diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
| commit | b52483e988b611ffa7ff016030b0a61101f28219 (patch) | |
| tree | 440ead7c2c2cb0bf02ecc5929bee37f271401d72 /data/CVE/2009.list | |
| parent | 48e42f485f4e01f92211c58abc88e5304d6a9667 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2009.list')
| -rw-r--r-- | data/CVE/2009.list | 9736 |
1 files changed, 4868 insertions, 4868 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index b55d9ec6f2..c4052abaf5 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1,4 +1,4 @@ -CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in ...) +CVE-2009-5155 [experimental] - gnulib 20180621~6979c25-1 - gnulib 20140202+stable-3.2 (bug #924613) - glibc 2.28-1 @@ -12,21 +12,21 @@ CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=11053 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18986 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672 -CVE-2009-5154 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a ...) +CVE-2009-5154 NOT-FOR-US: MOBOTIX -CVE-2009-5153 (In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing ...) +CVE-2009-5153 NOT-FOR-US: Novell NetWare -CVE-2009-5152 (Absolute Computrace Agent, as distributed on certain Dell Inspiron ...) +CVE-2009-5152 NOT-FOR-US: Absolute Computrace Agent -CVE-2009-5151 (The stub component of Absolute Computrace Agent V70.785 executes code ...) +CVE-2009-5151 NOT-FOR-US: Absolute Computrace Agent -CVE-2009-5150 (Absolute Computrace Agent V80.845 and V80.866 does not have a digital ...) +CVE-2009-5150 NOT-FOR-US: Absolute Computrace Agent -CVE-2009-5149 (Arris DG860A, TG862A, and TG862G devices with firmware ...) +CVE-2009-5149 NOT-FOR-US: Arris hardware CVE-2009-5148 RESERVED -CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel ...) +CVE-2009-5147 {DLA-300-1 DLA-299-1} - ruby1.8 <removed> [wheezy] - ruby1.8 <no-dsa> (Minor issue) @@ -50,86 +50,86 @@ CVE-2009-5146 [memory leak in hostname TLS extension] NOTE: Fixed by: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424 (OpenSSL_0_9_8k) NOTE: Introduced by: https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315 (OpenSSL_0_9_8f) NOTE: http://www.openwall.com/lists/oss-security/2015/03/16/4 -CVE-2009-5145 (Cross-site scripting (XSS) vulnerability in ZMI pages that use the ...) +CVE-2009-5145 - zope2.12 2.12.10-1 -CVE-2009-5144 (mod-gnutls does not validate client certificates when ...) +CVE-2009-5144 - mod-gnutls 0.5.6-1 (bug #578663) NOTE: http://issues.outoforder.cc/view.php?id=93 -CVE-2009-5143 (GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) ...) +CVE-2009-5143 NOT-FOR-US: GE Healthcare Discovery 530C -CVE-2009-5142 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...) +CVE-2009-5142 NOT-FOR-US: TimThumb -CVE-2009-5141 (Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 ...) +CVE-2009-5141 NOT-FOR-US: War FTP Daemon CVE-2009-5140 RESERVED CVE-2009-5139 RESERVED -CVE-2009-5138 (GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag ...) +CVE-2009-5138 - gnutls26 2.7.12-1 - gnutls28 <not-affected> (Only affects versions before 2.7.6) NOTE: Only affects version prior of 2.7.6, fix: https://gitlab.com/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd NOTE: and the issue has different root than CVE-2014-1959 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1069301 -CVE-2009-5137 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows ...) +CVE-2009-5137 NOT-FOR-US: CastRipper -CVE-2009-5136 (The policy definition evaluator in Condor before 7.4.2 does not ...) +CVE-2009-5136 - condor <not-affected> (Fixed before initial upload) -CVE-2009-5135 (The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows ...) +CVE-2009-5135 NOT-FOR-US: Echo -CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in ...) +CVE-2009-5134 NOT-FOR-US: uTorrent CVE-2009-5133 RESERVED -CVE-2009-5132 (The Filtering Service in Websense Web Security and Web Filter before ...) +CVE-2009-5132 NOT-FOR-US: Websense -CVE-2009-5131 (The Receive Service in Websense Email Security before 7.1 does not ...) +CVE-2009-5131 NOT-FOR-US: Websense -CVE-2009-5130 (The Rules Service in Websense Email Security before 7.1 allows remote ...) +CVE-2009-5130 NOT-FOR-US: Websense -CVE-2009-5129 (The Websense V10000 appliance before 1.0.1 allows remote attackers to ...) +CVE-2009-5129 NOT-FOR-US: Websense -CVE-2009-5128 (The Websense V10000 appliance before 1.0.1 allows remote attackers to ...) +CVE-2009-5128 NOT-FOR-US: Websense -CVE-2009-5127 (The Antivirus component in Comodo Internet Security before ...) +CVE-2009-5127 NOT-FOR-US: Comodo Internet Security -CVE-2009-5126 (The Antivirus component in Comodo Internet Security before ...) +CVE-2009-5126 NOT-FOR-US: Comodo Internet Security -CVE-2009-5125 (Comodo Internet Security before 3.9.95478.509 allows remote attackers ...) +CVE-2009-5125 NOT-FOR-US: Comodo Internet Security -CVE-2009-5124 (The Antivirus component in Comodo Internet Security before ...) +CVE-2009-5124 NOT-FOR-US: Comodo Internet Security -CVE-2009-5123 (The Antivirus component in Comodo Internet Security before ...) +CVE-2009-5123 NOT-FOR-US: Comodo Internet Security -CVE-2009-5122 (The Personal Email Manager component in Websense Email Security before ...) +CVE-2009-5122 NOT-FOR-US: Websense -CVE-2009-5121 (Websense Email Security 7.1 before Hotfix 4 allows remote attackers to ...) +CVE-2009-5121 NOT-FOR-US: Websense -CVE-2009-5120 (The default configuration of Apache Tomcat in Websense Manager in ...) +CVE-2009-5120 NOT-FOR-US: Websense -CVE-2009-5119 (The default configuration of Apache Tomcat in Websense Manager in ...) +CVE-2009-5119 NOT-FOR-US: Websense -CVE-2009-5118 (Untrusted search path vulnerability in McAfee VirusScan Enterprise ...) +CVE-2009-5118 NOT-FOR-US: McAfee -CVE-2009-5117 (The Web Post Protection feature in McAfee Host Data Loss Prevention ...) +CVE-2009-5117 NOT-FOR-US: McAfee -CVE-2009-5116 (McAfee LinuxShield 1.5.1 and earlier does not properly implement ...) +CVE-2009-5116 NOT-FOR-US: McAfee -CVE-2009-5115 (McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 ...) +CVE-2009-5115 NOT-FOR-US: McAfee -CVE-2009-5114 (Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 ...) +CVE-2009-5114 NOT-FOR-US: WebGlimpse -CVE-2009-5113 (Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse ...) +CVE-2009-5113 NOT-FOR-US: WebGlimpse -CVE-2009-5112 (wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers ...) +CVE-2009-5112 NOT-FOR-US: WebGlimpse -CVE-2009-5111 (GoAhead WebServer allows remote attackers to cause a denial of service ...) +CVE-2009-5111 NOT-FOR-US: GoAhead WebServer -CVE-2009-5110 (dhttpd allows remote attackers to cause a denial of service (daemon ...) +CVE-2009-5110 - dhttpd <removed> (low; bug #533665) [squeeze] - dhttpd <no-dsa> (Minor issue) [lenny] - dhttpd <no-dsa> (Minor issue) -CVE-2009-5109 (Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows ...) +CVE-2009-5109 NOT-FOR-US: Mini-Stream Ripper CVE-2009-5108 REJECTED @@ -141,77 +141,77 @@ CVE-2009-5105 RESERVED CVE-2009-5104 RESERVED -CVE-2009-5103 (Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP ...) +CVE-2009-5103 NOT-FOR-US: ATCOM Netvolution -CVE-2009-5102 (SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ...) +CVE-2009-5102 NOT-FOR-US: ATCOM Netvolution -CVE-2009-5101 (Pentaho BI Server 1.7.0.1062 and earlier includes the session ID ...) +CVE-2009-5101 NOT-FOR-US: Pentaho BI Server -CVE-2009-5100 (Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete ...) +CVE-2009-5100 NOT-FOR-US: Pentaho BI Server -CVE-2009-5099 (Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI ...) +CVE-2009-5099 NOT-FOR-US: Pentaho BI Server -CVE-2009-5098 (The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not ...) +CVE-2009-5098 NOT-FOR-US: Palm WebOS -CVE-2009-5097 (Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, ...) +CVE-2009-5097 NOT-FOR-US: Palm WebOS -CVE-2009-5096 (Cross-site scripting (XSS) vulnerability in the Flag Content module ...) +CVE-2009-5096 NOT-FOR-US: Drupal module Flag Content NOTE: might get packaged -CVE-2009-5095 (PHP remote file inclusion vulnerability in index_inc.php in ea gBook ...) +CVE-2009-5095 NOT-FOR-US: ea gBook -CVE-2009-5094 (SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate ...) +CVE-2009-5094 NOT-FOR-US: CMS Faethon -CVE-2009-5093 (Directory traversal vulnerability in gastbuch.php in Gästebuch ...) +CVE-2009-5093 NOT-FOR-US: Gastebuch -CVE-2009-5092 (Cross-site scripting (XSS) vulnerability in the management interface ...) +CVE-2009-5092 NOT-FOR-US: Microsoft FAST ESP -CVE-2009-5091 (SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 ...) +CVE-2009-5091 NOT-FOR-US: Vlinks -CVE-2009-5090 (SQL injection vulnerability in editcomments.php in Bloggeruniverse ...) +CVE-2009-5090 NOT-FOR-US: Bloggeruniverse Beta 2 -CVE-2009-5089 (Directory traversal vulnerability in index.php in IdeaCart 0.02 and ...) +CVE-2009-5089 NOT-FOR-US: IdeaCart -CVE-2009-5088 (SQL injection vulnerability in secure/index.php in IdeaCart 0.02 ...) +CVE-2009-5088 NOT-FOR-US: IdeaCart -CVE-2009-5087 (Directory traversal vulnerability in geohttpserver in Geovision ...) +CVE-2009-5087 NOT-FOR-US: Geovision Digital Video Surveillance System -CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance Configuration ...) +CVE-2009-5086 NOT-FOR-US: Juniper IDP -CVE-2009-5085 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, ...) +CVE-2009-5085 NOT-FOR-US: Tivoli -CVE-2009-5084 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, ...) +CVE-2009-5084 NOT-FOR-US: Tivoli -CVE-2009-5083 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, ...) +CVE-2009-5083 NOT-FOR-US: Tivoli -CVE-2009-5082 (The (1) configure and (2) config.guess scripts in GNU troff (aka ...) +CVE-2009-5082 - groff 1.20.1-5 (unimportant; bug #538338) NOTE: Only exploitable during build -CVE-2009-5081 (The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) ...) +CVE-2009-5081 - groff 1.20.1-5 (unimportant) NOTE: Only exploitable during build -CVE-2009-5080 (The (1) contrib/eqn2graph/eqn2graph.sh, (2) ...) +CVE-2009-5080 - groff 1.20.1-5 (low; bug #538330) [lenny] - groff <no-dsa> (Minor issue) -CVE-2009-5079 (The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) ...) +CVE-2009-5079 - groff 1.20.1-5 (unimportant) -CVE-2009-5078 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 ...) +CVE-2009-5078 - groff 1.20.1-5 (low; bug #538338) [etch] - groff <not-affected> (pdfroff not yet present) [lenny] - groff <not-affected> (pdfroff not yet present) -CVE-2009-5077 (CRE Loaded before 6.2.14 allows remote attackers to bypass ...) +CVE-2009-5077 NOT-FOR-US: CRE Loaded -CVE-2009-5076 (CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, ...) +CVE-2009-5076 NOT-FOR-US: CRE Loaded -CVE-2009-5075 (Monkey's Audio before 4.02 allows remote attackers to cause a denial ...) +CVE-2009-5075 NOT-FOR-US: Monkey's Audio -CVE-2009-5074 (Unspecified vulnerability in the MojoX::Dispatcher::Static ...) +CVE-2009-5074 - libmojolicious-perl <not-affected> (Fixed before initial upload) -CVE-2009-5073 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka ...) +CVE-2009-5073 NOT-FOR-US: Tivoli -CVE-2009-5072 (Memory leak in the ldap_explode_dn function in IBM Tivoli Directory ...) +CVE-2009-5072 NOT-FOR-US: Tivoli -CVE-2009-5071 (Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown ...) +CVE-2009-5071 NOT-FOR-US: Palm WebOS CVE-2009-5070 RESERVED @@ -220,358 +220,358 @@ CVE-2009-5069 CVE-2009-5068 RESERVED NOT-FOR-US: Simple Machines Forum -CVE-2009-5067 (Directory traversal vulnerability in html2ps before 1.0b6 allows ...) +CVE-2009-5067 - html2ps 1.0b7-1 (low; bug #548633) [squeeze] - html2ps <no-dsa> (Minor issue) -CVE-2009-5066 (twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials ...) +CVE-2009-5066 - jbossas4 <not-affected> (twiddle.sh is included in the source package, but not in any of the binary packages) -CVE-2009-5065 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...) +CVE-2009-5065 - feedparser 5.0.1-1 (low; bug #617998) [squeeze] - feedparser <no-dsa> (Minor issue) [lenny] - feedparser <no-dsa> (Minor issue) -CVE-2009-5064 (** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and ...) +CVE-2009-5064 - eglibc 2.10.1-7 - glibc 2.10.1-7 NOTE: Obscure attack -CVE-2009-5063 (Memory leak in the embedded_profile_len function in pngwutil.c in ...) +CVE-2009-5063 - libpng 1.2.39-1 (unimportant) -CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX ...) +CVE-2009-5062 NOT-FOR-US: IBM Lotus Quickr -CVE-2009-5061 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 ...) +CVE-2009-5061 NOT-FOR-US: IBM Lotus Quickr -CVE-2009-5060 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 ...) +CVE-2009-5060 NOT-FOR-US: IBM Lotus Quickr -CVE-2009-5059 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 ...) +CVE-2009-5059 NOT-FOR-US: IBM Lotus Quickr -CVE-2009-5058 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 ...) +CVE-2009-5058 NOT-FOR-US: IBM Lotus Quickr -CVE-2009-5057 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 ...) +CVE-2009-5057 - otrs2 2.4.5-1 (low) [lenny] - otrs2 <no-dsa> (Minor issue) -CVE-2009-5056 (Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly ...) +CVE-2009-5056 - otrs2 2.4.5-1 (low) [lenny] - otrs2 <no-dsa> (Minor issue) -CVE-2009-5055 (Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on ...) +CVE-2009-5055 - otrs2 2.4.5-1 (low) [lenny] - otrs2 <no-dsa> (Minor issue) -CVE-2009-5054 (Smarty before 3.0.0 beta 4 does not consider the umask value when ...) +CVE-2009-5054 - smarty3 3.0~rc1-1 - smarty <removed> [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts) -CVE-2009-5053 (Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote ...) +CVE-2009-5053 - smarty3 3.0~rc1-1 - smarty <removed> [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts) -CVE-2009-5052 (Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 ...) +CVE-2009-5052 - smarty3 3.0~rc1-1 - smarty <removed> [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts) -CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session ...) +CVE-2009-5051 - hastymail <removed> -CVE-2009-5040 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote ...) +CVE-2009-5040 NOT-FOR-US: Cisco IOS -CVE-2009-5039 (Memory leak in the gk_circuit_info_do_in_acf function in the H.323 ...) +CVE-2009-5039 NOT-FOR-US: Cisco IOS -CVE-2009-5038 (Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during ...) +CVE-2009-5038 NOT-FOR-US: Cisco IOS -CVE-2009-5037 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) +CVE-2009-5037 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-5036 (traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows ...) +CVE-2009-5036 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2009-5035 (The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not ...) +CVE-2009-5035 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2009-5034 (IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated ...) +CVE-2009-5034 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2009-5033 (IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* ...) +CVE-2009-5033 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2009-5032 (The encrypted e-mail feature in IBM Lotus Notes Traveler before ...) +CVE-2009-5032 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2009-5031 (ModSecurity before 2.5.11 treats request parameter values containing ...) +CVE-2009-5031 - modsecurity-apache <not-affected> (Fixed before initial upload) - libapache-mod-security 2.5.12-1 NOTE: https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366 NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1 NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2 -CVE-2009-5030 (The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 ...) +CVE-2009-5030 {DSA-2629-1} - openjpeg 1.3+dfsg-4.1 (medium; bug #672455) NOTE: Upstream ticket http://code.google.com/p/openjpeg/issues/detail?id=5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812317 -CVE-2009-5029 (Integer overflow in the __tzfile_read function in glibc before 2.15 ...) +CVE-2009-5029 - eglibc 2.13-24 (low; bug #656108) [squeeze] - eglibc 2.11.3-3 - glibc 2.13-24 NOTE: http://support.novell.com/security/cve/CVE-2009-5029.html NOTE: https://bugzilla.novell.com/show_bug.cgi?id=735850 -CVE-2009-5028 (Stack-based buffer overflow in Namazu before 2.0.20 allows remote ...) +CVE-2009-5028 - namazu2 2.0.20-1.0 (low) CVE-2009-5027 REJECTED -CVE-2009-5026 (The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x ...) +CVE-2009-5026 - mysql-5.1 5.1.53-1 CVE-2009-5025 [PyForum XSS+CSRF] RESERVED NOT-FOR-US: PyForum -CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb ...) +CVE-2009-5024 {DSA-2563-1} - viewvc 1.1.5-1.3 (bug #671482) -CVE-2009-5023 (The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, ...) +CVE-2009-5023 - fail2ban 0.8.4+svn20110323-1 (low; bug #544232) [lenny] - fail2ban <no-dsa> (Minor issue) [squeeze] - fail2ban 0.8.4-3+squeeze1 -CVE-2009-5022 (Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in ...) +CVE-2009-5022 {DSA-2256-1} - tiff 3.9.5-1 (bug #624287) - tiff3 <not-affected> (fixed before initial upload) [lenny] - tiff <not-affected> (3.9+ only) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=1999 -CVE-2009-5021 (Cobbler before 1.6.1 does not properly determine whether an ...) +CVE-2009-5021 - cobbler <not-affected> (Fixed before initial upload) -CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...) +CVE-2009-5020 - awstats 6.9.5~dfsg-1 (unimportant) -CVE-2009-5019 (Web Wiz NewsPad stores sensitive information under the web root with ...) +CVE-2009-5019 NOT-FOR-US: Web Wiz NewsPad -CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ...) +CVE-2009-5017 - xulrunner <undetermined> [wheezy] - xulrunner <end-of-life> (no detailed information available) -CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ...) +CVE-2009-5016 - php5 5.3.3-4 [lenny] - php5 5.2.6.dfsg.1-1+lenny10 [squeeze] - php5 5.3.3-7+squeeze1 NOTE: Also fixed by debian/patches/CVE-2010-3870.patch -CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 ...) +CVE-2009-5015 - turbogears2 2.0.3-1 -CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before ...) +CVE-2009-5014 - turbogears2 2.0.3-1 -CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib ...) +CVE-2009-5013 - python-pyftpdlib 0.5.2-1 -CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2 does not require the l ...) +CVE-2009-5012 - python-pyftpdlib 0.5.2-1 -CVE-2009-5011 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...) +CVE-2009-5011 - python-pyftpdlib 0.5.2-1 -CVE-2009-5010 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...) +CVE-2009-5010 - python-pyftpdlib <not-affected> (Fixed before initial upload to the archive) -CVE-2009-5009 (Double free vulnerability in OpenConnect before 1.40 might allow ...) +CVE-2009-5009 - openconnect 1.40-1 -CVE-2009-5008 (Cisco Secure Desktop (CSD), when used in conjunction with an ...) +CVE-2009-5008 NOT-FOR-US: isco Secure Desktop -CVE-2009-5007 (The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows ...) +CVE-2009-5007 NOT-FOR-US: Cisco AnyConnect SSL VPN trial client -CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in ...) +CVE-2009-5006 - qpid-cpp <not-affected> (Fixed before initial upload to archive) -CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache ...) +CVE-2009-5005 - qpid-cpp <not-affected> (Fixed before initial upload to archive) CVE-2009-5004 RESERVED - qpid-cpp <not-affected> (Fixed before initial upload to archive) -CVE-2009-5003 (SQL injection vulnerability in click.php in e-soft24 Banner Exchange ...) +CVE-2009-5003 NOT-FOR-US: e-soft24 Banner Exchange Script -CVE-2009-5002 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) +CVE-2009-5002 NOT-FOR-US: IBM FileNet P8 Application Engine -CVE-2009-5001 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) +CVE-2009-5001 NOT-FOR-US: IBM FileNet P8 Application Engine -CVE-2009-5000 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ...) +CVE-2009-5000 NOT-FOR-US: IBM FileNet P8 Application Engine -CVE-2009-4999 (Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) ...) +CVE-2009-4999 NOT-FOR-US: IBM FileNet P8 Application Engine -CVE-2009-4998 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) +CVE-2009-4998 NOT-FOR-US: IBM FileNet P8 Application Engine -CVE-2009-4997 (gnome-power-manager 2.27.92 does not properly implement the ...) +CVE-2009-4997 - gnome-power-manager 2.28.0-1 (unimportant) -CVE-2009-4996 (** DISPUTED ** ...) +CVE-2009-4996 NOTE: Disputed non-issue -CVE-2009-4995 (Cross-site scripting (XSS) vulnerability in frmTickets.aspx in ...) +CVE-2009-4995 NOT-FOR-US: SmarterTools SmarterTrack -CVE-2009-4994 (Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in ...) +CVE-2009-4994 NOT-FOR-US: SmarterTools SmarterTrack -CVE-2009-4993 (PHP remote file inclusion vulnerability in home.php in LM Starmail ...) +CVE-2009-4993 NOT-FOR-US: LM Starmail Paidmail -CVE-2009-4992 (SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail ...) +CVE-2009-4992 NOT-FOR-US: LM Starmail Paidmail -CVE-2009-4991 (Cross-site scripting (XSS) vulnerability in users/resume_register.php ...) +CVE-2009-4991 NOT-FOR-US: Omnistar Recruiting -CVE-2009-4990 (Cross-site scripting (XSS) vulnerability in the Webform report module ...) +CVE-2009-4990 NOT-FOR-US: Webform report module for Drupal -CVE-2009-4989 (Cross-site scripting (XSS) vulnerability in index.php in AJ Auction ...) +CVE-2009-4989 NOT-FOR-US: AJ Auction Pro OOPD -CVE-2009-4988 (Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business ...) +CVE-2009-4988 NOT-FOR-US: SAP Business One -CVE-2009-4987 (admin/header.php in Scripteen Free Image Hosting Script 2.3 allows ...) +CVE-2009-4987 NOT-FOR-US: Scripteen Free Image Hosting Script -CVE-2009-4986 (Directory traversal vulnerability in index.php in In-Portal 4.3.1, ...) +CVE-2009-4986 NOT-FOR-US: In-Portal -CVE-2009-4985 (SQL injection vulnerability in browse.php in Accessories Me PHP ...) +CVE-2009-4985 NOT-FOR-US: Accessories Me PHP Affiliate Script -CVE-2009-4984 (Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me ...) +CVE-2009-4984 NOT-FOR-US: Accessories Me PHP Affiliate Script -CVE-2009-4983 (Multiple cross-site scripting (XSS) vulnerabilities in Silurus ...) +CVE-2009-4983 NOT-FOR-US: Silurus Classifieds -CVE-2009-4982 (SQL injection vulnerability in the select function in Irokez CMS ...) +CVE-2009-4982 NOT-FOR-US: Irokez CMS -CVE-2009-4981 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-4981 NOT-FOR-US: Photokorn Gallery -CVE-2009-4980 (Multiple cross-site scripting (XSS) vulnerabilities in Photokorn ...) +CVE-2009-4980 NOT-FOR-US: Photokorn Gallery -CVE-2009-4979 (Multiple SQL injection vulnerabilities in search.php in Photokorn ...) +CVE-2009-4979 NOT-FOR-US: Photokorn Gallery -CVE-2009-4978 (Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows ...) +CVE-2009-4978 NOT-FOR-US: MyBackup -CVE-2009-4977 (PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 ...) +CVE-2009-4977 NOT-FOR-US: MyBackup -CVE-2009-4976 (Cross-site scripting (XSS) vulnerability in webkitpart.cpp in ...) +CVE-2009-4976 - webkitkde 0.4svn1059630-1 -CVE-2009-4975 (Cross-site scripting (XSS) vulnerability in webview.cpp in ...) +CVE-2009-4975 - rekonq 0.5.0-1 -CVE-2009-4974 (Directory traversal vulnerability in box_display.php in TotalCalendar ...) +CVE-2009-4974 NOT-FOR-US: TotalCalendar -CVE-2009-4973 (SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows ...) +CVE-2009-4973 NOT-FOR-US: TotalCalendar -CVE-2009-4972 (Cross-site scripting (XSS) vulnerability in index.php (aka the log in ...) +CVE-2009-4972 NOT-FOR-US: SimpleID -CVE-2009-4971 (SQL injection vulnerability in the AJAX Chat (vjchat) extension before ...) +CVE-2009-4971 NOT-FOR-US: AJAX Chat -CVE-2009-4970 (SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for ...) +CVE-2009-4970 NOT-FOR-US: Typo3 addon -CVE-2009-4969 (SQL injection vulnerability in the Solidbase Bannermanagement ...) +CVE-2009-4969 NOT-FOR-US: Typo3 addon -CVE-2009-4968 (SQL injection vulnerability in the Event Registration (event_registr) ...) +CVE-2009-4968 NOT-FOR-US: Typo3 addon -CVE-2009-4967 (SQL injection vulnerability in the Car (car) extension before 0.1.1 ...) +CVE-2009-4967 NOT-FOR-US: Typo3 addon -CVE-2009-4966 (SQL injection vulnerability in the AST ZipCodeSearch ...) +CVE-2009-4966 NOT-FOR-US: Typo3 addon -CVE-2009-4965 (SQL injection vulnerability in the AIRware Lexicon (air_lexicon) ...) +CVE-2009-4965 NOT-FOR-US: Typo3 addon -CVE-2009-4964 (Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers ...) +CVE-2009-4964 NOT-FOR-US: KSP -CVE-2009-4963 (Cross-site scripting (XSS) vulnerability in the Commerce extension ...) +CVE-2009-4963 NOT-FOR-US: Typo3 addon -CVE-2009-4962 (Stack-based buffer overflow in Fat Player 0.6b allows remote attackers ...) +CVE-2009-4962 NOT-FOR-US: Fat Player -CVE-2009-4961 (Lanai Core 0.6 allows remote attackers to obtain configuration ...) +CVE-2009-4961 NOT-FOR-US: Lanai Core -CVE-2009-4960 (Directory traversal vulnerability in modules/backup/download.php in ...) +CVE-2009-4960 NOT-FOR-US: Lanai Core -CVE-2009-4959 (SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) ...) +CVE-2009-4959 NOT-FOR-US: T3M E-Mail Marketing Tool -CVE-2009-4958 (SQL injection vulnerability in video.php in EMO Breeder Manager (aka ...) +CVE-2009-4958 NOT-FOR-US: EMO Breader Manager -CVE-2009-4957 (Directory traversal vulnerability in loadpanel.php in Interspire ...) +CVE-2009-4957 NOT-FOR-US: Interspire ActiveKB -CVE-2009-4956 (Cross-site scripting (XSS) vulnerability in the Visitor Tracking ...) +CVE-2009-4956 NOT-FOR-US: typo3 third party component (ws_stats) -CVE-2009-4955 (SQL injection vulnerability in the ultraCards (th_ultracards) ...) +CVE-2009-4955 NOT-FOR-US: typo3 third party component (th_ultracards) -CVE-2009-4954 (SQL injection vulnerability in the Versatile Calendar Extension [VCE] ...) +CVE-2009-4954 NOT-FOR-US: typo3 third party component (sk_calendar) -CVE-2009-4953 (Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit ...) +CVE-2009-4953 NOT-FOR-US: typo3 third party component (sg_userdata) -CVE-2009-4952 (Directory traversal vulnerability in the Directory Listing ...) +CVE-2009-4952 NOT-FOR-US: typo3 third party component (dir_listing) -CVE-2009-4951 (Unspecified vulnerability in the ClickStream Analyzer [output] ...) +CVE-2009-4951 NOT-FOR-US: typo3 third party component (alternet_csa_out) -CVE-2009-4950 (SQL injection vulnerability in the A21glossary Advanced Output ...) +CVE-2009-4950 NOT-FOR-US: typo3 third party component (a21glossary_advanced_output) -CVE-2009-4949 (SQL injection vulnerability in the Store Locator extension before ...) +CVE-2009-4949 NOT-FOR-US: typo3 third party component (locator) -CVE-2009-4948 (Cross-site scripting (XSS) vulnerability in the Store Locator ...) +CVE-2009-4948 NOT-FOR-US: typo3 third party component (locator) -CVE-2009-4947 (SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 ...) +CVE-2009-4947 NOT-FOR-US: Q2 Solutions ConnX -CVE-2009-4946 (Directory traversal vulnerability in the Messaging (com_messaging) ...) +CVE-2009-4946 NOT-FOR-US: Joomla! Messaging -CVE-2009-4945 (AdPeeps 8.5d1 has a default password of admin for the admin account, ...) +CVE-2009-4945 NOT-FOR-US: AdPeeps -CVE-2009-4944 (Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab ...) +CVE-2009-4944 NOT-FOR-US: ATRC ACollab -CVE-2009-4943 (index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive ...) +CVE-2009-4943 NOT-FOR-US: AdPeeps -CVE-2009-4942 (Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows ...) +CVE-2009-4942 NOT-FOR-US: ATRC ACollab -CVE-2009-4941 (Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ...) +CVE-2009-4941 NOT-FOR-US: ATRC ACollab -CVE-2009-4940 (SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier ...) +CVE-2009-4940 NOT-FOR-US: Zeus Cart -CVE-2009-4939 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-4939 NOT-FOR-US: AdPeeps -CVE-2009-4938 (SQL injection vulnerability in the JVideo! (com_jvideo) component ...) +CVE-2009-4938 NOT-FOR-US: JVideo -CVE-2009-4937 (Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 ...) +CVE-2009-4937 NOT-FOR-US: SPirate -CVE-2009-4936 (Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 ...) +CVE-2009-4936 NOT-FOR-US: SPirate -CVE-2009-4935 (SQL injection vulnerability in ogp_show.php in Online Guestbook Pro ...) +CVE-2009-4935 NOT-FOR-US: Online Guestbook Pro -CVE-2009-4934 (Cross-site scripting (XSS) vulnerability in index.php in Online Photo ...) +CVE-2009-4934 NOT-FOR-US: Online Photo Pro -CVE-2009-4933 (Multiple SQL injection vulnerabilities in login.php in EZ Webitor ...) +CVE-2009-4933 NOT-FOR-US: EZ Webitor -CVE-2009-4932 (Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote ...) +CVE-2009-4932 NOT-FOR-US: 1by1 -CVE-2009-4931 (Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote ...) +CVE-2009-4931 NOT-FOR-US: Groovy Media Player -CVE-2009-4930 (Cross-site scripting (XSS) vulnerability in the ...) +CVE-2009-4930 NOT-FOR-US: SunGard Banner Student System -CVE-2009-4929 (admin/manage_users.php in TotalCalendar 2.4 does not require ...) +CVE-2009-4929 NOT-FOR-US: TotalCalendar -CVE-2009-4928 (PHP remote file inclusion vulnerability in config.php in TotalCalendar ...) +CVE-2009-4928 NOT-FOR-US: TotalCalendar -CVE-2009-4927 (WB News 2.1.2 allows remote attackers to bypass authentication and ...) +CVE-2009-4927 NOT-FOR-US: WB News -CVE-2009-4926 (Multiple cross-site scripting (XSS) vulnerabilities in Online Contact ...) +CVE-2009-4926 NOT-FOR-US: Online Contact Manager -CVE-2009-4925 (Multiple SQL injection vulnerabilities in Portale e-commerce Creasito ...) +CVE-2009-4925 NOT-FOR-US: Portale e-commerce Creasito -CVE-2009-4924 (Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument ...) +CVE-2009-4924 - python-cjson 1.0.5-4 (low; bug #593302) [lenny] - python-cjson <no-dsa> (Minor issue) -CVE-2009-4923 (Unspecified vulnerability in the DTLS implementation on Cisco Adaptive ...) +CVE-2009-4923 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4922 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2009-4922 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4921 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with ...) +CVE-2009-4921 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4920 (Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances ...) +CVE-2009-4920 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4919 (Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 ...) +CVE-2009-4919 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4918 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with ...) +CVE-2009-4918 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4917 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2009-4917 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4916 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2009-4916 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4915 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2009-4915 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4914 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series ...) +CVE-2009-4914 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4913 (The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2009-4913 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4912 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with ...) +CVE-2009-4912 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4911 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2009-4911 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4910 (Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco ...) +CVE-2009-4910 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct ...) +CVE-2009-4909 NOT-FOR-US: oBlog -CVE-2009-4908 (Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow ...) +CVE-2009-4908 NOT-FOR-US: oBlog -CVE-2009-4907 (Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog ...) +CVE-2009-4907 NOT-FOR-US: oBlog -CVE-2009-4906 (Cross-site request forgery (CSRF) vulnerability in index.php in Acc ...) +CVE-2009-4906 NOT-FOR-US: Acc PHP eMail -CVE-2009-4905 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-4905 NOT-FOR-US: Acc Statistics -CVE-2009-4904 (article.php in oBlog does not properly restrict comments, which allows ...) +CVE-2009-4904 NOT-FOR-US: oBlog -CVE-2009-4903 (Cross-site scripting (XSS) vulnerability in index.php in oBlog allows ...) +CVE-2009-4903 NOT-FOR-US: oBlog -CVE-2009-4902 (Buffer overflow in the MSGFunctionDemarshall function in ...) +CVE-2009-4902 - pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix) NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation NOTE: of the weird CVE assignments on this one -CVE-2009-4901 (The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC ...) +CVE-2009-4901 - pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix) NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation NOTE: of the weird CVE assignments on this one @@ -583,605 +583,605 @@ CVE-2009-4899 [pixelpost SQL injection] RESERVED - pixelpost <removed> (bug #597224) NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/ -CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 ...) +CVE-2009-4898 NOT-FOR-US: TWiki -CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier ...) +CVE-2009-4897 {DSA-2093-1} - ghostscript 8.70~dfsg-1 -CVE-2009-4896 (Multiple directory traversal vulnerabilities in the mlmmj-php-admin ...) +CVE-2009-4896 {DSA-2073-1} - mlmmj 1.2.17-1.1 (bug #588038) -CVE-2009-4895 (Race condition in the tty_fasync function in drivers/char/tty_io.c in ...) +CVE-2009-4895 {DSA-2094-1} - linux-2.6 2.6.32-9 -CVE-2009-4894 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) +CVE-2009-4894 NOT-FOR-US: PunBB -CVE-2009-4893 (Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when ...) +CVE-2009-4893 - unrealircd <itp> (bug #515130) -CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...) +CVE-2009-4892 NOT-FOR-US: Content Management System WEBjump! -CVE-2009-4891 (SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 ...) +CVE-2009-4891 NOT-FOR-US: CS-Cart -CVE-2009-4890 (Multiple cross-site scripting (XSS) vulnerabilities in the login ...) +CVE-2009-4890 NOT-FOR-US: vBook -CVE-2009-4889 (SQL injection vulnerability in books.php in the Book Panel ...) +CVE-2009-4889 NOT-FOR-US: book_panel module for php-fusion -CVE-2009-4888 (Cross-site scripting (XSS) vulnerability in poster.php in PHortail ...) +CVE-2009-4888 NOT-FOR-US: PHortail -CVE-2009-4887 (PHP remote file inclusion vulnerability in index.php in CMS S.Builder ...) +CVE-2009-4887 NOT-FOR-US: CMS S.Builder -CVE-2009-4886 (Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 ...) +CVE-2009-4886 NOT-FOR-US: phpCommunity -CVE-2009-4885 (Cross-site scripting (XSS) vulnerability in templates/1/login.php in ...) +CVE-2009-4885 NOT-FOR-US: phpCommunity -CVE-2009-4884 (Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when ...) +CVE-2009-4884 NOT-FOR-US: phpCommunity -CVE-2009-4883 (SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and ...) +CVE-2009-4883 NOT-FOR-US: PHPRecipeBook -CVE-2009-4882 (Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ...) +CVE-2009-4882 {DSA-2056-1} - zonecheck 2.1.1-1 (bug #583290) -CVE-2009-4881 (Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in ...) +CVE-2009-4881 {DSA-2058-1} - eglibc 2.10.1-1 (unimportant) - glibc 2.11.1-1 (unimportant) NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=153aa31b93be22e01b236375fb02a9f9b9a0195f -CVE-2009-4880 (Multiple integer overflows in the strfmon implementation in the GNU C ...) +CVE-2009-4880 {DSA-2058-1} - eglibc 2.11.1-1 (unimportant) - glibc 2.11.1-1 (unimportant) NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3 -CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...) +CVE-2009-4879 NOT-FOR-US: Novell Access Manager -CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...) +CVE-2009-4878 NOT-FOR-US: Novell Access Manager -CVE-2009-4877 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI ...) +CVE-2009-4877 - webgui 7.7.22-1 -CVE-2009-4876 (admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify ...) +CVE-2009-4876 NOT-FOR-US: Netrix CMS -CVE-2009-4875 (FCKeditor.Java 2.4 allows remote attackers to cause a denial of ...) +CVE-2009-4875 NOT-FOR-US: FCKeditor.Java, different than fckeditor in the archive -CVE-2009-4874 (TalkBack 2.3.14 does not properly restrict access to the edit comment ...) +CVE-2009-4874 NOT-FOR-US: TalkBack -CVE-2009-4873 (Stack-based buffer overflow in the HTTP server in Rhino Software ...) +CVE-2009-4873 NOT-FOR-US: Rhino Software Serv-U Web Client -CVE-2009-4872 (Multiple SQL injection vulnerabilities in globepersonnel_login.asp in ...) +CVE-2009-4872 NOT-FOR-US: Logoshows BBS -CVE-2009-4871 (SQL injection vulnerability in globepersonnel_forum.asp in Logoshows ...) +CVE-2009-4871 NOT-FOR-US: Logoshows BBS -CVE-2009-4870 (Multiple SQL injection vulnerabilities in login.php in PHPCityPortal ...) +CVE-2009-4870 NOT-FOR-US: PHPCityPortal -CVE-2009-4869 (Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest ...) +CVE-2009-4869 NOT-FOR-US: Nasim Guest Book -CVE-2009-4868 (Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 ...) +CVE-2009-4868 NOT-FOR-US: Hitron Soft Answer Me -CVE-2009-4867 (Buffer overflow in Tuniac 090517c allows remote attackers to cause a ...) +CVE-2009-4867 NOT-FOR-US: Tuniac -CVE-2009-4866 (Cross-site scripting (XSS) vulnerability in search.cgi in Matt's ...) +CVE-2009-4866 NOT-FOR-US: Matt's Script Archive (MSA) Simple Search -CVE-2009-4865 (Multiple SQL injection vulnerabilities in escorts_search.php in ...) +CVE-2009-4865 NOT-FOR-US: I-Escorts Directory Script and Agency Script -CVE-2009-4864 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-4864 NOT-FOR-US: I-Escorts Directory Script and Agency Script -CVE-2009-4863 (Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows ...) +CVE-2009-4863 NOT-FOR-US: UltraPlayer Media Player -CVE-2009-4862 (Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote ...) +CVE-2009-4862 NOT-FOR-US: Alwasel -CVE-2009-4861 (Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO ...) +CVE-2009-4861 NOT-FOR-US: SupportPRO SupportDesk -CVE-2009-4860 (SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier ...) +CVE-2009-4860 NOT-FOR-US: Typing Pal -CVE-2009-4859 (Multiple cross-site scripting (XSS) vulnerabilities in Online Work ...) +CVE-2009-4859 NOT-FOR-US: Online Work Order Suite (OWOS) -CVE-2009-4858 (Cross-site scripting (XSS) vulnerability in questiondetail.php in ...) +CVE-2009-4858 NOT-FOR-US: Yahoo Answers Clone -CVE-2009-4857 (Cross-site scripting (XSS) vulnerability in login.php in PHP Photo ...) +CVE-2009-4857 NOT-FOR-US: PHP Photo Vote -CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy ...) +CVE-2009-4856 NOT-FOR-US: PHP Easy Shopping Cart -CVE-2009-4855 (** DISPUTED ** ...) +CVE-2009-4855 NOT-FOR-US: Bogus issue claimed for typo3 NOTE: See http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/4.2.5-1+lenny3 -CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...) +CVE-2009-4854 NOT-FOR-US: TalkBack -CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before ...) +CVE-2009-4853 NOT-FOR-US: JumpBox -CVE-2009-4852 (Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle ...) +CVE-2009-4852 NOT-FOR-US: SemanticScuttle -CVE-2009-4851 (The activation resend function in the Profiles module in XOOPS before ...) +CVE-2009-4851 NOT-FOR-US: XOOPS -CVE-2009-4850 (The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote ...) +CVE-2009-4850 NOT-FOR-US: Awingsoft Awakening Winds3D Viewer -CVE-2009-4849 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-4849 NOT-FOR-US: ToutVirtual VirtualIQ Pro -CVE-2009-4848 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual ...) +CVE-2009-4848 NOT-FOR-US: ToutVirtual VirtualIQ Pro -CVE-2009-4847 (Deliantra Server before 2.82 allows remote authenticated users to ...) +CVE-2009-4847 NOT-FOR-US: Deliantra Server -CVE-2009-4846 (Multiple buffer overflows in Deliantra Server before 2.82 allow remote ...) +CVE-2009-4846 NOT-FOR-US: Deliantra Server -CVE-2009-4845 (The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 ...) +CVE-2009-4845 NOT-FOR-US: ToutVirtual VirtualIQ Pro -CVE-2009-4844 (ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to ...) +CVE-2009-4844 NOT-FOR-US: ToutVirtual VirtualIQ Pro -CVE-2009-4843 (ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require ...) +CVE-2009-4843 NOT-FOR-US: ToutVirtual VirtualIQ Pro -CVE-2009-4842 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual ...) +CVE-2009-4842 NOT-FOR-US: ToutVirtual VirtualIQ Pro -CVE-2009-4841 (Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in ...) +CVE-2009-4841 NOT-FOR-US: Roxio CinePlayer -CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in ...) +CVE-2009-4840 NOT-FOR-US: Roxio CinePlayer -CVE-2009-4839 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...) +CVE-2009-4839 - acidbase 1.4.5-1 (bug #587819) [lenny] - acidbase <no-dsa> (Minor issue) -CVE-2009-4838 (SQL injection vulnerability in base_ag_common.php in Basic Analysis ...) +CVE-2009-4838 - acidbase 1.4.4-1 (low) [lenny] - acidbase <no-dsa> (Minor issue) -CVE-2009-4837 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...) +CVE-2009-4837 - acidbase 1.4.4-1 (low) [lenny] - acidbase <no-dsa> (Minor issue) -CVE-2009-4836 (Eval injection vulnerability in system/services/init.php in Movie PHP ...) +CVE-2009-4836 NOT-FOR-US: Movie PHP Script -CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, ...) +CVE-2009-4835 - libsndfile 1.0.21-3 (unimportant; bug #530831) NOTE: application crash only, so not security-relevant -CVE-2009-4834 (lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute ...) +CVE-2009-4834 NOT-FOR-US: Zeroboard -CVE-2009-4833 (MySQL Connector/NET before 6.0.4, when using encryption, does not ...) +CVE-2009-4833 NOT-FOR-US: MySQL Connector/NET -CVE-2009-4832 (The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local ...) +CVE-2009-4832 NOT-FOR-US: DLPCryptCore -CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates ...) +CVE-2009-4831 NOT-FOR-US: Cerulean Studios Trillian -CVE-2009-4830 (Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote ...) +CVE-2009-4830 - openx <itp> (bug #513771) -CVE-2009-4829 (Cross-site scripting (XSS) vulnerability in the Automated Logout ...) +CVE-2009-4829 NOT-FOR-US: Automated Logout module for drupal -CVE-2009-4828 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2009-4828 NOT-FOR-US: Ad Manager Pro -CVE-2009-4827 (Cross-site request forgery (CSRF) vulnerability in admin.php in Mail ...) +CVE-2009-4827 NOT-FOR-US: Mail Manager Pro -CVE-2009-4826 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2009-4826 NOT-FOR-US: ScriptsEz Mini Hosting Panel -CVE-2009-4825 (8pixel.net Blog 4 stores sensitive information under the web root with ...) +CVE-2009-4825 NOT-FOR-US: 8pixel.net Blog -CVE-2009-4824 (Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab ...) +CVE-2009-4824 {DSA-1897-1} - kolab-webclient <undetermined> - horde3 3.3.5+debian0-1 NOTE: package only in experimental; claimed fixed in version 20091202, but not enough info to check NOTE: http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/server/patches/horde-webmail/1.2.0/tg/Attic/t_framework_H_JS_Form_FixFormSecurityForImageUploads.diff?rev=1.1.2.1&only_with_tag=kolab_2_2_branch -CVE-2009-4823 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2009-4823 NOT-FOR-US: cPanel -CVE-2009-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-4822 NOT-FOR-US: Kasseler CMS -CVE-2009-4821 (The D-Link DIR-615 with firmware 3.10NA does not require ...) +CVE-2009-4821 NOT-FOR-US: D-Link DIR-615 -CVE-2009-4820 (Angelo-Emlak 1.0 stores sensitive information under the web root with ...) +CVE-2009-4820 NOT-FOR-US: Angelo-Emlak -CVE-2009-4819 (Multiple unrestricted file upload vulnerabilities in upload.php in ...) +CVE-2009-4819 NOT-FOR-US: PHPhotoalbum -CVE-2009-4818 (Unrestricted file upload vulnerability in upload.php in PHPSimplicity ...) +CVE-2009-4818 NOT-FOR-US: PHPSimplicity of Upload -CVE-2009-4817 (Unrestricted file upload vulnerability in Element-IT Ultimate Uploader ...) +CVE-2009-4817 NOT-FOR-US: Element-IT Ultimate Uploader -CVE-2009-4816 (Directory traversal vulnerability in api/download_checker.php in ...) +CVE-2009-4816 NOT-FOR-US: MegaLab The Uploader -CVE-2009-4815 (Directory traversal vulnerability in Serv-U before 9.2.0.1 allows ...) +CVE-2009-4815 NOT-FOR-US: Serv-U -CVE-2009-4814 (Cross-site scripting (XSS) vulnerability in Wolfram Research ...) +CVE-2009-4814 NOT-FOR-US: Wolfram Research webMathematica -CVE-2009-4813 (Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka ...) +CVE-2009-4813 NOT-FOR-US: MyBB -CVE-2009-4812 (Wolfram Research webMathematica allows remote attackers to obtain ...) +CVE-2009-4812 NOT-FOR-US: Wolfram Research webMathematica -CVE-2009-4811 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware ...) +CVE-2009-4811 NOT-FOR-US: VMware -CVE-2009-4810 (The Secure Remote Password (SRP) implementation in Samhain before ...) +CVE-2009-4810 - samhain 2.5.4-1 (unimportant) NOTE: Support for client/server operation is not enabled in the Debian packages -CVE-2009-4809 (Directory traversal vulnerability in thumbnail.ghp in Easy File ...) +CVE-2009-4809 NOT-FOR-US: Easy File Sharing Web Server -CVE-2009-4808 (admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers ...) +CVE-2009-4808 NOT-FOR-US: Graugon PHP Article Publisher -CVE-2009-4807 (Multiple SQL injection vulnerabilities in Graugon PHP Article ...) +CVE-2009-4807 NOT-FOR-US: Graugon PHP Article Publisher -CVE-2009-4806 (admin/save_user.asp in Digital Interchange Document Library 1.0.1 does ...) +CVE-2009-4806 NOT-FOR-US: Digital Interchange Document Library -CVE-2009-4805 (Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when ...) +CVE-2009-4805 NOT-FOR-US: EZ-Blog -CVE-2009-4804 (Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) ...) +CVE-2009-4804 NOT-FOR-US: cal extension for typo3 -CVE-2009-4803 (SQL injection vulnerability in the Accessibility Glossary ...) +CVE-2009-4803 NOT-FOR-US: a21glossary extension for typo3 -CVE-2009-4802 (SQL injection vulnerability in the Flat Manager (flatmgr) extension ...) +CVE-2009-4802 NOT-FOR-US: fsatmgr extension for typo3 -CVE-2009-4801 (EZ-Blog Beta 1 does not require authentication, which allows remote ...) +CVE-2009-4801 NOT-FOR-US: EZ-Blog -CVE-2009-4800 (Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 ...) +CVE-2009-4800 NOT-FOR-US: Sysax Multi Server -CVE-2009-4799 (Diskos CMS 6.x stores sensitive information under the web root with ...) +CVE-2009-4799 NOT-FOR-US: Diskos CMS -CVE-2009-4798 (Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote ...) +CVE-2009-4798 NOT-FOR-US: Diskos CMS -CVE-2009-4797 (SQL injection vulnerability in browse.php in JobHut 1.2 and earlier ...) +CVE-2009-4797 NOT-FOR-US: JobHut -CVE-2009-4796 (Multiple SQL injection vulnerabilities in the ExecuteQueries function ...) +CVE-2009-4796 NOT-FOR-US: glFusion -CVE-2009-4795 (Multiple SQL injection vulnerabilities in Xlight FTP Server before ...) +CVE-2009-4795 NOT-FOR-US: Xlight FTP Server -CVE-2009-4794 (Multiple SQL injection vulnerabilities in Community CMS 0.5 allow ...) +CVE-2009-4794 NOT-FOR-US: Community CMS -CVE-2009-4793 (Unrestricted file upload vulnerability in ...) +CVE-2009-4793 NOT-FOR-US: BandSite CMS -CVE-2009-4792 (SQL injection vulnerability in includes/content/member_content.php in ...) +CVE-2009-4792 NOT-FOR-US: BandSite CMS -CVE-2009-4791 (Multiple SQL injection vulnerabilities in Family Connections (aka ...) +CVE-2009-4791 NOT-FOR-US: Family Connections -CVE-2009-4790 (Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 ...) +CVE-2009-4790 NOT-FOR-US: Sysax Multi Server -CVE-2009-4789 (Multiple PHP remote file inclusion vulnerabilities in the MojoBlog ...) +CVE-2009-4789 NOT-FOR-US: mojoblog component for joomla! -CVE-2009-4788 (Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier ...) +CVE-2009-4788 NOT-FOR-US: Pligg -CVE-2009-4787 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg ...) +CVE-2009-4787 NOT-FOR-US: Pligg -CVE-2009-4786 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg before ...) +CVE-2009-4786 NOT-FOR-US: Pligg -CVE-2009-4785 (SQL injection vulnerability in the Quick News (com_quicknews) ...) +CVE-2009-4785 NOT-FOR-US: com_quicknews component for joomla! -CVE-2009-4784 (SQL injection vulnerability in the Joaktree (com_joaktree) component ...) +CVE-2009-4784 NOT-FOR-US: com_joaktree component for joomla! -CVE-2009-4783 (Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, ...) +CVE-2009-4783 NOT-FOR-US: Theeta CMS -CVE-2009-4782 (Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, ...) +CVE-2009-4782 NOT-FOR-US: Theeta CMS -CVE-2009-4781 (TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for ...) +CVE-2009-4781 NOT-FOR-US: TUKEVA Password Reminder -CVE-2009-4780 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-4780 NOT-FOR-US: phpMyFAQ -CVE-2009-4779 (Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and ...) +CVE-2009-4779 NOT-FOR-US: NukeHall -CVE-2009-4778 (Multiple unspecified vulnerabilities in the PDF distiller in the ...) +CVE-2009-4778 NOT-FOR-US: BlackBerry PDF distiller -CVE-2009-4777 (Unspecified vulnerability in multiple versions of Hitachi ...) +CVE-2009-4777 NOT-FOR-US: Hitachi Job Management / System Observer -CVE-2009-4776 (Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit ...) +CVE-2009-4776 NOT-FOR-US: Hitachi Cosminexus -CVE-2009-4775 (Format string vulnerability in Ipswitch WS_FTP Professional 12 before ...) +CVE-2009-4775 NOT-FOR-US: Ipswitch WS_FTP Professional -CVE-2009-4774 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 ...) +CVE-2009-4774 NOT-FOR-US: OpenSolaris -CVE-2009-4773 (Cross-site request forgery (CSRF) vulnerability in the ...) +CVE-2009-4773 NOT-FOR-US: Ubercart module for Drupal -CVE-2009-4772 (Unspecified vulnerability in the PayPal Website Payments Standard ...) +CVE-2009-4772 NOT-FOR-US: Ubercart module for Drupal -CVE-2009-4771 (The PayPal Website Payments Standard functionality in the Ubercart ...) +CVE-2009-4771 NOT-FOR-US: Ubercart module for Drupal -CVE-2009-4770 (The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 ...) +CVE-2009-4770 NOT-FOR-US: httpdx -CVE-2009-4769 (Multiple format string vulnerabilities in the tolog function in httpdx ...) +CVE-2009-4769 NOT-FOR-US: httpdx -CVE-2009-4768 (Unspecified vulnerability in the JASS script interpreter in Warcraft ...) +CVE-2009-4768 NOT-FOR-US: World of Warcraft -CVE-2009-4767 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-4767 NOT-FOR-US: Plohni Shoutbox -CVE-2009-4766 (YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores ...) +CVE-2009-4766 NOT-FOR-US: MS-Pro Portal Scripti -CVE-2009-4765 (CNR Hikaye Portal 2.0 stores sensitive information under the web root ...) +CVE-2009-4765 NOT-FOR-US: CNR Hikaye Portal -CVE-2009-4764 (Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that ...) +CVE-2009-4764 NOT-FOR-US: Adobe Reader -CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in ...) +CVE-2009-4763 NOT-FOR-US: ClickHeat plugin -CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs ...) +CVE-2009-4762 - moin 1.9.2-1 (bug #569975; medium) [lenny] - moin 1.7.1-3+lenny3 (bug #569975; medium) NOTE: see http://www.debian.org/security/2010/dsa-2014 -CVE-2009-4761 (Stack-based buffer overflow in Mini-stream RM Downloader allows remote ...) +CVE-2009-4761 NOT-FOR-US: Mini-stream RM Downloader -CVE-2009-4760 (Winn ASP Guestbook 1.01 Beta stores sensitive information under the ...) +CVE-2009-4760 NOT-FOR-US: Winn ASP Guestbook -CVE-2009-4759 (Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers ...) +CVE-2009-4759 NOT-FOR-US: BrotherSoft BMXPlay -CVE-2009-4758 (Stack-based buffer overflow in dicas Mpegable Player 2.12 allows ...) +CVE-2009-4758 NOT-FOR-US: Mpegable Player -CVE-2009-4757 (Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows ...) +CVE-2009-4757 NOT-FOR-US: BrotherSoft EW-MusicPlayer -CVE-2009-4756 (Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in ...) +CVE-2009-4756 NOT-FOR-US: Beatport Player -CVE-2009-4755 (Multiple stack-based buffer overflows in Mercury Audio Player 1.21 ...) +CVE-2009-4755 NOT-FOR-US: Mercury Audio Player -CVE-2009-4754 (Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote ...) +CVE-2009-4754 NOT-FOR-US: Mercury Audio Player -CVE-2009-4753 (Multiple buffer overflows in the FTP server on the Addonics NAS ...) +CVE-2009-4753 NOT-FOR-US: Addonics NAS Adapter NASU2FW41 -CVE-2009-4752 (PHP remote file inclusion vulnerability in anzeiger/start.php in ...) +CVE-2009-4752 NOT-FOR-US: Swinger Club Portal -CVE-2009-4751 (SQL injection vulnerability in anzeiger/start.php in Swinger Club ...) +CVE-2009-4751 NOT-FOR-US: Swinger Club Portal -CVE-2009-4750 (PHP remote file inclusion vulnerability in home.php in Top Paidmailer ...) +CVE-2009-4750 NOT-FOR-US: Top Paidmailer -CVE-2009-4749 (Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 ...) +CVE-2009-4749 NOT-FOR-US: PHP Live! -CVE-2009-4748 (SQL injection vulnerability in mycategoryorder.php in the My Category ...) +CVE-2009-4748 NOT-FOR-US: My Category Order plugin for wordpress -CVE-2009-4747 (PHP remote file inclusion vulnerability in ...) +CVE-2009-4747 NOT-FOR-US: All In One Control Panel (AIOCP) -CVE-2009-4746 (Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels ...) +CVE-2009-4746 NOT-FOR-US: Dreamlevels DreamPoll -CVE-2009-4745 (Multiple SQL injection vulnerabilities in index.php in Dreamlevels ...) +CVE-2009-4745 NOT-FOR-US: Dreamlevels DreamPoll -CVE-2009-4744 (Cross-site scripting (XSS) vulnerability in the Contact module in ...) +CVE-2009-4744 NOT-FOR-US: Exponent CMS -CVE-2009-4743 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-4743 NOT-FOR-US: AfterLogic WebMail -CVE-2009-4742 (Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote ...) +CVE-2009-4742 NOT-FOR-US: Docebo -CVE-2009-4741 (Unspecified vulnerability in the Extras Manager before 2.0.0.67 in ...) +CVE-2009-4741 NOT-FOR-US: Skype -CVE-2009-4740 (Directory traversal vulnerability in the Webesse E-Card (ws_ecard) ...) +CVE-2009-4740 NOT-FOR-US: ws_ecard extension for typo3 -CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...) +CVE-2009-4739 NOT-FOR-US: SkaDate Dating -CVE-2009-4738 (Unspecified vulnerability in JustSystems Corporation ATOK 2006 through ...) +CVE-2009-4738 NOT-FOR-US: JustSystems Corporation -CVE-2009-4737 (Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, ...) +CVE-2009-4737 NOT-FOR-US: JustSystems Corporation Ichitaro -CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in CommonSense ...) +CVE-2009-4736 NOT-FOR-US: CommonSense CMS -CVE-2009-4735 (SQL injection vulnerability in login.php in Allomani Audio & Video ...) +CVE-2009-4735 NOT-FOR-US: Allomani Audio & Video Library -CVE-2009-4734 (SQL injection vulnerability in login.php in Allomani Movies Library ...) +CVE-2009-4734 NOT-FOR-US: Allomani Movies Library -CVE-2009-4733 (SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, ...) +CVE-2009-4733 NOT-FOR-US: SimpleLoginSys -CVE-2009-4732 (SQL injection vulnerability in tt/index.php in TT Web Site Manager ...) +CVE-2009-4732 NOT-FOR-US: TT Web Site Manager -CVE-2009-4731 (SQL injection vulnerability in photos.php in Model Agency Manager PRO ...) +CVE-2009-4731 NOT-FOR-US: Model Agency Manager PRO -CVE-2009-4730 (SQL injection vulnerability in report.php in x10 Adult Media Script ...) +CVE-2009-4730 NOT-FOR-US: Adult Media Script -CVE-2009-4729 (Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media ...) +CVE-2009-4729 NOT-FOR-US: Adult Media Script -CVE-2009-4728 (SQL injection vulnerability in the administrative interface in ...) +CVE-2009-4728 NOT-FOR-US: Questions Answered -CVE-2009-4727 (SQL injection vulnerability in x/login in JungleScripts Ajax Short Url ...) +CVE-2009-4727 NOT-FOR-US: JungleScripts Ajax Short Url -CVE-2009-4726 (Directory traversal vulnerability in download.php in Quickdev 4 PHP ...) +CVE-2009-4726 NOT-FOR-US: Quickdev 4 PHP -CVE-2009-4725 (Directory traversal vulnerability in modules/aljazeera/admin/setup.php ...) +CVE-2009-4725 NOT-FOR-US: Arab Portal -CVE-2009-4724 (SQL injection vulnerability in shop.htm in PaymentProcessorScript.net ...) +CVE-2009-4724 NOT-FOR-US: PaymentProcessorScript.net PPScript -CVE-2009-4723 (Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 ...) +CVE-2009-4723 NOT-FOR-US: Netpet CMS -CVE-2009-4722 (SQL injection vulnerability in the CheckLogin function in ...) +CVE-2009-4722 NOT-FOR-US: Limny -CVE-2009-4721 (Multiple SQL injection vulnerabilities in Admin/index.asp in ...) +CVE-2009-4721 NOT-FOR-US: Andrews-Web BannerAd -CVE-2009-4720 (SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 ...) +CVE-2009-4720 - gnudip <removed> (medium; bug #539452) -CVE-2009-4719 (SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows ...) +CVE-2009-4719 NOT-FOR-US: Discloser -CVE-2009-4718 (SQL injection vulnerability in visitorduration.php in Gonafish ...) +CVE-2009-4718 NOT-FOR-US: Gonafish WebStatCaffe -CVE-2009-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish ...) +CVE-2009-4717 NOT-FOR-US: Gonafish WebStatCaffe -CVE-2009-4716 (Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP ...) +CVE-2009-4716 NOT-FOR-US: EDGEPHP EZWebSearch -CVE-2009-4715 (Cross-site scripting (XSS) vulnerability in rates.php in Real Time ...) +CVE-2009-4715 NOT-FOR-US: Real Time Currency Exchange -CVE-2009-4714 (Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS ...) +CVE-2009-4714 NOT-FOR-US: XOOPS Celepar -CVE-2009-4713 (Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka ...) +CVE-2009-4713 NOT-FOR-US: XOOPS Celepar -CVE-2009-4712 (SQL injection vulnerability in index.php in Tukanas Classifieds (aka ...) +CVE-2009-4712 NOT-FOR-US: EasyClassifieds -CVE-2009-4711 (SQL injection vulnerability in the CoolURI (cooluri) extension before ...) +CVE-2009-4711 NOT-FOR-US: typo3 third-party extension -CVE-2009-4710 (SQL injection vulnerability in the Reset backend password ...) +CVE-2009-4710 NOT-FOR-US: typo3 third-party extension -CVE-2009-4709 (SQL injection vulnerability in the datamints Newsticker ...) +CVE-2009-4709 NOT-FOR-US: typo3 third-party extension -CVE-2009-4708 (SQL injection vulnerability in the [Gobernalia] Front End News ...) +CVE-2009-4708 NOT-FOR-US: typo3 third-party extension -CVE-2009-4707 (Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End ...) +CVE-2009-4707 NOT-FOR-US: typo3 third-party extension -CVE-2009-4706 (Cross-site scripting (XSS) vulnerability in the Mailform (mailform) ...) +CVE-2009-4706 NOT-FOR-US: typo3 third-party extension -CVE-2009-4705 (Cross-site scripting (XSS) vulnerability in the Twitter Search ...) +CVE-2009-4705 NOT-FOR-US: typo3 third-party extension -CVE-2009-4704 (Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension ...) +CVE-2009-4704 NOT-FOR-US: typo3 third-party extension -CVE-2009-4703 (SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) ...) +CVE-2009-4703 NOT-FOR-US: typo3 third-party extension -CVE-2009-4702 (SQL injection vulnerability in the Tour Extension (pm_tour) extension ...) +CVE-2009-4702 NOT-FOR-US: typo3 third-party extension -CVE-2009-4701 (SQL injection vulnerability in the Myth download (myth_download) ...) +CVE-2009-4701 NOT-FOR-US: typo3 third-party extension -CVE-2009-4700 (Directory traversal vulnerability in index.php in SkaDate Dating ...) +CVE-2009-4700 NOT-FOR-US: SkaDate Dating -CVE-2009-4699 (Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating ...) +CVE-2009-4699 NOT-FOR-US: SkaDate Dating -CVE-2009-4698 (Multiple SQL injection vulnerabilities in the Qas (aka Quas) module ...) +CVE-2009-4698 NOT-FOR-US: XOOPS Celepar -CVE-2009-4697 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-4697 NOT-FOR-US: RadNICS Gold 5 -CVE-2009-4696 (SQL injection vulnerability in index.php in RadNICS Gold 5 allows ...) +CVE-2009-4696 NOT-FOR-US: RadNICS Gold 5 -CVE-2009-4695 (SQL injection vulnerability in index.php in RadScripts RadLance Gold ...) +CVE-2009-4695 NOT-FOR-US: RadScripts RadLance Gold -CVE-2009-4694 (Cross-site scripting (XSS) vulnerability in index.php in RadScripts ...) +CVE-2009-4694 NOT-FOR-US: RadScripts RadLance Gold -CVE-2009-4693 (Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB ...) +CVE-2009-4693 NOT-FOR-US: GraFX MiniCWB -CVE-2009-4692 (Cross-site scripting (XSS) vulnerability in index.php in RadScripts ...) +CVE-2009-4692 NOT-FOR-US: RadScripts RadLance Gold -CVE-2009-4691 (SQL injection vulnerability in addlink.php in Classified Linktrader ...) +CVE-2009-4691 NOT-FOR-US: Classified Linktrader Script -CVE-2009-4690 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld ...) +CVE-2009-4690 NOT-FOR-US: YourFreeWorld Programs Rating Script -CVE-2009-4689 (SQL injection vulnerability in index.php in PHP Shopping Cart Selling ...) +CVE-2009-4689 NOT-FOR-US: PHP Shopping Cart Selling Website Script -CVE-2009-4688 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-4688 NOT-FOR-US: PHP Shopping Cart Selling Website Script -CVE-2009-4687 (SQL injection vulnerability in silentum_guestbook.php in Silentum ...) +CVE-2009-4687 NOT-FOR-US: Silentum Guestbook -CVE-2009-4686 (Cross-site scripting (XSS) vulnerability in account.php in phplemon ...) +CVE-2009-4686 NOT-FOR-US: phplemon AdQuick -CVE-2009-4685 (Cross-site scripting (XSS) vulnerability in celebrities.php in PHP ...) +CVE-2009-4685 NOT-FOR-US: PHP Scripts Now Astrology -CVE-2009-4684 (Cross-site scripting (XSS) vulnerability in index.php in EZodiak ...) +CVE-2009-4684 NOT-FOR-US: EZodiak -CVE-2009-4683 (Directory traversal vulnerability in vote.php in Good/Bad Vote allows ...) +CVE-2009-4683 NOT-FOR-US: Good/Bad Vote -CVE-2009-4682 (Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote ...) +CVE-2009-4682 NOT-FOR-US: Good/Bad Vote -CVE-2009-4681 (Cross-site scripting (XSS) vulnerability in search.php in ...) +CVE-2009-4681 NOT-FOR-US: phpDirectorySource -CVE-2009-4680 (SQL injection vulnerability in search.php in phpDirectorySource 1.x ...) +CVE-2009-4680 NOT-FOR-US: phpDirectorySource -CVE-2009-4679 (Directory traversal vulnerability in the inertialFATE iF Portfolio ...) +CVE-2009-4679 NOT-FOR-US: com_if_nexus component for Joomla! -CVE-2009-4678 (Cross-site scripting (XSS) vulnerability in index.php in Winn ...) +CVE-2009-4678 NOT-FOR-US: Winn Guestbook -CVE-2009-4677 (Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP ...) +CVE-2009-4677 NOT-FOR-US: phpFK PHP Forum -CVE-2009-4676 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio ...) +CVE-2009-4676 NOT-FOR-US: JetCast.exe -CVE-2009-4675 (admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant ...) +CVE-2009-4675 NOT-FOR-US: Mole Group Gastro Portal -CVE-2009-4674 (admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script ...) +CVE-2009-4674 NOT-FOR-US: Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket -CVE-2009-4673 (SQL injection vulnerability in profile.php in Mole Group Adult Portal ...) +CVE-2009-4673 NOT-FOR-US: Mole Group Adult Portal Script -CVE-2009-4672 (Directory traversal vulnerability in main.php in the WP-Lytebox plugin ...) +CVE-2009-4672 NOT-FOR-US: WP-Lytebox plugin for WordPress -CVE-2009-4671 (Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass ...) +CVE-2009-4671 NOT-FOR-US: RoomPHPlanning -CVE-2009-4670 (admin/delitem.php in RoomPHPlanning 1.6 does not require ...) +CVE-2009-4670 NOT-FOR-US: RoomPHPlanning -CVE-2009-4669 (Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow ...) +CVE-2009-4669 NOT-FOR-US: RoomPHPlanning -CVE-2009-4668 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio ...) +CVE-2009-4668 NOT-FOR-US: JetCast.exe -CVE-2009-4667 (SQL injection vulnerability in form.php in WebMember 1.0 allows remote ...) +CVE-2009-4667 NOT-FOR-US: WebMember -CVE-2009-4666 (Multiple PHP remote file inclusion vulnerabilities in Webradev ...) +CVE-2009-4666 NOT-FOR-US: Webradev Download Protect -CVE-2009-4665 (Directory traversal vulnerability in ...) +CVE-2009-4665 NOT-FOR-US: Cute Editor -CVE-2009-4664 (Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, ...) +CVE-2009-4664 - fwbuilder 3.0.7-1 (bug #547390; medium) [lenny] - fwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected) - libfwbuilder 3.0.7-1 (bug #547390; medium) [lenny] - libfwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected) NOTE: m68k package in debports in still affected at version 3.0.5 NOTE: see http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7 -CVE-2009-4663 (Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX ...) +CVE-2009-4663 NOT-FOR-US: Quiksoft EasyMail Objects -CVE-2009-4662 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...) +CVE-2009-4662 NOT-FOR-US: Novell GroupWise -CVE-2009-4661 (Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow ...) +CVE-2009-4661 NOT-FOR-US: BigAnt Server -CVE-2009-4660 (Stack-based buffer overflow in the AntServer Module (AntServer.exe) in ...) +CVE-2009-4660 NOT-FOR-US: BigAnt IM Server -CVE-2009-4659 (Unspecified vulnerability in MP3-Cutter Ease Audio Cutter 1.20 allows ...) +CVE-2009-4659 NOT-FOR-US: MP3-Cutter Ease Audio Cutter -CVE-2009-4658 (Xerver 4.32 allows remote authenticated users to cause a denial of ...) +CVE-2009-4658 NOT-FOR-US: Xerver -CVE-2009-4657 (The administrator package for Xerver 4.32 does not require ...) +CVE-2009-4657 NOT-FOR-US: Xerver -CVE-2009-4656 (Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including ...) +CVE-2009-4656 NOT-FOR-US: E-Soft DJ Studio Pro -CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in ...) +CVE-2009-4652 - ngircd 15-0.1 [lenny] - ngircd <not-affected> (SSL/TLS support not yet present) -CVE-2009-4655 (The dhost web service in Novell eDirectory 8.8.5 uses a predictable ...) +CVE-2009-4655 NOT-FOR-US: Novell eDirectory -CVE-2009-4654 (Stack-based buffer overflow in the dhost module in Novell eDirectory ...) +CVE-2009-4654 NOT-FOR-US: Novell eDirectory -CVE-2009-4653 (Stack-based buffer overflow in the dhost module in Novell eDirectory ...) +CVE-2009-4653 NOT-FOR-US: Novell eDirectory -CVE-2009-4651 (Multiple cross-site scripting (XSS) vulnerabilities in the Webee ...) +CVE-2009-4651 NOT-FOR-US: Webee Comments component for Joomla! -CVE-2009-4650 (SQL injection vulnerability in the Webee Comments (com_webeecomment) ...) +CVE-2009-4650 NOT-FOR-US: Webee Comments component for Joomla! -CVE-2009-4649 (Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 ...) +CVE-2009-4649 NOT-FOR-US: geccBBlite -CVE-2009-4648 (Accellion Secure File Transfer Appliance before 8_0_105 does not ...) +CVE-2009-4648 NOT-FOR-US: Accellion Secure File Transfer Appliance -CVE-2009-4647 (Cross-site scripting (XSS) vulnerability in Accellion Secure File ...) +CVE-2009-4647 NOT-FOR-US: Accellion Secure File Transfer Appliance -CVE-2009-4646 (Static code injection vulnerability in the administrative web ...) +CVE-2009-4646 NOT-FOR-US: Accellion Secure File Transfer Appliance -CVE-2009-4645 (Directory traversal vulnerability in web_client_user_guide.html in ...) +CVE-2009-4645 NOT-FOR-US: Accellion Secure File Transfer Appliance -CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows remote ...) +CVE-2009-4644 NOT-FOR-US: Accellion Secure File Transfer Appliance CVE-2009-5050 [konversation DoS] RESERVED - konversation 1.2.3-1 (low) [lenny] - konversation <not-affected> (Doesn't affect the combination of kdelibs/QT in Lenny) NOTE: http://bugs.kde.org/show_bug.cgi?id=219985 -CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the Juniper ...) +CVE-2009-4643 NOT-FOR-US: Juniper Installer Service CVE-2009-XXXX [ffmpeg potentially remaining vulnerabilities after DSA 2000] - ffmpeg 4:0.5.1-1 (medium; bug #570713) - ffmpeg-debian <end-of-life> -CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface ...) +CVE-2009-4642 - gnome-screensaver 2.26.1-2 [lenny] - gnome-screensaver <not-affected> (vulnerability introduced in 2.26) NOTE: only an issue under certain desktop environments such as xfce -CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its activation ...) +CVE-2009-4641 - gnome-screensaver 2.28.0-2 (low; bug #569667) [etch] - gnome-screensaver <not-affected> (Vulnerable code not present) [lenny] - gnome-screensaver <not-affected> (Vulnerable code not present) -CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote ...) +CVE-2009-4640 {DSA-2000-1} - ffmpeg 4:0.5+svn20090706-3 (bug #550442) - ffmpeg-debian <removed> -CVE-2009-4639 (The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows ...) +CVE-2009-4639 - ffmpeg 7:2.4.1-1 (unimportant; bug #550442) - ffmpeg-debian <removed> (unimportant) NOTE: denial-of-service only, so not worth worrying about NOTE: http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/97154/focus=97156 NOTE: http://thread.gmane.org/gmane.comp.video.ffmpeg.issues/6111/focus=6116 -CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause a ...) +CVE-2009-4638 {DSA-2000-1} - ffmpeg 4:0.5+svn20090706-3 (bug #550442) - ffmpeg-debian <removed> -CVE-2009-4637 (FFmpeg 0.5 allows remote attackers to cause a denial of service ...) +CVE-2009-4637 {DSA-2000-1} - ffmpeg 4:0.5+svn20090706-3 (bug #550442) - ffmpeg-debian <removed> -CVE-2009-4636 (FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) ...) +CVE-2009-4636 {DSA-2000-1} - ffmpeg 4:0.5+svn20090706-3 (bug #550442) - ffmpeg-debian <removed> -CVE-2009-4635 (FFmpeg 0.5 allows remote attackers to cause a denial of service and ...) +CVE-2009-4635 {DSA-2000-1} - ffmpeg 4:0.5+svn20090706-3 (bug #550442) - ffmpeg-debian <removed> -CVE-2009-4634 (Multiple integer underflows in FFmpeg 0.5 allow remote attackers to ...) +CVE-2009-4634 {DSA-2000-1} - ffmpeg 4:0.5+svn20090706-3 (bug #550442) - ffmpeg-debian <removed> -CVE-2009-4633 (vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a ...) +CVE-2009-4633 {DSA-2000-1} - ffmpeg 4:0.5+svn20090706-3 (bug #550442) - ffmpeg-debian <removed> -CVE-2009-4632 (oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain ...) +CVE-2009-4632 {DSA-2000-1} - ffmpeg 4:0.5+svn20090706-3 (bug #550442) - ffmpeg-debian <removed> -CVE-2009-4631 (Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows ...) +CVE-2009-4631 {DSA-2000-1} - ffmpeg 4:0.5+svn20090706-3 (bug #550442) - ffmpeg-debian <removed> -CVE-2009-4630 (Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, ...) +CVE-2009-4630 - xulrunner 1.9.1-1 (low) [etch] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1) [lenny] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1) @@ -1191,7 +1191,7 @@ CVE-2009-4630 (Mozilla Necko, as used in Firefox, SeaMonkey, and other applicati [etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1) [lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1) NOTE: mozilla's dns prefetching leads to disclosure of the user's network location -CVE-2009-4629 (Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other ...) +CVE-2009-4629 - icedove 3.0.2-1 (unimportant) [etch] - icedove <not-affected> (dns prefetching implemented in xulrunner 1.9.1) [lenny] - icedove <not-affected> (dns prefetching implemented in xulrunner 1.9.1) @@ -1200,265 +1200,265 @@ CVE-2009-4629 (Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other - iceape <removed> (unimportant) [etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1) [lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1) -CVE-2009-4628 (SQL injection vulnerability in the TemplatePlaza.com TPDugg ...) +CVE-2009-4628 NOT-FOR-US: Joomla! -CVE-2009-4627 (Directory traversal vulnerability in sources/_template_parser.php in ...) +CVE-2009-4627 NOT-FOR-US: Moa Gallery -CVE-2009-4626 (Directory traversal vulnerability in menu.php in phpNagios 1.2.0 ...) +CVE-2009-4626 NOT-FOR-US: phpNagios -CVE-2009-4625 (SQL injection vulnerability in the updateOnePage function in ...) +CVE-2009-4625 NOT-FOR-US: Joomla! -CVE-2009-4624 (SQL injection vulnerability in download.php in Nicecoder iDesk allows ...) +CVE-2009-4624 NOT-FOR-US: Nicecoder iDesk -CVE-2009-4623 (Multiple PHP remote file inclusion vulnerabilities in Advanced Comment ...) +CVE-2009-4623 NOT-FOR-US: Advanced Comment System -CVE-2009-4622 (PHP remote file inclusion vulnerability in admin/admin_news_bot.php in ...) +CVE-2009-4622 NOT-FOR-US: Drunken:Golem Gaming Portal -CVE-2009-4621 (SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier ...) +CVE-2009-4621 NOT-FOR-US: Discuz -CVE-2009-4620 (SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 ...) +CVE-2009-4620 NOT-FOR-US: Joomla! -CVE-2009-4619 (SQL injection vulnerability in the Lucy Games (com_lucygames) ...) +CVE-2009-4619 NOT-FOR-US: Joomla! -CVE-2009-4618 (Multiple SQL injection vulnerabilities in Tourism Script Bus Script ...) +CVE-2009-4618 NOT-FOR-US: Tourism Script Bus Script -CVE-2009-4617 (Multiple SQL injection vulnerabilities in Tourism Script Accommodation ...) +CVE-2009-4617 NOT-FOR-US: Tourism Script Accommodation Hotel Booking Portal Script -CVE-2009-4616 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday ...) +CVE-2009-4616 NOT-FOR-US: MYRE Holiday Rental Manager -CVE-2009-4615 (SQL injection vulnerability in review.php in MYRE Holiday Rental ...) +CVE-2009-4615 NOT-FOR-US: MYRE Holiday Rental Manager -CVE-2009-4614 (Multiple PHP remote file inclusion vulnerabilities in Moa Gallery ...) +CVE-2009-4614 NOT-FOR-US: Moa Gallery -CVE-2009-4613 (SQL injection vulnerability in realestate20/loginaction.php in NetArt ...) +CVE-2009-4613 NOT-FOR-US: NetArt Media Real Estate Portal -CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...) +CVE-2009-4612 - jetty 6.1.22-1 (bug #575789) -CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing ...) +CVE-2009-4611 - jetty 6.1.22-1 -CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty ...) +CVE-2009-4610 - jetty <not-affected> (low; bug #575790) NOTE: the exploitable servlet is not shipped in Debian packages -CVE-2009-4609 (The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote ...) +CVE-2009-4609 - jetty <not-affected> (low; bug #575791) NOTE: the exploitable servlet is not shipped in Debian packages -CVE-2009-4608 (Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ...) +CVE-2009-4608 NOT-FOR-US: ACCESSGUARDIAN -CVE-2009-4607 (The command line interface in Overland Storage Snap Server 410 with ...) +CVE-2009-4607 NOT-FOR-US: Overland Storage Snap Server -CVE-2009-4606 (South River Technologies WebDrive 9.02 build 2232 installs the ...) +CVE-2009-4606 NOT-FOR-US: South River Technologies WebDrive -CVE-2009-4604 (PHP remote file inclusion vulnerability in mamboleto.php in the ...) +CVE-2009-4604 NOT-FOR-US: Joomla! -CVE-2009-4603 (Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, ...) +CVE-2009-4603 NOT-FOR-US: SAP Kernel -CVE-2009-4602 (Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x ...) +CVE-2009-4602 NOT-FOR-US: Randomizer module for Drupal -CVE-2009-4601 (Cross-site scripting (XSS) vulnerability in basic_search_result.php in ...) +CVE-2009-4601 NOT-FOR-US: ZeeJobsite -CVE-2009-4600 (SQL injection vulnerability in realestate20/loginaction.php in NetArt ...) +CVE-2009-4600 NOT-FOR-US: NetArt Media Real Estate Portal -CVE-2009-4599 (Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) ...) +CVE-2009-4599 NOT-FOR-US: Joomla! -CVE-2009-4598 (SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 ...) +CVE-2009-4598 NOT-FOR-US: Joomla! -CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP Inventory ...) +CVE-2009-4597 NOT-FOR-US: PHP Inventory -CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory ...) +CVE-2009-4596 NOT-FOR-US: PHP Inventory -CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows ...) +CVE-2009-4595 NOT-FOR-US: PHP Inventory -CVE-2009-4605 (scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before ...) +CVE-2009-4605 {DSA-2034-1} - phpmyadmin 4:3.2.4-1 NOTE: vulnerable code does not in the 3.x series (sid and squeeze checked) NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149 NOTE: there is still at least one unserialize() call on _POST data -CVE-2009-4594 (Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access ...) +CVE-2009-4594 NOT-FOR-US: IBM Lotus iNotes -CVE-2009-4593 (The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not ...) +CVE-2009-4593 NOT-FOR-US: Bftpd -CVE-2009-4592 (Unspecified vulnerability in base_local_rules.php in Basic Analysis ...) +CVE-2009-4592 - acidbase 1.4.4-1 [lenny] - acidbase <no-dsa> (Minor issue) [etch] - acidbase <no-dsa> (Minor issue) -CVE-2009-4591 (SQL injection vulnerability in Basic Analysis and Security Engine ...) +CVE-2009-4591 - acidbase 1.4.4-1 [lenny] - acidbase <no-dsa> (Minor issue) [etch] - acidbase <no-dsa> (Minor issue) -CVE-2009-4590 (Cross-site scripting (XSS) vulnerability in base_local_rules.php in ...) +CVE-2009-4590 - acidbase 1.4.4-1 [lenny] - acidbase <no-dsa> (Minor issue) [etch] - acidbase <no-dsa> (Minor issue) NOTE: 1.4.5 fixed more XSS issues in this file -CVE-2009-4588 (Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control ...) +CVE-2009-4588 NOT-FOR-US: AwingSoft Awakening -CVE-2009-4587 (Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of ...) +CVE-2009-4587 - cherokee <not-affected> (Only affects Windows and DOS) NOTE: this only works on windows and dos as you are not allowed NOTE: to use a file name with AUX and any or no extension as this is a NOTE: reserved device name. cherokee was lacking error handling... -CVE-2009-4586 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in ...) +CVE-2009-4586 NOT-FOR-US: Wowd client -CVE-2009-4585 (UranyumSoft Listing Service stores sensitive information under the web ...) +CVE-2009-4585 NOT-FOR-US: UranyumSoft Listing Service -CVE-2009-4584 (admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote ...) +CVE-2009-4584 NOT-FOR-US: dB Masters Multimedia Links Directory -CVE-2009-4583 (SQL injection vulnerability in the DhForum (com_dhforum) component for ...) +CVE-2009-4583 NOT-FOR-US: component for Joomla! -CVE-2009-4582 (SQL injection vulnerability in detail.php in the Dictionary module for ...) +CVE-2009-4582 NOT-FOR-US: XOOPS module -CVE-2009-4581 (Directory traversal vulnerability in modules/admincp.php in ...) +CVE-2009-4581 NOT-FOR-US: RoseOnlineCMS -CVE-2009-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 ...) +CVE-2009-4580 NOT-FOR-US: Hasta Blog -CVE-2009-4579 (Cross-site scripting (XSS) vulnerability in the Artist avenue ...) +CVE-2009-4579 NOT-FOR-US: component for Joomla! -CVE-2009-4578 (Cross-site scripting (XSS) vulnerability in the Facileforms ...) +CVE-2009-4578 NOT-FOR-US: component for Joomla! -CVE-2009-4577 (SQL injection vulnerability in the MDForum module 2.x through 2.07 for ...) +CVE-2009-4577 NOT-FOR-US: MDForum module for MAXdev MDPro -CVE-2009-4576 (SQL injection vulnerability in the BeeHeard (com_beeheard) component ...) +CVE-2009-4576 NOT-FOR-US: component for Joomla! -CVE-2009-4575 (Cross-site scripting (XSS) vulnerability in the Q-Personel ...) +CVE-2009-4575 NOT-FOR-US: component for Joomla! -CVE-2009-4574 (SQL injection vulnerability in country_escorts.php in I-Escorts ...) +CVE-2009-4574 NOT-FOR-US: I-Escorts Directory Script -CVE-2009-4573 (Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus ...) +CVE-2009-4573 NOT-FOR-US: component for Joomla! -CVE-2009-4572 (Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 ...) +CVE-2009-4572 NOT-FOR-US: PhpShop -CVE-2009-4571 (Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 ...) +CVE-2009-4571 NOT-FOR-US: PhpShop -CVE-2009-4570 (Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows ...) +CVE-2009-4570 NOT-FOR-US: PhpShop -CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows remote ...) +CVE-2009-4569 NOT-FOR-US: elkagroup Image Gallery -CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and ...) +CVE-2009-4568 NOT-FOR-US: Webmin -CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php ...) +CVE-2009-4567 NOT-FOR-US: Viscacha -CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows ...) +CVE-2009-4566 NOT-FOR-US: Zenphoto -CVE-2009-4564 (SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ...) +CVE-2009-4564 NOT-FOR-US: Zenphoto -CVE-2009-4563 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2009-4563 NOT-FOR-US: Zenphoto -CVE-2009-4562 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in ...) +CVE-2009-4562 NOT-FOR-US: Zenphoto -CVE-2009-4561 (Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague ...) +CVE-2009-4561 NOT-FOR-US: WebLeague -CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows ...) +CVE-2009-4560 NOT-FOR-US: WebLeague -CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By module ...) +CVE-2009-4559 NOT-FOR-US: module for Drupal -CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before ...) +CVE-2009-4558 NOT-FOR-US: module for Drupal -CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist module ...) +CVE-2009-4557 NOT-FOR-US: module for Drupal -CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security ...) +CVE-2009-4556 NOT-FOR-US: Quick Heal products -CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-4555 NOT-FOR-US: AgoraCart -CVE-2009-4554 (Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums ...) +CVE-2009-4554 NOT-FOR-US: Snitz Forums -CVE-2009-4553 (Stack-based buffer overflow in iRehearse allows remote attackers to ...) +CVE-2009-4553 NOT-FOR-US: iRehearse -CVE-2009-4552 (Cross-site scripting (XSS) vulnerability in the Survey Pro module for ...) +CVE-2009-4552 NOT-FOR-US: module for Miniweb -CVE-2009-4551 (SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 ...) +CVE-2009-4551 NOT-FOR-US: module for Miniweb -CVE-2009-4550 (SQL injection vulnerability in the Kunena Forum (com_kunena) component ...) +CVE-2009-4550 NOT-FOR-US: component for Joomla! -CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote ...) +CVE-2009-4549 NOT-FOR-US: A2 Media Player Pro -CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk ...) +CVE-2009-4548 NOT-FOR-US: ViArt Helpdesk -CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x ...) +CVE-2009-4547 NOT-FOR-US: ViArt CMS -CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers ...) +CVE-2009-4546 NOT-FOR-US: Logoshows BBS -CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web root with ...) +CVE-2009-4545 NOT-FOR-US: Logoshows BBS -CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in ...) +CVE-2009-4544 NOT-FOR-US: Cromosoft Technologies Facil Helpdesk -CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in Cromosoft ...) +CVE-2009-4543 NOT-FOR-US: Cromosoft Technologies Facil Helpdesk -CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft ...) +CVE-2009-4542 NOT-FOR-US: IsolSoft Support Center -CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support ...) +CVE-2009-4541 NOT-FOR-US: IsolSoft Support Center -CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows ...) +CVE-2009-4540 NOT-FOR-US: Mini CMS -CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager ...) +CVE-2009-4539 NOT-FOR-US: SQLiteManager -CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel ...) +CVE-2009-4538 {DSA-2005-1 DSA-1996-1} - linux-2.6 2.6.32-6 (low; bug #564114) [etch] - linux-2.6 <not-affected> (does not have e1000e driver) - linux-2.6.24 <removed> (low) NOTE: just like CVE-2009-4536 but was reported later -CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 ...) +CVE-2009-4537 {DSA-2053-1} - linux-2.6 2.6.32-11 (medium; bug #564110; bug #591581) - linux-2.6.24 <removed> (medium) -CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel ...) +CVE-2009-4536 {DSA-2005-1 DSA-2003-1 DSA-1996-1} - linux-2.6 2.6.32-6 (low; bug #564114) - linux-2.6.24 <removed> (low) -CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...) +CVE-2009-4535 NOT-FOR-US: Mongoose -CVE-2009-4534 (Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before ...) +CVE-2009-4534 NOT-FOR-US: module for Drupal -CVE-2009-4533 (The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module ...) +CVE-2009-4533 NOT-FOR-US: module for Drupal -CVE-2009-4532 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x ...) +CVE-2009-4532 NOT-FOR-US: module for Drupal -CVE-2009-4531 (httpdx 1.4.4 and earlier allows remote attackers to obtain the source ...) +CVE-2009-4531 NOT-FOR-US: httpdx -CVE-2009-4530 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...) +CVE-2009-4530 NOT-FOR-US: Mongoose -CVE-2009-4529 (InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote ...) +CVE-2009-4529 NOT-FOR-US: InterVations NaviCOPA Web Server -CVE-2009-4528 (The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for ...) +CVE-2009-4528 NOT-FOR-US: module for Drupal -CVE-2009-4527 (The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before ...) +CVE-2009-4527 NOT-FOR-US: module for Drupal -CVE-2009-4526 (The Send by e-mail sub-module in the Print (aka Printer, e-mail and ...) +CVE-2009-4526 NOT-FOR-US: module for Drupal -CVE-2009-4525 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...) +CVE-2009-4525 NOT-FOR-US: module for Drupal -CVE-2009-4524 (Cross-site scripting (XSS) vulnerability in the RealName module ...) +CVE-2009-4524 NOT-FOR-US: module for Drupal -CVE-2009-4523 (Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 ...) +CVE-2009-4523 NOT-FOR-US: Zainu -CVE-2009-4522 (Cross-site scripting (XSS) vulnerability in search.5.html in ...) +CVE-2009-4522 NOT-FOR-US: BloofoxCMS -CVE-2009-4521 (Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse ...) +CVE-2009-4521 NOT-FOR-US: Eclipse Business Intelligence and Reporting Tools -CVE-2009-4520 (The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before ...) +CVE-2009-4520 NOT-FOR-US: module for Drupal -CVE-2009-4519 (Multiple unspecified vulnerabilities in Ortro before 1.3.4 have ...) +CVE-2009-4519 NOT-FOR-US: Ortro -CVE-2009-4518 (Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x ...) +CVE-2009-4518 NOT-FOR-US: module for Drupal -CVE-2009-4517 (Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module ...) +CVE-2009-4517 NOT-FOR-US: module for Drupal -CVE-2009-4516 (Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and ...) +CVE-2009-4516 NOT-FOR-US: module for Drupal -CVE-2009-4515 (The Storm module 6.x before 6.x-1.25 for Drupal does not enforce ...) +CVE-2009-4515 NOT-FOR-US: module for Drupal -CVE-2009-4514 (Cross-site scripting (XSS) vulnerability in the OpenSocial ...) +CVE-2009-4514 NOT-FOR-US: module for Drupal -CVE-2009-4513 (Multiple cross-site scripting (XSS) vulnerabilities in the Workflow ...) +CVE-2009-4513 NOT-FOR-US: module for Drupal -CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3, when ...) +CVE-2009-4512 NOT-FOR-US: Oscailt -CVE-2009-4511 (Multiple directory traversal vulnerabilities in the web administration ...) +CVE-2009-4511 NOT-FOR-US: TANDBERG Video Communication Server -CVE-2009-4510 (The SSH service on the TANDBERG Video Communication Server (VCS) ...) +CVE-2009-4510 NOT-FOR-US: TANDBERG Video Communication Server -CVE-2009-4509 (The administrative web console on the TANDBERG Video Communication ...) +CVE-2009-4509 NOT-FOR-US: TANDBERG Video Communication Server CVE-2009-4508 RESERVED @@ -1466,476 +1466,476 @@ CVE-2009-4507 RESERVED CVE-2009-4506 RESERVED -CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP ...) +CVE-2009-4505 NOT-FOR-US: OpenCMS CVE-2009-4504 RESERVED CVE-2009-4503 RESERVED -CVE-2009-4502 (The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, ...) +CVE-2009-4502 - zabbix 1:1.8-1 (bug #562613) -CVE-2009-4501 (The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix ...) +CVE-2009-4501 - zabbix 1:1.8-1 (bug #562613) -CVE-2009-4500 (The process_trap function in trapper/trapper.c in Zabbix Server before ...) +CVE-2009-4500 - zabbix 1:1.8-1 (bug #562613) -CVE-2009-4499 (SQL injection vulnerability in the get_history_lastid function in the ...) +CVE-2009-4499 - zabbix 1:1.8-1 (bug #562613) -CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...) +CVE-2009-4498 - zabbix 1:1.8-1 (bug #562613) -CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...) +CVE-2009-4497 {DSA-2092-1} - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #575745) NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer -CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...) +CVE-2009-4496 - boa 0.94.14rc21-4 (unimportant; bug #578035) NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487 -CVE-2009-4495 (Yaws 1.85 writes data to a log file without sanitizing non-printable ...) +CVE-2009-4495 - yaws <unfixed> (unimportant) NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487 -CVE-2009-4494 (AOLserver 4.5.1 writes data to a log file without sanitizing ...) +CVE-2009-4494 - aolserver4 <unfixed> (unimportant) NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487 -CVE-2009-4493 (Orion Application Server 2.0.7 writes data to a log file without ...) +CVE-2009-4493 NOT-FOR-US: Orion httpd -CVE-2009-4492 (WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through ...) +CVE-2009-4492 - ruby1.8 1.8.7.249-1 (unimportant; bug #564598) - ruby1.9 <removed> (unimportant; bug #564647) - ruby1.9.1 1.9.1.378-1 (unimportant; bug #564646) NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487 NOTE: same as CVE-2009-4487 -CVE-2009-4491 (thttpd 2.25b0 writes data to a log file without sanitizing ...) +CVE-2009-4491 - thttpd <removed> (unimportant) NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487 -CVE-2009-4490 (mini_httpd 1.19 writes data to a log file without sanitizing ...) +CVE-2009-4490 - mini-httpd <unfixed> (unimportant) NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487 -CVE-2009-4489 (header.c in Cherokee before 0.99.32 writes data to a log file without ...) +CVE-2009-4489 - cherokee 