[Secure-testing-commits] r15165 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Aug 19 01:11:24 UTC 2010
Author: joeyh
Date: 2010-08-19 01:11:22 +0000 (Thu, 19 Aug 2010)
New Revision: 15165
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-08-18 09:42:22 UTC (rev 15164)
+++ data/CVE/list 2010-08-19 01:11:22 UTC (rev 15165)
@@ -1,4 +1,114 @@
+CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows ...)
+ TODO: check
+CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses insecure ...)
+ TODO: check
+CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball Script ...)
+ TODO: check
+CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus ...)
+ TODO: check
+CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in DiamondList ...)
+ TODO: check
+CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance logging ...)
+ TODO: check
+CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote ...)
+ TODO: check
+CVE-2010-3020 (The news-feed preview feature in Opera before 10.61 does not properly ...)
+ TODO: check
+CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote ...)
+ TODO: check
+CVE-2010-3018
+ RESERVED
+CVE-2010-3017
+ RESERVED
+CVE-2010-3016
+ RESERVED
+CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...)
+ TODO: check
+CVE-2010-3012
+ RESERVED
+CVE-2010-3011
+ RESERVED
+CVE-2010-3010
+ RESERVED
+CVE-2010-3009
+ RESERVED
+CVE-2010-3008
+ RESERVED
+CVE-2010-3007
+ RESERVED
+CVE-2010-3006
+ RESERVED
+CVE-2010-3005
+ RESERVED
+CVE-2010-3004
+ RESERVED
+CVE-2010-3003
+ RESERVED
+CVE-2010-3002
+ RESERVED
+CVE-2010-3001
+ RESERVED
+CVE-2010-3000
+ RESERVED
+CVE-2010-2999
+ RESERVED
+CVE-2010-2998
+ RESERVED
+CVE-2010-2997
+ RESERVED
+CVE-2010-2996
+ RESERVED
+CVE-2010-2991 (The IICAClient interface in the ICAClient library in the ICA Client ...)
+ TODO: check
+CVE-2010-2990 (Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, ...)
+ TODO: check
+CVE-2010-2989 (nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for ...)
+ TODO: check
+CVE-2010-2988 (Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless ...)
+ TODO: check
+CVE-2010-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless ...)
+ TODO: check
+CVE-2010-2986 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2010-2985 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...)
+ TODO: check
+CVE-2010-2984 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...)
+ TODO: check
+CVE-2010-2983 (The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless ...)
+ TODO: check
+CVE-2010-2982 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 ...)
+ TODO: check
+CVE-2010-2981 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 ...)
+ TODO: check
+CVE-2010-2980 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...)
+ TODO: check
+CVE-2010-2979 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...)
+ TODO: check
+CVE-2010-2978 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...)
+ TODO: check
+CVE-2010-2977 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...)
+ TODO: check
+CVE-2010-2976 (The controller in Cisco Unified Wireless Network (UWN) Solution 7.x ...)
+ TODO: check
+CVE-2010-2975 (Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 ...)
+ TODO: check
+CVE-2010-2974 (Stack-based buffer overflow in the IConfigurationAccess interface in ...)
+ TODO: check
+CVE-2010-2973 (Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone ...)
+ TODO: check
+CVE-2010-2972
+ REJECTED
+ TODO: check
+CVE-2008-7260
+ RESERVED
+CVE-2008-7259
+ RESERVED
CVE-2010-3014 [freebsd coda kernel memory disclosure]
+ RESERVED
- kfreebsd-7 <undetermined>
- kfreebsd-8 8.1-5
CVE-2010-XXXX [lynx heap overflow]
@@ -7,15 +117,16 @@
NOTE: exploit scenario really obscure
NOTE: https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254
CVE-2010-3015 [ext4 integer overflow]
+ RESERVED
- linux-2.6 <unfixed>
-CVE-2010-2995 [Wireshark 1.2.10 SigComp Universal Decompressor Virtual Machine could overrun a buffer]
+CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark ...)
- wireshark 1.2.10-1
-CVE-2010-2992 [Wireshark 1.2.10 GSM A RR dissector could crash]
+CVE-2010-2992 (packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through ...)
- wireshark 1.2.10-1
[lenny] - wireshark <not-affected> (Only affects 1.2.x)
-CVE-2010-2994 [Wireshark 1.2.10 Due to a regression the ASN.1 BER dissector could overrun the stack]
+CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark ...)
- wireshark 1.2.10-1
-CVE-2010-2993 [Wireshark 1.2.10 The IPMI dissector could go into an infinite loop]
+CVE-2010-2993 (The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote ...)
