[Secure-testing-commits] r14155 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Feb 25 21:14:56 UTC 2010
Author: joeyh
Date: 2010-02-25 21:14:52 +0000 (Thu, 25 Feb 2010)
New Revision: 14155
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-25 03:29:31 UTC (rev 14154)
+++ data/CVE/list 2010-02-25 21:14:52 UTC (rev 14155)
@@ -1,3 +1,33 @@
+CVE-2010-0704 (Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM ...)
+ TODO: check
+CVE-2010-0703 (Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL ...)
+ TODO: check
+CVE-2010-0702 (SQL injection vulnerability in cisco/services/PhonecDirectory.php in ...)
+ TODO: check
+CVE-2010-0701 (SQL injection vulnerability in ForceChangePassword.jsp in Newgen ...)
+ TODO: check
+CVE-2010-0700 (Cross-site scripting (XSS) vulnerability in index.php in WampServer ...)
+ TODO: check
+CVE-2010-0699 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+ TODO: check
+CVE-2010-0698 (SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC ...)
+ TODO: check
+CVE-2010-0697 (Cross-site scripting (XSS) vulnerability in the iTweak Upload module ...)
+ TODO: check
+CVE-2010-0696 (Directory traversal vulnerability in includes/download.php in the ...)
+ TODO: check
+CVE-2010-0695 (Cross-site scripting (XSS) vulnerability in pages/index.php in ...)
+ TODO: check
+CVE-2010-0694 (SQL injection vulnerability in the PerchaGallery (com_perchagallery) ...)
+ TODO: check
+CVE-2010-0693 (SQL injection vulnerability in products.php in CommodityRentals Trade ...)
+ TODO: check
+CVE-2010-0692 (SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) ...)
+ TODO: check
+CVE-2010-0691 (SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows ...)
+ TODO: check
+CVE-2010-0690 (SQL injection vulnerability in index.php in CommodityRentals Video ...)
+ TODO: check
CVE-2010-0689
RESERVED
CVE-2010-0688
@@ -6,14 +36,14 @@
RESERVED
CVE-2010-0686
RESERVED
-CVE-2010-0685
- RESERVED
+CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source ...)
+ TODO: check
CVE-2010-0684
RESERVED
CVE-2010-0683
RESERVED
-CVE-2010-0682
- RESERVED
+CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...)
+ TODO: check
CVE-2010-XXXX [multiple typo issues]
- typo3-src <unfixed> (bug #571151)
CVE-2010-0681 (ZeusCMS 0.2 stores sensitive information under the web root with ...)
@@ -144,8 +174,8 @@
NOT-FOR-US: Cisco Collaboration Server
CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Cisco Collaboration Server
-CVE-2010-0640
- RESERVED
+CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance ...)
+ TODO: check
CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 ...)
TODO: check
CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 ...)
@@ -214,8 +244,8 @@
RESERVED
CVE-2010-0621
RESERVED
-CVE-2010-0620
- RESERVED
+CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase ...)
+ TODO: check
CVE-2010-0619
RESERVED
CVE-2010-0618
@@ -718,25 +748,21 @@
RESERVED
- sudo <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
-CVE-2010-0426 [sudoedit arbitrary code execution]
- RESERVED
+CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a ...)
- sudo <unfixed> (bug #570737)
NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0425
RESERVED
CVE-2010-0424
RESERVED
-CVE-2010-0423 [pidgin remote denial-of-service]
- RESERVED
+CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a ...)
- pidgin 2.6.6-1 (low)
-CVE-2010-0422 [another gnome-screensaver issue]
- RESERVED
+CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize ...)
- gnome-screensaver 2.28.3-1
[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0421
RESERVED
-CVE-2010-0420 [pidgin crash]
- RESERVED
+CVE-2010-0420 (libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user ...)
- pidgin 2.6.6-1 (low)
CVE-2010-0419
RESERVED
@@ -756,8 +782,8 @@
[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0413
RESERVED
-CVE-2010-0412
- RESERVED
+CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of ...)
+ TODO: check
CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) ...)
- systemtap <unfixed> (low; bug #568809)
[lenny] - systemtap <not-affected> (Vulnerable code not present)
@@ -1226,8 +1252,7 @@
- typo3-src 4.3.1-1 (bug #567163)
[lenny] - typo3-src <not-affected> (Only affects 4.3.x)
NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/
-CVE-2010-0285 [gnome screensaver not locking second screen]
- RESERVED
+CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the ...)
- gnome-screensaver <unfixed> (low)
NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=593616
@@ -1279,7 +1304,7 @@
NOT-FOR-US: PHP Inventory
CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows ...)
NOT-FOR-US: PHP Inventory
-CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and ...)
+CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, ...)
- pidgin 2.6.6-1 (low; bug #566775)
CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for ...)
NOT-FOR-US: IBM Lotus iNotes
@@ -1487,8 +1512,8 @@
RESERVED
CVE-2010-0190
RESERVED
-CVE-2010-0189
- RESERVED
+CVE-2010-0189 (Unspecified vulnerability in Adobe Download Manager allows remote ...)
+ TODO: check
CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...)
NOT-FOR-US: Adobe Reader
CVE-2010-0187 (Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 ...)
@@ -1582,12 +1607,12 @@
NOT-FOR-US: Cisco
CVE-2010-0149 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...)
NOT-FOR-US: Cisco
-CVE-2010-0148
- RESERVED
-CVE-2010-0147
- RESERVED
-CVE-2010-0146
- RESERVED
+CVE-2010-0148 (Unspecified vulnerability in Cisco Security Agent 5.2 before ...)
+ TODO: check
+CVE-2010-0147 (SQL injection vulnerability in the Management Center for Cisco ...)
+ TODO: check
+CVE-2010-0146 (Directory traversal vulnerability in the Management Center for Cisco ...)
+ TODO: check
CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco ...)
NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the ...)
@@ -1641,10 +1666,10 @@
RESERVED
CVE-2010-0120
RESERVED
-CVE-2010-0119
- RESERVED
-CVE-2010-0118
- RESERVED
+CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, ...)
+ TODO: check
+CVE-2010-0118 (Bournal before 1.4.1 allows local users to overwrite arbitrary files ...)
+ TODO: check
CVE-2010-0117
RESERVED
CVE-2010-0116
@@ -1755,10 +1780,10 @@
RESERVED
CVE-2010-0109
RESERVED
-CVE-2010-0108 (Buffer overflow in an ActiveX control in the Symantec Client Proxy ...)
+CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the ...)
NOT-FOR-US: Symantec AntiVirus
-CVE-2010-0107
- RESERVED
+CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 ...)
+ TODO: check
CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before ...)
NOT-FOR-US: Symantec AntiVirus
CVE-2010-0105
@@ -6423,8 +6448,8 @@
NOT-FOR-US: onlinetools.org EasyImageCatalogue
CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan ...)
NOT-FOR-US: Nuked-Klan
-CVE-2009-3036
- RESERVED
+CVE-2009-3036 (Cross-site scripting (XSS) vulnerability in the console in Symantec IM ...)
+ TODO: check
CVE-2009-3035 (The web console in Symantec Altiris Notification Server 6.0.x before ...)
NOT-FOR-US: Symantec Altiris Notification Server
CVE-2009-3034
More information about the Secure-testing-commits
mailing list