/[secure-testing]/data/CVE/list
ViewVC logotype

Contents of /data/CVE/list

Parent Directory Parent Directory | Revision Log Revision Log

Revision 13745 - (show annotations) (download)
Thu Jan 7 11:40:49 2010 UTC (3 years, 5 months ago) by aurel32
File size: 5337941 byte(s) 
New (e)glibc issue
1 CVE-2010-XXXX (NIS users shadow password leakage)
2 - eglibc 2.10.2-4 (medium; bug #560333)
3 [lenny] - glibc <unfixed>
4 [etch] - glibc <unfixed>
5 CVE-2010-0115
6 RESERVED
7 CVE-2010-0114
8 RESERVED
9 CVE-2010-0113
10 RESERVED
11 CVE-2010-0112
12 RESERVED
13 CVE-2010-0111
14 RESERVED
15 CVE-2010-0110
16 RESERVED
17 CVE-2010-0109
18 RESERVED
19 CVE-2010-0108
20 RESERVED
21 CVE-2010-0107
22 RESERVED
23 CVE-2010-0106
24 RESERVED
25 CVE-2010-0105
26 RESERVED
27 CVE-2010-0104
28 RESERVED
29 CVE-2010-0103
30 RESERVED
31 CVE-2010-0102
32 RESERVED
33 CVE-2010-0101
34 RESERVED
35 CVE-2010-0100
36 RESERVED
37 CVE-2010-0099
38 RESERVED
39 CVE-2010-0098
40 RESERVED
41 CVE-2010-0097
42 RESERVED
43 CVE-2010-0096
44 RESERVED
45 CVE-2009-4538
46 RESERVED
47 CVE-2009-4537
48 RESERVED
49 CVE-2009-4536
50 RESERVED
51 CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...)
52 NOT-FOR-US: Mongoose
53 CVE-2009-4534 (Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before ...)
54 NOT-FOR-US: module for Drupal
55 CVE-2009-4533 (The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module ...)
56 NOT-FOR-US: module for Drupal
57 CVE-2009-4532 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x ...)
58 NOT-FOR-US: module for Drupal
59 CVE-2009-4531 (httpdx 1.4.4 and earlier allows remote attackers to obtain the source ...)
60 NOT-FOR-US: httpdx
61 CVE-2009-4530 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...)
62 NOT-FOR-US: Mongoose
63 CVE-2009-4529 (InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote ...)
64 NOT-FOR-US: InterVations NaviCOPA Web Server
65 CVE-2009-4528 (The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for ...)
66 NOT-FOR-US: module for Drupal
67 CVE-2009-4527 (The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before ...)
68 NOT-FOR-US: module for Drupal
69 CVE-2009-4526 (The Send by e-mail sub-module in the Print (aka Printer, e-mail and ...)
70 NOT-FOR-US: module for Drupal
71 CVE-2009-4525 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...)
72 NOT-FOR-US: module for Drupal
73 CVE-2009-4524 (Cross-site scripting (XSS) vulnerability in the RealName module ...)
74 NOT-FOR-US: module for Drupal
75 CVE-2009-4523 (Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 ...)
76 NOT-FOR-US: Zainu
77 CVE-2009-4522 (Cross-site scripting (XSS) vulnerability in search.5.html in ...)
78 NOT-FOR-US: BloofoxCMS
79 CVE-2009-4521 (Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse ...)
80 NOT-FOR-US: Eclipse Business Intelligence and Reporting Tools
81 CVE-2009-4520 (The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before ...)
82 NOT-FOR-US: module for Drupal
83 CVE-2009-4519 (Multiple unspecified vulnerabilities in Ortro before 1.3.4 have ...)
84 NOT-FOR-US: Ortro
85 CVE-2009-4518 (Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x ...)
86 NOT-FOR-US: module for Drupal
87 CVE-2009-4517 (Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module ...)
88 NOT-FOR-US: module for Drupal
89 CVE-2009-4516 (Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and ...)
90 NOT-FOR-US: module for Drupal
91 CVE-2009-4515 (The Storm module 6.x before 6.x-1.25 for Drupal does not enforce ...)
92 NOT-FOR-US: module for Drupal
93 CVE-2009-4514 (Cross-site scripting (XSS) vulnerability in the OpenSocial ...)
94 NOT-FOR-US: module for Drupal
95 CVE-2009-4513 (Multiple cross-site scripting (XSS) vulnerabilities in the Workflow ...)
96 NOT-FOR-US: module for Drupal
97 CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3, when ...)
98 NOT-FOR-US: Oscailt
99 CVE-2009-4511
100 RESERVED
101 CVE-2009-4510
102 RESERVED
103 CVE-2009-4509
104 RESERVED
105 CVE-2009-4508
106 RESERVED
107 CVE-2009-4507
108 RESERVED
109 CVE-2009-4506
110 RESERVED
111 CVE-2009-4505
112 RESERVED
113 CVE-2009-4504
114 RESERVED
115 CVE-2009-4503
116 RESERVED
117 CVE-2009-4502 (The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, ...)
118 - zabbix 1:1.8-1 (bug #562613)
119 CVE-2009-4501 (The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix ...)
120 - zabbix 1:1.8-1 (bug #562613)
121 CVE-2009-4500 (The process_trap function in trapper/trapper.c in Zabbix Server before ...)
122 - zabbix 1:1.8-1 (bug #562613)
123 CVE-2009-4499 (SQL injection vulnerability in the get_history_lastid function in the ...)
124 - zabbix 1:1.8-1 (bug #562613)
125 CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...)
126 - zabbix 1:1.8-1 (bug #562613)
127 CVE-2009-4497 [XSS in LXR]
128 RESERVED
129 - lxr-cvs <unfixed>
130 NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
131 CVE-2009-4496
132 RESERVED
133 CVE-2009-4495
134 RESERVED
135 CVE-2009-4494
136 RESERVED
137 CVE-2009-4493
138 RESERVED
139 CVE-2009-4492
140 RESERVED
141 CVE-2009-4491
142 RESERVED
143 CVE-2009-4490
144 RESERVED
145 CVE-2009-4489
146 RESERVED
147 CVE-2009-4488
148 RESERVED
149 CVE-2009-4487
150 RESERVED
151 CVE-2009-4486
152 RESERVED
153 CVE-2009-4485
154 RESERVED
155 CVE-2009-4484 (Buffer overflow in the server in MySQL 5.0.51a on Linux allows remote ...)
156 - mysql-dfsg-5.0 <removed>
157 TODO: check
158 CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...)
159 NOT-FOR-US: MailSite
160 CVE-2009-4482 (Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote ...)
161 NOT-FOR-US: TVersity
162 CVE-2009-4481 (Unspecified vulnerability in radiusd in FreeRADIUS 1.1.7 allows remote ...)
163 - freeradius <unfixed>
164 TODO: check
165 CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might ...)
166 NOT-FOR-US: AzeoTech DAQFactory
167 CVE-2009-4479 (LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial ...)
168 NOT-FOR-US: MailSite
169 CVE-2009-4478 (Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real ...)
170 NOT-FOR-US: Xstate Real Estate
171 CVE-2009-4477 (SQL injection vulnerability in page.html in Xstate Real Estate 1.0 ...)
172 NOT-FOR-US: Xstate Real Estate
173 CVE-2009-4476 (Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before ...)
174 NOT-FOR-US: HAURI ViRobot Desktop
175 CVE-2009-4475 (SQL injection vulnerability in the Joomlub (com_joomlub) component for ...)
176 NOT-FOR-US: Joomla! component
177 CVE-2009-4474 (SQL injection vulnerability in the Mike de Boer zoom (com_zoom) ...)
178 NOT-FOR-US: Mambo component
179 CVE-2009-4473 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
180 NOT-FOR-US: Ektron CMS400.NET
181 CVE-2009-4472 (Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and ...)
182 NOT-FOR-US: PHPope
183 CVE-2009-4471 (Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 ...)
184 NOT-FOR-US: FreeSchool
185 CVE-2009-4470 (SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows ...)
186 NOT-FOR-US: DVBBS
187 CVE-2009-4469 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
188 NOT-FOR-US: phpPowerCards
189 CVE-2009-4468 (Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 ...)
190 NOT-FOR-US: DeluxeBB
191 CVE-2009-4467 (misc.php in DeluxeBB 1.3 allows remote attackers to register accounts ...)
192 NOT-FOR-US: DeluxeBB
193 CVE-2009-4466 (DeluxeBB 1.3 allows remote attackers to obtain sensitive information ...)
194 NOT-FOR-US: DeluxeBB
195 CVE-2009-4465 (DeluxeBB 1.3 stores sensitive information under the web root with ...)
196 NOT-FOR-US: DeluxeBB
197 CVE-2009-4464 (Cross-site scripting (XSS) vulnerability in searchadvance.asp in ...)
198 NOT-FOR-US: Active Business Directory
199 CVE-2009-4463 (The firmware for Intellicom NetBiter WebSCADA uses hard-coded ...)
200 NOT-FOR-US: Intellicom NetBiter WebSCADA
201 CVE-2009-4462 (Stack-based buffer overflow in NetBiterConfig.exe 1.3.0 in Intellicom ...)
202 NOT-FOR-US: Intellicom NetBiter WebSCADA
203 CVE-2009-4461 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 ...)
204 - flatpress <itp> (bug #466297)
205 CVE-2009-4460 (Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf ...)
206 NOT-FOR-US: Auto-Surf Traffic Exchange Script
207 CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the ...)
208 - redmine <unfixed> (bug #563940)
209 CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report ...)
210 - sarg <unfixed>
211 TODO: check
212 CVE-2008-7249 (Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and ...)
213 - sarg <unfixed>
214 TODO: check
215 CVE-2009-XXXX [sendmail ssl cert spoofing via NUL character]
216 - sendmail <unfixed>
217 TODO: check
218 NOTE: http://www.sendmail.org/releases/8.14.4
219 CVE-2009-XXXX [pidgin local file disclosure vuln]
220 - pidgin <unfixed> (medium; bug #563206)
221 - gaim <removed>
222 TODO: check stable and oldstable (i.e. gaim)
223 NOTE: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
224 CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 ...)
225 - freepbx <itp> (bug #464926)
226 CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module ...)
227 - webmin <itp> (bug #377948)
228 CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny ...)
229 NOT-FOR-US: Green Desktiny
230 CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive Security ...)
231 NOT-FOR-US: Cisco
232 CVE-2009-4454 (vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user ...)
233 - videocache <itp> (bug #505329)
234 CVE-2009-4453 (Insecure method vulnerability in SoftCab Sound Converter ActiveX ...)
235 NOT-FOR-US: SoftCab Sound Converter ActiveX
236 CVE-2009-4452 (Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; ...)
237 NOT-FOR-US: Kaspersky Anti-Viru
238 CVE-2009-4451 (Unrestricted file upload vulnerability in upper.php in kandalf upper ...)
239 NOT-FOR-US: kandalf upper
240 CVE-2009-4450 (Multiple cross-site scripting (XSS) vulnerabilities in map.php in ...)
241 NOT-FOR-US: LiveZilla
242 CVE-2009-4449 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) ...)
243 NOT-FOR-US: MyBB
244 CVE-2009-4448 (inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and ...)
245 NOT-FOR-US: MyBB
246 CVE-2009-4447 (Jax Guestbook 3.5.0 allows remote attackers to bypass authentication ...)
247 NOT-FOR-US: Jax Guestbook
248 CVE-2009-4446 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
249 NOT-FOR-US: phpInstantGallery
250 CVE-2009-4445 (Microsoft Internet Information Services (IIS), when used in ...)
251 NOT-FOR-US: Microsoft
252 CVE-2009-4444 (Microsoft Internet Information Services (IIS) 5.x and 6.x uses only ...)
253 NOT-FOR-US: Microsoft
254 CVE-2009-4443 (Unspecified vulnerability in the psearch (aka persistent search) ...)
255 NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
256 CVE-2009-4442 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...)
257 NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
258 CVE-2009-4441 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...)
259 NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
260 CVE-2009-4440 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...)
261 NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
262 CVE-2009-4439 (Unspecified vulnerability in the Query Compiler, Rewrite, and ...)
263 NOT-FOR-US: DB2
264 CVE-2009-4438 (The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 ...)
265 NOT-FOR-US: DB2
266 CVE-2009-4437 (Multiple SQL injection vulnerabilities in Active Auction House 3.6 ...)
267 NOT-FOR-US: Active Auction House 3.6
268 CVE-2009-4436 (Multiple SQL injection vulnerabilities in Active Web Softwares ...)
269 NOT-FOR-US: Active Web Softwares eWebquiz
270 CVE-2009-4435 (Multiple directory traversal vulnerabilities in F3Site 2009 allow ...)
271 NOT-FOR-US: F3Site 2009
272 CVE-2009-4434 (Directory traversal vulnerability in index.php in IDevSpot iSupport ...)
273 NOT-FOR-US: IDevSpot
274 CVE-2009-4433 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...)
275 NOT-FOR-US: IDevSpot
276 CVE-2009-4432 (SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 ...)
277 NOT-FOR-US: CodeMight VideoCMS
278 CVE-2009-4431 (PHP remote file inclusion vulnerability in cal_popup.php in the ...)
279 NOT-FOR-US: Joomla addon
280 CVE-2009-4430 (SQL injection vulnerability in index.php in VirtueMart 1.0 allows ...)
281 NOT-FOR-US: VirtueMart
282 CVE-2009-4429 (Cross-site scripting (XSS) vulnerability in the Sections module 5.x ...)
283 NOT-FOR-US: Drupal addon
284 CVE-2009-4428 (SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) ...)
285 NOT-FOR-US: Joomla addon
286 CVE-2009-4427 (Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 ...)
287 {DSA-1965-1}
288 - phpldapadmin 1.1.0.7-1.1 (medium; bug #561975)
289 [etch] - phpldapadmin <not-affected> (Vulnerable code not present)
290 CVE-2009-4426 (Multiple directory traversal vulnerabilities in Ignition 1.2, when ...)
291 NOT-FOR-US: Ignition
292 CVE-2009-4425 (Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 ...)
293 NOT-FOR-US: iDevCart
294 CVE-2009-4424 (SQL injection vulnerability in results.php in the Pyrmont plugin 2 for ...)
295 NOT-FOR-US: Wordpress plugin
296 CVE-2009-XXXX [ampache DoS and CSRF]
297 - ampache 3.5.3-1 (low)
298 [lenny] - ampache <no-dsa> (minor issue)
299 TODO: request CVE and publish more details
300 CVE-2009-4423 (SQL injection vulnerability in index.php in weenCompany 4.0.0 allows ...)
301 NOT-FOR-US: weenCompany
302 CVE-2009-4422 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
303 - libphp-jpgraph <unfixed> (low; bug #562633)
304 CVE-2009-4421 (Directory traversal vulnerability in languages_cgi.php in Simple PHP ...)
305 NOT-FOR-US: Simple PHP Blog
306 CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Application ...)
307 NOT-FOR-US: F5 Networks BIG-IP Application Security Manager (ASM) and Protocol Security Manager (PSM)
308 CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...)
309 NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets
310 CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...)
311 - php5 <unfixed> (unimportant)
312 NOTE: Only exploitable by malicious script, not treated as a security issue
313 NOTE: per Debian PHP security policy
314 CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend ...)
315 NOTE: the CVE talks about the Zend Framework, but the culprit
316 NOTE: is actually piwik
317 TODO: discuss it on oss-sec
318 CVE-2009-4416 (Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare ...)
319 - phpgroupware 1:0.9.16.012+dfsg-9
320 CVE-2009-4415 (Multiple directory traversal vulnerabilities in phpGroupWare ...)
321 - phpgroupware 1:0.9.16.012+dfsg-9
322 CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in ...)
323 - phpgroupware 1:0.9.16.012+dfsg-9
324 CVE-2009-4412 (Unrestricted file upload vulnerability in Serendipity before 1.5 ...)
325 - serendipity <unfixed> (low; bug #562634)
326 CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...)
327 - acl <unfixed> (low; bug #499076)
328 [etch] - acl <not-affected> (Vulnerable code not present)
329 NOTE: bug was closed but the fix seems incomplete
330 NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076#51
331 CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)
332 NOT-FOR-US: Internet Initiative Japan SEIL/B1 firmware
333 CVE-2009-4408 (Multiple cross-site scripting (XSS) vulnerabilities in models.parser ...)
334 NOT-FOR-US: PyForum
335 CVE-2009-4407 (Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum ...)
336 NOT-FOR-US: PyForum
337 CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American ...)
338 NOT-FOR-US: APC Switched Rack PDU AP7932 B2
339 CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have ...)
340 - trac 0.11.6-1
341 CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 ...)
342 - t-prot 2.8-1 (low)
343 CVE-2009-4403 (Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 ...)
344 NOT-FOR-US: Rumba XML
345 CVE-2009-4402 (The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...)
346 - sql-ledger <unfixed> (bug #562639)
347 CVE-2009-4410 (The fuse_ioctl_copy_user function in the ioctl handler in ...)
348 - linux-2.6 2.6.32-1 (low)
349 [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
350 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
351 - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
352 CVE-2009-4401 (SQL injection vulnerability in the Parish Administration Database ...)
353 NOT-FOR-US: ste_parish_admin typo3 extension
354 CVE-2009-4400 (Cross-site scripting (XSS) vulnerability in the Parish Administration ...)
355 NOT-FOR-US: ste_parish_admin typo3 extension
356 CVE-2009-4399 (SQL injection vulnerability in the Parish of the Holy Spirit Religious ...)
357 NOT-FOR-US: hs_religiousartgallery typo3 extension
358 CVE-2009-4398 (Cross-site scripting (XSS) vulnerability in the Parish of the Holy ...)
359 NOT-FOR-US: hs_religiousartgallery typo3 extension
360 CVE-2009-4397 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth ...)
361 NOT-FOR-US: pd_resources typo3 extension
362 CVE-2009-4396 (SQL injection vulnerability in the Diocese of Portsmouth Resources ...)
363 NOT-FOR-US: pd_resources typo3 extension
364 CVE-2009-4395 (Cross-site scripting (XSS) vulnerability in the Random Prayer 2 ...)
365 NOT-FOR-US: ste_prayer2 typo3 extension
366 CVE-2009-4394 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) ...)
367 NOT-FOR-US: ste_prayer2 typo3 extension
368 CVE-2009-4393 (SQL injection vulnerability in the Document Directorys ...)
369 NOT-FOR-US: danp_documentdirs
370 CVE-2009-4392 (SQL injection vulnerability in the XDS Staff List (xds_staff) ...)
371 NOT-FOR-US: xds_staff typo3 extension
372 CVE-2009-4391 (Cross-site scripting (XSS) vulnerability in the File list (dr_blob) ...)
373 NOT-FOR-US: dr_blob typo3 extension
374 CVE-2009-4390 (SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 ...)
375 NOT-FOR-US: car typo3 extension
376 CVE-2009-4389 (Unspecified vulnerability in the Watchdog (aba_watchdog) extension ...)
377 NOT-FOR-US: aba_watchdog typo3 extension
378 CVE-2009-4388 (Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) ...)
379 NOT-FOR-US: nl_listman typo3 extension
380 CVE-2009-4387 (The cross-site scripting (XSS) protection mechanism in ...)
381 NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
382 CVE-2009-4386 (SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur ...)
383 NOT-FOR-US: Venalsur Booking Centre Booking System
384 CVE-2009-4385 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
385 NOT-FOR-US: Scriptsez.net Ez Poll Hoster
386 CVE-2009-4384 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
387 NOT-FOR-US: Scriptsez.net Ez Poll Hoster
388 CVE-2009-4383 (Directory traversal vulnerability in Pforum.php in Rocomotion P forum ...)
389 NOT-FOR-US: Rocomotion P forum
390 CVE-2009-4382 (Cross-site scripting (XSS) vulnerability in module.php in PHPFABER ...)
391 NOT-FOR-US: PHPFABER CMS
392 CVE-2009-4381 (Cross-site scripting (XSS) vulnerability in index.php in texmedia ...)
393 NOT-FOR-US: texmedia Million Pixel Script
394 CVE-2009-4380 (Multiple SQL injection vulnerabilities in Valarsoft Webmatic before ...)
395 NOT-FOR-US: Valarsoft Webmatic
396 CVE-2009-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft ...)
397 NOT-FOR-US: Valarsoft Webmatic
398 CVE-2010-0095
399 RESERVED
400 CVE-2010-0094
401 RESERVED
402 CVE-2010-0093
403 RESERVED
404 CVE-2010-0092
405 RESERVED
406 CVE-2010-0091
407 RESERVED
408 CVE-2010-0090
409 RESERVED
410 CVE-2010-0089
411 RESERVED
412 CVE-2010-0088
413 RESERVED
414 CVE-2010-0087
415 RESERVED
416 CVE-2010-0086
417 RESERVED
418 CVE-2010-0085
419 RESERVED
420 CVE-2010-0084
421 RESERVED
422 CVE-2010-0083
423 RESERVED
424 CVE-2010-0082
425 RESERVED
426 CVE-2010-0081
427 RESERVED
428 CVE-2010-0080
429 RESERVED
430 CVE-2010-0079
431 RESERVED
432 CVE-2010-0078
433 RESERVED
434 CVE-2010-0077
435 RESERVED
436 CVE-2010-0076
437 RESERVED
438 CVE-2010-0075
439 RESERVED
440 CVE-2010-0074
441 RESERVED
442 CVE-2010-0073
443 RESERVED
444 CVE-2010-0072
445 RESERVED
446 CVE-2010-0071
447 RESERVED
448 CVE-2010-0070
449 RESERVED
450 CVE-2010-0069
451 RESERVED
452 CVE-2010-0068
453 RESERVED
454 CVE-2010-0067
455 RESERVED
456 CVE-2010-0066
457 RESERVED
458 CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4, when running on ...)
459 - wireshark <not-affected> (Windows-specific)
460 CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 ...)
461 - wireshark 1.2.5-1
462 [lenny] - wireshark <no-dsa> (Minor issue)
463 [etch] - wireshark <no-dsa> (Minor issue)
464 CVE-2009-4376 (Buffer overflow in the daintree_sna_read function in the Daintree SNA ...)
465 - wireshark 1.2.5-1
466 [lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
467 [etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
468 CVE-2009-4375 (SQL injection vulnerability in repository/repository_attachment.php in ...)
469 NOT-FOR-US: AlienVault Open Source Security Information Management
470 CVE-2009-4374 (Directory traversal vulnerability in ...)
471 NOT-FOR-US: AlienVault Open Source Security Information Management
472 CVE-2009-4373 (Unrestricted file upload vulnerability in ...)
473 NOT-FOR-US: AlienVault Open Source Security Information Management
474 CVE-2009-4372 (AlienVault Open Source Security Information Management (OSSIM) 2.1.5, ...)
475 NOT-FOR-US: AlienVault Open Source Security Information Management
476 CVE-2009-4371 (Cross-site scripting (XSS) vulnerability in the Locale module ...)
477 - drupal6 <unfixed> (low; bug #562165)
478 [lenny] - drupal6 <no-dsa> (Minor issue, requires auth)
479 CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module ...)
480 - drupal6 <unfixed> (low; bug #562165)
481 [lenny] - drupal6 <no-dsa> (Minor issue, requires auth)
482 CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module ...)
483 - drupal6 <unfixed> (low; bug #562165)
484 [lenny] - drupal6 <no-dsa> (Minor issue, requires auth)
485 - drupal5 <unfixed> (low)
486 CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have ...)
487 NOT-FOR-US: Centreon
488 CVE-2009-4367 (The Staging Webservice (&quot;sitecore modules/staging/service/api.asmx&quot;) ...)
489 NOT-FOR-US: Sitecore Staging Module
490 CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
491 NOT-FOR-US: ScriptsEz Ez Blog
492 CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
493 NOT-FOR-US: ScriptsEz Ez Blog
494 CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
495 NOT-FOR-US: ScriptsEz Ez Blog
496 CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application ...)
497 - horde3 3.3.6+debian0-1 (low)
498 CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users ...)
499 NOT-FOR-US: IBM AIX
500 CVE-2009-4361 (Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users ...)
501 NOT-FOR-US: IBM AIX
502 CVE-2009-4360 (SQL injection vulnerability in modules/content/index.php in the ...)
503 NOT-FOR-US: XOOPS
504 CVE-2009-4359 (Cross-site scripting (XSS) vulnerability in folder.php in the ...)
505 NOT-FOR-US: XOOPS
506 CVE-2009-4358 (freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure ...)
507 NOT-FOR-US: freebsd-update
508 CVE-2009-4357 (CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 ...)
509 NOT-FOR-US: IBM Rational ClearQuest
510 CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in ...)
511 NOT-FOR-US: Winamp
512 CVE-2009-4355
513 RESERVED
514 CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not ...)
515 NOT-FOR-US: TransWARE Active
516 CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 ...)
517 NOT-FOR-US: TransWARE Active
518 CVE-2009-4352 (Multiple cross-site scripting (XSS) vulnerabilities in TransWARE ...)
519 NOT-FOR-US: TransWARE Active
520 CVE-2009-4351 (SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, ...)
521 NOT-FOR-US: WSCreator
522 CVE-2009-4350 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 ...)
523 NOT-FOR-US: Arctic Issue Tracker
524 CVE-2009-4349 (Cross-site request forgery (CSRF) vulnerability in ...)
525 NOT-FOR-US: Link Up Gold
526 CVE-2009-4348 (Cross-site scripting (XSS) vulnerability in index.php in Harold ...)
527 NOT-FOR-US: Harold Bakker's NewsScript
528 CVE-2009-4347 (Cross-site scripting (XSS) vulnerability in daloradius-users/login.php ...)
529 NOT-FOR-US: daloRADIUS
530 CVE-2009-4346 (Cross-site scripting (XSS) vulnerability in the Frontend news ...)
531 NOT-FOR-US: fe_rtenews typo3 extension
532 CVE-2009-4345 (Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) ...)
533 NOT-FOR-US: vShoutbox typo3 extension
534 CVE-2009-4344 (Cross-site scripting (XSS) vulnerability in the ZID Linkliste ...)
535 NOT-FOR-US: zid_linklist typo3 extension
536 CVE-2009-4343 (Cross-site scripting (XSS) vulnerability in the Training Company ...)
537 NOT-FOR-US: trainincdb typo3 extension
538 CVE-2009-4342 (SQL injection vulnerability in the Job Exchange (jobexchange) ...)
539 NOT-FOR-US: jobexchange typo3 extension
540 CVE-2009-4341 (SQL injection vulnerability in the No indexed Search ...)
541 NOT-FOR-US: no_indexed_search typo3 extension
542 CVE-2009-4340 (Cross-site scripting (XSS) vulnerability in the No indexed Search ...)
543 NOT-FOR-US: no_indexed_search typo3 extension
544 CVE-2009-4339 (SQL injection vulnerability in the Subscription (mf_subscription) ...)
545 NOT-FOR-US: mf_subscription typo3 extension
546 CVE-2009-4338 (SQL injection vulnerability in the Flash SlideShow (slideshow) ...)
547 NOT-FOR-US: slideshow typo3 extension
548 CVE-2009-4337 (SQL injection vulnerability in the Diocese of Portsmouth Calendar ...)
549 NOT-FOR-US: pd_calendar typo3 extension
550 CVE-2009-4336 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth ...)
551 NOT-FOR-US: pd_calendar typo3 extension
552 CVE-2009-4335 (Multiple unspecified vulnerabilities in bundled stored procedures in ...)
553 NOT-FOR-US: IBM DB2
554 CVE-2009-4334 (The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before ...)
555 NOT-FOR-US: IBM DB2
556 CVE-2009-4333 (The Relational Data Services component in IBM DB2 9.5 before FP5 ...)
557 NOT-FOR-US: IBM DB2
558 CVE-2009-4332 (db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 ...)
559 NOT-FOR-US: IBM DB2
560 CVE-2009-4331 (The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 ...)
561 NOT-FOR-US: IBM DB2
562 CVE-2009-4330 (Unspecified vulnerability in db2licm in the Engine Utilities component ...)
563 NOT-FOR-US: IBM DB2
564 CVE-2009-4329 (Unspecified vulnerability in the Engine Utilities component in IBM DB2 ...)
565 NOT-FOR-US: IBM DB2
566 CVE-2009-4328 (Unspecified vulnerability in the DRDA Services component in IBM DB2 ...)
567 NOT-FOR-US: IBM DB2
568 CVE-2009-4327 (The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and ...)
569 NOT-FOR-US: IBM DB2
570 CVE-2009-4326 (The RAND scalar function in the Common Code Infrastructure component ...)
571 NOT-FOR-US: IBM DB2
572 CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before ...)
573 NOT-FOR-US: IBM DB2
574 CVE-2009-XXXX [libapache2-mod-php5: potential disclosure of private php files]
575 - php5 5.2.11.dfsg.1-2 (low; bug #562006)
576 NOTE: not sure if it should be treated as an issue, probably not
577 CVE-2009-XXXX [libhaml-ruby XSS issue]
578 - libhaml-ruby 2.2.8-1
579 CVE-2009-XXXX [roundup: unspecified issue]
580 - roundup 1.4.11-1
581 CVE-2009-XXXX [php5 uksort() interruption memory corruption]
582 - php5 <unfixed> (low)
583 NOTE: CVE requested
584 CVE-2009-XXXX [php5 usort interruption memory corruption]
585 - php5 5.2.11.dfsg.1-1 (low)
586 TODO: protection was weak in .11, re-check .12 changes
587 NOTE: CVE requested
588 NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
589 CVE-2009-XXXX [php5 explode() information leak]
590 - php5 5.2.11.dfsg.1-1 (low)
591 NOTE: CVE requested
592 NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
593 CVE-2009-XXXX [php5 serialize() information leak]
594 - php5 5.2.11.dfsg.1-1 (low)
595 NOTE: CVE requested
596 NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
597 CVE-2010-0065
598 RESERVED
599 CVE-2010-0064
600 RESERVED
601 CVE-2010-0063
602 RESERVED
603 CVE-2010-0062
604 RESERVED
605 CVE-2010-0061
606 RESERVED
607 CVE-2010-0060
608 RESERVED
609 CVE-2010-0059
610 RESERVED
611 CVE-2010-0058
612 RESERVED
613 CVE-2010-0057
614 RESERVED
615 CVE-2010-0056
616 RESERVED
617 CVE-2010-0055
618 RESERVED
619 CVE-2010-0054
620 RESERVED
621 CVE-2010-0053
622 RESERVED
623 CVE-2010-0052
624 RESERVED
625 CVE-2010-0051
626 RESERVED
627 CVE-2010-0050
628 RESERVED
629 CVE-2010-0049
630 RESERVED
631 CVE-2010-0048
632 RESERVED
633 CVE-2010-0047
634 RESERVED
635 CVE-2010-0046
636 RESERVED
637 CVE-2010-0045
638 RESERVED
639 CVE-2010-0044
640 RESERVED
641 CVE-2010-0043
642 RESERVED
643 CVE-2010-0042
644 RESERVED
645 CVE-2010-0041
646 RESERVED
647 CVE-2010-0040
648 RESERVED
649 CVE-2010-0039
650 RESERVED
651 CVE-2010-0038
652 RESERVED
653 CVE-2010-0037
654 RESERVED
655 CVE-2010-0036
656 RESERVED
657 CVE-2010-0035
658 RESERVED
659 CVE-2010-0034
660 RESERVED
661 CVE-2010-0033
662 RESERVED
663 CVE-2010-0032
664 RESERVED
665 CVE-2010-0031
666 RESERVED
667 CVE-2010-0030
668 RESERVED
669 CVE-2010-0029
670 RESERVED
671 CVE-2010-0028
672 RESERVED
673 CVE-2010-0027
674 RESERVED
675 CVE-2010-0026
676 RESERVED
677 CVE-2010-0025
678 RESERVED
679 CVE-2010-0024
680 RESERVED
681 CVE-2010-0023
682 RESERVED
683 CVE-2010-0022
684 RESERVED
685 CVE-2010-0021
686 RESERVED
687 CVE-2010-0020
688 RESERVED
689 CVE-2010-0019
690 RESERVED
691 CVE-2010-0018
692 RESERVED
693 CVE-2010-0017
694 RESERVED
695 CVE-2010-0016
696 RESERVED
697 CVE-2010-0015
698 RESERVED
699 CVE-2010-0014
700 RESERVED
701 CVE-2010-0013
702 RESERVED
703 CVE-2010-0012 [transmission directory traversal when processing .torrent files]
704 RESERVED
705 - transmission 1.77-1 (low)
706 TODO: check affected versions
707 NOTE: http://trac.transmissionbt.com/changeset/9829/
708 NOTE: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/500625
709 CVE-2010-0011 [remote code execution through the "run" function]
710 RESERVED
711 - uzbl 0.0.0~git.20100105-1 (medium)
712 NOTE: http://www.uzbl.org/news.php?id=22
713 NOTE: maintainer is aware of it
714 CVE-2010-0010
715 RESERVED
716 CVE-2010-0009
717 RESERVED
718 CVE-2010-0008
719 RESERVED
720 CVE-2010-0007
721 RESERVED
722 CVE-2010-0006
723 RESERVED
724 CVE-2010-0005
725 RESERVED
726 CVE-2010-0004
727 RESERVED
728 CVE-2010-0003
729 RESERVED
730 CVE-2010-0002
731 RESERVED
732 CVE-2010-0001
733 RESERVED
734 CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in ...)
735 NOT-FOR-US: Adobe Reader and Acrobat 8.0
736 CVE-2009-4323 (The installation for Zen Cart stores sensitive information and ...)
737 NOT-FOR-US: Zen Cart
738 CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers to ...)
739 NOT-FOR-US: Zen Cart
740 CVE-2009-4321 (extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other ...)
741 NOT-FOR-US: Zen Cart
742 CVE-2009-4320 (Cross-site scripting (XSS) vulnerability in searchform.php in The Next ...)
743 NOT-FOR-US: The Next Generation of Genealogy Sitebuilding
744 CVE-2009-4319 (PHP remote file inclusion vulnerability in ...)
745 NOT-FOR-US: eoCMS
746 CVE-2009-4318 (Cross-site scripting (XSS) vulnerability in index.php in Real Estate ...)
747 NOT-FOR-US: Real Estate Manager
748 CVE-2009-4317 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
749 NOT-FOR-US: ScriptsEz
750 CVE-2009-4316 (Cross-site scripting (XSS) vulnerability in searchresults_main.php in ...)
751 NOT-FOR-US: ZeeLyrics
752 CVE-2009-4315 (Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS ...)
753 NOT-FOR-US: Nuggetz CMS
754 CVE-2009-4314 (Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group ...)
755 NOT-FOR-US: Sun Ray Server Software
756 CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 ...)
757 NOT-FOR-US: Microsoft
758 CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
759 NOT-FOR-US: Microsoft
760 CVE-2009-4311 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
761 NOT-FOR-US: Microsoft
762 CVE-2009-4310 (Stack-based buffer overflow in the Intel Indeo41 codec for Windows ...)
763 NOT-FOR-US: Microsoft
764 CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for Windows ...)
765 NOT-FOR-US: Microsoft
766 CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 ...)
767 - linux-2.6 2.6.32-1 (medium)
768 [etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19)
769 - linux-2.6.24 <removed> (medium)
770 CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux ...)
771 - linux-2.6 2.6.32-2 (low)
772 [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
773 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
774 - linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.27)
775 CVE-2009-4306 (Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ...)
776 - linux-2.6 2.6.32-2 (medium)
777 [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
778 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
779 - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
780 CVE-2009-4291
781 RESERVED
782 CVE-2009-4290
783 RESERVED
784 CVE-2009-4289
785 RESERVED
786 CVE-2009-4288
787 RESERVED
788 CVE-2009-4287
789 RESERVED
790 CVE-2009-4286
791 RESERVED
792 CVE-2009-4285
793 RESERVED
794 CVE-2009-4284
795 RESERVED
796 CVE-2009-4283
797 RESERVED
798 CVE-2009-4282
799 RESERVED
800 CVE-2009-4281
801 RESERVED
802 CVE-2009-4280
803 RESERVED
804 CVE-2009-4279
805 RESERVED
806 CVE-2009-4278
807 RESERVED
808 CVE-2009-4277
809 RESERVED
810 CVE-2009-4276
811 RESERVED
812 CVE-2009-4275
813 RESERVED
814 CVE-2009-4274
815 RESERVED
816 CVE-2009-4273
817 RESERVED
818 CVE-2009-4272
819 RESERVED
820 CVE-2009-4271
821 RESERVED
822 CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...)
823 - ghostscript <unfixed> (medium; bug #562643)
824 CVE-2009-4269
825 RESERVED
826 CVE-2009-4268
827 RESERVED
828 CVE-2009-4267
829 RESERVED
830 CVE-2009-XXXX [gnome-screensaver inhibitor not removed when connection is closed]
831 - gnome-screensaver <unfixed> (low; bug #560895)
832 [etch] - gnome-screensaver <no-dsa> (minor issue)
833 [lenny] - gnome-screensaver <no-dsa> (minor issue)
834 TODO: request CVE id
835 NOTE: the code in etch's version is more different but it seems to be affected
836 NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=284c9924969a49dbf2d5fae1d680d3310c4df4a3
837 CVE-2009-XXXX [gif2png multiple buffer overflows parsing CLI arguments]
838 - gif2png 2.5.2-1 (low; bug #550978)
839 [etch] - gif2png <no-dsa> (minor issue)
840 [lenny] - gif2png <no-dsa> (minor issue)
841 CVE-2009-XXXX [browser-based css info disclosure]
842 - xulrunner <unfixed> (unimportant; bug #560108)
843 - webkit <unfixed> (unimportant; bug #560870)
844 - qt4-x11 <unfixed> (unimportant; bug #561754)
845 - kdelibs <unfixed> (unimportant; bug #561752)
846 - kde4libs <unfixed> (unimportant; bug #561753)
847 - kazehakase <unfixed> (unimportant; bug #560871)
848 - epiphany-browser <unfixed> (unimportant; bug #560872)
849 - galeon <unfixed> (unimportant; bug #560873)
850 - dillo <unfixed> (unimportant; bug #560874)
851 NOTE: Minor design issue
852 CVE-2009-XXXX [xpat2: save game permissions issue]
853 - xpat2 <unfixed> (unimportant; bug #560087)