- wireshark 1.2.10-1
[lenny] - wireshark <not-affected> (Only affects 1.2.x)
CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly ...)
@@ -267,10 +378,10 @@
RESERVED
CVE-2010-2863
RESERVED
-CVE-2010-2862
- RESERVED
-CVE-2010-2861
- RESERVED
+CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and ...)
+ TODO: check
+CVE-2010-2861 (Directory traversal vulnerability in Adobe ColdFusion 9.0.1 and ...)
+ TODO: check
CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts ...)
NOT-FOR-US: EMC
CVE-2009-4974 (Directory traversal vulnerability in box_display.php in TotalCalendar ...)
@@ -375,36 +486,37 @@
RESERVED
CVE-2010-2828
RESERVED
-CVE-2010-2827
- RESERVED
-CVE-2010-2826
- RESERVED
-CVE-2010-2825
- RESERVED
-CVE-2010-2824
- RESERVED
-CVE-2010-2823
- RESERVED
-CVE-2010-2822
- RESERVED
-CVE-2010-2821
- RESERVED
-CVE-2010-2820
- RESERVED
-CVE-2010-2819
- RESERVED
-CVE-2010-2818
- RESERVED
-CVE-2010-2817
- RESERVED
-CVE-2010-2816
- RESERVED
-CVE-2010-2815
- RESERVED
-CVE-2010-2814
- RESERVED
+CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) ...)
+ TODO: check
+CVE-2010-2825 (Unspecified vulnerability in the SIP inspection feature on the Cisco ...)
+ TODO: check
+CVE-2010-2824 (Unspecified vulnerability on the Cisco Application Control Engine ...)
+ TODO: check
+CVE-2010-2823 (Unspecified vulnerability in the deep packet inspection feature on the ...)
+ TODO: check
+CVE-2010-2822 (Unspecified vulnerability in the RTSP inspection feature on the Cisco ...)
+ TODO: check
+CVE-2010-2821 (Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) ...)
+ TODO: check
+CVE-2010-2820 (Unspecified vulnerability in the SunRPC inspection feature on the ...)
+ TODO: check
+CVE-2010-2819 (Unspecified vulnerability in the SunRPC inspection feature on the ...)
+ TODO: check
+CVE-2010-2818 (Unspecified vulnerability in the SunRPC inspection feature on the ...)
+ TODO: check
+CVE-2010-2817 (Unspecified vulnerability in the IKE implementation on Cisco Adaptive ...)
+ TODO: check
+CVE-2010-2816 (Unspecified vulnerability in the SIP inspection feature on Cisco ...)
+ TODO: check
+CVE-2010-2815 (Unspecified vulnerability in the Transport Layer Security (TLS) ...)
+ TODO: check
+CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) ...)
+ TODO: check
CVE-2010-2813 [squirrelmail denial of service with 8bit login characters]
RESERVED
+ {DSA-2091-1}
- squirrelmail 2:1.4.21-1 (low)
[lenny] - squirrelmail <no-dsa> (low-risk issue)
CVE-2010-2812
@@ -433,33 +545,31 @@
RESERVED
CVE-2010-2802
RESERVED
-CVE-2010-2801 [Integer wrap-around (crash) by processing certain *.cab files in test archive mode]
- RESERVED
+CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract ...)
{DSA-2087-1}
- cabextract 1.3-1 (bug #591552)
-CVE-2010-2800 [Infinite loop in MS-ZIP and Quantum decoders]
- RESERVED
+CVE-2010-2800 (The MS-ZIP decompressor in cabextract before 1.3 allows remote ...)
- cabextract 1.3-1 (bug #591552; unimportant)
CVE-2010-2799 [socat buffer overflow]
RESERVED
+ {DSA-2090-1}
- socat 1.7.1.3-1 (bug #591443; medium)
CVE-2010-2798 [gfs2 null ptr dereference]
RESERVED
- linux-2.6 2.6.32-20
CVE-2010-2797
RESERVED
-CVE-2010-2796
- RESERVED
-CVE-2010-2795
- RESERVED
+CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...)
+ TODO: check
+CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack ...)
+ TODO: check
CVE-2010-2794
RESERVED
CVE-2010-2793
RESERVED
CVE-2010-2792
RESERVED
-CVE-2010-2791 [apache2 mod_proxy information leak]
- RESERVED
+CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...)
- apache2 2.2.10-1 (low)
CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...)
