[Secure-testing-commits] r13754 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Jan 7 21:14:20 UTC 2010
Author: joeyh
Date: 2010-01-07 21:14:19 +0000 (Thu, 07 Jan 2010)
New Revision: 13754
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-07 19:58:58 UTC (rev 13753)
+++ data/CVE/list 2010-01-07 21:14:19 UTC (rev 13754)
@@ -1,4 +1,306 @@
-CVE-2010-XXXX (NIS users shadow password leakage)
+CVE-2010-0219
+ RESERVED
+CVE-2010-0218
+ RESERVED
+CVE-2010-0217
+ RESERVED
+CVE-2010-0216
+ RESERVED
+CVE-2010-0215
+ RESERVED
+CVE-2010-0214
+ RESERVED
+CVE-2010-0213
+ RESERVED
+CVE-2010-0212
+ RESERVED
+CVE-2010-0211
+ RESERVED
+CVE-2010-0210
+ RESERVED
+CVE-2010-0209
+ RESERVED
+CVE-2010-0208
+ RESERVED
+CVE-2010-0207
+ RESERVED
+CVE-2010-0206
+ RESERVED
+CVE-2010-0205
+ RESERVED
+CVE-2010-0204
+ RESERVED
+CVE-2010-0203
+ RESERVED
+CVE-2010-0202
+ RESERVED
+CVE-2010-0201
+ RESERVED
+CVE-2010-0200
+ RESERVED
+CVE-2010-0199
+ RESERVED
+CVE-2010-0198
+ RESERVED
+CVE-2010-0197
+ RESERVED
+CVE-2010-0196
+ RESERVED
+CVE-2010-0195
+ RESERVED
+CVE-2010-0194
+ RESERVED
+CVE-2010-0193
+ RESERVED
+CVE-2010-0192
+ RESERVED
+CVE-2010-0191
+ RESERVED
+CVE-2010-0190
+ RESERVED
+CVE-2010-0189
+ RESERVED
+CVE-2010-0188
+ RESERVED
+CVE-2010-0187
+ RESERVED
+CVE-2010-0186
+ RESERVED
+CVE-2010-0185
+ RESERVED
+CVE-2010-0184
+ RESERVED
+CVE-2010-0183
+ RESERVED
+CVE-2010-0182
+ RESERVED
+CVE-2010-0181
+ RESERVED
+CVE-2010-0180
+ RESERVED
+CVE-2010-0179
+ RESERVED
+CVE-2010-0178
+ RESERVED
+CVE-2010-0177
+ RESERVED
+CVE-2010-0176
+ RESERVED
+CVE-2010-0175
+ RESERVED
+CVE-2010-0174
+ RESERVED
+CVE-2010-0173
+ RESERVED
+CVE-2010-0172
+ RESERVED
+CVE-2010-0171
+ RESERVED
+CVE-2010-0170
+ RESERVED
+CVE-2010-0169
+ RESERVED
+CVE-2010-0168
+ RESERVED
+CVE-2010-0167
+ RESERVED
+CVE-2010-0166
+ RESERVED
+CVE-2010-0165
+ RESERVED
+CVE-2010-0164
+ RESERVED
+CVE-2010-0163
+ RESERVED
+CVE-2010-0162
+ RESERVED
+CVE-2010-0161
+ RESERVED
+CVE-2010-0160
+ RESERVED
+CVE-2010-0159
+ RESERVED
+CVE-2010-0158 (SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin ...)
+ TODO: check
+CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy) ...)