854 CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured ...)
855 - network-manager-applet <unfixed> (low; bug #560067)
856 - network-manager 0.6.5-1 (low)
857 [lenny] - network-manager-applet <no-dsa> (minor issue)
858 [etch] - network-manager <no-dsa> (minor issue)
859 NOTE: network-manager in lenny not affected, because it is in network-manager-applet
860 CVE-2009-XXXX [unsafe xfs]
861 - xfs 1:1.0.8-6 (low; bug #521107)
862 [etch] - xfs <no-dsa> (minor issue)
863 [lenny] - xfs <no-dsa> (minor issue)
864 TODO: next point update: [lenny] - xfs 1:1.0.8-2.2+lenny1
865 CVE-2009-XXXX [xserver-xorg: inherits user's mask]
866 - xserver-xorg-core 2:1.7.2-1 (low; bug #555308)
867 CVE-2009-4296 (SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and ...)
868 NOT-FOR-US: Taxonomy Timer module for Drupal
869 CVE-2009-4295 (Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA ...)
870 NOT-FOR-US: Sun Ray Server Software
871 CVE-2009-4294 (Unspecified vulnerability in the Authentication Manager (aka utauthd) ...)
872 NOT-FOR-US: Sun Ray Server Software
873 CVE-2009-4293 (Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 ...)
874 NOT-FOR-US: Internet Initiative Japan
875 CVE-2009-4292 (Buffer overflow in the URL filtering function in Internet Initiative ...)
876 NOT-FOR-US: Internet Initiative Japan
877 CVE-2009-4266 (Cross-site scripting (XSS) vulnerability in search.php in YABSoft ...)
878 NOT-FOR-US: YABSoft Advanced Image Hosting (AIH) Script
879 CVE-2009-4265 (Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and ...)
880 NOT-FOR-US: Ideal Administration
881 CVE-2009-4264 (PHP remote file inclusion vulnerability in components/core/connect.php ...)
882 NOT-FOR-US: AROUNDMe
883 CVE-2009-4263 (SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 ...)
884 NOT-FOR-US: PTCPay
885 CVE-2009-4262 (Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to ...)
886 NOT-FOR-US: Harold Bakker's Newscript HB-NS
887 CVE-2009-XXXX [php-net-ping argument injection]
888 - php-net-ping 2.4.2-1.1 (medium)
889 [etch] - php-net-ping 2.4.2-1+etch1
890 [lenny] - php-net-ping 2.4.2-1+lenny1
891 CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8 before ...)
892 - moodle <unfixed> (medium; bug #559531)
893 NOTE: MSA-09-0031
894 CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ...)
895 - moodle <unfixed> (bug #559531)
896 NOTE: MSA-09-0029
897 CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password ...)
898 - moodle <unfixed> (bug #559531)
899 NOTE: MSA-09-0028
900 CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ...)
901 - moodle <unfixed> (bug #559531)
902 NOTE: MSA-09-0027
903 CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when ...)
904 - moodle <unfixed> (bug #559531)
905 NOTE: MSA-09-0026
906 CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before ...)
907 - moodle <unfixed> (bug #559531)
908 NOTE: MSA-09-0025
909 CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8 ...)
910 - moodle <unfixed> (bug #559531)
911 NOTE: MSA-09-0024
912 CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ...)
913 - moodle <unfixed> (bug #559531)
914 NOTE: MSA-09-0023
915 CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ...)
916 - moodle <unfixed> (bug #559531)
917 NOTE: MSA-09-0022
918 CVE-2009-XXXX [docutils insecure usage of temporary files]
919 - python-docutils 0.6-2 (low; bug #560755)
920 [etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5)
921 [lenny] - python-docutils <no-dsa> (Minor issue)
922 NOTE: cve requested
923 CVE-2009-4261 (Multiple directory traversal vulnerabilities in the iallocator ...)
924 {DSA-1959-1}
925 - ganeti 2.0.5-1 (low)
926 NOTE: http://www.ocert.org/advisories/ocert-2009-019.html
927 CVE-2009-4260
928 RESERVED
929 CVE-2009-4259
930 RESERVED
931 CVE-2009-4258
932 RESERVED
933 CVE-2009-4257
934 RESERVED
935 CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 ...)
936 NOT-FOR-US: AlefMentor
937 CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit! template ...)
938 NOT-FOR-US: Joomla! component
939 CVE-2009-4254 (PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive ...)
940 NOT-FOR-US: PowerPhlogger
941 CVE-2009-4253 (Cross-site scripting (XSS) vulnerability in dspStats.php in ...)
942 NOT-FOR-US: PowerPhlogger
943 CVE-2009-4252 (Cross-site scripting (XSS) vulnerability in images.php in Image ...)
944 NOT-FOR-US: Image Hosting Script DPI
945 CVE-2009-4251 (Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel ...)
946 NOT-FOR-US: Jasc Paint Shop Pro
947 CVE-2009-4250 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP ...)
948 NOT-FOR-US: CuteNews
949 CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP ...)
950 NOT-FOR-US: CuteNews
951 CVE-2009-4248
952 RESERVED
953 CVE-2009-4247
954 RESERVED
955 CVE-2009-4246
956 RESERVED
957 CVE-2009-4245
958 RESERVED
959 CVE-2009-4244
960 RESERVED
961 CVE-2009-4243
962 RESERVED
963 CVE-2009-4242
964 RESERVED
965 CVE-2009-4241
966 RESERVED
967 CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in the ...)
968 NOT-FOR-US: IBM InfoSphere Information Server
969 CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in IBM ...)
970 NOT-FOR-US: IBM InfoSphere Information Server
971 CVE-2009-4238 (Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow ...)
972 NOT-FOR-US: TestLink
973 CVE-2009-4237 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
974 NOT-FOR-US: TestLink
975 CVE-2009-4236 (The process function in ...)
976 NOT-FOR-US: EC-CUBE
977 CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users ...)
978 {DSA-1960-1}
979 - acpid 1.0.6 (low; bug #560771)
980 NOTE: all versions set umask(0), might be worth double-checking what it opens
981 CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in ...)
982 NOT-FOR-US: Micronet Network Access Controller
983 CVE-2009-4233 (Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php ...)
984 NOT-FOR-US: Joomla! component
985 CVE-2009-4232 (The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not ...)
986 NOT-FOR-US: Joomla! component
987 CVE-2009-4231 (Directory traversal vulnerability in as/lib/plugins.php in SweetRice ...)
988 NOT-FOR-US: SweetRice
989 CVE-2009-4230 (Multiple stack-based buffer overflows in src/Task.cc in the FastCGI ...)
990 NOT-FOR-US: IIPImage Server
991 CVE-2009-4229 (Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active ...)
992 NOT-FOR-US: ActiveWebSoftwares Active Bids
993 CVE-2009-4226 (Race condition in the IP module in the kernel in Sun OpenSolaris ...)
994 NOT-FOR-US: OpenSolaris kernel
995 CVE-2009-4225 (Stack-based buffer overflow in the PestPatrol ActiveX control ...)
996 NOT-FOR-US: PestPatrol
997 CVE-2009-4228 (Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and ...)
998 - xfig <unfixed> (unimportant)
999 CVE-2009-4227 (Stack-based buffer overflow in the read_1_3_textobject function in ...)
1000 - xfig 1:3.2.5.b-1 (low; bug #559274)
1001 [lenny] - xfig <no-dsa> (Minor issue)
1002 [etch] - xfig <no-dsa> (Minor issue)
1003 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
1004 CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, ...)
1005 - polipo <unfixed> (low; bug #560779)
1006 [etch] - polipo <no-dsa> (Minor issue)
1007 [lenny] - polipo <no-dsa> (Minor issue)
1008 CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...)
1009 NOT-FOR-US: SweetRice
1010 CVE-2009-4223 (PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web ...)
1011 NOT-FOR-US: KR-Web
1012 CVE-2009-4222 (phpBazar 2.1.1fix and earlier does not require administrative ...)
1013 NOT-FOR-US: phpBazar
1014 CVE-2009-4221 (SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and ...)
1015 NOT-FOR-US: phpBazar
1016 CVE-2009-4220 (PHP remote file inclusion vulnerability in ...)
1017 NOT-FOR-US: PointComma
1018 CVE-2009-4219 (Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX ...)
1019 NOT-FOR-US: Haihaisoft Universal Player
1020 CVE-2009-4218 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's ...)
1021 NOT-FOR-US: JiRo's Banner System eXperience (JBSX)
1022 CVE-2009-4217 (SQL injection vulnerability in the Itamar Elharar MusicGallery ...)
1023 NOT-FOR-US: Joomla! component
1024 CVE-2009-4216 (Directory traversal vulnerability in funzioni/lib/menulast.php in ...)
1025 NOT-FOR-US: klinza
1026 CVE-2009-4215 (Panda Global Protection 2010, Internet Security 2010, and Antivirus ...)
1027 NOT-FOR-US: Panda
1028 CVE-2009-4213
1029 RESERVED
1030 CVE-2009-4212
1031 RESERVED
1032 CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security Readiness ...)
1033 NOT-FOR-US: U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script
1034 CVE-2009-4210 (The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and ...)
1035 NOT-FOR-US: Microsoft
1036 CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
1037 NOT-FOR-US: moziloCMS
1038 CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school (OS) ...)
1039 NOT-FOR-US: Open-school
1040 CVE-2009-4207 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x ...)
1041 NOT-FOR-US: module for Drupal
1042 CVE-2009-4206 (SQL injection vulnerability in admin.link.modify.php in Million Dollar ...)
1043 NOT-FOR-US: Million Dollar Text Links
1044 CVE-2009-4205 (Directory traversal vulnerability in admin.php in Flashlight Free ...)
1045 NOT-FOR-US: Flashlight Free Edition
1046 CVE-2009-4204 (SQL injection vulnerability in read.php in Flashlight Free Edition ...)
1047 NOT-FOR-US: Flashlight Free Edition
1048 CVE-2009-4203 (Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php ...)
1049 NOT-FOR-US: Arab Portal
1050 CVE-2009-4202 (Directory traversal vulnerability in the Omilen Photo Gallery ...)
1051 NOT-FOR-US: Joomla! component
1052 CVE-2009-4201 (Multiple stack-based buffer overflows in Mp3 Tag Assistant ...)
1053 NOT-FOR-US: Mp3 Tag Assistant Professional
1054 CVE-2009-4200 (SQL injection vulnerability in the Seminar (com_seminar) component ...)
1055 NOT-FOR-US: Joomla! component
1056 CVE-2009-4199 (Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos ...)
1057 NOT-FOR-US: Joomla! component
1058 CVE-2009-4198 (SQL injection vulnerability in my_orders.php in MyMiniBill allows ...)
1059 NOT-FOR-US: MyMiniBill
1060 CVE-2009-4197 (rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware ...)
1061 NOT-FOR-US: Huawei MT882 V100R002B020
1062 CVE-2009-4196 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...)
1063 NOT-FOR-US: Huawei MT882 V100R002B020
1064 CVE-2009-4195 (Buffer overflow in Adobe Illustrator CS4 13.0.0 and 14.0.0 allows ...)
1065 NOT-FOR-US: Adobe Illustrator
1066 CVE-2009-4194 (Directory traversal vulnerability in Golden FTP Server 4.30 Free and ...)
1067 NOT-FOR-US: Golden FTP
1068 CVE-2009-4192 (Directory traversal vulnerability in dialog/file_manager.php in ...)
1069 NOT-FOR-US: Interspire Knowledge Manager
1070 CVE-2009-4191 (Unspecified vulnerability in the kernel in Sun Solaris 10 and ...)
1071 NOT-FOR-US: Sun Solaris
1072 CVE-2009-4190 (Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 ...)
1073 NOT-FOR-US: Sun Solaris
1074 CVE-2009-4189 (HP Operations Manager has a default password of OvW*busr1 for the ...)
1075 NOT-FOR-US: HP Operations Manager
1076 CVE-2009-4188 (HP Operations Dashboard has a default password of j2deployer for the ...)
1077 NOT-FOR-US: HP Operations Dashboard
1078 CVE-2009-4187 (Multiple cross-site scripting (XSS) vulnerabilities in the Gateway ...)
1079 NOT-FOR-US: Sun Java System Portal Server
1080 CVE-2009-4186 (Stack consumption vulnerability in Apple Safari 4.0.3 on Windows ...)
1081 NOT-FOR-US: Apple Safari
1082 CVE-2009-4185
1083 RESERVED
1084 CVE-2009-4184
1085 RESERVED
1086 CVE-2009-4183
1087 RESERVED
1088 CVE-2009-4182
1089 RESERVED
1090 CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network ...)
1091 NOT-FOR-US: HP OpenView Network Node Manager
1092 CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network ...)
1093 NOT-FOR-US: HP OpenView Network Node Manager
1094 CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node ...)
1095 NOT-FOR-US: HP OpenView Network Node Manager
1096 CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network ...)
1097 NOT-FOR-US: HP OpenView Network Node Manager
1098 CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager ...)
1099 NOT-FOR-US: HP OpenView Network Node Manager
1100 CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP ...)
1101 NOT-FOR-US: HP OpenView Network Node Manager
1102 CVE-2009-4175 (CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote ...)
1103 NOT-FOR-US: CuteNews
1104 CVE-2009-4174 (The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews ...)
1105 NOT-FOR-US: CuteNews
1106 CVE-2009-4173 (Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews ...)
1107 NOT-FOR-US: CuteNews
1108 CVE-2009-4172 (Cross-site scripting (XSS) vulnerability in index.php in CutePHP ...)
1109 NOT-FOR-US: CuteNews
1110 CVE-2009-4171 (An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger ...)
1111 NOT-FOR-US: ActiveX
1112 CVE-2009-4170 (WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, ...)
1113 NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
1114 CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the ...)
1115 NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
1116 CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in tagcloud.swf in the ...)
1117 NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
1118 CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl ...)
1119 NOT-FOR-US: TYPO3 extension
1120 CVE-2009-4166 (SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 ...)
1121 NOT-FOR-US: TYPO3 extension
1122 CVE-2009-4165 (SQL injection vulnerability in the simple Glossar (simple_glossar) ...)
1123 NOT-FOR-US: TYPO3 extension
1124 CVE-2009-4164 (Cross-site scripting (XSS) vulnerability in the simple Glossar ...)
1125 NOT-FOR-US: TYPO3 extension
1126 CVE-2009-4163 (SQL injection vulnerability in the TW Productfinder (tw_productfinder) ...)
1127 NOT-FOR-US: TYPO3 extension
1128 CVE-2009-4162 (Unspecified vulnerability in the DB Integration (wfqbe) extension ...)
1129 NOT-FOR-US: TYPO3 extension
1130 CVE-2009-4161 (Cross-site scripting (XSS) vulnerability in the [AN] Search it! ...)
1131 NOT-FOR-US: TYPO3 extension
1132 CVE-2009-4160 (Unspecified vulnerability in the Simple download-system with counter ...)
1133 NOT-FOR-US: TYPO3 extension
1134 CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter ...)
1135 NOT-FOR-US: TYPO3 extension
1136 CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension ...)
1137 NOT-FOR-US: TYPO3 extension
1138 CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
1139 NOT-FOR-US: Joomla
1140 CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php in ...)
1141 NOT-FOR-US: Ciamos CMS
1142 CVE-2009-4155 (Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote ...)
1143 NOT-FOR-US: Eshopbuilde
1144 CVE-2009-4154 (Directory traversal vulnerability in includes/feedcreator.class.php in ...)
1145 NOT-FOR-US: Elxis CMS
1146 CVE-2009-4153 (Unspecified vulnerability in the XMLAccess component in IBM WebSphere ...)
1147 NOT-FOR-US: IBM WebSphere
1148 CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration ...)
1149 NOT-FOR-US: IBM WebSphere
1150 CVE-2009-4151 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...)
1151 {DSA-1944-1}
1152 - request-tracker3.6 3.6.9-2 (low)
1153 - request-tracker3.4 <removed>
1154 CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and ...)
1155 NOT-FOR-US: IBM DB2
1156 CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in CA ...)
1157 NOT-FOR-US: CA Service Desk
1158 CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers ...)
1159 NOT-FOR-US: DAZ Studio
1160 CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
1161 NOT-FOR-US: FreeBSD (the affected file -rtld.c- is not in the archive, not even kFreeBSD)
1162 CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
1163 NOT-FOR-US: FreeBSD (the affected file -rtld.c- is not in the archive, not even kFreeBSD)
1164 CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection ...)
1165 - network-manager-applet <unfixed> (low; bug #563371)
1166 - network-manager 0.6.5-1 (low)
1167 [lenny] - network-manager-applet <no-dsa> (minor issue)
1168 [etch] - network-manager <no-dsa> (minor issue)
1169 NOTE: network-manager in lenny not affected, because it is in network-manager-applet
1170 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=546117
1171 CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has ...)
1172 - php5 <unfixed> (low)
1173 CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly ...)
1174 - php5 <unfixed>
1175 TODO: determine real impact
1176 CVE-2009-4141
1177 RESERVED
1178 CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php in Open ...)
1179 - piwik <itp> (bug #506933)
1180 CVE-2009-4139
1181 RESERVED
1182 CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when ...)
1183 - linux-2.6 2.6.32-3 (medium)
1184 [etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
1185 - linux-2.6.24 <removed> (medium)
1186 CVE-2009-4137 (The loadContentFromCookie function in core/Cookie.php in Piwik before ...)
1187 - piwik <itp> (bug #506933)
1188 CVE-2009-4136 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...)
1189 {DSA-1964-1}
1190 - postgresql-7.4 <removed>
1191 - postgresql-8.1 <removed>
1192 - postgresql-8.2 <removed>
1193 - postgresql-8.3 8.3.9-1 (low)
1194 - postgresql-8.4 8.4.2-1 (low)
1195 CVE-2009-4135 (The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 ...)
1196 - coreutils <not-affected> (this issue only affects the coreutils build process; bug #560898)
1197 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439
1198 CVE-2009-4134
1199 RESERVED
1200 CVE-2009-4133 (Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for ...)
1201 - condor <itp> (bug #233482)
1202 CVE-2009-4132
1203 REJECTED
1204 CVE-2009-4131 (The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ...)
1205 - linux-2.6 2.6.32-2 (medium)
1206 [etch] - linux-2.6 <not-affected> (introduced in 2.6.31)
1207 [lenny] - linux-2.6 <not-affected> (introduced in 2.6.31)
1208 - linux-2.6.24 <not-affected> (introduced in 2.6.31)
1209 CVE-2009-XXXX [monkey DoS]
1210 - monkey 0.9.3-1 (low)
1211 [lenny] - monkey <no-dsa> (Minor issue, fringe package)
1212 CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function ...)
1213 TODO: check
1214 CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a ...)
1215 TODO: check
1216 CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted ...)
1217 - grub2 1.97+20091115-1 (bug #555195)
1218 [lenny] - grub2 <not-affected> (Password authentication not yet present)
1219 - grub <not-affected> (only affects grub2)
1220 CVE-2009-4127 (Unspecified vulnerability in Wikipedia Toolbar extension before ...)
1221 NOT-FOR-US: Wikipedia Toolbar extension for Firefox
1222 CVE-2009-4126
1223 RESERVED
1224 CVE-2009-4125
1225 RESERVED
1226 CVE-2009-4124 (Heap-based buffer overflow in the rb_str_justify function in string.c ...)
1227 - ruby1.9.1 1.9.1.376-1
1228 - ruby1.9 <unfixed>
1229 - ruby1.8 <not-affected>
1230 TODO: check, 1.9.0.* might be affected as well
1231 NOTE: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
1232 CVE-2009-4123
1233 RESERVED
1234 CVE-2009-4122
1235 RESERVED
1236 CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
1237 NOT-FOR-US: Quick CMS
1238 CVE-2009-4120 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
1239 NOT-FOR-US: Quick.Cart
1240 CVE-2009-4119 (Cross-site scripting (XSS) vulnerability in Feed Element Mapper module ...)
1241 NOT-FOR-US: module for Drupal
1242 CVE-2009-4118 (The StartServiceCtrlDispatcher function in the cvpnd service ...)
1243 NOT-FOR-US: Cisco VPN client for Windows
1244 CVE-2009-4117 (Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before ...)
1245 NOT-FOR-US: MuPDF
1246 CVE-2009-4116 (Multiple directory traversal vulnerabilities in CutePHP CuteNews ...)
1247 NOT-FOR-US: CutePHP
1248 CVE-2009-4115 (Multiple static code injection vulnerabilities in the Categories ...)
1249 NOT-FOR-US: CutePHP CuteNews
1250 CVE-2009-4114 (kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other ...)
1251 NOT-FOR-US: Kaspersky Anti-Virus
1252 CVE-2009-4113 (Static code injection vulnerability in the Categories module in ...)
1253 NOT-FOR-US: CutePHP CuteNews
1254 CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
1255 NOT-FOR-US: DotNetNuke
1256 CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent ...)
1257 NOT-FOR-US: DotNetNuke
1258 CVE-2009-4108 (XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to ...)
1259 NOT-FOR-US: XM Easy Personal FTP Server
1260 CVE-2009-4107 (Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted ...)
1261 NOT-FOR-US: Invisible Browsing
1262 CVE-2009-4106 (Unrestricted file upload vulnerability in admintools/editpage-2.php in ...)
1263 NOT-FOR-US: Agoko CMS
1264 CVE-2009-4105 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
1265 NOT-FOR-US: TYPSoft FTP Server
1266 CVE-2009-4104 (SQL injection vulnerability in Lyften Designs LyftenBloggie ...)
1267 NOT-FOR-US: Joomla! component
1268 CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, ...)
1269 NOT-FOR-US: Robo-FTP
1270 CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain ...)
1271 {DSA-1951-1}
1272 - firefox-sage 1.4.3-4 (medium; bug #559267)
1273 CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs certain ...)
1274 NOT-FOR-US: infoRSS extension for Firefox
1275 CVE-2009-4100 (Yoono extension before 6.1.1 for Firefox performs certain operations ...)
1276 NOT-FOR-US: Yoono extension for Firefox
1277 CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar ...)
1278 NOT-FOR-US: Joomla! Component
1279 CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ...)
1280 NOT-FOR-US: OpenX adserver
1281 CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...)
1282 NOT-FOR-US: Serenity Audio Player
1283 CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web ...)
1284 NOT-FOR-US: RADIO istek scripti
1285 CVE-2009-4095 (myPhile 1.2.1 allows remote attackers to bypass authentication via an ...)
1286 NOT-FOR-US: myPhile
1287 CVE-2009-4094 (PHP remote file inclusion vulnerability in ...)
1288 NOT-FOR-US: Joomla! component
1289 CVE-2009-4093 (Multiple cross-site scripting (XSS) vulnerabilities in comments.php in ...)
1290 NOT-FOR-US: Simplog
1291 CVE-2009-4092 (Cross-site request forgery (CSRF) vulnerability in user.php in Simplog ...)
1292 NOT-FOR-US: Simplog
1293 CVE-2009-4091 (comments.php in Simplog 0.9.3.2, and possibly earlier, does not ...)
1294 NOT-FOR-US: Simplog
1295 CVE-2009-4090 (Unrestricted file upload vulnerability in ajax/addComment.php in ...)
1296 NOT-FOR-US: telepark.wiki
1297 CVE-2009-4089 (telepark.wiki 2.4.23 and earlier allows remote attackers to bypass ...)
1298 NOT-FOR-US: telepark.wiki
1299 CVE-2009-4088 (Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 ...)
1300 NOT-FOR-US: telepark.wiki
1301 CVE-2009-4087 (Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki ...)
1302 NOT-FOR-US: telepark.wiki
1303 CVE-2009-4086 (CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 ...)
1304 NOT-FOR-US: Xerver HTTP Server
1305 CVE-2009-4085 (PHP remote file inclusion vulnerability in ...)
1306 NOT-FOR-US: PHP Traverser
1307 CVE-2009-4084 (SQL injection vulnerability in the search feature in e107 0.7.16 and ...)
1308 NOT-FOR-US: e107
1309 CVE-2009-4083 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and ...)
1310 NOT-FOR-US: e107
1311 CVE-2009-4082 (PHP remote file inclusion vulnerability in ...)
1312 NOT-FOR-US: Outreach Project Tool
1313 CVE-2009-4081 (Untrusted search path vulnerability in dstat before r3199 allows local ...)
1314 - dstat <not-affected> (Fixed/tracked as CVE-2009-3894)
1315 NOTE: This second ID is about the same issue, but for an older version, see
1316 NOTE: http://bugs.gentoo.org/show_bug.cgi?id=293497
1317 NOTE: For Debian we'll just use CVE-2009-3894 and mark this one as not-affected
1318 CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP ...)
1319 NOT-FOR-US: ldap_cachemgr in Sun Solaris
1320 CVE-2009-4079 (Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and ...)
1321 - redmine 0.9.0~svn2902-1
1322 CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 ...)
1323 - redmine 0.9.0~svn2902-1
1324 CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
1325 - roundcube 0.3-1
1326 CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
1327 - roundcube 0.3-1
1328 CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in Sun ...)
1329 NOT-FOR-US: Sun Solaris
1330 CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...)
1331 NOT-FOR-US: Microsoft Internet Explorer 8
1332 CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, ...)
1333 - mysql-dfsg-5.1 <unfixed>
1334 - mysql-dfsg-5.0 <removed>
1335 TODO: check
1336 CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...)
1337 - rails <unfixed> (low; bug #558685)
1338 NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
1339 CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...)
1340 - rails <unfixed> (medium; bug #558685)
1341 [lenny] - rails <not-affected> (Vulnerable code not present)
1342 NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
1343 CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...)
1344 NOT-FOR-US: Microsoft Internet Explorer 8
1345 CVE-2009-4072 (Unspecified vulnerability in Opera before 10.10 has unknown impact and ...)
1346 NOT-FOR-US: Opera
1347 CVE-2009-4071 (Opera before 10.10, when exception stacktraces are enabled, places ...)
1348 NOT-FOR-US: Opera
1349 CVE-2009-4070 (SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly ...)
1350 {DSA-1818-1}
1351 - gforge 4.7.3-2
1352 CVE-2009-4069 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, ...)
1353 {DSA-1818-1}
1354 - gforge 4.7.3-2
1355 CVE-2009-4068
1356 RESERVED
1357 CVE-2009-4067
1358 RESERVED
1359 CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in the &quot;My ...)
1360 NOT-FOR-US: module for Drupal
1361 CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in the ...)
1362 NOT-FOR-US: module for Drupal
1363 CVE-2009-4064 (Cross-site scripting (XSS) vulnerability in the Gallery Assist module ...)
1364 NOT-FOR-US: module for Drupal
1365 CVE-2009-4063 (Cross-site scripting (XSS) vulnerability in the Subgroups for Organic ...)
1366 NOT-FOR-US: module for Drupal
1367 CVE-2009-4062 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
1368 NOT-FOR-US: module for Drupal
1369 CVE-2009-4061 (Multiple cross-site scripting (XSS) vulnerabilities in the Agreement ...)
1370 NOT-FOR-US: module for Drupal
1371 CVE-2009-4060 (SQL injection vulnerability in includes/content/viewProd.inc.php in ...)
1372 NOT-FOR-US: CubeCart
1373 CVE-2009-4059 (SQL injection vulnerability in the JoomClip (com_joomclip) component ...)
1374 NOT-FOR-US: component for Joomla!
1375 CVE-2009-4058 (SQL injection vulnerability in allauctions.php in Telebid Auction ...)
1376 NOT-FOR-US: Telebid Auction Script
1377 CVE-2009-4057 (SQL injection vulnerability in the inertialFATE iF Portfolio Nexus ...)
1378 NOT-FOR-US: component for Joomla!
1379 CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 ...)
1380 NOT-FOR-US: Betsy CMS
1381 CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before ...)
1382 {DSA-1952-1}
1383 - asterisk 1:1.6.2.0~rc7-1 (bug #559103)
1384 CVE-2009-4054
1385 REJECTED
1386 NOT-FOR-US: Microsoft Internet Explorer
1387 CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server ...)
1388 NOT-FOR-US: Home FTP Server
1389 CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget ...)
1390 NOT-FOR-US: IBM Rational Application Developer for WebSphere
1391 CVE-2009-4051 (Home FTP Server 1.10.1.139 allows remote attackers to cause a denial ...)
1392 NOT-FOR-US: Home FTP Server
1393 CVE-2009-4050 (Directory traversal vulnerability in get_file.php in phpMyBackupPro ...)
1394 NOT-FOR-US: phpMyBackupPro
1395 CVE-2009-4049 (Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in ...)
1396 NOT-FOR-US: avast
1397 CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated ...)
1398 NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
1399 CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...)
1400 NOT-FOR-US: PHD Help Desk
1401 CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...)
1402 - cacti <unfixed> (low; bug #561339)
1403 [etch] - cacti <no-dsa> (Minor issue, workaround explained in DSA)
1404 [lenny] - cacti <no-dsa> (Minor issue, workaround explained in DSA)
1405 NOTE: 4B0E1566.1070509@moritz-naumann.com in bugtraq
1406 NOTE: low or maybe even unimportant as one requires admin access
1407 NOTE: to cacti, upstream will implement a whitelist
1408 CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e ...)
1409 {DSA-1954-1}
1410 - cacti 0.8.7e-1.1 (low; bug #561338)
1411 NOTE: http://docs.cacti.net/#cross-site_scripting_fixes
1412 NOTE: http://www.cacti.net/download_patches.php
1413 CVE-2009-4046 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x ...)
1414 NOT-FOR-US: FrontAccounting
1415 CVE-2009-4045 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
1416 NOT-FOR-US: FrontAccounting
1417 CVE-2009-4044 (The Web Services module 6.x for Drupal does not perform the expected ...)
1418 NOT-FOR-US: Web Services module for Drupal
1419 CVE-2009-4043 (Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x ...)
1420 NOT-FOR-US: module for Drupal
1421 CVE-2009-4042 (Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x ...)
1422 NOT-FOR-US: theme for Drupal
1423 CVE-2009-4041 (UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of ...)
1424 NOT-FOR-US: UseBB
1425 CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and ...)
1426 NOT-FOR-US: phpMyFAQ
1427 CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows ...)
1428 NOT-FOR-US: Piwigo
1429 CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH Software ...)
1430 NOT-FOR-US: NCH Software Axon Virtual PBX
1431 CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
1432 NOT-FOR-US: FrontAccounting
1433 CVE-2009-4036
1434 RESERVED
1435 CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...)
1436 - kdegraphics 4.0
1437 - xpdf 3.01-1
1438 - poppler 0.5.1-1
1439 TODO: check
1440 NOTE: was silently fixed by upstream xpdf, fix propagated to poppler in 4b4fc5c017b/2005-09-14
1441 NOTE: but at least version 0.4.5 does *not* contain the ship.
1442 NOTE: Was fixed somewhere between 0.4.5 and 0.5.1
1443 NOTE: swftools probably not affected
1444 CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...)
1445 {DSA-1964-1}
1446 - postgresql-7.4 <removed>
1447 - postgresql-8.1 <removed>
1448 - postgresql-8.2 <removed>
1449 - postgresql-8.3 8.3.9-1 (low)
1450 - postgresql-8.4 8.4.2-1 (low)
1451 CVE-2009-4033 (A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to ...)
1452 - acpid <not-affected> (problem in redhat-specific patch; debian uses sensible permissions 0664)
1453 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=515062
1454 CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 ...)
1455 {DSA-1962-1}
1456 - linux-2.6 2.6.32-3 (low)
1457 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
1458 - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
1459 - kvm <removed> (low; bug #562075)
1460 CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain ...)
1461 - mysql-dfsg-5.1 5.1.41-1
1462 - mysql-dfsg-5.0 <removed>
1463 TODO: check
1464 CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, ...)
1465 - automake 1:1.11-1
1466 TODO: check
1467 NOTE: it also affects every Makefile.in generated by automake
1468 NOTE: but it doesn't really affect Debian
1469 NOTE: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
1470 CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x ...)
1471 - mysql-dfsg-5.1 5.1.41-1
1472 - mysql-dfsg-5.0 <removed>
1473 TODO: check
1474 CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel before ...)
1475 {DTSA-204-1}
1476 - linux-2.6 2.6.32-1 (medium)
1477 [etch] - linux-2.6 <not-affected> (introduced in 2.6.26)
1478 - linux-2.6.24 <not-affected> (introduced in 2.6.26)
1479 CVE-2009-4026 (The mac80211 subsystem in the Linux kernel before ...)
1480 {DTSA-204-1}
1481 - linux-2.6 2.6.32-1 (medium)
1482 [etch] - linux-2.6 <not-affected> (introduced in 2.6.30)
1483 [lenny] - linux-2.6 <not-affected> (introduced in 2.6.30)
1484 - linux-2.6.24 <not-affected> (introduced in 2.6.30)
1485 CVE-2009-4025 (Argument injection vulnerability in the traceroute function in ...)
1486 NOT-FOR-US: Net_Traceroute PEAR module
1487 CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php in ...)
1488 {DSA-1949-1}
1489 - php-net-ping 2.4.2-1.1 (medium)
1490 NOTE: fix applied by upstream is incomplete, reported to oss-sec
1491 CVE-2009-4111 (Argument injection vulnerability in Mail/sendmail.php in the Mail ...)
1492 {DSA-1938-1}
1493 - php-mail 1.1.14-2 (medium; bug #557121)
1494 [lenny] - php-mail 1.1.14-1+lenny1
1495 [etch] - php-mail 1.1.6-2+etch1
1496 CVE-2009-4023 (Argument injection vulnerability in the sendmail implementation of the ...)
1497 {DSA-1938-1}
1498 - php-mail 1.1.14-2 (medium; bug #557121)
1499 [lenny] - php-mail 1.1.14-1+lenny1
1500 [etch] - php-mail 1.1.6-2+etch1
1501 CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before ...)
1502 {DSA-1961-1}
1503 - bind9 1:9.6.1.dfsg.P2-1 (medium)
1504 NOTE: <https://www.isc.org/node/504>
1505 NOTE: Only affects installations with trust anchors, but then the
1506 NOTE: consequences are quite severe.
1507 CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel ...)
1508 - linux-2.6 2.6.32-3 (medium)
1509 - linux-2.6.24 <removed> (medium)
1510 CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ...)
1511 - mysql-dfsg-5.1 5.1.41-1
1512 - mysql-dfsg-5.0 <removed>
1513 TODO: check
1514 NOTE: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
1515 NOTE: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
1516 NOTE: http://bugs.mysql.com/47780
1517 NOTE: http://bugs.mysql.com/48291
1518 CVE-2009-4018 (The proc_open function in ext/standard/proc_open.c in PHP before ...)
1519 - php5 <unfixed> (unimportant)
1520 NOTE: safe_mode bypass
1521 CVE-2005-4883 (Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote ...)
1522 NOT-FOR-US: Tftpd32
1523 CVE-2005-4882 (tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse ...)
1524 NOT-FOR-US: Tftpd32
1525 CVE-2009-4016
1526 RESERVED
1527 CVE-2009-4015
1528 RESERVED
1529 CVE-2009-4014
1530 RESERVED
1531 CVE-2009-4013
1532 RESERVED
1533 CVE-2009-4012
1534 RESERVED
1535 CVE-2009-4011
1536 RESERVED
1537 CVE-2009-4010
1538 RESERVED
1539 CVE-2009-4009
1540 RESERVED
1541 CVE-2009-4008
1542 RESERVED
1543 CVE-2009-4007 (Unspecified vulnerability in the NormaliseTrainConsist function in ...)
1544 - openttd 0.7.5-1
1545 [lenny] - openttd <no-dsa> (Contrib not supported)
1546 TODO: next point update [lenny] - openttd 0.6.2-1+lenny1
1547 CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...)
1548 NOT-FOR-US: Serv-U FTP server
1549 CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...)
1550 - linux-2.6 2.6.32-1 (low)
1551 - linux-2.6.24 <removed> (low)
1552 CVE-2009-4003
1553 RESERVED
1554 CVE-2009-4002
1555 RESERVED
1556 CVE-2009-4001
1557 RESERVED
1558 CVE-2009-4000
1559 RESERVED
1560 CVE-2009-3999
1561 RESERVED
1562 CVE-2009-3998
1563 RESERVED
1564 CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...)
1565 NOT-FOR-US: winamp
1566 CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder ...)
1567 NOT-FOR-US: winamp
1568 CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module ...)
1569 NOT-FOR-US: winamp
1570 CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...)
1571 - devil 1.7.8-6 (low; bug #560080)
1572 [lenny] - devil <no-dsa> (Minor issue)
1573 [etch] - devil <no-dsa> (Minor issue)
1574 CVE-2009-3993
1575 RESERVED
1576 CVE-2009-3992
1577 RESERVED
1578 CVE-2009-3991
1579 RESERVED
1580 CVE-2009-3990
1581 RESERVED
1582 CVE-2009-3989
1583 RESERVED
1584 CVE-2009-3988
1585 RESERVED
1586 CVE-2009-3987 (The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and ...)
1587 - xulrunner <not-affected> (Windows-specific vulnerability)
1588 CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
1589 {DSA-1956-1}
1590 - xulrunner 1.9.1.6-1
1591 [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
1592 CVE-2009-3985 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
1593 {DSA-1956-1}
1594 - xulrunner 1.9.1.6-1
1595 CVE-2009-3984 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
1596 {DSA-1956-1}
1597 - xulrunner 1.9.1.6-1
1598 CVE-2009-3983 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
1599 {DSA-1956-1}
1600 - xulrunner 1.9.1.6-1
1601 CVE-2009-3982 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
1602 - xulrunner 1.9.1.6-1
1603 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
1604 CVE-2009-3981 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
1605 {DSA-1956-1}
1606 - xulrunner 1.9.1
1607 NOTE: Only affects Firefox 3
1608 CVE-2009-3980 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
1609 - xulrunner 1.9.1.6-1
1610 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
1611 CVE-2009-3979 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
1612 {DSA-1956-1}
1613 - xulrunner 1.9.1.6-1
1614 CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...)
1615 - xulrunner 1.9.1.5-1 (unimportant)
