thr3ads.net - Secure testing commits - [Secure-testing-commits] r14487

If this information is useful, please help other people find it:
Share via:

Joey Hess

2010-Apr-14 21:14 UTC

[Secure-testing-commits] r14487 - data/CVE

Author: joeyh
Date: 2010-04-14 21:14:43 +0000 (Wed, 14 Apr 2010)
New Revision: 14487

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-04-14 20:57:42 UTC (rev 14486)
+++ data/CVE/list	2010-04-14 21:14:43 UTC (rev 14487)
@@ -1,3 +1,46 @@
+CVE-2010-1564
+	REJECTED
+	TODO: check
+CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player
(com_hdflvplayer) ...)
+	TODO: check
+CVE-2010-1371 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre
...)
+	TODO: check
+CVE-2010-1370 (SQL injection vulnerability in detailad.asp in Pre Classified
Listings ...)
+	TODO: check
+CVE-2010-1369 (SQL injection vulnerability in signup.asp in Pre Classified
Listings ...)
+	TODO: check
+CVE-2010-1368 (SQL injection vulnerability in index.php in GameScript (GS) 3.0
allows ...)
+	TODO: check
+CVE-2010-1367 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2010-1366 (Multiple SQL injection vulnerabilities in admin/admin_login.php
in ...)
+	TODO: check
+CVE-2010-1365 (SQL injection vulnerability in index.php in Uiga Fan Club, as
...)
+	TODO: check
+CVE-2010-1364 (SQL injection vulnerability in index.php in Uiga Personal
Portal, as ...)
+	TODO: check
+CVE-2010-1363 (SQL injection vulnerability in the JProjects (com_j-projects)
...)
+	TODO: check
+CVE-2010-1362 (Cross-site scripting (XSS) vulnerability in the Own Term module
...)
+	TODO: check
+CVE-2010-1361 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2010-1360 (Multiple PHP remote file inclusion vulnerabilities in FAQEngine
...)
+	TODO: check
+CVE-2010-1359 (SQL injection vulnerability in bluegate_seo.inc.php in the
Direct URL ...)
+	TODO: check
+CVE-2010-1358 (Cross-site scripting (XSS) vulnerability in the Bibliography
(Biblio) ...)
+	TODO: check
+CVE-2010-1357 (Cross-site scripting (XSS) vulnerability in
editors/logindialogue.php ...)
+	TODO: check
+CVE-2010-1356 (Unspecified vulnerability on the TANDBERG Video Communication
Server ...)
+	TODO: check
+CVE-2010-1355 (Cross-site scripting (XSS) vulnerability on the TANDBERG Video
...)
+	TODO: check
+CVE-2009-4766 (YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2
stores ...)
+	TODO: check
+CVE-2009-4765 (CNR Hikaye Portal 2.0 stores sensitive information under the web
root ...)
+	TODO: check
 CVE-2010-1354 (Directory traversal vulnerability in the VJDEO (com_vjdeo)
component ...)
 	NOT-FOR-US: Joomla!
 CVE-2010-1353 (Directory traversal vulnerability in the LoginBox Pro
(com_loginbox) ...)
@@ -74,8 +117,8 @@
 	RESERVED
 CVE-2010-1317
 	RESERVED
-CVE-2010-1316
-	RESERVED
+CVE-2010-1316 (Multiple stack-based buffer overflows in Tembria Server Monitor
before ...)
+	TODO: check
 CVE-2010-1315 (Directory traversal vulnerability in weberpcustomer.php in the
...)
 	NOT-FOR-US: Joomla!
 CVE-2010-1314 (Directory traversal vulnerability in the Highslide JS
(com_hsconfig) ...)
@@ -248,6 +291,7 @@
 	NOTE: http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5
 	TODO: check affected/fixed versions, Moritz?
 CVE-2010-1159 [aircrack-ng EAPOL buffer overflow]
+	RESERVED
 	- aircrack-ng <unfixed> (low; bug #577758)
 	[lenny] - aircrack-ng <no-dsa> (low)
 	[etch] - aircrack-ng <no-dsa> (low)
@@ -258,7 +302,7 @@
 	NOT-FOR-US: IBM Web Interface for Content Management
 CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM
Web ...)
 	NOT-FOR-US: IBM Web Interface for Content Management
-CVE-2010-1241 (The custom heap management system in Adobe Reader 9.3.1 allows
remote ...)
+CVE-2010-1241 (Heap-based buffer overflow in the custom heap management system
in ...)
 	TODO: check
 CVE-2010-1240 (Adobe Reader 9.3.1 on Windows does not restrict the contents of
one ...)
 	NOT-FOR-US: Adobe Reader
