[Secure-testing-commits] r14543 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Apr 21 21:14:20 UTC 2010
Author: joeyh
Date: 2010-04-21 21:14:19 +0000 (Wed, 21 Apr 2010)
New Revision: 14543
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-21 20:41:29 UTC (rev 14542)
+++ data/CVE/list 2010-04-21 21:14:19 UTC (rev 14543)
@@ -1,3 +1,63 @@
+CVE-2010-1489 (The XSS Filter in Microsoft Internet Explorer 8 does not properly ...)
+ TODO: check
+CVE-2010-1488 (The proc_oom_score function in fs/proc/base.c in the Linux kernel ...)
+ TODO: check
+CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...)
+ TODO: check
+CVE-2010-1486
+ RESERVED
+CVE-2010-1485
+ RESERVED
+CVE-2010-1484
+ RESERVED
+CVE-2010-1483
+ RESERVED
+CVE-2010-1482
+ RESERVED
+CVE-2010-1481
+ RESERVED
+CVE-2010-1480 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...)
+ TODO: check
+CVE-2010-1479 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...)
+ TODO: check
+CVE-2010-1478 (Directory traversal vulnerability in the Ternaria Informatica ...)
+ TODO: check
+CVE-2010-1477 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) ...)
+ TODO: check
+CVE-2010-1476 (Directory traversal vulnerability in the AlphaUserPoints ...)
+ TODO: check
+CVE-2010-1475 (Directory traversal vulnerability in the Preventive & Reservation ...)
+ TODO: check
+CVE-2010-1474 (Directory traversal vulnerability in the Sweety Keeper ...)
+ TODO: check
+CVE-2010-1473 (Directory traversal vulnerability in the Advertising (com_advertising) ...)
+ TODO: check
+CVE-2010-1472 (Directory traversal vulnerability in the Daily Horoscope ...)
+ TODO: check
+CVE-2010-1471 (Directory traversal vulnerability in the AddressBook (com_addressbook) ...)
+ TODO: check
+CVE-2010-1470 (Directory traversal vulnerability in the Web TV (com_webtv) component ...)
+ TODO: check
+CVE-2010-1469 (Directory traversal vulnerability in the Ternaria Informatica JProject ...)
+ TODO: check
+CVE-2010-1468 (SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager ...)
+ TODO: check
+CVE-2009-4773 (Cross-site request forgery (CSRF) vulnerability in the ...)
+ TODO: check
+CVE-2009-4772 (Unspecified vulnerability in the PayPal Website Payments Standard ...)
+ TODO: check
+CVE-2009-4771 (The PayPal Website Payments Standard functionality in the Ubercart ...)
+ TODO: check
+CVE-2009-4770 (The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 ...)
+ TODO: check
+CVE-2009-4769 (Multiple format string vulnerabilities in the tolog function in httpdx ...)
+ TODO: check
+CVE-2009-4768 (Unspecified vulnerability in the JASS script interpreter in Warcraft ...)
+ TODO: check
+CVE-2009-4767 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-7255 (login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves ...)
+ TODO: check
CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...)
NOT-FOR-US: openUrgence
CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...)
@@ -3,5 +63,5 @@
NOT-FOR-US: openUrgence
CVE-2010-1465 (Stack-based buffer overflow in Trellian FTP client 3.01, including ...)
- NOT-FOR-US: Trellian FTP
+ NOT-FOR-US: Trellian FTP
CVE-2010-1464 (Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst ...)
NOT-FOR-US: WebAsyst Shop-Script FREE
@@ -11,13 +71,13 @@
CVE-2010-1462 (Directory traversal vulnerability in WebAsyst Shop-Script FREE has ...)
NOT-FOR-US: WebAsyst Shop-Script FREE
CVE-2010-1461 (Directory traversal vulnerability in the Photo Battle ...)
- NOT-FOR-US: Photo Battle Component for Joomla!
+ NOT-FOR-US: Photo Battle Component for Joomla!
CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...)
- NOT-FOR-US: IBM BladeCenter Management Module
+ NOT-FOR-US: IBM BladeCenter Management Module
CVE-2010-1459
RESERVED
-CVE-2010-1458
- RESERVED
+CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip ...)
+ TODO: check
CVE-2010-1167 [fetchmail memory exhaustion DoS]
RESERVED
- fetchmail 6.3.16-2 (low)
@@ -315,12 +375,12 @@
- krb5 1.8.1+dfsg-2 (bug #577490)
[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt
-CVE-2010-1319
- RESERVED
-CVE-2010-1318
- RESERVED
-CVE-2010-1317
- RESERVED
+CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ ...)
