Author: joeyh
Date: 2009-10-23 21:14:21 +0000 (Fri, 23 Oct 2009)
New Revision: 13079
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-23 16:10:30 UTC (rev 13078)
+++ data/CVE/list 2009-10-23 21:14:21 UTC (rev 13079)
@@ -1,3 +1,57 @@
+CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php
in the ...)
+ TODO: check
+CVE-2009-3759 (Multiple cross-site request forgery (CSRF) vulnerabilities in
sample ...)
+ TODO: check
+CVE-2009-3758 (SQL injection vulnerability in login.php in sample code in the
...)
+ TODO: check
+CVE-2009-3757 (Multiple cross-site scripting (XSS) vulnerabilities in sample
code in ...)
+ TODO: check
+CVE-2009-3756 (phpBMS 0.96 allows remote attackers to obtain sensitive
information ...)
+ TODO: check
+CVE-2009-3755 (Multiple cross-site scripting (XSS) vulnerabilities in phpBMS
0.96 ...)
+ TODO: check
+CVE-2009-3754 (Multiple SQL injection vulnerabilities in phpBMS 0.96 allow
remote ...)
+ TODO: check
+CVE-2009-3753 (Unrestricted file upload vulnerability in Opial 1.0 allows
remote ...)
+ TODO: check
+CVE-2009-3752 (SQL injection vulnerability in home.php in Opial 1.0 allows
remote ...)
+ TODO: check
+CVE-2009-3751 (Cross-site scripting (XSS) vulnerability in home.php in Opial
1.0 ...)
+ TODO: check
+CVE-2009-3750 (SQL injection vulnerability in read.php in ToyLog 0.1 allows
remote ...)
+ TODO: check
+CVE-2009-3749 (The Web Administrator service (STEMWADM.EXE) in Websense
Personal ...)
+ TODO: check
+CVE-2009-3748 (Multiple cross-site scripting (XSS) vulnerabilities in the Web
...)
+ TODO: check
+CVE-2009-3747 (Cross-site scripting (XSS) vulnerability in index.php in
TBmnetCMS 1.0 ...)
+ TODO: check
+CVE-2009-3746 (XScreenSaver in Sun Solaris 10, when the accessibility feature
is ...)
+ TODO: check
+CVE-2009-3745 (Cross-site scripting (XSS) vulnerability in the help pages in
IBM ...)
+ TODO: check
+CVE-2009-3744 (rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows
remote ...)
+ TODO: check
+CVE-2009-3743
+ RESERVED
+CVE-2009-3742
+ RESERVED
+CVE-2009-3741
+ RESERVED
+CVE-2009-3740
+ RESERVED
+CVE-2009-3739
+ RESERVED
+CVE-2009-3738
+ RESERVED
+CVE-2009-3737
+ RESERVED
+CVE-2009-3736
+ RESERVED
+CVE-2009-3735
+ RESERVED
+CVE-2009-3734
+ RESERVED
CVE-2009-XXXX [multiple typo3 issues]
- typo3-src <unfixed> (medium; bug #552020)
NOTE: CVE id requested
@@ -252,12 +306,10 @@
[lenny] - wordpress <no-dsa> (Minor issue)
[etch] - wordpress <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2009/Oct/263
-CVE-2009-3621 [linux-2.6: denial-of-service via deadlock]
- RESERVED
+CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier
allows ...)
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
-CVE-2009-3620 [linux-2.6: potential priviledge escalation via null ptr
dereference in r128 (radeon) driver]
- RESERVED
+CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before
...)
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-3619
@@ -277,6 +329,7 @@
[lenny] - liboping <not-affected> (doesn't have -f option yet)
[etch] - liboping <not-affected> (doesn't have -f option yet)
CVE-2009-3613 (The swiotlb functionality in the r8169 driver in
drivers/net/r8169.c ...)
