[Secure-testing-commits] r14677 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue May 11 21:14:39 UTC 2010
Author: joeyh
Date: 2010-05-11 21:14:36 +0000 (Tue, 11 May 2010)
New Revision: 14677
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-05-11 19:33:46 UTC (rev 14676)
+++ data/CVE/list 2010-05-11 21:14:36 UTC (rev 14677)
@@ -1,3 +1,107 @@
+CVE-2010-1871
+ RESERVED
+CVE-2010-1870
+ RESERVED
+CVE-2010-1869
+ RESERVED
+CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...)
+ TODO: check
+CVE-2010-1867 (SQL injection vulnerability in the ...)
+ TODO: check
+CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...)
+ TODO: check
+CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and ...)
+ TODO: check
+CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...)
+ TODO: check
+CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...)
+ TODO: check
+CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...)
+ TODO: check
+CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...)
+ TODO: check
+CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...)
+ TODO: check
+CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and ...)
+ TODO: check
+CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage (com_smestorage) ...)
+ TODO: check
+CVE-2010-1857 (SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, ...)
+ TODO: check
+CVE-2010-1856 (Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 ...)
+ TODO: check
+CVE-2010-1855 (SQL injection vulnerability in auktion.php in Pay Per Watch & Bid ...)
+ TODO: check
+CVE-2010-1854 (Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per ...)
+ TODO: check
+CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse function ...)
+ TODO: check
+CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension is ...)
+ TODO: check
+CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled, uses ...)
+ TODO: check
+CVE-2009-4872 (Multiple SQL injection vulnerabilities in globepersonnel_login.asp in ...)
+ TODO: check
+CVE-2009-4871 (SQL injection vulnerability in globepersonnel_forum.asp in Logoshows ...)
+ TODO: check
+CVE-2009-4870 (Multiple SQL injection vulnerabilities in login.php in PHPCityPortal ...)
+ TODO: check
+CVE-2009-4869 (Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest ...)
+ TODO: check
+CVE-2009-4868 (Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 ...)
+ TODO: check
+CVE-2009-4867 (Buffer overflow in Tuniac 090517c allows remote attackers to cause a ...)
+ TODO: check
+CVE-2009-4866 (Cross-site scripting (XSS) vulnerability in search.cgi in Matt's ...)
+ TODO: check
+CVE-2009-4865 (Multiple SQL injection vulnerabilities in escorts_search.php in ...)
+ TODO: check
+CVE-2009-4864 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2009-4863 (Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows ...)
+ TODO: check
+CVE-2009-4862 (Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote ...)
+ TODO: check
+CVE-2009-4861 (Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO ...)
+ TODO: check
+CVE-2009-4860 (SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier ...)
+ TODO: check
+CVE-2009-4859 (Multiple cross-site scripting (XSS) vulnerabilities in Online Work ...)
+ TODO: check
+CVE-2009-4858 (Cross-site scripting (XSS) vulnerability in questiondetail.php in ...)
+ TODO: check
+CVE-2009-4857 (Cross-site scripting (XSS) vulnerability in login.php in PHP Photo ...)
+ TODO: check
+CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy ...)
+ TODO: check
+CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows remote ...)
+ TODO: check
+CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...)
+ TODO: check
+CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before ...)
+ TODO: check
+CVE-2009-4852 (Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle ...)
+ TODO: check
+CVE-2009-4851 (The activation resend function in the Profiles module in XOOPS before ...)
+ TODO: check
+CVE-2009-4850 (The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote ...)
+ TODO: check
+CVE-2009-4849 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2009-4848 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual ...)
+ TODO: check
+CVE-2009-4847 (Deliantra Server before 2.82 allows remote authenticated users to ...)
+ TODO: check
+CVE-2009-4846 (Multiple buffer overflows in Deliantra Server before 2.82 allow remote ...)
+ TODO: check
+CVE-2009-4845 (The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 ...)
+ TODO: check
+CVE-2009-4844 (ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to ...)
