[Secure-testing-commits] r15013 - data/CVE

Thu Jul 22 09:29:45 UTC 2010

Author: joeyh
Date: 2010-07-22 09:29:42 +0000 (Thu, 22 Jul 2010)
New Revision: 15013

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-07-21 17:36:24 UTC (rev 15012)
+++ data/CVE/list	2010-07-22 09:29:42 UTC (rev 15013)
@@ -1,3 +1,27 @@
+CVE-2010-2772 (Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded ...)
+	TODO: check
+CVE-2010-2771 (solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to ...)
+	TODO: check
+CVE-2009-4945 (AdPeeps 8.5d1 has a default password of admin for the admin account, ...)
+	TODO: check
+CVE-2009-4944 (Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab ...)
+	TODO: check
+CVE-2009-4943 (index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2009-4942 (Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows ...)
+	TODO: check
+CVE-2009-4941 (Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ...)
+	TODO: check
+CVE-2009-4940 (SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier ...)
+	TODO: check
+CVE-2009-4939 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+	TODO: check
+CVE-2009-4938 (SQL injection vulnerability in the JVideo! (com_jvideo) component ...)
+	TODO: check
+CVE-2009-4937 (Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 ...)
+	TODO: check
+CVE-2009-4936 (Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 ...)
+	TODO: check
 CVE-2010-XXXX [mapserver: buffer overflow in msTmpFile()]
 	- mapserver 5.6.4-1 (low)
 	NOTE: CVE id requested
@@ -218,8 +242,8 @@
 	NOT-FOR-US: Orbis CMS
 CVE-2010-2668 (Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet ...)
 	NOT-FOR-US: Adaptive Micro Systems ALPHA Ethernet Adapter
-CVE-2010-2667
-	RESERVED
+CVE-2010-2667 (Multiple unspecified vulnerabilities in the Virtual Appliance ...)
+	TODO: check
 CVE-2010-2666 (Opera before 10.54 on Windows and Mac OS X does not properly enforce ...)
 	NOT-FOR-US: Opera
 CVE-2010-2665 (Cross-site scripting (XSS) vulnerability in Opera before 10.54 on ...)
@@ -476,8 +500,8 @@
 	RESERVED
 CVE-2010-2569
 	RESERVED
-CVE-2010-2568
-	RESERVED
+CVE-2010-2568 (Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 ...)
+	TODO: check
 CVE-2010-2567
 	RESERVED
 CVE-2010-2566
@@ -825,8 +849,8 @@
 	NOT-FOR-US: Splunk
 CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the ...)
 	NOT-FOR-US: Wing FTP Server
-CVE-2010-2427
-	RESERVED
+CVE-2010-2427 (VMware Studio 2.0 does not properly write to temporary files, which ...)
+	TODO: check
 CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River ...)
 	NOT-FOR-US: Titan FTP Server
 CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River ...)
@@ -1150,8 +1174,8 @@
 	RESERVED
 CVE-2009-4898
 	RESERVED
-CVE-2009-4897
-	RESERVED
+CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier ...)
+	TODO: check
 CVE-2009-4896
 	RESERVED
 	{DSA-2073-1}
@@ -1781,10 +1805,10 @@
 	NOTE: set to medium as this might as well expose the db administrator password
 CVE-2010-2057
 	RESERVED
-CVE-2010-2056
-	RESERVED
-CVE-2010-2055
-	RESERVED
+CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary files ...)
+	TODO: check
+CVE-2010-2055 (Ghostscript 8.71 and earlier reads initialization files from the ...)
+	TODO: check
 CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 ...)
 	NOT-FOR-US: SBLIM SFCB
 CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local ...)
@@ -1975,16 +1999,16 @@
 	- postgresql-8.3 <removed> (low)
 CVE-2010-1974
 	REJECTED
-CVE-2010-1973
-	RESERVED
-CVE-2010-1972
-	RESERVED
+CVE-2010-1973 (Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, ...)
+	TODO: check
+CVE-2010-1972 (The default configuration of HP Client Automation (HPCA) Enterprise ...)
+	TODO: check
 CVE-2010-1971 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...)
 	TODO: check
 CVE-2010-1970 (Unspecified vulnerability in HP Insight Software Installer for Windows ...)
 	TODO: check
-CVE-2010-1969
-	RESERVED
+CVE-2010-1969 (Cross-site scripting (XSS) vulnerability in HP Virtual Connect ...)
+	TODO: check
 CVE-2010-1968 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...)
 	TODO: check
 CVE-2010-1967 (Unspecified vulnerability in HP Insight Software Installer for Windows ...)
@@ -2498,8 +2522,7 @@
 	NOTE: http://trac.webkit.org/changeset/57041
 	NOTE: if this is the right commit, then this is a dup of cve-2010-1501
 	TODO: request rejection
-CVE-2010-1766
-	RESERVED
+CVE-2010-1766 (Off-by-one error in the WebSocketHandshake::readServerHandshake ...)
 	- webkit 1.2.1-2
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36339
@@ -13129,7 +13152,7 @@
 	NOT-FOR-US: Mac OS X
 CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain (1) Open ...)
 	NOT-FOR-US: Apple Safari
-CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform the ...)
+CVE-2009-2841 (The HTMLMediaElement::loadResource function in ...)
 	- webkit 1.1.21-1 (medium; bug #559759)
 	NOTE: http://trac.webkit.org/changeset/49480
 	- qt4-x11 4:4.6.2-4 (medium; bug #561760)


