[Secure-testing-commits] r14435 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Apr 7 21:14:50 UTC 2010
Author: joeyh
Date: 2010-04-07 21:14:47 +0000 (Wed, 07 Apr 2010)
New Revision: 14435
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-07 20:00:51 UTC (rev 14434)
+++ data/CVE/list 2010-04-07 21:14:47 UTC (rev 14435)
@@ -1,3 +1,111 @@
+CVE-2010-1298 (Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 ...)
+ TODO: check
+CVE-2010-1297
+ RESERVED
+CVE-2010-1296
+ RESERVED
+CVE-2010-1295
+ RESERVED
+CVE-2010-1294
+ RESERVED
+CVE-2010-1293
+ RESERVED
+CVE-2010-1292
+ RESERVED
+CVE-2010-1291
+ RESERVED
+CVE-2010-1290
+ RESERVED
+CVE-2010-1289
+ RESERVED
+CVE-2010-1288
+ RESERVED
+CVE-2010-1287
+ RESERVED
+CVE-2010-1286
+ RESERVED
+CVE-2010-1285
+ RESERVED
+CVE-2010-1284
+ RESERVED
+CVE-2010-1283
+ RESERVED
+CVE-2010-1282
+ RESERVED
+CVE-2010-1281
+ RESERVED
+CVE-2010-1280
+ RESERVED
+CVE-2010-1279
+ RESERVED
+CVE-2010-1278
+ RESERVED
+CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...)
+ TODO: check
+CVE-2010-1276 (Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 ...)
+ TODO: check
+CVE-2010-1275 (Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 ...)
+ TODO: check
+CVE-2010-1274 (Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 ...)
+ TODO: check
+CVE-2010-1273 (Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form ...)
+ TODO: check
+CVE-2010-1272 (PHP remote file inclusion vulnerability in includes/tgpinc.php in ...)
+ TODO: check
+CVE-2010-1271 (SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows ...)
+ TODO: check
+CVE-2010-1270 (SQL injection vulnerability in auktion.php in Multi Auktions Komplett ...)
+ TODO: check
+CVE-2010-1269 (SQL injection vulnerability in auktion.php in phpscripte24 Niedrig ...)
+ TODO: check
+CVE-2010-1268 (Directory traversal vulnerability in index.php in justVisual CMS 2.0, ...)
+ TODO: check
+CVE-2010-1267 (Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta ...)
+ TODO: check
+CVE-2010-1266 (Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS ...)
+ TODO: check
+CVE-2010-1265 (SQL injection vulnerability in Adam Corley dcsFlashGames ...)
+ TODO: check
+CVE-2010-1264
+ RESERVED
+CVE-2010-1263
+ RESERVED
+CVE-2010-1262
+ RESERVED
+CVE-2010-1261
+ RESERVED
+CVE-2010-1260
+ RESERVED
+CVE-2010-1259
+ RESERVED
+CVE-2010-1258
+ RESERVED
+CVE-2010-1257
+ RESERVED
+CVE-2010-1256
+ RESERVED
+CVE-2010-1255
+ RESERVED
+CVE-2010-1254
+ RESERVED
+CVE-2010-1253
+ RESERVED
+CVE-2010-1252
+ RESERVED
+CVE-2010-1251
+ RESERVED
+CVE-2010-1250
+ RESERVED
+CVE-2010-1249
+ RESERVED
+CVE-2010-1248
+ RESERVED
+CVE-2010-1247
+ RESERVED
+CVE-2010-1246
+ RESERVED
+CVE-2010-1245
+ RESERVED
CVE-2010-XXXX [tcpdf code execution via tcpdf tag]
- moodle <undetermined>
- phpmyadmin <undetermined>
@@ -279,15 +387,13 @@
RESERVED
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (vulnerable code not yet present)
-CVE-2010-1147 [opendchub]
- RESERVED
+CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC ...)