+ TODO: check
+CVE-2009-4843 (ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require ...)
+ TODO: check
+CVE-2009-4842 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual ...)
+ TODO: check
CVE-2010-1850
RESERVED
CVE-2010-XXXX [serendipity xinha issue]
@@ -346,10 +450,10 @@
RESERVED
CVE-2010-1691
RESERVED
-CVE-2010-1690
- RESERVED
-CVE-2010-1689
- RESERVED
+CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...)
+ TODO: check
+CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...)
+ TODO: check
CVE-2010-1688
RESERVED
CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows ...)
@@ -693,8 +797,8 @@
RESERVED
CVE-2010-1550
RESERVED
-CVE-2010-1549
- RESERVED
+CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 ...)
+ TODO: check
CVE-2010-1548
RESERVED
CVE-2010-1547
@@ -994,8 +1098,7 @@
RESERVED
CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip ...)
NOT-FOR-US: TweakFS
-CVE-2010-1167 [fetchmail memory exhaustion DoS]
- RESERVED
+CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not ...)
- fetchmail 6.3.16-2 (low)
[lenny] - fetchmail <no-dsa> (only vulnerable when run under debug verbosity level)
NOTE: http://www.fetchmail.info/fetchmail-SA-2010-02.txt
@@ -1013,13 +1116,12 @@
NOTE: Not triggerable remotely
CVE-2010-1454
RESERVED
-CVE-2010-1453
- RESERVED
+CVE-2010-1453 (Cross-site scripting (XSS) vulnerability in the Login form in Piwik ...)
- piwik <itp> (bug #506933)
CVE-2010-1452
RESERVED
-CVE-2010-1451
- RESERVED
+CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the ...)
+ TODO: check
CVE-2010-1450
RESERVED
CVE-2010-1449
@@ -1054,16 +1156,14 @@
RESERVED
- vlc 1.0.6-1
NOTE: http://www.videolan.org/security/sa1003.html
-CVE-2010-1440 [integer overflow]
- RESERVED
+CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live ...)
- texlive-bin 2009-6 (low; bug #580668)
[lenny] - texlive-bin <no-dsa> (minor issue)
CVE-2010-1439
RESERVED
CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames ...)
- wafp <itp> (bug #562949)
-CVE-2010-1437 [keyring issue]
- RESERVED
+CVE-2010-1437 (Race condition in the find_keyring_by_name function in ...)
- linux-2.6 <unfixed>
CVE-2010-1436 [gfs2 issue]
RESERVED
@@ -1714,8 +1814,7 @@
NOT-FOR-US: Microsoft Internet Explorer 7.0
CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Cisco TFTP Server
-CVE-2010-1173 [skb issue]
- RESERVED
+CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the ...)
- linux-2.6 2.6.32-12
CVE-2010-1172
RESERVED
@@ -1791,8 +1890,8 @@
- libnids <unfixed> (low; bug #576281)
[lenny] - libnids <no-dsa> (Minor issue)
NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor
-CVE-2010-1143
- RESERVED
+CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View (formerly ...)
+ TODO: check
CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...)
NOT-FOR-US: VMware products
CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...)
@@ -2742,14 +2841,12 @@
RESERVED
CVE-2010-0830
RESERVED
-CVE-2010-0829
- RESERVED
+CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and ...)
- dvipng 1.13-1 (low; bug filed)
CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the ...)
{DSA-2024-1}
- moin 1.9.2-3 (low; bug #575995)
-CVE-2010-0827 [dvips integer overflow]
- RESERVED
+CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, ...)
- texlive-bin 2009-6 (low; bug #580669)
[lenny] - texlive-bin <no-dsa> (minor issue)
CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka ...)
@@ -8514,6 +8611,7 @@
CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) ...)
NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used ...)
+ {DSA-2045-1}
- libtheora 1.1 (bug #572950)
[etch] - libtheora <not-affected> (vulnerable code not present)
- xulrunner 1.9.1.6-1
More information about the Secure-testing-commits
mailing list