[Secure-testing-commits] r15580 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Sat Nov 13 21:14:28 UTC 2010
Author: joeyh
Date: 2010-11-13 21:14:28 +0000 (Sat, 13 Nov 2010)
New Revision: 15580
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-11-13 14:14:59 UTC (rev 15579)
+++ data/CVE/list 2010-11-13 21:14:28 UTC (rev 15580)
@@ -1,29 +1,174 @@
-CVE-2010-4203
+CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets ...)
+ TODO: check
+CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...)
+ TODO: check
+CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...)
+ TODO: check
+CVE-2010-4218 (Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown ...)
+ TODO: check
+CVE-2010-4217 (Use-after-free vulnerability in the proxy server in IBM Tivoli ...)
+ TODO: check
+CVE-2010-4216 (IBM Tivoli Directory Server (TDS) 6.0.0.x before ...)
+ TODO: check
+CVE-2010-4215
+ RESERVED
+CVE-2010-4214 (The Wells Fargo Mobile application 1.1 for Android stores a username ...)
+ TODO: check
+CVE-2010-4213 (The Bank of America application 2.12 for Android stores a security ...)
+ TODO: check
+CVE-2010-4212 (The USAA application 3.0 for Android stores a mirror image of each ...)
+ TODO: check
+CVE-2010-4211 (The PayPal app before 3.0.1 for iOS does not verify that the server ...)
+ TODO: check
+CVE-2010-4210
+ RESERVED
+CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
+ TODO: check
+CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
+ TODO: check
+CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
+ TODO: check
+CVE-2010-4206 (Google Chrome before 7.0.517.44 accesses memory at an out-of-bounds ...)
+ TODO: check
+CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data ...)
+ TODO: check
+CVE-2010-4204 (Google Chrome before 7.0.517.44 accesses a frame object after this ...)
+ TODO: check
+CVE-2010-4202 (Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux ...)
+ TODO: check
+CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...)
+ TODO: check
+CVE-2010-4200 (Google Chrome before 7.0.517.44 reads from invalid memory locations ...)
+ TODO: check
+CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast of an ...)
+ TODO: check
+CVE-2010-4198 (Google Chrome before 7.0.517.44 does not properly handle large text ...)
+ TODO: check
+CVE-2010-4197 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...)
+ TODO: check
+CVE-2010-4196
+ RESERVED
+CVE-2010-4195
+ RESERVED
+CVE-2010-4194
+ RESERVED
+CVE-2010-4193
+ RESERVED
+CVE-2010-4192
+ RESERVED
+CVE-2010-4191
+ RESERVED
+CVE-2010-4190
+ RESERVED
+CVE-2010-4189
+ RESERVED
+CVE-2010-4188
+ RESERVED
+CVE-2010-4187
+ RESERVED
+CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools Online ...)
+ TODO: check
+CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly 2.3.8 ...)
+ TODO: check
+CVE-2010-4184 (NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with ...)
+ TODO: check
+CVE-2010-4183 (Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier ...)
+ TODO: check
+CVE-2010-4182 (Untrusted search path vulnerability in the Data Access Objects (DAO) ...)
+ TODO: check
+CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...)
+ TODO: check
+CVE-2010-4180
+ RESERVED
+CVE-2010-4179
+ RESERVED
+CVE-2010-4178
+ RESERVED
+CVE-2010-4177
+ RESERVED
+CVE-2010-4176
+ RESERVED
+CVE-2010-4175
+ RESERVED
+CVE-2010-4174
+ RESERVED
+CVE-2010-4173
+ RESERVED
+CVE-2010-4172
+ RESERVED
+CVE-2010-4171
+ RESERVED
+CVE-2010-4170
+ RESERVED
+CVE-2010-4169
+ RESERVED
+CVE-2010-4168
+ RESERVED
+CVE-2010-4167
+ RESERVED
+CVE-2010-4166
+ RESERVED
+CVE-2010-4165
+ RESERVED
+CVE-2010-4164
+ RESERVED
+CVE-2010-4163
+ RESERVED
+CVE-2010-4162
+ RESERVED
+CVE-2010-4161
+ RESERVED
+CVE-2010-4159
+ RESERVED
+CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...)
