Secure testing commits - Jan 2010 - r13806 - data/CVE

Author: joeyh
Date: 2010-01-13 21:14:24 +0000 (Wed, 13 Jan 2010)
New Revision: 13806

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-01-13 21:10:58 UTC (rev 13805)
+++ data/CVE/list	2010-01-13 21:14:24 UTC (rev 13806)
@@ -1,3 +1,93 @@
+CVE-2010-0309
+	RESERVED
+CVE-2010-0308
+	RESERVED
+CVE-2010-0307
+	RESERVED
+CVE-2010-0306
+	RESERVED
+CVE-2010-0305
+	RESERVED
+CVE-2010-0304
+	RESERVED
+CVE-2010-0303
+	RESERVED
+CVE-2010-0302
+	RESERVED
+CVE-2010-0301
+	RESERVED
+CVE-2010-0300
+	RESERVED
+CVE-2010-0299
+	RESERVED
+CVE-2010-0298
+	RESERVED
+CVE-2010-0297
+	RESERVED
+CVE-2010-0296
+	RESERVED
+CVE-2010-0295
+	RESERVED
+CVE-2010-0294
+	RESERVED
+CVE-2010-0293
+	RESERVED
+CVE-2010-0292
+	RESERVED
+CVE-2010-0291
+	RESERVED
+CVE-2010-0290
+	RESERVED
+CVE-2010-0289
+	RESERVED
+CVE-2010-0288
+	RESERVED
+CVE-2010-0287
+	RESERVED
+CVE-2010-0286
+	RESERVED
+CVE-2010-0285
+	RESERVED
+CVE-2010-0284
+	RESERVED
+CVE-2010-0283
+	RESERVED
+CVE-2010-0282
+	RESERVED
+CVE-2010-0281
+	RESERVED
+CVE-2010-0280
+	RESERVED
+CVE-2010-0279 (Unrestricted file upload vulnerability in upload.php in BTS-GI
Read ...)
+	TODO: check
+CVE-2010-0278 (A certain ActiveX control in msgsc.14.0.8089.726.dll in
Microsoft ...)
+	TODO: check
+CVE-2009-4608 (Cross-site scripting (XSS) vulnerability in Canon IT Solutions
Inc. ...)
+	TODO: check
+CVE-2009-4607 (The command line interface in Overland Storage Snap Server 410
with ...)
+	TODO: check
+CVE-2009-4606 (South River Technologies WebDrive 9.02 build 2232 installs the
...)
+	TODO: check
+CVE-2009-4604 (PHP remote file inclusion vulnerability in mamboleto.php in the
...)
+	TODO: check
+CVE-2009-4603 (Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel
6.40, ...)
+	TODO: check
+CVE-2009-4602 (Cross-site scripting (XSS) vulnerability in the Randomizer
module 5.x ...)
+	TODO: check
+CVE-2009-4601 (Cross-site scripting (XSS) vulnerability in
basic_search_result.php in ...)
+	TODO: check
+CVE-2009-4600 (SQL injection vulnerability in realestate20/loginaction.php in
NetArt ...)
+	TODO: check
+CVE-2009-4599 (Multiple SQL injection vulnerabilities in the JS Jobs
(com_jsjobs) ...)
+	TODO: check
+CVE-2009-4598 (SQL injection vulnerability in the JPhoto (com_jphoto) component
1.0 ...)
+	TODO: check
+CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP
Inventory ...)
+	TODO: check
+CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP
Inventory ...)
+	TODO: check
+CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2
allows ...)
+	TODO: check
 CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4
and ...)
 	- pidgin <unfixed>
 	TODO: check
@@ -116,6 +206,7 @@
 CVE-2010-0220 (The nsObserverList::FillObserverArray function in ...)
 	TODO: check
 CVE-2009-4605 [phpMyAdmin 2.11.10 unserialize fix]
+	RESERVED
 	- phpmyadmin <not-affected> (Vulnerable code removed)
 	[lenny] - phpmyadmin <unfixed>
 	[etch] - phpmyadmin <unfixed>
@@ -480,17 +571,14 @@
 	RESERVED
 CVE-2010-0096
 	RESERVED
-CVE-2009-4538 [incorrect fix for CVE-2009-1385 on the e1000e driver]
-	RESERVED
+CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux
kernel ...)
 	- linux-2.6 <unfixed> (low; bug #564114)
 	- linux-2.6.24 <removed> (low)
 	NOTE: just like CVE-2009-4536 but was reported later
-CVE-2009-4537 [linux DoS introduced by CVE-2009-1389 fix]
-	RESERVED
+CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel
2.6.32.3 ...)
 	- linux-2.6 <unfixed> (medium; bug #564110)
 	- linux-2.6.24 <removed> (medium)
-CVE-2009-4536 [linux incorrect fix for CVE-2009-1385]
-	RESERVED
+CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux
kernel ...)
 	- linux-2.6 <unfixed> (low; bug #564114)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the
...)
@@ -640,7 +728,8 @@
 	NOT-FOR-US: MailSite
 CVE-2009-4482 (Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote
...)
 	NOT-FOR-US: TVersity
-CVE-2009-4481 (Unspecified vulnerability in radiusd in FreeRADIUS 1.1.7 allows
remote ...)
+CVE-2009-4481
+	REJECTED
 	NOTE: dup of CVE-2009-3111
 CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77
might ...)
 	NOT-FOR-US: AzeoTech DAQFactory
@@ -687,9 +776,11 @@
 CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the
...)
