[Secure-testing-commits] r15378 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Sep 27 21:14:49 UTC 2010
Author: joeyh
Date: 2010-09-27 21:14:47 +0000 (Mon, 27 Sep 2010)
New Revision: 15378
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-27 16:32:43 UTC (rev 15377)
+++ data/CVE/list 2010-09-27 21:14:47 UTC (rev 15378)
@@ -1,3 +1,39 @@
+CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...)
+ TODO: check
+CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt ...)
+ TODO: check
+CVE-2010-3606 (Multiple directory traversal vulnerabilities in AGENTS/index.php in ...)
+ TODO: check
+CVE-2010-3605 (Cross-site scripting (XSS) vulnerability in the powermail extension ...)
+ TODO: check
+CVE-2010-3604 (SQL injection vulnerability in the powermail extension 1.5.3 and ...)
+ TODO: check
+CVE-2010-3603 (Cross-site request forgery (CSRF) vulnerability in the file manager ...)
+ TODO: check
+CVE-2010-3602 (Cross-site scripting (XSS) vulnerability in ProfileView.aspx in ...)
+ TODO: check
+CVE-2010-3601 (SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows ...)
+ TODO: check
+CVE-2010-3499
+ RESERVED
+CVE-2010-3498
+ RESERVED
+CVE-2010-3497
+ RESERVED
+CVE-2010-3496
+ RESERVED
+CVE-2010-3495
+ RESERVED
+CVE-2010-3494
+ RESERVED
+CVE-2010-3493
+ RESERVED
+CVE-2010-3492
+ RESERVED
+CVE-2010-3491
+ RESERVED
+CVE-2010-3490
+ RESERVED
CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: CMS Digital Workroom
CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote ...)
@@ -400,17 +436,20 @@
CVE-2010-3411 (Google Chrome before 6.0.472.59 on Linux does not properly handle ...)
- webkit <not-affected> (chromium specific)
- chromium-browser 6.0.472.59~r59126-1
-CVE-2010-3410 (Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows ...)
+CVE-2010-3410
+ REJECTED
- webkit <undetermined>
- chromium-browser 6.0.472.59~r59126-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43587
NOTE: http://trac.webkit.org/changeset/66847
-CVE-2010-3409 (Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows ...)
+CVE-2010-3409
+ REJECTED
- webkit <undetermined>
- chromium-browser 6.0.472.59~r59126-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43260
NOTE: http://trac.webkit.org/changeset/66795
-CVE-2010-3408 (Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows ...)
+CVE-2010-3408
+ REJECTED
- webkit <undetermined>
- chromium-browser 6.0.472.59~r59126-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43055
@@ -608,9 +647,11 @@
CVE-2010-3315
RESERVED
CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in EGroupware ...)
+ {DSA-2013-1}
- egroupware <removed> (high; bug #573279)
[lenny] - egroupware 1.4.004-2.dfsg-4.2
CVE-2010-3313 (phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php ...)
+ {DSA-2013-1}
- egroupware <removed> (high; bug #573279)
[lenny] - egroupware 1.4.004-2.dfsg-4.2
CVE-2010-3312
@@ -629,8 +670,7 @@
CVE-2010-3305 [pixel CSRF]
RESERVED
- pixelpost <unfixed>
-CVE-2010-3304 [dovecot Maildir ACL]
- RESERVED
+CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...)
- dovecot 1.2.13-1
TODO: check whether this is true: [lenny] - dovecot <not-affected> (only affects 1.2.x)
NOTE: http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
@@ -677,26 +717,25 @@
RESERVED
CVE-2010-3286
RESERVED
-CVE-2010-3285
- RESERVED
-CVE-2010-3284
- RESERVED
-CVE-2010-3283
- RESERVED
+CVE-2010-3285 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
+ TODO: check
+CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
+ TODO: check
+CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) ...)
+ TODO: check
CVE-2010-3282
RESERVED
-CVE-2010-3281
- RESERVED
-CVE-2010-3280
- RESERVED
-CVE-2010-3279
- RESERVED
+CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in ...)
+ TODO: check
+CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server (aka ...)
+ TODO: check
+CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4 in the ...)
+ TODO: check
CVE-2010-XXXX [piwigo multiple vulnerabilities]
- piwigo <unfixed>
TODO: check, secunia only reported the XSS one
NOTE: http://www.exploit-db.com/exploits/14973/
-CVE-2010-3294 [php-apc apc.php XSS]
- RESERVED
+CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Alternative ...)
- php-apc <unfixed> (unimportant)
NOTE: vulnerable script is, mainly, for debugging purposes
NOTE: and is distributed gzip-compressed
@@ -742,8 +781,8 @@
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2010-3262 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before ...)
NOT-FOR-US: flock
-CVE-2010-3261
- RESERVED
+CVE-2010-3261 (Directory traversal vulnerability in RSA Authentication Agent 7.0 ...)
+ TODO: check
CVE-2010-3260
RESERVED
CVE-2010-3259 (Google Chrome before 6.0.472.53 does not properly restrict read access ...)
@@ -816,8 +855,7 @@
CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
- gnome-power-manager <unfixed>
TODO: check
-CVE-2010-3306 [weborf directory traversal]
- RESERVED
+CVE-2010-3306 (Directory traversal vulnerability in the modURL function in instance.c ...)
- weborf 0.12.3-1 (bug #596112)
NOTE: http://www.exploit-db.com/exploits/14925/
CVE-2010-3243
@@ -1258,8 +1296,7 @@
CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...)
