Author: joeyh
Date: 2009-12-14 21:14:18 +0000 (Mon, 14 Dec 2009)
New Revision: 13549
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-14 20:12:31 UTC (rev 13548)
+++ data/CVE/list 2009-12-14 21:14:18 UTC (rev 13549)
@@ -1,3 +1,69 @@
+CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows
2000 ...)
+ TODO: check
+CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft
Windows 2000 ...)
+ TODO: check
+CVE-2009-4311 (Unspecified vulnerability in the Indeo codec in Microsoft
Windows 2000 ...)
+ TODO: check
+CVE-2009-4310 (Stack-based buffer overflow in the Intel Indeo41 codec for
Windows ...)
+ TODO: check
+CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for
Windows ...)
+ TODO: check
+CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4
...)
+ TODO: check
+CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux
...)
+ TODO: check
+CVE-2009-4306 (Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move
extents) ...)
+ TODO: check
+CVE-2009-4291
+ RESERVED
+CVE-2009-4290
+ RESERVED
+CVE-2009-4289
+ RESERVED
+CVE-2009-4288
+ RESERVED
+CVE-2009-4287
+ RESERVED
+CVE-2009-4286
+ RESERVED
+CVE-2009-4285
+ RESERVED
+CVE-2009-4284
+ RESERVED
+CVE-2009-4283
+ RESERVED
+CVE-2009-4282
+ RESERVED
+CVE-2009-4281
+ RESERVED
+CVE-2009-4280
+ RESERVED
+CVE-2009-4279
+ RESERVED
+CVE-2009-4278
+ RESERVED
+CVE-2009-4277
+ RESERVED
+CVE-2009-4276
+ RESERVED
+CVE-2009-4275
+ RESERVED
+CVE-2009-4274
+ RESERVED
+CVE-2009-4273
+ RESERVED
+CVE-2009-4272
+ RESERVED
+CVE-2009-4271
+ RESERVED
+CVE-2009-4270
+ RESERVED
+CVE-2009-4269
+ RESERVED
+CVE-2009-4268
+ RESERVED
+CVE-2009-4267
+ RESERVED
CVE-2009-XXXX [Zabbix Server multiple remote vulnerabilities]
- zabbix <unfixed> (medium)
TODO: check
@@ -30,63 +96,72 @@
[lenny] - xfs <no-dsa> (minor issue)
CVE-2009-XXXX [xserver-xorg: inherits user''s mask]
- xserver-xorg 2:1.7.2-1 (low; bug #555308)
-CVE-2009-4296
+CVE-2009-4296 (SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8
and ...)
NOT-FOR-US: Taxonomy Timer module for Drupal
-CVE-2009-4295
+CVE-2009-4295 (Sun Ray Server Software 4.0 and 4.1 does not generate a unique
DSA ...)
NOT-FOR-US: Sun Ray Server Software
-CVE-2009-4294
+CVE-2009-4294 (Unspecified vulnerability in the Authentication Manager (aka
utauthd) ...)
NOT-FOR-US: Sun Ray Server Software
-CVE-2009-4293
+CVE-2009-4293 (Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware
2.30 ...)
NOT-FOR-US: Internet Initiative Japan
-CVE-2009-4292
+CVE-2009-4292 (Buffer overflow in the URL filtering function in Internet
Initiative ...)
NOT-FOR-US: Internet Initiative Japan
-CVE-2009-4266
+CVE-2009-4266 (Cross-site scripting (XSS) vulnerability in search.php in
YABSoft ...)
NOT-FOR-US: YABSoft Advanced Image Hosting (AIH) Script
-CVE-2009-4265
+CVE-2009-4265 (Stack-based buffer overflow in Ideal Administration 2009 9.7.1,
and ...)
NOT-FOR-US: Ideal Administration
-CVE-2009-4264
+CVE-2009-4264 (PHP remote file inclusion vulnerability in
components/core/connect.php ...)
NOT-FOR-US: AROUNDMe
-CVE-2009-4263
+CVE-2009-4263 (SQL injection vulnerability in main_forum.php in PTCPay GeN3
forum 1.3 ...)
NOT-FOR-US: PTCPay
-CVE-2009-4262
+CVE-2009-4262 (Harold Bakker''s Newscript HB-NS 1.3 allows remote
attackers to obtain ...)