1616 NOTE: Browser crashes not treated as security issues
1617 CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ...)
1618 NOT-FOR-US: HP OpenView Network Node Manager
1619 CVE-2009-3976 (Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to ...)
1620 NOT-FOR-US: Labtam ProFTP
1621 CVE-2009-3975 (SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and ...)
1622 NOT-FOR-US: Moa Gallery
1623 CVE-2009-3974 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB or ...)
1624 NOT-FOR-US: Invision Power Board
1625 CVE-2009-3973 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...)
1626 NOT-FOR-US: Turnkey Arcade Script
1627 CVE-2009-3972 (SQL injection vulnerability in the Q-Proje Siirler Bileseni ...)
1628 NOT-FOR-US: component for Joomla!
1629 CVE-2009-3971 (SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 ...)
1630 NOT-FOR-US: component for Joomla!
1631 CVE-2009-3970 (SQL injection vulnerability in index.php in PHP Dir Submit (aka ...)
1632 NOT-FOR-US: PHP Dir Submit
1633 CVE-2009-3969 (Stack-based buffer overflow in Faslo Player 7.0 allows remote ...)
1634 NOT-FOR-US: Faslo Player
1635 CVE-2009-3968 (Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote ...)
1636 NOT-FOR-US: ITechBids
1637 CVE-2009-3967 (SQL injection vulnerability in browse.php in Ed Charkow SuperCharged ...)
1638 NOT-FOR-US: Ed Charkow SuperCharged Linking
1639 CVE-2009-3966 (Arcade Trade Script 1.0 allows remote attackers to bypass ...)
1640 NOT-FOR-US: Arcade Trade Script
1641 CVE-2009-3965 (SQL injection vulnerability in rating.php in New 5 star Rating 1.0 ...)
1642 NOT-FOR-US: New 5 star Rating
1643 CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) ...)
1644 NOT-FOR-US: component for Joomla!
1645 CVE-2009-3898 (Directory traversal vulnerability in ...)
1646 - nginx 0.7.63-1 (low; bug #557389)
1647 [etch] - nginx <no-dsa> (upload rights required)
1648 [lenny] - nginx <no-dsa> (upload rights required)
1649 CVE-2009-3897 (Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of ...)
1650 - dovecot 1:1.2.8-1 (medium; bug #557601)
1651 [lenny] - dovecot <not-affected> (Only affects 1.2.x)
1652 [etch] - dovecot <not-affected> (Only affects 1.2.x)
1653 CVE-2009-4017 (PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ...)
1654 {DSA-1940-1}
1655 - php5 5.2.11.dfsg.1-2 (medium)
1656 - php4 <removed> (medium)
1657 NOTE: workarounds include using 5.3.1 or php5-suhosin
1658 NOTE: 4B068517.802@acunetix.com on bugtraq explains it
1659 CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
1660 - linux-2.6 2.6.32-1 (medium)
1661 - linux-2.6.24 <removed> (medium)
1662 NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
1663 CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in ...)
1664 - linux-2.6 2.6.32-1 (low)
1665 - linux-2.6.24 <removed> (low)
1666 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734
1667 CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have ...)
1668 NOT-FOR-US: XOOPS
1669 CVE-2009-3962 (The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, ...)
1670 NOT-FOR-US: 2wire Gateway
1671 CVE-2009-3961 (SQL injection vulnerability in user.php in Super Serious Stats (aka ...)
1672 NOT-FOR-US: Super Serious Stats
1673 CVE-2009-3960
1674 RESERVED
1675 CVE-2009-3959
1676 RESERVED
1677 CVE-2009-3958
1678 RESERVED
1679 CVE-2009-3957
1680 RESERVED
1681 CVE-2009-3956
1682 RESERVED
1683 CVE-2009-3955
1684 RESERVED
1685 CVE-2009-3954
1686 RESERVED
1687 CVE-2009-3953
1688 RESERVED
1689 CVE-2009-3952
1690 RESERVED
1691 CVE-2009-3951 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...)
1692 NOT-FOR-US: ActiveX
1693 CVE-2009-3950 (Multiple cross-site scripting (XSS) vulnerabilities in Bractus ...)
1694 NOT-FOR-US: Bractus SunTrack
1695 CVE-2009-3949 (cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not ...)
1696 NOT-FOR-US: VivaPrograms Infinity
1697 CVE-2009-3948 (JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a ...)
1698 NOT-FOR-US: JetAudio
1699 CVE-2009-3947 (Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows ...)
1700 NOT-FOR-US: Tandberg MXP F7.0
1701 CVE-2009-3946 (Joomla! before 1.5.15 allows remote attackers to read an extension's ...)
1702 NOT-FOR-US: Joomla!
1703 CVE-2009-3945 (Unspecified vulnerability in the Front-End Editor in the com_content ...)
1704 NOT-FOR-US: component in Joomla!
1705 CVE-2009-3944 (Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 ...)
1706 NOT-FOR-US: BlackBerry Browser on the BlackBerry 8800
1707 CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...)
1708 NOT-FOR-US: Microsoft Internet Explorer
1709 CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not ...)
1710 - msmtp <not-affected> (uses GnuTLS and not OpenSSL; bug #557324)
1711 CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not ...)
1712 - mpop <not-affected> (uses GnuTLS and not OpenSSL; bug #557326)
1713 CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox ...)
1714 - virtualbox-guest-additions 3.0.10-1
1715 CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel ...)
1716 - linux-2.6 <unfixed> (low)
1717 [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
1718 - linux-2.6.24 <removed> (low)
1719 CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in ...)
1720 - linux-2.6 2.6.32-1 (medium)
1721 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
1722 [lenny] - linux-2.6 <not-affected> (vulnerable code not present)
1723 - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
1724 - kvm 88+dfsg-2 (medium; bug #557736)
1725 [lenny] - kvm <not-affected> (vulnerable code not present)
1726 NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a9e38c3e01ad242fe2a625354cf065c34b01e3aa
1727 CVE-2009-3937 (Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through ...)
1728 NOT-FOR-US: Sun OpenSolaris
1729 CVE-2009-3936 (Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x ...)
1730 NOT-FOR-US: Citrix Online Plug-in
1731 CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...)
1732 NOT-FOR-US: IBM BladeCenter
1733 CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...)
1734 - chromium-browser <itp> (low; bug #520324)
1735 CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, ...)
1736 - webkit <not-affected> (chromium-specific issue in their timer)
1737 - qt4-x11 <not-affected> (chromium-specific issue in their timer)
1738 - kdelibs <not-affected> (chromium-specific issue in their timer)
1739 - kde4libs <not-affected> (chromium-specific issue in their timer)
1740 - chromium-browser <itp> (low; bug #520324)
1741 CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
1742 - chromium-browser <itp> (low; bug #520324)
1743 - webkit <unfixed> (low; bug #560905)
1744 - qt4-x11 <undetermined> (bug #561760)
1745 [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
1746 [lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
1747 - kdelibs <undetermined> (bug #561765)
1748 - kde4libs <undetermined> (bug #561762)
1749 CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...)
1750 - chromium-browser <itp> (low; bug #520324)
1751 CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...)
1752 - file 5.03-1
1753 [lenny] - file <not-affected>
1754 [etch] - file <not-affected>
1755 CVE-2009-3929
1756 RESERVED
1757 CVE-2009-3928
1758 RESERVED
1759 CVE-2009-3927
1760 RESERVED
1761 CVE-2009-3926
1762 RESERVED
1763 CVE-2009-3925
1764 RESERVED
1765 CVE-2009-XXXX [eglibc: ldd arbitrary code execution]
1766 - eglibc 2.10.1-7 (unimportant; bug #552518)
1767 - glibc <removed> (unimportant)
1768 CVE-2009-XXXX [dansguardian: not blocking sites]
1769 - dansguardian <unfixed> (unimportant; bug #548108)
1770 CVE-2009-3924 (Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and ...)
1771 NOT-FOR-US: Soldier of Fortune
1772 CVE-2009-3923 (The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop ...)
1773 NOT-FOR-US: Sun Virtual Desktop Infrastructure
1774 CVE-2009-3922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...)
1775 NOT-FOR-US: module for Drupal
1776 CVE-2009-3921 (The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before ...)
1777 NOT-FOR-US: module for Drupal
1778 CVE-2009-3920 (An administration page in the NGP COO/CWP Integration (crmngp) module ...)
1779 NOT-FOR-US: module for Drupal
1780 CVE-2009-3919 (Cross-site scripting (XSS) vulnerability in the NGP COO/CWP ...)
1781 NOT-FOR-US: module for Drupal
1782 CVE-2009-3918 (Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x ...)
1783 NOT-FOR-US: module for Drupal
1784 CVE-2009-3917 (Cross-site scripting (XSS) vulnerability in the S5 Presentation Player ...)
1785 NOT-FOR-US: module for Drupal
1786 CVE-2009-3916 (Cross-site scripting (XSS) vulnerability in the Node Hierarchy module ...)
1787 NOT-FOR-US: module for Drupal
1788 CVE-2009-3915 (Cross-site scripting (XSS) vulnerability in the &quot;Separate title and ...)
1789 NOT-FOR-US: module for Drupal
1790 CVE-2009-3914 (Cross-site scripting (XSS) vulnerability in the Temporary Invitation ...)
1791 NOT-FOR-US: module for Drupal
1792 CVE-2009-3913 (SQL injection vulnerability in summary.php in Xerox Fiery Webtools ...)
1793 NOT-FOR-US: Xerox Fiery Webtools
1794 CVE-2009-3912 (Directory traversal vulnerability in index.php in TFTgallery 0.13 ...)
1795 NOT-FOR-US: TFTgallery
1796 CVE-2009-3911 (Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery ...)
1797 NOT-FOR-US: TFTgallery
1798 CVE-2009-3910
1799 RESERVED
1800 CVE-2009-3909 (Integer overflow in the read_channel_data function in ...)
1801 - gimp 2.6.7-1.1 (medium; bug #556750)
1802 NOTE: http://secunia.com/secunia_research/2009-43/
1803 CVE-2009-3908
1804 REJECTED
1805 CVE-2009-3907
1806 REJECTED
1807 CVE-2009-3906
1808 REJECTED
1809 CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS ...)
1810 NOT-FOR-US: e-Courier CMS
1811 CVE-2009-3904 (classes/session/cc_admin_session.php in CubeCart 4.3.4 does not ...)
1812 NOT-FOR-US: CubeCart
1813 CVE-2009-3903 (Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp ...)
1814 NOT-FOR-US: ManageEngine Netflow Analyzer 7.5 build 7500
1815 CVE-2009-3902 (Directory traversal vulnerability in Cherokee Web Server 0.5.4 and ...)
1816 - cherokee <not-affected> (Only windows version is affected)
1817 CVE-2009-3901 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS ...)
1818 NOT-FOR-US: e-Courier CMS
1819 CVE-2009-3900 (Unspecified vulnerability in the Cluster Management component in IBM ...)
1820 NOT-FOR-US: IBM PowerHA
1821 CVE-2009-3899 (Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris ...)
1822 NOT-FOR-US: Sun Solaris
1823 CVE-2009-3896 (src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through ...)
1824 {DSA-1920-1}
1825 - nginx 0.7.62-1
1826 CVE-2009-3895 (Heap-based buffer overflow in the exif_entry_fix function (aka the tag ...)
1827 - libexif 0.6.19-1 (medium; bug #557137)
1828 [lenny] - libexif <not-affected> (Only 0.6.18 is affected)
1829 [etch] - libexif <not-affected> (Only 0.6.18 is affected)
1830 CVE-2009-3894 (Multiple untrusted search path vulnerabilities in dstat before 0.7.0 ...)
1831 - dstat 0.7.0-1 (low; bug #557989)
1832 [lenny] - dstat <no-dsa> (Minor issue)
1833 [etch] - dstat <no-dsa> (Minor issue)
1834 NOTE: http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
1835 CVE-2009-3893
1836 RESERVED
1837 CVE-2009-3891 (Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...)
1838 - wordpress 2.8.6-1 (low)
1839 [etch] - wordpress <not-affected> (Vulnerable code not present)
1840 [lenny] - wordpress <not-affected> (Vulnerable code not present)
1841 CVE-2009-3890 (Unrestricted file upload vulnerability in the wp_check_filetype ...)
1842 - wordpress 2.8.6-1 (low)
1843 [etch] - wordpress <not-affected> (Vulnerable code not present)
1844 [lenny] - wordpress <not-affected> (Vulnerable code not present)
1845 CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel ...)
1846 - linux-2.6 2.6.27-1 (low)
1847 [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
1848 - linux-2.6.24 <removed> (low)
1849 CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before ...)
1850 - linux-2.6 <unfixed> (unimportant)
1851 - linux-2.6.24 <unfixed> (unimportant)
1852 NOTE: All Debian kernels have MMU support enabled
1853 CVE-2009-3887
1854 RESERVED
1855 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
1856 - openjdk-6 <unfixed> (medium; bug #560908)
1857 - sun-java6 6-17-1
1858 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1859 CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...)
1860 - openjdk-6 <not-affected> (a problem in code that is unused on non-windows platforms)
1861 - sun-java6 <not-affected> (a problem in code that is unused on non-windows platforms)
1862 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=530114
1863 CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...)
1864 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1865 - sun-java6 6-17-1
1866 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1867 CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
1868 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1869 - sun-java6 6-17-1
1870 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1871 CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...)
1872 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1873 - sun-java6 6-17-1
1874 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1875 CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...)
1876 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1877 - sun-java6 6-17-1
1878 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1879 CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
1880 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1881 - sun-java6 6-17-1
1882 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1883 CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
1884 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1885 - sun-java6 6-17-1
1886 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1887 CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
1888 NOT-FOR-US: Sun Java System Web Server
1889 CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
1890 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1891 - sun-java6 6-17-1
1892 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1893 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
1894 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1895 - sun-java6 6-17-1
1896 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1897 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...)
1898 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1899 - sun-java6 6-17-1
1900 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1901 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...)
1902 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1903 - sun-java6 6-17-1
1904 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1905 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...)
1906 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1907 - sun-java6 6-17-1
1908 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1909 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...)
1910 - openjdk-6 <unfixed> (medium; bug #560908)
1911 - sun-java6 6-17-1
1912 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1913 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...)
1914 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1915 - sun-java6 6-17-1
1916 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1917 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...)
1918 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
1919 - sun-java6 6-17-1
1920 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1921 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...)
1922 - openjdk-6 <unfixed> (medium; bug #560908)
1923 - sun-java6 6-17-1
1924 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1925 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...)
1926 - openjdk-6 <unfixed> (medium; bug #560908)
1927 - sun-java6 6-17-1
1928 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1929 CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...)
1930 - openjdk-6 <unfixed> (medium; bug #560908)
1931 - sun-java6 6-17-1
1932 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1933 CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...)
1934 - openjdk-6 <unfixed> (medium; bug #560908)
1935 - sun-java6 6-17-1
1936 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
1937 CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
1938 TODO: check
1939 CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise ...)
1940 NOT-FOR-US: ActiveX
1941 CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and ...)
1942 NOT-FOR-US: Novell eDirectory
1943 CVE-2009-3861 (Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and ...)
1944 NOT-FOR-US: SafeNet SoftRemote
1945 CVE-2009-3860 (Multiple insecure method vulnerabilities in Idefense Labs COMRaider ...)
1946 NOT-FOR-US: Idefense Labs COMRaider
1947 CVE-2009-3859 (Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in ...)
1948 NOT-FOR-US: Retina Network Security Scanner
1949 CVE-2009-3858 (Cross-site scripting (XSS) vulnerability in GejoSoft allows remote ...)
1950 NOT-FOR-US: GejoSoft
1951 CVE-2009-3857 (Buffer overflow in Softonic International SciTE 1.72 allows ...)
1952 NOT-FOR-US: Softonic International SciTE
1953 CVE-2009-3856 (Cross-site scripting (XSS) vulnerability in the default URI in news/ ...)
1954 NOT-FOR-US: Twilight CMS
1955 CVE-2009-3855 (Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux ...)
1956 NOT-FOR-US: IBM Tivoli Storage Manager
1957 CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the client in ...)
1958 NOT-FOR-US: IBM Tivoli Storage Manager
1959 CVE-2009-3853 (Stack-based buffer overflow in the client acceptor daemon (CAD) ...)
1960 NOT-FOR-US: IBM Tivoli Storage Manager
1961 CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes for ...)
1962 NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0
1963 CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operation of ...)
1964 NOT-FOR-US: Sun Solaris 10
1965 CVE-2009-3850 (Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to ...)
1966 - blender <unfixed> (unimportant)
1967 NOTE: attack vector is social engineering to get the user to open
1968 NOTE: a malicious .blend file. by design, blend files support
1969 NOTE: all python operations, so ultimately any code can be executed
1970 CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node ...)
1971 NOT-FOR-US: HP OpenView Network Node Manager
1972 CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network ...)
1973 NOT-FOR-US: HP OpenView Network Node Manager
1974 CVE-2009-3847 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
1975 NOT-FOR-US: HP OpenView Network Node Manager
1976 CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView ...)
1977 NOT-FOR-US: HP OpenView Network Node Manager
1978 CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) ...)
1979 NOT-FOR-US: HP OpenView Network Node Manager
1980 CVE-2009-3844 (Stack-based buffer overflow in the OmniInet process in HP OpenView ...)
1981 NOT-FOR-US: HP OpenView Data Protector Application
1982 CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a &quot;hidden account&quot; in ...)
1983 NOT-FOR-US: HP Operations Manager
1984 CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...)
1985 NOT-FOR-US: HP Color LaserJet
1986 CVE-2009-3841 (Unspecified vulnerability in HP Discovery &amp; Dependency Mapping ...)
1987 NOT-FOR-US: HP Discovery & Dependency Mapping
1988 CVE-2009-3840 (The embedded database engine service (aka ovdbrun.exe) in HP OpenView ...)
1989 NOT-FOR-US: HP OpenView
1990 CVE-2009-3839 (Unspecified vulnerability in the Solaris Trusted Extensions Policy ...)
1991 NOT-FOR-US: Sun Solaris
1992 CVE-2009-3838 (Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly ...)
1993 NOT-FOR-US: Pegasus Mail
1994 CVE-2009-3837 (Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 ...)
1995 NOT-FOR-US: Eureka Email
1996 CVE-2009-3836 (ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the ...)
1997 NOT-FOR-US: ArubaOS
1998 CVE-2009-3835 (SQL injection vulnerability in the JShop (com_jshop) component for ...)
1999 NOT-FOR-US: Joomla
2000 CVE-2009-3834 (SQL injection vulnerability in the Photoblog (com_photoblog) component ...)
2001 NOT-FOR-US: Joomla
2002 CVE-2009-3833 (Cross-site scripting (XSS) vulnerability in index.php in TFTgallery ...)
2003 NOT-FOR-US: TFTgallery
2004 CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...)
2005 NOT-FOR-US: Opera
2006 CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code ...)
2007 NOT-FOR-US: Opera
2008 CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ...)
2009 NOT-FOR-US: Microsoft
2010 CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows ...)
2011 {DSA-1942-1}
2012 - wireshark 1.2.2-1 (bug #553583)
2013 CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...)
2014 NOT-FOR-US: Everfocus EDR1600 DVR
2015 CVE-2009-3827
2016 RESERVED
2017 CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote attackers to ...)
2018 - squidguard <unfixed> (low; bug #553319)
2019 CVE-2009-3825 (Multiple directory traversal vulnerabilities in GenCMS 2006 allow ...)
2020 NOT-FOR-US: GenCMS
2021 CVE-2009-3824 (Directory traversal vulnerability in include/processor.php in ...)
2022 NOT-FOR-US: Greenwood PHP Content Manager
2023 CVE-2009-3823 (Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, ...)
2024 NOT-FOR-US: Mobilelib GOLD
2025 CVE-2009-3822 (PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat ...)
2026 NOT-FOR-US: com_ajaxchat component for Joomla
2027 CVE-2009-3821 (Cross-site scripting (XSS) vulnerability in the Apache Solr Search ...)
2028 NOT-FOR-US: Apache Solr Search extension for TYPO3
2029 CVE-2009-3820 (SQL injection vulnerability in the Flagbit Filebase (fb_filebase) ...)
2030 NOT-FOR-US: Flagbit Filebase extension for TYPO3
2031 CVE-2009-3819 (Unspecified vulnerability in the Random Images (maag_randomimage) ...)
2032 NOT-FOR-US: Random Images extension for TYPO3
2033 CVE-2009-3818 (Unspecified vulnerability in the session handling feature in freeCap ...)
2034 NOT-FOR-US: freeCap CAPTCHA for TYPO3
2035 CVE-2009-3817 (PHP remote file inclusion vulnerability in doc/releasenote.php in the ...)
2036 NOT-FOR-US: com_booklibrary component for Joomla!
2037 CVE-2009-3816 (Multiple cross-site scripting (XSS) vulnerabilities in Activities ...)
2038 NOT-FOR-US: IBM Lotus Connections
2039 CVE-2009-3815 (RunCMS 2M1, when running with certain error_reporting levels, allows ...)
2040 NOT-FOR-US: RunCMS 2M1
2041 CVE-2009-3814 (Static code injection vulnerability in RunCMS 2M1 allows remote ...)
2042 NOT-FOR-US: RunCMS 2M1
2043 CVE-2009-3813 (Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote ...)
2044 NOT-FOR-US: RunCMS 2M1
2045 CVE-2009-3812 (Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio ...)
2046 NOT-FOR-US: OtsAV products
2047 CVE-2009-3811 (Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows ...)
2048 NOT-FOR-US: Music Tag Editor
2049 CVE-2009-3810 (Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows ...)
2050 NOT-FOR-US: Acoustica MP3 Audio Mixer
2051 CVE-2009-3809 (Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote ...)
2052 NOT-FOR-US: Acoustica MP3 Audio Mixer
2053 CVE-2009-3808 (MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial ...)
2054 NOT-FOR-US: MixSense DJ Studio
2055 CVE-2009-3807 (Stack-based buffer overflow in MixVibes 7.043 Pro allows remote ...)
2056 NOT-FOR-US: MixVibes
2057 CVE-2009-3806 (SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows ...)
2058 NOT-FOR-US: DedeCMS
2059 CVE-2009-3805 (gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows ...)
2060 NOT-FOR-US: Gpg4win
2061 NOTE: looks like an issue in gpg2 for windows (gpg4win.org), not specific
2062 NOTE: to kleopatra
2063 CVE-2009-3804 (Multiple SQL injection vulnerabilities in modules/forum/post.php in ...)
2064 NOT-FOR-US: RunCMS 2M1
2065 CVE-2009-3803 (Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS ...)
2066 NOT-FOR-US: Amiro.CMS
2067 CVE-2009-3802 (Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain ...)
2068 NOT-FOR-US: Amiro.CMS
2069 CVE-2009-3801 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows ...)
2070 NOT-FOR-US: OpenDocMan
2071 CVE-2009-XXXX [multiple missing input sanity checks in KDE]
2072 - kdelibs <unfixed> (low)
2073 - kde4libs 4:4.3.4-1 (low)
2074 [lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited)
2075 [etch] - kdelibs <no-dsa> (minor and unlikely to be exploited)
2076 NOTE: http://www.ocert.org/advisories/ocert-2009-015.html
2077 NOTE: http://www.portcullis-security.com/advisories
2078 NOTE: advisory mentions kmail and ark (from kdepim and kdeutils, respectively)
2079 NOTE: but the "fixes" linked from the advisory only change code in kdelibs
2080 NOTE: more info at oss-sec threads
2081 CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before ...)
2082 NOT-FOR-US: Adobe Flash Player
2083 CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in ...)
2084 NOT-FOR-US: Adobe Flash Player
2085 CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...)
2086 NOT-FOR-US: Adobe Flash Player
2087 CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 ...)
2088 NOT-FOR-US: Adobe Flash Player
2089 CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...)
2090 NOT-FOR-US: Adobe Flash Player
2091 CVE-2009-3795
2092 RESERVED
2093 CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...)
2094 NOT-FOR-US: Adobe Flash Player
2095 CVE-2009-3793
2096 RESERVED
2097 CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) ...)
2098 NOT-FOR-US: Adobe Flash Media Server
2099 CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...)
2100 NOT-FOR-US: Adobe Flash Media Server
2101 CVE-2009-3790 (Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation ...)
2102 NOT-FOR-US: FormMax
2103 CVE-2009-3789 (Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan ...)
2104 NOT-FOR-US: OpenDocMan
2105 CVE-2009-3788 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows ...)
2106 NOT-FOR-US: OpenDocMan
2107 CVE-2009-3787 (files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct ...)
2108 NOT-FOR-US: Vivvo CMS
2109 CVE-2009-3786 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) ...)
2110 NOT-FOR-US: module for Drupal
2111 CVE-2009-3785 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
2112 NOT-FOR-US: module for Drupal
2113 CVE-2009-3784 (Open redirect vulnerability in Simplenews Statistics 6.x before ...)
2114 NOT-FOR-US: module for Drupal
2115 CVE-2009-3783 (Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x ...)
2116 NOT-FOR-US: module for Drupal
2117 CVE-2009-3782 (Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module ...)
2118 NOT-FOR-US: module for Drupal
2119 CVE-2009-3781 (The filefield_file_download function in FileField 6.x-3.1, a module ...)
2120 NOT-FOR-US: module for Drupal
2121 CVE-2009-3780 (Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 ...)
2122 NOT-FOR-US: module for Drupal
2123 CVE-2009-3779 (Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 ...)
2124 NOT-FOR-US: module for Drupal
2125 CVE-2009-3778 (SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, ...)
2126 NOT-FOR-US: module for Drupal
2127 CVE-2009-XXXX [NULL dereferences, similar to Adobe's CVE-2009-0658]
2128 - ghostscript <unfixed> (unimportant)
2129 - gs-gpl <removed> (unimportant)
2130 - xpdf <unfixed> (unimportant)
2131 CVE-2009-XXXX [multiple vulnerabilities in acidbase; XSS + possible sql injection]
2132 - acidbase 1.4.4-1 (bug #552235)
2133 CVE-2009-XXXX [multiple vulnerabilities in jetty]
2134 - jetty <unfixed> (unimportant; bug #553644)
2135 NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
2136 NOTE: The affected apps are not shipped in the package, see #553644
2137 CVE-2009-XXXX [cherokee 0.5.4 DoS]
2138 - cherokee <not-affected> (not reproducible)
2139 NOTE: <4089.110.37.64.157.1256562313.squirrel@mail.xc0re.net> in bugtraq
2140 NOTE: not reproducible in etch's 0.5.5 nor sid's 0.99.22-1.1
2141 CVE-2009-3777
2142 RESERVED
2143 CVE-2009-3776
2144 RESERVED
2145 CVE-2009-3775
2146 RESERVED
2147 CVE-2009-3774
2148 RESERVED
2149 CVE-2009-3773
2150 RESERVED
2151 CVE-2009-3772
2152 RESERVED
2153 CVE-2009-3771
2154 RESERVED
2155 CVE-2009-3770
2156 RESERVED
2157 CVE-2009-3769
2158 RESERVED
2159 CVE-2009-3768
2160 RESERVED
2161 CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not ...)
2162 {DSA-1943-1}
2163 - openldap 2.4.17-2.1 (low; bug #553432)
2164 - openldap2.3 <removed>
2165 CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when ...)
2166 - mutt <not-affected> (uses GnuTLS and not OpenSSL)
2167 NOTE: our mutt is linked against gnutls, bug #553433
2168 CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...)
2169 - mutt <not-affected> (uses GnuTLS and not OpenSSL)
2170 NOTE: our mutt is linked against gnutls
2171 CVE-2009-3764
2172 RESERVED
2173 CVE-2009-3763
2174 RESERVED
2175 CVE-2009-3762
2176 RESERVED
2177 CVE-2009-3761
2178 RESERVED
2179 CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php in the ...)
2180 NOT-FOR-US: Citrix XenCenterWeb
2181 CVE-2009-3759 (Multiple cross-site request forgery (CSRF) vulnerabilities in sample ...)
2182 NOT-FOR-US: Citrix XenCenterWeb
2183 CVE-2009-3758 (SQL injection vulnerability in login.php in sample code in the ...)
2184 NOT-FOR-US: Citrix XenCenterWeb
2185 CVE-2009-3757 (Multiple cross-site scripting (XSS) vulnerabilities in sample code in ...)
2186 NOT-FOR-US: Citrix XenCenterWeb
2187 CVE-2009-3756 (phpBMS 0.96 allows remote attackers to obtain sensitive information ...)
2188 NOT-FOR-US: phpBMS
2189 CVE-2009-3755 (Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 ...)
2190 NOT-FOR-US: phpBMS
2191 CVE-2009-3754 (Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote ...)
2192 NOT-FOR-US: phpBMS
2193 CVE-2009-3753 (Unrestricted file upload vulnerability in Opial 1.0 allows remote ...)
2194 NOT-FOR-US: Opial
2195 CVE-2009-3752 (SQL injection vulnerability in home.php in Opial 1.0 allows remote ...)
2196 NOT-FOR-US: Opial
2197 CVE-2009-3751 (Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 ...)
2198 NOT-FOR-US: Opial
2199 CVE-2009-3750 (SQL injection vulnerability in read.php in ToyLog 0.1 allows remote ...)
2200 NOT-FOR-US: ToyLog
2201 CVE-2009-3749 (The Web Administrator service (STEMWADM.EXE) in Websense Personal ...)
2202 NOT-FOR-US: Websense Personal Email Manager
2203 CVE-2009-3748 (Multiple cross-site scripting (XSS) vulnerabilities in the Web ...)
2204 NOT-FOR-US: Websense Personal Email Manager
2205 CVE-2009-3747 (Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 ...)
2206 NOT-FOR-US: TBmnetCMS
2207 CVE-2009-3746 (XScreenSaver in Sun Solaris 10, when the accessibility feature is ...)
2208 NOT-FOR-US: XScreenSaver in Sun Solaris 10
2209 CVE-2009-3745 (Cross-site scripting (XSS) vulnerability in the help pages in IBM ...)
2210 NOT-FOR-US: IBM Rational AppScan Enterprise Edition
2211 CVE-2009-3744 (rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote ...)
2212 NOT-FOR-US: EMC RepliStor
2213 CVE-2009-3743
2214 RESERVED
2215 CVE-2009-3742
2216 RESERVED
2217 CVE-2009-3741
2218 RESERVED
2219 CVE-2009-3740
2220 RESERVED
2221 CVE-2009-3739
2222 RESERVED
2223 CVE-2009-3738
2224 RESERVED
2225 CVE-2009-3737
2226 RESERVED
2227 CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, ...)
2228 {DSA-1958-1}
2229 - libtool 2.2.6b-1 (low; bug #559797)
2230 - arts <unfixed> (low; bug #559798)
2231 [lenny] - arts <no-dsa> (Minor issue)
2232 [etch] - arts <no-dsa> (Minor issue)
2233 - bochs <not-affected> (additional hardening in this package prevents this type of attack; bug #559799)
2234 - camserv <unfixed> (low; bug #559800)
2235 [lenny] - camserv <no-dsa> (Minor issue)
2236 [etch] - camserv <no-dsa> (Minor issue)
2237 - collectd 4.8.2-1 (low; bug #559801)
2238 [lenny] - collectd <no-dsa> (Minor issue)
2239 [etch] - collectd <no-dsa> (Minor issue)
2240 - cvsnt <unfixed> (low; bug #559803)
2241 [etch] - cvsnt <no-dsa> (Minor issue)
2242 [lenny] - cvsnt <no-dsa> (Minor issue)
2243 - ggobi 2.1.9~20091212-1 (low; bug #559806)
2244 [etch] - ggobi <no-dsa> (Minor issue)
2245 [lenny] - ggobi <no-dsa> (Minor issue)
2246 - gnash <unfixed> (low; bug #559808)
2247 [lenny] - gnash <no-dsa> (Minor issue)
2248 - gnu-smalltalk 3.1-2 (low; bug #559809)
2249 [lenny] - gnu-smalltalk <no-dsa> (Minor issue)
2250 [etch] - gnu-smalltalk <no-dsa> (Minor issue)
2251 - graphicsmagick 1.3.5-6 (low; bug #559811)
2252 [lenny] - graphicsmagick <no-dsa> (Minor issue, can be fixed along with later updates)
2253 [etch] - graphicsmagick <no-dsa> (Minor issue, can be fixed along with later updates)
2254 - guile-1.6 1.6.8-7 (low; bug #559813)
2255 [etch] - guile-1.6 <no-dsa> (Minor issue)
2256 [lenny] - guile-1.6 <no-dsa> (Minor issue)
2257 - hamlib <unfixed> (low; bug #559814)
2258 [lenny] - hamlib <no-dsa> (Minor issue)
2259 [etch] - hamlib <no-dsa> (Minor issue)
2260 - hercules <unfixed> (low; bug #559815)
2261 [lenny] - hercules <no-dsa> (Minor issue)
2262 [etch] - hercules <no-dsa> (Minor issue)
2263 - jags 1.0.4-1 (low; bug #559816)
2264 - kdelibs <not-affected> (dl_open open loads from fixed paths)
2265 - libannodex <removed> (low; bug #559818)
2266 [lenny] - libannodex <no-dsa> (Minor issue)
2267 [etch] - libannodex <no-dsa> (Minor issue)
2268 - libextractor 0.5.23+dfsg-4 (low; bug #559819)
2269 [etch] - libextractor <no-dsa> (Minor issue)
2270 [lenny] - libextractor <no-dsa> (Minor issue)
2271 - libmcrypt <not-affected> (not included in any of the binary packages; bug #559820)
2272 - libtunepimp <unfixed> (low; bug #559821)
2273 - mp4h <unfixed> (low; bug #559822)
2274 [etch] - mp4h <no-dsa> (Minor issue)
2275 [lenny] - mp4h <no-dsa> (Minor issue)
2276 - naim <removed> (low; bug #559823)
2277 [lenny] - naim <no-dsa> (Minor issue)
2278 [etch] - naim <no-dsa> (Minor issue)
2279 - parser-mysql <unfixed> (low; bug #559824)
2280 - pinball <unfixed> (low; bug #559825)
2281 [lenny] - pinball <no-dsa> (Minor issue)
2282 [etch] - pinball <no-dsa> (Minor issue)
2283 TODO: insufficient solution: only added depends libltdl-dev?
2284 - redland 1.0.10-1 (low; bug #559826)
2285 [etch] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
2286 [lenny] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
2287 - siproxd <unfixed> (low; bug #559827)
2288 [lenny] - siproxd <no-dsa> (Minor issue)
2289 [etch] - siproxd <no-dsa> (Minor issue)
2290 - ski <unfixed> (low; bug #559828)
2291 - synfig <unfixed> (low; bug #559829)
2292 [lenny] - synfig <no-dsa> (Minor issue)
2293 - xmlsec1 1.2.14-1 (unimportant; bug #559831)
2294 NOTE: Embedded code copy isn't used
2295 - clamav 0.95+dfsg-1 (low; bug #559832)
2296 [lenny] - clamav <no-dsa> (Minor issue)
2297 [etch] - clamav <no-dsa> (Minor issue)
2298 - imagemagick 6:6.2.3.1-1 (low; bug #559833)
2299 [lenny] - imagemagick <no-dsa> (Minor issue)
2300 [etch] - imagemagick <no-dsa> (Minor issue)
2301 - hypre 2.4.0b-5 (low; bug #559834)
2302 [etch] - hypre <no-dsa> (Minor issue)
2303 [lenny] - hypre <no-dsa> (Minor issue)
2304 - lam <unfixed> (low; bug #559835)
2305 [lenny] - lam <no-dsa> (Minor issue)
2306 [etch] - lam <no-dsa> (Minor issue)
2307 - openmpi 1.3.3-4 (low; bug #559836)
2308 [lenny] - openmpi <no-dsa> (Minor issue)
2309 [etch] - openmpi <no-dsa> (Minor issue)
2310 - parser <unfixed> (unimportant; bug #559837)
2311 NOTE: users with write access can modify configuration to load new extensions, see #559837
2312 - pdsh <not-affected> (Only loads from /usr/lib/pdsh, which is controlled by root)
2313 - sbnc <not-affected> (All released/unstable versions use the system copy of libtool)
2314 - sdcc <unfixed> (low; bug #559840)
2315 [lenny] - sdcc <no-dsa> (Minor issue)
2316 [etch] - sdcc <no-dsa> (Minor issue)
2317 - wml <unfixed> (low; bug #559841)
2318 [lenny] - wml <no-dsa> (Minor issue)
2319 [etch] - wml <no-dsa> (Minor issue)
2320 - proftpd-dfsg <not-affected> (Only loads from /usr/lib/proftpd)
2321 - babel 1.4.0.dfsg-5 (low; bug #559843)
2322 TODO: insufficient solution: only added depends libltdl-dev?
2323 [lenny] - babel <no-dsa> (Minor issue)
2324 - libprelude 0.9.14-2 (low; bug #559844)
2325 [etch] - libprelude <no-dsa> (Minor issue)
2326 - heartbeat 2.1.4-7 (unimportant; bug #559845)
2327 NOTE: the dlopened path is always below /usr/lib/heartbeat, which isn't under control of an attacker
2328 NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
2329 NOTE: might've been fixed earlier
2330 CVE-2009-3735
2331 RESERVED
2332 CVE-2009-3734
2333 RESERVED
2334 CVE-2009-XXXX [mandos 0600 file being included in initrd]
2335 - mandos 1.0.13-1 (bug #551907)
2336 CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...)
2337 - vmware-package <removed>
2338 CVE-2009-3732
2339 RESERVED
2340 CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help ...)
2341 TODO: check
2342 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
2343 NOT-FOR-US: ReqWeb
2344 CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
2345 - openjdk-6 <unfixed> (medium; bug #560908)
2346 - sun-java6 6-17-1
2347 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
2348 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)
2349 - openjdk-6 6b17~pre3-1 (medium; bug #560908)
2350 - sun-java6 6-17-1
2351 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
2352 CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...)
2353 {DSA-1952-1}
2354 - asterisk 1:1.6.2.0~rc6-1
2355 [lenny] - asterisk <no-dsa> (Minor issue)
2356 [etch] - asterisk <no-dsa> (Minor issue)
2357 CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client ...)
2358 - linux-2.6 2.6.31-1 (medium)
2359 - linux-2.6.24 <removed> (medium)
2360 CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not ...)
2361 - linux-2.6 2.6.31-1 (medium)
2362 [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
2363 - linux-2.6.24 <removed> (medium)
2364 CVE-2009-3724
2365 RESERVED
2366 NOT-FOR-US: python-markdown2 (not our markdown, different code base)
2367 CVE-2009-3723 [Unauthorized calls allowed on prohibited networks in asterisk]
2368 RESERVED
2369 [etch] - asterisk <not-affected>
2370 [lenny] - asterisk <not-affected>
2371 - asterisk 1:1.6.2.0~rc3-2 (medium; bug #552756)
2372 NOTE: http://downloads.asterisk.org/pub/security/AST-2009-007.html
2373 CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in ...)
2374 {DSA-1962-1}
2375 [etch] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
2376 [lenny] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
2377 - linux-2.6 2.6.31-1 (low)
2378 - kvm 88+dfsg-2 (low; bug #557739)