+ TODO: check
+CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 ...)
+ TODO: check
+CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager ...)
+ TODO: check
+CVE-2010-4153 (Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably ...)
+ TODO: check
+CVE-2010-4152 (SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, ...)
+ TODO: check
+CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly ...)
+ TODO: check
+CVE-2010-4150
+ RESERVED
+CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 ...)
+ TODO: check
+CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before ...)
+ TODO: check
+CVE-2008-7265 (The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote ...)
+ TODO: check
+CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK), as used in Google Chrome before ...)
- libvpx 0.9.1-2 (bug #602693)
CVE-2010-4160
+ RESERVED
- linux-2.6 <unfixed> (low)
CVE-2010-4158
+ RESERVED
- linux-2.6 <unfixed> (low)
CVE-2010-4157
+ RESERVED
- linux-2.6 <unfixed> (low)
CVE-2010-XXXX
- proftpd-dfsg 1.3.3a-5 (bug #602279)
[lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3)
-CVE-2010-4149
+CVE-2010-4149 (Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, ...)
NOT-FOR-US: FreshWebMaster Fresh FTP
-CVE-2010-4148
+CVE-2010-4148 (Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly ...)
NOT-FOR-US: AnyConnect
-CVE-2010-4147
+CVE-2010-4147 (Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping ...)
NOT-FOR-US: Pentasoft Avactis Shopping Cart
-CVE-2010-4146
+CVE-2010-4146 (Cross-site scripting (XSS) vulnerability in Attachmate Reflection for ...)
NOT-FOR-US: Attachmate Reflection
-CVE-2010-4145
+CVE-2010-4145 (Kisisel Radyo Script stores sensitive information under the web root ...)
NOT-FOR-US: Kisisel Radyo Script
-CVE-2010-4144
+CVE-2010-4144 (SQL injection vulnerability in radyo.asp in Kisisel Radyo Script ...)
NOT-FOR-US: Kisisel Radyo Script
-CVE-2010-4143
+CVE-2010-4143 (SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when ...)
NOT-FOR-US: phpCheckZ
-CVE-2010-4142
+CVE-2010-4142 (Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build ...)
NOT-FOR-US: DATAC RealWin
CVE-2010-XXXX
- pithos 0.3.5-1
@@ -99,19 +244,19 @@
RESERVED
CVE-2010-4107
RESERVED
-CVE-2010-4106
+CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
NOT-FOR-US: HP Insight Orchestration
-CVE-2010-4105
+CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2 ...)
NOT-FOR-US: HP Insight Orchestration
-CVE-2010-4104
+CVE-2010-4104 (Unspecified vulnerability in HP Insight Orchestration before 6.2 ...)
NOT-FOR-US: HP Insight Orchestration
-CVE-2010-4103
+CVE-2010-4103 (Unspecified vulnerability in HP Insight Managed System Setup Wizard ...)
NOT-FOR-US: HP Insight Managed System Setup Wizard
-CVE-2010-4102
+CVE-2010-4102 (Unspecified vulnerability in HP Insight Recovery before 6.2 allows ...)
NOT-FOR-US: HP Insight Recovery
-CVE-2010-4101
+CVE-2010-4101 (Cross-site scripting (XSS) vulnerability in HP Insight Recovery before ...)
NOT-FOR-US: HP Insight Recovery
-CVE-2010-4100
+CVE-2010-4100 (Unspecified vulnerability in HP Insight Control Performance Management ...)
NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4099 (ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is ...)
NOT-FOR-US: NitroSecurity NitroView
@@ -126,10 +271,10 @@
NOT-FOR-US: IBM Rational Quality Manager
CVE-2010-4093
RESERVED
-CVE-2010-4092
- RESERVED
-CVE-2010-4091
- RESERVED
+CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility component ...)
+ TODO: check
+CVE-2010-4091 (The EScript.api plugin in Adobe Acrobat Reader 9.4.0, 8.1.7, and ...)
+ TODO: check
CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to execute ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...)