NOT-FOR-US: Harold Bakker''s Newscript HB-NS
CVE-2009-XXXX [php-net-ping argument injection]
- php-net-ping 2.4.2-1.1 (medium)
[etch] - php-net-ping 2.4.2-1+etch1
[lenny] - php-net-ping 2.4.2-1+lenny1
CVE-2009-4305
+ RESERVED
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0031
TODO: check
CVE-2009-4304
+ RESERVED
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0029
TODO: check
CVE-2009-4303
+ RESERVED
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0028
TODO: check
CVE-2009-4302
+ RESERVED
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0027
TODO: check
CVE-2009-4301
+ RESERVED
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0026
TODO: check
CVE-2009-4300
+ RESERVED
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0025
TODO: check
CVE-2009-4299
+ RESERVED
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0024
TODO: check
CVE-2009-4298
+ RESERVED
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0023
TODO: check
CVE-2009-4297
+ RESERVED
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0022
TODO: check
@@ -141,11 +216,9 @@
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in
IBM ...)
NOT-FOR-US: IBM InfoSphere Information Server
-CVE-2009-4238
- RESERVED
+CVE-2009-4238 (Multiple SQL injection vulnerabilities in TestLink before 1.8.5
allow ...)
NOT-FOR-US: TestLink
-CVE-2009-4237
- RESERVED
+CVE-2009-4237 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink
before ...)
NOT-FOR-US: TestLink
CVE-2009-4236 (The process function in ...)
NOT-FOR-US: EC-CUBE
@@ -206,8 +279,8 @@
RESERVED
CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security
Readiness ...)
NOT-FOR-US: U.S. Defense Information Systems Agency (DISA) Security Readiness
Review (SRR) script
-CVE-2009-4210
- RESERVED
+CVE-2009-4210 (The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3,
and ...)
+ TODO: check
CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in
admin/index.php ...)
NOT-FOR-US: moziloCMS
CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school
(OS) ...)
@@ -262,23 +335,17 @@
RESERVED
CVE-2009-4182
RESERVED
-CVE-2009-4181
- RESERVED
+CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView
Network ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2009-4180
- RESERVED
+CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView
Network ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2009-4179
- RESERVED
+CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView
Network Node ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2009-4178
- RESERVED
+CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView
Network ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2009-4177
- RESERVED
+CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node
Manager ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2009-4176
- RESERVED
+CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP
...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4175 (CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows
remote ...)
NOT-FOR-US: CuteNews
@@ -362,8 +429,7 @@
RESERVED
CVE-2009-4136
RESERVED
-CVE-2009-4135 [distcheck insecure temp dirs handling]
- RESERVED
+CVE-2009-4135 (The distcheck rule in dist-check.mk in GNU coreutils 5.2.1
through 8.1 ...)
- coreutils <not-affected> (this issue only affects the coreutils build
process; bug #560898)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439
CVE-2009-4134
@@ -371,10 +437,9 @@
CVE-2009-4133
RESERVED
CVE-2009-4132
- RESERVED
+ REJECTED
NOT-FOR-US: ** REJECT **
-CVE-2009-4131 [linux-2.6: ext4 move extents issue]
- RESERVED
+CVE-2009-4131 (The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in
the ...)
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.31)
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.31)
@@ -396,8 +461,7 @@
RESERVED
CVE-2009-4125
RESERVED
-CVE-2009-4124 [ruby heap overflow in String#ljust, String#center and
String#rjust]
- RESERVED
+CVE-2009-4124 (Heap-based buffer overflow in the rb_str_justify function in
string.c ...)
- ruby1.9.1 1.9.1.376-1
- ruby1.9 <unfixed>
- ruby1.8 <not-affected>
@@ -514,6 +578,7 @@
- rails <unfixed> (low; bug #558685)
NOTE:
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
CVE-2008-7248 [rails CSRF]
+ RESERVED
- rails <unfixed> (medium; bug #558685)
NOTE:
http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8
allows ...)
@@ -830,8 +895,7 @@
RESERVED
CVE-2009-3952
RESERVED
-CVE-2009-3951
- RESERVED
+CVE-2009-3951 (Unspecified vulnerability in the Flash Player ActiveX control in
Adobe ...)
NOT-FOR-US: ActiveX
CVE-2009-3950 (Multiple cross-site scripting (XSS) vulnerabilities in Bractus
...)
