[Secure-testing-commits] r15657 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Dec 7 21:16:05 UTC 2010
Author: joeyh
Date: 2010-12-07 21:16:04 +0000 (Tue, 07 Dec 2010)
New Revision: 15657
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-12-07 21:07:47 UTC (rev 15656)
+++ data/CVE/list 2010-12-07 21:16:04 UTC (rev 15657)
@@ -1,3 +1,150 @@
+CVE-2010-4510
+ REJECTED
+ TODO: check
+CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before ...)
+ TODO: check
+CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly ...)
+ TODO: check
+CVE-2010-4477
+ RESERVED
+CVE-2010-4476
+ RESERVED
+CVE-2010-4475
+ RESERVED
+CVE-2010-4474
+ RESERVED
+CVE-2010-4473
+ RESERVED
+CVE-2010-4472
+ RESERVED
+CVE-2010-4471
+ RESERVED
+CVE-2010-4470
+ RESERVED
+CVE-2010-4469
+ RESERVED
+CVE-2010-4468
+ RESERVED
+CVE-2010-4467
+ RESERVED
+CVE-2010-4466
+ RESERVED
+CVE-2010-4465
+ RESERVED
+CVE-2010-4464
+ RESERVED
+CVE-2010-4463
+ RESERVED
+CVE-2010-4462
+ RESERVED
+CVE-2010-4461
+ RESERVED
+CVE-2010-4460
+ RESERVED
+CVE-2010-4459
+ RESERVED
+CVE-2010-4458
+ RESERVED
+CVE-2010-4457
+ RESERVED
+CVE-2010-4456
+ RESERVED
+CVE-2010-4455
+ RESERVED
+CVE-2010-4454
+ RESERVED
+CVE-2010-4453
+ RESERVED
+CVE-2010-4452
+ RESERVED
+CVE-2010-4451
+ RESERVED
+CVE-2010-4450
+ RESERVED
+CVE-2010-4449
+ RESERVED
+CVE-2010-4448
+ RESERVED
+CVE-2010-4447
+ RESERVED
+CVE-2010-4446
+ RESERVED
+CVE-2010-4445
+ RESERVED
+CVE-2010-4444
+ RESERVED
+CVE-2010-4443
+ RESERVED
+CVE-2010-4442
+ RESERVED
+CVE-2010-4441
+ RESERVED
+CVE-2010-4440
+ RESERVED
+CVE-2010-4439
+ RESERVED
+CVE-2010-4438
+ RESERVED
+CVE-2010-4437
+ RESERVED
+CVE-2010-4436
+ RESERVED
+CVE-2010-4435
+ RESERVED
+CVE-2010-4434
+ RESERVED
+CVE-2010-4433
+ RESERVED
+CVE-2010-4432
+ RESERVED
+CVE-2010-4431
+ RESERVED
+CVE-2010-4430
+ RESERVED
+CVE-2010-4429
+ RESERVED
+CVE-2010-4428
+ RESERVED
+CVE-2010-4427
+ RESERVED
+CVE-2010-4426
+ RESERVED
+CVE-2010-4425
+ RESERVED
+CVE-2010-4424
+ RESERVED
+CVE-2010-4423
+ RESERVED
+CVE-2010-4422
+ RESERVED
+CVE-2010-4421
+ RESERVED
+CVE-2010-4420
+ RESERVED
+CVE-2010-4419
+ RESERVED
+CVE-2010-4418
+ RESERVED
+CVE-2010-4417
+ RESERVED
+CVE-2010-4416
+ RESERVED
+CVE-2010-4415
+ RESERVED
+CVE-2010-4414
+ RESERVED
+CVE-2010-4413
+ RESERVED
+CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta ...)
+ TODO: check
+CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote ...)
+ TODO: check
+CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm ...)
+ TODO: check
+CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through ...)
+ TODO: check
+CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
+ TODO: check
CVE-2010-XXXX [IO::Socket::SSL verify peer mode ignored if no cert supplied]
- libio-socket-ssl-perl <unfixed> (bug #606058)
CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize]
@@ -11,7 +158,7 @@
- php5 <unfixed> (low)
NOTE: old, known, issue -- Pierre already requested an id
NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
-CVE-2010-4409 [php getSymbol() DoS]
+CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka ...)
- php5 <unfixed>
[lenny] - php5 <not-affected> (intl extension included since 5.3)
NOTE: http://www.kb.cert.org/vuls/id/479900
@@ -196,8 +343,8 @@
RESERVED
CVE-2010-4331
RESERVED
-CVE-2010-4330
- RESERVED
+CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse ...)