@@ -479,7 +523,7 @@
 	RESERVED
 CVE-2010-1162
 	RESERVED
-CVE-2010-1161  [nano: unsafe creation of backup files]
+CVE-2010-1161 [nano: unsafe creation of backup files]
 	RESERVED
 	- nano <unfixed> (low; bug #577817)
 	[lenny] - nano <no-dsa> (minor issue)
@@ -1308,100 +1352,100 @@
 	RESERVED
 CVE-2010-0898
 	RESERVED
-CVE-2010-0897
-	RESERVED
-CVE-2010-0896
-	RESERVED
-CVE-2010-0895
-	RESERVED
-CVE-2010-0894
-	RESERVED
-CVE-2010-0893
-	RESERVED
+CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory
Server ...)
+	TODO: check
+CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in
Oracle ...)
+	TODO: check
+CVE-2010-0895 (Unspecified vulnerability in the Solaris component in Oracle Sun
...)
+	TODO: check
+CVE-2010-0894 (Unspecified vulnerability in the Sun Java System Access Manager
...)
+	TODO: check
+CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in
Oracle ...)
+	TODO: check
 CVE-2010-0892
 	RESERVED
-CVE-2010-0891
-	RESERVED
-CVE-2010-0890
-	RESERVED
-CVE-2010-0889
-	RESERVED
-CVE-2010-0888
-	RESERVED
+CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center component
in ...)
+	TODO: check
+CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle Sun
...)
+	TODO: check
+CVE-2010-0889 (Unspecified vulnerability in the Solaris component in Oracle Sun
...)
+	TODO: check
+CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software
component in ...)
+	TODO: check
 CVE-2010-0887
 	RESERVED
 CVE-2010-0886
 	RESERVED
-CVE-2010-0885
-	RESERVED
-CVE-2010-0884
-	RESERVED
-CVE-2010-0883
-	RESERVED
-CVE-2010-0882
-	RESERVED
-CVE-2010-0881
-	RESERVED
-CVE-2010-0880
-	RESERVED
-CVE-2010-0879
-	RESERVED
-CVE-2010-0878
-	RESERVED
-CVE-2010-0877
-	RESERVED
-CVE-2010-0876
-	RESERVED
-CVE-2010-0875
-	RESERVED
-CVE-2010-0874
-	RESERVED
+CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications
...)
+	TODO: check
+CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle
Sun ...)
+	TODO: check
+CVE-2010-0883 (Unspecified vulnerability in the Sun Cluster component in Oracle
Sun ...)
+	TODO: check
+CVE-2010-0882 (Unspecified vulnerability in the Solaris component in Oracle Sun
...)
+	TODO: check
+CVE-2010-0881 (Unspecified vulnerability in the User Interface Components in
Oracle ...)
+	TODO: check
+CVE-2010-0880 (Unspecified vulnerability in the PeopleTools component in Oracle
...)
+	TODO: check
+CVE-2010-0879 (Unspecified vulnerability in the PeopleTools component in Oracle
...)
+	TODO: check
+CVE-2010-0878 (Unspecified vulnerability in the PeopleTools component in Oracle
...)
+	TODO: check
+CVE-2010-0877 (Unspecified vulnerability in the PeopleTools component in Oracle
...)
+	TODO: check
+CVE-2010-0876 (Unspecified vulnerability in the Life Sciences - Oracle Clinical
...)
+	TODO: check
+CVE-2010-0875 (Unspecified vulnerability in the Life Sciences - Oracle
Thesaurus ...)
+	TODO: check
+CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle ...)
+	TODO: check
 CVE-2010-0873
 	RESERVED
-CVE-2010-0872
-	RESERVED
-CVE-2010-0871
-	RESERVED
-CVE-2010-0870
-	RESERVED
-CVE-2010-0869
-	RESERVED
-CVE-2010-0868
-	RESERVED
-CVE-2010-0867
-	RESERVED
-CVE-2010-0866
-	RESERVED
-CVE-2010-0865
-	RESERVED
-CVE-2010-0864
-	RESERVED
-CVE-2010-0863
-	RESERVED
-CVE-2010-0862
-	RESERVED
-CVE-2010-0861
-	RESERVED
-CVE-2010-0860
-	RESERVED
-CVE-2010-0859
-	RESERVED
-CVE-2010-0858
-	RESERVED
-CVE-2010-0857
-	RESERVED
-CVE-2010-0856
-	RESERVED
-CVE-2010-0855
-	RESERVED
-CVE-2010-0854
-	RESERVED
-CVE-2010-0853
-	RESERVED
-CVE-2010-0852
-	RESERVED
-CVE-2010-0851
-	RESERVED
+CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory
component ...)
+	TODO: check
+CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object
Library ...)
+	TODO: check
+CVE-2010-0870 (Unspecified vulnerability in the Change Data Capture component
in ...)
+	TODO: check
+CVE-2010-0869 (Unspecified vulnerability in the Oracle Transportation
Management ...)
