Author: joeyh
Date: 2009-04-15 21:14:22 +0000 (Wed, 15 Apr 2009)
New Revision: 11628
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-15 19:52:05 UTC (rev 11627)
+++ data/CVE/list 2009-04-15 21:14:22 UTC (rev 11628)
@@ -1,9 +1,19 @@
+CVE-2009-1294
+ RESERVED
+CVE-2009-1293
+ RESERVED
+CVE-2009-1292 (UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5,
7.0.1.x ...)
+ TODO: check
+CVE-2008-6723 (TurnkeyForms Entertainment Portal 2.0 allows remote attackers
to ...)
+ TODO: check
+CVE-2008-6722 (Novell Access Manager 3 SP4 does not properly expire X.509
certificate ...)
+ TODO: check
+CVE-2008-6721 (SQL injection vulnerability in index.php in AJ Square AJ
Article ...)
+ TODO: check
CVE-2009-XXXX [clamav: UPack crash]
- {DSA-1771-1}
- clamav 0.95.1+dfsg-1
NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552
CVE-2009-XXXX [clamav: cli_url_canon]
- {DSA-1771-1}
- clamav 0.95.1+dfsg-1
[etch] - clamav <not-affected> (vulnerable code not present)
[lenny] - clamav <not-affected> (vulnerable code not present)
@@ -232,8 +242,10 @@
CVE-2009-XXXX [Wireshark: The Check Point High-Availability Protocol (CPHAP)
dissector could crash.]
- wireshark <unfixed>
CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to
cause ...)
+ {DSA-1771-1}
- clamav 0.94.dfsg.2-1~volatile2 (medium; bug #523016)
CVE-2009-1270 (libclamav/untar.c in ClamAV before 0.95 allows remote attackers
to ...)
+ {DSA-1771-1}
- clamav 0.94.dfsg.2-1~volatile2 (medium; bug #523016)
CVE-2009-1254 (James Stone Tunapie 2.1 allows remote attackers to execute
arbitrary ...)
{DSA-1764-1}
@@ -1145,98 +1157,98 @@
RESERVED
CVE-2009-1018
RESERVED
-CVE-2009-1017
- RESERVED
-CVE-2009-1016
- RESERVED
+CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in
Oracle ...)
+ TODO: check
+CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
CVE-2009-1015
RESERVED
-CVE-2009-1014
- RESERVED
-CVE-2009-1013
- RESERVED
-CVE-2009-1012
- RESERVED
-CVE-2009-1011
- RESERVED
-CVE-2009-1010
- RESERVED
-CVE-2009-1009
- RESERVED
-CVE-2009-1008
- RESERVED
+CVE-2009-1014 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
+ TODO: check
+CVE-2009-1013 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
+ TODO: check
+CVE-2009-1012 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
+CVE-2009-1011 (Unspecified vulnerability in the Outside In Technology
component in ...)
+ TODO: check
+CVE-2009-1010 (Unspecified vulnerability in the Outside In Technology
component in ...)
+ TODO: check
+CVE-2009-1009 (Unspecified vulnerability in the Outside In Technology
component in ...)
+ TODO: check
+CVE-2009-1008 (Unspecified vulnerability in the Outside In Technology
component in ...)
+ TODO: check
CVE-2009-1007
RESERVED
-CVE-2009-1006
- RESERVED
-CVE-2009-1005
- RESERVED
-CVE-2009-1004
- RESERVED
-CVE-2009-1003
- RESERVED
-CVE-2009-1002
- RESERVED
-CVE-2009-1001
- RESERVED
-CVE-2009-1000
- RESERVED
-CVE-2009-0999
- RESERVED
-CVE-2009-0998
- RESERVED
-CVE-2009-0997
- RESERVED
-CVE-2009-0996
- RESERVED
-CVE-2009-0995
- RESERVED
-CVE-2009-0994
- RESERVED
-CVE-2009-0993
- RESERVED
-CVE-2009-0992
- RESERVED
-CVE-2009-0991
- RESERVED
-CVE-2009-0990
- RESERVED
-CVE-2009-0989
- RESERVED
-CVE-2009-0988
- RESERVED
+CVE-2009-1006 (Unspecified vulnerability in the JRockit component in BEA
Product ...)
+ TODO: check
+CVE-2009-1005 (Unspecified vulnerability in the Oracle Data Service Integrator
...)
+ TODO: check
+CVE-2009-1004 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
+CVE-2009-1003 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
+CVE-2009-1002 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
+CVE-2009-1001 (Unspecified vulnerability in the WebLogic Portal component in
BEA ...)
+ TODO: check
+CVE-2009-1000 (The Oracle Applications Framework component in Oracle
E-Business Suite ...)
+ TODO: check
+CVE-2009-0999 (Unspecified vulnerability in the Oracle Application Object
Library ...)
+ TODO: check
+CVE-2009-0998 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS -
...)