@@ -284,11 +429,11 @@
- chromium-browser <undetermined>
NOTE: http://trac.webkit.org/changeset/63786
NOTE: http://trac.webkit.org/changeset/67240
-CVE-2010-4032
+CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
NOT-FOR-US: HP Insight Control Performance Management
-CVE-2010-4031
+CVE-2010-4031 (Unspecified vulnerability in HP Insight Control Performance Management ...)
NOT-FOR-US: HP Insight Control Performance Management
-CVE-2010-4030
+CVE-2010-4030 (Cross-site scripting (XSS) vulnerability in HP Insight Control ...)
NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4029 (Unspecified vulnerability in HP Storage Essentials before 6.3.0, when ...)
NOT-FOR-US: HP Storage Essentials
@@ -337,28 +482,28 @@
- libxml2 2.7.8.dfsg-1 (bug #602609)
CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...)
NOT-FOR-US: Oracle Mojarra
-CVE-2010-4006
- RESERVED
-CVE-2010-4005
- RESERVED
+CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links ...)
+ TODO: check
+CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and ...)
+ TODO: check
CVE-2010-4004
RESERVED
CVE-2010-4003
RESERVED
CVE-2010-4002
RESERVED
-CVE-2010-4001
- RESERVED
-CVE-2010-4000
- RESERVED
-CVE-2010-3999
- RESERVED
-CVE-2010-3998
- RESERVED
+CVE-2010-4001 (** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a ...)
+ TODO: check
+CVE-2010-4000 (gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name ...)
+ TODO: check
+CVE-2010-3999 (gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length ...)
+ TODO: check
+CVE-2010-3998 (The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and ...)
+ TODO: check
CVE-2010-3997
RESERVED
-CVE-2010-3996
- RESERVED
+CVE-2010-3996 (festival_server in Centre for Speech Technology Research (CSTR) ...)
+ TODO: check
CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib ...)
- python-pyftpdlib 0.5.2-1
CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2 does not require the l ...)
@@ -421,9 +566,9 @@
NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3978
RESERVED
-CVE-2010-3977
- RESERVED
-CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player 10.1.82.76, ...)
+CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9 allows ...)
NOT-FOR-US: Adobe Flash Player
@@ -451,8 +596,8 @@
RESERVED
CVE-2010-3963
RESERVED
-CVE-2010-3962
- RESERVED
+CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and ...)
+ TODO: check
CVE-2010-3961
RESERVED
CVE-2010-3960
@@ -503,8 +648,8 @@
RESERVED
CVE-2010-3937
RESERVED
-CVE-2010-3936
- RESERVED
+CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft ...)
+ TODO: check
CVE-2010-3935
RESERVED
CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Software ...)
@@ -543,14 +688,14 @@
RESERVED
CVE-2010-3917
RESERVED
-CVE-2010-3916
- RESERVED
-CVE-2010-3915
- RESERVED
-CVE-2010-3914
- RESERVED
-CVE-2010-3913
- RESERVED
+CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...)
+ TODO: check
+CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...)
+ TODO: check
+CVE-2010-3914 (Untrusted search path vulnerability in VIM Development Group GVim ...)
+ TODO: check
+CVE-2010-3913 (CRLF injection vulnerability in TransWARE Active! mail 6 build ...)
+ TODO: check
CVE-2010-3912
RESERVED
CVE-2010-3911
@@ -644,26 +789,26 @@
- linux-2.6 <unfixed> (low)
CVE-2010-3872
RESERVED
-CVE-2010-3871
- RESERVED
+CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2010-3870
RESERVED
CVE-2010-3869
RESERVED
CVE-2010-3868
RESERVED
-CVE-2010-3867
- RESERVED
+CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc ...)
+ TODO: check
CVE-2010-3866
- RESERVED
+ REJECTED
CVE-2010-3865
RESERVED
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2010-3864
RESERVED
-CVE-2010-3863
- RESERVED
+CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...)
+ TODO: check
CVE-2010-3862
RESERVED
CVE-2010-3861
@@ -692,10 +837,10 @@
RESERVED
CVE-2010-3853
RESERVED
-CVE-2010-3852
- RESERVED
-CVE-2010-3851
- RESERVED
+CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga ...)
+ TODO: check
+CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 ...)
