[Secure-testing-commits] r14169 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Mar 1 21:14:36 UTC 2010
Author: joeyh
Date: 2010-03-01 21:14:35 +0000 (Mon, 01 Mar 2010)
New Revision: 14169
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-01 18:34:30 UTC (rev 14168)
+++ data/CVE/list 2010-03-01 21:14:35 UTC (rev 14169)
@@ -1,48 +1,126 @@
-CVE-2010-0725
+CVE-2010-0760 (Multiple directory traversal vulnerabilities in the Core Design ...)
+ TODO: check
+CVE-2010-0759 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2010-0758 (SQL injection vulnerability in news_desc.php in Softbiz Jobs allows ...)
+ TODO: check
+CVE-2010-0757 (Unrestricted file upload vulnerability in index.php/Attach in WikyBlog ...)
+ TODO: check
+CVE-2010-0756 (Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote ...)
+ TODO: check
+CVE-2010-0755 (PHP remote file inclusion vulnerability in include/WBmap.php in ...)
+ TODO: check
+CVE-2010-0754 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2010-0753 (SQL injection vulnerability in the SQL Reports (com_sqlreport) ...)
+ TODO: check
+CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type module ...)
+ TODO: check
+CVE-2010-0751
+ RESERVED
+CVE-2010-0750
+ RESERVED
+CVE-2010-0749
+ RESERVED
+CVE-2010-0748
+ RESERVED
+CVE-2010-0747
+ RESERVED
+CVE-2010-0746
+ RESERVED
+CVE-2010-0745
+ RESERVED
+CVE-2010-0744
+ RESERVED
+CVE-2010-0743
+ RESERVED
+CVE-2010-0742
+ RESERVED
+CVE-2010-0741
+ RESERVED
+CVE-2010-0740
+ RESERVED
+CVE-2010-0739
+ RESERVED
+CVE-2010-0738
+ RESERVED
+CVE-2010-0737
+ RESERVED
+CVE-2010-0736
+ RESERVED
+CVE-2010-0735
+ RESERVED
+CVE-2010-0734
+ RESERVED
+CVE-2010-0733
+ RESERVED
+CVE-2010-0732
+ RESERVED
+CVE-2010-0731
+ RESERVED
+CVE-2010-0730
+ RESERVED
+CVE-2010-0729
+ RESERVED
+CVE-2010-0728
+ RESERVED
+CVE-2010-0727
+ RESERVED
+CVE-2010-0726
+ RESERVED
+CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in ...)
+ TODO: check
+CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in ...)
+ TODO: check
+CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 ...)
+ TODO: check
+CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 ...)
+ TODO: check
+CVE-2010-0725 (Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart ...)
NOT-FOR-US: Arab Cart
-CVE-2010-0724
+CVE-2010-0724 (SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows ...)
NOT-FOR-US: Arab Cart
-CVE-2010-0723
+CVE-2010-0723 (SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 ...)
NOT-FOR-US: Ero Auktion
-CVE-2010-0722
+CVE-2010-0722 (SQL injection vulnerability in news.php in Php Auktion Pro allows ...)
NOT-FOR-US: Php Auktion Pro
-CVE-2010-0721
+CVE-2010-0721 (SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 ...)
NOT-FOR-US: Auktionshaus Gelb
-CVE-2010-0720
+CVE-2010-0720 (SQL injection vulnerability in news.php in Erotik Auktionshaus allows ...)
NOT-FOR-US: Erotik Auktionshaus
-CVE-2010-0719
+CVE-2010-0719 (An unspecified API in Microsoft Windows 2000, Windows XP, Windows ...)
NOT-FOR-US: Microsoft
-CVE-2010-0718
+CVE-2010-0718 (Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 ...)
NOT-FOR-US: Microsoft
-CVE-2010-0716
+CVE-2010-0716 (_layouts/Upload.aspx in the Documents module in Microsoft SharePoint ...)
NOT-FOR-US: Microsoft
-CVE-2010-0715
+CVE-2010-0715 (Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2010-0714
+CVE-2010-0714 (Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2010-0713
+CVE-2010-0713 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss ...)
NOT-FOR-US: Zenoss
-CVE-2010-0712
+CVE-2010-0712 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: Zenoss
-CVE-2010-0711
+CVE-2010-0711 (Cross-site request forgery (CSRF) vulnerability in default.asp in ...)
NOT-FOR-US: ASPCode CMS
-CVE-2010-0710
+CVE-2010-0710 (SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 ...)
NOT-FOR-US: ASPCode CMS
-CVE-2010-0709
+CVE-2010-0709 (Multiple cross-site request forgery (CSRF) vulnerabilities in Limny ...)
NOT-FOR-US: Limny
-CVE-2010-0708
+CVE-2010-0708 (Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe ...)
NOT-FOR-US: Sun Directory Server Enterprise Edition
-CVE-2010-0707
+CVE-2010-0707 (Cross-site request forgery (CSRF) vulnerability in add_user.php in ...)
