Author: joeyh
Date: 2009-09-23 21:14:11 +0000 (Wed, 23 Sep 2009)
New Revision: 12877
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-23 18:32:53 UTC (rev 12876)
+++ data/CVE/list 2009-09-23 21:14:11 UTC (rev 12877)
@@ -1,16 +1,138 @@
-CVE-2009-3290 [linux-2.6: exploitable priviledge escalation in hypercall]
+CVE-2009-3334 (SQL injection vulnerability in the Lhacky! Extensions Cave
Joomla! ...)
+ TODO: check
+CVE-2009-3333 (PHP remote file inclusion vulnerability in koesubmit.php in the
...)
+ TODO: check
+CVE-2009-3332 (SQL injection vulnerability in the JBudgetsMagic
(com_jbudgetsmagic) ...)
+ TODO: check
+CVE-2009-3331 (Multiple PHP remote file inclusion vulnerabilities in DDL CMS
1.0 ...)
+ TODO: check
+CVE-2009-3330 (SQL injection vulnerability in index.php in cP Creator 2.7.1,
when ...)
+ TODO: check
+CVE-2009-3329 (Stack-based buffer overflow in Winplot 1.25.0.1 allows
user-assisted ...)
+ TODO: check
+CVE-2009-3328 (Cross-site scripting (XSS) vulnerability in sign.php in
WX-Guestbook ...)
+ TODO: check
+CVE-2009-3327 (Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208
allow ...)
+ TODO: check
+CVE-2009-3326 (SQL injection vulnerability in index.php in CMScontrol Content
...)
+ TODO: check
+CVE-2009-3325 (SQL injection vulnerability in the Focusplus Developments
Survey ...)
+ TODO: check
+CVE-2009-3324 (PHP remote file inclusion vulnerability in
include/prodler.class.php ...)
+ TODO: check
+CVE-2009-3323 (Multiple PHP remote file inclusion vulnerabilities in BAnner
ROtation ...)
+ TODO: check
+CVE-2009-3322 (The Siemens Gigaset SE361 WLAN router allows remote attackers
to cause ...)
+ TODO: check
+CVE-2009-3321 (SQL injection vulnerability in SaphpLesson 4.3, when
magic_quotes_gpc ...)
+ TODO: check
+CVE-2009-3320 (Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas
...)
+ TODO: check
+CVE-2009-3319 (SQL injection vulnerability in poems.php in DCI-Designs
Dawaween 1.03 ...)
+ TODO: check
+CVE-2009-3318 (Directory traversal vulnerability in the Roland Breedveld Album
...)
+ TODO: check
+CVE-2009-3317 (PHP remote file inclusion vulnerability in pages/pageHeader.php
in ...)
+ TODO: check
+CVE-2009-3316 (SQL injection vulnerability in the JReservation
(com_jreservation) ...)
+ TODO: check
+CVE-2009-3315 (SQL injection vulnerability in admin/index.php in NeLogic Nephp
...)
+ TODO: check
+CVE-2009-3314 (SQL injection vulnerability in ladders.php in Elite Gaming
Ladders 3.2 ...)
+ TODO: check
+CVE-2009-3313 (Multiple SQL injection vulnerabilities in FMyClone 2.3 allow
remote ...)
+ TODO: check
+CVE-2009-3312 (PHP remote file inclusion vulnerability in php/init.poll.php in
...)
+ TODO: check
+CVE-2009-3311 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+ TODO: check
+CVE-2009-3310 (SQL injection vulnerability in index.php in Zainu 1.0 allows
remote ...)
+ TODO: check
+CVE-2009-3309 (SQL injection vulnerability in index.cfm in CF ShopKart 5.4
beta ...)
+ TODO: check
+CVE-2009-3308 (SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1
allows ...)
+ TODO: check
+CVE-2009-3307 (Multiple PHP remote file inclusion vulnerabilities in FSphp
0.2.1 ...)
+ TODO: check
+CVE-2009-3306 (PHP remote file inclusion vulnerability in include/header.php
in ...)
+ TODO: check
+CVE-2009-3305
+ RESERVED
+CVE-2009-3304
+ RESERVED
+CVE-2009-3303
+ RESERVED
+CVE-2009-3302
+ RESERVED
+CVE-2009-3301
+ RESERVED
+CVE-2009-3300
+ RESERVED
+CVE-2009-3299
+ RESERVED
+CVE-2009-3298
+ RESERVED
+CVE-2009-3297
+ RESERVED
+CVE-2009-3296
+ RESERVED
+CVE-2009-3295
+ RESERVED
+CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before
5.2.11, when ...)
+ TODO: check
+CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function
in PHP ...)
+ TODO: check
+CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11 has unknown
impact and ...)
+ TODO: check
+CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP
before ...)
+ TODO: check
+CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a
target ...)
+ TODO: check
+CVE-2009-3287 (lib/thin/connection.rb in Thin web server before 1.2.4 relies
on the ...)
+ TODO: check
+CVE-2009-3285
+ RESERVED
+CVE-2009-3284 (Directory traversal vulnerability in phpspot PHP BBS, PHP Image
...)