+ TODO: check
CVE-2010-3850
RESERVED
CVE-2010-3849
@@ -709,8 +854,7 @@
- glibc <removed>
[squeeze] - eglibc 2.11.2-6+squeeze1
NOTE: http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html
-CVE-2010-3846
- RESERVED
+CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS ...)
- cvs <not-affected> (vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852
CVE-2010-3844
@@ -912,7 +1056,7 @@
RESERVED
CVE-2010-3766
RESERVED
-CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when ...)
+CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, ...)
{DSA-2124-1}
- xulrunner <removed>
- iceweasel 3.5.15-1
@@ -921,8 +1065,7 @@
- icedove 3.0.10-1
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (bug in optimization added later)
-CVE-2010-3764
- RESERVED
+CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, ...)
- bugzilla <unfixed> (bug #602420; low)
CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...)
- mantis 1.1.8+dfsg-9 (bug #601618)
@@ -1050,8 +1193,8 @@
[squeeze] - pidgin 2.7.3-1+squeeze1
CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP ...)
- php5 <unfixed> (bug filed)
-CVE-2010-3709
- RESERVED
+CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...)
+ TODO: check
CVE-2010-3708
RESERVED
CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...)
@@ -1063,15 +1206,13 @@
CVE-2010-3705 [sctp out-of-bounds issue]
RESERVED
- linux-2.6 2.6.32-25
-CVE-2010-3704
- RESERVED
+CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser ...)
{DSA-2119-1}
- kdegraphics 4.0
- xpdf 3.02-9
- poppler 0.12.4-1.2 (bug #599165)
NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
-CVE-2010-3703
- RESERVED
+CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in ...)
- kdegraphics 4.0
[lenny] - kdegraphics <not-affected> (Vulnerable code not present)
- xpdf 3.02-9
@@ -1079,8 +1220,7 @@
- poppler 0.12.4-1.2 (bug #599165)
[lenny] - poppler <not-affected> (Vulnerable code not present)
NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
-CVE-2010-3702
- RESERVED
+CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, ...)
{DSA-2119-1}
- kdegraphics 4.0
- xpdf 3.02-9
@@ -1103,8 +1243,7 @@
RESERVED
- imp4 4.3.7+debian0-2.1 (bug #598584)
NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
-CVE-2010-3694 [Protected preference forms against CSRF attacks]
- RESERVED
+CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde ...)
- horde3 3.3.8+debian0-2 (bug #598582)
NOTE: http://lists.horde.org/archives/announce/2010/000568.html
CVE-2010-3693 [XSS vulnerability when showing mailbox names]
@@ -1184,50 +1323,50 @@
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2010-3654 (Adobe Flash Player 10.1.85.3 and earlier on Windows, Mac OS X, Linux, ...)
+CVE-2010-3654 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...)
NOT-FOR-US: Adobe Flash
CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before ...)
NOT-FOR-US: Adobe Shockwave
-CVE-2010-3652
- RESERVED
+CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
CVE-2010-3651
RESERVED
-CVE-2010-3650
- RESERVED
-CVE-2010-3649
- RESERVED
-CVE-2010-3648
- RESERVED
-CVE-2010-3647
- RESERVED
-CVE-2010-3646
- RESERVED
-CVE-2010-3645
- RESERVED
-CVE-2010-3644
- RESERVED
-CVE-2010-3643
- RESERVED
-CVE-2010-3642
- RESERVED
-CVE-2010-3641
- RESERVED
-CVE-2010-3640
- RESERVED
-CVE-2010-3639
- RESERVED
-CVE-2010-3638
- RESERVED
-CVE-2010-3637
- RESERVED
-CVE-2010-3636
- RESERVED
-CVE-2010-3635
- RESERVED
-CVE-2010-3634
- RESERVED
-CVE-2010-3633
- RESERVED
+CVE-2010-3650 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3649 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3648 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3647 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3646 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3645 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3644 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3643 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3642 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3641 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3640 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3639 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3638 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
+ TODO: check
+CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 ...)
+ TODO: check
+CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...)
+ TODO: check
+CVE-2010-3635 (Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, ...)
+ TODO: check
+CVE-2010-3634 (Unspecified vulnerability in the edge process in Adobe Flash Media ...)
+ TODO: check
+CVE-2010-3633 (Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, ...)