2379 NOTE: http://bugzilla.redhat.com/531660
2380 NOTE: http://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
2381 CVE-2009-3721
2382 RESERVED
2383 CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...)
2384 {DSA-1921-1}
2385 - expat 2.0.1-5 (low; bug #551936)
2386 - w3c-libwww <removed> (low; bug #551938)
2387 [etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
2388 - python-xml <removed> (low; bug #560951)
2389 [etch] - python-xml <no-dsa> (minor issue)
2390 [lenny] - python-xml <no-dsa> (minor issue)
2391 - python2.5 <unfixed> (low; bug #560912)
2392 - python2.4 <unfixed> (low; bug #560913)
2393 - python-4suite <unfixed> (low; bug #560914)
2394 [etch] - python-4suite <no-dsa> (Minor issue)
2395 [lenny] - python-4suite <no-dsa> (Minor issue)
2396 - wxwindows2.4 <removed> (low; bug #560915)
2397 [etch] - wxwindows2.4 <no-dsa> (minor issue)
2398 - wxwidgets2.6 2.6.3.2.2-4 (low; bug #560916)
2399 [etch] - wxwidgets2.6 <no-dsa> (minor issue)
2400 [lenny] - wxwidgets2.6 <no-dsa> (minor issue)
2401 - wxwidgets2.8 2.8.10.1-2 (low; bug #560917)
2402 [lenny] - wxwidgets2.8 <no-dsa> (minor issue)
2403 - audacity 1.3.2-1 (unimportant; bug #560919)
2404 - matanza <unfixed> (unimportant; bug #560920)
2405 - tdom 0.8.3~20080525-1 (low; bug #560921)
2406 [etch] - tdom <no-dsa> (minor issue)
2407 - udunits 2.1.8-4 (unimportant; bug #560922)
2408 - ayttm 0.6.1-2 (low; bug #560924)
2409 [etch] - ayttm <no-dsa> (minor issue)
2410 [lenny] - ayttm <no-dsa> (minor issue)
2411 - cableswig <unfixed> (unimportant; bug #560925)
2412 - cadaver <unfixed> (unimportant; bug #560926)
2413 - cmake 2.6.0-6 (unimportant; bug #560927)
2414 - coin3 <unfixed> (unimportant; bug #560928)
2415 - gdcm 2.0.14-2 (low; bug #560929)
2416 - ghostscript <unfixed> (unimportant; bug #560930)
2417 - gs-gpl <removed> (unimportant)
2418 - grmonitor <removed> (unimportant; bug #560931)
2419 - iceape <unfixed> (unimportant; bug #560932)
2420 - insighttoolkit 3.16.0-1 (unimportant; bug #560933)
2421 - paraview <unfixed> (unimportant; bug #560935)
2422 - poco <unfixed> (unimportant; bug #560936)
2423 - simgear <unfixed> (unimportant; bug #560937)
2424 - smart <unfixed> (low; bug #560953)
2425 [etch] - smart <no-dsa> (minor issue)
2426 [lenny] - smart <no-dsa> (minor issue)
2427 - swish-e <unfixed> (low; bug #560939)
2428 [etch] - swish-e <no-dsa> (minor issue)
2429 [lenny] - swish-e <no-dsa> (minor issue)
2430 - tla <unfixed> (low; bug #560940)
2431 [etch] - tla <no-dsa> (minor issue)
2432 [lenny] - tla <no-dsa> (minor issue)
2433 - wbxml2 <unfixed> (low; bug #560941)
2434 [etch] - wbxml2 <no-dsa> (minor issue)
2435 [lenny] - wbxml2 <no-dsa> (minor issue)
2436 - xmlrpc-c <unfixed> (low; bug #560942)
2437 [etch] - xmlrpc-c <no-dsa> (minor issue)
2438 [lenny] - xmlrpc-c <no-dsa> (minor issue)
2439 - iceweasel <not-affected> (uses xulrunner; bug #560943)
2440 - kompozer 1:0.8~b1-2 (unimportant; bug #560944)
2441 - vxl 1.13.0-2 (low; bug #560945)
2442 - xulrunner <unfixed> (unimportant; bug #560946)
2443 - texlive-bin <not-affected> (Files are not compiled in, see #560948)
2444 - vnc4 <unfixed> (low; bug #560949)
2445 [etch] - vnc4 <no-dsa> (minor issue)
2446 [lenny] - vnc4 <no-dsa> (minor issue)
2447 - xotcl <unfixed> (low; bug #560950)
2448 [lenny] - xotcl <no-dsa> (minor issue)
2449 CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...)
2450 NOT-FOR-US: Battle Blog
2451 CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...)
2452 NOT-FOR-US: Battle Blog
2453 CVE-2009-3717 (Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote ...)
2454 NOT-FOR-US: LucVil PatPlayer
2455 CVE-2009-3716 (Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 ...)
2456 NOT-FOR-US: MCshoutbox
2457 CVE-2009-3715 (Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox ...)
2458 NOT-FOR-US: MCshoutbox
2459 CVE-2009-3714 (Cross-site scripting (XSS) vulnerability in admin_login.php in ...)
2460 NOT-FOR-US: MCshoutbox
2461 CVE-2009-3713 (SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and ...)
2462 NOT-FOR-US: MorcegoCMS
2463 CVE-2009-3712 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
2464 NOT-FOR-US: Ebay Clone 2009
2465 CVE-2009-3711 (Stack-based buffer overflow in the h_handlepeer function in http.cpp ...)
2466 NOT-FOR-US: httpdx
2467 CVE-2009-3710 (RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username ...)
2468 NOT-FOR-US: RioRey RIOS
2469 CVE-2009-3709 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...)
2470 NOT-FOR-US: Konae Technologies Alleycode HTML Editor
2471 CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...)
2472 NOT-FOR-US: Konae Technologies Alleycode HTML Editor
2473 CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe 6.5.3.8888 in the ...)
2474 NOT-FOR-US: VMware
2475 CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and ...)
2476 NOT-FOR-US: ZFS filesystem in Sun Solaris
2477 CVE-2009-3705 (PHP remote file inclusion vulnerability in debugger.php in Achievo ...)
2478 NOT-FOR-US: Achievo
2479 CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, ...)
2480 NOT-FOR-US: ZoIPer
2481 CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin before ...)
2482 NOT-FOR-US: WordPress plugin
2483 CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 ...)
2484 NOT-FOR-US: PHP-Calendar
2485 CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
2486 - horde3 3.3.6+debian0-1 (low)
2487 [lenny] - horde3 <no-dsa> (minor issue)
2488 [etch] - horde3 <no-dsa> (minor issue)
2489 NOTE: In order to successfully exploit this vulnerability the targeted user has to be logged as an administrator.
2490 CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote ...)
2491 - squidguard <unfixed> (low; bug #553319)
2492 CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon ...)
2493 NOT-FOR-US: IBM AIX
2494 CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier ...)
2495 NOT-FOR-US: Dalvik API in Android
2496 CVE-2009-3697 (SQL injection vulnerability in the PDF schema generator functionality ...)
2497 {DSA-1918-1}
2498 - phpmyadmin 4:3.2.2.1-1
2499 [etch] - phpmyadmin <not-affected> (Vulnerable code not present)
2500 CVE-2009-3696 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before ...)
2501 {DSA-1918-1}
2502 - phpmyadmin 4:3.2.2.1-1
2503 CVE-2009-3610
2504 REJECTED
2505 CVE-2009-3695 (Algorithmic complexity vulnerability in the forms library in Django ...)
2506 {DSA-1905-1}
2507 - python-django 1.1.1-1 (medium; bug #550457)
2508 [etch] - python-django <not-affected> (introduced in 1.0)
2509 [lenny] - python-django 1.0.2-1+lenny2
2510 CVE-2009-3694 (Directory traversal vulnerability in config/config.php in ezRecipe-Zee ...)
2511 NOT-FOR-US: ezRecipe-Zee 91
2512 CVE-2009-3693 (Directory traversal vulnerability in the Persits.XUpload.2 ActiveX ...)
2513 NOT-FOR-US: Persits.XUpload.2 ActiveX
2514 CVE-2009-3691 (Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM ...)
2515 NOT-FOR-US: IBM Informix Client SDK
2516 CVE-2009-3690
2517 RESERVED
2518 CVE-2009-3689
2519 RESERVED
2520 CVE-2009-3688
2521 RESERVED
2522 CVE-2009-3687
2523 RESERVED
2524 CVE-2009-3686
2525 RESERVED
2526 CVE-2009-3685
2527 RESERVED
2528 CVE-2009-3684
2529 RESERVED
2530 CVE-2009-3683
2531 RESERVED
2532 CVE-2009-3682
2533 RESERVED
2534 CVE-2009-3681
2535 RESERVED
2536 CVE-2009-3680
2537 RESERVED
2538 CVE-2009-3679
2539 RESERVED
2540 CVE-2009-3678
2541 RESERVED
2542 CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 ...)
2543 NOT-FOR-US: Microsoft Internet Authentication Service
2544 CVE-2009-3676 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows ...)
2545 NOT-FOR-US: Microsoft Windows Server
2546 CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in ...)
2547 NOT-FOR-US: Microsoft Local Security Authority Subsystem Service
2548 CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
2549 NOT-FOR-US: Microsoft Internet Explorer
2550 CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects ...)
2551 NOT-FOR-US: Microsoft Internet Explorer
2552 CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...)
2553 NOT-FOR-US: Microsoft Internet Explorer
2554 CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
2555 NOT-FOR-US: Microsoft Internet Explorer
2556 CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 ...)
2557 NOT-FOR-US: KSP Sound Player
2558 CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions ...)
2559 NOT-FOR-US: Joomla! component
2560 CVE-2009-3668 (Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest ...)
2561 NOT-FOR-US: Ardguest 1.8
2562 CVE-2009-3667 (SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows ...)
2563 NOT-FOR-US: AdsDX
2564 CVE-2009-3666 (Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog ...)
2565 NOT-FOR-US: Nullam Blog
2566 CVE-2009-3665 (Multiple SQL injection vulnerabilities in index.php in Nullam Blog ...)
2567 NOT-FOR-US: Nullam Blog
2568 CVE-2009-3664 (Multiple directory traversal vulnerabilities in index.php in Nullam ...)
2569 NOT-FOR-US: Nullam Blog
2570 CVE-2009-3663 (Format string vulnerability in the h_readrequest function in http.c in ...)
2571 NOT-FOR-US: httpdx
2572 CVE-2009-3662 (FileCopa FTP Server 5.01 allows remote attackers to cause a denial of ...)
2573 NOT-FOR-US: FileCopa FTP Server
2574 CVE-2009-3661 (Multiple SQL injection vulnerabilities in the DJ-Catalog ...)
2575 NOT-FOR-US: component for Joomla!
2576 CVE-2009-3660 (PHP remote file inclusion vulnerability in libraries/database.php in ...)
2577 NOT-FOR-US: Efront
2578 CVE-2009-3659 (SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 ...)
2579 NOT-FOR-US: BS Counter
2580 CVE-2009-3658 (Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control ...)
2581 NOT-FOR-US: Sb.SuperBuddy.1 ActiveX
2582 CVE-2009-3657 (Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module ...)
2583 NOT-FOR-US: module for Drupal
2584 CVE-2009-3656 (Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x ...)
2585 NOT-FOR-US: module for Drupal
2586 CVE-2009-3655 (Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers ...)
2587 NOT-FOR-US: Rhino Software Serv-U
2588 CVE-2009-3654 (Unspecified vulnerability in Boost before 6.x-1.03, a module for ...)
2589 NOT-FOR-US: module for Drupal
2590 CVE-2009-3653 (Cross-site scripting (XSS) vulnerability in the additional links ...)
2591 NOT-FOR-US: module for Drupal
2592 CVE-2009-3652 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) ...)
2593 NOT-FOR-US: module for Drupal
2594 CVE-2009-3651 (Cross-site scripting (XSS) vulnerability in the &quot;Monitor browsers' ...)
2595 NOT-FOR-US: module for Drupal
2596 CVE-2009-3650 (Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier ...)
2597 NOT-FOR-US: module for Drupal
2598 CVE-2009-3649 (Cross-site scripting (XSS) vulnerability in forums/index.php in Power ...)
2599 NOT-FOR-US: PBBoard
2600 CVE-2009-3648 (Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a ...)
2601 NOT-FOR-US: module for Drupal
2602 CVE-2009-3647 (Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft ...)
2603 NOT-FOR-US: YABSoft Mega File Hosting Script (aka MFH or MFHS)
2604 CVE-2009-3646 (InterVations NaviCOPA Web Server 3.01 allows remote attackers to ...)
2605 NOT-FOR-US: NaviCOPA Web Server
2606 CVE-2009-3645 (SQL injection vulnerability in the JoomlaCache CB Resume Builder ...)
2607 NOT-FOR-US: JoomlaCache
2608 CVE-2009-3644 (SQL injection vulnerability in the Soundset (com_soundset) component ...)
2609 NOT-FOR-US: Joomla component
2610 CVE-2009-3643 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to ...)
2611 NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
2612 CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging feature in ...)
2613 NOT-FOR-US: FrontRange HEAT
2614 CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows remote ...)
2615 - snort <unfixed> (low; bug #553584)
2616 [lenny] - snort <no-dsa> (Minor issue; -v is usually not used as it's slow and is only for debugging purposes)
2617 [etch] - snort <no-dsa> (Minor issue; -v is usually not used as it's slow and is only for debugging purposes)
2618 CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM ...)
2619 - linux-2.6 2.6.31-1 (medium)
2620 [lenny] - linux-2.6 <not-affected> (introduced post 2.6.27)
2621 [etch] - linux-2.6 <not-affected> (introduced post 2.6.27)
2622 - linux-2.6.24 <not-affected> (introduced post 2.6.27)
2623 - kvm 88+dfsg-2 (medium; bug #557737)
2624 [lenny] - kvm <not-affected> (Vulnerable code not present)
2625 CVE-2009-3639 (The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before ...)
2626 {DSA-1925-1}
2627 - proftpd-dfsg 1.3.2a-2 (low)
2628 NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3275
2629 CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in ...)
2630 {DSA-1962-1 DSA-1927-1}
2631 - linux-2.6 2.6.31-1 (medium)
2632 [etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
2633 NOTE: fixed in upstream 2.6.32-rc4
2634 - linux-2.6.24 <not-affected> (introduced in 2.6.25)
2635 - kvm <removed> (medium; bug #562076)
2636 CVE-2009-3637 [alien-arena remote arbitrary code execution]
2637 RESERVED
2638 - alien-arena <unfixed> (medium; bug #552038)
2639 [lenny] - alien-arena <no-dsa> (Contrib not supported)
2640 TODO: next point-release: [lenny] - alien-arena 7.0-1+lenny1
2641 CVE-2009-3636 (Cross-site scripting (XSS) vulnerability in the Install Tool ...)
2642 {DSA-1926-1}
2643 - typo3-src 4.2.10-1 (medium; bug #552020)
2644 CVE-2009-3635 (The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x ...)
2645 {DSA-1926-1}
2646 - typo3-src 4.2.10-1 (medium; bug #552020)
2647 CVE-2009-3634 (Cross-site scripting (XSS) vulnerability in the Frontend Login Box ...)
2648 {DSA-1926-1}
2649 - typo3-src 4.2.10-1 (medium; bug #552020)
2650 CVE-2009-3633 (Cross-site scripting (XSS) vulnerability in the ...)
2651 {DSA-1926-1}
2652 - typo3-src 4.2.10-1 (medium; bug #552020)
2653 CVE-2009-3632 (SQL injection vulnerability in the traditional frontend editing ...)
2654 {DSA-1926-1}
2655 - typo3-src 4.2.10-1 (medium; bug #552020)
2656 CVE-2009-3631 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...)
2657 {DSA-1926-1}
2658 - typo3-src 4.2.10-1 (medium; bug #552020)
2659 CVE-2009-3630 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...)
2660 {DSA-1926-1}
2661 - typo3-src 4.2.10-1 (medium; bug #552020)
2662 CVE-2009-3629 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend ...)
2663 {DSA-1926-1}
2664 - typo3-src 4.2.10-1 (medium; bug #552020)
2665 CVE-2009-3628 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...)
2666 {DSA-1926-1}
2667 - typo3-src 4.2.10-1 (medium; bug #552020)
2668 CVE-2009-3627 (The decode_entities function in util.c in HTML-Parser before 3.63 ...)
2669 {DSA-1923-1}
2670 - libhtml-parser-perl 3.64-1 (bug #552531)
2671 NOTE: http://secunia.com/advisories/37155/
2672 CVE-2009-3626 (Perl 5.10.1 allows context-dependent attackers to cause a denial of ...)
2673 - perl 5.10.1-6 (bug #552291)
2674 [lenny] - perl <not-affected> (Vulnerable code not present)
2675 [etch] - perl <not-affected> (Vulnerable code not present)
2676 CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 ...)
2677 - sahana <itp> (bug #497414)
2678 CVE-2009-3624 (The get_instantiation_keyring function in security/keys/keyctl.c in ...)
2679 - linux-2.6 2.6.31-2 (low)
2680 [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
2681 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
2682 - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
2683 NOTE: fixed upstream in 2.6.32-rc5
2684 CVE-2009-3623 (The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 ...)
2685 - linux-2.6 2.6.31-1 (medium)
2686 [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
2687 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
2688 - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
2689 CVE-2009-3622 (Algorithmic complexity vulnerability in wp-trackback.php in WordPress ...)
2690 - wordpress 2.8.5-1
2691 [lenny] - wordpress <no-dsa> (Minor issue)
2692 [etch] - wordpress <no-dsa> (Minor issue)
2693 NOTE: http://seclists.org/fulldisclosure/2009/Oct/263
2694 CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows ...)
2695 {DSA-1929-1 DSA-1928-1 DSA-1927-1}
2696 - linux-2.6 2.6.31-2 (low)
2697 - linux-2.6.24 <removed> (low)
2698 CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before ...)
2699 {DSA-1928-1 DSA-1927-1}
2700 - linux-2.6 2.6.32-1 (medium)
2701 - linux-2.6.24 <removed> (medium)
2702 CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before ...)
2703 - viewvc <unfixed> (low; bug #560903)
2704 CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 ...)
2705 - viewvc <unfixed> (low; bug #560903)
2706 CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...)
2707 - aria2 1.6.2-1 (low)
2708 [lenny] - aria2 <not-affected> (Vulnerable code not present)
2709 [etch] - aria2 <not-affected> (Vulnerable code not present)
2710 CVE-2009-3616 (Multiple use-after-free vulnerabilities in vnc.c in the VNC server in ...)
2711 - qemu 0.11.0-1 (medium; bug #553589)
2712 [lenny] - qemu <not-affected> (Vulnerable code not present)
2713 [etch] - qemu <not-affected> (Vulnerable code not present)
2714 - kvm <removed> (medium; bug #553590)
2715 [lenny] - kvm <not-affected> (Vulnerable code not present)
2716 CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and ...)
2717 {DSA-1932-1}
2718 - pidgin 2.6.3-1
2719 NOTE: http://pidgin.im/news/security/?id=41
2720 CVE-2009-3614 [oping suid 0 arbitrary file disclosure]
2721 RESERVED
2722 - liboping 1.3.3-1 (low; bug #548684)
2723 [lenny] - liboping <not-affected> (doesn't have -f option yet)
2724 [etch] - liboping <not-affected> (doesn't have -f option yet)
2725 CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r8169.c ...)
2726 {DSA-1928-1 DSA-1915-1}
2727 - linux-2.6 2.6.29-1 (medium)
2728 - linux-2.6.24 <removed>
2729 NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4
2730 CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink ...)
2731 {DSA-1929-1 DSA-1928-1 DSA-1927-1}
2732 - linux-2.6 2.6.31-2 (low)
2733 - linux-2.6.24 <removed> (low)
2734 CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ...)
2735 - backintime 0.9.26-3 (bug #543785)
2736 CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...)
2737 {DSA-1941-1}
2738 - xpdf <unfixed> (medium; bug #551287)
2739 - poppler 0.12.2-1 (medium; bug #551289)
2740 - kdegraphics 4:4.0 (medium; bug #551290)
2741 - swftools <unfixed> (medium; bug #551291)
2742 CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
2743 {DSA-1941-1}
2744 - xpdf <unfixed> (medium; bug #551287)
2745 - poppler 0.12.2-1 (medium; bug #551289)
2746 - kdegraphics 4:4.0 (medium; bug #551290)
2747 - swftools <unfixed> (medium; bug #551291)
2748 CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...)
2749 {DSA-1941-1}
2750 - poppler 0.12.2-1 (medium; bug #551289)
2751 CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...)
2752 {DSA-1941-1}
2753 - xpdf <unfixed> (medium; bug #551287)
2754 - poppler 0.12.2-1 (medium; bug #551289)
2755 - kdegraphics 4:4.0 (medium; bug #551290)
2756 - swftools <unfixed> (medium; bug #551291)
2757 CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...)
2758 {DSA-1941-1}
2759 - poppler 0.12.2-1 (medium; bug #551289)
2760 CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
2761 {DSA-1941-1}
2762 - xpdf <unfixed> (medium; bug #551287)
2763 - poppler 0.12.2-1 (medium; bug #551289)
2764 - kdegraphics 4:4.0 (medium; bug #551290)
2765 - swftools <unfixed> (medium; bug #551291)
2766 CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...)
2767 {DSA-1941-1}
2768 - xpdf <unfixed> (medium; bug #551287)
2769 - poppler 0.12.2-1 (medium; bug #551289)
2770 - kdegraphics 4:4.0 (medium; bug #551290)
2771 - swftools <unfixed> (medium; bug #551291)
2772 CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...)
2773 - dopewars 1.5.12-9 (low; bug #550913)
2774 [etch] - dopewars <no-dsa> (negligible issue)
2775 [lenny] - dopewars <no-dsa> (neglibigble issue)
2776 CVE-2009-3589 (incron 0.5.5 does not initialize supplementary groups when running a ...)
2777 - incron 0.5.7-1
2778 CVE-2009-3588 (Unspecified vulnerability in the arclib component in the Anti-Virus ...)
2779 NOT-FOR-US: eTrust Antivirus
2780 CVE-2009-3587 (Unspecified vulnerability in the arclib component in the Anti-Virus ...)
2781 NOT-FOR-US: eTrust Antivirus
2782 CVE-2009-3586 (Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows ...)
2783 NOT-FOR-US: CoreHTTP
2784 CVE-2009-3585 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...)
2785 {DSA-1944-1}
2786 - request-tracker3.4 <removed>
2787 - request-tracker3.6 3.6.9-2 (low)
2788 CVE-2009-3584 (SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...)
2789 - sql-ledger <unfixed> (bug #562639)
2790 CVE-2009-3583 (Directory traversal vulnerability in the Preferences menu item in ...)
2791 - sql-ledger <unfixed> (bug #562639)
2792 CVE-2009-3582 (Multiple SQL injection vulnerabilities in the delete subroutine in ...)
2793 - sql-ledger <unfixed> (bug #562639)
2794 CVE-2009-3581 (Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...)
2795 - sql-ledger <unfixed> (bug #562639)
2796 CVE-2009-3580 (Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...)
2797 - sql-ledger <unfixed> (bug #562639)
2798 CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya ...)
2799 NOT-FOR-US: Autodesk Maya
2800 CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 ...)
2801 NOT-FOR-US: Autodesk
2802 CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to ...)
2803 NOT-FOR-US: Autodesk Softimage
2804 CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, ...)
2805 {DSA-1957-1}
2806 - aria2 1.2.0-1 (low; bug #551070)
2807 [etch] - aria2 <not-affected> (Vulnerable code not present)
2808 CVE-2009-3571 (Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact ...)
2809 TODO: check once details are available: - openoffice.org <unfixed> (medium; bug #551068)
2810 NOTE: details are unknown
2811 CVE-2009-3570 (Unspecified vulnerability in OpenOffice.org (OOo) has unspecified ...)
2812 TODO: check once details are available:- openoffice.org <unfixed> (medium; bug #551068)
2813 NOTE: details are unknown
2814 CVE-2009-3569 (Stack-based buffer overflow in OpenOffice.org (OOo) allows remote ...)
2815 TODO: check once details are available:- openoffice.org <unfixed> (medium; bug #551068)
2816 NOTE: details are unknown
2817 CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for ...)
2818 NOT-FOR-US: module for Drupal
2819 CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in ...)
2820 - virtualbox-ose 3.0.8-dfsg-1
2821 [lenny] - virtualbox-ose <not-affected> (vulnerable code not present)
2822 CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for NSEC3 ...)
2823 {DSA-1963-1}
2824 - unbound 1.3.4-1 (low)
2825 NOTE: http://unbound.net/pipermail/unbound-users/2009-October/000852.html
2826 CVE-2009-3601 (Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez ...)
2827 NOT-FOR-US: Scriptsez Ultimate Poll
2828 CVE-2009-3600 (HUBScript 1.0 allows remote attackers to obtain configuration ...)
2829 NOT-FOR-US: HUBScript
2830 CVE-2009-3599 (Cross-site scripting (XSS) vulnerability in single_winner1.php in ...)
2831 NOT-FOR-US: HUBScript
2832 CVE-2009-3598 (Cross-site scripting (XSS) vulnerability in survey_result.php in ...)
2833 NOT-FOR-US: eCardMAX FormXP
2834 CVE-2009-3597 (Digitaldesign CMS 0.1 stores sensitive information under the web root ...)
2835 NOT-FOR-US: Digitaldesign CMS
2836 CVE-2009-3596 (JoxTechnology Ajox Poll does not properly restrict access to ...)
2837 NOT-FOR-US: JoxTechnology Ajox Poll
2838 CVE-2009-3595 (SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows ...)
2839 NOT-FOR-US: VS PANEL
2840 CVE-2009-3594 (Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog ...)
2841 NOT-FOR-US: BLOB Blog System
2842 CVE-2009-3593 (Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 ...)
2843 NOT-FOR-US: Freelancers
2844 CVE-2009-3592 (Cross-site scripting (XSS) vulnerability in customer/home.php in ...)
2845 NOT-FOR-US: Qualiteam X-Cart
2846 CVE-2009-3590 (SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows ...)
2847 NOT-FOR-US: VS PANEL
2848 CVE-2009-3574 (Tuniac 090517c allows remote attackers to cause a denial of service ...)
2849 NOT-FOR-US: Tuniac
2850 CVE-2009-3573 (Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ...)
2851 NOT-FOR-US: ActiveX
2852 CVE-2009-3572 (OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not ...)
2853 NOT-FOR-US: OpenBSD
2854 CVE-2009-3567 (Cross-site scripting (XSS) vulnerability in ...)
2855 NOT-FOR-US: Kayako SupportSuite and eSupport
2856 CVE-2009-3579 (Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...)
2857 - jetty <unfixed> (unimportant)
2858 NOTE: http://www.coresecurity.com/content/jetty-persistent-xss
2859 NOTE: only an example application
2860 CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 ...)
2861 NOT-FOR-US: McAfee IntruShield Network Security Manager
2862 CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
2863 NOT-FOR-US: McAfee IntruShield Network Security Manager
2864 CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups ...)
2865 - puppet 0.25.1-3 (low; bug #551073)
2866 [etch] - puppet <no-dsa> (minor issue)
2867 [lenny] - puppet <no-dsa> (minor issue)
2868 CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote ...)
2869 {DSA-1948-1}
2870 - ntp 1:4.2.4p8+dfsg-1 (medium; bug #560074)
2871 CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 ...)
2872 NOT-FOR-US: Xerver HTTP Server
2873 CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows ...)
2874 NOT-FOR-US: Xerver HTTP Server
2875 CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...)
2876 {DSA-1953-2 DSA-1953-1}
2877 - expat 2.0.1-6 (low; bug #560901)
2878 - w3c-libwww <removed>
2879 [etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
2880 - python-xml <removed> (low; bug #560951)
2881 [etch] - python-xml <no-dsa> (minor issue)
2882 [lenny] - python-xml <no-dsa> (minor issue)
2883 - python2.5 <unfixed> (low; bug #560912)
2884 - python2.4 <unfixed> (low; bug #560913)
2885 - python-4suite <unfixed> (low; bug #560914)
2886 [etch] - python-4suite <no-dsa> (Minor issue)
2887 [lenny] - python-4suite <no-dsa> (Minor issue)
2888 - wxwindows2.4 <removed> (low; bug #560915)
2889 [etch] - wxwindows2.4 <no-dsa> (minor issue)
2890 - wxwidgets2.6 2.6.3.2.2-4 (low; bug #560916)
2891 [etch] - wxwidgets2.6 <no-dsa> (minor issue)
2892 [lenny] - wxwidgets2.6 <no-dsa> (minor issue)
2893 - wxwidgets2.8 2.8.10.1-2 (low; bug #560917)
2894 [lenny] - wxwidgets2.8 <no-dsa> (minor issue)
2895 - audacity 1.3.2-1 (unimportant; bug #560919)
2896 - matanza <unfixed> (unimportant; bug #560920)
2897 - tdom 0.8.3~20080525-1 (low; bug #560921)
2898 [etch] - tdom <no-dsa> (minor issue)
2899 - udunits 2.1.8-4 (unimportant; bug #560922)
2900 - ayttm 0.6.1-2 (low; bug #560924)
2901 [etch] - ayttm <no-dsa> (minor issue)
2902 [lenny] - ayttm <no-dsa> (minor issue)
2903 - cableswig <unfixed> (unimportant; bug #560925)
2904 - cadaver <unfixed> (unimportant; bug #560926)
2905 - cmake 2.6.0-6 (unimportant; bug #560927)
2906 - coin3 <unfixed> (unimportant; bug #560928)
2907 - gdcm 2.0.14-2 (low; bug #560929)
2908 - ghostscript <unfixed> (unimportant; bug #560930)
2909 - gs-gpl <removed> (unimportant)
2910 - grmonitor <removed> (unimportant; bug #560931)
2911 - iceape <unfixed> (unimportant; bug #560932)
2912 - insighttoolkit 3.16.0-1 (unimportant; bug #560933)
2913 - paraview <unfixed> (unimportant; bug #560935)
2914 - poco <unfixed> (unimportant; bug #560936)
2915 - simgear <unfixed> (unimportant; bug #560937)
2916 - smart <unfixed> (low; bug #560953)
2917 [etch] - smart <no-dsa> (minor issue)
2918 [lenny] - smart <no-dsa> (minor issue)
2919 - swish-e <unfixed> (low; bug #560939)
2920 [etch] - swish-e <no-dsa> (minor issue)
2921 [lenny] - swish-e <no-dsa> (minor issue)
2922 - tla <unfixed> (low; bug #560940)
2923 [etch] - tla <no-dsa> (minor issue)
2924 [lenny] - tla <no-dsa> (minor issue)
2925 - wbxml2 <unfixed> (low; bug #560941)
2926 [etch] - wbxml2 <no-dsa> (minor issue)
2927 [lenny] - wbxml2 <no-dsa> (minor issue)
2928 - xmlrpc-c <unfixed> (low; bug #560942)
2929 [etch] - xmlrpc-c <no-dsa> (minor issue)
2930 [lenny] - xmlrpc-c <no-dsa> (minor issue)
2931 - iceweasel <not-affected> (uses xulrunner; bug #560943)
2932 - kompozer 1:0.8~b1-2 (low; bug #560944)
2933 - vxl 1.13.0-2 (low; bug #560945)
2934 - xulrunner <unfixed> (unimportant; bug #560946)
2935 - texlive-bin <not-affected> (Files are not compiled in, see #560948)
2936 - vnc4 <unfixed> (low; bug #560949)
2937 [etch] - vnc4 <no-dsa> (minor issue)
2938 [lenny] - vnc4 <no-dsa> (minor issue)
2939 - xotcl <unfixed> (low; bug #560950)
2940 [lenny] - xotcl <no-dsa> (minor issue)
2941 CVE-2009-3559 (** DISPUTED ** ...)
2942 - php5 <unfixed> (unimportant)
2943 NOTE: safe_mode regression
2944 CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...)
2945 - php5 <unfixed> (unimportant)
2946 NOTE: open_basedir bypass
2947 CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ...)
2948 - php5 <unfixed> (unimportant)
2949 NOTE: safe_mode bypass
2950 CVE-2009-3556
2951 RESERVED
2952 CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...)
2953 {DSA-1934-1}
2954 NOTE: See separate CVE-2009-3555 file in SVN
2955 CVE-2009-3554 (Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss ...)
2956 - jbossas4 <unfixed> (bug #562000)
2957 [lenny] - jbossas4 <no-dsa> (Contrib not supported)
2958 CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor handling ...)
2959 - cups 1.4.2-4 (low; bug #557740)
2960 [lenny] - cups <no-dsa> (Minor issue)
2961 - cupsys <not-affected> (vulnerable code introduced in 1.3.x)
2962 NOTE: http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
2963 CVE-2009-3552
2964 RESERVED
2965 CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in ...)
2966 - wireshark 1.2.3-1 (low; bug #553583)
2967 [lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
2968 [etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
2969 CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 ...)
2970 {DSA-1942-1}
2971 - wireshark 1.2.3-1 (low; bug #553583)
2972 CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through ...)
2973 - wireshark 1.2.3-1 (low; bug #553583)
2974 [lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
2975 [etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
2976 CVE-2009-3548 (The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 ...)
2977 - tomcat6 <not-affected> (Windows only)
2978 CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before ...)
2979 {DSA-1929-1 DSA-1928-1 DSA-1927-1}
2980 - linux-2.6 2.6.31-2 (high)
2981 - linux-2.6.24 <removed> (high)
2982 CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...)
2983 {DSA-1936-1}
2984 - libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534)
2985 - php5 <not-affected> (the php packages use the system libgd2)
2986 NOTE: http://svn.php.net/viewvc?view=revision&revision=289557
2987 NOTE: <20091015173822.084de220@redhat.com> in OSS-sec
2988 CVE-2009-3545 (DataWizard Technologies FtpXQ FTP Server 3.0 allows remote ...)
2989 NOT-FOR-US: DataWizard Technologies FtpXQ FTP Server
2990 CVE-2009-3544 (Xerver HTTP Server 4.32 allows remote attackers to obtain the source ...)
2991 NOT-FOR-US: Xerver HTTP Server
2992 CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 ...)
2993 - kfreebsd-6 <removed>
2994 [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
2995 CVE-2009-3526
2996 RESERVED
2997 CVE-2009-XXXX [php5's pear is vulnerable to symlink attacks]
2998 - php5 <unfixed> (low; bug #546164)
2999 NOTE: side-effect reported to upstream: http://bugs.php.net/44354
3000 NOTE: but they apparently only fixed the issue at build time
3001 NOTE: needs re-testing, as I don't remember the test conditions
3002 CVE-2009-XXXX [kfreebsd: Devfs / VFS NULL pointer race condition]
3003 - kfreebsd-6 <removed>
3004 [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
3005 - kfreebsd-7 7.2-9 (bug #549871)
3006 [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
3007 CVE-2009-3543 (SQL injection vulnerability in _phenotype/admin/login.php in Phenotype ...)
3008 NOT-FOR-US: Phenotype CMS
3009 CVE-2009-3542 (Directory traversal vulnerability in ls.php in LittleSite (aka LS or ...)
3010 NOT-FOR-US: LittleSite
3011 CVE-2009-3541 (PHP remote file inclusion vulnerability in CoupleDB.php in ...)
3012 NOT-FOR-US: PHPGenealogy
3013 CVE-2009-3540 (Cross-site scripting (XSS) vulnerability in listads.php in ...)
3014 NOT-FOR-US: YourFreeWorld Ultra Classifieds Pro
3015 CVE-2009-3539 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld ...)
3016 NOT-FOR-US: YourFreeWorld Ultra Classifieds Pro
3017 CVE-2009-3538 (Directory traversal vulnerability in thumb.php in Clear Content 1.1 ...)
3018 NOT-FOR-US: Clear Content
3019 CVE-2009-3537 (Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 ...)
3020 NOT-FOR-US: EpicDJSoftware EpicDJ
3021 CVE-2009-3536 (Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 ...)
3022 NOT-FOR-US: EpicDJSoftware EpicVJ
3023 CVE-2009-3535 (Directory traversal vulnerability in image.php in Clear Content 1.1 ...)
3024 NOT-FOR-US: Clear Content
3025 CVE-2009-3534 (Directory traversal vulnerability in index.php in LionWiki 3.0.3, when ...)
3026 NOT-FOR-US: LionWiki
3027 CVE-2009-3533 (SQL injection vulnerability in report.php in Meeting Room Booking ...)
3028 NOT-FOR-US: Meeting Room Booking System
3029 CVE-2009-3532 (Multiple SQL injection vulnerabilities in login.asp (aka the login ...)
3030 NOT-FOR-US: LogRover
3031 CVE-2009-3531 (SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows ...)
3032 NOT-FOR-US: Universe CMS
3033 CVE-2009-3530 (Cross-site scripting (XSS) vulnerability in storefront.php in ...)
3034 NOT-FOR-US: RadScripts RadBids Gold
3035 CVE-2009-3529 (SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 ...)
3036 NOT-FOR-US: RadScripts RadBids Gold
3037 CVE-2009-3528 (SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows ...)
3038 NOT-FOR-US: MyMsg
3039 CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not ...)
3040 - xen-3 <unfixed> (unimportant)
3041 - xen-unstable <unfixed> (unimportant)
3042 NOTE: This is an enhancement, not a security issue.
3043 NOTE: A user must have access to a guest hard drive image in order to boot it,
3044 NOTE: so he can simply mount the drive and remove the password option.
3045 CVE-2009-XXXX [buffer overflow in overkill]
3046 - overkill <unfixed> (bug #549310; low)
3047 [lenny] - overkill <no-dsa> (Minor issue)
3048 [etch] - overkill <no-dsa> (Minor issue)