+ {DSA-1915-1}
- linux-2.6 2.6.29-1 (medium)
- linux-2.6.24 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4
@@ -768,42 +821,42 @@
RESERVED
CVE-2009-3410
RESERVED
-CVE-2009-3409
- RESERVED
-CVE-2009-3408
- RESERVED
-CVE-2009-3407
- RESERVED
-CVE-2009-3406
- RESERVED
-CVE-2009-3405
- RESERVED
-CVE-2009-3404
- RESERVED
-CVE-2009-3403
- RESERVED
-CVE-2009-3402
- RESERVED
-CVE-2009-3401
- RESERVED
-CVE-2009-3400
- RESERVED
-CVE-2009-3399
- RESERVED
+CVE-2009-3409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM
(TAM) ...)
+ TODO: check
+CVE-2009-3408 (Unspecified vulnerability in the Oracle Application Object
Library ...)
+ TODO: check
+CVE-2009-3407 (Unspecified vulnerability in the Portal component in Oracle ...)
+ TODO: check
+CVE-2009-3406 (Unspecified vulnerability in the JD Edwards Tools component in
Oracle ...)
+ TODO: check
+CVE-2009-3405 (Unspecified vulnerability in the JD Edwards Tools component in
Oracle ...)
+ TODO: check
+CVE-2009-3404 (Unspecified vulnerability in the PeopleSoft PeopleTools &
Enterprise ...)
+ TODO: check
+CVE-2009-3403 (Unspecified vulnerability in the JRockit component in BEA
Product ...)
+ TODO: check
+CVE-2009-3402 (Unspecified vulnerability in the Oracle Applications Framework
...)
+ TODO: check
+CVE-2009-3401 (Unspecified vulnerability in the Oracle Applications Technology
Stack ...)
+ TODO: check
+CVE-2009-3400 (Unspecified vulnerability in the Oracle Advanced Benefits
component in ...)
+ TODO: check
+CVE-2009-3399 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
CVE-2009-3398
RESERVED
-CVE-2009-3397
- RESERVED
-CVE-2009-3396
- RESERVED
-CVE-2009-3395
- RESERVED
+CVE-2009-3397 (Unspecified vulnerability in the Oracle Application Object
Library ...)
+ TODO: check
+CVE-2009-3396 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
+CVE-2009-3395 (Unspecified vulnerability in the AutoVue component in Oracle
...)
+ TODO: check
CVE-2009-3394
RESERVED
-CVE-2009-3393
- RESERVED
-CVE-2009-3392
- RESERVED
+CVE-2009-3393 (Unspecified vulnerability in the Oracle Application Object
Library ...)
+ TODO: check
+CVE-2009-3392 (Unspecified vulnerability in the Agile Engineering Data
Management ...)
+ TODO: check
CVE-2009-XXXX [merkaartor merkaartor.log minor symlink attack]
- merkaartor 0.14+svnfixes~20090912-2 (unimportant; bug #548546)
[lenny] - merkaartor <not-affected> (vulnerable code not present)
@@ -1068,7 +1121,7 @@
CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to
cause a ...)
NOT-FOR-US: Apple Safari on iPhone OS 3.0.1
CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM
in the ...)
- {DSA-1907-1 DTSA-203-1}
+ {DSA-1915-1 DSA-1907-1 DTSA-203-1}
- linux-2.6 2.6.31-1 (medium)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
- linux-2.6.24 <not-affected> (introduced in 2.6.25)
@@ -1079,6 +1132,7 @@
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
- linux-2.6.24 <not-affected> (introduced in 2.6.28)
CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions,
does ...)
+ {DSA-1915-1}
- linux-2.6 2.6.30-1 (low)
- linux-2.6.24 <removed>
CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows
remote ...)
@@ -1977,10 +2031,12 @@
CVE-2009-3003 (Microsoft Internet Explorer 6 through 8 allows remote attackers
to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3002 (The Linux kernel before 2.6.31-rc7 does not initialize certain
data ...)
+ {DSA-1915-1}
- linux-2.6 2.6.30-7 (low)
- linux-2.6.24 <removed>
NOTE: minor info leaks
CVE-2009-3001 (The llc_ui_getname function in net/llc/af_llc.c in the Linux
kernel ...)
+ {DSA-1915-1}
- linux-2.6 2.6.30-7 (low)
- linux-2.6.24 <removed>
NOTE: minor info leak
@@ -2281,19 +2337,16 @@
CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in
ikiwiki ...)