+ TODO: check
+CVE-2009-0997 (Unspecified vulnerability in the Database Vault component in
Oracle ...)
+ TODO: check
+CVE-2009-0996 (Unspecified vulnerability in the BI Publisher component in
Oracle ...)
+ TODO: check
+CVE-2009-0995 (Unspecified vulnerability in the Oracle Applications Framework
...)
+ TODO: check
+CVE-2009-0994 (Unspecified vulnerability in the BI Publisher component in
Oracle ...)
+ TODO: check
+CVE-2009-0993 (Unspecified vulnerability in the OPMN component in Oracle
Application ...)
+ TODO: check
+CVE-2009-0992 (Unspecified vulnerability in the Advanced Queuing component in
Oracle ...)
+ TODO: check
+CVE-2009-0991 (Unspecified vulnerability in the Listener component in Oracle
Database ...)
+ TODO: check
+CVE-2009-0990 (Unspecified vulnerability in the BI Publisher component in
Oracle ...)
+ TODO: check
+CVE-2009-0989 (Unspecified vulnerability in the BI Publisher component in
Oracle ...)
+ TODO: check
+CVE-2009-0988 (Unspecified vulnerability in the Password Policy component in
Oracle ...)
+ TODO: check
CVE-2009-0987
RESERVED
-CVE-2009-0986
- RESERVED
-CVE-2009-0985
- RESERVED
-CVE-2009-0984
- RESERVED
-CVE-2009-0983
- RESERVED
-CVE-2009-0982
- RESERVED
-CVE-2009-0981
- RESERVED
-CVE-2009-0980
- RESERVED
-CVE-2009-0979
- RESERVED
-CVE-2009-0978
- RESERVED
-CVE-2009-0977
- RESERVED
-CVE-2009-0976
- RESERVED
-CVE-2009-0975
- RESERVED
-CVE-2009-0974
- RESERVED
-CVE-2009-0973
- RESERVED
-CVE-2009-0972
- RESERVED
+CVE-2009-0986 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+ TODO: check
+CVE-2009-0985 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
+ TODO: check
+CVE-2009-0984 (Unspecified vulnerability in the Database Vault component in
Oracle ...)
+ TODO: check
+CVE-2009-0983 (Unspecified vulnerability in the Portal component in Oracle ...)
+ TODO: check
+CVE-2009-0982 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
+ TODO: check
+CVE-2009-0981 (Unspecified vulnerability in the Application Express component
in ...)
+ TODO: check
+CVE-2009-0980 (Unspecified vulnerability in the SQLX Functions component in
Oracle ...)
+ TODO: check
+CVE-2009-0979 (Unspecified vulnerability in the Resource Manager component in
Oracle ...)
+ TODO: check
+CVE-2009-0978 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+ TODO: check
+CVE-2009-0977 (Unspecified vulnerability in the Advanced Queuing component in
Oracle ...)
+ TODO: check
+CVE-2009-0976 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+ TODO: check
+CVE-2009-0975 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+ TODO: check
+CVE-2009-0974 (Unspecified vulnerability in the Portal component in Oracle ...)
+ TODO: check
+CVE-2009-0973 (Unspecified vulnerability in the Cluster Ready Services
component in ...)
+ TODO: check
+CVE-2009-0972 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+ TODO: check
CVE-2008-6503 (Multiple cross-site scripting (XSS) vulnerabilities in
PrestaShop ...)
NOT-FOR-US: PrestaShop
CVE-2008-6502 (Directory traversal vulnerability in Pro Chat Rooms 3.0.2
allows ...)
@@ -1843,8 +1855,7 @@
CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in
OpenJDK ...)
{DSA-1769-1}
TODO: check
-CVE-2009-0792 [integer overflows in argyll]
- RESERVED
+CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color
...)
- argyll <unfixed> (low; bug #523427)
CVE-2009-0791
RESERVED
@@ -2348,8 +2359,8 @@
RESERVED
CVE-2009-0682
RESERVED
-CVE-2009-0681
- RESERVED
+CVE-2009-0681 (PGP Desktop before 9.10 allows local users to (1) cause a
denial of ...)
+ TODO: check
CVE-2009-0680 (cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312
allows ...)
NOT-FOR-US: Netgear
CVE-2009-0679 (Cross-site scripting (XSS) vulnerability in the Your Account
module in ...)
@@ -2955,16 +2966,16 @@
NOT-FOR-US: Microsoft Office
CVE-2009-0555
RESERVED
-CVE-2009-0554
- RESERVED
-CVE-2009-0553
- RESERVED
-CVE-2009-0552
- RESERVED
-CVE-2009-0551
- RESERVED
-CVE-2009-0550
- RESERVED
+CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows
XP SP2 ...)
+ TODO: check
+CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2
and SP3, ...)
+ TODO: check
+CVE-2009-0552 (Unspecified vulnerability in Microsoft Internet Explorer 5.01
SP4, 6 ...)