- zabbix <unfixed>
@@ -583,14 +693,14 @@
RESERVED
CVE-2010-2760
RESERVED
-CVE-2010-2759
- RESERVED
-CVE-2010-2758
- RESERVED
-CVE-2010-2757
- RESERVED
-CVE-2010-2756
- RESERVED
+CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...)
+ TODO: check
+CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...)
+ TODO: check
+CVE-2010-2757 (The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through ...)
+ TODO: check
+CVE-2010-2756 (Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 ...)
+ TODO: check
CVE-2010-2755 (layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not ...)
- xulrunner <not-affected> (Only exploitable in Firefox 3.6.x and above)
CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 ...)
@@ -690,8 +800,7 @@
NOT-FOR-US: TCW PHP Album
CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 ...)
NOT-FOR-US: TCW PHP Album
-CVE-2010-2713 [vte: responds to get window title escape sequence request]
- RESERVED
+CVE-2010-2713 (The vte_sequence_handler_window_manipulation function in vteseq.c in ...)
- vte 1:0.24.3-1
NOTE: http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74
NOTE: http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
@@ -701,16 +810,16 @@
RESERVED
CVE-2010-2710
RESERVED
-CVE-2010-2709
- RESERVED
-CVE-2010-2708
- RESERVED
-CVE-2010-2707
- RESERVED
-CVE-2010-2706
- RESERVED
-CVE-2010-2705
- RESERVED
+CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView Network ...)
+ TODO: check
+CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before ...)
+ TODO: check
+CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches ...)
+ TODO: check
+CVE-2010-2706 (Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 ...)
+ TODO: check
+CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch with ...)
+ TODO: check
CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and ...)
NOT-FOR-US: HP OpenView
CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the ov.dll ...)
@@ -900,8 +1009,8 @@
RESERVED
CVE-2010-2635
RESERVED
-CVE-2010-2634
- RESERVED
+CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...)
+ TODO: check
CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, ...)
NOT-FOR-US: EMC
CVE-2010-2632
@@ -1019,14 +1128,14 @@
RESERVED
CVE-2010-2578
RESERVED
-CVE-2010-2577
- RESERVED
-CVE-2010-2576
- RESERVED
+CVE-2010-2577 (Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow ...)
+ TODO: check
+CVE-2010-2576 (Opera before 10.61 does not properly suppress clicks on download ...)
+ TODO: check
CVE-2010-2575
RESERVED
-CVE-2010-2574
- RESERVED
+CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...)
+ TODO: check
CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as ...)
- tiff <unfixed> (unimportant)
CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...)
@@ -1049,46 +1158,45 @@
NOT-FOR-US: Microsoft
CVE-2010-2567
RESERVED
-CVE-2010-2566
- RESERVED
+CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft ...)
+ TODO: check
CVE-2010-2565
RESERVED
-CVE-2010-2564
- RESERVED
+CVE-2010-2564 (Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 does not ...)
+ TODO: check
CVE-2010-2563
RESERVED
-CVE-2010-2562
- RESERVED
-CVE-2010-2561
- RESERVED
-CVE-2010-2560
- RESERVED
-CVE-2010-2559
- RESERVED
-CVE-2010-2558
- RESERVED
-CVE-2010-2557
- RESERVED
-CVE-2010-2556
- RESERVED
-CVE-2010-2555
- RESERVED
-CVE-2010-2554
- RESERVED
-CVE-2010-2553
- RESERVED
-CVE-2010-2552
- RESERVED
-CVE-2010-2551
- RESERVED
-CVE-2010-2550
- RESERVED
+CVE-2010-2562 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...)
+ TODO: check
+CVE-2010-2561 (Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle ...)
+ TODO: check
+CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...)
+ TODO: check
+CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
+ TODO: check
+CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows ...)
+ TODO: check
+CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in ...)
+ TODO: check
+CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...)
+ TODO: check
+CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and ...)
+ TODO: check
+CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and ...)
+ TODO: check
+CVE-2010-2553 (The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista ...)
+ TODO: check
+CVE-2010-2552 (Stack consumption vulnerability in the SMB Server in Microsoft Windows ...)
+ TODO: check
+CVE-2010-2551 (The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server ...)
+ TODO: check
+CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server ...)
+ TODO: check
CVE-2010-2549 (Use-after-free vulnerability in Microsoft Windows Vista and Server ...)
NOT-FOR-US: Microsoft
CVE-2010-2548
RESERVED
-CVE-2010-2547 [gnupg2: use-after-free in certificate parsing]
- RESERVED
+CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG ...)