+	TODO: check
+CVE-2010-0868 (Unspecified vulnerability in the Oracle iStore component in
Oracle ...)
+	TODO: check
+CVE-2010-0867 (Unspecified vulnerability in the JavaVM component in Oracle
Database ...)
+	TODO: check
+CVE-2010-0866 (Unspecified vulnerability in the JavaVM component in Oracle
Database ...)
+	TODO: check
+CVE-2010-0865 (Unspecified vulnerability in the Oracle Agile Engineering Data
...)
+	TODO: check
+CVE-2010-0864 (Unspecified vulnerability in the Retail - Oracle Retail Place
...)
+	TODO: check
+CVE-2010-0863 (Unspecified vulnerability in the Retail - Oracle Retail Plan
In-Season ...)
+	TODO: check
+CVE-2010-0862 (Unspecified vulnerability in the Retail - Oracle Retail Markdown
...)
+	TODO: check
+CVE-2010-0861 (Unspecified vulnerability in the Oracle HRMS (Self Service)
component ...)
+	TODO: check
+CVE-2010-0860 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
+	TODO: check
+CVE-2010-0859 (Unspecified vulnerability in the Oracle Application Object
Library ...)
+	TODO: check
+CVE-2010-0858 (Unspecified vulnerability in the E-Business Intelligence
component in ...)
+	TODO: check
+CVE-2010-0857 (Unspecified vulnerability in the Oracle Workflow Cartridge
component ...)
+	TODO: check
+CVE-2010-0856 (Unspecified vulnerability in the Portal component in Oracle
Fusion ...)
+	TODO: check
+CVE-2010-0855 (Unspecified vulnerability in the Portal component in Oracle
Fusion ...)
+	TODO: check
+CVE-2010-0854 (Unspecified vulnerability in the Audit component in Oracle
Database ...)
+	TODO: check
+CVE-2010-0853 (Unspecified vulnerability in the Oracle Internet Directory
component ...)
+	TODO: check
+CVE-2010-0852 (Unspecified vulnerability in the XML DB component in Oracle
Database ...)
+	TODO: check
+CVE-2010-0851 (Unspecified vulnerability in the XML DB component in Oracle
Database ...)
+	TODO: check
 CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle
Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
@@ -1574,12 +1618,12 @@
 	RESERVED
 CVE-2010-0813
 	RESERVED
-CVE-2010-0812
-	RESERVED
+CVE-2010-0812 (Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold,
SP1, ...)
+	TODO: check
 CVE-2010-0811
 	RESERVED
-CVE-2010-0810
-	RESERVED
+CVE-2010-0810 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and
Windows ...)
+	TODO: check
 CVE-2010-0809
 	RESERVED
 CVE-2010-0808
@@ -2389,13 +2433,13 @@
 	NOT-FOR-US: Apple iTunes
 CVE-2010-0530
 	RESERVED
-CVE-2010-0529 (Heap-based buffer overflow in Apple QuickTime before 7.6.6 on
Windows ...)
+CVE-2010-0529 (Heap-based buffer overflow in QuickTime.qts in Apple QuickTime
before ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers
to ...)
 	NOT-FOR-US: Apple Quicktime
 CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows
allows ...)
 	NOT-FOR-US: Apple QuickTime
-CVE-2010-0526 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before
...)
+CVE-2010-0526 (Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in
Apple ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce
the key ...)
 	NOT-FOR-US: Apple Mail
@@ -2407,7 +2451,7 @@
 	NOT-FOR-US: Apple Server Admin
 CVE-2010-0521 (Server Admin in Apple Mac OS X Server before 10.6.3 does not
properly ...)
 	NOT-FOR-US: Apple Server Admin
-CVE-2010-0520 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before
...)
+CVE-2010-0520 (Heap-based buffer overflow in QuickTimeAuthoring.qtx in
QuickTime in ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3
allows ...)
 	NOT-FOR-US: Apple QuickTime
@@ -2463,7 +2507,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0493
 	RESERVED
-CVE-2010-0492 (mstime.dll in Microsoft Internet Explorer 8 does not properly
handle ...)
+CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet
...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01
SP4, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
@@ -2473,30 +2517,30 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not