+ TODO: check
+CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS,
PHP Image ...)
+ TODO: check
+CVE-2009-3282
+ RESERVED
+CVE-2009-3281
+ RESERVED
+CVE-2009-3280 (Integer signedness error in the find_ie function in ...)
+ TODO: check
+CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613,
3.1.0 ...)
+ TODO: check
+CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613,
3.1.0 ...)
+ TODO: check
+CVE-2009-3277 (DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in
datavault ...)
+ TODO: check
+CVE-2009-3276 (Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in
WinFormsAdvansed ...)
+ TODO: check
+CVE-2009-3275
(Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...)
+ TODO: check
+CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.2, and earlier 2.x and 3.x versions
on ...)
+ TODO: check
+CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch,
does not ...)
+ TODO: check
+CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in
Apple ...)
+ TODO: check
+CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM
in the ...)
- linux-2.6 <unfixed> (high)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
- linux-2.6.24 <removed>
[etch] - linux-2.6.24 <not-affected> (introduced in 2.6.25)
NOTE: fixed in upstream 2.6.31
-CVE-2009-3288 [linux-2.6: scsi null ptr dereference]
+CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux
kernel ...)
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
- linux-2.6.24 <removed>
[etch] - linux-2.6.24 <not-affected> (introduced in 2.6.28)
-CVE-2009-3286 [linux-2.6: O_EXCL creates on NFSv4]
+CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions,
does ...)
- linux-2.6 2.6.30-1 (low)
- linux-2.6.24 <removed>
CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows
remote ...)
@@ -89,6 +211,7 @@
CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
TODO: check
CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in
Dovecot ...)
+ {DSA-1893-1 DSA-1892-1}
- cyrus-imapd-2.2 2.2.13-17 (medium; bug #547947)
- kolab-cyrus-imapd <unfixed> (medium; bug #547712)
- dovecot 1:1.2.1-1 (medium; bug #546656)
@@ -169,8 +292,8 @@
NOT-FOR-US: ULoKI PHP Forum
CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows
user-assisted ...)
NOT-FOR-US: Media Player Classic
-CVE-2009-3200
- RESERVED
+CVE-2009-3200 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613,
3.1.0 ...)
+ TODO: check
CVE-2009-3199 (Uebimiau Webmail 3.2.0-2.0 stores sensitive information under
the web ...)
NOT-FOR-US: Uebimiau Webmail
CVE-2009-3198 (Cross-site scripting (XSS) vulnerability in search.php in
JCE-Tech ...)
@@ -1191,8 +1314,8 @@
RESERVED
CVE-2009-2940
RESERVED
-CVE-2009-2939
- RESERVED
+CVE-2009-2939 (The postfix.postinst script in the Debian GNU/Linux and Ubuntu
postfix ...)
+ TODO: check
CVE-2009-2938
RESERVED
CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and
Planet ...)
@@ -1836,12 +1959,12 @@
RESERVED
CVE-2009-2745
RESERVED
-CVE-2009-2744
- RESERVED
-CVE-2009-2743
- RESERVED
-CVE-2009-2742
- RESERVED
+CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
+CVE-2009-2743 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 does
not ...)
+ TODO: check
+CVE-2009-2742 (Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM
...)
+ TODO: check
CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in
the test ...)
NOT-FOR-US: IBM WebSphere Business Events
CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion
Prevention ...)
@@ -2408,7 +2531,7 @@
CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in
the ...)
NOT-FOR-US: Joomla! component
CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c),
as ...)
- {DSA-1881-1}
+ {DSA-1893-1 DSA-1892-1 DSA-1881-1}
- cyrus-imapd-2.2 2.2.13-15 (medium)
- kolab-cyrus-imapd <unfixed> (medium; bug #547712)
- dovecot 1:1.2.1-1 (medium; bug #546656)
@@ -2781,7 +2904,7 @@
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- openjdk-6 6b16-1.6-1 (medium; bug #542210)
-CVE-2009-2474 (neon before 0.28.6, when OpenSSL is used, does not properly
handle a ...)
+CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not
properly ...)
- neon27 0.28.6-1 (low; bug #542926)
[lenny] - neon27 <no-dsa> (Minor issue)
- neon26 <unfixed> (low; bug #542926)
@@ -3764,9 +3887,9 @@
NOT-FOR-US: fuzzylime
CVE-2008-6833 (Directory traversal vulnerability in commsrss.php in fuzzylime
(cms) ...)
NOT-FOR-US: fuzzylime
-CVE-2009-2140
- RESERVED
-CVE-2009-2139 (Unspecified vulnerability in OpenOffice.org (OOo)
OpenOffice/Go-oo 2.x ...)
+CVE-2009-2140 (Multiple heap-based buffer overflows in ...)
+ TODO: check
+CVE-2009-2139 (Heap-based buffer overflow in
svtools/source/filter.vcl/wmf/enhwmf.cxx ...)
{DSA-1880-1}
- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08
allow ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
