Author: joeyh
Date: 2010-04-02 21:14:42 +0000 (Fri, 02 Apr 2010)
New Revision: 14384
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-04-02 20:39:50 UTC (rev 14383)
+++ data/CVE/list 2010-04-02 21:14:42 UTC (rev 14384)
@@ -1,3 +1,39 @@
+CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote
attackers to ...)
+ TODO: check
+CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict
...)
+ TODO: check
+CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036
allows ...)
+ TODO: check
+CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036
allows ...)
+ TODO: check
+CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036
allow ...)
+ TODO: check
+CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before
...)
+ TODO: check
+CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected
behavior ...)
+ TODO: check
+CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036
does ...)
+ TODO: check
+CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google
...)
+ TODO: check
+CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
+ TODO: check
+CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the
iPhone 2G ...)
+ TODO: check
+CVE-2010-1225 (The memory-management implementation in the Virtual Machine
Monitor ...)
+ TODO: check
+CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25,
1.6.1.x ...)
+ TODO: check
+CVE-2010-1223
+ RESERVED
+CVE-2010-1222
+ RESERVED
+CVE-2010-1221
+ RESERVED
+CVE-2010-1220
+ RESERVED
CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability]
- interchange 5.7.6-1
CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews)
...)
@@ -145,9 +181,9 @@
CVE-2010-1145
RESERVED
CVE-2010-1144 [libnids null pointer dereference]
+ RESERVED
- libnids <unfixed> (low; bug #576281)
[lenny] - libnids <no-dsa> (Minor issue)
- RESERVED
NOTE: dsniff is the only software in Debian using this lib so the impact is
pretty minor
CVE-2010-1143
RESERVED
@@ -161,8 +197,8 @@
RESERVED
CVE-2010-1138
RESERVED
-CVE-2010-1137
- RESERVED
+CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware
...)
+ TODO: check
CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent
ACLs ...)
TODO: check
CVE-2009-4761 (Stack-based buffer overflow in Mini-stream RM Downloader allows
remote ...)
@@ -432,8 +468,8 @@
RESERVED
CVE-2010-1032
RESERVED
-CVE-2010-1031
- RESERVED
+CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka
...)
+ TODO: check
CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules
...)
TODO: check
CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector
function ...)
@@ -1012,73 +1048,59 @@
RESERVED
CVE-2010-0851
RESERVED
-CVE-2010-0850
- RESERVED
+CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle
Java SE ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0849
- RESERVED
+CVE-2010-0849 (Unspecified vulnerability in the Java 2D component in Oracle
Java SE ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0848
- RESERVED
+CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle
Java SE ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0847
- RESERVED
+CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle
Java SE ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0846
- RESERVED
+CVE-2010-0846 (Unspecified vulnerability in the ImageIO component in Oracle
Java SE ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0845
- RESERVED
+CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in
Oracle ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0844
- RESERVED
+CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java
SE and ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0843
- RESERVED
+CVE-2010-0843 (Unspecified vulnerability in the Sound component in Oracle Java
SE and ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0842
- RESERVED
+CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java
SE and ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0841
- RESERVED
+CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle
Java SE ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0840
- RESERVED
+CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0839
- RESERVED
+CVE-2010-0839 (Unspecified vulnerability in the Sound component in Oracle Java
SE and ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0838
- RESERVED
+CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle
Java SE ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0837
- RESERVED
+CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle
Java SE ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -1150,8 +1172,7 @@
CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a
''\0'' ...)
- libesmtp <unfixed> (bug #572960)
NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
-CVE-2010-1193 [libesmtp wildcard handling]
- RESERVED
+CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware
Server ...)
- libesmtp <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2010/03/30/10
TODO: check
@@ -1290,12 +1311,12 @@
RESERVED
CVE-2010-0771
RESERVED
-CVE-2010-0770
- RESERVED
-CVE-2010-0769
- RESERVED
-CVE-2010-0768
- RESERVED
+CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1
before ...)
+ TODO: check
+CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1
before ...)
+ TODO: check
+CVE-2010-0768 (Cross-site scripting (XSS) vulnerability in the Administration
Console ...)
+ TODO: check
CVE-2010-0767
RESERVED
CVE-2010-0766 (Integer overflow in the Swap4 function in valet4.dll in Luxology
Modo ...)
@@ -1331,9 +1352,9 @@
CVE-2010-0751
RESERVED
CVE-2010-0750 [policykit information disclosure]
+ RESERVED
- policykit <not-affected> (pkexec introduced in 0.92)
[lenny] - policykit <not-affected> (pkexec introduced in 0.92)
- RESERVED
CVE-2010-0749
RESERVED
CVE-2010-0748
@@ -1498,8 +1519,8 @@
NOT-FOR-US: Orbital Viewer
CVE-2010-0687
RESERVED
-CVE-2010-0686
- RESERVED
+CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server
2.0, ...)
+ TODO: check
CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source
...)
- asterisk <unfixed>
[lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs
need to be followed)
@@ -3695,61 +3716,51 @@
NOT-FOR-US: Valarsoft Webmatic
CVE-2009-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft
...)
NOT-FOR-US: Valarsoft Webmatic
-CVE-2010-0095
- RESERVED
+CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0094
- RESERVED
-CVE-2010-0093
- RESERVED
+CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
+ TODO: check
+CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0092
- RESERVED
+CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0091
- RESERVED
+CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0090
- RESERVED
-CVE-2010-0089
- RESERVED
+CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in
...)
+ TODO: check
+CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in
...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0088
- RESERVED
+CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0087
- RESERVED
+CVE-2010-0087 (Unspecified vulnerability in the Java Web Start, Java Plug-in
...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2010-0086
RESERVED
-CVE-2010-0085
- RESERVED
+CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0084
- RESERVED
+CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2010-0083
RESERVED
-CVE-2010-0082
- RESERVED
+CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in
Oracle ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -4215,6 +4226,7 @@
CVE-2009-4275
RESERVED
CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in
netpbm ...)
+ {DTSA-206-1}
- netpbm-free <unfixed> (medium; bug #569060)
CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to
execute ...)
- systemtap 1.1-1 (bug #568865)
@@ -5619,7 +5631,7 @@
RESERVED
CVE-2009-3768
RESERVED
-CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used,
does not ...)
+CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly
other ...)
{DSA-1943-1}
- openldap 2.4.17-2.1 (low; bug #553432)
- openldap2.3 <removed>
@@ -10709,8 +10721,8 @@
RESERVED
CVE-2009-2278
RESERVED
-CVE-2009-2277
- RESERVED
+CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware
...)
+ TODO: check
CVE-2009-2276 (SQL injection vulnerability in voteforus.php in the Vote For Us
...)
NOT-FOR-US: voteforus.php extension for PunBB
CVE-2009-2275 (Directory traversal vulnerability in
frontend/x3/stats/lastvisit.html ...)