[Secure-testing-commits] r15778 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Jan 3 21:15:16 UTC 2011
Author: joeyh
Date: 2011-01-03 21:15:12 +0000 (Mon, 03 Jan 2011)
New Revision: 15778
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-03 18:14:54 UTC (rev 15777)
+++ data/CVE/list 2011-01-03 21:15:12 UTC (rev 15778)
@@ -1,3 +1,49 @@
+CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise before ...)
+ TODO: check
+CVE-2010-4641 (SQL injection vulnerability in XWiki Enterprise before 2.5 allows ...)
+ TODO: check
+CVE-2010-4640 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 ...)
+ TODO: check
+CVE-2010-4639 (SQL injection vulnerability in index.php in MySource Matrix allows ...)
+ TODO: check
+CVE-2010-4638 (SQL injection vulnerability in the submitSurvey function in ...)
+ TODO: check
+CVE-2010-4637 (Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php ...)
+ TODO: check
+CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business ...)
+ TODO: check
+CVE-2010-4635 (SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental ...)
+ TODO: check
+CVE-2010-4634 (** DISPUTED ** ...)
+ TODO: check
+CVE-2010-4633 (SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows ...)
+ TODO: check
+CVE-2010-4632 (Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow ...)
+ TODO: check
+CVE-2010-4631 (Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot ...)
+ TODO: check
+CVE-2010-4630 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2010-4629 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict ...)
+ TODO: check
+CVE-2010-4628 (member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain ...)
+ TODO: check
+CVE-2010-4627 (Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB ...)
+ TODO: check
+CVE-2010-4626 (The my_rand function in functions.php in MyBB (aka MyBulletinBoard) ...)
+ TODO: check
+CVE-2010-4625 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a ...)
+ TODO: check
+CVE-2010-4624 (MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated ...)
+ TODO: check
+CVE-2010-4623 (WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before ...)
+ TODO: check
+CVE-2010-4622 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...)
+ TODO: check
+CVE-2010-4621
+ RESERVED
+CVE-2010-4620
+ RESERVED
CVE-2010-XXXX
- gimp <unfixed> (bug #608497)
CVE-2010-XXXX
@@ -766,8 +812,8 @@
CVE-2010-4524 [mhonarc XSS]
RESERVED
- mhonarc <unfixed> (bug #607693)
-CVE-2010-4522
- RESERVED
+CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
+ TODO: check
CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...)
NOT-FOR-US: mod for Drupal
CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
@@ -818,8 +864,8 @@
RESERVED
CVE-2009-5021 (Cobbler before 1.6.1 does not properly determine whether an ...)
- cobbler <itp> (bug #545583)
-CVE-2010-4507
- RESERVED
+CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
+ TODO: check
CVE-2010-4506
RESERVED
CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, ...)
@@ -1262,8 +1308,7 @@
NOT-FOR-US: Cisco ASA
CVE-2010-4353
RESERVED
-CVE-2010-4352 [dbus stack overflow on excessive number of nested variants]
- RESERVED
+CVE-2010-4352 (Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 ...)
- dbus 1.2.24-4
CVE-2010-4351
RESERVED
@@ -1288,8 +1333,7 @@
CVE-2010-4343 (drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not ...)
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
-CVE-2010-4342 [linux: NULL pointer dereference in AF_ECONET]
- RESERVED
+CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux ...)
- linux-2.6 <unfixed>
CVE-2010-4341
RESERVED
@@ -1318,8 +1362,8 @@
RESERVED
CVE-2010-4322
RESERVED
-CVE-2010-4321
- RESERVED
+CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx in ...)
+ TODO: check
CVE-2010-4320
RESERVED
CVE-2010-4319
@@ -1449,8 +1493,8 @@
NOT-FOR-US: Pandora FMS
CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...)
NOT-FOR-US: Embedded Video plugin 4.1 for WordPress
-CVE-2010-4276
- RESERVED
+CVE-2010-4276 (Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid ...)
+ TODO: check
CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager ...)