...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2010-0487
-	RESERVED
-CVE-2010-0486
-	RESERVED
+CVE-2010-0487 (The Authenticode Signature verification functionality in
cabview.dll ...)
+	TODO: check
+CVE-2010-0486 (The WinVerifyTrust function in Authenticode Signature
Verification ...)
+	TODO: check
 CVE-2010-0485
 	RESERVED
 CVE-2010-0484
 	RESERVED
-CVE-2010-0483 (VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server ...)
+CVE-2010-0483 (vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft
Windows ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-0482
-	RESERVED
-CVE-2010-0481
-	RESERVED
-CVE-2010-0480
-	RESERVED
-CVE-2010-0479
-	RESERVED
-CVE-2010-0478
-	RESERVED
-CVE-2010-0477
-	RESERVED
-CVE-2010-0476
-	RESERVED
+CVE-2010-0482 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7
does not ...)
+	TODO: check
+CVE-2010-0481 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2,
Windows ...)
+	TODO: check
+CVE-2010-0480 (Multiple stack-based buffer overflows in the MPEG Layer-3 audio
codecs ...)
+	TODO: check
+CVE-2010-0479 (Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003
SP3, and ...)
+	TODO: check
+CVE-2010-0478 (Stack-based buffer overflow in nsum.exe in the Windows Media
Unicast ...)
+	TODO: check
+CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7
does ...)
+	TODO: check
+CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold,
SP1, ...)
+	TODO: check
 CVE-2010-0475
 	RESERVED
 CVE-2010-0474
@@ -3208,12 +3252,12 @@
 	NOT-FOR-US: Sun Java System Web Server
 CVE-2010-0271 (hald in Sun OpenSolaris snv_51 through snv_130 does not have the
...)
 	NOT-FOR-US: hald in Sun OpenSolaris
-CVE-2010-0270
-	RESERVED
-CVE-2010-0269
-	RESERVED
-CVE-2010-0268
-	RESERVED
+CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7
does ...)
+	TODO: check
+CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and
SP3, ...)
+	TODO: check
+CVE-2010-0268 (Unspecified vulnerability in the Windows Media Player ActiveX
control ...)
+	TODO: check
 CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly
handle ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0266
@@ -3236,12 +3280,12 @@
 	NOT-FOR-US: Microsoft Office
 CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the
Excel file ...)
 	NOT-FOR-US: Microsoft Office
-CVE-2010-0256
-	RESERVED
+CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2
does ...)
+	TODO: check
 CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does
not ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2010-0254
-	RESERVED
+CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2
does ...)
+	TODO: check
 CVE-2010-0253
 	RESERVED
 CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office
Excel ...)
@@ -3272,16 +3316,16 @@
 	NOT-FOR-US: Microsoft Windows Vista Gold
 CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
 	NOT-FOR-US: Microsoft Windows Vista Gold
-CVE-2010-0238
-	RESERVED
-CVE-2010-0237
-	RESERVED
-CVE-2010-0236
-	RESERVED
-CVE-2010-0235
-	RESERVED
-CVE-2010-0234
-	RESERVED
+CVE-2010-0238 (Unspecified vulnerability in registry-key validation in the
kernel in ...)
+	TODO: check
+CVE-2010-0237 (The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3
allows ...)
+	TODO: check
+CVE-2010-0236 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)
+	TODO: check
+CVE-2010-0235 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)
+	TODO: check
+CVE-2010-0234 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)
+	TODO: check
 CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7,
including ...)
@@ -3375,36 +3419,36 @@
 	- libpng 1.2.43-1 (low; bug #572308)
 	TODO: check freeimage, tuxonice-userui
 	NOTE: http://www.kb.cert.org/vuls/id/576029
-CVE-2010-0204
-	RESERVED
-CVE-2010-0203
-	RESERVED
-CVE-2010-0202
-	RESERVED
-CVE-2010-0201
-	RESERVED
+CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2
