[Secure-testing-commits] r14032 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Feb 4 21:14:28 UTC 2010
Author: joeyh
Date: 2010-02-04 21:14:27 +0000 (Thu, 04 Feb 2010)
New Revision: 14032
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-04 21:10:34 UTC (rev 14031)
+++ data/CVE/list 2010-02-04 21:14:27 UTC (rev 14032)
@@ -1,3 +1,163 @@
+CVE-2010-0546
+ RESERVED
+CVE-2010-0545
+ RESERVED
+CVE-2010-0544
+ RESERVED
+CVE-2010-0543
+ RESERVED
+CVE-2010-0542
+ RESERVED
+CVE-2010-0541
+ RESERVED
+CVE-2010-0540
+ RESERVED
+CVE-2010-0539
+ RESERVED
+CVE-2010-0538
+ RESERVED
+CVE-2010-0537
+ RESERVED
+CVE-2010-0536
+ RESERVED
+CVE-2010-0535
+ RESERVED
+CVE-2010-0534
+ RESERVED
+CVE-2010-0533
+ RESERVED
+CVE-2010-0532
+ RESERVED
+CVE-2010-0531
+ RESERVED
+CVE-2010-0530
+ RESERVED
+CVE-2010-0529
+ RESERVED
+CVE-2010-0528
+ RESERVED
+CVE-2010-0527
+ RESERVED
+CVE-2010-0526
+ RESERVED
+CVE-2010-0525
+ RESERVED
+CVE-2010-0524
+ RESERVED
+CVE-2010-0523
+ RESERVED
+CVE-2010-0522
+ RESERVED
+CVE-2010-0521
+ RESERVED
+CVE-2010-0520
+ RESERVED
+CVE-2010-0519
+ RESERVED
+CVE-2010-0518
+ RESERVED
+CVE-2010-0517
+ RESERVED
+CVE-2010-0516
+ RESERVED
+CVE-2010-0515
+ RESERVED
+CVE-2010-0514
+ RESERVED
+CVE-2010-0513
+ RESERVED
+CVE-2010-0512
+ RESERVED
+CVE-2010-0511
+ RESERVED
+CVE-2010-0510
+ RESERVED
+CVE-2010-0509
+ RESERVED
+CVE-2010-0508
+ RESERVED
+CVE-2010-0507
+ RESERVED
+CVE-2010-0506
+ RESERVED
+CVE-2010-0505
+ RESERVED
+CVE-2010-0504
+ RESERVED
+CVE-2010-0503
+ RESERVED
+CVE-2010-0502
+ RESERVED
+CVE-2010-0501
+ RESERVED
+CVE-2010-0500
+ RESERVED
+CVE-2010-0499
+ RESERVED
+CVE-2010-0498
+ RESERVED
+CVE-2010-0497
+ RESERVED
+CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for ...)
+ TODO: check
+CVE-2010-0495
+ RESERVED
+CVE-2010-0494
+ RESERVED
+CVE-2010-0493
+ RESERVED
+CVE-2010-0492
+ RESERVED
+CVE-2010-0491
+ RESERVED
+CVE-2010-0490
+ RESERVED
+CVE-2010-0489
+ RESERVED
+CVE-2010-0488
+ RESERVED
+CVE-2010-0487
+ RESERVED
+CVE-2010-0486
+ RESERVED
+CVE-2010-0485
+ RESERVED
+CVE-2010-0484
+ RESERVED
+CVE-2010-0483
+ RESERVED
+CVE-2010-0482
+ RESERVED
+CVE-2010-0481
+ RESERVED
+CVE-2010-0480
+ RESERVED
+CVE-2010-0479
+ RESERVED
+CVE-2010-0478
+ RESERVED
+CVE-2010-0477
+ RESERVED
+CVE-2010-0476
+ RESERVED
+CVE-2010-0475
+ RESERVED
+CVE-2010-0474
+ RESERVED
+CVE-2010-0473
+ RESERVED
+CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 ...)