+ TODO: check
CVE-2010-3632 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3631 (Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x ...)
@@ -1270,8 +1409,8 @@
RESERVED
CVE-2010-3612
RESERVED
-CVE-2010-3611
- RESERVED
+CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before ...)
+ TODO: check
CVE-2010-3610
RESERVED
CVE-2010-3609
@@ -1554,7 +1693,7 @@
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-3548 (Unspecified vulnerability in the JNDI component in Oracle Java SE and ...)
+CVE-2010-3548 (Unspecified vulnerability in the Java Naming and Directory Interface ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -1771,8 +1910,7 @@
[lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194)
CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in ...)
- linux-2.6 2.6.32-25
-CVE-2010-3436 [open_basedir bypass]
- RESERVED
+CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote ...)
- php5 <unfixed> (unimportant)
NOTE: http://svn.php.net/viewvc?view=revision&revision=303824
CVE-2010-3435
@@ -2032,16 +2170,16 @@
RESERVED
CVE-2010-3338
RESERVED
-CVE-2010-3337
- RESERVED
-CVE-2010-3336
- RESERVED
-CVE-2010-3335
- RESERVED
-CVE-2010-3334
- RESERVED
-CVE-2010-3333
- RESERVED
+CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and ...)
+ TODO: check
+CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac ...)
+ TODO: check
+CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...)
+ TODO: check
+CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...)
+ TODO: check
+CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 ...)
+ TODO: check
CVE-2010-3332 (Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, ...)
NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
@@ -2483,8 +2621,7 @@
CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x ...)
{DSA-2123-1}
- nss 3.12.8-1
-CVE-2010-3172
- RESERVED
+CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before ...)
- bugzilla <unfixed> (bug #602420; low)
CVE-2010-3171 (The Math.random function in the JavaScript implementation in Mozilla ...)
NOTE: Will likely be rejected by MITRE
@@ -2555,7 +2692,7 @@
NOT-FOR-US: Adobe ExtendedScript Toolkit
CVE-2010-3154 (Untrusted search path vulnerability in Adobe Extension Manager CS5 ...)
NOT-FOR-US: Adobe Extension Manager
-CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0 allows ...)
+CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0, ...)
NOT-FOR-US: Adobe InDesign
CVE-2010-3152 (Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, ...)
NOT-FOR-US: Adobe Illustrator
@@ -2579,7 +2716,7 @@
NOT-FOR-US: Microsoft Windows Contacts
CVE-2010-3142 (Untrusted search path vulnerability in Microsoft Office PowerPoint ...)
NOT-FOR-US: Microsoft Office PowerPoint
-CVE-2010-3141 (Untrusted search path vulnerability in Microsoft Power Point 2010 ...)
+CVE-2010-3141 (Untrusted search path vulnerability in Microsoft PowerPoint 2010 ...)
NOT-FOR-US: Microsoft Power Point
CVE-2010-3140 (Untrusted search path vulnerability in Microsoft Windows Internet ...)
NOT-FOR-US: Microsoft Windows Internet Communication Settings
@@ -2787,8 +2924,7 @@
CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...)
{DSA-2110-1}
- linux-2.6 2.6.32-24
-CVE-2010-3077 [horde XSS in icon_browser.php]
- RESERVED
+CVE-2010-3077 (Cross-site scripting (XSS) vulnerability in util/icon_browser.php in ...)
- horde3 3.3.8+debian0-2 (bug #598582)
NOTE: http://seclists.org/fulldisclosure/2010/Sep/82
CVE-2010-3076 (The filter function in php/src/include.php in Simple Management for ...)
@@ -2879,10 +3015,10 @@
RESERVED
CVE-2010-3041
RESERVED
-CVE-2010-3040
- RESERVED
-CVE-2010-3039
- RESERVED
+CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...)
+ TODO: check
+CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications ...)
+ TODO: check
CVE-2010-3038
RESERVED
CVE-2010-3037
@@ -3102,8 +3238,7 @@
CVE-2010-2942 (The actions implementation in the network queueing functionality in ...)
- linux-2.6 2.6.32-25
[lenny] - linux-2.6 2.6.26-25
-CVE-2010-2941 [cups: Incorrect memory handling in IPP - DOS / remote exploit]
- RESERVED
+CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate ...)