on ...)
+	TODO: check
+CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2,
and 8.x ...)
+	TODO: check
+CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2,
and 8.x ...)
+	TODO: check
+CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2
on ...)
+	TODO: check
 CVE-2010-0200
-	RESERVED
-CVE-2010-0199
-	RESERVED
-CVE-2010-0198
-	RESERVED
-CVE-2010-0197
-	RESERVED
-CVE-2010-0196
-	RESERVED
-CVE-2010-0195
-	RESERVED
-CVE-2010-0194
-	RESERVED
-CVE-2010-0193
-	RESERVED
-CVE-2010-0192
-	RESERVED
-CVE-2010-0191
-	RESERVED
-CVE-2010-0190
-	RESERVED
+	REJECTED
+CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2,
and 8.x ...)
+	TODO: check
+CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2,
and 8.x ...)
+	TODO: check
+CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2
on ...)
+	TODO: check
+CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before
...)
+	TODO: check
+CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2
on ...)
+	TODO: check
+CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2
on ...)
+	TODO: check
+CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before
...)
+	TODO: check
+CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before
...)
+	TODO: check
+CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2
on ...)
+	TODO: check
+CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and
Acrobat ...)
+	TODO: check
 CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download
Manager ...)
 	NOT-FOR-US: Adobe Download Manager
 CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before
8.2.1 ...)
@@ -3441,7 +3485,7 @@
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0177 (The window.navigator.plugins object in Mozilla Firefox before
3.0.19, ...)
+CVE-2010-0177 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x
before ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
@@ -3820,12 +3864,12 @@
 	NOT-FOR-US: module for Drupal
 CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3,
when ...)
 	NOT-FOR-US: Oscailt
-CVE-2009-4511
-	RESERVED
-CVE-2009-4510
-	RESERVED
-CVE-2009-4509
-	RESERVED
+CVE-2009-4511 (Multiple directory traversal vulnerabilities in the web
administration ...)
+	TODO: check
+CVE-2009-4510 (The SSH service on the TANDBERG Video Communication Server (VCS)
...)
+	TODO: check
+CVE-2009-4509 (The administrative web console on the TANDBERG Video
Communication ...)
+	TODO: check
 CVE-2009-4508
 	RESERVED
 CVE-2009-4507
@@ -4174,8 +4218,8 @@
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0086
-	RESERVED
+CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle
Fusion ...)
+	TODO: check
 CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
@@ -4206,8 +4250,8 @@
 	NOT-FOR-US: Oracle E-Business Suite
 CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
 	NOT-FOR-US: BEA Product Suite
-CVE-2010-0073
-	RESERVED
+CVE-2010-0073 (Unspecified vulnerability in the WebLogic Server in Oracle
WebLogic ...)
+	TODO: check
 CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
 	NOT-FOR-US: Oracle Secure Backup
 CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle
Database ...)
@@ -4373,7 +4417,7 @@
 	NOT-FOR-US: Apple DesktopServices
 CVE-2010-0063 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS
X ...)
 	NOT-FOR-US: Apple CoreTypes
-CVE-2010-0062 (Heap-based buffer overflow in CoreMedia and QuickTime in Apple
Mac OS ...)
+CVE-2010-0062 (Heap-based buffer overflow in quicktime.qts in CoreMedia and
QuickTime ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2010-0061
 	RESERVED
@@ -4489,10 +4533,10 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server
2008 ...)
 	NOT-FOR-US: Microsoft Windows Server
-CVE-2010-0025
-	RESERVED
-CVE-2010-0024
-	RESERVED
+CVE-2010-0025 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and
SP3, ...)
+	TODO: check
+CVE-2010-0024 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and
