[Secure-testing-commits] r13829 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Jan 15 21:14:19 UTC 2010 

Author: joeyh
Date: 2010-01-15 21:14:19 +0000 (Fri, 15 Jan 2010)
New Revision: 13829

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-15 20:19:46 UTC (rev 13828)
+++ data/CVE/list	2010-01-15 21:14:19 UTC (rev 13829)
@@ -1,3 +1,87 @@
+CVE-2010-0350 (Directory traversal vulnerability in the Photo Book (goof_fotoboek) ...)
+	TODO: check
+CVE-2010-0349 (Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 ...)
+	TODO: check
+CVE-2010-0348 (Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and ...)
+	TODO: check
+CVE-2010-0347 (Cross-site scripting (XSS) vulnerability in the VD / Geomap ...)
+	TODO: check
+CVE-2010-0346 (Cross-site scripting (XSS) vulnerability in the Tip many friends ...)
+	TODO: check
+CVE-2010-0345 (Cross-site scripting (XSS) vulnerability in the Majordomo extension ...)
+	TODO: check
+CVE-2010-0344 (SQL injection vulnerability in the zak_store_management extension ...)
+	TODO: check
+CVE-2010-0343 (SQL injection vulnerability in the Clan Users List (pb_clanlist) ...)
+	TODO: check
+CVE-2010-0342 (SQL injection vulnerability in the Reports for Job (job_reports) ...)
+	TODO: check
+CVE-2010-0341 (SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) ...)
+	TODO: check
+CVE-2010-0340 (SQL injection vulnerability in the MJS Event Pro (mjseventpro) ...)
+	TODO: check
+CVE-2010-0339 (SQL injection vulnerability in the User Links (vm19_userlinks) ...)
+	TODO: check
+CVE-2010-0338 (SQL injection vulnerability in the TT_Products editor (ttpedit) ...)
+	TODO: check
+CVE-2010-0337 (SQL injection vulnerability in the tt_news Mail alert ...)
+	TODO: check
+CVE-2010-0336 (Unspecified vulnerability in the kiddog_mysqldumper ...)
+	TODO: check
+CVE-2010-0335 (Cross-site scripting (XSS) vulnerability in the Vote rank for news ...)
+	TODO: check
+CVE-2010-0334 (SQL injection vulnerability in the Vote rank for news ...)
+	TODO: check
+CVE-2010-0333 (SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 ...)
+	TODO: check
+CVE-2010-0332 (SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) ...)
+	TODO: check
+CVE-2010-0331 (Cross-site scripting (XSS) vulnerability in the TV21 Talkshow ...)
+	TODO: check
+CVE-2010-0330 (SQL injection vulnerability in the Googlemaps for tt_news ...)
+	TODO: check
+CVE-2010-0329 (SQL injection vulnerability in the powermail extension 1.5.1 and ...)
+	TODO: check
+CVE-2010-0328 (Cross-site scripting (XSS) vulnerability in the Unit Converter ...)
+	TODO: check
+CVE-2010-0327 (Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox ...)
+	TODO: check
+CVE-2010-0326 (Cross-site scripting (XSS) vulnerability in the Developer log (devlog) ...)
+	TODO: check
+CVE-2010-0325 (Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) ...)
+	TODO: check
+CVE-2010-0324 (SQL injection vulnerability in the Customer Reference List (ref_list) ...)
+	TODO: check
+CVE-2010-0323 (Unspecified vulnerability in the Photo Book (goof_fotoboek) extension ...)
+	TODO: check
+CVE-2010-0322 (SQL injection vulnerability in the init function in MK-AnydropdownMenu ...)
+	TODO: check
+CVE-2010-0321 (Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit ...)
+	TODO: check
+CVE-2010-0320 (Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter ...)
+	TODO: check
+CVE-2010-0319 (Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 ...)
+	TODO: check
+CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, ...)
+	TODO: check
+CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote ...)
+	TODO: check
+CVE-2010-0315 (Google Chrome allows remote attackers to discover a redirect's target ...)
+	TODO: check
+CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target ...)
+	TODO: check
+CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System ...)
+	TODO: check
+CVE-2010-0312 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server ...)
+	TODO: check
+CVE-2010-0311 (Unspecified vulnerability in Sun Java System Identity Manager (aka ...)
+	TODO: check
+CVE-2010-0310 (Trusted Extensions in Sun Solaris 10 allows local users to gain ...)
+	TODO: check
+CVE-2009-4613 (SQL injection vulnerability in realestate20/loginaction.php in NetArt ...)
+	TODO: check
 CVE-2010-XXXX [zend framework multiple issues]
 	- zendframework 1.9.7-1
 	NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06
@@ -74,8 +158,7 @@
 	RESERVED
 CVE-2010-0281
 	RESERVED
-CVE-2010-0280 [lib3ds memory corruption]
-	RESERVED
+CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in ...)
 	- lib3ds <unfixed> (medium)
 	NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability
 	TODO: check affected versions and file bug
@@ -168,8 +251,8 @@
 	RESERVED
 CVE-2010-0250
 	RESERVED
-CVE-2010-0249
-	RESERVED
+CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, ...)
+	TODO: check
 CVE-2010-0248
 	RESERVED
 CVE-2010-0247
@@ -326,8 +409,8 @@
 	RESERVED
 CVE-2010-0185
 	RESERVED
-CVE-2010-0184
-	RESERVED
+CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO ...)
+	TODO: check
 CVE-2010-0183
 	RESERVED
 CVE-2010-0182
@@ -1081,8 +1164,7 @@
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in ...)
 	NOT-FOR-US: Winamp
-CVE-2009-4355 [openssl/mod_ssl/php-curl memory leak]
-	RESERVED
+CVE-2009-4355 (Memory leak in the zlib_stateful_finish function in ...)
 	{DSA-1970-1}
 	- openssl <unfixed> (low)
 	[etch] - openssl <not-affected> (affects only 0.9.8f and later)
@@ -1270,12 +1352,11 @@
 	RESERVED
 CVE-2010-0016
 	RESERVED
-CVE-2010-0015 [nis users shadow password leakage]
-	RESERVED
+CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 ...)
 	- eglibc 2.10.2-4 (medium; bug #560333)
 	- glibc <removed> (medium)
-CVE-2010-0014
-	RESERVED
+CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the krb5 ...)
+	TODO: check
 CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol plugin ...)
 	- pidgin 2.6.5-1 (medium; bug #563206)
 	[lenny] - pidgin <not-affected> (vulnerable code not present)
@@ -1320,8 +1401,7 @@
 	RESERVED
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
-CVE-2010-0002 [mandriva bash issue]
-	RESERVED
+CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for ...)
 	- bash <not-affected> (mandriva-specific packaging issue)
 CVE-2010-0001
 	RESERVED
@@ -1680,8 +1760,8 @@
 	RESERVED
 CVE-2009-4183
 	RESERVED
-CVE-2009-4182
-	RESERVED
+CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a ...)
+	TODO: check
 CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network ...)
 	NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network ...)
@@ -2132,6 +2212,7 @@
 	RESERVED
 CVE-2009-4012 [libthai integer overflow]
 	RESERVED
+	{DSA-1971-1}
 	- libthai 0.1.13-1
 CVE-2009-4011 [dtc-xen race condition]
 	RESERVED

More information about the Secure-testing-commits mailing list