3049 CVE-2009-3524 (Unspecified vulnerability in ashWsFtr.dll in avast! Home and ...)
3050 NOT-FOR-US: avast! Home and Professional
3051 CVE-2009-3523 (aavmKer4.sys in avast! Home and Professional for Windows before ...)
3052 NOT-FOR-US: avast! Home and Professional
3053 CVE-2009-3522 (Stack-based buffer overflow in aswMon2.sys in avast! Home and ...)
3054 NOT-FOR-US: avast! Home and Professional
3055 CVE-2009-3521 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
3056 NOT-FOR-US: WebSphere
3057 CVE-2009-3520 (Cross-site request forgery (CSRF) vulnerability in the Your_account ...)
3058 NOT-FOR-US: CMSphp
3059 CVE-2009-3519 (Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 ...)
3060 NOT-FOR-US: Sun Solaris
3061 CVE-2009-3518 (Argument injection vulnerability in the iim: URI handler in IBMIM.exe ...)
3062 NOT-FOR-US: IBM Installation Manager
3063 CVE-2009-3517 (nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does ...)
3064 NOT-FOR-US: IBM AIX
3065 CVE-2009-3516 (gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not ...)
3066 NOT-FOR-US: IBM AIX
3067 CVE-2009-3515 (Directory traversal vulnerability in dnet_admin/index.php in d.net CMS ...)
3068 NOT-FOR-US: d.net CMS
3069 CVE-2009-3514 (Multiple SQL injection vulnerabilities in d.net CMS allow remote ...)
3070 NOT-FOR-US: d.net CMS
3071 CVE-2009-3513 (Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group ...)
3072 NOT-FOR-US: Pilot Group (PG) eTraining
3073 CVE-2009-3512 (Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 ...)
3074 NOT-FOR-US: MyWeight
3075 CVE-2009-3511 (Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 ...)
3076 NOT-FOR-US: justVisual
3077 CVE-2009-3510 (SQL injection vulnerability in viewListing.php in linkSpheric 0.74 ...)
3078 NOT-FOR-US: linkSpheric
3079 CVE-2009-3509 (Cross-site scripting (XSS) vulnerability in admin/admin_index.php in ...)
3080 NOT-FOR-US: CJ Dynamic Poll PRO
3081 CVE-2009-3508 (Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 ...)
3082 NOT-FOR-US: MUJE CMS
3083 CVE-2009-3507 (Directory traversal vulnerability in modules.php in CMSphp 0.21 allows ...)
3084 NOT-FOR-US: CMSphp
3085 CVE-2009-3506 (Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 ...)
3086 NOT-FOR-US: CMSphp
3087 CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG ...)
3088 NOT-FOR-US: Vastal I-Tech MMORPG Zone
3089 CVE-2009-3504 (SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 ...)
3090 NOT-FOR-US: Alibaba Clone
3091 CVE-2009-3503 (Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse ...)
3092 NOT-FOR-US: BPowerHouse BPHolidayLettings
3093 CVE-2009-3502 (SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 ...)
3094 NOT-FOR-US: BPowerHouse BPMusic
3095 CVE-2009-3501 (SQL injection vulnerability in students.php in BPowerHouse BPStudents ...)
3096 NOT-FOR-US: BPowerHouse BPStudents
3097 CVE-2009-3500 (Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 ...)
3098 NOT-FOR-US: BPowerHouse BPGames
3099 CVE-2009-3499 (SQL injection vulnerability in employee.aspx in BPowerHouse ...)
3100 NOT-FOR-US: BPowerHouse BPLawyerCaseDocuments
3101 CVE-2009-3498 (SQL injection vulnerability in php/update_article_hits.php in HBcms ...)
3102 NOT-FOR-US: HBcms
3103 CVE-2009-3497 (SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent ...)
3104 NOT-FOR-US: Vastal I-Tech Agent
3105 CVE-2009-3496 (Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal ...)
3106 NOT-FOR-US: Vastal I-Tech DVD Zone
3107 CVE-2009-3495 (SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone ...)
3108 NOT-FOR-US: Vastal I-Tech DVD Zone
3109 CVE-2009-3494 (Multiple SQL injection vulnerabilities in index.php in T-HTB Manager ...)
3110 NOT-FOR-US: T-HTB Manager
3111 CVE-2009-3493 (Multiple cross-site scripting (XSS) vulnerabilities in Zenas ...)
3112 NOT-FOR-US: Zenas PaoBacheca Guestbook
3113 CVE-2009-3492 (Multiple PHP remote file inclusion vulnerabilities in Loggix Project ...)
3114 NOT-FOR-US: Loggix Project
3115 CVE-2009-3491 (SQL injection vulnerability in the Kinfusion SportFusion ...)
3116 NOT-FOR-US: Kinfusion SportFusion
3117 CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a ...)
3118 {DSA-1904-1}
3119 - wget 1.12-1 (medium; bug #549293)
3120 CVE-2009-3489 (Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 ...)
3121 NOT-FOR-US: Adobe Photoshop Elements
3122 CVE-2009-3488 (Cross-site scripting (XSS) vulnerability in the Bibliography (aka ...)
3123 NOT-FOR-US: Drupal Bibliography Module
3124 CVE-2009-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...)
3125 NOT-FOR-US: J-Web interface in Juniper JUNOS
3126 CVE-2009-3486 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...)
3127 NOT-FOR-US: J-Web interface in Juniper JUNOS
3128 CVE-2009-3485 (Cross-site scripting (XSS) vulnerability in the J-Web interface in ...)
3129 NOT-FOR-US: J-Web interface in Juniper JUNOS
3130 CVE-2009-3484 (Stack-based buffer overflow in Core FTP 2.1 build 1612 allows ...)
3131 NOT-FOR-US: Core FTP
3132 CVE-2009-3483 (Heap-based buffer overflow in the Create New Site feature in ...)
3133 NOT-FOR-US: CuteFTP
3134 CVE-2009-3482 (TrustPort Antivirus before 2.8.0.2266 and PC Security before ...)
3135 NOT-FOR-US: TrustPort Antivirus and PC Security
3136 CVE-2009-3481 (A certain interface in the iCRM Basic (com_icrmbasic) component ...)
3137 NOT-FOR-US: Joomla component
3138 CVE-2009-3480 (SQL injection vulnerability in the iCRM Basic (com_icrmbasic) ...)
3139 NOT-FOR-US: Joomla component
3140 CVE-2009-3479 (Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x ...)
3141 NOT-FOR-US: Bibliography
3142 CVE-2009-3478 (Argument injection vulnerability in (1) ...)
3143 NOT-FOR-US: Bibliography
3144 CVE-2009-3477 (The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before ...)
3145 NOT-FOR-US: Blackberry Browser in RIM BlackBerry Device Software
3146 CVE-2009-3476 (Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 ...)
3147 {DSA-1895-2 DSA-1896-1 DSA-1895-1}
3148 - xmltooling 1.2.2-1
3149 - opensaml <removed>
3150 - opensaml2 2.2.1-1
3151 - shibboleth-sp <removed>
3152 - shibboleth-sp2 2.2.1+dfsg-1
3153 CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and ...)
3154 {DSA-1895-2 DSA-1896-1 DSA-1895-1}
3155 - xmltooling 1.2.2-1
3156 - opensaml <removed>
3157 - opensaml2 2.2.1-1
3158 - shibboleth-sp <removed>
3159 - shibboleth-sp2 2.2.1+dfsg-1
3160 CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by ...)
3161 {DSA-1895-2 DSA-1896-1 DSA-1895-1}
3162 - xmltooling 1.2.2-1
3163 - opensaml <removed>
3164 - opensaml2 2.2.1-1
3165 - shibboleth-sp <removed>
3166 - shibboleth-sp2 2.2.1+dfsg-1
3167 [lenny] - opensaml <no-dsa> (Minor issue)
3168 TODO: next point update: [lenny] - opensaml 2.0-2+lenny1
3169 CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege ...)
3170 NOT-FOR-US: IBM DB2
3171 CVE-2009-3472 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows ...)
3172 NOT-FOR-US: IBM DB2
3173 CVE-2009-3471 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 does not ...)
3174 NOT-FOR-US: IBM DB2
3175 CVE-2009-3470 (IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 ...)
3176 NOT-FOR-US: IBM Informix Dynamic Server (IDS)
3177 CVE-2009-3469 (Cross-site scripting (XSS) vulnerability in ...)
3178 NOT-FOR-US: IBM Lotus Connections
3179 CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop Environment ...)
3180 NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris
3181 CVE-2009-3467
3182 RESERVED
3183 CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
3184 NOT-FOR-US: Adobe Shockwave Player
3185 CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
3186 NOT-FOR-US: Adobe Shockwave Player
3187 CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
3188 NOT-FOR-US: Adobe Shockwave Player
3189 CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602 allows ...)
3190 NOT-FOR-US: Adobe Shockwave Player
3191 CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
3192 NOT-FOR-US: Adobe
3193 CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows ...)
3194 NOT-FOR-US: Adobe
3195 CVE-2009-3460 (Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x ...)
3196 NOT-FOR-US: Adobe
3197 CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...)
3198 NOT-FOR-US: Adobe Acrobat
3199 CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
3200 NOT-FOR-US: Adobe
3201 CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...)
3202 NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF)
3203 CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...)
3204 - chromium-browser <itp> (bug #520324)
3205 CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly ...)
3206 NOT-FOR-US: Apple Safari
3207 CVE-2009-3454
3208 REJECTED
3209 CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
3210 NOT-FOR-US: IBM Lotus Quickr
3211 CVE-2009-3452 (WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote ...)
3212 NOT-FOR-US: RADactive I-Load
3213 CVE-2009-3451 (Directory traversal vulnerability in WebCoreModule.ashx in RADactive ...)
3214 NOT-FOR-US: RADactive
3215 CVE-2009-3450 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
3216 NOT-FOR-US: RADactive I-Load
3217 CVE-2009-3449 (MP3 Collector 2.3 allows remote attackers to cause a denial of service ...)
3218 NOT-FOR-US: MP3 Collector
3219 CVE-2009-3448 (npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote ...)
3220 NOT-FOR-US: BakBone NetVault Backup
3221 CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before ...)
3222 NOT-FOR-US: RADactive I-Load
3223 CVE-2009-XXXX [ffmpeg missing input sanitization/crashes]
3224 - ffmpeg <unfixed> (medium; bug #550442)
3225 - xmovie <removed> (medium)
3226 - ffmpeg-debian <removed> (medium)
3227 NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
3228 NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245
3229 CVE-2009-XXXX [xen-tools: world readable disk image files]
3230 - xen-tools <removed> (low; bug #548909)
3231 [lenny] - xen-tools <no-dsa> (Minor issue)
3232 TODO: request CVE id
3233 NOTE: Maintainer will look into an update for stable
3234 CVE-2009-3446 (SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) ...)
3235 NOT-FOR-US: com_mytube component for Joomla!
3236 CVE-2009-3445 (Unspecified vulnerability in Code-Crafters Ability Mail Server before ...)
3237 NOT-FOR-US: Ability Mail Server
3238 CVE-2009-3444 (Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 ...)
3239 NOT-FOR-US: e107
3240 CVE-2009-3443 (SQL injection vulnerability in the Fastball (com_fastball) component ...)
3241 NOT-FOR-US: com_fastball component for Joomla!
3242 CVE-2009-3442 (The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does ...)
3243 NOT-FOR-US: Nodewords module for Drupal
3244 CVE-2009-3441 (Open Source Security Information Management (OSSIM) before 2.1.2 ...)
3245 NOT-FOR-US: Open Source Security Information Management
3246 CVE-2009-3440 (Cross-site scripting (XSS) vulnerability in Open Source Security ...)
3247 NOT-FOR-US: Open Source Security Information Management
3248 CVE-2009-3439 (Multiple SQL injection vulnerabilities in Open Source Security ...)
3249 NOT-FOR-US: Open Source Security Information Management
3250 CVE-2009-3438 (SQL injection vulnerability in the JoomlaFacebook (com_facebook) ...)
3251 NOT-FOR-US: com_facebook component for Joomla!
3252 CVE-2009-3437 (Cross-site scripting (XSS) vulnerability in the live preview feature ...)
3253 NOT-FOR-US: Markdown Preview module for Drupal
3254 CVE-2009-3436 (Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal ...)
3255 NOT-FOR-US: MaxWebPortal
3256 CVE-2009-3435 (Cross-site scripting (XSS) vulnerability in the variable editor in the ...)
3257 NOT-FOR-US: Devel module for Drupal
3258 CVE-2009-3434 (SQL injection vulnerability in the Tupinambis (com_tupinambis) ...)
3259 NOT-FOR-US: com_tupinambis for Mambo and Joomla!
3260 CVE-2009-3433 (Unspecified vulnerability in clsetup in the configuration utility in ...)
3261 NOT-FOR-US: Sun Solaris Cluster
3262 CVE-2009-3432 (Unspecified vulnerability in xscreensaver in Sun Solaris 10, and ...)
3263 NOT-FOR-US: Sun OpenSolaris xscreensaver
3264 CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, ...)
3265 NOT-FOR-US: Adobe Acrobat
3266 CVE-2009-XXXX [fwbuilder insecure temp file usage]
3267 - fwbuilder 3.0.7-1 (low; bug #547390)
3268 [lenny] - fwbuilder <not-affected> (Introduced in 3.0.4)
3269 [etch] - fwbuilder <not-affected> (Introduced in 3.0.4)
3270 CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical Solutions ...)
3271 - request-tracker3.8 3.8.5-1 (bug #546829)
3272 - request-tracker3.6 3.6.9-1 (bug #546778)
3273 [etch] - request-tracker3.6 <not-affected> (vulnerable code not present)
3274 [lenny] - request-tracker3.6 <no-dsa> (Minor issue)
3275 TODO: next point update: [lenny] - request-tracker3.6 3.6.7-5+lenny2
3276 NOTE: CVE id requested
3277 CVE-2009-3430 (SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows ...)
3278 NOT-FOR-US: Allomani Mobile
3279 CVE-2009-3429 (Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 ...)
3280 NOT-FOR-US: Pirate Radio Destiny Media Player
3281 CVE-2009-3428 (Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote ...)
3282 NOT-FOR-US: Easy Music Player
3283 CVE-2009-3427 (Cross-site scripting (XSS) vulnerability in Kayako SupportSuite ...)
3284 NOT-FOR-US: Kayako SupportSuite
3285 CVE-2009-3426 (PHP remote file inclusion vulnerability in ...)
3286 NOT-FOR-US: MaxCMS
3287 CVE-2009-3425 (Directory traversal vulnerability in ...)
3288 NOT-FOR-US: MaxCMS
3289 CVE-2009-3424 (Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, ...)
3290 NOT-FOR-US: MaxCMS
3291 CVE-2009-3423 (login.php in Zenas PaoLink 1.0, when register_globals is enabled, ...)
3292 NOT-FOR-US: Zenas PaoLink
3293 CVE-2009-3422 (login.php in Zenas PaoLiber 1.1, when register_globals is enabled, ...)
3294 NOT-FOR-US: Zenas PaoLiber
3295 CVE-2009-3421 (login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is ...)
3296 NOT-FOR-US: Zenas PaoBacheca Guestbook
3297 CVE-2009-3420 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
3298 NOT-FOR-US: Miniweb Publisher module
3299 CVE-2009-3419 (SQL injection vulnerability in index.php in the Publisher module 2.0 ...)
3300 NOT-FOR-US: Miniweb Publisher module
3301 CVE-2009-3418 (Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) ...)
3302 NOT-FOR-US: Plume CMS
3303 CVE-2009-3417 (SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 ...)
3304 NOT-FOR-US: IDoBlog component Joomla
3305 CVE-2009-3416
3306 RESERVED
3307 CVE-2009-3415
3308 RESERVED
3309 CVE-2009-3414
3310 RESERVED
3311 CVE-2009-3413
3312 RESERVED
3313 CVE-2009-3412
3314 RESERVED
3315 CVE-2009-3411
3316 RESERVED
3317 CVE-2009-3410
3318 RESERVED
3319 CVE-2009-3409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) ...)
3320 NOT-FOR-US: Oracle PeopleSoft Enterprise
3321 CVE-2009-3408 (Unspecified vulnerability in the Oracle Application Object Library ...)
3322 NOT-FOR-US: Oracle E-Business Suite
3323 CVE-2009-3407 (Unspecified vulnerability in the Portal component in Oracle ...)
3324 NOT-FOR-US: Oracle Application Server
3325 CVE-2009-3406 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...)
3326 NOT-FOR-US: Oracle PeopleSoft Enterprise
3327 CVE-2009-3405 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...)
3328 NOT-FOR-US: Oracle PeopleSoft Enterprise
3329 CVE-2009-3404 (Unspecified vulnerability in the PeopleSoft PeopleTools &amp; Enterprise ...)
3330 NOT-FOR-US: Oracle PeopleSoft Enterprise
3331 CVE-2009-3403 (Unspecified vulnerability in the JRockit component in BEA Product ...)
3332 NOT-FOR-US: BEA Product Suite
3333 CVE-2009-3402 (Unspecified vulnerability in the Oracle Applications Framework ...)
3334 NOT-FOR-US: Oracle E-Business Suite
3335 CVE-2009-3401 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
3336 NOT-FOR-US: Oracle E-Business Suite
3337 CVE-2009-3400 (Unspecified vulnerability in the Oracle Advanced Benefits component in ...)
3338 NOT-FOR-US: Oracle E-Business Suite
3339 CVE-2009-3399 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
3340 NOT-FOR-US: BEA Product Suite
3341 CVE-2009-3398
3342 RESERVED
3343 CVE-2009-3397 (Unspecified vulnerability in the Oracle Application Object Library ...)
3344 NOT-FOR-US: Oracle E-Business Suite
3345 CVE-2009-3396 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
3346 NOT-FOR-US: BEA Product Suite
3347 CVE-2009-3395 (Unspecified vulnerability in the AutoVue component in Oracle ...)
3348 NOT-FOR-US: Oracle E-Business Suite
3349 CVE-2009-3394
3350 RESERVED
3351 CVE-2009-3393 (Unspecified vulnerability in the Oracle Application Object Library ...)
3352 NOT-FOR-US: Oracle E-Business Suite
3353 CVE-2009-3392 (Unspecified vulnerability in the Agile Engineering Data Management ...)
3354 NOT-FOR-US: Oracle E-Business Suite
3355 CVE-2009-4193 (Merkaartor 0.14 allows local users to append data to arbitrary files ...)
3356 - merkaartor 0.14+svnfixes~20090912-2 (low; bug #548546)
3357 [lenny] - merkaartor <not-affected> (vulnerable code not present)
3358 NOTE: does not run as root so minor issue.
3359 CVE-2009-XXXX [amsn SSL verification vuln]
3360 TODO: check, file bug - amsn <unfixed>
3361 NOTE: http://www.juniper.net/security/auto/vulnerabilities/vuln35507.html
3362 CVE-2009-XXXX [SA-CORE-2009-008]
3363 - drupal6 6.14-1 (bug #547140)
3364 [lenny] - drupal6 6.6-3lenny3
3365 CVE-2009-3391
3366 RESERVED
3367 CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) ...)
3368 NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
3369 CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used ...)
3370 - libtheora 1.1
3371 - xulrunner 1.9.1.6-1
3372 [lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
3373 CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before ...)
3374 - liboggplay <unfixed>
3375 - xulrunner 1.9.1.6-1
3376 [lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
3377 CVE-2009-3387
3378 RESERVED
3379 CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 ...)
3380 - bugzilla <not-affected> (Only 3.3 onwards are affected)
3381 TODO: recheck, once a more recent (3.3.x or 3.4.x) version has been uploaded
3382 CVE-2009-3385
3383 RESERVED
3384 CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...)
3385 - webkit 1.1.17-2 (medium; bug #559759)
3386 - qt4-x11 <undetermined> (bug #561760)
3387 [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
3388 [lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
3389 - kdelibs <undetermined> (bug #561765)
3390 - kde4libs <undetermined> (bug #561762)
3391 CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
3392 - xulrunner 1.9.1.4-1
3393 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
3394 [etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
3395 CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla ...)
3396 {DSA-1922-1}
3397 - xulrunner 1.9.1.4-1
3398 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
3399 CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
3400 - xulrunner 1.9.1.4-1
3401 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
3402 [etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
3403 CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
3404 {DSA-1922-1}
3405 - xulrunner 1.9.1.4-1
3406 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
3407 CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...)
3408 {DSA-1939-1}
3409 - libvorbis 1.2.3-1 (medium)
3410 - xulrunner 1.9.1.4-1
3411 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
3412 [etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
3413 CVE-2009-3378 (The oggplay_data_handle_theora_frame function in ...)
3414 - xulrunner 1.9.1.4-1
3415 [etch] - xulrunner <not-affected> (ogg support added in firefox 3.5)
3416 [lenny] - xulrunner <not-affected> (ogg support added in firefox 3.5)
3417 - liboggplay 0.2.1~git20091120-1 (medium; bug #552743)
3418 CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before ...)
3419 - xulrunner 1.9.1.4-1
3420 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
3421 [etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
3422 - liboggz 0.9.9-1 (medium)
3423 CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...)
3424 {DSA-1922-1}
3425 - xulrunner 1.9.1.4-1
3426 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
3427 CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x ...)
3428 {DSA-1922-1}
3429 - xulrunner 1.9.1.4-1
3430 [etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
3431 CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM implementation ...)
3432 {DSA-1922-1}
3433 - xulrunner 1.9.1.4-1
3434 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
3435 CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla Firefox ...)
3436 {DSA-1922-1}
3437 - xulrunner 1.9.1.4-1
3438 [etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
3439 CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...)
3440 {DSA-1922-1}
3441 - xulrunner 1.9.1.4-1
3442 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
3443 CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 ...)
3444 - xulrunner 1.9.1.4-1
3445 [etch] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
3446 [lenny] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
3447 - kompozer <unfixed> (unimportant; bug #555326)
3448 NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
3449 CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote ...)
3450 {DSA-1922-1}
3451 - xulrunner 1.9.1.4-1
3452 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
3453 CVE-2009-3368 (Cross-site scripting (XSS) vulnerability in the Hotel Booking ...)
3454 NOT-FOR-US: component for Joomla!
3455 CVE-2009-3367 (Multiple cross-site scripting (XSS) vulnerabilities in An image ...)
3456 NOT-FOR-US: An image gallery 1.0
3457 CVE-2009-3366 (Directory traversal vulnerability in navigation.php in An image ...)
3458 NOT-FOR-US: An image gallery 1.0
3459 CVE-2009-3365 (PHP remote file inclusion vulnerability in ...)
3460 NOT-FOR-US: Aurora CMS
3461 CVE-2009-3364 (Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote ...)
3462 NOT-FOR-US: FTPShell Client
3463 CVE-2009-3363 (Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x ...)
3464 NOT-FOR-US: a module for Drupal
3465 CVE-2009-3362 (PHP remote file inclusion vulnerability in printnews.php3 in SZNews ...)
3466 NOT-FOR-US: SZNews
3467 CVE-2009-3361 (SQL injection vulnerability in index.php in PHP-IPNMonitor allows ...)
3468 NOT-FOR-US: PHP-IPNMonitor
3469 CVE-2009-3360 (Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 ...)
3470 NOT-FOR-US: Datemill
3471 CVE-2009-3359 (Multiple cross-site scripting (XSS) vulnerabilities in Match Agency ...)
3472 NOT-FOR-US: Match Agency BiZ
3473 CVE-2009-3358 (SQL injection vulnerability in profile.php in Tourism Scripts Adult ...)
3474 NOT-FOR-US: Tourism Scripts Adult
3475 CVE-2009-3357 (Multiple SQL injection vulnerabilities in the Hotel Booking ...)
3476 NOT-FOR-US: component for Joomla!
3477 CVE-2009-3356 (SQL injection vulnerability in index.php in Image voting 1.0 allows ...)
3478 NOT-FOR-US: Image voting
3479 CVE-2009-3355 (Cross-site scripting (XSS) vulnerability in profile.php in Datetopia ...)
3480 NOT-FOR-US: Datetopia Buy Dating Site
3481 CVE-2009-3354 (Multiple unspecified vulnerabilities in the Rest API module for Drupal ...)
3482 NOT-FOR-US: Rest API module for Drupal
3483 CVE-2009-3353 (Multiple unspecified vulnerabilities in the Node2Node module for ...)
3484 NOT-FOR-US: Node2Node module for Drupal
3485 CVE-2009-3352 (Multiple unspecified vulnerabilities in the quota_by_role (Quota by ...)
3486 NOT-FOR-US: quota_by_role (Quota by role) module for Drupal
3487 CVE-2009-3351 (Multiple unspecified vulnerabilities in the Node Browser module for ...)
3488 NOT-FOR-US: Node Browser module for Drupal
3489 CVE-2009-3350 (Multiple unspecified vulnerabilities in the Subdomain Manager module ...)
3490 NOT-FOR-US: Subdomain Manager module for Drupal
3491 CVE-2009-3349 (SQL injection vulnerability in Datavore Gyro 5.0 allows remote ...)
3492 NOT-FOR-US: Datavore Gyro
3493 CVE-2009-3348 (Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows ...)
3494 NOT-FOR-US: Datavore Gyro
3495 CVE-2009-3347 (Buffer overflow on the D-Link DIR-400 wireless router allows remote ...)
3496 NOT-FOR-US: D-Link DIR-400 wireless router
3497 CVE-2009-3346 (Unspecified vulnerability in SAP Crystal Reports Server 2008 allows ...)
3498 NOT-FOR-US: SAP Crystal Reports Server
3499 CVE-2009-3345 (Heap-based buffer overflow in SAP Crystal Reports Server 2008 has ...)
3500 NOT-FOR-US: SAP Crystal Reports Server
3501 CVE-2009-3344 (Unspecified vulnerability in SAP Crystal Reports Server 2008 on ...)
3502 NOT-FOR-US: SAP Crystal Reports Server
3503 CVE-2009-3343 (SQL injection vulnerability in details.asp in HotWeb Rentals allows ...)
3504 NOT-FOR-US: HotWeb Rentals
3505 CVE-2009-3342 (SQL injection vulnerability in frontend/assets/ajax/checkusername.php ...)
3506 NOT-FOR-US: component for Joomla!
3507 CVE-2009-3341 (Buffer overflow on the Linksys WRT54GL wireless router allows remote ...)
3508 NOT-FOR-US: Linksys WRT54GL wireless router
3509 CVE-2009-3340 (Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to ...)
3510 NOT-FOR-US: FreeSSHD
3511 CVE-2009-3339 (Unspecified vulnerability in McAfee Email and Web Security Appliance ...)
3512 NOT-FOR-US: McAfee Email and Web Security Appliance
3513 CVE-2009-3338 (Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b ...)
3514 NOT-FOR-US: Magic Morph
3515 CVE-2009-3337 (SQL injection vulnerability in the Freetag (serendipity_event_freetag) ...)
3516 NOT-FOR-US: plugin for Serendipity
3517 CVE-2009-3336 (SQL injection vulnerability in auction_details.php in PHP Pro Bid ...)
3518 NOT-FOR-US: PHP Pro Bid
3519 CVE-2009-3335 (SQL injection vulnerability in the TurtuShout component 0.11 for ...)
3520 NOT-FOR-US: TurtuShout component 0.11 for Joomla!
3521 CVE-2009-3334 (SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! ...)
3522 NOT-FOR-US: Lhacky! Extensions Cave Joomla!
3523 CVE-2009-3333 (PHP remote file inclusion vulnerability in koesubmit.php in the ...)
3524 NOT-FOR-US: koeSubmit (com_koesubmit) component 1.0 for Mambo
3525 CVE-2009-3332 (SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) ...)
3526 NOT-FOR-US: BudgetsMagic (com_jbudgetsmagic) component for Joomla!
3527 CVE-2009-3331 (Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 ...)
3528 NOT-FOR-US: DDL CMS
3529 CVE-2009-3330 (SQL injection vulnerability in index.php in cP Creator 2.7.1, when ...)
3530 NOT-FOR-US: cP Creator
3531 CVE-2009-3329 (Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted ...)
3532 NOT-FOR-US: Winplot
3533 CVE-2009-3328 (Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook ...)
3534 NOT-FOR-US: WX-Guestbook
3535 CVE-2009-3327 (Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow ...)
3536 NOT-FOR-US: WX-Guestbook
3537 CVE-2009-3326 (SQL injection vulnerability in index.php in CMScontrol Content ...)
3538 NOT-FOR-US: CMScontrol
3539 CVE-2009-3325 (SQL injection vulnerability in the Focusplus Developments Survey ...)
3540 NOT-FOR-US: Survey Manager (com_surveymanager) component 1.5.0 for Joomla!
3541 CVE-2009-3324 (PHP remote file inclusion vulnerability in include/prodler.class.php ...)
3542 NOT-FOR-US: ProdLer
3543 CVE-2009-3323 (Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation ...)
3544 NOT-FOR-US: BAnner ROtation System mini (BAROSmini)
3545 CVE-2009-3322 (The Siemens Gigaset SE361 WLAN router allows remote attackers to cause ...)
3546 NOT-FOR-US: Siemens Gigaset SE361 WLAN router
3547 CVE-2009-3321 (SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc ...)
3548 NOT-FOR-US: SaphpLesson
3549 CVE-2009-3320 (Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas ...)
3550 NOT-FOR-US: Zenas PaoLink (aka Pao-Link)
3551 CVE-2009-3319 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...)
3552 NOT-FOR-US: DCI-Designs Dawaween
3553 CVE-2009-3318 (Directory traversal vulnerability in the Roland Breedveld Album ...)
3554 NOT-FOR-US: Roland Breedveld Album (com_album) component 1.14 for Joomla!
3555 CVE-2009-3317 (PHP remote file inclusion vulnerability in pages/pageHeader.php in ...)
3556 NOT-FOR-US: OpenSiteAdmin
3557 CVE-2009-3316 (SQL injection vulnerability in the JReservation (com_jreservation) ...)
3558 NOT-FOR-US: JReservation (com_jreservation) component 1.0 and 1.5 for Joomla!
3559 CVE-2009-3315 (SQL injection vulnerability in admin/index.php in NeLogic Nephp ...)
3560 NOT-FOR-US: NeLogic Nephp Publisher Enterprise
3561 CVE-2009-3314 (SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 ...)
3562 NOT-FOR-US: Elite Gaming Ladders
3563 CVE-2009-3313 (Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote ...)
3564 NOT-FOR-US: FMyClone
3565 CVE-2009-3312 (PHP remote file inclusion vulnerability in php/init.poll.php in ...)
3566 NOT-FOR-US: phpPollScript
3567 CVE-2009-3311 (Cross-site scripting (XSS) vulnerability in index.php in ...)
3568 NOT-FOR-US: RSSMediaScript
3569 CVE-2009-3310 (SQL injection vulnerability in index.php in Zainu 1.0 allows remote ...)
3570 NOT-FOR-US: Zainu
3571 CVE-2009-3309 (SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta ...)
3572 NOT-FOR-US: CF ShopKart
3573 CVE-2009-3308 (SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows ...)
3574 NOT-FOR-US: FanUpdate
3575 CVE-2009-3307 (Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 ...)
3576 NOT-FOR-US: FSphp
3577 CVE-2009-3306 (PHP remote file inclusion vulnerability in include/header.php in ...)
3578 NOT-FOR-US: ClearSite
3579 CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attackers to ...)
3580 - polipo 1.0.4-1.1 (low; bug #547047)
3581 [etch] - polipo <no-dsa> (Minor issue)
3582 [lenny] - polipo <no-dsa> (Minor issue)
3583 CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite ...)
3584 {DSA-1945-1}
3585 - gforge 4.8.2-1
3586 CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in ...)
3587 {DSA-1937-1}
3588 - gforge 4.8.1-3 (low)
3589 CVE-2009-3302
3590 RESERVED
3591 CVE-2009-3301
3592 RESERVED
3593 CVE-2009-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the Identity ...)
3594 {DSA-1947-1}
3595 - shibboleth-sp2 2.3+dfsg-1 (medium; bug #555608)
3596 - shibboleth-sp <removed> (medium)
3597 NOTE: xmltooling/opensaml2 also needs to be updated, changed in sid in 1.3.1-1/2.3-1
3598 CVE-2009-3299 (Cross-site scripting (XSS) vulnerability in the resume blocktype in ...)
3599 {DSA-1924-1}
3600 - mahara 1.1.7-1 (low)
3601 NOTE: http://mahara.org/interaction/forum/topic.php?id=1170
3602 CVE-2009-3298 (Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote ...)
3603 {DSA-1924-1}
3604 - mahara 1.1.7-1 (low)
3605 NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
3606 CVE-2009-3297
3607 RESERVED
3608 CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow ...)
3609 {DSA-1912-2 DSA-1912-1}
3610 - camlimages 1:3.0.1-5 (low)
3611 - advi 1.6.0-15 (low; bug #551282)
3612 CVE-2009-3295 (The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm ...)
3613 - krb5 1.7+dfsg-4 (medium)
3614 [lenny] - krb5 <not-affected> (code introduced in 1.7)
3615 [etch] - krb5 <not-affected> (code introduced in 1.7)
3616 CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and ...)
3617 - php5 <not-affected> (win32-specific)
3618 CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function in PHP ...)
3619 - php5 <not-affected> (the php packages use the system libgd2)
3620 - php4 <not-affected> (the php packages use the system libgd2)
3621 NOTE: the transparent colours functionality is only on php5's bundled libgd2
3622 TODO: watch for possible merge of the transparent colours functionality into libgd2
3623 CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...)
3624 {DSA-1940-1}
3625 - php5 5.2.11.dfsg.1-1 (low)
3626 NOTE: unknown impact, it is related to missing sanity checks
3627 NOTE: when determining the length of sections of jpg headers
3628 NOTE: a missing limit on the nesting level of TIFF files, and
3629 NOTE: missing EOF checks, possibly leading to NULL dereferences
3630 NOTE: experimental is likely to be affected (as of 5.3.0)
3631 TODO: check php4
3632 CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before ...)
3633 {DSA-1940-1}
3634 - php5 5.2.11.dfsg.1-1 (low)
3635 [lenny] - php5 <no-dsa> (rather unimportant)
3636 [etch] - php5 <no-dsa> (rather unimportant)
3637 NOTE: seems to be related to handling of \0 on CN
3638 NOTE: not worth a dsa on its own, php doesn't verify certificates by default
3639 NOTE: experimental is likely to be affected (as of 5.3.0)
3640 TODO: check php4
3641 CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target ...)
3642 - glib2.0 2.22.0-1 (low)
3643 [lenny] - glib2.0 <no-dsa> (Minor issue)
3644 TODO: next point update: [lenny] - glib2.0 2.16.6-3
3645 [etch] - glib2.0 <no-dsa> (Minor issue)
3646 CVE-2009-3287 (lib/thin/connection.rb in Thin web server before 1.2.4 relies on the ...)
3647 - thin 1.2.4-1 (low)
3648 CVE-2009-3285
3649 RESERVED
3650 CVE-2009-3284 (Directory traversal vulnerability in phpspot PHP BBS, PHP Image ...)
3651 NOT-FOR-US: phpspot Products
3652 CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image ...)
3653 NOT-FOR-US: phpspot Products
3654 CVE-2009-3282 (Integer overflow in the vmx86 kernel extension in VMware Fusion before ...)
3655 NOT-FOR-US: VMware Fusion
3656 CVE-2009-3281 (The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 ...)
3657 NOT-FOR-US: VMware Fusion
3658 CVE-2009-3280 (Integer signedness error in the find_ie function in ...)
3659 - linux-2.6 2.6.31-1 (medium)
3660 - linux-2.6.24 <not-affected> (vulnerable code not present)
3661 [etch] - linux-2.6 <not-affected> (vulnerable code not present)
3662 [lenny] - linux-2.6 <not-affected> (vulnerable code not present)
3663 CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...)
3664 NOT-FOR-US: QNAP TS-239 Pro and TS-639
3665 CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...)
3666 NOT-FOR-US: QNAP TS-239 Pro and TS-639
3667 CVE-2009-3277 (DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault ...)
3668 NOT-FOR-US: datavault
3669 CVE-2009-3276 (Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed ...)
3670 NOT-FOR-US: NASD CORE.NET Terelik (aka corenet1)
3671 CVE-2009-3275 (Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...)
3672 NOT-FOR-US: Microsoft patterns & practices Enterprise Library
3673 CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and ...)
3674 {DSA-1922-1}
3675 - xulrunner 1.9.1.4-1
3676 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
3677 CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not ...)
3678 NOT-FOR-US: Apple iPhone
3679 CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...)
3680 - webkit <unfixed> (unimportant; bug #559759)
3681 - qt4-x11 <unfixed> (unimportant)
3682 [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
3683 [lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
3684 - kdelibs <unfixed> (unimportant)
3685 - kde4libs <unfixed> (unimportant)
3686 NOTE: browser crashers are not considered security-relevant
3687 CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a ...)
3688 NOT-FOR-US: Apple Safari on iPhone OS 3.0.1
3689 CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the ...)
3690 {DSA-1915-1 DSA-1907-1 DTSA-203-1}
3691 - linux-2.6 2.6.31-1 (medium)
3692 [etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
3693 - linux-2.6.24 <not-affected> (introduced in 2.6.25)
3694 - kvm 85+dfsg-4.1 (high; bug #548975)
3695 CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel ...)
3696 - linux-2.6 2.6.31-1 (low)
3697 [etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
3698 [lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
3699 - linux-2.6.24 <not-affected> (introduced in 2.6.28)
3700 CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does ...)
3701 {DSA-1929-1 DSA-1928-1 DSA-1915-1}
3702 - linux-2.6 2.6.30-1 (low)
3703 - linux-2.6.24 <removed>
3704 CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote ...)
3705 NOT-FOR-US: Microsoft Internet Explorer 7
3706 CVE-2009-3269 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
3707 NOT-FOR-US: Opera
3708 CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...)
3709 - chromium-browser <itp> (bug #520324)
3710 CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...)
3711 NOT-FOR-US: Microsoft Internet Explorer
3712 CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) ...)
3713 NOT-FOR-US: Opera
3714 CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows ...)
3715 NOT-FOR-US: Opera
3716 CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21 omits an ...)
3717 - chromium-browser <itp> (bug #520324)
3718 CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x ...)
3719 - chromium-browser <itp> (low; bug #520324)
