[Secure-testing-commits] r15647 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Dec 3 21:14:43 UTC 2010 

Author: joeyh
Date: 2010-12-03 21:14:43 +0000 (Fri, 03 Dec 2010)
New Revision: 15647

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-03 16:24:51 UTC (rev 15646)
+++ data/CVE/list	2010-12-03 21:14:43 UTC (rev 15647)
@@ -1,3 +1,67 @@
+CVE-2010-4397
+	RESERVED
+CVE-2010-4396
+	RESERVED
+CVE-2010-4395
+	RESERVED
+CVE-2010-4394
+	RESERVED
+CVE-2010-4393
+	RESERVED
+CVE-2010-4392
+	RESERVED
+CVE-2010-4391
+	RESERVED
+CVE-2010-4390
+	RESERVED
+CVE-2010-4389
+	RESERVED
+CVE-2010-4388
+	RESERVED
+CVE-2010-4387
+	RESERVED
+CVE-2010-4386
+	RESERVED
+CVE-2010-4385
+	RESERVED
+CVE-2010-4384
+	RESERVED
+CVE-2010-4383
+	RESERVED
+CVE-2010-4382
+	RESERVED
+CVE-2010-4381
+	RESERVED
+CVE-2010-4380
+	RESERVED
+CVE-2010-4379
+	RESERVED
+CVE-2010-4378
+	RESERVED
+CVE-2010-4377
+	RESERVED
+CVE-2010-4376
+	RESERVED
+CVE-2010-4375
+	RESERVED
+CVE-2010-4374 (The in_mkv plugin in Winamp before 5.6 allows remote attackers to ...)
+	TODO: check
+CVE-2010-4373 (The in_mp4 plugin in Winamp before 5.6 allows remote attackers to ...)
+	TODO: check
+CVE-2010-4372 (Integer overflow in the in_nsv plugin in Winamp before 5.6 allows ...)
+	TODO: check
+CVE-2010-4371 (Buffer overflow in the in_mod plugin in Winamp before 5.6 allows ...)
+	TODO: check
+CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6 ...)
+	TODO: check
+CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...)
+	TODO: check
+CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir ...)
+	TODO: check
+CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...)
+	TODO: check
+CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...)
+	TODO: check
 CVE-2010-XXXX [ocrodjvu insecure temp files handling]
 	- ocrodjvu 0.4.6-2 (low; bug #598134)
 CVE-2010-XXXX [hypermail XSS]
@@ -93,8 +157,7 @@
 	RESERVED
 CVE-2010-4330
 	RESERVED
-CVE-2010-4329
-	RESERVED
+CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton ...)
 	- phpmyadmin 4:3.3.7-2
 CVE-2010-4328
 	RESERVED
@@ -126,8 +189,8 @@
 	RESERVED
 CVE-2010-4314
 	RESERVED
-CVE-2010-4313
-	RESERVED
+CVE-2010-4313 (Unrestricted file upload vulnerability in fileman_file_upload.php in ...)
+	TODO: check
 CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include the ...)
 	TODO: check
 CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which allows ...)
@@ -224,18 +287,18 @@
 	RESERVED
 CVE-2010-4284
 	RESERVED
-CVE-2010-4283
-	RESERVED
-CVE-2010-4282
-	RESERVED
-CVE-2010-4281
-	RESERVED
-CVE-2010-4280
-	RESERVED
-CVE-2010-4279
-	RESERVED
-CVE-2010-4278
-	RESERVED
+CVE-2010-4283 (PHP remote file inclusion vulnerability in extras/pandora_diag.php in ...)
+	TODO: check
+CVE-2010-4282 (Multiple directory traversal vulnerabilities in Pandora FMS before ...)
+	TODO: check
+CVE-2010-4281 (Incomplete blacklist vulnerability in the safe_url_extraclean function ...)
+	TODO: check
+CVE-2010-4280 (Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 ...)
+	TODO: check
+CVE-2010-4279 (The default configuration of Pandora FMS 3.1 and earlier specifies an ...)
+	TODO: check
+CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows ...)
+	TODO: check
 CVE-2010-4277
 	RESERVED
 CVE-2010-4276
@@ -836,12 +899,10 @@
 	NOT-FOR-US: HP Insight Control Power Management
 CVE-2010-4022
 	RESERVED
-CVE-2010-4021 [krb5 checksum handling]
-	RESERVED
+CVE-2010-4021 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 ...)
 	- krb5 1.8+dfsg~alpha1-1
 	[lenny] - krb5 <not-affected> (Only affects 1.7.x)
-CVE-2010-4020 [krb5 checksum handling]
-	RESERVED
+CVE-2010-4020 (MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 ...)
 	- krb5 1.8.3+dfsg-3 (bug #605553)
 	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.8)
 CVE-2010-4019
@@ -2780,10 +2841,10 @@
 	RESERVED
 CVE-2010-3268
 	RESERVED
-CVE-2010-3267
-	RESERVED
-CVE-2010-3266
-	RESERVED
+CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 ...)
+	TODO: check
+CVE-2010-3266 (Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET ...)
+	TODO: check
 CVE-2010-3265
 	RESERVED
 CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...)
@@ -4666,8 +4727,8 @@
 	RESERVED
 CVE-2010-2587
 	RESERVED
-CVE-2010-2586
-	RESERVED
+CVE-2010-2586 (Multiple integer overflows in in_nsv.dll in the in_nsv plugin in ...)
+	TODO: check
 CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX ...)
 	NOT-FOR-US: RealPage Module ActiveX Controls
 CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in ...)
@@ -8194,12 +8255,10 @@
 	NOTE: http://march-hare.com/cvspro/vuln.htm
 CVE-2010-1325 (Cross-site request forgery (CSRF) vulnerability in the apache2-slms ...)
 	NOT-FOR-US: SUSE Lifecycle Management Server
-CVE-2010-1324 [krb5 checksum handling]
-	RESERVED
+CVE-2010-1324 (MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not ...)
 	- krb5 1.8.3+dfsg-3 (bug #605553)
 	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.7)
-CVE-2010-1323 [krb5 checksum handling]
-	RESERVED
+CVE-2010-1323 (MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x ...)
 	{DSA-2129-1}
 	- krb5 1.8.3+dfsg-3 (bug #605553)
 CVE-2010-1322 (The merge_authdata function in kdc_authdata.c in the Key Distribution ...)

More information about the Secure-testing-commits mailing list