Author: joeyh
Date: 2010-04-08 21:14:23 +0000 (Thu, 08 Apr 2010)
New Revision: 14438
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-04-08 00:56:42 UTC (rev 14437)
+++ data/CVE/list 2010-04-08 21:14:23 UTC (rev 14438)
@@ -1,3 +1,13 @@
+CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the
DecryptWeb DW ...)
+ TODO: check
+CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5 allows
...)
+ TODO: check
+CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove
Photo ...)
+ TODO: check
+CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS
4.1.0, ...)
+ TODO: check
+CVE-2008-7254 (Directory traversal vulnerability in
includes/template-loader.php in ...)
+ TODO: check
CVE-2010-1298 (Directory traversal vulnerability in view.php in Pulse CMS 1.2.2
...)
TODO: check
CVE-2010-1297
@@ -241,12 +251,12 @@
CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25,
1.6.1.x ...)
- asterisk <unfixed> (low; bug #576560)
[lenny] - asterisk <not-affected> (Vulnerable code not present)
-CVE-2010-1223
- RESERVED
-CVE-2010-1222
- RESERVED
-CVE-2010-1221
- RESERVED
+CVE-2010-1223 (Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow
remote ...)
+ TODO: check
+CVE-2010-1222 (CA XOsoft r12.5 does not properly perform authentication, which
allows ...)
+ TODO: check
+CVE-2010-1221 (CA XOsoft r12.0 and r12.5 does not properly perform
authentication, ...)
+ TODO: check
CVE-2010-1220
RESERVED
CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability]
@@ -303,8 +313,8 @@
- libesmtp 1.0.4-2 (bug #311191)
CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other
...)
- sahana <itp> (bug #497414)
-CVE-2010-1186
- RESERVED
+CVE-2010-1186 (Cross-site scripting (XSS) vulnerability in xml/media-rss.php in
the ...)
+ TODO: check
CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in
...)
NOT-FOR-US: ClickHeat plugin
CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the
Linux ...)
@@ -1923,8 +1933,7 @@
- phpbb3 <unfixed> (unimportant; bug #570011)
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator
(flex) ...)
- flex 2.5.35-1
-CVE-2010-0629 [krb5 dos]
- RESERVED
+CVE-2010-0629 (Use-after-free vulnerability in kadmin/server/server_stubs.c in
...)
- krb5 <unfixed> (low)
NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt
CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...)
@@ -2549,8 +2558,7 @@
RESERVED
CVE-2010-0401
RESERVED
-CVE-2010-0400 [mahara sql inection]
- RESERVED
+CVE-2010-0400 (SQL injection vulnerability in lib/user.php in mahara 1.0.4
allows ...)
{DSA-2030-1}
- mahara 1.2.4-1 (medium)
CVE-2010-0399