- python-django 1.2.3-1 (low; bug #596205)
NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
-CVE-2010-3081 [64-bit Compatibility Mode Stack Pointer Underflow]
- RESERVED
+CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in ...)
{DSA-2110-1}
- linux-2.6 2.6.32-23 (high)
CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in ...)
@@ -1871,24 +1908,24 @@
NOT-FOR-US: Cisco
CVE-2010-2837 (The SIPStationInit implementation in Cisco Unified Communications ...)
NOT-FOR-US: Cisco
-CVE-2010-2836
- RESERVED
-CVE-2010-2835
- RESERVED
-CVE-2010-2834
- RESERVED
-CVE-2010-2833
- RESERVED
-CVE-2010-2832
- RESERVED
-CVE-2010-2831
- RESERVED
-CVE-2010-2830
- RESERVED
-CVE-2010-2829
- RESERVED
-CVE-2010-2828
- RESERVED
+CVE-2010-2836 (Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, ...)
+ TODO: check
+CVE-2010-2835 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...)
+ TODO: check
+CVE-2010-2834 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...)
+ TODO: check
+CVE-2010-2833 (Unspecified vulnerability in the NAT for H.225.0 implementation in ...)
+ TODO: check
+CVE-2010-2832 (Unspecified vulnerability in the NAT for H.323 implementation in Cisco ...)
+ TODO: check
+CVE-2010-2831 (Unspecified vulnerability in the NAT for SIP implementation in Cisco ...)
+ TODO: check
+CVE-2010-2830 (The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and ...)
+ TODO: check
+CVE-2010-2829 (Unspecified vulnerability in the H.323 implementation in Cisco IOS ...)
+ TODO: check
+CVE-2010-2828 (Unspecified vulnerability in the H.323 implementation in Cisco IOS ...)
+ TODO: check
CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of ...)
NOT-FOR-US: Cisco
CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) ...)
@@ -2698,6 +2735,7 @@
CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in ...)
- cacti 0.8.7g-1
CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in ...)
+ {DSA-2114-1}
- git-core 1:1.7.1-1.1 (low; bug #590026)
CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType ...)
{DSA-2105-1}
@@ -2843,8 +2881,7 @@
CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in ...)
{DSA-2110-1}
- linux-2.6 2.6.32-19
-CVE-2010-2491 [roundup XSS]
- RESERVED
+CVE-2010-2491 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup ...)
- roundup 1.4.13-3.1 (bug #590769)
NOTE: http://bugs.gentoo.org/show_bug.cgi?id=326395
NOTE: http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
@@ -3262,12 +3299,14 @@
NOT-FOR-US: Sourcefire 3D Sensor
CVE-2010-2305 (Buffer overflow in an ActiveX control in SSHelper.dll for Symantec ...)
NOT-FOR-US: Symantec Sygate Personal Firewall
-CVE-2010-2304 (The toAlphabetic function in rendering/RenderListMarker.cpp in WebCore ...)
+CVE-2010-2304
+ REJECTED
- webkit 1.2.1-3 (medium; bug #586547)
- chromium-browser 5.0.375.70~r48679-1
NOTE: http://trac.webkit.org/changeset/59950
NOTE: duplicate of cve-2010-1773
-CVE-2010-2303 (page/Geolocation.cpp in WebCore in WebKit in Google Chrome before ...)
+CVE-2010-2303
+ REJECTED
- webkit 1.2.1-3
- chromium-browser 5.0.375.70~r48679-1
NOTE: http://trac.webkit.org/changeset/59859
@@ -4540,12 +4579,12 @@
RESERVED
CVE-2010-1826
RESERVED
-CVE-2010-1825
- RESERVED
-CVE-2010-1824
- RESERVED
-CVE-2010-1823
- RESERVED
+CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
+ TODO: check
+CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
+ TODO: check
+CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in ...)
+ TODO: check
CVE-2010-1822
RESERVED
CVE-2010-1821
@@ -4710,14 +4749,12 @@
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261
NOTE: http://trac.webkit.org/changeset/59495
-CVE-2010-1773
- RESERVED
+CVE-2010-1773 (Off-by-one error in the toAlphabetic function in ...)
- webkit 1.2.2-1
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508
NOTE: http://trac.webkit.org/changeset/59950
-CVE-2010-1772
- RESERVED
+CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore in ...)
- webkit 1.2.2-1
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388
@@ -4738,8 +4775,7 @@
TODO: someone with access to the webkit security list please track down commit
CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows local ...)
NOT-FOR-US: Apple iTunes
-CVE-2010-1767
- RESERVED
+CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in ...)
- webkit 1.2.1-3
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843
@@ -5474,7 +5510,8 @@
CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit <not-affected> (chromium-specific directory traversal)
-CVE-2010-1501 (Cross-site request forgery (CSRF) vulnerability in Google Chrome ...)
+CVE-2010-1501
+ REJECTED
- chromium-browser 5.0.375.29~r46008-1
- webkit 1.2.2-1
[lenny] - webkit <not-affected> (introduced in r47291)
@@ -17995,7 +18032,7 @@
NOT-FOR-US: Cisco
CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
NOT-FOR-US: Cisco
-CVE-2009-2051 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
+CVE-2009-2051 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...)
NOT-FOR-US: Cisco
CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
NOT-FOR-US: Cisco
More information about the Secure-testing-commits
mailing list