Secure testing commits - Feb 2010 - r14146 - data/CVE

Author: joeyh
Date: 2010-02-23 21:14:35 +0000 (Tue, 23 Feb 2010)
New Revision: 14146

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-02-23 21:09:52 UTC (rev 14145)
+++ data/CVE/list	2010-02-23 21:14:35 UTC (rev 14146)
@@ -1,3 +1,71 @@
+CVE-2010-0689
+	RESERVED
+CVE-2010-0688
+	RESERVED
+CVE-2010-0687
+	RESERVED
+CVE-2010-0686
+	RESERVED
+CVE-2010-0685
+	RESERVED
+CVE-2010-0684
+	RESERVED
+CVE-2010-0683
+	RESERVED
+CVE-2010-0682
+	RESERVED
+CVE-2010-0681 (ZeusCMS 0.2 stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2010-0680 (Directory traversal vulnerability in index.php in ZeusCMS 0.2
allows ...)
+	TODO: check
+CVE-2010-0679 (Multiple stack-based buffer overflows in the
HyleosChemView.HLChemView ...)
+	TODO: check
+CVE-2010-0678 (PHP remote file inclusion vulnerability in
includes/moderation.php in ...)
+	TODO: check
+CVE-2010-0677 (SQL injection vulnerability in index.php in Katalog Stron
Hurricane ...)
+	TODO: check
+CVE-2010-0676 (Directory traversal vulnerability in index.php in the RWCards
...)
+	TODO: check
+CVE-2010-0675 (Cross-site scripting (XSS) vulnerability in index.php in
BGSvetionik ...)
+	TODO: check
+CVE-2010-0674 (StatCounteX 3.1 stores sensitive information under the web root
with ...)
+	TODO: check
+CVE-2010-0673 (SQL injection vulnerability in cplphoto.php in the Copperleaf
Photolog ...)
+	TODO: check
+CVE-2010-0672 (SQL injection vulnerability in index.php in WSN Guest 1.02
allows ...)
+	TODO: check
+CVE-2010-0671 (SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS
...)
+	TODO: check
+CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks)
...)
+	TODO: check
+CVE-2010-0669
+	RESERVED
+CVE-2010-0668
+	RESERVED
+CVE-2010-0667
+	RESERVED
+CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5
Patch ...)
+	TODO: check
+CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information
under ...)
+	TODO: check
+CVE-2009-4651 (Multiple cross-site scripting (XSS) vulnerabilities in the Webee
...)
+	TODO: check
+CVE-2009-4650 (SQL injection vulnerability in the Webee Comments
(com_webeecomment) ...)
+	TODO: check
+CVE-2009-4649 (Multiple cross-site scripting (XSS) vulnerabilities in
geccBBlite 0.1 ...)
+	TODO: check
+CVE-2009-4648 (Accellion Secure File Transfer Appliance before 8_0_105 does not
...)
+	TODO: check
+CVE-2009-4647 (Cross-site scripting (XSS) vulnerability in Accellion Secure
File ...)
+	TODO: check
+CVE-2009-4646 (Static code injection vulnerability in the administrative web
...)
+	TODO: check
+CVE-2009-4645 (Directory traversal vulnerability in web_client_user_guide.html
in ...)
+	TODO: check
+CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows
remote ...)
+	TODO: check
+CVE-2005-4886
+	RESERVED
 CVE-2010-XXXX [konversation DoS]
 	- konversation 1.2.3-1 (low)
 	NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
@@ -107,7 +175,7 @@
 	- kdeartwork <undetermined>
 	[lenny] - kdeartwork <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/2
-        NOTE: http://www.kde.org/info/security/advisory-2010-02-17-1.txt
+	NOTE: http://www.kde.org/info/security/advisory-2010-02-17-1.txt
 CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator
(flex) ...)
 	TODO: check
 CVE-2010-0629
@@ -245,16 +313,16 @@
 	RESERVED
 CVE-2010-0570
 	RESERVED
-CVE-2010-0569
-	RESERVED
-CVE-2010-0568
-	RESERVED
-CVE-2010-0567
-	RESERVED
-CVE-2010-0566
-	RESERVED
-CVE-2010-0565
-	RESERVED
+CVE-2010-0569 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive
Security ...)
+	TODO: check
+CVE-2010-0568 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive
Security ...)
+	TODO: check
+CVE-2010-0567 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive
Security ...)
+	TODO: check
+CVE-2010-0566 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive
Security ...)
+	TODO: check
+CVE-2010-0565 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive
Security ...)
+	TODO: check
 CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus
interface ...)
 	TODO: check
 CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its
activation ...)
@@ -690,8 +758,7 @@
 	[lenny] - systemtap <not-affected> (Vulnerable code not present)
 	[etch] - systemtap <no-dsa> (Minor issue)
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
-CVE-2010-0410 [kernel OOM via NETLINK_CONNECTOR]
-	RESERVED
+CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before
2.6.32.8 ...)
