Author: joeyh
Date: 2010-01-13 21:14:24 +0000 (Wed, 13 Jan 2010)
New Revision: 13806
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-13 21:10:58 UTC (rev 13805)
+++ data/CVE/list 2010-01-13 21:14:24 UTC (rev 13806)
@@ -1,3 +1,93 @@
+CVE-2010-0309
+ RESERVED
+CVE-2010-0308
+ RESERVED
+CVE-2010-0307
+ RESERVED
+CVE-2010-0306
+ RESERVED
+CVE-2010-0305
+ RESERVED
+CVE-2010-0304
+ RESERVED
+CVE-2010-0303
+ RESERVED
+CVE-2010-0302
+ RESERVED
+CVE-2010-0301
+ RESERVED
+CVE-2010-0300
+ RESERVED
+CVE-2010-0299
+ RESERVED
+CVE-2010-0298
+ RESERVED
+CVE-2010-0297
+ RESERVED
+CVE-2010-0296
+ RESERVED
+CVE-2010-0295
+ RESERVED
+CVE-2010-0294
+ RESERVED
+CVE-2010-0293
+ RESERVED
+CVE-2010-0292
+ RESERVED
+CVE-2010-0291
+ RESERVED
+CVE-2010-0290
+ RESERVED
+CVE-2010-0289
+ RESERVED
+CVE-2010-0288
+ RESERVED
+CVE-2010-0287
+ RESERVED
+CVE-2010-0286
+ RESERVED
+CVE-2010-0285
+ RESERVED
+CVE-2010-0284
+ RESERVED
+CVE-2010-0283
+ RESERVED
+CVE-2010-0282
+ RESERVED
+CVE-2010-0281
+ RESERVED
+CVE-2010-0280
+ RESERVED
+CVE-2010-0279 (Unrestricted file upload vulnerability in upload.php in BTS-GI
Read ...)
+ TODO: check
+CVE-2010-0278 (A certain ActiveX control in msgsc.14.0.8089.726.dll in
Microsoft ...)
+ TODO: check
+CVE-2009-4608 (Cross-site scripting (XSS) vulnerability in Canon IT Solutions
Inc. ...)
+ TODO: check
+CVE-2009-4607 (The command line interface in Overland Storage Snap Server 410
with ...)
+ TODO: check
+CVE-2009-4606 (South River Technologies WebDrive 9.02 build 2232 installs the
...)
+ TODO: check
+CVE-2009-4604 (PHP remote file inclusion vulnerability in mamboleto.php in the
...)
+ TODO: check
+CVE-2009-4603 (Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel
6.40, ...)
+ TODO: check
+CVE-2009-4602 (Cross-site scripting (XSS) vulnerability in the Randomizer
module 5.x ...)
+ TODO: check
+CVE-2009-4601 (Cross-site scripting (XSS) vulnerability in
basic_search_result.php in ...)
+ TODO: check
+CVE-2009-4600 (SQL injection vulnerability in realestate20/loginaction.php in
NetArt ...)
+ TODO: check
+CVE-2009-4599 (Multiple SQL injection vulnerabilities in the JS Jobs
(com_jsjobs) ...)
+ TODO: check
+CVE-2009-4598 (SQL injection vulnerability in the JPhoto (com_jphoto)
component 1.0 ...)
+ TODO: check
+CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP
Inventory ...)
+ TODO: check
+CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP
Inventory ...)
+ TODO: check
+CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2
allows ...)
+ TODO: check
CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4
and ...)
- pidgin <unfixed>
TODO: check
@@ -116,6 +206,7 @@
CVE-2010-0220 (The nsObserverList::FillObserverArray function in ...)
TODO: check
CVE-2009-4605 [phpMyAdmin 2.11.10 unserialize fix]
+ RESERVED
- phpmyadmin <not-affected> (Vulnerable code removed)
[lenny] - phpmyadmin <unfixed>
[etch] - phpmyadmin <unfixed>
@@ -480,17 +571,14 @@
RESERVED
CVE-2010-0096
RESERVED
-CVE-2009-4538 [incorrect fix for CVE-2009-1385 on the e1000e driver]
- RESERVED
+CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux
kernel ...)
- linux-2.6 <unfixed> (low; bug #564114)
- linux-2.6.24 <removed> (low)
NOTE: just like CVE-2009-4536 but was reported later
-CVE-2009-4537 [linux DoS introduced by CVE-2009-1389 fix]
- RESERVED
+CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel
2.6.32.3 ...)
- linux-2.6 <unfixed> (medium; bug #564110)
- linux-2.6.24 <removed> (medium)
-CVE-2009-4536 [linux incorrect fix for CVE-2009-1385]
- RESERVED
+CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux
kernel ...)
- linux-2.6 <unfixed> (low; bug #564114)
- linux-2.6.24 <removed> (low)
CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain
the ...)
@@ -640,7 +728,8 @@
NOT-FOR-US: MailSite
CVE-2009-4482 (Buffer overflow in MediaServer.exe in TVersity 1.6 allows
remote ...)
NOT-FOR-US: TVersity
-CVE-2009-4481 (Unspecified vulnerability in radiusd in FreeRADIUS 1.1.7 allows
remote ...)
+CVE-2009-4481
+ REJECTED
NOTE: dup of CVE-2009-3111
CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77
might ...)
NOT-FOR-US: AzeoTech DAQFactory
@@ -687,9 +776,11 @@
CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining
the ...)