{DSA-1875-1}
- ikiwiki 3.1415926
-CVE-2009-2943 [postgresql-ocaml: missing escape function]
- RESERVED
+CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for
PostgreSQL ...)
{DSA-1909-1}
- postgresql-ocaml 1.12.1-1 (low)
-CVE-2009-2942 [mysql-ocaml: missing escape function]
- RESERVED
+CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly
support the ...)
{DSA-1910-1}
- mysql-ocaml <unfixed> (low)
CVE-2009-2941 [pgtcl: missing escape function]
RESERVED
- pgtcl <unfixed> (low)
-CVE-2009-2940 [pygresql: missing escape function]
- RESERVED
+CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly
support ...)
{DSA-1911-1}
- pygresql 1:4.0-1 (low)
CVE-2009-2939 (The postfix.postinst script in the Debian GNU/Linux and Ubuntu
postfix ...)
@@ -2444,17 +2497,19 @@
NOT-FOR-US: XZero Community Classified
CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8
through ...)
NOT-FOR-US: Sun Solaris
-CVE-2009-2911 [systemtap DoS]
- RESERVED
+CVE-2009-2911 (SystemTap 1.0, when the --unprivileged option is used, does not
...)
- systemtap 1.0-2 (bug #551918)
[lenny] - systemtap <not-affected> (Affected functionality only added
in 1.0)
CVE-2009-2910 (arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4
on the ...)
+ {DSA-1915-1}
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <unfixed> (medium)
CVE-2009-2909 (Integer signedness error in the ax25_setsockopt function in ...)
+ {DSA-1915-1}
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the
Linux ...)
+ {DSA-1915-1}
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
- linux-2.6.24 <removed> (medium)
@@ -2469,6 +2524,7 @@
CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature
in ...)
- openssh <not-affected> (issue with homechroot patch specific to Red
Hat)
CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel
2.4.x ...)
+ {DSA-1915-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
CVE-2009-2902
@@ -3269,6 +3325,7 @@
CVE-2009-2696
RESERVED
CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent
mmap ...)
+ {DSA-1915-1}
- linux-2.6 2.6.31-1 (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-2694 (The msn_slplink_process_msg function in ...)
@@ -5223,32 +5280,32 @@
NOT-FOR-US: Dokeos
CVE-2009-2003 (Ascad Networks Password Protector SD 1.3.1 allows remote
attackers to ...)
NOT-FOR-US: Ascad Networks Password Protector
-CVE-2009-2002
- RESERVED
-CVE-2009-2001
- RESERVED
-CVE-2009-2000
- RESERVED
-CVE-2009-1999
- RESERVED
-CVE-2009-1998
- RESERVED
-CVE-2009-1997
- RESERVED
+CVE-2009-2002 (Unspecified vulnerability in the WebLogic Portal component in
BEA ...)
+ TODO: check
+CVE-2009-2001 (Unspecified vulnerability in the PL/SQL component in Oracle
Database ...)
+ TODO: check
+CVE-2009-2000 (Unspecified vulnerability in the Authentication component in
Oracle ...)
+ TODO: check
+CVE-2009-1999 (Unspecified vulnerability in the Business Intelligence
Enterprise ...)
+ TODO: check
+CVE-2009-1998 (Unspecified vulnerability in the Oracle Communications Order
and ...)
+ TODO: check
+CVE-2009-1997 (Unspecified vulnerability in the Authentication component in
Oracle ...)
+ TODO: check
CVE-2009-1996
RESERVED
-CVE-2009-1995
- RESERVED
-CVE-2009-1994
- RESERVED
-CVE-2009-1993
- RESERVED
-CVE-2009-1992
- RESERVED
-CVE-2009-1991
- RESERVED
-CVE-2009-1990
- RESERVED
+CVE-2009-1995 (Unspecified vulnerability in the Advanced Queuing component in
Oracle ...)
+ TODO: check
+CVE-2009-1994 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
+ TODO: check
+CVE-2009-1993 (Unspecified vulnerability in the Application Express component
in ...)
+ TODO: check
+CVE-2009-1992 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
+ TODO: check
+CVE-2009-1991 (Unspecified vulnerability in the Oracle Text component in
Oracle ...)
+ TODO: check
+CVE-2009-1990 (Unspecified vulnerability in the Business Intelligence
Enterprise ...)