 	- redmine <unfixed> (bug #563940)
 CVE-2008-7252 [phpMyAdmin tempfile issue]
+	RESERVED
 	- phpmyadmin 4:3.0.0-1
 	NOTE:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
 CVE-2008-7251 [phpMyAdmin tempfile issue]
+	RESERVED
 	- phpmyadmin 4:3.0.0-1
 	NOTE:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
 CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis
Report ...)
@@ -904,36 +995,36 @@
 	RESERVED
 CVE-2010-0081
 	RESERVED
-CVE-2010-0080
-	RESERVED
-CVE-2010-0079
-	RESERVED
-CVE-2010-0078
-	RESERVED
-CVE-2010-0077
-	RESERVED
-CVE-2010-0076
-	RESERVED
-CVE-2010-0075
-	RESERVED
-CVE-2010-0074
-	RESERVED
+CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM -
eProfile ...)
+	TODO: check
+CVE-2010-0079 (Multiple vulnerabilities in the JRockit component in BEA Product
Suite ...)
+	TODO: check
+CVE-2010-0078 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2010-0077 (Unspecified vulnerability in the CRM Technical Foundation
(mobile) ...)
+	TODO: check
+CVE-2010-0076 (Unspecified vulnerability in the Application Express Application
...)
+	TODO: check
+CVE-2010-0075 (Unspecified vulnerability in the Oracle HRMS (Self Service)
component ...)
+	TODO: check
+CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
 CVE-2010-0073
 	RESERVED
-CVE-2010-0072
-	RESERVED
-CVE-2010-0071
-	RESERVED
-CVE-2010-0070
-	RESERVED
-CVE-2010-0069
-	RESERVED
-CVE-2010-0068
-	RESERVED
-CVE-2010-0067
-	RESERVED
-CVE-2010-0066
-	RESERVED
+CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
+CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle
Database ...)
+	TODO: check
+CVE-2010-0070 (Unspecified vulnerability in the Oracle Containers for J2EE
component ...)
+	TODO: check
+CVE-2010-0069 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2010-0068 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2010-0067 (Unspecified vulnerability in the Oracle Containers for J2EE
component ...)
+	TODO: check
+CVE-2010-0066 (Unspecified vulnerability in the Access Manager Identity Server
...)
+	TODO: check
 CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4, when
running on ...)
 	- wireshark <not-affected> (Windows-specific)
 CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through
1.2.4 ...)
@@ -993,6 +1084,7 @@
 	NOT-FOR-US: Winamp
 CVE-2009-4355 [openssl/mod_ssl/php-curl memory leak]
 	RESERVED
+	{DSA-1970-1}
 	- openssl <unfixed> (low)
 	[etch] - openssl <not-affected> (affects only 0.9.8f and later)
 	NOTE: apache2 packages in squeeze/sid do not seem to allow exploit
@@ -3125,8 +3217,7 @@
 	NOTE: fixed in upstream 2.6.32-rc4
 	- linux-2.6.24 <not-affected> (introduced in 2.6.25)
 	- kvm <removed> (medium; bug #562076)
-CVE-2009-3637 [alien-arena remote arbitrary code execution]
-	RESERVED
+CVE-2009-3637 (Stack-based buffer overflow in the M_AddToServerList function in
...)
 	- alien-arena <unfixed> (medium; bug #552038)
 	[lenny] - alien-arena <no-dsa> (Contrib not supported)
 	TODO: next point-release: [lenny] - alien-arena 7.0-1+lenny1
@@ -3795,20 +3886,20 @@
 	NOT-FOR-US: Plume CMS
 CVE-2009-3417 (SQL injection vulnerability in the IDoBlog (com_idoblog)
component 1.1 ...)
 	NOT-FOR-US: IDoBlog component Joomla
-CVE-2009-3416
-	RESERVED
-CVE-2009-3415
-	RESERVED
-CVE-2009-3414
-	RESERVED
-CVE-2009-3413
-	RESERVED
-CVE-2009-3412
-	RESERVED
-CVE-2009-3411
-	RESERVED
-CVE-2009-3410
-	RESERVED
+CVE-2009-3416 (Unspecified vulnerability in the Oracle Application Object
Library ...)
+	TODO: check
+CVE-2009-3415 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
+	TODO: check
+CVE-2009-3414 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
+	TODO: check
+CVE-2009-3413 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
+	TODO: check
+CVE-2009-3412 (Unspecified vulnerability in the Unzip component in Oracle
Database ...)
+	TODO: check
+CVE-2009-3411 (Unspecified vulnerability in the Oracle Data Pump component in
Oracle ...)
+	TODO: check
+CVE-2009-3410 (Unspecified vulnerability in the RDBMS component in Oracle
Database ...)
+	TODO: check
 CVE-2009-3409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM)
...)
 	NOT-FOR-US: Oracle PeopleSoft Enterprise
 CVE-2009-3408 (Unspecified vulnerability in the Oracle Application Object
Library ...)
@@ -8450,8 +8541,8 @@
 	NOT-FOR-US: Oracle Industry Applications
 CVE-2009-1997 (Unspecified vulnerability in the Authentication component in
Oracle ...)
 	NOT-FOR-US: Oracle Database
-CVE-2009-1996
-	RESERVED
+CVE-2009-1996 (Unspecified vulnerability in the Logical Standby component in
Oracle ...)
+	TODO: check
 CVE-2009-1995 (Unspecified vulnerability in the Advanced Queuing component in
Oracle ...)
 	NOT-FOR-US: Oracle Database
 CVE-2009-1994 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)