Author: joeyh
Date: 2009-09-02 21:14:15 +0000 (Wed, 02 Sep 2009)
New Revision: 12740
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-02 19:03:51 UTC (rev 12739)
+++ data/CVE/list 2009-09-02 21:14:15 UTC (rev 12740)
@@ -1,48 +1,50 @@
-CVE-2009-3038
+CVE-2009-3039
+ RESERVED
+CVE-2009-3038 (A certain ActiveX control in lnresobject.dll 7.1.1.119 in the
Research ...)
NOT-FOR-US: ActiveX
-CVE-2009-3037
+CVE-2009-3037 (Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer
(aka ...)
NOT-FOR-US: Autonomy KeyView XLS viewer
-CVE-2008-7152
+CVE-2008-7152 (Multiple PHP remote file inclusion vulnerabilities in Specimen
Image ...)
NOT-FOR-US: Specimen Image Database
-CVE-2008-7151
+CVE-2008-7151 (Cross-site request forgery (CSRF) vulnerability in Live 5.x
before ...)
NOT-FOR-US: Live third-party Drupal module
-CVE-2008-7150
+CVE-2008-7150 (Cross-site scripting (XSS) vulnerability in Refine by Taxonomy
5.x ...)
NOT-FOR-US: Refine by Taxonomy
-CVE-2008-7149
+CVE-2008-7149 (Unspecified vulnerability in AgileWiki before 0.10.1 has
unknown ...)
NOT-FOR-US: AgileWiki
-CVE-2008-7148
+CVE-2008-7148 (Unspecified vulnerability in Synfig Animation Studio before
0.61.08 ...)
NOT-FOR-US: Synfig Animation Studio
-CVE-2008-7147
+CVE-2008-7147 (Multiple cross-site scripting (XSS) vulnerabilities in
IntraLearn ...)
NOT-FOR-US: IntraLearn Software IntraLearn
-CVE-2008-7146
+CVE-2008-7146 (IntraLearn Software IntraLearn 2.1, and possibly other versions
before ...)
NOT-FOR-US: IntraLearn Software IntraLearn
-CVE-2008-7145
+CVE-2008-7145 (Multiple SQL injection vulnerabilities in index.php in
CoronaMatrix ...)
NOT-FOR-US: CoronaMatrix phpAddressBook
-CVE-2008-7144
+CVE-2008-7144 (Multiple unspecified vulnerabilities in RARLAB WinRAR before
3.71 have ...)
NOT-FOR-US: RARLAB WinRAR
-CVE-2008-7143
+CVE-2008-7143 (phpBB 2.0.23 includes the session ID in a request to modcp.php
when ...)
- phpbb2 <removed>
-CVE-2008-7142
+CVE-2008-7142 (Absolute path traversal vulnerability in the Disk Usage module
...)
NOT-FOR-US: cPanel
-CVE-2008-7141
+CVE-2008-7141 (Cross-site scripting (XSS) vulnerability in setup.php in @lex
Poll 2.1 ...)
NOT-FOR-US: @lex Poll
-CVE-2008-7140
+CVE-2008-7140 (Multiple cross-site scripting (XSS) vulnerabilities in @lex
Guestbook ...)
NOT-FOR-US: @lex Guestbook
-CVE-2008-7139
+CVE-2008-7139 (Multiple cross-site request forgery (CSRF) vulnerabilities in
WS-Proxy ...)
NOT-FOR-US: Eye-Fi
-CVE-2008-7138
+CVE-2008-7138 (The Manager in Eye-Fi 1.1.2 generates predictable snonce values
based ...)
NOT-FOR-US: Eye-Fi
-CVE-2008-7137
+CVE-2008-7137 (WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a
denial of ...)
NOT-FOR-US: Eye-Fi
-CVE-2008-7136
+CVE-2008-7136 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote
attackers ...)
NOT-FOR-US: ICQ Toolbar
-CVE-2008-7135
+CVE-2008-7135 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote
attackers ...)
NOT-FOR-US: ICQ Toolbar
-CVE-2008-7134
+CVE-2008-7134 (Multiple cross-site scripting (XSS) vulnerabilities in the
default URI ...)
NOT-FOR-US: Chris LaPointe RedGalaxy Download Center
-CVE-2008-7133
+CVE-2008-7133 (Multiple cross-site scripting (XSS) vulnerabilities in
onlinetools.org ...)
NOT-FOR-US: onlinetools.org EasyImageCatalogue
-CVE-2008-7132
+CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in
Nuked-Klan ...)
NOT-FOR-US: Nuked-Klan
CVE-2009-3036
RESERVED
@@ -68,7 +70,7 @@
TODO: check
CVE-2009-3024 (The verify_hostname_of_cert function in the certificate
checking ...)
TODO: check
-CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft IIS 5.0 and 6.0
allows ...)
+CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft Internet
Information ...)
NOT-FOR-US: Microsoft IIS
CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS
1.2 and ...)
NOT-FOR-US: bingo!CMS
@@ -403,6 +405,7 @@
RESERVED
CVE-2009-2946
RESERVED
+ {DSA-1878-1}
- devscripts 2.10.54
CVE-2009-2945
RESERVED
@@ -973,10 +976,10 @@
NOT-FOR-US: DD-WRT
CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
NOT-FOR-US: DD-WRT
-CVE-2009-3040 [Sql injection in OCS Inventory NG Server]
+CVE-2009-3040 (Multiple SQL injection vulnerabilities in Open Computer and
Software ...)
- ocsinventory-server 1.02.1-2 (low; bug #541995)
NOTE: Authentication is needed
-CVE-2009-3042 [Sql injection in OCS Inventory NG Server]
+CVE-2009-3042 (SQL injection vulnerability in machine.php in Open Computer and
...)
- ocsinventory-server 1.02.1-2 (low; bug #541995)
NOTE: Authentication is needed
CVE-2009-2763
@@ -1263,7 +1266,7 @@
- mantis 1.1.8+dfsg-2 (medium; bug #425010)
[lenny] - mantis 1.1.6+dfsg-2lenny1
NOTE: cve id requested on oss-sec
-CVE-2009-3041 [missing authorization check in spip installer]
+CVE-2009-3041 (SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use
proper ...)
- spip 2.0.9-1 (medium)
CVE-2009-XXXX [rubygems: integrity violation]
- libgems-ruby <not-affected> (Debian's version installs gems packages
to /var/lib/gems, bug #540610)
@@ -2194,6 +2197,7 @@
NOTE: vulnerable code not present, introduced in 2.3.x
NOTE: to be fixed in upstream version 2.3.3
CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command
...)
+ {DSA-1877-1}
- mysql-dfsg-5.0 <unfixed> (low; bug #536726)
TODO: check lenny/sid; they are likely fixed according to the report,
but i did not check
CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