+ TODO: check
+CVE-2010-0471 (SQL injection vulnerability in the comment submission interface ...)
+ TODO: check
+CVE-2010-0470 (Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend ...)
+ TODO: check
+CVE-2010-0469 (SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, ...)
+ TODO: check
+CVE-2010-0468 (Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in ...)
+ TODO: check
+CVE-2010-0467 (Directory traversal vulnerability in the ccNewsletter ...)
+ TODO: check
CVE-2010-XXXX [fetchmail heap overflow]
- fetchmail 6.3.13-2 (low)
NOTE: the conditions so that this is exploitable are rather obscure
@@ -33,8 +193,8 @@
NOT-FOR-US: PunBB
CVE-2010-0454 (SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in ...)
NOT-FOR-US: Publique! CMS
-CVE-2010-0453
- RESERVED
+CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and ...)
+ TODO: check
CVE-2010-0452
RESERVED
CVE-2010-0451
@@ -60,8 +220,8 @@
- asterisk <unfixed>
[lenny] - asterisk <not-affected> (Only affects 1.6.x)
[etch] - asterisk <not-affected> (Only affects 1.6.x)
-CVE-2010-0440
- RESERVED
+CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in ...)
+ TODO: check
CVE-2010-0439
RESERVED
CVE-2010-0438
@@ -228,8 +388,7 @@
CVE-2010-XXXX [gmetad incorrect file permissions]
- ganglia <unfixed> (low; bug #567175)
TODO: check old/stable versions
-CVE-2010-0442 [postgres bitsubstr overflow]
- RESERVED
+CVE-2010-0442 (The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL ...)
- postgresql-7.4 <removed>
- postgresql-8.1 <removed>
- postgresql-8.2 <removed>
@@ -499,8 +658,7 @@
NOTE: http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commitdiff;h=336f40a728b9a4a5db5e1df5c89852c79ff95604
NOTE: see RH
TODO: check
-CVE-2010-0308 [Squid DoS when processing DNS packets]
- RESERVED
+CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...)
{DSA-1991-1}
- squid <unfixed>
- squid3 <unfixed>
@@ -510,12 +668,10 @@
- linux-2.6 2.6.32-7
CVE-2010-0306
RESERVED
-CVE-2010-0305 [ejabberd DoS via "c2s" messages]
- RESERVED
+CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to ...)
- ejabberd <unfixed> (medium; bug #568383)
NOTE: https://support.process-one.net/browse/EJAB-1173
-CVE-2010-0304 [wireshark LWRES issue]
- RESERVED
+CVE-2010-0304 (Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 ...)
{DSA-1983-1}
- wireshark 1.2.6-1
CVE-2010-0303 [hybserv DoS via commands]
@@ -541,18 +697,20 @@
RESERVED
CVE-2010-0296
RESERVED
-CVE-2010-0295 [lighttpd denial-of-service]
- RESERVED
+CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read ...)
{DSA-1987-1}
- lighttpd <unfixed> (medium)
CVE-2010-0294 [chrony syslog limit disc fill DoS]
RESERVED
+ {DSA-1992-1}
- chrony <unfixed> (low)
CVE-2010-0293 [chrony many client memory exhaustian DoS]
RESERVED
+ {DSA-1992-1}
- chrony <unfixed> (low)
CVE-2010-0292 [chrony cmdmon network DoS]
RESERVED
+ {DSA-1992-1}
- chrony <unfixed> (medium)
CVE-2010-0291
RESERVED
@@ -852,8 +1010,8 @@
RESERVED
CVE-2010-0186
RESERVED
-CVE-2010-0185
- RESERVED
+CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not restrict ...)
+ TODO: check
CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO ...)
NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent
CVE-2010-0183
@@ -906,7 +1064,7 @@
RESERVED
CVE-2010-0159
RESERVED
-CVE-2010-0158 (SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin ...)
+CVE-2010-0158 (** DISPUTED ** ...)
NOT-FOR-US: JoomlaBamboo (JB) Simpla Admin template
CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy) ...)