+ TODO: check
CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton ...)
- phpmyadmin 4:3.3.7-2
CVE-2010-4328
@@ -258,14 +405,14 @@
NOT-FOR-US: Novell Zenworks
CVE-2010-4298 (SQL injection vulnerability in the download module in Free Simple ...)
NOT-FOR-US: Free Simple Software
-CVE-2010-4297
- RESERVED
-CVE-2010-4296
- RESERVED
-CVE-2010-4295
- RESERVED
-CVE-2010-4294
- RESERVED
+CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation 6.5.x ...)
+ TODO: check
+CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on ...)
+ TODO: check
+CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware ...)
+ TODO: check
+CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in ...)
+ TODO: check
CVE-2008-7266 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave ...)
NOT-FOR-US: RSA Adaptive Authentication
CVE-2010-XXXX [directory traversal]
@@ -376,24 +523,20 @@
- xfig <unfixed>
TODO: check
NOTE: details and patch at https://bugzilla.redhat.com/659676
-CVE-2010-4261 [clamav icon_cb memory corruption]
- RESERVED
+CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...)
- clamav <unfixed>
[lenny] - clamav <end-of-life>
TODO: check
-CVE-2010-4260 [clamav PDF DoS]
- RESERVED
+CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV ...)
- clamav <unfixed>
[lenny] - clamav <end-of-life>
TODO: check
-CVE-2010-4259 [fontforge BDF files buffer overflow]
- RESERVED
+CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote ...)
- fontforge 0.0.20100501-4 (bug #605537)
CVE-2010-4258 [linux failure to revert address limit override in OOPS error path]
RESERVED
- linux-2.6 <unfixed>
-CVE-2010-4257 [wordpress trackback SQL injection]
- RESERVED
+CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in ...)
- wordpress <unfixed>
TODO: check
CVE-2010-4256 [linux: pipe_fcntl local DoS]
@@ -408,8 +551,7 @@
NOTE: 201011251552.17678.thomas at suse.de
CVE-2010-4253
RESERVED
-CVE-2010-4252 [OpenSSL JPAKE validation error]
- RESERVED
+CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly ...)
- openssl <unfixed>
NOTE: http://www.openssl.org/news/secadv_20101202.txt
CVE-2010-4251
@@ -426,8 +568,8 @@
- linux-2.6 <unfixed>
TODO: check
NOTE: 4CEB7F72.2020202 at redhat.com
-CVE-2010-4246
- RESERVED
+CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in ...)
+ TODO: check
CVE-2010-4245
RESERVED
CVE-2010-4244
@@ -589,8 +731,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...)
- yaws <not-affected> (Only affects Windows)
-CVE-2010-4180 [OpenSSL Ciphersuite Downgrade Attack]
- RESERVED
+CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when ...)
- openssl 0.9.8o-4
NOTE: http://www.openssl.org/news/secadv_20101202.txt
CVE-2010-4179
@@ -1246,8 +1387,7 @@
RESERVED
CVE-2010-3905
RESERVED
-CVE-2010-3904
- RESERVED
+CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable ...)
- linux-2.6 2.6.32-26
[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.30)
CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows remote ...)
@@ -2443,8 +2583,8 @@
RESERVED
CVE-2010-3450
RESERVED
-CVE-2010-3449
- RESERVED
+CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback before ...)
+ TODO: check
CVE-2010-3448 [Linux ThinkPad video output status local DoS]
RESERVED
{DSA-2126-1}
@@ -3542,8 +3682,8 @@
CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the Linux ...)
{DSA-2126-1}
- linux-2.6 2.6.32-24
-CVE-2010-3066
- RESERVED
+CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel before ...)
+ TODO: check
CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...)
- php5 <unfixed> (unimportant)
NOTE: mysqlnd not used in squeeze/sid
@@ -4374,8 +4514,7 @@
CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
- xulrunner <not-affected> (Only affects 3.6, only in experimental)
- iceweasel <not-affected> (Only affects 3.6, only in experimental)
-CVE-2010-2761 [CGI.pm incorrect handling of newlines embedded in headers]
- RESERVED
+CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) ...)
- libcgi-pm-perl <unfixed>
NOTE: 4CF685D7.4070208 at redhat.com
CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...)
@@ -4705,8 +4844,8 @@
RESERVED
CVE-2010-2640
RESERVED
-CVE-2010-2639
- RESERVED
+CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote ...)
+ TODO: check
CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 ...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not ...)
More information about the Secure-testing-commits
mailing list