NOT-FOR-US: Employee Timeclock Software
-CVE-2010-0706
+CVE-2010-0706 (Cross-site scripting (XSS) vulnerability in the login/prompt component ...)
NOT-FOR-US: Subex Nikira Fraud Management System
-CVE-2010-0705
+CVE-2010-0705 (Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 ...)
NOT-FOR-US: Windows 2000
-CVE-2009-4655
+CVE-2009-4655 (The dhost web service in Novell eDirectory 8.8.5 uses a predictable ...)
NOT-FOR-US: Novell eDirectory
-CVE-2009-4654
+CVE-2009-4654 (Stack-based buffer overflow in the dhost module in Novell eDirectory ...)
NOT-FOR-US: Novell eDirectory
-CVE-2009-4653
+CVE-2009-4653 (Stack-based buffer overflow in the dhost module in Novell eDirectory ...)
NOT-FOR-US: Novell eDirectory
CVE-2010-0704 (Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM ...)
NOT-FOR-US: IBM WebSphere Portal
@@ -74,8 +152,7 @@
NOT-FOR-US: JTL-Shop
CVE-2010-0690 (SQL injection vulnerability in index.php in CommodityRentals Video ...)
NOT-FOR-US: CommodityRentals Video Games Rentals
-CVE-2010-0689
- RESERVED
+CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control ...)
NOT-FOR-US: ActiveX
CVE-2010-0688
RESERVED
@@ -87,8 +164,7 @@
TODO: check
CVE-2010-0684
RESERVED
-CVE-2010-0683
- RESERVED
+CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...)
NOT-FOR-US: TIBCO Administrator
CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...)
TODO: check
@@ -121,12 +197,12 @@
NOT-FOR-US: KR MEDIA Pogodny CMS
CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) ...)
NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component
-CVE-2010-0669
- RESERVED
-CVE-2010-0668
- RESERVED
-CVE-2010-0667
- RESERVED
+CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly ...)
+ TODO: check
+CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x ...)
+ TODO: check
+CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of ...)
+ TODO: check
CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch ...)
NOT-FOR-US: Novell eDirectory
CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information under ...)
@@ -147,8 +223,8 @@
NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows remote ...)
NOT-FOR-US: Accellion Secure File Transfer Appliance
-CVE-2005-4886
- RESERVED
+CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...)
+ TODO: check
CVE-2010-XXXX [konversation DoS]
- konversation 1.2.3-1 (low)
NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
@@ -426,7 +502,7 @@
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel ...)
- {DSA-2004-1 DSA-2003-1}
+ {DSA-2005-1 DSA-2003-1}
- linux-2.6 2.6.32-9
- linux-2.6.24 <removed>
CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in ...)
@@ -797,8 +873,7 @@
RESERVED
CVE-2010-0428
RESERVED
-CVE-2010-0427 [sudo fails to reset cached groups]
- RESERVED
+CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is used, ...)
- sudo <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a ...)
@@ -806,8 +881,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0425
RESERVED
-CVE-2010-0424
- RESERVED
+CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) ...)
+ TODO: check
CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a ...)
- pidgin 2.6.6-1 (low)
CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize ...)
@@ -826,7 +901,7 @@
CVE-2010-0416 (Buffer overflow in the Unescape function in common/util/hxurl.cpp and ...)
TODO: check
CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel before ...)
- {DSA-2004-1 DSA-2003-1 DSA-1996-1}
+ {DSA-2005-1 DSA-2003-1 DSA-1996-1}
- linux-2.6 2.6.32-8
- linux-2.6.24 <removed>
CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers ...)
@@ -843,7 +918,7 @@
[etch] - systemtap <no-dsa> (Minor issue)
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before 2.6.32.8 ...)
- {DSA-2004-1 DSA-2003-1 DSA-1996-1}
+ {DSA-2005-1 DSA-2003-1 DSA-1996-1}
- linux-2.6 2.6.32-8
- linux-2.6.24 <removed>
NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7
@@ -1280,7 +1355,7 @@
{DSA-1992-1}
- chrony 1.23-7 (medium)
CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain privileges ...)
- {DSA-2004-1 DSA-1996-1}
+ {DSA-2005-1 DSA-1996-1}
- linux-2.6 2.6.32-6
CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...)
- bind9 <unfixed>
@@ -1565,7 +1640,7 @@
RESERVED
CVE-2010-0190
RESERVED
-CVE-2010-0189 (Unspecified vulnerability in Adobe Download Manager allows remote ...)
+CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager ...)
NOT-FOR-US: Adobe Download Manager
CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...)
NOT-FOR-US: Adobe Reader
@@ -1861,7 +1936,7 @@
CVE-2010-0096
RESERVED
CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel ...)