- redmine <unfixed> (bug #563940)
CVE-2008-7252 [phpMyAdmin tempfile issue]
+ RESERVED
- phpmyadmin 4:3.0.0-1
NOTE:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
CVE-2008-7251 [phpMyAdmin tempfile issue]
+ RESERVED
- phpmyadmin 4:3.0.0-1
NOTE:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis
Report ...)
@@ -904,36 +995,36 @@
RESERVED
CVE-2010-0081
RESERVED
-CVE-2010-0080
- RESERVED
-CVE-2010-0079
- RESERVED
-CVE-2010-0078
- RESERVED
-CVE-2010-0077
- RESERVED
-CVE-2010-0076
- RESERVED
-CVE-2010-0075
- RESERVED
-CVE-2010-0074
- RESERVED
+CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM -
eProfile ...)
+ TODO: check
+CVE-2010-0079 (Multiple vulnerabilities in the JRockit component in BEA
Product Suite ...)
+ TODO: check
+CVE-2010-0078 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
+CVE-2010-0077 (Unspecified vulnerability in the CRM Technical Foundation
(mobile) ...)
+ TODO: check
+CVE-2010-0076 (Unspecified vulnerability in the Application Express
Application ...)
+ TODO: check
+CVE-2010-0075 (Unspecified vulnerability in the Oracle HRMS (Self Service)
component ...)
+ TODO: check
+CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
CVE-2010-0073
RESERVED
-CVE-2010-0072
- RESERVED
-CVE-2010-0071
- RESERVED
-CVE-2010-0070
- RESERVED
-CVE-2010-0069
- RESERVED
-CVE-2010-0068
- RESERVED
-CVE-2010-0067
- RESERVED
-CVE-2010-0066
- RESERVED
+CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+ TODO: check
+CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle
Database ...)
+ TODO: check
+CVE-2010-0070 (Unspecified vulnerability in the Oracle Containers for J2EE
component ...)
+ TODO: check
+CVE-2010-0069 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
+CVE-2010-0068 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+ TODO: check
+CVE-2010-0067 (Unspecified vulnerability in the Oracle Containers for J2EE
component ...)
+ TODO: check
+CVE-2010-0066 (Unspecified vulnerability in the Access Manager Identity Server
...)
+ TODO: check
CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4, when
running on ...)
- wireshark <not-affected> (Windows-specific)
CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through
1.2.4 ...)
@@ -993,6 +1084,7 @@
NOT-FOR-US: Winamp
CVE-2009-4355 [openssl/mod_ssl/php-curl memory leak]
RESERVED
+ {DSA-1970-1}
- openssl <unfixed> (low)
[etch] - openssl <not-affected> (affects only 0.9.8f and later)
NOTE: apache2 packages in squeeze/sid do not seem to allow exploit
@@ -3125,8 +3217,7 @@
NOTE: fixed in upstream 2.6.32-rc4
- linux-2.6.24 <not-affected> (introduced in 2.6.25)
- kvm <removed> (medium; bug #562076)
-CVE-2009-3637 [alien-arena remote arbitrary code execution]
- RESERVED
+CVE-2009-3637 (Stack-based buffer overflow in the M_AddToServerList function
in ...)
- alien-arena <unfixed> (medium; bug #552038)
[lenny] - alien-arena <no-dsa> (Contrib not supported)
TODO: next point-release: [lenny] - alien-arena 7.0-1+lenny1
@@ -3795,20 +3886,20 @@
NOT-FOR-US: Plume CMS
CVE-2009-3417 (SQL injection vulnerability in the IDoBlog (com_idoblog)
component 1.1 ...)
NOT-FOR-US: IDoBlog component Joomla
-CVE-2009-3416
- RESERVED
-CVE-2009-3415
- RESERVED
-CVE-2009-3414
- RESERVED
-CVE-2009-3413
- RESERVED
-CVE-2009-3412
- RESERVED
-CVE-2009-3411
- RESERVED
-CVE-2009-3410
- RESERVED
+CVE-2009-3416 (Unspecified vulnerability in the Oracle Application Object
Library ...)
+ TODO: check
+CVE-2009-3415 (Unspecified vulnerability in the Oracle OLAP component in
Oracle ...)
+ TODO: check
+CVE-2009-3414 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
+ TODO: check
+CVE-2009-3413 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
+ TODO: check
+CVE-2009-3412 (Unspecified vulnerability in the Unzip component in Oracle
Database ...)
+ TODO: check
+CVE-2009-3411 (Unspecified vulnerability in the Oracle Data Pump component in
Oracle ...)
+ TODO: check
+CVE-2009-3410 (Unspecified vulnerability in the RDBMS component in Oracle
Database ...)
+ TODO: check
CVE-2009-3409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM
(TAM) ...)
NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3408 (Unspecified vulnerability in the Oracle Application Object
Library ...)
@@ -8450,8 +8541,8 @@
NOT-FOR-US: Oracle Industry Applications
CVE-2009-1997 (Unspecified vulnerability in the Authentication component in
Oracle ...)
NOT-FOR-US: Oracle Database
-CVE-2009-1996
- RESERVED
+CVE-2009-1996 (Unspecified vulnerability in the Logical Standby component in
Oracle ...)
+ TODO: check
CVE-2009-1995 (Unspecified vulnerability in the Advanced Queuing component in
Oracle ...)
NOT-FOR-US: Oracle Database
CVE-2009-1994 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