3720 NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
3721 NOTE: other browsers are not affected (only chrome and opera)
3722 CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) ...)
3723 NOT-FOR-US: IBM Tivoli Identity Manager
3724 CVE-2009-3261 (update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require ...)
3725 NOT-FOR-US: LiveStreet
3726 CVE-2009-3260 (Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows ...)
3727 NOT-FOR-US: LiveStreet
3728 CVE-2009-3259 (Multiple SQL injection vulnerabilities in RASH Quote Management System ...)
3729 NOT-FOR-US: RASH Quote Management System (RQMS)
3730 CVE-2009-3258 (vtiger CRM before 5.1.0 allows remote authenticated users, with ...)
3731 NOT-FOR-US: vtiger CRM
3732 CVE-2009-3257 (vtiger CRM before 5.1.0 allows remote authenticated users to bypass ...)
3733 NOT-FOR-US: vtiger CRM
3734 CVE-2009-3256 (Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php ...)
3735 NOT-FOR-US: LiveStreet
3736 CVE-2009-3255 (SQL injection vulnerability in RASH Quote Management System (RQMS) ...)
3737 NOT-FOR-US: RASH Quote Management System (RQMS)
3738 CVE-2009-3254 (Multiple stack-based buffer overflows in Ultimate Player 1.56 beta ...)
3739 NOT-FOR-US: Ultimate Player
3740 CVE-2009-3253 (Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 ...)
3741 NOT-FOR-US: TriceraSoft Swift Ultralite
3742 CVE-2009-3252 (Multiple SQL injection vulnerabilities in news.php in Rock Band CMS ...)
3743 NOT-FOR-US: Rock Band CMS
3744 CVE-2009-3251 (include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows ...)
3745 NOT-FOR-US: vtiger CRM
3746 CVE-2009-3250 (The saveForwardAttachments procedure in the Compose Mail functionality ...)
3747 NOT-FOR-US: vtiger CRM
3748 CVE-2009-3249 (Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow ...)
3749 NOT-FOR-US: vtiger CRM
3750 CVE-2009-3248 (Cross-site request forgery (CSRF) vulnerability in the RSS module in ...)
3751 NOT-FOR-US: vtiger CRM
3752 CVE-2009-3247 (Cross-site scripting (XSS) vulnerability in the Activities module in ...)
3753 NOT-FOR-US: vtiger CRM
3754 CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX ...)
3755 NOT-FOR-US: MyBuxScript PTC-BUX
3756 CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...)
3757 - chromium-browser <itp> (bug #520324)
3758 CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
3759 NOT-FOR-US: Opera
3760 CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a ...)
3761 TODO: check
3762 CVE-2009-3245
3763 RESERVED
3764 CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...)
3765 NOT-FOR-US: Adobe ShockWave Player
3766 CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and ...)
3767 - wireshark <not-affected> (Windows-only issue)
3768 CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in ...)
3769 - wireshark 1.2.2-1 (low; bug #547704)
3770 [etch] - wireshark <not-affected> (Only affects 1.2.x)
3771 [lenny] - wireshark <not-affected> (Only affects 1.2.x)
3772 CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark ...)
3773 {DSA-1942-1}
3774 - wireshark 1.2.2-1 (low; bug #547704)
3775 [etch] - wireshark <not-affected> (Only affects >= 0.99.6)
3776 [lenny] - wireshark <no-dsa> (Minor issue, targeted for next point release)
3777 TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6
3778 CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...)
3779 NOT-FOR-US: module for XOOPS
3780 CVE-2009-3239
3781 REJECTED
3782 - openoffice.org <not-affected>
3783 NOTE: SUSE says that it is not a dup of CVE-2009-2139 and CVE-2009-2140...
3784 CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux ...)
3785 {DSA-1929-1 DSA-1928-1 DSA-1927-1}
3786 - linux-2.6 2.6.30-1 (low)
3787 - linux-2.6.24 <removed> (low)
3788 CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
3789 - horde3 3.3.5+debian0-1 (low)
3790 [lenny] - horde3 3.2.2+debian0-2+lenny1
3791 NOTE: horde3 issue fixed in backport of latest DSA, DSA however did not fix etch
3792 CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in Dovecot ...)
3793 {DSA-1893-1 DSA-1892-1}
3794 - cyrus-imapd-2.2 2.2.13-17 (medium; bug #547947)
3795 - kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712)
3796 - dovecot 1:1.2.1-1 (medium; bug #546656)
3797 NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few additional buffer overflows
3798 CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem ...)
3799 {DSA-1929-1 DSA-1928-1 DSA-1927-1}
3800 - linux-2.6 2.6.31-1 (low)
3801 - linux-2.6.24 <removed> (low)
3802 CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and ...)
3803 - linux-2.6 2.6.13-1 (low)
3804 - linux-2.6.24 <not-affected> (fixed prior to first upload of 2.6.24)
3805 CVE-2009-3236 (The form library in Horde Application Framework 3.2 before 3.2.5 and ...)
3806 {DSA-1897-1}
3807 - horde3 3.3.5+debian0-1 (medium; bug #547318)
3808 CVE-2008-7243 (Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS ...)
3809 NOT-FOR-US: MODx CMS
3810 CVE-2008-7242 (Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS ...)
3811 NOT-FOR-US: MODx CMS
3812 CVE-2008-7241 (Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 ...)
3813 NOT-FOR-US: PunBB
3814 CVE-2008-7240 (Directory traversal vulnerability in include/unverified.inc.php in ...)
3815 NOT-FOR-US: Linux Web Shop (LWS) php User Base
3816 CVE-2009-XXXX [webkit: potential ssl certificate null character stripping vulnerability]
3817 - webkit <unfixed> (medium; bug #547217)
3818 TODO: asked maintainer to check; follow-up
3819 CVE-2009-3234 (Buffer overflow in the perf_copy_attr function in ...)
3820 - linux-2.6 <not-affected> (Introduced in 2.6.31, fixed in Debian package before initial 2.6.31 upload)
3821 - linux-2.6.24 <not-affected> (Introduced in 2.6.31)
3822 CVE-2009-3227 (Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft ...)
3823 NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
3824 CVE-2009-3226 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
3825 NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
3826 CVE-2009-3225 (Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft ...)
3827 NOT-FOR-US: AlmondSoft Almond Classifieds Wap and Pro
3828 CVE-2009-3224 (SQL injection vulnerability in index.php in Super Mod System, when ...)
3829 NOT-FOR-US: Super Mod System
3830 CVE-2009-3223 (SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver ...)
3831 NOT-FOR-US: Inout Adserver
3832 CVE-2009-3222 (Cross-site scripting (XSS) vulnerability in index.php in ...)
3833 NOT-FOR-US: FreeWebScriptz Honest Traffic
3834 CVE-2009-3221 (Stack-based buffer overflow in Audio Lib Player (ALP) allows remote ...)
3835 NOT-FOR-US: Audio Lib Player (ALP)
3836 CVE-2009-3220 (PHP remote file inclusion vulnerability in cp_html2txt.php in All In ...)
3837 NOT-FOR-US: All In One Control Panel
3838 CVE-2009-3219 (Directory traversal vulnerability in a.php in AR Web Content Manager ...)
3839 NOT-FOR-US: AR Web Content Manager
3840 CVE-2009-3218 (SQL injection vulnerability in control/login.php in AR Web Content ...)
3841 NOT-FOR-US: AR Web Content Manager
3842 CVE-2009-3217 (SQL injection vulnerability in the admin module in iWiccle 1.01 allows ...)
3843 NOT-FOR-US: iWiccle
3844 CVE-2009-3216 (Multiple directory traversal vulnerabilities in iWiccle 1.01, when ...)
3845 NOT-FOR-US: iWiccle
3846 CVE-2009-3215 (SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, ...)
3847 NOT-FOR-US: IXXO Cart Standalone
3848 CVE-2009-3214 (Multiple stack-based buffer overflows in Photodex ProShow Gold ...)
3849 NOT-FOR-US: Photodex ProShow Gold
3850 CVE-2009-3213 (Stack-based buffer overflow in broid 1.0 Beta 3a allows remote ...)
3851 NOT-FOR-US: broid
3852 CVE-2009-3212 (SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, ...)
3853 NOT-FOR-US: VivaPrograms Infinity Script
3854 CVE-2009-3211 (Directory traversal vulnerability in VivaPrograms Infinity Script ...)
3855 NOT-FOR-US: VivaPrograms Infinity Script
3856 CVE-2009-3210 (Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka ...)
3857 NOT-FOR-US: Print (aka Printer, e-mail and PDF versions) Drupal module (3rd party module)
3858 CVE-2009-3209 (SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 ...)
3859 NOT-FOR-US: PHP eMail Manager
3860 CVE-2009-3208 (Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote ...)
3861 NOT-FOR-US: phpfreeBB
3862 CVE-2009-3207 (The ImageCache module 5.x before 5.x-2.5 and 6.x before ...)
3863 NOT-FOR-US: ImageCache module for Drupal (3rd party module)
3864 CVE-2009-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache ...)
3865 NOT-FOR-US: ImageCache module for Drupal (3rd party module)
3866 CVE-2009-3205 (SQL injection vulnerability in main.php in CBAuthority allows remote ...)
3867 NOT-FOR-US: CBAuthority
3868 CVE-2009-3204 (Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 ...)
3869 NOT-FOR-US: Stiva Forum
3870 CVE-2009-3203 (SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x ...)
3871 NOT-FOR-US: AJ Auction Pro OOPD
3872 CVE-2009-3202 (Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP ...)
3873 NOT-FOR-US: ULoKI PHP Forum
3874 CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows user-assisted ...)
3875 NOT-FOR-US: Media Player Classic
3876 CVE-2009-3200 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...)
3877 NOT-FOR-US: QNAP TS-239 Pro and TS-639 Pro
3878 CVE-2009-3199 (Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web ...)
3879 NOT-FOR-US: Uebimiau Webmail
3880 CVE-2009-3198 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech ...)
3881 NOT-FOR-US: Affiliate Master
3882 CVE-2009-3197 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP ...)
3883 NOT-FOR-US: JCE-Tech PHP Calendars
3884 CVE-2009-3196 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP ...)
3885 NOT-FOR-US: JCE-Tech PHP Video Script
3886 CVE-2009-3195 (Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech ...)
3887 NOT-FOR-US: JCE-Tech Auction RSS Content Script
3888 CVE-2009-3194 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech ...)
3889 NOT-FOR-US: JCE-Tech SearchFeed Script
3890 CVE-2009-3193 (SQL injection vulnerability in the DigiFolio (com_digifolio) component ...)
3891 NOT-FOR-US: component for Joomla!
3892 CVE-2009-3192 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
3893 NOT-FOR-US: LinkorCMS
3894 CVE-2009-3191 (Multiple cross-site scripting (XSS) vulnerabilities in PAD Site ...)
3895 NOT-FOR-US: PAD Site Scripts
3896 CVE-2009-3190 (Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow ...)
3897 NOT-FOR-US: PAD Site Scripts
3898 CVE-2009-3189 (Cross-site scripting (XSS) vulnerability in search.php in DigiOz ...)
3899 NOT-FOR-US: DigiOz Guestbook
3900 CVE-2009-3188 (PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 ...)
3901 NOT-FOR-US: phpSANE
3902 CVE-2009-3187 (Cross-site scripting (XSS) vulnerability in gamelist.php in Stand ...)
3903 NOT-FOR-US: Stand Alone Arcade
3904 CVE-2009-3186 (Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ ...)
3905 NOT-FOR-US: VideoGirls BiZ
3906 CVE-2009-3185 (SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 ...)
3907 NOT-FOR-US: Crazy Star plugin 2.0 for Discuz!
3908 CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates of The ...)
3909 NOT-FOR-US: Pirates of The Caribbean
3910 CVE-2009-3233 (changetrack 4.3 allows local users to execute arbitrary commands via ...)
3911 {DSA-1891-1}
3912 - changetrack 4.5-2 (medium; bug #546791)
3913 CVE-2008-7228 (Multiple format string vulnerabilities in White_Dune before ...)
3914 - whitedune <not-affected> (bug #546903)
3915 NOTE: The debian binary versions are not compiled with the --with-aflockdebug option
3916 CVE-2008-7224 (Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows ...)
3917 {DSA-1902-1}
3918 - elinks 0.11.3-1 (low; bug #380347)
3919 CVE-2009-3183 (Heap-based buffer overflow in w in Sun Solaris 8 through 10, and ...)
3920 NOT-FOR-US: Sun Solaris
3921 CVE-2008-7239 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
3922 NOT-FOR-US: Oracle E-Business Suite
3923 CVE-2008-7238 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 ...)
3924 NOT-FOR-US: Oracle E-Business Suite
3925 CVE-2008-7237 (Unspecified vulnerability in the Oracle Internet Directory component ...)
3926 NOT-FOR-US: Oracle Application Server
3927 CVE-2008-7236 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
3928 NOT-FOR-US: Oracle Application Server
3929 CVE-2008-7235 (Unspecified vulnerability in the Oracle Forms component in Oracle ...)
3930 NOT-FOR-US: Oracle Application Server
3931 CVE-2008-7234 (Unspecified vulnerability in the Oracle BPEL Worklist Application ...)
3932 NOT-FOR-US: Oracle Application Server
3933 CVE-2008-7233 (Unspecified vulnerability in the E-Business Application client, as ...)
3934 NOT-FOR-US: E-Business Application client
3935 CVE-2008-7232 (Buffer overflow in the report function in xtacacsd 4.1.2 and earlier ...)
3936 NOT-FOR-US: xtacacsd
3937 CVE-2008-7231 (Cross-site scripting (XSS) vulnerability in Meridio Document and ...)
3938 NOT-FOR-US: Meridio Document and Records Management
3939 CVE-2008-7230 (Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before ...)
3940 NOT-FOR-US: Small Footprint CIM Broker
3941 CVE-2008-7229 (GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers ...)
3942 NOT-FOR-US: GreenSQL Firewall
3943 CVE-2008-7227 (PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 ...)
3944 NOT-FOR-US: GeoServer
3945 CVE-2008-7226 (SQL injection vulnerability in index.php in the Recipes module 1.3, ...)
3946 NOT-FOR-US: Recipes module for PHP-Nuke
3947 CVE-2008-7225 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC ...)
3948 NOT-FOR-US: Foxit Remote Access Server
3949 CVE-2008-7223 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
3950 NOT-FOR-US: LinPHA
3951 CVE-2008-7222 (Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS ...)
3952 NOT-FOR-US: RunCMS
3953 CVE-2008-7221 (Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows ...)
3954 NOT-FOR-US: RunCMS
3955 CVE-2009-3166 (token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL ...)
3956 - bugzilla <not-affected> (only 3.4.x is affected)
3957 TODO: check when 3.4.x will be uploaded in unstable
3958 CVE-2009-3165 (SQL injection vulnerability in the Bug.create WebService function in ...)
3959 {DSA-1913-1}
3960 - bugzilla 3.2.5.0-1 (low; bug #547132)
3961 [etch] - bugzilla <not-affected> (Vulnerable code not present)
3962 NOTE: Introduced in 2.23.4
3963 CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...)
3964 {DSA-1952-1}
3965 - prototypejs 1.6.0.2-1
3966 - asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
3967 [etch] - asterisk <no-dsa> (Minor issue)
3968 [lenny] - asterisk <no-dsa> (Minor issue)
3969 - auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
3970 - libaws 2.7-1 (low; bug #555221)
3971 [etch] - libaws <no-dsa> (minor issue)
3972 [lenny] - libaws <no-dsa> (minor issue)
3973 - libjson-ruby 1.1.4-1 (low; bug #555223)
3974 [lenny] - libjson-ruby <no-dsa> (minor issue)
3975 TODO: next point release [lenny] - libjson-ruby 1.1.2-1+lenny1
3976 - lucene2 2.9.1+ds1-2 (unimportant; bug #555225)
3977 [etch] - lucene2 <not-affected> (prototype.js not present)
3978 NOTE: prototype.js copy unused per #555225
3979 - glpi 0.72.3-1 (low; bug #555228)
3980 [etch] - glpi <no-dsa> (minor issue)
3981 [lenny] - glpi <no-dsa> (minor issue)
3982 - knowledgeroot <unfixed> (low; bug #555229)
3983 [etch] - knowledgeroot <no-dsa> (minor issue)
3984 [lenny] - knowledgeroot <no-dsa> (minor issue)
3985 - mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
3986 [etch] - mt-daapd <no-dsa> (minor issue)
3987 TODO: [etch] - mt-daapd 0.2.4+r1376-1.1+etch3
3988 - mediatomb <unfixed> (low; bug #555232)
3989 [lenny] - mediatomb <no-dsa> (minor issue)
3990 - op-panel 0.30~dfsg-1 (low; bug #555234)
3991 - ebug-http <removed> (low; bug #555235)
3992 [lenny] - ebug-http <no-dsa> (Minor issue)
3993 - poker-network <removed> (low; bug #555237)
3994 [etch] - poker-network <no-dsa> (minor issue)
3995 - webhelpers 0.3.4-2 (low; bug #555239)
3996 - qwik <unfixed> (low; bug #555240)
3997 [etch] - qwik <no-dsa> (minor issue)
3998 [lenny] - qwik <no-dsa> (minor issue)
3999 - wordpress 2.5.0-2 (low; bug #555242)
4000 [etch] - wordpress <not-affected> (prototype.js not present)
4001 - exaile 0.2.14+debian-2.2 (low; bug #555244)
4002 [lenny] - exaile <no-dsa> (minor issue)
4003 - hobix 0.5~svn20070319-4 (low; bug #555246)
4004 [lenny] - hobix <no-dsa> (minor issue)
4005 - pixelpost 1.7.1-6 (low; bug #555248)
4006 [lenny] - pixelpost <no-dsa> (minor issue)
4007 - symfony 1.0.21-1.1 (low; bug #555250)
4008 [lenny] - symfony <no-dsa> (minor issue)
4009 - jscropperui 1.2.1-1 (low; bug #555255)
4010 [lenny] - jscropperui <no-dsa> (minor issue)
4011 - rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package; bug #555258)
4012 - scriptaculous 1.8.3-1 (low; bug #555259)
4013 [lenny] - scriptaculous <no-dsa> (Minor issue)
4014 - activeldap 1.0.9-1 (unimportant; bug #555263)
4015 NOTE: Only shipped in an example
4016 - mantis 1.1.8+dfsg-3 (low; bug #555264)
4017 [lenny] - mantis <no-dsa> (minor issue)
4018 - otrs2 2.3.4-6 (low; bug #555266)
4019 [etch] - otrs2 <not-affected> (prototype.js not present)
4020 [lenny] - otrs2 <not-affected> (prototype.js not present)
4021 - webcalendar <unfixed> (low; bug #555268)
4022 [lenny] - webcalendar <not-affected> (prototype.js not present)
4023 - libhtml-prototype-perl 1.48-3 (low; bug #558977)
4024 [etch] - libhtml-prototype-perl <no-dsa> (minor issue)
4025 [lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
4026 - plone3 <unfixed> (low; bug #555274)
4027 - wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555266)
4028 - webcit <not-affected> (fixed since initial inclusion)
4029 - zabbix <not-affected> (fixed since initial inclusion)
4030 - chora2 <not-affected> (fixed since initial inclusion)
4031 - gollem <not-affected> (fixed since initial inclusion)
4032 - ingo1 <not-affected> (fixed since initial inclusion)
4033 - kronolith2 <not-affected> (fixed since initial inclusion)
4034 - jifty <not-affected> (fixed since initial inclusion)
4035 - jquery <not-affected> (fixed since initial inclusion)
4036 - passenger <not-affected> (fixed since initial inclusion)
4037 CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 ...)
4038 - kronolith2 2.1.7-1 (unknown)
4039 - nag2 2.1.4-1 (unknown)
4040 - mnemo2 2.1.2-1 (unknown)
4041 CVE-2008-7218 (Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 ...)
4042 {DSA-1897-1}
4043 - horde3 3.1.6-1 (unknown)
4044 - turba2 2.1.7-1 (unknown)
4045 - kronolith2 2.1.7-1 (unknown)
4046 - nag2 2.1.4-1 (unknown)
4047 - mnemo2 2.1.2-1 (unknown)
4048 CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems that ...)
4049 NOT-FOR-US: Microsoft Office
4050 CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in ...)
4051 - xmp 2.6.1-1 (low; bug #546730)
4052 [etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
4053 [lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
4054 CVE-2007-6731 (Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers ...)
4055 - xmp 2.6.1-1 (low; bug #546730)
4056 [etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
4057 [lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
4058 CVE-2009-3182 (Unrestricted file upload vulnerability in ...)
4059 NOT-FOR-US: Anantasoft Gazelle CMS
4060 CVE-2009-3181 (Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows ...)
4061 NOT-FOR-US: Anantasoft Gazelle CMS
4062 CVE-2009-3180 (Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a ...)
4063 NOT-FOR-US: Anantasoft Gazelle CMS
4064 CVE-2009-3179 (Multiple unspecified vulnerabilities in Symantec Altiris Deployment ...)
4065 NOT-FOR-US: Symantec Altiris Deployment Solution
4066 CVE-2009-3178 (Unspecified vulnerability in mm.exe in Symantec Altiris Deployment ...)
4067 NOT-FOR-US: Symantec Altiris Deployment Solution
4068 CVE-2009-3177 (Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown ...)
4069 NOT-FOR-US: Kaspersky Online Scanner
4070 CVE-2009-3176 (Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 ...)
4071 NOT-FOR-US: Novell iPrint Client
4072 CVE-2009-3175 (Multiple SQL injection vulnerabilities in Model Agency Manager PRO ...)
4073 NOT-FOR-US: Model Agency Manager PRO
4074 CVE-2009-3174 (PHP remote file inclusion vulnerability in fonctions_racine.php in ...)
4075 NOT-FOR-US: OBOphiX
4076 CVE-2009-3173 (Unrestricted file upload vulnerability in admin/add_album.php in The ...)
4077 NOT-FOR-US: Rat CMS Alpha
4078 CVE-2009-3172 (Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 ...)
4079 NOT-FOR-US: Hitachi Groupmax Groupware Server
4080 CVE-2009-3171 (Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft ...)
4081 NOT-FOR-US: Anantasoft Gazelle CMS
4082 CVE-2009-3170 (Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) ...)
4083 NOT-FOR-US: AIMP2 Audio Converter
4084 CVE-2009-3169 (Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission ...)
4085 NOT-FOR-US: Hitachi
4086 CVE-2009-3168 (Mevin Productions Basic PHP Events Lister 2.0 does not properly ...)
4087 NOT-FOR-US: Mevin Productions Basic PHP Events Lister
4088 CVE-2009-3167 (Directory traversal vulnerability in index.php in Anantasoft Gazelle ...)
4089 NOT-FOR-US: Anantasoft Gazelle CMS
4090 CVE-2008-7216 (Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio ...)
4091 NOT-FOR-US: Math Anti-Spam Spinoff plugin for WordPress
4092 CVE-2008-7215 (The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and ...)
4093 NOT-FOR-US: MOStlyCE
4094 CVE-2008-7214 (Cross-site request forgery (CSRF) vulnerability in ...)
4095 NOT-FOR-US: MOStlyCE
4096 CVE-2008-7213 (Cross-site scripting (XSS) vulnerability in ...)
4097 NOT-FOR-US: MOStlyCE
4098 CVE-2008-7212 (MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote ...)
4099 NOT-FOR-US: MOStlyCE
4100 CVE-2008-7211 (CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in ...)
4101 NOT-FOR-US: CreativeLabs WDM audio driver
4102 CVE-2008-7210 (directory.php in AJchat 0.10 allows remote attackers to bypass input ...)
4103 NOT-FOR-US: AJchat
4104 CVE-2008-7209 (Unrestricted file upload vulnerability in the add2 action in ...)
4105 NOT-FOR-US: OneCMS
4106 CVE-2008-7208 (Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly ...)
4107 NOT-FOR-US: OneCMS
4108 CVE-2008-7207 (RivetTracker before 1.0 stores passwords in cleartext in config.php, ...)
4109 NOT-FOR-US: RivetTracker
4110 CVE-2008-7206 (Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 ...)
4111 NOT-FOR-US: Electronic Logbook
4112 CVE-2008-7205 (Unspecified vulnerability in the product view functionality in ...)
4113 NOT-FOR-US: VirtueMart
4114 CVE-2008-7204 (Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a ...)
4115 NOT-FOR-US: VirtueMart
4116 CVE-2008-7203 (Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to ...)
4117 NOT-FOR-US: Valve Software Half-Life Counter-Strike
4118 CVE-2009-3232 (pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian ...)
4119 - pam 1.0.1-10 (bug #519927)
4120 [lenny] - pam <not-affected> (pam-auth-update not yet present)
4121 [etch] - pam <not-affected> (pam-auth-update not yet present)
4122 CVE-2009-3229 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...)
4123 {DSA-1900-1}
4124 - postgresql-8.4 8.4.1-1
4125 - postgresql-8.3 8.3.8-1
4126 - postgresql-8.1 <not-affected>
4127 - postgresql-7.4 <not-affected>
4128 CVE-2009-3230 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...)
4129 {DSA-1900-1}
4130 - postgresql-8.4 8.4.1-1
4131 - postgresql-8.3 8.3.8-1
4132 - postgresql-8.1 <removed>
4133 - postgresql-7.4 <removed>
4134 CVE-2009-3231 (The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 ...)
4135 {DSA-1900-1}
4136 - postgresql-8.4 8.4.1-1
4137 - postgresql-8.3 8.3.8-1
4138 - postgresql-8.1 <not-affected>
4139 - postgresql-7.4 <not-affected>
4140 CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun Solaris ...)
4141 NOT-FOR-US: Solaris
4142 CVE-2009-3163 (Multiple format string vulnerabilities in lib/silcclient/command.c in ...)
4143 {DSA-1879-1}
4144 - silc-toolkit 1.1.10-1 (medium)
4145 - silc-client 1.1-2 (medium)
4146 - silc-server 1.1.2-1 (medium)
4147 NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
4148 CVE-2009-3145
4149 RESERVED
4150 CVE-2009-3144
4151 RESERVED
4152 CVE-2009-3143
4153 RESERVED
4154 CVE-2009-3142
4155 RESERVED
4156 CVE-2009-3141
4157 RESERVED
4158 CVE-2009-3140
4159 RESERVED
4160 CVE-2009-3139
4161 RESERVED
4162 CVE-2009-3138
4163 RESERVED
4164 CVE-2009-3137
4165 RESERVED
4166 CVE-2009-3136
4167 RESERVED
4168 CVE-2009-3135 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 ...)
4169 NOT-FOR-US: Microsoft Office
4170 CVE-2009-3134 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...)
4171 NOT-FOR-US: Microsoft Office
4172 CVE-2009-3133 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and ...)
4173 NOT-FOR-US: Microsoft Office
4174 CVE-2009-3132 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...)
4175 NOT-FOR-US: Microsoft Office
4176 CVE-2009-3131 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...)
4177 NOT-FOR-US: Microsoft Office
4178 CVE-2009-3130 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...)
4179 NOT-FOR-US: Microsoft Office
4180 CVE-2009-3129 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...)
4181 NOT-FOR-US: Microsoft Office
4182 CVE-2009-3128 (Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer ...)
4183 NOT-FOR-US: Microsoft Office
4184 CVE-2009-3127 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...)
4185 NOT-FOR-US: Microsoft Office
4186 CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
4187 NOT-FOR-US: Microsoft Internet Explorer
4188 CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows ...)
4189 NOT-FOR-US: Multi Website
4190 CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows ...)
4191 NOT-FOR-US: IBM WebSpHere MQ
4192 CVE-2009-3160 (IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and ...)
4193 NOT-FOR-US: IBM WebSphere MQ
4194 CVE-2009-3159 (Unspecified vulnerability in the rriDecompress function in IBM ...)
4195 NOT-FOR-US: IBM WebSphere MQ
4196 CVE-2009-3158 (admin/files.php in simplePHPWeb 0.2 does not require authentication, ...)
4197 NOT-FOR-US: simplePHPWeb
4198 CVE-2009-3157 (Cross-site scripting (XSS) vulnerability in the Calendar module 6.x ...)
4199 NOT-FOR-US: Calendar module for Drupal
4200 CVE-2009-3156 (Cross-site scripting (XSS) vulnerability in the Date Tools sub-module ...)
4201 NOT-FOR-US: Date module for Drupal
4202 CVE-2009-3155 (Cross-site scripting (XSS) vulnerability in gmap.php in the Almond ...)
4203 NOT-FOR-US: Almond Classifieds component for Joomla!
4204 CVE-2009-3154 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...)
4205 NOT-FOR-US: Almond Classifieds component for Joomla!
4206 CVE-2009-3153 (Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search ...)
4207 NOT-FOR-US: x10 MP3 Search engine
4208 CVE-2009-3152 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
4209 NOT-FOR-US: NTSOFT BBS E-Market Professional
4210 CVE-2009-3151 (Directory traversal vulnerability in actions/downloadFile.php in ...)
4211 NOT-FOR-US: Ultrize TimeSheet
4212 CVE-2009-3150 (SQL injection vulnerability in index.php in Multi Website 1.5 allows ...)
4213 NOT-FOR-US: Multi Website
4214 CVE-2009-3149 (Directory traversal vulnerability in _css/js.php in Elgg 1.5, when ...)
4215 NOT-FOR-US: Elgg
4216 CVE-2009-3148 (Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 ...)
4217 NOT-FOR-US: PortalXP Teacher Edition
4218 CVE-2009-3147 (Cross-site scripting (XSS) vulnerability in showproduct.php in ...)
4219 NOT-FOR-US: ReviewPost Pro
4220 CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php in ...)
4221 NOT-FOR-US: ArticleFriend Script
4222 CVE-2009-3125 (SQL injection vulnerability in the Bug.search WebService function in ...)
4223 - bugzilla <not-affected> (Only 3.3.x and 3.4.x are affected)
4224 TODO: check when 3.3.x or 3.4.x will be uploaded in unstable
4225 CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in QuarkMail ...)
4226 NOT-FOR-US: QuarkMail
4227 CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in Wap-Motor ...)
4228 NOT-FOR-US: Wap-Motor
4229 CVE-2009-3122 (The Ajax Table module 5.x for Drupal does not perform access control, ...)
4230 NOT-FOR-US: Ajax Table module module for Drupal
4231 CVE-2009-3121 (Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x ...)
4232 NOT-FOR-US: Ajax Table module module for Drupal
4233 CVE-2009-3120 (Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE ...)
4234 NOT-FOR-US: BIGACE Web CMS
4235 CVE-2009-3119 (SQL injection vulnerability in screen.php in the Download System mSF ...)
4236 NOT-FOR-US: PHP-Fusion
4237 CVE-2009-3118 (SQL injection vulnerability in mod/poll/comment.php in the vote module ...)
4238 NOT-FOR-US: Danneo CMS
4239 CVE-2009-3117 (SQL injection vulnerability in category.php in Snow Hall Silurus ...)
4240 NOT-FOR-US: Snow Hall Silurus System
4241 CVE-2009-3116 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...)
4242 NOT-FOR-US: Uiga Church Portal
4243 CVE-2009-3115 (SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers ...)
4244 NOT-FOR-US: SolarWinds TFTP Server
4245 CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from ...)
4246 NOT-FOR-US: IBM Lotus Notes
4247 CVE-2009-3113 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...)
4248 NOT-FOR-US: OXID eShop Professional
4249 CVE-2009-3112 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...)
4250 NOT-FOR-US: OXID eShop Professional
4251 CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote ...)
4252 - freeradius 2.0.0-1 (low)
4253 CVE-2008-7202 (Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail ...)
4254 NOT-FOR-US: OpenWebMail
4255 CVE-2008-7201 (Lantronix MSS485-T allows remote attackers to cause a denial of ...)
4256 NOT-FOR-US: Lantronix MSS485-T
4257 CVE-2008-7200 (Double free vulnerability in Deliantra server engine before 2.4 has ...)
4258 NOT-FOR-US: Deliantra server engine
4259 CVE-2008-7199 (Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a ...)
4260 NOT-FOR-US: Phoenix Contact FL IL 24 BK-PAC
4261 CVE-2008-7198 (Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have ...)
4262 NOT-FOR-US: phpns
4263 CVE-2008-7197 (Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have ...)
4264 NOT-FOR-US: G15Daemon
4265 CVE-2008-7196 (Unspecified vulnerability in metashell before 0.03 has unknown impact ...)
4266 NOT-FOR-US: metashell
4267 CVE-2008-7195 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used ...)
4268 NOT-FOR-US: Fujitsu Interstage HTTP Server
4269 CVE-2008-7194 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used ...)
4270 NOT-FOR-US: Fujitsu Interstage HTTP Server
4271 CVE-2008-7193 (PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows ...)
4272 NOT-FOR-US: PHPKIT
4273 CVE-2008-7192 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
4274 NOT-FOR-US: WoltLab Burning Board
4275 CVE-2008-7191 (Unspecified vulnerability in Polipo before 1.0.4 allows remote ...)
4276 - polipo 1.0.4-1 (low)
4277 CVE-2008-7190 (Unspecified vulnerability in Adium before 1.2 has unknown impact and ...)
4278 NOT-FOR-US: Adium
4279 CVE-2008-7189 (Multiple unspecified vulnerabilities in Local Media Browser before 0.1 ...)
4280 NOT-FOR-US: Local Media Browser
4281 CVE-2008-7188 (ClipShare 2.6 does not properly restrict access to certain ...)
4282 NOT-FOR-US: ClipShare
4283 CVE-2008-7187 (Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to ...)
4284 NOT-FOR-US: Coppermine Photo Gallery
4285 CVE-2008-7186 (Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to ...)
4286 NOT-FOR-US: Coppermine Photo Gallery
4287 CVE-2007-6730 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
4288 NOT-FOR-US: ZyXEL P-330W
4289 CVE-2007-6729 (Cross-site scripting (XSS) vulnerability in the web management ...)
4290 NOT-FOR-US: ZyXEL P-330W
4291 CVE-2009-3110 (Race condition in the file transfer functionality in Symantec Altiris ...)
4292 NOT-FOR-US: Symantec Altiris Deployment Solution
4293 CVE-2009-3109 (Unspecified vulnerability in the AClient agent in Symantec Altiris ...)
4294 NOT-FOR-US: Symantec Altiris Deployment Solution
4295 CVE-2009-3108 (The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before ...)
4296 NOT-FOR-US: Symantec Altiris Deployment Solution
4297 CVE-2009-3107 (Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 ...)
4298 NOT-FOR-US: Symantec Altiris Deployment Solution
4299 CVE-2009-3106 (The Servlet Engine/Web Container component in IBM WebSphere ...)
4300 NOT-FOR-US: IBM WebSphere Application Server
4301 CVE-2009-3105 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka ...)
4302 NOT-FOR-US: IBM Lotus iNotes
4303 CVE-2009-3104 (Unspecified vulnerability in Symantec Norton AntiVirus 2005 through ...)
4304 NOT-FOR-US: Symantec Norton AntiVirus
4305 CVE-2009-3103 (Array index error in the SMBv2 protocol implementation in srv2.sys in ...)
4306 NOT-FOR-US: Microsoft
4307 CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery ...)
4308 NOT-FOR-US: Zmanda Recovery Manager
4309 CVE-2009-3101 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and ...)
4310 - xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this)
4311 CVE-2009-3100 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, ...)
4312 - xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this)
4313 CVE-2009-3099 (Unspecified vulnerability in HP OpenView Operations Manager 8.1 on ...)
4314 NOT-FOR-US: HP OpenView Operations Manager
4315 CVE-2009-3098 (Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 ...)
4316 NOT-FOR-US: HP Operations Dashboard
4317 CVE-2009-3097 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on ...)
4318 NOT-FOR-US: HP Performance Insight
4319 CVE-2009-3096 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 ...)
4320 NOT-FOR-US: HP Performance Insight
4321 CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote ...)
4322 {DSA-1934-1}
4323 - apache2 2.2.13-2 (low; bug #545951)
4324 [etch] - apache2 <no-dsa> (minor issue)
4325 [lenny] - apache2 <no-dsa> (minor issue)
4326 TODO: scheduled for 5.0.4: [lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
4327 NOTE: The attacker needs to have valid credentials for the FTP server, which
4328 NOTE: makes this irrelevant in most cases.
4329 TODO: check
4330 TODO: Disclosure has little information, verify that it is really fixed when
4331 TODO: more info is disclosed.
4332 NOTE: based on a VulnDisco commercial 0day
4333 CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the ...)
4334 {DSA-1934-1}
4335 - apache2 2.2.13-2 (low; bug #545951)
4336 [etch] - apache2 <no-dsa> (minor issue)
4337 [lenny] - apache2 <no-dsa> (minor issue)
4338 TODO: scheduled for 5.0.4: [lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
4339 CVE-2009-3093 (Unspecified vulnerability on the ASUS WL-500W wireless router has ...)
4340 NOT-FOR-US: ASUS WL-500W
4341 CVE-2009-3092 (Buffer overflow on the ASUS WL-500W wireless router has unknown impact ...)
4342 NOT-FOR-US: ASUS WL-500W
4343 CVE-2009-3091 (Unspecified vulnerability on the ASUS WL-330gE has unknown impact and ...)
4344 NOT-FOR-US: ASUS WL-330gE
4345 CVE-2009-3090 (Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on ...)
4346 NOT-FOR-US: IBM Tivoli Directory Server
4347 CVE-2009-3089 (IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause ...)
4348 NOT-FOR-US: IBM Tivoli Directory Server
4349 CVE-2009-3088 (Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server ...)
4350 NOT-FOR-US: IBM Tivoli Directory Server
4351 CVE-2009-3087 (Unspecified vulnerability in nserver.exe in the server in IBM Lotus ...)
4352 NOT-FOR-US: IBM Lotus Domino
4353 CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x ...)
4354 - rails 2.2.3-1 (low; bug #545063)
4355 [etch] - rails <no-dsa> (Minor issue)
4356 [lenny] - rails <no-dsa> (Minor issue)
4357 CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not ...)
4358 - pidgin 2.6.2-1 (low)
4359 [lenny] - pidgin <no-dsa> (Minor issue)
4360 CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c ...)
4361 - pidgin 2.6.2-1 (low)
4362 [lenny] - pidgin <no-dsa> (Minor issue)
4363 CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the ...)
4364 - pidgin 2.6.2-1 (low)
4365 [lenny] - pidgin <no-dsa> (Minor issue)
4366 CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...)
4367 - rhythmbox <unfixed> (unimportant)
4368 NOTE: No practical security impact
4369 CVE-2008-7184 (Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet ...)
4370 NOT-FOR-US: Diigo Toolbar and Diigolet
4371 CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA CMS ...)
4372 NOT-FOR-US: EVA CMS
4373 CVE-2009-XXXX [viewvc: XSS and illegal characters while printing name-value pairs]
4374 - viewvc 1.0.9-1 (low; bug #545779)