 	{DSA-2003-1 DSA-1996-1}
 	- linux-2.6 2.6.32-8 
 	- linux-2.6.24 <removed>
@@ -1100,8 +1167,7 @@
 CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to
cause a ...)
 	{DSA-1980-1}
 	- ircd-ratbox 3.0.6.dfsg-1 (low; bug #567191)
-CVE-2010-0299 [unrestrictive permissions for devtmpfs root directory could lead
to privilege escalation]
-	RESERVED
+CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure
...)
 	- linux-2.6 2.6.32-6 
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.31)
@@ -1151,8 +1217,7 @@
 	- dokuwiki 0.0.20090214b-3.1 (low)
 	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
 	NOTE: http://secunia.com/advisories/38205/
-CVE-2010-0286 [typo3 openid auth bypass]
-	RESERVED
+CVE-2010-0286 (Unspecified vulnerability in the OpenID Identity Authentication
...)
 	- typo3-src 4.3.1-1 (bug #567163)
 	[lenny] - typo3-src <not-affected> (Only affects 4.3.x)
 	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/
@@ -1164,8 +1229,7 @@
 	TODO: file bug, check affected versions
 CVE-2010-0284
 	RESERVED
-CVE-2010-0283 [MITKRB5-SA-2010-001]
-	RESERVED
+CVE-2010-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5)
1.7 ...)
 	- krb5 1.8+dfsg~alpha1-7
 	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.7)
 CVE-2010-0282
@@ -1420,11 +1484,11 @@
 	RESERVED
 CVE-2010-0189
 	RESERVED
-CVE-2010-0188
-	RESERVED
+CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before
8.2.1 ...)
+	TODO: check
 CVE-2010-0187 (Adobe Flash Player before 10.0.45.2 and Adobe AIR before
1.5.3.9130 ...)
 	NOT-FOR-US: Adobe Flash plugin
-CVE-2010-0186 (Cross-domain vulnerability in Adobe Flash Player before
10.0.45.2 and ...)
+CVE-2010-0186 (Cross-domain vulnerability in Adobe Flash Player before
10.0.45.2, ...)
 	NOT-FOR-US: Adobe Flash plugin
 CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not
restrict ...)
 	NOT-FOR-US: Adobe ColdFusion
@@ -1472,8 +1536,7 @@
 	RESERVED
 CVE-2010-0163
 	RESERVED
-CVE-2010-0162 [same-origin bypass]
-	RESERVED
+CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and
...)
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <end-of-life>
@@ -1481,16 +1544,14 @@
 	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
 CVE-2010-0161
 	RESERVED
-CVE-2010-0160 [vulnerability in web workers]
-	RESERVED
+CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before
3.0.18 ...)
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <not-affected> (web workers introduced in gecko
1.9.1)
 	[lenny] - xulrunner <not-affected> (web workers introduced in gecko
1.9.1)
 	- iceape 2.0.3-1
 	[etch] - iceape <not-affected> (web workers introduced in gecko 1.9.1)
 	[lenny] - iceape <not-affected> (web workers introduced in gecko 1.9.1)
-CVE-2010-0159 [several vulnerabilities]
-	RESERVED
+CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and
3.5.x ...)
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <end-of-life>
@@ -1510,12 +1571,12 @@
 	RESERVED
 CVE-2010-0152
 	RESERVED
-CVE-2010-0151
-	RESERVED
-CVE-2010-0150
-	RESERVED
-CVE-2010-0149
-	RESERVED
+CVE-2010-0151 (The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as
used ...)
+	TODO: check
+CVE-2010-0150 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive
Security ...)
+	TODO: check
+CVE-2010-0149 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive
Security ...)
+	TODO: check
 CVE-2010-0148
 	RESERVED
 CVE-2010-0147
@@ -1689,12 +1750,12 @@
 	RESERVED
 CVE-2010-0109
 	RESERVED
-CVE-2010-0108
-	RESERVED
+CVE-2010-0108 (Buffer overflow in an ActiveX control in the Symantec Client
Proxy ...)
+	TODO: check
 CVE-2010-0107
 	RESERVED
-CVE-2010-0106
-	RESERVED
+CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x
before ...)
+	TODO: check
 CVE-2010-0105
 	RESERVED
 CVE-2010-0104
@@ -3355,8 +3416,7 @@
 CVE-2009-3989 (Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5,
and ...)
 	- bugzilla <unfixed> (unimportant)
 	NOTE: http://www.bugzilla.org/security/3.0.10/
-CVE-2009-3988 [same-origin flaw in showModalDialog]
-	RESERVED
+CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and
...)
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <end-of-life>
@@ -10946,8 +11006,7 @@
 CVE-2009-1574 (racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote
...)
 	{DSA-1804-1}
 	- ipsec-tools 1:0.7.1-1.4 (medium; bug #527634)
-CVE-2009-1571 [memory incorrectly freed]
-	RESERVED
+CVE-2009-1571 (Use-after-free vulnerability in the HTML parser in Mozilla
Firefox ...)
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <end-of-life>