+ TODO: check
+CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in ...)
+ TODO: check
+CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in ...)
+ TODO: check
CVE-2010-1316 (Multiple stack-based buffer overflows in Tembria Server Monitor before ...)
NOT-FOR-US: Tembria Server Monitor
CVE-2010-1315 (Directory traversal vulnerability in weberpcustomer.php in the ...)
@@ -721,16 +781,15 @@
RESERVED
CVE-2010-1166
RESERVED
-CVE-2010-1165
- RESERVED
-CVE-2010-1164
- RESERVED
+CVE-2010-1165 (Atlassian JIRA 3.12 through 4.1 allows remote authenticated ...)
+ TODO: check
+CVE-2010-1164 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...)
+ TODO: check
CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...)
- sudo 1.7.2p6-1 (bug #578275)
[lenny] - sudo <not-affected> (ignore_dot default value is off and can't be changed in runtime)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=580441#c3
-CVE-2010-1162 [linux-2.6: tty pid issue]
- RESERVED
+CVE-2010-1162 (The release_one_tty function in drivers/char/tty_io.c in the Linux ...)
- linux-2.6 <unfixed>
CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a ...)
- nano 2.2.4-1 (low; bug #577817)
@@ -740,8 +799,8 @@
- nano 2.2.4-1 (low; bug #577817)
[lenny] - nano <no-dsa> (minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4
-CVE-2010-1158
- RESERVED
+CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...)
+ TODO: check
CVE-2010-1157
RESERVED
CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to ...)
@@ -754,18 +813,15 @@
RESERVED
- irssi 0.8.15-1 (low)
[lenny] - irssi <no-dsa> (Minor issue)
-CVE-2010-1153 [typo3]
- RESERVED
+CVE-2010-1153 (PHP remote file inclusion vulnerability in the autoloader in TYPO3 ...)
- typo3-src <unfixed> (bug filed)
[lenny] - typo3-src <not-affected> (Only affects 4.3.x)
CVE-2010-1152 (memcached.c in memcached before 1.4.3 allows remote attackers to cause ...)
- memcached <unfixed> (low)
TODO: file bug
-CVE-2010-1151 [credential issue]
- RESERVED
+CVE-2010-1151 (Race condition in the mod_auth_shadow module for the Apache HTTP ...)
- libapache2-mod-auth-shadow <itp> (bug #503184)
-CVE-2010-1150 [mediawiki login CRSF]
- RESERVED
+CVE-2010-1150 (MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not ...)
- mediawiki 1:1.15.3-1 (low)
CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports ...)
- udisks 1.0.1-1 (medium; bug #576687)
@@ -1165,10 +1221,10 @@
RESERVED
CVE-2010-0998
RESERVED
-CVE-2010-0997
- RESERVED
-CVE-2010-0996
- RESERVED
+CVE-2010-0997 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows ...)
+ TODO: check
CVE-2010-0995
RESERVED
CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library ...)
@@ -1582,13 +1638,11 @@
TODO: check
CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software component in ...)
TODO: check
-CVE-2010-0887
- RESERVED
+CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...)
- openjdk-6 <undetermined>
- sun-java6 6.20-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0886
- RESERVED
+CVE-2010-0886 (Unspecified vulnerability in the Java Deployment Toolkit component in ...)
- openjdk-6 <undetermined>
- sun-java6 6.20-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -1992,8 +2046,7 @@
[lenny] - dovecot <not-affected> (Vulnerable code not present)
[etch] - dovecot <not-affected> (Vulnerable code not present)
NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
-CVE-2010-0744 [amsn SSL verification vuln]
- RESERVED
+CVE-2010-0744 (aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, ...)
- amsn <unfixed> (bug #572818)
[lenny] - amsn <no-dsa> (Minor issue)
NOTE: http://www.juniper.net/security/auto/vulnerabilities/vuln35507.html
@@ -2431,7 +2484,7 @@
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications Manager ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2010-0589 (The Web Install ActiveX control in Cisco Secure Desktop (CSD) before ...)
+CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure ...)
NOT-FOR-US: Cisco Secure Desktop
CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
NOT-FOR-US: Cisco Unified Communications Manager
More information about the Secure-testing-commits
mailing list