NOT-FOR-US: component for Joomla!
@@ -1250,7 +1408,7 @@
NOT-FOR-US: iManager
CVE-2009-4485
RESERVED
-CVE-2009-4484 (Buffer overflow in the server in MySQL 5.0.51a on Linux allows remote ...)
+CVE-2009-4484 (Multiple stack-based buffer overflows in the CertDecoder::GetName ...)
- mysql-dfsg-5.0 <removed> (medium)
- mysql-dfsg-5.1 5.1.41-4 (medium)
TODO: check yassl and other packages embedding it
@@ -1764,8 +1922,8 @@
RESERVED
CVE-2010-0039
RESERVED
-CVE-2010-0038
- RESERVED
+CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for ...)
+ TODO: check
CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 ...)
NOT-FOR-US: Apple Mac OS X
CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 ...)
@@ -1832,8 +1990,7 @@
- uzbl 0.0.0~git.20100105-1 (medium)
NOTE: http://www.uzbl.org/news.php?id=22
NOTE: maintainer is aware of it
-CVE-2010-0010 [Apache httpd 1.3 mod_proxy integer overflow on 64bit archs]
- RESERVED
+CVE-2010-0010 (Integer overflow in the ap_proxy_send_fb function in ...)
- apache <unfixed> (low)
NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server,
NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse
@@ -2233,8 +2390,8 @@
NOT-FOR-US: Apple Safari
CVE-2009-4185
RESERVED
-CVE-2009-4184
- RESERVED
+CVE-2009-4184 (Unspecified vulnerability in HP Enterprise Cluster Master Toolkit ...)
+ TODO: check
CVE-2009-4183 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 ...)
TODO: check
CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a ...)
@@ -2692,16 +2849,13 @@
- ircd-ratbox 3.0.6.dfsg-1 (medium; bug #567191)
- ircd-hybrid <unfixed> (medium; bug #567192)
- oftc-hybrid <unfixed> (medium; bug #567193)
-CVE-2009-4015
- RESERVED
+CVE-2009-4015 (Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x ...)
{DSA-1979-1}
- lintian 2.3.2 (medium)
-CVE-2009-4014
- RESERVED
+CVE-2009-4014 (Multiple format string vulnerabilities in Lintian 1.23.x through ...)
{DSA-1979-1}
- lintian 2.3.2 (medium)
-CVE-2009-4013
- RESERVED
+CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x through ...)
{DSA-1979-1}
- lintian 2.3.2 (medium)
CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow ...)
@@ -2759,8 +2913,7 @@
RESERVED
CVE-2009-3990
RESERVED
-CVE-2009-3989 [bugzilla possible information leak]
- RESERVED
+CVE-2009-3989 (Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and ...)
- bugzilla <unfixed> (unimportant)
NOTE: http://www.bugzilla.org/security/3.0.10/
CVE-2009-3988
@@ -4045,7 +4198,7 @@
[etch] - puppet <no-dsa> (minor issue)
[lenny] - puppet <no-dsa> (minor issue)
CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote ...)
- {DSA-1948-1}
+ {DSA-1992-1 DSA-1948-1}
- ntp 1:4.2.4p8+dfsg-1 (medium; bug #560074)
CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 ...)
NOT-FOR-US: Xerver HTTP Server
@@ -4543,8 +4696,7 @@
- liboggplay <unfixed>
- xulrunner 1.9.1.6-1
[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
-CVE-2009-3387 [bugzilla information leak when moving a bug between products]
- RESERVED
+CVE-2009-3387 (Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group ...)
- bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
TODO: Check when a current Bugzilla is uploaded
CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 ...)
@@ -5767,8 +5919,8 @@
NOT-FOR-US: Nuked-Klan
CVE-2009-3036
RESERVED
-CVE-2009-3035
- RESERVED
+CVE-2009-3035 (The web console in Symantec Altiris Notification Server 6.0.x before ...)
+ TODO: check
CVE-2009-3034
RESERVED
CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS Console ...)
More information about the Secure-testing-commits
mailing list