[Secure-testing-commits] r15361 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Sep 20 21:14:55 UTC 2010 

Author: joeyh
Date: 2010-09-20 21:14:47 +0000 (Mon, 20 Sep 2010)
New Revision: 15361

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-20 14:15:45 UTC (rev 15360)
+++ data/CVE/list	2010-09-20 21:14:47 UTC (rev 15361)
@@ -1,3 +1,81 @@
+CVE-2010-3467 (SQL injection vulnerability in modules/sections/index.php in ...)
+	TODO: check
+CVE-2010-3466 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
+	TODO: check
+CVE-2010-3465 (Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping ...)
+	TODO: check
+CVE-2010-3464 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2010-3463 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2010-3462 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2010-3461 (SQL injection vulnerability in the Publisher module in eNdonesia 8.4 ...)
+	TODO: check
+CVE-2010-3460 (Directory traversal vulnerability in the HTTP interface in AXIGEN Mail ...)
+	TODO: check
+CVE-2010-3459 (Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface ...)
+	TODO: check
+CVE-2010-3458 (SQL injection vulnerability in lib/toolkit/events/event.section.php in ...)
+	TODO: check
+CVE-2010-3457 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS ...)
+	TODO: check
+CVE-2010-3456 (Directory traversal vulnerability in download.php in EnergyScripts ...)
+	TODO: check
+CVE-2010-3455 (Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 ...)
+	TODO: check
+CVE-2010-3454
+	RESERVED
+CVE-2010-3453
+	RESERVED
+CVE-2010-3452
+	RESERVED
+CVE-2010-3451
+	RESERVED
+CVE-2010-3450
+	RESERVED
+CVE-2010-3449
+	RESERVED
+CVE-2010-3448
+	RESERVED
+CVE-2010-3447
+	RESERVED
+CVE-2010-3446
+	RESERVED
+CVE-2010-3445
+	RESERVED
+CVE-2010-3444
+	RESERVED
+CVE-2010-3443
+	RESERVED
+CVE-2010-3442
+	RESERVED
+CVE-2010-3441
+	RESERVED
+CVE-2010-3440
+	RESERVED
+CVE-2010-3439
+	RESERVED
+CVE-2010-3438
+	RESERVED
+CVE-2010-3437
+	RESERVED
+CVE-2010-3436
+	RESERVED
+CVE-2010-3435
+	RESERVED
+CVE-2010-3434
+	RESERVED
+CVE-2010-3433
+	RESERVED
+CVE-2010-3432
+	RESERVED
+CVE-2010-3431
+	RESERVED
+CVE-2010-3430
+	RESERVED
+CVE-2010-3429
+	RESERVED
 CVE-2010-XXXX [mingetty directory traversal]
 	- mingetty <unfixed> (medium; bug #597382)
 CVE-2010-XXXX [config file world readable]
@@ -235,8 +313,8 @@
 	RESERVED
 CVE-2010-3325
 	RESERVED
-CVE-2010-3324
-	RESERVED
+CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8 allows ...)
+	TODO: check
 CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session ...)
 	NOT-FOR-US: Splunk
 CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote ...)
@@ -873,15 +951,19 @@
 	- mailscanner <unfixed> (bug #596403)
 CVE-2010-3094 [drupal Actions cross site scripting]
 	RESERVED
+	{DSA-2113-1}
 	- drupal6 6.18-1 (low; bug #592716)
 CVE-2010-3093 [drupal Comment unpublishing bypass]
 	RESERVED
+	{DSA-2113-1}
 	- drupal6 6.18-1 (low; bug #592716)
 CVE-2010-3092 [drupal File download access bypass]
 	RESERVED
+	{DSA-2113-1}
 	- drupal6 6.18-1 (low; bug #592716)
 CVE-2010-3091 [drupal OpenID authentication bypass]
 	RESERVED
+	{DSA-2113-1}
 	- drupal6 6.18-1 (low; bug #592716)
 CVE-2010-3090 [mailman, will be rejected]
 	RESERVED
@@ -930,14 +1012,11 @@
 	{DSA-2103-1}
 	- smbind 0.4.7-5 (high)
 	NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
-CVE-2010-3075
-	RESERVED
+CVE-2010-3075 (EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher ...)
 	- encfs 1.7.2-1 (bug #595998)
-CVE-2010-3074
-	RESERVED
+CVE-2010-3074 (SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of ...)
 	- encfs 1.7.2-1 (bug #595998)
-CVE-2010-3073
-	RESERVED
+CVE-2010-3073 (SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer ...)
 	- encfs 1.7.2-1 (bug #595998)
 CVE-2010-3072
 	RESERVED
@@ -1073,10 +1152,10 @@
 	REJECTED
 CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...)
 	NOT-FOR-US: Pligg
-CVE-2010-3012
-	RESERVED
-CVE-2010-3011
-	RESERVED
+CVE-2010-3012 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
+	TODO: check
+CVE-2010-3011 (CRLF injection vulnerability in HP System Management Homepage (SMH) ...)
+	TODO: check
 CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect ...)
 	NOT-FOR-US: HP 3Com OfficeConnect
 CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for ...)
@@ -7829,7 +7908,7 @@
 	- icedove 3.0.6-1
 	- iceape 2.0.6-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when the ...)
+CVE-2010-0653 (Opera before 10.10 permits cross-origin loading of CSS stylesheets ...)
 	NOT-FOR-US: Opera
 CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...)
 	NOT-FOR-US: Microsoft Internet Explorer
@@ -8538,6 +8617,7 @@
 	[lenny] - openttd 0.6.2-1+lenny2
 CVE-2010-0405
 	RESERVED
+	{DSA-2112-1}
 CVE-2010-0404 (Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before ...)
 	{DSA-2046-1}
 	- phpgroupware 1:0.9.16.016+dfsg-1 (bug #584517)

More information about the Secure-testing-commits mailing list