- opendchub <unfixed> (bug #576308)
CVE-2010-1146
RESERVED
CVE-2010-1145
RESERVED
-CVE-2010-0751 [libnids null pointer dereference]
- RESERVED
+CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as used in ...)
- libnids <unfixed> (low; bug #576281)
[lenny] - libnids <no-dsa> (Minor issue)
NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor
@@ -460,24 +566,18 @@
NOT-FOR-US: phpMySite
CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 ...)
NOT-FOR-US: PHP Trouble Ticket
-CVE-2010-1088 [linux-2.6: nfs denial-of-service]
- RESERVED
+CVE-2010-1088 (fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always ...)
- linux-2.6 2.6.32-10
-CVE-2010-1087 [linux-2.6: nfs oops when truncating a file]
- RESERVED
+CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel ...)
- linux-2.6 2.6.32-9 (low)
-CVE-2010-1086 [linux-2.6: ule decapsulation dos]
- RESERVED
+CVE-2010-1086 (The ULE decapsulation functionality in ...)
- linux-2.6 2.6.32-10 (low)
-CVE-2010-1085 [linux-2.6: hda_intel divide by zero]
- RESERVED
+CVE-2010-1085 (The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 ...)
- linux-2.6 2.6.32-9
[lenny] - linux-2.6 <not-affected> (affected call not present)
-CVE-2010-1084 [linux-2.6: bad memory access with sysfs]
- RESERVED
+CVE-2010-1084 (Linux kernel 2.6.18 through 2.6.33, and possibly other versions, ...)
- linux-2.6 <unfixed>
-CVE-2010-1083 [linux-2.6: info leak via usb interface]
- RESERVED
+CVE-2010-1083 (The processcompl_compat function in drivers/usb/core/devio.c in Linux ...)
- linux-2.6 2.6.32-9
CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when ...)
NOT-FOR-US: OI.Blogs
@@ -637,8 +737,8 @@
NOT-FOR-US: yatse extension for typo3
CVE-2009-4738
RESERVED
-CVE-2009-4737
- RESERVED
+CVE-2009-4737 (Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, ...)
+ TODO: check
CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in CommonSense ...)
NOT-FOR-US: CommonSense CMS
CVE-2010-XXXX [alien-arena: server dos]
@@ -1465,11 +1565,10 @@
CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type module ...)
NOT-FOR-US: Weekly Archive by Node Type (Drupal module)
CVE-2010-1144 [zabbix SQL injection]
- RESERVED
+ REJECTED
- zabbix <unfixed>
TODO: File bug
-CVE-2010-0750 [policykit information disclosure]
- RESERVED
+CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users ...)
- policykit <not-affected> (pkexec introduced in 0.92)
[lenny] - policykit <not-affected> (pkexec introduced in 0.92)
CVE-2010-0749
@@ -1761,7 +1860,7 @@
CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...)
- chromium-browser <itp> (bug #520334)
- webkit 1.1.21-1 (low)
- [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
+ [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
- qt4-x11 <undetermined> (low)
- kdelibs <undetermined> (low)
- kde4libs <undetermined> (low)
@@ -2764,7 +2863,7 @@
CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...)
- chromium-browser <itp> (bug #520324)
- webkit 1.1.21-1 (low)
- [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
+ [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
- qt4-x11 <undetermined>
- kdelibs <undetermined>
- kde4libs <undetermined>
@@ -9056,7 +9155,7 @@
NOT-FOR-US: Apple QuickTime
CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and ...)
- webkit 1.1.21-1 (low; bug #559759)
- [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
+ [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
@@ -43636,7 +43735,7 @@
RESERVED
CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...)
NOT-FOR-US: Geeklog
-CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4 beta ...)
+CVE-2007-2792 (SQL injection vulnerability in the Yet another Newsletter Component ...)
NOT-FOR-US: com_yanc for Mambo
NOTE: com_yanc component not in Mambo Debian package
CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...)
More information about the Secure-testing-commits
mailing list