[Secure-testing-commits] r14287 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Mar 17 21:14:27 UTC 2010
Author: joeyh
Date: 2010-03-17 21:14:27 +0000 (Wed, 17 Mar 2010)
New Revision: 14287
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-17 15:26:44 UTC (rev 14286)
+++ data/CVE/list 2010-03-17 21:14:27 UTC (rev 14287)
@@ -1,3 +1,49 @@
+CVE-2010-0985 (Directory traversal vulnerability in the Abbreviations Manager ...)
+ TODO: check
+CVE-2010-0984 (Acidcat CMS 3.5.3 and earlier stores sensitive information under the ...)
+ TODO: check
+CVE-2010-0983 (PHP remote file inclusion vulnerability in include/mail.inc.php in ...)
+ TODO: check
+CVE-2010-0982 (Directory traversal vulnerability in the CARTwebERP (com_cartweberp) ...)
+ TODO: check
+CVE-2010-0981 (SQL injection vulnerability in the TPJobs (com_tpjobs) component for ...)
+ TODO: check
+CVE-2010-0980 (SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats ...)
+ TODO: check
+CVE-2010-0979 (Cross-site scripting (XSS) vulnerability in display.php in ...)
+ TODO: check
+CVE-2010-0978 (KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under ...)
+ TODO: check
+CVE-2010-0977 (PD PORTAL 4.0 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2010-0976 (Acidcat CMS 3.5.x does not prevent access to install.asp after ...)
+ TODO: check
+CVE-2010-0975 (PHP remote file inclusion vulnerability in external.php in ...)
+ TODO: check
+CVE-2010-0974 (Multiple SQL injection vulnerabilities in PHPCityPortal allow remote ...)
+ TODO: check
+CVE-2010-0973 (SQL injection vulnerability in index.php in phppool media Domain ...)
+ TODO: check
+CVE-2010-0972 (Directory traversal vulnerability in the GCalendar (com_gcalendar) ...)
+ TODO: check
+CVE-2010-0971 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 ...)
+ TODO: check
+CVE-2010-0970 (SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows ...)
+ TODO: check
+CVE-2010-0968 (SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 ...)
+ TODO: check
+CVE-2010-0967 (Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, ...)
+ TODO: check
+CVE-2010-0966 (PHP remote file inclusion vulnerability in inc/config.php in deV!L`z ...)
+ TODO: check
+CVE-2010-0965 (Jevci Siparis Formu Scripti stores sensitive information under the web ...)
+ TODO: check
+CVE-2010-0964 (SQL injection vulnerability in start.php in Eros Webkatalog allows ...)
+ TODO: check
+CVE-2010-0963 (Cross-site scripting (XSS) vulnerability in index.php in dl Download ...)
+ TODO: check
+CVE-2007-6733 (The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does ...)
+ TODO: check
CVE-2010-XXXX [ikiwiki htmlscrubber XSS via svg images]
- ikiwiki 3.20100312 (low)
NOTE: CVE id requested on oss-sec
@@ -43,7 +89,7 @@
NOT-FOR-US: SkaDate Dating
CVE-2009-4698 (Multiple SQL injection vulnerabilities in the Qas (aka Quas) module ...)
NOT-FOR-US: XOOPS Celepar
-CVE-2010-0969 [unbound DoS on 64 bit platforms]
+CVE-2010-0969 (Unbound before 1.4.3 does not properly align structures on 64-bit ...)
- unbound 1.4.3-1
[lenny] - unbound <not-affected> (Vulnerable code not present)
CVE-2010-XXXX [moin: hierarchical ACLs security issue]
@@ -538,8 +584,8 @@
NOT-FOR-US: Joomla!
CVE-2010-0794
RESERVED
-CVE-2010-0793
- RESERVED
+CVE-2010-0793 (Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to ...)
+ TODO: check
CVE-2010-0792 (fcrontab in fcron before 3.0.5 allows local users to read arbitrary ...)
- fcron <unfixed> (low; bug #572587)
[lenny] - fcron <no-dsa> (Minor issue)
@@ -678,13 +724,13 @@
RESERVED
CVE-2010-0730
RESERVED
-CVE-2010-0729
- RESERVED
+CVE-2010-0729 (A certain Red Hat patch for the Linux kernel in Red Hat Enterprise ...)
+ TODO: check
CVE-2010-0728 (smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is ...)
- samba 2:3.4.7~dfsg-1 (high)
[lenny] - samba <not-affected> (Only affects 3.3.11, 3.4.6 and 3.5.0)
-CVE-2010-0727
- RESERVED
+CVE-2010-0727 (The gfs2_lock function in the Linux kernel before ...)
+ TODO: check
CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack ...)
{DSA-2009-1}
- tdiary 2.2.1-1.1 (low; bug #572417)
@@ -1596,8 +1642,7 @@
RESERVED
CVE-2010-0398
RESERVED
-CVE-2010-0397 [null pointer dereference in PHP's xmlrpc extension]
- RESERVED
+CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing ...)
- php5 5.3.2-1 (medium; bug #573573)
NOTE: sent mail to oss-sec notifying about the id
CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component in dpkg ...)
More information about the Secure-testing-commits
mailing list