4375 NOTE: CVE id has been requested, fixed in 1.1.2
4376 CVE-2009-3082 (SQL injection vulnerability in wcategory.php in Snow Hall Silurus ...)
4377 NOT-FOR-US: Snow Hall Silurus System
4378 CVE-2009-3081 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...)
4379 NOT-FOR-US: Uiga Church Portal
4380 CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x ...)
4381 {DSA-1886-1}
4382 - iceweasel 3.0.14-1
4383 [etch] - iceweasel <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
4384 CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and ...)
4385 {DSA-1885-1}
4386 - xulrunner 1.9.0.14-1
4387 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
4388 CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not ...)
4389 {DSA-1885-1}
4390 - xulrunner 1.9.0.14-1
4391 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
4392 CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement certain ...)
4393 {DSA-1885-1}
4394 - xulrunner 1.9.0.14-1
4395 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
4396 NOTE: Huh?
4397 CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
4398 {DSA-1885-1}
4399 - xulrunner 1.9.0.14-1
4400 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
4401 CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox ...)
4402 {DSA-1885-1}
4403 - xulrunner 1.9.0.14-1
4404 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
4405 CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox ...)
4406 - xulrunner <not-affected> (Only affects Firefox 3.5.x)
4407 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
4408 [etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
4409 CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
4410 {DSA-1885-1}
4411 - xulrunner 1.9.0.14-1
4412 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
4413 CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
4414 {DSA-1885-1}
4415 - xulrunner 1.9.0.14-1
4416 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
4417 CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
4418 {DSA-1885-1}
4419 - xulrunner 1.9.0.14-1
4420 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
4421 CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
4422 - xulrunner <not-affected> (Only affects Firefox 3.5.x)
4423 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
4424 [etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
4425 CVE-2008-7182 (Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and ...)
4426 NOT-FOR-US: Surgemail
4427 CVE-2008-7181 (Butterfly Organizer 2.0.0 allows remote attackers to (1) delete ...)
4428 NOT-FOR-US: Butterfly Organizer
4429 CVE-2008-7180 (del_query1.php in Telephone Directory 2008 allows remote attackers to ...)
4430 NOT-FOR-US: Telephone Directory
4431 CVE-2008-7179 (OTManager CMS 2.4 allows remote attackers to bypass authentication and ...)
4432 NOT-FOR-US: OTManager
4433 CVE-2008-7178 (Directory traversal vulnerability in Uploader module 1.1 for XOOPS ...)
4434 NOT-FOR-US: XOOPS
4435 CVE-2008-7177 (Buffer overflow in the listing module in Netwide Assembler (NASM) ...)
4436 - nasm 2.03.01-1 (low)
4437 CVE-2008-7176 (Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow ...)
4438 NOT-FOR-US: Facil CMS
4439 CVE-2008-7175 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in ...)
4440 NOT-FOR-US: NextGEN Gallery third party plugin for wordpress
4441 CVE-2008-7174 (Multiple buffer overflows in the Jura Internet Connection Kit for the ...)
4442 NOT-FOR-US: Jura Impressa
4443 CVE-2008-7173 (The Jura Internet Connection Kit for the Jura Impressa F90 coffee ...)
4444 NOT-FOR-US: Jura Impressa
4445 CVE-2008-7172 (Lightweight news portal (LNP) 1.0b does not properly restrict access ...)
4446 NOT-FOR-US: Lightweight news portal
4447 CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweight ...)
4448 NOT-FOR-US: Lightweight news portal
4449 CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce ...)
4450 NOT-FOR-US: GSC build
4451 CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...)
4452 NOT-FOR-US: Joomla
4453 CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ...)
4454 NOT-FOR-US: ActiveX
4455 CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page Manager ...)
4456 NOT-FOR-US: Page Manager
4457 CVE-2009-3068 (Unrestricted file upload vulnerability in the RoboHelpServer Servlet ...)
4458 NOT-FOR-US: Adobe RoboHelp Server
4459 CVE-2009-3067 (Cross-site scripting (XSS) vulnerability in index.php in Reservation ...)
4460 NOT-FOR-US: Reservation Manager
4461 CVE-2009-3066 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
4462 NOT-FOR-US: PropertyWatchScript.com Property Watch
4463 CVE-2009-3065 (PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in ...)
4464 NOT-FOR-US: Ve-EDIT
4465 CVE-2009-3064 (Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT ...)
4466 NOT-FOR-US: Ve-EDIT
4467 CVE-2009-3063 (SQL injection vulnerability in the Game Server (com_gameserver) ...)
4468 NOT-FOR-US: Joomla!
4469 CVE-2009-3062 (SQL injection vulnerability in message_box.php in OSI Codes PHP Live! ...)
4470 NOT-FOR-US: OSI Codes PHP Live!
4471 CVE-2009-3061 (SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 ...)
4472 NOT-FOR-US: Alqatari Q R Script
4473 CVE-2009-3060 (Multiple cross-site scripting (XSS) vulnerabilities in Joker Board ...)
4474 NOT-FOR-US: Joker Board
4475 CVE-2009-3059 (Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 ...)
4476 NOT-FOR-US: Joker Board
4477 CVE-2009-3058 (Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers ...)
4478 NOT-FOR-US: akPlayer
4479 CVE-2009-3057 (Multiple cross-site scripting (XSS) vulnerabilities in AOM Software ...)
4480 NOT-FOR-US: AOM Software Beex
4481 CVE-2009-3056 (PHP remote file inclusion vulnerability in ...)
4482 NOT-FOR-US: KingCMS
4483 CVE-2009-3055 (PHP remote file inclusion vulnerability in engine/api/api.class.php in ...)
4484 NOT-FOR-US: DataLife Engine
4485 CVE-2009-3054 (SQL injection vulnerability in the Artetics.com Art Portal ...)
4486 NOT-FOR-US: Joomla!
4487 CVE-2009-3053 (Directory traversal vulnerability in the Agora (com_agora) component ...)
4488 NOT-FOR-US: Joomla!
4489 CVE-2009-3052 (SQL injection vulnerability in root/includes/prime_quick_style.php in ...)
4490 NOT-FOR-US: Prime Quick Style addon
4491 CVE-2008-7166 (Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) ...)
4492 NOT-FOR-US: web interface in BitTorrent 6.0.1 (build 7859)
4493 CVE-2008-7165 (Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the ...)
4494 NOT-FOR-US: TELECOM ITALIA Alice Gate2 Plus Wi-Fi
4495 CVE-2008-7164 (Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have ...)
4496 NOT-FOR-US: Shareaza
4497 CVE-2008-7163 (Directory traversal vulnerability in mods/Integrated/index.php in ...)
4498 NOT-FOR-US: SineCMS
4499 CVE-2008-7162 (Buffer overflow in Hero Super Player 3000 allows remote attackers to ...)
4500 NOT-FOR-US: Hero Super Player
4501 CVE-2008-7161 (Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 ...)
4502 NOT-FOR-US: Fortinet FortiGuard Fortinet
4503 CVE-2008-7159 (The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in ...)
4504 {DSA-1879-1}
4505 [lenny] - silc-toolkit 1.1.7-2+lenny1
4506 - silc-toolkit 1.1.10-1 (low)
4507 - silc-client 1.1-2 (low)
4508 - silc-server <not-affected> (Vulnerable code not present)
4509 NOTE: silc-client uses libsilc from silc-toolkit since 1.1-2
4510 CVE-2009-3051 (Multiple format string vulnerabilities in ...)
4511 {DSA-1879-1}
4512 - silc-toolkit 1.1.10-1 (medium)
4513 - silc-client 1.1-2 (medium)
4514 - silc-server 1.1.2-1 (medium)
4515 NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
4516 CVE-2008-7160 (The silc_http_server_parse function in lib/silchttp/silchttpserver.c ...)
4517 {DSA-1879-1}
4518 - silc-toolkit 1.1.10-1 (low)
4519 - silc-client <not-affected> (Vulnerable code not present)
4520 - silc-server 1.1.2-1 (low)
4521 NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
4522 CVE-2009-3050 (Buffer overflow in the set_page_size function in util.cxx in HTMLDOC ...)
4523 - htmldoc 1.8.27-4.1 (low; bug #537637)
4524 [etch] - htmldoc <no-dsa> (Minor issue)
4525 [lenny] - htmldoc <no-dsa> (Minor issue)
4526 CVE-2009-3049 (Opera before 10.00 does not properly display all characters in ...)
4527 NOT-FOR-US: Opera
4528 CVE-2009-3048 (Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly ...)
4529 NOT-FOR-US: Opera
4530 CVE-2009-3047 (Opera before 10.00, when a collapsed address bar is used, does not ...)
4531 NOT-FOR-US: Opera
4532 CVE-2009-3046 (Opera before 10.00 does not check all intermediate X.509 certificates ...)
4533 NOT-FOR-US: Opera
4534 CVE-2009-3045 (Opera before 10.00 trusts root X.509 certificates signed with the MD2 ...)
4535 NOT-FOR-US: Opera
4536 CVE-2009-3044 (Opera before 10.00 does not properly handle a (1) '\0' character or ...)
4537 NOT-FOR-US: Opera
4538 CVE-2009-3043 (The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux ...)
4539 - linux-2.6 2.6.31-1 (medium)
4540 [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
4541 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
4542 - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
4543 CVE-2008-7158 (Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows ...)
4544 NOT-FOR-US: Numara FootPrints
4545 CVE-2008-7157 (Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier ...)
4546 NOT-FOR-US: EkinBoard
4547 CVE-2008-7156 (EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows ...)
4548 NOT-FOR-US: EkinBoard
4549 CVE-2008-7155 (NetRisk 1.9.7 does not properly restrict access to ...)
4550 NOT-FOR-US: NetRisk
4551 CVE-2008-7154 (Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive ...)
4552 NOT-FOR-US: Docebo
4553 CVE-2008-7153 (SQL injection vulnerability in the autoDetectRegion function in ...)
4554 NOT-FOR-US: Docebo
4555 CVE-2009-3039
4556 RESERVED
4557 CVE-2009-3038 (A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research ...)
4558 NOT-FOR-US: ActiveX
4559 CVE-2009-3037 (Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka ...)
4560 NOT-FOR-US: Autonomy KeyView XLS viewer
4561 CVE-2008-7152 (Multiple PHP remote file inclusion vulnerabilities in Specimen Image ...)
4562 NOT-FOR-US: Specimen Image Database
4563 CVE-2008-7151 (Cross-site request forgery (CSRF) vulnerability in Live 5.x before ...)
4564 NOT-FOR-US: Live third-party Drupal module
4565 CVE-2008-7150 (Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x ...)
4566 NOT-FOR-US: Refine by Taxonomy
4567 CVE-2008-7149 (Unspecified vulnerability in AgileWiki before 0.10.1 has unknown ...)
4568 NOT-FOR-US: AgileWiki
4569 CVE-2008-7148 (Unspecified vulnerability in Synfig Animation Studio before 0.61.08 ...)
4570 NOT-FOR-US: Synfig Animation Studio
4571 CVE-2008-7147 (Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn ...)
4572 NOT-FOR-US: IntraLearn Software IntraLearn
4573 CVE-2008-7146 (IntraLearn Software IntraLearn 2.1, and possibly other versions before ...)
4574 NOT-FOR-US: IntraLearn Software IntraLearn
4575 CVE-2008-7145 (Multiple SQL injection vulnerabilities in index.php in CoronaMatrix ...)
4576 NOT-FOR-US: CoronaMatrix phpAddressBook
4577 CVE-2008-7144 (Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have ...)
4578 NOT-FOR-US: RARLAB WinRAR
4579 CVE-2008-7143 (phpBB 2.0.23 includes the session ID in a request to modcp.php when ...)
4580 - phpbb2 <removed>
4581 CVE-2008-7142 (Absolute path traversal vulnerability in the Disk Usage module ...)
4582 NOT-FOR-US: cPanel
4583 CVE-2008-7141 (Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 ...)
4584 NOT-FOR-US: @lex Poll
4585 CVE-2008-7140 (Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook ...)
4586 NOT-FOR-US: @lex Guestbook
4587 CVE-2008-7139 (Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy ...)
4588 NOT-FOR-US: Eye-Fi
4589 CVE-2008-7138 (The Manager in Eye-Fi 1.1.2 generates predictable snonce values based ...)
4590 NOT-FOR-US: Eye-Fi
4591 CVE-2008-7137 (WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of ...)
4592 NOT-FOR-US: Eye-Fi
4593 CVE-2008-7136 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers ...)
4594 NOT-FOR-US: ICQ Toolbar
4595 CVE-2008-7135 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers ...)
4596 NOT-FOR-US: ICQ Toolbar
4597 CVE-2008-7134 (Multiple cross-site scripting (XSS) vulnerabilities in the default URI ...)
4598 NOT-FOR-US: Chris LaPointe RedGalaxy Download Center
4599 CVE-2008-7133 (Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org ...)
4600 NOT-FOR-US: onlinetools.org EasyImageCatalogue
4601 CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan ...)
4602 NOT-FOR-US: Nuked-Klan
4603 CVE-2009-3036
4604 RESERVED
4605 CVE-2009-3035
4606 RESERVED
4607 CVE-2009-3034
4608 RESERVED
4609 CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS Console ...)
4610 NOT-FOR-US: ActiveX
4611 CVE-2009-3032
4612 RESERVED
4613 CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the ...)
4614 NOT-FOR-US: Symantec Altiris Notification Server
4615 CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...)
4616 NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
4617 CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec ...)
4618 NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
4619 CVE-2009-3028
4620 RESERVED
4621 CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection ...)
4622 NOT-FOR-US: Symantec Backup Exec Continuous Protection Server
4623 CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to ...)
4624 - pidgin 2.6.1-1 (low)
4625 [lenny] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
4626 [etch] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
4627 CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking ...)
4628 - libio-socket-ssl-perl 1.30-1
4629 [lenny] - libio-socket-ssl-perl 1.16-1+lenny1
4630 [etch] - libio-socket-ssl-perl <not-affected> (Affected functionality introduced in 1.14)
4631 CVE-2009-3023 (Buffer overflow in the FTP Service in Microsoft Internet Information ...)
4632 NOT-FOR-US: Microsoft IIS
4633 CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and ...)
4634 NOT-FOR-US: bingo!CMS
4635 CVE-2009-3021 (Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' ...)
4636 NOT-FOR-US: Site Calendar 'mycaljp' plugin
4637 CVE-2009-3020 (win32k.sys in Microsoft Windows Server 2003 SP2 allows remote ...)
4638 NOT-FOR-US: Microsoft Windows Server
4639 CVE-2009-3019 (Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet ...)
4640 NOT-FOR-US: Microsoft Internet Explorer
4641 CVE-2009-3018 (Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block ...)
4642 NOT-FOR-US: Maxthon Browser
4643 CVE-2009-3017 (Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh ...)
4644 NOT-FOR-US: Orca Browser
4645 CVE-2009-3016 (Apple Safari 4.0.3 does not properly block javascript: and data: URIs ...)
4646 NOT-FOR-US: Apple Safari
4647 CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...)
4648 NOTE: This is a web site issue (open redirector), not a browser problem.
4649 CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
4650 NOTE: This is a web site issue (open redirector), not a browser problem.
4651 - iceweasel <unfixed> (unimportant)
4652 CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...)
4653 NOT-FOR-US: Opera
4654 CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre ...)
4655 NOTE: This is a web site issue (open redirector), not a browser problem.
4656 CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...)
4657 - chromium-browser <itp> (bug #520324; unimportant)
4658 NOTE: This is a web site issue (open redirector), not a browser problem.
4659 CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
4660 NOTE: This is a web site issue (open redirector), not a browser problem.
4661 - iceweasel <unfixed> (unimportant)
4662 CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before ...)
4663 {DSA-1887-1}
4664 - rails 2.2.3-1 (low; bug #545063)
4665 [etch] - rails <no-dsa> (Unsupported)
4666 CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...)
4667 NOT-FOR-US: K-Meleon
4668 CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow ...)
4669 {DSA-1922-1}
4670 - xulrunner 1.9.1.3-3 (low)
4671 - iceape 2.0-1 (low)
4672 [lenny] - iceape <not-affected> (Iceape from Lenny only provides NSS libs)
4673 - webkit <not-affected> (proof-of-concept did not work)
4674 CVE-2009-3006 (Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the ...)
4675 NOT-FOR-US: Maxthon Browser
4676 CVE-2009-3005 (Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address ...)
4677 NOT-FOR-US: Lunascape
4678 CVE-2009-3004 (Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof ...)
4679 NOT-FOR-US: Avant Browser
4680 CVE-2009-3003 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
4681 NOT-FOR-US: Microsoft Internet Explorer
4682 CVE-2009-3002 (The Linux kernel before 2.6.31-rc7 does not initialize certain data ...)
4683 {DSA-1929-1 DSA-1928-1 DSA-1915-1}
4684 - linux-2.6 2.6.30-7 (low)
4685 - linux-2.6.24 <removed>
4686 NOTE: minor info leaks
4687 CVE-2009-3001 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel ...)
4688 {DSA-1929-1 DSA-1928-1 DSA-1915-1}
4689 - linux-2.6 2.6.30-7 (low)
4690 - linux-2.6.24 <removed>
4691 NOTE: minor info leak
4692 CVE-2009-3000 (The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris ...)
4693 NOT-FOR-US: Sun Solaris
4694 CVE-2008-7131 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier ...)
4695 NOT-FOR-US: DB2 Monitoring Console
4696 CVE-2008-7130 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier ...)
4697 NOT-FOR-US: DB2 Monitoring Console
4698 CVE-2008-7129 (XySSL before 0.9 allows remote attackers to cause a denial of service ...)
4699 - xyssl 0.9-1
4700 - polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
4701 - pdkim <itp> (bug #543150)
4702 NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
4703 CVE-2008-7128 (The ssl_parse_client_key_exchange function in XySSL before 0.9 does ...)
4704 - xyssl 0.9-1
4705 - polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
4706 - pdkim <itp> (bug #543150)
4707 NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
4708 CVE-2008-7127 (osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and ...)
4709 NOT-FOR-US: Borland VisiBroker Smart Agent
4710 CVE-2008-7126 (Integer overflow in osagent.exe in Borland VisiBroker Smart Agent ...)
4711 NOT-FOR-US: Borland VisiBroker Smart Agent
4712 CVE-2008-7125 (pphoto in Ariadne before 2.6 allows remote authenticated users with ...)
4713 NOT-FOR-US: Ariadne
4714 CVE-2008-7124 (zKup CMS 2.0 through 2.3 does not require administrative ...)
4715 NOT-FOR-US: zKup CMS
4716 CVE-2008-7123 (Static code injection vulnerability in ...)
4717 NOT-FOR-US: zKup CMS
4718 CVE-2008-7122 (Multiple insecure method vulnerabilities in an ActiveX control in ...)
4719 NOT-FOR-US: ActiveX
4720 CVE-2008-7121 (Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links ...)
4721 NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
4722 CVE-2008-7120 (SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and ...)
4723 NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
4724 CVE-2008-7119 (SQL injection vulnerability in item.php in WeBid auction script 0.5.4 ...)
4725 NOT-FOR-US: WeBid auction script
4726 CVE-2008-7118 (WeBid auction script 0.5.4 stores sensitive information under the web ...)
4727 NOT-FOR-US: WeBid auction script
4728 CVE-2008-7117 (eledicss.php in WeBid auction script 0.5.4 allows remote attackers to ...)
4729 NOT-FOR-US: WeBid auction script
4730 CVE-2008-7116 (SQL injection vulnerability in the admin panel (admin/) in WeBid ...)
4731 NOT-FOR-US: WeBid auction script
4732 CVE-2008-7115 (The web interface to the Belkin Wireless G router and ADSL2 modem ...)
4733 NOT-FOR-US: Belkin Wireless G
4734 CVE-2008-7114 (SQL injection vulnerability in members_search.php in iFusion Services ...)
4735 NOT-FOR-US: iFusion Services
4736 CVE-2008-7113 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...)
4737 NOT-FOR-US: Kyocera Mita
4738 CVE-2008-7112 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...)
4739 NOT-FOR-US: Kyocera Mita
4740 CVE-2008-7111 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...)
4741 NOT-FOR-US: Kyocera Mita
4742 CVE-2008-7110 (Directory traversal vulnerability in the Scanner File Utility (aka ...)
4743 NOT-FOR-US: Kyocera Mita
4744 CVE-2008-7109 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...)
4745 NOT-FOR-US: Kyocera Mita
4746 CVE-2008-7108 (Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart ...)
4747 NOT-FOR-US: Carmosa phpCart
4748 CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to ...)
4749 NOT-FOR-US: ESET Smart Security
4750 CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote ...)
4751 NOT-FOR-US: Android
4752 CVE-2009-XXXX [serveez: buffer overflow in header parser]
4753 - serveez <removed> (low)
4754 [lenny] - serveez <no-dsa> (Fringe package, mostly unused)
4755 TODO: next point release [lenny] - serveez 0.1.5-2.1+lenny1
4756 [etch] - serveez <no-dsa> (Fringe package, mostly unused)
4757 TODO: next point release [etch] - serveez 0.1.5-2+etch1
4758 CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
4759 NOT-FOR-US: Adobe
4760 CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...)
4761 NOT-FOR-US: Adobe
4762 CVE-2009-2996 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
4763 NOT-FOR-US: Adobe
4764 CVE-2009-2995 (Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, ...)
4765 NOT-FOR-US: Adobe
4766 CVE-2009-2994 (Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...)
4767 NOT-FOR-US: Adobe
4768 CVE-2009-2993 (The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before ...)
4769 NOT-FOR-US: Adobe
4770 CVE-2009-2992 (An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before ...)
4771 NOT-FOR-US: Adobe
4772 CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and ...)
4773 NOT-FOR-US: Adobe
4774 CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x ...)
4775 NOT-FOR-US: Adobe
4776 CVE-2009-2989 (Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, ...)
4777 NOT-FOR-US: Adobe
4778 CVE-2009-2988 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
4779 NOT-FOR-US: Adobe
4780 CVE-2009-2987 (Unspecified vulnerability in an ActiveX control in Adobe Reader and ...)
4781 NOT-FOR-US: Adobe
4782 CVE-2009-2986 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x ...)
4783 NOT-FOR-US: Adobe
4784 CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
4785 NOT-FOR-US: Adobe
4786 CVE-2009-2984 (Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x ...)
4787 NOT-FOR-US: Adobe
4788 CVE-2009-2983 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...)
4789 NOT-FOR-US: Adobe
4790 CVE-2009-2982 (An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, ...)
4791 NOT-FOR-US: Adobe
4792 CVE-2009-2981 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
4793 NOT-FOR-US: Adobe
4794 CVE-2009-2980 (Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...)
4795 NOT-FOR-US: Adobe
4796 CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...)
4797 NOT-FOR-US: Adobe
4798 CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...)
4799 NOT-FOR-US: SugarCRM
4800 CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
4801 NOT-FOR-US: Cisco
4802 CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents ...)
4803 NOT-FOR-US: Cisco
4804 CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly ...)
4805 - xulrunner <not-affected> (unimportant)
4806 NOTE: browser crashes not treated as security issues
4807 NOTE: not reproducible, probably only Firefox in Windows XP is affected
4808 CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote ...)
4809 - chromium-browser <itp> (bug #520324)
4810 CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a ...)
4811 - chromium-browser <itp> (bug #520324)
4812 CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote ...)
4813 NOT-FOR-US: Sun Solaris
4814 CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange 3.0 ...)
4815 NOT-FOR-US: Microsoft Exchange
4816 CVE-2008-7105 (Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows ...)
4817 NOT-FOR-US: Sophos PureMessage for Microsoft Exchange
4818 CVE-2008-7104 (Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for ...)
4819 NOT-FOR-US: Sophos PureMessage Scanner service
4820 CVE-2008-7103 (Stack-based buffer overflow in an ActiveX control in ...)
4821 NOT-FOR-US: Toolbar 2.0.4.1
4822 CVE-2008-7102 (DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx ...)
4823 NOT-FOR-US: DotNetNuke
4824 CVE-2008-7101 (Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 ...)
4825 NOT-FOR-US: DotNetNuke
4826 CVE-2008-7100 (Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows ...)
4827 NOT-FOR-US: DotNetNuke
4828 CVE-2008-7099 (Unspecified vulnerability in the Manage Templates feature in Qsoft ...)
4829 NOT-FOR-US: Qsoft K-Rate Premium
4830 CVE-2008-7098 (Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate ...)
4831 NOT-FOR-US: Qsoft K-Rate Premium
4832 CVE-2008-7097 (Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow ...)
4833 NOT-FOR-US: Qsoft K-Rate Premium
4834 CVE-2008-7096 (Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, ...)
4835 NOT-FOR-US: Intel Desktop and Intel Mobile Boards
4836 CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does ...)
4837 NOT-FOR-US: ArubaOS
4838 CVE-2009-2971
4839 RESERVED
4840 CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an ...)
4841 NOT-FOR-US: UiTV UiPlayer
4842 CVE-2009-2969
4843 RESERVED
4844 CVE-2009-2968 (Directory traversal vulnerability in a support component in the web ...)
4845 NOT-FOR-US: VMware Studio
4846 CVE-2009-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 ...)
4847 - buildbot 0.7.11p3-1
4848 [lenny] - buildbot <no-dsa> (Minor issue)
4849 [etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected)
4850 CVE-2008-7094 (Campaign/CampaignListener in the listener server in Unica Affinium ...)
4851 NOT-FOR-US: Affinium Campaign
4852 CVE-2008-7093 (Multiple directory traversal vulnerabilities in Unica Affinium ...)
4853 NOT-FOR-US: Affinium Campaign
4854 CVE-2008-7092 (Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium ...)
4855 NOT-FOR-US: Affinium Campaign
4856 CVE-2008-7091 (Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow ...)
4857 NOT-FOR-US: Pligg
4858 CVE-2008-7090 (Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier ...)
4859 NOT-FOR-US: Pligg
4860 CVE-2008-7089 (Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier ...)
4861 NOT-FOR-US: Pligg
4862 CVE-2008-7088 (Unrestricted file upload vulnerability in upload.php in PhotoPost ...)
4863 NOT-FOR-US: PhotoPost vBGallery
4864 CVE-2008-7087 (PHP remote file inclusion vulnerability in search_wA.php in OpenPro ...)
4865 NOT-FOR-US: OpenPro
4866 CVE-2008-7086 (Maian Greetings 2.1 allows remote attackers to bypass authentication ...)
4867 NOT-FOR-US: Maian Greetings
4868 CVE-2008-7085 (Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS ...)
4869 NOT-FOR-US: TheHockeyStop HockeySTATS Online
4870 CVE-2008-7084 (Directory traversal vulnerability in the web server 1.0 in Velocity ...)
4871 NOT-FOR-US: Velocity Security Management System
4872 CVE-2009-2966 (avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus ...)
4873 NOT-FOR-US: Kaspersky Internet Security
4874 CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in ...)
4875 NOT-FOR-US: Radvision Scopia
4876 CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
4877 - squirrelmail 2:1.4.20~rc2-1 (low; bug #543818)
4878 CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar Uninstaller ...)
4879 NOT-FOR-US: Toolbar Uninstaller
4880 CVE-2009-2961 (Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows ...)
4881 NOT-FOR-US: Thaddy de Konng KOL Player
4882 CVE-2009-2960 (CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to ...)
4883 NOT-FOR-US: CuteFlow
4884 CVE-2009-2959 (Cross-site scripting (XSS) vulnerability in the waterfall web status ...)
4885 - buildbot 0.7.11p3-1 (low; bug #543822)
4886 [lenny] - buildbot <no-dsa> (Minor issue)
4887 [etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected)
4888 CVE-2009-2958 (The tftp_request function in tftp.c in dnsmasq before 2.50, when ...)
4889 {DSA-1876-1}
4890 - dnsmasq 2.50-1
4891 [etch] - dnsmasq <not-affected>
4892 CVE-2009-2957 (Heap-based buffer overflow in the tftp_request function in tftp.c in ...)
4893 {DSA-1876-1}
4894 - dnsmasq 2.50-1
4895 [etch] - dnsmasq <not-affected>
4896 CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere ...)
4897 NOT-FOR-US: IBM WebSphere
4898 CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...)
4899 - chromium-browser <itp> (bug #520324)
4900 CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...)
4901 NOT-FOR-US: Microsoft
4902 CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...)
4903 - xulrunner <unfixed> (unimportant; bug #557753)
4904 - webkit <unfixed> (unimportant; bug #557752)
4905 - qt4-x11 <undetermined> (unimportant; bug #561760)
4906 [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
4907 [lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
4908 - kdelibs <undetermined> (unimportant; bug #561765)
4909 - kde4libs <undetermined> (unimportant; bug #561762)
4910 NOTE: browser denial-of-services are considered unimportant
4911 CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun Solaris ...)
4912 NOT-FOR-US: Sun Solaris
4913 CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for password ...)
4914 NOT-FOR-US: Phenotype CMS
4915 CVE-2008-7083 (Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter ...)
4916 NOT-FOR-US: ReVou Micro Blogging Twitter clone
4917 CVE-2008-7082 (MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key ...)
4918 NOT-FOR-US: MyBB (aka MyBulletinBoard)
4919 CVE-2008-7081 (userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 ...)
4920 NOT-FOR-US: RaidSonic ICY BOX NAS firmware
4921 CVE-2008-7080 (Team PHP PHP Classifieds Script stores sensitive information under the ...)
4922 NOT-FOR-US: Team PHP PHP Classifieds Script
4923 CVE-2008-7079 (Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to ...)
4924 NOT-FOR-US: Nero ShowTime
4925 CVE-2008-7078 (Multiple buffer overflows in Rumpus before 6.0.1 allow remote ...)
4926 NOT-FOR-US: Rumpus
4927 CVE-2008-7077 (Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow ...)
4928 NOT-FOR-US: SailPlanner
4929 CVE-2008-7076 (Unrestricted file upload vulnerability in user.modify.profile.php in ...)
4930 NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
4931 CVE-2008-7075 (Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star ...)
4932 NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
4933 CVE-2008-7074 (Format string vulnerability in MemeCode Software i.Scribe 1.88 through ...)
4934 NOT-FOR-US: MemeCode Software i.Scribe
4935 CVE-2008-7073 (PHP remote file inclusion vulnerability in lib/action/rss.php in RSS ...)
4936 NOT-FOR-US: RSS module 0.1 for Pie Web M{a,e}sher
4937 CVE-2008-7072 (Cross-site scripting (XSS) vulnerability in index.php in Chipmunk ...)
4938 NOT-FOR-US: Chipmunk Topsites
4939 CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk Topsites ...)
4940 NOT-FOR-US: Chipmunk Topsites
4941 CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc 3.4.2 ...)
4942 - kvirc <unfixed>
4943 TODO: check
4944 CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...)
4945 NOT-FOR-US: All Club CMS (ACCMS)
4946 CVE-2008-7067 (PHP remote file inclusion vulnerability in ...)
4947 NOT-FOR-US: PageTree CMS
4948 CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication ...)
4949 NOT-FOR-US: OpenForum
4950 CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers to ...)
4951 NOT-FOR-US: Siemens C450 IP and C475 IP VoIP devices
4952 CVE-2008-7064 (Directory traversal vulnerability in the get_lang function in ...)
4953 NOT-FOR-US: Quicksilver Forums
4954 CVE-2008-7063 (Ocean12 FAQ Manager Pro stores sensitive data under the web root with ...)
4955 NOT-FOR-US: Ocean12 FAQ Manager Pro
4956 CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in Download ...)
4957 NOT-FOR-US: Download Manager module 1.0 for LoveCMS
4958 CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome ...)
4959 - chromium-browser <itp> (bug #520324)
4960 CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 ...)
4961 NOT-FOR-US: One-News
4962 CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2 allows ...)
4963 NOT-FOR-US: One-News
4964 CVE-2008-7058 (Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 ...)
4965 NOT-FOR-US: BandSite CMS
4966 CVE-2008-7057 (Cross-site scripting (XSS) vulnerability in merchandise.php in ...)
4967 NOT-FOR-US: BandSite CMS
4968 CVE-2008-7056 (BandSite CMS 1.1.4 does not perform access control for ...)
4969 NOT-FOR-US: BandSite CMS
4970 CVE-2008-7055 (module.php in ezContents 2.0.3 allows remote attackers to bypass the ...)
4971 NOT-FOR-US: ezContents
4972 CVE-2008-7054 (Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow ...)
4973 NOT-FOR-US: ezContents
4974 CVE-2008-7053 (LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows ...)
4975 NOT-FOR-US: LogMeIn
4976 CVE-2009-2950
4977 RESERVED
4978 CVE-2009-2949
4979 RESERVED
4980 CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before ...)
4981 {DSA-1908-1}
4982 - samba 2:3.4.2-1 (medium; bug #550423)
4983 CVE-2009-2947 (Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 ...)
4984 {DSA-1882-1}
4985 - xapian-omega 1.0.15-2
4986 CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in ...)
4987 {DSA-1878-2 DSA-1878-1}
4988 - devscripts 2.10.54
4989 CVE-2009-2945 (weblogin/login.fcgi (aka the WebLogin login script) in Stanford ...)
4990 - webauth 3.6.2-1 (low)
4991 [lenny] - webauth <no-dsa> (Minor issue, maintainer prepares update for spu)
4992 [etch] - webauth <not-affected> (Vulnerable code not present)
4993 CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in ikiwiki ...)
4994 {DSA-1875-1}
4995 - ikiwiki 3.1415926
4996 CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL ...)
4997 {DSA-1909-1}
4998 - postgresql-ocaml 1.12.1-1 (low)
4999 CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the ...)
5000 {DSA-1910-1}
5001 - mysql-ocaml 1.0.4-7 (low)
5002 CVE-2009-2941 [pgtcl: missing escape function]
5003 RESERVED
5004 - pgtcl <unfixed> (low)
5005 CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly support ...)
5006 {DSA-1911-1}
5007 - pygresql 1:4.0-1 (low)
5008 CVE-2009-2939 (The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix ...)
5009 - postfix 2.6.5-3 (low)
5010 [lenny] - postfix <no-dsa> (Minor issue)
5011 [etch] - postfix <no-dsa> (Minor issue)
5012 CVE-2009-2938
5013 RESERVED
5014 CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet ...)
5015 - planet <removed> (low; bug #546178)
5016 [lenny] - planet <no-dsa> (Minor issue)
5017 [etch] - planet <no-dsa> (Minor issue)
5018 - planet-venus 0~bzr116-1 (low; bug #546179)
5019 [lenny] - planet-venus <no-dsa> (Minor issue)
5020 TODO: next point update [lenny] - planet-venus 0~bzr95-2+lenny1
5021 [etch] - planet-venus <no-dsa> (Minor issue)
5022 CVE-2009-2936
5023 RESERVED
5024 CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...)
5025 - chromium-browser <itp> (bug #520324)