SP3, ...)
+	TODO: check
 CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft
Windows 2000 ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-0022 (The SMB implementation in the Server service in Microsoft
Windows 2000 ...)
@@ -4537,7 +4581,7 @@
 CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to
obtain ...)
 	- couchdb <unfixed> (bug #576304)
 	NOTE: I don''t really see the security implications?
-CVE-2010-0008 (The SCTP implementation in the Linux kernel before 2.6.23 allows
...)
+CVE-2010-0008 (The sctp_rcv_ootb function in the SCTP implementation in the
Linux ...)
 	- linux-2.6 2.6.23-1
 CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the
...)
 	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
@@ -5568,7 +5612,7 @@
 	NOT-FOR-US: LiveCycle
 CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and
Acrobat ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
-CVE-2009-3958 (Buffer overflow in the Download Manager in Adobe Reader and
Acrobat ...)
+CVE-2009-3958 (Multiple stack-based buffer overflows in the NOS Microsystems
getPlus ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
 CVE-2009-3957 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on
Windows ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
@@ -5578,7 +5622,7 @@
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
 CVE-2009-3954 (The 3D implementation in Adobe Reader and Acrobat 9.x before
9.3, and ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
-CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before
9.3, and ...)
+CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before
9.3, 8.x ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
 CVE-2009-3952 (Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and
...)
 	NOT-FOR-US: Adobe Illustrator
@@ -6120,7 +6164,7 @@
 	RESERVED
 CVE-2009-3737
 	RESERVED
-CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
...)
+CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
as ...)
 	{DSA-1958-1}
 	- libtool 2.2.6b-1 (low; bug #559797)
 	- arts <not-affected> (Uses absolute path to the sound backend)
@@ -6426,7 +6470,7 @@
 	RESERVED
 CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows
2000 ...)
 	NOT-FOR-US: Microsoft Internet Authentication Service
-CVE-2009-3676 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7
allows ...)
+CVE-2009-3676 (The SMB client in the kernel in Microsoft Windows Server 2008 R2
and ...)
 	NOT-FOR-US: Microsoft Windows Server
 CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service
(LSASS) in ...)
 	NOT-FOR-US: Microsoft Local Security Authority Subsystem Service
@@ -20971,7 +21015,7 @@
 	- linux-2.6.24 2.6.24-6~etchnhalf.7
 CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial
of ...)
 	NOT-FOR-US: Microsoft Communicator
-CVE-2008-5180 (Microsoft Communicator allows remote attackers to cause a denial
of ...)
+CVE-2008-5180 (Microsoft Communicator, and Communicator in Microsoft Office
2010 ...)
 	NOT-FOR-US: Microsoft Communicator
 CVE-2008-5179 (Unspecified vulnerability in Microsoft Office Communications
Server ...)
 	NOT-FOR-US: Microsoft Office Communications Server

Raphael Geissert

2010-Apr-14 23:29 UTC

head link

[Secure-testing-commits] r14487 - data/CVE

Joey Hess wrote:
> Author: joeyh
> Date: 2010-04-14 21:14:43 +0000 (Wed, 14 Apr 2010)
> New Revision: 14487
> 
> Modified:
>    data/CVE/list
> Log:
> automatic update
> 
> Modified: data/CVE/list
> ==================================================================> ---
data/CVE/list	2010-04-14 20:57:42 UTC (rev 14486)
> +++ data/CVE/list	2010-04-14 21:14:43 UTC (rev 14487)
> @@ -1,3 +1,46 @@
> +CVE-2010-1564
> +	REJECTED
> +	TODO: check
interesting :)

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Secure testing commits - Apr 2010 - r14487 - data/CVE

[Secure-testing-commits] r14487 - data/CVE

[Secure-testing-commits] r14487 - data/CVE