- cups 1.4.4-7 (bug #603344)
CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System ...)
- sssd 1.2.1-4 (bug #594413)
@@ -3736,12 +3871,12 @@
RESERVED
CVE-2010-2735
RESERVED
-CVE-2010-2734
- RESERVED
-CVE-2010-2733
- RESERVED
-CVE-2010-2732
- RESERVED
+CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in ...)
+ TODO: check
+CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in ...)
+ TODO: check
+CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft ...)
+ TODO: check
CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, ...)
@@ -3987,10 +4122,10 @@
RESERVED
CVE-2010-2637
RESERVED
-CVE-2010-2636
- RESERVED
-CVE-2010-2635
- RESERVED
+CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample store ...)
+ TODO: check
+CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before ...)
+ TODO: check
CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...)
NOT-FOR-US: RSA enVision
CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, ...)
@@ -4099,11 +4234,11 @@
NOT-FOR-US: RealPage Module ActiveX Controls
CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in ...)
NOT-FOR-US: RealPage Module ActiveX Controls
-CVE-2010-2583
- RESERVED
-CVE-2010-2582 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.9.615 ...)
+CVE-2010-2583 (Stack-based buffer overflow in SonicWALL SSL-VPN End-Point ...)
+ TODO: check
+CVE-2010-2582 (An unspecified function in TextXtra.x32 in Adobe Shockwave Player ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...)
+CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not ...)
NOT-FOR-US: MailEnable
@@ -4132,10 +4267,10 @@
- tiff <unfixed> (unimportant)
CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...)
- tiff <unfixed> (unimportant)
-CVE-2010-2573
- RESERVED
-CVE-2010-2572
- RESERVED
+CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, ...)
+ TODO: check
+CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows ...)
+ TODO: check
CVE-2010-2571
RESERVED
CVE-2010-2570
@@ -4382,8 +4517,7 @@
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=608950
NOTE: http://thread.gmane.org/gmane.linux.network/164869
-CVE-2010-2477 [XSS in paste.httpexceptions]
- RESERVED
+CVE-2010-2477 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- paste 1.7.4-1 (low)
[lenny] - paste 1.7.1-1+lenny1
NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
@@ -6085,7 +6219,7 @@
NOT-FOR-US: Apple iOS
CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 does not ...)
+CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2, and ...)
- webkit 1.2.5-1 (bug #599830)
- chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/64706
@@ -6923,8 +7057,8 @@
NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 ...)
NOT-FOR-US: SpreadSheet Lotus 123 reader
-CVE-2010-1523
- RESERVED
+CVE-2010-1523 (Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in ...)
+ TODO: check
CVE-2010-1522 (Multiple SQL injection vulnerabilities in the BookLibrary Basic ...)
NOT-FOR-US: com_booklibrary component for joomla!
CVE-2010-1521 (SQL injection vulnerability in include/classes/tzn_user.php in ...)
@@ -9281,14 +9415,14 @@
- samba 2:3.4.5~dfsg-2 (bug #567554)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
NOTE: Initial DSA released as CVE-2009-3297
-CVE-2010-0786
- RESERVED
-CVE-2010-0785
- RESERVED
-CVE-2010-0784
- RESERVED
-CVE-2010-0783
- RESERVED
+CVE-2010-0786 (The Web Services Security component in IBM WebSphere Application ...)
+ TODO: check
+CVE-2010-0785 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...)
+ TODO: check
+CVE-2010-0784 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
+ TODO: check
+CVE-2010-0783 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
+ TODO: check
CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows ...)
NOT-FOR-US: IBM WebSphere
CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM ...)
@@ -19714,7 +19848,7 @@
NOT-FOR-US: MHF Media Pro
CVE-2009-XXXX [predictable random number generator used in web browsers]
- webkit 1.2 (low; bug #532514)
- NOTE: The implementations for UNIX seems fine, might be fixed earlier
+ NOTE: The implementations for UNIX seems fine, might be fixed earlier
[lenny] - webkit <no-dsa> (Minor issue)
- kdebase <unfixed> (low; bug #532519)
[squeeze] - kdebase <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list