{DSA-2076-1}
- gnupg2 2.0.14-2
CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in ...)
@@ -1100,8 +1208,7 @@
RESERVED
CVE-2010-2543
RESERVED
-CVE-2010-2542 [git buffer overflow]
- RESERVED
+CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in ...)
- git-core 1:1.7.1-1.1 (low; bug #590026)
[lenny] - git-core <no-dsa> (Minor issue)
CVE-2010-2541
@@ -1248,8 +1355,8 @@
- freetype 2.4.0-1
CVE-2010-2496
RESERVED
-CVE-2010-2493
- RESERVED
+CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) ...)
+ TODO: check
CVE-2010-2492
RESERVED
CVE-2010-2491 [roundup XSS]
@@ -1301,8 +1408,8 @@
NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
CVE-2010-2475
RESERVED
-CVE-2010-2474
- RESERVED
+CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise ...)
+ TODO: check
CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...)
- bugzilla <not-affected> (Only affects 3.5 to 3.7)
CVE-2010-2476 [syscp open_basedir bypassing]
@@ -1942,25 +2049,21 @@
RESERVED
CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1) ...)
- iscsitarget <undetermined>
-CVE-2010-2220
- RESERVED
-CVE-2010-2219
- RESERVED
-CVE-2010-2218
- RESERVED
-CVE-2010-2217
- RESERVED
-CVE-2010-2216
- RESERVED
+CVE-2010-2220 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...)
+ TODO: check
+CVE-2010-2219 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...)
+ TODO: check
+CVE-2010-2218 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...)
+ TODO: check
+CVE-2010-2217 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...)
+ TODO: check
+CVE-2010-2216 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2010-2215
- RESERVED
+CVE-2010-2215 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2010-2214
- RESERVED
+CVE-2010-2214 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2010-2213
- RESERVED
+CVE-2010-2213 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x ...)
NOT-FOR-US: Adobe Reader
@@ -2701,50 +2804,50 @@
NOT-FOR-US: Consona
CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager Client 1.5.x allows ...)
NOT-FOR-US: EMC RSA key manager
-CVE-2010-1903
- RESERVED
-CVE-2010-1902
- RESERVED
-CVE-2010-1901
- RESERVED
-CVE-2010-1900
- RESERVED
+CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, ...)
+ TODO: check
+CVE-2010-1902 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 ...)
+ TODO: check
+CVE-2010-1901 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft ...)
+ TODO: check
+CVE-2010-1900 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft ...)
+ TODO: check
CVE-2010-1899
RESERVED
-CVE-2010-1898
- RESERVED
-CVE-2010-1897
- RESERVED
-CVE-2010-1896
- RESERVED
-CVE-2010-1895
- RESERVED
-CVE-2010-1894
- RESERVED
-CVE-2010-1893
- RESERVED
-CVE-2010-1892
- RESERVED
+CVE-2010-1898 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, ...)
+ TODO: check
+CVE-2010-1897 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...)
+ TODO: check
+CVE-2010-1896 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...)
+ TODO: check
+CVE-2010-1895 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...)
+ TODO: check
+CVE-2010-1894 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...)
+ TODO: check
+CVE-2010-1893 (Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, ...)
+ TODO: check
+CVE-2010-1892 (The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows ...)
+ TODO: check
CVE-2010-1891
RESERVED
-CVE-2010-1890
- RESERVED
-CVE-2010-1889
- RESERVED
-CVE-2010-1888
- RESERVED
-CVE-2010-1887
- RESERVED
-CVE-2010-1886
- RESERVED
+CVE-2010-1890 (The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 ...)
+ TODO: check
+CVE-2010-1889 (Double free vulnerability in the kernel in Microsoft Windows Vista SP1 ...)
+ TODO: check
+CVE-2010-1888 (Race condition in the kernel in Microsoft Windows XP SP3 allows local ...)
+ TODO: check
+CVE-2010-1887 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...)
+ TODO: check
+CVE-2010-1886 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...)
+ TODO: check
CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-1884
RESERVED
CVE-2010-1883
RESERVED
-CVE-2010-1882
- RESERVED
+CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for ...)
+ TODO: check
CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls ...)
NOT-FOR-US: Microsoft
CVE-2010-1880 (Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft ...)
@@ -3000,12 +3103,11 @@
RESERVED
CVE-2010-1800
RESERVED
-CVE-2010-1799
- RESERVED
+CVE-2010-1799 (Stack-based buffer overflow in the error-logging functionality in ...)