+ TODO: check
+CVE-2010-0156
+ RESERVED
+CVE-2010-0155
+ RESERVED
+CVE-2010-0154
+ RESERVED
+CVE-2010-0153
+ RESERVED
+CVE-2010-0152
+ RESERVED
+CVE-2010-0151
+ RESERVED
+CVE-2010-0150
+ RESERVED
+CVE-2010-0149
+ RESERVED
+CVE-2010-0148
+ RESERVED
+CVE-2010-0147
+ RESERVED
+CVE-2010-0146
+ RESERVED
+CVE-2010-0145
+ RESERVED
+CVE-2010-0144
+ RESERVED
+CVE-2010-0143
+ RESERVED
+CVE-2010-0142
+ RESERVED
+CVE-2010-0141
+ RESERVED
+CVE-2010-0140
+ RESERVED
+CVE-2010-0139
+ RESERVED
+CVE-2010-0138
+ RESERVED
+CVE-2010-0137
+ RESERVED
+CVE-2010-0136
+ RESERVED
+CVE-2010-0135
+ RESERVED
+CVE-2010-0134
+ RESERVED
+CVE-2010-0133
+ RESERVED
+CVE-2010-0132
+ RESERVED
+CVE-2010-0131
+ RESERVED
+CVE-2010-0130
+ RESERVED
+CVE-2010-0129
+ RESERVED
+CVE-2010-0128
+ RESERVED
+CVE-2010-0127
+ RESERVED
+CVE-2010-0126
+ RESERVED
+CVE-2010-0125
+ RESERVED
+CVE-2010-0124
+ RESERVED
+CVE-2010-0123
+ RESERVED
+CVE-2010-0122
+ RESERVED
+CVE-2010-0121
+ RESERVED
+CVE-2010-0120
+ RESERVED
+CVE-2010-0119
+ RESERVED
+CVE-2010-0118
+ RESERVED
+CVE-2010-0117
+ RESERVED
+CVE-2010-0116
+ RESERVED
+CVE-2009-4585 (UranyumSoft Listing Service stores sensitive information under the web ...)
+ TODO: check
+CVE-2009-4584 (admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote ...)
+ TODO: check
+CVE-2009-4583 (SQL injection vulnerability in the DhForum (com_dhforum) component for ...)
+ TODO: check
+CVE-2009-4582 (SQL injection vulnerability in detail.php in the Dictionary module for ...)
+ TODO: check
+CVE-2009-4581 (Directory traversal vulnerability in modules/admincp.php in ...)
+ TODO: check
+CVE-2009-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 ...)
+ TODO: check
+CVE-2009-4579 (Cross-site scripting (XSS) vulnerability in the Artist avenue ...)
+ TODO: check
+CVE-2009-4578 (Cross-site scripting (XSS) vulnerability in the Facileforms ...)
+ TODO: check
+CVE-2009-4577 (SQL injection vulnerability in the MDForum module 2.x through 2.07 for ...)
+ TODO: check
+CVE-2009-4576 (SQL injection vulnerability in the BeeHeard (com_beeheard) component ...)
+ TODO: check
+CVE-2009-4575 (Cross-site scripting (XSS) vulnerability in the Q-Personel ...)
+ TODO: check
+CVE-2009-4574 (SQL injection vulnerability in country_escorts.php in I-Escorts ...)
+ TODO: check
+CVE-2009-4573 (Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus ...)
+ TODO: check
+CVE-2009-4572 (Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 ...)
+ TODO: check
+CVE-2009-4571 (Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 ...)
+ TODO: check
+CVE-2009-4570 (Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows ...)
+ TODO: check
+CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows remote ...)
+ TODO: check
+CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and ...)
+ TODO: check
+CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php ...)
+ TODO: check
+CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows ...)
+ TODO: check
+CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character in a ...)
+ TODO: check
+CVE-2009-4564 (SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ...)
+ TODO: check
+CVE-2009-4563 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2009-4562 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in ...)
+ TODO: check
+CVE-2009-4561 (Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague ...)
+ TODO: check
+CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows ...)
+ TODO: check
+CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By module ...)
+ TODO: check
+CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before ...)
+ TODO: check
+CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist module ...)
+ TODO: check
+CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security ...)
+ TODO: check
+CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2009-4554 (Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums ...)
+ TODO: check
+CVE-2009-4553 (Stack-based buffer overflow in iRehearse allows remote attackers to ...)