5026 CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...)
5027 NOT-FOR-US: Programmed Integration PIPL
5028 CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...)
5029 NOT-FOR-US: Piwigo
5030 CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process in the ...)
5031 NOT-FOR-US: SAP NetWeaver
5032 CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro Director ...)
5033 NOT-FOR-US: SlideShowPro Director
5034 CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature in elka ...)
5035 NOT-FOR-US: elka CMS (aka Elkapax)
5036 CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management 0.x ...)
5037 NOT-FOR-US: TGS Content Management
5038 CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS Content ...)
5039 NOT-FOR-US: TGS Content Management
5040 CVE-2009-2927 (SQL injection vulnerability in DetailFile.php in DigitalSpinners DS ...)
5041 NOT-FOR-US: DigitalSpinners DS CMS
5042 CVE-2009-2926 (Multiple SQL injection vulnerabilities in PHP Competition System BETA ...)
5043 NOT-FOR-US: PHP Competition System BETA
5044 CVE-2008-7052 (Unrestricted file upload vulnerability in profile.php in Pre Projects ...)
5045 NOT-FOR-US: Pre Projects Pre Real Estate Listings
5046 CVE-2008-7051 (AJ Square AJ Article allows remote attackers to bypass authentication ...)
5047 NOT-FOR-US: AJ Square AJ Article
5048 CVE-2008-7050 (The password_check function in auth/auth_phpbb3.php in WoW Raid ...)
5049 NOT-FOR-US: WoW Raid Manager
5050 CVE-2008-7049 (Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 ...)
5051 NOT-FOR-US: NatterChat
5052 CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 ...)
5053 NOT-FOR-US: NatterChat
5054 CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication and ...)
5055 NOT-FOR-US: NatterChat
5056 CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers to ...)
5057 NOT-FOR-US: AJ Square Free Polling Script
5058 CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows remote ...)
5059 NOT-FOR-US: AJ Square Free Polling Script
5060 CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ Square ...)
5061 NOT-FOR-US: AJ Square Free Polling Script
5062 CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in ...)
5063 NOT-FOR-US: FreshScripts Fresh Email Script
5064 CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in FreshScripts ...)
5065 NOT-FOR-US: FreshScripts Fresh Email Script
5066 CVE-2008-7041 (AJ Classifieds allows remote attackers to bypass authentication and ...)
5067 NOT-FOR-US: AJ Classifieds
5068 CVE-2008-7040 (SQL injection vulnerability in ahah/sf-profile.php in the Yellow ...)
5069 NOT-FOR-US: Yellow Swordfish Simple Forum module for Wordpress
5070 CVE-2008-7039 (Cross-site scripting (XSS) vulnerability in admin/comments.php in ...)
5071 NOT-FOR-US: Gelato CMS
5072 CVE-2008-7038 (SQL injection vulnerability in the My_eGallery module for PHP-Nuke ...)
5073 NOT-FOR-US: My_eGallery module for PHP-Nuke
5074 CVE-2008-7037 (The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for ...)
5075 NOT-FOR-US: ITN News Gadget
5076 CVE-2008-7036 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
5077 NOT-FOR-US: DevTracker module 3.0 for bcoos
5078 CVE-2008-7035 (Cross-site scripting (XSS) vulnerability in an unspecified component ...)
5079 NOT-FOR-US: Simple Machines phpRaider
5080 CVE-2008-7034 (PHP remote file inclusion vulnerability in ...)
5081 NOT-FOR-US: PHPEcho CMS
5082 CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
5083 NOT-FOR-US: component for Joomla!
5084 CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF) vulnerability ...)
5085 NOT-FOR-US: web management console in F5 BIG-IP
5086 CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC ...)
5087 NOT-FOR-US: Foxit Remote Access Server (aka WAC Server)
5088 CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web ...)
5089 NOT-FOR-US: Site2Nite Real Estate Web
5090 CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG ...)
5091 NOT-FOR-US: AlilG Application AliBoard
5092 CVE-2008-7028 (RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass ...)
5093 NOT-FOR-US: RPG.Board
5094 CVE-2008-7027 (Libra File Manager 1.18 and earlier allows remote attackers to bypass ...)
5095 NOT-FOR-US: Libra File Manager
5096 CVE-2008-7026 (Unrestricted file upload vulnerability in filesystem3.class.php in ...)
5097 NOT-FOR-US: eFront
5098 CVE-2008-7025 (TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe ...)
5099 NOT-FOR-US: Check Point ZoneAlarm
5100 CVE-2008-7024 (admin.php in Arz Development The Gemini Portal 4.7 and earlier allows ...)
5101 NOT-FOR-US: Arz Development The Gemini Portal
5102 CVE-2008-7023 (Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other ...)
5103 NOT-FOR-US: ArubaOS
5104 CVE-2008-7022 (Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat ...)
5105 NOT-FOR-US: Chilkat Software IMAP ActiveX control
5106 CVE-2008-7021 (Unrestricted file upload vulnerability in editlogo.php in AvailScript ...)
5107 NOT-FOR-US: AvailScript Jobs Portal Script
5108 CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores ...)
5109 NOT-FOR-US: McAfee SafeBoot Device Encryption
5110 CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass ...)
5111 NOT-FOR-US: Esqlanelapse
5112 CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar ...)
5113 NOT-FOR-US: NashTech Easy PHP Calendar
5114 CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in CAcert ...)
5115 NOT-FOR-US: CAcert
5116 CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple ...)
5117 NOT-FOR-US: tnftpd
5118 CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ...)
5119 NOT-FOR-US: TikiWiki
5120 CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly ...)
5121 - pidgin 2.6.1-1 (low; bug #542891)
5122 [lenny] - pidgin 2.4.3-4lenny4
5123 NOTE: gaim nof affected, it never claimed to support TLS/SSL
5124 NOTE: http://developer.pidgin.im/ticket/8131
5125 NOTE: http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279
5126 CVE-2009-2962
5127 REJECTED
5128 CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in DJCalendar ...)
5129 NOT-FOR-US: DJCalendar
5130 CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 ...)
5131 NOT-FOR-US: Videos Broadcast Yourself 2
5132 CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance ...)
5133 NOT-FOR-US: BitmixSoft PHP-Lance
5134 CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in Pixaria ...)
5135 NOT-FOR-US: Pixaria Gallery
5136 CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP ...)
5137 NOT-FOR-US: MOC Designs PHP News
5138 CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 ...)
5139 NOT-FOR-US: Elvin
5140 CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 ...)
5141 NOT-FOR-US: Boonex Orca
5142 CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows ...)
5143 NOT-FOR-US: TheGreenBow IPSec VPN Client
5144 CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote ...)
5145 NOT-FOR-US: ImTOO MPEG Encoder
5146 CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in logs.dll in ...)
5147 NOT-FOR-US: 2K Games Vietcong
5148 CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery ...)
5149 NOT-FOR-US: 2FLY Gift Delivery System
5150 CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...)
5151 NOT-FOR-US: XZero Community Classified
5152 CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...)
5153 NOT-FOR-US: XZero Community Classified
5154 CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through ...)
5155 NOT-FOR-US: Sun Solaris
5156 CVE-2009-2911 (SystemTap 1.0, when the --unprivileged option is used, does not ...)
5157 - systemtap 1.0-2 (bug #551918)
5158 [lenny] - systemtap <not-affected> (Affected functionality only added in 1.0)
5159 CVE-2009-2910 (arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the ...)
5160 {DSA-1928-1 DSA-1915-1}
5161 - linux-2.6 2.6.31-1 (medium)
5162 - linux-2.6.24 <unfixed> (medium)
5163 CVE-2009-2909 (Integer signedness error in the ax25_setsockopt function in ...)
5164 {DSA-1929-1 DSA-1928-1 DSA-1915-1}
5165 - linux-2.6 2.6.31-1 (medium)
5166 - linux-2.6.24 <removed> (medium)
5167 CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux ...)
5168 {DSA-1928-1 DSA-1915-1}
5169 - linux-2.6 2.6.31-1 (medium)
5170 [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
5171 - linux-2.6.24 <removed> (medium)
5172 CVE-2009-2907
5173 RESERVED
5174 CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, ...)
5175 {DSA-1908-1}
5176 - samba 2:3.4.2-1 (low; bug #550423)
5177 CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and ...)
5178 {DSA-1894-1}
5179 - newt 0.52.10-4.1 (medium; bug #548198)
5180 CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature in ...)
5181 - openssh <not-affected> (issue with homechroot patch specific to Red Hat)
5182 CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x ...)
5183 {DSA-1928-1 DSA-1915-1}
5184 - linux-2.6 2.6.31-1 (low)
5185 - linux-2.6.24 <removed> (low)
5186 CVE-2009-2902
5187 RESERVED
5188 CVE-2009-2901
5189 RESERVED
5190 CVE-2009-2900
5191 RESERVED
5192 CVE-2009-2899
5193 RESERVED
5194 CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in ...)
5195 NOT-FOR-US: SpringSource Hyperic HQ
5196 CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
5197 NOT-FOR-US: SpringSource Hyperic HQ
5198 CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote ...)
5199 NOT-FOR-US: KMPlayer: http://www.kmplayer.com
5200 CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate ...)
5201 NOT-FOR-US: Ultimate Regnow Affiliate
5202 CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
5203 NOT-FOR-US: Ebay Clone 2009
5204 CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
5205 NOT-FOR-US: XZero Community Classifieds
5206 CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in Scripteen Free ...)
5207 NOT-FOR-US: Scripteen Free Image Hosting Script
5208 CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now Riddles ...)
5209 NOT-FOR-US: PHP Scripts Now Riddles
5210 CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts ...)
5211 NOT-FOR-US: PHP Scripts Now Riddles
5212 CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts ...)
5213 NOT-FOR-US: PHP Scripts Now Riddles
5214 CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now Hangman ...)
5215 NOT-FOR-US: PHP Scripts Now Hangman
5216 CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
5217 NOT-FOR-US: PHP Scripts Now President Bios
5218 CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now President ...)
5219 NOT-FOR-US: PHP Scripts Now President
5220 CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now World's ...)
5221 NOT-FOR-US: PHP Scripts Now World's
5222 CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
5223 NOT-FOR-US: PHP Scripts Now World's Tallest Buildings
5224 CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, ...)
5225 NOT-FOR-US: SaphpLesson
5226 CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking ...)
5227 NOT-FOR-US: PG MatchMaking
5228 CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote ...)
5229 NOT-FOR-US: Basilic
5230 CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in ...)
5231 - backuppc 3.1.0-8 (low; bug #542218)
5232 [etch] - backuppc <not-affected> (No configuration GUI)
5233 [lenny] - backuppc <no-dsa> (Requires access)
5234 TODO: next point release: [lenny] - backuppc 3.1.0-4lenny2
5235 CVE-2009-XXXX [burn: Insecure escaping of file names]
5236 - burn 0.4.5-1 (low; bug #542329)
5237 [lenny] - burn 0.4.3-2.1+lenny1
5238 [etch] - burn <no-dsa> (Minor issue)
5239 CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x ...)
5240 NOT-FOR-US: Cisco WebEx WRF Player
5241 CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
5242 NOT-FOR-US: Cisco WebEx WRF Player
5243 CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
5244 NOT-FOR-US: Cisco WebEx WRF Player
5245 CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF ...)
5246 NOT-FOR-US: Cisco WebEx WRF Player
5247 CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
5248 NOT-FOR-US: Cisco WebEx WRF Player
5249 CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x ...)
5250 NOT-FOR-US: Cisco WebEx WRF Player
5251 CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before ...)
5252 NOT-FOR-US: Cisco Unified Presence
5253 CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...)
5254 NOT-FOR-US: Cisco IOS
5255 CVE-2009-2872 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...)
5256 NOT-FOR-US: Cisco IOS
5257 CVE-2009-2871 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN ...)
5258 NOT-FOR-US: Cisco IOS
5259 CVE-2009-2870 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the ...)
5260 NOT-FOR-US: Cisco IOS
5261 CVE-2009-2869 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, ...)
5262 NOT-FOR-US: Cisco IOS
5263 CVE-2009-2868 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when ...)
5264 NOT-FOR-US: Cisco IOS
5265 CVE-2009-2867 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, ...)
5266 NOT-FOR-US: Cisco IOS
5267 CVE-2009-2866 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote ...)
5268 NOT-FOR-US: Cisco IOS
5269 CVE-2009-2865 (Buffer overflow in the login implementation in the Extension Mobility ...)
5270 NOT-FOR-US: Cisco IOS
5271 CVE-2009-2864 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
5272 NOT-FOR-US: Cisco
5273 CVE-2009-2863 (Race condition in the Firewall Authentication Proxy feature in Cisco ...)
5274 NOT-FOR-US: Cisco IOS
5275 CVE-2009-2862 (The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS ...)
5276 NOT-FOR-US: Cisco
5277 CVE-2009-2861 (The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet ...)
5278 NOT-FOR-US: Cisco
5279 CVE-2009-2860 (Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows ...)
5280 NOT-FOR-US: db2jds in IBM DB2
5281 CVE-2009-2859 (IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access ...)
5282 NOT-FOR-US: IBM DB2
5283 CVE-2009-2858 (Memory leak in the Security component in IBM DB2 8.1 before FP18 on ...)
5284 NOT-FOR-US: IBM DB2
5285 CVE-2009-2857 (The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before ...)
5286 NOT-FOR-US: kernel in Sun Solaris
5287 CVE-2009-2856 (Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding ...)
5288 NOT-FOR-US: Sun Virtual Desktop Infrastructure
5289 CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 ...)
5290 - squid 2.7.STABLE7-1 (low; bug #534982)
5291 - squid3 3.0.STABLE19-1
5292 CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain ...)
5293 {DSA-1871-2 DSA-1871-1}
5294 - wordpress 2.8.3-1
5295 CVE-2009-2853 (Wordpress before 2.8.3 allows remote attackers to gain privileges via ...)
5296 {DSA-1871-2 DSA-1871-1}
5297 - wordpress 2.8.3-1
5298 CVE-2009-2852 (WP-Syntax plugin 0.9.1 and earlier for Wordpress, with ...)
5299 NOT-FOR-US: WP-Syntax plugin
5300 CVE-2009-2851 (Cross-site scripting (XSS) vulnerability in the administrator ...)
5301 {DSA-1871-2 DSA-1871-1}
5302 - wordpress 2.8.3-1 (low)
5303 CVE-2009-2850 (Multiple buffer overflows in NASA Common Data Format (CDF) allow ...)
5304 NOT-FOR-US: NASA Common Data Format
5305 CVE-2009-2845
5306 REJECTED
5307 CVE-2008-7015 (Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel ...)
5308 NOT-FOR-US: Unreal Tournament
5309 CVE-2008-7014 (fhttpd 0.4.2 allows remote attackers to cause a denial of service ...)
5310 NOT-FOR-US: fhttpd
5311 CVE-2008-7013 (NetService.dll in Baidu Hi IM allows remote servers to cause a denial ...)
5312 NOT-FOR-US: Baidu Hi IM
5313 CVE-2008-7012 (courier/1000@/api_error_email.html (aka &quot;error reporting page&quot;) in ...)
5314 NOT-FOR-US: Accellion File Transfer Appliance
5315 CVE-2008-7011 (The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal ...)
5316 NOT-FOR-US: Unreal Tournament
5317 CVE-2008-7010 (Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers ...)
5318 NOT-FOR-US: Skalfa Software SkaLinks Exchange Script
5319 CVE-2008-7009 (Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security ...)
5320 NOT-FOR-US: Check Point ZoneAlarm Security Suite
5321 CVE-2008-7008 (HyperStop Web Host Directory 1.2 allows remote attackers to bypass ...)
5322 NOT-FOR-US: HyperStop Web Host Directory
5323 CVE-2008-7007 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass ...)
5324 NOT-FOR-US: Free PHP VX Guestbook
5325 CVE-2008-7006 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass ...)
5326 NOT-FOR-US: Free PHP VX Guestbook
5327 CVE-2008-7005 (include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) ...)
5328 NOT-FOR-US: Minb Is Not a Blog
5329 CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown ...)
5330 NOT-FOR-US: Electronic Logbook
5331 CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 ...)
5332 {DSA-1928-1 DSA-1872-1}
5333 - linux-2.6 2.6.30-4 (medium)
5334 - linux-2.6.24 <removed>
5335 [lenny] - linux-2.6 2.6.26-19 (medium)
5336 CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and ...)
5337 {DSA-1928-1 DSA-1872-1}
5338 - linux-2.6 2.6.30-7 (low)
5339 - linux-2.6.24 <removed>
5340 [lenny] - linux-2.6 2.6.26-19 (low)
5341 CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 ...)
5342 {DSA-1928-1 DSA-1872-1}
5343 - linux-2.6 2.6.30-6 (low)
5344 - linux-2.6.24 <removed>
5345 [lenny] - linux-2.6 2.6.26-19 (low)
5346 CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component ...)
5347 {DSA-1928-1 DSA-1872-1}
5348 - linux-2.6 2.6.30-6 (low)
5349 - linux-2.6.24 <removed>
5350 [lenny] - linux-2.6 2.6.26-19 (low)
5351 CVE-2009-2844 (cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and ...)
5352 - linux-2.6 2.6.30-7 (medium)
5353 [etch] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
5354 [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
5355 - linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30)
5356 CVE-2009-2843 (Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 ...)
5357 NOT-FOR-US: Mac OS X
5358 CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain (1) Open ...)
5359 NOT-FOR-US: Apple Safari
5360 CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform the ...)
5361 - webkit <undetermined> (medium; bug #559759)
5362 - qt4-x11 <undetermined> (bug #561760)
5363 [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
5364 [lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
5365 - kdelibs <undetermined> (bug #561765)
5366 - kde4libs <undetermined> (bug #561762)
5367 CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary ...)
5368 NOT-FOR-US: Apple Mac OS X
5369 CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to ...)
5370 NOT-FOR-US: Apple Mac OS X
5371 CVE-2009-2838 (Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote ...)
5372 NOT-FOR-US: Apple Mac OS X
5373 CVE-2009-2837 (Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X ...)
5374 NOT-FOR-US: Apple Mac OS X
5375 CVE-2009-2836 (Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, ...)
5376 NOT-FOR-US: Apple Mac OS X
5377 CVE-2009-2835 (The kernel in Apple Mac OS X before 10.6.2 does not properly handle ...)
5378 NOT-FOR-US: Apple Mac OS X
5379 CVE-2009-2834 (IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the ...)
5380 NOT-FOR-US: Apple Mac OS X
5381 CVE-2009-2833 (Buffer overflow in the UCCompareTextDefault API in International ...)
5382 NOT-FOR-US: Apple Mac OS X
5383 CVE-2009-2832 (Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows ...)
5384 NOT-FOR-US: Apple Mac OS X
5385 CVE-2009-2831 (Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create ...)
5386 NOT-FOR-US: Apple Mac OS X
5387 CVE-2009-2830 (Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple ...)
5388 - file 5.03-1
5389 [lenny] - file <not-affected>
5390 [etch] - file <not-affected>
5391 CVE-2009-2829 (Event Monitor in Apple Mac OS X 10.5.8 does not properly handle ...)
5392 NOT-FOR-US: Apple Mac OS X
5393 CVE-2009-2828 (The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote ...)
5394 NOT-FOR-US: Apple Mac OS X
5395 CVE-2009-2827 (Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 ...)
5396 NOT-FOR-US: Apple Mac OS X
5397 CVE-2009-2826 (Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 ...)
5398 NOT-FOR-US: Apple Mac OS X
5399 CVE-2009-2825 (Certificate Assistant in Apple Mac OS X before 10.6.2 does not ...)
5400 NOT-FOR-US: Apple Mac OS X
5401 CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
5402 NOT-FOR-US: Apple Mac OS X
5403 CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the ...)
5404 NOT-FOR-US: Apple Mac OS X
5405 CVE-2009-2822
5406 RESERVED
5407 CVE-2009-2821
5408 RESERVED
5409 CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS X ...)
5410 {DSA-1933-1}
5411 - cups 1.4.2-1 (low; bug #555666)
5412 - cupsys <removed>
5413 CVE-2009-2819 (AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to ...)
5414 NOT-FOR-US: Apple Mac OS X
5415 CVE-2009-2818 (Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly ...)
5416 NOT-FOR-US: Apple Mac OS X
5417 CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers ...)
5418 NOT-FOR-US: Apple iTunes
5419 CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...)
5420 - webkit <unfixed> (medium; bug #559759)
5421 [lenny] - webkit <not-affected> (vulnerable code not present)
5422 CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not ...)
5423 NOT-FOR-US: Apple iPhone OS
5424 CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple ...)
5425 NOT-FOR-US: Apple Mac OS X
5426 CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and ...)
5427 {DSA-1908-1}
5428 - samba 2:3.4.2-1 (unimportant; bug #550422)
5429 NOTE: requires an administrator to manually configure a user account without
5430 NOTE: a home dir, otherwise, this is ineffective
5431 CVE-2009-2812 (Launch Services in Apple Mac OS X 10.5.8 does not properly recognize ...)
5432 NOT-FOR-US: Apple Mac OS X
5433 CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple Mac OS ...)
5434 NOT-FOR-US: Apple Mac OS X
5435 CVE-2009-2810 (Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively ...)
5436 NOT-FOR-US: Apple Mac OS X
5437 CVE-2009-2809 (ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers ...)
5438 NOT-FOR-US: ImageIO in Apple Mac OS X
5439 CVE-2009-2808 (Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS ...)
5440 NOT-FOR-US: Apple Mac OS X
5441 CVE-2009-2807 (Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS ...)
5442 - cupsys <not-affected> (issue in darwin-specific code; bug #550150)
5443 - cups <not-affected> (issue in darwin-specific code; bug #550150)
5444 CVE-2009-2806
5445 RESERVED
5446 CVE-2009-2805 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 ...)
5447 NOT-FOR-US: CoreGraphics in Apple Mac OS X
5448 CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, ...)
5449 NOT-FOR-US: Apple Mac OS X
5450 CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to ...)
5451 NOT-FOR-US: Apple Mac OS X
5452 CVE-2009-2802
5453 RESERVED
5454 CVE-2009-2801
5455 RESERVED
5456 CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 ...)
5457 NOT-FOR-US: Apple Mac OS X
5458 CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...)
5459 NOT-FOR-US: Apple QuickTime
5460 CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...)
5461 NOT-FOR-US: Apple QuickTime
5462 CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and ...)
5463 - webkit <unfixed> (medium; bug #559759)
5464 TODO: someone needs to gain membership to the webkit security list so we can actually check these issues
5465 CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for ...)
5466 NOT-FOR-US: Apple iPhone OS
5467 CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in Apple ...)
5468 NOT-FOR-US: Apple iPhone OS
5469 CVE-2009-2794 (The Exchange Support component in Apple iPhone OS before 3.1, and ...)
5470 NOT-FOR-US: Apple iPhone OS
5471 CVE-2009-2793 (The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms ...)
5472 NOT-FOR-US: NetBSD kernel
5473 CVE-2009-2792 (Directory traversal vulnerability in plugings/pagecontent.php in ...)
5474 NOT-FOR-US: Really Simple CMS
5475 CVE-2009-2791 (PHP remote file inclusion vulnerability in pda_projects.php in ...)
5476 NOT-FOR-US: WebDynamite ProjectButler
5477 CVE-2009-2790 (SQL injection vulnerability in cat_products.php in SoftBiz Dating ...)
5478 NOT-FOR-US: SoftBiz Dating
5479 CVE-2009-2789 (SQL injection vulnerability in the Permis (com_groups) component 1.0 ...)
5480 NOT-FOR-US: com_groups component for Joomla!
5481 CVE-2009-2788 (Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow ...)
5482 NOT-FOR-US: Mobilelib GOLD
5483 CVE-2009-2787 (Directory traversal vulnerability in ...)
5484 NOT-FOR-US: Reputation plugin for PunBB
5485 CVE-2009-2786 (SQL injection vulnerability in reputation.php in the Reputation plugin ...)
5486 NOT-FOR-US: Reputation plugin for PunBB
5487 CVE-2009-2785 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Open ...)
5488 NOT-FOR-US: PHP Open Classifieds Script
5489 CVE-2009-2784 (Multiple directory traversal vulnerabilities in dit.cms 1.3, when ...)
5490 NOT-FOR-US: dit.cms
5491 CVE-2009-2783 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 ...)
5492 NOT-FOR-US: XOOPS
5493 CVE-2009-2782 (SQL injection vulnerability in the JFusion (com_jfusion) component for ...)
5494 NOT-FOR-US: com_jfusion component for Joomla!
5495 CVE-2009-2781 (SQL injection vulnerability in forum.php in Arab Portal 2.x, when ...)
5496 NOT-FOR-US: Arab Portal
5497 CVE-2009-2780 (Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds ...)
5498 NOT-FOR-US: 68 Classifieds
5499 CVE-2009-2779 (SQL injection vulnerability in index.php in AJ Matrix DNA allows ...)
5500 NOT-FOR-US: AJ Matrix DNA
5501 CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS ...)
5502 NOT-FOR-US: The Rat CMS
5503 CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...)
5504 - php5 (unimportant)
5505 NOTE: safe-mode and basedir violations not treated as security issues
5506 CVE-2008-7001 (Unrestricted file upload vulnerability in the file manager in Creative ...)
5507 NOT-FOR-US: Creative Mind Creator CMS
5508 CVE-2008-7000 (PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 ...)
5509 NOT-FOR-US: phpAuction
5510 CVE-2008-6999 (phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote ...)
5511 NOT-FOR-US: phpAuction
5512 CVE-2008-6998 (Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in ...)
5513 - chromium-browser <itp> (bug #520324)
5514 CVE-2008-6997 (Google Chrome 0.2.149.27 allows user-assisted remote attackers to ...)
5515 - chromium-browser <itp> (bug #520324)
5516 CVE-2008-6996 (Google Chrome BETA (0.2.149.27) does not prompt the user before saving ...)
5517 - chromium-browser <itp> (bug #520324)
5518 CVE-2008-6995 (Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome ...)
5519 - chromium-browser <itp> (bug #520324)
5520 CVE-2008-6994 (Stack-based buffer overflow in the SaveAs feature ...)
5521 - chromium-browser <itp> (bug #520324)
5522 CVE-2008-6993 (Siemens Gigaset WLAN Camera 1.27 has an insecure default password, ...)
5523 NOT-FOR-US: Siemens Gigaset WLAN Camera
5524 CVE-2008-6992 (GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, ...)
5525 NOT-FOR-US: GreenSQL Firewall
5526 CVE-2008-6991 (SQL injection vulnerability in public/page.php in Websens CMSbright ...)
5527 NOT-FOR-US: CMSbright
5528 CVE-2008-6990 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka ...)
5529 NOT-FOR-US: Easy Photo Gallery
5530 CVE-2008-6989 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka ...)
5531 NOT-FOR-US: Easy Photo Gallery
5532 CVE-2008-6988 (Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo ...)
5533 NOT-FOR-US: Easy Photo Gallery
5534 CVE-2008-6987 (Unrestricted file upload vulnerability in eZoneScripts Dating Website ...)
5535 NOT-FOR-US: eZoneScripts Dating Website script
5536 CVE-2008-6986 (SQL injection vulnerability in the actionMultipleAddProduct function ...)
5537 NOT-FOR-US: Zen Cart
5538 CVE-2008-6985 (Multiple SQL injection vulnerabilities in ...)
5539 NOT-FOR-US: Zen Cart
5540 CVE-2008-6984 (Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, ...)
5541 NOT-FOR-US: Plesk
5542 CVE-2008-6983 (modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers ...)
5543 NOT-FOR-US: devalcms
5544 CVE-2008-6982 (Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a ...)
5545 NOT-FOR-US: devalcms
5546 CVE-2008-6981 (index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers ...)
5547 NOT-FOR-US: phpAdultSite CMS
5548 CVE-2008-6980 (SQL injection vulnerability in as_archives.php in phpAdultSite CMS, ...)
5549 NOT-FOR-US: phpAdultSite CMS
5550 CVE-2008-6979 (Cross-site scripting (XSS) vulnerability in as_archives.php in ...)
5551 NOT-FOR-US: phpAdultSite CMS
5552 CVE-2008-6978 (Unrestricted file upload vulnerability in Full Revolution aspWebAlbum ...)
5553 NOT-FOR-US: aspWebAlbum
5554 CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full ...)
5555 NOT-FOR-US: aspWebAlbum
5556 CVE-2008-6976 (MicroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...)
5557 NOT-FOR-US: MicroTik RouterOS
5558 CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in ...)
5559 NOT-FOR-US: GarageSales script
5560 CVE-2009-2777 (SQL injection vulnerability in visitor/view.php in GarageSales Script ...)
5561 NOT-FOR-US: GarageSales Script
5562 CVE-2009-2776 (SQL injection vulnerability in showresult.asp in Smart ASP Survey ...)
5563 NOT-FOR-US: Smart ASP Survey
5564 CVE-2009-2775 (SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP ...)
5565 NOT-FOR-US: PHPArcadeScript
5566 CVE-2009-2774 (SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail ...)
5567 NOT-FOR-US: PHP Paid 4 Mail
5568 CVE-2009-2773 (PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail ...)
5569 NOT-FOR-US: PHP Paid 4 Mail
5570 CVE-2009-2772 (Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate ...)
5571 NOT-FOR-US: PG Roommate Finder Solution
5572 CVE-2009-2771 (Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 ...)
5573 NOT-FOR-US: Free Arcade Script
5574 CVE-2009-2770 (PowerUpload 2.4 allows remote attackers to bypass authentication and ...)
5575 NOT-FOR-US: PowerUpload
5576 CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in ...)
5577 NOT-FOR-US: Ultrize TimeSheet
5578 CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat ...)
5579 - linux-2.6 2.6.30-6 (medium)
5580 [etch] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29)
5581 [lenny] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29)
5582 - linux-2.6.24 <not-affected> (kernel/cred.c introduced in 2.6.29)
5583 CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux ...)
5584 - linux-2.6 2.6.30-6 (medium)
5585 [etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
5586 [lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
5587 - linux-2.6.24 <not-affected> (introduced in 2.6.28)
5588 CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not ...)
5589 NOT-FOR-US: DD-WRT
5590 CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ...)
5591 NOT-FOR-US: DD-WRT
5592 CVE-2009-2764 (Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 ...)
5593 NOT-FOR-US: Microsoft
5594 CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
5595 NOT-FOR-US: DD-WRT
5596 CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
5597 NOT-FOR-US: DD-WRT
5598 CVE-2009-3040 (Multiple SQL injection vulnerabilities in Open Computer and Software ...)
5599 - ocsinventory-server 1.02.1-2 (low; bug #541995)
5600 [lenny] - ocsinventory-server <no-dsa> (Minor issue)
5601 NOTE: Authentication is needed
5602 CVE-2009-3042 (SQL injection vulnerability in machine.php in Open Computer and ...)
5603 - ocsinventory-server 1.02.1-2 (low; bug #541995)
5604 [lenny] - ocsinventory-server <no-dsa> (Minor issue)
5605 NOTE: Authentication is needed
5606 CVE-2009-2763
5607 RESERVED
5608 CVE-2009-XXXX [logrotate race condition could lead to file disclosure]
5609 - logrotate 3.7.8-4 (low)
5610 CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 ...)
5611 NOT-FOR-US: IBM WebSphere
5612 CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before ...)
5613 - icedove 2.0.0.19-1
5614 - iceape 1.1.14-1
5615 CVE-2009-XXXX [XSS in drupal printing module]
5616 - drupal6 <unfixed> (unimportant)
5617 NOTE: you need admin privs in orde to exploit this
5618 NOTE: http://lampsecurity.org/drupal-print-module-vulnerabilities
5619 CVE-2009-2761 (Unquoted Windows search path vulnerability in the scheduler ...)
5620 NOT-FOR-US: Avira AntiVir
5621 CVE-2008-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content ...)
5622 NOT-FOR-US: Drupal Content Construction Kit (third-party module)
5623 CVE-2008-6971 (The password reset functionality in Simple Machines Forum (SMF) 1.0.x ...)
5624 NOT-FOR-US: Simple Machines Forum
5625 CVE-2008-6970 (SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 ...)
5626 NOT-FOR-US: UBB.threads
5627 CVE-2008-6969 (Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in ...)
5628 NOT-FOR-US: Avactis Shopping Cart
5629 CVE-2008-6968 (Multiple SQL injection vulnerabilities in submit.php in Pligg CMS ...)
5630 NOT-FOR-US: Pligg CMS
5631 CVE-2008-6967 (Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon ...)
5632 NOT-FOR-US: Alt-N MDaemon
5633 CVE-2008-6966 (AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does ...)
5634 NOT-FOR-US: AJ Square AJ Auction Pro Platinum Skin #1
5635 CVE-2008-6965 (AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, ...)
5636 NOT-FOR-US: AJ Square AJ Auction OOPD
5637 CVE-2008-6964 (SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows ...)
5638 NOT-FOR-US: X7 Chat
5639 CVE-2008-6963 (admin.php in TurnkeyForms Text Link Sales allows remote attackers to ...)
5640 NOT-FOR-US: TurnkeyForms Text Link Sales
5641 CVE-2008-6962 (Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, ...)
5642 NOT-FOR-US: Avira AntiVir Premium
5643 CVE-2009-2760
5644 RESERVED
5645 CVE-2009-2759
5646 RESERVED
5647 CVE-2009-2758
5648 RESERVED
5649 CVE-2009-2757
5650 RESERVED
5651 CVE-2009-2756
5652 RESERVED
5653 CVE-2009-2755
5654 RESERVED
5655 CVE-2009-2754
5656 RESERVED
5657 CVE-2009-2753
5658 RESERVED
5659 CVE-2009-2752
5660 RESERVED
5661 CVE-2009-2751
5662 RESERVED
5663 CVE-2009-2750
5664 RESERVED
5665 CVE-2009-2749 (Feature Pack for Communications Enabled Applications (CEA) before ...)
5666 NOT-FOR-US: IBM WebSphere Application Server
5667 CVE-2009-2748
5668 RESERVED
5669 CVE-2009-2747
5670 RESERVED
5671 CVE-2009-2746 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
5672 NOT-FOR-US: IBM WebSphere Application Server
5673 CVE-2009-2745
5674 RESERVED
5675 CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
5676 NOT-FOR-US: IBM WebSphere Application Server
5677 CVE-2009-2743 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 ...)
5678 NOT-FOR-US: IBM WebSphere Application Server
5679 CVE-2009-2742 (Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM ...)
5680 NOT-FOR-US: IBM WebSphere Application Server
5681 CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in the test ...)
5682 NOT-FOR-US: IBM WebSphere Business Events
5683 CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention ...)
5684 NOT-FOR-US: CA Host-Based Intrusion Prevention System (HIPS)
5685 CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 ...)
5686 NOT-FOR-US: FreeNAS
5687 CVE-2009-2738 (Cross-site request forgery (CSRF) vulnerability in the WebGUI in ...)
5688 NOT-FOR-US: FreeNAS
5689 CVE-2008-6960 (download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 ...)
5690 NOT-FOR-US: X10media
5691 CVE-2008-6959 (Insecure method vulnerability in the Chilkat Socket ActiveX control ...)
5692 NOT-FOR-US: ActiveX
5693 CVE-2008-6958 (wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote ...)
5694 NOT-FOR-US: Crossday Discuz! Board
5695 CVE-2008-6957 (member.php in Crossday Discuz! Board allows remote attackers to reset ...)
5696 NOT-FOR-US: Crossday Discuz! Board
5697 CVE-2008-6956 (Static code injection vulnerability in admin/admin.php in mxCamArchive ...)
5698 NOT-FOR-US: mxCamArchive
5699 CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web root with ...)
5700 NOT-FOR-US: mxCamArchive
5701 CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote ...)
5702 NOT-FOR-US: Cobbler
5703 CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other ...)
5704 NOT-FOR-US: ooVoo
5705 CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier ...)
5706 NOT-FOR-US: MauryCMS
5707 CVE-2008-6951 (MauryCMS 0.53.2 and earlier does not require administrative ...)
5708 NOT-FOR-US: MauryCMS
5709 CVE-2008-6950 (Multiple SQL injection vulnerabilities in login.asp in Bankoi ...)
5710 NOT-FOR-US: Bankoi WebHosting Control Panel
5711 CVE-2008-6949 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
5712 NOT-FOR-US: Collabtive
5713 CVE-2008-6948 (Unrestricted file upload vulnerability in Collabtive 0.4.8 allows ...)
5714 NOT-FOR-US: Collabtive
5715 CVE-2008-6947 (Collabtive 0.4.8 allows remote attackers to bypass authentication and ...)
5716 NOT-FOR-US: Collabtive
5717 CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in ...)
5718 NOT-FOR-US: Collabtive
5719 CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 ...)
5720 - interchange 5.6.1-1 (low)
5721 CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds ...)
5722 NOT-FOR-US: ScriptsFeed Auto Classifieds
5723 CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing ...)
5724 NOT-FOR-US: ScriptsFeed Recipes Listing Portal
5725 CVE-2008-6942 (Unrestricted file upload vulnerability in ScriptsFeed Realtor ...)
5726 NOT-FOR-US: ScriptsFeed Realtor Classifieds System
5727 CVE-2008-6941 (SQL injection vulnerability in the login functionality in TurnkeyForms ...)
5728 NOT-FOR-US: TurnkeyForms Web Hosting Directory
5729 CVE-2008-6940 (TurnkeyForms Web Hosting Directory stores sensitive information under ...)
5730 NOT-FOR-US: TurnkeyForms Web Hosting Directory
5731 CVE-2008-6939 (TurnkeyForms Web Hosting Directory allows remote attackers to bypass ...)
5732 NOT-FOR-US: TurnkeyForms Web Hosting Directory
5733 CVE-2008-6938 (Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop ...)
5734 NOT-FOR-US: Pi3Web
5735 CVE-2008-6937 (Argument injection vulnerability in Exodus 0.10 allows remote ...)
5736 NOT-FOR-US: Exodus
5737 CVE-2008-6936 (Argument injection vulnerability in Exodus 0.10 allows remote ...)
5738 NOT-FOR-US: Exodus
5739 CVE-2008-6935 (Argument injection vulnerability in Exodus 0.10 allows remote ...)
5740 NOT-FOR-US: Exodus
5741 CVE-2008-6934 (Static code injection vulnerability in Sanus|artificium (aka Sanusart) ...)
5742 NOT-FOR-US: Sanus|artificium (aka Sanusart)
5743 CVE-2008-6933 (Directory traversal vulnerability in index.php in MiniGal b13 (aka ...)
5744 NOT-FOR-US: MiniGal
5745 CVE-2008-6932 (Unrestricted file upload vulnerability in submit_file.php in ...)
5746 NOT-FOR-US: AlstraSoft SendIt Pro
5747 CVE-2008-6931 (Unrestricted file upload vulnerability in PHPStore Job Search (aka ...)
5748 NOT-FOR-US: PHPStore Job Search (aka PHPCareers)
5749 CVE-2008-6930 (Unrestricted file upload vulnerability in PHPStore Real Estate allows ...)
5750 NOT-FOR-US: PHPStore Real Estate
5751 CVE-2008-6929 (Unrestricted file upload vulnerability in PHPStore Auto Classifieds ...)
5752 NOT-FOR-US: PHPStore Auto Classifieds
5753 CVE-2008-6928 (Unrestricted file upload vulnerability in PHPStore Complete ...)
5754 NOT-FOR-US: PHPStore Complete Classifieds
5755 CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2 before ...)
5756 {DSA-1754-1}
5757 - roundup 1.4.4-4+lenny1 (bug #518768)
5758 CVE-2009-2736 (Static code injection vulnerability in admin.php in sun-jester ...)
5759 NOT-FOR-US: OpenNews
5760 CVE-2009-2735 (SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, ...)
5761 NOT-FOR-US: OpenNews
5762 CVE-2009-2734 (SQL injection vulnerability in the get_employee function in ...)
5763 NOT-FOR-US: Achievo
5764 CVE-2009-2733 (Multiple cross-site scripting (XSS) vulnerabilities in Achievo before ...)
5765 NOT-FOR-US: Achievo
5766 CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier ...)
5767 - ntop 3:3.3-12 (low; bug #543312)
5768 [lenny] - ntop <no-dsa> (Minor issue)
5769 [etch] - ntop <no-dsa> (Minor issue)
5770 CVE-2009-2731
5771 RESERVED
5772 CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...)
5773 {DSA-1935-1}
5774 - gnutls26 2.8.3-1 (low; bug #541439)
5775 - gnutls13 <removed>
5776 CVE-2009-2729
5777 RESERVED
5778 CVE-2009-2728
5779 RESERVED
5780 CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath function in ...)
5781 NOT-FOR-US: IBM AIX
5782 CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...)
5783 - asterisk 1:1.6.2.0~dfsg~rc1-1 (bug #541441)
5784 [squeeze] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
5785 [lenny] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
5786 [etch] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
5787 CVE-2009-2725
5788 RESERVED
5789 CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...)
5790 - sun-java5 1.5.0-20-1 (unknown)
5791 [etch] - sun-java5 <no-dsa> (Non-free not supported)
5792 [lenny] - sun-java5 <no-dsa> (Non-free not supported)
5793 NOTE: unknown impact and attack vectors
5794 CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider class in ...)
5795 - sun-java5 1.5.0-20-1 (unknown)
5796 [etch] - sun-java5 <no-dsa> (Non-free not supported)
5797 [lenny] - sun-java5 <no-dsa> (Non-free not supported)
5798 NOTE: unknown impact and attack vectors
5799 CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
5800 - sun-java5 1.5.0-20-1 (unknown)
5801 [etch] - sun-java5 <no-dsa> (Non-free not supported)
5802 [lenny] - sun-java5 <no-dsa> (Non-free not supported)
5803 NOTE: unknown impact and attack vectors
5804 CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
5805 - sun-java5 1.5.0-20-1 (unknown)
5806 [etch] - sun-java5 <no-dsa> (Non-free not supported)
5807 [lenny] - sun-java5 <no-dsa> (Non-free not supported)
5808 NOTE: unknown impact and attack vectors
5809 CVE-2009-2720 (Unspecified vulnerability in the ...)
5810 - sun-java6 6-15-1
5811 [etch] - sun-java6 <no-dsa> (Non-free not supported)
5812 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
5813 - openjdk-6 6b16-1 (medium; bug #560908)
5814 CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...)
5815 - sun-java6 6-15-1
5816 [etch] - sun-java6 <no-dsa> (Non-free not supported)
5817 [lenny] - sun-java6 <no-dsa> (Non-free not supported)
5818 - openjdk-6 6b16-1 (medium; bug #560908)
5819 CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
5820 - sun-java6 6-15-1
5821 [etch] - sun-java6 <no-dsa> (Non-free not supported)
5822