+ TODO: check
CVE-2010-1798
RESERVED
-CVE-2010-1797 [freetype CFF buffer overflow]
- RESERVED
+CVE-2010-1797 (Stack-based buffer overflow in FreeType in Apple iOS before 4.0.2 on ...)
- freetype 2.4.2-1
CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 ...)
- webkit <undetermined>
@@ -3206,6 +3308,7 @@
CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component ...)
NOT-FOR-US: com_newsfeeds component for joomla!
CVE-2010-1738 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...)
+ {DSA-2092-1}
- lxr <unfixed> (low; bug #585411)
- lxr-cvs <unfixed> (low; bug #585412)
NOTE: likely to be rejected as a dupe of CVE-2010-1448
@@ -3495,6 +3598,7 @@
- mysql-dfsg-5.0 <removed> (low; bug #584400)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...)
+ {DSA-2092-1}
- lxr <unfixed> (low; bug #588138)
- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137)
CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...)
@@ -3602,14 +3706,14 @@
NOT-FOR-US: Tirzen Framework
CVE-2010-1582
RESERVED
-CVE-2010-1581
- RESERVED
-CVE-2010-1580
- RESERVED
-CVE-2010-1579
- RESERVED
-CVE-2010-1578
- RESERVED
+CVE-2010-1581 (Unspecified vulnerability in the Transport Layer Security (TLS) ...)
+ TODO: check
+CVE-2010-1580 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...)
+ TODO: check
+CVE-2010-1579 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...)
+ TODO: check
+CVE-2010-1578 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...)
+ TODO: check
CVE-2010-1577 (Directory traversal vulnerability in Cisco Internet Streamer, as used ...)
NOT-FOR-US: Cisco
CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software before ...)
@@ -3775,8 +3879,8 @@
NOT-FOR-US: TaskFreak! Original multi user
CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! ...)
NOT-FOR-US: TaskFreak! Original multi user
-CVE-2010-1519
- RESERVED
+CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow ...)
+ TODO: check
CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ...)
NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers ...)
@@ -4065,6 +4169,7 @@
- python2.4 <removed> (low)
[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...)
+ {DSA-2092-1}
- lxr <unfixed> (low; bug #585411)
- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036)
TODO: prod maintainer (and find out why we have lxr and lxr-cvs)
@@ -4620,8 +4725,8 @@
NOT-FOR-US: Microsoft
CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote ...)
NOT-FOR-US: Microsoft
-CVE-2010-1258
- RESERVED
+CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine ...)
+ TODO: check
CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as ...)
NOT-FOR-US: Microsoft
CVE-2010-1256 (Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when ...)
@@ -5934,8 +6039,8 @@
NOT-FOR-US: Oracle
CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle Fusion ...)
NOT-FOR-US: Oracle
-CVE-2010-0834
- RESERVED
+CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before ...)
+ TODO: check
CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build ...)
NOT-FOR-US: Likewise
CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before ...)
@@ -7862,8 +7967,7 @@
NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570
CVE-2010-0210
RESERVED
-CVE-2010-0209
- RESERVED
+CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2010-0208
RESERVED
@@ -8355,6 +8459,7 @@
CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...)
- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...)
+ {DSA-2092-1}
- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #575745)
NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...)
@@ -8994,8 +9099,8 @@
NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
NOT-FOR-US: Microsoft Windows
-CVE-2010-0019
- RESERVED
+CVE-2010-0019 (Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before ...)
+ TODO: check
CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows ...)
@@ -9160,8 +9265,8 @@
CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...)
{DSA-2080-1}
- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
-CVE-2009-4269
- RESERVED
+CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...)
+ TODO: check
CVE-2009-4268
RESERVED
CVE-2009-4267
@@ -13252,6 +13357,7 @@
CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in ...)
NOT-FOR-US: Radvision Scopia
CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ {DSA-2091-1}
- squirrelmail 2:1.4.20~rc2-1 (low; bug #543818)
CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar Uninstaller ...)
NOT-FOR-US: Toolbar Uninstaller
@@ -14394,8 +14500,7 @@
- linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.19)
CVE-2009-2697 (The Red Hat build script for the GNOME Display Manager (GDM) before ...)
- gdm <not-affected> (TCP Wrappers support enabled correctly)
-CVE-2009-2696
- RESERVED
+CVE-2009-2696 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...)
NOT-FOR-US: Red-Hat-specific patching problem in Tomcat
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=616717
CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent mmap ...)
More information about the Secure-testing-commits
mailing list