+ TODO: check
+CVE-2009-4552 (Cross-site scripting (XSS) vulnerability in the Survey Pro module for ...)
+ TODO: check
+CVE-2009-4551 (SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 ...)
+ TODO: check
+CVE-2009-4550 (SQL injection vulnerability in the Kunena Forum (com_kunena) component ...)
+ TODO: check
+CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote ...)
+ TODO: check
+CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk ...)
+ TODO: check
+CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x ...)
+ TODO: check
+CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers ...)
+ TODO: check
+CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in ...)
+ TODO: check
+CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in Cromosoft ...)
+ TODO: check
+CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft ...)
+ TODO: check
+CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support ...)
+ TODO: check
+CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows ...)
+ TODO: check
+CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager ...)
+ TODO: check
+CVE-2010-XXXX
- eglibc 2.10.2-4 (medium; bug #560333)
- glibc <removed> (medium)
CVE-2010-0115
@@ -495,6 +797,7 @@
CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application ...)
+ {DSA-1966-1}
- horde3 3.3.6+debian0-1 (low)
CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users ...)
NOT-FOR-US: IBM AIX
@@ -708,6 +1011,7 @@
NOTE: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
CVE-2010-0012 [transmission directory traversal when processing .torrent files]
RESERVED
+ {DSA-1967-1}
- transmission 1.77-1 (low)
TODO: check affected versions
NOTE: http://trac.transmissionbt.com/changeset/9829/
@@ -1119,7 +1423,7 @@
NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the ...)
NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
-CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in tagcloud.swf in the ...)
+CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as ...)
NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl ...)
NOT-FOR-US: TYPO3 extension
@@ -2335,8 +2639,8 @@
NOTE: might've been fixed earlier
CVE-2009-3735
RESERVED
-CVE-2009-3734
- RESERVED
+CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...)
+ TODO: check
CVE-2009-XXXX [mandos 0600 file being included in initrd]
- mandos 1.0.13-1 (bug #551907)
CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...)
@@ -2489,6 +2793,7 @@
CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 ...)
NOT-FOR-US: PHP-Calendar
CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ {DSA-1966-1}
- horde3 3.3.6+debian0-1 (low)
NOTE: In order to successfully exploit this vulnerability the targeted user has to be logged as an administrator.
CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote ...)
@@ -3790,6 +4095,7 @@
- linux-2.6 2.6.30-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
+ {DSA-1966-1}
- horde3 3.3.5+debian0-1 (low)
[lenny] - horde3 3.2.2+debian0-2+lenny1
NOTE: horde3 issue fixed in backport of latest DSA, DSA however did not fix etch
@@ -6716,7 +7022,7 @@
NOT-FOR-US: NetBSD
CVE-2009-2482 (The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 ...)
NOT-FOR-US: NetBSD OpenPAM
-CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261 when global ...)
+CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261, when global ...)
NOT-FOR-US: Six Apart Movable Type
CVE-2009-2480 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
NOT-FOR-US: Six Apart Movable Type
@@ -19098,7 +19404,7 @@
NOT-FOR-US: Microsoft Office Excel
CVE-2008-4267
RESERVED
-CVE-2008-4266 (Arracy index vulnerability in Microsoft Office Excel 2000 SP3, 2002 ...)
+CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 ...)
NOT-FOR-US: Microsoft Office Excel
CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Office Excel
@@ -70758,7 +71064,7 @@
NOTE: From Chris Gragsone's message on BUGTRAQ:
NOTE: "IPRoute, by David F. Mischler, is PC-based router software
NOTE: "for networks running the Internet Protocol (IP)."
-CVE-2001-1539 (The JavaScript settimeout function in Internet Explorer allows remote ...)
+CVE-2001-1539 (Stack consumption vulnerability in Internet Explorer The JavaScript ...)
NOT-FOR-US: MSIE
CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...)
NOT-FOR-US: SpeedXess HA-120 DSL router
More information about the Secure-testing-commits
mailing list