NOT-FOR-US: Bractus SunTrack
@@ -938,13 +1002,13 @@
- gimp 2.6.7-1.1 (medium; bug #556750)
NOTE: http://secunia.com/secunia_research/2009-43/
CVE-2009-3908
- RESERVED
+ REJECTED
NOT-FOR-US: ** REJECT **
CVE-2009-3907
- RESERVED
+ REJECTED
NOT-FOR-US: ** REJECT **
CVE-2009-3906
- RESERVED
+ REJECTED
NOT-FOR-US: ** REJECT **
CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier
CMS ...)
NOT-FOR-US: e-Courier CMS
@@ -1108,22 +1172,17 @@
NOTE: attack vector is social engineering to get the user to open
NOTE: a malicious .blend file. by design, blend files support
NOTE: all python operations, so ultimately any code can be executed
-CVE-2009-3849
- RESERVED
+CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network
Node ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2009-3848
- RESERVED
+CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView
Network ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2009-3847
- RESERVED
+CVE-2009-3847 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2009-3846
- RESERVED
+CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP
OpenView ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2009-3845
- RESERVED
+CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager
(OV NNM) ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2009-3844 (Unspecified vulnerability in HP OpenView Data Protector
Application ...)
+CVE-2009-3844 (Stack-based buffer overflow in the OmniInet process in HP
OpenView ...)
NOT-FOR-US: HP OpenView Data Protector Application
CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a
"hidden account" in ...)
NOT-FOR-US: HP Operations Manager
@@ -1224,20 +1283,20 @@
NOTE: advisory mentions kmail and ark (from kdepim and kdeutils, respectively)
NOTE: but the "fixes" linked from the advisory only change code in
kdelibs
NOTE: more info at oss-sec threads
-CVE-2009-3800
- RESERVED
-CVE-2009-3799
- RESERVED
-CVE-2009-3798
- RESERVED
-CVE-2009-3797
- RESERVED
-CVE-2009-3796
- RESERVED
+CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player
before ...)
+ TODO: check
+CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers
function in ...)
+ TODO: check
+CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3
might ...)
+ TODO: check
+CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before
1.5.3 ...)
+ TODO: check
+CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3
might ...)
+ TODO: check
CVE-2009-3795
RESERVED
-CVE-2009-3794
- RESERVED
+CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before
10.0.42.34 and ...)
+ TODO: check
CVE-2009-3793
RESERVED
CVE-2009-3792
@@ -2933,7 +2992,8 @@
TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6
CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux
XF-Section ...)
NOT-FOR-US: module for XOOPS
-CVE-2009-3239 (Buffer overflow in the EMF parser implementation in
OpenOffice.org ...)
+CVE-2009-3239
+ REJECTED
- openoffice.org <not-affected>
NOTE: SUSE says that it is not a dup of CVE-2009-2139 and CVE-2009-2140...
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the
Linux ...)
@@ -3769,8 +3829,7 @@
NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3028
RESERVED
-CVE-2009-3027
- RESERVED
+CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous
Protection ...)
NOT-FOR-US: Symantec Backup Exec Continuous Protection Server
CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote
attackers to ...)
- pidgin 2.6.1-1 (low)
@@ -8307,7 +8366,8 @@
RESERVED
CVE-2009-1564
RESERVED
-CVE-2009-1563 (Array index error in Mozilla Firefox 3.0.x before 3.0.15 and
3.5.x ...)
+CVE-2009-1563
+ REJECTED
NOTE: Tracked as CVE-2009-0689
CVE-2009-1562
RESERVED
@@ -9159,7 +9219,7 @@
NOT-FOR-US: Perl Nopaste
CVE-2009-1299
RESERVED
-CVE-2009-1298 (The ip_frag_reasm function in ipv4/ip_fragment.c in Linux kernel
...)
+CVE-2009-1298 (The ip_frag_reasm function in net/ipv4/ip_fragment.c in the
Linux ...)
{DTSA-204-1}
- linux-2.6 2.6.32-1 (low)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.29)
@@ -10729,8 +10789,7 @@
RESERVED
CVE-2009-0899 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and
7.0 ...)
NOT-FOR-US: IBM WebSphere
-CVE-2009-0898
- RESERVED
+CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager
(OV ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-0897 (IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and
6.1.1 ...)
NOT-FOR-US: IBM WebSphere
@@ -11671,7 +11730,7 @@
NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for
Foxit ...)
NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
-CVE-2009-0689 (The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc
in ...)
+CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka
...)
{DSA-1931-1}
- nspr 4.8-2
[etch] - nspr <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)