0.99.37-1 (unimportant) NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487 -CVE-2009-4488 (** DISPUTED ** Varnish 2.0.6 writes data to a log file without ...) +CVE-2009-4488 - varnish <unfixed> (unimportant) NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487 -CVE-2009-4487 (nginx 0.7.64 writes data to a log file without sanitizing ...) +CVE-2009-4487 - nginx <unfixed> (unimportant) NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487 -CVE-2009-4486 (Stack-based buffer overflow in the eDirectory plugin in Novell ...) +CVE-2009-4486 NOT-FOR-US: iManager CVE-2009-4485 REJECTED -CVE-2009-4484 (Multiple stack-based buffer overflows in the CertDecoder::GetName ...) +CVE-2009-4484 {DSA-1997-1} - mysql-dfsg-5.0 <removed> (medium) - mysql-5.1 5.1.41-4 (medium) - cyassl <not-affected> (Fixed before initial upload to archive) NOTE: http://web.archive.org/web/20100129040903/http://intevydis.blogspot.com:80/2010/01/mysq-yassl-stack-overflow.html NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 -CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...) +CVE-2009-4483 NOT-FOR-US: MailSite -CVE-2009-4482 (Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote ...) +CVE-2009-4482 NOT-FOR-US: TVersity CVE-2009-4481 REJECTED -CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might ...) +CVE-2009-4480 NOT-FOR-US: AzeoTech DAQFactory -CVE-2009-4479 (LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial ...) +CVE-2009-4479 NOT-FOR-US: MailSite -CVE-2009-4478 (Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real ...) +CVE-2009-4478 NOT-FOR-US: Xstate Real Estate -CVE-2009-4477 (SQL injection vulnerability in page.html in Xstate Real Estate 1.0 ...) +CVE-2009-4477 NOT-FOR-US: Xstate Real Estate -CVE-2009-4476 (Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before ...) +CVE-2009-4476 NOT-FOR-US: HAURI ViRobot Desktop -CVE-2009-4475 (SQL injection vulnerability in the Joomlub (com_joomlub) component for ...) +CVE-2009-4475 NOT-FOR-US: component for Joomla! -CVE-2009-4474 (SQL injection vulnerability in the Mike de Boer zoom (com_zoom) ...) +CVE-2009-4474 NOT-FOR-US: Mambo component -CVE-2009-4473 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-4473 NOT-FOR-US: Ektron CMS400.NET -CVE-2009-4472 (Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and ...) +CVE-2009-4472 NOT-FOR-US: PHPope -CVE-2009-4471 (Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 ...) +CVE-2009-4471 NOT-FOR-US: FreeSchool -CVE-2009-4470 (SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows ...) +CVE-2009-4470 NOT-FOR-US: DVBBS -CVE-2009-4469 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-4469 NOT-FOR-US: phpPowerCards -CVE-2009-4468 (Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 ...) +CVE-2009-4468 NOT-FOR-US: DeluxeBB -CVE-2009-4467 (misc.php in DeluxeBB 1.3 allows remote attackers to register accounts ...) +CVE-2009-4467 NOT-FOR-US: DeluxeBB -CVE-2009-4466 (DeluxeBB 1.3 allows remote attackers to obtain sensitive information ...) +CVE-2009-4466 NOT-FOR-US: DeluxeBB -CVE-2009-4465 (DeluxeBB 1.3 stores sensitive information under the web root with ...) +CVE-2009-4465 NOT-FOR-US: DeluxeBB -CVE-2009-4464 (Cross-site scripting (XSS) vulnerability in searchadvance.asp in ...) +CVE-2009-4464 NOT-FOR-US: Active Business Directory -CVE-2009-4463 (Intellicom NetBiter WebSCADA devices use default passwords for the ...) +CVE-2009-4463 NOT-FOR-US: Intellicom NetBiter WebSCADA -CVE-2009-4462 (Stack-based buffer overflow in the NetBiterConfig utility ...) +CVE-2009-4462 NOT-FOR-US: Intellicom NetBiter WebSCADA -CVE-2009-4461 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 ...) +CVE-2009-4461 - flatpress <itp> (bug #466297) -CVE-2009-4460 (Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf ...) +CVE-2009-4460 NOT-FOR-US: Auto-Surf Traffic Exchange Script -CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the ...) +CVE-2009-4459 - redmine 0.9.1-1 (bug #563940) -CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character in a ...) +CVE-2009-4565 {DSA-1985-1} - sendmail 8.14.3-9.1 (medium; bug #564581) NOTE: http://www.sendmail.org/releases/8.14.4 -CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 ...) +CVE-2009-4458 NOT-FOR-US: FreePBX -CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module ...) +CVE-2009-4457 NOT-FOR-US: Webmin -CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny ...) +CVE-2009-4456 NOT-FOR-US: Green Desktiny -CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive Security ...) +CVE-2009-4455 NOT-FOR-US: Cisco -CVE-2009-4454 (vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user ...) +CVE-2009-4454 - videocache <itp> (bug #505329) -CVE-2009-4453 (Insecure method vulnerability in SoftCab Sound Converter ActiveX ...) +CVE-2009-4453 NOT-FOR-US: SoftCab Sound Converter ActiveX -CVE-2009-4452 (Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; ...) +CVE-2009-4452 NOT-FOR-US: Kaspersky Anti-Viru -CVE-2009-4451 (Unrestricted file upload vulnerability in upper.php in kandalf upper ...) +CVE-2009-4451 NOT-FOR-US: kandalf upper -CVE-2009-4450 (Multiple cross-site scripting (XSS) vulnerabilities in map.php in ...) +CVE-2009-4450 NOT-FOR-US: LiveZilla -CVE-2009-4449 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) ...) +CVE-2009-4449 NOT-FOR-US: MyBB -CVE-2009-4448 (inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and ...) +CVE-2009-4448 NOT-FOR-US: MyBB -CVE-2009-4447 (Jax Guestbook 3.5.0 allows remote attackers to bypass authentication ...) +CVE-2009-4447 NOT-FOR-US: Jax Guestbook -CVE-2009-4446 (Cross-site scripting (XSS) vulnerability in admin.php in ...) +CVE-2009-4446 NOT-FOR-US: phpInstantGallery -CVE-2009-4445 (Microsoft Internet Information Services (IIS), when used in ...) +CVE-2009-4445 NOT-FOR-US: Microsoft -CVE-2009-4444 (Microsoft Internet Information Services (IIS) 5.x and 6.x uses only ...) +CVE-2009-4444 NOT-FOR-US: Microsoft -CVE-2009-4443 (Unspecified vulnerability in the psearch (aka persistent search) ...) +CVE-2009-4443 NOT-FOR-US: Sun Java System Directory Server Enterprise Edition -CVE-2009-4442 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...) +CVE-2009-4442 NOT-FOR-US: Sun Java System Directory Server Enterprise Edition -CVE-2009-4441 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...) +CVE-2009-4441 NOT-FOR-US: Sun Java System Directory Server Enterprise Edition -CVE-2009-4440 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...) +CVE-2009-4440 NOT-FOR-US: Sun Java System Directory Server Enterprise Edition -CVE-2009-4439 (Unspecified vulnerability in the Query Compiler, Rewrite, and ...) +CVE-2009-4439 NOT-FOR-US: DB2 -CVE-2009-4438 (The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 ...) +CVE-2009-4438 NOT-FOR-US: DB2 -CVE-2009-4437 (Multiple SQL injection vulnerabilities in Active Auction House 3.6 ...) +CVE-2009-4437 NOT-FOR-US: Active Auction House 3.6 -CVE-2009-4436 (Multiple SQL injection vulnerabilities in Active Web Softwares ...) +CVE-2009-4436 NOT-FOR-US: Active Web Softwares eWebquiz -CVE-2009-4435 (Multiple directory traversal vulnerabilities in F3Site 2009 allow ...) +CVE-2009-4435 NOT-FOR-US: F3Site 2009 -CVE-2009-4434 (Directory traversal vulnerability in index.php in IDevSpot iSupport ...) +CVE-2009-4434 NOT-FOR-US: IDevSpot -CVE-2009-4433 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...) +CVE-2009-4433 NOT-FOR-US: IDevSpot -CVE-2009-4432 (SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 ...) +CVE-2009-4432 NOT-FOR-US: CodeMight VideoCMS -CVE-2009-4431 (PHP remote file inclusion vulnerability in cal_popup.php in the ...) +CVE-2009-4431 NOT-FOR-US: Joomla addon -CVE-2009-4430 (SQL injection vulnerability in index.php in VirtueMart 1.0 allows ...) +CVE-2009-4430 NOT-FOR-US: VirtueMart -CVE-2009-4429 (Cross-site scripting (XSS) vulnerability in the Sections module 5.x ...) +CVE-2009-4429 NOT-FOR-US: Drupal addon -CVE-2009-4428 (SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) ...) +CVE-2009-4428 NOT-FOR-US: Joomla addon -CVE-2009-4427 (Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 ...) +CVE-2009-4427 {DSA-1965-1} - phpldapadmin 1.1.0.7-1.1 (medium; bug #561975) [etch] - phpldapadmin <not-affected> (Vulnerable code not present) -CVE-2009-4426 (Multiple directory traversal vulnerabilities in Ignition 1.2, when ...) +CVE-2009-4426 NOT-FOR-US: Ignition -CVE-2009-4425 (Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 ...) +CVE-2009-4425 NOT-FOR-US: iDevCart -CVE-2009-4424 (SQL injection vulnerability in results.php in the Pyrmont plugin 2 for ...) +CVE-2009-4424 NOT-FOR-US: Wordpress plugin CVE-2009-XXXX [ampache DoS and CSRF] - ampache 3.5.3-1 (low) [lenny] - ampache <no-dsa> (minor issue) -CVE-2009-4423 (SQL injection vulnerability in index.php in weenCompany 4.0.0 allows ...) +CVE-2009-4423 NOT-FOR-US: weenCompany -CVE-2009-4422 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2009-4422 - libphp-jpgraph <not-affected> (Vulnerable code not present) -CVE-2009-4421 (Directory traversal vulnerability in languages_cgi.php in Simple PHP ...) +CVE-2009-4421 NOT-FOR-US: Simple PHP Blog -CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Application ...) +CVE-2009-4420 NOT-FOR-US: F5 Networks BIG-IP Application Security Manager (ASM) and Protocol Security Manager (PSM) -CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...) +CVE-2009-4419 NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets -CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...) +CVE-2009-4418 - php5 <removed> (unimportant) NOTE: Only exploitable by malicious script, not treated as a security issue NOTE: per Debian PHP security policy -CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend ...) +CVE-2009-4417 NOTE: the CVE talks about the Zend Framework, but the culprit NOTE: is actually piwik -CVE-2009-4416 (Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare ...) +CVE-2009-4416 {DSA-1978-1} - phpgroupware 1:0.9.16.012+dfsg-9 -CVE-2009-4415 (Multiple directory traversal vulnerabilities in phpGroupWare ...) +CVE-2009-4415 {DSA-1978-1} - phpgroupware 1:0.9.16.012+dfsg-9 -CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in ...) +CVE-2009-4414 {DSA-1978-1} - phpgroupware 1:0.9.16.012+dfsg-9 -CVE-2009-4412 (Unrestricted file upload vulnerability in Serendipity before 1.5 ...) +CVE-2009-4412 - serendipity 1.5.3-1 (low; bug #562634) -CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...) +CVE-2009-4411 - acl 2.2.49-2 (low; bug #499076) [etch] - acl <not-affected> (Vulnerable code not present) [lenny] - acl <no-dsa> (Minor issue, symlink attack not always as root) NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076#51 -CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...) +CVE-2009-4409 NOT-FOR-US: Internet Initiative Japan SEIL/B1 firmware -CVE-2009-4408 (Multiple cross-site scripting (XSS) vulnerabilities in models.parser ...) +CVE-2009-4408 NOT-FOR-US: PyForum -CVE-2009-4407 (Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum ...) +CVE-2009-4407 NOT-FOR-US: PyForum -CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American ...) +CVE-2009-4406 NOT-FOR-US: APC Switched Rack PDU AP7932 B2 -CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have ...) +CVE-2009-4405 - trac 0.11.6-1 (low) [lenny] - trac <no-dsa> (Minor information disclosure) -CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 ...) +CVE-2009-4404 - t-prot 2.8-1 (low) [etch] - t-prot <no-dsa> (Minor issue) [lenny] - t-prot <no-dsa> (Minor issue) -CVE-2009-4403 (Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 ...) +CVE-2009-4403 NOT-FOR-US: Rumba XML -CVE-2009-4402 (The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...) +CVE-2009-4402 - sql-ledger <unfixed> (unimportant; bug #562639) NOTE: Only supported behind an authenticated HTTP zone, see README.Debian -CVE-2009-4410 (The fuse_ioctl_copy_user function in the ioctl handler in ...) +CVE-2009-4410 - linux-2.6 2.6.32-1 (low) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29) -CVE-2009-4401 (SQL injection vulnerability in the Parish Administration Database ...) +CVE-2009-4401 NOT-FOR-US: ste_parish_admin typo3 extension -CVE-2009-4400 (Cross-site scripting (XSS) vulnerability in the Parish Administration ...) +CVE-2009-4400 NOT-FOR-US: ste_parish_admin typo3 extension -CVE-2009-4399 (SQL injection vulnerability in the Parish of the Holy Spirit Religious ...) +CVE-2009-4399 NOT-FOR-US: hs_religiousartgallery typo3 extension -CVE-2009-4398 (Cross-site scripting (XSS) vulnerability in the Parish of the Holy ...) +CVE-2009-4398 NOT-FOR-US: hs_religiousartgallery typo3 extension -CVE-2009-4397 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth ...) +CVE-2009-4397 NOT-FOR-US: pd_resources typo3 extension -CVE-2009-4396 (SQL injection vulnerability in the Diocese of Portsmouth Resources ...) +CVE-2009-4396 NOT-FOR-US: pd_resources typo3 extension -CVE-2009-4395 (Cross-site scripting (XSS) vulnerability in the Random Prayer 2 ...) +CVE-2009-4395 NOT-FOR-US: ste_prayer2 typo3 extension -CVE-2009-4394 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) ...) +CVE-2009-4394 NOT-FOR-US: ste_prayer2 typo3 extension -CVE-2009-4393 (SQL injection vulnerability in the Document Directorys ...) +CVE-2009-4393 NOT-FOR-US: danp_documentdirs -CVE-2009-4392 (SQL injection vulnerability in the XDS Staff List (xds_staff) ...) +CVE-2009-4392 NOT-FOR-US: xds_staff typo3 extension -CVE-2009-4391 (Cross-site scripting (XSS) vulnerability in the File list (dr_blob) ...) +CVE-2009-4391 NOT-FOR-US: dr_blob typo3 extension -CVE-2009-4390 (SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 ...) +CVE-2009-4390 NOT-FOR-US: car typo3 extension -CVE-2009-4389 (Unspecified vulnerability in the Watchdog (aba_watchdog) extension ...) +CVE-2009-4389 NOT-FOR-US: aba_watchdog typo3 extension -CVE-2009-4388 (Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) ...) +CVE-2009-4388 NOT-FOR-US: nl_listman typo3 extension -CVE-2009-4387 (The cross-site scripting (XSS) protection mechanism in ...) +CVE-2009-4387 NOT-FOR-US: ManageEngine Password Manager Pro (PMP) -CVE-2009-4386 (SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur ...) +CVE-2009-4386 NOT-FOR-US: Venalsur Booking Centre Booking System -CVE-2009-4385 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-4385 NOT-FOR-US: Scriptsez.net Ez Poll Hoster -CVE-2009-4384 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...) +CVE-2009-4384 NOT-FOR-US: Scriptsez.net Ez Poll Hoster -CVE-2009-4383 (Directory traversal vulnerability in Pforum.php in Rocomotion P forum ...) +CVE-2009-4383 NOT-FOR-US: Rocomotion P forum -CVE-2009-4382 (Cross-site scripting (XSS) vulnerability in module.php in PHPFABER ...) +CVE-2009-4382 NOT-FOR-US: PHPFABER CMS -CVE-2009-4381 (Cross-site scripting (XSS) vulnerability in index.php in texmedia ...) +CVE-2009-4381 NOT-FOR-US: texmedia Million Pixel Script -CVE-2009-4380 (Multiple SQL injection vulnerabilities in Valarsoft Webmatic before ...) +CVE-2009-4380 NOT-FOR-US: Valarsoft Webmatic -CVE-2009-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft ...) +CVE-2009-4379 NOT-FOR-US: Valarsoft Webmatic -CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows ...) +CVE-2009-4378 - wireshark <not-affected> (Windows-specific) -CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 ...) +CVE-2009-4377 {DSA-1983-1} - wireshark 1.2.5-1 [etch] - wireshark <no-dsa> (Minor issue) -CVE-2009-4376 (Buffer overflow in the daintree_sna_read function in the Daintree SNA ...) +CVE-2009-4376 - wireshark 1.2.5-1 [lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x) [etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x) -CVE-2009-4375 (SQL injection vulnerability in repository/repository_attachment.php in ...) +CVE-2009-4375 NOT-FOR-US: AlienVault Open Source Security Information Management -CVE-2009-4374 (Directory traversal vulnerability in ...) +CVE-2009-4374 NOT-FOR-US: AlienVault Open Source Security Information Management -CVE-2009-4373 (Unrestricted file upload vulnerability in ...) +CVE-2009-4373 NOT-FOR-US: AlienVault Open Source Security Information Management -CVE-2009-4372 (AlienVault Open Source Security Information Management (OSSIM) 2.1.5, ...) +CVE-2009-4372 NOT-FOR-US: AlienVault Open Source Security Information Management -CVE-2009-4371 (Cross-site scripting (XSS) vulnerability in the Locale module ...) +CVE-2009-4371 - drupal6 6.15-1 (low; bug #562165) [lenny] - drupal6 6.6-3lenny4 - drupal5 5.21-1 [lenny] - drupal5 <no-dsa> (Minor issue, requires auth) -CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module ...) +CVE-2009-4370 - drupal6 6.15-1 (low; bug #562165) [lenny] - drupal6 6.6-3lenny4 - drupal5 5.21-1 [lenny] - drupal5 <no-dsa> (Minor issue, requires auth) -CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module ...) +CVE-2009-4369 - drupal6 6.15-1 (low; bug #562165) [lenny] - drupal6 6.6-3lenny4 - drupal5 5.21-1 (low) [lenny] - drupal5 <no-dsa> (Minor issue, requires auth) -CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have ...) +CVE-2009-4368 NOT-FOR-US: Centreon -CVE-2009-4367 (The Staging Webservice ("sitecore modules/staging/service/api.asmx") ...) +CVE-2009-4367 NOT-FOR-US: Sitecore Staging Module -CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...) +CVE-2009-4366 NOT-FOR-US: ScriptsEz Ez Blog -CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-4365 NOT-FOR-US: ScriptsEz Ez Blog -CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...) +CVE-2009-4364 NOT-FOR-US: ScriptsEz Ez Blog -CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application ...) +CVE-2009-4363 {DSA-1966-1} - horde3 3.3.6+debian0-1 (low) -CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users ...) +CVE-2009-4362 NOT-FOR-US: IBM AIX -CVE-2009-4361 (Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users ...) +CVE-2009-4361 NOT-FOR-US: IBM AIX -CVE-2009-4360 (SQL injection vulnerability in modules/content/index.php in the ...) +CVE-2009-4360 NOT-FOR-US: XOOPS -CVE-2009-4359 (Cross-site scripting (XSS) vulnerability in folder.php in the ...) +CVE-2009-4359 NOT-FOR-US: XOOPS -CVE-2009-4358 (freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure ...) +CVE-2009-4358 NOT-FOR-US: freebsd-update -CVE-2009-4357 (CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 ...) +CVE-2009-4357 NOT-FOR-US: IBM Rational ClearQuest -CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in ...) +CVE-2009-4356 NOT-FOR-US: Winamp -CVE-2009-4355 (Memory leak in the zlib_stateful_finish function in ...) +CVE-2009-4355 {DSA-1970-1} - openssl 0.9.8k-8 (low) [etch] - openssl <not-affected> (affects only 0.9.8f and later) NOTE: apache2 packages in squeeze/sid do not seem to allow exploit -CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not ...) +CVE-2009-4354 NOT-FOR-US: TransWARE Active -CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 ...) +CVE-2009-4353 NOT-FOR-US: TransWARE Active -CVE-2009-4352 (Multiple cross-site scripting (XSS) vulnerabilities in TransWARE ...) +CVE-2009-4352 NOT-FOR-US: TransWARE Active -CVE-2009-4351 (SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, ...) +CVE-2009-4351 NOT-FOR-US: WSCreator -CVE-2009-4350 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 ...) +CVE-2009-4350 NOT-FOR-US: Arctic Issue Tracker -CVE-2009-4349 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2009-4349 NOT-FOR-US: Link Up Gold -CVE-2009-4348 (Cross-site scripting (XSS) vulnerability in index.php in Harold ...) +CVE-2009-4348 NOT-FOR-US: Harold Bakker's NewsScript -CVE-2009-4347 (Cross-site scripting (XSS) vulnerability in daloradius-users/login.php ...) +CVE-2009-4347 NOT-FOR-US: daloRADIUS -CVE-2009-4346 (Cross-site scripting (XSS) vulnerability in the Frontend news ...) +CVE-2009-4346 NOT-FOR-US: fe_rtenews typo3 extension -CVE-2009-4345 (Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) ...) +CVE-2009-4345 NOT-FOR-US: vShoutbox typo3 extension -CVE-2009-4344 (Cross-site scripting (XSS) vulnerability in the ZID Linkliste ...) +CVE-2009-4344 NOT-FOR-US: zid_linklist typo3 extension -CVE-2009-4343 (Cross-site scripting (XSS) vulnerability in the Training Company ...) +CVE-2009-4343 NOT-FOR-US: trainincdb typo3 extension -CVE-2009-4342 (SQL injection vulnerability in the Job Exchange (jobexchange) ...) +CVE-2009-4342 NOT-FOR-US: jobexchange typo3 extension -CVE-2009-4341 (SQL injection vulnerability in the No indexed Search ...) +CVE-2009-4341 NOT-FOR-US: no_indexed_search typo3 extension -CVE-2009-4340 (Cross-site scripting (XSS) vulnerability in the No indexed Search ...) +CVE-2009-4340 NOT-FOR-US: no_indexed_search typo3 extension -CVE-2009-4339 (SQL injection vulnerability in the Subscription (mf_subscription) ...) +CVE-2009-4339 NOT-FOR-US: mf_subscription typo3 extension -CVE-2009-4338 (SQL injection vulnerability in the Flash SlideShow (slideshow) ...) +CVE-2009-4338 NOT-FOR-US: slideshow typo3 extension -CVE-2009-4337 (SQL injection vulnerability in the Diocese of Portsmouth Calendar ...) +CVE-2009-4337 NOT-FOR-US: pd_calendar typo3 extension -CVE-2009-4336 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth ...) +CVE-2009-4336 NOT-FOR-US: pd_calendar typo3 extension -CVE-2009-4335 (Multiple unspecified vulnerabilities in bundled stored procedures in ...) +CVE-2009-4335 NOT-FOR-US: IBM DB2 -CVE-2009-4334 (The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before ...) +CVE-2009-4334 NOT-FOR-US: IBM DB2 -CVE-2009-4333 (The Relational Data Services component in IBM DB2 9.5 before FP5 ...) +CVE-2009-4333 NOT-FOR-US: IBM DB2 -CVE-2009-4332 (db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 ...) +CVE-2009-4332 NOT-FOR-US: IBM DB2 -CVE-2009-4331 (The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 ...) +CVE-2009-4331 NOT-FOR-US: IBM DB2 -CVE-2009-4330 (Unspecified vulnerability in db2licm in the Engine Utilities component ...) +CVE-2009-4330 NOT-FOR-US: IBM DB2 -CVE-2009-4329 (Unspecified vulnerability in the Engine Utilities component in IBM DB2 ...) +CVE-2009-4329 NOT-FOR-US: IBM DB2 -CVE-2009-4328 (Unspecified vulnerability in the DRDA Services component in IBM DB2 ...) +CVE-2009-4328 NOT-FOR-US: IBM DB2 -CVE-2009-4327 (The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and ...) +CVE-2009-4327 NOT-FOR-US: IBM DB2 -CVE-2009-4326 (The RAND scalar function in the Common Code Infrastructure component ...) +CVE-2009-4326 NOT-FOR-US: IBM DB2 -CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before ...) +CVE-2009-4325 NOT-FOR-US: IBM DB2 CVE-2009-XXXX [libhaml-ruby XSS issue] - libhaml-ruby 2.2.8-1 CVE-2009-XXXX [roundup: unspecified issue] - roundup 1.4.11-1 -CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in ...) +CVE-2009-4324 NOT-FOR-US: Adobe Reader and Acrobat 8.0 -CVE-2009-4323 (The installation for Zen Cart stores sensitive information and ...) +CVE-2009-4323 NOT-FOR-US: Zen Cart -CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers to ...) +CVE-2009-4322 NOT-FOR-US: Zen Cart -CVE-2009-4321 (extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other ...) +CVE-2009-4321 NOT-FOR-US: Zen Cart -CVE-2009-4320 (Cross-site scripting (XSS) vulnerability in searchform.php in The Next ...) +CVE-2009-4320 NOT-FOR-US: The Next Generation of Genealogy Sitebuilding -CVE-2009-4319 (PHP remote file inclusion vulnerability in ...) +CVE-2009-4319 NOT-FOR-US: eoCMS -CVE-2009-4318 (Cross-site scripting (XSS) vulnerability in index.php in Real Estate ...) +CVE-2009-4318 NOT-FOR-US: Real Estate Manager -CVE-2009-4317 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...) +CVE-2009-4317 NOT-FOR-US: ScriptsEz -CVE-2009-4316 (Cross-site scripting (XSS) vulnerability in searchresults_main.php in ...) +CVE-2009-4316 NOT-FOR-US: ZeeLyrics -CVE-2009-4315 (Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS ...) +CVE-2009-4315 NOT-FOR-US: Nuggetz CMS -CVE-2009-4314 (Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group ...) +CVE-2009-4314 NOT-FOR-US: Sun Ray Server Software -CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 ...) +CVE-2009-4313 NOT-FOR-US: Microsoft -CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...) +CVE-2009-4312 NOT-FOR-US: Microsoft -CVE-2009-4311 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...) +CVE-2009-4311 NOT-FOR-US: Microsoft -CVE-2009-4310 (Stack-based buffer overflow in the Intel Indeo41 codec for Windows ...) +CVE-2009-4310 NOT-FOR-US: Microsoft -CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for Windows ...) +CVE-2009-4309 NOT-FOR-US: Microsoft -CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 ...) +CVE-2009-4308 {DSA-2005-1} - linux-2.6 2.6.32-1 (medium) [etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19) [lenny] - linux-2.6 2.6.26-21 - linux-2.6.24 <removed> (medium) -CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux ...) +CVE-2009-4307 {DSA-2443-1} - linux-2.6 2.6.32-2 (low) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27) - linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.27) -CVE-2009-4306 (Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ...) +CVE-2009-4306 - linux-2.6 2.6.32-2 (medium) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31) @@ -1974,30 +1974,30 @@ CVE-2009-4276 REJECTED CVE-2009-4275 REJECTED -CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm ...) +CVE-2009-4274 {DSA-2026-1 DTSA-206-1} - netpbm-free 2:10.0-12.2 (medium; bug #569060) -CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...) +CVE-2009-4273 - systemtap 1.1-1 (bug #568865) [lenny] - systemtap <not-affected> (Server component not yet present) [etch] - systemtap <not-affected> (Server component not yet present) -CVE-2009-4272 (A certain Red Hat patch for net/ipv4/route.c in the Linux kernel ...) +CVE-2009-4272 - linux-2.6 2.6.31-1 (medium) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.27) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545411 -CVE-2009-4271 (The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 ...) +CVE-2009-4271 - linux-2.6 2.6.18-1 -CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...) +CVE-2009-4270 {DSA-2080-1} - ghostscript 8.70~dfsg-2.1 (medium; bug #562643) -CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...) +CVE-2009-4269 - derby <not-affected> (Fixed before initial upload to Debian) NOTE: https://issues.apache.org/jira/browse/DERBY-4483 CVE-2009-4268 REJECTED -CVE-2009-4267 (The console in Apache jUDDI 3.0.0 does not properly escape line feeds, ...) +CVE-2009-4267 NOT-FOR-US: Apache jUDDI CVE-2009-XXXX [gnome-screensaver inhibitor not removed when connection is closed] - gnome-screensaver 2.28.0-2 (low; bug #560895) @@ -2005,7 +2005,7 @@ CVE-2009-XXXX [gnome-screensaver inhibitor not removed when connection is closed [lenny] - gnome-screensaver <not-affected> (vulnerable code introduced in 2.28) NOTE: the code in etch's version is more different but it seems to be affected NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=284c9924969a49dbf2d5fae1d680d3310c4df4a3 -CVE-2009-5018 (Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier ...) +CVE-2009-5018 - gif2png 2.5.2-1 (low; bug #550978) [etch] - gif2png <no-dsa> (minor issue) [lenny] - gif2png <no-dsa> (minor issue) @@ -2022,7 +2022,7 @@ CVE-2009-XXXX [browser-based css info disclosure] NOTE: Minor design issue CVE-2009-XXXX [xpat2: save game permissions issue] - xpat2 1.07-17 (unimportant; bug #560087) -CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured ...) +CVE-2009-4144 - network-manager-applet 0.7.2-2 (low; bug #560067) [lenny] - network-manager-applet <not-affected> (WPA/enterprise was added in 0.7.2) - network-manager <not-affected> (vulnerable code is in -applet, which is a source package on its own as of 0.6.5) @@ -2033,67 +2033,67 @@ CVE-2009-XXXX [unsafe xfs] CVE-2009-XXXX [xserver-xorg: inherits user's mask] - xorg-server 2:1.7.2-1 (low; bug #555308) [lenny] - xorg-server 2:1.4.2-10.lenny3 -CVE-2009-4296 (SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and ...) +CVE-2009-4296 NOT-FOR-US: Taxonomy Timer module for Drupal -CVE-2009-4295 (Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA ...) +CVE-2009-4295 NOT-FOR-US: Sun Ray Server Software -CVE-2009-4294 (Unspecified vulnerability in the Authentication Manager (aka utauthd) ...) +CVE-2009-4294 NOT-FOR-US: Sun Ray Server Software -CVE-2009-4293 (Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 ...) +CVE-2009-4293 NOT-FOR-US: Internet Initiative Japan -CVE-2009-4292 (Buffer overflow in the URL filtering function in Internet Initiative ...) +CVE-2009-4292 NOT-FOR-US: Internet Initiative Japan -CVE-2009-4266 (Cross-site scripting (XSS) vulnerability in search.php in YABSoft ...) +CVE-2009-4266 NOT-FOR-US: YABSoft Advanced Image Hosting (AIH) Script -CVE-2009-4265 (Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and ...) +CVE-2009-4265 NOT-FOR-US: Ideal Administration -CVE-2009-4264 (PHP remote file inclusion vulnerability in components/core/connect.php ...) +CVE-2009-4264 NOT-FOR-US: AROUNDMe -CVE-2009-4263 (SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 ...) +CVE-2009-4263 NOT-FOR-US: PTCPay -CVE-2009-4262 (Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to ...) +CVE-2009-4262 NOT-FOR-US: Harold Bakker's Newscript HB-NS CVE-2009-XXXX [php-net-ping argument injection] - php-net-ping 2.4.2-1.1 (medium) [etch] - php-net-ping 2.4.2-1+etch1 [lenny] - php-net-ping 2.4.2-1+lenny1 -CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8 before ...) +CVE-2009-4305 {DSA-1986-1} - moodle 1.8.2.dfsg-6 (medium; bug #559531) NOTE: MSA-09-0031 -CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ...) +CVE-2009-4304 {DSA-2115-1} - moodle 1.9.8-1 (bug #559531) [lenny] - moodle <no-dsa> (Minor issue) [etch] - moodle <no-dsa> (Minor issue) NOTE: MSA-09-0029 -CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password ...) +CVE-2009-4303 {DSA-1986-1} - moodle 1.8.2.dfsg-6 (bug #559531) NOTE: MSA-09-0028 -CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ...) +CVE-2009-4302 {DSA-1986-1} - moodle 1.8.2.dfsg-6 (bug #559531) NOTE: MSA-09-0027 -CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when ...) +CVE-2009-4301 {DSA-1986-1} - moodle 1.8.2.dfsg-6 (bug #559531) NOTE: MSA-09-0026 -CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before ...) +CVE-2009-4300 {DSA-2115-1} - moodle 1.9.8-1 (bug #559531) [lenny] - moodle <no-dsa> (Minor issue) [etch] - moodle <no-dsa> (Minor issue) NOTE: MSA-09-0025 -CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8 ...) +CVE-2009-4299 {DSA-1986-1} - moodle 1.8.2.dfsg-6 (bug #559531) NOTE: MSA-09-0024 -CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ...) +CVE-2009-4298 {DSA-1986-1} - moodle 1.8.2.dfsg-6 (bug #559531) NOTE: MSA-09-0023 -CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ...) +CVE-2009-4297 {DSA-1986-1} - moodle 1.8.2.dfsg-6 (bug #559531) NOTE: MSA-09-0022 @@ -2103,7 +2103,7 @@ CVE-2009-5042 [docutils insecure usage of temporary files] [etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5) [lenny] - python-docutils 0.5-2+lenny1 NOTE: cve requested -CVE-2009-4261 (Multiple directory traversal vulnerabilities in the iallocator ...) +CVE-2009-4261 {DSA-1959-1} - ganeti 2.0.5-1 (low) NOTE: http://www.ocert.org/advisories/ocert-2009-019.html @@ -2113,278 +2113,278 @@ CVE-2009-4259 RESERVED CVE-2009-4258 RESERVED -CVE-2009-4257 (Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in ...) +CVE-2009-4257 NOT-FOR-US: RealPlayer -CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 ...) +CVE-2009-4256 NOT-FOR-US: AlefMentor -CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit! template ...) +CVE-2009-4255 NOT-FOR-US: Joomla! component -CVE-2009-4254 (PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive ...) +CVE-2009-4254 NOT-FOR-US: PowerPhlogger -CVE-2009-4253 (Cross-site scripting (XSS) vulnerability in dspStats.php in ...) +CVE-2009-4253 NOT-FOR-US: PowerPhlogger -CVE-2009-4252 (Cross-site scripting (XSS) vulnerability in images.php in Image ...) +CVE-2009-4252 NOT-FOR-US: Image Hosting Script DPI -CVE-2009-4251 (Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel ...) +CVE-2009-4251 NOT-FOR-US: Jasc Paint Shop Pro -CVE-2009-4250 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP ...) +CVE-2009-4250 NOT-FOR-US: CuteNews -CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP ...) +CVE-2009-4249 NOT-FOR-US: CuteNews -CVE-2009-4248 (Buffer overflow in the RTSPProtocol::HandleSetParameterRequest ...) +CVE-2009-4248 NOT-FOR-US: RealPlayer -CVE-2009-4247 (Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in ...) +CVE-2009-4247 NOT-FOR-US: RealPlayer -CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...) +CVE-2009-4246 NOT-FOR-US: RealPlayer -CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...) +CVE-2009-4245 NOT-FOR-US: RealPlayer -CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer ...) +CVE-2009-4244 NOT-FOR-US: RealPlayer -CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through ...) +CVE-2009-4243 NOT-FOR-US: RealPlayer -CVE-2009-4242 (Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function ...) +CVE-2009-4242 NOT-FOR-US: RealPlayer -CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...) +CVE-2009-4241 NOT-FOR-US: RealPlayer -CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in the ...) +CVE-2009-4240 NOT-FOR-US: IBM InfoSphere Information Server -CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in IBM ...) +CVE-2009-4239 NOT-FOR-US: IBM InfoSphere Information Server -CVE-2009-4238 (Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow ...) +CVE-2009-4238 NOT-FOR-US: TestLink -CVE-2009-4237 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...) +CVE-2009-4237 NOT-FOR-US: TestLink -CVE-2009-4236 (The process function in ...) +CVE-2009-4236 NOT-FOR-US: EC-CUBE -CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users ...) +CVE-2009-4235 {DSA-1960-1} - acpid 1.0.6 (low; bug #560771) NOTE: all versions set umask(0), might be worth double-checking what it opens -CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2009-4234 NOT-FOR-US: Micronet Network Access Controller -CVE-2009-4233 (Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php ...) +CVE-2009-4233 NOT-FOR-US: Joomla! component -CVE-2009-4232 (The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not ...) +CVE-2009-4232 NOT-FOR-US: Joomla! component -CVE-2009-4231 (Directory traversal vulnerability in as/lib/plugins.php in SweetRice ...) +CVE-2009-4231 NOT-FOR-US: SweetRice -CVE-2009-4230 (Multiple stack-based buffer overflows in src/Task.cc in the FastCGI ...) +CVE-2009-4230 NOT-FOR-US: IIPImage Server -CVE-2009-4229 (Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active ...) +CVE-2009-4229 NOT-FOR-US: ActiveWebSoftwares Active Bids -CVE-2009-4226 (Race condition in the IP module in the kernel in Sun OpenSolaris ...) +CVE-2009-4226 NOT-FOR-US: OpenSolaris kernel -CVE-2009-4225 (Stack-based buffer overflow in the PestPatrol ActiveX control ...) +CVE-2009-4225 NOT-FOR-US: PestPatrol -CVE-2009-4228 (Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and ...) +CVE-2009-4228 - xfig <unfixed> (unimportant) -CVE-2009-4227 (Stack-based buffer overflow in the read_1_3_textobject function in ...) +CVE-2009-4227 - xfig 1:3.2.5.b-1 (low; bug #559274) [lenny] - xfig <no-dsa> (Minor issue) [etch] - xfig <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905 -CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, ...) +CVE-2009-4413 {DSA-2002-1} - polipo 1.0.4-2 (low; bug #560779) [etch] - polipo <no-dsa> (Minor issue) [lenny] - polipo <no-dsa> (Minor issue) -CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...) +CVE-2009-4224 NOT-FOR-US: SweetRice -CVE-2009-4223 (PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web ...) +CVE-2009-4223 NOT-FOR-US: KR-Web -CVE-2009-4222 (phpBazar 2.1.1fix and earlier does not require administrative ...) +CVE-2009-4222 NOT-FOR-US: phpBazar -CVE-2009-4221 (SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and ...) +CVE-2009-4221 NOT-FOR-US: phpBazar -CVE-2009-4220 (PHP remote file inclusion vulnerability in ...) +CVE-2009-4220 NOT-FOR-US: PointComma -CVE-2009-4219 (Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX ...) +CVE-2009-4219 NOT-FOR-US: Haihaisoft Universal Player -CVE-2009-4218 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's ...) +CVE-2009-4218 NOT-FOR-US: JiRo's Banner System eXperience (JBSX) -CVE-2009-4217 (SQL injection vulnerability in the Itamar Elharar MusicGallery ...) +CVE-2009-4217 NOT-FOR-US: Joomla! component -CVE-2009-4216 (Directory traversal vulnerability in funzioni/lib/menulast.php in ...) +CVE-2009-4216 NOT-FOR-US: klinza -CVE-2009-4215 (Panda Global Protection 2010, Internet Security 2010, and Antivirus ...) +CVE-2009-4215 NOT-FOR-US: Panda CVE-2009-4213 RESERVED -CVE-2009-4212 (Multiple integer underflows in the (1) AES and (2) RC4 decryption ...) +CVE-2009-4212 {DSA-1969-1} - krb5 1.8+dfsg~alpha1-1 -CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security Readiness ...) +CVE-2009-4211 NOT-FOR-US: U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script -CVE-2009-4210 (The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and ...) +CVE-2009-4210 NOT-FOR-US: Microsoft -CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...) +CVE-2009-4209 NOT-FOR-US: moziloCMS -CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school (OS) ...) +CVE-2009-4208 NOT-FOR-US: Open-school -CVE-2009-4207 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x ...) +CVE-2009-4207 NOT-FOR-US: module for Drupal -CVE-2009-4206 (SQL injection vulnerability in admin.link.modify.php in Million Dollar ...) +CVE-2009-4206 NOT-FOR-US: Million Dollar Text Links -CVE-2009-4205 (Directory traversal vulnerability in admin.php in Flashlight Free ...) +CVE-2009-4205 NOT-FOR-US: Flashlight Free Edition -CVE-2009-4204 (SQL injection vulnerability in read.php in Flashlight Free Edition ...) +CVE-2009-4204 NOT-FOR-US: Flashlight Free Edition -CVE-2009-4203 (Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php ...) +CVE-2009-4203 NOT-FOR-US: Arab Portal -CVE-2009-4202 (Directory traversal vulnerability in the Omilen Photo Gallery ...) +CVE-2009-4202 NOT-FOR-US: Joomla! component -CVE-2009-4201 (Multiple stack-based buffer overflows in Mp3 Tag Assistant ...) +CVE-2009-4201 NOT-FOR-US: Mp3 Tag Assistant Professional -CVE-2009-4200 (SQL injection vulnerability in the Seminar (com_seminar) component ...) +CVE-2009-4200 NOT-FOR-US: Joomla! component -CVE-2009-4199 (Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos ...) +CVE-2009-4199 NOT-FOR-US: Joomla! component -CVE-2009-4198 (SQL injection vulnerability in my_orders.php in MyMiniBill allows ...) +CVE-2009-4198 NOT-FOR-US: MyMiniBill -CVE-2009-4197 (rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware ...) +CVE-2009-4197 NOT-FOR-US: Huawei MT882 V100R002B020 -CVE-2009-4196 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...) +CVE-2009-4196 NOT-FOR-US: Huawei MT882 V100R002B020 -CVE-2009-4195 (Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and ...) +CVE-2009-4195 NOT-FOR-US: Adobe Illustrator -CVE-2009-4194 (Directory traversal vulnerability in Golden FTP Server 4.30 Free and ...) +CVE-2009-4194 NOT-FOR-US: Golden FTP -CVE-2009-4192 (Directory traversal vulnerability in dialog/file_manager.php in ...) +CVE-2009-4192 NOT-FOR-US: Interspire Knowledge Manager -CVE-2009-4191 (Unspecified vulnerability in the kernel in Sun Solaris 10 and ...) +CVE-2009-4191 NOT-FOR-US: Sun Solaris -CVE-2009-4190 (Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 ...) +CVE-2009-4190 NOT-FOR-US: Sun Solaris -CVE-2009-4189 (HP Operations Manager has a default password of OvW*busr1 for the ...) +CVE-2009-4189 NOT-FOR-US: HP Operations Manager -CVE-2009-4188 (HP Operations Dashboard has a default password of j2deployer for the ...) +CVE-2009-4188 NOT-FOR-US: HP Operations Dashboard -CVE-2009-4187 (Multiple cross-site scripting (XSS) vulnerabilities in the Gateway ...) +CVE-2009-4187 NOT-FOR-US: Sun Java System Portal Server -CVE-2009-4186 (Stack consumption vulnerability in Apple Safari 4.0.3 on Windows ...) +CVE-2009-4186 NOT-FOR-US: Apple Safari -CVE-2009-4185 (Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in ...) +CVE-2009-4185 NOT-FOR-US: HP System Management Homepage -CVE-2009-4184 (Unspecified vulnerability in HP Enterprise Cluster Master Toolkit ...) +CVE-2009-4184 NOT-FOR-US: HP Enterprise Cluster Master Toolkit -CVE-2009-4183 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 ...) +CVE-2009-4183 NOT-FOR-US: HP OpenView Storage Data Protector -CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a ...) +CVE-2009-4182 NOT-FOR-US: HP Web Jetadmin -CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network ...) +CVE-2009-4181 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network ...) +CVE-2009-4180 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node ...) +CVE-2009-4179 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network ...) +CVE-2009-4178 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager ...) +CVE-2009-4177 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP ...) +CVE-2009-4176 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-4175 (CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote ...) +CVE-2009-4175 NOT-FOR-US: CuteNews -CVE-2009-4174 (The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews ...) +CVE-2009-4174 NOT-FOR-US: CuteNews -CVE-2009-4173 (Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews ...) +CVE-2009-4173 NOT-FOR-US: CuteNews -CVE-2009-4172 (Cross-site scripting (XSS) vulnerability in index.php in CutePHP ...) +CVE-2009-4172 NOT-FOR-US: CuteNews -CVE-2009-4171 (An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger ...) +CVE-2009-4171 NOT-FOR-US: ActiveX -CVE-2009-4170 (WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, ...) +CVE-2009-4170 NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress -CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the ...) +CVE-2009-4169 NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress -CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as ...) +CVE-2009-4168 NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress -CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl ...) +CVE-2009-4167 NOT-FOR-US: TYPO3 extension -CVE-2009-4166 (SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 ...) +CVE-2009-4166 NOT-FOR-US: TYPO3 extension -CVE-2009-4165 (SQL injection vulnerability in the simple Glossar (simple_glossar) ...) +CVE-2009-4165 NOT-FOR-US: TYPO3 extension -CVE-2009-4164 (Cross-site scripting (XSS) vulnerability in the simple Glossar ...) +CVE-2009-4164 NOT-FOR-US: TYPO3 extension -CVE-2009-4163 (SQL injection vulnerability in the TW Productfinder (tw_productfinder) ...) +CVE-2009-4163 NOT-FOR-US: TYPO3 extension -CVE-2009-4162 (Unspecified vulnerability in the DB Integration (wfqbe) extension ...) +CVE-2009-4162 NOT-FOR-US: TYPO3 extension -CVE-2009-4161 (Cross-site scripting (XSS) vulnerability in the [AN] Search it! ...) +CVE-2009-4161 NOT-FOR-US: TYPO3 extension -CVE-2009-4160 (Unspecified vulnerability in the Simple download-system with counter ...) +CVE-2009-4160 NOT-FOR-US: TYPO3 extension -CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter ...) +CVE-2009-4159 NOT-FOR-US: TYPO3 extension -CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension ...) +CVE-2009-4158 NOT-FOR-US: TYPO3 extension -CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-4157 NOT-FOR-US: Joomla! -CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php in ...) +CVE-2009-4156 NOT-FOR-US: Ciamos CMS -CVE-2009-4155 (Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote ...) +CVE-2009-4155 NOT-FOR-US: Eshopbuilde -CVE-2009-4154 (Directory traversal vulnerability in includes/feedcreator.class.php in ...) +CVE-2009-4154 NOT-FOR-US: Elxis CMS -CVE-2009-4153 (Unspecified vulnerability in the XMLAccess component in IBM WebSphere ...) +CVE-2009-4153 NOT-FOR-US: IBM WebSphere -CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration ...) +CVE-2009-4152 NOT-FOR-US: IBM WebSphere -CVE-2009-4151 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...) +CVE-2009-4151 {DSA-1944-1} - request-tracker3.6 3.6.9-2 (low) - request-tracker3.4 <removed> -CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and ...) +CVE-2009-4150 NOT-FOR-US: IBM DB2 -CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in CA ...) +CVE-2009-4149 NOT-FOR-US: CA Service Desk -CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers ...) +CVE-2009-4148 NOT-FOR-US: DAZ Studio -CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in ...) +CVE-2009-4147 - kfreebsd-6 <not-affected> (the affected file -rtld.c- is not in the archive, not even kFreeBSD) -CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...) +CVE-2009-4146 - kfreebsd-6 <not-affected> (the affected file -rtld.c- is not in the archive, not even kFreeBSD) -CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection ...) +CVE-2009-4145 - network-manager-applet 0.7.2-2 (low; bug #563371) - network-manager <not-affected> (-editor introduced in 0.7 on the -applet package) [lenny] - network-manager-applet <not-affected> (-editor was introduced in 0.7) -CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has ...) +CVE-2009-4143 {DSA-2001-1} - php5 5.2.12.dfsg.1-1 (low) -CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly ...) +CVE-2009-4142 {DSA-2001-1} - php5 5.2.12.dfsg.1-1 (medium) -CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in ...) +CVE-2009-4141 - linux-2.6 2.6.32-6 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28) NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3 -CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php in Open ...) +CVE-2009-4140 - piwik <itp> (bug #506933) -CVE-2009-4139 (Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java ...) +CVE-2009-4139 NOT-FOR-US: spacewalk-java -CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when ...) +CVE-2009-4138 {DSA-2005-1} - linux-2.6 2.6.32-3 (medium) [etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22) [lenny] - linux-2.6 2.6.26-21 - linux-2.6.24 <removed> (medium) -CVE-2009-4137 (The loadContentFromCookie function in core/Cookie.php in Piwik before ...) +CVE-2009-4137 - piwik <itp> (bug #506933) -CVE-2009-4136 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...) +CVE-2009-4136 {DSA-1964-1} - postgresql-7.4 <removed> - postgresql-8.1 <removed> - postgresql-8.2 <removed> - postgresql-8.3 8.3.9-1 (low) - postgresql-8.4 8.4.2-1 (low) -CVE-2009-4135 (The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 ...) +CVE-2009-4135 - coreutils <not-affected> (this issue only affects the coreutils build process; bug #560898) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439 -CVE-2009-4134 (Buffer underflow in the rgbimg module in Python 2.5 allows remote ...) +CVE-2009-4134 - python3.1 <not-affected> (rgbimgmodule no longer included in source) - python2.7 <not-affected> (rgbimgmodule no longer included in source) - python2.6 <not-affected> (rgbimgmodule no longer included in source) @@ -2392,11 +2392,11 @@ CVE-2009-4134 (Buffer underflow in the rgbimg module in Python 2.5 allows remote [lenny] - python2.5 <no-dsa> (Minor issue) - python2.4 <removed> (low) [lenny] - python2.4 <no-dsa> (Minor issue) -CVE-2009-4133 (Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for ...) +CVE-2009-4133 - condor <not-affected> (Fixed before initial upload to archive) CVE-2009-4132 REJECTED -CVE-2009-4131 (The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ...) +CVE-2009-4131 - linux-2.6 2.6.32-2 (medium) [etch] - linux-2.6 <not-affected> (introduced in 2.6.31) [lenny] - linux-2.6 <not-affected> (introduced in 2.6.31) @@ -2404,23 +2404,23 @@ CVE-2009-4131 (The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in CVE-2009-XXXX [monkey DoS] - monkey 0.9.3-1 (low) [lenny] - monkey <no-dsa> (Minor issue, fringe package) -CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function ...) +CVE-2009-4130 - xulrunner <undetermined> (bug #565521) [wheezy] - xulrunner <end-of-life> (no detailed information available) -CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a ...) +CVE-2009-4129 - xulrunner <undetermined> (bug #565521) [wheezy] - xulrunner <end-of-life> (no detailed information available) -CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted ...) +CVE-2009-4128 - grub2 1.97+20091115-1 (bug #555195) [lenny] - grub2 <not-affected> (Password authentication not yet present) - grub <not-affected> (only affects grub2) -CVE-2009-4127 (Unspecified vulnerability in Wikipedia Toolbar extension before ...) +CVE-2009-4127 NOT-FOR-US: Wikipedia Toolbar extension for Firefox CVE-2009-4126 RESERVED CVE-2009-4125 RESERVED -CVE-2009-4124 (Heap-based buffer overflow in the rb_str_justify function in string.c ...) +CVE-2009-4124 - ruby1.9.1 1.9.1.376-1 - ruby1.9 <removed> (bug #572817) - ruby1.8 <not-affected> @@ -2429,116 +2429,116 @@ CVE-2009-4123 RESERVED CVE-2009-4122 RESERVED -CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-4121 NOT-FOR-US: Quick CMS -CVE-2009-4120 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-4120 NOT-FOR-US: Quick.Cart -CVE-2009-4119 (Cross-site scripting (XSS) vulnerability in Feed Element Mapper module ...) +CVE-2009-4119 NOT-FOR-US: module for Drupal -CVE-2009-4118 (The StartServiceCtrlDispatcher function in the cvpnd service ...) +CVE-2009-4118 NOT-FOR-US: Cisco VPN client for Windows -CVE-2009-4117 (Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before ...) +CVE-2009-4117 NOT-FOR-US: MuPDF -CVE-2009-4116 (Multiple directory traversal vulnerabilities in CutePHP CuteNews ...) +CVE-2009-4116 NOT-FOR-US: CutePHP -CVE-2009-4115 (Multiple static code injection vulnerabilities in the Categories ...) +CVE-2009-4115 NOT-FOR-US: CutePHP CuteNews -CVE-2009-4114 (kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other ...) +CVE-2009-4114 NOT-FOR-US: Kaspersky Anti-Virus -CVE-2009-4113 (Static code injection vulnerability in the Categories module in ...) +CVE-2009-4113 NOT-FOR-US: CutePHP CuteNews -CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search functionality ...) +CVE-2009-4110 NOT-FOR-US: DotNetNuke -CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent ...) +CVE-2009-4109 NOT-FOR-US: DotNetNuke -CVE-2009-4108 (XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to ...) +CVE-2009-4108 NOT-FOR-US: XM Easy Personal FTP Server -CVE-2009-4107 (Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted ...) +CVE-2009-4107 NOT-FOR-US: Invisible Browsing -CVE-2009-4106 (Unrestricted file upload vulnerability in admintools/editpage-2.php in ...) +CVE-2009-4106 NOT-FOR-US: Agoko CMS -CVE-2009-4105 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...) +CVE-2009-4105 NOT-FOR-US: TYPSoft FTP Server -CVE-2009-4104 (SQL injection vulnerability in Lyften Designs LyftenBloggie ...) +CVE-2009-4104 NOT-FOR-US: Joomla! component -CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, ...) +CVE-2009-4103 NOT-FOR-US: Robo-FTP -CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain ...) +CVE-2009-4102 {DSA-1951-1} - firefox-sage 1.4.3-4 (medium; bug #559267) -CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs certain ...) +CVE-2009-4101 NOT-FOR-US: infoRSS extension for Firefox -CVE-2009-4100 (Yoono extension before 6.1.1 for Firefox performs certain operations ...) +CVE-2009-4100 NOT-FOR-US: Yoono extension for Firefox -CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar ...) +CVE-2009-4099 NOT-FOR-US: Joomla! Component -CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ...) +CVE-2009-4098 - openx <itp> (bug #513771) -CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...) +CVE-2009-4097 NOT-FOR-US: Serenity Audio Player -CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web ...) +CVE-2009-4096 NOT-FOR-US: RADIO istek scripti -CVE-2009-4095 (myPhile 1.2.1 allows remote attackers to bypass authentication via an ...) +CVE-2009-4095 NOT-FOR-US: myPhile -CVE-2009-4094 (PHP remote file inclusion vulnerability in ...) +CVE-2009-4094 NOT-FOR-US: Joomla! component -CVE-2009-4093 (Multiple cross-site scripting (XSS) vulnerabilities in comments.php in ...) +CVE-2009-4093 NOT-FOR-US: Simplog -CVE-2009-4092 (Cross-site request forgery (CSRF) vulnerability in user.php in Simplog ...) +CVE-2009-4092 NOT-FOR-US: Simplog -CVE-2009-4091 (comments.php in Simplog 0.9.3.2, and possibly earlier, does not ...) +CVE-2009-4091 NOT-FOR-US: Simplog -CVE-2009-4090 (Unrestricted file upload vulnerability in ajax/addComment.php in ...) +CVE-2009-4090 NOT-FOR-US: telepark.wiki -CVE-2009-4089 (telepark.wiki 2.4.23 and earlier allows remote attackers to bypass ...) +CVE-2009-4089 NOT-FOR-US: telepark.wiki -CVE-2009-4088 (Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 ...) +CVE-2009-4088 NOT-FOR-US: telepark.wiki -CVE-2009-4087 (Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki ...) +CVE-2009-4087 NOT-FOR-US: telepark.wiki -CVE-2009-4086 (CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 ...) +CVE-2009-4086 NOT-FOR-US: Xerver HTTP Server -CVE-2009-4085 (PHP remote file inclusion vulnerability in ...) +CVE-2009-4085 NOT-FOR-US: PHP Traverser -CVE-2009-4084 (SQL injection vulnerability in the search feature in e107 0.7.16 and ...) +CVE-2009-4084 NOT-FOR-US: e107 -CVE-2009-4083 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and ...) +CVE-2009-4083 NOT-FOR-US: e107 -CVE-2009-4082 (PHP remote file inclusion vulnerability in ...) +CVE-2009-4082 NOT-FOR-US: Outreach Project Tool -CVE-2009-4081 (Untrusted search path vulnerability in dstat before r3199 allows local ...) +CVE-2009-4081 - dstat <not-affected> (Fixed/tracked as CVE-2009-3894) NOTE: This second ID is about the same issue, but for an older version, see NOTE: http://bugs.gentoo.org/show_bug.cgi?id=293497 NOTE: For Debian we'll just use CVE-2009-3894 and mark this one as not-affected -CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP ...) +CVE-2009-4080 NOT-FOR-US: ldap_cachemgr in Sun Solaris -CVE-2009-4079 (Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and ...) +CVE-2009-4079 - redmine 0.9.0~svn2902-1 -CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 ...) +CVE-2009-4078 - redmine 0.9.0~svn2902-1 -CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...) +CVE-2009-4077 - roundcube 0.3-1 -CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...) +CVE-2009-4076 - roundcube 0.3-1 -CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in Sun ...) +CVE-2009-4075 NOT-FOR-US: Sun Solaris -CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...) +CVE-2009-4074 NOT-FOR-US: Microsoft Internet Explorer 8 -CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...) +CVE-2009-4214 {DSA-2301-1 DSA-2260-1} - rails 2.2.3-2 (low; bug #558685) NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1 -CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...) +CVE-2009-4073 NOT-FOR-US: Microsoft Internet Explorer 8 -CVE-2009-4072 (Unspecified vulnerability in Opera before 10.10 has unknown impact and ...) +CVE-2009-4072 NOT-FOR-US: Opera -CVE-2009-4071 (Opera before 10.10, when exception stacktraces are enabled, places ...) +CVE-2009-4071 NOT-FOR-US: Opera -CVE-2009-4070 (SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly ...) +CVE-2009-4070 {DSA-1818-1} - gforge 4.7.3-2 -CVE-2009-4069 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, ...) +CVE-2009-4069 {DSA-1818-1} - gforge 4.7.3-2 CVE-2009-4068 @@ -2548,83 +2548,83 @@ CVE-2009-4067 {DSA-2310-1} - linux-2.6 2.6.28-1 (low) NOTE: Driver was removed in 2.6.27 -CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in the "My ...) +CVE-2009-4066 NOT-FOR-US: module for Drupal -CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in the ...) +CVE-2009-4065 NOT-FOR-US: module for Drupal -CVE-2009-4064 (Cross-site scripting (XSS) vulnerability in the Gallery Assist module ...) +CVE-2009-4064 NOT-FOR-US: module for Drupal -CVE-2009-4063 (Cross-site scripting (XSS) vulnerability in the Subgroups for Organic ...) +CVE-2009-4063 NOT-FOR-US: module for Drupal -CVE-2009-4062 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2009-4062 NOT-FOR-US: module for Drupal -CVE-2009-4061 (Multiple cross-site scripting (XSS) vulnerabilities in the Agreement ...) +CVE-2009-4061 NOT-FOR-US: module for Drupal -CVE-2009-4060 (SQL injection vulnerability in includes/content/viewProd.inc.php in ...) +CVE-2009-4060 NOT-FOR-US: CubeCart -CVE-2009-4059 (SQL injection vulnerability in the JoomClip (com_joomclip) component ...) +CVE-2009-4059 NOT-FOR-US: component for Joomla! -CVE-2009-4058 (SQL injection vulnerability in allauctions.php in Telebid Auction ...) +CVE-2009-4058 NOT-FOR-US: Telebid Auction Script -CVE-2009-4057 (SQL injection vulnerability in the inertialFATE iF Portfolio Nexus ...) +CVE-2009-4057 NOT-FOR-US: component for Joomla! -CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 ...) +CVE-2009-4056 NOT-FOR-US: Betsy CMS -CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before ...) +CVE-2009-4055 {DSA-1952-1} - asterisk 1:1.6.2.0~rc7-1 (bug #559103) [etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support) CVE-2009-4054 REJECTED -CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server ...) +CVE-2009-4053 NOT-FOR-US: Home FTP Server -CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget ...) +CVE-2009-4052 NOT-FOR-US: IBM Rational Application Developer for WebSphere -CVE-2009-4051 (Home FTP Server 1.10.1.139 allows remote attackers to cause a denial ...) +CVE-2009-4051 NOT-FOR-US: Home FTP Server -CVE-2009-4050 (Directory traversal vulnerability in get_file.php in phpMyBackupPro ...) +CVE-2009-4050 NOT-FOR-US: phpMyBackupPro -CVE-2009-4049 (Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in ...) +CVE-2009-4049 NOT-FOR-US: avast -CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated ...) +CVE-2009-4048 NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server -CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...) +CVE-2009-4047 NOT-FOR-US: PHD Help Desk -CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...) +CVE-2009-4112 [experimental] - cacti 1.2.0~beta2+ds1-1 - cacti 1.2.1+ds1-1 (unimportant; bug #561339) NOTE: 4B0E1566.1070509@moritz-naumann.com in bugtraq NOTE: as one requires admin access to cacti, upstream will implement a whitelist NOTE: https://github.com/Cacti/cacti/issues/1072 -CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e ...) +CVE-2009-4032 {DSA-1954-1} - cacti 0.8.7e-1.1 (low; bug #561338) NOTE: http://docs.cacti.net/#cross-site_scripting_fixes NOTE: http://www.cacti.net/download_patches.php NOTE: incomplete, probably another CVE id will be allocated: https://bugzilla.redhat.com/show_bug.cgi?id=541279#c17 -CVE-2009-4046 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x ...) +CVE-2009-4046 NOT-FOR-US: FrontAccounting -CVE-2009-4045 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...) +CVE-2009-4045 NOT-FOR-US: FrontAccounting -CVE-2009-4044 (The Web Services module 6.x for Drupal does not perform the expected ...) +CVE-2009-4044 NOT-FOR-US: Web Services module for Drupal -CVE-2009-4043 (Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x ...) +CVE-2009-4043 NOT-FOR-US: module for Drupal -CVE-2009-4042 (Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x ...) +CVE-2009-4042 NOT-FOR-US: theme for Drupal -CVE-2009-4041 (UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of ...) +CVE-2009-4041 NOT-FOR-US: UseBB -CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and ...) +CVE-2009-4040 NOT-FOR-US: phpMyFAQ -CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows ...) +CVE-2009-4039 - piwigo <not-affected> (Fixed before initial upload to the archive) -CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH Software ...) +CVE-2009-4038 NOT-FOR-US: NCH Software Axon Virtual PBX -CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...) +CVE-2009-4037 NOT-FOR-US: FrontAccounting CVE-2009-4036 REJECTED -CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...) +CVE-2009-4035 - kdegraphics 4:4.0.0-1 - xpdf 3.01-1 - poppler 0.5.1-1 @@ -2632,28 +2632,28 @@ CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, NOTE: was silently fixed by upstream xpdf, fix propagated to poppler in 4b4fc5c017b/2005-09-14 NOTE: but at least version 0.4.5 does *not* contain the ship. NOTE: Was fixed somewhere between 0.4.5 and 0.5.1 -CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...) +CVE-2009-4034 {DSA-1964-1} - postgresql-7.4 <removed> - postgresql-8.1 <removed> - postgresql-8.2 <removed> - postgresql-8.3 8.3.9-1 (low) - postgresql-8.4 8.4.2-1 (low) -CVE-2009-4033 (A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to ...) +CVE-2009-4033 - acpid <not-affected> (problem in redhat-specific patch; debian uses sensible permissions 0664) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=515062 -CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 ...) +CVE-2009-4031 {DSA-1962-1} - linux-2.6 2.6.32-3 (low) [lenny] - linux-2.6 2.6.26-21 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25) - kvm <removed> (low; bug #562075) -CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain ...) +CVE-2009-4030 {DSA-1997-1} - mysql-5.1 5.1.43-1 - mysql-dfsg-5.0 <removed> -CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, ...) +CVE-2009-4029 - automake 1:1.4-p6-13.1 [lenny] - automake <no-dsa> (Minor issue) - automake1.9 1.9.6+nogfdl-3.1 @@ -2664,49 +2664,49 @@ CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10. [lenny] - automake1.10 <no-dsa> (Minor issue) NOTE: spu will be released to avoid spreading the bug even further NOTE: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html -CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x ...) +CVE-2009-4028 - mysql-5.1 <not-affected> (Vulnerable code not present) - mysql-dfsg-5.0 <not-affected> (Vulnerable code not present) NOTE: built with --without-openssl -CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel before ...) +CVE-2009-4027 {DSA-1996-1 DTSA-204-1} - linux-2.6 2.6.32-1 (medium) [etch] - linux-2.6 <not-affected> (introduced in 2.6.26) - linux-2.6.24 <not-affected> (introduced in 2.6.26) -CVE-2009-4026 (The mac80211 subsystem in the Linux kernel before ...) +CVE-2009-4026 {DTSA-204-1} - linux-2.6 2.6.32-1 (medium) [etch] - linux-2.6 <not-affected> (introduced in 2.6.30) [lenny] - linux-2.6 <not-affected> (introduced in 2.6.30) - linux-2.6.24 <not-affected> (introduced in 2.6.30) -CVE-2009-4025 (Argument injection vulnerability in the traceroute function in ...) +CVE-2009-4025 NOT-FOR-US: Net_Traceroute PEAR module -CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php in ...) +CVE-2009-4024 {DSA-1949-1} - php-net-ping 2.4.2-1.1 (medium) NOTE: fix applied by upstream is incomplete, reported to oss-sec -CVE-2009-4111 (Argument injection vulnerability in Mail/sendmail.php in the Mail ...) +CVE-2009-4111 {DSA-1938-1} - php-mail 1.1.14-2 (medium; bug #557121) [lenny] - php-mail 1.1.14-1+lenny1 [etch] - php-mail 1.1.6-2+etch1 -CVE-2009-4023 (Argument injection vulnerability in the sendmail implementation of the ...) +CVE-2009-4023 {DSA-1938-1} - php-mail 1.1.14-2 (medium; bug #557121) [lenny] - php-mail 1.1.14-1+lenny1 [etch] - php-mail 1.1.6-2+etch1 -CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...) +CVE-2009-4022 {DSA-1961-1} - bind9 1:9.6.1.dfsg.P2-1 (medium) NOTE: https://www.isc.org/node/504 NOTE: Only affects installations with trust anchors, but then the NOTE: consequences are quite severe. -CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel ...) +CVE-2009-4020 {DSA-2005-1 DSA-2003-1} - linux-2.6 2.6.32-3 (medium) [lenny] - linux-2.6 2.6.26-21 - linux-2.6.24 <removed> (medium) -CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ...) +CVE-2009-4019 {DSA-1997-1} - mysql-5.1 5.1.41-1 - mysql-dfsg-5.0 <removed> @@ -2714,75 +2714,75 @@ CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does NOTE: http://web.archive.org/web/20140723045533/http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html NOTE: http://bugs.mysql.com/47780 NOTE: http://bugs.mysql.com/48291 -CVE-2009-4018 (The proc_open function in ext/standard/proc_open.c in PHP before ...) +CVE-2009-4018 - php5 5.2.11.dfsg.1-1 (unimportant) NOTE: safe_mode bypass -CVE-2009-4016 (Integer underflow in the clean_string function in irc_string.c in (1) ...) +CVE-2009-4016 {DSA-1980-1} - ircd-ratbox 3.0.6.dfsg-1 (medium; bug #567191) - ircd-hybrid 1:7.2.2.dfsg.2-6.1 (medium; bug #567192) - oftc-hybrid 1.6.3.dfsg-1.1 (medium; bug #567193) -CVE-2009-4015 (Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x ...) +CVE-2009-4015 {DSA-1979-1} - lintian 2.3.2 (medium) -CVE-2009-4014 (Multiple format string vulnerabilities in Lintian 1.23.x through ...) +CVE-2009-4014 {DSA-1979-1} - lintian 2.3.2 (medium) -CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x through ...) +CVE-2009-4013 {DSA-1979-1} - lintian 2.3.2 (medium) -CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow ...) +CVE-2009-4012 {DSA-1971-1} - libthai 0.1.13-1 CVE-2009-4011 [dtc-xen race condition] RESERVED - dtc-xen 0.5.4-1 [lenny] - dtc-xen <not-affected> (Only affects 0.5.x) -CVE-2009-4010 (Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows ...) +CVE-2009-4010 {DSA-1968-2 DSA-1968-1} - pdns-recursor 3.1.7.2-1 (high) -CVE-2009-4009 (Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote ...) +CVE-2009-4009 {DSA-1968-1} - pdns-recursor 3.1.7.2-1 (high) [etch] - pdns-recursor <not-affected> (vulnerable code not present) -CVE-2009-4008 (Unbound before 1.4.4 does not send responses for signed zones after ...) +CVE-2009-4008 {DSA-2243-1} - unbound 1.4.4-1 (low) -CVE-2009-4007 (Unspecified vulnerability in the NormaliseTrainConsist function in ...) +CVE-2009-4007 - openttd 0.7.5-1 [lenny] - openttd 0.6.2-1+lenny1 -CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...) +CVE-2009-4006 NOT-FOR-US: Serv-U FTP server -CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...) +CVE-2009-4005 {DSA-2005-1 DSA-2003-1} - linux-2.6 2.6.32-1 (low) [lenny] - linux-2.6 2.6.26-21 - linux-2.6.24 <removed> (low) -CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 ...) +CVE-2009-4003 NOT-FOR-US: Adobe Shockwave Player -CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 ...) +CVE-2009-4002 NOT-FOR-US: Adobe Shockwave Player -CVE-2009-4001 (Integer overflow in XnView before 1.97.2 might allow remote attackers ...) +CVE-2009-4001 NOT-FOR-US: XnView -CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP ...) +CVE-2009-4000 NOT-FOR-US: HP Power Manager -CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power ...) +CVE-2009-3999 NOT-FOR-US: HP Power Manager CVE-2009-3998 RESERVED -CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...) +CVE-2009-3997 NOT-FOR-US: winamp -CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder ...) +CVE-2009-3996 {DSA-2071-1} - libmikmod 3.1.11-6.2 (bug #575742) - pysol-sound-server <removed> (unimportant) NOTE: pysol-sound-server embeds a mikmod copy, but only reads to local files -CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module ...) +CVE-2009-3995 {DSA-2081-1 DSA-2071-1} - libmikmod 3.1.11-6.2 (bug #575742) - pysol-sound-server <removed> (unimportant) NOTE: pysol-sound-server embeds a mikmod copy, but only reads to local files -CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...) +CVE-2009-3994 - devil 1.7.8-6 (low; bug #560080) [lenny] - devil <no-dsa> (Minor issue) [etch] - devil <no-dsa> (Minor issue) @@ -2794,10 +2794,10 @@ CVE-2009-3991 REJECTED CVE-2009-3990 REJECTED -CVE-2009-3989 (Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and ...) +CVE-2009-3989 - bugzilla 3.4.7.0-1 (unimportant) NOTE: http://www.bugzilla.org/security/3.0.10/ -CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and ...) +CVE-2009-3988 {DSA-1999-1} - xulrunner 1.9.1.8-1 [etch] - xulrunner <end-of-life> @@ -2805,165 +2805,165 @@ CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and . [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.3-1 [lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs) -CVE-2009-3987 (The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and ...) +CVE-2009-3987 - xulrunner <not-affected> (Windows-specific vulnerability) -CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...) +CVE-2009-3986 {DSA-1956-1} - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - xulrunner 1.9.1.6-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3985 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...) +CVE-2009-3985 {DSA-1956-1} - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - xulrunner 1.9.1.6-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3984 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...) +CVE-2009-3984 {DSA-1956-1} - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - xulrunner 1.9.1.6-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3983 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...) +CVE-2009-3983 {DSA-1956-1} - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - xulrunner 1.9.1.6-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3982 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) +CVE-2009-3982 - xulrunner 1.9.1.6-1 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5) [etch] - xulrunner <not-affected> (Only affects Firefox 3.5) -CVE-2009-3981 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) +CVE-2009-3981 {DSA-1956-1} - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - xulrunner 1.9.1 NOTE: Only affects Firefox 3 -CVE-2009-3980 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2009-3980 - xulrunner 1.9.1.6-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5) -CVE-2009-3979 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2009-3979 {DSA-1956-1} - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - xulrunner 1.9.1.6-1 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...) +CVE-2009-3978 - xulrunner 1.9.1.5-1 (unimportant) NOTE: Browser crashes not treated as security issues -CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ...) +CVE-2009-3977 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-3976 (Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to ...) +CVE-2009-3976 NOT-FOR-US: Labtam ProFTP -CVE-2009-3975 (SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and ...) +CVE-2009-3975 NOT-FOR-US: Moa Gallery -CVE-2009-3974 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB or ...) +CVE-2009-3974 NOT-FOR-US: Invision Power Board -CVE-2009-3973 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...) +CVE-2009-3973 NOT-FOR-US: Turnkey Arcade Script -CVE-2009-3972 (SQL injection vulnerability in the Q-Proje Siirler Bileseni ...) +CVE-2009-3972 NOT-FOR-US: component for Joomla! -CVE-2009-3971 (SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 ...) +CVE-2009-3971 NOT-FOR-US: component for Joomla! -CVE-2009-3970 (SQL injection vulnerability in index.php in PHP Dir Submit (aka ...) +CVE-2009-3970 NOT-FOR-US: PHP Dir Submit -CVE-2009-3969 (Stack-based buffer overflow in Faslo Player 7.0 allows remote ...) +CVE-2009-3969 NOT-FOR-US: Faslo Player -CVE-2009-3968 (Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote ...) +CVE-2009-3968 NOT-FOR-US: ITechBids -CVE-2009-3967 (SQL injection vulnerability in browse.php in Ed Charkow SuperCharged ...) +CVE-2009-3967 NOT-FOR-US: Ed Charkow SuperCharged Linking -CVE-2009-3966 (Arcade Trade Script 1.0 allows remote attackers to bypass ...) +CVE-2009-3966 NOT-FOR-US: Arcade Trade Script -CVE-2009-3965 (SQL injection vulnerability in rating.php in New 5 star Rating 1.0 ...) +CVE-2009-3965 NOT-FOR-US: New 5 star Rating -CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) ...) +CVE-2009-3964 NOT-FOR-US: component for Joomla! -CVE-2009-3898 (Directory traversal vulnerability in ...) +CVE-2009-3898 - nginx 0.7.63-1 (low; bug #557389) [etch] - nginx <no-dsa> (upload rights required) [lenny] - nginx <no-dsa> (upload rights required) -CVE-2009-3897 (Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of ...) +CVE-2009-3897 - dovecot 1:1.2.8-1 (medium; bug #557601) [lenny] - dovecot <not-affected> (Only affects 1.2.x) [etch] - dovecot <not-affected> (Only affects 1.2.x) -CVE-2009-4017 (PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ...) +CVE-2009-4017 {DSA-1940-1} - php5 5.2.11.dfsg.1-2 (medium) - php4 <removed> (medium) NOTE: workarounds include using 5.3.1 or php5-suhosin NOTE: 4B068517.802@acunetix.com on bugtraq explains it -CVE-2009-3080 (Array index error in the gdth_read_event function in ...) +CVE-2009-3080 {DSA-2005-1 DSA-2003-1} - linux-2.6 2.6.32-1 (medium) [lenny] - linux-2.6 2.6.26-21 - linux-2.6.24 <removed> (medium) NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0 -CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in ...) +CVE-2009-4021 {DSA-2005-1 DSA-2003-1} - linux-2.6 2.6.32-1 (low) [lenny] - linux-2.6 2.6.26-21 - linux-2.6.24 <removed> (low) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734 -CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have ...) +CVE-2009-3963 NOT-FOR-US: XOOPS -CVE-2009-3962 (The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, ...) +CVE-2009-3962 NOT-FOR-US: 2wire Gateway -CVE-2009-3961 (SQL injection vulnerability in user.php in Super Serious Stats (aka ...) +CVE-2009-3961 NOT-FOR-US: Super Serious Stats -CVE-2009-3960 (Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in ...) +CVE-2009-3960 NOT-FOR-US: LiveCycle -CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and Acrobat ...) +CVE-2009-3959 NOT-FOR-US: Adobe Reader and Acrobat 8.0 -CVE-2009-3958 (Multiple stack-based buffer overflows in the NOS Microsystems getPlus ...) +CVE-2009-3958 NOT-FOR-US: Adobe Reader and Acrobat 8.0 -CVE-2009-3957 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...) +CVE-2009-3957 NOT-FOR-US: Adobe Reader and Acrobat 8.0 -CVE-2009-3956 (The default configuration of Adobe Reader and Acrobat 9.x before 9.3, ...) +CVE-2009-3956 NOT-FOR-US: Adobe Reader and Acrobat 8.0 -CVE-2009-3955 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...) +CVE-2009-3955 NOT-FOR-US: Adobe Reader and Acrobat 8.0 -CVE-2009-3954 (The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and ...) +CVE-2009-3954 NOT-FOR-US: Adobe Reader and Acrobat 8.0 -CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x ...) +CVE-2009-3953 NOT-FOR-US: Adobe Reader and Acrobat 8.0 -CVE-2009-3952 (Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and ...) +CVE-2009-3952 NOT-FOR-US: Adobe Illustrator -CVE-2009-3951 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...) +CVE-2009-3951 NOT-FOR-US: Flash Player -CVE-2009-3950 (Multiple cross-site scripting (XSS) vulnerabilities in Bractus ...) +CVE-2009-3950 NOT-FOR-US: Bractus SunTrack -CVE-2009-3949 (cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not ...) +CVE-2009-3949 NOT-FOR-US: VivaPrograms Infinity -CVE-2009-3948 (JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a ...) +CVE-2009-3948 NOT-FOR-US: JetAudio -CVE-2009-3947 (Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows ...) +CVE-2009-3947 NOT-FOR-US: Tandberg MXP F7.0 -CVE-2009-3946 (Joomla! before 1.5.15 allows remote attackers to read an extension's ...) +CVE-2009-3946 NOT-FOR-US: Joomla! -CVE-2009-3945 (Unspecified vulnerability in the Front-End Editor in the com_content ...) +CVE-2009-3945 NOT-FOR-US: component in Joomla! -CVE-2009-3944 (Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 ...) +CVE-2009-3944 NOT-FOR-US: BlackBerry Browser on the BlackBerry 8800 -CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...) +CVE-2009-3943 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not ...) +CVE-2009-3942 - msmtp <not-affected> (uses GnuTLS and not OpenSSL; bug #557324) -CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not ...) +CVE-2009-3941 - mpop <not-affected> (uses GnuTLS and not OpenSSL; bug #557326) -CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox ...) +CVE-2009-3940 - virtualbox-guest-additions 3.0.10-1 -CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel ...) +CVE-2009-3939 {DSA-1996-1} - linux-2.6 2.6.32-6 (low) [etch] - linux-2.6 <not-affected> (Vulnerable code not present) - linux-2.6.24 <removed> (low) -CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in ...) +CVE-2009-4004 - linux-2.6 2.6.32-1 (medium) [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) [lenny] - linux-2.6 <not-affected> (vulnerable code not present) @@ -2971,28 +2971,28 @@ CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in . - kvm 88+dfsg-2 (medium; bug #557736) [lenny] - kvm <not-affected> (vulnerable code not present) NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a9e38c3e01ad242fe2a625354cf065c34b01e3aa -CVE-2009-3937 (Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through ...) +CVE-2009-3937 NOT-FOR-US: Sun OpenSolaris -CVE-2009-3936 (Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x ...) +CVE-2009-3936 NOT-FOR-US: Citrix Online Plug-in -CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...) +CVE-2009-3935 NOT-FOR-US: IBM BladeCenter -CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...) +CVE-2009-3934 - chromium-browser <not-affected> (Only 0.x is affected) - webkit <not-affected> (chrome-specific issue) -CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, ...) +CVE-2009-3933 - webkit <not-affected> (chromium-specific issue in their timer) - qt4-x11 <not-affected> (chromium-specific issue in their timer) - kdelibs <not-affected> (chromium-specific issue in their timer) - kde4libs <not-affected> (chromium-specific issue in their timer) - chromium-browser <not-affected> (Only 0.x is affected) -CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...) +CVE-2009-3932 - chromium-browser <not-affected> (Only 0.x is affected) - webkit <not-affected> (gears is only implemented in chromium) -CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...) +CVE-2009-3931 - chromium-browser <not-affected> (Only 3.x is affected) - webkit <not-affected> (chrome-specific issue) -CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...) +CVE-2009-3930 - file 5.03-1 [lenny] - file <not-affected> [etch] - file <not-affected> @@ -3009,37 +3009,37 @@ CVE-2009-3925 CVE-2009-XXXX [eglibc: ldd arbitrary code execution] - eglibc 2.10.1-7 (unimportant; bug #552518) - glibc 2.10.1-7 (unimportant; bug #552518) -CVE-2009-3924 (Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and ...) +CVE-2009-3924 NOT-FOR-US: Soldier of Fortune -CVE-2009-3923 (The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop ...) +CVE-2009-3923 NOT-FOR-US: Sun Virtual Desktop Infrastructure -CVE-2009-3922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...) +CVE-2009-3922 NOT-FOR-US: module for Drupal -CVE-2009-3921 (The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before ...) +CVE-2009-3921 NOT-FOR-US: module for Drupal -CVE-2009-3920 (An administration page in the NGP COO/CWP Integration (crmngp) module ...) +CVE-2009-3920 NOT-FOR-US: module for Drupal -CVE-2009-3919 (Cross-site scripting (XSS) vulnerability in the NGP COO/CWP ...) +CVE-2009-3919 NOT-FOR-US: module for Drupal -CVE-2009-3918 (Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x ...) +CVE-2009-3918 NOT-FOR-US: module for Drupal -CVE-2009-3917 (Cross-site scripting (XSS) vulnerability in the S5 Presentation Player ...) +CVE-2009-3917 NOT-FOR-US: module for Drupal -CVE-2009-3916 (Cross-site scripting (XSS) vulnerability in the Node Hierarchy module ...) +CVE-2009-3916 NOT-FOR-US: module for Drupal -CVE-2009-3915 (Cross-site scripting (XSS) vulnerability in the "Separate title and ...) +CVE-2009-3915 NOT-FOR-US: module for Drupal -CVE-2009-3914 (Cross-site scripting (XSS) vulnerability in the Temporary Invitation ...) +CVE-2009-3914 NOT-FOR-US: module for Drupal -CVE-2009-3913 (SQL injection vulnerability in summary.php in Xerox Fiery Webtools ...) +CVE-2009-3913 NOT-FOR-US: Xerox Fiery Webtools -CVE-2009-3912 (Directory traversal vulnerability in index.php in TFTgallery 0.13 ...) +CVE-2009-3912 NOT-FOR-US: TFTgallery -CVE-2009-3911 (Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery ...) +CVE-2009-3911 NOT-FOR-US: TFTgallery CVE-2009-3910 RESERVED -CVE-2009-3909 (Integer overflow in the read_channel_data function in ...) +CVE-2009-3909 - gimp 2.6.7-1.1 (medium; bug #556750) NOTE: http://secunia.com/secunia_research/2009-43/ CVE-2009-3908 @@ -3048,49 +3048,49 @@ CVE-2009-3907 REJECTED CVE-2009-3906 REJECTED -CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS ...) +CVE-2009-3905 NOT-FOR-US: e-Courier CMS -CVE-2009-3904 (classes/session/cc_admin_session.php in CubeCart 4.3.4 does not ...) +CVE-2009-3904 NOT-FOR-US: CubeCart -CVE-2009-3903 (Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp ...) +CVE-2009-3903 NOT-FOR-US: ManageEngine Netflow Analyzer 7.5 build 7500 -CVE-2009-3902 (Directory traversal vulnerability in Cherokee Web Server 0.5.4 and ...) +CVE-2009-3902 - cherokee <not-affected> (Only windows version is affected) -CVE-2009-3901 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS ...) +CVE-2009-3901 NOT-FOR-US: e-Courier CMS -CVE-2009-3900 (Unspecified vulnerability in the Cluster Management component in IBM ...) +CVE-2009-3900 NOT-FOR-US: IBM PowerHA -CVE-2009-3899 (Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris ...) +CVE-2009-3899 NOT-FOR-US: Sun Solaris -CVE-2009-3896 (src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through ...) +CVE-2009-3896 {DSA-1920-1} - nginx 0.7.62-1 -CVE-2009-3895 (Heap-based buffer overflow in the exif_entry_fix function (aka the tag ...) +CVE-2009-3895 - libexif 0.6.19-1 (medium; bug #557137) [lenny] - libexif <not-affected> (Only 0.6.18 is affected) [etch] - libexif <not-affected> (Only 0.6.18 is affected) -CVE-2009-3894 (Multiple untrusted search path vulnerabilities in dstat before 0.7.0 ...) +CVE-2009-3894 - dstat 0.7.0-1 (low; bug #557989) [lenny] - dstat <no-dsa> (Minor issue) [etch] - dstat <no-dsa> (Minor issue) NOTE: http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog CVE-2009-3893 RESERVED -CVE-2009-3891 (Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...) +CVE-2009-3891 - wordpress 2.8.6-1 (low) [etch] - wordpress <not-affected> (Vulnerable code not present) [lenny] - wordpress <not-affected> (Vulnerable code not present) -CVE-2009-3890 (Unrestricted file upload vulnerability in the wp_check_filetype ...) +CVE-2009-3890 - wordpress 2.8.6-1 (low) [etch] - wordpress <not-affected> (Vulnerable code not present) [lenny] - wordpress <not-affected> (Vulnerable code not present) -CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel ...) +CVE-2009-3889 {DSA-2005-1} - linux-2.6 2.6.27-1 (low) [etch] - linux-2.6 <not-affected> (Vulnerable code not present) [lenny] - linux-2.6 2.6.26-21 - linux-2.6.24 <removed> (low) -CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before ...) +CVE-2009-3888 - linux-2.6 <not-affected> (Vulnerable code not built) - linux-2.6.24 <not-affected> (Vulnerable code not built) CVE-2009-3887 [ytnef path traversal] @@ -3099,225 +3099,225 @@ CVE-2009-3887 [ytnef path traversal] [lenny] - ytnef <no-dsa> (Minor issue) NOTE: http://www.ocert.org/advisories/ocert-2009-013.html NOTE: This doesn't affect Evolution, the TNEF plugin is external -CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...) +CVE-2009-3886 - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...) +CVE-2009-3885 - openjdk-6 <not-affected> (a problem in code that is unused on non-windows platforms) - sun-java6 <not-affected> (a problem in code that is unused on non-windows platforms) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=530114 -CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...) +CVE-2009-3884 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...) +CVE-2009-3883 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...) +CVE-2009-3882 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...) +CVE-2009-3881 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...) +CVE-2009-3880 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...) +CVE-2009-3879 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...) +CVE-2009-3878 NOT-FOR-US: Sun Java System Web Server -CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...) +CVE-2009-3877 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...) +CVE-2009-3876 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...) +CVE-2009-3875 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...) +CVE-2009-3874 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...) +CVE-2009-3873 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...) +CVE-2009-3872 - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...) +CVE-2009-3871 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...) +CVE-2009-3869 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...) +CVE-2009-3868 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...) +CVE-2009-3867 - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...) +CVE-2009-3866 - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...) +CVE-2009-3865 - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...) +CVE-2009-3864 - openjdk-6 6b17 (unimportant) - sun-java6 6-17-1 (unimportant) NOTE: a problem in their updater, which is irrelevant since debian NOTE: updates are provided by the security team -CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise ...) +CVE-2009-3863 NOT-FOR-US: ActiveX -CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and ...) +CVE-2009-3862 NOT-FOR-US: Novell eDirectory -CVE-2009-3861 (Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and ...) +CVE-2009-3861 NOT-FOR-US: SafeNet SoftRemote -CVE-2009-3860 (Multiple insecure method vulnerabilities in Idefense Labs COMRaider ...) +CVE-2009-3860 NOT-FOR-US: Idefense Labs COMRaider -CVE-2009-3859 (Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in ...) +CVE-2009-3859 NOT-FOR-US: Retina Network Security Scanner -CVE-2009-3858 (Cross-site scripting (XSS) vulnerability in GejoSoft allows remote ...) +CVE-2009-3858 NOT-FOR-US: GejoSoft -CVE-2009-3857 (Buffer overflow in Softonic International SciTE 1.72 allows ...) +CVE-2009-3857 NOT-FOR-US: Softonic International SciTE -CVE-2009-3856 (Cross-site scripting (XSS) vulnerability in the default URI in news/ ...) +CVE-2009-3856 NOT-FOR-US: Twilight CMS -CVE-2009-3855 (Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux ...) +CVE-2009-3855 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the client in ...) +CVE-2009-3854 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2009-3853 (Stack-based buffer overflow in the client acceptor daemon (CAD) ...) +CVE-2009-3853 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes for ...) +CVE-2009-3852 NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0 -CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operation of ...) +CVE-2009-3851 NOT-FOR-US: Sun Solaris 10 -CVE-2009-3850 (Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to ...) +CVE-2009-3850 - blender <unfixed> (unimportant) NOTE: attack vector is social engineering to get the user to open NOTE: a malicious .blend file. by design, blend files support NOTE: all python operations, so ultimately any code can be executed -CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node ...) +CVE-2009-3849 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network ...) +CVE-2009-3848 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-3847 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) +CVE-2009-3847 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView ...) +CVE-2009-3846 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) ...) +CVE-2009-3845 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-3844 (Stack-based buffer overflow in the OmniInet process in HP OpenView ...) +CVE-2009-3844 NOT-FOR-US: HP OpenView Data Protector Application -CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a "hidden account" in ...) +CVE-2009-3843 NOT-FOR-US: HP Operations Manager -CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...) +CVE-2009-3842 NOT-FOR-US: HP Color LaserJet -CVE-2009-3841 (Unspecified vulnerability in HP Discovery & Dependency Mapping ...) +CVE-2009-3841 NOT-FOR-US: HP Discovery & Dependency Mapping -CVE-2009-3840 (The embedded database engine service (aka ovdbrun.exe) in HP OpenView ...) +CVE-2009-3840 NOT-FOR-US: HP OpenView -CVE-2009-3839 (Unspecified vulnerability in the Solaris Trusted Extensions Policy ...) +CVE-2009-3839 NOT-FOR-US: Sun Solaris -CVE-2009-3838 (Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly ...) +CVE-2009-3838 NOT-FOR-US: Pegasus Mail -CVE-2009-3837 (Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 ...) +CVE-2009-3837 NOT-FOR-US: Eureka Email -CVE-2009-3836 (ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the ...) +CVE-2009-3836 NOT-FOR-US: ArubaOS -CVE-2009-3835 (SQL injection vulnerability in the JShop (com_jshop) component for ...) +CVE-2009-3835 NOT-FOR-US: Joomla! -CVE-2009-3834 (SQL injection vulnerability in the Photoblog (com_photoblog) component ...) +CVE-2009-3834 NOT-FOR-US: Joomla! -CVE-2009-3833 (Cross-site scripting (XSS) vulnerability in index.php in TFTgallery ...) +CVE-2009-3833 NOT-FOR-US: TFTgallery -CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...) +CVE-2009-3832 NOT-FOR-US: Opera -CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code ...) +CVE-2009-3831 NOT-FOR-US: Opera -CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ...) +CVE-2009-3830 NOT-FOR-US: Microsoft -CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows ...) +CVE-2009-3829 {DSA-1942-1} - wireshark 1.2.2-1 (bug #553583) -CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...) +CVE-2009-3828 NOT-FOR-US: Everfocus EDR1600 DVR CVE-2009-3827 RESERVED -CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote attackers to ...) +CVE-2009-3826 {DSA-2040-1} - squidguard 1.2.0-9 (low; bug #553319) -CVE-2009-3825 (Multiple directory traversal vulnerabilities in GenCMS 2006 allow ...) +CVE-2009-3825 NOT-FOR-US: GenCMS -CVE-2009-3824 (Directory traversal vulnerability in include/processor.php in ...) +CVE-2009-3824 NOT-FOR-US: Greenwood PHP Content Manager -CVE-2009-3823 (Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, ...) +CVE-2009-3823 NOT-FOR-US: Mobilelib GOLD -CVE-2009-3822 (PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat ...) +CVE-2009-3822 NOT-FOR-US: com_ajaxchat component for Joomla -CVE-2009-3821 (Cross-site scripting (XSS) vulnerability in the Apache Solr Search ...) +CVE-2009-3821 NOT-FOR-US: Apache Solr Search extension for TYPO3 -CVE-2009-3820 (SQL injection vulnerability in the Flagbit Filebase (fb_filebase) ...) +CVE-2009-3820 NOT-FOR-US: Flagbit Filebase extension for TYPO3 -CVE-2009-3819 (Unspecified vulnerability in the Random Images (maag_randomimage) ...) +CVE-2009-3819 NOT-FOR-US: Random Images extension for TYPO3 -CVE-2009-3818 (Unspecified vulnerability in the session handling feature in freeCap ...) +CVE-2009-3818 NOT-FOR-US: freeCap CAPTCHA for TYPO3 -CVE-2009-3817 (PHP remote file inclusion vulnerability in doc/releasenote.php in the ...) +CVE-2009-3817 NOT-FOR-US: com_booklibrary component for Joomla! -CVE-2009-3816 (Multiple cross-site scripting (XSS) vulnerabilities in Activities ...) +CVE-2009-3816 NOT-FOR-US: IBM Lotus Connections -CVE-2009-3815 (RunCMS 2M1, when running with certain error_reporting levels, allows ...) +CVE-2009-3815 NOT-FOR-US: RunCMS 2M1 -CVE-2009-3814 (Static code injection vulnerability in RunCMS 2M1 allows remote ...) +CVE-2009-3814 NOT-FOR-US: RunCMS 2M1 -CVE-2009-3813 (Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote ...) +CVE-2009-3813 NOT-FOR-US: RunCMS 2M1 -CVE-2009-3812 (Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio ...) +CVE-2009-3812 NOT-FOR-US: OtsAV products -CVE-2009-3811 (Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows ...) +CVE-2009-3811 NOT-FOR-US: Music Tag Editor -CVE-2009-3810 (Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows ...) +CVE-2009-3810 NOT-FOR-US: Acoustica MP3 Audio Mixer -CVE-2009-3809 (Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote ...) +CVE-2009-3809 NOT-FOR-US: Acoustica MP3 Audio Mixer -CVE-2009-3808 (MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial ...) +CVE-2009-3808 NOT-FOR-US: MixSense DJ Studio -CVE-2009-3807 (Stack-based buffer overflow in MixVibes 7.043 Pro allows remote ...) +CVE-2009-3807 NOT-FOR-US: MixVibes -CVE-2009-3806 (SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows ...) +CVE-2009-3806 NOT-FOR-US: DedeCMS -CVE-2009-3805 (gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows ...) +CVE-2009-3805 NOT-FOR-US: Gpg4win NOTE: looks like an issue in gpg2 for windows (gpg4win.org), not specific NOTE: to kleopatra -CVE-2009-3804 (Multiple SQL injection vulnerabilities in modules/forum/post.php in ...) +CVE-2009-3804 NOT-FOR-US: RunCMS 2M1 -CVE-2009-3803 (Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS ...) +CVE-2009-3803 NOT-FOR-US: Amiro.CMS -CVE-2009-3802 (Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain ...) +CVE-2009-3802 NOT-FOR-US: Amiro.CMS -CVE-2009-3801 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows ...) +CVE-2009-3801 NOT-FOR-US: OpenDocMan CVE-2009-XXXX [multiple missing input sanity checks in KDE] - kdelibs 4:3.5.10.dfsg.1-3 (low) @@ -3330,51 +3330,51 @@ CVE-2009-XXXX [multiple missing input sanity checks in KDE] NOTE: advisory mentions kmail and ark (from kdepim and kdeutils, respectively) NOTE: but the "fixes" linked from the advisory only change code in kdelibs NOTE: more info at oss-sec threads -CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before ...) +CVE-2009-3800 NOT-FOR-US: Adobe Flash Player -CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in ...) +CVE-2009-3799 NOT-FOR-US: Adobe Flash Player -CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...) +CVE-2009-3798 NOT-FOR-US: Adobe Flash Player -CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 ...) +CVE-2009-3797 NOT-FOR-US: Adobe Flash Player -CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...) +CVE-2009-3796 NOT-FOR-US: Adobe Flash Player CVE-2009-3795 REJECTED -CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...) +CVE-2009-3794 NOT-FOR-US: Adobe Flash Player -CVE-2009-3793 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and ...) +CVE-2009-3793 NOT-FOR-US: Adobe Flash Player -CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) ...) +CVE-2009-3792 NOT-FOR-US: Adobe Flash Media Server -CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...) +CVE-2009-3791 NOT-FOR-US: Adobe Flash Media Server -CVE-2009-3790 (Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation ...) +CVE-2009-3790 NOT-FOR-US: FormMax -CVE-2009-3789 (Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan ...) +CVE-2009-3789 NOT-FOR-US: OpenDocMan -CVE-2009-3788 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows ...) +CVE-2009-3788 NOT-FOR-US: OpenDocMan -CVE-2009-3787 (files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct ...) +CVE-2009-3787 NOT-FOR-US: Vivvo CMS -CVE-2009-3786 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) ...) +CVE-2009-3786 NOT-FOR-US: module for Drupal -CVE-2009-3785 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-3785 NOT-FOR-US: module for Drupal -CVE-2009-3784 (Open redirect vulnerability in Simplenews Statistics 6.x before ...) +CVE-2009-3784 NOT-FOR-US: module for Drupal -CVE-2009-3783 (Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x ...) +CVE-2009-3783 NOT-FOR-US: module for Drupal -CVE-2009-3782 (Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module ...) +CVE-2009-3782 NOT-FOR-US: module for Drupal -CVE-2009-3781 (The filefield_file_download function in FileField 6.x-3.1, a module ...) +CVE-2009-3781 NOT-FOR-US: module for Drupal -CVE-2009-3780 (Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 ...) +CVE-2009-3780 NOT-FOR-US: module for Drupal -CVE-2009-3779 (Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 ...) +CVE-2009-3779 NOT-FOR-US: module for Drupal -CVE-2009-3778 (SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, ...) +CVE-2009-3778 NOT-FOR-US: module for Drupal CVE-2009-5045 [multiple vulnerabilities in jetty] RESERVED @@ -3425,73 +3425,73 @@ CVE-2009-3769 RESERVED CVE-2009-3768 RESERVED -CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other ...) +CVE-2009-3767 {DSA-1943-1} - openldap 2.4.17-2.1 (low; bug #553432) - openldap2.3 <removed> -CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when ...) +CVE-2009-3766 - mutt <not-affected> (uses GnuTLS and not OpenSSL) NOTE: our mutt is linked against gnutls, bug #553433 -CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...) +CVE-2009-3765 - mutt <not-affected> (uses GnuTLS and not OpenSSL) NOTE: our mutt is linked against gnutls -CVE-2009-3764 (Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO ...) +CVE-2009-3764 NOT-FOR-US: Oracle OpenSSO -CVE-2009-3763 (Unspecified vulnerability in the Access Manager / OpenSSO component in ...) +CVE-2009-3763 NOT-FOR-US: Oracle OpenSSO -CVE-2009-3762 (Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows ...) +CVE-2009-3762 NOT-FOR-US: Oracle OpenSSO CVE-2009-3761 RESERVED -CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php in the ...) +CVE-2009-3760 NOT-FOR-US: Citrix XenCenterWeb -CVE-2009-3759 (Multiple cross-site request forgery (CSRF) vulnerabilities in sample ...) +CVE-2009-3759 NOT-FOR-US: Citrix XenCenterWeb -CVE-2009-3758 (SQL injection vulnerability in login.php in sample code in the ...) +CVE-2009-3758 NOT-FOR-US: Citrix XenCenterWeb -CVE-2009-3757 (Multiple cross-site scripting (XSS) vulnerabilities in sample code in ...) +CVE-2009-3757 NOT-FOR-US: Citrix XenCenterWeb -CVE-2009-3756 (phpBMS 0.96 allows remote attackers to obtain sensitive information ...) +CVE-2009-3756 NOT-FOR-US: phpBMS -CVE-2009-3755 (Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 ...) +CVE-2009-3755 NOT-FOR-US: phpBMS -CVE-2009-3754 (Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote ...) +CVE-2009-3754 NOT-FOR-US: phpBMS -CVE-2009-3753 (Unrestricted file upload vulnerability in Opial 1.0 allows remote ...) +CVE-2009-3753 NOT-FOR-US: Opial -CVE-2009-3752 (SQL injection vulnerability in home.php in Opial 1.0 allows remote ...) +CVE-2009-3752 NOT-FOR-US: Opial -CVE-2009-3751 (Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 ...) +CVE-2009-3751 NOT-FOR-US: Opial -CVE-2009-3750 (SQL injection vulnerability in read.php in ToyLog 0.1 allows remote ...) +CVE-2009-3750 NOT-FOR-US: ToyLog -CVE-2009-3749 (The Web Administrator service (STEMWADM.EXE) in Websense Personal ...) +CVE-2009-3749 NOT-FOR-US: Websense Personal Email Manager -CVE-2009-3748 (Multiple cross-site scripting (XSS) vulnerabilities in the Web ...) +CVE-2009-3748 NOT-FOR-US: Websense Personal Email Manager -CVE-2009-3747 (Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 ...) +CVE-2009-3747 NOT-FOR-US: TBmnetCMS -CVE-2009-3746 (XScreenSaver in Sun Solaris 10, when the accessibility feature is ...) +CVE-2009-3746 NOT-FOR-US: XScreenSaver in Sun Solaris 10 -CVE-2009-3745 (Cross-site scripting (XSS) vulnerability in the help pages in IBM ...) +CVE-2009-3745 NOT-FOR-US: IBM Rational AppScan Enterprise Edition -CVE-2009-3744 (rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote ...) +CVE-2009-3744 NOT-FOR-US: EMC RepliStor -CVE-2009-3743 (Off-by-one error in the Ins_MINDEX function in the TrueType bytecode ...) +CVE-2009-3743 - ghostscript 8.71~dfsg-1 -CVE-2009-3742 (Cross-site scripting (XSS) vulnerability in Liferay Portal before ...) +CVE-2009-3742 - liferay-portal <itp> (bug #569819) CVE-2009-3741 REJECTED CVE-2009-3740 RESERVED -CVE-2009-3739 (Multiple unspecified vulnerabilities on the Rockwell Automation AB ...) +CVE-2009-3739 NOT-FOR-US: Micrologix CVE-2009-3738 RESERVED -CVE-2009-3737 (The Oracle Siebel Option Pack for IE ActiveX control does not properly ...) +CVE-2009-3737 NOT-FOR-US: Oracle Siebel Option Pack -CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as ...) +CVE-2009-3736 {DSA-1958-1} - libtool 2.2.6b-1 (low; bug #559797) - arts <not-affected> (Uses absolute path to the sound backend) @@ -3591,39 +3591,39 @@ CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, NOTE: might've been fixed earlier - graphviz 2.26.3-14 (low; bug #702436) [squeeze] - graphviz 2.26.3-5+squeeze1 -CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before ...) +CVE-2009-3735 NOT-FOR-US: ActiveScan Installer ActiveX control -CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...) +CVE-2009-3734 NOT-FOR-US: S2 Security Linear eMerge Access Control System CVE-2009-XXXX [mandos 0600 file being included in initrd] - mandos 1.0.13-1 (bug #551907) -CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...) +CVE-2009-3733 - vmware-package <removed> -CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware ...) +CVE-2009-3732 NOT-FOR-US: VMware -CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help ...) +CVE-2009-3731 NOT-FOR-US: WebWorks Help -CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...) +CVE-2009-3730 NOT-FOR-US: ReqWeb -CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...) +CVE-2009-3729 - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...) +CVE-2009-3728 - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...) +CVE-2009-3727 {DSA-1952-1} - asterisk 1:1.6.2.0~rc6-1 [lenny] - asterisk <no-dsa> (Minor issue) [etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client ...) +CVE-2009-3726 {DSA-2005-1 DSA-2003-1} - linux-2.6 2.6.31-1 (medium) [lenny] - linux-2.6 2.6.26-21 - linux-2.6.24 <removed> (medium) -CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not ...) +CVE-2009-3725 {DSA-2012-1} - linux-2.6 2.6.31-1 (medium) [etch] - linux-2.6 <not-affected> (Vulnerable code not present) @@ -3637,7 +3637,7 @@ CVE-2009-3723 [Unauthorized calls allowed on prohibited networks in asterisk] [lenny] - asterisk <not-affected> - asterisk 1:1.6.2.0~rc3-2 (medium; bug #552756) NOTE: http://downloads.asterisk.org/pub/security/AST-2009-007.html -CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in ...) +CVE-2009-3722 {DSA-1962-1} [etch] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1) [lenny] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1) @@ -3651,7 +3651,7 @@ CVE-2009-3721 [ytnef buffer overflow] [lenny] - ytnef <no-dsa> (Minor issue) NOTE: http://www.ocert.org/advisories/ocert-2009-013.html NOTE: This doesn't affect Evolution, the TNEF plugin is external -CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...) +CVE-2009-3720 {DSA-1977-1 DSA-1921-1} - expat 2.0.1-5 (low; bug #551936) - mcabber 0.10.0-1 (low; bug #601053) @@ -3708,72 +3708,72 @@ CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in E - vnc4 <not-affected> (Not affected, see bug #560949) - xotcl 1.6.5-1.2 (low; bug #560950) [lenny] - xotcl <no-dsa> (minor issue) -CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...) +CVE-2009-3719 NOT-FOR-US: Battle Blog -CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...) +CVE-2009-3718 NOT-FOR-US: Battle Blog -CVE-2009-3717 (Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote ...) +CVE-2009-3717 NOT-FOR-US: LucVil PatPlayer -CVE-2009-3716 (Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 ...) +CVE-2009-3716 NOT-FOR-US: MCshoutbox -CVE-2009-3715 (Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox ...) +CVE-2009-3715 NOT-FOR-US: MCshoutbox -CVE-2009-3714 (Cross-site scripting (XSS) vulnerability in admin_login.php in ...) +CVE-2009-3714 NOT-FOR-US: MCshoutbox -CVE-2009-3713 (SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and ...) +CVE-2009-3713 NOT-FOR-US: MorcegoCMS -CVE-2009-3712 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...) +CVE-2009-3712 NOT-FOR-US: Ebay Clone 2009 -CVE-2009-3711 (Stack-based buffer overflow in the h_handlepeer function in http.cpp ...) +CVE-2009-3711 NOT-FOR-US: httpdx -CVE-2009-3710 (RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username ...) +CVE-2009-3710 NOT-FOR-US: RioRey RIOS -CVE-2009-3709 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...) +CVE-2009-3709 NOT-FOR-US: Konae Technologies Alleycode HTML Editor -CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...) +CVE-2009-3708 NOT-FOR-US: Konae Technologies Alleycode HTML Editor -CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware ...) +CVE-2009-3707 NOT-FOR-US: VMware -CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and ...) +CVE-2009-3706 NOT-FOR-US: ZFS filesystem in Sun Solaris -CVE-2009-3705 (PHP remote file inclusion vulnerability in debugger.php in Achievo ...) +CVE-2009-3705 NOT-FOR-US: Achievo -CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, ...) +CVE-2009-3704 NOT-FOR-US: ZoIPer -CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin before ...) +CVE-2009-3703 NOT-FOR-US: WordPress plugin -CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 ...) +CVE-2009-3702 NOT-FOR-US: PHP-Calendar -CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2009-3701 {DSA-1966-1} - horde3 3.3.6+debian0-1 (low) NOTE: In order to successfully exploit this vulnerability the targeted user has to be logged as an administrator. -CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote ...) +CVE-2009-3700 {DSA-2040-1} - squidguard 1.2.0-9 (low; bug #553319) -CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon ...) +CVE-2009-3699 NOT-FOR-US: IBM AIX -CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier ...) +CVE-2009-3698 NOT-FOR-US: Dalvik API in Android -CVE-2009-3697 (SQL injection vulnerability in the PDF schema generator functionality ...) +CVE-2009-3697 {DSA-1918-1} - phpmyadmin 4:3.2.2.1-1 [etch] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2009-3696 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before ...) +CVE-2009-3696 {DSA-1918-1} - phpmyadmin 4:3.2.2.1-1 CVE-2009-3610 REJECTED -CVE-2009-3695 (Algorithmic complexity vulnerability in the forms library in Django ...) +CVE-2009-3695 {DSA-1905-1} - python-django 1.1.1-1 (medium; bug #550457) [etch] - python-django <not-affected> (introduced in 1.0) [lenny] - python-django 1.0.2-1+lenny2 -CVE-2009-3694 (Directory traversal vulnerability in config/config.php in ezRecipe-Zee ...) +CVE-2009-3694 NOT-FOR-US: ezRecipe-Zee 91 -CVE-2009-3693 (Directory traversal vulnerability in the Persits.XUpload.2 ActiveX ...) +CVE-2009-3693 NOT-FOR-US: Persits.XUpload.2 ActiveX -CVE-2009-3691 (Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM ...) +CVE-2009-3691 NOT-FOR-US: IBM Informix Client SDK CVE-2009-3690 RESERVED @@ -3799,181 +3799,181 @@ CVE-2009-3680 REJECTED CVE-2009-3679 REJECTED -CVE-2009-3678 (Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in ...) +CVE-2009-3678 NOT-FOR-US: Microsoft Windows -CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 ...) +CVE-2009-3677 NOT-FOR-US: Microsoft Internet Authentication Service -CVE-2009-3676 (The SMB client in the kernel in Microsoft Windows Server 2008 R2 and ...) +CVE-2009-3676 NOT-FOR-US: Microsoft Windows Server -CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in ...) +CVE-2009-3675 NOT-FOR-US: Microsoft Local Security Authority Subsystem Service -CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in ...) +CVE-2009-3674 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects ...) +CVE-2009-3673 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...) +CVE-2009-3672 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in ...) +CVE-2009-3671 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 ...) +CVE-2009-3670 NOT-FOR-US: KSP Sound Player -CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions ...) +CVE-2009-3669 NOT-FOR-US: Joomla! component -CVE-2009-3668 (Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest ...) +CVE-2009-3668 NOT-FOR-US: Ardguest 1.8 -CVE-2009-3667 (SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows ...) +CVE-2009-3667 NOT-FOR-US: AdsDX -CVE-2009-3666 (Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog ...) +CVE-2009-3666 NOT-FOR-US: Nullam Blog -CVE-2009-3665 (Multiple SQL injection vulnerabilities in index.php in Nullam Blog ...) +CVE-2009-3665 NOT-FOR-US: Nullam Blog -CVE-2009-3664 (Multiple directory traversal vulnerabilities in index.php in Nullam ...) +CVE-2009-3664 NOT-FOR-US: Nullam Blog -CVE-2009-3663 (Format string vulnerability in the h_readrequest function in http.c in ...) +CVE-2009-3663 NOT-FOR-US: httpdx -CVE-2009-3662 (FileCopa FTP Server 5.01 allows remote attackers to cause a denial of ...) +CVE-2009-3662 NOT-FOR-US: FileCopa FTP Server -CVE-2009-3661 (Multiple SQL injection vulnerabilities in the DJ-Catalog ...) +CVE-2009-3661 NOT-FOR-US: component for Joomla! -CVE-2009-3660 (PHP remote file inclusion vulnerability in libraries/database.php in ...) +CVE-2009-3660 NOT-FOR-US: Efront -CVE-2009-3659 (SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 ...) +CVE-2009-3659 NOT-FOR-US: BS Counter -CVE-2009-3658 (Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control ...) +CVE-2009-3658 NOT-FOR-US: Sb.SuperBuddy.1 ActiveX -CVE-2009-3657 (Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module ...) +CVE-2009-3657 NOT-FOR-US: module for Drupal -CVE-2009-3656 (Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x ...) +CVE-2009-3656 NOT-FOR-US: module for Drupal -CVE-2009-3655 (Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers ...) +CVE-2009-3655 NOT-FOR-US: Rhino Software Serv-U -CVE-2009-3654 (Unspecified vulnerability in Boost before 6.x-1.03, a module for ...) +CVE-2009-3654 NOT-FOR-US: module for Drupal -CVE-2009-3653 (Cross-site scripting (XSS) vulnerability in the additional links ...) +CVE-2009-3653 NOT-FOR-US: module for Drupal -CVE-2009-3652 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) ...) +CVE-2009-3652 NOT-FOR-US: module for Drupal -CVE-2009-3651 (Cross-site scripting (XSS) vulnerability in the "Monitor browsers' ...) +CVE-2009-3651 NOT-FOR-US: module for Drupal -CVE-2009-3650 (Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier ...) +CVE-2009-3650 NOT-FOR-US: module for Drupal -CVE-2009-3649 (Cross-site scripting (XSS) vulnerability in forums/index.php in Power ...) +CVE-2009-3649 NOT-FOR-US: PBBoard -CVE-2009-3648 (Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a ...) +CVE-2009-3648 NOT-FOR-US: module for Drupal -CVE-2009-3647 (Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft ...) +CVE-2009-3647 NOT-FOR-US: YABSoft Mega File Hosting Script (aka MFH or MFHS) -CVE-2009-3646 (InterVations NaviCOPA Web Server 3.01 allows remote attackers to ...) +CVE-2009-3646 NOT-FOR-US: NaviCOPA Web Server -CVE-2009-3645 (SQL injection vulnerability in the JoomlaCache CB Resume Builder ...) +CVE-2009-3645 NOT-FOR-US: JoomlaCache -CVE-2009-3644 (SQL injection vulnerability in the Soundset (com_soundset) component ...) +CVE-2009-3644 NOT-FOR-US: Joomla component -CVE-2009-3643 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to ...) +CVE-2009-3643 NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server -CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging feature in ...) +CVE-2009-3642 NOT-FOR-US: FrontRange HEAT -CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows remote ...) +CVE-2009-3641 - snort 2.8.5.2-1 (unimportant; bug #553584) NOTE: current debian packages are not compiled with support for ipv6 -CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM ...) +CVE-2009-3640 - linux-2.6 2.6.31-1 (medium) [lenny] - linux-2.6 <not-affected> (introduced post 2.6.27) [etch] - linux-2.6 <not-affected> (introduced post 2.6.27) - linux-2.6.24 <not-affected> (introduced post 2.6.27) - kvm 88+dfsg-2 (medium; bug #557737) [lenny] - kvm <not-affected> (Vulnerable code not present) -CVE-2009-3639 (The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before ...) +CVE-2009-3639 {DSA-1925-1} - proftpd-dfsg 1.3.2a-2 (low) NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3275 -CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in ...) +CVE-2009-3638 {DSA-1962-1 DSA-1927-1} - linux-2.6 2.6.31-1 (medium) [etch] - linux-2.6 <not-affected> (introduced in 2.6.25) NOTE: fixed in upstream 2.6.32-rc4 - linux-2.6.24 <not-affected> (introduced in 2.6.25) - kvm <removed> (medium; bug #562076) -CVE-2009-3637 (Stack-based buffer overflow in the M_AddToServerList function in ...) +CVE-2009-3637 - alien-arena 7.33-1 (medium; bug #552038) [lenny] - alien-arena 7.0-1+lenny1 -CVE-2009-3636 (Cross-site scripting (XSS) vulnerability in the Install Tool ...) +CVE-2009-3636 {DSA-1926-1} - typo3-src 4.2.10-1 (medium; bug #552020) -CVE-2009-3635 (The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x ...) +CVE-2009-3635 {DSA-1926-1} - typo3-src 4.2.10-1 (medium; bug #552020) -CVE-2009-3634 (Cross-site scripting (XSS) vulnerability in the Frontend Login Box ...) +CVE-2009-3634 {DSA-1926-1} - typo3-src 4.2.10-1 (medium; bug #552020) -CVE-2009-3633 (Cross-site scripting (XSS) vulnerability in the ...) +CVE-2009-3633 {DSA-1926-1} - typo3-src 4.2.10-1 (medium; bug #552020) -CVE-2009-3632 (SQL injection vulnerability in the traditional frontend editing ...) +CVE-2009-3632 {DSA-1926-1} - typo3-src 4.2.10-1 (medium; bug #552020) -CVE-2009-3631 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...) +CVE-2009-3631 {DSA-1926-1} - typo3-src 4.2.10-1 (medium; bug #552020) -CVE-2009-3630 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...) +CVE-2009-3630 {DSA-1926-1} - typo3-src 4.2.10-1 (medium; bug #552020) -CVE-2009-3629 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend ...) +CVE-2009-3629 {DSA-1926-1} - typo3-src 4.2.10-1 (medium; bug #552020) -CVE-2009-3628 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...) +CVE-2009-3628 {DSA-1926-1} - typo3-src 4.2.10-1 (medium; bug #552020) -CVE-2009-3627 (The decode_entities function in util.c in HTML-Parser before 3.63 ...) +CVE-2009-3627 {DSA-1923-1} - libhtml-parser-perl 3.64-1 (bug #552531) NOTE: http://secunia.com/advisories/37155/ -CVE-2009-3626 (Perl 5.10.1 allows context-dependent attackers to cause a denial of ...) +CVE-2009-3626 - perl 5.10.1-6 (bug #552291) [lenny] - perl <not-affected> (Vulnerable code not present) [etch] - perl <not-affected> (Vulnerable code not present) -CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 ...) +CVE-2009-3625 - sahana <itp> (bug #497414) -CVE-2009-3624 (The get_instantiation_keyring function in security/keys/keyctl.c in ...) +CVE-2009-3624 - linux-2.6 2.6.31-2 (low) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29) NOTE: fixed upstream in 2.6.32-rc5 -CVE-2009-3623 (The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 ...) +CVE-2009-3623 - linux-2.6 2.6.31-1 (medium) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31) -CVE-2009-3622 (Algorithmic complexity vulnerability in wp-trackback.php in WordPress ...) +CVE-2009-3622 - wordpress 2.8.5-1 [lenny] - wordpress 2.5.1-11+lenny3 [etch] - wordpress 2.0.10-1etch6 NOTE: http://seclists.org/fulldisclosure/2009/Oct/263 -CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows ...) +CVE-2009-3621 {DSA-1929-1 DSA-1928-1 DSA-1927-1} - linux-2.6 2.6.31-2 (low) - linux-2.6.24 <removed> (low) -CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before ...) +CVE-2009-3620 {DSA-1928-1 DSA-1927-1} - linux-2.6 2.6.32-1 (medium) - linux-2.6.24 <removed> (medium) NOTE: https://git.kernel.org/linus/7dc482dfeeeefcfd000d4271c4626937406756d7 -CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before ...) +CVE-2009-3619 - viewvc 1.0.9-1 (low; bug #545779; bug #560903) -CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 ...) +CVE-2009-3618 - viewvc 1.0.9-1 (low; bug #545779; bug #560903) -CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...) +CVE-2009-3617 - aria2 1.6.2-1 (low) [lenny] - aria2 <not-affected> (Vulnerable code not present) [etch] - aria2 <not-affected> (Vulnerable code not present) -CVE-2009-3616 (Multiple use-after-free vulnerabilities in vnc.c in the VNC server in ...) +CVE-2009-3616 - qemu 0.11.0-1 (medium; bug #553589) [lenny] - qemu <not-affected> (Vulnerable code not present) [etch] - qemu <not-affected> (Vulnerable code not present) - kvm <removed> (medium; bug #553590) [lenny] - kvm <not-affected> (Vulnerable code not present) -CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and ...) +CVE-2009-3615 {DSA-1932-1} - pidgin 2.6.3-1 NOTE: http://pidgin.im/news/security/?id=41 @@ -3982,159 +3982,159 @@ CVE-2009-3614 [oping suid 0 arbitrary file disclosure] - liboping 1.3.3-1 (low; bug #548684) [lenny] - liboping <not-affected> (doesn't have -f option yet) [etch] - liboping <not-affected> (doesn't have -f option yet) -CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r8169.c ...) +CVE-2009-3613 {DSA-1928-1 DSA-1915-1} - linux-2.6 2.6.29-1 (medium) - linux-2.6.24 <removed> NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4 -CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink ...) +CVE-2009-3612 {DSA-1929-1 DSA-1928-1 DSA-1927-1} - linux-2.6 2.6.31-2 (low) - linux-2.6.24 <removed> (low) -CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ...) +CVE-2009-3611 - backintime 0.9.26-3 (bug #543785) -CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...) +CVE-2009-3609 {DSA-2050-1 DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) - swftools 0.9.2+ds1-2 -CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...) +CVE-2009-3608 {DSA-2050-1 DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) - swftools 0.9.2+ds1-2 -CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...) +CVE-2009-3607 {DSA-1941-1} - poppler 0.12.2-1 (medium; bug #551289) -CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...) +CVE-2009-3606 {DSA-2050-1 DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) - swftools 0.9.2+ds1-2 -CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...) +CVE-2009-3605 {DSA-1941-1} - poppler 0.12.2-1 (medium; bug #551289) -CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...) +CVE-2009-3604 {DSA-2050-1 DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) - swftools 0.9.2+ds1-2 -CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...) +CVE-2009-3603 {DSA-2050-1 DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) - swftools 0.9.2+ds1-2 -CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...) +CVE-2009-3591 - dopewars 1.5.12-9 (low; bug #550913) [etch] - dopewars <no-dsa> (negligible issue) [lenny] - dopewars <no-dsa> (neglibigble issue) -CVE-2009-3589 (incron 0.5.5 does not initialize supplementary groups when running a ...) +CVE-2009-3589 - incron 0.5.7-1 -CVE-2009-3588 (Unspecified vulnerability in the arclib component in the Anti-Virus ...) +CVE-2009-3588 NOT-FOR-US: eTrust Antivirus -CVE-2009-3587 (Unspecified vulnerability in the arclib component in the Anti-Virus ...) +CVE-2009-3587 NOT-FOR-US: eTrust Antivirus -CVE-2009-3586 (Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows ...) +CVE-2009-3586 NOT-FOR-US: CoreHTTP -CVE-2009-3585 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...) +CVE-2009-3585 {DSA-1944-1} - request-tracker3.4 <removed> - request-tracker3.6 3.6.9-2 (low) -CVE-2009-3584 (SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...) +CVE-2009-3584 - sql-ledger <unfixed> (unimportant; bug #562639) NOTE: Only supported behind an authenticated HTTP zone, see README.Debian -CVE-2009-3583 (Directory traversal vulnerability in the Preferences menu item in ...) +CVE-2009-3583 - sql-ledger <unfixed> (unimportant; bug #562639) NOTE: Only supported behind an authenticated HTTP zone, see README.Debian -CVE-2009-3582 (Multiple SQL injection vulnerabilities in the delete subroutine in ...) +CVE-2009-3582 - sql-ledger <unfixed> (unimportant; bug #562639) NOTE: Only supported behind an authenticated HTTP zone, see README.Debian -CVE-2009-3581 (Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...) +CVE-2009-3581 - sql-ledger <unfixed> (unimportant; bug #562639) NOTE: Only supported behind an authenticated HTTP zone, see README.Debian -CVE-2009-3580 (Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...) +CVE-2009-3580 - sql-ledger <unfixed> (unimportant; bug #562639) NOTE: Only supported behind an authenticated HTTP zone, see README.Debian -CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya ...) +CVE-2009-3578 NOT-FOR-US: Autodesk Maya -CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 ...) +CVE-2009-3577 NOT-FOR-US: Autodesk -CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to ...) +CVE-2009-3576 NOT-FOR-US: Autodesk Softimage -CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, ...) +CVE-2009-3575 {DSA-1957-1} - aria2 1.2.0-1 (low; bug #551070) [etch] - aria2 <not-affected> (Vulnerable code not present) -CVE-2009-3571 (Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact ...) +CVE-2009-3571 NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form -CVE-2009-3570 (Unspecified vulnerability in OpenOffice.org (OOo) has unspecified ...) +CVE-2009-3570 NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form -CVE-2009-3569 (Stack-based buffer overflow in OpenOffice.org (OOo) allows remote ...) +CVE-2009-3569 NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form -CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for ...) +CVE-2009-3568 NOT-FOR-US: module for Drupal -CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in ...) +CVE-2009-3692 - virtualbox-ose 3.0.8-dfsg-1 [lenny] - virtualbox-ose <not-affected> (vulnerable code not present) -CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for NSEC3 ...) +CVE-2009-3602 {DSA-1963-1} - unbound 1.3.4-1 (low) NOTE: http://unbound.net/pipermail/unbound-users/2009-October/000852.html -CVE-2009-3601 (Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez ...) +CVE-2009-3601 NOT-FOR-US: Scriptsez Ultimate Poll -CVE-2009-3600 (HUBScript 1.0 allows remote attackers to obtain configuration ...) +CVE-2009-3600 NOT-FOR-US: HUBScript -CVE-2009-3599 (Cross-site scripting (XSS) vulnerability in single_winner1.php in ...) +CVE-2009-3599 NOT-FOR-US: HUBScript -CVE-2009-3598 (Cross-site scripting (XSS) vulnerability in survey_result.php in ...) +CVE-2009-3598 NOT-FOR-US: eCardMAX FormXP -CVE-2009-3597 (Digitaldesign CMS 0.1 stores sensitive information under the web root ...) +CVE-2009-3597 NOT-FOR-US: Digitaldesign CMS -CVE-2009-3596 (JoxTechnology Ajox Poll does not properly restrict access to ...) +CVE-2009-3596 NOT-FOR-US: JoxTechnology Ajox Poll -CVE-2009-3595 (SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows ...) +CVE-2009-3595 NOT-FOR-US: VS PANEL -CVE-2009-3594 (Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog ...) +CVE-2009-3594 NOT-FOR-US: BLOB Blog System -CVE-2009-3593 (Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 ...) +CVE-2009-3593 NOT-FOR-US: Freelancers -CVE-2009-3592 (Cross-site scripting (XSS) vulnerability in customer/home.php in ...) +CVE-2009-3592 NOT-FOR-US: Qualiteam X-Cart -CVE-2009-3590 (SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows ...) +CVE-2009-3590 NOT-FOR-US: VS PANEL -CVE-2009-3574 (Tuniac 090517c allows remote attackers to cause a denial of service ...) +CVE-2009-3574 NOT-FOR-US: Tuniac -CVE-2009-3573 (Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ...) +CVE-2009-3573 NOT-FOR-US: ActiveX -CVE-2009-3572 (OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not ...) +CVE-2009-3572 NOT-FOR-US: OpenBSD -CVE-2009-3567 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2009-3567 NOT-FOR-US: Kayako SupportSuite and eSupport -CVE-2009-3579 (Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...) +CVE-2009-3579 - jetty <unfixed> (unimportant) NOTE: http://www.coresecurity.com/content/jetty-persistent-xss NOTE: only an example application -CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 ...) +CVE-2009-3566 NOT-FOR-US: McAfee IntruShield Network Security Manager -CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-3565 NOT-FOR-US: McAfee IntruShield Network Security Manager -CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups ...) +CVE-2009-3564 - puppet 0.25.1-3 (low; bug #551073) [etch] - puppet <no-dsa> (minor issue) [lenny] - puppet <no-dsa> (minor issue) -CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote ...) +CVE-2009-3563 {DSA-1948-1} - ntp 1:4.2.4p8+dfsg-1 (medium; bug #560074) -CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 ...) +CVE-2009-3562 NOT-FOR-US: Xerver HTTP Server -CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows ...) +CVE-2009-3561 NOT-FOR-US: Xerver HTTP Server -CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...) +CVE-2009-3560 {DSA-1977-1 DSA-1953-2 DSA-1953-1} - expat 2.0.1-6 (low; bug #560901) - mcabber 0.10.0-1 (low; bug #601053) @@ -4189,19 +4189,19 @@ CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0 - texlive-bin <not-affected> (Files are not compiled in, see #560948) - vnc4 <not-affected> (Not affected, see bug #560949) - xotcl <not-affected> (Vulnerable code not present in embedded Expat copy) -CVE-2009-3559 (** DISPUTED ** ...) +CVE-2009-3559 - php5 <removed> (unimportant) NOTE: safe_mode regression -CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...) +CVE-2009-3558 - php5 5.2.12.dfsg.1-1 (unimportant) NOTE: open_basedir bypass -CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ...) +CVE-2009-3557 - php5 5.2.12.dfsg.1-1 (unimportant) NOTE: safe_mode bypass -CVE-2009-3556 (A certain Red Hat configuration step for the qla2xxx driver in the ...) +CVE-2009-3556 - linux-2.6 <not-affected> (redhat-specific configuration issue) - linux-2.6.24 <not-affected> (redhat-specific configuration issue) -CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...) +CVE-2009-3555 {DSA-3253-1 DSA-2626-1 DSA-2141-2 DSA-2141-1 DSA-1934-1 DLA-400-1} - apache2 2.2.14-2 - openssl 0.9.8k-6 @@ -4233,10 +4233,10 @@ CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, NOTE: - apache 2.2.15-1 NOTE: - nss 3.12.6-1 NOTE: - sun-java6 6.19-1 -CVE-2009-3554 (Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss ...) +CVE-2009-3554 - jbossas4 4.2.2.GA-1 (bug #562000) [lenny] - jbossas4 <no-dsa> (Contrib not supported) -CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor handling ...) +CVE-2009-3553 {DSA-2176-1} - cups 1.4.2-4 (low; bug #557740) [lenny] - cups <no-dsa> (Minor issue) @@ -4245,24 +4245,24 @@ CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor hand CVE-2009-3552 RESERVED NOT-FOR-US: Red Hat Enterprise Virtualization Manager -CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in ...) +CVE-2009-3551 - wireshark 1.2.3-1 (low; bug #553583) [lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x) [etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x) -CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 ...) +CVE-2009-3550 {DSA-1942-1} - wireshark 1.2.3-1 (low; bug #553583) -CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through ...) +CVE-2009-3549 - wireshark 1.2.3-1 (low; bug #553583) [lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x) [etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x) -CVE-2009-3548 (The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 ...) +CVE-2009-3548 - tomcat6 <not-affected> (Windows only) -CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before ...) +CVE-2009-3547 {DSA-1929-1 DSA-1928-1 DSA-1927-1} - linux-2.6 2.6.31-2 (high) - linux-2.6.24 <removed> (high) -CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...) +CVE-2009-3546 {DSA-1936-1} - libwmf <unfixed> (unimportant) - racket 5.0.2-1 (unimportant; bug #601525) @@ -4271,11 +4271,11 @@ CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x befo - php5 <not-affected> (the php packages use the system libgd2) NOTE: http://svn.php.net/viewvc?view=revision&revision=289557 NOTE: <20091015173822.084de220@redhat.com> in OSS-sec -CVE-2009-3545 (DataWizard Technologies FtpXQ FTP Server 3.0 allows remote ...) +CVE-2009-3545 NOT-FOR-US: DataWizard Technologies FtpXQ FTP Server -CVE-2009-3544 (Xerver HTTP Server 4.32 allows remote attackers to obtain the source ...) +CVE-2009-3544 NOT-FOR-US: Xerver HTTP Server -CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 ...) +CVE-2009-3527 - kfreebsd-6 <removed> [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported) CVE-2009-3526 @@ -4285,39 +4285,39 @@ CVE-2009-XXXX [kfreebsd: Devfs / VFS NULL pointer race condition] [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported) - kfreebsd-7 7.2-9 (bug #549871) [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported) -CVE-2009-3543 (SQL injection vulnerability in _phenotype/admin/login.php in Phenotype ...) +CVE-2009-3543 NOT-FOR-US: Phenotype CMS -CVE-2009-3542 (Directory traversal vulnerability in ls.php in LittleSite (aka LS or ...) +CVE-2009-3542 NOT-FOR-US: LittleSite -CVE-2009-3541 (PHP remote file inclusion vulnerability in CoupleDB.php in ...) +CVE-2009-3541 NOT-FOR-US: PHPGenealogy -CVE-2009-3540 (Cross-site scripting (XSS) vulnerability in listads.php in ...) +CVE-2009-3540 NOT-FOR-US: YourFreeWorld Ultra Classifieds Pro -CVE-2009-3539 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld ...) +CVE-2009-3539 NOT-FOR-US: YourFreeWorld Ultra Classifieds Pro -CVE-2009-3538 (Directory traversal vulnerability in thumb.php in Clear Content 1.1 ...) +CVE-2009-3538 NOT-FOR-US: Clear Content -CVE-2009-3537 (Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 ...) +CVE-2009-3537 NOT-FOR-US: EpicDJSoftware EpicDJ -CVE-2009-3536 (Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 ...) +CVE-2009-3536 NOT-FOR-US: EpicDJSoftware EpicVJ -CVE-2009-3535 (Directory traversal vulnerability in image.php in Clear Content 1.1 ...) +CVE-2009-3535 NOT-FOR-US: Clear Content -CVE-2009-3534 (Directory traversal vulnerability in index.php in LionWiki 3.0.3, when ...) +CVE-2009-3534 NOT-FOR-US: LionWiki -CVE-2009-3533 (SQL injection vulnerability in report.php in Meeting Room Booking ...) +CVE-2009-3533 NOT-FOR-US: Meeting Room Booking System -CVE-2009-3532 (Multiple SQL injection vulnerabilities in login.asp (aka the login ...) +CVE-2009-3532 NOT-FOR-US: LogRover -CVE-2009-3531 (SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows ...) +CVE-2009-3531 NOT-FOR-US: Universe CMS -CVE-2009-3530 (Cross-site scripting (XSS) vulnerability in storefront.php in ...) +CVE-2009-3530 NOT-FOR-US: RadScripts RadBids Gold -CVE-2009-3529 (SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 ...) +CVE-2009-3529 NOT-FOR-US: RadScripts RadBids Gold -CVE-2009-3528 (SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows ...) +CVE-2009-3528 NOT-FOR-US: MyMsg -CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not ...) +CVE-2009-3525 - xen-3 <unfixed> (unimportant) - xen-unstable <removed> (unimportant) NOTE: This is an enhancement, not a security issue. @@ -4328,118 +4328,118 @@ CVE-2009-5041 [buffer overflow in overkill] - overkill 0.16-14.1 (bug #549310; low) [lenny] - overkill <no-dsa> (Minor issue) [etch] - overkill <no-dsa> (Minor issue) -CVE-2009-3524 (Unspecified vulnerability in ashWsFtr.dll in avast! Home and ...) +CVE-2009-3524 NOT-FOR-US: avast! Home and Professional -CVE-2009-3523 (aavmKer4.sys in avast! Home and Professional for Windows before ...) +CVE-2009-3523 NOT-FOR-US: avast! Home and Professional -CVE-2009-3522 (Stack-based buffer overflow in aswMon2.sys in avast! Home and ...) +CVE-2009-3522 NOT-FOR-US: avast! Home and Professional -CVE-2009-3521 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2009-3521 NOT-FOR-US: WebSphere -CVE-2009-3520 (Cross-site request forgery (CSRF) vulnerability in the Your_account ...) +CVE-2009-3520 NOT-FOR-US: CMSphp -CVE-2009-3519 (Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 ...) +CVE-2009-3519 NOT-FOR-US: Sun Solaris -CVE-2009-3518 (Argument injection vulnerability in the iim: URI handler in IBMIM.exe ...) +CVE-2009-3518 NOT-FOR-US: IBM Installation Manager -CVE-2009-3517 (nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does ...) +CVE-2009-3517 NOT-FOR-US: IBM AIX -CVE-2009-3516 (gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not ...) +CVE-2009-3516 NOT-FOR-US: IBM AIX -CVE-2009-3515 (Directory traversal vulnerability in dnet_admin/index.php in d.net CMS ...) +CVE-2009-3515 NOT-FOR-US: d.net CMS -CVE-2009-3514 (Multiple SQL injection vulnerabilities in d.net CMS allow remote ...) +CVE-2009-3514 NOT-FOR-US: d.net CMS -CVE-2009-3513 (Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group ...) +CVE-2009-3513 NOT-FOR-US: Pilot Group (PG) eTraining -CVE-2009-3512 (Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 ...) +CVE-2009-3512 NOT-FOR-US: MyWeight -CVE-2009-3511 (Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 ...) +CVE-2009-3511 NOT-FOR-US: justVisual -CVE-2009-3510 (SQL injection vulnerability in viewListing.php in linkSpheric 0.74 ...) +CVE-2009-3510 NOT-FOR-US: linkSpheric -CVE-2009-3509 (Cross-site scripting (XSS) vulnerability in admin/admin_index.php in ...) +CVE-2009-3509 NOT-FOR-US: CJ Dynamic Poll PRO -CVE-2009-3508 (Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 ...) +CVE-2009-3508 NOT-FOR-US: MUJE CMS -CVE-2009-3507 (Directory traversal vulnerability in modules.php in CMSphp 0.21 allows ...) +CVE-2009-3507 NOT-FOR-US: CMSphp -CVE-2009-3506 (Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 ...) +CVE-2009-3506 NOT-FOR-US: CMSphp -CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG ...) +CVE-2009-3505 NOT-FOR-US: Vastal I-Tech MMORPG Zone -CVE-2009-3504 (SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 ...) +CVE-2009-3504 NOT-FOR-US: Alibaba Clone -CVE-2009-3503 (Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse ...) +CVE-2009-3503 NOT-FOR-US: BPowerHouse BPHolidayLettings -CVE-2009-3502 (SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 ...) +CVE-2009-3502 NOT-FOR-US: BPowerHouse BPMusic -CVE-2009-3501 (SQL injection vulnerability in students.php in BPowerHouse BPStudents ...) +CVE-2009-3501 NOT-FOR-US: BPowerHouse BPStudents -CVE-2009-3500 (Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 ...) +CVE-2009-3500 NOT-FOR-US: BPowerHouse BPGames -CVE-2009-3499 (SQL injection vulnerability in employee.aspx in BPowerHouse ...) +CVE-2009-3499 NOT-FOR-US: BPowerHouse BPLawyerCaseDocuments -CVE-2009-3498 (SQL injection vulnerability in php/update_article_hits.php in HBcms ...) +CVE-2009-3498 NOT-FOR-US: HBcms -CVE-2009-3497 (SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent ...) +CVE-2009-3497 NOT-FOR-US: Vastal I-Tech Agent -CVE-2009-3496 (Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal ...) +CVE-2009-3496 NOT-FOR-US: Vastal I-Tech DVD Zone -CVE-2009-3495 (SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone ...) +CVE-2009-3495 NOT-FOR-US: Vastal I-Tech DVD Zone -CVE-2009-3494 (Multiple SQL injection vulnerabilities in index.php in T-HTB Manager ...) +CVE-2009-3494 NOT-FOR-US: T-HTB Manager -CVE-2009-3493 (Multiple cross-site scripting (XSS) vulnerabilities in Zenas ...) +CVE-2009-3493 NOT-FOR-US: Zenas PaoBacheca Guestbook -CVE-2009-3492 (Multiple PHP remote file inclusion vulnerabilities in Loggix Project ...) +CVE-2009-3492 NOT-FOR-US: Loggix Project -CVE-2009-3491 (SQL injection vulnerability in the Kinfusion SportFusion ...) +CVE-2009-3491 NOT-FOR-US: Kinfusion SportFusion -CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a ...) +CVE-2009-3490 {DSA-1904-1} - wget 1.12-1 (medium; bug #549293) -CVE-2009-3489 (Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 ...) +CVE-2009-3489 NOT-FOR-US: Adobe Photoshop Elements -CVE-2009-3488 (Cross-site scripting (XSS) vulnerability in the Bibliography (aka ...) +CVE-2009-3488 NOT-FOR-US: Drupal Bibliography Module -CVE-2009-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...) +CVE-2009-3487 NOT-FOR-US: J-Web interface in Juniper JUNOS -CVE-2009-3486 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...) +CVE-2009-3486 NOT-FOR-US: J-Web interface in Juniper JUNOS -CVE-2009-3485 (Cross-site scripting (XSS) vulnerability in the J-Web interface in ...) +CVE-2009-3485 NOT-FOR-US: J-Web interface in Juniper JUNOS -CVE-2009-3484 (Stack-based buffer overflow in Core FTP 2.1 build 1612 allows ...) +CVE-2009-3484 NOT-FOR-US: Core FTP -CVE-2009-3483 (Heap-based buffer overflow in the Create New Site feature in ...) +CVE-2009-3483 NOT-FOR-US: CuteFTP -CVE-2009-3482 (TrustPort Antivirus before 2.8.0.2266 and PC Security before ...) +CVE-2009-3482 NOT-FOR-US: TrustPort Antivirus and PC Security -CVE-2009-3481 (A certain interface in the iCRM Basic (com_icrmbasic) component ...) +CVE-2009-3481 NOT-FOR-US: Joomla component -CVE-2009-3480 (SQL injection vulnerability in the iCRM Basic (com_icrmbasic) ...) +CVE-2009-3480 NOT-FOR-US: Joomla component -CVE-2009-3479 (Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x ...) +CVE-2009-3479 NOT-FOR-US: Bibliography -CVE-2009-3478 (Argument injection vulnerability in (1) ...) +CVE-2009-3478 NOT-FOR-US: Bibliography -CVE-2009-3477 (The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before ...) +CVE-2009-3477 NOT-FOR-US: Blackberry Browser in RIM BlackBerry Device Software -CVE-2009-3476 (Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 ...) +CVE-2009-3476 {DSA-1895-2 DSA-1896-1 DSA-1895-1} - xmltooling 1.2.2-1 - opensaml 3.0.0-2 - opensaml2 2.2.1-1 - shibboleth-sp 3.0.2+dfsg1-2 - shibboleth-sp2 2.2.1+dfsg-1 -CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and ...) +CVE-2009-3475 {DSA-1895-2 DSA-1896-1 DSA-1895-1} - xmltooling 1.2.2-1 - opensaml 3.0.0-2 - opensaml2 2.2.1-1 - shibboleth-sp 3.0.2+dfsg1-2 - shibboleth-sp2 2.2.1+dfsg-1 -CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by ...) +CVE-2009-3474 {DSA-1895-2 DSA-1896-1 DSA-1895-1} - xmltooling 1.2.2-1 - opensaml 3.0.0-2 @@ -4448,182 +4448,182 @@ CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as use - shibboleth-sp2 2.2.1+dfsg-1 [lenny] - opensaml 1.1.1-2+lenny1 [lenny] - opensaml2 2.0-2+lenny1 -CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege ...) +CVE-2009-3473 NOT-FOR-US: IBM DB2 -CVE-2009-3472 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows ...) +CVE-2009-3472 NOT-FOR-US: IBM DB2 -CVE-2009-3471 (IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before ...) +CVE-2009-3471 NOT-FOR-US: IBM DB2 -CVE-2009-3470 (IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 ...) +CVE-2009-3470 NOT-FOR-US: IBM Informix Dynamic Server (IDS) -CVE-2009-3469 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2009-3469 NOT-FOR-US: IBM Lotus Connections -CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop Environment ...) +CVE-2009-3468 NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris -CVE-2009-3467 (Cross-site scripting (XSS) vulnerability in an unspecified method in ...) +CVE-2009-3467 NOT-FOR-US: Adobe ColdFusion -CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...) +CVE-2009-3466 NOT-FOR-US: Adobe Shockwave Player -CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...) +CVE-2009-3465 NOT-FOR-US: Adobe Shockwave Player -CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...) +CVE-2009-3464 NOT-FOR-US: Adobe Shockwave Player -CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602 allows ...) +CVE-2009-3463 NOT-FOR-US: Adobe Shockwave Player -CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) +CVE-2009-3462 NOT-FOR-US: Adobe -CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows ...) +CVE-2009-3461 NOT-FOR-US: Adobe -CVE-2009-3460 (Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x ...) +CVE-2009-3460 NOT-FOR-US: Adobe -CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...) +CVE-2009-3459 NOT-FOR-US: Adobe Acrobat -CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) +CVE-2009-3458 NOT-FOR-US: Adobe -CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...) +CVE-2009-3457 NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) -CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...) +CVE-2009-3456 - chromium-browser <not-affected> - webkit <not-affected> NOTE: This was caused by a bug in NSS (CVE-2009-2408). chromium-browser uses libnss3 -CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly ...) +CVE-2009-3455 NOT-FOR-US: Apple Safari CVE-2009-3454 REJECTED -CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) +CVE-2009-3453 NOT-FOR-US: IBM Lotus Quickr -CVE-2009-3452 (WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote ...) +CVE-2009-3452 NOT-FOR-US: RADactive I-Load -CVE-2009-3451 (Directory traversal vulnerability in WebCoreModule.ashx in RADactive ...) +CVE-2009-3451 NOT-FOR-US: RADactive -CVE-2009-3450 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-3450 NOT-FOR-US: RADactive I-Load -CVE-2009-3449 (MP3 Collector 2.3 allows remote attackers to cause a denial of service ...) +CVE-2009-3449 NOT-FOR-US: MP3 Collector -CVE-2009-3448 (npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote ...) +CVE-2009-3448 NOT-FOR-US: BakBone NetVault Backup -CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before ...) +CVE-2009-3447 NOT-FOR-US: RADactive I-Load CVE-2009-XXXX [xen-tools: world readable disk image files] - xen-tools 4.2~beta1-1 (low; bug #548909) [lenny] - xen-tools 3.9-4+lenny1 -CVE-2009-3446 (SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) ...) +CVE-2009-3446 NOT-FOR-US: com_mytube component for Joomla! -CVE-2009-3445 (Unspecified vulnerability in Code-Crafters Ability Mail Server before ...) +CVE-2009-3445 NOT-FOR-US: Ability Mail Server -CVE-2009-3444 (Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 ...) +CVE-2009-3444 NOT-FOR-US: e107 -CVE-2009-3443 (SQL injection vulnerability in the Fastball (com_fastball) component ...) +CVE-2009-3443 NOT-FOR-US: com_fastball component for Joomla! -CVE-2009-3442 (The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does ...) +CVE-2009-3442 NOT-FOR-US: Nodewords module for Drupal -CVE-2009-3441 (Open Source Security Information Management (OSSIM) before 2.1.2 ...) +CVE-2009-3441 NOT-FOR-US: Open Source Security Information Management -CVE-2009-3440 (Cross-site scripting (XSS) vulnerability in Open Source Security ...) +CVE-2009-3440 NOT-FOR-US: Open Source Security Information Management -CVE-2009-3439 (Multiple SQL injection vulnerabilities in Open Source Security ...) +CVE-2009-3439 NOT-FOR-US: Open Source Security Information Management -CVE-2009-3438 (SQL injection vulnerability in the JoomlaFacebook (com_facebook) ...) +CVE-2009-3438 NOT-FOR-US: com_facebook component for Joomla! -CVE-2009-3437 (Cross-site scripting (XSS) vulnerability in the live preview feature ...) +CVE-2009-3437 NOT-FOR-US: Markdown Preview module for Drupal -CVE-2009-3436 (Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal ...) +CVE-2009-3436 NOT-FOR-US: MaxWebPortal -CVE-2009-3435 (Cross-site scripting (XSS) vulnerability in the variable editor in the ...) +CVE-2009-3435 NOT-FOR-US: Devel module for Drupal -CVE-2009-3434 (SQL injection vulnerability in the Tupinambis (com_tupinambis) ...) +CVE-2009-3434 NOT-FOR-US: com_tupinambis for Mambo and Joomla! -CVE-2009-3433 (Unspecified vulnerability in clsetup in the configuration utility in ...) +CVE-2009-3433 NOT-FOR-US: Sun Solaris Cluster -CVE-2009-3432 (Unspecified vulnerability in xscreensaver in Sun Solaris 10, and ...) +CVE-2009-3432 NOT-FOR-US: Sun OpenSolaris xscreensaver -CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, ...) +CVE-2009-3431 NOT-FOR-US: Adobe Acrobat -CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical Solutions ...) +CVE-2009-3892 - request-tracker3.8 3.8.5-1 (bug #546829) - request-tracker3.6 3.6.9-1 (bug #546778) [etch] - request-tracker3.6 <not-affected> (vulnerable code not present) [lenny] - request-tracker3.6 3.6.7-5+lenny2 NOTE: CVE id requested -CVE-2009-3430 (SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows ...) +CVE-2009-3430 NOT-FOR-US: Allomani Mobile -CVE-2009-3429 (Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 ...) +CVE-2009-3429 NOT-FOR-US: Pirate Radio Destiny Media Player -CVE-2009-3428 (Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote ...) +CVE-2009-3428 NOT-FOR-US: Easy Music Player -CVE-2009-3427 (Cross-site scripting (XSS) vulnerability in Kayako SupportSuite ...) +CVE-2009-3427 NOT-FOR-US: Kayako SupportSuite -CVE-2009-3426 (PHP remote file inclusion vulnerability in ...) +CVE-2009-3426 NOT-FOR-US: MaxCMS -CVE-2009-3425 (Directory traversal vulnerability in ...) +CVE-2009-3425 NOT-FOR-US: MaxCMS -CVE-2009-3424 (Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, ...) +CVE-2009-3424 NOT-FOR-US: MaxCMS -CVE-2009-3423 (login.php in Zenas PaoLink 1.0, when register_globals is enabled, ...) +CVE-2009-3423 NOT-FOR-US: Zenas PaoLink -CVE-2009-3422 (login.php in Zenas PaoLiber 1.1, when register_globals is enabled, ...) +CVE-2009-3422 NOT-FOR-US: Zenas PaoLiber -CVE-2009-3421 (login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is ...) +CVE-2009-3421 NOT-FOR-US: Zenas PaoBacheca Guestbook -CVE-2009-3420 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-3420 NOT-FOR-US: Miniweb Publisher module -CVE-2009-3419 (SQL injection vulnerability in index.php in the Publisher module 2.0 ...) +CVE-2009-3419 NOT-FOR-US: Miniweb Publisher module -CVE-2009-3418 (Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) ...) +CVE-2009-3418 NOT-FOR-US: Plume CMS -CVE-2009-3417 (SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 ...) +CVE-2009-3417 NOT-FOR-US: IDoBlog component Joomla -CVE-2009-3416 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2009-3416 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-3415 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) +CVE-2009-3415 NOT-FOR-US: Oracle Database -CVE-2009-3414 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) +CVE-2009-3414 NOT-FOR-US: Oracle Database -CVE-2009-3413 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) +CVE-2009-3413 NOT-FOR-US: Oracle Database -CVE-2009-3412 (Unspecified vulnerability in the Unzip component in Oracle Database ...) +CVE-2009-3412 NOT-FOR-US: Oracle Database and Oracle Application Server -CVE-2009-3411 (Unspecified vulnerability in the Oracle Data Pump component in Oracle ...) +CVE-2009-3411 NOT-FOR-US: Oracle Database -CVE-2009-3410 (Unspecified vulnerability in the RDBMS component in Oracle Database ...) +CVE-2009-3410 NOT-FOR-US: Oracle Database -CVE-2009-3409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) ...) +CVE-2009-3409 NOT-FOR-US: Oracle PeopleSoft Enterprise -CVE-2009-3408 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2009-3408 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-3407 (Unspecified vulnerability in the Portal component in Oracle ...) +CVE-2009-3407 NOT-FOR-US: Oracle Application Server -CVE-2009-3406 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...) +CVE-2009-3406 NOT-FOR-US: Oracle PeopleSoft Enterprise -CVE-2009-3405 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...) +CVE-2009-3405 NOT-FOR-US: Oracle PeopleSoft Enterprise -CVE-2009-3404 (Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise ...) +CVE-2009-3404 NOT-FOR-US: Oracle PeopleSoft Enterprise -CVE-2009-3403 (Unspecified vulnerability in the JRockit component in BEA Product ...) +CVE-2009-3403 NOT-FOR-US: BEA Product Suite -CVE-2009-3402 (Unspecified vulnerability in the Oracle Applications Framework ...) +CVE-2009-3402 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-3401 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) +CVE-2009-3401 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-3400 (Unspecified vulnerability in the Oracle Advanced Benefits component in ...) +CVE-2009-3400 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-3399 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2009-3399 NOT-FOR-US: BEA Product Suite CVE-2009-3398 REJECTED -CVE-2009-3397 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2009-3397 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-3396 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2009-3396 NOT-FOR-US: BEA Product Suite -CVE-2009-3395 (Unspecified vulnerability in the AutoVue component in Oracle ...) +CVE-2009-3395 NOT-FOR-US: Oracle E-Business Suite CVE-2009-3394 REJECTED -CVE-2009-3393 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2009-3393 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-3392 (Unspecified vulnerability in the Agile Engineering Data Management ...) +CVE-2009-3392 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-4193 (Merkaartor 0.14 allows local users to append data to arbitrary files ...) +CVE-2009-4193 - merkaartor 0.14+svnfixes~20090912-2 (low; bug #548546) [lenny] - merkaartor <not-affected> (vulnerable code not present) NOTE: does not run as root so minor issue. @@ -4632,9 +4632,9 @@ CVE-2009-XXXX [SA-CORE-2009-008] [lenny] - drupal6 6.6-3lenny3 CVE-2009-3391 RESERVED -CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) ...) +CVE-2009-3390 NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10 -CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used ...) +CVE-2009-3389 {DSA-2045-1} - libtheora 1.1 (bug #572950) [etch] - libtheora <not-affected> (vulnerable code not present) @@ -4643,27 +4643,27 @@ CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as u - xulrunner 1.9.1.6-1 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) [lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5) -CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before ...) +CVE-2009-3388 - liboggplay 0.2.1~git20091227-1.1 (bug #575743) - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - xulrunner 1.9.1.6-1 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) [lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5) -CVE-2009-3387 (Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group ...) +CVE-2009-3387 - bugzilla 3.4.7.0-1 [lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected) -CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 ...) +CVE-2009-3386 - bugzilla 3.4.7.0-1 [lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected) -CVE-2009-3385 (The mail component in Mozilla SeaMonkey before 1.1.19 does not ...) +CVE-2009-3385 {DSA-1922-1} - xulrunner 1.9.0.15-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0-1 [lenny] - iceape <not-affected> (stub package) -CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...) +CVE-2009-3384 - webkit 1.1.17-2 (medium; bug #559759) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - qt4-x11 4:4.6.2-4 (bug #561760) @@ -4673,23 +4673,23 @@ CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari be - kdelibs <not-affected> (vulnerable code not present) - kde4libs <not-affected> (vulnerable code not present) NOTE: http://trac.webkit.org/changeset/48725 -CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) +CVE-2009-3383 - xulrunner 1.9.1.4-1 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5) [etch] - xulrunner <not-affected> (Only affects Firefox 3.5) -CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla ...) +CVE-2009-3382 {DSA-1922-1} - xulrunner 1.9.1.4-1 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2009-3381 - xulrunner 1.9.1.4-1 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5) [etch] - xulrunner <not-affected> (Only affects Firefox 3.5) -CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2009-3380 {DSA-1922-1} - xulrunner 1.9.1.4-1 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...) +CVE-2009-3379 {DSA-1939-1} - libvorbisidec 1.0.2+svn18153-0.1 (bug #669196) [squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps) @@ -4697,221 +4697,221 @@ CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Moz - xulrunner 1.9.1.4-1 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5) [etch] - xulrunner <not-affected> (Only affects Firefox 3.5) -CVE-2009-3378 (The oggplay_data_handle_theora_frame function in ...) +CVE-2009-3378 - xulrunner 1.9.1.4-1 [etch] - xulrunner <not-affected> (ogg support added in firefox 3.5) [lenny] - xulrunner <not-affected> (ogg support added in firefox 3.5) - liboggplay 0.2.1~git20091120-1 (medium; bug #552743) -CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before ...) +CVE-2009-3377 - xulrunner 1.9.1.4-1 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5) [etch] - xulrunner <not-affected> (Only affects Firefox 3.5) - liboggz 0.9.9-1 (low) [lenny] - liboggz <no-dsa> (Too intrusive to backport, needs to be updated to 0.9.9. Requires additional rebuild of rev dep) -CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...) +CVE-2009-3376 {DSA-1922-1} - xulrunner 1.9.1.4-1 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x ...) +CVE-2009-3375 {DSA-1922-1} - xulrunner 1.9.1.4-1 [etch] - xulrunner <not-affected> (Only affects Firefox 3.x) -CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM implementation ...) +CVE-2009-3374 {DSA-1922-1} - xulrunner 1.9.1.4-1 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla Firefox ...) +CVE-2009-3373 {DSA-1922-1} - xulrunner 1.9.1.4-1 [etch] - xulrunner <not-affected> (Only affects Firefox 3.x) -CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...) +CVE-2009-3372 {DSA-1922-1} - xulrunner 1.9.1.4-1 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 ...) +CVE-2009-3371 - xulrunner 1.9.1.4-1 [etch] - xulrunner <not-affected> (web workers introduced in firefox 3.5) [lenny] - xulrunner <not-affected> (web workers introduced in firefox 3.5) - kompozer <unfixed> (unimportant; bug #555326) NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled -CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote ...) +CVE-2009-3370 {DSA-1922-1} - xulrunner 1.9.1.4-1 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-3368 (Cross-site scripting (XSS) vulnerability in the Hotel Booking ...) +CVE-2009-3368 NOT-FOR-US: component for Joomla! -CVE-2009-3367 (Multiple cross-site scripting (XSS) vulnerabilities in An image ...) +CVE-2009-3367 NOT-FOR-US: An image gallery 1.0 -CVE-2009-3366 (Directory traversal vulnerability in navigation.php in An image ...) +CVE-2009-3366 NOT-FOR-US: An image gallery 1.0 -CVE-2009-3365 (PHP remote file inclusion vulnerability in ...) +CVE-2009-3365 NOT-FOR-US: Aurora CMS -CVE-2009-3364 (Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote ...) +CVE-2009-3364 NOT-FOR-US: FTPShell Client -CVE-2009-3363 (Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x ...) +CVE-2009-3363 NOT-FOR-US: a module for Drupal -CVE-2009-3362 (PHP remote file inclusion vulnerability in printnews.php3 in SZNews ...) +CVE-2009-3362 NOT-FOR-US: SZNews -CVE-2009-3361 (SQL injection vulnerability in index.php in PHP-IPNMonitor allows ...) +CVE-2009-3361 NOT-FOR-US: PHP-IPNMonitor -CVE-2009-3360 (Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 ...) +CVE-2009-3360 NOT-FOR-US: Datemill -CVE-2009-3359 (Multiple cross-site scripting (XSS) vulnerabilities in Match Agency ...) +CVE-2009-3359 NOT-FOR-US: Match Agency BiZ -CVE-2009-3358 (SQL injection vulnerability in profile.php in Tourism Scripts Adult ...) +CVE-2009-3358 NOT-FOR-US: Tourism Scripts Adult -CVE-2009-3357 (Multiple SQL injection vulnerabilities in the Hotel Booking ...) +CVE-2009-3357 NOT-FOR-US: component for Joomla! -CVE-2009-3356 (SQL injection vulnerability in index.php in Image voting 1.0 allows ...) +CVE-2009-3356 NOT-FOR-US: Image voting -CVE-2009-3355 (Cross-site scripting (XSS) vulnerability in profile.php in Datetopia ...) +CVE-2009-3355 NOT-FOR-US: Datetopia Buy Dating Site -CVE-2009-3354 (Multiple unspecified vulnerabilities in the Rest API module for Drupal ...) +CVE-2009-3354 NOT-FOR-US: Rest API module for Drupal -CVE-2009-3353 (Multiple unspecified vulnerabilities in the Node2Node module for ...) +CVE-2009-3353 NOT-FOR-US: Node2Node module for Drupal -CVE-2009-3352 (Multiple unspecified vulnerabilities in the quota_by_role (Quota by ...) +CVE-2009-3352 NOT-FOR-US: quota_by_role (Quota by role) module for Drupal -CVE-2009-3351 (Multiple unspecified vulnerabilities in the Node Browser module for ...) +CVE-2009-3351 NOT-FOR-US: Node Browser module for Drupal -CVE-2009-3350 (Multiple unspecified vulnerabilities in the Subdomain Manager module ...) +CVE-2009-3350 NOT-FOR-US: Subdomain Manager module for Drupal -CVE-2009-3349 (SQL injection vulnerability in Datavore Gyro 5.0 allows remote ...) +CVE-2009-3349 NOT-FOR-US: Datavore Gyro -CVE-2009-3348 (Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows ...) +CVE-2009-3348 NOT-FOR-US: Datavore Gyro -CVE-2009-3347 (Buffer overflow on the D-Link DIR-400 wireless router allows remote ...) +CVE-2009-3347 NOT-FOR-US: D-Link DIR-400 wireless router -CVE-2009-3346 (Unspecified vulnerability in SAP Crystal Reports Server 2008 allows ...) +CVE-2009-3346 NOT-FOR-US: SAP Crystal Reports Server -CVE-2009-3345 (Heap-based buffer overflow in SAP Crystal Reports Server 2008 has ...) +CVE-2009-3345 NOT-FOR-US: SAP Crystal Reports Server -CVE-2009-3344 (Unspecified vulnerability in SAP Crystal Reports Server 2008 on ...) +CVE-2009-3344 NOT-FOR-US: SAP Crystal Reports Server -CVE-2009-3343 (SQL injection vulnerability in details.asp in HotWeb Rentals allows ...) +CVE-2009-3343 NOT-FOR-US: HotWeb Rentals -CVE-2009-3342 (SQL injection vulnerability in frontend/assets/ajax/checkusername.php ...) +CVE-2009-3342 NOT-FOR-US: component for Joomla! -CVE-2009-3341 (Buffer overflow on the Linksys WRT54GL wireless router allows remote ...) +CVE-2009-3341 NOT-FOR-US: Linksys WRT54GL wireless router -CVE-2009-3340 (Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to ...) +CVE-2009-3340 NOT-FOR-US: FreeSSHD -CVE-2009-3339 (Unspecified vulnerability in McAfee Email and Web Security Appliance ...) +CVE-2009-3339 NOT-FOR-US: McAfee Email and Web Security Appliance -CVE-2009-3338 (Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b ...) +CVE-2009-3338 NOT-FOR-US: Magic Morph -CVE-2009-3337 (SQL injection vulnerability in the Freetag (serendipity_event_freetag) ...) +CVE-2009-3337 NOT-FOR-US: plugin for Serendipity -CVE-2009-3336 (SQL injection vulnerability in auction_details.php in PHP Pro Bid ...) +CVE-2009-3336 NOT-FOR-US: PHP Pro Bid -CVE-2009-3335 (SQL injection vulnerability in the TurtuShout component 0.11 for ...) +CVE-2009-3335 NOT-FOR-US: TurtuShout component 0.11 for Joomla! -CVE-2009-3334 (SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! ...) +CVE-2009-3334 NOT-FOR-US: Lhacky! Extensions Cave Joomla! -CVE-2009-3333 (PHP remote file inclusion vulnerability in koesubmit.php in the ...) +CVE-2009-3333 NOT-FOR-US: koeSubmit (com_koesubmit) component 1.0 for Mambo -CVE-2009-3332 (SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) ...) +CVE-2009-3332 NOT-FOR-US: BudgetsMagic (com_jbudgetsmagic) component for Joomla! -CVE-2009-3331 (Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 ...) +CVE-2009-3331 NOT-FOR-US: DDL CMS -CVE-2009-3330 (SQL injection vulnerability in index.php in cP Creator 2.7.1, when ...) +CVE-2009-3330 NOT-FOR-US: cP Creator -CVE-2009-3329 (Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted ...) +CVE-2009-3329 NOT-FOR-US: Winplot -CVE-2009-3328 (Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook ...) +CVE-2009-3328 NOT-FOR-US: WX-Guestbook -CVE-2009-3327 (Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow ...) +CVE-2009-3327 NOT-FOR-US: WX-Guestbook -CVE-2009-3326 (SQL injection vulnerability in index.php in CMScontrol Content ...) +CVE-2009-3326 NOT-FOR-US: CMScontrol -CVE-2009-3325 (SQL injection vulnerability in the Focusplus Developments Survey ...) +CVE-2009-3325 NOT-FOR-US: Survey Manager (com_surveymanager) component 1.5.0 for Joomla! -CVE-2009-3324 (PHP remote file inclusion vulnerability in include/prodler.class.php ...) +CVE-2009-3324 NOT-FOR-US: ProdLer -CVE-2009-3323 (Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation ...) +CVE-2009-3323 NOT-FOR-US: BAnner ROtation System mini (BAROSmini) -CVE-2009-3322 (The Siemens Gigaset SE361 WLAN router allows remote attackers to cause ...) +CVE-2009-3322 NOT-FOR-US: Siemens Gigaset SE361 WLAN router -CVE-2009-3321 (SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc ...) +CVE-2009-3321 NOT-FOR-US: SaphpLesson -CVE-2009-3320 (Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas ...) +CVE-2009-3320 NOT-FOR-US: Zenas PaoLink (aka Pao-Link) -CVE-2009-3319 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...) +CVE-2009-3319 NOT-FOR-US: DCI-Designs Dawaween -CVE-2009-3318 (Directory traversal vulnerability in the Roland Breedveld Album ...) +CVE-2009-3318 NOT-FOR-US: Roland Breedveld Album (com_album) component 1.14 for Joomla! -CVE-2009-3317 (PHP remote file inclusion vulnerability in pages/pageHeader.php in ...) +CVE-2009-3317 NOT-FOR-US: OpenSiteAdmin -CVE-2009-3316 (SQL injection vulnerability in the JReservation (com_jreservation) ...) +CVE-2009-3316 NOT-FOR-US: JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! -CVE-2009-3315 (SQL injection vulnerability in admin/index.php in NeLogic Nephp ...) +CVE-2009-3315 NOT-FOR-US: NeLogic Nephp Publisher Enterprise -CVE-2009-3314 (SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 ...) +CVE-2009-3314 NOT-FOR-US: Elite Gaming Ladders -CVE-2009-3313 (Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote ...) +CVE-2009-3313 NOT-FOR-US: FMyClone -CVE-2009-3312 (PHP remote file inclusion vulnerability in php/init.poll.php in ...) +CVE-2009-3312 NOT-FOR-US: phpPollScript -CVE-2009-3311 (Cross-site scripting (XSS) vulnerability in index.php in ...) +CVE-2009-3311 NOT-FOR-US: RSSMediaScript -CVE-2009-3310 (SQL injection vulnerability in index.php in Zainu 1.0 allows remote ...) +CVE-2009-3310 NOT-FOR-US: Zainu -CVE-2009-3309 (SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta ...) +CVE-2009-3309 NOT-FOR-US: CF ShopKart -CVE-2009-3308 (SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows ...) +CVE-2009-3308 NOT-FOR-US: FanUpdate -CVE-2009-3307 (Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 ...) +CVE-2009-3307 NOT-FOR-US: FSphp -CVE-2009-3306 (PHP remote file inclusion vulnerability in include/header.php in ...) +CVE-2009-3306 NOT-FOR-US: ClearSite -CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attackers to ...) +CVE-2009-3305 {DSA-2002-1} - polipo 1.0.4-1.1 (low; bug #547047) [etch] - polipo <no-dsa> (Minor issue) [lenny] - polipo <no-dsa> (Minor issue) -CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite ...) +CVE-2009-3304 {DSA-1945-1} - gforge 4.8.2-1 -CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in ...) +CVE-2009-3303 {DSA-1937-1} - gforge 4.8.1-3 (low) -CVE-2009-3302 (filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows ...) +CVE-2009-3302 {DSA-1995-1 DTSA-205-1} - openoffice.org 1:3.1.1-16 -CVE-2009-3301 (Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) ...) +CVE-2009-3301 {DSA-1995-1 DTSA-205-1} - openoffice.org 1:3.1.1-16 -CVE-2009-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the Identity ...) +CVE-2009-3300 {DSA-1947-1} - shibboleth-sp2 2.3+dfsg-1 (medium; bug #555608) - shibboleth-sp 3.0.2+dfsg1-2 (medium) - opensaml2 2.3-1 (medium) NOTE: xmltooling also needs to be updated, changed in sid in 1.3.1-1 -CVE-2009-3299 (Cross-site scripting (XSS) vulnerability in the resume blocktype in ...) +CVE-2009-3299 {DSA-1924-1} - mahara 1.1.7-1 (low) NOTE: http://mahara.org/interaction/forum/topic.php?id=1170 -CVE-2009-3298 (Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote ...) +CVE-2009-3298 {DSA-1924-1} - mahara 1.1.7-1 (low) NOTE: http://mahara.org/interaction/forum/topic.php?id=1169 CVE-2009-3297 [mount race conditions] REJECTED -CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow ...) +CVE-2009-3296 {DSA-1912-2 DSA-1912-1} - camlimages 1:3.0.1-5 (low) - advi 1.6.0-15 (low; bug #551282) -CVE-2009-3295 (The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm ...) +CVE-2009-3295 - krb5 1.7+dfsg-4 (medium) [lenny] - krb5 <not-affected> (code introduced in 1.7) [etch] - krb5 <not-affected> (code introduced in 1.7) -CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and ...) +CVE-2009-3294 - php5 <not-affected> (win32-specific) -CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function in PHP ...) +CVE-2009-3293 - php5 <not-affected> (the php packages use the system libgd2) - php4 <not-affected> (the php packages use the system libgd2) NOTE: the transparent colours functionality is only on php5's bundled libgd2 -CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...) +CVE-2009-3292 {DSA-1940-1} - php5 5.2.11.dfsg.1-1 (low) NOTE: unknown impact, it is related to missing sanity checks @@ -4919,7 +4919,7 @@ CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before NOTE: a missing limit on the nesting level of TIFF files, and NOTE: missing EOF checks, possibly leading to NULL dereferences NOTE: experimental is likely to be affected (as of 5.3.0) -CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before ...) +CVE-2009-3291 {DSA-1940-1} - php5 5.2.11.dfsg.1-1 (low) [lenny] - php5 <no-dsa> (rather unimportant) @@ -4927,325 +4927,325 @@ CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before NOTE: seems to be related to handling of \0 on CN NOTE: not worth a dsa on its own, php doesn't verify certificates by default NOTE: experimental is likely to be affected (as of 5.3.0) -CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target ...) +CVE-2009-3289 - glib2.0 2.22.0-1 (low) [lenny] - glib2.0 2.16.6-3 [etch] - glib2.0 <no-dsa> (Minor issue) -CVE-2009-3287 (lib/thin/connection.rb in Thin web server before 1.2.4 relies on the ...) +CVE-2009-3287 - thin 1.2.4-1 (low) CVE-2009-3285 RESERVED -CVE-2009-3284 (Directory traversal vulnerability in phpspot PHP BBS, PHP Image ...) +CVE-2009-3284 NOT-FOR-US: phpspot Products -CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image ...) +CVE-2009-3283 NOT-FOR-US: phpspot Products -CVE-2009-3282 (Integer overflow in the vmx86 kernel extension in VMware Fusion before ...) +CVE-2009-3282 NOT-FOR-US: VMware Fusion -CVE-2009-3281 (The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 ...) +CVE-2009-3281 NOT-FOR-US: VMware Fusion -CVE-2009-3280 (Integer signedness error in the find_ie function in ...) +CVE-2009-3280 - linux-2.6 2.6.31-1 (medium) - linux-2.6.24 <not-affected> (vulnerable code not present) [etch] - linux-2.6 <not-affected> (vulnerable code not present) [lenny] - linux-2.6 <not-affected> (vulnerable code not present) -CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...) +CVE-2009-3279 NOT-FOR-US: QNAP TS-239 Pro and TS-639 -CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...) +CVE-2009-3278 NOT-FOR-US: QNAP TS-239 Pro and TS-639 -CVE-2009-3277 (DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault ...) +CVE-2009-3277 NOT-FOR-US: datavault -CVE-2009-3276 (Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed ...) +CVE-2009-3276 NOT-FOR-US: NASD CORE.NET Terelik (aka corenet1) -CVE-2009-3275 (Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...) +CVE-2009-3275 NOT-FOR-US: Microsoft patterns & practices Enterprise Library -CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and ...) +CVE-2009-3274 {DSA-1922-1} - xulrunner 1.9.1.4-1 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not ...) +CVE-2009-3273 NOT-FOR-US: Apple iPhone -CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...) +CVE-2009-3272 - qt4-x11 <unfixed> (unimportant) [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4) - kdelibs <unfixed> (unimportant) - kde4libs <unfixed> (unimportant) NOTE: browser crashers are not considered security-relevant -CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a ...) +CVE-2009-3271 NOT-FOR-US: Apple Safari on iPhone OS 3.0.1 -CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the ...) +CVE-2009-3290 {DSA-1915-1 DSA-1907-1 DTSA-203-1} - linux-2.6 2.6.31-1 (medium) [etch] - linux-2.6 <not-affected> (introduced in 2.6.25) - linux-2.6.24 <not-affected> (introduced in 2.6.25) - kvm 85+dfsg-4.1 (high; bug #548975) -CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel ...) +CVE-2009-3288 - linux-2.6 2.6.31-1 (low) [etch] - linux-2.6 <not-affected> (introduced in 2.6.28) [lenny] - linux-2.6 <not-affected> (introduced in 2.6.28) - linux-2.6.24 <not-affected> (introduced in 2.6.28) -CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does ...) +CVE-2009-3286 {DSA-1929-1 DSA-1928-1 DSA-1915-1} - linux-2.6 2.6.30-1 (low) - linux-2.6.24 <removed> -CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote ...) +CVE-2009-3270 NOT-FOR-US: Microsoft Internet Explorer 7 -CVE-2009-3269 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...) +CVE-2009-3269 NOT-FOR-US: Opera -CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...) +CVE-2009-3268 - chromium-browser <not-affected> (Only 1.x is affected) NOTE: browser denial of services not considered security-relevant -CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...) +CVE-2009-3267 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) ...) +CVE-2009-3266 NOT-FOR-US: Opera -CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows ...) +CVE-2009-3265 NOT-FOR-US: Opera -CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21 omits an ...) +CVE-2009-3264 - chromium-browser <not-affected> (Only 3.x is affected) - libv8 1.3.11+dfsg-1 - webkit <not-affected> (libv8 issue) -CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x ...) +CVE-2009-3263 - chromium-browser <not-affected> (Only 3.x is affected) - webkit <not-affected> (chrome-specific issue) NOTE: http://seclists.org/fulldisclosure/2009/Sep/201 NOTE: other browsers are not affected (only chrome and opera) -CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) ...) +CVE-2009-3262 NOT-FOR-US: IBM Tivoli Identity Manager -CVE-2009-3261 (update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require ...) +CVE-2009-3261 NOT-FOR-US: LiveStreet -CVE-2009-3260 (Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows ...) +CVE-2009-3260 NOT-FOR-US: LiveStreet -CVE-2009-3259 (Multiple SQL injection vulnerabilities in RASH Quote Management System ...) +CVE-2009-3259 NOT-FOR-US: RASH Quote Management System (RQMS) -CVE-2009-3258 (vtiger CRM before 5.1.0 allows remote authenticated users, with ...) +CVE-2009-3258 NOT-FOR-US: vtiger CRM -CVE-2009-3257 (vtiger CRM before 5.1.0 allows remote authenticated users to bypass ...) +CVE-2009-3257 NOT-FOR-US: vtiger CRM -CVE-2009-3256 (Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php ...) +CVE-2009-3256 NOT-FOR-US: LiveStreet -CVE-2009-3255 (SQL injection vulnerability in RASH Quote Management System (RQMS) ...) +CVE-2009-3255 NOT-FOR-US: RASH Quote Management System (RQMS) -CVE-2009-3254 (Multiple stack-based buffer overflows in Ultimate Player 1.56 beta ...) +CVE-2009-3254 NOT-FOR-US: Ultimate Player -CVE-2009-3253 (Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 ...) +CVE-2009-3253 NOT-FOR-US: TriceraSoft Swift Ultralite -CVE-2009-3252 (Multiple SQL injection vulnerabilities in news.php in Rock Band CMS ...) +CVE-2009-3252 NOT-FOR-US: Rock Band CMS -CVE-2009-3251 (include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows ...) +CVE-2009-3251 NOT-FOR-US: vtiger CRM -CVE-2009-3250 (The saveForwardAttachments procedure in the Compose Mail functionality ...) +CVE-2009-3250 NOT-FOR-US: vtiger CRM -CVE-2009-3249 (Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow ...) +CVE-2009-3249 NOT-FOR-US: vtiger CRM -CVE-2009-3248 (Cross-site request forgery (CSRF) vulnerability in the RSS module in ...) +CVE-2009-3248 NOT-FOR-US: vtiger CRM -CVE-2009-3247 (Cross-site scripting (XSS) vulnerability in the Activities module in ...) +CVE-2009-3247 NOT-FOR-US: vtiger CRM -CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX ...) +CVE-2009-3246 NOT-FOR-US: MyBuxScript PTC-BUX -CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from ...) +CVE-2009-3245 - openssl 0.9.8m-1 (low; bug #575433) [lenny] - openssl 0.9.8g-15+lenny7 -CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...) +CVE-2009-3244 NOT-FOR-US: Adobe ShockWave Player -CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and ...) +CVE-2009-3243 - wireshark <not-affected> (Windows-only issue) -CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in ...) +CVE-2009-3242 - wireshark 1.2.2-1 (low; bug #547704) [etch] - wireshark <not-affected> (Only affects 1.2.x) [lenny] - wireshark <not-affected> (Only affects 1.2.x) -CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark ...) +CVE-2009-3241 {DSA-1942-1} - wireshark 1.2.2-1 (low; bug #547704) [etch] - wireshark <not-affected> (Only affects >= 0.99.6) [lenny] - wireshark 1.0.2-3+lenny6 -CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...) +CVE-2009-3240 NOT-FOR-US: module for XOOPS CVE-2009-3239 REJECTED -CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux ...) +CVE-2009-3238 {DSA-1929-1 DSA-1928-1 DSA-1927-1} - linux-2.6 2.6.30-1 (low) - linux-2.6.24 <removed> (low) -CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...) +CVE-2009-3237 {DSA-1966-1} - horde3 3.3.5+debian0-1 (low) [lenny] - horde3 3.2.2+debian0-2+lenny1 NOTE: horde3 issue fixed in backport of latest DSA, DSA however did not fix etch -CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in Dovecot ...) +CVE-2009-3235 {DSA-1893-1 DSA-1892-1} - cyrus-imapd-2.2 2.2.13-17 (medium; bug #547947) - kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712) - dovecot 1:1.2.1-1 (medium; bug #546656) NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few additional buffer overflows -CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem ...) +CVE-2009-3228 {DSA-1929-1 DSA-1928-1 DSA-1927-1} - linux-2.6 2.6.31-1 (low) - linux-2.6.24 <removed> (low) -CVE-2009-3236 (The form library in Horde Application Framework 3.2 before 3.2.5 and ...) +CVE-2009-3236 {DSA-1897-1} - horde3 3.3.5+debian0-1 (medium; bug #547318) -CVE-2009-3234 (Buffer overflow in the perf_copy_attr function in ...) +CVE-2009-3234 - linux-2.6 <not-affected> (Introduced in 2.6.31, fixed in Debian package before initial 2.6.31 upload) - linux-2.6.24 <not-affected> (Introduced in 2.6.31) -CVE-2009-3227 (Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft ...) +CVE-2009-3227 NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise -CVE-2009-3226 (SQL injection vulnerability in index.php in AlmondSoft Almond ...) +CVE-2009-3226 NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise -CVE-2009-3225 (Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft ...) +CVE-2009-3225 NOT-FOR-US: AlmondSoft Almond Classifieds Wap and Pro -CVE-2009-3224 (SQL injection vulnerability in index.php in Super Mod System, when ...) +CVE-2009-3224 NOT-FOR-US: Super Mod System -CVE-2009-3223 (SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver ...) +CVE-2009-3223 NOT-FOR-US: Inout Adserver -CVE-2009-3222 (Cross-site scripting (XSS) vulnerability in index.php in ...) +CVE-2009-3222 NOT-FOR-US: FreeWebScriptz Honest Traffic -CVE-2009-3221 (Stack-based buffer overflow in Audio Lib Player (ALP) allows remote ...) +CVE-2009-3221 NOT-FOR-US: Audio Lib Player (ALP) -CVE-2009-3220 (PHP remote file inclusion vulnerability in cp_html2txt.php in All In ...) +CVE-2009-3220 NOT-FOR-US: All In One Control Panel -CVE-2009-3219 (Directory traversal vulnerability in a.php in AR Web Content Manager ...) +CVE-2009-3219 NOT-FOR-US: AR Web Content Manager -CVE-2009-3218 (SQL injection vulnerability in control/login.php in AR Web Content ...) +CVE-2009-3218 NOT-FOR-US: AR Web Content Manager -CVE-2009-3217 (SQL injection vulnerability in the admin module in iWiccle 1.01 allows ...) +CVE-2009-3217 NOT-FOR-US: iWiccle -CVE-2009-3216 (Multiple directory traversal vulnerabilities in iWiccle 1.01, when ...) +CVE-2009-3216 NOT-FOR-US: iWiccle -CVE-2009-3215 (SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, ...) +CVE-2009-3215 NOT-FOR-US: IXXO Cart Standalone -CVE-2009-3214 (Multiple stack-based buffer overflows in Photodex ProShow Gold ...) +CVE-2009-3214 NOT-FOR-US: Photodex ProShow Gold -CVE-2009-3213 (Stack-based buffer overflow in broid 1.0 Beta 3a allows remote ...) +CVE-2009-3213 NOT-FOR-US: broid -CVE-2009-3212 (SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, ...) +CVE-2009-3212 NOT-FOR-US: VivaPrograms Infinity Script -CVE-2009-3211 (Directory traversal vulnerability in VivaPrograms Infinity Script ...) +CVE-2009-3211 NOT-FOR-US: VivaPrograms Infinity Script -CVE-2009-3210 (Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka ...) +CVE-2009-3210 NOT-FOR-US: Print (aka Printer, e-mail and PDF versions) Drupal module (3rd party module) -CVE-2009-3209 (SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 ...) +CVE-2009-3209 NOT-FOR-US: PHP eMail Manager -CVE-2009-3208 (Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote ...) +CVE-2009-3208 NOT-FOR-US: phpfreeBB -CVE-2009-3207 (The ImageCache module 5.x before 5.x-2.5 and 6.x before ...) +CVE-2009-3207 NOT-FOR-US: ImageCache module for Drupal (3rd party module) -CVE-2009-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache ...) +CVE-2009-3206 NOT-FOR-US: ImageCache module for Drupal (3rd party module) -CVE-2009-3205 (SQL injection vulnerability in main.php in CBAuthority allows remote ...) +CVE-2009-3205 NOT-FOR-US: CBAuthority -CVE-2009-3204 (Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 ...) +CVE-2009-3204 NOT-FOR-US: Stiva Forum -CVE-2009-3203 (SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x ...) +CVE-2009-3203 NOT-FOR-US: AJ Auction Pro OOPD -CVE-2009-3202 (Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP ...) +CVE-2009-3202 NOT-FOR-US: ULoKI PHP Forum -CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows user-assisted ...) +CVE-2009-3201 NOT-FOR-US: Media Player Classic -CVE-2009-3200 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...) +CVE-2009-3200 NOT-FOR-US: QNAP TS-239 Pro and TS-639 Pro -CVE-2009-3199 (Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web ...) +CVE-2009-3199 NOT-FOR-US: Uebimiau Webmail -CVE-2009-3198 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech ...) +CVE-2009-3198 NOT-FOR-US: Affiliate Master -CVE-2009-3197 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP ...) +CVE-2009-3197 NOT-FOR-US: JCE-Tech PHP Calendars -CVE-2009-3196 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP ...) +CVE-2009-3196 NOT-FOR-US: JCE-Tech PHP Video Script -CVE-2009-3195 (Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech ...) +CVE-2009-3195 NOT-FOR-US: JCE-Tech Auction RSS Content Script -CVE-2009-3194 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech ...) +CVE-2009-3194 NOT-FOR-US: JCE-Tech SearchFeed Script -CVE-2009-3193 (SQL injection vulnerability in the DigiFolio (com_digifolio) component ...) +CVE-2009-3193 NOT-FOR-US: component for Joomla! -CVE-2009-3192 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-3192 NOT-FOR-US: LinkorCMS -CVE-2009-3191 (Multiple cross-site scripting (XSS) vulnerabilities in PAD Site ...) +CVE-2009-3191 NOT-FOR-US: PAD Site Scripts -CVE-2009-3190 (Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow ...) +CVE-2009-3190 NOT-FOR-US: PAD Site Scripts -CVE-2009-3189 (Cross-site scripting (XSS) vulnerability in search.php in DigiOz ...) +CVE-2009-3189 NOT-FOR-US: DigiOz Guestbook -CVE-2009-3188 (PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 ...) +CVE-2009-3188 NOT-FOR-US: phpSANE -CVE-2009-3187 (Cross-site scripting (XSS) vulnerability in gamelist.php in Stand ...) +CVE-2009-3187 NOT-FOR-US: Stand Alone Arcade -CVE-2009-3186 (Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ ...) +CVE-2009-3186 NOT-FOR-US: VideoGirls BiZ -CVE-2009-3185 (SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 ...) +CVE-2009-3185 NOT-FOR-US: Crazy Star plugin 2.0 for Discuz! -CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates of The ...) +CVE-2009-3184 NOT-FOR-US: Pirates of The Caribbean -CVE-2009-3233 (changetrack 4.3 allows local users to execute arbitrary commands via ...) +CVE-2009-3233 {DSA-1891-1} - changetrack 4.5-2 (medium; bug #546791) -CVE-2009-3183 (Heap-based buffer overflow in w in Sun Solaris 8 through 10, and ...) +CVE-2009-3183 NOT-FOR-US: Sun Solaris -CVE-2009-3166 (token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL ...) +CVE-2009-3166 - bugzilla 3.4.7.0-1 [lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected) -CVE-2009-3165 (SQL injection vulnerability in the Bug.create WebService function in ...) +CVE-2009-3165 {DSA-1913-1} - bugzilla 3.2.5.0-1 (low; bug #547132) [etch] - bugzilla <not-affected> (Vulnerable code not present) NOTE: Introduced in 2.23.4 -CVE-2009-3182 (Unrestricted file upload vulnerability in ...) +CVE-2009-3182 NOT-FOR-US: Anantasoft Gazelle CMS -CVE-2009-3181 (Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows ...) +CVE-2009-3181 NOT-FOR-US: Anantasoft Gazelle CMS -CVE-2009-3180 (Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a ...) +CVE-2009-3180 NOT-FOR-US: Anantasoft Gazelle CMS -CVE-2009-3179 (Multiple unspecified vulnerabilities in Symantec Altiris Deployment ...) +CVE-2009-3179 NOT-FOR-US: Symantec Altiris Deployment Solution -CVE-2009-3178 (Unspecified vulnerability in mm.exe in Symantec Altiris Deployment ...) +CVE-2009-3178 NOT-FOR-US: Symantec Altiris Deployment Solution -CVE-2009-3177 (Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown ...) +CVE-2009-3177 NOT-FOR-US: Kaspersky Online Scanner -CVE-2009-3176 (Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 ...) +CVE-2009-3176 NOT-FOR-US: Novell iPrint Client -CVE-2009-3175 (Multiple SQL injection vulnerabilities in Model Agency Manager PRO ...) +CVE-2009-3175 NOT-FOR-US: Model Agency Manager PRO -CVE-2009-3174 (PHP remote file inclusion vulnerability in fonctions_racine.php in ...) +CVE-2009-3174 NOT-FOR-US: OBOphiX -CVE-2009-3173 (Unrestricted file upload vulnerability in admin/add_album.php in The ...) +CVE-2009-3173 NOT-FOR-US: Rat CMS Alpha -CVE-2009-3172 (Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 ...) +CVE-2009-3172 NOT-FOR-US: Hitachi Groupmax Groupware Server -CVE-2009-3171 (Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft ...) +CVE-2009-3171 NOT-FOR-US: Anantasoft Gazelle CMS -CVE-2009-3170 (Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) ...) +CVE-2009-3170 NOT-FOR-US: AIMP2 Audio Converter -CVE-2009-3169 (Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission ...) +CVE-2009-3169 NOT-FOR-US: Hitachi -CVE-2009-3168 (Mevin Productions Basic PHP Events Lister 2.0 does not properly ...) +CVE-2009-3168 NOT-FOR-US: Mevin Productions Basic PHP Events Lister -CVE-2009-3167 (Directory traversal vulnerability in index.php in Anantasoft Gazelle ...) +CVE-2009-3167 NOT-FOR-US: Anantasoft Gazelle CMS -CVE-2009-3232 (pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian ...) +CVE-2009-3232 - pam 1.0.1-10 (bug #519927) [lenny] - pam <not-affected> (pam-auth-update not yet present) [etch] - pam <not-affected> (pam-auth-update not yet present) -CVE-2009-3229 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...) +CVE-2009-3229 {DSA-1900-1} - postgresql-8.4 8.4.1-1 - postgresql-8.3 8.3.8-1 - postgresql-8.1 <not-affected> - postgresql-7.4 <not-affected> -CVE-2009-3230 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...) +CVE-2009-3230 {DSA-1900-1} - postgresql-8.4 8.4.1-1 - postgresql-8.3 8.3.8-1 - postgresql-8.1 <removed> - postgresql-7.4 <removed> -CVE-2009-3231 (The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 ...) +CVE-2009-3231 {DSA-1900-1} - postgresql-8.4 8.4.1-1 - postgresql-8.3 8.3.8-1 - postgresql-8.1 <not-affected> - postgresql-7.4 <not-affected> -CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun Solaris ...) +CVE-2009-3164 NOT-FOR-US: Solaris -CVE-2009-3163 (Multiple format string vulnerabilities in lib/silcclient/command.c in ...) +CVE-2009-3163 {DSA-1879-1} - silc-toolkit 1.1.10-1 (medium) - silc-client 1.1-2 (medium) @@ -5271,345 +5271,345 @@ CVE-2009-3137 REJECTED CVE-2009-3136 REJECTED -CVE-2009-3135 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 ...) +CVE-2009-3135 NOT-FOR-US: Microsoft Office -CVE-2009-3134 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) +CVE-2009-3134 NOT-FOR-US: Microsoft Office -CVE-2009-3133 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and ...) +CVE-2009-3133 NOT-FOR-US: Microsoft Office -CVE-2009-3132 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) +CVE-2009-3132 NOT-FOR-US: Microsoft Office -CVE-2009-3131 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) +CVE-2009-3131 NOT-FOR-US: Microsoft Office -CVE-2009-3130 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...) +CVE-2009-3130 NOT-FOR-US: Microsoft Office -CVE-2009-3129 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) +CVE-2009-3129 NOT-FOR-US: Microsoft Office -CVE-2009-3128 (Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer ...) +CVE-2009-3128 NOT-FOR-US: Microsoft Office -CVE-2009-3127 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...) +CVE-2009-3127 NOT-FOR-US: Microsoft Office -CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) +CVE-2009-3126 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows ...) +CVE-2009-3162 NOT-FOR-US: Multi Website -CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows ...) +CVE-2009-3161 NOT-FOR-US: IBM WebSpHere MQ -CVE-2009-3160 (IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and ...) +CVE-2009-3160 NOT-FOR-US: IBM WebSphere MQ -CVE-2009-3159 (Unspecified vulnerability in the rriDecompress function in IBM ...) +CVE-2009-3159 NOT-FOR-US: IBM WebSphere MQ -CVE-2009-3158 (admin/files.php in simplePHPWeb 0.2 does not require authentication, ...) +CVE-2009-3158 NOT-FOR-US: simplePHPWeb -CVE-2009-3157 (Cross-site scripting (XSS) vulnerability in the Calendar module 6.x ...) +CVE-2009-3157 NOT-FOR-US: Calendar module for Drupal -CVE-2009-3156 (Cross-site scripting (XSS) vulnerability in the Date Tools sub-module ...) +CVE-2009-3156 NOT-FOR-US: Date module for Drupal -CVE-2009-3155 (Cross-site scripting (XSS) vulnerability in gmap.php in the Almond ...) +CVE-2009-3155 NOT-FOR-US: Almond Classifieds component for Joomla! -CVE-2009-3154 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...) +CVE-2009-3154 NOT-FOR-US: Almond Classifieds component for Joomla! -CVE-2009-3153 (Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search ...) +CVE-2009-3153 NOT-FOR-US: x10 MP3 Search engine -CVE-2009-3152 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-3152 NOT-FOR-US: NTSOFT BBS E-Market Professional -CVE-2009-3151 (Directory traversal vulnerability in actions/downloadFile.php in ...) +CVE-2009-3151 NOT-FOR-US: Ultrize TimeSheet -CVE-2009-3150 (SQL injection vulnerability in index.php in Multi Website 1.5 allows ...) +CVE-2009-3150 NOT-FOR-US: Multi Website -CVE-2009-3149 (Directory traversal vulnerability in _css/js.php in Elgg 1.5, when ...) +CVE-2009-3149 - elgg <itp> (bug #526197) -CVE-2009-3148 (Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 ...) +CVE-2009-3148 NOT-FOR-US: PortalXP Teacher Edition -CVE-2009-3147 (Cross-site scripting (XSS) vulnerability in showproduct.php in ...) +CVE-2009-3147 NOT-FOR-US: ReviewPost Pro -CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php in ...) +CVE-2009-3146 NOT-FOR-US: ArticleFriend Script -CVE-2009-3125 (SQL injection vulnerability in the Bug.search WebService function in ...) +CVE-2009-3125 - bugzilla 3.4.7.0-1 [lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected) -CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in QuarkMail ...) +CVE-2009-3124 NOT-FOR-US: QuarkMail -CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in Wap-Motor ...) +CVE-2009-3123 NOT-FOR-US: Wap-Motor -CVE-2009-3122 (The Ajax Table module 5.x for Drupal does not perform access control, ...) +CVE-2009-3122 NOT-FOR-US: Ajax Table module module for Drupal -CVE-2009-3121 (Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x ...) +CVE-2009-3121 NOT-FOR-US: Ajax Table module module for Drupal -CVE-2009-3120 (Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE ...) +CVE-2009-3120 NOT-FOR-US: BIGACE Web CMS -CVE-2009-3119 (SQL injection vulnerability in screen.php in the Download System mSF ...) +CVE-2009-3119 NOT-FOR-US: PHP-Fusion -CVE-2009-3118 (SQL injection vulnerability in mod/poll/comment.php in the vote module ...) +CVE-2009-3118 NOT-FOR-US: Danneo CMS -CVE-2009-3117 (SQL injection vulnerability in category.php in Snow Hall Silurus ...) +CVE-2009-3117 NOT-FOR-US: Snow Hall Silurus System -CVE-2009-3116 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...) +CVE-2009-3116 NOT-FOR-US: Uiga Church Portal -CVE-2009-3115 (SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers ...) +CVE-2009-3115 NOT-FOR-US: SolarWinds TFTP Server -CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from ...) +CVE-2009-3114 NOT-FOR-US: IBM Lotus Notes -CVE-2009-3113 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...) +CVE-2009-3113 NOT-FOR-US: OXID eShop Professional -CVE-2009-3112 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...) +CVE-2009-3112 NOT-FOR-US: OXID eShop Professional -CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote ...) +CVE-2009-3111 - freeradius 2.0.0-1 (low) -CVE-2009-3110 (Race condition in the file transfer functionality in Symantec Altiris ...) +CVE-2009-3110 NOT-FOR-US: Symantec Altiris Deployment Solution -CVE-2009-3109 (Unspecified vulnerability in the AClient agent in Symantec Altiris ...) +CVE-2009-3109 NOT-FOR-US: Symantec Altiris Deployment Solution -CVE-2009-3108 (The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before ...) +CVE-2009-3108 NOT-FOR-US: Symantec Altiris Deployment Solution -CVE-2009-3107 (Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 ...) +CVE-2009-3107 NOT-FOR-US: Symantec Altiris Deployment Solution -CVE-2009-3106 (The Servlet Engine/Web Container component in IBM WebSphere ...) +CVE-2009-3106 NOT-FOR-US: IBM WebSphere Application Server -CVE-2009-3105 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka ...) +CVE-2009-3105 NOT-FOR-US: IBM Lotus iNotes -CVE-2009-3104 (Unspecified vulnerability in Symantec Norton AntiVirus 2005 through ...) +CVE-2009-3104 NOT-FOR-US: Symantec Norton AntiVirus -CVE-2009-3103 (Array index error in the SMBv2 protocol implementation in srv2.sys in ...) +CVE-2009-3103 NOT-FOR-US: Microsoft -CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery ...) +CVE-2009-3102 NOT-FOR-US: Zmanda Recovery Manager -CVE-2009-3101 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and ...) +CVE-2009-3101 - xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this) -CVE-2009-3100 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, ...) +CVE-2009-3100 - xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this) -CVE-2009-3099 (Unspecified vulnerability in HP OpenView Operations Manager 8.1 on ...) +CVE-2009-3099 NOT-FOR-US: HP OpenView Operations Manager -CVE-2009-3098 (Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 ...) +CVE-2009-3098 NOT-FOR-US: HP Operations Dashboard -CVE-2009-3097 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on ...) +CVE-2009-3097 NOT-FOR-US: HP Performance Insight -CVE-2009-3096 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 ...) +CVE-2009-3096 NOT-FOR-US: HP Performance Insight -CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote ...) +CVE-2009-3095 {DSA-1934-1} - apache2 2.2.13-2 (low; bug #545951) [etch] - apache2 <no-dsa> (minor issue) [lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951) NOTE: The attacker needs to have valid credentials for the FTP server, which NOTE: makes this irrelevant in most cases. Based on a VulnDisco commercial 0day. -CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the ...) +CVE-2009-3094 {DSA-1934-1} - apache2 2.2.13-2 (low; bug #545951) [etch] - apache2 <no-dsa> (minor issue) [lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951) -CVE-2009-3093 (Unspecified vulnerability on the ASUS WL-500W wireless router has ...) +CVE-2009-3093 NOT-FOR-US: ASUS WL-500W -CVE-2009-3092 (Buffer overflow on the ASUS WL-500W wireless router has unknown impact ...) +CVE-2009-3092 NOT-FOR-US: ASUS WL-500W -CVE-2009-3091 (Unspecified vulnerability on the ASUS WL-330gE has unknown impact and ...) +CVE-2009-3091 NOT-FOR-US: ASUS WL-330gE -CVE-2009-3090 (Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on ...) +CVE-2009-3090 NOT-FOR-US: IBM Tivoli Directory Server -CVE-2009-3089 (IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause ...) +CVE-2009-3089 NOT-FOR-US: IBM Tivoli Directory Server -CVE-2009-3088 (Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server ...) +CVE-2009-3088 NOT-FOR-US: IBM Tivoli Directory Server -CVE-2009-3087 (Unspecified vulnerability in nserver.exe in the server in IBM Lotus ...) +CVE-2009-3087 NOT-FOR-US: IBM Lotus Domino -CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x ...) +CVE-2009-3086 {DSA-2260-1} - rails 2.2.3-1 (low; bug #545063) [etch] - rails <no-dsa> (Minor issue) -CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not ...) +CVE-2009-3085 - pidgin 2.6.2-1 (low) [lenny] - pidgin <no-dsa> (Minor issue) -CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c ...) +CVE-2009-3084 {DSA-2038-1} - pidgin 2.6.2-1 (low) -CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the ...) +CVE-2009-3083 {DSA-2038-1} - pidgin 2.6.2-1 (low) -CVE-2009-3082 (SQL injection vulnerability in wcategory.php in Snow Hall Silurus ...) +CVE-2009-3082 NOT-FOR-US: Snow Hall Silurus System -CVE-2009-3081 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...) +CVE-2009-3081 NOT-FOR-US: Uiga Church Portal -CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x ...) +CVE-2009-3079 {DSA-1886-1} - iceweasel 3.0.14-1 [etch] - iceweasel <end-of-life> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and ...) +CVE-2009-3078 {DSA-1885-1} - xulrunner 1.9.0.14-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not ...) +CVE-2009-3077 {DSA-1885-1} - xulrunner 1.9.0.14-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement certain ...) +CVE-2009-3076 {DSA-1885-1} - xulrunner 1.9.0.14-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) +CVE-2009-3075 {DSA-2025-1 DSA-1885-1} - xulrunner 1.9.0.14-1 - icedove 3.0~rc2-2 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox ...) +CVE-2009-3074 {DSA-1885-1} - xulrunner 1.9.0.14-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox ...) +CVE-2009-3073 - xulrunner <not-affected> (Only affects Firefox 3.5.x) [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x) [etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x) -CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2009-3072 {DSA-2025-1 DSA-1885-1} - xulrunner 1.9.0.14-1 - icedove 3.0~rc2-2 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2009-3071 {DSA-1885-1} - xulrunner 1.9.0.14-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2009-3070 {DSA-1885-1} - xulrunner 1.9.0.14-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) +CVE-2009-3069 - xulrunner <not-affected> (Only affects Firefox 3.5.x) [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x) [etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x) -CVE-2009-3068 (Unrestricted file upload vulnerability in the RoboHelpServer Servlet ...) +CVE-2009-3068 NOT-FOR-US: Adobe RoboHelp Server -CVE-2009-3067 (Cross-site scripting (XSS) vulnerability in index.php in Reservation ...) +CVE-2009-3067 NOT-FOR-US: Reservation Manager -CVE-2009-3066 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-3066 NOT-FOR-US: PropertyWatchScript.com Property Watch -CVE-2009-3065 (PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in ...) +CVE-2009-3065 NOT-FOR-US: Ve-EDIT -CVE-2009-3064 (Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT ...) +CVE-2009-3064 NOT-FOR-US: Ve-EDIT -CVE-2009-3063 (SQL injection vulnerability in the Game Server (com_gameserver) ...) +CVE-2009-3063 NOT-FOR-US: Joomla! -CVE-2009-3062 (SQL injection vulnerability in message_box.php in OSI Codes PHP Live! ...) +CVE-2009-3062 NOT-FOR-US: OSI Codes PHP Live! -CVE-2009-3061 (SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 ...) +CVE-2009-3061 NOT-FOR-US: Alqatari Q R Script -CVE-2009-3060 (Multiple cross-site scripting (XSS) vulnerabilities in Joker Board ...) +CVE-2009-3060 NOT-FOR-US: Joker Board -CVE-2009-3059 (Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 ...) +CVE-2009-3059 NOT-FOR-US: Joker Board -CVE-2009-3058 (Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers ...) +CVE-2009-3058 NOT-FOR-US: akPlayer -CVE-2009-3057 (Multiple cross-site scripting (XSS) vulnerabilities in AOM Software ...) +CVE-2009-3057 NOT-FOR-US: AOM Software Beex -CVE-2009-3056 (PHP remote file inclusion vulnerability in ...) +CVE-2009-3056 NOT-FOR-US: KingCMS -CVE-2009-3055 (PHP remote file inclusion vulnerability in engine/api/api.class.php in ...) +CVE-2009-3055 NOT-FOR-US: DataLife Engine -CVE-2009-3054 (SQL injection vulnerability in the Artetics.com Art Portal ...) +CVE-2009-3054 NOT-FOR-US: Joomla! -CVE-2009-3053 (Directory traversal vulnerability in the Agora (com_agora) component ...) +CVE-2009-3053 NOT-FOR-US: Joomla! -CVE-2009-3052 (SQL injection vulnerability in root/includes/prime_quick_style.php in ...) +CVE-2009-3052 NOT-FOR-US: Prime Quick Style addon -CVE-2009-3051 (Multiple format string vulnerabilities in ...) +CVE-2009-3051 {DSA-1879-1} - silc-toolkit 1.1.10-1 (medium) - silc-client 1.1-2 (medium) - silc-server 1.1.2-1 (medium) NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2 -CVE-2009-3050 (Buffer overflow in the set_page_size function in util.cxx in HTMLDOC ...) +CVE-2009-3050 - htmldoc 1.8.27-4.1 (low; bug #537637) [etch] - htmldoc <no-dsa> (Minor issue) [lenny] - htmldoc <no-dsa> (Minor issue) -CVE-2009-3049 (Opera before 10.00 does not properly display all characters in ...) +CVE-2009-3049 NOT-FOR-US: Opera -CVE-2009-3048 (Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly ...) +CVE-2009-3048 NOT-FOR-US: Opera -CVE-2009-3047 (Opera before 10.00, when a collapsed address bar is used, does not ...) +CVE-2009-3047 NOT-FOR-US: Opera -CVE-2009-3046 (Opera before 10.00 does not check all intermediate X.509 certificates ...) +CVE-2009-3046 NOT-FOR-US: Opera -CVE-2009-3045 (Opera before 10.00 trusts root X.509 certificates signed with the MD2 ...) +CVE-2009-3045 NOT-FOR-US: Opera -CVE-2009-3044 (Opera before 10.00 does not properly handle a (1) '\0' character or ...) +CVE-2009-3044 NOT-FOR-US: Opera -CVE-2009-3043 (The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux ...) +CVE-2009-3043 - linux-2.6 2.6.31-1 (medium) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31) CVE-2009-3039 RESERVED -CVE-2009-3038 (A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research ...) +CVE-2009-3038 NOT-FOR-US: ActiveX -CVE-2009-3037 (Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka ...) +CVE-2009-3037 NOT-FOR-US: Autonomy KeyView XLS viewer -CVE-2009-3036 (Cross-site scripting (XSS) vulnerability in the console in Symantec IM ...) +CVE-2009-3036 NOT-FOR-US: Symantec IM Manager -CVE-2009-3035 (The web console in Symantec Altiris Notification Server 6.0.x before ...) +CVE-2009-3035 NOT-FOR-US: Symantec Altiris Notification Server CVE-2009-3034 REJECTED -CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS Console ...) +CVE-2009-3033 NOT-FOR-US: ActiveX -CVE-2009-3032 (Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the ...) +CVE-2009-3032 NOT-FOR-US: Autonomy KeyView -CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the ...) +CVE-2009-3031 NOT-FOR-US: Symantec Altiris Notification Server -CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...) +CVE-2009-3030 NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server -CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec ...) +CVE-2009-3029 NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server -CVE-2009-3028 (The Altiris eXpress NS SC Download ActiveX control in ...) +CVE-2009-3028 NOT-FOR-US: Symantec -CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection ...) +CVE-2009-3027 NOT-FOR-US: Symantec Backup Exec Continuous Protection Server -CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to ...) +CVE-2009-3025 - pidgin 2.6.1-1 (low) [lenny] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0) [etch] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0) -CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking ...) +CVE-2009-3024 - libio-socket-ssl-perl 1.30-1 [lenny] - libio-socket-ssl-perl 1.16-1+lenny1 [etch] - libio-socket-ssl-perl <not-affected> (Affected functionality introduced in 1.14) -CVE-2009-3023 (Buffer overflow in the FTP Service in Microsoft Internet Information ...) +CVE-2009-3023 NOT-FOR-US: Microsoft IIS -CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and ...) +CVE-2009-3022 NOT-FOR-US: bingo!CMS -CVE-2009-3021 (Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' ...) +CVE-2009-3021 NOT-FOR-US: Site Calendar 'mycaljp' plugin -CVE-2009-3020 (win32k.sys in Microsoft Windows Server 2003 SP2 allows remote ...) +CVE-2009-3020 NOT-FOR-US: Microsoft Windows Server -CVE-2009-3019 (Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet ...) +CVE-2009-3019 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-3018 (Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block ...) +CVE-2009-3018 NOT-FOR-US: Maxthon Browser -CVE-2009-3017 (Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh ...) +CVE-2009-3017 NOT-FOR-US: Orca Browser -CVE-2009-3016 (Apple Safari 4.0.3 does not properly block javascript: and data: URIs ...) +CVE-2009-3016 NOT-FOR-US: Apple Safari -CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...) +CVE-2009-3015 - qt4-x11 <unfixed> (unimportant) - kdelibs <unfixed> (unimportant) - kde4libs <unfixed> (unimportant) NOTE: This is a web site issue (open redirector), not a browser problem. -CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...) +CVE-2009-3014 NOTE: This is a web site issue (open redirector), not a browser problem. - iceweasel <removed> (unimportant) -CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...) +CVE-2009-3013 NOT-FOR-US: Opera -CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre ...) +CVE-2009-3012 NOTE: This is a web site issue (open redirector), not a browser problem. -CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...) +CVE-2009-3011 NOT-FOR-US: Unclear, historic Chrome issue -CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...) +CVE-2009-3010 NOTE: This is a web site issue (open redirector), not a browser problem. - iceweasel <removed> (unimportant) -CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before ...) +CVE-2009-3009 {DSA-1887-1} - rails 2.2.3-1 (low; bug #545063) [etch] - rails <no-dsa> (Unsupported) -CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...) +CVE-2009-3008 NOT-FOR-US: K-Meleon -CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow ...) +CVE-2009-3007 {DSA-1922-1} - xulrunner 1.9.1.3-3 (low) [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) @@ -5617,213 +5617,213 @@ CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allo [etch] - iceape <end-of-life> (Etch Packages no longer covered by security support) [lenny] - iceape <not-affected> (Iceape from Lenny only provides NSS libs) - webkit <not-affected> (proof-of-concept did not work) -CVE-2009-3006 (Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the ...) +CVE-2009-3006 NOT-FOR-US: Maxthon Browser -CVE-2009-3005 (Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address ...) +CVE-2009-3005 NOT-FOR-US: Lunascape -CVE-2009-3004 (Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof ...) +CVE-2009-3004 NOT-FOR-US: Avant Browser -CVE-2009-3003 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...) +CVE-2009-3003 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-3002 (The Linux kernel before 2.6.31-rc7 does not initialize certain data ...) +CVE-2009-3002 {DSA-1929-1 DSA-1928-1 DSA-1915-1} - linux-2.6 2.6.30-7 (low) - linux-2.6.24 <removed> NOTE: minor info leaks -CVE-2009-3001 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel ...) +CVE-2009-3001 {DSA-1929-1 DSA-1928-1 DSA-1915-1} - linux-2.6 2.6.30-7 (low) - linux-2.6.24 <removed> NOTE: minor info leak -CVE-2009-3000 (The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris ...) +CVE-2009-3000 NOT-FOR-US: Sun Solaris -CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote ...) +CVE-2009-2999 NOT-FOR-US: Android CVE-2009-XXXX [serveez: buffer overflow in header parser] - serveez <removed> (low) [lenny] - serveez 0.1.5-2.1+lenny1 [etch] - serveez 0.1.5-2+etch1 -CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) +CVE-2009-2998 NOT-FOR-US: Adobe -CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...) +CVE-2009-2997 NOT-FOR-US: Adobe -CVE-2009-2996 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) +CVE-2009-2996 NOT-FOR-US: Adobe -CVE-2009-2995 (Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, ...) +CVE-2009-2995 NOT-FOR-US: Adobe -CVE-2009-2994 (Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...) +CVE-2009-2994 NOT-FOR-US: Adobe -CVE-2009-2993 (The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before ...) +CVE-2009-2993 NOT-FOR-US: Adobe -CVE-2009-2992 (An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before ...) +CVE-2009-2992 NOT-FOR-US: Adobe -CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and ...) +CVE-2009-2991 NOT-FOR-US: Adobe -CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x ...) +CVE-2009-2990 NOT-FOR-US: Adobe -CVE-2009-2989 (Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, ...) +CVE-2009-2989 NOT-FOR-US: Adobe -CVE-2009-2988 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) +CVE-2009-2988 NOT-FOR-US: Adobe -CVE-2009-2987 (Unspecified vulnerability in an ActiveX control in Adobe Reader and ...) +CVE-2009-2987 NOT-FOR-US: Adobe -CVE-2009-2986 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x ...) +CVE-2009-2986 NOT-FOR-US: Adobe -CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) +CVE-2009-2985 NOT-FOR-US: Adobe -CVE-2009-2984 (Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x ...) +CVE-2009-2984 NOT-FOR-US: Adobe -CVE-2009-2983 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...) +CVE-2009-2983 NOT-FOR-US: Adobe -CVE-2009-2982 (An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, ...) +CVE-2009-2982 NOT-FOR-US: Adobe -CVE-2009-2981 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) +CVE-2009-2981 NOT-FOR-US: Adobe -CVE-2009-2980 (Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...) +CVE-2009-2980 NOT-FOR-US: Adobe -CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...) +CVE-2009-2979 NOT-FOR-US: Adobe -CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...) +CVE-2009-2978 - sugarcrm-ce-5.0 <itp> (bug #457876) -CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) +CVE-2009-2977 NOT-FOR-US: Cisco -CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents ...) +CVE-2009-2976 NOT-FOR-US: Cisco -CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly ...) +CVE-2009-2975 - xulrunner <not-affected> (unimportant) NOTE: browser crashes not treated as security issues NOTE: not reproducible, probably only Firefox in Windows XP is affected -CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote ...) +CVE-2009-2974 - chromium-browser <not-affected> (Only 1.x is affected) - webkit <not-affected> (doesn't support 'chromehtml' protocol) -CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a ...) +CVE-2009-2973 - chromium-browser <not-affected> (Only 2.x is affected) - webkit <not-affected> (chrome-specific issue) -CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote ...) +CVE-2009-2972 NOT-FOR-US: Sun Solaris CVE-2009-2971 RESERVED -CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an ...) +CVE-2009-2970 NOT-FOR-US: UiTV UiPlayer CVE-2009-2969 RESERVED -CVE-2009-2968 (Directory traversal vulnerability in a support component in the web ...) +CVE-2009-2968 NOT-FOR-US: VMware Studio -CVE-2009-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 ...) +CVE-2009-2967 - buildbot 0.7.11p3-1 [lenny] - buildbot <no-dsa> (Minor issue) [etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected) -CVE-2009-2966 (avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus ...) +CVE-2009-2966 NOT-FOR-US: Kaspersky Internet Security -CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in ...) +CVE-2009-2965 NOT-FOR-US: Radvision Scopia -CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-2964 {DSA-2091-1} - squirrelmail 2:1.4.20~rc2-1 (low; bug #543818) -CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar Uninstaller ...) +CVE-2009-2963 NOT-FOR-US: Toolbar Uninstaller -CVE-2009-2961 (Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows ...) +CVE-2009-2961 NOT-FOR-US: Thaddy de Konng KOL Player -CVE-2009-2960 (CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to ...) +CVE-2009-2960 NOT-FOR-US: CuteFlow -CVE-2009-2959 (Cross-site scripting (XSS) vulnerability in the waterfall web status ...) +CVE-2009-2959 - buildbot 0.7.11p3-1 (low; bug #543822) [lenny] - buildbot <no-dsa> (Minor issue) [etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected) -CVE-2009-2958 (The tftp_request function in tftp.c in dnsmasq before 2.50, when ...) +CVE-2009-2958 {DSA-1876-1} - dnsmasq 2.50-1 [etch] - dnsmasq <not-affected> -CVE-2009-2957 (Heap-based buffer overflow in the tftp_request function in tftp.c in ...) +CVE-2009-2957 {DSA-1876-1} - dnsmasq 2.50-1 [etch] - dnsmasq <not-affected> -CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere ...) +CVE-2009-2956 NOT-FOR-US: IBM WebSphere -CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...) +CVE-2009-2955 - chromium-browser <not-affected> (Only 1.x is affected) NOTE: browser denial of services are not considered security-relevant -CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...) +CVE-2009-2954 NOT-FOR-US: Microsoft -CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...) +CVE-2009-2953 - xulrunner <unfixed> (unimportant; bug #557753) NOTE: browser denial-of-services are considered unimportant -CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun Solaris ...) +CVE-2009-2952 NOT-FOR-US: Sun Solaris -CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for password ...) +CVE-2009-2951 NOT-FOR-US: Phenotype CMS -CVE-2009-2950 (Heap-based buffer overflow in the ...) +CVE-2009-2950 {DSA-1995-1 DTSA-205-1} - openoffice.org 1:3.1.1-16 -CVE-2009-2949 (Integer overflow in the XPMReader::ReadXPM function in ...) +CVE-2009-2949 {DSA-1995-1 DTSA-205-1} - openoffice.org 1:3.1.1-16 -CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before ...) +CVE-2009-2948 {DSA-1908-1} - samba 2:3.4.2-1 (medium; bug #550423) -CVE-2009-2947 (Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 ...) +CVE-2009-2947 {DSA-1882-1} - xapian-omega 1.0.15-2 -CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in ...) +CVE-2009-2946 {DSA-1878-2 DSA-1878-1} - devscripts 2.10.54 -CVE-2009-2945 (weblogin/login.fcgi (aka the WebLogin login script) in Stanford ...) +CVE-2009-2945 - webauth 3.6.2-1 (low) [lenny] - webauth 3.6.0-1+lenny1 [etch] - webauth <not-affected> (Vulnerable code not present) -CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in ikiwiki ...) +CVE-2009-2944 {DSA-1875-1} - ikiwiki 3.1415926 -CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL ...) +CVE-2009-2943 {DSA-1909-1} - postgresql-ocaml 1.12.1-1 (low) -CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the ...) +CVE-2009-2942 {DSA-1910-1} - mysql-ocaml 1.0.4-7 (low) CVE-2009-2941 RESERVED -CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly support ...) +CVE-2009-2940 {DSA-1911-1} - pygresql 1:4.0-1 (low) -CVE-2009-2939 (The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix ...) +CVE-2009-2939 - postfix 2.6.5-3 (low) [lenny] - postfix 2.5.5-1.1+lenny1 [etch] - postfix <no-dsa> (Minor issue) CVE-2009-2938 RESERVED -CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet ...) +CVE-2009-2937 - planet <removed> (low; bug #546178) [lenny] - planet <no-dsa> (Minor issue) [etch] - planet <no-dsa> (Minor issue) - planet-venus 0~bzr116-1 (low; bug #546179) [lenny] - planet-venus 0~bzr95-2+lenny1 [etch] - planet-venus <no-dsa> (Minor issue) -CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or ...) +CVE-2009-2936 - varnish 2.1.0-2 (unimportant) NOTE: Only a security issue if used against best practices -CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...) +CVE-2009-2935 - chromium-browser <not-affected> (Only 2.x is affected) - libv8 1.3.11+dfsg-1 - webkit <not-affected> (libv8 issue) -CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...) +CVE-2009-2934 NOT-FOR-US: Programmed Integration PIPL -CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...) +CVE-2009-2933 - piwigo <not-affected> (Fixed before initial upload to the archive) -CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process in the ...) +CVE-2009-2932 NOT-FOR-US: SAP NetWeaver -CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro Director ...) +CVE-2009-2931 NOT-FOR-US: SlideShowPro Director -CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature in elka ...) +CVE-2009-2930 NOT-FOR-US: elka CMS (aka Elkapax) -CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management 0.x ...) +CVE-2009-2929 NOT-FOR-US: TGS Content Management -CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS Content ...) +CVE-2009-2928 NOT-FOR-US: TGS Content Management -CVE-2009-2927 (SQL injection vulnerability in DetailFile.php in DigitalSpinners DS ...) +CVE-2009-2927 NOT-FOR-US: DigitalSpinners DS CMS -CVE-2009-2926 (Multiple SQL injection vulnerabilities in PHP Competition System BETA ...) +CVE-2009-2926 NOT-FOR-US: PHP Competition System BETA -CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly ...) +CVE-2009-3026 - pidgin 2.6.1-1 (low; bug #542891) [lenny] - pidgin 2.4.3-4lenny4 NOTE: gaim nof affected, it never claimed to support TLS/SSL @@ -5831,113 +5831,113 @@ CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibl NOTE: http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279 CVE-2009-2962 REJECTED -CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in DJCalendar ...) +CVE-2009-2925 NOT-FOR-US: DJCalendar -CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 ...) +CVE-2009-2924 NOT-FOR-US: Videos Broadcast Yourself 2 -CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance ...) +CVE-2009-2923 NOT-FOR-US: BitmixSoft PHP-Lance -CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in Pixaria ...) +CVE-2009-2922 NOT-FOR-US: Pixaria Gallery -CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP ...) +CVE-2009-2921 NOT-FOR-US: MOC Designs PHP News -CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 ...) +CVE-2009-2920 NOT-FOR-US: Elvin -CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 ...) +CVE-2009-2919 NOT-FOR-US: Boonex Orca -CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows ...) +CVE-2009-2918 NOT-FOR-US: TheGreenBow IPSec VPN Client -CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote ...) +CVE-2009-2917 NOT-FOR-US: ImTOO MPEG Encoder -CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in logs.dll in ...) +CVE-2009-2916 NOT-FOR-US: 2K Games Vietcong -CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery ...) +CVE-2009-2915 NOT-FOR-US: 2FLY Gift Delivery System -CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...) +CVE-2009-2914 NOT-FOR-US: XZero Community Classified -CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...) +CVE-2009-2913 NOT-FOR-US: XZero Community Classified -CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through ...) +CVE-2009-2912 NOT-FOR-US: Sun Solaris -CVE-2009-2911 (SystemTap 1.0, when the --unprivileged option is used, does not ...) +CVE-2009-2911 - systemtap 1.0-2 (bug #551918) [lenny] - systemtap <not-affected> (Affected functionality only added in 1.0) -CVE-2009-2910 (arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the ...) +CVE-2009-2910 {DSA-1928-1 DSA-1915-1} - linux-2.6 2.6.31-1 (medium) - linux-2.6.24 <unfixed> (medium) -CVE-2009-2909 (Integer signedness error in the ax25_setsockopt function in ...) +CVE-2009-2909 {DSA-1929-1 DSA-1928-1 DSA-1915-1} - linux-2.6 2.6.31-1 (medium) - linux-2.6.24 <removed> (medium) -CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux ...) +CVE-2009-2908 {DSA-1928-1 DSA-1915-1} - linux-2.6 2.6.31-1 (medium) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19) - linux-2.6.24 <removed> (medium) -CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc ...) +CVE-2009-2907 NOT-FOR-US: SpringSource tc Server, Application Management Suite, Hyperic HQ Open Source, and Hyperic Enterprise -CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, ...) +CVE-2009-2906 {DSA-1908-1} - samba 2:3.4.2-1 (low; bug #550423) -CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and ...) +CVE-2009-2905 {DSA-1894-1} - newt 0.52.10-4.1 (medium; bug #548198) -CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature in ...) +CVE-2009-2904 - openssh <not-affected> (issue with homechroot patch specific to Red Hat) -CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x ...) +CVE-2009-2903 {DSA-1928-1 DSA-1915-1} - linux-2.6 2.6.31-1 (low) - linux-2.6.24 <removed> (low) -CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...) +CVE-2009-2902 {DSA-2207-1} - tomcat6 6.0.24-1 (low) [lenny] - tomcat6 <not-affected> (Only ships the servlet package) - tomcat5.5 <removed> -CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and ...) +CVE-2009-2901 - tomcat6 <not-affected> (Windows-only) - tomcat5.5 <not-affected> (Windows-only) CVE-2009-2900 RESERVED -CVE-2009-2899 (The monitor perl script in the Sybase database plug-in in SpringSource ...) +CVE-2009-2899 NOT-FOR-US: SpringSource Hyperic HQ -CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in ...) +CVE-2009-2898 NOT-FOR-US: SpringSource Hyperic HQ -CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-2897 NOT-FOR-US: SpringSource Hyperic HQ -CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote ...) +CVE-2009-2896 NOT-FOR-US: KMPlayer: http://www.kmplayer.com -CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate ...) +CVE-2009-2895 NOT-FOR-US: Ultimate Regnow Affiliate -CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...) +CVE-2009-2894 NOT-FOR-US: Ebay Clone 2009 -CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-2893 NOT-FOR-US: XZero Community Classifieds -CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in Scripteen Free ...) +CVE-2009-2892 NOT-FOR-US: Scripteen Free Image Hosting Script -CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now Riddles ...) +CVE-2009-2891 NOT-FOR-US: PHP Scripts Now Riddles -CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts ...) +CVE-2009-2890 NOT-FOR-US: PHP Scripts Now Riddles -CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts ...) +CVE-2009-2889 NOT-FOR-US: PHP Scripts Now Riddles -CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now Hangman ...) +CVE-2009-2888 NOT-FOR-US: PHP Scripts Now Hangman -CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...) +CVE-2009-2887 NOT-FOR-US: PHP Scripts Now President Bios -CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now President ...) +CVE-2009-2886 NOT-FOR-US: PHP Scripts Now President -CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now World's ...) +CVE-2009-2885 NOT-FOR-US: PHP Scripts Now World's -CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...) +CVE-2009-2884 NOT-FOR-US: PHP Scripts Now World's Tallest Buildings -CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, ...) +CVE-2009-2883 NOT-FOR-US: SaphpLesson -CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking ...) +CVE-2009-2882 NOT-FOR-US: PG MatchMaking -CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote ...) +CVE-2009-2881 NOT-FOR-US: Basilic -CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in ...) +CVE-2009-3369 - backuppc 3.1.0-8 (low; bug #542218) [etch] - backuppc <not-affected> (No configuration GUI) [lenny] - backuppc 3.1.0-4lenny2 @@ -5946,105 +5946,105 @@ CVE-2009-5043 [burn: Insecure escaping of file names] - burn 0.4.5-1 (low; bug #542329) [lenny] - burn 0.4.3-2.1+lenny1 [etch] - burn <no-dsa> (Minor issue) -CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x ...) +CVE-2009-2880 NOT-FOR-US: Cisco WebEx WRF Player -CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...) +CVE-2009-2879 NOT-FOR-US: Cisco WebEx WRF Player -CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...) +CVE-2009-2878 NOT-FOR-US: Cisco WebEx WRF Player -CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF ...) +CVE-2009-2877 NOT-FOR-US: Cisco WebEx WRF Player -CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...) +CVE-2009-2876 NOT-FOR-US: Cisco WebEx WRF Player -CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x ...) +CVE-2009-2875 NOT-FOR-US: Cisco WebEx WRF Player -CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before ...) +CVE-2009-2874 NOT-FOR-US: Cisco Unified Presence -CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...) +CVE-2009-2873 NOT-FOR-US: Cisco IOS -CVE-2009-2872 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...) +CVE-2009-2872 NOT-FOR-US: Cisco IOS -CVE-2009-2871 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN ...) +CVE-2009-2871 NOT-FOR-US: Cisco IOS -CVE-2009-2870 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the ...) +CVE-2009-2870 NOT-FOR-US: Cisco IOS -CVE-2009-2869 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, ...) +CVE-2009-2869 NOT-FOR-US: Cisco IOS -CVE-2009-2868 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when ...) +CVE-2009-2868 NOT-FOR-US: Cisco IOS -CVE-2009-2867 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, ...) +CVE-2009-2867 NOT-FOR-US: Cisco IOS -CVE-2009-2866 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote ...) +CVE-2009-2866 NOT-FOR-US: Cisco IOS -CVE-2009-2865 (Buffer overflow in the login implementation in the Extension Mobility ...) +CVE-2009-2865 NOT-FOR-US: Cisco IOS -CVE-2009-2864 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) +CVE-2009-2864 NOT-FOR-US: Cisco -CVE-2009-2863 (Race condition in the Firewall Authentication Proxy feature in Cisco ...) +CVE-2009-2863 NOT-FOR-US: Cisco IOS -CVE-2009-2862 (The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS ...) +CVE-2009-2862 NOT-FOR-US: Cisco -CVE-2009-2861 (The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet ...) +CVE-2009-2861 NOT-FOR-US: Cisco -CVE-2009-2860 (Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows ...) +CVE-2009-2860 NOT-FOR-US: db2jds in IBM DB2 -CVE-2009-2859 (IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access ...) +CVE-2009-2859 NOT-FOR-US: IBM DB2 -CVE-2009-2858 (Memory leak in the Security component in IBM DB2 8.1 before FP18 on ...) +CVE-2009-2858 NOT-FOR-US: IBM DB2 -CVE-2009-2857 (The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before ...) +CVE-2009-2857 NOT-FOR-US: kernel in Sun Solaris -CVE-2009-2856 (Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding ...) +CVE-2009-2856 NOT-FOR-US: Sun Virtual Desktop Infrastructure -CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 ...) +CVE-2009-2855 {DSA-1991-1} - squid 2.7.STABLE7-1 (low; bug #534982) - squid3 3.0.STABLE19-1 -CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain ...) +CVE-2009-2854 {DSA-1871-2 DSA-1871-1} - wordpress 2.8.3-1 -CVE-2009-2853 (Wordpress before 2.8.3 allows remote attackers to gain privileges via ...) +CVE-2009-2853 {DSA-1871-2 DSA-1871-1} - wordpress 2.8.3-1 -CVE-2009-2852 (WP-Syntax plugin 0.9.1 and earlier for Wordpress, with ...) +CVE-2009-2852 NOT-FOR-US: WP-Syntax plugin -CVE-2009-2851 (Cross-site scripting (XSS) vulnerability in the administrator ...) +CVE-2009-2851 {DSA-1871-2 DSA-1871-1} - wordpress 2.8.3-1 (low) -CVE-2009-2850 (Multiple buffer overflows in NASA Common Data Format (CDF) allow ...) +CVE-2009-2850 NOT-FOR-US: NASA Common Data Format CVE-2009-2845 REJECTED -CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 ...) +CVE-2009-2849 {DSA-1928-1 DSA-1872-1} - linux-2.6 2.6.30-4 (medium) - linux-2.6.24 <removed> [lenny] - linux-2.6 2.6.26-19 (medium) -CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and ...) +CVE-2009-2848 {DSA-1928-1 DSA-1872-1} - linux-2.6 2.6.30-7 (low) - linux-2.6.24 <removed> [lenny] - linux-2.6 2.6.26-19 (low) -CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 ...) +CVE-2009-2847 {DSA-1928-1 DSA-1872-1} - linux-2.6 2.6.30-6 (low) - linux-2.6.24 <removed> [lenny] - linux-2.6 2.6.26-19 (low) -CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component ...) +CVE-2009-2846 {DSA-1928-1 DSA-1872-1} - linux-2.6 2.6.30-6 (low) - linux-2.6.24 <removed> [lenny] - linux-2.6 2.6.26-19 (low) -CVE-2009-2844 (cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and ...) +CVE-2009-2844 - linux-2.6 2.6.30-7 (medium) [etch] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30) [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30) - linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30) -CVE-2009-2843 (Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 ...) +CVE-2009-2843 NOT-FOR-US: Mac OS X -CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain (1) Open ...) +CVE-2009-2842 NOT-FOR-US: Apple Safari -CVE-2009-2841 (The HTMLMediaElement::loadResource function in ...) +CVE-2009-2841 - webkit 1.1.21-1 (medium; bug #559759) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/49480 @@ -6053,59 +6053,59 @@ CVE-2009-2841 (The HTMLMediaElement::loadResource function in ...) [lenny] - qt4-x11 <not-affected> (HTML video support introduced in version 4.5) [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4) - kdelibs <not-affected> (No support for HTML5 video tags) -CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary ...) +CVE-2009-2840 NOT-FOR-US: Apple Mac OS X -CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to ...) +CVE-2009-2839 NOT-FOR-US: Apple Mac OS X -CVE-2009-2838 (Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote ...) +CVE-2009-2838 NOT-FOR-US: Apple Mac OS X -CVE-2009-2837 (Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X ...) +CVE-2009-2837 NOT-FOR-US: Apple Mac OS X -CVE-2009-2836 (Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, ...) +CVE-2009-2836 NOT-FOR-US: Apple Mac OS X -CVE-2009-2835 (The kernel in Apple Mac OS X before 10.6.2 does not properly handle ...) +CVE-2009-2835 NOT-FOR-US: Apple Mac OS X -CVE-2009-2834 (IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the ...) +CVE-2009-2834 NOT-FOR-US: Apple Mac OS X -CVE-2009-2833 (Buffer overflow in the UCCompareTextDefault API in International ...) +CVE-2009-2833 NOT-FOR-US: Apple Mac OS X -CVE-2009-2832 (Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows ...) +CVE-2009-2832 NOT-FOR-US: Apple Mac OS X -CVE-2009-2831 (Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create ...) +CVE-2009-2831 NOT-FOR-US: Apple Mac OS X -CVE-2009-2830 (Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple ...) +CVE-2009-2830 - file 5.03-1 [lenny] - file <not-affected> [etch] - file <not-affected> -CVE-2009-2829 (Event Monitor in Apple Mac OS X 10.5.8 does not properly handle ...) +CVE-2009-2829 NOT-FOR-US: Apple Mac OS X -CVE-2009-2828 (The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote ...) +CVE-2009-2828 NOT-FOR-US: Apple Mac OS X -CVE-2009-2827 (Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 ...) +CVE-2009-2827 NOT-FOR-US: Apple Mac OS X -CVE-2009-2826 (Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 ...) +CVE-2009-2826 NOT-FOR-US: Apple Mac OS X -CVE-2009-2825 (Certificate Assistant in Apple Mac OS X before 10.6.2 does not ...) +CVE-2009-2825 NOT-FOR-US: Apple Mac OS X -CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...) +CVE-2009-2824 NOT-FOR-US: Apple Mac OS X -CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the ...) +CVE-2009-2823 NOT-FOR-US: Apple Mac OS X -CVE-2009-2822 (AirPort Utility before 5.5.1 for Apple AirPort Base Station does not ...) +CVE-2009-2822 NOT-FOR-US: AirPort Utility CVE-2009-2821 RESERVED -CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS X ...) +CVE-2009-2820 {DSA-1933-1} - cups 1.4.2-1 (low; bug #555666) - cupsys <removed> -CVE-2009-2819 (AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to ...) +CVE-2009-2819 NOT-FOR-US: Apple Mac OS X -CVE-2009-2818 (Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly ...) +CVE-2009-2818 NOT-FOR-US: Apple Mac OS X -CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers ...) +CVE-2009-2817 NOT-FOR-US: Apple iTunes -CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...) +CVE-2009-2816 - webkit 1.1.21-1 (low; bug #559759) [lenny] - webkit <not-affected> (vulnerable code not present) - kdelibs <not-affected> @@ -6114,50 +6114,50 @@ CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in Web NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against [lenny] - qt4-x11 <not-affected> (Vulnerable code not present) NOTE: http://trac.webkit.org/changeset/47494 -CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not ...) +CVE-2009-2815 NOT-FOR-US: Apple iPhone OS -CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple ...) +CVE-2009-2814 NOT-FOR-US: Apple Mac OS X -CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and ...) +CVE-2009-2813 {DSA-1908-1} - samba 2:3.4.2-1 (bug #550422) NOTE: requires an administrator to manually configure a user account without NOTE: a home dir, otherwise, this is ineffective -CVE-2009-2812 (Launch Services in Apple Mac OS X 10.5.8 does not properly recognize ...) +CVE-2009-2812 NOT-FOR-US: Apple Mac OS X -CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple Mac OS ...) +CVE-2009-2811 NOT-FOR-US: Apple Mac OS X -CVE-2009-2810 (Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively ...) +CVE-2009-2810 NOT-FOR-US: Apple Mac OS X -CVE-2009-2809 (ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers ...) +CVE-2009-2809 NOT-FOR-US: Apple Mac OS X -CVE-2009-2808 (Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS ...) +CVE-2009-2808 NOT-FOR-US: Apple Mac OS X -CVE-2009-2807 (Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS ...) +CVE-2009-2807 - cupsys <not-affected> (issue in darwin-specific code; bug #550150) - cups <not-affected> (issue in darwin-specific code; bug #550150) CVE-2009-2806 RESERVED -CVE-2009-2805 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 ...) +CVE-2009-2805 NOT-FOR-US: CoreGraphics in Apple Mac OS X -CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, ...) +CVE-2009-2804 NOT-FOR-US: Apple Mac OS X -CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to ...) +CVE-2009-2803 NOT-FOR-US: Apple Mac OS X CVE-2009-2802 RESERVED - mantis <not-affected> (Only affects 1.2.x) NOTE: http://www.mantisbt.org/bugs/view.php?id=11952 NOTE: http://www.mantisbt.org/blog/?p=113 -CVE-2009-2801 (The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified ...) +CVE-2009-2801 NOT-FOR-US: Apple Application Firewall -CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 ...) +CVE-2009-2800 NOT-FOR-US: Apple Mac OS X -CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...) +CVE-2009-2799 NOT-FOR-US: Apple QuickTime -CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...) +CVE-2009-2798 NOT-FOR-US: Apple QuickTime -CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and ...) +CVE-2009-2797 - webkit 1.1.21-1 (low; bug #559759) [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) - kdelibs <not-affected> @@ -6166,82 +6166,82 @@ CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and - qt4-x11 4:4.6.2-4 (low) [lenny] - qt4-x11 <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) NOTE: http://trac.webkit.org/changeset/42483 -CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for ...) +CVE-2009-2796 NOT-FOR-US: Apple iPhone OS -CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in Apple ...) +CVE-2009-2795 NOT-FOR-US: Apple iPhone OS -CVE-2009-2794 (The Exchange Support component in Apple iPhone OS before 3.1, and ...) +CVE-2009-2794 NOT-FOR-US: Apple iPhone OS -CVE-2009-2793 (The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms ...) +CVE-2009-2793 NOT-FOR-US: NetBSD kernel -CVE-2009-2792 (Directory traversal vulnerability in plugings/pagecontent.php in ...) +CVE-2009-2792 NOT-FOR-US: Really Simple CMS -CVE-2009-2791 (PHP remote file inclusion vulnerability in pda_projects.php in ...) +CVE-2009-2791 NOT-FOR-US: WebDynamite ProjectButler -CVE-2009-2790 (SQL injection vulnerability in cat_products.php in SoftBiz Dating ...) +CVE-2009-2790 NOT-FOR-US: SoftBiz Dating -CVE-2009-2789 (SQL injection vulnerability in the Permis (com_groups) component 1.0 ...) +CVE-2009-2789 NOT-FOR-US: com_groups component for Joomla! -CVE-2009-2788 (Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow ...) +CVE-2009-2788 NOT-FOR-US: Mobilelib GOLD -CVE-2009-2787 (Directory traversal vulnerability in ...) +CVE-2009-2787 NOT-FOR-US: Reputation plugin for PunBB -CVE-2009-2786 (SQL injection vulnerability in reputation.php in the Reputation plugin ...) +CVE-2009-2786 NOT-FOR-US: Reputation plugin for PunBB -CVE-2009-2785 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Open ...) +CVE-2009-2785 NOT-FOR-US: PHP Open Classifieds Script -CVE-2009-2784 (Multiple directory traversal vulnerabilities in dit.cms 1.3, when ...) +CVE-2009-2784 NOT-FOR-US: dit.cms -CVE-2009-2783 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 ...) +CVE-2009-2783 NOT-FOR-US: XOOPS -CVE-2009-2782 (SQL injection vulnerability in the JFusion (com_jfusion) component for ...) +CVE-2009-2782 NOT-FOR-US: com_jfusion component for Joomla! -CVE-2009-2781 (SQL injection vulnerability in forum.php in Arab Portal 2.x, when ...) +CVE-2009-2781 NOT-FOR-US: Arab Portal -CVE-2009-2780 (Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds ...) +CVE-2009-2780 NOT-FOR-US: 68 Classifieds -CVE-2009-2779 (SQL injection vulnerability in index.php in AJ Matrix DNA allows ...) +CVE-2009-2779 NOT-FOR-US: AJ Matrix DNA -CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in ...) +CVE-2009-2778 NOT-FOR-US: GarageSales script -CVE-2009-2777 (SQL injection vulnerability in visitor/view.php in GarageSales Script ...) +CVE-2009-2777 NOT-FOR-US: GarageSales Script -CVE-2009-2776 (SQL injection vulnerability in showresult.asp in Smart ASP Survey ...) +CVE-2009-2776 NOT-FOR-US: Smart ASP Survey -CVE-2009-2775 (SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP ...) +CVE-2009-2775 NOT-FOR-US: PHPArcadeScript -CVE-2009-2774 (SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail ...) +CVE-2009-2774 NOT-FOR-US: PHP Paid 4 Mail -CVE-2009-2773 (PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail ...) +CVE-2009-2773 NOT-FOR-US: PHP Paid 4 Mail -CVE-2009-2772 (Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate ...) +CVE-2009-2772 NOT-FOR-US: PG Roommate Finder Solution -CVE-2009-2771 (Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 ...) +CVE-2009-2771 NOT-FOR-US: Free Arcade Script -CVE-2009-2770 (PowerUpload 2.4 allows remote attackers to bypass authentication and ...) +CVE-2009-2770 NOT-FOR-US: PowerUpload -CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in ...) +CVE-2009-2769 NOT-FOR-US: Ultrize TimeSheet -CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat ...) +CVE-2009-2768 - linux-2.6 2.6.30-6 (medium) [etch] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29) [lenny] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29) - linux-2.6.24 <not-affected> (kernel/cred.c introduced in 2.6.29) -CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux ...) +CVE-2009-2767 - linux-2.6 2.6.30-6 (medium) [etch] - linux-2.6 <not-affected> (introduced in 2.6.28) [lenny] - linux-2.6 <not-affected> (introduced in 2.6.28) - linux-2.6.24 <not-affected> (introduced in 2.6.28) -CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not ...) +CVE-2009-2766 NOT-FOR-US: DD-WRT -CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ...) +CVE-2009-2765 NOT-FOR-US: DD-WRT -CVE-2009-2764 (Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 ...) +CVE-2009-2764 NOT-FOR-US: Microsoft -CVE-2009-3040 (Multiple SQL injection vulnerabilities in Open Computer and Software ...) +CVE-2009-3040 - ocsinventory-server 1.02.1-2 (unimportant; bug #541995) NOTE: Authentication is needed, only supported in trusted environments, see debtags -CVE-2009-3042 (SQL injection vulnerability in machine.php in Open Computer and ...) +CVE-2009-3042 - ocsinventory-server 1.02.1-2 (unimportant; bug #541995) NOTE: Authentication is needed, only supported in trusted environments, see debtags CVE-2009-2763 @@ -6253,7 +6253,7 @@ CVE-2009-XXXX [XSS in drupal printing module] - drupal6 <removed> (unimportant) NOTE: you need admin privs in orde to exploit this NOTE: http://lampsecurity.org/drupal-print-module-vulnerabilities -CVE-2009-2761 (Unquoted Windows search path vulnerability in the scheduler ...) +CVE-2009-2761 NOT-FOR-US: Avira AntiVir CVE-2009-2760 RESERVED @@ -6267,58 +6267,58 @@ CVE-2009-2756 RESERVED CVE-2009-2755 RESERVED -CVE-2009-2754 (Integer signedness error in the authentication functionality in ...) +CVE-2009-2754 NOT-FOR-US: Informix Storage Manager -CVE-2009-2753 (Multiple buffer overflows in the authentication functionality in ...) +CVE-2009-2753 NOT-FOR-US: Informix Storage Manager -CVE-2009-2752 (IBM WebSphere Commerce 7.0 does not properly encrypt data in a ...) +CVE-2009-2752 NOT-FOR-US: IBM WebSphere Commerce -CVE-2009-2751 (IBM WebSphere Commerce 7.0 uses the same cryptographic key for session ...) +CVE-2009-2751 NOT-FOR-US: IBM WebSphere Commerce -CVE-2009-2750 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 ...) +CVE-2009-2750 NOT-FOR-US: IBM WebSphere Service Registry and Repository -CVE-2009-2749 (Feature Pack for Communications Enabled Applications (CEA) before ...) +CVE-2009-2749 NOT-FOR-US: IBM WebSphere Application Server -CVE-2009-2748 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) +CVE-2009-2748 NOT-FOR-US: IBM WebSphere -CVE-2009-2747 (The Java Naming and Directory Interface (JNDI) implementation in IBM ...) +CVE-2009-2747 NOT-FOR-US: IBM WebSphere -CVE-2009-2746 (Cross-site request forgery (CSRF) vulnerability in the administrative ...) +CVE-2009-2746 NOT-FOR-US: IBM WebSphere Application Server CVE-2009-2745 RESERVED -CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) +CVE-2009-2744 NOT-FOR-US: IBM WebSphere Application Server -CVE-2009-2743 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 ...) +CVE-2009-2743 NOT-FOR-US: IBM WebSphere Application Server -CVE-2009-2742 (Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM ...) +CVE-2009-2742 NOT-FOR-US: IBM WebSphere Application Server -CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in the test ...) +CVE-2009-2741 NOT-FOR-US: IBM WebSphere Business Events -CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention ...) +CVE-2009-2740 NOT-FOR-US: CA Host-Based Intrusion Prevention System (HIPS) -CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 ...) +CVE-2009-2739 NOT-FOR-US: FreeNAS -CVE-2009-2738 (Cross-site request forgery (CSRF) vulnerability in the WebGUI in ...) +CVE-2009-2738 NOT-FOR-US: FreeNAS -CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2 before ...) +CVE-2009-2737 {DSA-1754-1} - roundup 1.4.4-4+lenny1 (bug #518768) -CVE-2009-2736 (Static code injection vulnerability in admin.php in sun-jester ...) +CVE-2009-2736 NOT-FOR-US: OpenNews -CVE-2009-2735 (SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, ...) +CVE-2009-2735 NOT-FOR-US: OpenNews -CVE-2009-2734 (SQL injection vulnerability in the get_employee function in ...) +CVE-2009-2734 NOT-FOR-US: Achievo -CVE-2009-2733 (Multiple cross-site scripting (XSS) vulnerabilities in Achievo before ...) +CVE-2009-2733 NOT-FOR-US: Achievo -CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier ...) +CVE-2009-2732 - ntop 3:3.3-12 (low; bug #543312) [lenny] - ntop <no-dsa> (Minor issue) [etch] - ntop <no-dsa> (Minor issue) CVE-2009-2731 RESERVED -CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...) +CVE-2009-2730 {DSA-1935-1} - gnutls26 2.8.3-1 (low; bug #541439) - gnutls13 <removed> @@ -6326,82 +6326,82 @@ CVE-2009-2729 RESERVED CVE-2009-2728 RESERVED -CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath function in ...) +CVE-2009-2727 NOT-FOR-US: IBM AIX -CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...) +CVE-2009-2726 - asterisk 1:1.6.2.0~dfsg~rc1-1 (bug #541441) [squeeze] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total) [lenny] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total) [etch] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total) CVE-2009-2725 RESERVED -CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...) +CVE-2009-2724 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 NOTE: unknown impact and attack vectors -CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider class in ...) +CVE-2009-2723 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 NOTE: unknown impact and attack vectors -CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...) +CVE-2009-2722 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 NOTE: unknown impact and attack vectors -CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...) +CVE-2009-2721 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 NOTE: unknown impact and attack vectors -CVE-2009-2720 (Unspecified vulnerability in the ...) +CVE-2009-2720 - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1 (medium; bug #560908) -CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...) +CVE-2009-2719 - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1 (medium; bug #560908) -CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...) +CVE-2009-2718 - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1 (medium; bug #560908) -CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...) +CVE-2009-2717 - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1 (medium; bug #560908) -CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not ...) +CVE-2009-2716 - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1 (medium; bug #560908) -CVE-2009-2762 (wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...) +CVE-2009-2762 - wordpress 2.8.3-2 (unimportant; bug #541102) [lenny] - wordpress <not-affected> (Vulnerable code not present) [etch] - wordpress <not-affected> (Vulnerable code not present) NOTE: not really a security issue in my opinion, just an annoying bug -CVE-2009-2715 (Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause ...) +CVE-2009-2715 - virtualbox-ose 3.0.4-dfsg-1 (medium) [lenny] - virtualbox-ose <not-affected> (Doesn't affect 1.6.x) -CVE-2009-2714 (Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows ...) +CVE-2009-2714 - virtualbox-ose 3.0.4-dfsg-1 [lenny] - virtualbox-ose <not-affected> (Only 3.0.x affected per Sun advisory) -CVE-2009-2713 (The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 ...) +CVE-2009-2713 NOT-FOR-US: Sun Java System Access Manager -CVE-2009-2712 (Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and ...) +CVE-2009-2712 NOT-FOR-US: Sun Java System Access Manager -CVE-2009-2711 (XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and ...) +CVE-2009-2711 NOT-FOR-US: XScreenSaver in Sun Solaris CVE-2009-XXXX [mantis: information leak] - mantis 1.1.8+dfsg-2 (medium; bug #425010) [lenny] - mantis 1.1.6+dfsg-2lenny1 NOTE: cve id requested on oss-sec -CVE-2009-3041 (SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper ...) +CVE-2009-3041 - spip 2.0.9-1 (medium) CVE-2009-XXXX [rubygems: integrity violation] - libgems-ruby <not-affected> (Debian's version installs gems packages to /var/lib/gems, bug #540610) @@ -6412,7 +6412,7 @@ CVE-2009-XXXX [bugzilla: unauthorized bug modification] [etch] - bugzilla <no-dsa> (minor issue) [lenny] - bugzilla <no-dsa> (minor issue) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495257 -CVE-2009-5044 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows ...) +CVE-2009-5044 - groff 1.20.1-5 (low; bug #538330) [etch] - groff <not-affected> (pdfroff not yet present) [lenny] - groff <not-affected> (pdfroff not yet present) @@ -6421,7 +6421,7 @@ CVE-2009-XXXX [xscreensaver: local screen lock bypassable via low resolution vid - xscreensaver 5.05-3+nmu1 (low; bug #539699) [etch] - xscreensaver <not-affected> (vulnerable code not present) [lenny] - xscreensaver 5.05-3+lenny1 -CVE-2009-2626 (The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, ...) +CVE-2009-2626 {DSA-1940-1} - php5 5.2.11.dfsg.1-1 (low; bug #540605) [etch] - php5 <no-dsa> (too risky to fix it there) @@ -6435,104 +6435,104 @@ CVE-2009-2709 REJECTED CVE-2009-2708 REJECTED -CVE-2009-2707 (Unspecified vulnerability in ia32el (aka the IA 32 emulation ...) +CVE-2009-2707 NOT-FOR-US: SUSE Linux CVE-2009-2706 REJECTED -CVE-2009-2705 (CA SiteMinder allows remote attackers to bypass cross-site scripting ...) +CVE-2009-2705 NOT-FOR-US: SiteMinder -CVE-2009-2704 (CA SiteMinder allows remote attackers to bypass cross-site scripting ...) +CVE-2009-2704 NOT-FOR-US: SiteMinder -CVE-2009-2703 (libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple ...) +CVE-2009-2703 - pidgin 2.6.2 (low) [lenny] - pidgin <no-dsa> (Minor issue) [etch] - pidgin <no-dsa> (Minor issue) [lenny] - gaim <not-affected> (Only a transitional package) - gaim <removed> NOTE: this is only a null ptr dereference and can only be triggered by a rogue irc server -CVE-2009-2702 (KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a ...) +CVE-2009-2702 {DSA-1916-1} - kdelibs 4:3.5.10.dfsg.1-2.1 (low; bug #546212) - kde4libs 4:4.3.2-1 (low; bug #546218) [lenny] - kde4libs <no-dsa> (Minor issue) -CVE-2009-2701 (Unspecified vulnerability in the Zope Enterprise Objects (ZEO) ...) +CVE-2009-2701 - zodb 1:3.9.0-1 [etch] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8) [lenny] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8) -CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not ...) +CVE-2009-2700 {DSA-1988-1} - qt4-x11 4:4.5.3-1 (medium; bug #545793) [etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt 4.3) -CVE-2009-2699 (The Solaris pollset feature in the Event Port backend in ...) +CVE-2009-2699 - apr <not-affected> (does not affect Linux or kFreeBSD) -CVE-2009-2698 (The udp_sendmsg function in the UDP implementation in (1) ...) +CVE-2009-2698 {DSA-1872-1} - linux-2.6 2.6.19-1 (high) - linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.19) -CVE-2009-2697 (The Red Hat build script for the GNOME Display Manager (GDM) before ...) +CVE-2009-2697 - gdm <not-affected> (TCP Wrappers support enabled correctly) -CVE-2009-2696 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...) +CVE-2009-2696 NOT-FOR-US: Red-Hat-specific patching problem in Tomcat NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=616717 -CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent mmap ...) +CVE-2009-2695 {DSA-2005-1 DSA-1915-1} - linux-2.6 2.6.31-1 (medium) [etch] - linux-2.6 <not-affected> (2.6.18 does not have mmap_min_addr) - linux-2.6.24 <removed> (medium) -CVE-2009-2694 (The msn_slplink_process_msg function in ...) +CVE-2009-2694 {DSA-1870-1} - pidgin 2.5.9-1 (medium; bug #542486) [lenny] - gaim <not-affected> (Only a transitional package) - gaim <removed> -CVE-2009-2693 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...) +CVE-2009-2693 {DSA-2207-1} - tomcat6 6.0.24-1 (low) [lenny] - tomcat6 <not-affected> (The package only ships the servlet packages) - tomcat5.5 <removed> -CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, ...) +CVE-2009-2692 {DSA-1864-1 DSA-1865-1 DSA-1862-1} - linux-2.6 2.6.30-6 (high; bug #541403) - linux-2.6.24 <removed> -CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel ...) +CVE-2009-2691 {DSA-2005-1} - linux-2.6 2.6.30-7 (low) [lenny] - linux-2.6 2.6.26-21 - linux-2.6.24 <removed> -CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants ...) +CVE-2009-2690 - sun-java6 6-15-1 [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) -CVE-2009-2689 (JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 ...) +CVE-2009-2689 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) -CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when ...) +CVE-2009-2688 - xemacs21 21.4.22-3 (low; bug #540470) [etch] - xemacs21 <no-dsa> (Minor issue, obscure attack vector) [lenny] - xemacs21 <no-dsa> (Minor issue, obscure attack vector) -CVE-2009-2686 (Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, ...) +CVE-2009-2686 NOT-FOR-US: IBM WebSphere Application Server -CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web ...) +CVE-2009-2685 NOT-FOR-US: HP Power Manager -CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and ...) +CVE-2009-2684 NOT-FOR-US: Embedded Web Server in HP printers -CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote Graphics ...) +CVE-2009-2683 NOT-FOR-US: HP Remote Graphics -CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP ...) +CVE-2009-2682 NOT-FOR-US: HP-UX -CVE-2009-2681 (Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) ...) +CVE-2009-2681 NOT-FOR-US: HP ProCurve Identity Driven Manager -CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface (RMI) for ...) +CVE-2009-2680 NOT-FOR-US: HP StorageWorks -CVE-2009-2679 (Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and ...) +CVE-2009-2679 NOT-FOR-US: HP HP-UX -CVE-2009-2678 (Unspecified vulnerability in Open System Services (OSS) Name Server on ...) +CVE-2009-2678 NOT-FOR-US: Open System Services (OSS) Name Server on HP NonStop -CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) +CVE-2009-2677 NOT-FOR-US: HP Insight Control Suite For Linux (aka ICE-LX) -CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...) +CVE-2009-2676 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 @@ -6540,7 +6540,7 @@ CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, a [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <undetermined> (bug #566769) [wheezy] - openjdk-6 <end-of-life> -CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime ...) +CVE-2009-2675 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 @@ -6548,59 +6548,59 @@ CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime ... [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <undetermined> (bug #566769) [wheezy] - openjdk-6 <end-of-life> -CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java ...) +CVE-2009-2674 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) -CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment ...) +CVE-2009-2673 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) -CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment ...) +CVE-2009-2672 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) -CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) ...) +CVE-2009-2671 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) -CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE ...) +CVE-2009-2670 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) -CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not properly ...) +CVE-2009-2669 NOT-FOR-US: IBM AIX -CVE-2009-2668 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...) +CVE-2009-2668 NOT-FOR-US: Microsoft -CVE-2009-2667 (Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) ...) +CVE-2009-2667 NOT-FOR-US: IBM Tivoli Key Lifecycle Manager -CVE-2009-2666 (socket.c in fetchmail before 6.3.11 does not properly handle a '\0' ...) +CVE-2009-2666 {DSA-1852-1} - fetchmail 6.3.9~rc2-6 -CVE-2009-2665 (The nsDocument::SetScriptGlobalObject function in ...) +CVE-2009-2665 - xulrunner 1.9.1.8-1 [lenny] - xulrunner <not-affected> (vulnerability introduced in firefox 3.5) [etch] - xulrunner <not-affected> (vulnerability introduced in firefox 3.5) -CVE-2009-2664 (The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript ...) +CVE-2009-2664 {DSA-1873-1} - xulrunner 1.9.0.13-1 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...) +CVE-2009-2663 {DSA-1939-1} - libvorbisidec 1.0.2+svn16259-2 (bug #669196) [squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps) @@ -6608,110 +6608,110 @@ CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before - xulrunner 1.9.1.2-1 (medium; bug #540961) [etch] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0) [lenny] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0) -CVE-2009-2662 (The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote ...) +CVE-2009-2662 {DSA-1873-1} - xulrunner 1.9.0.13-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before ...) +CVE-2009-2661 {DSA-1899-1} - strongswan 4.3.2-1.1 (bug #540144) -CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...) +CVE-2009-2660 {DSA-1912-2 DSA-1912-1 DSA-1857-1} - camlimages 1:3.0.1-3 (low; bug #540146) - advi 1.6.0-15 (low; bug #551282) -CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with unnecessary ...) +CVE-2009-2657 - nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid bits from all files) -CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in Android ...) +CVE-2009-2656 NOT-FOR-US: Android -CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 ...) +CVE-2009-2655 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...) +CVE-2009-2654 {DSA-1873-1} - xulrunner 1.9.0.13-1 (low; bug #539891) [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2653 (** DISPUTED ** ...) +CVE-2009-2653 NOT-FOR-US: Microsoft Windows -CVE-2009-2652 (Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris ...) +CVE-2009-2652 NOT-FOR-US: Solaris Trusted Extensions -CVE-2009-3938 (Buffer overflow in the ABWOutputDev::endWord function in ...) +CVE-2009-3938 {DSA-1941-1} - poppler 0.12.2-2.1 (low; bug #534680) [etch] - poppler <not-affected> (Vulnerable code not present) -CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...) +CVE-2009-2408 {DSA-2025-1 DSA-1874-1} - nss 3.12.3-1 (medium; bug #539934) - icedove 2.0.0.24-1 (medium) -CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...) +CVE-2009-2651 - asterisk 1:1.6.2.0~dfsg~rc1-1 (low; bug #539473) [etch] - asterisk <not-affected> (Vulnerable code not present) [lenny] - asterisk <not-affected> (Vulnerable code not present) [squeeze] - asterisk <not-affected> (Vulnerable code not present) NOTE: AST-2009-004 -CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...) +CVE-2009-2650 NOT-FOR-US: Sorcerer Software MultiMedia Jukebox -CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...) +CVE-2009-2649 - kfreebsd-8 8.0-1 (bug #572811) - kfreebsd-7 7.3-1 (bug #572811) [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported) - kfreebsd-6 <removed> (bug #572811) [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported) -CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain configuration ...) +CVE-2009-2648 NOT-FOR-US: FlashDen Guestbook -CVE-2009-2647 (Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky ...) +CVE-2009-2647 NOT-FOR-US: Kaspersky Anti-Virus -CVE-2009-2646 (Multiple unspecified vulnerabilities in the PDF distiller in the ...) +CVE-2009-2646 NOT-FOR-US: Research In Motion (RIM) BlackBerry Enterprise Server (BES) CVE-2009-2645 REJECTED -CVE-2009-2644 (Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and ...) +CVE-2009-2644 NOT-FOR-US: Sun Solaris -CVE-2009-2659 (The Admin media handler in core/servers/basehttp.py in Django 1.0 and ...) +CVE-2009-2659 - python-django 1.1-1 (low; bug #539134) [etch] - python-django <no-dsa> (Minor issue) [lenny] - python-django 1.0.2-1+lenny1 -CVE-2009-2643 (Multiple unspecified vulnerabilities in the PDF distiller in the ...) +CVE-2009-2643 NOT-FOR-US: BlackBerry Products CVE-2009-XXXX [ser2net DoS] - ser2net 2.6-1 (low; bug #535159) [etch] - ser2net <no-dsa> (Minor issue) [lenny] - ser2net <no-dsa> (Minor issue) -CVE-2009-2642 (index.php in Desi Short URL Script 1.0 allows remote attackers to ...) +CVE-2009-2642 NOT-FOR-US: Desi Short URL -CVE-2009-2641 (PHP remote file inclusion vulnerability in ...) +CVE-2009-2641 NOT-FOR-US: School Data Navigator -CVE-2009-2640 (Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy ...) +CVE-2009-2640 NOT-FOR-US: Interlogy Profile Manager Basic -CVE-2009-2639 (SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System ...) +CVE-2009-2639 NOT-FOR-US: MRCGIGUY -CVE-2009-2638 (SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 ...) +CVE-2009-2638 NOT-FOR-US: Joomla! component -CVE-2009-2637 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...) +CVE-2009-2637 NOT-FOR-US: Joomla! component -CVE-2009-2636 (Cross-site scripting (XSS) vulnerability in the Integration page in ...) +CVE-2009-2636 NOT-FOR-US: WebMail component in Kerio MailServer -CVE-2009-2635 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...) +CVE-2009-2635 NOT-FOR-US: Joomla! component -CVE-2009-2634 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...) +CVE-2009-2634 NOT-FOR-US: Joomla! component -CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...) +CVE-2009-2633 NOT-FOR-US: Joomla! component -CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c), as ...) +CVE-2009-2632 {DSA-1893-1 DSA-1892-1 DSA-1881-1} - cyrus-imapd-2.2 2.2.13-15 (medium) - kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712) - dovecot 1:1.2.1-1 (medium; bug #546656) -CVE-2009-2631 (Multiple clientless SSL VPN products that run in web browsers, ...) +CVE-2009-2631 NOT-FOR-US: Commercial SSL VPN products CVE-2009-2630 RESERVED -CVE-2009-2629 (Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through ...) +CVE-2009-2629 {DSA-1884-1} - nginx 0.7.61-3 (medium) -CVE-2009-2628 (The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 ...) +CVE-2009-2628 NOT-FOR-US: VMware Movie Decoder -CVE-2009-2627 (Insecure method vulnerability in the Acer LunchApp (aka ...) +CVE-2009-2627 NOT-FOR-US: Acer LunchApp -CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime ...) +CVE-2009-2625 {DSA-1984-1} - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) @@ -6720,96 +6720,96 @@ CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runti [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) - libxerces2-java 2.9.1-4.1 (bug #548358) -CVE-2009-2624 (The huft_build function in inflate.c in gzip before 1.3.13 creates a ...) +CVE-2009-2624 {DSA-1974-1} - gzip 1.3.12-8 (medium; bug #507263) CVE-2009-2623 RESERVED -CVE-2009-2620 (src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before ...) +CVE-2009-2620 - firebird2.0 2.0.5.13206-0.ds2-4 (low; bug #539477) [lenny] - firebird2.0 2.0.4.13130-1.ds1-4+lenny1 - firebird2.1 2.1.2.18118-0.ds1-4 (low; bug #539478) -CVE-2009-2619 (SQL injection vulnerability in login.asp in DataCheck Solutions ...) +CVE-2009-2619 NOT-FOR-US: DataCheck Solutions V-SpacePal -CVE-2009-2618 (SQL injection vulnerability in the Surveys (aka NS-Polls) module in ...) +CVE-2009-2618 NOT-FOR-US: MDPro module -CVE-2009-2617 (Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 ...) +CVE-2009-2617 NOT-FOR-US: BaoFeng Storm -CVE-2009-2616 (SQL injection vulnerability in z_admin_login.asp in DataCheck ...) +CVE-2009-2616 NOT-FOR-US: DataCheck Solutions -CVE-2009-2615 (Multiple cross-site scripting (XSS) vulnerabilities in DataCheck ...) +CVE-2009-2615 NOT-FOR-US: DataCheck Solutions -CVE-2009-2614 (SQL injection vulnerability in z_admin_login.asp in DataCheck ...) +CVE-2009-2614 NOT-FOR-US: DataCheck Solutions -CVE-2009-2613 (Multiple cross-site scripting (XSS) vulnerabilities in DataCheck ...) +CVE-2009-2613 NOT-FOR-US: DataCheck Solutions -CVE-2009-2612 (SQL injection vulnerability in login.aspx in ProSMDR allows remote ...) +CVE-2009-2612 NOT-FOR-US: ProSMDR -CVE-2009-2611 (Directory traversal vulnerability in ...) +CVE-2009-2611 NOT-FOR-US: MyFusion -CVE-2009-2610 (Cross-site scripting (XSS) vulnerability in the Links Related module ...) +CVE-2009-2610 NOT-FOR-US: Drupal module -CVE-2009-2609 (SQL injection vulnerability in the amoCourse (com_amocourse) component ...) +CVE-2009-2609 NOT-FOR-US: Joomla! module -CVE-2009-2608 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow ...) +CVE-2009-2608 NOT-FOR-US: PHP Address Book -CVE-2009-2607 (SQL injection vulnerability in the com_pinboard component for Joomla! ...) +CVE-2009-2607 NOT-FOR-US: Joomla! component -CVE-2009-2606 (ASP Football Pool 2.3 stores sensitive information under the web root ...) +CVE-2009-2606 NOT-FOR-US: ASP Football Pool -CVE-2009-2605 (Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up ...) +CVE-2009-2605 NOT-FOR-US: Traidnt up -CVE-2009-2604 (Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help ...) +CVE-2009-2604 NOT-FOR-US: Zen Help Desk -CVE-2009-2603 (Multiple SQL injection vulnerabilities in index.php in Escon ...) +CVE-2009-2603 NOT-FOR-US: Escon SupportPortal Pro -CVE-2009-2602 (R2 Newsletter Lite, Pro, and Stats stores sensitive information under ...) +CVE-2009-2602 NOT-FOR-US: R2 Newsletter Store -CVE-2009-2601 (SQL injection vulnerability in the Joomlaequipment (aka JUser or ...) +CVE-2009-2601 NOT-FOR-US: Joomla! component -CVE-2009-2600 (Multiple directory traversal vulnerabilities in view.php in Webboard ...) +CVE-2009-2600 NOT-FOR-US: Webboard -CVE-2009-2599 (SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 ...) +CVE-2009-2599 NOT-FOR-US: RadCLASSIFIEDS -CVE-2009-2598 (Multiple SQL injection vulnerabilities in Online Grades & Attendance ...) +CVE-2009-2598 NOT-FOR-US: Online Grades & Attendance -CVE-2009-2597 (The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for ...) +CVE-2009-2597 NOT-FOR-US: Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server -CVE-2009-2596 (Unspecified vulnerability in the Solaris Auditing subsystem in Sun ...) +CVE-2009-2596 NOT-FOR-US: Solaris Auditing subsystem -CVE-2009-2622 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote ...) +CVE-2009-2622 {DSA-1843-2 DSA-1843-1} - squid3 3.0.STABLE18-1 (medium; bug #538989) - squid <not-affected> (see NOTE) NOTE: squid 2.x not affected, according to NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt -CVE-2009-2621 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not ...) +CVE-2009-2621 {DSA-1843-2 DSA-1843-1} - squid3 3.0.STABLE18-1 (medium; bug #538989) - squid <not-affected> (see NOTE) NOTE: squid 2.x not affected, according to NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt -CVE-2009-2595 (Cross-site scripting (XSS) vulnerability in productSearch.html in ...) +CVE-2009-2595 NOT-FOR-US: Censura -CVE-2009-2594 (Cross-site scripting (XSS) vulnerability in censura.php in Censura ...) +CVE-2009-2594 NOT-FOR-US: Censura -CVE-2009-2593 (SQL injection vulnerability in censura.php in Censura 1.16.04 allows ...) +CVE-2009-2593 NOT-FOR-US: Censura -CVE-2009-2592 (SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 ...) +CVE-2009-2592 NOT-FOR-US: PHPJunkYard -CVE-2009-2591 (SQL injection vulnerability in the MyAnnonces module for E-Xoopport ...) +CVE-2009-2591 NOT-FOR-US: MyAnnonces module for E-Xoopport -CVE-2009-2590 (SQL injection vulnerability in showcategory.php in Hutscripts PHP ...) +CVE-2009-2590 NOT-FOR-US: Hutscripts PHP -CVE-2009-2589 (Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP ...) +CVE-2009-2589 NOT-FOR-US: Hutscripts PHP -CVE-2009-2588 (Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type ...) +CVE-2009-2588 NOT-FOR-US: Hotscripts Type PHP Clone Script -CVE-2009-2587 (Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart ...) +CVE-2009-2587 NOT-FOR-US: DragDropCart -CVE-2009-2586 (Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP ...) +CVE-2009-2586 NOT-FOR-US: EZArticles -CVE-2009-2585 (SQL injection vulnerability in index.php in Mlffat 2.2 allows remote ...) +CVE-2009-2585 NOT-FOR-US: Mlffat CVE-2009-XXXX [nilfs-tools privilege escalation] - nilfs2-tools <not-affected> (We don't install this with setuid) @@ -6819,218 +6819,218 @@ CVE-2009-XXXX [XSS in drupal 6 calendar field] NOTE: you need to be able to create new calendar items, e.g. admistrative NOTE: access in order to exploit that NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2009-July/069849.html -CVE-2009-2584 (Off-by-one error in the options_write function in ...) +CVE-2009-2584 - linux-2.6 2.6.31-2 (high) [etch] - linux-2.6 <not-affected> (vulnerable code not present) [lenny] - linux-2.6 <not-affected> (vulnerable code not present) - linux-2.6.24 <not-affected> (vulnerable code not present) NOTE: exploit code exists -CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity ...) +CVE-2009-2583 NOT-FOR-US: IBM Tivoli -CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download Manager ...) +CVE-2009-2582 NOT-FOR-US: Akamai Download Manager -CVE-2009-2581 (Cross-site scripting (XSS) vulnerability in modifier.php in ...) +CVE-2009-2581 NOT-FOR-US: EditeurScripts EsNews CVE-2009-2580 REJECTED -CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the Reward ...) +CVE-2009-2579 NOT-FOR-US: CS-Cart -CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to cause a ...) +CVE-2009-2578 - chromium-browser <not-affected> (Only 2.x is affected) NOTE: browser denial of services not considered security-relevant -CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...) +CVE-2009-2577 NOT-FOR-US: Opera -CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...) +CVE-2009-2576 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-2575 (The Research In Motion (RIM) BlackBerry 8800 allows remote attackers ...) +CVE-2009-2575 NOT-FOR-US: BlackBerry -CVE-2009-2574 (index.php in MiniTwitter 0.2 beta allows remote authenticated users to ...) +CVE-2009-2574 NOT-FOR-US: MiniTwitter -CVE-2009-2573 (Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when ...) +CVE-2009-2573 NOT-FOR-US: MiniTwitter -CVE-2009-2572 (Cross-site request forgery (CSRF) vulnerability in the Fivestar module ...) +CVE-2009-2572 NOT-FOR-US: Drupal Module -CVE-2009-2571 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-2571 NOT-FOR-US: VerliAdmin -CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX ...) +CVE-2009-2570 NOT-FOR-US: Symantec WinFax Pro -CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub ...) +CVE-2009-2569 NOT-FOR-US: vhcp -CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) ...) +CVE-2009-2568 NOT-FOR-US: Sorinara Streaming Audio Player -CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...) +CVE-2009-2567 NOT-FOR-US: Joomla! component -CVE-2009-2566 (Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly ...) +CVE-2009-2566 NOT-FOR-US: TFM MMPlayer -CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. ...) +CVE-2009-2565 NOT-FOR-US: Perl CGI's By Mrs. Shiromuku shiromuku -CVE-2009-2564 (NOS Microsystems getPlus Download Manager, as used in Adobe Reader ...) +CVE-2009-2564 NOT-FOR-US: Adobe -CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in Wireshark ...) +CVE-2009-2563 - wireshark 1.2.1-1 (bug #538237) [etch] - wireshark <not-affected> (Only affects 1.0.6 to 1.2.0) [lenny] - wireshark <not-affected> (Only affects 1.0.6 to 1.2.0) -CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 ...) +CVE-2009-2562 {DSA-1942-1} - wireshark 1.2.1-1 (low; bug #538237) [lenny] - wireshark 1.0.2-3+lenny6 [etch] - wireshark <no-dsa> (Minor issue) -CVE-2009-2561 (Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 ...) +CVE-2009-2561 - wireshark 1.2.1-1 (bug #538237) [etch] - wireshark <not-affected> (Only affects 1.2.0) [lenny] - wireshark <not-affected> (Only affects 1.2.0) -CVE-2009-2560 (Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote ...) +CVE-2009-2560 {DSA-1942-1} - wireshark 1.2.1-1 (bug #538237) -CVE-2009-2559 (Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote ...) +CVE-2009-2559 - wireshark 1.2.1-1 (bug #538237) [etch] - wireshark <not-affected> (Only affects 1.2.0) [lenny] - wireshark <not-affected> (Only affects 1.2.0) -CVE-2009-2558 (system/message.php in Admin News Tools 2.5 does not properly restrict ...) +CVE-2009-2558 NOT-FOR-US: Admin News Tools -CVE-2009-2557 (Directory traversal vulnerability in system/download.php in Admin News ...) +CVE-2009-2557 NOT-FOR-US: Admin News Tools -CVE-2009-2556 (Google Chrome before 2.0.172.37 allows attackers to leverage renderer ...) +CVE-2009-2556 - chromium-browser <not-affected> (Only 2.x is affected) - webkit <not-affected> (chrome-specfic renderer issue) -CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8 before ...) +CVE-2009-2555 - chromium-browser <not-affected> (Only 1.x and 2.x are affected) - libv8 1.3.11+dfsg-1 - webkit <not-affected> (libv8 issue) -CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows remote ...) +CVE-2009-2658 {DSA-1848-1} - znc 0.074-1 (medium; bug #537977) NOTE: http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570 NOTE: CVE id requested -CVE-2009-2554 (SQL injection vulnerability in the search method in jobline.class.php ...) +CVE-2009-2554 NOT-FOR-US: Joomla! -CVE-2009-2553 (Multiple SQL injection vulnerabilities in comments.php in Super Simple ...) +CVE-2009-2553 NOT-FOR-US: Super Simple Blog Script -CVE-2009-2552 (Multiple directory traversal vulnerabilities in comments.php in Super ...) +CVE-2009-2552 NOT-FOR-US: Super Simple Blog Script -CVE-2009-2551 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy ...) +CVE-2009-2551 NOT-FOR-US: ScriptsEz Easy Image Downloader -CVE-2009-2550 (Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote ...) +CVE-2009-2550 NOT-FOR-US: Hamster Audio Player -CVE-2009-2549 (Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed ...) +CVE-2009-2549 NOT-FOR-US: Armed Assault -CVE-2009-2548 (Format string vulnerability in Armed Assault (aka ArmA) 1.14 and ...) +CVE-2009-2548 NOT-FOR-US: Armed Assault -CVE-2009-2547 (Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and ...) +CVE-2009-2547 NOT-FOR-US: Armed Assault -CVE-2009-2546 (Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x ...) +CVE-2009-2546 NOT-FOR-US: Advanced Electron Forum -CVE-2009-2545 (SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when ...) +CVE-2009-2545 NOT-FOR-US: Advanced Electron Forum -CVE-2009-2544 (Directory traversal vulnerability in the Marcelo Costa FileServer ...) +CVE-2009-2544 NOT-FOR-US: Marcelo Costa FileServer -CVE-2009-2543 (Multiple unspecified vulnerabilities in the IBM Proventia engine ...) +CVE-2009-2543 NOT-FOR-US: IBM Proventia engine -CVE-2009-2542 (Netscape 6 and 8 allows remote attackers to cause a denial of service ...) +CVE-2009-2542 NOT-FOR-US: Netscape 6 and 8 -CVE-2009-2541 (The web browser on the Sony PLAYSTATION 3 (PS3) allows remote ...) +CVE-2009-2541 NOT-FOR-US: Sony PLAYSTATION 3 -CVE-2009-2540 (Opera, possibly 9.64 and earlier, allows remote attackers to cause a ...) +CVE-2009-2540 NOT-FOR-US: Opera -CVE-2009-2539 (The Aigo P8860 allows remote attackers to cause a denial of service ...) +CVE-2009-2539 NOT-FOR-US: Aigo P8860 -CVE-2009-2538 (The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet ...) +CVE-2009-2538 NOT-FOR-US: Nokia N95 -CVE-2009-2537 (KDE Konqueror allows remote attackers to cause a denial of service ...) +CVE-2009-2537 - kdebase <unfixed> (unimportant; bug #537931) -CVE-2009-2536 (Microsoft Internet Explorer 5 through 8 allows remote attackers to ...) +CVE-2009-2536 NOT-FOR-US: Microsoft Internet Explorer 5 -CVE-2009-2535 (Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and ...) +CVE-2009-2535 - iceweasel 3.0.5-1 (unimportant) [etch] - iceweasel 2.0.0.19-0etch1 (unimportant) -CVE-2009-2534 (RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow ...) +CVE-2009-2534 NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server -CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server before ...) +CVE-2009-2533 NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server -CVE-2009-2532 (Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold ...) +CVE-2009-2532 NOT-FOR-US: Microsoft Windows Vista -CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) +CVE-2009-2531 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) +CVE-2009-2530 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...) +CVE-2009-2529 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-2528 (GDI+ in Microsoft Office XP SP3 does not properly handle malformed ...) +CVE-2009-2528 NOT-FOR-US: Microsoft Office XP -CVE-2009-2527 (Heap-based buffer overflow in Microsoft Windows Media Player 6.4 ...) +CVE-2009-2527 NOT-FOR-US: Microsoft Windows Media Player -CVE-2009-2526 (Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and ...) +CVE-2009-2526 NOT-FOR-US: Microsoft Windows Vista -CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...) +CVE-2009-2525 NOT-FOR-US: Microsoft Windows Media Runtime -CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the Local ...) +CVE-2009-2524 NOT-FOR-US: Microsoft Windows XP -CVE-2009-2523 (The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 ...) +CVE-2009-2523 NOT-FOR-US: Microsoft Windows 2000 CVE-2009-2522 REJECTED -CVE-2009-2521 (Stack consumption vulnerability in the FTP Service in Microsoft ...) +CVE-2009-2521 NOT-FOR-US: Microsoft Internet Information Server CVE-2009-2520 REJECTED -CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows 2000 ...) +CVE-2009-2519 NOT-FOR-US: Microsoft Windows -CVE-2009-2518 (Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote ...) +CVE-2009-2518 NOT-FOR-US: Microsoft Office XP -CVE-2009-2517 (The kernel in Microsoft Windows Server 2003 SP2 does not properly ...) +CVE-2009-2517 NOT-FOR-US: Microsoft Windows Server 2003 -CVE-2009-2516 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) +CVE-2009-2516 NOT-FOR-US: Microsoft Windows 2000 -CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 ...) +CVE-2009-2515 NOT-FOR-US: Microsoft Windows 2000 -CVE-2009-2514 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and ...) +CVE-2009-2514 NOT-FOR-US: Microsoft Windows -CVE-2009-2513 (The Graphics Device Interface (GDI) in win32k.sys in the kernel in ...) +CVE-2009-2513 NOT-FOR-US: Microsoft Windows -CVE-2009-2512 (The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, ...) +CVE-2009-2512 NOT-FOR-US: Microsoft Windows -CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft Windows 2000 ...) +CVE-2009-2511 NOT-FOR-US: Microsoft Windows 2000 -CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 ...) +CVE-2009-2510 NOT-FOR-US: Microsoft Windows 2000 -CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows ...) +CVE-2009-2509 NOT-FOR-US: Microsoft Active Directory Federation Services -CVE-2009-2508 (The single sign-on implementation in Active Directory Federation ...) +CVE-2009-2508 NOT-FOR-US: Microsoft Active Directory Federation Services -CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...) +CVE-2009-2507 NOT-FOR-US: Microsoft Windows -CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word 2002 ...) +CVE-2009-2506 NOT-FOR-US: Microsoft Office -CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista ...) +CVE-2009-2505 NOT-FOR-US: Microsoft Office -CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in Microsoft ...) +CVE-2009-2504 NOT-FOR-US: Microsoft products -CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, ...) +CVE-2009-2503 NOT-FOR-US: Microsoft products -CVE-2009-2502 (Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) +CVE-2009-2502 NOT-FOR-US: Microsoft products -CVE-2009-2501 (Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 ...) +CVE-2009-2501 NOT-FOR-US: Microsoft products -CVE-2009-2500 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) +CVE-2009-2500 NOT-FOR-US: Microsoft products -CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft ...) +CVE-2009-2499 NOT-FOR-US: Microsoft Windows Media Format Runtime -CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows ...) +CVE-2009-2498 NOT-FOR-US: Microsoft Windows Media Format Runtime -CVE-2009-2497 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 ...) +CVE-2009-2497 NOT-FOR-US: Microsoft products -CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX ...) +CVE-2009-2496 NOT-FOR-US: Microsoft Office XP -CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...) +CVE-2009-2495 NOT-FOR-US: Microsoft Visual Studio .NET -CVE-2009-2494 (The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP ...) +CVE-2009-2494 NOT-FOR-US: Microsoft Windows -CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...) +CVE-2009-2493 NOT-FOR-US: Microsoft Visual Studio .NET -CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...) +CVE-2009-2492 - movabletype-opensource 4.2.6.1-1 (low; bug #537935) [lenny] - movabletype-opensource 4.2.3-1+lenny1 -CVE-2009-4589 (Cross-site scripting (XSS) vulnerability in the Special:Block ...) +CVE-2009-4589 - mediawiki 1:1.15.0-1.1 (low; bug #537634) - mediawiki1.7 <removed> [etch] - mediawiki <not-affected> (metapackage) @@ -7041,27 +7041,27 @@ CVE-2009-XXXX [insecure tmp file vulnerability in slim] - slim <removed> (unimportant; bug #537604) NOTE: exploit scenario too constructed [lenny] - slim 1.3.0-1+lenny2 -CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...) +CVE-2009-2484 - vlc <not-affected> (The vulnerability affects Windows builds only) -CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote ...) +CVE-2009-2479 - xulrunner 1.9.1.1-1 [etch] - xulrunner <not-affected> (only affects firefox 3.5) [lenny] - xulrunner <not-affected> (only affects firefox 3.5) -CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of ...) +CVE-2009-2478 - xulrunner <not-affected> (unimportant) NOTE: browser crashes not treated as security issues -CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java SE 6 ...) +CVE-2009-2476 - sun-java6 6-15-1 [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) -CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, ...) +CVE-2009-2475 - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) -CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly ...) +CVE-2009-2474 - neon27 0.28.6-1 (low; bug #542926) [lenny] - neon27 <no-dsa> (Minor issue) - neon26 0.26.4-3 (low; bug #542926) @@ -7073,168 +7073,168 @@ CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not prop - litmus 0.13-1 NOTE: affected neon code copy present in litmus [./libneon/*] NOTE: The new reintroduced litmus package removes the embedded copy -CVE-2009-2473 (neon before 0.28.6, when expat is used, does not properly detect ...) +CVE-2009-2473 - neon27 <not-affected> (neon27 is compiled to use libxml2 instead of expat) - neon26 <not-affected> (neon26 is compiled to use libxml2 instead of expat) - neon <removed> [etch] - neon <not-affected> (neon is compiled to use libxml2 instead of expat) -CVE-2009-2472 (Mozilla Firefox before 3.0.12 does not always use ...) +CVE-2009-2472 {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2471 (The setTimeout function in Mozilla Firefox before 3.0.12 does not ...) +CVE-2009-2471 {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2470 (Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote ...) +CVE-2009-2470 {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG element ...) +CVE-2009-2469 {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2468 (Integer overflow in Apple CoreGraphics, as used in Safari before ...) +CVE-2009-2468 NOT-FOR-US: CoreGraphics in Apple Mac OS X NOTE: related issue to CVE-2009-1194 -CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote ...) +CVE-2009-2467 {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2466 (The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird ...) +CVE-2009-2466 {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2465 (Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers ...) +CVE-2009-2465 {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2464 (The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in ...) +CVE-2009-2464 {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2463 (Multiple integer overflows in the (1) PL_Base64Decode and (2) ...) +CVE-2009-2463 {DSA-2025-1 DSA-1931-1} - nspr 4.8.2-1 - icedove 3.0~rc2-2 [etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support) -CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird ...) +CVE-2009-2462 {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-2491 (The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when ...) +CVE-2009-2491 NOT-FOR-US: Sun Ray Server Software -CVE-2009-2490 (Unspecified vulnerability in the utaudiod daemon in Sun Ray Server ...) +CVE-2009-2490 NOT-FOR-US: Sun Ray Server Software -CVE-2009-2489 (Unspecified vulnerability in the utdmsession program in Sun Ray Server ...) +CVE-2009-2489 NOT-FOR-US: Sun Ray Server Software -CVE-2009-2488 (Unspecified vulnerability in the NFSv4 module in the kernel in Sun ...) +CVE-2009-2488 NOT-FOR-US: Sun Solaris -CVE-2009-2487 (Use-after-free vulnerability in the frpr_icmp function in the ipfilter ...) +CVE-2009-2487 NOT-FOR-US: Sun Solaris -CVE-2009-2486 (Unspecified vulnerability in the SCTP implementation in Sun Solaris ...) +CVE-2009-2486 NOT-FOR-US: Sun Solaris -CVE-2009-2485 (Stack-based buffer overflow in HT-MP3Player 1.0 allows remote ...) +CVE-2009-2485 NOT-FOR-US: HT-MP3Player -CVE-2009-2483 (libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local ...) +CVE-2009-2483 NOT-FOR-US: NetBSD -CVE-2009-2482 (The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 ...) +CVE-2009-2482 NOT-FOR-US: NetBSD OpenPAM -CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261, when global ...) +CVE-2009-2481 NOT-FOR-US: Six Apart Movable Type -CVE-2009-2480 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...) +CVE-2009-2480 NOT-FOR-US: Six Apart Movable Type -CVE-2009-2461 (mathtex.cgi in mathTeX, when downloaded before 20090713, does not ...) +CVE-2009-2461 - mathtex 1.03-1 (low; bug #537253) -CVE-2009-2460 (Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when ...) +CVE-2009-2460 - mathtex 1.03-1 (medium; bug #537253) NOTE: severity set to medium as this is used in several web applications for conversions -CVE-2009-2459 (Multiple unspecified vulnerabilities in mimeTeX, when downloaded ...) +CVE-2009-2459 {DSA-1917-1} - mimetex 1.50-1.1 (medium; bug #537254) NOTE: set impact to medium as this is used in several web applications for conversions -CVE-2009-2458 (Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 ...) +CVE-2009-2458 NOT-FOR-US: Sun Fire V215 Server -CVE-2009-2457 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows ...) +CVE-2009-2457 NOT-FOR-US: Novell eDirectory -CVE-2009-2456 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows ...) +CVE-2009-2456 NOT-FOR-US: Novell eDirectory -CVE-2009-2455 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-2455 NOT-FOR-US: @mail -CVE-2009-2454 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, ...) +CVE-2009-2454 NOT-FOR-US: Citrix Web Interface -CVE-2009-2453 (Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 ...) +CVE-2009-2453 NOT-FOR-US: Citrix XenApp -CVE-2009-2452 (Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have ...) +CVE-2009-2452 NOT-FOR-US: Citrix Licensing -CVE-2009-2451 (Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX ...) +CVE-2009-2451 NOT-FOR-US: MIM:InfiniX -CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ...) +CVE-2009-2477 - xulrunner 1.9.1.2-1 (bug #537104) [lenny] - xulrunner <not-affected> (vulnerable code introduced in firefox 3.5) [etch] - xulrunner <not-affected> (vulnerable code introduced in firefox 3.5) -CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online ...) +CVE-2009-2450 NOT-FOR-US: Tall Emu Online Armor Personal Firewall -CVE-2009-2449 (Directory traversal vulnerability in ...) +CVE-2009-2449 NOT-FOR-US: ADbNewsSender -CVE-2009-2448 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online ...) +CVE-2009-2448 NOT-FOR-US: Online Guestbook Pro -CVE-2009-2447 (Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in ...) +CVE-2009-2447 NOT-FOR-US: Online Guestbook Pro -CVE-2009-2445 (Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ...) +CVE-2009-2445 NOT-FOR-US: Sun ONE Web Server -CVE-2009-2444 (Directory traversal vulnerability in maillinglist/setup/step1.php.inc ...) +CVE-2009-2444 NOT-FOR-US: ADbNewsSender -CVE-2009-2443 (Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to ...) +CVE-2009-2443 NOT-FOR-US: Siteframe -CVE-2009-2442 (Cross-site scripting (XSS) vulnerability in public/index.php in ...) +CVE-2009-2442 NOT-FOR-US: Linea21 -CVE-2009-2441 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online ...) +CVE-2009-2441 NOT-FOR-US: Online Guestbook Pro -CVE-2009-2440 (Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook ...) +CVE-2009-2440 NOT-FOR-US: JNM Guestbook -CVE-2009-2439 (Multiple SQL injection vulnerabilities in Web Development House ...) +CVE-2009-2439 NOT-FOR-US: Web Development House Alibaba -CVE-2009-2438 (Cross-site scripting (XSS) vulnerability in index.php in the search ...) +CVE-2009-2438 NOT-FOR-US: ClanSphere -CVE-2009-2437 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-2437 NOT-FOR-US: MyPHPDating -CVE-2009-2436 (SQL injection vulnerability in page.php in Online Dating Software ...) +CVE-2009-2436 NOT-FOR-US: MyPHPDating -CVE-2009-2435 (The Sametime server in IBM Lotus Instant Messaging and Web ...) +CVE-2009-2435 NOT-FOR-US: IBM Lotus -CVE-2009-2434 (Buffer overflow in the syscall implementation in IBM AIX 5.3 allows ...) +CVE-2009-2434 NOT-FOR-US: IBM AIX -CVE-2009-2433 (Stack-based buffer overflow in the AddFavorite method in Microsoft ...) +CVE-2009-2433 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-2432 (WordPress and WordPress MU before 2.8.1 allow remote attackers to ...) +CVE-2009-2432 - wordpress 2.8.3-1 (unimportant; bug #537146) NOTE: Installation path is a known fact on a Debian package installation -CVE-2009-2431 (WordPress 2.7.1 places the username of a post's author in an HTML ...) +CVE-2009-2431 - wordpress 2.8.3-1 (unimportant; bug #537146) NOTE: Minor information leak -CVE-2009-2430 (Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and ...) +CVE-2009-2430 NOT-FOR-US: Sun Solaris -CVE-2009-2429 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in ...) +CVE-2009-2429 NOT-FOR-US: SmartFilter Web Gateway Security -CVE-2009-2428 (Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow ...) +CVE-2009-2428 NOT-FOR-US: Tausch Ticket Script -CVE-2009-2427 (SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows ...) +CVE-2009-2427 NOT-FOR-US: Jobbr -CVE-2009-2426 (The connection_edge_process_relay_cell_not_open function in ...) +CVE-2009-2426 - tor 0.2.0.35-1 (low; bug #537148) [lenny] - tor 0.2.0.35-1~lenny1 -CVE-2009-2425 (Tor before 0.2.0.35 allows remote attackers to cause a denial of ...) +CVE-2009-2425 - tor 0.2.0.35-1 (low; bug #537148) [lenny] - tor 0.2.0.35-1~lenny1 -CVE-2009-2424 (Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone ...) +CVE-2009-2424 NOT-FOR-US: Ebay Clone 2009 -CVE-2009-2423 (SQL injection vulnerability in category.php in Ebay Clone 2009 allows ...) +CVE-2009-2423 NOT-FOR-US: Ebay Clone 2009 -CVE-2009-2422 (The example code for the digest authentication functionality ...) +CVE-2009-2422 - rails 2.3.5-1 (bug #535896) [lenny] - rails <not-affected> (vulnerable code not present, introduced in 2.3.x) -CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command ...) +CVE-2009-2446 {DSA-1877-1} - mysql-dfsg-5.0 <removed> (low; bug #536726) [squeeze] - mysql-dfsg-5.0 5.0.51a-24+lenny2 @@ -7244,45 +7244,45 @@ CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability] NOTE: hostname validition is not implemented until 1.14, so etch NOTE: is in a way is not affected, but in another sense, it is NOTE: completely affected since no validation done at all -CVE-2009-2421 (The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in ...) +CVE-2009-2421 NOT-FOR-US: Apple Safari -CVE-2009-2420 (Apple Safari 3.2.3 does not properly implement the file: protocol ...) +CVE-2009-2420 NOT-FOR-US: Apple Safari -CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function in ...) +CVE-2009-2419 - webkit 1.1.10-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) CVE-2009-2418 REJECTED -CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...) +CVE-2009-2417 {DSA-1869-1} - curl 7.19.5-1.1 (medium; bug #541991) -CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, ...) +CVE-2009-2416 {DSA-1861-1 DSA-1859-1} - libxml2 2.7.3.dfsg-2.1 (low; bug #540865) - libxml <removed> -CVE-2009-2415 (Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote ...) +CVE-2009-2415 {DSA-1853-1} - memcached 1.4.1-1 (medium; bug #540379) - memcachedb 1.2.0-5 (medium; bug #540381) NOTE: the impact varies, on etch this runs as root and is not bound NOTE: to the loopback interface by default, memcached is even distributed NOTE: but fortunately not in a stable release. -CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, ...) +CVE-2009-2414 {DSA-1861-1 DSA-1859-1} - libxml2 2.7.3.dfsg-2.1 (medium; bug #540865) - libxml <removed> CVE-2009-2413 REJECTED -CVE-2009-2412 (Multiple integer overflows in the Apache Portable Runtime (APR) ...) +CVE-2009-2412 {DSA-1854-1} - apr 1.3.8-1 - apr-util 1.3.9+dfsg-1 -CVE-2009-2411 (Multiple integer overflows in the libsvn_delta library in Subversion ...) +CVE-2009-2411 {DSA-1855-1} - subversion 1.6.4dfsg-1 -CVE-2009-2410 (The local_handler_callback function in ...) +CVE-2009-2410 - sssd <not-affected> (Fixed before initial upload to the archive) -CVE-2009-2409 (The Network Security Services (NSS) library before 3.12.3, as used in ...) +CVE-2009-2409 {DSA-1935-1 DSA-1888-1 DSA-1874-1} - nss 3.12.3-1 (low; bug #539895) - openssl 0.9.8k-4 (low; bug #539899) @@ -7292,189 +7292,189 @@ CVE-2009-2409 (The Network Security Services (NSS) library before 3.12.3, as use - gnutls13 <removed> - sun-java6 6-17-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in ...) +CVE-2009-2407 {DSA-1845-1 DSA-1844-1} - linux-2.6 2.6.30-5 (medium) [etch] - linux-2.6 <not-affected> (ecryptfs not yet present) - linux-2.6.24 <removed> -CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function in ...) +CVE-2009-2406 {DSA-1845-1 DSA-1844-1} - linux-2.6 2.6.30-5 (medium) [etch] - linux-2.6 <not-affected> (ecryptfs not yet present) - linux-2.6.24 <removed> -CVE-2009-2405 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Console ...) +CVE-2009-2405 - jbossas4 4.2.2.GA-1 (bug #562000) [lenny] - jbossas4 <no-dsa> (Contrib not supported) -CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla ...) +CVE-2009-2404 {DSA-2025-1 DSA-1874-1} - nss 3.12.3-1 (low; bug #539934) - icedove 2.0.0.24-1 (low) -CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to ...) +CVE-2009-2403 NOT-FOR-US: SCMPX -CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in ...) +CVE-2009-2402 NOT-FOR-US: PHPEcho -CVE-2009-2401 (Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows ...) +CVE-2009-2401 NOT-FOR-US: PHPEcho -CVE-2009-2400 (SQL injection vulnerability in the PHP (com_php) component for Joomla! ...) +CVE-2009-2400 NOT-FOR-US: Joomla! -CVE-2009-2399 (PHP remote file inclusion vulnerability in ...) +CVE-2009-2399 NOT-FOR-US: DM FileManager -CVE-2009-2398 (Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 ...) +CVE-2009-2398 NOT-FOR-US: PHP-Sugar -CVE-2009-2397 (Directory traversal vulnerability in download.php in Audio Article ...) +CVE-2009-2397 NOT-FOR-US: Audio Article Directory -CVE-2009-2396 (PHP remote file inclusion vulnerability in template/album.php in DM ...) +CVE-2009-2396 NOT-FOR-US: DM Albums -CVE-2009-2395 (SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta ...) +CVE-2009-2395 NOT-FOR-US: Joomla! -CVE-2009-2394 (SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp ...) +CVE-2009-2394 NOT-FOR-US: SMSPages -CVE-2009-2393 (admin/index.php in Virtuenetz Virtue Online Test Generator does not ...) +CVE-2009-2393 NOT-FOR-US: Virtuenetz Virtue Online Test Generator -CVE-2009-2392 (SQL injection vulnerability in text.php in Virtuenetz Virtue Online ...) +CVE-2009-2392 NOT-FOR-US: Virtuenetz Virtue Online Test Generator -CVE-2009-2391 (Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz ...) +CVE-2009-2391 NOT-FOR-US: Virtuenetz Virtue Online Test Generator -CVE-2009-2390 (SQL injection vulnerability in the BookFlip (com_bookflip) component ...) +CVE-2009-2390 NOT-FOR-US: Joomla! -CVE-2009-2389 (Multiple SQL injection vulnerabilities in newsscript.php in USOLVED ...) +CVE-2009-2389 NOT-FOR-US: USOLVED NEWSolved -CVE-2009-2388 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows ...) +CVE-2009-2388 NOT-FOR-US: Opial -CVE-2009-2387 (Unspecified vulnerability in the proc filesystem in Sun OpenSolaris ...) +CVE-2009-2387 NOT-FOR-US: Sun OpenSolaris -CVE-2009-2386 (Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer ...) +CVE-2009-2386 NOT-FOR-US: Awingsoft Awakening Winds3D Viewer plugin -CVE-2009-2369 (Integer overflow in the wxImage::Create function in ...) +CVE-2009-2369 {DSA-1890-1} - wxwidgets2.8 2.8.7.1-2 (medium; bug #537174) - wxwidgets2.6 2.6.3.2.2-3.1 (medium; bug #537175) - wxwindows2.4 <removed> (medium) -CVE-2009-2360 (Cross-site scripting (XSS) vulnerability in passwd/main.php in the ...) +CVE-2009-2360 {DSA-1829-1} - sork-passwd-h3 3.1-1.1 (low; bug #536554) -CVE-2009-2385 (SQL injection vulnerability in the awardsMembers function in ...) +CVE-2009-2385 NOT-FOR-US: Member Awards component for Simple Machines Forum -CVE-2009-2384 (Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows ...) +CVE-2009-2384 NOT-FOR-US: Brothersoft PEamp -CVE-2009-2383 (SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites ...) +CVE-2009-2383 NOT-FOR-US: Related Sites plugin for WordPress -CVE-2009-2382 (admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to ...) +CVE-2009-2382 NOT-FOR-US: phpMyBlockchecker -CVE-2009-2381 (Gizmo 3.1.0.79 on Linux does not verify a server's SSL certificate, ...) +CVE-2009-2381 NOT-FOR-US: Gizmo -CVE-2009-2380 (Cross-site scripting (XSS) vulnerability in includes/functions.php in ...) +CVE-2009-2380 NOT-FOR-US: 4images -CVE-2009-2379 (Directory traversal vulnerability in public/index.php in BIGACE Web ...) +CVE-2009-2379 NOT-FOR-US: BIGACE Web CMS -CVE-2009-2378 (PHP remote file inclusion vulnerability in formmailer.admin.inc.php in ...) +CVE-2009-2378 NOT-FOR-US: Jax FormMailer -CVE-2009-2377 (Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in ...) +CVE-2009-2377 NOT-FOR-US: AVAX-software Avax Vector ActiveX -CVE-2009-2376 (Cross-site scripting (XSS) vulnerability in the Html::textarea ...) +CVE-2009-2376 NOT-FOR-US: TangoCMS -CVE-2009-2375 (Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly ...) +CVE-2009-2375 NOT-FOR-US: Photo DVD Maker -CVE-2009-2371 (Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not ...) +CVE-2009-2371 NOT-FOR-US: Advanced Forum module for Drupal -CVE-2009-2370 (Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before ...) +CVE-2009-2370 NOT-FOR-US: Advanced Forum module for Drupal -CVE-2009-2368 (Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown ...) +CVE-2009-2368 NOT-FOR-US: Socks Server -CVE-2009-2367 (cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable ...) +CVE-2009-2367 NOT-FOR-US: Iomega StorCenter Pro -CVE-2009-2366 (SQL injection vulnerability in login.asp in DataCheck Solutions ...) +CVE-2009-2366 NOT-FOR-US: DataCheck Solutions ForumPal FE -CVE-2009-2365 (SQL injection vulnerability in login.asp in DataCheck Solutions ...) +CVE-2009-2365 NOT-FOR-US: DataCheck Solutions GalleryPal FE -CVE-2009-2364 (Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers ...) +CVE-2009-2364 NOT-FOR-US: Mp3-Nator -CVE-2009-2363 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows ...) +CVE-2009-2363 NOT-FOR-US: KUDRSOFT AudioPLUS -CVE-2009-2362 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows ...) +CVE-2009-2362 NOT-FOR-US: KUDRSOFT AudioPLUS -CVE-2009-2361 (SQL injection vulnerability in include/class.staff.php in osTicket ...) +CVE-2009-2361 NOT-FOR-US: osTicket -CVE-2009-2359 (Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow ...) +CVE-2009-2359 NOT-FOR-US: TekRADIUS -CVE-2009-2358 (TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini ...) +CVE-2009-2358 NOT-FOR-US: TekRADIUS -CVE-2009-2357 (The default configuration of TekRADIUS 3.0 uses the sa account to ...) +CVE-2009-2357 NOT-FOR-US: TekRADIUS -CVE-2009-2356 (Multiple stack-based buffer overflows in the pgsqlQuery function in ...) +CVE-2009-2356 NOT-FOR-US: NullLogic Groupware -CVE-2009-2355 (The forum module in NullLogic Groupware 1.2.7 allows remote ...) +CVE-2009-2355 NOT-FOR-US: NullLogic Groupware -CVE-2009-2354 (SQL injection vulnerability in the auth_checkpass function in the ...) +CVE-2009-2354 NOT-FOR-US: NullLogic Groupware -CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute ...) +CVE-2009-2353 - eaccelerator-src <itp> (bug #460341) -CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript: URIs ...) +CVE-2009-2352 - chromium-browser 5.0.375.70~r48679-2 - webkit <not-affected> (doesn't have a 'view-source' handler) NOTE: poc didn't seem to work against 5.0.375.70~r48679-2 NOTE: chromium security team doesn't consider this a valid security issue NOTE: http://crbug.com/40086 -CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in Refresh ...) +CVE-2009-2351 NOT-FOR-US: Opera -CVE-2009-2350 (Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block ...) +CVE-2009-2350 NOT-FOR-US: Microsoft Internet Explorer CVE-2009-2349 RESERVED -CVE-2009-2348 (Android 1.5 CRBxx allows local users to bypass the (1) ...) +CVE-2009-2348 NOT-FOR-US: Android -CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in ...) +CVE-2009-2347 {DSA-1835-1} - tiff 3.8.2-13 - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before ...) +CVE-2009-2346 - asterisk 1:1.6.2.0~dfsg~beta3-1 (bug #539473) [etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support) [lenny] - asterisk <no-dsa> (Intrusive protocol-level vulnerabilitity, see http://downloads.asterisk.org/pub/security/IAX2-security.pdf) -CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 ...) +CVE-2009-2345 NOT-FOR-US: ClanSphere -CVE-2009-2344 (The web-based management interfaces in Sourcefire Defense Center (DC) ...) +CVE-2009-2344 NOT-FOR-US: Sourcefire -CVE-2009-2342 (Cross-site scripting (XSS) vulnerability in admin.php (aka the login ...) +CVE-2009-2342 NOT-FOR-US: CMME -CVE-2009-2341 (SQL injection vulnerability in albumdetail.php in Opial 1.0 allows ...) +CVE-2009-2341 NOT-FOR-US: Opial -CVE-2009-2340 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows ...) +CVE-2009-2340 NOT-FOR-US: Opial -CVE-2009-2339 (SQL injection vulnerability in index.php in Rentventory allows remote ...) +CVE-2009-2339 NOT-FOR-US: Rentventory -CVE-2009-2338 (Directory traversal vulnerability in includes/startmodules.inc.php in ...) +CVE-2009-2338 NOT-FOR-US: FreeWebshop.org -CVE-2009-2337 (SQL injection vulnerability in includes/module/book/index.inc.php in ...) +CVE-2009-2337 NOT-FOR-US: w3b|cms -CVE-2009-2336 (The forgotten mail interface in WordPress and WordPress MU before ...) +CVE-2009-2336 - wordpress 2.8.3-1 (unimportant; bug #536724) NOTE: Minor information leak -CVE-2009-2335 (WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...) +CVE-2009-2335 - wordpress 2.8.3-1 (unimportant; bug #536724) NOTE: Minor information leak -CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...) +CVE-2009-2334 {DSA-1871-2 DSA-1871-1} - wordpress 2.8.3-1 (low; bug #536724) -CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ...) +CVE-2009-2333 NOT-FOR-US: CMS Chainuk -CVE-2009-2332 (CMS Chainuk 1.2 and earlier allows remote attackers to obtain ...) +CVE-2009-2332 NOT-FOR-US: CMS Chainuk -CVE-2009-2331 (Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and ...) +CVE-2009-2331 NOT-FOR-US: CMS Chainuk -CVE-2009-2330 (Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in ...) +CVE-2009-2330 NOT-FOR-US: CMS Chainuk -CVE-2009-2329 (KerviNet Forum 1.1 and earlier allows remote attackers to obtain ...) +CVE-2009-2329 NOT-FOR-US: KerviNet Forum -CVE-2009-2328 (admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require ...) +CVE-2009-2328 NOT-FOR-US: KerviNet Forum -CVE-2009-2327 (Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet ...) +CVE-2009-2327 NOT-FOR-US: KerviNet Forum -CVE-2009-2326 (Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and ...) +CVE-2009-2326 NOT-FOR-US: KerviNet Forum -CVE-2009-2325 (Directory traversal vulnerability in index.php in Clicknet CMS 2.1 ...) +CVE-2009-2325 NOT-FOR-US: Clicknet CMS -CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor ...) +CVE-2009-2324 {DSA-1836-1} - fckeditor 1:2.6.4.1-1 (low; bug #536051) - moin 1.8.2-2 @@ -7490,27 +7490,27 @@ CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor [etch] - gforge <not-affected> (doesn't contain FCKeditor) - egroupware <not-affected> (doesn't provide FCKeditor sample files) - request-tracker3.8 <not-affected> (doesn't provide FCKeditor sample files) -CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back to the ...) +CVE-2009-2323 NOT-FOR-US: Axesstel MV 410R -CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the ...) +CVE-2009-2322 NOT-FOR-US: Axesstel MV 410R -CVE-2009-2321 (cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to ...) +CVE-2009-2321 NOT-FOR-US: Axesstel MV 410R -CVE-2009-2320 (The web interface on the Axesstel MV 410R relies on client-side ...) +CVE-2009-2320 NOT-FOR-US: Axesstel MV 410R -CVE-2009-2319 (The default configuration of the Wi-Fi component on the Axesstel MV ...) +CVE-2009-2319 NOT-FOR-US: Axesstel MV 410R -CVE-2009-2318 (The Axesstel MV 410R allows remote attackers to cause a denial of ...) +CVE-2009-2318 NOT-FOR-US: Axesstel MV 410R -CVE-2009-2317 (The Axesstel MV 410R has a certain default administrator password, and ...) +CVE-2009-2317 NOT-FOR-US: Axesstel MV 410R -CVE-2009-2316 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...) +CVE-2009-2316 NOT-FOR-US: IBM Tivoli CVE-2009-2315 REJECTED -CVE-2009-2314 (Race condition in the Sun Lightweight Availability Collection Tool 3.0 ...) +CVE-2009-2314 NOT-FOR-US: Lightweight Availability Collection Tool -CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 ...) +CVE-2009-2687 {DSA-1940-1} - php5 5.2.10.dfsg.1-2 (low; bug #535888) - php4 <removed> (low; bug #535897) @@ -7530,92 +7530,92 @@ CVE-2009-XXXX [mimedecode: potential dos/crash due to invalid input] - mimedecode <removed> (low; bug #530430) [etch] - mimedecode <no-dsa> (minor issue) [lenny] - mimedecode <no-dsa> (minor issue) -CVE-2009-2313 (Directory traversal vulnerability in index.php in Jinzora Media ...) +CVE-2009-2313 NOT-FOR-US: Jinzora Media Jukebox -CVE-2009-2312 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in ...) +CVE-2009-2312 NOT-FOR-US: Secure Computing SmartFilter -CVE-2009-2311 (SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab ...) +CVE-2009-2311 NOT-FOR-US: rGallery plugin for WoltLab -CVE-2009-2310 (SQL injection vulnerability in include/get_read.php in ...) +CVE-2009-2310 NOT-FOR-US: Extensible-BioLawCom CMS -CVE-2009-2309 (SQL injection vulnerability in index.php in Codice CMS 2 allows remote ...) +CVE-2009-2309 NOT-FOR-US: Codice CMS 2 -CVE-2009-2308 (Multiple SQL injection vulnerabilities in affiliates.php in the ...) +CVE-2009-2308 NOT-FOR-US: PunBB -CVE-2009-2307 (SQL injection vulnerability in the CWGuestBook module 2.1 and earlier ...) +CVE-2009-2307 NOT-FOR-US: MDPro -CVE-2009-2306 (The ARD-9808 DVR card security camera stores sensitive information ...) +CVE-2009-2306 NOT-FOR-US: ARD-9808 DVR card security camera -CVE-2009-2305 (The ARD-9808 DVR card security camera allows remote attackers to cause ...) +CVE-2009-2305 NOT-FOR-US: ARD-9808 DVR card security camera -CVE-2009-2304 (index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote ...) +CVE-2009-2304 NOT-FOR-US: Aardvark Topsites -CVE-2009-2303 (index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote ...) +CVE-2009-2303 NOT-FOR-US: Aardvark Topsites -CVE-2009-2302 (Cross-site scripting (XSS) vulnerability in index.php in Aardvark ...) +CVE-2009-2302 NOT-FOR-US: Aardvark Topsites -CVE-2009-2301 (The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with ...) +CVE-2009-2301 NOT-FOR-US: AppWall Web Application Firewall -CVE-2009-2300 (The management interface in the phion airlock Web Application Firewall ...) +CVE-2009-2300 NOT-FOR-US: phion airlock Web Application Firewall -CVE-2009-2299 (The Artofdefence Hyperguard Web Application Firewall (WAF) module ...) +CVE-2009-2299 NOT-FOR-US: Artofdefence Hyperguard Web Application Firewall -CVE-2009-2298 (Stack-based buffer overflow in rping in HP OpenView Network Node ...) +CVE-2009-2298 NOT-FOR-US: HP Network Node Manager rping -CVE-2009-2297 (Unspecified vulnerability in the udp subsystem in the kernel in Sun ...) +CVE-2009-2297 NOT-FOR-US: kernel in Sun Solaris -CVE-2009-2296 (The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris ...) +CVE-2009-2296 NOT-FOR-US: kernel module in Sun Solaris -CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow ...) +CVE-2009-2295 {DSA-1912-2 DSA-1832-1} - camlimages 1:3.0.1-2 (low; bug #535909) - advi 1.6.0-15 (low; bug #550440) -CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo 2.1 ...) +CVE-2009-2294 - dillo 3.0-1 (medium; bug #535788) -CVE-2009-2293 (Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote ...) +CVE-2009-2293 NOT-FOR-US: Optimum Web Design Tutorial Share -CVE-2009-2292 (Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 ...) +CVE-2009-2292 NOT-FOR-US: Appleple a-News -CVE-2009-2291 (Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a ...) +CVE-2009-2291 NOT-FOR-US: LoginToboggan module for Drupal -CVE-2009-2290 (SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) ...) +CVE-2009-2290 NOT-FOR-US: Joomla! -CVE-2009-2289 (Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade ...) +CVE-2009-2289 NOT-FOR-US: Arcade Trade Script -CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel ...) +CVE-2009-2287 {DSA-1846-1 DSA-1845-1} - linux-2.6 2.6.30-2 (low) - linux-2.6.24 <removed> - kvm 88+dfsg-2 (low; bug #557737) -CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 ...) +CVE-2009-2285 {DSA-1835-1} - tiff 3.8.2-12 (low; bug #534137) - tiff3 <not-affected> (fixed prior to initial upload) NOTE: this doesn't allow code execution, only a crash. -CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help jsp ...) +CVE-2009-2283 NOT-FOR-US: Sun Java Web Console in Solaris -CVE-2009-2282 (The Virtual Network Terminal Server daemon (vntsd) for Logical Domains ...) +CVE-2009-2282 NOT-FOR-US: LDoms in Sun Solaris -CVE-2009-2373 (Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...) +CVE-2009-2373 {DSA-1930-1} - drupal6 6.12-1.1 (low; bug #535435) - drupal5 <not-affected> (Vulnerable code not present) NOTE: http://drupal.org/node/507572 NOTE: requested CVE id -CVE-2009-2372 (Drupal 6.x before 6.13 does not prevent users from modifying user ...) +CVE-2009-2372 {DSA-1930-1} - drupal6 6.12-1.1 (medium; bug #535435) - drupal5 <not-affected> (Vulnerable code not present) NOTE: http://drupal.org/node/507572 NOTE: marked as medium as this might lead to code execution if the php filter is enabled NOTE: requested CVE id -CVE-2009-2374 (Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize ...) +CVE-2009-2374 {DSA-1930-1} - drupal6 6.12-1.1 (low; bug #535435) - drupal5 5.18-1.1 (low; bug #535476) NOTE: http://drupal.org/node/507572 NOTE: requested CVE id -CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 ...) +CVE-2009-2284 - phpmyadmin 4:3.2.0.1-1 (medium; bug #535890) [etch] - phpmyadmin <not-affected> (Vulnerable code not present) [lenny] - phpmyadmin <not-affected> (Vulnerable code not present) @@ -7626,35 +7626,35 @@ CVE-2009-2279 RESERVED CVE-2009-2278 RESERVED -CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...) +CVE-2009-2277 NOT-FOR-US: VMware -CVE-2009-2276 (SQL injection vulnerability in voteforus.php in the Vote For Us ...) +CVE-2009-2276 NOT-FOR-US: voteforus.php extension for PunBB -CVE-2009-2275 (Directory traversal vulnerability in frontend/x3/stats/lastvisit.html ...) +CVE-2009-2275 NOT-FOR-US: cPanel -CVE-2009-2274 (The Huawei D100 allows remote attackers to obtain sensitive ...) +CVE-2009-2274 NOT-FOR-US: Huawei D100 -CVE-2009-2273 (The default configuration of the Wi-Fi component on the Huawei D100 ...) +CVE-2009-2273 NOT-FOR-US: Huawei D100 -CVE-2009-2272 (The Huawei D100 stores the administrator's account name and password ...) +CVE-2009-2272 NOT-FOR-US: Huawei D100 -CVE-2009-2271 (The Huawei D100 has (1) a certain default administrator password for ...) +CVE-2009-2271 NOT-FOR-US: Huawei D100 -CVE-2009-2270 (Unrestricted file upload vulnerability in member/uploads_edit.php in ...) +CVE-2009-2270 NOT-FOR-US: dedecms -CVE-2009-2269 (SQL injection vulnerability in Empire CMS 5.1 allows remote attackers ...) +CVE-2009-2269 NOT-FOR-US: Empire CMS -CVE-2009-2268 (Cross-site scripting (XSS) vulnerability in the Cross-Domain ...) +CVE-2009-2268 NOT-FOR-US: Sun Java System Access Manager -CVE-2009-2267 (VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player ...) +CVE-2009-2267 - vmware-package <removed> -CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote ...) +CVE-2009-2266 NOT-FOR-US: OXID eShop -CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in ...) +CVE-2009-2281 {DSA-1914-1} - mapserver 5.4.2-1 (medium; bug #535340) NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2 -CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before ...) +CVE-2009-2265 {DSA-1836-1} - fckeditor 1:2.6.4.1-1 (medium; bug #536051) NOTE: http://dev.fckeditor.net/changeset/3815/FCKeditor/trunk/editor/filemanager @@ -7674,27 +7674,27 @@ CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor CVE-2009-2264 RESERVED -CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega ...) +CVE-2009-2263 NOT-FOR-US: Mega File Manager -CVE-2009-2262 (PHP remote file inclusion vulnerability in install/di.php in ...) +CVE-2009-2262 NOT-FOR-US: AjaxPortal -CVE-2009-2261 (PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted ...) +CVE-2009-2261 NOT-FOR-US: PeaZIP -CVE-2009-2260 (stardict 3.0.1, when Enable Net Dict is configured, sends the contents ...) +CVE-2009-2260 - stardict 3.0.1-5 (low; bug #534731) [etch] - stardict <not-affected> (netdict plugin not yet present) [lenny] - stardict 3.0.1-4+lenny1 CVE-2009-2259 REJECTED -CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...) +CVE-2009-2258 NOT-FOR-US: Netgear DG632 -CVE-2009-2257 (The administrative web interface on the Netgear DG632 with firmware ...) +CVE-2009-2257 NOT-FOR-US: Netgear DG632 -CVE-2009-2256 (The administrative web interface on the Netgear DG632 with firmware ...) +CVE-2009-2256 NOT-FOR-US: Netgear DG632 -CVE-2009-2255 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative ...) +CVE-2009-2255 NOT-FOR-US: Zen Cart -CVE-2009-2254 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative ...) +CVE-2009-2254 NOT-FOR-US: Zen Cart CVE-2009-2253 RESERVED @@ -7716,27 +7716,27 @@ CVE-2009-2245 RESERVED CVE-2009-2244 RESERVED -CVE-2009-2243 (SQL injection vulnerability in active_appointments.asp in ASP Inline ...) +CVE-2009-2243 NOT-FOR-US: ASP Inline Corporate Calendar -CVE-2009-2242 (SQL injection vulnerability in active_appointments.asp in ASP Inline ...) +CVE-2009-2242 NOT-FOR-US: ASP Inline Corporate Calendar -CVE-2009-2241 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline ...) +CVE-2009-2241 NOT-FOR-US: ASP Inline Corporate Calendar -CVE-2009-2240 (Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka ...) +CVE-2009-2240 NOT-FOR-US: Web Conference Room Free -CVE-2009-2239 (SQL injection vulnerability in the (1) casinobase (com_casinobase), ...) +CVE-2009-2239 NOT-FOR-US: Joomla! components -CVE-2009-2238 (Unrestricted file upload vulnerability in ...) +CVE-2009-2238 NOT-FOR-US: DMXReady Registration Manager -CVE-2009-2237 (Unspecified vulnerability in Views Bulk Operations 5.x-1.x before ...) +CVE-2009-2237 NOT-FOR-US: contributed Views Bulk Operations module for Drupal -CVE-2009-2236 (SQL injection vulnerability in yad-admin/login.php in Your Article ...) +CVE-2009-2236 NOT-FOR-US: Your Articles Directory -CVE-2009-2235 (SQL injection vulnerability in page.php in Your Articles Directory ...) +CVE-2009-2235 NOT-FOR-US: Your Articles Directory -CVE-2009-2234 (Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call ...) +CVE-2009-2234 NOT-FOR-US: VICIDIAL Call Center Suite -CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow ...) +CVE-2009-2210 {DSA-1830-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 @@ -7747,7 +7747,7 @@ CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 a - kompozer <not-affected> (mail suite not compiled) NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-33.html NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495057 -CVE-2009-2343 (Cross-site scripting (XSS) vulnerability in people.php in Zoph before ...) +CVE-2009-2343 - zoph 0.7.5-1 (low; bug #535188) [lenny] - zoph <no-dsa> (Minor issue, fringe package) NOTE: http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249 @@ -7756,99 +7756,99 @@ CVE-2009-XXXX [udev: creates aacraid devices that are rw by group floppy] - udev 0.141-1 (low; bug #530245; bug #462655; bug #404927) [lenny] - udev <no-dsa> (Minor issue) [etch] - udev <no-dsa> (minor issue) -CVE-2009-2288 (statuswml.cgi in Nagios before 3.1.1 allows remote attackers to ...) +CVE-2009-2288 {DSA-1825-1} - nagios3 3.0.6-5 - nagios2 <removed> NOTE: http://secunia.com/advisories/35543 -CVE-2009-2286 (Buffer overflow in compface 1.5.2 and earlier allows user-assisted ...) +CVE-2009-2286 - libcompface 1:1.5.2-5 (unimportant; bug #534973) -CVE-2009-2233 (The admin interface in AWScripts.com Gallery Search Engine 1.5 allows ...) +CVE-2009-2233 NOT-FOR-US: AWScripts.com Gallery Search Engine -CVE-2009-2232 (SQL injection vulnerability in image.php in Softbiz Banner Ad ...) +CVE-2009-2232 NOT-FOR-US: Softbiz Banner Ad Management Script -CVE-2009-2231 (MIDAS 1.43 allows remote attackers to bypass authentication and obtain ...) +CVE-2009-2231 NOT-FOR-US: MIDAS -CVE-2009-2230 (SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka ...) +CVE-2009-2230 NOT-FOR-US: MyBB -CVE-2009-2229 (Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 ...) +CVE-2009-2229 NOT-FOR-US: Kasseler CMS -CVE-2009-2228 (Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS ...) +CVE-2009-2228 NOT-FOR-US: Kasseler CMS -CVE-2009-2227 (Stack-based buffer overflow in B Labs Bopup Communication Server ...) +CVE-2009-2227 NOT-FOR-US: Bopup Communication Server -CVE-2009-2226 (Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS ...) +CVE-2009-2226 NOT-FOR-US: Let's PHP! Tree BBS -CVE-2009-2225 (Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial ...) +CVE-2009-2225 NOT-FOR-US: SureThing CD/DVD Labeler -CVE-2009-2224 (Directory traversal vulnerability in ang/shared/flags.php in AN ...) +CVE-2009-2224 NOT-FOR-US: AN Guestbook -CVE-2009-2223 (Directory traversal vulnerability in locms/smarty.php in LightOpenCMS ...) +CVE-2009-2223 NOT-FOR-US: LightOpenCMS -CVE-2009-2222 (Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier ...) +CVE-2009-2222 NOT-FOR-US: PHP-I-BOARD -CVE-2009-2221 (Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and ...) +CVE-2009-2221 NOT-FOR-US: PHP-I-BOARD -CVE-2009-2220 (Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, ...) +CVE-2009-2220 NOT-FOR-US: Tribiq CMS -CVE-2009-2219 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-2219 NOT-FOR-US: phpCollegeExchange -CVE-2009-2218 (Multiple PHP remote file inclusion vulnerabilities in ...) +CVE-2009-2218 NOT-FOR-US: phpCollegeExchange -CVE-2009-2217 (Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows ...) +CVE-2009-2217 NOT-FOR-US: NBBC -CVE-2009-2216 (Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in ...) +CVE-2009-2216 NOT-FOR-US: DirectAdmin -CVE-2009-2215 (Multiple cross-site scripting (XSS) vulnerabilities in URD before ...) +CVE-2009-2215 NOT-FOR-US: URD -CVE-2009-2214 (The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier ...) +CVE-2009-2214 NOT-FOR-US: Citrix Secure Gateway -CVE-2009-2213 (The default configuration of the Security global settings on the ...) +CVE-2009-2213 NOT-FOR-US: Citrix NetScaler Access Gateway -CVE-2009-2212 (The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and ...) +CVE-2009-2212 NOT-FOR-US: IBM Rational ClearQuest -CVE-2009-2211 (Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM ...) +CVE-2009-2211 NOT-FOR-US: IBM Rational ClearQuest -CVE-2009-2209 (SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 ...) +CVE-2009-2209 NOT-FOR-US: RS-CMS -CVE-2009-2208 (FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the ...) +CVE-2009-2208 - kfreebsd-6 <removed> [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported) - kfreebsd-7 7.2-2 [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported) NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc -CVE-2009-2207 (The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone ...) +CVE-2009-2207 NOT-FOR-US: Apple iPhone OS -CVE-2009-2206 (Multiple heap-based buffer overflows in the AudioCodecs library in the ...) +CVE-2009-2206 NOT-FOR-US: Apple iPhone OS -CVE-2009-2205 (Stack-based buffer overflow in the Java Web Start command launcher in ...) +CVE-2009-2205 NOT-FOR-US: Mac OS X -CVE-2009-2204 (Unspecified vulnerability in the CoreTelephony component in Apple ...) +CVE-2009-2204 NOT-FOR-US: Apple iPhone OS -CVE-2009-2203 (Buffer overflow in Apple QuickTime before 7.6.4 allows remote ...) +CVE-2009-2203 NOT-FOR-US: Apple QuickTime -CVE-2009-2202 (Apple QuickTime before 7.6.4 allows remote attackers to execute ...) +CVE-2009-2202 NOT-FOR-US: Apple QuickTime -CVE-2009-2201 (The screensharing feature in the Admin application in Apple Xsan ...) +CVE-2009-2201 NOT-FOR-US: Admin application in Apple Xsan -CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict the URL ...) +CVE-2009-2200 - kdelibs <not-affected> - webkit <not-affected> (gtk-based frame loader not affected) - qt4-x11 <not-affected> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273 NOTE: http://trac.webkit.org/changeset/44905 NOTE: http://trac.webkit.org/changeset/44909 -CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...) +CVE-2009-2199 - kdelibs <not-affected> - webkit <not-affected> (problem with look-alike character rendering with mac-specific fonts) - qt4-x11 <not-affected> -CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies ...) +CVE-2009-2198 NOT-FOR-US: Apple GarageBand -CVE-2009-2197 (Apple Safari before 9.1 allows remote attackers to spoof the user ...) +CVE-2009-2197 NOT-FOR-US: Apple Safari -CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote ...) +CVE-2009-2196 NOT-FOR-US: Apple Safari -CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote ...) +CVE-2009-2195 - webkit 1.1.12-1 (medium) [lenny] - webkit <not-affected> (Vulnerable code not present) - kdelibs <not-affected> @@ -7856,192 +7856,192 @@ CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows rem - qt4-x11 <not-affected> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273 NOTE: http://trac.webkit.org/changeset/45696 -CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file ...) +CVE-2009-2194 NOT-FOR-US: Apple Mac OS X -CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 ...) +CVE-2009-2193 NOT-FOR-US: kernel in Apple Mac OS X -CVE-2009-2192 (MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete ...) +CVE-2009-2192 NOT-FOR-US: MobileMe in Apple Mac OS X -CVE-2009-2191 (Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 ...) +CVE-2009-2191 NOT-FOR-US: Login Window in Apple Mac OS X -CVE-2009-2190 (launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers ...) +CVE-2009-2190 NOT-FOR-US: launchd in Apple Mac OS X -CVE-2009-2189 (The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme ...) +CVE-2009-2189 NOT-FOR-US: Apple -CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and ...) +CVE-2009-2188 NOT-FOR-US: ImageIO in Apple Mac OS X -CVE-2009-2187 (Multiple memory leaks in the (1) IP and (2) IPv6 multicast ...) +CVE-2009-2187 NOT-FOR-US: Sun Solaris -CVE-2009-2186 (Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 ...) +CVE-2009-2186 NOT-FOR-US: Adobe Shockwave Playe -CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, ...) +CVE-2009-2185 {DSA-1899-1 DSA-1898-1} - strongswan 4.2.14-1.2 (bug #533837) - openswan 1:2.6.22+dfsg-1 -CVE-2009-2184 (Absolute path traversal vulnerability in forcedownload.php in Gravy ...) +CVE-2009-2184 NOT-FOR-US: Gravy Media Photo -CVE-2009-2183 (Directory traversal vulnerability in admin-files/ad.php in Campsite ...) +CVE-2009-2183 NOT-FOR-US: Campsite -CVE-2009-2182 (Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 ...) +CVE-2009-2182 NOT-FOR-US: Campsite -CVE-2009-2181 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2009-2181 NOT-FOR-US: Campsite -CVE-2009-2180 (Multiple directory traversal vulnerabilities in upfiles/index.php in ...) +CVE-2009-2180 NOT-FOR-US: Pc4 Uploader -CVE-2009-2179 (SQL injection vulnerability in search.php in phpDatingClub 3.7 allows ...) +CVE-2009-2179 NOT-FOR-US: phpDatingClub -CVE-2009-2178 (Cross-site scripting (XSS) vulnerability in website.php in ...) +CVE-2009-2178 NOT-FOR-US: phpDatingClub -CVE-2009-2177 (code/display.php in fuzzylime (cms) 3.03a and earlier, when ...) +CVE-2009-2177 NOT-FOR-US: fuzzylime -CVE-2009-2176 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a ...) +CVE-2009-2176 NOT-FOR-US: fuzzylime -CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function in ...) +CVE-2009-2175 - gnome-xcf-thumbnailer 1.0-1.1 (low; bug #601735) [lenny] - gnome-xcf-thumbnailer <no-dsa> (Minor issue) - xcftools 1.0.7-1 (low; bug #533361) [etch] - xcftools 1.0.4-1+etch1 [lenny] - xcftools 1.0.4-1+lenny1 -CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of service ...) +CVE-2009-2174 - gupnp 0.12.6-3.1 (low; bug #534594) [etch] - gupnp <no-dsa> (Minor issue) [lenny] - gupnp <no-dsa> (Minor issue) -CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated users ...) +CVE-2009-2173 NOT-FOR-US: Carom3D -CVE-2009-2172 (Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in ...) +CVE-2009-2172 NOT-FOR-US: Radio and TV Player addon for vBulletin -CVE-2009-2169 (Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX ...) +CVE-2009-2169 NOT-FOR-US: Edraw PDF Viewer -CVE-2009-2168 (cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a ...) +CVE-2009-2168 NOT-FOR-US: EgyPlus 7ammel (aka 7ml) -CVE-2009-2167 (Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus ...) +CVE-2009-2167 NOT-FOR-US: EgyPlus 7ammel (aka 7ml) -CVE-2009-2166 (Absolute path traversal vulnerability in cvs.php in OCS Inventory NG ...) +CVE-2009-2166 - ocsinventory-server 1.02.1-1 (unimportant; bug #531735) NOTE: README.Debian states Important: access to the reports server should be restricted -CVE-2009-2165 (SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and ...) +CVE-2009-2165 NOT-FOR-US: SerendipityNZ (aka SimpleBoxes) Serene Bach -CVE-2009-2164 (Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, ...) +CVE-2009-2164 NOT-FOR-US: kjtechforce -CVE-2009-2163 (Cross-site scripting (XSS) vulnerability in login/default.aspx in ...) +CVE-2009-2163 NOT-FOR-US: Sitecore CMS -CVE-2009-2162 (Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC ...) +CVE-2009-2162 NOT-FOR-US: XOOPS MANIAC PukiWikiMod module -CVE-2009-2161 (Directory traversal vulnerability in backend/admin-functions.php in ...) +CVE-2009-2161 NOT-FOR-US: TorrentTrader -CVE-2009-2160 (TorrentTrader Classic 1.09 allows remote attackers to (1) obtain ...) +CVE-2009-2160 NOT-FOR-US: TorrentTrader -CVE-2009-2159 (backup-database.php in TorrentTrader Classic 1.09 does not require ...) +CVE-2009-2159 NOT-FOR-US: TorrentTrader -CVE-2009-2158 (account-recover.php in TorrentTrader Classic 1.09 chooses random ...) +CVE-2009-2158 NOT-FOR-US: TorrentTrader -CVE-2009-2157 (Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 ...) +CVE-2009-2157 NOT-FOR-US: TorrentTrader -CVE-2009-2156 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader ...) +CVE-2009-2156 NOT-FOR-US: TorrentTrader -CVE-2009-2155 (Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do ...) +CVE-2009-2155 NOT-FOR-US: WebNMS -CVE-2009-2154 (SQL injection vulnerability in admin/login.php in Impleo Music ...) +CVE-2009-2154 NOT-FOR-US: Impleo Music Collection -CVE-2009-2153 (Cross-site scripting (XSS) vulnerability in index.php in Impleo Music ...) +CVE-2009-2153 NOT-FOR-US: Impleo Music Collection -CVE-2009-2152 (SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows ...) +CVE-2009-2152 NOT-FOR-US: AdaptWeb -CVE-2009-2151 (Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 ...) +CVE-2009-2151 NOT-FOR-US: AdaptWeb -CVE-2009-2150 (Multiple cross-site request forgery (CSRF) vulnerabilities in Campus ...) +CVE-2009-2150 NOT-FOR-US: Campus Virtual-LMS -CVE-2009-2149 (Multiple cross-site scripting (XSS) vulnerabilities in Campus ...) +CVE-2009-2149 NOT-FOR-US: Campus Virtual-LMS -CVE-2009-2148 (SQL injection vulnerability in news/index.php in Campus Virtual-LMS ...) +CVE-2009-2148 NOT-FOR-US: Campus Virtual-LMS -CVE-2009-2147 (SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and ...) +CVE-2009-2147 NOT-FOR-US: phpWebThings -CVE-2009-2146 (Unrestricted file upload vulnerability in the Compose Email feature in ...) +CVE-2009-2146 - sugarcrm-ce-5.0 <itp> (bug #457876) -CVE-2009-2145 (Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 ...) +CVE-2009-2145 NOT-FOR-US: transLucid -CVE-2009-2144 (SQL injection vulnerability in the FireStats plugin before ...) +CVE-2009-2144 NOT-FOR-US: FireStats plugin for WordPress -CVE-2009-2143 (PHP remote file inclusion vulnerability in firestats-wordpress.php in ...) +CVE-2009-2143 NOT-FOR-US: FireStats plugin for WordPress -CVE-2009-2142 (Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store ...) +CVE-2009-2142 NOT-FOR-US: Zip Store Chat -CVE-2009-2141 (Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET ...) +CVE-2009-2141 NOT-FOR-US: TBDev.NET -CVE-2009-2140 (Multiple heap-based buffer overflows in ...) +CVE-2009-2140 - openoffice.org <not-affected> (bug introduced by a patch not applied to the deb) -CVE-2009-2139 (Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx ...) +CVE-2009-2139 {DSA-1880-1} - openoffice.org 1:3.1.1~ooo310m15-1 -CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow ...) +CVE-2009-2138 NOT-FOR-US: TBDev.NET -CVE-2009-2137 (Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka ...) +CVE-2009-2137 NOT-FOR-US: Ultra-SPARC T2 crypto provider device driver in Sun Solaris 10 -CVE-2009-2136 (Unspecified vulnerability in the TCP/IP networking stack in Sun ...) +CVE-2009-2136 NOT-FOR-US: Sun Solaris 10 -CVE-2009-2135 (Multiple race conditions in the Solaris Event Port API in Sun Solaris ...) +CVE-2009-2135 NOT-FOR-US: Sun Solaris 10 -CVE-2009-2134 (pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to ...) +CVE-2009-2134 NOT-FOR-US: Pivot -CVE-2009-2133 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 ...) +CVE-2009-2133 NOT-FOR-US: Pivot -CVE-2009-2132 (Directory traversal vulnerability in global.php in 4images before ...) +CVE-2009-2132 NOT-FOR-US: 4images -CVE-2009-2131 (Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier ...) +CVE-2009-2131 NOT-FOR-US: 4images -CVE-2009-2130 (Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) ...) +CVE-2009-2130 NOT-FOR-US: Elvin -CVE-2009-2129 (Cross-site request forgery (CSRF) vulnerability in login.php in Elvin ...) +CVE-2009-2129 NOT-FOR-US: Elvin -CVE-2009-2128 (SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 ...) +CVE-2009-2128 NOT-FOR-US: Elvin -CVE-2009-2127 (Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin ...) +CVE-2009-2127 NOT-FOR-US: Elvin -CVE-2009-2126 (Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin ...) +CVE-2009-2126 NOT-FOR-US: Elvin -CVE-2009-2125 (delete_bug.php in Elvin before 1.2.1 does not require administrative ...) +CVE-2009-2125 NOT-FOR-US: Elvin -CVE-2009-2124 (Directory traversal vulnerability in page.php in Elvin 1.2.0 allows ...) +CVE-2009-2124 NOT-FOR-US: Elvin -CVE-2009-2123 (Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote ...) +CVE-2009-2123 NOT-FOR-US: Elvin -CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo Palmonari ...) +CVE-2009-2122 NOT-FOR-US: Photoracer plugin for WordPress -CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before ...) +CVE-2009-2121 - chromium-browser <not-affected> (Only 2.x is affected) - webkit <not-affected> (chrome-specific issue) -CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 ...) +CVE-2009-2170 {DSA-1822-1} - mahara 1.1.5-1 (low) -CVE-2009-2171 (Mahara 1.1 before 1.1.5 does not apply permission checks when saving a ...) +CVE-2009-2171 - mahara 1.1.5-1 (low) [lenny] - mahara <not-affected> (vulnerable code introduced in 1.1) -CVE-2009-2120 (Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow ...) +CVE-2009-2120 NOT-FOR-US: TekBase -CVE-2009-2119 (Cross-site scripting (XSS) vulnerability in the login interface ...) +CVE-2009-2119 NOT-FOR-US: FirePass -CVE-2009-2118 (Integer overflow in IrfanView 4.23, when the resampling or screen ...) +CVE-2009-2118 NOT-FOR-US: IrfanView -CVE-2009-2117 (uye_paneli.php in phPortal 1.0 allows remote attackers to bypass ...) +CVE-2009-2117 NOT-FOR-US: phPortal -CVE-2009-2116 (Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 ...) +CVE-2009-2116 NOT-FOR-US: SkyBlueCanvas -CVE-2009-2115 (admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated ...) +CVE-2009-2115 NOT-FOR-US: SkyBlueCanvas -CVE-2009-2114 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...) +CVE-2009-2114 NOT-FOR-US: SkyBlueCanvas -CVE-2009-2113 (Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote ...) +CVE-2009-2113 NOT-FOR-US: FretsWeb -CVE-2009-2112 (Directory traversal vulnerability in include/page_bottom.php in phpFK ...) +CVE-2009-2112 NOT-FOR-US: phpFK -CVE-2009-2111 (Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 ...) +CVE-2009-2111 NOT-FOR-US: DB Top Site -CVE-2009-2110 (Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when ...) +CVE-2009-2110 NOT-FOR-US: DB Top Sites 1.0 -CVE-2009-2109 (Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow ...) +CVE-2009-2109 NOT-FOR-US: FretsWeb -CVE-2009-2108 (git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to ...) +CVE-2009-2108 {DSA-1841-2 DSA-1841-1} - git-core 1:1.6.3.3-1 (medium; bug #532935) NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9 @@ -8058,7 +8058,7 @@ CVE-2009-XXXX ["slowloris" denial-of-service vulnerabilty in webservers] - squid3 <not-affected> NOTE: http://www.squid-cache.org/bugs/show_bug.cgi?id=2694 - lighttpd <not-affected> -CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-2107 NOT-FOR-US: Webmedia Explorer CVE-2009-XXXX [ShowConfigTab unintentionally grants rights intended for SuperUsers] - request-tracker3.6 3.6.8-1 (low; bug #532990) @@ -8066,73 +8066,73 @@ CVE-2009-XXXX [ShowConfigTab unintentionally grants rights intended for SuperUse [etch] - request-tracker3.6 <not-affected> (flaw introduced in 3.6.2) - request-tracker3.4 <not-affected> (flaw introduced in 3.6.2; bug #534498) - request-tracker3.8 3.8.4-1 -CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ...) +CVE-2009-2106 NOT-FOR-US: Virtual Civil Services extension for TYPO3 -CVE-2009-2105 (SQL injection vulnerability in the References database (t3references) ...) +CVE-2009-2105 NOT-FOR-US: References database extension for TYPO3 -CVE-2009-2104 (Cross-site scripting (XSS) vulnerability in the Modern Guestbook / ...) +CVE-2009-2104 NOT-FOR-US: Modern Guestbook extension for TYPO3 -CVE-2009-2103 (SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) ...) +CVE-2009-2103 NOT-FOR-US: Frontend MP3 Player extension for TYPO3 -CVE-2009-2102 (SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and ...) +CVE-2009-2102 NOT-FOR-US: Jumi component for Joomla -CVE-2009-2101 (Directory traversal vulnerability in archive.php in TorrentVolve 1.4, ...) +CVE-2009-2101 NOT-FOR-US: TorrentVolve -CVE-2009-2100 (Directory traversal vulnerability in the JoomlaPraise Projectfork ...) +CVE-2009-2100 NOT-FOR-US: JoomlaPraise component for Joomla -CVE-2009-2099 (SQL injection vulnerability in the iJoomla RSS Feeder ...) +CVE-2009-2099 NOT-FOR-US: iJoomla RSS Feeder component for Joomla -CVE-2009-2098 (SQL injection vulnerability in topicler.php in phPortal 1.0 allows ...) +CVE-2009-2098 NOT-FOR-US: phPortal -CVE-2009-2097 (SQL injection vulnerability in ...) +CVE-2009-2097 NOT-FOR-US: Zoki Catalog -CVE-2009-2096 (SQL injection vulnerability in house/listing_view.php in ...) +CVE-2009-2096 NOT-FOR-US: phpCollegeExchange -CVE-2009-2095 (PHP remote file inclusion vulnerability in ...) +CVE-2009-2095 NOT-FOR-US: Mundi Mail -CVE-2009-2094 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise ...) +CVE-2009-2094 NOT-FOR-US: IBM WebSphere Commerce -CVE-2009-2093 (SQL injection vulnerability in the console in IBM WebSphere Partner ...) +CVE-2009-2093 NOT-FOR-US: IBM WebSphere -CVE-2009-2092 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not ...) +CVE-2009-2092 NOT-FOR-US: IBM WebSphere -CVE-2009-2091 (The System Management/Repository component in IBM WebSphere ...) +CVE-2009-2091 NOT-FOR-US: IBM WebSphere -CVE-2009-2090 (Unspecified vulnerability in wsadmin in the System ...) +CVE-2009-2090 NOT-FOR-US: IBM WebSphere -CVE-2009-2089 (The Migration component in IBM WebSphere Application Server (WAS) 6.1 ...) +CVE-2009-2089 NOT-FOR-US: IBM WebSphere -CVE-2009-2088 (The Servlet Engine/Web Container component in IBM WebSphere ...) +CVE-2009-2088 NOT-FOR-US: IBM WebSphere -CVE-2009-2087 (The Web Services functionality in IBM WebSphere Application Server ...) +CVE-2009-2087 NOT-FOR-US: IBM WebSphere CVE-2009-2086 REJECTED -CVE-2009-2085 (The Security component in IBM WebSphere Application Server (WAS) 6.1 ...) +CVE-2009-2085 NOT-FOR-US: IBM WebSphere -CVE-2009-2084 (Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 ...) +CVE-2009-2084 {DSA-1776-1} - slurm-llnl 1.3.15-1 (bug #524980) [lenny] - slurm-llnl 1.3.6-1lenny3 -CVE-2009-2083 (Cross-site scripting (XSS) vulnerability in the term data detail page ...) +CVE-2009-2083 NOT-FOR-US: Taxonomy -CVE-2009-2082 (SQL injection vulnerability in insidepage.php in Creative Web ...) +CVE-2009-2082 NOT-FOR-US: Creative Web Solutions Multi-Level CMS -CVE-2009-2081 (Directory traversal vulnerability in help.php in phpWebThings 1.5.2 ...) +CVE-2009-2081 NOT-FOR-US: phpWebThings -CVE-2009-2080 (admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict ...) +CVE-2009-2080 NOT-FOR-US: MRCGIGUY -CVE-2009-2079 (Cross-site scripting (XSS) vulnerability in the administrative page ...) +CVE-2009-2079 NOT-FOR-US: Taxonomy -CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x ...) +CVE-2009-2078 NOT-FOR-US: Booktree module for drupal -CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote ...) +CVE-2009-2077 - drupal6-mod-views <not-affected> (Fixed before initial upload) -CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, ...) +CVE-2009-2076 - drupal6-mod-views <not-affected> (Fixed before initial upload) -CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for ...) +CVE-2009-2075 NOT-FOR-US: Nodequeue module for Drupal -CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before ...) +CVE-2009-2074 NOT-FOR-US: Nodequeue module for Drupal CVE-2009-XXXX [backuppc: web frontend installed insecurely by default] - backuppc 3.1.0-6 @@ -8142,240 +8142,240 @@ CVE-2009-XXXX [clamav scanner bypass with archives] [lenny] - clamav <no-dsa> (Inherent to the concept of malware concept) [etch] - clamav <no-dsa> (Support was discontinued) NOTE: http://blog.zoller.lu/2009/05/advisory-clamav-generic-bypass.html -CVE-2009-2073 (Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N ...) +CVE-2009-2073 NOT-FOR-US: Linksys -CVE-2009-2072 (Apple Safari does not require a cached certificate before displaying a ...) +CVE-2009-2072 NOT-FOR-US: Apple Safari -CVE-2009-2071 (Google Chrome before 1.0.154.53 displays a cached certificate for a ...) +CVE-2009-2071 - chromium-browser <not-affected> (Only 1.x is affected) - webkit <not-affected> (chrome-specific issue) -CVE-2009-2070 (Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT ...) +CVE-2009-2070 NOT-FOR-US: Opera -CVE-2009-2069 (Microsoft Internet Explorer before 8 displays a cached certificate for ...) +CVE-2009-2069 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-2068 (Google Chrome detects http content in https web pages only when the ...) +CVE-2009-2068 - chromium-browser 5.0.342.9~r43360-1 -CVE-2009-2067 (Opera detects http content in https web pages only when the top-level ...) +CVE-2009-2067 NOT-FOR-US: Opera -CVE-2009-2066 (Apple Safari detects http content in https web pages only when the ...) +CVE-2009-2066 NOT-FOR-US: Apple Safari -CVE-2009-2065 (Mozilla Firefox 3.0.10, and possibly other versions, detects http ...) +CVE-2009-2065 - xulrunner <undetermined> (bug #565521) [wheezy] - xulrunner <end-of-life> (no detailed information available) -CVE-2009-2064 (Microsoft Internet Explorer 8, and possibly other versions, detects ...) +CVE-2009-2064 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-2063 (Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response ...) +CVE-2009-2063 NOT-FOR-US: Opera -CVE-2009-2062 (Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before ...) +CVE-2009-2062 NOT-FOR-US: Apple Safari -CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response ...) +CVE-2009-2061 {DSA-1830-1 DSA-1820-1} - xulrunner 1.9.0.11-1 - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 -CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before ...) +CVE-2009-2060 - chromium-browser <not-affected> (Only 1.x is affected) - webkit <not-affected> (chrome-specific issue) -CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to determine ...) +CVE-2009-2059 NOT-FOR-US: Opera -CVE-2009-2058 (Apple Safari before 3.2.2 uses the HTTP Host header to determine the ...) +CVE-2009-2058 NOT-FOR-US: Apple Safari -CVE-2009-2057 (Microsoft Internet Explorer before 8 uses the HTTP Host header to ...) +CVE-2009-2057 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-2056 (Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to ...) +CVE-2009-2056 NOT-FOR-US: Cisco -CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a ...) +CVE-2009-2055 NOT-FOR-US: Cisco IOS -CVE-2009-2054 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) +CVE-2009-2054 NOT-FOR-US: Cisco -CVE-2009-2053 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) +CVE-2009-2053 NOT-FOR-US: Cisco -CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) +CVE-2009-2052 NOT-FOR-US: Cisco -CVE-2009-2051 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...) +CVE-2009-2051 NOT-FOR-US: Cisco -CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) +CVE-2009-2050 NOT-FOR-US: Cisco -CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through ...) +CVE-2009-2049 NOT-FOR-US: Cisco IOS -CVE-2009-2048 (Cross-site scripting (XSS) vulnerability in the Administration ...) +CVE-2009-2048 NOT-FOR-US: Cisco -CVE-2009-2047 (Directory traversal vulnerability in the Administration interface in ...) +CVE-2009-2047 NOT-FOR-US: Cisco -CVE-2009-2046 (The embedded web server on the Cisco Video Surveillance 2500 Series IP ...) +CVE-2009-2046 NOT-FOR-US: Cisco -CVE-2009-2045 (The Cisco Video Surveillance Stream Manager firmware before 5.3, as ...) +CVE-2009-2045 NOT-FOR-US: Cisco -CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ...) +CVE-2009-2044 - xulrunner <not-affected> (uses external cairo library) - cairo 1.8.8-2 (unimportant) NOTE: http://cgit.freedesktop.org/cairo/commit/?id=2cf82eaf0d08e68b787bb0792da97e73d8d4ce38 NOTE: Just a crasher -CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows ...) +CVE-2009-2043 - xulrunner <unfixed> (unimportant) NOTE: Browser crashes not treated as security issues -CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images ...) +CVE-2009-2042 {DSA-2032-1} - libpng 1.2.37-1 (low; bug #533676) [etch] - libpng <no-dsa> (Minor issue, only exploitable in rare setups) - xulrunner <not-affected> (xulrunner dynamically linked against libpng; embeded code copy not used) -CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab ...) +CVE-2009-2041 NOT-FOR-US: activeCollab -CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict access, ...) +CVE-2009-2040 NOT-FOR-US: Grestul -CVE-2009-2039 (Unspecified vulnerability in the Luottokunta module before 1.3 for ...) +CVE-2009-2039 NOT-FOR-US: Luottokunta module for osCommerce -CVE-2009-2038 (Unspecified vulnerability in the Finnish Bank Payment module 2.2 for ...) +CVE-2009-2038 NOT-FOR-US: Finnish Bank Payment module 2.2 for osCommerce -CVE-2009-2037 (Multiple directory traversal vulnerabilities in Online Grades & ...) +CVE-2009-2037 NOT-FOR-US: Online Grades -CVE-2009-2036 (SQL injection vulnerability in index.php in Open Biller 0.1 allows ...) +CVE-2009-2036 NOT-FOR-US: Open Biller -CVE-2009-2035 (Unspecified vulnerability in Services 6.x before 6.x-0.14, a module ...) +CVE-2009-2035 NOT-FOR-US: Service module for Drupal -CVE-2009-2034 (SQL injection vulnerability in writemessage.php in Yogurt 0.3, when ...) +CVE-2009-2034 NOT-FOR-US: Yogurt -CVE-2009-2033 (Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 ...) +CVE-2009-2033 NOT-FOR-US: Yogurt -CVE-2009-2032 (Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, ...) +CVE-2009-2032 NOT-FOR-US: PDshopPro -CVE-2009-2031 (smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount ...) +CVE-2009-2031 NOT-FOR-US: OpenSolaris -CVE-2009-2030 (Unspecified vulnerability in the XML Digital Signature verification ...) +CVE-2009-2030 NOT-FOR-US: IBM OS/400 -CVE-2009-2029 (Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and ...) +CVE-2009-2029 NOT-FOR-US: Sun Solaris -CVE-2009-2028 (Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 ...) +CVE-2009-2028 NOT-FOR-US: Adobe -CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local users ...) +CVE-2009-2027 NOT-FOR-US: Apple Safari -CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the ...) +CVE-2009-2026 NOT-FOR-US: CA Software Delivery -CVE-2009-2025 (admin/login.php in DM FileManager 3.9.2 allows remote attackers to ...) +CVE-2009-2025 NOT-FOR-US: DM FileManager -CVE-2009-2024 (Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the ...) +CVE-2009-2024 NOT-FOR-US: Vlad Titarenko ASP VT Auth -CVE-2009-2023 (SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when ...) +CVE-2009-2023 NOT-FOR-US: Shop-Script -CVE-2009-2022 (fipsCMS Light 2.1 stores sensitive information under the web root with ...) +CVE-2009-2022 NOT-FOR-US: fipsCMS -CVE-2009-2021 (SQL injection vulnerability in search.php in Virtue Classifieds allows ...) +CVE-2009-2021 NOT-FOR-US: Virtue Classifieds allows -CVE-2009-2020 (Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue ...) +CVE-2009-2020 NOT-FOR-US: News Manager -CVE-2009-2019 (SQL injection vulnerability in news_detail.php in Virtue News Manager ...) +CVE-2009-2019 NOT-FOR-US: Virtue News Manager -CVE-2009-2018 (SQL injection vulnerability in admin/index.php in Jared Eckersley ...) +CVE-2009-2018 NOT-FOR-US: Jared Eckersley MyCars -CVE-2009-2017 (SQL injection vulnerability in products.php in Virtue Book Store ...) +CVE-2009-2017 NOT-FOR-US: Virtue Book Store -CVE-2009-2016 (SQL injection vulnerability in products.php in Virtue Shopping Mall ...) +CVE-2009-2016 NOT-FOR-US: Virtue Shopping Mall -CVE-2009-2015 (Directory traversal vulnerability in includes/file_includer.php in the ...) +CVE-2009-2015 NOT-FOR-US: com_moofaq for Joomla! -CVE-2009-2014 (SQL injection vulnerability in the ComSchool (com_school) component ...) +CVE-2009-2014 NOT-FOR-US: com_school for Joomla! -CVE-2009-2013 (SQL injection vulnerability in bin/aps_browse_sources.php in Frontis ...) +CVE-2009-2013 NOT-FOR-US: Frontis -CVE-2009-2012 (Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through ...) +CVE-2009-2012 NOT-FOR-US: OpenSolaris -CVE-2009-2011 (Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and ...) +CVE-2009-2011 NOT-FOR-US: Worldweaver DX Studio Player -CVE-2009-2010 (Multiple SQL injection vulnerabilities in Haudenschilt Family ...) +CVE-2009-2010 NOT-FOR-US: Haudenschilt Family Connections CMS -CVE-2009-2009 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, ...) +CVE-2009-2009 NOT-FOR-US: Dokeos -CVE-2009-2008 (Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly ...) +CVE-2009-2008 NOT-FOR-US: Dokeos -CVE-2009-2007 (Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and ...) +CVE-2009-2007 NOT-FOR-US: Dokeos -CVE-2009-2006 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, ...) +CVE-2009-2006 NOT-FOR-US: Dokeos -CVE-2009-2005 (Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and ...) +CVE-2009-2005 NOT-FOR-US: Dokeos -CVE-2009-2004 (Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php ...) +CVE-2009-2004 NOT-FOR-US: Dokeos -CVE-2009-2003 (Ascad Networks Password Protector SD 1.3.1 allows remote attackers to ...) +CVE-2009-2003 NOT-FOR-US: Ascad Networks Password Protector -CVE-2009-2002 (Unspecified vulnerability in the WebLogic Portal component in BEA ...) +CVE-2009-2002 NOT-FOR-US: BEA Product Suite -CVE-2009-2001 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...) +CVE-2009-2001 NOT-FOR-US: Oracle Database -CVE-2009-2000 (Unspecified vulnerability in the Authentication component in Oracle ...) +CVE-2009-2000 NOT-FOR-US: Oracle Database -CVE-2009-1999 (Unspecified vulnerability in the Business Intelligence Enterprise ...) +CVE-2009-1999 NOT-FOR-US: Oracle Application Server -CVE-2009-1998 (Unspecified vulnerability in the Oracle Communications Order and ...) +CVE-2009-1998 NOT-FOR-US: Oracle Industry Applications -CVE-2009-1997 (Unspecified vulnerability in the Authentication component in Oracle ...) +CVE-2009-1997 NOT-FOR-US: Oracle Database -CVE-2009-1996 (Unspecified vulnerability in the Logical Standby component in Oracle ...) +CVE-2009-1996 NOT-FOR-US: Oracle Database -CVE-2009-1995 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) +CVE-2009-1995 NOT-FOR-US: Oracle Database -CVE-2009-1994 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) +CVE-2009-1994 NOT-FOR-US: Oracle Database -CVE-2009-1993 (Unspecified vulnerability in the Application Express component in ...) +CVE-2009-1993 NOT-FOR-US: Oracle Database -CVE-2009-1992 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) +CVE-2009-1992 NOT-FOR-US: Oracle Database -CVE-2009-1991 (Unspecified vulnerability in the Oracle Text component in Oracle ...) +CVE-2009-1991 NOT-FOR-US: Oracle Database -CVE-2009-1990 (Unspecified vulnerability in the Business Intelligence Enterprise ...) +CVE-2009-1990 NOT-FOR-US: Oracle Application Server -CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component ...) +CVE-2009-1989 NOT-FOR-US: Oracle PeopleSoft Enterprise -CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile ...) +CVE-2009-1988 NOT-FOR-US: Oracle PeopleSoft Enterprise -CVE-2009-1987 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - ...) +CVE-2009-1987 NOT-FOR-US: Oracle PeopleSoft Enterprise -CVE-2009-1986 (Unspecified vulnerability in the Oracle Applications Manager component ...) +CVE-2009-1986 NOT-FOR-US: Oracle Applications Manager -CVE-2009-1985 (Unspecified vulnerability in the Network Authentication component in ...) +CVE-2009-1985 NOT-FOR-US: Oracle Database -CVE-2009-1984 (Unspecified vulnerability in the Application Install component in ...) +CVE-2009-1984 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) +CVE-2009-1983 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-1982 (Unspecified vulnerability in the Oracle Applications Framework ...) +CVE-2009-1982 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-1981 (Unspecified vulnerability in the Highly Interactive Client component ...) +CVE-2009-1981 NOT-FOR-US: Siebel Product Suite -CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2009-1980 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-1979 (Unspecified vulnerability in the Network Authentication component in ...) +CVE-2009-1979 NOT-FOR-US: Oracle Database -CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component in ...) +CVE-2009-1978 NOT-FOR-US: Oracle Secure Backup -CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component in ...) +CVE-2009-1977 NOT-FOR-US: Oracle Secure Backup -CVE-2009-1976 (Unspecified vulnerability in the HTTP Server component in Oracle ...) +CVE-2009-1976 NOT-FOR-US: Oracle Application Server -CVE-2009-1975 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2009-1975 NOT-FOR-US: BEA WebLogic Server -CVE-2009-1974 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2009-1974 NOT-FOR-US: BEA WebLogic -CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database component in ...) +CVE-2009-1973 NOT-FOR-US: Oracle Database -CVE-2009-1972 (Unspecified vulnerability in the Auditing component in Oracle Database ...) +CVE-2009-1972 NOT-FOR-US: Oracle Database -CVE-2009-1971 (Unspecified vulnerability in the Data Pump component in Oracle ...) +CVE-2009-1971 NOT-FOR-US: Oracle Database -CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle Database ...) +CVE-2009-1970 NOT-FOR-US: Oracle Database -CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle Database ...) +CVE-2009-1969 NOT-FOR-US: Oracle Database -CVE-2009-1968 (Unspecified vulnerability in the Secure Enterprise Search component in ...) +CVE-2009-1968 NOT-FOR-US: Oracle Database -CVE-2009-1967 (Unspecified vulnerability in the Config Management component in (1) ...) +CVE-2009-1967 NOT-FOR-US: Oracle Database -CVE-2009-1966 (Unspecified vulnerability in the Config Management component in (1) ...) +CVE-2009-1966 NOT-FOR-US: Oracle Database -CVE-2009-1965 (Unspecified vulnerability in the Net Foundation Layer component in ...) +CVE-2009-1965 NOT-FOR-US: Oracle Database -CVE-2009-1964 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) +CVE-2009-1964 NOT-FOR-US: Oracle Database -CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component in ...) +CVE-2009-1963 NOT-FOR-US: Oracle Database CVE-2009-XXXX [predictable random number generator used in web browsers] - webkit 1.2 (low; bug #532514) @@ -8393,70 +8393,70 @@ CVE-2009-XXXX [predictable random number generator used in web browsers] - dillo <not-affected> (bug #532522) NOTE: These issues can be fixed in more recent upstream versions, but the risk NOTE: of regression doesn't outweigh the issue at hand -CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...) +CVE-2009-1961 {DSA-1844-1} - linux-2.6 2.6.30-1 (low) [etch] - linux-2.6 <not-affected> (Affected code was introduced in 2.6.19) [lenny] - linux-2.6 2.6.26-16 - linux-2.6.24 <removed> NOTE: fixed in lenny 5.0.2 release -CVE-2009-1959 (Off-by-one error in the event_wallops function in ...) +CVE-2009-1959 - irssi 0.8.13-2 (low; bug #532607; bug #531357) [lenny] - irssi 0.8.12-7 [etch] - irssi 0.8.10-3 NOTE: exploitability limited, DoS rather obscure attack scenario -CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache ...) +CVE-2009-1956 - apr-util 1.3.7+dfsg-1 (low) [lenny] - apr-util 1.2.12+dfsg-8+lenny3 -CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in ...) +CVE-2009-1955 {DSA-1812-1} - apr-util 1.3.7+dfsg-1 (medium) -CVE-2009-1954 (Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 ...) +CVE-2009-1954 NOT-FOR-US: IBM AIX -CVE-2009-1953 (IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM ...) +CVE-2009-1953 NOT-FOR-US: IBM FileNet Content Manager -CVE-2009-1952 (Multiple SQL injection vulnerabilities in the administrative login ...) +CVE-2009-1952 NOT-FOR-US: PropertyMax -CVE-2009-1951 (Cross-site scripting (XSS) vulnerability in index.php in PropertyMax ...) +CVE-2009-1951 NOT-FOR-US: PropertyMax -CVE-2009-1950 (SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 ...) +CVE-2009-1950 NOT-FOR-US: WebEyes Guest Book -CVE-2009-1949 (import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote ...) +CVE-2009-1949 NOT-FOR-US: Unclassified NewsBoard -CVE-2009-1948 (Multiple directory traversal vulnerabilities in forum.php in ...) +CVE-2009-1948 NOT-FOR-US: Unclassified NewsBoard -CVE-2009-1947 (SQL injection vulnerability in the UnbDbEncode function in ...) +CVE-2009-1947 NOT-FOR-US: Unclassified NewsBoard -CVE-2009-1946 (PHP remote file inclusion vulnerability in latestposts.php in AdaptBB ...) +CVE-2009-1946 NOT-FOR-US: AdaptBB -CVE-2009-1945 (SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 ...) +CVE-2009-1945 NOT-FOR-US: cWebCal -CVE-2009-1944 (Stack-based buffer overflow in AIMP 2.51 build 330 allows remote ...) +CVE-2009-1944 NOT-FOR-US: AIMP -CVE-2009-1943 (Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet ...) +CVE-2009-1943 NOT-FOR-US: SafeNet SoftRemote -CVE-2009-1942 (Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, ...) +CVE-2009-1942 NOT-FOR-US: Quiz module for Drupal -CVE-2009-1941 (PAD Site Scripts 3.6 stores sensitive information under the web ...) +CVE-2009-1941 NOT-FOR-US: PAD Site Scripts -CVE-2009-1940 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...) +CVE-2009-1940 NOT-FOR-US: Joomla! -CVE-2009-1939 (Cross-site scripting (XSS) vulnerability in the JA_Purity template for ...) +CVE-2009-1939 NOT-FOR-US: Joomla! -CVE-2009-1938 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through ...) +CVE-2009-1938 NOT-FOR-US: Joomla! -CVE-2009-1937 (Cross-site scripting (XSS) vulnerability in the comment posting ...) +CVE-2009-1937 NOT-FOR-US: LightNEasy -CVE-2009-1936 (_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a ...) +CVE-2009-1936 NOT-FOR-US: cpCommerce -CVE-2009-1935 (Integer overflow in the pipe_build_write_buffer function ...) +CVE-2009-1935 - kfreebsd-6 <removed> [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported) - kfreebsd-7 7.2-2 [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported) -CVE-2009-1934 (Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in ...) +CVE-2009-1934 NOT-FOR-US: Sun Java System Web Server -CVE-2009-1933 (Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, ...) +CVE-2009-1933 NOT-FOR-US: Solaris CVE-2009-XXXX [pgp4pine off-by-one] - pgp4pine <removed> (bug #457947; medium) @@ -8464,139 +8464,139 @@ CVE-2009-XXXX [pgp4pine off-by-one] [lenny] - pgp4pine <no-dsa> (Contrib not supported) NOTE: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0122.html NOTE: unlike the note states this is not just an off-by-one, classic stack-based buffer overflow -CVE-2009-1932 (Multiple integer overflows in the (1) user_info_callback, (2) ...) +CVE-2009-1932 {DSA-1839-1} - gst-plugins-good0.10 0.10.15-2 (medium; bug #531631; bug #532352) CVE-2009-1931 RESERVED -CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) +CVE-2009-1930 NOT-FOR-US: Microsoft Windows -CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client ...) +CVE-2009-1929 NOT-FOR-US: ActiveX -CVE-2009-1928 (Stack consumption vulnerability in the LDAP service in Active ...) +CVE-2009-1928 NOT-FOR-US: Microsoft Windows CVE-2009-1927 REJECTED -CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista ...) +CVE-2009-1926 NOT-FOR-US: Microsoft Windows -CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) +CVE-2009-1925 NOT-FOR-US: Microsoft Windows Vista Gold -CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component ...) +CVE-2009-1924 NOT-FOR-US: Microsoft Windows -CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) ...) +CVE-2009-1923 NOT-FOR-US: Microsoft Windows -CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, ...) +CVE-2009-1922 NOT-FOR-US: Microsoft Windows CVE-2009-1921 REJECTED -CVE-2009-1920 (The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in ...) +CVE-2009-1920 NOT-FOR-US: Microsoft -CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 ...) +CVE-2009-1919 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-1918 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 ...) +CVE-2009-1918 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-1917 (Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP ...) +CVE-2009-1917 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-1916 (dig.php in GScripts.net DNS Tools allows remote attackers to execute ...) +CVE-2009-1916 NOT-FOR-US: GScripts.net DNS Tools -CVE-2009-1915 (Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ...) +CVE-2009-1915 NOT-FOR-US: ICQ -CVE-2009-1914 (The pci_register_iommu_region function in ...) +CVE-2009-1914 {DSA-1844-1} - linux-2.6 2.6.29-1 (low; bug #532722) [lenny] - linux-2.6 2.6.26-16 - linux-2.6.24 <removed> NOTE: updated in lenny 5.0.2 release -CVE-2009-1913 (SQL injection vulnerability in manager.php in LuxBum 0.5.5, when ...) +CVE-2009-1913 NOT-FOR-US: LuxBum -CVE-2009-1912 (Directory traversal vulnerability in src/func/language.php in webSPELL ...) +CVE-2009-1912 NOT-FOR-US: webSPELL -CVE-2009-1911 (Directory traversal vulnerability in .include/init.php (aka ...) +CVE-2009-1911 NOT-FOR-US: QuiXplorer -CVE-2009-1910 (SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows ...) +CVE-2009-1910 NOT-FOR-US: RTWebalbum -CVE-2009-1909 (SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and ...) +CVE-2009-1909 NOT-FOR-US: Skip -CVE-2009-1908 (Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, ...) +CVE-2009-1908 NOT-FOR-US: Skip -CVE-2009-1907 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2009-1907 NOT-FOR-US: Claroline -CVE-2009-1906 (The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before ...) +CVE-2009-1906 NOT-FOR-US: IBM DB2 -CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...) +CVE-2009-1905 NOT-FOR-US: IBM DB2 -CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...) +CVE-2009-1904 {DSA-1860-1} - ruby1.8 1.8.7.173-1 (low; bug #532689) - ruby1.9 <removed> (bug #575778) NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/ -CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows ...) +CVE-2009-1903 - libapache-mod-security 2.5.9-1 -CVE-2009-1902 (The multipart processor in ModSecurity before 2.5.9 allows remote ...) +CVE-2009-1902 - libapache-mod-security 2.5.9-1 -CVE-2009-1901 (The Security component in IBM WebSphere Application Server (WAS) 6.0.2 ...) +CVE-2009-1901 NOT-FOR-US: IBM WebSphere -CVE-2009-1900 (The Configservice APIs in the Administrative Console component in IBM ...) +CVE-2009-1900 NOT-FOR-US: IBM WebSphere -CVE-2009-1899 (Unspecified vulnerability in the Administrative Configservice API in ...) +CVE-2009-1899 NOT-FOR-US: IBM WebSphere -CVE-2009-1898 (The secure login page in the Administrative Console component in IBM ...) +CVE-2009-1898 NOT-FOR-US: IBM WebSphere -CVE-2009-1960 (inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, ...) +CVE-2009-1960 - dokuwiki 0.0.20090214b-1 (unimportant) NOTE: we don't support setups with register_globals enabled -CVE-2009-1897 (The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in ...) +CVE-2009-1897 - linux-2.6 2.6.30-3 (high; bug #537409) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29) NOTE: http://seclists.org/fulldisclosure/2009/Jul/0241.html -CVE-2009-1896 (The Java Web Start framework in IcedTea in OpenJDK before ...) +CVE-2009-1896 - openjdk-6 6b16-1.6-1 (bug #542210) -CVE-2009-1895 (The personality subsystem in the Linux kernel before 2.6.31-rc3 has a ...) +CVE-2009-1895 {DSA-1845-1 DSA-1844-1} - linux-2.6 2.6.30-3 (low) [etch] - linux-2.6 <not-affected> (mmap_min_addr first indroduced in 2.6.23) - linux-2.6.24 <removed> -CVE-2009-1894 (Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local ...) +CVE-2009-1894 {DSA-1838-1} - pulseaudio 0.9.15-4.1 (high; bug #537351) [etch] - pulseaudio <not-affected> (vulnerable code not present) -CVE-2009-1893 (The configtest function in the Red Hat dhcpd init script for DHCP ...) +CVE-2009-1893 NOT-FOR-US: Red Hat dhcpd init script for DHCP -CVE-2009-1892 (dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and ...) +CVE-2009-1892 {DSA-1833-2} - isc-dhcp 3.1.2p1-2 (low; bug #539492) - dhcp3 3.1.2p1-2 (low; bug #549584) [etch] - dhcp3 <not-affected> (problematic assert is not present) [lenny] - dhcp3 3.1.1-6+lenny2 -CVE-2009-1891 (The mod_deflate module in Apache httpd 2.2.11 and earlier compresses ...) +CVE-2009-1891 {DSA-1834-1} - apache2 2.2.11-7 (medium; bug #534712) -CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy ...) +CVE-2009-1890 {DSA-1834-1} - apache2 2.2.11-7 (medium; bug #536718) [etch] - apache2 <not-affected> (bug introduced in 2.2.5) [lenny] - apache2 2.2.9-10+lenny4 -CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets ...) +CVE-2009-1889 - pidgin 2.5.8-1 (low; bug #535790) [lenny] - pidgin <no-dsa> (Minor issue) NOTE: http://developer.pidgin.im/ticket/9483 NOTE: http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7 -CVE-2009-1888 (The acl_group_override function in smbd/posix_acls.c in smbd in Samba ...) +CVE-2009-1888 {DSA-1823-1} - samba 2:3.3.6-1 (low) [etch] - samba <not-affected> (Vulnerable code not present) NOTE: Successful exploitation requires that "dos filemode" is set to "yes" in smb.conf. -CVE-2009-1887 (agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise ...) +CVE-2009-1887 - net-snmp <not-affected> (Vulnerable code not present) NOTE: Red Hat incorrect fix for CVE-2008-4309. Checked code in oldstable and stable. -CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in smbclient ...) +CVE-2009-1886 {DSA-1823-1} - samba 2:3.3.6-1 [etch] - samba <not-affected> (Vulnerable code not present) NOTE: Only the 3.2.x branch was affected, so marking 3.3 as affected -CVE-2009-1885 (Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in ...) +CVE-2009-1885 - xerces-c 3.0.1-2 (low; bug #540297) [etch] - xerces-c <no-dsa> (Minor issue) [lenny] - xerces-c <no-dsa> (Minor issue) @@ -8604,21 +8604,21 @@ CVE-2009-1885 (Stack consumption vulnerability in validators/DTD/DTDScanner.cpp [lenny] - xerces-c2 2.8.0-3+lenny1 - xerces27 <removed> [etch] - xerces27 <no-dsa> (Minor issue) -CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the ...) +CVE-2009-1884 - libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777) [lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1 -CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in the ...) +CVE-2009-1883 {DSA-1929-1} - linux-2.6 2.6.19-1 - linux-2.6.24 <not-affected> (problem was fixed before first upload, 2.6.19) NOTE: See Solar Designer's posting to oss-security -CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in ...) +CVE-2009-1882 {DSA-1903-1 DSA-1858-1} - imagemagick 7:6.5.1.0-1.1 (medium; bug #530838) - graphicsmagick 1.3.5-5.1 (medium; bug #530946) -CVE-2009-1881 (Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows ...) +CVE-2009-1881 NOT-FOR-US: MT312 -CVE-2009-1880 (Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows ...) +CVE-2009-1880 NOT-FOR-US: MT312 CVE-2009-XXXX [OCS Inventory NG SQL Injection Vulnerability] - ocsinventory-server 1.02.1-1 (unimportant; bug #531735) @@ -8626,216 +8626,216 @@ CVE-2009-XXXX [OCS Inventory NG SQL Injection Vulnerability] NOTE: can be exploited only if magic_quotes is off CVE-2009-3870 REJECTED -CVE-2009-1879 (Cross-site scripting (XSS) vulnerability in index.template.html in the ...) +CVE-2009-1879 NOT-FOR-US: Adobe Flex -CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier ...) +CVE-2009-1878 NOT-FOR-US: Adobe ColdFusion -CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and ...) +CVE-2009-1877 NOT-FOR-US: Adobe ColdFusion -CVE-2009-1876 (Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain ...) +CVE-2009-1876 NOT-FOR-US: Adobe ColdFusion -CVE-2009-1875 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ...) +CVE-2009-1875 NOT-FOR-US: Adobe ColdFusion -CVE-2009-1874 (Multiple cross-site scripting (XSS) vulnerabilities in the Management ...) +CVE-2009-1874 NOT-FOR-US: Adobe JRun -CVE-2009-1873 (Directory traversal vulnerability in logging/logviewer.jsp in the ...) +CVE-2009-1873 NOT-FOR-US: Adobe JRun -CVE-2009-1872 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ...) +CVE-2009-1872 NOT-FOR-US: Adobe ColdFusion Server CVE-2009-1871 REJECTED -CVE-2009-1870 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...) +CVE-2009-1870 NOT-FOR-US: Adobe Flash Player -CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile ...) +CVE-2009-1869 NOT-FOR-US: Adobe Flash Player -CVE-2009-1868 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...) +CVE-2009-1868 NOT-FOR-US: Adobe Flash Player -CVE-2009-1867 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...) +CVE-2009-1867 NOT-FOR-US: Adobe Flash Player -CVE-2009-1866 (Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...) +CVE-2009-1866 NOT-FOR-US: Adobe Flash Player -CVE-2009-1865 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...) +CVE-2009-1865 NOT-FOR-US: Adobe Flash Player -CVE-2009-1864 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...) +CVE-2009-1864 NOT-FOR-US: Adobe Flash Player -CVE-2009-1863 (Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and ...) +CVE-2009-1863 NOT-FOR-US: Adobe Flash Player -CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x through ...) +CVE-2009-1862 NOT-FOR-US: Adobe Flash Player -CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 ...) +CVE-2009-1861 NOT-FOR-US: Adobe Reader -CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 ...) +CVE-2009-1860 NOT-FOR-US: Adobe Shockwave Player -CVE-2009-1859 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat ...) +CVE-2009-1859 NOT-FOR-US: Adobe Reader -CVE-2009-1858 (The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe ...) +CVE-2009-1858 NOT-FOR-US: Adobe Reader -CVE-2009-1857 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat ...) +CVE-2009-1857 NOT-FOR-US: Adobe Reader -CVE-2009-1856 (Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe ...) +CVE-2009-1856 NOT-FOR-US: Adobe Reader -CVE-2009-1855 (Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before ...) +CVE-2009-1855 NOT-FOR-US: Adobe Reader -CVE-2009-1854 (Million Dollar Text Links 1.0 allows remote attackers to bypass ...) +CVE-2009-1854 NOT-FOR-US: Million Dollar Text Links -CVE-2009-1853 (Multiple SQL injection vulnerabilities in index.php in Kensei Board ...) +CVE-2009-1853 NOT-FOR-US: Kensei Board -CVE-2009-1852 (Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow ...) +CVE-2009-1852 NOT-FOR-US: Graphiks MyForum -CVE-2009-1851 (SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and ...) +CVE-2009-1851 NOT-FOR-US: phpBugTracker -CVE-2009-1850 (SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows ...) +CVE-2009-1850 NOT-FOR-US: phpBugTracker -CVE-2009-1849 (Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth ...) +CVE-2009-1849 NOT-FOR-US: PRTG Traffic Grapher -CVE-2009-1848 (SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or ...) +CVE-2009-1848 NOT-FOR-US: JoomlaMe -CVE-2009-1847 (Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 ...) +CVE-2009-1847 NOT-FOR-US: Easy PX 41 CMS -CVE-2009-1846 (Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 ...) +CVE-2009-1846 NOT-FOR-US: SiteX -CVE-2009-1845 (Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in ...) +CVE-2009-1845 NOT-FOR-US: Lussumo Vanilla -CVE-2009-1844 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...) +CVE-2009-1844 {DSA-1808-1} - drupal5 5.17-1.1 (low; bug #529191) - drupal6 6.11-1.1 (low; bug #529190; bug #531386) -CVE-2009-1843 (Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow ...) +CVE-2009-1843 NOT-FOR-US: Flash Quiz -CVE-2009-1842 (SQL injection vulnerability in main/tracking/userLog.php in Francisco ...) +CVE-2009-1842 NOT-FOR-US: PHP-Nuke -CVE-2009-1957 (charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 ...) +CVE-2009-1957 {DSA-1899-1} - strongswan 4.2.14-1.1 (medium; bug #531612) [etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3) -CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in strongSWAN ...) +CVE-2009-1958 {DSA-1899-1} - strongswan 4.2.14-1.1 (medium; bug #531612) [etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3) -CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before ...) +CVE-2009-1841 {DSA-1830-1 DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 -CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...) +CVE-2009-1840 {DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...) +CVE-2009-1839 {DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before ...) +CVE-2009-1838 {DSA-1830-1 DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 -CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...) +CVE-2009-1837 {DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <not-affected> (Doesn't affect Gecko 1.8) -CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...) +CVE-2009-1836 {DSA-1830-1 DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 -CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate ...) +CVE-2009-1835 {DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...) +CVE-2009-1834 {DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird ...) +CVE-2009-1833 {DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...) +CVE-2009-1832 {DSA-1830-1 DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 -CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of ...) +CVE-2009-1828 - xulrunner <unfixed> (unimportant) NOTE: Browser crashes not treated as security issues -CVE-2009-1827 (The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to ...) +CVE-2009-1827 - xulrunner <unfixed> (unimportant) NOTE: Browser crashes not treated as security issues -CVE-2009-1831 (The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft ...) +CVE-2009-1831 NOT-FOR-US: Nullsoft Winamp -CVE-2009-1830 (Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote ...) +CVE-2009-1830 NOT-FOR-US: Soulseek -CVE-2009-1826 (modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require ...) +CVE-2009-1826 NOT-FOR-US: myGesuad -CVE-2009-1825 (modules/admuser.php in myColex 1.4.2 does not require administrative ...) +CVE-2009-1825 NOT-FOR-US: myColex -CVE-2009-1824 (The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus ...) +CVE-2009-1824 NOT-FOR-US: ArcaBit ArcaVir -CVE-2009-1823 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...) +CVE-2009-1823 NOT-FOR-US: 3rd party Printer, e-mail and PDF module for Drupal -CVE-2009-1822 (Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ...) +CVE-2009-1822 NOT-FOR-US: Joomla! -CVE-2009-1821 (DMXReady Registration Manager 1.1 stores sensitive information under ...) +CVE-2009-1821 NOT-FOR-US: DMXReady Registration Manager -CVE-2009-1820 (Cross-site scripting (XSS) vulnerability in product.php in 2daybiz ...) +CVE-2009-1820 NOT-FOR-US: 2daybiz Custom T-shirt Design Script -CVE-2009-1819 (SQL injection vulnerability in product.php in 2daybiz Custom T-shirt ...) +CVE-2009-1819 NOT-FOR-US: 2daybiz Custom T-shirt Design Script -CVE-2009-1818 (SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 ...) +CVE-2009-1818 NOT-FOR-US: MaxCMS -CVE-2009-1817 (Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote ...) +CVE-2009-1817 NOT-FOR-US: DigiMode Maya -CVE-2009-1816 (SQL injection vulnerability in admin.php in My Game Script 2.0 allows ...) +CVE-2009-1816 NOT-FOR-US: My Game Script -CVE-2009-1815 (Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b ...) +CVE-2009-1815 NOT-FOR-US: Sonic Spot Audioactive Player -CVE-2009-1814 (SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier ...) +CVE-2009-1814 NOT-FOR-US: PHPenpals -CVE-2009-1813 (Multiple SQL injection vulnerabilities in admin/index.php in Submitter ...) +CVE-2009-1813 NOT-FOR-US: Submitter Script -CVE-2009-1812 (Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) ...) +CVE-2009-1812 NOT-FOR-US: myGesuad -CVE-2009-1811 (Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 ...) +CVE-2009-1811 NOT-FOR-US: myGesuad -CVE-2009-1810 (Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote ...) +CVE-2009-1810 NOT-FOR-US: myColex -CVE-2009-1809 (Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 ...) +CVE-2009-1809 NOT-FOR-US: myColex -CVE-2009-1829 (Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 ...) +CVE-2009-1829 {DSA-1942-1} - wireshark 1.0.8-1 (low; bug #533347) [lenny] - wireshark 1.0.2-3+lenny6 [etch] - wireshark <no-dsa> (Minor issue) -CVE-2009-1808 (Microsoft Windows XP SP3 allows local users to cause a denial of ...) +CVE-2009-1808 NOT-FOR-US: Microsoft -CVE-2009-1807 (Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 ...) +CVE-2009-1807 NOT-FOR-US: Baofeng -CVE-2009-1806 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 ...) +CVE-2009-1806 NOT-FOR-US: IBM Hardware Management Console -CVE-2009-1805 (Unspecified vulnerability in the VMware Descheduled Time Accounting ...) +CVE-2009-1805 NOT-FOR-US: VMware (experimental feature anyway) -CVE-2009-1804 (Multiple SQL injection vulnerabilities in admin/index.php in ...) +CVE-2009-1804 NOT-FOR-US: videoscript -CVE-2009-1803 (FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, ...) +CVE-2009-1803 NOT-FOR-US: FreePBX -CVE-2009-1802 (Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX ...) +CVE-2009-1802 NOT-FOR-US: FreePBX -CVE-2009-1801 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, ...) +CVE-2009-1801 NOT-FOR-US: FreePBX -CVE-2009-1800 (Stack-based buffer overflow in the Chinagames CGAgent ActiveX control ...) +CVE-2009-1800 NOT-FOR-US: Chinagames -CVE-2009-1799 (Multiple SQL injection vulnerabilities in the getGalleryImage function ...) +CVE-2009-1799 NOT-FOR-US: ST-Gallery -CVE-2009-1798 (Multiple cross-site scripting (XSS) vulnerabilities on the Network ...) +CVE-2009-1798 NOT-FOR-US: APC -CVE-2009-1797 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) +CVE-2009-1797 NOT-FOR-US: APC -CVE-2009-1796 (Cross-site scripting (XSS) vulnerability in Sun Java System Portal ...) +CVE-2009-1796 NOT-FOR-US: Sun Java System Portal Server CVE-2009-1795 RESERVED @@ -8843,140 +8843,140 @@ CVE-2009-1794 RESERVED CVE-2009-1793 RESERVED -CVE-2009-1792 (The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka ...) +CVE-2009-1792 NOT-FOR-US: StoneTrip Ston3D StandalonePlayer -CVE-2009-1790 (Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before ...) +CVE-2009-1790 NOT-FOR-US: CGI Rescue Trees -CVE-2009-1787 (Multiple SQL injection vulnerabilities in PHP Dir Submit (aka ...) +CVE-2009-1787 NOT-FOR-US: PHP Dir Submit -CVE-2009-1786 (The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users ...) +CVE-2009-1786 NOT-FOR-US: IBM AIX libc -CVE-2009-1785 (Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop ...) +CVE-2009-1785 NOT-FOR-US: Ulteo Open Virtual Desktop -CVE-2009-1784 (The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus ...) +CVE-2009-1784 NOT-FOR-US: AVG anti-virus -CVE-2009-1783 (Multiple FRISK Software F-Prot anti-virus products, including ...) +CVE-2009-1783 NOT-FOR-US: FRISK Software F-Prot anti-virus -CVE-2009-1782 (Multiple F-Secure anti-virus products, including Anti-Virus for ...) +CVE-2009-1782 NOT-FOR-US: F-Secure anti-virus -CVE-2009-1781 (Static code injection vulnerability in admin.php in Frax.dk Php ...) +CVE-2009-1781 NOT-FOR-US: Frax.dk Php Recommend -CVE-2009-1780 (admin.php in Frax.dk Php Recommend 1.3 and earlier does not require ...) +CVE-2009-1780 NOT-FOR-US: Frax.dk Php Recommend -CVE-2009-1779 (PHP remote file inclusion vulnerability in admin.php in Frax.dk Php ...) +CVE-2009-1779 NOT-FOR-US: Frax.dk Php Recommend -CVE-2009-1778 (SQL injection vulnerability in the new user registration feature in ...) +CVE-2009-1778 NOT-FOR-US: BigACE CMS -CVE-2009-1777 (CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail ...) +CVE-2009-1777 NOT-FOR-US: Matt Wright FormMail -CVE-2009-1776 (Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in ...) +CVE-2009-1776 NOT-FOR-US: Matt Wright FormMail -CVE-2009-1775 (Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open ...) +CVE-2009-1775 NOT-FOR-US: Ulteo Open Virtual Desktop -CVE-2009-1774 (Directory traversal vulnerability in plugins/ddb/foot.php in ...) +CVE-2009-1774 NOT-FOR-US: Strawberry -CVE-2009-1773 (activeCollab 2.1 Corporate allows remote attackers to obtain sensitive ...) +CVE-2009-1773 NOT-FOR-US: activeCollab -CVE-2009-1772 (Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate ...) +CVE-2009-1772 NOT-FOR-US: activeCollab -CVE-2009-1771 (index.php in Flyspeck CMS 6.8 does not require administrative ...) +CVE-2009-1771 NOT-FOR-US: Flyspeck CMS -CVE-2009-1770 (Directory traversal vulnerability in ...) +CVE-2009-1770 NOT-FOR-US: Flyspeck CMS -CVE-2009-1769 (The web interface in Open Computer and Software Inventory Next ...) +CVE-2009-1769 - ocsinventory-server 1.02.1-1 (unimportant; bug #529344) NOTE: README.Debian states Important: access to the reports server should be restricted -CVE-2009-1768 (Directory traversal vulnerability in download.php in Rama Zaiten CMS ...) +CVE-2009-1768 NOT-FOR-US: Rama Zaiten CMS -CVE-2009-1767 (admin/edituser.php in 2daybiz Template Monster Clone does not require ...) +CVE-2009-1767 NOT-FOR-US: 2daybiz Template Monster Clone -CVE-2009-1766 (SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows ...) +CVE-2009-1766 NOT-FOR-US: LightOpenCMS -CVE-2009-1765 (Multiple directory traversal vulnerabilities in pluck 4.6.2, when ...) +CVE-2009-1765 NOT-FOR-US: pluck CMS -CVE-2009-1764 (SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows ...) +CVE-2009-1764 NOT-FOR-US: MaxCMS -CVE-2009-1763 (Unspecified vulnerability in the Solaris Secure Digital slot driver ...) +CVE-2009-1763 NOT-FOR-US: Solaris -CVE-2009-1762 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...) +CVE-2009-1762 NOT-FOR-US: Novell GroupWise CVE-2009-XXXX [radare-common insecure temp files handling] - radare 1.4-1 (low) -CVE-2009-1761 (The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for ...) +CVE-2009-1761 NOT-FOR-US: CA ARCserve Backup -CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar ...) +CVE-2009-1760 {DSA-1815-1} - libtorrent-rasterbar 0.14.4-1 (medium) -CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function ...) +CVE-2009-1759 {DSA-1817-1} - ctorrent 1.3.4-dnh3.2-1.1 (medium; bug #530255) -CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as ...) +CVE-2009-1758 {DSA-1809-1} - linux-2.6 2.6.28-1 (low; bug #536148) - linux-2.6.24 <removed> -CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 ...) +CVE-2009-1757 - transmission 1.61-1 (low) [lenny] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30) [etch] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30) -CVE-2009-1754 (The PackageManagerService class in ...) +CVE-2009-1754 NOT-FOR-US: Android -CVE-2009-1752 (exJune Office Message System 1 does not properly restrict access to ...) +CVE-2009-1752 NOT-FOR-US: exJune Office Message System -CVE-2009-1751 (SQL injection vulnerability in list_list.php in Realty Webware ...) +CVE-2009-1751 NOT-FOR-US: Realty Web-Base -CVE-2009-1750 (Unrestricted file upload vulnerability in VidSharePro allows remote ...) +CVE-2009-1750 NOT-FOR-US: VidSharePro -CVE-2009-1749 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-1749 NOT-FOR-US: Catviz -CVE-2009-1748 (Multiple directory traversal vulnerabilities in index.php in Catviz ...) +CVE-2009-1748 NOT-FOR-US: Catviz -CVE-2009-1747 (SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 ...) +CVE-2009-1747 NOT-FOR-US: bSpeak -CVE-2009-1746 (SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 ...) +CVE-2009-1746 NOT-FOR-US: Dian Gemilang DGNews -CVE-2009-1745 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...) +CVE-2009-1745 NOT-FOR-US: Armorlogic Profense Web Application Firewall -CVE-2009-1744 (InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in ...) +CVE-2009-1744 NOT-FOR-US: Pinnacle -CVE-2009-1743 (Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in ...) +CVE-2009-1743 NOT-FOR-US: Pinnacle -CVE-2009-1742 (code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for ...) +CVE-2009-1742 NOT-FOR-US: PC4Arb Pc4 Uploader -CVE-2009-1741 (Multiple SQL injection vulnerabilities in login.php in DM FileManager ...) +CVE-2009-1741 NOT-FOR-US: DM FileManager -CVE-2009-1740 (Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ...) +CVE-2009-1740 NOT-FOR-US: D-Link MPEG4 Viewer -CVE-2009-1739 (PAD Site Scripts 3.6 allows remote attackers to bypass authentication ...) +CVE-2009-1739 NOT-FOR-US: PAD Site Scripts -CVE-2009-1738 (Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before ...) +CVE-2009-1738 NOT-FOR-US: Feed Block -CVE-2009-1737 (Directory traversal vulnerability in bom.php in MyPic 2.1 allows ...) +CVE-2009-1737 NOT-FOR-US: MyPic -CVE-2009-1736 (SQL injection vulnerability in the GridSupport (GS) Ticket System ...) +CVE-2009-1736 NOT-FOR-US: GridSupport component for Joomla -CVE-2009-1735 (Cross-site scripting (XSS) vulnerability in search.php in VidSharePro ...) +CVE-2009-1735 NOT-FOR-US: VidSharePro -CVE-2009-1734 (SQL injection vulnerability in listing_video.php in VidSharePro allows ...) +CVE-2009-1734 NOT-FOR-US: VidSharePro -CVE-2009-1733 (Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows ...) +CVE-2009-1733 - ipplan 4.91a-1.1 (unimportant; bug #530271) NOTE: Only exploitable with admin rights -CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in ...) +CVE-2009-1732 {DSA-1827-1} - ipplan 4.91a-1.1 (low; bug #530271) -CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows ...) +CVE-2009-1731 NOT-FOR-US: MLFFAT -CVE-2009-1730 (Multiple directory traversal vulnerabilities in NetMechanica ...) +CVE-2009-1730 NOT-FOR-US: NetDecision TFTP Server -CVE-2009-1729 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) +CVE-2009-1729 NOT-FOR-US: Sun Java System Communications Express -CVE-2009-1728 (Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before ...) +CVE-2009-1728 NOT-FOR-US: Image RAW in Apple Mac OS X -CVE-2009-1727 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 ...) +CVE-2009-1727 NOT-FOR-US: CoreTypes in Apple Mac OS X -CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and ...) +CVE-2009-1726 NOT-FOR-US: ColorSync in Apple Mac OS X -CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, ...) +CVE-2009-1725 {DSA-1988-1 DSA-1950-1} - webkit 1.1.13-1 (medium; bug #538346) - qt4-x11 4:4.5.2-2 (medium; bug #538347) @@ -8986,7 +8986,7 @@ CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, as used on iPhone OS before NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=513813#c18 NOTE: patch http://trac.webkit.org/changeset/44799/ NOTE: PoC http://web.archive.org/web/20110813092643/https://cevans-app.appspot.com/static/webkitentityoffbyone.html -CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2009-1724 - qt4-x11 <not-affected> (bug #538403) [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4) - webkit 1.1.13-1 (low; bug #538402) @@ -8994,20 +8994,20 @@ CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safar - kdelibs <unfixed> (unimportant) - kde4libs <unfixed> (unimportant) NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/ -CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...) +CVE-2009-1723 NOT-FOR-US: CFNetwork in Apple Mac OS X -CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in ...) +CVE-2009-1722 {DSA-1842-1} - openexr 1.6.1-1 (medium; bug #540424) -CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress function in ...) +CVE-2009-1721 {DSA-1842-1} - openexr 1.6.1-4.1 (medium; bug #540424) -CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow ...) +CVE-2009-1720 {DSA-1842-1} - openexr 1.6.1-4.1 (medium; bug #540424) -CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X ...) +CVE-2009-1719 NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X -CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote ...) +CVE-2009-1718 - webkit 1.1.12-1 (medium; bug #535793) [lenny] - webkit <no-dsa> (Minor issue) - kdelibs <unfixed> (unimportant) @@ -9016,11 +9016,11 @@ CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote ... [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/44010 -CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...) +CVE-2009-1717 NOT-FOR-US: Mac OS X -CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...) +CVE-2009-1716 NOT-FOR-US: CFNetwork in Apple -CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...) +CVE-2009-1715 - webkit 1.0.1-4 (medium; bug #535793) - kdelibs <not-affected> - kde4libs <not-affected> @@ -9028,7 +9028,7 @@ CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebK [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/31890 -CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...) +CVE-2009-1714 {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - kdelibs <not-affected> @@ -9036,7 +9036,7 @@ CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebK - qt4-x11 4:4.6.3-1 (low) [lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit ) NOTE: http://trac.webkit.org/changeset/36359 -CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not ...) +CVE-2009-1713 {DSA-1988-1} - webkit 1.0.1-4 (medium; bug #535793) - kdelibs <not-affected> @@ -9044,7 +9044,7 @@ CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does - qt4-x11 4:4.5.2-2 [etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4) NOTE: http://trac.webkit.org/changeset/34533 -CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote loading of ...) +CVE-2009-1712 {DSA-1988-1 DSA-1950-1} - webkit 1.1.12-1 (medium; bug #535793) - kdelibs <not-affected> @@ -9052,7 +9052,7 @@ CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote loading - qt4-x11 4:4.5.2-2 [etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4) NOTE: http://trac.webkit.org/changeset/41568 -CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize memory ...) +CVE-2009-1711 {DSA-1988-1 DSA-1950-1} - webkit 1.1.12-1 (medium; bug #535793) NOTE: http://trac.webkit.org/changeset/36918 @@ -9060,7 +9060,7 @@ CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize me - kde4libs <not-affected> - qt4-x11 4:4.5.2-1 [etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4) -CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...) +CVE-2009-1710 {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - kdelibs <not-affected> @@ -9069,7 +9069,7 @@ CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoo [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/35157 -CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...) +CVE-2009-1709 {DSA-1866-1} - webkit 0~svn32442-1 NOTE: fixed in upstream commit http://trac.webkit.org/changeset/32230 @@ -9077,17 +9077,17 @@ CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementa - kde4libs <not-affected> (Vulnerable code not present) - kdegraphics 4:4.0 (medium; bug #534951) NOTE: kdegraphics >4.0 not affected since ksvg is only in 3.5.x series) -CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the open-help-anchor ...) +CVE-2009-1708 NOT-FOR-US: Apple Safari -CVE-2009-1707 (Race condition in the Reset Safari implementation in Apple Safari ...) +CVE-2009-1707 NOT-FOR-US: Apple Safari -CVE-2009-1706 (The Private Browsing feature in Apple Safari before 4.0 on Windows ...) +CVE-2009-1706 NOT-FOR-US: Apple Safari -CVE-2009-1705 (CoreGraphics in Apple Safari before 4.0 on Windows does not properly ...) +CVE-2009-1705 NOT-FOR-US: Apple Safari -CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded image ...) +CVE-2009-1704 NOT-FOR-US: Apple Safari -CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to file: ...) +CVE-2009-1703 - webkit 1.1.12-1 (low; bug #535793) [lenny] - webkit <no-dsa> (Minor issue) - kdelibs <not-affected> @@ -9096,7 +9096,7 @@ CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against [lenny] - qt4-x11 <not-affected> (HTML video support introduced in version 4.5) NOTE: http://trac.webkit.org/changeset/42533 -CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2009-1702 - webkit 1.1.12-1 (low; bug #535793) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - kdelibs <not-affected> @@ -9105,7 +9105,7 @@ CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safar [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/42216 -CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...) +CVE-2009-1701 - webkit 1.1.12-1 (medium; bug #535793) [lenny] - webkit <no-dsa> (Unmaintained, only affects fringe apps) - kdelibs <not-affected> @@ -9114,7 +9114,7 @@ CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: invasive patch to backport. NOTE: http://trac.webkit.org/changeset/40881 -CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone ...) +CVE-2009-1700 - webkit 1.1.12-1 (low; bug #535793) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - kdelibs <not-affected> @@ -9123,14 +9123,14 @@ CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPh [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/38065 -CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...) +CVE-2009-1699 {DSA-1988-1} - webkit 1.0.1-4 (medium; bug #535793) - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 4:4.5.2-2 [etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4) -CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) +CVE-2009-1698 {DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1} - webkit 1.1.5-1 (medium; bug #534946) NOTE: http://trac.webkit.org/changeset/42081 @@ -9138,7 +9138,7 @@ CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, a [etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4) - kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534949) - kde4libs 4:4.3.0-1 (medium) -CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, ...) +CVE-2009-1697 {DSA-1950-1} - webkit 1.1.15.2-1 (medium; bug #535793) - kdelibs <not-affected> @@ -9147,7 +9147,7 @@ CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0 [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/41262 -CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) +CVE-2009-1696 - webkit 1.1.12-1 (medium; bug #535793) [lenny] - webkit <not-affected> (Vulnerable code not present) - kdelibs <not-affected> @@ -9157,7 +9157,7 @@ CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, a NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/39510 NOTE: http://trac.webkit.org/changeset/39553 -CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2009-1695 {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - kdelibs <not-affected> @@ -9166,7 +9166,7 @@ CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safar [lenny] - qt4-x11 <not-affected> (Vulnerable code not present) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/42223 -CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) +CVE-2009-1694 {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - kdelibs <not-affected> @@ -9175,7 +9175,7 @@ CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, a [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/35935 -CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) +CVE-2009-1693 {DSA-1950-1} - webkit 1.1.12-1 (medium; bug #535793) - kdelibs <not-affected> @@ -9184,7 +9184,7 @@ CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, a NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against [lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit ) NOTE: http://trac.webkit.org/changeset/35928 -CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...) +CVE-2009-1692 {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - kdelibs <unfixed> (unimportant) @@ -9193,7 +9193,7 @@ CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2. NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319 NOTE: http://trac.webkit.org/changeset/41741 -CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2009-1691 - webkit 1.1.12-1 (medium; bug #535793) [lenny] - webkit <not-affected> (Vulnerable code not present) NOTE: http://trac.webkit.org/changeset/32791 @@ -9201,7 +9201,7 @@ CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safar - kde4libs <not-affected> - qt4-x11 4.4.3-1 NOTE: QT4 might be fixed earlier, but only Lenny version was checked -CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...) +CVE-2009-1690 {DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1} - webkit 1.1.5-1 (medium; bug #534946) NOTE: http://trac.webkit.org/changeset/42532 @@ -9210,7 +9210,7 @@ CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari b NOTE: http://websvn.kde.org/?view=rev&revision=983316 - qt4-x11 4:4.5.2-1 (medium; bug #534947) [etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4) -CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2009-1689 - webkit 1.1.12-1 (low; bug #535793) [lenny] - webkit <not-affected> (Vulnerable code not present) - kdelibs <not-affected> @@ -9218,7 +9218,7 @@ CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safar - qt4-x11 4.4.3-1 NOTE: QT4 might be fixed earlier, but only Lenny version was checked NOTE: http://trac.webkit.org/changeset/32791 -CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2009-1688 - webkit 1.1.12-1 (low; bug #535793) [lenny] - webkit <not-affected> (Vulnerable code not present) - kdelibs <not-affected> @@ -9226,7 +9226,7 @@ CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safar - qt4-x11 4.4.3-1 NOTE: QT4 might be fixed earlier, but only Lenny version was checked NOTE: http://trac.webkit.org/changeset/32791 -CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...) +CVE-2009-1687 {DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1} - webkit 1.1.5-1 (medium; bug #534946) - kdelibs 4:3.5.10.dfsg.1-2.1 (bug #534952) @@ -9234,7 +9234,7 @@ CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before NOTE: http://trac.webkit.org/changeset/41854 - qt4-x11 4:4.5.2-1 (medium; bug #534946) [etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4) -CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) +CVE-2009-1686 - webkit 1.1.12-1 (medium; bug #535793) [lenny] - webkit <not-affected> (Vulnerable code not present) - kdelibs <not-affected> @@ -9243,14 +9243,14 @@ CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, a [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/31431 -CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2009-1685 - webkit 1.0.1-4 (bug #535793) - kdelibs <not-affected> - qt4-x11 4:4.6.2-4 (low) [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/34574 -CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2009-1684 {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - kdelibs <not-affected> @@ -9259,11 +9259,11 @@ CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safar [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/42365 -CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and ...) +CVE-2009-1683 NOT-FOR-US: iPhone -CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended ...) +CVE-2009-1682 NOT-FOR-US: Apple Safari -CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) +CVE-2009-1681 {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - kdelibs <not-affected> @@ -9272,333 +9272,333 @@ CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, a [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected NOTE: http://trac.webkit.org/changeset/42333 -CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...) +CVE-2009-1680 NOT-FOR-US: Safari in Apple iPhone OS -CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...) +CVE-2009-1679 NOT-FOR-US: iPhone -CVE-2009-1756 (SLiM Simple Login Manager 1.3.0 places the X authority magic cookie ...) +CVE-2009-1756 - slim 1.3.1-2 (low; bug #529306) [lenny] - slim 1.3.0-1+lenny2 -CVE-2009-1755 (Off-by-one error in the packet_read_query_section function in packet.c ...) +CVE-2009-1755 {DSA-1803-1} - nsd3 3.2.2-1 (medium; bug #529418) - nsd 2.3.7-3 (medium; bug #529420) NOTE: VU#710316 -CVE-2009-1753 (Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a ...) +CVE-2009-1753 - coccinelle 0.1.7.deb-3 (low) -CVE-2009-1678 (Directory traversal vulnerability in the saveFeed function in ...) +CVE-2009-1678 NOT-FOR-US: Bitweaver -CVE-2009-1677 (Multiple static code injection vulnerabilities in the saveFeed ...) +CVE-2009-1677 NOT-FOR-US: Bitweaver CVE-2009-1676 REJECTED -CVE-2009-1675 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows ...) +CVE-2009-1675 NOT-FOR-US: ElectraSoft 32bit FTP -CVE-2009-1674 (Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows ...) +CVE-2009-1674 NOT-FOR-US: Microchip MPLAB IDE -CVE-2009-1673 (The kernel in Sun Solaris 9 allows local users to cause a denial of ...) +CVE-2009-1673 NOT-FOR-US: SunOS -CVE-2009-1672 (The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in ...) +CVE-2009-1672 NOT-FOR-US: ActiveX -CVE-2009-1671 (Multiple buffer overflows in the Deployment Toolkit ActiveX control in ...) +CVE-2009-1671 NOT-FOR-US: ActiveX -CVE-2009-1670 (user/index.php in TCPDB 3.8 does not require administrative ...) +CVE-2009-1670 NOT-FOR-US: TCPDB -CVE-2009-1669 (The smarty_function_math function in libs/plugins/function.math.php in ...) +CVE-2009-1669 {DSA-1919-1} - smarty 2.6.26-0.1 (low; bug #529810) [etch] - smarty <not-affected> (Vulnerable code not present) [lenny] - smarty <no-dsa> (Minor issue) -CVE-2009-1668 (TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of ...) +CVE-2009-1668 NOT-FOR-US: TYPSoft -CVE-2009-1667 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows ...) +CVE-2009-1667 NOT-FOR-US: CastRipper -CVE-2009-1666 (Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite ...) +CVE-2009-1666 NOT-FOR-US: CycloMedia CycloScopeLite -CVE-2009-1665 (myaccount.php in Easy Scripts Answer and Question Script allows remote ...) +CVE-2009-1665 NOT-FOR-US: Easy Scripts Answer and Question Script -CVE-2009-1664 (myaccount.php in Easy Scripts Answer and Question Script does not ...) +CVE-2009-1664 NOT-FOR-US: Easy Scripts Answer and Question Script -CVE-2009-1663 (Unrestricted file upload vulnerability in myaccount.php in Easy ...) +CVE-2009-1663 NOT-FOR-US: Easy Scripts Answer and Question Script -CVE-2009-1662 (Multiple SQL injection vulnerabilities in admin/login.php in Wright ...) +CVE-2009-1662 NOT-FOR-US: Wright Way Services Recipe Script -CVE-2009-1661 (SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when ...) +CVE-2009-1661 NOT-FOR-US: uTopic -CVE-2009-1660 (Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows ...) +CVE-2009-1660 NOT-FOR-US: ViPlay3 -CVE-2009-1659 (Unrestricted file upload vulnerability in admin/uploadimage.php in ...) +CVE-2009-1659 NOT-FOR-US: eLitius -CVE-2009-1658 (Multiple SQL injection vulnerabilities in admin/admin.php in Realty ...) +CVE-2009-1658 NOT-FOR-US: Web-Base -CVE-2009-1657 (Multiple SQL injection vulnerabilities in the Starrating plugin before ...) +CVE-2009-1657 NOT-FOR-US: Starrating plugin for b2evolution -CVE-2009-1656 (Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and ...) +CVE-2009-1656 NOT-FOR-US: Xerox -CVE-2009-1655 (Multiple SQL injection vulnerabilities in myaccount.php in Easy ...) +CVE-2009-1655 NOT-FOR-US: Easy Scripts Answer and Question Script -CVE-2009-1654 (Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy ...) +CVE-2009-1654 NOT-FOR-US: Easy Scripts Answer and Question Script -CVE-2009-1653 (Directory traversal vulnerability in ...) +CVE-2009-1653 NOT-FOR-US: TinyButStrong -CVE-2009-1652 (admin/adminaddeditdetails.php in Business Community Script does not ...) +CVE-2009-1652 NOT-FOR-US: Business Community Script -CVE-2009-1651 (SQL injection vulnerability in admin/member_details.php in 2daybiz ...) +CVE-2009-1651 NOT-FOR-US: 2daybiz -CVE-2009-1650 (Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 ...) +CVE-2009-1650 NOT-FOR-US: Shutter -CVE-2009-1649 (Directory traversal vulnerability in arch.php in beLive 0.2.3 allows ...) +CVE-2009-1649 NOT-FOR-US: beLive -CVE-2009-1648 (The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise ...) +CVE-2009-1648 NOT-FOR-US: yast2-ldap-server on SUSE -CVE-2009-1647 (Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 ...) +CVE-2009-1647 NOT-FOR-US: Ultrafunk Popcorn -CVE-2009-1646 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...) +CVE-2009-1646 NOT-FOR-US: Mini-stream RM Downloader -CVE-2009-1645 (Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 ...) +CVE-2009-1645 NOT-FOR-US: Mini-stream Easy RM-MP Converter -CVE-2009-1644 (Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 ...) +CVE-2009-1644 NOT-FOR-US: Streaming Audio Player -CVE-2009-1643 (Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows ...) +CVE-2009-1643 NOT-FOR-US: Sorinara Soritong MP3 Player -CVE-2009-1642 (Multiple stack-based buffer overflows in Mini-stream ASX to MP3 ...) +CVE-2009-1642 NOT-FOR-US: Mini-stream ASX to MP3 Converter -CVE-2009-1641 (Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 ...) +CVE-2009-1641 NOT-FOR-US: Mini-stream Ripper -CVE-2009-1640 (Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery ...) +CVE-2009-1640 NOT-FOR-US: Nucleus Data Recovery Kernel Recovery -CVE-2009-1639 (Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery ...) +CVE-2009-1639 NOT-FOR-US: Nucleus Data Recovery Kernel Recovery -CVE-2009-1638 (Techno Dreams Job Career Package 3.0 allows remote attackers to bypass ...) +CVE-2009-1638 NOT-FOR-US: Techno Dreams Job Career Package -CVE-2009-1637 (profile.php in Simple Customer 1.3 does not require administrative ...) +CVE-2009-1637 NOT-FOR-US: Simple Customer -CVE-2009-1788 (Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 ...) +CVE-2009-1788 {DSA-1814-1 DTSA-202-1} - libsndfile 1.0.20-1 (low; bug #528650) -CVE-2009-1791 (Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 ...) +CVE-2009-1791 {DSA-1814-1 DTSA-202-1} - libsndfile 1.0.20-1 (low; bug #528650) -CVE-2009-1636 (Multiple buffer overflows in the Internet Agent (aka GWIA) component ...) +CVE-2009-1636 NOT-FOR-US: Novell GroupWise -CVE-2009-1635 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...) +CVE-2009-1635 NOT-FOR-US: Novell GroupWise -CVE-2009-1634 (The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and ...) +CVE-2009-1634 NOT-FOR-US: Novell GroupWise -CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel ...) +CVE-2009-1633 {DSA-1865-1 DSA-1844-1 DSA-1809-1} - linux-2.6 2.6.30-1 - linux-2.6.24 <removed> -CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote ...) +CVE-2009-1632 {DSA-1804-1} - ipsec-tools 1:0.7.1-1.5 (medium; bug #528933) -CVE-2009-1631 (The Mailer component in Evolution 2.26.1 and earlier uses ...) +CVE-2009-1631 - evolution 2.29.90-1 (unimportant; bug #526409) NOTE: Mostly a security enhancement, only for local users/mail and open homedirs -CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client ...) +CVE-2009-1630 {DSA-1865-1 DSA-1844-1 DSA-1809-1} - linux-2.6 2.6.30-1 - linux-2.6.24 <removed> -CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with ...) +CVE-2009-1629 {DSA-1994-1} - ajaxterm 0.10-5 (medium; bug #528938) -CVE-2009-1789 (mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and ...) +CVE-2009-1789 {DSA-1826-1} - eggdrop 1.6.19-1.2 (medium; bug #528778) CVE-2009-XXXX [cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked] - cron 3.0pl1-106 (low; bug #528434) [lenny] - cron <no-dsa> (Minor issue) [etch] - cron <no-dsa> (Minor issue) -CVE-2009-1628 (Stack-based buffer overflow in mnet.exe in Unisys Business Information ...) +CVE-2009-1628 NOT-FOR-US: Unisys Business Information Server -CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP) ...) +CVE-2009-1627 NOT-FOR-US: Streaming Download Project (SDP) -CVE-2009-1626 (SQL injection vulnerability in public/specific.php in EZ-Blog before ...) +CVE-2009-1626 NOT-FOR-US: EZ-Blog -CVE-2009-1625 (Directory traversal vulnerability in index.php in Thickbox Gallery 2 ...) +CVE-2009-1625 NOT-FOR-US: Thickbox Gallery 2 -CVE-2009-1624 (Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 ...) +CVE-2009-1624 NOT-FOR-US: Dew-NewPHPLinks 2.0 -CVE-2009-1623 (Cross-site scripting (XSS) vulnerability in index.php in ...) +CVE-2009-1623 NOT-FOR-US: Dew-NewPHPLinks 2.0 -CVE-2009-1622 (SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote ...) +CVE-2009-1622 NOT-FOR-US: EcShop 2.5.0 -CVE-2009-1621 (Directory traversal vulnerability in index.php in OpenCart 1.1.8 ...) +CVE-2009-1621 NOT-FOR-US: OpenCart -CVE-2009-1620 (Multiple cross-site scripting (XSS) vulnerabilities in input.php in ...) +CVE-2009-1620 NOT-FOR-US: MataChat -CVE-2009-1619 (Teraway FileStream 1.0 allows remote attackers to bypass ...) +CVE-2009-1619 NOT-FOR-US: Teraway FileStream -CVE-2009-1618 (Teraway LiveHelp 2.0 allows remote attackers to bypass authentication ...) +CVE-2009-1618 NOT-FOR-US: Teraway LiveHelp -CVE-2009-1617 (Teraway LinkTracker 1.0 allows remote attackers to bypass ...) +CVE-2009-1617 NOT-FOR-US: Teraway LinkTracker -CVE-2009-1616 (Cross-site scripting (XSS) vulnerability in docs/showdoc.php in ...) +CVE-2009-1616 NOT-FOR-US: Coppermine Photo Gallery -CVE-2009-1615 (Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote ...) +CVE-2009-1615 NOT-FOR-US: Leap CMS -CVE-2009-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 ...) +CVE-2009-1614 NOT-FOR-US: Leap CMS -CVE-2009-1613 (Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, ...) +CVE-2009-1613 NOT-FOR-US: Leap CMS -CVE-2009-1612 (Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control ...) +CVE-2009-1612 NOT-FOR-US: ActiveX -CVE-2009-1611 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows ...) +CVE-2009-1611 NOT-FOR-US: ElectraSoft 32bit FTP -CVE-2009-1610 (admin/changepassword.php in Job Script Job Board Software 2.0 allows ...) +CVE-2009-1610 NOT-FOR-US: Job Script Job Board Software -CVE-2009-1609 (Unrestricted file upload vulnerability in admin/uploadform.asp in ...) +CVE-2009-1609 NOT-FOR-US: Battle Blog -CVE-2009-1608 (Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly ...) +CVE-2009-1608 NOT-FOR-US: Microchip MPLAB IDE -CVE-2009-1607 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...) +CVE-2009-1607 NOT-FOR-US: LinkBase -CVE-2009-1606 (Multiple stack-based and heap-based buffer overflows in Dafolo ...) +CVE-2009-1606 NOT-FOR-US: Dafolo DafoloControl ActiveX -CVE-2009-1605 (Heap-based buffer overflow in the loadexponentialfunc function in ...) +CVE-2009-1605 NOT-FOR-US: MuPDF -CVE-2009-1604 (Unspecified vulnerability in LimeSurvey before 1.82 allows remote ...) +CVE-2009-1604 - limesurvey <itp> (bug #472802) -CVE-2009-1603 (src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used ...) +CVE-2009-1603 - opensc 0.11.8 (high; bug #527640) [etch] - opensc <not-affected> (vulnerable code introduced in 0.11.7) [lenny] - opensc <not-affected> (vulnerable code introduced in 0.11.7) NOTE: checked code, public exponent set correctly in etch/lenny versions (CK_BYTE publicExponent[] = { 3 };) -CVE-2009-1602 (Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote ...) +CVE-2009-1602 NOT-FOR-US: Pablo Software -CVE-2009-1601 (The Ubuntu clamav-milter.init script in clamav-milter before ...) +CVE-2009-1601 - clamav <not-affected> (Vulnerable code not present) NOTE: from what I see this code was never uploaded to the debian archive -CVE-2009-1600 (Apple Safari executes DOM calls in response to a javascript: URI in ...) +CVE-2009-1600 NOT-FOR-US: Apple Safari -CVE-2009-1599 (Opera executes DOM calls in response to a javascript: URI in the ...) +CVE-2009-1599 NOT-FOR-US: Opera -CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript: URI in ...) +CVE-2009-1598 - chromium-browser <unfixed> (unimportant) - webkit <not-affected> (chrome-specific issue) NOTE: it sounds like a "researcher misconception bug" (as seeming explained by Abobe) rather than a security issue -CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript: URI in ...) +CVE-2009-1597 - xulrunner <undetermined> (bug #565521) [wheezy] - xulrunner <end-of-life> (no detailed information available) -CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly implement the ...) +CVE-2009-1596 NOT-FOR-US: Openfire -CVE-2009-1595 (The jabber:iq:auth implementation in IQAuthHandler.java in Ignite ...) +CVE-2009-1595 NOT-FOR-US: Openfire CVE-2009-XXXX [More file buffer overflows] - file 5.03-1 (bug #525820) [etch] - file <not-affected> (CDF code not yet present in 4.x) [lenny] - file <not-affected> (CDF code not yet present in 4.x) -CVE-2009-1594 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...) +CVE-2009-1594 NOT-FOR-US: Armorlogic Profense Web Application Firewall -CVE-2009-1593 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...) +CVE-2009-1593 NOT-FOR-US: Armorlogic Profense Web Application Firewall -CVE-2009-1592 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows ...) +CVE-2009-1592 NOT-FOR-US: ElectraSoft 32bit FTP -CVE-2009-1591 (CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 ...) +CVE-2009-1591 NOT-FOR-US: CGI RESCUE Web Mailer -CVE-2009-1590 (Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows ...) +CVE-2009-1590 NOT-FOR-US: CGI RESCUE FORM2MAIL -CVE-2009-1589 (Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows ...) +CVE-2009-1589 NOT-FOR-US: CGI RESCUE MiniBBS -CVE-2009-1588 (Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t ...) +CVE-2009-1588 NOT-FOR-US: CGI RESCUE MiniBBS CVE-2009-XXXX [hex-a-hop: buffer overflow in loading save games] - hex-a-hop <unfixed> (unimportant; bug #528250) NOTE: That's a simple bug, it's silly to treat this as a security issue -CVE-2009-1587 (index.php in PHP Site Lock 2.0 allows remote attackers to bypass ...) +CVE-2009-1587 NOT-FOR-US: PHP Site Lock -CVE-2009-1586 (Stack-based buffer overflow in the NZB importer feature in GrabIt ...) +CVE-2009-1586 NOT-FOR-US: GrabIt -CVE-2009-1585 (Multiple SQL injection vulnerabilities in TemaTres 1.031, when ...) +CVE-2009-1585 NOT-FOR-US: TemaTres -CVE-2009-1584 (Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, ...) +CVE-2009-1584 NOT-FOR-US: TemaTres -CVE-2009-1583 (Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 ...) +CVE-2009-1583 NOT-FOR-US: TemaTres -CVE-2009-1582 (Million Dollar Text Links 1.0 does not properly restrict administrator ...) +CVE-2009-1582 NOT-FOR-US: Million Dollar Text Links -CVE-2009-1581 (functions/mime.php in SquirrelMail before 1.4.18 does not protect the ...) +CVE-2009-1581 {DSA-1802-1} - squirrelmail 2:1.4.18-1 (low; bug #528528) NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667 -CVE-2009-1580 (Session fixation vulnerability in SquirrelMail before 1.4.18 allows ...) +CVE-2009-1580 {DSA-1802-1} - squirrelmail 2:1.4.18-1 (low; bug #528528) NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676 -CVE-2009-1579 (The map_yp_alias function in functions/imap_general.php in ...) +CVE-2009-1579 {DSA-1802-1} - squirrelmail 2:1.4.18-1 (medium; bug #528528) NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674 NOTE: doesn't affect every setup -CVE-2009-1578 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) +CVE-2009-1578 {DSA-1802-1} - squirrelmail 2:1.4.18-1 (low; bug #528528) NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670 -CVE-2009-1577 (Multiple stack-based buffer overflows in the putstring function in ...) +CVE-2009-1577 - cscope 15.6-1 -CVE-2009-1576 (Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before ...) +CVE-2009-1576 {DSA-1792-1} - drupal6 6.11-1 (bug #526378) - drupal5 5.17-1 -CVE-2009-1575 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and ...) +CVE-2009-1575 {DSA-1792-1} - drupal6 6.11-1 (bug #526378) - drupal5 5.17-1 -CVE-2009-1574 (racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote ...) +CVE-2009-1574 {DSA-1804-1} - ipsec-tools 1:0.7.1-1.4 (medium; bug #527634) -CVE-2009-1571 (Use-after-free vulnerability in the HTML parser in Mozilla Firefox ...) +CVE-2009-1571 {DSA-1999-1} - xulrunner 1.9.1.8-1 [etch] - xulrunner <end-of-life> - iceape 2.0.3-1 [lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs) - icedove 3.0.2-1 -CVE-2009-1570 (Integer overflow in the ReadImage function in ...) +CVE-2009-1570 - gimp 2.6.7-1.1 (medium; bug #555929) -CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client 4.38, ...) +CVE-2009-1569 NOT-FOR-US: Novell iPrint Client -CVE-2009-1568 (Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client ...) +CVE-2009-1568 NOT-FOR-US: Novell iPrint Client -CVE-2009-1567 (Multiple stack-based buffer overflows in the Lateral Arts Photobox ...) +CVE-2009-1567 NOT-FOR-US: ActiveX -CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio ...) +CVE-2009-1566 NOT-FOR-US: Roxio Easy Media Creator -CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 ...) +CVE-2009-1565 NOT-FOR-US: VMware Movie Decoder -CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in ...) +CVE-2009-1564 NOT-FOR-US: VMwar CVE-2009-1563 REJECTED CVE-2009-1562 RESERVED -CVE-2009-1561 (Cross-site request forgery (CSRF) vulnerability in administration.cgi ...) +CVE-2009-1561 NOT-FOR-US: Cisco Linksys -CVE-2009-1560 (The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 ...) +CVE-2009-1560 NOT-FOR-US: Cisco Linksys -CVE-2009-1559 (Absolute path traversal vulnerability in adm/file.cgi on the Cisco ...) +CVE-2009-1559 NOT-FOR-US: Cisco Linksys -CVE-2009-1558 (Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys ...) +CVE-2009-1558 NOT-FOR-US: Cisco Linksys -CVE-2009-1557 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco ...) +CVE-2009-1557 NOT-FOR-US: Cisco Linksys -CVE-2009-1556 (img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with ...) +CVE-2009-1556 NOT-FOR-US: Cisco Linksys -CVE-2009-1555 (The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 ...) +CVE-2009-1555 NOT-FOR-US: Cisco Linksys -CVE-2009-1554 (Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun ...) +CVE-2009-1554 NOT-FOR-US: Sun Woodstock -CVE-2009-1553 (Multiple cross-site scripting (XSS) vulnerabilities in the Admin ...) +CVE-2009-1553 NOT-FOR-US: Sun GlassFish Enterprise Server -CVE-2009-1552 (Unspecified vulnerability in the IGMP driver in SCO Unixware Release ...) +CVE-2009-1552 NOT-FOR-US: SCO UnixWare -CVE-2009-1551 (Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 ...) +CVE-2009-1551 NOT-FOR-US: Qt quickteam -CVE-2009-1550 (Zakkis Technology ABC Advertise 1.0 does not properly restrict access ...) +CVE-2009-1550 NOT-FOR-US: Zakkis Technology ABC Advertise -CVE-2009-1549 (AGTC MyShop 3.2b allows remote attackers to bypass authentication and ...) +CVE-2009-1549 NOT-FOR-US: AGTC MyShop -CVE-2009-1548 (SQL injection vulnerability in index.php in BluSky CMS allows remote ...) +CVE-2009-1548 NOT-FOR-US: BluSky CMS CVE-2009-XXXX [prelude-manager: password world-readable] - prelude-manager <not-affected> (The postinst sets correct permissions, see bug #527344) @@ -9608,63 +9608,63 @@ CVE-2009-XXXX [bash-completion: does not properly quote characters] NOTE: adding this reference to track the fact that this has already been addressed by debian security NOTE: fixed over a year ago in debian; but fedora finally got around to addressing the issue recently NOTE: FEDORA-2009-3639 http://lwn.net/Articles/331605 -CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...) +CVE-2009-1547 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling ...) +CVE-2009-1546 NOT-FOR-US: Microsoft Windows -CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file ...) +CVE-2009-1545 NOT-FOR-US: Microsoft Windows -CVE-2009-1544 (Double free vulnerability in the Workstation service in Microsoft ...) +CVE-2009-1544 NOT-FOR-US: Microsoft Windows CVE-2009-1543 REJECTED -CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, ...) +CVE-2009-1542 NOT-FOR-US: Microsoft CVE-2009-1541 REJECTED CVE-2009-1540 REJECTED -CVE-2009-1539 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in ...) +CVE-2009-1539 NOT-FOR-US: Microsoft DirectX -CVE-2009-1538 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in ...) +CVE-2009-1538 NOT-FOR-US: Microsoft DirectX -CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter in ...) +CVE-2009-1537 NOT-FOR-US: Microsoft DirectX -CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and ...) +CVE-2009-1536 NOT-FOR-US: Microsoft .NET Framework -CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services (IIS) ...) +CVE-2009-1535 NOT-FOR-US: IIS -CVE-2009-1534 (Buffer overflow in the Office Web Components ActiveX Control in ...) +CVE-2009-1534 NOT-FOR-US: Microsoft Office XP -CVE-2009-1533 (Buffer overflow in the Works for Windows document converters in ...) +CVE-2009-1533 NOT-FOR-US: Microsoft -CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server ...) +CVE-2009-1532 NOT-FOR-US: Microsoft -CVE-2009-1531 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server ...) +CVE-2009-1531 NOT-FOR-US: Microsoft -CVE-2009-1530 (Use-after-free vulnerability in Microsoft Internet Explorer 7 for ...) +CVE-2009-1530 NOT-FOR-US: Microsoft -CVE-2009-1529 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server ...) +CVE-2009-1529 NOT-FOR-US: Microsoft -CVE-2009-1528 (Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and ...) +CVE-2009-1528 NOT-FOR-US: Microsoft -CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c in the ...) +CVE-2009-1527 - linux-2.6 2.6.29-5 (high) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) -CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to create or ...) +CVE-2009-1526 NOT-FOR-US: Directadmin -CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote ...) +CVE-2009-1525 NOT-FOR-US: Directadmin -CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before ...) +CVE-2009-1524 - jetty 6.1.19-1 (low; bug #527571) -CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay Jetty ...) +CVE-2009-1523 - jetty 6.1.19-1 (low; bug #528389) -CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 ...) +CVE-2009-1522 NOT-FOR-US: Tivoli -CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage ...) +CVE-2009-1521 NOT-FOR-US: Tivoli -CVE-2009-1520 (Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) ...) +CVE-2009-1520 NOT-FOR-US: Tivoli CVE-2009-XXXX [moin: XSS in AttachFile.py via attachements] - moin 1.8.3-1 (low; bug #526594) @@ -9672,264 +9672,264 @@ CVE-2009-XXXX [moin: XSS in AttachFile.py via attachements] [etch] - moin <not-affected> (Vulnerable code not present) NOTE: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7 NOTE: CVE id requested -CVE-2009-1513 (Buffer overflow in the PATinst function in src/load_pat.cpp in ...) +CVE-2009-1513 {DSA-1850-1} - libmodplug 1:0.8.7-1 (medium; bug #526084) - gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug #527077) [etch] - libmodplug <not-affected> (Vulnerable code not present) NOTE: gst-plugins-bad0.10 in testing and unstable builds against an external libmodplug. -CVE-2009-1519 (Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 ...) +CVE-2009-1519 NOT-FOR-US: Pecio CMS -CVE-2009-1518 (Cross-site request forgery (CSRF) vulnerability in Beltane before ...) +CVE-2009-1518 NOT-FOR-US: Beltane -CVE-2009-1517 (Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ...) +CVE-2009-1517 NOT-FOR-US: ActiveX -CVE-2009-1516 (Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX ...) +CVE-2009-1516 NOT-FOR-US: ActiveX -CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a denial of ...) +CVE-2009-1514 - chromium-browser 5.0.375.38~r46659-1 (low) NOTE: proof of concept maximum impact against webkit is dos-only -CVE-2009-1573 (xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly ...) +CVE-2009-1573 - xorg-server 2:1.6.1.901-3 (low; bug #526678) [etch] - xorg-server <no-dsa> (minor issue) [lenny] - xorg-server <no-dsa> (minor issue) -CVE-2009-1515 (Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c ...) +CVE-2009-1515 - file 5.02-1 [lenny] - file <not-affected> (Vulnerable code not present) [etch] - file <not-affected> (Vulnerable code not present) NOTE: code introduced in 5.xx series -CVE-2009-1512 (Static code injection vulnerability in X-Forum 0.6.2 allows remote ...) +CVE-2009-1512 NOT-FOR-US: X-Forum -CVE-2009-1511 (GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a ...) +CVE-2009-1511 NOT-FOR-US: Microsoft Windows -CVE-2009-1510 (Multiple directory traversal vulnerabilities in KoschtIT Image Gallery ...) +CVE-2009-1510 NOT-FOR-US: KoschtIT Image Gallery -CVE-2009-1509 (SQL injection vulnerability in ajaxp_backend.php in MyioSoft ...) +CVE-2009-1509 NOT-FOR-US: MyioSoft AjaxPortal -CVE-2009-1508 (SQL injection vulnerability in the xforum_validateUser function in ...) +CVE-2009-1508 NOT-FOR-US: X-Forum -CVE-2009-1507 (The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x ...) +CVE-2009-1507 NOT-FOR-US: Node Access User Reference module for Drupal -CVE-2009-1506 (SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows ...) +CVE-2009-1506 NOT-FOR-US: eLitius -CVE-2009-1505 (SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 ...) +CVE-2009-1505 NOT-FOR-US: News Page module for Drupal -CVE-2009-1504 (Absolute Form Processor XE 1.5 allows remote attackers to bypass ...) +CVE-2009-1504 NOT-FOR-US: Absolute Form Processor XE -CVE-2009-1503 (Multiple SQL injection vulnerabilities in login.php in Tiger Document ...) +CVE-2009-1503 NOT-FOR-US: Tiger Document Management System -CVE-2009-1502 (Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable ...) +CVE-2009-1502 NOT-FOR-US: S-Cms -CVE-2009-1501 (Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x ...) +CVE-2009-1501 NOT-FOR-US: EXIF module for Drupal -CVE-2009-1500 (SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows ...) +CVE-2009-1500 NOT-FOR-US: ProjectCMS -CVE-2009-1499 (SQL injection vulnerability in the MailTo (aka com_mailto) component ...) +CVE-2009-1499 NOT-FOR-US: com_mailto component for Joomla! -CVE-2009-1498 (Directory traversal vulnerability in inc/profilemain.php in Game Maker ...) +CVE-2009-1498 NOT-FOR-US: Game Maker 2k Internet Discussion Boards -CVE-2009-1497 (Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie ...) +CVE-2009-1497 NOT-FOR-US: GOM Player -CVE-2009-1496 (Directory traversal vulnerability in the Cmi Marketplace ...) +CVE-2009-1496 NOT-FOR-US: com_cmimarketplace component for Joomla! -CVE-2009-1495 (Web File Explorer 3.1 stores sensitive information under the web root ...) +CVE-2009-1495 NOT-FOR-US: Web File Explorer -CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...) +CVE-2009-1494 - memcached 1.2.8-1 (low; bug #526554) [lenny] - memcached <not-affected> (Affected compile-time options not set) [etch] - memcached <not-affected> (Affected compile-time options not set) -CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in Adobe ...) +CVE-2009-1493 NOT-FOR-US: Adobe Reader -CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader and ...) +CVE-2009-1492 NOT-FOR-US: Adobe Reader -CVE-2009-1491 (McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and ...) +CVE-2009-1491 NOT-FOR-US: McAfee GroupShield for Microsoft Exchange -CVE-2009-1490 (Heap-based buffer overflow in Sendmail before 8.13.2 allows remote ...) +CVE-2009-1490 - sendmail 8.13.2-0 CVE-2009-XXXX [samba: Account locking out doesnt work with an LDAP backend] - samba 2:3.2.6 (bug #514151) [lenny] - samba 2:3.2.5-4lenny1 [etch] - samba <not-affected> (Bug not yet present in Etch's version) -CVE-2009-1572 (The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote ...) +CVE-2009-1572 {DSA-1788-1} - quagga 0.99.11-2 (high; bug #526270) [lenny] - quagga 0.99.10-1lenny2 [etch] - quagga <not-affected> (no AS4 code) -CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to bypass ...) +CVE-2009-1489 NOT-FOR-US: Fungamez -CVE-2009-1488 (Directory traversal vulnerability in admin/load.php in FunGamez RC1 ...) +CVE-2009-1488 NOT-FOR-US: Fungamez -CVE-2009-1487 (SQL injection vulnerability in pages/login.php in FunGamez RC1 allows ...) +CVE-2009-1487 NOT-FOR-US: Fungamez -CVE-2009-1486 (Directory traversal vulnerability in pmscript.php in Flatchat 3.0 ...) +CVE-2009-1486 NOT-FOR-US: Flatchat -CVE-2009-1485 (The logging feature in eMule Plus before 1.2e allows remote attackers ...) +CVE-2009-1485 NOT-FOR-US: eMule Plus -CVE-2009-1484 (Cross-site scripting (XSS) vulnerability in the web mail interface ...) +CVE-2009-1484 NOT-FOR-US: AXIGEN Mail Server -CVE-2009-1483 (Unrestricted file upload vulnerability in upload-file.php in Adam ...) +CVE-2009-1483 NOT-FOR-US: Adam Patterson Studio Lounge Address Book -CVE-2009-1482 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-1482 {DSA-1791-1} - moin 1.8.3-1 (low; bug #526594) [etch] - moin <not-affected> (Not exploitable) NOTE: http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1 -CVE-2009-1481 (SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) ...) +CVE-2009-1481 NOT-FOR-US: PuterJam's Blog -CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows ...) +CVE-2009-1480 NOT-FOR-US: Pragyan CMS -CVE-2009-1479 (Directory traversal vulnerability in client/desktop/default.htm in ...) +CVE-2009-1479 NOT-FOR-US: Boxalino -CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl handlers in ...) +CVE-2009-1478 NOT-FOR-US: Solaris -CVE-2009-1477 (The https web interfaces on the ATEN KH1516i IP KVM switch with ...) +CVE-2009-1477 NOT-FOR-US: ATEN IP KVM Switch -CVE-2009-1476 (Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter ...) +CVE-2009-1476 NOT-FOR-US: IPFilter CVE-2009-1475 RESERVED -CVE-2009-1474 (The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP ...) +CVE-2009-1474 NOT-FOR-US: ATEN IP KVM Switch -CVE-2009-1473 (The (1) Windows and (2) Java client programs for the ATEN KH1516i IP ...) +CVE-2009-1473 NOT-FOR-US: ATEN IP KVM Switch -CVE-2009-1472 (The Java client program for the ATEN KH1516i IP KVM switch with ...) +CVE-2009-1472 NOT-FOR-US: ATEN IP KVM Switch CVE-2009-1471 RESERVED CVE-2009-1470 RESERVED -CVE-2009-1469 (CRLF injection vulnerability in the Forgot Password implementation in ...) +CVE-2009-1469 NOT-FOR-US: IceWarp -CVE-2009-1468 (Multiple SQL injection vulnerabilities in the search form in ...) +CVE-2009-1468 NOT-FOR-US: IceWarp -CVE-2009-1467 (Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail ...) +CVE-2009-1467 NOT-FOR-US: IceWarp -CVE-2009-1466 (Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) ...) +CVE-2009-1466 NOT-FOR-US: Application Access Server (A-A-S) -CVE-2009-1465 (Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default ...) +CVE-2009-1465 NOT-FOR-US: Application Access Server (A-A-S) -CVE-2009-1464 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-1464 NOT-FOR-US: Application Access Server (A-A-S) -CVE-2009-1463 (Static code injection vulnerability in razorCMS before 0.4 allows ...) +CVE-2009-1463 NOT-FOR-US: razorCMS -CVE-2009-1462 (The Security Manager in razorCMS before 0.4 does not verify the ...) +CVE-2009-1462 NOT-FOR-US: razorCMS -CVE-2009-1461 (Cross-site scripting (XSS) vulnerability in the Create New Page form ...) +CVE-2009-1461 NOT-FOR-US: razorCMS -CVE-2009-1460 (razorCMS before 0.4 uses weak permissions for (1) ...) +CVE-2009-1460 NOT-FOR-US: razorCMS -CVE-2009-1459 (Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 ...) +CVE-2009-1459 NOT-FOR-US: razorCMS -CVE-2009-1458 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...) +CVE-2009-1458 NOT-FOR-US: razorCMS -CVE-2009-1457 (Cross-site scripting (XSS) vulnerability in player.php in Nuke ...) +CVE-2009-1457 NOT-FOR-US: Nuke Evolution Xtreme -CVE-2009-1456 (Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows ...) +CVE-2009-1456 NOT-FOR-US: Malleo -CVE-2009-1455 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-1455 NOT-FOR-US: WebCollab -CVE-2009-1454 (Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab ...) +CVE-2009-1454 NOT-FOR-US: WebCollab -CVE-2009-1453 (SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 ...) +CVE-2009-1453 NOT-FOR-US: Tiny Blogr -CVE-2009-1452 (Multiple PHP remote file inclusion vulnerabilities in theme/format.php ...) +CVE-2009-1452 NOT-FOR-US: SMA-DB -CVE-2009-1451 (Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB ...) +CVE-2009-1451 NOT-FOR-US: SMA-DB -CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 ...) +CVE-2009-1450 NOT-FOR-US: SMA-DB -CVE-2009-1449 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...) +CVE-2009-1449 NOT-FOR-US: CoolPlayer -CVE-2009-1448 (Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net ...) +CVE-2009-1448 NOT-FOR-US: LovPop.net -CVE-2009-1447 (Unrestricted file upload vulnerability in admin/editor/image.php in ...) +CVE-2009-1447 NOT-FOR-US: e-cart.biz Free Shopping Car -CVE-2009-1446 (Unrestricted file upload vulnerability in upload.php in Elkagroup ...) +CVE-2009-1446 NOT-FOR-US: Elkagroup Image Gallery -CVE-2009-1445 (Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta ...) +CVE-2009-1445 NOT-FOR-US: WebPortal CMS -CVE-2009-1444 (PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS ...) +CVE-2009-1444 NOT-FOR-US: WebPortal CMS -CVE-2009-1443 (Multiple unspecified vulnerabilities in the Server component in OCS ...) +CVE-2009-1443 - ocsinventory-server 1.02-1 (unimportant) NOTE: Only supported in trusted environments, see debtags -CVE-2009-1442 (Multiple integer overflows in Skia, as used in Google Chrome 1.x ...) +CVE-2009-1442 NOT-FOR-US: skia -CVE-2009-1441 (Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function ...) +CVE-2009-1441 - chromium-browser <not-affected> (Only 1.x is affected) - webkit <not-affected> (chrome-specific issue) -CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel ...) +CVE-2009-1439 {DSA-1800-1 DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.29-2 (bug #523365) - linux-2.6.24 <removed> -CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...) +CVE-2009-1438 {DSA-1851-1 DSA-1850-1} - libmodplug 1:0.8.7-1 (low; bug #526657; bug #527076) - gst-plugins-bad0.10 0.10.10.2-1 (bug #527075) NOTE: gstreamer in unstable dynamically linked to external libmodplug -CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...) +CVE-2009-1437 NOT-FOR-US: CoolPlayer -CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...) +CVE-2009-1436 - kfreebsd-7 <not-affected> (Debian/kfreebsd uses glibc) -CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 ...) +CVE-2009-1435 NOT-FOR-US: Trend Micro OfficeScan -CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki before ...) +CVE-2009-1434 - foswiki <itp> (bug #509864) -CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php) in ...) +CVE-2009-1433 NOT-FOR-US: SilverStripe -CVE-2009-1432 (Symantec Reporting Server, as used in Symantec AntiVirus (SAV) ...) +CVE-2009-1432 NOT-FOR-US: Symantec -CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in Symantec ...) +CVE-2009-1431 NOT-FOR-US: Symantec -CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert ...) +CVE-2009-1430 NOT-FOR-US: Symantec -CVE-2009-1429 (The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management ...) +CVE-2009-1429 NOT-FOR-US: Symantec -CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in ...) +CVE-2009-1428 NOT-FOR-US: Symantec -CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to cause ...) +CVE-2009-1427 NOT-FOR-US: HP-UX -CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, ...) +CVE-2009-1426 NOT-FOR-US: HP ProLiant -CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...) +CVE-2009-1425 NOT-FOR-US: HP ProCurve -CVE-2009-1424 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...) +CVE-2009-1424 NOT-FOR-US: HP ProCurve -CVE-2009-1423 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...) +CVE-2009-1423 NOT-FOR-US: HP ProCurve -CVE-2009-1422 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...) +CVE-2009-1422 NOT-FOR-US: HP ProCurve -CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 ...) +CVE-2009-1421 NOT-FOR-US: ONCplus on HP HP-UX -CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node ...) +CVE-2009-1420 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-1419 (Unspecified vulnerability in HP Discovery & Dependency Mapping ...) +CVE-2009-1419 NOT-FOR-US: HP Discovery & Dependency Mapping Inventory -CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management ...) +CVE-2009-1418 NOT-FOR-US: HP System Management Homepage -CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and ...) +CVE-2009-1417 - gnutls26 2.6.6-1 (low; bug #528281) [lenny] - gnutls26 <no-dsa> (Minor issue, explicitly labeled as a test program) - gnutls13 <removed> [etch] - gnutls13 <no-dsa> (Minor issue, explicitly labeled as a test program) -CVE-2009-1416 (lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates ...) +CVE-2009-1416 - gnutls26 2.6.6-1 (medium) - gnutls13 <removed> [lenny] - gnutls26 <not-affected> (Vulnerable code not present, only affects 2.6.x) [etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x) -CVE-2009-1415 (lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not ...) +CVE-2009-1415 - gnutls26 2.6.6-1 (medium) - gnutls13 <removed> [lenny] - gnutls26 <not-affected> (Vulnerable code not present) [etch] - gnutls26 <not-affected> (Vulnerable code not present) [etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x) -CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object persist ...) +CVE-2009-1414 - chromium-browser <not-affected> (Only 2.x is affected) - webkit <not-affected> (doesn't have a 'chromehtml' handler) -CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page transition, ...) +CVE-2009-1413 - chromium-browser <not-affected> (Only 1.x is affected) - webkit <not-affected> (doesn't have a 'chromehtml' handler) -CVE-2009-1412 (Argument injection vulnerability in the chromehtml: protocol handler ...) +CVE-2009-1412 - chromium-browser <not-affected> (Only 1.x is affected) - webkit <not-affected> (doesn't have a 'chromehtml' handler) CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users] @@ -9954,447 +9954,447 @@ CVE-2009-1396 RESERVED CVE-2009-1395 RESERVED -CVE-2009-1394 (Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows ...) +CVE-2009-1394 NOT-FOR-US: Motorola Timbuktu Pro CVE-2009-1393 RESERVED -CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird ...) +CVE-2009-1392 {DSA-1830-1 DSA-1820-1} - xulrunner 1.9.0.11-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 -CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...) +CVE-2009-1391 - perl 5.10.0-23 (low; bug #532736) [etch] - perl <not-affected> (Doesn't yet include Compress-Raw-Zlib) - libcompress-raw-zlib-perl 2.015-2 (low; bug #532738) [lenny] - libcompress-raw-zlib-perl 2.012-1lenny1 [lenny] - perl 5.10.0-19lenny1 -CVE-2009-1390 (Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) ...) +CVE-2009-1390 - mutt 1.5.20-1 [lenny] - mutt <not-affected> (Affected code was introduced in 1.5.19) [etch] - mutt <not-affected> (Affected code was introduced in 1.5.19) [squeeze] - mutt <not-affected> (Affected code was introduced in 1.5.19) -CVE-2009-1389 (Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the ...) +CVE-2009-1389 {DSA-1865-1 DSA-1844-1} - linux-2.6 2.6.26-16 (high; bug #532376) - linux-2.6.24 <removed> NOTE: potential for kernel memory corruption by remote attacker -CVE-2009-1388 (The ptrace_start function in kernel/ptrace.c in the Linux kernel ...) +CVE-2009-1388 - linux-2.6 <not-affected> (problem in redhat-specific kernel patches) - linux-2.6.24 <not-affected> (problem in redhat-specific kernel patches) -CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in ...) +CVE-2009-1387 - openssl 0.9.8k-2 (low; bug #532037) [lenny] - openssl 0.9.8g-15+lenny3 [etch] - openssl 0.9.8c-4etch9 - openssl097 <not-affected> (DTLS support was introduced in 0.9.8) -CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause ...) +CVE-2009-1386 - openssl 0.9.8k-1 (low; bug #532037) [lenny] - openssl 0.9.8g-15+lenny3 [etch] - openssl 0.9.8c-4etch9 - openssl097 <not-affected> (DTLS support was introduced in 0.9.8) -CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...) +CVE-2009-1385 {DSA-1865-1 DSA-1844-1} - linux-2.6 2.6.26-16 (low; bug #532721) - linux-2.6.24 <removed> -CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux ...) +CVE-2009-1384 - libpam-krb5 <not-affected> (different code base than Debian's libpam-krb5) -CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when downloaded ...) +CVE-2009-1383 - mathtex 1.03-1 (medium; bug #537258) -CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when ...) +CVE-2009-1382 {DSA-1917-1} - mimetex 1.50-1.1 (medium; bug #537254) -CVE-2009-1381 (The map_yp_alias function in functions/imap_general.php in ...) +CVE-2009-1381 {DSA-1802-2} - squirrelmail 2:1.4.19-1 -CVE-2009-1380 (Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in ...) +CVE-2009-1380 - jbossas4 4.2.2.GA-1 (bug #562000) [lenny] - jbossas4 <no-dsa> (Contrib not supported) -CVE-2009-1379 (Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment ...) +CVE-2009-1379 - openssl 0.9.8k-1 (low; bug #530400) [lenny] - openssl 0.9.8g-15+lenny3 [etch] - openssl 0.9.8c-4etch9 - openssl097 <not-affected> (DTLS support was introduced in 0.9.8) -CVE-2009-1378 (Multiple memory leaks in the dtls1_process_out_of_seq_message function ...) +CVE-2009-1378 - openssl 0.9.8k-1 (low; bug #530400) [lenny] - openssl 0.9.8g-15+lenny3 [etch] - openssl 0.9.8c-4etch9 - openssl097 <not-affected> (DTLS support was introduced in 0.9.8) -CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and ...) +CVE-2009-1377 - openssl 0.9.8k-1 (low; bug #530400) [lenny] - openssl 0.9.8g-15+lenny3 [etch] - openssl 0.9.8c-4etch9 - openssl097 <not-affected> (DTLS support was introduced in 0.9.8) -CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in ...) +CVE-2009-1376 {DSA-1805-1} - pidgin 2.5.6-1 - gaim <removed> [lenny] - gaim <not-affected> (Only a transitional package) -CVE-2009-1375 (The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before ...) +CVE-2009-1375 {DSA-1805-1} - pidgin 2.5.6-1 - gaim <removed> [lenny] - gaim <not-affected> (Only a transitional package) -CVE-2009-1374 (Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) ...) +CVE-2009-1374 - pidgin 2.5.6-1 [lenny] - pidgin <not-affected> (QQ support not yet present) - gaim <not-affected> (QQ support not yet present) -CVE-2009-1373 (Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin ...) +CVE-2009-1373 {DSA-1805-1} - pidgin 2.5.6-1 - gaim <removed> [lenny] - gaim <not-affected> (Only a transitional package) -CVE-2009-1365 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...) +CVE-2009-1365 NOT-FOR-US: Adobe Flash Media Server -CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in libwmf ...) +CVE-2009-1364 {DSA-1796-1} - libwmf 0.2.8.4-6.1 (low; bug #526434) CVE-2009-1363 RESERVED -CVE-2009-1360 (The __inet6_check_established function in net/ipv6/inet6_hashtables.c ...) +CVE-2009-1360 - linux-2.6 2.6.29-1 (low; bug #529342) [etch] - linux-2.6 <not-affected> (Introduced in 2.6.27) [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27) - linux-2.6.24 <not-affected> (Introduced in 2.6.27) -CVE-2009-1411 (SQL injection vulnerability in events/inc/events.inc.php in the Events ...) +CVE-2009-1411 NOT-FOR-US: Seditio CMS -CVE-2009-1410 (SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows ...) +CVE-2009-1410 NOT-FOR-US: Quick.Cms.Lite -CVE-2009-1409 (SQL injection vulnerability in usersettings.php in e107 0.7.15 and ...) +CVE-2009-1409 NOT-FOR-US: e107 -CVE-2009-1408 (Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows ...) +CVE-2009-1408 NOT-FOR-US: webSPELL -CVE-2009-1407 (Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows ...) +CVE-2009-1407 NOT-FOR-US: NotFTP -CVE-2009-1406 (Directory traversal vulnerability in cms_detect.php in TotalCalendar ...) +CVE-2009-1406 NOT-FOR-US: TotalCalendar -CVE-2009-1405 (Directory traversal vulnerability in index.php in PastelCMS 0.8.0, ...) +CVE-2009-1405 NOT-FOR-US: PastelCMS -CVE-2009-1404 (SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when ...) +CVE-2009-1404 NOT-FOR-US: PastelCMS -CVE-2009-1403 (SQL injection vulnerability in product_info.php in CRE Loaded 6.2 ...) +CVE-2009-1403 NOT-FOR-US: CRE Loaded -CVE-2009-1370 (Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video ...) +CVE-2009-1370 NOT-FOR-US: Xilisoft Video Converter -CVE-2009-1369 (moziloCMS 1.11 allows remote attackers to obtain sensitive information ...) +CVE-2009-1369 NOT-FOR-US: moziloCMS -CVE-2009-1368 (Directory traversal vulnerability in index.php in moziloCMS 1.11 ...) +CVE-2009-1368 NOT-FOR-US: moziloCMS -CVE-2009-1367 (Cross-site scripting (XSS) vulnerability in index.php in moziloCMS ...) +CVE-2009-1367 NOT-FOR-US: moziloCMS -CVE-2009-1366 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2009-1366 NOT-FOR-US: DotNetNuke -CVE-2009-1362 (SQL injection vulnerability in administration/index.php in chCounter ...) +CVE-2009-1362 NOT-FOR-US: chCounter -CVE-2009-1361 (dig.php in GScripts.net DNS Tools allows remote attackers to execute ...) +CVE-2009-1361 NOT-FOR-US: GScripts.net DNS Tools -CVE-2009-1359 (Unspecified vulnerability in the SCTP sockets implementation in Sun ...) +CVE-2009-1359 NOT-FOR-US: Sun OpenSolaris -CVE-2009-1357 (CRLF injection vulnerability in da/DA/Login in Sun Java System ...) +CVE-2009-1357 NOT-FOR-US: Sun Java System Delegated Administrator -CVE-2009-1356 (Stack-based buffer overflow in Elecard AVC HD Player allows remote ...) +CVE-2009-1356 NOT-FOR-US: Elecard AVC HD Player -CVE-2009-1355 (Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 ...) +CVE-2009-1355 NOT-FOR-US: IBM AIX -CVE-2009-1354 (Directory traversal vulnerability in Mongoose 2.4 allows remote ...) +CVE-2009-1354 NOT-FOR-US: Mongoose -CVE-2009-1353 (Buffer overflow in the http_parse_hex function in libz/misc.c in ...) +CVE-2009-1353 NOT-FOR-US: Zervit Webserver -CVE-2009-1352 (Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote ...) +CVE-2009-1352 NOT-FOR-US: PowerCHM -CVE-2009-1351 (Heap-based buffer overflow in Apollo 37zz allows remote attackers to ...) +CVE-2009-1351 NOT-FOR-US: Apollo 37zz -CVE-2009-1350 (Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client ...) +CVE-2009-1350 NOT-FOR-US: Novell NetIdentity Client -CVE-2009-1349 (Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 ...) +CVE-2009-1349 NOT-FOR-US: C2Net Stronghold -CVE-2009-1358 (apt-get in apt before 0.7.21 does not check for the correct error code ...) +CVE-2009-1358 {DSA-1779-1 DTSA-199-1} - apt 0.7.21 (bug #433091) -CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule ...) +CVE-2009-1440 {DSA-1821-1} - amule 2.2.5-1.1 (low; bug #525078) [etch] - amule <not-affected> (Doesn't support preview of complete files, which is the vulnerable part) -CVE-2009-1348 (The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, ...) +CVE-2009-1348 NOT-FOR-US: Various AV junk -CVE-2009-1347 (Multiple SQL injection vulnerabilities in stats/index.php in chCounter ...) +CVE-2009-1347 NOT-FOR-US: chCounter -CVE-2009-1346 (SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 ...) +CVE-2009-1346 NOT-FOR-US: NetHoteles -CVE-2009-1345 (SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows ...) +CVE-2009-1345 NOT-FOR-US: cpCommerce -CVE-2009-1344 (Cross-site scripting (XSS) vulnerability in the Localization client ...) +CVE-2009-1344 NOT-FOR-US: Localization client for drupal -CVE-2009-1343 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...) +CVE-2009-1343 NOT-FOR-US: Print module for Drupal -CVE-2009-1342 (Cross-site scripting (XSS) vulnerability in the CCK comment reference ...) +CVE-2009-1342 NOT-FOR-US: CCK comment module for Drupal CVE-2009-XXXX [git-core in Debian has non-root-owned files under /usr] - git-core 1:1.6.2.1-1 (bug #516669) [lenny] - git-core 1:1.5.6.5-3+lenny3.2 NOTE: fixed accidently through spu -CVE-2009-1341 (Memory leak in the dequote_bytea function in quote.c in the DBD::Pg ...) +CVE-2009-1341 {DSA-1780-1} - libdbd-pg-perl 2.1.3-1 CVE-2009-1340 RESERVED -CVE-2009-1339 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 ...) +CVE-2009-1339 - twiki <removed> (bug #526258) NOTE: We should probably request removal from unstable, replaced by foswiki -CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux ...) +CVE-2009-1338 {DSA-1800-1 DSA-1787-1} - linux-2.6 2.6.29-1 [etch] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before ...) +CVE-2009-1337 {DSA-1800-1 DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.29-5 - linux-2.6.24 <removed> -CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly ...) +CVE-2009-1336 {DSA-1794-1} - linux-2.6 2.6.23-1 [etch] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows ...) +CVE-2009-1335 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-1334 (Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html ...) +CVE-2009-1334 NOT-FOR-US: IBM Tivoli Continuous Data Protection -CVE-2009-1333 (Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the ...) +CVE-2009-1333 NOT-FOR-US: HP Deskjet -CVE-2009-1332 (The Online Help feature in Sun Java System Directory Server 5.2 and ...) +CVE-2009-1332 NOT-FOR-US: Sun Java System Directory Server -CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) ...) +CVE-2009-1331 NOT-FOR-US: Windows Media Player CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions] - pptp-linux 1.7.2-3 (low; bug #523476) [lenny] - pptp-linux <no-dsa> (Minor issue) [etch] - pptp-linux <no-dsa> (Minor issue) -CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote ...) +CVE-2009-1330 NOT-FOR-US: Easy RM to MP3 Converter -CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream Recorder ...) +CVE-2009-1329 NOT-FOR-US: Mini-stream -CVE-2009-1328 (Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 ...) +CVE-2009-1328 NOT-FOR-US: Mini-stream -CVE-2009-1327 (Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 ...) +CVE-2009-1327 NOT-FOR-US: Mini-stream -CVE-2009-1326 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...) +CVE-2009-1326 NOT-FOR-US: Mini-stream -CVE-2009-1325 (Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows ...) +CVE-2009-1325 NOT-FOR-US: Mini-stream -CVE-2009-1324 (Stack-based buffer overflow in Mini-stream ASX to MP3 Converter ...) +CVE-2009-1324 NOT-FOR-US: Mini-stream -CVE-2009-1323 (SQL injection vulnerability in body.asp in Web File Explorer 3.1 ...) +CVE-2009-1323 NOT-FOR-US: Web File Explorer -CVE-2009-1322 (ASP Product Catalog 1.0 stores sensitive information under the web ...) +CVE-2009-1322 NOT-FOR-US: ASP Product Catalog -CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Product ...) +CVE-2009-1321 NOT-FOR-US: ASP Product Catalog -CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-1320 NOT-FOR-US: Zazzle Store Builder -CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in GuestCal ...) +CVE-2009-1319 NOT-FOR-US: GuestCal -CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 ...) +CVE-2009-1318 NOT-FOR-US: Jamroom -CVE-2009-1317 (Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when ...) +CVE-2009-1317 NOT-FOR-US: Aqua CMS -CVE-2009-1316 (Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote ...) +CVE-2009-1316 NOT-FOR-US: AbleSpace -CVE-2009-1315 (Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 ...) +CVE-2009-1315 NOT-FOR-US: Ablespace -CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to create ...) +CVE-2009-1314 NOT-FOR-US: Web File Explorer -CVE-2009-1313 (The nsTextFrame::ClearTextRun function in ...) +CVE-2009-1313 - xulrunner 1.9.0.10-1 (low) [etch] - xulrunner <not-affected> (introduced in 1.9.0.9) [lenny] - xulrunner <not-affected> (introduced in 1.9.0.9) -CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block ...) +CVE-2009-1312 {DSA-1797-1} - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - kompozer <unfixed> (unimportant) NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled -CVE-2009-1311 (Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow ...) +CVE-2009-1311 {DSA-1797-1} - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - kompozer 1:0.8~alpha2+dfsg+svn129-3 -CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin ...) +CVE-2009-1310 {DSA-1886-1} - iceweasel 3.0.9-1 [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1309 (Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not ...) +CVE-2009-1309 {DSA-1797-1} - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - kompozer <unfixed> (unimportant) NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled -CVE-2009-1308 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) +CVE-2009-1308 {DSA-1797-1} - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before 3.0.9, ...) +CVE-2009-1307 {DSA-1830-1 DSA-1797-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9, ...) +CVE-2009-1306 {DSA-1797-1} - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1305 (The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird ...) +CVE-2009-1305 {DSA-1797-1} - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - kompozer <unfixed> (unimportant) NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled -CVE-2009-1304 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...) +CVE-2009-1304 {DSA-1797-1} - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...) +CVE-2009-1303 {DSA-1830-1 DSA-1797-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...) +CVE-2009-1302 {DSA-1830-1 DSA-1797-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...) +CVE-2009-1301 - mpg123 1.7.2-1 (low) [etch] - mpg123 <no-dsa> (Minor issue) [lenny] - mpg123 <no-dsa> (Minor issue) NOTE: http://secunia.com/advisories/34587/3/ NOTE: unlike secunia states I can't see that this allows code execution but is just an invalid read NOTE: crashing the application -CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an "invalid ...) +CVE-2009-1300 {DSA-1779-1 DTSA-199-1} - apt 0.7.21 (bug #523213) -CVE-2009-1299 (The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 ...) +CVE-2009-1299 {DSA-2017-1} - pulseaudio 0.9.21-1.1 (bug #573615) -CVE-2009-1298 (The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux ...) +CVE-2009-1298 {DTSA-204-1} - linux-2.6 2.6.32-1 (low) [etch] - linux-2.6 <not-affected> (introduced in 2.6.29) [lenny] - linux-2.6 <not-affected> (introduced in 2.6.29) - linux-2.6.24 <not-affected> (introduced in 2.6.29) -CVE-2009-1297 (iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and ...) +CVE-2009-1297 - open-iscsi 2.0.871-1 (low; bug #547011) [lenny] - open-iscsi 2.0.870~rc3-0.4.1 [etch] - open-iscsi <not-affected> (Vulnerable script not yet present) -CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on ...) +CVE-2009-1296 - ecryptfs-utils 75-2 (unimportant; bug #532372) NOTE: this is a non-issue as the debian installer doesn't support per user NOTE: encrypted home directories with ecryptfs, so no passphrase is stored in the NOTE: installer logs on disk -CVE-2009-1295 (Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu ...) +CVE-2009-1295 [experimental] - apport <not-affected> (Fixed before initial upload into Debian) -CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home ...) +CVE-2009-1294 NOT-FOR-US: Novell Teaming -CVE-2009-1293 (The web login functionality (c/portal/login) in Novell Teaming 1.0 ...) +CVE-2009-1293 NOT-FOR-US: Novell Teaming -CVE-2009-1292 (UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x ...) +CVE-2009-1292 NOT-FOR-US: ClearCase -CVE-2009-1371 (The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before ...) +CVE-2009-1371 {DSA-1771-1} - clamav 0.95.1+dfsg-1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=1552 -CVE-2009-1372 (Stack-based buffer overflow in the cli_url_canon function in ...) +CVE-2009-1372 - clamav 0.95.1+dfsg-1 [etch] - clamav <not-affected> (vulnerable code not present) [lenny] - clamav <not-affected> (vulnerable code not present) NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=1552 -CVE-2009-1291 (Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, ...) +CVE-2009-1291 NOT-FOR-US: SmartSockets -CVE-2009-1290 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) +CVE-2009-1290 NOT-FOR-US: IBM BladeCenter -CVE-2009-1289 (private/login.ssi in the Advanced Management Module (AMM) on the IBM ...) +CVE-2009-1289 NOT-FOR-US: IBM BladeCenter -CVE-2009-1288 (Multiple cross-site scripting (XSS) vulnerabilities in the Advanced ...) +CVE-2009-1288 NOT-FOR-US: IBM BladeCenter -CVE-2009-1287 (Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge ...) +CVE-2009-1287 NOT-FOR-US: Cisco Subscriber Edge Services Manager -CVE-2009-1286 (The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 ...) +CVE-2009-1286 NOT-FOR-US: IBM Lotus Domino -CVE-2009-1285 (Static code injection vulnerability in the getConfigFile function in ...) +CVE-2009-1285 - phpmyadmin 4:3.1.3.2-1 (unimportant; bug #524804) [etch] - phpmyadmin <not-affected> (Vulnerable code not present) [lenny] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...) +CVE-2009-1284 - texlive-bin 2009-1 (low; bug #520920) [etch] - texlive-bin <no-dsa> (Minor issue) [lenny] - texlive-bin 2007.dfsg.2-4+lenny2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=492136 -CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided ...) +CVE-2009-1283 NOT-FOR-US: glFusion -CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in ...) +CVE-2009-1282 NOT-FOR-US: glFusion -CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 ...) +CVE-2009-1281 NOT-FOR-US: glFusion -CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) +CVE-2009-1280 NOT-FOR-US: Joomla! -CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 ...) +CVE-2009-1279 NOT-FOR-US: Joomla! -CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php in ...) +CVE-2009-1278 NOT-FOR-US: Gravity Board -CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 ...) +CVE-2009-1277 NOT-FOR-US: Gravity Board -CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and ...) +CVE-2009-1276 NOT-FOR-US: Sun Solaris -CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other ...) +CVE-2009-1275 - tiles 2.2.0-1 -CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is compiled ...) +CVE-2009-1273 - libpam-ssh 1.92-7 (low; bug #535877) [etch] - libpam-ssh <no-dsa> (Minor issue) [lenny] - libpam-ssh 1.91.0-9.3+lenny1 -CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...) +CVE-2009-1272 {DTSA-188-1} - php5 5.2.6.dfsg.1-3 [etch] - php5 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4) - php4 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4) -CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...) +CVE-2009-1271 {DSA-1789-1 DSA-1775-1} - php5 5.2.9.dfsg.1-1 - php4 <not-affected> (the JSON extension was introduced in php5.2) - php-json-ext <unfixed> -CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows ...) +CVE-2009-1269 {DSA-1785-1} - wireshark 1.0.7-1 (low) [etch] - wireshark <not-affected> (Vulnerable code not present; introduced in 0.99.6) -CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in ...) +CVE-2009-1268 {DSA-1785-1} - wireshark 1.0.7-1 (low) [etch] - wireshark 0.99.4-5.etch.4 -CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 ...) +CVE-2009-1267 - wireshark <not-affected> (Only affects Wireshark on Windows) -CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact ...) +CVE-2009-1266 NOTE: Dupe of CVE-2009-1210 -CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...) +CVE-2009-1265 {DSA-1800-1 DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.29-4 - linux-2.6.24 <removed> -CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...) +CVE-2009-1264 NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension -CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...) +CVE-2009-1263 NOT-FOR-US: Joomla! -CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and ...) +CVE-2009-1262 NOT-FOR-US: Fortinet FortiClient -CVE-2009-1261 (Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk ...) +CVE-2009-1261 NOT-FOR-US: Web Help Desk -CVE-2009-1260 (Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and ...) +CVE-2009-1260 NOT-FOR-US: UltraISO -CVE-2009-1259 (SQL injection vulnerability in inc/bb/topic.php in Insane Visions ...) +CVE-2009-1259 NOT-FOR-US: Insane Visions AdaptBB -CVE-2009-1258 (SQL injection vulnerability in the RD-Autos (com_rdautos) component ...) +CVE-2009-1258 NOT-FOR-US: Joomla! -CVE-2009-1257 (Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows ...) +CVE-2009-1257 NOT-FOR-US: Magic ISO Maker -CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to ...) +CVE-2009-1256 NOT-FOR-US: FlexCMS -CVE-2009-1255 (The process_stat function in (1) Memcached before 1.2.8 and (2) ...) +CVE-2009-1255 - memcached 1.2.8-1 (low) [etch] - memcached <no-dsa> (Minor issue) [lenny] - memcached <no-dsa> (Minor issue) @@ -10403,183 +10403,183 @@ CVE-2009-1255 (The process_stat function in (1) Memcached before 1.2.8 and (2) . [squeeze] - memcachedb <no-dsa> (Minor issue) NOTE: why are weaknesses in security hardening features like ASLR considered minor? NOTE: even though this is not directly a vulnerability itself, part of this application's armor is now missing; making it easier for unknown vulnerabilities to be effective. -CVE-2009-1270 (libclamav/untar.c in ClamAV before 0.95 allows remote attackers to ...) +CVE-2009-1270 {DSA-1771-1} - clamav 0.95.1+dfsg-1 (medium; bug #523016) -CVE-2009-1254 (James Stone Tunapie 2.1 allows remote attackers to execute arbitrary ...) +CVE-2009-1254 {DSA-1764-1} - tunapie 2.1.17-1 -CVE-2009-1253 (James Stone Tunapie 2.1 allows local users to overwrite arbitrary ...) +CVE-2009-1253 {DSA-1764-1} - tunapie 2.1.17-1 -CVE-2009-1252 (Stack-based buffer overflow in the crypto_recv function in ...) +CVE-2009-1252 {DSA-1801-1} - ntp 1:4.2.4p6+dfsg-2 (high; bug #525373) NOTE: VU#853097 -CVE-2009-1251 (Heap-based buffer overflow in the cache manager in the client in ...) +CVE-2009-1251 {DSA-1768-1} - openafs 1.4.10+dfsg1-1 -CVE-2009-1250 (The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 ...) +CVE-2009-1250 {DSA-1768-1} - openafs 1.4.10+dfsg1-1 [etch] - openafs 1.4.2-6etch3 -CVE-2009-1249 (Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x ...) +CVE-2009-1249 NOT-FOR-US: Feed element mapper for Drupal -CVE-2009-1248 (Multiple PHP remote file inclusion vulnerabilities in Acute Control ...) +CVE-2009-1248 NOT-FOR-US: Acute Control Panel -CVE-2009-1247 (SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 ...) +CVE-2009-1247 NOT-FOR-US: Acute Control Panel -CVE-2009-1246 (Multiple directory traversal vulnerabilities in Blogplus 1.0 allow ...) +CVE-2009-1246 NOT-FOR-US: Blogplus -CVE-2009-1245 (Multiple SQL injection vulnerabilities in the insert_to_pastebin ...) +CVE-2009-1245 NOT-FOR-US: CCCP Community Clan Portal Pastebin -CVE-2009-1244 (Unspecified vulnerability in the virtual machine display function in ...) +CVE-2009-1244 NOT-FOR-US: VMware -CVE-2009-1243 (net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an ...) +CVE-2009-1243 - linux-2.6 <not-affected> (Issue was introduced after 2.6.27 release) - linux-2.6.24 <not-affected> (Issue was introduced after 2.6.27 release) -CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...) +CVE-2009-1242 {DSA-1800-1 DSA-1787-1} - linux-2.6 2.6.30-1 [etch] - linux-2.6 <not-affected> (Doesn't include KVM yet) - linux-2.6.24 <removed> -CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...) +CVE-2009-1241 - clamav 0.95+dfsg-1 (medium; bug #526042) [etch] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time) [lenny] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time) -CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 ...) +CVE-2009-1240 NOT-FOR-US: IBM Proventia -CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in certain ...) +CVE-2009-1239 NOT-FOR-US: IBM DB2 -CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in ...) +CVE-2009-1274 - xine-lib 1.1.16.3-1 (medium; bug #522811) - vlc <not-affected> (affected part of xine-lib code not present) -CVE-2009-1238 (Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and ...) +CVE-2009-1238 NOT-FOR-US: Mac OS X -CVE-2009-1237 (Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X ...) +CVE-2009-1237 NOT-FOR-US: Mac OS X -CVE-2009-1236 (Heap-based buffer overflow in the AppleTalk networking stack in XNU ...) +CVE-2009-1236 NOT-FOR-US: Mac OS X -CVE-2009-1235 (XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does ...) +CVE-2009-1235 NOT-FOR-US: Mac OS X -CVE-2009-1234 (Opera 9.64 allows remote attackers to cause a denial of service ...) +CVE-2009-1234 NOT-FOR-US: Opera -CVE-2009-1233 (Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to ...) +CVE-2009-1233 NOT-FOR-US: Safari on Windows -CVE-2009-1232 (Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote ...) +CVE-2009-1232 - xulrunner <unfixed> (unimportant) NOTE: Browser crashes not treated as security issues -CVE-2009-1231 (Unspecified vulnerability in the eClient in IBM DB2 Content Manager ...) +CVE-2009-1231 NOT-FOR-US: DB2 -CVE-2009-1230 (Static code injection vulnerability in index.php in Podcast Generator ...) +CVE-2009-1230 NOT-FOR-US: Podcast Generator -CVE-2009-1229 (SQL injection vulnerability in Arcadwy Arcade Script allows remote ...) +CVE-2009-1229 NOT-FOR-US: Arcadwy Arcade Script -CVE-2009-1228 (Cross-site scripting (XSS) vulnerability in register.php in Arcadwy ...) +CVE-2009-1228 NOT-FOR-US: Arcadwy Arcade Script -CVE-2009-1227 (** DISPUTED ** ...) +CVE-2009-1227 NOT-FOR-US: Check Point -CVE-2009-1226 (core/admin/delete.php in Podcast Generator 1.1 and earlier does not ...) +CVE-2009-1226 NOT-FOR-US: Podcast Generator -CVE-2009-1225 (Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook ...) +CVE-2009-1225 NOT-FOR-US: Turnkey Ebook Store -CVE-2009-1224 (SQL injection vulnerability in ...) +CVE-2009-1224 NOT-FOR-US: vsp stats processor -CVE-2009-1223 (aspWebCalendar Free Edition stores sensitive information under the web ...) +CVE-2009-1223 NOT-FOR-US: aspWebCalendar Free Edition -CVE-2009-1222 (Directory traversal vulnerability in index.php in webEdition 6.0.0.4 ...) +CVE-2009-1222 NOT-FOR-US: webEdition CVE-2009-1221 RESERVED -CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in ...) +CVE-2009-1220 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...) +CVE-2009-1219 NOT-FOR-US: Sun Calendar Express Web Server -CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar ...) +CVE-2009-1218 NOT-FOR-US: Sun Calendar Express Web Server -CVE-2009-1217 (Off-by-one error in the GpFont::SetData function in gdiplus.dll in ...) +CVE-2009-1217 NOT-FOR-US: Windows GDI+ -CVE-2009-1216 (Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c ...) +CVE-2009-1216 NOTE: Duplicate of CVE-2006-4335, confirmed by Microsoft. They're working on NOTE: getting it rejected -CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ...) +CVE-2009-1215 - screen 4.0.3-13 (low; bug #521123) [etch] - screen <not-affected> (etch version predates #433338) [lenny] - screen 4.0.3-11+lenny1 -CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with ...) +CVE-2009-1214 - screen 4.0.3-13 (bug #521123) [lenny] - screen 4.0.3-11+lenny1 NOTE: documented behaviour "or the public accessible screen-exchange", see man screen -CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...) +CVE-2009-1213 - bugzilla 3.2.4.0-1 (low; bug #514143) [etch] - bugzilla <no-dsa> (Minor issue) [lenny] - bugzilla <no-dsa> (Minor issue) NOTE: should this really be considered minor? see fedora bug and FSA: NOTE: - https://bugzilla.redhat.com/show_bug.cgi?id=494398 NOTE: - https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html -CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the ...) +CVE-2009-1212 NOT-FOR-US: PrecisionID Datamatrix ActiveX control -CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, uses ...) +CVE-2009-1211 NOT-FOR-US: Blue Coat ProxySG -CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...) +CVE-2009-1210 {DSA-1785-1} - wireshark 1.0.7-1 (low) [etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6) -CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...) +CVE-2009-1209 - amaya <removed> -CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other ...) +CVE-2009-1208 {DSA-1757-1} - auth2db 0.2.5-2+dfsg-1.1 (bug #521823; low) -CVE-2009-1207 (Race condition in the dircmp script in Sun Solaris 8 through 10, and ...) +CVE-2009-1207 NOT-FOR-US: Solaris -CVE-2009-1206 (Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI ...) +CVE-2009-1206 NOT-FOR-US: Cafe Access Analyzer CGI Professional CVE-2009-1205 REJECTED -CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...) +CVE-2009-1204 - tikiwiki <removed> -CVE-2009-1203 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with ...) +CVE-2009-1203 NOT-FOR-US: Cisco -CVE-2009-1202 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with ...) +CVE-2009-1202 NOT-FOR-US: Cisco -CVE-2009-1201 (Eval injection vulnerability in the csco_wrap_js function in ...) +CVE-2009-1201 NOT-FOR-US: Cisco CVE-2009-1200 RESERVED CVE-2009-1199 RESERVED -CVE-2009-1198 (Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 ...) +CVE-2009-1198 NOT-FOR-US: Apache jUDDI -CVE-2009-1197 (Apache jUDDI before 2.0 allows attackers to spoof entries in log files ...) +CVE-2009-1197 NOT-FOR-US: Apache jUDDI -CVE-2009-1196 (The directory-services functionality in the scheduler in CUPS 1.1.17 ...) +CVE-2009-1196 - cups 1.1.99.b1.r4748-1 - cupsys <removed> [etch] - cupsys 1.1.99.b1.r4748-1 -CVE-2009-1195 (The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not ...) +CVE-2009-1195 {DSA-1816-1} - apache2 2.2.11-6 (low; bug #530834) -CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in ...) +CVE-2009-1194 {DSA-1798-1} - pango1.0 1.24.0-2 (medium; bug #527474) CVE-2009-1193 REJECTED -CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages ...) +CVE-2009-1192 {DSA-1800-1 DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.29-4 - linux-2.6.24 <removed> -CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...) +CVE-2009-1191 - apache2 2.2.11-4 (low) [etch] - apache2 <not-affected> (introduced in 2.2.11) [lenny] - apache2 <not-affected> (introduced in 2.2.11) -CVE-2009-1190 (Algorithmic complexity vulnerability in the ...) +CVE-2009-1190 - libspring-2.5-java 2.5.6.SEC01-1 -CVE-2009-1189 (The _dbus_validate_signature_with_reason function ...) +CVE-2009-1189 {DSA-1837-1} - dbus 1.2.14-1 (high; bug #532720) NOTE: remote signature spoofing possible, and this was supposed to be NOTE: originally fixed with the updates for CVE-2008-3834 -CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...) +CVE-2009-1188 {DSA-2050-1 DSA-2028-1} - poppler 0.10.6-1 (medium; bug #524806) [etch] - poppler <not-affected> (SplashBitmap code not present) @@ -10587,21 +10587,21 @@ CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...) - xpdf 3.02-2 (bug #575779) - kdegraphics 4:4.0 - swftools 0.9.2+ds1-2 -CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before ...) +CVE-2009-1187 {DSA-1941-1} - poppler 0.10.6-1 (medium; bug #524806) -CVE-2009-1186 (Buffer overflow in the util_path_encode function in ...) +CVE-2009-1186 {DSA-1772-1} - udev 0.141-1 (medium) -CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message originates ...) +CVE-2009-1185 {DSA-1772-1} - udev 0.141-1 (medium) -CVE-2009-1184 (The selinux_ip_postroute_iptables_compat function in ...) +CVE-2009-1184 {DSA-1809-1 DSA-1800-1} - linux-2.6 2.6.29-5 [etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release) - linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release) -CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ...) +CVE-2009-1183 {DSA-1793-1 DSA-1790-1} - poppler 0.10.6-1 (medium; bug #524806) [lenny] - poppler 0.8.7-2 @@ -10609,7 +10609,7 @@ CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0 (medium; bug #524810) - swftools 0.9.2+ds1-2 -CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...) +CVE-2009-1182 {DSA-1793-1 DSA-1790-1} - poppler 0.10.6-1 (medium; bug #524806) [lenny] - poppler 0.8.7-2 @@ -10617,7 +10617,7 @@ CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0-1 (medium; bug #524810) - swftools 0.9.2+ds1-2 -CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...) +CVE-2009-1181 {DSA-1793-1 DSA-1790-1} - poppler 0.10.6-1 (medium; bug #524806) [lenny] - poppler 0.8.7-2 @@ -10625,7 +10625,7 @@ CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ear [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0-1 (medium; bug #524810) - swftools 0.9.2+ds1-2 -CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...) +CVE-2009-1180 {DSA-1793-1 DSA-1790-1} - poppler 0.10.6-1 (medium; bug #524806) [lenny] - poppler 0.8.7-2 @@ -10633,7 +10633,7 @@ CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ear [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0-1 (medium; bug #524810) - swftools 0.9.2+ds1-2 -CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, ...) +CVE-2009-1179 {DSA-1793-1 DSA-1790-1} - poppler 0.10.6-1 (medium; bug #524806) [lenny] - poppler 0.8.7-2 @@ -10641,143 +10641,143 @@ CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0-1 (medium; bug #524810) - swftools 0.9.2+ds1-2 -CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager ...) +CVE-2009-1178 NOT-FOR-US: Tivoli -CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in mapserv in ...) +CVE-2009-1177 - mapserver 5.2.2-1 (medium; bug #523027) [lenny] - mapserver <not-affected> (Vulnerable code not present or covered by 02_CVE-2009-840-CVE-2009-2281.dpatch) [etch] - mapserver <not-affected> (Vulnerable code not present or covered by 02_CVE-2009-840-CVE-2009-2281.dpatch) -CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before ...) +CVE-2009-1176 {DSA-1914-1} - mapserver 5.2.2-1 (low; bug #523027) NOTE: covered by 02_CVE-2009-840-CVE-2009-2281.dpatch as well -CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in ...) +CVE-2009-1175 - banshee <unfixed> (unimportant) NOTE: banshee is intented as a desktop music player with no serious NOTE: login credentials that an attacker could use remote -CVE-2009-1174 (The Web Services Security component in IBM WebSphere Application ...) +CVE-2009-1174 NOT-FOR-US: WebSphere -CVE-2009-1173 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak ...) +CVE-2009-1173 NOT-FOR-US: WebSphere -CVE-2009-1172 (The JAX-RPC WS-Security runtime in the Web Services Security component ...) +CVE-2009-1172 NOT-FOR-US: WebSphere -CVE-2009-1171 (The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 ...) +CVE-2009-1171 {DSA-1761-1} - moodle 1.8.2.dfsg-5 (medium; bug #522116) NOTE: this applies only to people who have a complete tex environment and NOTE: aren't just using mimetex to render the tex -CVE-2009-1170 (Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 ...) +CVE-2009-1170 NOT-FOR-US: OpenSolaris -CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...) +CVE-2009-1169 {DSA-1756-1} - xulrunner 1.9.0.8-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - kompozer 1:0.8~alpha2+dfsg+svn129-1 -CVE-2009-1168 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through ...) +CVE-2009-1168 NOT-FOR-US: Cisco IOS -CVE-2009-1167 (Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) ...) +CVE-2009-1167 NOT-FOR-US: Cisco Wireless LAN Controller -CVE-2009-1166 (The administrative web interface on the Cisco Wireless LAN Controller ...) +CVE-2009-1166 NOT-FOR-US: Cisco Wireless LAN Controller -CVE-2009-1165 (Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x ...) +CVE-2009-1165 NOT-FOR-US: Cisco Wireless LAN Controller -CVE-2009-1164 (The administrative web interface on the Cisco Wireless LAN Controller ...) +CVE-2009-1164 NOT-FOR-US: Cisco Wireless LAN Controller -CVE-2009-1163 (Memory leak on the Cisco Physical Access Gateway with software before ...) +CVE-2009-1163 NOT-FOR-US: Cisco -CVE-2009-1162 (Cross-site scripting (XSS) vulnerability in the Spam Quarantine login ...) +CVE-2009-1162 NOT-FOR-US: Cisco IronPort AsyncOS -CVE-2009-1161 (Directory traversal vulnerability in the TFTP service in Cisco ...) +CVE-2009-1161 NOT-FOR-US: CiscoWorks -CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security ...) +CVE-2009-1160 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-1159 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2009-1159 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-1158 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2009-1158 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-1157 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series ...) +CVE-2009-1157 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-1156 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2009-1156 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security ...) +CVE-2009-1155 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2009-1154 (Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a ...) +CVE-2009-1154 NOT-FOR-US: Cisco CVE-2009-1153 REJECTED -CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly ...) +CVE-2009-1152 NOT-FOR-US: Siemens router -CVE-2009-1151 (Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x ...) +CVE-2009-1151 {DSA-1824-1} - phpmyadmin 4:3.1.3.1-1 -CVE-2009-1150 (Multiple cross-site scripting (XSS) vulnerabilities in the export page ...) +CVE-2009-1150 {DSA-1824-1} - phpmyadmin 4:3.1.3.1-1 -CVE-2009-1149 (CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB ...) +CVE-2009-1149 - phpmyadmin 4:3.1.3.1-1 [etch] - phpmyadmin <not-affected> (Vulnerable code not present) [lenny] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2009-1148 (Directory traversal vulnerability in bs_disp_as_mime_type.php in the ...) +CVE-2009-1148 - phpmyadmin 4:3.1.3.1-1 [etch] - phpmyadmin <not-affected> (Vulnerable code not present) [lenny] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2009-1147 (Unspecified vulnerability in vmci.sys in the Virtual Machine ...) +CVE-2009-1147 NOT-FOR-US: VmWare -CVE-2009-1146 (Unspecified vulnerability in an ioctl in hcmon.sys in VMware ...) +CVE-2009-1146 NOT-FOR-US: VmWare CVE-2009-1145 RESERVED -CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf ...) +CVE-2009-1144 - xpdf <not-affected> (Gentoo specific vulnerability in building xpdf) CVE-2009-1143 RESERVED CVE-2009-1142 RESERVED -CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server ...) +CVE-2009-1141 NOT-FOR-US: Microsoft -CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP ...) +CVE-2009-1140 NOT-FOR-US: Microsoft -CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft ...) +CVE-2009-1139 NOT-FOR-US: Microsoft -CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000 SP4 ...) +CVE-2009-1138 NOT-FOR-US: Microsoft -CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...) +CVE-2009-1137 NOT-FOR-US: Microsoft -CVE-2009-1136 (The Microsoft Office Web Components Spreadsheet ActiveX control (aka ...) +CVE-2009-1136 NOT-FOR-US: ActiveX -CVE-2009-1135 (Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold ...) +CVE-2009-1135 NOT-FOR-US: Microsoft Internet Security and Acceleration (ISA) Server -CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office ...) +CVE-2009-1134 NOT-FOR-US: Microsoft -CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop Connection ...) +CVE-2009-1133 NOT-FOR-US: Microsoft -CVE-2009-1132 (Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka ...) +CVE-2009-1132 NOT-FOR-US: Microsoft Windows Vista Gold -CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office PowerPoint ...) +CVE-2009-1131 NOT-FOR-US: Microsoft -CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...) +CVE-2009-1130 NOT-FOR-US: Microsoft -CVE-2009-1129 (Multiple stack-based buffer overflows in the PowerPoint 95 importer ...) +CVE-2009-1129 NOT-FOR-US: Microsoft -CVE-2009-1128 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...) +CVE-2009-1128 NOT-FOR-US: Microsoft -CVE-2009-1127 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and ...) +CVE-2009-1127 NOT-FOR-US: Microsoft Windows -CVE-2009-1126 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server ...) +CVE-2009-1126 NOT-FOR-US: Microsoft -CVE-2009-1125 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) +CVE-2009-1125 NOT-FOR-US: Microsoft -CVE-2009-1124 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) +CVE-2009-1124 NOT-FOR-US: Microsoft -CVE-2009-1123 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) +CVE-2009-1123 NOT-FOR-US: Microsoft -CVE-2009-1122 (The WebDAV extension in Microsoft Internet Information Services (IIS) ...) +CVE-2009-1122 NOT-FOR-US: Microsoft CVE-2009-1121 RESERVED CVE-2009-1120 RESERVED -CVE-2009-1119 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 ...) +CVE-2009-1119 NOT-FOR-US: EMC RepliStor CVE-2009-1118 RESERVED @@ -10801,396 +10801,396 @@ CVE-2009-1109 RESERVED CVE-2009-1108 RESERVED -CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal ...) +CVE-2009-1086 {DSA-1795-1} - ldns 1.5.1-1 -CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) +CVE-2009-1107 - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 -CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) +CVE-2009-1106 - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 -CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) +CVE-2009-1105 - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 -CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) +CVE-2009-1104 - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 -CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...) +CVE-2009-1103 - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 -CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...) +CVE-2009-1102 - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 -CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...) +CVE-2009-1101 {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 -CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...) +CVE-2009-1100 - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and Java ...) +CVE-2009-1099 - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime ...) +CVE-2009-1098 {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java ...) +CVE-2009-1097 {DSA-1769-1} - sun-java6 6-13-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...) +CVE-2009-1096 {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 -CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...) +CVE-2009-1095 {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 -CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...) +CVE-2009-1094 {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 -CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...) +CVE-2009-1093 {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 6-20-0lenny1 -CVE-2009-1962 (Xfig, possibly 3.2.5, allows local users to read and write arbitrary ...) +CVE-2009-1962 - xfig 1:3.2.5.a-1 [etch] - xfig <no-dsa> (Minor issue) [lenny] - xfig <no-dsa> (Minor issue) -CVE-2009-1092 (Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX ...) +CVE-2009-1092 NOT-FOR-US: LIVEAUDIO.LiveAudioCtrl.1 ActiveX -CVE-2009-1091 (Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech ...) +CVE-2009-1091 NOT-FOR-US: Rapidleech -CVE-2009-1090 (Directory traversal vulnerability in upload.php in Rapidleech rev.36 ...) +CVE-2009-1090 NOT-FOR-US: Rapidleech -CVE-2009-1089 (Absolute path traversal vulnerability in upload.php in Rapidleech ...) +CVE-2009-1089 NOT-FOR-US: Rapidleech -CVE-2009-1088 (Hannon Hill Cascade Server 5.7 and other versions allows remote ...) +CVE-2009-1088 NOT-FOR-US: Hannon Hill Cascade Server -CVE-2009-1087 (Multiple argument injection vulnerabilities in PPLive.exe in PPLive ...) +CVE-2009-1087 NOT-FOR-US: PPLive -CVE-2009-1085 (Piwik 0.2.32 and earlier stores sensitive information under the web ...) +CVE-2009-1085 - piwik <itp> (bug #506933) -CVE-2009-1084 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not ...) +CVE-2009-1084 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1083 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, ...) +CVE-2009-1083 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1082 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote ...) +CVE-2009-1082 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1081 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) +CVE-2009-1081 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1080 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) +CVE-2009-1080 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1079 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) +CVE-2009-1079 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1078 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not ...) +CVE-2009-1078 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1077 (The Change My Password implementation in the admin interface in Sun ...) +CVE-2009-1077 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1076 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds ...) +CVE-2009-1076 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1075 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds ...) +CVE-2009-1075 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1074 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use ...) +CVE-2009-1074 NOT-FOR-US: Sun Java System Identity Manager -CVE-2009-1073 (nss-ldapd before 0.6.8 uses world-readable permissions for the ...) +CVE-2009-1073 {DSA-1758-1} - nss-ldapd 0.6.8 -CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD ...) +CVE-2009-1072 {DSA-1800-1} - linux-2.6 2.6.29-1 [etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release) - linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release) -CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 ...) +CVE-2009-0934 {DSA-1774-1} - ejabberd 2.0.5-1 (bug #520852) [etch] - ejabberd <not-affected> (Vulnerable expression not present) -CVE-2009-1071 (Stack-based buffer overflow in Icarus 2.0 allows remote attackers to ...) +CVE-2009-1071 NOT-FOR-US: Icarus -CVE-2009-1070 (Cross-site scripting (XSS) vulnerability in system/index.php in ...) +CVE-2009-1070 NOT-FOR-US: ExpressionEngine -CVE-2009-1069 (Multiple cross-site scripting (XSS) vulnerabilities in the node edit ...) +CVE-2009-1069 NOT-FOR-US: Drupal module -CVE-2009-1068 (Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 ...) +CVE-2009-1068 NOT-FOR-US: BS.Player -CVE-2009-1067 (Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS ...) +CVE-2009-1067 NOT-FOR-US: Pixie CMS -CVE-2009-1066 (SQL injection vulnerability in the referral function in ...) +CVE-2009-1066 NOT-FOR-US: Pixie CMS -CVE-2009-1065 (SQL injection vulnerability in index.php in Pixie CMS 1.01a allows ...) +CVE-2009-1065 NOT-FOR-US: Pixie CMS -CVE-2009-1064 (Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit ...) +CVE-2009-1064 NOT-FOR-US: Orbit Downloader -CVE-2009-1063 (Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers ...) +CVE-2009-1063 NOT-FOR-US: eXeScope -CVE-2009-1062 (Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 ...) +CVE-2009-1062 NOT-FOR-US: Acrobat Reader -CVE-2009-1061 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 ...) +CVE-2009-1061 NOT-FOR-US: Acrobat Reader -CVE-2009-1060 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows ...) +CVE-2009-1060 NOT-FOR-US: Apple Safari -CVE-2009-1059 (Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote ...) +CVE-2009-1059 NOT-FOR-US: Trident PowerZip -CVE-2009-1058 (Stack-based buffer overflow in ZipGenius might allow remote attackers ...) +CVE-2009-1058 NOT-FOR-US: ZipGenius -CVE-2009-1057 (MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to ...) +CVE-2009-1057 NOT-FOR-US: MicroSmarts Enterprise ZipItFast! -CVE-2009-1056 (IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers ...) +CVE-2009-1056 NOT-FOR-US: IBM Rational AppScan Enterprise -CVE-2009-1055 (Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 ...) +CVE-2009-1055 NOT-FOR-US: Sitecore CMS -CVE-2009-1054 (Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through ...) +CVE-2009-1054 NOT-FOR-US: JustSystems Ichitaro -CVE-2009-1053 (chaozzDB 1.2 and earlier stores sensitive information under the web ...) +CVE-2009-1053 NOT-FOR-US: chaozzDB -CVE-2009-1052 (FireAnt 1.3 and earlier stores sensitive information under the web ...) +CVE-2009-1052 NOT-FOR-US: FireAnt -CVE-2009-1051 (FubarForum 1.6 and earlier stores sensitive information under the web ...) +CVE-2009-1051 NOT-FOR-US: FubarForum -CVE-2009-1050 (Bloginator 1A allows remote attackers to bypass authentication and ...) +CVE-2009-1050 NOT-FOR-US: Bloginator -CVE-2009-1049 (SQL injection vulnerability in articleCall.php in Bloginator 1A allows ...) +CVE-2009-1049 NOT-FOR-US: Bloginator -CVE-2009-1048 (The web interface on the snom VoIP phones snom 300, snom 320, snom ...) +CVE-2009-1048 NOT-FOR-US: snom VoIP phones -CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail module ...) +CVE-2009-1047 NOT-FOR-US: Send by e-mail module for Drupal -CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before ...) +CVE-2009-1046 {DSA-1800-1 DSA-1787-1} - linux-2.6 2.6.29-1 - linux-2.6.24 <removed> [etch] - linux-2.6 <not-affected> (Introduced in 2.6.23-rc1) -CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to cause a ...) +CVE-2009-1045 - vlc 0.9.9a-1 (unimportant; bug #522170) NOTE: access is limited to localhost -CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute ...) +CVE-2009-1044 {DSA-1756-1} - xulrunner 1.9.0.8-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - kompozer 1:0.8~alpha2+dfsg+svn129-3 -CVE-2009-1043 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows ...) +CVE-2009-1043 NOT-FOR-US: Microsoft -CVE-2009-1042 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows ...) +CVE-2009-1042 NOT-FOR-US: Apple Safari -CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 ...) +CVE-2009-1041 - kfreebsd-7 7.1-3 [lenny] - kfreebsd-7 7.0-7lenny1 -CVE-2009-1040 (Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote ...) +CVE-2009-1040 NOT-FOR-US: WinAsm -CVE-2009-1039 (Buffer overflow in CDex 1.70b2 allows remote attackers to execute ...) +CVE-2009-1039 NOT-FOR-US: CDex -CVE-2009-1038 (Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote ...) +CVE-2009-1038 NOT-FOR-US: YAP Blog -CVE-2009-1037 (Unspecified vulnerability in the Send by e-mail module in the ...) +CVE-2009-1037 NOT-FOR-US: Send by e-mail module for Drupal -CVE-2009-1036 (Cross-site request forgery (CSRF) vulnerability in the Plus 1 module ...) +CVE-2009-1036 NOT-FOR-US: Plus 1 module for Drupal -CVE-2009-1035 (Cross-site scripting (XSS) vulnerability in the Tasklist module ...) +CVE-2009-1035 NOT-FOR-US: Tasklist module for Drupal -CVE-2009-1034 (SQL injection vulnerability in the Tasklist module 5.x-1.x before ...) +CVE-2009-1034 NOT-FOR-US: Tasklist module for Drupal -CVE-2009-1033 (SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier ...) +CVE-2009-1033 NOT-FOR-US: DeluxeBB -CVE-2009-1032 (SQL injection vulnerability in gallery_list.php in YABSoft Advanced ...) +CVE-2009-1032 NOT-FOR-US: YABSoft Advanced Image Gallery -CVE-2009-1031 (Directory traversal vulnerability in the FTP server in Rhino Software ...) +CVE-2009-1031 NOT-FOR-US: FTP Rhino Software Serv-U -CVE-2009-1030 (Cross-site scripting (XSS) vulnerability in the choose_primary_blog ...) +CVE-2009-1030 - wordpress-mu 2.9.1-1 (bug #399756) -CVE-2009-1029 (Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows ...) +CVE-2009-1029 NOT-FOR-US: POP Peeper -CVE-2009-1028 (Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote ...) +CVE-2009-1028 NOT-FOR-US: ediSys eZip Wizard -CVE-2009-1027 (SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers ...) +CVE-2009-1027 NOT-FOR-US: OpenCart -CVE-2009-1026 (Multiple SQL injection vulnerabilities in login.php in Kim Websites ...) +CVE-2009-1026 NOT-FOR-US: Kim Websites -CVE-2009-1025 (PHP remote file inclusion vulnerability in linkadmin.php in Beerwin ...) +CVE-2009-1025 NOT-FOR-US: Beerwin PHPLinkAdmin -CVE-2009-1024 (Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 ...) +CVE-2009-1024 NOT-FOR-US: Beerwin PHPLinkAdmin -CVE-2009-1023 (SQL injection vulnerability in index.php in phpComasy 0.9.1 allows ...) +CVE-2009-1023 NOT-FOR-US: phpComasy -CVE-2009-1022 (Heap-based buffer overflow in the Preview/ Set Segment function in ...) +CVE-2009-1022 NOT-FOR-US: Gretech GOMlab GOM Encoder -CVE-2009-1021 (Unspecified vulnerability in the Advanced Replication component in ...) +CVE-2009-1021 NOT-FOR-US: Oracle Database -CVE-2009-1020 (Unspecified vulnerability in the Network Foundation component in ...) +CVE-2009-1020 NOT-FOR-US: Oracle Database -CVE-2009-1019 (Unspecified vulnerability in the Network Authentication component in ...) +CVE-2009-1019 NOT-FOR-US: Oracle Database -CVE-2009-1018 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) +CVE-2009-1018 NOT-FOR-US: Oracle Database -CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in Oracle ...) +CVE-2009-1017 NOT-FOR-US: Oracle Application Server -CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2009-1016 NOT-FOR-US: BEA Product Suite -CVE-2009-1015 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) +CVE-2009-1015 NOT-FOR-US: Oracle Database -CVE-2009-1014 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2009-1014 NOT-FOR-US: Oracle PeopleSoft Enterprise -CVE-2009-1013 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2009-1013 NOT-FOR-US: Oracle PeopleSoft Enterprise -CVE-2009-1012 (Unspecified vulnerability in the plug-ins for Apache and IIS web ...) +CVE-2009-1012 NOT-FOR-US: BEA Product Suite -CVE-2009-1011 (Unspecified vulnerability in the Outside In Technology component in ...) +CVE-2009-1011 NOT-FOR-US: Oracle Application Server -CVE-2009-1010 (Unspecified vulnerability in the Outside In Technology component in ...) +CVE-2009-1010 NOT-FOR-US: Oracle Application Server -CVE-2009-1009 (Unspecified vulnerability in the Outside In Technology component in ...) +CVE-2009-1009 NOT-FOR-US: Oracle Application Server -CVE-2009-1008 (Unspecified vulnerability in the Outside In Technology component in ...) +CVE-2009-1008 NOT-FOR-US: Oracle Application Server -CVE-2009-1007 (Unspecified vulnerability in the Data Mining component in Oracle ...) +CVE-2009-1007 NOT-FOR-US: Oracle Database -CVE-2009-1006 (Unspecified vulnerability in the JRockit component in BEA Product ...) +CVE-2009-1006 NOT-FOR-US: BEA Product Suite -CVE-2009-1005 (Unspecified vulnerability in the Oracle Data Service Integrator ...) +CVE-2009-1005 NOT-FOR-US: BEA Product Suite -CVE-2009-1004 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2009-1004 NOT-FOR-US: BEA Product Suite -CVE-2009-1003 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2009-1003 NOT-FOR-US: BEA Product Suite -CVE-2009-1002 (Unspecified vulnerability in Oracle BEA WebLogic Server 10.3, 10.0 ...) +CVE-2009-1002 NOT-FOR-US: BEA Product Suite -CVE-2009-1001 (Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold ...) +CVE-2009-1001 NOT-FOR-US: BEA Product Suite -CVE-2009-1000 (The Oracle Applications Framework component in Oracle E-Business Suite ...) +CVE-2009-1000 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-0999 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2009-0999 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-0998 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ...) +CVE-2009-0998 NOT-FOR-US: PeopleSoft Enterprise HRMS -CVE-2009-0997 (Unspecified vulnerability in the Database Vault component in Oracle ...) +CVE-2009-0997 NOT-FOR-US: Oracle Database -CVE-2009-0996 (Unspecified vulnerability in the BI Publisher component in Oracle ...) +CVE-2009-0996 NOT-FOR-US: Oracle Application Server -CVE-2009-0995 (Unspecified vulnerability in the Oracle Applications Framework ...) +CVE-2009-0995 NOT-FOR-US: Oracle E-Business Suite -CVE-2009-0994 (Unspecified vulnerability in the BI Publisher component in Oracle ...) +CVE-2009-0994 NOT-FOR-US: Oracle Application Server -CVE-2009-0993 (Unspecified vulnerability in the OPMN component in Oracle Application ...) +CVE-2009-0993 NOT-FOR-US: Oracle Application Server -CVE-2009-0992 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) +CVE-2009-0992 NOT-FOR-US: Oracle Database -CVE-2009-0991 (Unspecified vulnerability in the Listener component in Oracle Database ...) +CVE-2009-0991 NOT-FOR-US: Oracle Database -CVE-2009-0990 (Unspecified vulnerability in the BI Publisher component in Oracle ...) +CVE-2009-0990 NOT-FOR-US: Oracle Application Server -CVE-2009-0989 (Unspecified vulnerability in the BI Publisher component in Oracle ...) +CVE-2009-0989 NOT-FOR-US: Oracle Application Server -CVE-2009-0988 (Unspecified vulnerability in the Password Policy component in Oracle ...) +CVE-2009-0988 NOT-FOR-US: Oracle Database -CVE-2009-0987 (Unspecified vulnerability in the Upgrade component in Oracle Database ...) +CVE-2009-0987 NOT-FOR-US: Oracle Database -CVE-2009-0986 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) +CVE-2009-0986 NOT-FOR-US: Oracle Database -CVE-2009-0985 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) +CVE-2009-0985 NOT-FOR-US: Oracle Database -CVE-2009-0984 (Unspecified vulnerability in the Database Vault component in Oracle ...) +CVE-2009-0984 NOT-FOR-US: Oracle Database -CVE-2009-0983 (Unspecified vulnerability in the Portal component in Oracle ...) +CVE-2009-0983 NOT-FOR-US: Oracle Application Server -CVE-2009-0982 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2009-0982 NOT-FOR-US: Oracle PeopleSoft Enterprise -CVE-2009-0981 (Unspecified vulnerability in the Application Express component in ...) +CVE-2009-0981 NOT-FOR-US: Oracle Database -CVE-2009-0980 (Unspecified vulnerability in the SQLX Functions component in Oracle ...) +CVE-2009-0980 NOT-FOR-US: Oracle Database -CVE-2009-0979 (Unspecified vulnerability in the Resource Manager component in Oracle ...) +CVE-2009-0979 NOT-FOR-US: Oracle Database -CVE-2009-0978 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) +CVE-2009-0978 NOT-FOR-US: Oracle Database -CVE-2009-0977 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) +CVE-2009-0977 NOT-FOR-US: Oracle Database -CVE-2009-0976 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) +CVE-2009-0976 NOT-FOR-US: Oracle Database -CVE-2009-0975 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) +CVE-2009-0975 NOT-FOR-US: Oracle Database -CVE-2009-0974 (Unspecified vulnerability in the Portal component in Oracle ...) +CVE-2009-0974 NOT-FOR-US: Oracle Application Server -CVE-2009-0973 (Unspecified vulnerability in the Cluster Ready Services component in ...) +CVE-2009-0973 NOT-FOR-US: Oracle Database -CVE-2009-0972 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) +CVE-2009-0972 NOT-FOR-US: Oracle Database -CVE-2009-0971 (Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access ...) +CVE-2009-0971 NOT-FOR-US: futomi's CGI Cafe Access Analyzer CGI Standard Version -CVE-2009-0970 (PHP remote file inclusion vulnerability in includes/class_image.php in ...) +CVE-2009-0970 NOT-FOR-US: PHP Pro Bid -CVE-2009-0969 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2009-0969 NOT-FOR-US: phpFoX -CVE-2009-0968 (SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 ...) +CVE-2009-0968 NOT-FOR-US: fMoblog plugin for WordPress -CVE-2009-0967 (The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote ...) +CVE-2009-0967 NOT-FOR-US: Serv-U -CVE-2009-0966 (PHP remote file inclusion vulnerability in cross.php in YABSoft Mega ...) +CVE-2009-0966 NOT-FOR-US: YABSoft Mega File Hosting -CVE-2009-0965 (SQL injection vulnerability in functions/browse.php in Ganesha Digital ...) +CVE-2009-0965 NOT-FOR-US: Ganesha Digital Library -CVE-2009-0964 (UserView_list.php in PHPRunner 4.2, and possibly earlier, stores ...) +CVE-2009-0964 NOT-FOR-US: PHPRunner -CVE-2009-0963 (Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly ...) +CVE-2009-0963 NOT-FOR-US: PHPRunner -CVE-2009-0962 (Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI ...) +CVE-2009-0962 NOT-FOR-US: Futomi's CGI Cafe MP Form Mail CGI eCommerce -CVE-2009-0961 (The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS ...) +CVE-2009-0961 NOT-FOR-US: Apple iPhone -CVE-2009-0960 (The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS ...) +CVE-2009-0960 NOT-FOR-US: Apple iPhone -CVE-2009-0959 (The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...) +CVE-2009-0959 NOT-FOR-US: Apple iPhone -CVE-2009-0958 (Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 ...) +CVE-2009-0958 NOT-FOR-US: Apple iPhone -CVE-2009-0957 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...) +CVE-2009-0957 NOT-FOR-US: Apple QuickTime -CVE-2009-0956 (Apple QuickTime before 7.6.2 does not properly initialize memory ...) +CVE-2009-0956 NOT-FOR-US: Apple QuickTime -CVE-2009-0955 (Apple QuickTime before 7.6.2 allows remote attackers to execute ...) +CVE-2009-0955 NOT-FOR-US: Apple QuickTime -CVE-2009-0954 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows ...) +CVE-2009-0954 NOT-FOR-US: Apple QuickTime -CVE-2009-0953 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...) +CVE-2009-0953 NOT-FOR-US: Apple QuickTime -CVE-2009-0952 (Buffer overflow in Apple QuickTime before 7.6.2 allows remote ...) +CVE-2009-0952 NOT-FOR-US: Apple QuickTime -CVE-2009-0951 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...) +CVE-2009-0951 NOT-FOR-US: Apple QuickTime -CVE-2009-0950 (Stack-based buffer overflow in Apple iTunes before 8.2 allows remote ...) +CVE-2009-0950 NOT-FOR-US: Apple iTunes -CVE-2009-0949 (The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 ...) +CVE-2009-0949 {DSA-1811-1} - cups 1.3.10-1 CVE-2009-0948 @@ -11199,10 +11199,10 @@ CVE-2009-0948 CVE-2009-0947 RESERVED - file 5.02-1 -CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow remote ...) +CVE-2009-0946 {DSA-1784-1} - freetype 2.3.9-4.1 (medium; bug #524925) -CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as used in ...) +CVE-2009-0945 {DSA-1988-1 DSA-1950-1 DSA-1866-1} - qt4-x11 4:4.5.2-1 (medium; bug #532718) [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4) @@ -11214,347 +11214,347 @@ CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as us - kdegraphics 4:4.0 (medium; bug #534918) NOTE: kdegraphics >4.0 not affected since ksvg is only in 3.5.x series NOTE: http://websvn.kde.org/?view=rev&revision=983306 -CVE-2009-0944 (The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X ...) +CVE-2009-0944 NOT-FOR-US: Microsoft Office Spotlight -CVE-2009-0943 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not ...) +CVE-2009-0943 NOT-FOR-US: Help Viewer in Apple Mac OS X -CVE-2009-0942 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not ...) +CVE-2009-0942 NOT-FOR-US: Help Viewer in Apple Mac OS X -CVE-2009-0941 (The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline ...) +CVE-2009-0941 NOT-FOR-US: HP Embedded Web Server -CVE-2009-0940 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HP ...) +CVE-2009-0940 NOT-FOR-US: HP Embedded Web Server -CVE-2009-0939 (Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which ...) +CVE-2009-0939 - tor 0.2.0.34-1 -CVE-2009-0938 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...) +CVE-2009-0938 - tor 0.2.0.34-1 (bug #512728) -CVE-2009-0937 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...) +CVE-2009-0937 - tor 0.2.0.34-1 (bug #514580) -CVE-2009-0936 (Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to ...) +CVE-2009-0936 - tor 0.2.0.34-1 -CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, ...) +CVE-2009-0935 - linux-2.6 2.6.30-1 (low) [etch] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9) [lenny] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9) - linux-2.6.24 <not-affected> (Vulnerability was introduced in 2.6.27-rc9) -CVE-2009-0933 (Cross-site scripting (XSS) vulnerability in the administrative ...) +CVE-2009-0933 - dotclear <not-affected> (Fixed before initial upload to archive) -CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in ...) +CVE-2009-0932 {DSA-1765-1} - horde3 3.2.2+debian0-2 (bug #513265; medium) -CVE-2009-0931 (Cross-site scripting (XSS) vulnerability in the tag cloud search ...) +CVE-2009-0931 - horde3 3.2.2+debian0-2 (bug #513265) [etch] - horde3 <not-affected> (Vulnerable code not present) -CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP ...) +CVE-2009-0930 {DSA-1770-1} - imp4 4.2-4 (medium; bug #513266) -CVE-2009-0929 (Directory traversal vulnerability in the media manager in Nucleus CMS ...) +CVE-2009-0929 NOT-FOR-US: Nucleus CMS -CVE-2009-0928 (Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat ...) +CVE-2009-0928 NOT-FOR-US: Adobe Acrobat Reader -CVE-2009-0927 (Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before ...) +CVE-2009-0927 NOT-FOR-US: Adobe Reader and Adobe Acrobat -CVE-2009-0926 (Unspecified vulnerability in the UFS filesystem functionality in Sun ...) +CVE-2009-0926 NOT-FOR-US: Sun OpenSolaris -CVE-2009-0925 (Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, ...) +CVE-2009-0925 NOT-FOR-US: Sun Solaris -CVE-2009-0924 (Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, ...) +CVE-2009-0924 NOT-FOR-US: Sun OpenSolaris -CVE-2009-0923 (Unspecified vulnerability in Kerberos Incremental Propagation in ...) +CVE-2009-0923 NOT-FOR-US: Solaris -CVE-2009-0922 (PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows ...) +CVE-2009-0922 - postgresql-8.3 8.3.7-1 (bug #517405) [lenny] - postgresql-8.3 8.3.7-0lenny1 - postgresql-8.1 <removed> - postgresql-7.4 <removed> [etch] - postgresql-8.1 8.1.17-0etch1 [etch] - postgresql-7.4 <no-dsa> (Minor issue) -CVE-2009-0921 (Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP ...) +CVE-2009-0921 NOT-FOR-US: HP Openview -CVE-2009-0920 (Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView ...) +CVE-2009-0920 NOT-FOR-US: HP Openview -CVE-2009-0919 (XAMPP installs multiple packages with insecure default passwords, ...) +CVE-2009-0919 NOT-FOR-US: DFLabs PTK -CVE-2009-0918 (Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 ...) +CVE-2009-0918 NOT-FOR-US: DFLabs PTK -CVE-2009-0917 (Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through ...) +CVE-2009-0917 NOT-FOR-US: DFLabs PTK -CVE-2009-0916 (Unspecified vulnerability in Opera before 9.64 has unknown impact and ...) +CVE-2009-0916 NOT-FOR-US: Opera -CVE-2009-0915 (Opera before 9.64 allows remote attackers to conduct cross-domain ...) +CVE-2009-0915 NOT-FOR-US: Opera -CVE-2009-0914 (Opera before 9.64 allows remote attackers to execute arbitrary code ...) +CVE-2009-0914 NOT-FOR-US: Opera -CVE-2009-0913 (Unspecified vulnerability in the keysock kernel module in Solaris 10 ...) +CVE-2009-0913 NOT-FOR-US: Solaris -CVE-2009-0912 (perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly ...) +CVE-2009-0912 NOT-FOR-US: perl-MDK-Common CVE-2009-0911 RESERVED -CVE-2009-0910 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation ...) +CVE-2009-0910 NOT-FOR-US: VmWare -CVE-2009-0909 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation ...) +CVE-2009-0909 NOT-FOR-US: VmWare -CVE-2009-0908 (Unspecified vulnerability in the ACE shared folders implementation in ...) +CVE-2009-0908 NOT-FOR-US: VmWare CVE-2009-0907 REJECTED -CVE-2009-0906 (The Service Component Architecture (SCA) feature pack for IBM ...) +CVE-2009-0906 NOT-FOR-US: IBM WebSphere -CVE-2009-0905 (IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not ...) +CVE-2009-0905 NOT-FOR-US: IBM WebSphere -CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in IBM ...) +CVE-2009-0904 NOT-FOR-US: IBM WebSphere Application Server -CVE-2009-0903 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the ...) +CVE-2009-0903 NOT-FOR-US: WebSphere CVE-2009-0902 RESERVED -CVE-2009-0901 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...) +CVE-2009-0901 NOT-FOR-US: Microsoft Visual Studio .NET -CVE-2009-0900 (Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 ...) +CVE-2009-0900 NOT-FOR-US: IBM WebSphere -CVE-2009-0899 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 ...) +CVE-2009-0899 NOT-FOR-US: IBM WebSphere -CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager (OV ...) +CVE-2009-0898 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-0897 (IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 ...) +CVE-2009-0897 NOT-FOR-US: IBM WebSphere -CVE-2009-0896 (Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before ...) +CVE-2009-0896 NOT-FOR-US: IBM WebSphere -CVE-2009-0895 (Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and ...) +CVE-2009-0895 NOT-FOR-US: Novell eDirectory -CVE-2009-0894 (Heap-based buffer overflow in the decoder_create function in the ...) +CVE-2009-0894 - xvidcore <not-affected> (Fixed before initial release) -CVE-2009-0893 (Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the ...) +CVE-2009-0893 - xvidcore <not-affected> (Fixed before initial release) -CVE-2009-0892 (The administrative console in IBM WebSphere Application Server (WAS) ...) +CVE-2009-0892 NOT-FOR-US: IBM WebSphere -CVE-2009-0891 (The Web Services Security component in IBM WebSphere Application ...) +CVE-2009-0891 NOT-FOR-US: IBM WebSphere Application Server CVE-2009-0890 RESERVED -CVE-2009-0889 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) +CVE-2009-0889 NOT-FOR-US: Adobe Reader -CVE-2009-0888 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) +CVE-2009-0888 NOT-FOR-US: Adobe Reader -CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...) +CVE-2009-0887 - pam 1.0.1-10 (low; bug #520115) [lenny] - pam 1.0.1-5+lenny1 [etch] - pam 0.79-5+etch1 -CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero Helpdesk ...) +CVE-2009-0886 NOT-FOR-US: OneOrZero Helpdesk -CVE-2009-0885 (Multiple heap-based buffer overflows in Media Commands 1.0 allow ...) +CVE-2009-0885 NOT-FOR-US: Media Commands -CVE-2009-0884 (Buffer overflow in FileZilla Server before 0.9.31 allows remote ...) +CVE-2009-0884 NOT-FOR-US: FileZilla Server (only client packaged in debian) -CVE-2009-0883 (SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when ...) +CVE-2009-0883 NOT-FOR-US: Blue Eye CMS -CVE-2009-0882 (Multiple SQL injection vulnerabilities in nForum 1.5 allow remote ...) +CVE-2009-0882 NOT-FOR-US: nForum -CVE-2009-0881 (SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows ...) +CVE-2009-0881 NOT-FOR-US: isiAJAX -CVE-2009-0880 (Directory traversal vulnerability in the CIM server in IBM Director ...) +CVE-2009-0880 NOT-FOR-US: Windows -CVE-2009-0879 (The CIM server in IBM Director before 5.20.3 Service Update 2 on ...) +CVE-2009-0879 NOT-FOR-US: Windows -CVE-2009-0878 (The read_game_map function in src/terrain_translation.cpp in Wesnoth ...) +CVE-2009-0878 {DSA-1737-1} - wesnoth 1:1.4.7-4 -CVE-2009-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) +CVE-2009-0877 NOT-FOR-US: Sun Java System Communications Express -CVE-2009-0876 (Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and ...) +CVE-2009-0876 - virtualbox-ose <not-affected> (Vulnerable code not present, Debian version patches localconf) [lenny] - virtualbox-ose <not-affected> (lenny version doesn't install binaries with suid 0) -CVE-2009-0875 (Race condition in the Doors subsystem in the kernel in Sun Solaris 8 ...) +CVE-2009-0875 NOT-FOR-US: Sun Solaris -CVE-2009-0874 (Multiple unspecified vulnerabilities in the Doors subsystem in the ...) +CVE-2009-0874 NOT-FOR-US: Sun Solaris -CVE-2009-0873 (The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before ...) +CVE-2009-0873 NOT-FOR-US: Solaris -CVE-2009-0872 (The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does ...) +CVE-2009-0872 NOT-FOR-US: Solaris -CVE-2009-0871 (The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and ...) +CVE-2009-0871 - asterisk <not-affected> (Vulnerable code introduced in 1.4.22) -CVE-2009-0870 (The NFSv4 Server module in the kernel in Sun Solaris 10, and ...) +CVE-2009-0870 NOT-FOR-US: Solaris -CVE-2009-0869 (Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM ...) +CVE-2009-0869 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2009-0868 (CRLF injection vulnerability in the WebLink template in Fujitsu ...) +CVE-2009-0868 NOT-FOR-US: Fujitsu Jasmine2000 Enterprise Edition -CVE-2009-0867 (The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 ...) +CVE-2009-0867 NOT-FOR-US: Fujitsu Enhanced Support Facility -CVE-2009-0866 (pHNews Alpha 1 stores sensitive information under the web root with ...) +CVE-2009-0866 NOT-FOR-US: pHNews -CVE-2009-0865 (Directory traversal vulnerability in the SnapShotToFile method in the ...) +CVE-2009-0865 NOT-FOR-US: GeoVision -CVE-2009-0864 (S-Cms 1.1 Stable allows remote attackers to bypass authentication and ...) +CVE-2009-0864 NOT-FOR-US: S-Cms -CVE-2009-0863 (SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 ...) +CVE-2009-0863 NOT-FOR-US: S-Cms -CVE-2009-0862 (Cross-site scripting (XSS) vulnerability in the ...) +CVE-2009-0862 NOT-FOR-US: TangoCMS -CVE-2009-0861 (Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 ...) +CVE-2009-0861 NOT-FOR-US: phpDenora -CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user interface in ...) +CVE-2009-0860 NOT-FOR-US: NetMRI -CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in the ...) +CVE-2009-0859 {DSA-1800-1 DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.29-1 NOTE: All Debian kernels set CONFIG_SHMEM, so this is moot except NOTE: for locally modified configs and even for that I fail to NOTE: see why anyone would run a kernel w/o CONFIG_SHMEM? -CVE-2009-0858 (The response_addname function in response.c in Daniel J. Bernstein ...) +CVE-2009-0858 {DSA-1831-1} - djbdns 1:1.05-5 (low; bug #518169; bug #517631) -CVE-2009-0857 (Cross-site scripting (XSS) vulnerability in /prm/reports in the ...) +CVE-2009-0857 NOT-FOR-US: SunMC -CVE-2009-0856 (Multiple cross-site scripting (XSS) vulnerabilities in sample ...) +CVE-2009-0856 NOT-FOR-US: IBM WebSphere -CVE-2009-0855 (Cross-site scripting (XSS) vulnerability in the administrative console ...) +CVE-2009-0855 NOT-FOR-US: IBM WebSphere -CVE-2009-0853 (login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows ...) +CVE-2009-0853 NOT-FOR-US: CelerBB -CVE-2009-0852 (showme.php in CelerBB 0.0.2 allows remote attackers to obtain ...) +CVE-2009-0852 NOT-FOR-US: CelerBB -CVE-2009-0851 (Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when ...) +CVE-2009-0851 NOT-FOR-US: CelerBB -CVE-2009-0850 (Cross-site scripting (XSS) vulnerability in BitDefender Internet ...) +CVE-2009-0850 NOT-FOR-US: BitDefender -CVE-2009-0849 (Stack-based buffer overflow in the DtbClsLogin function in NovaStor ...) +CVE-2009-0849 NOT-FOR-US: NovaNET -CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 ...) +CVE-2009-0848 - gtk+2.0 <not-affected> (suse specific patch) -CVE-2009-0847 (The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka ...) +CVE-2009-0847 {DSA-1766-1} - krb5 1.6.dfsg.4~beta1-13 [etch] - krb5 <not-affected> (Affected code present, but not exploitable before 1.6.3) -CVE-2009-0846 (The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c ...) +CVE-2009-0846 {DSA-1766-1} - krb5 1.6.dfsg.4~beta1-13 -CVE-2009-0845 (The spnego_gss_accept_sec_context function in ...) +CVE-2009-0845 {DSA-1766-1} - krb5 1.6.dfsg.4~beta1-13 [etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5) -CVE-2009-0844 (The get_input_token function in the SPNEGO implementation in MIT ...) +CVE-2009-0844 {DSA-1766-1} - krb5 1.6.dfsg.4~beta1-13 [etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5) -CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...) +CVE-2009-0843 {DSA-1914-1} - mapserver 5.2.2-1 (bug #523027) NOTE: this can only probe for files that are not present, useless when not NOTE: in combination with another attack -CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows ...) +CVE-2009-0842 {DSA-1914-1} - mapserver 5.2.2-1 (low; bug #523027) -CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer ...) +CVE-2009-0841 {DSA-1914-1} - mapserver 5.2.2-1 (bug #523027) NOTE: this doesn't work under linux as the root from the directory traversal needs to exist -CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c ...) +CVE-2009-0840 {DSA-1914-1} - mapserver 5.4.2-1 (medium; bug #523027) NOTE: Initial fix was incomplete -CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x ...) +CVE-2009-0839 {DSA-1914-1} - mapserver 5.2.2-1 (medium; bug #523027) -CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris ...) +CVE-2009-0838 NOT-FOR-US: Solaris -CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, ...) +CVE-2009-0837 NOT-FOR-US: Foxit Reader -CVE-2009-0836 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, ...) +CVE-2009-0836 NOT-FOR-US: Foxit Reader -CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as a ...) +CVE-2009-0854 - dash <not-affected> (Debian uses upstream's patch to implement -l) -CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...) +CVE-2009-0835 {DSA-1800-1} - linux-2.6 2.6.30-1 (low) [etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18) - linux-2.6.24 <removed> [etch] - linux-2.6.24 <no-dsa> (unimportant) NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26 -CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...) +CVE-2009-0834 {DSA-1800-1 DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.29-1 (low) - linux-2.6.24 <removed> -CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...) +CVE-2009-0833 NOT-FOR-US: Winamp -CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for ...) +CVE-2009-0832 NOT-FOR-US: PHP-Fusion -CVE-2009-0831 (SQL injection vulnerability in members.php in the Members CV (job) ...) +CVE-2009-0831 NOT-FOR-US: PHP-Fusion -CVE-2009-0830 (Cross-site scripting (XSS) vulnerability in QuoteBook allows remote ...) +CVE-2009-0830 NOT-FOR-US: QuoteBook -CVE-2009-0829 (Multiple SQL injection vulnerabilities in QuoteBook allow remote ...) +CVE-2009-0829 NOT-FOR-US: QuoteBook -CVE-2009-0828 (QuoteBook stores quotes.inc under the web root with insufficient ...) +CVE-2009-0828 NOT-FOR-US: QuoteBook -CVE-2009-0827 (PollHelper stores poll.inc under the web root with insufficient access ...) +CVE-2009-0827 NOT-FOR-US: PollHelper -CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with insufficient ...) +CVE-2009-0826 NOT-FOR-US: BlogHelper -CVE-2009-0825 (SQL injection vulnerability in system/rss.php in TinX/cms 3.x before ...) +CVE-2009-0825 NOT-FOR-US: TinX/cms -CVE-2009-0824 (Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in ...) +CVE-2009-0824 NOT-FOR-US: Elaborate Bytes ElbyCDIO.sys CVE-2009-0823 RESERVED CVE-2009-0822 RESERVED -CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...) +CVE-2009-0821 - iceweasel <removed> (unimportant) NOTE: Browser DoS not treated as security issues -CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...) +CVE-2009-0820 NOT-FOR-US: phpScheduleIt -CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 ...) +CVE-2009-0819 - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced in 5.1.5) - mysql-5.1 5.1.32-1 -CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...) +CVE-2009-0818 NOT-FOR-US: Taxonomy Theme module for Drupal -CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node module ...) +CVE-2009-0817 NOT-FOR-US: Protected Node module for Drupal -CVE-2009-0816 (Multiple cross-site scripting (XSS) vulnerabilities in the backend ...) +CVE-2009-0816 {DTSA-193-1} - typo3-src 4.2.6-1 (low; bug #514713) [etch] - typo3-src 4.0.2+debian-8 -CVE-2009-0815 (The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through ...) +CVE-2009-0815 {DTSA-193-1} - typo3-src 4.2.6-1 (medium; bug #514713) [etch] - typo3-src 4.0.2+debian-8 -CVE-2009-0814 (Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 ...) +CVE-2009-0814 NOT-FOR-US: Blogsa -CVE-2009-0813 (Insecure method vulnerability in the ImeraIEPlugin ActiveX control ...) +CVE-2009-0813 NOT-FOR-US: ActiveX -CVE-2009-0812 (Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, ...) +CVE-2009-0812 NOT-FOR-US: BreakPoint Software Hex Workshop -CVE-2009-0811 (Insecure method vulnerability in the SopCast SopCore ActiveX control ...) +CVE-2009-0811 NOT-FOR-US: ActiveX -CVE-2009-0810 (SQL injection vulnerability in login.php in xGuestbook 2.0 allows ...) +CVE-2009-0810 NOT-FOR-US: xGuestbook -CVE-2009-0809 (The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release ...) +CVE-2009-0809 NOT-FOR-US: Dassault Systemes ENOVIA SmarTeam -CVE-2009-0808 (Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 ...) +CVE-2009-0808 NOT-FOR-US: SimpleCMMS -CVE-2009-0807 (zFeeder 1.6 allows remote attackers to gain administrative access via ...) +CVE-2009-0807 NOT-FOR-US: zFeeder -CVE-2009-0806 (Unspecified vulnerability in OpenGoo before 1.2.1 allows remote ...) +CVE-2009-0806 NOT-FOR-US: OpenGoo -CVE-2009-0805 (Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a ...) +CVE-2009-0805 NOT-FOR-US: piCal -CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled, uses the ...) +CVE-2009-0804 - ziproxy 2.7.2-1 (low; bug #521051) [lenny] - ziproxy <no-dsa> (Minor issue) -CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, ...) +CVE-2009-0803 NOT-FOR-US: SmoothWall -CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the ...) +CVE-2009-0802 NOT-FOR-US: Qbik WinGate -CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP ...) +CVE-2009-0801 - squid <unfixed> (unimportant; bug #521053) - squid3 3.3.3-1 (unimportant; bug #521052) NOTE: This only affects HTTP connections and only in transparent mode NOTE: Also, same origin validations in the browsers still apply and keep this mostly harmless NOTE: http://marc.info/?l=squid-dev&m=123542836103750&w=4 -CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 ...) +CVE-2009-0800 {DSA-1793-1 DSA-1790-1} - poppler 0.10.6-1 (medium; bug #524806) [lenny] - poppler 0.8.7-2 @@ -11562,7 +11562,7 @@ CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0 (medium; bug #524810) - swftools 0.9.2+ds1-2 -CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...) +CVE-2009-0799 {DSA-1793-1 DSA-1790-1} - poppler 0.10.6-1 (medium; bug #524806) [lenny] - poppler 0.8.7-2 @@ -11570,46 +11570,46 @@ CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ear [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0 (medium; bug #524810) - swftools 0.9.2+ds1-2 -CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to ...) +CVE-2009-0798 {DSA-1786-1} - acpid 1.0.10-1 (medium) CVE-2009-0797 REJECTED -CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...) +CVE-2009-0796 - libapache2-mod-perl2 2.0.4-6 (low; bug #567635) [lenny] - libapache2-mod-perl2 2.0.4-5+lenny1 - apache <removed> [etch] - apache <no-dsa> (minor issue) CVE-2009-0795 REJECTED -CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in ...) +CVE-2009-0794 - openjdk-6 6b16-1 [lenny] - openjdk-6 <not-affected> (no PulseAudio support included) -CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK ...) +CVE-2009-0793 {DSA-1769-1} - openjdk-6 6b16-1 - lcms 1.18.dfsg-1.1 (low; bug #530785) [lenny] - lcms <no-dsa> (Minor issue) [etch] - lcms <no-dsa> (Minor issue) -CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...) +CVE-2009-0792 {DSA-2080-1 DTSA-198-1} - argyll 1.0.3-3 (medium; bug #523472; bug #524802) - ghostscript 8.64~dfsg-1.1 (medium; bug #524915) - gs-gpl <removed> (medium; bug #561717) -CVE-2009-0791 (Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as ...) +CVE-2009-0791 - cupsys <removed> (medium; bug #535488) - cups 1.3.10-1 (medium; bug #535489) [etch] - cupsys <not-affected> (pdftops source included, but not built) [lenny] - cups <not-affected> (pdftops source included, but not built) -CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before ...) +CVE-2009-0790 {DSA-1760-1 DSA-1759-1} - openswan 1:2.6.21+dfsg-1 (medium; bug #521949) - strongswan 4.2.14-1 (medium; bug #521950) -CVE-2009-0789 (OpenSSL before 0.9.8k on WIN64 and certain other platforms does not ...) +CVE-2009-0789 - openssl <not-affected> (only non-Debian architectures affected) -CVE-2009-0788 (Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly ...) +CVE-2009-0788 NOT-FOR-US: Red Hat Network Satellite Server -CVE-2009-0787 (The ecryptfs_write_metadata_to_contents function in the eCryptfs ...) +CVE-2009-0787 - linux-2.6 2.6.29-1 (medium; bug #529326) [etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28) @@ -11618,11 +11618,11 @@ CVE-2009-0786 REJECTED CVE-2009-0785 RESERVED -CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and ...) +CVE-2009-0784 {DSA-1755-1} - systemtap 0.0.20090314-2 [etch] - systemtap <not-affected> (vulnerable code not present) -CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...) +CVE-2009-0783 {DSA-2207-1} - tomcat5.5 <removed> (low; bug #532366) - tomcat6 6.0.20-1 (low; bug #532362) @@ -11630,24 +11630,24 @@ CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0 - tomcat5 <removed> (low; bug #532363) CVE-2009-0782 REJECTED -CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...) +CVE-2009-0781 {DSA-2207-1} - tomcat5.5 <removed> (unimportant; bug #532366) - tomcat6 6.0.20-1 (unimportant; bug #532362) - tomcat5 <removed> (unimportant; bug #532363) NOTE: Just examples on how to use Tomcat, not for production -CVE-2009-0780 (The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and ...) +CVE-2009-0780 NOT-FOR-US: openbsd -CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users ...) +CVE-2009-0779 NOT-FOR-US: IBM AIX -CVE-2009-0778 (The icmp_send function in net/ipv4/icmp.c in the Linux kernel before ...) +CVE-2009-0778 - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25) - linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25) -CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and ...) +CVE-2009-0777 - iceweasel 3.0.7-1 (low; bug #576466) [lenny] - iceweasel <no-dsa> (minor issue) [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before ...) +CVE-2009-0776 {DSA-1830-1 DSA-1751-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 @@ -11657,11 +11657,11 @@ CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before - xulrunner 1.9.0.7-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) - kompozer 1:0.8~alpha2+dfsg+svn129-3 -CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...) +CVE-2009-0775 {DSA-1751-1} - xulrunner 1.9.0.7-1 [etch] - xulrunner <not-affected> (Vulnerable code not present) -CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...) +CVE-2009-0774 {DSA-1830-1 DSA-1751-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 @@ -11670,13 +11670,13 @@ CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunde NOTE: Iceweasel in Lenny links against Xulrunner - xulrunner 1.9.0.7-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird ...) +CVE-2009-0773 {DSA-1830-1 DSA-1751-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 - xulrunner 1.9.0.7-1 [etch] - xulrunner <not-affected> (Vulnerable code not present) -CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...) +CVE-2009-0772 {DSA-1830-1 DSA-1751-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 @@ -11685,220 +11685,220 @@ CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunde NOTE: Iceweasel in Lenny links against Xulrunner - xulrunner 1.9.0.7-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before ...) +CVE-2009-0771 {DSA-1830-1 DSA-1751-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 - xulrunner 1.9.0.7-1 [etch] - xulrunner <not-affected> (Vulnerable code not present) - kompozer 1:0.8~alpha2+dfsg+svn129-1 -CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial of ...) +CVE-2009-0769 NOT-FOR-US: QIP -CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier ...) +CVE-2009-0768 NOT-FOR-US: YapBB -CVE-2009-0767 (Kipper 2.01 stores sensitive information under the web root with ...) +CVE-2009-0767 NOT-FOR-US: Kipper -CVE-2009-0766 (Directory traversal vulnerability in default.php in Kipper 2.01 allows ...) +CVE-2009-0766 NOT-FOR-US: Kipper -CVE-2009-0765 (Directory traversal vulnerability in index.php in Kipper 2.01 allows ...) +CVE-2009-0765 NOT-FOR-US: Kipper -CVE-2009-0764 (Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 ...) +CVE-2009-0764 NOT-FOR-US: Kipper -CVE-2009-0763 (Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 ...) +CVE-2009-0763 NOT-FOR-US: Kipper -CVE-2009-0762 (Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment ...) +CVE-2009-0762 NOT-FOR-US: ScriptsEz Ez PHP Comment -CVE-2009-0761 (Cross-site scripting (XSS) vulnerability in online.asp in Team Board ...) +CVE-2009-0761 NOT-FOR-US: Team Board -CVE-2009-0760 (Team Board 1.x and 2.x stores sensitive information under the web root ...) +CVE-2009-0760 NOT-FOR-US: Team Board -CVE-2009-0759 (Multiple CRLF injection vulnerabilities in webadmin in ZNC before ...) +CVE-2009-0759 {DSA-1735-1} - znc 0.066-1 (bug #516950) -CVE-2009-0758 (The originates_from_local_legacy_unicast_socket function in ...) +CVE-2009-0758 {DSA-2086-1} - avahi 0.6.24-3 (low; bug #517683) [etch] - avahi <no-dsa> (Minor issue) NOTE: reflector is off by default -CVE-2009-0757 (Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent ...) +CVE-2009-0757 - mpfr 2.4.0-5 (low; bug #527475) [lenny] - mpfr <not-affected> (Vulnerable code not yet present) [etch] - mpfr <not-affected> (Vulnerable code not yet present) -CVE-2009-0756 (The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 ...) +CVE-2009-0756 - poppler 0.10.6-1 (low; bug #518478) [lenny] - poppler 0.8.7-2 [etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues) NOTE: poppler in lenny fixed in batch of CVEs pushed out in 5.0.2 release -CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 ...) +CVE-2009-0755 {DSA-1941-1} - poppler 0.10.6-1 (low; bug #518478) [lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues) [etch] - poppler <not-affected> (vulnerable code not present; forms introduced after 0.4.5) -CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...) +CVE-2009-0754 {DSA-1789-1} - php4 <removed> (low) - php5 5.2.9.dfsg.1-2 (low; bug #523049) -CVE-2009-0752 (Unspecified vulnerability in Movable Type Pro and Community Solution ...) +CVE-2009-0752 - movabletype-opensource <not-affected> (bug #518469) NOTE: http://www.sixapart.com/pipermail/mtos-dev/2009-March/002677.html -CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service ...) +CVE-2009-0751 {DSA-1740-1} - yaws 1.80-1 -CVE-2009-0750 (SQL injection vulnerability in login.php in the smNews example script ...) +CVE-2009-0750 NOT-FOR-US: txtSQL -CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...) +CVE-2009-0748 {DSA-1749-1} - linux-2.6 2.6.29-1 (low) [etch] - linux-2.6 <not-affected> (ext4 not yet present) - linux-2.6.24 <unfixed> (low) NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this -CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 ...) +CVE-2009-0747 {DSA-1749-1} - linux-2.6 2.6.28-2 (low) [etch] - linux-2.6 <not-affected> (ext4 not yet present) - linux-2.6.24 <unfixed> (low) NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this -CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel ...) +CVE-2009-0746 {DSA-1749-1} - linux-2.6 2.6.28-1 (low) [etch] - linux-2.6 <not-affected> (ext4 not yet present) - linux-2.6.24 <unfixed> (low) NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this -CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel ...) +CVE-2009-0745 {DSA-1787-1 DSA-1749-1} - linux-2.6 2.6.29-1 (low) [etch] - linux-2.6 <not-affected> (ext4 not yet present) - linux-2.6.24 <unfixed> (low) NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this -CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a ...) +CVE-2009-0744 NOT-FOR-US: Apple Safari -CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account page in ...) +CVE-2009-0743 NOT-FOR-US: Cisco Unified MeetingPlace Web Conferencing -CVE-2009-0742 (The username command in Cisco ACE Application Control Engine Module ...) +CVE-2009-0742 NOT-FOR-US: Cisco -CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a ...) +CVE-2009-0770 {DSA-1728-1} - dkim-milter 2.6.0.dfsg-2 (low) [lenny] - dkim-milter 2.6.0.dfsg-1+lenny1 NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358 -CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension function in ...) +CVE-2009-0749 - optipng 0.6.2.1-1 (low) [etch] - optipng 0.5.5-2 [lenny] - optipng 0.6.1.1-2 -CVE-2009-0741 (SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home ...) +CVE-2009-0741 NOT-FOR-US: Craft Silicon Banking@Home -CVE-2009-0740 (SQL injection vulnerability in login.php in BlueBird Prelease allows ...) +CVE-2009-0740 NOT-FOR-US: BlueBird Prelease -CVE-2009-0739 (SQL injection vulnerability in login.php in MyNews 0.10 allows remote ...) +CVE-2009-0739 NOT-FOR-US: MyNews -CVE-2009-0738 (SQL injection vulnerability in login.php in Auth Php 1.0 allows remote ...) +CVE-2009-0738 NOT-FOR-US: Auth Php -CVE-2009-0736 (Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows ...) +CVE-2009-0736 NOT-FOR-US: Pebble -CVE-2009-0735 (Directory traversal vulnerability in lib/classes/message_class.php in ...) +CVE-2009-0735 NOT-FOR-US: Papoo CMS -CVE-2009-0734 (Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia ...) +CVE-2009-0734 NOT-FOR-US: MultimediaPlayer.exe -CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function ...) +CVE-2009-0733 {DSA-1769-1 DSA-1745-1} - lcms 1.18.dfsg-1 (bug #522446) - openjdk-6 6b18-1.8.13-0+squeeze2 NOTE: Marking the current oldstable version as fixed, but likely fixed way earlier -CVE-2009-0732 (Downloadcenter 2.1 stores common.h under the web root with ...) +CVE-2009-0732 NOT-FOR-US: Downloadcenter -CVE-2009-0731 (Directory traversal vulnerability in pages/play.php in Free Arcade ...) +CVE-2009-0731 NOT-FOR-US: Free Arcade Script -CVE-2009-0730 (Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) ...) +CVE-2009-0730 NOT-FOR-US: GigCalendar -CVE-2009-0729 (Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 ...) +CVE-2009-0729 NOT-FOR-US: Page Engine CMS -CVE-2009-0728 (SQL injection vulnerability in the My_eGallery module for MAXdev MDPro ...) +CVE-2009-0728 NOT-FOR-US: MAXdev MDPro/Postnuke -CVE-2009-0727 (SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and ...) +CVE-2009-0727 NOT-FOR-US: taifajobs -CVE-2009-0726 (SQL injection vulnerability in the GigCalendar (com_gigcal) component ...) +CVE-2009-0726 NOT-FOR-US: Joomla! CVE-2009-0725 RESERVED CVE-2009-0724 RESERVED -CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before ...) +CVE-2009-0723 {DSA-1769-1 DSA-1745-1} - lcms 1.18.dfsg-1 (bug #522446) - openjdk-6 6b18-1.8.13-0+squeeze2 NOTE: Marking the current oldstable version as fixed, but likely fixed way earlier -CVE-2009-0722 (Directory traversal vulnerability in admin.php in Potato News 1.0.0 ...) +CVE-2009-0722 NOT-FOR-US: Potato News -CVE-2009-0721 (Unspecified vulnerability in Easy Login in the Sender module in HP ...) +CVE-2009-0721 NOT-FOR-US: HP Remote Graphics -CVE-2009-0720 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) +CVE-2009-0720 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2009-0719 (Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and ...) +CVE-2009-0719 NOT-FOR-US: HP-UX -CVE-2009-0718 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...) +CVE-2009-0718 NOT-FOR-US: HP StorageWorks Storage Mirroring -CVE-2009-0717 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...) +CVE-2009-0717 NOT-FOR-US: HP StorageWorks Storage Mirroring -CVE-2009-0716 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...) +CVE-2009-0716 NOT-FOR-US: HP StorageWorks Storage Mirroring -CVE-2009-0715 (Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials ...) +CVE-2009-0715 NOT-FOR-US: HP Storage Essentials -CVE-2009-0714 (Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for ...) +CVE-2009-0714 NOT-FOR-US: HP Data Protector Express -CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager ...) +CVE-2009-0713 NOT-FOR-US: WMI Mapper -CVE-2009-0712 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager ...) +CVE-2009-0712 NOT-FOR-US: WMI Mapper -CVE-2009-0711 (filter.php in PHPFootball 1.6 and earlier allows remote attackers to ...) +CVE-2009-0711 NOT-FOR-US: PHPFootball -CVE-2009-0710 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 ...) +CVE-2009-0710 NOT-FOR-US: PHPFootball -CVE-2009-0709 (SQL injection vulnerability in login.php in PHPFootball 1.6 allows ...) +CVE-2009-0709 NOT-FOR-US: PHPFootball -CVE-2009-0708 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-0708 NOT-FOR-US: SemanticScuttle -CVE-2009-0707 (SQL injection vulnerability in admin/index.php in PowerClan 1.14a ...) +CVE-2009-0707 NOT-FOR-US: PowerClan -CVE-2009-0706 (SQL injection vulnerability in the Simple Review (com_simple_review) ...) +CVE-2009-0706 NOT-FOR-US: Joomla! -CVE-2009-0705 (SQL injection vulnerability in news.php in PowerScripts PowerNews ...) +CVE-2009-0705 NOT-FOR-US: PowerScripts PowerNews -CVE-2009-0704 (SQL injection vulnerability in search.php in WSN Guest 1.23 allows ...) +CVE-2009-0704 NOT-FOR-US: WSN Guest -CVE-2009-0703 (SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 ...) +CVE-2009-0703 NOT-FOR-US: ASPThai.Net Webboard -CVE-2009-0702 (SQL injection vulnerability in the Phoca Documentation ...) +CVE-2009-0702 NOT-FOR-US: Joomla! -CVE-2009-0701 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) +CVE-2009-0701 NOT-FOR-US: Cybershade -CVE-2009-0700 (Plunet BusinessManager 4.1 and earlier allows remote authenticated ...) +CVE-2009-0700 NOT-FOR-US: Plunet BusinessManager -CVE-2009-0699 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2009-0699 NOT-FOR-US: Plunet BusinessManager -CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...) +CVE-2009-0698 - xine-lib 1.1.16.2-1 (bug #517792; bug #523475; medium) - vlc <not-affected> (affected part of xine-lib code not present) CVE-2009-0697 RESERVED -CVE-2009-0696 (The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 ...) +CVE-2009-0696 {DSA-1847-1} - bind9 1:9.6.1.dfsg.P1-1 (bug #538975; high) NOTE: See also http://www.kb.cert.org/vuls/id/725188 -CVE-2009-0695 (hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require ...) +CVE-2009-0695 NOT-FOR-US: Wyse Device Manager not in Debian CVE-2009-0694 RESERVED -CVE-2009-0693 (Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow ...) +CVE-2009-0693 NOT-FOR-US: Wyse Device Manager not in Debian -CVE-2009-0692 (Stack-based buffer overflow in the script_write_params method in ...) +CVE-2009-0692 {DSA-1833-2 DSA-1833-1} - dhcp3 3.1.2p1-1 (medium) NOTE: dhcp in etch is not affected. -CVE-2009-0691 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit ...) +CVE-2009-0691 NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on -CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit ...) +CVE-2009-0690 NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on -CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka ...) +CVE-2009-0689 {DSA-1998-1 DSA-1931-1 DLA-1564-1 DLA-376-1} - nspr 4.8-2 [etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support) @@ -11909,14 +11909,14 @@ CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka . [wheezy] - mono <no-dsa> (Minor issue) NOTE: http://www.mono-project.com/docs/about-mono/vulnerabilities/ NOTE: https://gist.github.com/directhex/01e853567fd2cc74ed39 -CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 ...) +CVE-2009-0688 {DSA-1807-1 DTSA-200-1 DTSA-201-1} - cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749) - cyrus-sasl2-heimdal 2.1.23.dfsg1-1 NOTE: VU#238019 -CVE-2009-0687 (The pf_test_rule function in OpenBSD Packet Filter (PF), as used in ...) +CVE-2009-0687 NOT-FOR-US: OpenBSD Packet Filter -CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in ...) +CVE-2009-0686 NOT-FOR-US: Trend Micro Internet Pro CVE-2009-0685 RESERVED @@ -11924,19 +11924,19 @@ CVE-2009-0684 RESERVED CVE-2009-0683 RESERVED -CVE-2009-0682 (vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before ...) +CVE-2009-0682 NOT-FOR-US: CA Internet Security Suite -CVE-2009-0681 (PGP Desktop before 9.10 allows local users to (1) cause a denial of ...) +CVE-2009-0681 NOT-FOR-US: PGP Desktop -CVE-2009-0680 (cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows ...) +CVE-2009-0680 NOT-FOR-US: Netgear -CVE-2009-0679 (Cross-site scripting (XSS) vulnerability in the Your Account module in ...) +CVE-2009-0679 NOT-FOR-US: RavenNuke -CVE-2009-0678 (images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain ...) +CVE-2009-0678 NOT-FOR-US: RavenNuke -CVE-2009-0677 (avatarlist.php in the Your Account module, reached through ...) +CVE-2009-0677 NOT-FOR-US: RavenNuke -CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kernel ...) +CVE-2009-0676 {DSA-1794-1 DSA-1787-1 DSA-1749-1} - linux-2.6 2.6.29-1 (low) - linux-2.6.24 <unfixed> (low) @@ -11944,82 +11944,82 @@ CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kern NOTE: <http://marc.info/?l=linux-kernel&m=123540732700371&w=2> NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305> NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer. -CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux ...) +CVE-2009-0675 {DSA-1794-1 DSA-1787-1 DSA-1749-1} - linux-2.6 2.6.29-1 (low) - linux-2.6.24 <removed> (low) -CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when ...) +CVE-2009-0674 NOT-FOR-US: RavenNuke -CVE-2009-0673 (Eval injection vulnerability in the Custom Fields feature in the Your ...) +CVE-2009-0673 NOT-FOR-US: RavenNuke -CVE-2009-0672 (SQL injection vulnerability in the Resend_Email module in Raven Web ...) +CVE-2009-0672 NOT-FOR-US: RavenNuke CVE-2009-0671 REJECTED CVE-2009-0670 RESERVED -CVE-2009-0669 (Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise ...) +CVE-2009-0669 {DSA-2234-1 DSA-1863-1} - zope3 <removed> (bug #540462) - zope2.11 2.11.4-1 (bug #540463) - zope2.10 2.10.9-1 (bug #540464) - zope2.9 <removed> - zodb 1:3.8.2-1 (bug #540465) -CVE-2009-0668 (Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, ...) +CVE-2009-0668 {DSA-2234-1 DSA-1863-1} - zope3 <removed> (medium; bug #540462) - zope2.11 2.11.4-1 (medium; bug #540463) - zope2.10 2.10.9-1 (medium; bug #540464) - zope2.9 <removed> - zodb 1:3.8.2-1 (medium; bug #540465) -CVE-2009-0667 (Untrusted search path vulnerability in Agent/Backend.pm in ...) +CVE-2009-0667 {DSA-1828-1} - ocsinventory-agent 1:0.0.9.2repack1-5 (medium; bug #506416) CVE-2009-0666 RESERVED CVE-2009-0665 RESERVED -CVE-2009-0664 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x ...) +CVE-2009-0664 {DSA-1778-1} - mahara 1.1.3-1 (low) -CVE-2009-0663 (Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or ...) +CVE-2009-0663 {DSA-1780-1} - libdbd-pg-perl 2.1.3-1 -CVE-2009-0662 (The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product ...) +CVE-2009-0662 - plone3 <removed> (medium; bug #525943) -CVE-2009-0661 (Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote ...) +CVE-2009-0661 {DSA-1744-1} - weechat 0.2.6.1-1 (medium; bug #519940) [etch] - weechat <not-affected> (vulnerable code not present) -CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 ...) +CVE-2009-0660 {DSA-1736-1} - mahara 1.1.2-1 (low) -CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...) +CVE-2009-0659 NOT-FOR-US: TPTEST -CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and ...) +CVE-2009-0658 NOT-FOR-US: Adobe Reader -CVE-2009-0657 (Toshiba Face Recognition 2.0.2.32 allows physically proximate ...) +CVE-2009-0657 NOT-FOR-US: Toshiba Face Recognition -CVE-2009-0656 (Asus SmartLogon 1.0.0005 allows physically proximate attackers to ...) +CVE-2009-0656 NOT-FOR-US: Asus SmartLogon -CVE-2009-0655 (Lenovo Veriface III allows physically proximate attackers to login to ...) +CVE-2009-0655 NOT-FOR-US: Lenovo Veriface -CVE-2009-0654 (Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote ...) +CVE-2009-0654 - tor <unfixed> (unimportant) NOTE: attacker already controls entry and exit node at this stage -CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an ...) +CVE-2009-0653 - openssl 0.9.8-1 (bug #517791) -CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox ...) +CVE-2009-0652 {DSA-1830-1 DSA-1797-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 - xulrunner 1.9.0.9-1 [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...) +CVE-2009-0651 NOT-FOR-US: Veritas network daemon -CVE-2009-0650 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...) +CVE-2009-0650 NOT-FOR-US: TPTEST -CVE-2009-0649 (The web browser in Symbian OS on the Nokia N95 cell phone allows ...) +CVE-2009-0649 NOT-FOR-US: Symbian OS CVE-2009-XXXX [thunar: potential exploits via application launchers] - thunar <unfixed> (bug #517020; unimportant) @@ -12033,302 +12033,302 @@ CVE-2009-XXXX [sysvinit: no-root option in expert installer exposes locally expl NOTE: possible without impacting authorized users. otherwise, why spend so much effort NOTE: to make sure xscreensaver, gdm, and login are rock solid? NOTE: - i would like to track as low, rather than unimportant -CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...) +CVE-2009-0753 {DSA-1739-1} - mldonkey 3.0.0-1 (bug #516829; medium) [etch] - mldonkey <not-affected> (vulnerable code not present) NOTE: daemon is run as non-root and can only be exploited via localhost -CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) +CVE-2009-0648 NOT-FOR-US: Falt4 CMS -CVE-2009-0647 (msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, ...) +CVE-2009-0647 NOT-FOR-US: Windows Live Messenger -CVE-2009-0646 (Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier ...) +CVE-2009-0646 NOT-FOR-US: 4Site CMS -CVE-2009-0645 (Directory traversal vulnerability in index.php in Jaws 0.8.8 allows ...) +CVE-2009-0645 NOT-FOR-US: Jaws -CVE-2009-0644 (The HTTP interface in Swann DVR4-SecuraNet has a certain default ...) +CVE-2009-0644 NOT-FOR-US: Swann DVR4-SecuraNet -CVE-2009-0643 (Static code injection vulnerability in post.php in Simple PHP News 1.0 ...) +CVE-2009-0643 NOT-FOR-US: Simple PHP News -CVE-2009-0642 (ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check ...) +CVE-2009-0642 {DSA-1860-1} - ruby1.9 1.9.0.5-1 (bug #513528) - ruby1.8 1.8.7.72-3.1 (medium; bug #517639; bug #522939) -CVE-2009-0641 (sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions ...) +CVE-2009-0641 NOT-FOR-US: FreeBSD telnetd (apparently there's some common code base in netkit-telnet, but it's not affected -CVE-2009-0640 (Directory traversal vulnerability in the administrative web server in ...) +CVE-2009-0640 NOT-FOR-US: Swann DVR4-SecuraNet -CVE-2009-0639 (PHP remote file inclusion vulnerability in moduli/libri/index.php in ...) +CVE-2009-0639 NOT-FOR-US: phpyabs -CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 ...) +CVE-2009-0638 NOT-FOR-US: Cisco Firewall Services Module -CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI ...) +CVE-2009-0637 NOT-FOR-US: Cisco IOS -CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP ...) +CVE-2009-0636 NOT-FOR-US: Cisco IOS -CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) ...) +CVE-2009-0635 NOT-FOR-US: Cisco IOS -CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) ...) +CVE-2009-0634 NOT-FOR-US: Cisco IOS -CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT ...) +CVE-2009-0633 NOT-FOR-US: Cisco IOS -CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco ...) +CVE-2009-0632 NOT-FOR-US: Cisco Unified Communications Manager -CVE-2009-0631 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when ...) +CVE-2009-0631 NOT-FOR-US: Cisco IOS -CVE-2009-0630 (The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway ...) +CVE-2009-0630 NOT-FOR-US: Cisco IOS -CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka ...) +CVE-2009-0629 NOT-FOR-US: Cisco IOS -CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 ...) +CVE-2009-0628 NOT-FOR-US: Cisco IOS -CVE-2009-0627 (Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when ...) +CVE-2009-0627 NOT-FOR-US: Cisco NX-OS -CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote ...) +CVE-2009-0626 NOT-FOR-US: Cisco IOS -CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine ...) +CVE-2009-0625 NOT-FOR-US: Cisco -CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE ...) +CVE-2009-0624 NOT-FOR-US: Cisco -CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control Engine ...) +CVE-2009-0623 NOT-FOR-US: Cisco -CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control Engine ...) +CVE-2009-0622 NOT-FOR-US: Cisco -CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses ...) +CVE-2009-0621 NOT-FOR-US: Cisco -CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500 Switches ...) +CVE-2009-0620 NOT-FOR-US: Cisco -CVE-2009-0619 (Unspecified vulnerability in the Session Border Controller (SBC) ...) +CVE-2009-0619 NOT-FOR-US: Cisco -CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application ...) +CVE-2009-0618 NOT-FOR-US: Cisco -CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a default ...) +CVE-2009-0617 NOT-FOR-US: Cisco -CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses default ...) +CVE-2009-0616 NOT-FOR-US: Cisco -CVE-2009-0615 (Directory traversal vulnerability in Cisco Application Networking ...) +CVE-2009-0615 NOT-FOR-US: Cisco -CVE-2009-0614 (Unspecified vulnerability in the Web Server in Cisco Unified ...) +CVE-2009-0614 NOT-FOR-US: Cisco -CVE-2009-0613 (Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 ...) +CVE-2009-0613 NOT-FOR-US: Trend Micro -CVE-2009-0612 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and ...) +CVE-2009-0612 NOT-FOR-US: Trend Micro -CVE-2009-0611 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-0611 NOT-FOR-US: Novell Open Enterprise Server -CVE-2009-0610 (Multiple static code injection vulnerabilities in post.php in Simple ...) +CVE-2009-0610 NOT-FOR-US: Simple PHP News -CVE-2009-0609 (Sun Java System Directory Proxy Server in Sun Java System Directory ...) +CVE-2009-0609 NOT-FOR-US: Sun Java System Directory Server Enterprise Edition -CVE-2009-0608 (Integer overflow in the showLog function in fake_log_device.c in ...) +CVE-2009-0608 NOT-FOR-US: Android -CVE-2009-0607 (Multiple integer overflows in malloc_leak.c in Bionic in Open Handset ...) +CVE-2009-0607 NOT-FOR-US: Android -CVE-2009-0606 (The link_image function in linker/linker.c in the dynamic linker in ...) +CVE-2009-0606 NOT-FOR-US: Android -CVE-2009-0605 (Stack consumption vulnerability in the do_page_fault function in ...) +CVE-2009-0605 - linux-2.6 <not-affected> (CONFIG_KPROBES is not enabled) - linux-2.6.24 <not-affected> (CONFIG_KPROBES is not enabled) -CVE-2009-0604 (SQL injection vulnerability in index.php in PHP Director 0.21 and ...) +CVE-2009-0604 NOT-FOR-US: PHP Director -CVE-2009-0603 (Cross-site scripting (XSS) vulnerability in index.php in the Link ...) +CVE-2009-0603 NOT-FOR-US: Link drupal module -CVE-2009-0602 (Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi ...) +CVE-2009-0602 NOT-FOR-US: WikkiTikkiTavi -CVE-2009-0601 (Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on ...) +CVE-2009-0601 - wireshark 1.0.6-1 [etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.8) [lenny] - wireshark 1.0.2-3+lenny4 -CVE-2009-0600 (Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers ...) +CVE-2009-0600 - wireshark 1.0.6-1 [etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6) [lenny] - wireshark 1.0.2-3+lenny4 -CVE-2009-0599 (Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through ...) +CVE-2009-0599 - wireshark 1.0.6-1 [etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7) [lenny] - wireshark 1.0.2-3+lenny4 -CVE-2009-0598 (SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 ...) +CVE-2009-0598 NOT-FOR-US: PhpMesFilms -CVE-2009-0597 (SQL injection vulnerability in admin/index.php in w3b>cms (aka ...) +CVE-2009-0597 NOT-FOR-US: w3b>cms -CVE-2009-0596 (Directory traversal vulnerability in skysilver/login.tpl.php in ...) +CVE-2009-0596 NOT-FOR-US: phpSkelSite -CVE-2009-0595 (PHP remote file inclusion vulnerability in skysilver/login.tpl.php in ...) +CVE-2009-0595 NOT-FOR-US: phpSkelSite -CVE-2009-0594 (Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite ...) +CVE-2009-0594 NOT-FOR-US: phpSkelSite -CVE-2009-0593 (SQL injection vulnerability in members.php in plx Auto Reminder 3.7 ...) +CVE-2009-0593 NOT-FOR-US: plx Auto Reminder -CVE-2009-0592 (Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and ...) +CVE-2009-0592 NOT-FOR-US: PNphpBB2 -CVE-2009-0591 (The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is ...) +CVE-2009-0591 - openssl <not-affected> (vulnerable versions not uploaded to Debian) -CVE-2009-0590 (The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows ...) +CVE-2009-0590 {DSA-1763-1} - openssl 0.9.8g-16 (low; bug #522002) CVE-2009-0589 REJECTED -CVE-2009-0588 (agent/request/op.cgi in the Registration Authority (RA) component in ...) +CVE-2009-0588 NOT-FOR-US: Registration Authority (RA) component in Red Hat Certificate System (RHCS) -CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka ...) +CVE-2009-0587 {DSA-1813-1} - evolution-data-server 2.22.3-1 (medium) NOTE: this version doesnt fix the overflows but uses the glib functions for decoding instead -CVE-2009-0586 (Integer overflow in the gst_vorbis_tag_add_coverart function ...) +CVE-2009-0586 - gst-plugins-base0.10 0.10.22-4 [lenny] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not present) [etch] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not present) -CVE-2009-0585 (Integer overflow in the soup_base64_encode function in soup-misc.c in ...) +CVE-2009-0585 {DSA-1748-1} - libsoup 2.2.105-4 (medium; bug #520039) -CVE-2009-0584 (icc.c in the International Color Consortium (ICC) Format library (aka ...) +CVE-2009-0584 {DSA-1746-1 DTSA-198-1} - ghostscript 8.64~dfsg-1.1 (medium; bug #522416) - argyll 1.0.3-2 (bug #522448) - gs-gpl <removed> (medium) - gs-esp <removed> -CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color ...) +CVE-2009-0583 {DSA-1746-1 DTSA-198-1} - ghostscript 8.64~dfsg-1.1 (medium; bug #522416) - argyll 1.0.3-2 (bug #522448) - gs-gpl <removed> (medium) - gs-esp <removed> -CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication mechanism ...) +CVE-2009-0582 {DSA-1813-1} - evolution-data-server 2.26.1.1-1 -CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as ...) +CVE-2009-0581 {DSA-1769-1 DSA-1745-1} - lcms 1.18.dfsg-1 (bug #522446) -CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...) +CVE-2009-0580 {DSA-2207-1} - tomcat6 6.0.20-1 (low; bug #532362) [lenny] - tomcat6 <not-affected> (Only ships the servlet package) - tomcat5 <removed> (low; bug #532363) - tomcat5.5 <removed> (low; bug #532366) -CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...) +CVE-2009-0579 - pam 1.0.1-10 (unimportant; bug #514437) NOTE: the ability to change a password earlier than scheduled is not a security NOTE: vulnerability in itself (unless the user changes their password back to NOTE: their previous password; thus violating the security policy as defined by NOTE: the administrator) -CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify ...) +CVE-2009-0578 - network-manager-applet 0.7.0.99-1 (medium; bug #519801) [lenny] - network-manager-applet <not-affected> (Bug affected the 0.7.x series) -CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS ...) +CVE-2009-0577 NOT-FOR-US: RedHat specific, because they had a problem applying the fix for CVE-2008-3640 -CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 ...) +CVE-2009-0576 NOT-FOR-US: Sun Java System Directory Server -CVE-2009-0575 (Cross-site scripting (XSS) vulnerability in the ...) +CVE-2009-0575 NOT-FOR-US: Views Bulk Operations -CVE-2009-0574 (SQL injection vulnerability in index.php in Easy CafeEngine allows ...) +CVE-2009-0574 NOT-FOR-US: Easy CafeEngine -CVE-2009-0573 (Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 ...) +CVE-2009-0573 NOT-FOR-US: FotoWeb -CVE-2009-0572 (PHP remote file inclusion vulnerability in include/flatnux.php in ...) +CVE-2009-0572 NOT-FOR-US: FlatnuX CMS -CVE-2009-0571 (admin.php in Ninja Designs Mailist 3.0 stores backup copies of ...) +CVE-2009-0571 NOT-FOR-US: Ninja Designs Mailist -CVE-2009-0570 (Directory traversal vulnerability in send.php in Ninja Designs Mailist ...) +CVE-2009-0570 NOT-FOR-US: Ninja Designs Mailist -CVE-2009-0569 (Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows ...) +CVE-2009-0569 NOT-FOR-US: Becky! Internet Mail -CVE-2009-0568 (The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP ...) +CVE-2009-0568 NOT-FOR-US: Microsoft CVE-2009-0567 REJECTED -CVE-2009-0566 (Microsoft Office Publisher 2007 SP1 does not properly calculate object ...) +CVE-2009-0566 NOT-FOR-US: Microsoft Office Publisher -CVE-2009-0565 (Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 ...) +CVE-2009-0565 NOT-FOR-US: Microsoft CVE-2009-0564 RESERVED -CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 ...) +CVE-2009-0563 NOT-FOR-US: Microsoft -CVE-2009-0562 (The Office Web Components ActiveX Control in Microsoft Office XP SP3, ...) +CVE-2009-0562 NOT-FOR-US: ActiveX -CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, ...) +CVE-2009-0561 NOT-FOR-US: Microsoft -CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, ...) +CVE-2009-0560 NOT-FOR-US: Microsoft -CVE-2009-0559 (Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and ...) +CVE-2009-0559 NOT-FOR-US: Microsoft -CVE-2009-0558 (Array index error in Excel in Microsoft Office 2000 SP3 and Office ...) +CVE-2009-0558 NOT-FOR-US: Microsoft -CVE-2009-0557 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, ...) +CVE-2009-0557 NOT-FOR-US: Microsoft -CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and ...) +CVE-2009-0556 NOT-FOR-US: Microsoft Office -CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...) +CVE-2009-0555 NOT-FOR-US: Microsoft Windows -CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 ...) +CVE-2009-0554 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, ...) +CVE-2009-0553 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-0552 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 ...) +CVE-2009-0552 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-0551 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, ...) +CVE-2009-0551 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-0550 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP ...) +CVE-2009-0550 NOT-FOR-US: Microsoft Windows -CVE-2009-0549 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, ...) +CVE-2009-0549 NOT-FOR-US: Microsoft -CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional Report ...) +CVE-2009-0548 NOT-FOR-US: Additional Report Settings interface in ESET Remote Administrator -CVE-2009-0547 (Evolution 2.22.3.1 checks S/MIME signatures against a copy of the ...) +CVE-2009-0547 {DSA-1813-1} - evolution-data-server 2.24.5-2 (low; bug #508479) -CVE-2009-0546 (Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier ...) +CVE-2009-0546 NOT-FOR-US: NewsGator FeedDemon -CVE-2009-0545 (cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote ...) +CVE-2009-0545 NOT-FOR-US: ZeroShell -CVE-2009-0544 (Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote ...) +CVE-2009-0544 {DSA-1726-1} - python-crypto 2.0.1+dfsg1-3 (bug #516660) -CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote ...) +CVE-2009-0543 {DSA-1730-1 DSA-1727-1} - proftpd-dfsg 1.3.2-1 (medium; bug #516388) [etch] - proftpd-dfsg <not-affected> (etch version not affected) [lenny] - proftpd-dfsg 1.3.1-17lenny2 -CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 ...) +CVE-2009-0542 {DSA-1730-1 DSA-1727-1} - proftpd-dfsg 1.3.2-1 (medium; bug #516388) [etch] - proftpd-dfsg <not-affected> (etch version not affected) [lenny] - proftpd-dfsg 1.3.1-17lenny2 -CVE-2009-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 ...) +CVE-2009-0541 NOT-FOR-US: Magento -CVE-2009-0540 (Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and ...) +CVE-2009-0540 NOT-FOR-US: Libero CVE-2009-0539 RESERVED -CVE-2009-0538 (Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 ...) +CVE-2009-0538 NOT-FOR-US: Symantec pcAnywhere -CVE-2009-0537 (Integer overflow in the fts_build function in fts.c in libc in (1) ...) +CVE-2009-0537 - glibc <not-affected> (Vulnerable code not present) NOTE: glibc checks the comlete path length being not longer than USHRT_MAX NOTE: and closes the directory path + free of structures in case , io/fts.c line 727 -CVE-2009-0536 (at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 ...) +CVE-2009-0536 NOT-FOR-US: IBM AIX -CVE-2009-0535 (Directory traversal vulnerability in export.php in Thyme 1.3 and ...) +CVE-2009-0535 NOT-FOR-US: Thyme -CVE-2009-0534 (SQL injection vulnerability in FlexCMS allows remote attackers to ...) +CVE-2009-0534 NOT-FOR-US: FlexCMS -CVE-2009-0533 (Cross-site scripting (XSS) vulnerability in password.php in Scripts ...) +CVE-2009-0533 NOT-FOR-US: Sites EZ Reminder -CVE-2009-0532 (Cross-site scripting (XSS) vulnerability in password.php in Scripts ...) +CVE-2009-0532 NOT-FOR-US: Scripts For Sites (SFS) EZ Baby -CVE-2009-0531 (SQL injection vulnerability in gallery/view.asp in A Better ...) +CVE-2009-0531 NOT-FOR-US: A Better Member-Based ASP Photo Gallery -CVE-2009-0530 (Multiple PHP remote file inclusion vulnerabilities in SnippetMaster ...) +CVE-2009-0530 NOT-FOR-US: SnippetMaster -CVE-2009-0529 (Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster ...) +CVE-2009-0529 NOT-FOR-US: SnippetMaster -CVE-2009-0528 (SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and ...) +CVE-2009-0528 NOT-FOR-US: Rhadrix If-CMS -CVE-2009-0527 (PHP remote file inclusion vulnerability in ...) +CVE-2009-0527 NOT-FOR-US: AdaptCMS -CVE-2009-0526 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2009-0526 NOT-FOR-US: AdaptCMS -CVE-2009-0525 (Cross-site scripting (XSS) vulnerability in the sajax_get_common_js ...) +CVE-2009-0525 NOT-FOR-US: Sajax CVE-2009-XXXX [nautilus: potential exploits via application launchers] - nautilus 2.26.2-1 (low; bug #515104) @@ -12338,355 +12338,355 @@ CVE-2009-XXXX [nautilus: potential exploits via application launchers] CVE-2009-XXXX [konqueror: potential exploits via application launchers] - kdebase <unfixed> (unimportant; bug #515106) NOTE: Minor impact, any attack would still require a significant amount of social engineering -CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...) +CVE-2009-0737 {DSA-1901-1} - mediawiki 1:1.14.0-1 (low; bug #514547) - mediawiki1.7 <removed> [lenny] - mediawiki 1:1.12.0-2lenny3 [etch] - mediawiki <not-affected> (metapackage) -CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, ...) +CVE-2009-0524 NOT-FOR-US: Adobe RoboHelp -CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...) +CVE-2009-0523 NOT-FOR-US: Adobe RoboHelp -CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on ...) +CVE-2009-0522 NOT-FOR-US: Adobe Flash Player -CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x before ...) +CVE-2009-0521 NOT-FOR-US: Adobe Flash Player -CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 ...) +CVE-2009-0520 NOT-FOR-US: Adobe Flash Player -CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 ...) +CVE-2009-0519 NOT-FOR-US: Adobe Flash Player -CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 ...) +CVE-2009-0518 NOT-FOR-US: VMware -CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and ...) +CVE-2009-0517 NOT-FOR-US: phpSlash -CVE-2009-0516 (SQL injection vulnerability in the classified page (classified.php) in ...) +CVE-2009-0516 NOT-FOR-US: BusinessSpace -CVE-2009-0515 (Directory traversal vulnerability in check_lang.php in Yet Another ...) +CVE-2009-0515 NOT-FOR-US: YANOCC -CVE-2009-0514 (Multiple directory traversal vulnerabilities in WebFrame 0.76 allow ...) +CVE-2009-0514 NOT-FOR-US: WebFrame -CVE-2009-0513 (Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 ...) +CVE-2009-0513 NOT-FOR-US: WebFrame -CVE-2009-0512 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) +CVE-2009-0512 NOT-FOR-US: Adobe Reader -CVE-2009-0511 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) +CVE-2009-0511 NOT-FOR-US: Adobe Reader -CVE-2009-0510 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) +CVE-2009-0510 NOT-FOR-US: Adobe Reader -CVE-2009-0509 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) +CVE-2009-0509 NOT-FOR-US: Adobe Reader -CVE-2009-0508 (The Servlet Engine/Web Container and JSP components in IBM WebSphere ...) +CVE-2009-0508 NOT-FOR-US: IBM WebSphere -CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before ...) +CVE-2009-0507 NOT-FOR-US: IBM WebSphere -CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) +CVE-2009-0506 NOT-FOR-US: IBM WebSphere Application Server -CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for ...) +CVE-2009-0505 NOT-FOR-US: IBM TXSeries -CVE-2009-0504 (WSPolicy in the Web Services component in IBM WebSphere Application ...) +CVE-2009-0504 NOT-FOR-US: IBM WebSphere Application Server -CVE-2009-0503 (IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database ...) +CVE-2009-0503 NOT-FOR-US: IBM WebSphere -CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php ...) +CVE-2009-0502 {DSA-1724-1} - moodle 1.8.2.dfsg-3 (low) NOTE: MSA-09-0004 -CVE-2009-0501 (Unspecified vulnerability in the Calendar export feature in Moodle 1.8 ...) +CVE-2009-0501 {DTSA-195-1} - moodle 1.8.2.dfsg-4 (low) [etch] - moodle <not-affected> (Vulnerable code not present) -CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle ...) +CVE-2009-0500 {DSA-1724-1 DTSA-195-1} - moodle 1.8.2.dfsg-3 (low) -CVE-2009-0499 (Cross-site request forgery (CSRF) vulnerability in the forum code in ...) +CVE-2009-0499 - moodle 1.8.2.dfsg-3 (low) [etch] - moodle <not-affected> (Vulnerable code not present) -CVE-2009-0498 (Virtual GuestBook (vgbook) 2.1 stores sensitive information under the ...) +CVE-2009-0498 NOT-FOR-US: Virtual GuestBook -CVE-2009-0497 (Directory traversal vulnerability in log.jsp in Ignite Realtime ...) +CVE-2009-0497 NOT-FOR-US: Openfire -CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime ...) +CVE-2009-0496 NOT-FOR-US: Openfire -CVE-2009-0495 (PHP remote file inclusion vulnerability in include/define.php in ...) +CVE-2009-0495 NOT-FOR-US: REALTOR -CVE-2009-0494 (SQL injection vulnerability in the Portfol (com_portfol) 1.2 component ...) +CVE-2009-0494 NOT-FOR-US: Joomla! -CVE-2009-0493 (SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier ...) +CVE-2009-0493 NOT-FOR-US: IT CMS -CVE-2009-0492 (Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has ...) +CVE-2009-0492 NOT-FOR-US: SimpleIrcBot -CVE-2009-0491 (Stack-based buffer overflow in Elecard MPEG Player 5.5 build ...) +CVE-2009-0491 NOT-FOR-US: Elecard MPEG Player -CVE-2009-0488 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 ...) +CVE-2009-0488 NOT-FOR-US: Phorum -CVE-2009-0486 (Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls ...) +CVE-2009-0486 - bugzilla 3.2.4.0-1 (bug #514143) [etch] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected) [lenny] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected) -CVE-2009-0485 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to ...) +CVE-2009-0485 - bugzilla 3.2.4.0-1 (low; bug #514143) [etch] - bugzilla <no-dsa> (Minor issue) [lenny] - bugzilla <no-dsa> (Minor issue) -CVE-2009-0484 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...) +CVE-2009-0484 - bugzilla 3.2.4.0-1 (low; bug #514143) [etch] - bugzilla <no-dsa> (Minor issue) [lenny] - bugzilla <no-dsa> (Minor issue) -CVE-2009-0483 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 ...) +CVE-2009-0483 - bugzilla 3.2.4.0-1 (low; bug #514143) [etch] - bugzilla <no-dsa> (Minor issue) [lenny] - bugzilla <no-dsa> (Minor issue) -CVE-2009-0482 (Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 ...) +CVE-2009-0482 - bugzilla 3.2.4.0-1 (low; bug #514143) [etch] - bugzilla <no-dsa> (Minor issue) [lenny] - bugzilla <no-dsa> (Minor issue) -CVE-2009-0481 (Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and ...) +CVE-2009-0481 - bugzilla 3.2.4.0-1 (low; bug #514143) [etch] - bugzilla <no-dsa> (Minor issue) [lenny] - bugzilla <no-dsa> (Minor issue) -CVE-2009-0480 (The IP implementation in Sun Solaris 8 through 10, and OpenSolaris ...) +CVE-2009-0480 NOT-FOR-US: Solaris -CVE-2009-0489 (The DBus configuration file for Wicd before 1.5.9 allows arbitrary ...) +CVE-2009-0489 - wicd 1.5.9-1 -CVE-2009-0479 (Multiple SQL injection vulnerabilities in admin/admin_login.php in ...) +CVE-2009-0479 NOT-FOR-US: Online Grades -CVE-2009-0477 (Unspecified vulnerability in the process (aka proc) filesystem in Sun ...) +CVE-2009-0477 NOT-FOR-US: OpenSolaris -CVE-2009-0476 (Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 ...) +CVE-2009-0476 NOT-FOR-US: MultiMedia Soft audio components -CVE-2009-0475 (Integer underflow in the Huffman decoding functionality ...) +CVE-2009-0475 NOT-FOR-US: OpenCORE -CVE-2009-0474 (The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A ...) +CVE-2009-0474 NOT-FOR-US: Rockwell EtherNet/IP Bridge Module -CVE-2009-0473 (Open redirect vulnerability in the web interface in the Rockwell ...) +CVE-2009-0473 NOT-FOR-US: Rockwell EtherNet/IP Bridge Module -CVE-2009-0472 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) +CVE-2009-0472 NOT-FOR-US: Rockwell EtherNet/IP Bridge Module -CVE-2009-0471 (Cross-site request forgery (CSRF) vulnerability in the HTTP server in ...) +CVE-2009-0471 NOT-FOR-US: Cisco IOS -CVE-2009-0470 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...) +CVE-2009-0470 NOT-FOR-US: Cisco IOS -CVE-2009-0469 (Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI ...) +CVE-2009-0469 NOT-FOR-US: futomi's CGI Cafe -CVE-2009-0468 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2009-0468 NOT-FOR-US: Profense Web Application Firewall -CVE-2009-0467 (Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web ...) +CVE-2009-0467 NOT-FOR-US: Profense Web Application Firewall -CVE-2009-0466 (Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 ...) +CVE-2009-0466 NOT-FOR-US: Vivvo CMS -CVE-2009-0465 (The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ...) +CVE-2009-0465 NOT-FOR-US: Synactis ALL In-The-Box ActiveX 3 -CVE-2009-0464 (PHP remote file inclusion vulnerability in includes/header.php in ...) +CVE-2009-0464 NOT-FOR-US: Groone GBook -CVE-2009-0463 (PHP remote file inclusion vulnerability in includes/header.php in ...) +CVE-2009-0463 NOT-FOR-US: Groone GLinks -CVE-2009-0462 (Multiple SQL injection vulnerabilities in customer_login_check.asp in ...) +CVE-2009-0462 NOT-FOR-US: ClickTech ClickCart -CVE-2009-0461 (Whole Hog Password Protect: Enhanced 1.x allows remote attackers to ...) +CVE-2009-0461 NOT-FOR-US: Whole Hog Password Protect -CVE-2009-0460 (Whole Hog Ware Support 1.x allows remote attackers to bypass ...) +CVE-2009-0460 NOT-FOR-US: Whole Hog Ware Support -CVE-2009-0459 (Multiple SQL injection vulnerabilities in admin/login_submit.php in ...) +CVE-2009-0459 NOT-FOR-US: Whole Hog Password Protect -CVE-2009-0458 (Multiple SQL injection vulnerabilities in admin/login_submit.php in ...) +CVE-2009-0458 NOT-FOR-US: Whole Hog Ware Support -CVE-2009-0457 (Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow ...) +CVE-2009-0457 NOT-FOR-US: AJA Portal -CVE-2009-0456 (PHP remote file inclusion vulnerability in ...) +CVE-2009-0456 NOT-FOR-US: patForms -CVE-2009-0455 (Cross-site scripting (XSS) vulnerability in the anonymous comments ...) +CVE-2009-0455 NOT-FOR-US: glFusion -CVE-2009-0454 (Multiple SQL injection vulnerabilities in DMXReady Online Notebook ...) +CVE-2009-0454 NOT-FOR-US: DMXReady Online Notebook Manager -CVE-2009-0453 (Online Grades 3.2.4 allows remote attackers to obtain configuration ...) +CVE-2009-0453 NOT-FOR-US: Online Grades -CVE-2009-0452 (Multiple SQL injection vulnerabilities in parents/login.php in Online ...) +CVE-2009-0452 NOT-FOR-US: Online Grades -CVE-2009-0451 (SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote ...) +CVE-2009-0451 NOT-FOR-US: Skalfa SkaLinks -CVE-2009-0450 (Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier ...) +CVE-2009-0450 NOT-FOR-US: BlazeVideo -CVE-2009-0449 (Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations ...) +CVE-2009-0449 NOT-FOR-US: Kaspersky Anti-Virus -CVE-2009-0448 (Directory traversal vulnerability in admin/modules/aa/preview.php in ...) +CVE-2009-0448 NOT-FOR-US: Syntax Desktop -CVE-2009-0447 (Multiple SQL injection vulnerabilities in default.asp in MyDesign ...) +CVE-2009-0447 NOT-FOR-US: MyDesign Sayac -CVE-2009-0446 (SQL injection vulnerability in photo.php in WEBalbum 2.4b allows ...) +CVE-2009-0446 NOT-FOR-US: WEBalbum -CVE-2009-0445 (SQL injection vulnerability in index.php in Dreampics Gallery Builder ...) +CVE-2009-0445 NOT-FOR-US: Dreampics Gallery Builder -CVE-2009-0444 (Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, ...) +CVE-2009-0444 NOT-FOR-US: GRBoard -CVE-2009-0443 (Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows ...) +CVE-2009-0443 NOT-FOR-US: Elecard AVC HD PLAYER -CVE-2009-0442 (Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and ...) +CVE-2009-0442 NOT-FOR-US: PHPbbBook -CVE-2009-0441 (PHP remote file inclusion vulnerability in ...) +CVE-2009-0441 NOT-FOR-US: Technote -CVE-2009-0440 (IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not ...) +CVE-2009-0440 NOT-FOR-US: IBM WebSphere Partner Gateway -CVE-2009-0439 (Unspecified vulnerability in the queue manager in IBM WebSphere MQ ...) +CVE-2009-0439 NOT-FOR-US: IBM WebSphere -CVE-2009-0438 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows ...) +CVE-2009-0438 NOT-FOR-US: IBM WebSphere -CVE-2009-0437 (The Installation Factory installation process for IBM WebSphere ...) +CVE-2009-0437 NOT-FOR-US: IBM WebSphere -CVE-2009-0436 (The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x ...) +CVE-2009-0436 NOT-FOR-US: IBM HTTP Server -CVE-2009-0435 (Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or ...) +CVE-2009-0435 NOT-FOR-US: IBM WebSphere -CVE-2009-0434 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere ...) +CVE-2009-0434 NOT-FOR-US: IBM WebSphere -CVE-2009-0433 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) +CVE-2009-0433 NOT-FOR-US: IBM WebSphere -CVE-2009-0432 (The installation process for the File Transfer servlet in the System ...) +CVE-2009-0432 NOT-FOR-US: IBM WebSphere -CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard ...) +CVE-2009-0431 NOT-FOR-US: LinksPro -CVE-2009-0430 (Multiple cross-site scripting (XSS) vulnerabilities in Active Bids ...) +CVE-2009-0430 NOT-FOR-US: Active Bids -CVE-2009-0429 (Multiple SQL injection vulnerabilities in Active Bids allow remote ...) +CVE-2009-0429 NOT-FOR-US: Active Bids -CVE-2009-0428 (SQL injection vulnerability in ...) +CVE-2009-0428 NOT-FOR-US: DMXReady Secure Document -CVE-2009-0427 (SQL injection vulnerability in ...) +CVE-2009-0427 NOT-FOR-US: DMXReady Secure Document -CVE-2009-0426 (SQL injection vulnerability in ...) +CVE-2009-0426 NOT-FOR-US: DMXReady Secure Document -CVE-2009-0425 (SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and ...) +CVE-2009-0425 NOT-FOR-US: Blue Eye CMS -CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook ...) +CVE-2009-0424 NOT-FOR-US: AN Guestbook -CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album ...) +CVE-2009-0423 NOT-FOR-US: Php Photo Album -CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in ...) +CVE-2009-0422 NOT-FOR-US: phpList -CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x ...) +CVE-2009-0421 NOT-FOR-US: Joomla! -CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...) +CVE-2009-0420 NOT-FOR-US: Joomla! -CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression Web, ...) +CVE-2009-0419 NOT-FOR-US: Microsoft -CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX ...) +CVE-2009-0418 NOT-FOR-US: HP HP-UX -CVE-2009-0417 (Cross-site scripting (XSS) vulnerability in the ...) +CVE-2009-0417 NOT-FOR-US: Agavi -CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards Based ...) +CVE-2009-0416 NOT-FOR-US: sblim-sfcb -CVE-2009-0415 (Untrusted search path vulnerability in trickle 1.07 allows local users ...) +CVE-2009-0415 - trickle 1.07-6 (bug #513456; low) [etch] - trickle <no-dsa> (Minor issue) -CVE-2009-0413 (Cross-site scripting (XSS) vulnerability in RoundCube Webmail ...) +CVE-2009-0413 - roundcube 0.2~stable-1 (low; bug #514179) [lenny] - roundcube <not-affected> (Vulnerable code not present) -CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire Shopping ...) +CVE-2009-0412 NOT-FOR-US: Interspire Shopping Cart -CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict access from ...) +CVE-2009-0411 - chromium-browser <not-affected> (Only 1.x is affected) - webkit <not-affected> (chrome-specific issue) -CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) ...) +CVE-2009-0410 NOT-FOR-US: Novell GroupWise -CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and ...) +CVE-2009-0409 NOT-FOR-US: Max.Blog -CVE-2009-0408 (Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC ...) +CVE-2009-0408 NOT-FOR-US: osCommerce -CVE-2009-0407 (SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 ...) +CVE-2009-0407 NOT-FOR-US: PHP-CMS -CVE-2009-0406 (SQL injection vulnerability in index.php in Community CMS 0.4 and ...) +CVE-2009-0406 NOT-FOR-US: Community CMS -CVE-2009-0405 (SQL injection vulnerability in articles.php in smartSite CMS 1.0 ...) +CVE-2009-0405 NOT-FOR-US: smartSite CMS -CVE-2009-0404 (Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics ...) +CVE-2009-0404 NOT-FOR-US: Bioinformatics htmLawed -CVE-2009-0403 (SQL injection vulnerability in admin/authenticate.php in Chipmunk ...) +CVE-2009-0403 NOT-FOR-US: Chipmunk Blogger Script -CVE-2009-0402 (SQL injection vulnerability in client/new_account.php in Domain ...) +CVE-2009-0402 NOT-FOR-US: Domain Technologie Control -CVE-2009-0401 (SQL injection vulnerability in browsecats.php in E-Php CMS allows ...) +CVE-2009-0401 NOT-FOR-US: E-Php CMS -CVE-2009-0400 (SQL injection vulnerability in blog.php in SocialEngine 3.06 trial ...) +CVE-2009-0400 NOT-FOR-US: SocialEngine -CVE-2009-0399 (Chipmunk Blogger Script allows remote attackers to gain administrator ...) +CVE-2009-0399 NOT-FOR-US: Chipmunk Blogger Script -CVE-2009-0398 (Array index error in the gst_qtp_trak_handler function in ...) +CVE-2009-0398 - gst-plugins-good0.10 <not-affected> (Vulnerable code not present) - gst-plugins-bad0.10 <not-affected> (Vulnerable code not present) -CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...) +CVE-2009-0397 {DSA-1729-1} - gst-plugins-good0.10 0.10.8-4.1 (bug #514177) [lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1 [etch] - gst-plugins-good0.10 <not-affected> (plugin in other package) - gst-plugins-bad0.10 0.10.4-1 -CVE-2009-0396 (The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, ...) +CVE-2009-0396 NOT-FOR-US: Sony Ericsson -CVE-2009-0395 (SQL injection vulnerability in the login feature in NetArt Media Car ...) +CVE-2009-0395 NOT-FOR-US: NetArt Media Car Portal -CVE-2009-0394 (SQL injection vulnerability in login.php in Pre Lecture Exercises ...) +CVE-2009-0394 NOT-FOR-US: Pre Lecture Exercises -CVE-2009-0393 (Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola ...) +CVE-2009-0393 NOT-FOR-US: Motorola Wimax -CVE-2009-0392 (Directory traversal vulnerability in sysconf.cgi in Motorola Wimax ...) +CVE-2009-0392 NOT-FOR-US: Motorola Wimax -CVE-2009-0391 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) +CVE-2009-0391 NOT-FOR-US: IBM WebSphere Application Server -CVE-2009-0390 (Argument injection vulnerability in Enomaly Elastic Computing Platform ...) +CVE-2009-0390 NOT-FOR-US: Enomaly Elastic Computing Platform -CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows (WOW) ...) +CVE-2009-0389 NOT-FOR-US: ActiveX -CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and ...) +CVE-2009-0388 - tightvnc <not-affected> (bug in the windows-specific client connection code) NOTE: http://bugs.debian.org/528204 -CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...) +CVE-2009-0387 {DSA-1729-1} - gst-plugins-good0.10 0.10.8-4.1 (bug #514177) [lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1 [etch] - gst-plugins-good0.10 <not-affected> (plugin in other package) - gst-plugins-bad0.10 0.10.4-1 -CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...) +CVE-2009-0386 {DSA-1729-1} - gst-plugins-good0.10 0.10.8-4.1 (bug #514177) [lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1 [etch] - gst-plugins-good0.10 <not-affected> (plugin in other package) - gst-plugins-bad0.10 0.10.4-1 -CVE-2009-0384 (SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows ...) +CVE-2009-0384 NOT-FOR-US: OwnRS CMS -CVE-2009-0383 (delete.php in Max.Blog 1.0.6 does not properly restrict access, which ...) +CVE-2009-0383 NOT-FOR-US: Max.Blog -CVE-2009-0382 (Unspecified vulnerability in Internationalization (i18n) Translation ...) +CVE-2009-0382 - drupal5 <not-affected> (Translation module not packaged) - drupal6 <not-affected> (Issue only affects the 5.x branch) -CVE-2009-0381 (SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping ...) +CVE-2009-0381 NOT-FOR-US: BazaarBuilder Ecommerce Shopping Cart -CVE-2009-0380 (** DISPUTED ** ...) +CVE-2009-0380 NOT-FOR-US: Sigsiu Online Business Index -CVE-2009-0379 (SQL injection vulnerability in the Prince Clan Chess Club ...) +CVE-2009-0379 NOT-FOR-US: Prince Clan Chess Club -CVE-2009-0378 (Cross-site scripting (XSS) vulnerability in index.php in the ...) +CVE-2009-0378 NOT-FOR-US: Joomla! -CVE-2009-0377 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...) +CVE-2009-0377 NOT-FOR-US: Joomla! -CVE-2009-0376 (Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer ...) +CVE-2009-0376 NOT-FOR-US: RealPlayer -CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, ...) +CVE-2009-0375 NOT-FOR-US: RealPlayer -CVE-2009-0374 (** DISPUTED ** ...) +CVE-2009-0374 - chromium-browser <unfixed> (unimportant) - webkit <not-affected> (poc doesn't work) -CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine ...) +CVE-2009-0373 NOT-FOR-US: Joomla! -CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in Miltenovik ...) +CVE-2009-0372 NOT-FOR-US: Miltenovik Manojlo MemHT Portal -CVE-2009-0371 (Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and ...) +CVE-2009-0371 NOT-FOR-US: SiteXS CMS -CVE-2009-0370 (Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 ...) +CVE-2009-0370 NOT-FOR-US: IBM AIX -CVE-2009-0369 (Microsoft Internet Explorer 7 allows remote attackers to trick a user ...) +CVE-2009-0369 NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-0487 (Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows ...) +CVE-2009-0487 - mahara 1.0.9-1 (low) [lenny] - mahara 1.0.4-4 -CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 ...) +CVE-2009-0478 {DSA-1732-1} - squid 2.7.STABLE3-4.1 (medium; bug #514142) - squid3 3.0.STABLE8-3 (medium) @@ -12694,56 +12694,56 @@ CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 CVE-2009-XXXX [glpi sql injection] - glpi 0.71.5-1 (bug #513611; unimportant) NOTE: Only supported behind an authenticated HTTP zone -CVE-2009-0490 (Stack-based buffer overflow in the String_parse::get_nonspace_quoted ...) +CVE-2009-0490 {DTSA-192-1} - audacity 1.3.6-1 (bug #514138) [lenny] - audacity 1.3.5-2+lenny1 -CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to bypass ...) +CVE-2009-0368 {DSA-1734-1} - opensc 0.11.7-1 [etch] - opensc <not-affected> (vulnerable code not present) -CVE-2009-0367 (The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows ...) +CVE-2009-0367 {DSA-1737-1} - wesnoth 1:1.4.7-4 -CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth ...) +CVE-2009-0366 {DSA-1737-1} - wesnoth 1:1.4.7-4 -CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an ...) +CVE-2009-0365 {DSA-1955-1} - network-manager-applet 0.7.0.99-1 (medium; bug #519801) - network-manager 0.6.5-1 (medium) NOTE: network-manager in lenny not affected, because it is in network-manager-applet -CVE-2009-0364 (Format string vulnerability in the mini_calendar component in ...) +CVE-2009-0364 {DSA-1752-1} - webcit 7.38b-dfsg-2 (low) -CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl ...) +CVE-2009-0363 {DTSA-197-1} - barnowl 1.0.5-1 [lenny] - barnowl 1.0.1-4 - owl 2.2.2-1 (bug #515118) [lenny] - owl <no-dsa> (Minor issue) [etch] - owl <no-dsa> (Minor issue) -CVE-2009-0362 (filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular ...) +CVE-2009-0362 - fail2ban 0.8.3-2sid1 (low; bug #514163) -CVE-2009-0361 (Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in ...) +CVE-2009-0361 {DSA-1722-1 DSA-1721-1} - libpam-heimdal 3.10-2.1 (bug #516695) - libpam-krb5 3.13-2 [lenny] - libpam-krb5 3.11-4 -CVE-2009-0360 (Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, ...) +CVE-2009-0360 {DSA-1721-1} - libpam-krb5 3.13-2 [lenny] - libpam-krb5 3.11-4 -CVE-2009-0359 (Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before ...) +CVE-2009-0359 {DTSA-194-1} - samizdat 0.6.2-2 -CVE-2009-0358 (Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) ...) +CVE-2009-0358 - iceweasel 3.0 [etch] - iceweasel <not-affected> (Only affects Firefox 3.x) NOTE: Iceweasel in Lenny links against Xulrunner - xulrunner 1.9.0.5-1 [etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9) -CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not ...) +CVE-2009-0357 - iceweasel 3.0 [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support) NOTE: Iceweasel in Lenny links against Xulrunner @@ -12753,7 +12753,7 @@ CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not . [etch] - iceape <end-of-life> (Etch Packages no longer covered by security support) NOTE: Iceape in Lenny only provides XPCOM libs - kompozer 1:0.8~alpha2+dfsg+svn129-1 -CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the ...) +CVE-2009-0356 - iceweasel 3.0 [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support) NOTE: Iceweasel in Lenny links against Xulrunner @@ -12763,16 +12763,16 @@ CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to [etch] - iceape <end-of-life> (Etch Packages no longer covered by security support) NOTE: Iceape in Lenny only provides XPCOM libs - kompozer <not-affected> (.desktop file support is not available) -CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox ...) +CVE-2009-0355 - iceweasel 3.0.6-1 [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x ...) +CVE-2009-0354 - iceweasel 3.0 [etch] - iceweasel <not-affected> (Only affects Firefox 3.x) NOTE: Iceweasel in Lenny links against Xulrunner - xulrunner 1.9.0.5-1 [etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9) -CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, ...) +CVE-2009-0353 {DSA-1830-1} - iceweasel 3.0 [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support) @@ -12784,7 +12784,7 @@ CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, .. NOTE: Iceape in Lenny only provides XPCOM libs - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 -CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...) +CVE-2009-0352 {DSA-1830-1} - iceweasel 3.0 [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support) @@ -12797,73 +12797,73 @@ CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x befor - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 - kompozer 1:0.8~alpha2+dfsg+svn129-1 -CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform ...) +CVE-2009-0343 NOT-FOR-US: Systrace -CVE-2009-0342 (Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows ...) +CVE-2009-0342 NOT-FOR-US: Systrace -CVE-2009-0351 (Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows ...) +CVE-2009-0351 NOT-FOR-US: WinFTP -CVE-2009-0350 (Stack-based buffer overflow in Merak Media Player 3.2 allows remote ...) +CVE-2009-0350 NOT-FOR-US: Merak Media Player -CVE-2009-0349 (Stack-based buffer overflow in FTPShell Server 4.3 allows ...) +CVE-2009-0349 NOT-FOR-US: FTPShell Server -CVE-2009-0348 (The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), ...) +CVE-2009-0348 NOT-FOR-US: Sun Java System Access Manager -CVE-2009-0347 (Open redirect vulnerability in cs.html in the Autonomy (formerly ...) +CVE-2009-0347 NOT-FOR-US: Autonomy (formerly Verity) Ultraseek search engine -CVE-2009-0346 (The IP-in-IP packet processing implementation in the IPsec and IP ...) +CVE-2009-0346 NOT-FOR-US: Sun Solaris -CVE-2009-0345 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...) +CVE-2009-0345 NOT-FOR-US: Embedded Lights Out Manager (ELOM) -CVE-2009-0344 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...) +CVE-2009-0344 NOT-FOR-US: Embedded Lights Out Manager (ELOM) -CVE-2009-0341 (The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP ...) +CVE-2009-0341 NOT-FOR-US: Microsoft -CVE-2009-0340 (Multiple directory traversal vulnerabilities in Simple PHP Newsletter ...) +CVE-2009-0340 NOT-FOR-US: Simple PHP Newsletter -CVE-2009-0339 (SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog ...) +CVE-2009-0339 NOT-FOR-US: DMXReady Blog Manager -CVE-2009-0338 (Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in ...) +CVE-2009-0338 NOT-FOR-US: DMXReady Blog Manager -CVE-2009-0337 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! ...) +CVE-2009-0337 NOT-FOR-US: Katy Whitton BlogIt! -CVE-2009-0336 (Katy Whitton BlogIt! stores sensitive information under the web root ...) +CVE-2009-0336 NOT-FOR-US: Katy Whitton BlogIt! -CVE-2009-0335 (Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton ...) +CVE-2009-0335 NOT-FOR-US: Katy Whitton BlogIt! -CVE-2009-0334 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! ...) +CVE-2009-0334 NOT-FOR-US: Katy Whitton BlogIt! -CVE-2009-0333 (SQL injection vulnerability in the WebAmoeba (WA) Ticket System ...) +CVE-2009-0333 NOT-FOR-US: Joomla! -CVE-2009-0332 (Multiple SQL injection vulnerabilities in AV Book Library before 1.1 ...) +CVE-2009-0332 NOT-FOR-US: AV Book Library -CVE-2009-0331 (Directory traversal vulnerability in gallery/comment.php in Enhanced ...) +CVE-2009-0331 NOT-FOR-US: Enhanced Simple PHP Gallery (ESPG) -CVE-2009-0330 (Directory traversal vulnerability in index.php in Simple Content ...) +CVE-2009-0330 NOT-FOR-US: Simple Content Management System (SCMS) -CVE-2009-0329 (SQL injection vulnerability in the PcCookBook (com_pccookbook) ...) +CVE-2009-0329 NOT-FOR-US: Joomla! -CVE-2009-0328 (ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) ...) +CVE-2009-0328 NOT-FOR-US: ROBS-PROJECTS Digital Sales IPN -CVE-2009-0327 (SQL injection vulnerability in readbible.php in Free Bible Search PHP ...) +CVE-2009-0327 NOT-FOR-US: Free Bible Search PHP Script -CVE-2009-0326 (SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta ...) +CVE-2009-0326 NOT-FOR-US: Dark Age CMS -CVE-2009-0325 (Directory traversal vulnerability in entries/index.php in Ninja Blog ...) +CVE-2009-0325 NOT-FOR-US: Ninja Blog -CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote ...) +CVE-2009-0324 NOT-FOR-US: BibCiter -CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and ...) +CVE-2009-0322 {DSA-1794-1 DSA-1787-1 DSA-1749-1} - linux-2.6 2.6.29-1 (low) - linux-2.6.24 <removed> -CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...) +CVE-2009-0321 NOT-FOR-US: Apple Safari on Windows -CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O ...) +CVE-2009-0320 NOT-FOR-US: Microsoft Windows -CVE-2009-0319 (Unspecified vulnerability in the autofs module in the kernel in Sun ...) +CVE-2009-0319 NOT-FOR-US: Solaris -CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in ...) +CVE-2009-0385 {DSA-1782-1 DSA-1781-1} - ffmpeg-debian 0.svn20080206-16 (medium; bug #524799) - ffmpeg 0.svn20080206-16 @@ -12871,243 +12871,243 @@ CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in .. - mplayer 1.0~rc2-14 (medium; bug #524805) NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still needs a fix NOTE: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 -CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter ...) +CVE-2009-0318 {DTSA-190-1} - gnumeric 1.8.4-3 (low; bug #513418) [etch] - gnumeric 1.6.3-5.1+etch2 -CVE-2009-0317 (Untrusted search path vulnerability in the Python language bindings ...) +CVE-2009-0317 - nautilus-python 0.4.3-3.2 (low; bug #513419) -CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python ...) +CVE-2009-0316 - vim 2:7.2.025-2 (low; bug #493937) [lenny] - vim 1:7.1.314-3+lenny2 [squeeze] - vim 1:7.1.314-3+lenny2 [etch] - vim <no-dsa> (Minor issue) NOTE: Not included in this round, could be fixed via next DSA with other issues -CVE-2009-0315 (Untrusted search path vulnerability in the Python module in xchat ...) +CVE-2009-0315 - xchat 2.8.6-2.1 (low; bug #513509) [etch] - xchat <no-dsa> (Minor issue) -CVE-2009-0314 (Untrusted search path vulnerability in the Python module in gedit ...) +CVE-2009-0314 {DTSA-191-1} - gedit 2.22.3-2 (low; bug #513513) [etch] - gedit <no-dsa> (Minor issue) -CVE-2009-0313 (winetricks before 20081223 allows local users to overwrite arbitrary ...) +CVE-2009-0313 NOT-FOR-US: winetricks -CVE-2009-0311 (The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 ...) +CVE-2009-0311 NOT-FOR-US: EMC AutoStart -CVE-2009-0310 (Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through ...) +CVE-2009-0310 NOT-FOR-US: SuSE blinux CVE-2009-0309 RESERVED CVE-2009-0308 RESERVED -CVE-2009-0307 (Cross-site scripting (XSS) vulnerability in the "Customize Statistics ...) +CVE-2009-0307 NOT-FOR-US: Motion (RIM) BlackBerry Enterprise Server -CVE-2009-0306 (Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in ...) +CVE-2009-0306 NOT-FOR-US: IBM Lotus Notes Intellisync ActiveX -CVE-2009-0305 (Multiple stack-based buffer overflows in the Research in Motion RIM ...) +CVE-2009-0305 NOT-FOR-US: ActiveX -CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before ...) +CVE-2009-0304 NOT-FOR-US: Solaris -CVE-2009-0303 (Cross-site scripting (XSS) vulnerability in Web Help Desk before ...) +CVE-2009-0303 NOT-FOR-US: Web Help Desk -CVE-2009-0302 (SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 ...) +CVE-2009-0302 NOT-FOR-US: PHP-Nuke -CVE-2009-0301 (Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX ...) +CVE-2009-0301 NOT-FOR-US: FlexCell Grid Control CVE-2009-0300 REJECTED -CVE-2009-0299 (SQL injection vulnerability in index.php in Groone GLinks 2.1 allows ...) +CVE-2009-0299 NOT-FOR-US: Groone GLinks -CVE-2009-0298 (Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control ...) +CVE-2009-0298 NOT-FOR-US: MW6 Technologies Barcode -CVE-2009-0297 (SQL injection vulnerability in login_check.asp in ClickAuction allows ...) +CVE-2009-0297 NOT-FOR-US: ClickAuction -CVE-2009-0296 (SQL injection vulnerability in shop_display_products.php in Script ...) +CVE-2009-0296 NOT-FOR-US: Script Toko Online -CVE-2009-0295 (SQL injection vulnerability in index.php in Information Technology ...) +CVE-2009-0295 NOT-FOR-US: ITLPoll -CVE-2009-0294 (Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, ...) +CVE-2009-0294 NOT-FOR-US: WB News -CVE-2009-0293 (SQL injection vulnerability in profile_view.php in Wazzum Dating ...) +CVE-2009-0293 NOT-FOR-US: Wazzum Dating Software -CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows ...) +CVE-2009-0292 NOT-FOR-US: SHOP-INET -CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows ...) +CVE-2009-0291 - openx <itp> (bug #513771) -CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard ...) +CVE-2009-0290 NOT-FOR-US: GNUBoard -CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to ...) +CVE-2009-0289 NOT-FOR-US: k23productions TFTPUtil GUI -CVE-2009-0288 (Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 ...) +CVE-2009-0288 NOT-FOR-US: k23productions TFTPUtil GUI -CVE-2009-0287 (SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before ...) +CVE-2009-0287 NOT-FOR-US: KEEP Toolkit -CVE-2009-0286 (Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, ...) +CVE-2009-0286 NOT-FOR-US: OpenGoo -CVE-2009-0285 (Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 ...) +CVE-2009-0285 NOT-FOR-US: BBSXP -CVE-2009-0284 (SQL injection vulnerability in category.php in Flax Article Manager ...) +CVE-2009-0284 NOT-FOR-US: Flax Article Manager -CVE-2009-0283 (Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows ...) +CVE-2009-0283 NOT-FOR-US: Oblog -CVE-2009-0281 (SQL injection vulnerability in login.aspx in WarHound Walking Club ...) +CVE-2009-0281 NOT-FOR-US: WarHound Walking Club -CVE-2009-0280 (Asp Project Management 1.0 allows remote attackers to bypass ...) +CVE-2009-0280 NOT-FOR-US: Asp Project Management -CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and ...) +CVE-2009-0279 NOT-FOR-US: Pardal CMS -CVE-2009-0323 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 ...) +CVE-2009-0323 - amaya <removed> (medium; bug #507587) NOTE: http://www.coresecurity.com/content/amaya-buffer-overflows -CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 ...) +CVE-2009-0282 {DSA-1714-1 DSA-1713-1 DSA-1712-1} - rt2400 1.2.2+cvs20080623-3 (bug #512999) - rt2500 1:1.1.0-b4+cvs20080623-3 (bug #513000) - rt2570 1.1.0+cvs20080623-2 (bug #513001) - rt73 1:1.0.3.6-cvs20080623-dfsg1-3 (bug #512995) -CVE-2009-0312 (Cross-site scripting (XSS) vulnerability in the antispam feature ...) +CVE-2009-0312 {DSA-1715-1 DTSA-187-1} - moin 1.8.1-1.1 (low) NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad -CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google ...) +CVE-2009-0276 - chromium-browser <not-affected> (only 1.x is affected) - libv8 1.3.11+dfsg-1 - webkit <not-affected> (libv8 issue) -CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, ...) +CVE-2009-0274 NOT-FOR-US: Novell GroupWise -CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell ...) +CVE-2009-0273 NOT-FOR-US: Novell GroupWise -CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise ...) +CVE-2009-0272 NOT-FOR-US: Novell GroupWise -CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel ...) +CVE-2009-0269 {DSA-1787-1 DSA-1749-1} - linux-2.6 2.6.29-1 [etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19) - linux-2.6.24 <removed> -CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not ...) +CVE-2009-0265 - bind9 <not-affected> (vulnerable code not present, introduced in 9.6.x) -CVE-2009-0278 (Sun Java System Application Server (AS) 8.1 and 8.2 allows remote ...) +CVE-2009-0278 NOT-FOR-US: Sun Java System Application Server (AS) -CVE-2009-0277 (Unspecified vulnerability in the kernel in OpenSolaris snv_100 through ...) +CVE-2009-0277 NOT-FOR-US: OpenSolaris -CVE-2009-0275 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...) +CVE-2009-0275 NOT-FOR-US: Ryneezy phoSheezy -CVE-2009-0271 (Directory traversal vulnerability in the TFTP service in Fujitsu ...) +CVE-2009-0271 NOT-FOR-US: Fujitsu SystemcastWizard Lite -CVE-2009-0270 (Stack-based buffer overflow in PXEService.exe in Fujitsu ...) +CVE-2009-0270 NOT-FOR-US: Fujitsu SystemcastWizard Lite -CVE-2009-0268 (Race condition in the pseudo-terminal (aka pty) driver module in Sun ...) +CVE-2009-0268 NOT-FOR-US: Sun Solaris -CVE-2009-0267 (libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does ...) +CVE-2009-0267 NOT-FOR-US: Sun Solaris -CVE-2009-0266 (Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows ...) +CVE-2009-0266 NOT-FOR-US: Triologic Media Player -CVE-2009-0264 (Buffer overflow in the Registry Setting Tool in Fujitsu ...) +CVE-2009-0264 NOT-FOR-US: Fujitsu SystemcastWizard Lite -CVE-2009-0263 (Multiple buffer overflows in Winamp 5.541 and earlier allow remote ...) +CVE-2009-0263 NOT-FOR-US: Winamp -CVE-2009-0262 (Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 ...) +CVE-2009-0262 NOT-FOR-US: Triologic Media Player -CVE-2009-0261 (Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 ...) +CVE-2009-0261 NOT-FOR-US: EffectMatrix Total Video Player -CVE-2009-0260 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2009-0260 {DSA-1715-1 DTSA-187-1} - moin 1.8.1-1.1 (bug #513158; low) -CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote ...) +CVE-2009-0259 - openoffice.org 2.0.4.dfsg.2-7 NOTE: Checked with maintainer and issue was fixed long ago, marking etch version as fixed for now -CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...) +CVE-2009-0254 NOT-FOR-US: easyHDR PRO -CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into ...) +CVE-2009-0253 NOTE: Mozilla #474967, upstream disputes this being a bug -CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb ...) +CVE-2009-0252 NOT-FOR-US: Enthrallweb eReservations -CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...) +CVE-2009-0251 NOT-FOR-US: Ryneezy phoSheezy -CVE-2009-0250 (Ryneezy phoSheezy 0.2 stores sensitive information under the web root ...) +CVE-2009-0250 NOT-FOR-US: Ryneezy phoSheezy -CVE-2009-0249 (Katy Whitton RankEm stores sensitive information under the web root ...) +CVE-2009-0249 NOT-FOR-US: Katy Whitton RankEm -CVE-2009-0248 (Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton ...) +CVE-2009-0248 NOT-FOR-US: Katy Whitton RankEm -CVE-2009-0247 (The server for 53KF Web IM 2009 Home, Professional, and Enterprise ...) +CVE-2009-0247 NOT-FOR-US: 53KF Web IM -CVE-2009-0246 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...) +CVE-2009-0246 NOT-FOR-US: easyHDR PRO -CVE-2009-0414 (Unspecified vulnerability in Tor before 0.2.0.33 has unspecified ...) +CVE-2009-0414 - tor 0.2.0.33-1 -CVE-2009-0245 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS ...) +CVE-2009-0245 NOT-FOR-US: Usagi Project MyNETS -CVE-2009-0244 (Directory traversal vulnerability in the OBEX FTP Service in the ...) +CVE-2009-0244 NOT-FOR-US: Microsoft product -CVE-2009-0243 (Microsoft Windows does not properly enforce the Autorun and ...) +CVE-2009-0243 NOT-FOR-US: Microsoft product -CVE-2009-0255 (The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 ...) +CVE-2009-0255 {DSA-1711-1} - typo3-src 4.2.4-1 -CVE-2009-0256 (Session fixation vulnerability in the authentication library in TYPO3 ...) +CVE-2009-0256 {DSA-1711-1} - typo3-src 4.2.4-1 -CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 ...) +CVE-2009-0257 {DSA-1711-1} - typo3-src 4.2.4-1 -CVE-2009-0258 (The Indexed Search Engine (indexed_search) system extension in TYPO3 ...) +CVE-2009-0258 {DSA-1711-1} - typo3-src 4.2.4-1 CVE-2009-0242 REJECTED -CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...) +CVE-2009-0241 {DSA-1710-1} - ganglia-monitor-core 2.5.7-5 (medium; bug #512637) -CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN ...) +CVE-2009-0240 {DSA-1725-1} - websvn 2.0-4+lenny1 (bug #512191) [etch] - websvn <not-affected> (authenthication doesn't exist in that version) -CVE-2009-0239 (Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for ...) +CVE-2009-0239 NOT-FOR-US: Microsoft -CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; ...) +CVE-2009-0238 NOT-FOR-US: Microsoft -CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML ...) +CVE-2009-0237 NOT-FOR-US: Microsoft Forefront Threat Management Gateway CVE-2009-0236 REJECTED -CVE-2009-0235 (Stack-based buffer overflow in the Word 97 text converter in WordPad ...) +CVE-2009-0235 NOT-FOR-US: Microsoft WordPad -CVE-2009-0234 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...) +CVE-2009-0234 NOT-FOR-US: Microsoft Windows -CVE-2009-0233 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...) +CVE-2009-0233 NOT-FOR-US: Microsoft Windows -CVE-2009-0232 (Integer overflow in the Embedded OpenType (EOT) Font Engine in ...) +CVE-2009-0232 NOT-FOR-US: Microsoft Windows -CVE-2009-0231 (The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft ...) +CVE-2009-0231 NOT-FOR-US: Microsoft Windows -CVE-2009-0230 (The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and ...) +CVE-2009-0230 NOT-FOR-US: Microsoft -CVE-2009-0229 (The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and ...) +CVE-2009-0229 NOT-FOR-US: Microsoft -CVE-2009-0228 (Stack-based buffer overflow in the EnumeratePrintShares function in ...) +CVE-2009-0228 NOT-FOR-US: Microsoft -CVE-2009-0227 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter ...) +CVE-2009-0227 NOT-FOR-US: Microsoft -CVE-2009-0226 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in ...) +CVE-2009-0226 NOT-FOR-US: Microsoft -CVE-2009-0225 (Microsoft Office PowerPoint 2002 SP3 allows remote attackers to ...) +CVE-2009-0225 NOT-FOR-US: Microsoft -CVE-2009-0224 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 ...) +CVE-2009-0224 NOT-FOR-US: Microsoft -CVE-2009-0223 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...) +CVE-2009-0223 NOT-FOR-US: Microsoft -CVE-2009-0222 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...) +CVE-2009-0222 NOT-FOR-US: Microsoft -CVE-2009-0221 (Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 ...) +CVE-2009-0221 NOT-FOR-US: Microsoft -CVE-2009-0220 (Multiple stack-based buffer overflows in the PowerPoint 4.0 importer ...) +CVE-2009-0220 NOT-FOR-US: Microsoft -CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in Motion ...) +CVE-2009-0219 NOT-FOR-US: BlackBerry -CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch ...) +CVE-2009-0218 NOT-FOR-US: IntraLaunch Application Launcher ActiveX control -CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) ...) +CVE-2009-0217 {DSA-1995-1 DSA-1849-1 DTSA-205-1} - xml-security-c 1.4.0-4 - xmlsec1 1.2.12-1 @@ -13120,117 +13120,117 @@ CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsi [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) - openoffice.org 1:3.1.1-16 -CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication ...) +CVE-2009-0216 NOT-FOR-US: GE Fanuc iFIX -CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM ...) +CVE-2009-0215 NOT-FOR-US: IBM Access Support ActiveX -CVE-2009-0214 (Unspecified vulnerability in the WebFGServer application in AREVA ...) +CVE-2009-0214 NOT-FOR-US: WebFGServer -CVE-2009-0213 (Unspecified vulnerability in the NETIO application in AREVA ...) +CVE-2009-0213 NOT-FOR-US: AREVA e-terrahabitat -CVE-2009-0212 (Unspecified vulnerability in the WebFGServer application in AREVA ...) +CVE-2009-0212 NOT-FOR-US: AREVA e-terrahabitat -CVE-2009-0211 (Unspecified vulnerability in the WebFGServer application in AREVA ...) +CVE-2009-0211 NOT-FOR-US: AREVA e-terrahabitat -CVE-2009-0210 (Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and ...) +CVE-2009-0210 NOT-FOR-US: AREVA e-terrahabitat -CVE-2009-0209 (PI Server in OSIsoft PI System before 3.4.380.x does not properly use ...) +CVE-2009-0209 NOT-FOR-US: OSIsoft PI System -CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, ...) +CVE-2009-0208 NOT-FOR-US: HP Virtual Rooms Client -CVE-2009-0207 (Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk ...) +CVE-2009-0207 NOT-FOR-US: VERITAS Oracle Disk Manager -CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier ...) +CVE-2009-0206 NOT-FOR-US: HP ONCplus CVE-2009-0205 RESERVED -CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and ...) +CVE-2009-0204 NOT-FOR-US: HP Select Access CVE-2009-0203 RESERVED -CVE-2009-0202 (Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows ...) +CVE-2009-0202 NOT-FOR-US: Microsoft -CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and ...) +CVE-2009-0201 {DSA-1880-1} - openoffice.org 1:3.1.1~ooo310m15-1 -CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 and ...) +CVE-2009-0200 {DSA-1880-1} - openoffice.org 1:3.1.1~ooo310m15-1 -CVE-2009-0199 (Heap-based buffer overflow in the VMnc media codec in vmnc.dll in ...) +CVE-2009-0199 NOT-FOR-US: VMware Movie Decoder -CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) +CVE-2009-0198 NOT-FOR-US: Adobe Reader -CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...) +CVE-2009-0197 NOT-FOR-US: IrfanView -CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...) +CVE-2009-0196 {DSA-2080-1 DTSA-198-1} - ghostscript 8.64~dfsg-1.1 (medium; bug #524803) - gs-gpl <removed> (medium; bug #561717) - jbig2dec <not-affected> (already fixed in initial upload) -CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, ...) +CVE-2009-0195 {DSA-1790-1} - xpdf 3.02-1.4+lenny1 (medium; bug #524809) [squeeze] - xpdf 3.02-1.4+lenny1 -CVE-2009-0194 (The domain-locking implementation in the ...) +CVE-2009-0194 NOT-FOR-US: Garmin Communicator Plug-In -CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 ...) +CVE-2009-0193 NOT-FOR-US: Adobe Acrobat Reader -CVE-2009-0192 (Off-by-one error in the iMonitor component in Novell eDirectory 8.8 ...) +CVE-2009-0192 NOT-FOR-US: Novell eDirectory -CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, ...) +CVE-2009-0191 NOT-FOR-US: Foxit Reader CVE-2009-0190 REJECTED CVE-2009-0189 REJECTED -CVE-2009-0188 (Apple QuickTime before 7.6.2 allows remote attackers to execute ...) +CVE-2009-0188 NOT-FOR-US: Apple QuickTime -CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and ...) +CVE-2009-0187 NOT-FOR-US: Orbit Downloader -CVE-2009-0186 (Integer overflow in libsndfile 1.0.18, as used in Winamp and other ...) +CVE-2009-0186 {DSA-1742-1 DTSA-202-1} - libsndfile 1.0.19-1 (medium) -CVE-2009-0185 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...) +CVE-2009-0185 NOT-FOR-US: Apple QuickTime -CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation in ...) +CVE-2009-0184 NOT-FOR-US: Free Download Manager -CVE-2009-0183 (Stack-based buffer overflow in Remote Control Server in Free Download ...) +CVE-2009-0183 NOT-FOR-US: Free Download Manager -CVE-2009-0182 (Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted ...) +CVE-2009-0182 NOT-FOR-US: VUPlayer -CVE-2009-0181 (Buffer overflow in VUPlayer allows user-assisted attackers to have an ...) +CVE-2009-0181 NOT-FOR-US: VUPlayer -CVE-2009-0180 (Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on ...) +CVE-2009-0180 NOT-FOR-US: Fedora specific issue -CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other ...) +CVE-2009-0179 - libmikmod 3.1.11-6.1 (low; bug #476339) [etch] - libmikmod <no-dsa> (Minor issue) [lenny] - libmikmod <no-dsa> (Minor issue) -CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 ...) +CVE-2009-0178 NOT-FOR-US: IBM Hardware Management Console -CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka ...) +CVE-2009-0177 NOT-FOR-US: vmware-authd -CVE-2009-0176 (Multiple heap-based buffer overflows in the PDF distiller in the ...) +CVE-2009-0176 NOT-FOR-US: Attachment Service in Research in Motion -CVE-2009-0175 (Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 ...) +CVE-2009-0175 NOT-FOR-US: Heathco Software MP3 TrackMaker -CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers ...) +CVE-2009-0174 NOT-FOR-US: VUPlayer -CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 ...) +CVE-2009-0173 NOT-FOR-US: IBM DB2 -CVE-2009-0172 (Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, ...) +CVE-2009-0172 NOT-FOR-US: IBM DB2 9.1 -CVE-2009-0171 (The Sun SPARC Enterprise M4000 and M5000 Server, within a certain ...) +CVE-2009-0171 NOT-FOR-US: Sun SPARC Enterprise M4000 and M5000 Server -CVE-2009-0170 (Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows ...) +CVE-2009-0170 NOT-FOR-US: Sun Java System Access Manager -CVE-2009-0169 (Sun Java System Access Manager 7.1 allows remote authenticated ...) +CVE-2009-0169 NOT-FOR-US: Sun Java System Access Manager -CVE-2009-0168 (Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris ...) +CVE-2009-0168 NOT-FOR-US: ppdmgr in Sun Solaris 10 and OpenSolaris -CVE-2009-0167 (Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris ...) +CVE-2009-0167 NOT-FOR-US: lpadmin in Sun Solaris 10 and OpenSolaris -CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...) +CVE-2009-0166 {DSA-1793-1 DSA-1790-1} - poppler 0.10.6-1 (medium; bug #524806) [lenny] - poppler 0.8.7-2 @@ -13239,55 +13239,55 @@ CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ear [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0 (medium; bug #524810) - swftools 0.9.2+ds1-2 -CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as ...) +CVE-2009-0165 {DSA-1793-1 DSA-1790-1} - xpdf 3.02-1.4+lenny1 (low; bug #524809) [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0 (low; bug #528369) -CVE-2009-0164 (The web interface for CUPS before 1.3.10 does not validate the HTTP ...) +CVE-2009-0164 - cups 1.3.10-1 (low) [lenny] - cups <no-dsa> (Minor issue, needs several prerequirements for attack) - cupsys <removed> [etch] - cupsys <no-dsa> (Minor issue, needs several prerequirements for attack) -CVE-2009-0163 (Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and ...) +CVE-2009-0163 {DSA-1773-1} - cups 1.3.10-1 - cupsys <removed> -CVE-2009-0162 (Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 ...) +CVE-2009-0162 NOT-FOR-US: Safari -CVE-2009-0161 (The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 ...) +CVE-2009-0161 NOT-FOR-US: Mac OS X NOTE: dupe of CVE-2009-0642 -CVE-2009-0160 (QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 ...) +CVE-2009-0160 NOT-FOR-US: QuickDraw Manager -CVE-2009-0159 (Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...) +CVE-2009-0159 {DSA-1801-1} - ntp 1:4.2.4p6+dfsg-2 (low; bug #525373) -CVE-2009-0158 (Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and ...) +CVE-2009-0158 NOT-FOR-US: telnet in Apple Mac OS X -CVE-2009-0157 (Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before ...) +CVE-2009-0157 NOT-FOR-US: CFNetwork in Apple -CVE-2009-0156 (Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 ...) +CVE-2009-0156 NOT-FOR-US: Launch Services in Apple Mac OS -CVE-2009-0155 (Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before ...) +CVE-2009-0155 NOT-FOR-US: CoreGraphics in Apple Mac OS -CVE-2009-0154 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) +CVE-2009-0154 NOT-FOR-US: Apple Type Services -CVE-2009-0153 (International Components for Unicode (ICU) 4.0, 3.6, and other 3.x ...) +CVE-2009-0153 {DSA-1889-1} - icu 4.0.1-1 (low; bug #534590) -CVE-2009-0152 (iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL ...) +CVE-2009-0152 NOT-FOR-US: iChat in Apple Mac OS X -CVE-2009-0151 (The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not ...) +CVE-2009-0151 NOT-FOR-US: screen saver in Dock in Apple Mac OS X -CVE-2009-0150 (Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 ...) +CVE-2009-0150 NOT-FOR-US: Apple Mac OS X -CVE-2009-0149 (Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to ...) +CVE-2009-0149 NOT-FOR-US: Apple Mac OS X -CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote ...) +CVE-2009-0148 {DSA-1806-1} - cscope 15.7a-1 (low; bug #528510) -CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...) +CVE-2009-0147 {DSA-1793-1 DSA-1790-1} - poppler 0.10.6-1 (low; bug #524806) [lenny] - poppler 0.8.7-2 @@ -13296,7 +13296,7 @@ CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 a [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0 (medium; bug #524810) - swftools 0.9.2+ds1-2 -CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...) +CVE-2009-0146 {DSA-1793-1 DSA-1790-1} - poppler 0.10.6-1 (medium; bug #524806) [lenny] - poppler 0.8.7-2 @@ -13305,74 +13305,74 @@ CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 an [squeeze] - xpdf 3.02-1.4+lenny1 - kdegraphics 4:4.0 (medium; bug #524810) - swftools 0.9.2+ds1-2 -CVE-2009-0145 (CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone ...) +CVE-2009-0145 NOT-FOR-US: CoreGraphics in Apple Mac OS X -CVE-2009-0144 (CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse ...) +CVE-2009-0144 NOT-FOR-US: CFNetwork in Apple Mac OS X -CVE-2009-0143 (Apple iTunes before 8.1 does not properly inform the user about the ...) +CVE-2009-0143 NOT-FOR-US: Apple iTunes -CVE-2009-0142 (Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local ...) +CVE-2009-0142 NOT-FOR-US: Apple Mac OS X -CVE-2009-0141 (XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, ...) +CVE-2009-0141 NOT-FOR-US: XTerm in Apple Mac OS X -CVE-2009-0140 (Unspecified vulnerability in the SMB component in Apple Mac OS X ...) +CVE-2009-0140 NOT-FOR-US: Apple Mac OS X -CVE-2009-0139 (Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows ...) +CVE-2009-0139 NOT-FOR-US: Apple Mac OS X -CVE-2009-0138 (servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly ...) +CVE-2009-0138 NOT-FOR-US: Apple Mac OS X -CVE-2009-0137 (Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X ...) +CVE-2009-0137 NOT-FOR-US: Apple Mac OS X -CVE-2009-0134 (Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX ...) +CVE-2009-0134 NOT-FOR-US: EasyGrid.SGCtrl.32 ActiveX control -CVE-2009-0135 (Multiple integer overflows in the Audible::Tag::readTag function in ...) +CVE-2009-0135 {DSA-1706-1} - amarok 1.4.10-2 (medium) -CVE-2009-0136 (Multiple array index errors in the Audible::Tag::readTag function in ...) +CVE-2009-0136 {DSA-1706-1} - amarok 1.4.10-2 (medium) -CVE-2009-0133 (Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier ...) +CVE-2009-0133 NOT-FOR-US: Microsoft HTML Help Workshop -CVE-2009-0132 (Integer overflow in the aio_suspend function in Sun Solaris 8 through ...) +CVE-2009-0132 NOT-FOR-US: Solaris -CVE-2009-0131 (The UFS implementation in the kernel in Sun OpenSolaris snv_29 through ...) +CVE-2009-0131 NOT-FOR-US: UFS in OpenSolaris -CVE-2009-0130 (** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not ...) +CVE-2009-0130 - erlang <unfixed> (unimportant; bug #511520) NOTE: the return value is passed to the caller (lib/crypto/src/crypto.erl) which NOTE: only return success in case of DSA_do_verify returning 1 and failure otherwise NOTE: this is likely to be rejected -CVE-2009-0129 (libcrypt-openssl-dsa-perl does not properly check the return value ...) +CVE-2009-0129 - libcrypt-openssl-dsa-perl 0.13-4 (bug #511519) -CVE-2009-0128 (plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for ...) +CVE-2009-0128 {DTSA-185-1} - slurm-llnl 1.3.13-1 (bug #511511) -CVE-2009-0127 (** DISPUTED ** M2Crypto does not properly check the return value from ...) +CVE-2009-0127 - m2crypto <unfixed> (bug #511515; unimportant) NOTE: m2crypto provides a direct mapping of the OpenSSL functions, no incorrect NOTE: call sites are known, if such are found they should be fixed in the respective NOTE: applications -CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in Berkeley ...) +CVE-2009-0126 {DSA-1718-1} - boinc 6.2.14-3 (bug #511521) -CVE-2009-0125 (** DISPUTED ** ...) +CVE-2009-0125 - libnasl <removed> (unimportant; bug #511517) -CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in American ...) +CVE-2009-0124 - tqsllib 2.0-8 (low; bug #511509) [etch] - tqsllib <no-dsa> (Minor issue) -CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows ...) +CVE-2009-0123 NOT-FOR-US: Apple Safari -CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and ...) +CVE-2009-0122 - hplip <not-affected> (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable) CVE-2009-XXXX [unspecified multiple Drupal vulnerabilies, likely some overlap with the next temp entry] - drupal6 6.6-3 CVE-2009-XXXX [unspecified Drupal SQL injection] - drupal5 5.15-1 -CVE-2009-0121 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 ...) +CVE-2009-0121 NOT-FOR-US: Goople CMS -CVE-2009-0120 (The IBM WebSphere DataPower XML Security Gateway XS40 with firmware ...) +CVE-2009-0120 NOT-FOR-US: Web Sphere -CVE-2009-0119 (Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to ...) +CVE-2009-0119 NOT-FOR-US: Windows CVE-2009-0118 RESERVED @@ -13380,272 +13380,272 @@ CVE-2009-0117 RESERVED CVE-2009-0116 RESERVED -CVE-2009-0115 (The Device Mapper multipathing driver (aka multipath-tools or ...) +CVE-2009-0115 {DSA-1767-1} - multipath-tools 0.4.8-15 (low; bug #522813) CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse] - openslp-dfsg <not-affected> (Debian's openslp doesn't build with SSL support) -CVE-2009-0114 (Unspecified vulnerability in the Settings Manager in Adobe Flash ...) +CVE-2009-0114 NOT-FOR-US: Flash -CVE-2009-0113 (Directory traversal vulnerability in attachmentlibrary.php in the ...) +CVE-2009-0113 NOT-FOR-US: Joomla! component -CVE-2009-0112 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2009-0112 NOT-FOR-US: PollPro -CVE-2009-0111 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and ...) +CVE-2009-0111 NOT-FOR-US: Goople CMS -CVE-2009-0110 (SQL injection vulnerability in read.php in RiotPix 0.61 and earlier ...) +CVE-2009-0110 NOT-FOR-US: RiotPix -CVE-2009-0109 (SQL injection vulnerability in index.php in RiotPix 0.61 and earlier ...) +CVE-2009-0109 NOT-FOR-US: RiotPix -CVE-2009-0108 (PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass ...) +CVE-2009-0108 NOT-FOR-US: PHPAuctions -CVE-2009-0107 (Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions ...) +CVE-2009-0107 NOT-FOR-US: PHPAuctions -CVE-2009-0106 (SQL injection vulnerability in profile.php in PHPAuctions (aka ...) +CVE-2009-0106 NOT-FOR-US: PHPAuctions -CVE-2009-0105 (Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 ...) +CVE-2009-0105 NOT-FOR-US: EZpack -CVE-2009-0104 (SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote ...) +CVE-2009-0104 NOT-FOR-US: EZpack -CVE-2009-0103 (Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 ...) +CVE-2009-0103 NOT-FOR-US: playSMS -CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, ...) +CVE-2009-0102 NOT-FOR-US: Microsoft CVE-2009-0101 REJECTED -CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; ...) +CVE-2009-0100 NOT-FOR-US: Microsoft Office Excel -CVE-2009-0099 (The Electronic Messaging System Microsoft Data Base (EMSMDB32) ...) +CVE-2009-0099 NOT-FOR-US: Microsoft -CVE-2009-0098 (Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and ...) +CVE-2009-0098 NOT-FOR-US: Microsoft -CVE-2009-0097 (Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly ...) +CVE-2009-0097 NOT-FOR-US: Microsoft -CVE-2009-0096 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not ...) +CVE-2009-0096 NOT-FOR-US: Microsoft -CVE-2009-0095 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not ...) +CVE-2009-0095 NOT-FOR-US: Microsoft -CVE-2009-0094 (The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and ...) +CVE-2009-0094 NOT-FOR-US: Microsoft Windows -CVE-2009-0093 (Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and ...) +CVE-2009-0093 NOT-FOR-US: Microsoft Windows CVE-2009-0092 REJECTED -CVE-2009-0091 (Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly ...) +CVE-2009-0091 NOT-FOR-US: Microsoft .NET Framework -CVE-2009-0090 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not ...) +CVE-2009-0090 NOT-FOR-US: Microsoft .NET Framework -CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP ...) +CVE-2009-0089 NOT-FOR-US: Microsoft Windows -CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft ...) +CVE-2009-0088 NOT-FOR-US: Microsoft Office -CVE-2009-0087 (Unspecified vulnerability in the Word 6 text converter in WordPad in ...) +CVE-2009-0087 NOT-FOR-US: Microsoft Word -CVE-2009-0086 (Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft ...) +CVE-2009-0086 NOT-FOR-US: Microsoft Windows -CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in ...) +CVE-2009-0085 NOT-FOR-US: Microsoft Windows -CVE-2009-0084 (Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 ...) +CVE-2009-0084 NOT-FOR-US: DirectX -CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server ...) +CVE-2009-0083 NOT-FOR-US: Microsoft Windows -CVE-2009-0082 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) +CVE-2009-0082 NOT-FOR-US: Microsoft Windows -CVE-2009-0081 (The graphics device interface (GDI) implementation in the kernel in ...) +CVE-2009-0081 NOT-FOR-US: Microsoft Windows -CVE-2009-0080 (The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, ...) +CVE-2009-0080 NOT-FOR-US: Windows Vista -CVE-2009-0079 (The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 ...) +CVE-2009-0079 NOT-FOR-US: Microsoft Windows XP -CVE-2009-0078 (The Windows Management Instrumentation (WMI) provider in Microsoft ...) +CVE-2009-0078 NOT-FOR-US: Microsoft Windows XP -CVE-2009-0077 (The firewall engine in Microsoft Forefront Threat Management Gateway, ...) +CVE-2009-0077 NOT-FOR-US: Microsoft Forefront Threat Management Gateway -CVE-2009-0076 (Microsoft Internet Explorer 7, when XHTML strict mode is used, allows ...) +CVE-2009-0076 NOT-FOR-US: Microsoft -CVE-2009-0075 (Microsoft Internet Explorer 7 does not properly handle errors during ...) +CVE-2009-0075 NOT-FOR-US: Microsoft CVE-2009-0074 REJECTED CVE-2009-0073 REJECTED -CVE-2009-0072 (Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote ...) +CVE-2009-0072 NOT-FOR-US: Internet Explorer -CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is ...) +CVE-2009-0071 - iceweasel <removed> (unimportant) NOTE: Browser crashes not treated as security issues -CVE-2009-0070 (Integer signedness error in Apple Safari allows remote attackers to ...) +CVE-2009-0070 NOT-FOR-US: Apple Safari -CVE-2009-0069 (Unspecified vulnerability in the nfs4rename_persistent_fh function in ...) +CVE-2009-0069 NOT-FOR-US: Solaris -CVE-2009-0068 (Interaction error in xdg-open allows remote attackers to execute ...) +CVE-2009-0068 - xdg-utils <not-affected> (xdg-open is not added to mailcap) CVE-2009-0067 RESERVED -CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software for ...) +CVE-2009-0066 NOT-FOR-US: Intel system software for TXT -CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control ...) +CVE-2009-0065 {DSA-1794-1 DSA-1787-1 DSA-1749-1} - linux-2.6 2.6.29-1 - linux-2.6.24 <removed> -CVE-2009-0064 (Multiple unspecified vulnerabilities in the Control Center in Symantec ...) +CVE-2009-0064 NOT-FOR-US: Symantec Brightmail Gateway Appliance -CVE-2009-0063 (Cross-site scripting (XSS) vulnerability in the Control Center in ...) +CVE-2009-0063 NOT-FOR-US: Symantec Brightmail Gateway Appliance -CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), ...) +CVE-2009-0062 NOT-FOR-US: Cisco -CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC ...) +CVE-2009-0061 NOT-FOR-US: Cisco CVE-2009-0060 RESERVED -CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...) +CVE-2009-0059 NOT-FOR-US: Cisco -CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...) +CVE-2009-0058 NOT-FOR-US: Cisco -CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...) +CVE-2009-0057 NOT-FOR-US: Cisco -CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the administration ...) +CVE-2009-0056 NOT-FOR-US: Cisco IronPort Encryption Appliance -CVE-2009-0055 (Cross-site request forgery (CSRF) vulnerability in the administration ...) +CVE-2009-0055 NOT-FOR-US: Cisco IronPort Encryption Appliance -CVE-2009-0054 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before ...) +CVE-2009-0054 NOT-FOR-US: Cisco IronPort Encryption Appliance -CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before ...) +CVE-2009-0053 NOT-FOR-US: Cisco IronPort Encryption Appliance -CVE-2009-0052 (The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access ...) +CVE-2009-0052 NOT-FOR-US: Netgear WNDAP330 Access Point -CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value from ...) +CVE-2009-0051 NOT-FOR-US: ZXID -CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value from ...) +CVE-2009-0050 {DSA-1700-1} - lasso 2.2.1-2 (bug #511262) -CVE-2009-0049 (Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly ...) +CVE-2009-0049 {DSA-1946-1} - belpic 2.6.0-6 (bug #511261) -CVE-2009-0048 (OpenEvidence 1.0.6 and earlier does not properly check the return ...) +CVE-2009-0048 NOT-FOR-US: OpenEvidence -CVE-2009-0047 (Gale 0.99 and earlier does not properly check the return value from ...) +CVE-2009-0047 NOT-FOR-US: Gale -CVE-2009-0046 (Sun GridEngine 5.3 and earlier does not properly check the return ...) +CVE-2009-0046 NOT-FOR-US: Sun GridEngine CVE-2009-0045 RESERVED CVE-2009-0044 RESERVED -CVE-2009-0043 (The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 ...) +CVE-2009-0043 NOT-FOR-US: CA Service Metric Analysis r11.0 through r11.1 SP1 and Service -CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library ...) +CVE-2009-0042 NOT-FOR-US: CA Anti-Virus -CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before ...) +CVE-2009-0041 {DSA-1952-1} - asterisk 1:1.6.1.0~dfsg~rc3-1 (low; bug #513413) [lenny] - asterisk <no-dsa> (Minor issue) [etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support) -CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before ...) +CVE-2009-0040 {DSA-1830-1 DSA-1750-1} - icedove 2.0.0.22-1 (bug #535124) [squeeze] - icedove 2.0.0.22-0lenny1 - libpng 1.2.35-1 (bug #516256) -CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) +CVE-2009-0039 - geronimo <itp> (bug #481869) -CVE-2009-0038 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) +CVE-2009-0038 - geronimo <itp> (bug #481869) -CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19.3, ...) +CVE-2009-0037 {DSA-1738-1} - curl 7.18.2-8.1 (bug #518423) -CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in ...) +CVE-2009-0036 - libvirt 0.5.1-7 (unimportant) NOTE: not building libvirt proxy from libvirt source package CVE-2009-0035 [alsainfo insecure temp file usage] RESERVED - alsa-driver 1.0.20-1 (unimportant) NOTE: alsainfo not built into source package -CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...) +CVE-2009-0034 - sudo 1.6.9p17-2 (medium) [etch] - sudo <not-affected> (Vulnerable code not present) -CVE-2009-0033 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...) +CVE-2009-0033 {DSA-2207-1} - tomcat6 6.0.28-1 [lenny] - tomcat6 <not-affected> (Only ships the servlet package) - tomcat5 <removed> (medium; bug #532363) - tomcat5.5 <removed> (medium; bug #532366) -CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) ...) +CVE-2009-0032 NOT-FOR-US: issue affects pdfdistiller -CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...) +CVE-2009-0031 {DSA-1794-1 DSA-1787-1 DSA-1749-1} - linux-2.6 2.6.29-1 (low) - linux-2.6.24 <removed> -CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...) +CVE-2009-0030 - squirrelmail <not-affected> (RedHat-specific regression) -CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, ...) +CVE-2009-0029 {DSA-1794-1 DSA-1787-1 DSA-1749-1} - linux-2.6 2.6.29-1 (medium; bug #536147) - linux-2.6.24 <removed> -CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier allows ...) +CVE-2009-0028 {DSA-1800-1 DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.29-1 - linux-2.6.24 <removed> -CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application ...) +CVE-2009-0027 - jbossas4 4.2.2.GA-1 (bug #562000) [lenny] - jbossas4 <no-dsa> (Contrib not supported) -CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...) +CVE-2009-0026 NOT-FOR-US: Apache Jackrabbit -CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check ...) +CVE-2009-0025 {DSA-1703-1} - bind9 1:9.5.1.dfsg.P1-1 (low; bug #511936) NOTE: unlike the advisory states it is DSA_do_verify not DSA_verify NOTE: low severity because it is believed hard to trigger and only NOTE: affects DNSSEC with DSA, which is supposedly rarely used. -CVE-2009-0024 (The sys_remap_file_pages function in mm/fremap.c in the Linux kernel ...) +CVE-2009-0024 - linux-2.6 2.6.24-4 [etch] - linux-2.6 <not-affected> (Introduced in 2.6.23) NOTE: Fixed in 2.6.24 before initial upload -CVE-2009-0023 (The apr_strmatch_precompile function in strmatch/apr_strmatch.c in ...) +CVE-2009-0023 {DSA-1812-1} - apr-util 1.3.7+dfsg-1 -CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows ...) +CVE-2009-0022 - samba 2:3.2.5-3 [etch] - samba <not-affected> (Only 3.2.x affected) -CVE-2009-0021 (NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly ...) +CVE-2009-0021 {DSA-1702-1} - ntp 1:4.2.4p4+dfsg-8 -CVE-2009-0020 (Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and ...) +CVE-2009-0020 NOT-FOR-US: Apple Mac OS X -CVE-2009-0019 (Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote ...) +CVE-2009-0019 NOT-FOR-US: Apple Mac OS X -CVE-2009-0018 (The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 ...) +CVE-2009-0018 NOT-FOR-US: Apple Mac OS X -CVE-2009-0017 (csregprinter in the Printing component in Apple Mac OS X 10.4.11 and ...) +CVE-2009-0017 NOT-FOR-US: Apple Mac OS X -CVE-2009-0016 (Apple iTunes before 8.1 on Windows allows remote attackers to cause a ...) +CVE-2009-0016 NOT-FOR-US: Apple iTunes -CVE-2009-0015 (Unspecified vulnerability in fseventsd in the FSEvents framework in ...) +CVE-2009-0015 NOT-FOR-US: Apple Mac OS X -CVE-2009-0014 (Folder Manager in Apple Mac OS X 10.5.6 uses insecure default ...) +CVE-2009-0014 NOT-FOR-US: Apple Mac OS X -CVE-2009-0013 (dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that ...) +CVE-2009-0013 NOT-FOR-US: Apple Mac OS X -CVE-2009-0012 (Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows ...) +CVE-2009-0012 NOT-FOR-US: Apple Mac OS X -CVE-2009-0011 (Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to ...) +CVE-2009-0011 NOT-FOR-US: Apple Mac OS X -CVE-2009-0010 (Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and ...) +CVE-2009-0010 NOT-FOR-US: QuickDraw Manager in Apple Mac OS X -CVE-2009-0009 (Unspecified vulnerability in the Pixlet codec in Apple Mac OS X ...) +CVE-2009-0009 NOT-FOR-US: Apple Mac OS X -CVE-2009-0008 (Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component ...) +CVE-2009-0008 NOT-FOR-US: Apple QuickTime -CVE-2009-0007 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...) +CVE-2009-0007 NOT-FOR-US: Apple QuickTime -CVE-2009-0006 (Integer signedness error in Apple QuickTime before 7.6 allows remote ...) +CVE-2009-0006 NOT-FOR-US: Apple QuickTime -CVE-2009-0005 (Unspecified vulnerability in Apple QuickTime before 7.6 allows remote ...) +CVE-2009-0005 NOT-FOR-US: Apple QuickTime -CVE-2009-0004 (Buffer overflow in Apple QuickTime before 7.6 allows remote attackers ...) +CVE-2009-0004 NOT-FOR-US: Apple QuickTime -CVE-2009-0003 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...) +CVE-2009-0003 NOT-FOR-US: Apple QuickTime -CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...) +CVE-2009-0002 NOT-FOR-US: Apple QuickTime -CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...) +CVE-2009-0001 NOT-FOR-US: Apple QuickTime |