+ TODO: check
CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS
component ...)
NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
eProfile ...)
@@ -5257,8 +5314,8 @@
NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1986 (Unspecified vulnerability in the Oracle Applications Manager
component ...)
NOT-FOR-US: Oracle Applications Manager
-CVE-2009-1985
- RESERVED
+CVE-2009-1985 (Unspecified vulnerability in the Network Authentication
component in ...)
+ TODO: check
CVE-2009-1984 (Unspecified vulnerability in the Application Install component
in ...)
NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in
Oracle ...)
@@ -5269,8 +5326,8 @@
NOT-FOR-US: Siebel Product Suite
CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object
Library ...)
NOT-FOR-US: Oracle E-Business Suite
-CVE-2009-1979
- RESERVED
+CVE-2009-1979 (Unspecified vulnerability in the Network Authentication
component in ...)
+ TODO: check
CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
NOT-FOR-US: Oracle Secure Backup
CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
@@ -5283,10 +5340,10 @@
NOT-FOR-US: BEA WebLogic
CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database
component in ...)
NOT-FOR-US: Oracle Database
-CVE-2009-1972
- RESERVED
-CVE-2009-1971
- RESERVED
+CVE-2009-1972 (Unspecified vulnerability in the Auditing component in Oracle
Database ...)
+ TODO: check
+CVE-2009-1971 (Unspecified vulnerability in the Data Pump component in Oracle
...)
+ TODO: check
CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle
Database ...)
NOT-FOR-US: Oracle Database
CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle
Database ...)
@@ -5297,10 +5354,10 @@
NOT-FOR-US: Oracle Database
CVE-2009-1966 (Unspecified vulnerability in the Config Management component in
(1) ...)
NOT-FOR-US: Oracle Database
-CVE-2009-1965
- RESERVED
-CVE-2009-1964
- RESERVED
+CVE-2009-1965 (Unspecified vulnerability in the Net Foundation Layer component
in ...)
+ TODO: check
+CVE-2009-1964 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+ TODO: check
CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component
in ...)
NOT-FOR-US: Oracle Database
CVE-2008-6832 (Cross-site request forgery (CSRF) vulnerability in Atlassian
JIRA ...)
@@ -6698,8 +6755,8 @@
NOT-FOR-US: PuterJam's Blog
CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4
allows ...)
NOT-FOR-US: Pragyan CMS
-CVE-2009-1479
- RESERVED
+CVE-2009-1479 (Directory traversal vulnerability in client/desktop/default.htm
in ...)
+ TODO: check
CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl
handlers in ...)
NOT-FOR-US: Solaris
CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does
not end ...)
@@ -8543,8 +8600,8 @@
NOT-FOR-US: Oracle Database
CVE-2009-1019 (Unspecified vulnerability in the Network Authentication
component in ...)
NOT-FOR-US: Oracle Database
-CVE-2009-1018
- RESERVED
+CVE-2009-1018 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+ TODO: check
CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in
Oracle ...)
NOT-FOR-US: Oracle Application Server
CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
@@ -8565,8 +8622,8 @@
NOT-FOR-US: Oracle Application Server
CVE-2009-1008 (Unspecified vulnerability in the Outside In Technology
component in ...)
NOT-FOR-US: Oracle Application Server
-CVE-2009-1007
- RESERVED
+CVE-2009-1007 (Unspecified vulnerability in the Data Mining component in
Oracle ...)
+ TODO: check
CVE-2009-1006 (Unspecified vulnerability in the JRockit component in BEA
Product ...)
NOT-FOR-US: BEA Product Suite
CVE-2009-1005 (Unspecified vulnerability in the Oracle Data Service Integrator
...)
@@ -17811,10 +17868,10 @@
- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
- linux-2.6 2.6.26-5
[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in
2.6.26)
-CVE-2008-3685
- RESERVED
-CVE-2008-3684
- RESERVED
+CVE-2008-3685 (Directory traversal vulnerability in aws_tmxn.exe in the Admin
Agent ...)
+ TODO: check
+CVE-2008-3684 (Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent
service ...)
+ TODO: check
CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java
System Web ...)
NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty
allows ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