+ TODO: check
+CVE-2009-0551 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2
and SP3, ...)
+ TODO: check
+CVE-2009-0550 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000
SP4, XP ...)
+ TODO: check
CVE-2009-0549
RESERVED
CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional
Report ...)
@@ -3957,7 +3968,7 @@
NOT-FOR-US: Asp Project Management
CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0
and ...)
NOT-FOR-US: Pardal CMS
-CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in
eog ...)
+CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in
Eye of ...)
- eog 2.22.3-2 (bug #504352; low)
[etch] - eog <not-affected> (Vulnerable code not present)
CVE-2008-5986 (Untrusted search path vulnerability in the (1) "VST plugin
with Python ...)
@@ -4205,12 +4216,12 @@
RESERVED
CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007
SP1; ...)
NOT-FOR-US: Microsoft
-CVE-2009-0237
- RESERVED
+CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in
the HTML ...)
+ TODO: check
CVE-2009-0236
RESERVED
-CVE-2009-0235
- RESERVED
+CVE-2009-0235 (Stack-based buffer overflow in the Word 97 text converter in
WordPad ...)
+ TODO: check
CVE-2009-0234 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS
Server in ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-0233 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS
Server in ...)
@@ -4388,8 +4399,8 @@
RESERVED
CVE-2009-0160
RESERVED
-CVE-2009-0159
- RESERVED
+CVE-2009-0159 (Stack-based buffer overflow in the cookedprint function in
ntpq/ntpq.c ...)
+ TODO: check
CVE-2009-0158
RESERVED
CVE-2009-0157
@@ -4512,7 +4523,7 @@
RESERVED
CVE-2009-0116
RESERVED
-CVE-2009-0115 (multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE
Linux ...)
+CVE-2009-0115 (The Device Mapper multipathing driver (aka multipath-tools or
...)
{DSA-1767-1}
- multipath-tools 0.4.8-15 (low; bug #522813)
CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the
web root ...)
@@ -4596,8 +4607,8 @@
RESERVED
CVE-2009-0101
RESERVED
-CVE-2009-0100
- RESERVED
+CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007
SP1; ...)
+ TODO: check
CVE-2009-0099 (The Electronic Messaging System Microsoft Data Base (EMSMDB32)
...)
NOT-FOR-US: Microsoft
CVE-2009-0098 (Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2,
and ...)
@@ -4618,32 +4629,32 @@
RESERVED
CVE-2009-0090
RESERVED
-CVE-2009-0089
- RESERVED
-CVE-2009-0088
- RESERVED
-CVE-2009-0087
- RESERVED
-CVE-2009-0086
- RESERVED
+CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000
SP4, XP ...)
+ TODO: check
+CVE-2009-0088 (The WordPerfect 6.x Converter in Microsoft Office Word 2000 SP3
and ...)
+ TODO: check
+CVE-2009-0087 (Unspecified vulnerability in the Word 6 text converter in
WordPad in ...)
+ TODO: check
+CVE-2009-0086 (Integer underflow in Windows HTTP Services (aka WinHTTP) in
Microsoft ...)
+ TODO: check
CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in
...)
NOT-FOR-US: Microsoft Windows
-CVE-2009-0084
- RESERVED
+CVE-2009-0084 (DirectShow in Microsoft DirectX 8.1 and 9.0 does not properly
...)
+ TODO: check
CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-0082 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-0081 (The graphics device interface (GDI) implementation in the
kernel in ...)
NOT-FOR-US: Microsoft Windows
-CVE-2009-0080
- RESERVED
-CVE-2009-0079
- RESERVED
-CVE-2009-0078
- RESERVED
-CVE-2009-0077
- RESERVED
+CVE-2009-0080 (The ThreadPool class in Windows Vista Gold and SP1, and Server
2008, ...)
+ TODO: check
+CVE-2009-0079 (The RPCSS service in Microsoft Windows XP SP2 and SP3 and
Server 2003 ...)
+ TODO: check
+CVE-2009-0078 (The Windows Management Instrumentation (WMI) provider in
Microsoft ...)
+ TODO: check
+CVE-2009-0077 (The firewall engine in Microsoft Forefront Threat Management
Gateway, ...)
+ TODO: check
CVE-2009-0076 (Microsoft Internet Explorer 7, when XHTML strict mode is used,
allows ...)
NOT-FOR-US: Microsoft
CVE-2009-0075 (Microsoft Internet Explorer 7 does not properly handle errors
during ...)
@@ -25203,8 +25214,8 @@
NOT-FOR-US: Volume Manager Scheduler Service
CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll
before ...)
NOT-FOR-US: Yahoo! Messenger
-CVE-2007-4514
- RESERVED
+CVE-2007-4514 (Unspecified vulnerability in HP ProCurve Manager and HP
ProCurve ...)
+ TODO: check
CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3
allow ...)
NOT-FOR-US: IBM AIX
CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus
for ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
