...)
 	TODO: check
-CVE-2009-3671
-	RESERVED
+CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects
in ...)
+	TODO: check
+CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle
objects ...)
+	TODO: check
+CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle
objects ...)
+	TODO: check
+CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects
in ...)
+	TODO: check
 CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1
...)
 	NOT-FOR-US: KSP Sound Player
 CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions ...)
@@ -1749,8 +1799,7 @@
 	- puppet <unfixed> (low; bug #551073)
 	[etch] - puppet <no-dsa> (minor issue)
 	[lenny] - puppet <no-dsa> (minor issue)
-CVE-2009-3563 [ntpd DoS]
-	RESERVED
+CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows
remote ...)
 	{DSA-1948-1}
 	- ntp 1:4.2.4p8+dfsg-1 (medium; bug #560074)
 CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server
4.32 ...)
@@ -5353,16 +5402,16 @@
 	NOT-FOR-US: Microsoft Windows 2000
 CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows
XP SP2 ...)
 	NOT-FOR-US: Microsoft Windows 2000
-CVE-2009-2509
-	RESERVED
-CVE-2009-2508
-	RESERVED
+CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows
...)
+	TODO: check
+CVE-2009-2508 (The single sign-on implementation in Active Directory Federation
...)
+	TODO: check
 CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft
Windows ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2009-2506
-	RESERVED
-CVE-2009-2505
-	RESERVED
+CVE-2009-2506 (The text converters in Microsoft Office Word 2002 SP3 and 2003
SP3; ...)
+	TODO: check
+CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows
Vista ...)
+	TODO: check
 CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in
Microsoft ...)
 	NOT-FOR-US: Microsoft products
 CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and
SP3, ...)
@@ -13675,8 +13724,8 @@
 	NOT-FOR-US: Citrix
 CVE-2008-5881 (Multiple directory traversal vulnerabilities in playSMS 0.9.3
allow ...)
 	NOT-FOR-US: playSMS
-CVE-2009-0102
-	RESERVED
+CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003
SP3, ...)
+	TODO: check
 CVE-2009-0101
 	RESERVED
 CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007
SP1; ...)
Secure testing commits - Dec 2009 - r13506 - data/CVE

[Secure-testing-commits] r13506 - data/CVE