NOT-FOR-US: Radius Manager
CVE-2010-4274 (reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 ...)
@@ -1471,8 +1515,7 @@
RESERVED
CVE-2010-4266
RESERVED
-CVE-2010-4265 [jboss: CVE-2010-3862 not actually fixed]
- RESERVED
+CVE-2010-4265 (The ...)
- jbossas4 <not-affected> (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update)
CVE-2010-4264
RESERVED
@@ -1492,8 +1535,7 @@
NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b
CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote ...)
- fontforge 0.0.20100501-4 (bug #605537)
-CVE-2010-4258 [linux failure to revert address limit override in OOPS error path]
- RESERVED
+CVE-2010-4258 (The do_exit function in kernel/exit.c in the Linux kernel before ...)
- linux-2.6 2.6.32-29
CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in ...)
{DSA-2138-1}
@@ -1747,8 +1789,7 @@
CVE-2010-4162
RESERVED
- linux-2.6 2.6.32-29
-CVE-2010-4161 [linux deadlock]
- RESERVED
+CVE-2010-4161 (The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat ...)
- linux-2.6 2.6.28-1
NOTE: https://bugzilla.redhat.com/CVE-2010-4161
CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 ...)
@@ -1781,8 +1822,7 @@
CVE-2010-4160
RESERVED
- linux-2.6 <unfixed> (low)
-CVE-2010-4158
- RESERVED
+CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux kernel ...)
- linux-2.6 2.6.32-29 (low)
CVE-2010-4157 (Integer overflow in the ioc_general function in drivers/scsi/gdth.c in ...)
- linux-2.6 2.6.32-28 (low)
@@ -2309,8 +2349,8 @@
RESERVED
CVE-2010-3924
RESERVED
-CVE-2010-3923
- RESERVED
+CVE-2010-3923 (Untrusted search path vulnerability in AttacheCase before 2.70 allows ...)
+ TODO: check
CVE-2010-3922 (SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x ...)
- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
TODO: check
@@ -2408,8 +2448,7 @@
CVE-2010-3879 [fuse: unprivileged user can unmount arbitrary locations via symlink attack]
RESERVED
- fuse <unfixed> (bug #602333)
-CVE-2010-3878 [JBoss EAP jmx console FileDeployment CSRF]
- RESERVED
+CVE-2010-3878 (Cross-site request forgery (CSRF) vulnerability in the JMX Console in ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3877
RESERVED
@@ -2454,8 +2493,7 @@
- openssl 0.9.8o-3
CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...)
NOT-FOR-US: Apache Shiro / JSecurity
-CVE-2010-3862 [JBoss Remoting Denial-Of-Service]
- RESERVED
+CVE-2010-3862 (The ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux ...)
- linux-2.6 2.6.32-29
@@ -2487,16 +2525,13 @@
NOT-FOR-US: Red Hat Conga
CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 ...)
NOT-FOR-US: libguestfs
-CVE-2010-3850
- RESERVED
+CVE-2010-3850 (The ec_dev_ioctl function in net/econet/af_econet.c in the Linux ...)
{DSA-2126-1}
- linux-2.6 2.6.32-28
-CVE-2010-3849
- RESERVED
+CVE-2010-3849 (The econet_sendmsg function in net/econet/af_econet.c in the Linux ...)
{DSA-2126-1}
- linux-2.6 2.6.32-28
-CVE-2010-3848
- RESERVED
+CVE-2010-3848 (Stack-based buffer overflow in the econet_sendmsg function in ...)
{DSA-2126-1}
- linux-2.6 2.6.32-28
CVE-2010-3847
@@ -2935,8 +2970,7 @@
- php5 5.3.3-3 (bug #601619)
CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...)
- php5 5.3.3-4 (bug #603751)
-CVE-2010-3708 [JBoss drools deserialization remote code execution]
- RESERVED
+CVE-2010-3708 (The serialization implementation in JBoss Drools in Red Hat JBoss ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...)
- dovecot 1.2.15-1
More information about the Secure-testing-commits
mailing list