- {DSA-2004-1 DSA-1996-1}
+ {DSA-2005-1 DSA-1996-1}
- linux-2.6 2.6.32-6 (low; bug #564114)
[etch] - linux-2.6 <not-affected> (does not have e1000e driver)
- linux-2.6.24 <removed> (low)
@@ -1870,7 +1945,7 @@
- linux-2.6 <unfixed> (medium; bug #564110)
- linux-2.6.24 <removed> (medium)
CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel ...)
- {DSA-2004-1 DSA-2003-1 DSA-1996-1}
+ {DSA-2005-1 DSA-2003-1 DSA-1996-1}
- linux-2.6 2.6.32-6 (low; bug #564114)
- linux-2.6.24 <removed> (low)
CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...)
@@ -2566,8 +2641,7 @@
TODO: check affected versions
NOTE: http://trac.transmissionbt.com/changeset/9829/
NOTE: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/500625
-CVE-2010-0011 [remote code execution through the "run" function]
- RESERVED
+CVE-2010-0011 (The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes ...)
- uzbl 0.0.0~git.20100105-1 (medium)
NOTE: http://www.uzbl.org/news.php?id=22
NOTE: maintainer is aware of it
@@ -2581,7 +2655,7 @@
CVE-2010-0008
RESERVED
CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...)
- {DSA-2004-1 DSA-2003-1 DSA-1996-1}
+ {DSA-2005-1 DSA-2003-1 DSA-1996-1}
- linux-2.6 2.6.32-6
- linux-2.6.24 <removed>
CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...)
@@ -2596,7 +2670,7 @@
- viewvc <unfixed>
TODO: check
CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel ...)
- {DSA-2004-1 DSA-1996-1}
+ {DSA-2005-1 DSA-1996-1}
- linux-2.6 2.6.32-6
[etch] - linux-2.6 <not-affected> (does not have print-fatal-signals)
- linux-2.6.24 <removed>
@@ -2638,7 +2712,7 @@
CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for Windows ...)
NOT-FOR-US: Microsoft
CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 ...)
- {DSA-2004-1}
+ {DSA-2005-1}
- linux-2.6 2.6.32-1 (medium)
[etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19)
[lenny] - linux-2.6 2.6.26-21
@@ -3075,7 +3149,7 @@
CVE-2009-4139
RESERVED
CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when ...)
- {DSA-2004-1}
+ {DSA-2005-1}
- linux-2.6 2.6.32-3 (medium)
[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
[lenny] - linux-2.6 2.6.26-21
@@ -3407,7 +3481,7 @@
NOTE: Only affects installations with trust anchors, but then the
NOTE: consequences are quite severe.
CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel ...)
- {DSA-2004-1 DSA-2003-1}
+ {DSA-2005-1 DSA-2003-1}
- linux-2.6 2.6.32-3 (medium)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
@@ -3462,7 +3536,7 @@
CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...)
NOT-FOR-US: Serv-U FTP server
CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...)
- {DSA-2004-1 DSA-2003-1}
+ {DSA-2005-1 DSA-2003-1}
- linux-2.6 2.6.32-1 (low)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (low)
@@ -3587,13 +3661,13 @@
NOTE: workarounds include using 5.3.1 or php5-suhosin
NOTE: 4B068517.802 at acunetix.com on bugtraq explains it
CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
- {DSA-2004-1 DSA-2003-1}
+ {DSA-2005-1 DSA-2003-1}
- linux-2.6 2.6.32-1 (medium)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in ...)
- {DSA-2004-1 DSA-2003-1}
+ {DSA-2005-1 DSA-2003-1}
- linux-2.6 2.6.32-1 (low)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (low)
@@ -3771,7 +3845,7 @@
[etch] - wordpress <not-affected> (Vulnerable code not present)
[lenny] - wordpress <not-affected> (Vulnerable code not present)
CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel ...)
- {DSA-2004-1}
+ {DSA-2005-1}
- linux-2.6 2.6.27-1 (low)
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
[lenny] - linux-2.6 2.6.26-21
@@ -4281,7 +4355,7 @@
[lenny] - asterisk <no-dsa> (Minor issue)
[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client ...)
- {DSA-2004-1 DSA-2003-1}
+ {DSA-2005-1 DSA-2003-1}
- linux-2.6 2.6.31-1 (medium)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
@@ -7908,7 +7982,7 @@
CVE-2009-2696
RESERVED
CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent mmap ...)
- {DSA-2004-1 DSA-1915-1}
+ {DSA-2005-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (medium)
[etch] - linux-2.6 <not-affected> (2.6.18 does not have mmap_min_addr)
- linux-2.6.24 <removed> (medium)
@@ -7927,7 +8001,7 @@
- linux-2.6 2.6.30-6 (high; bug #541403)
- linux-2.6.24 <removed>
CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel ...)
- {DSA-2004-1}
+ {DSA-2005-1}
- linux-2.6 2.6.30-7 (low)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed>
More information about the Secure-testing-commits
mailing list