Author: joeyh Date: 2010-04-19 21:14:22 +0000 (Mon, 19 Apr 2010) New Revision: 14528 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-19 14:19:40 UTC (rev 14527) +++ data/CVE/list 2010-04-19 21:14:22 UTC (rev 14528) @@ -1,3 +1,23 @@ +CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...) + TODO: check +CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...) + TODO: check +CVE-2010-1465 (Stack-based buffer overflow in Trellian FTP client 3.01, including ...) + TODO: check +CVE-2010-1464 (Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst ...) + TODO: check +CVE-2010-1463 (Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE ...) + TODO: check +CVE-2010-1462 (Directory traversal vulnerability in WebAsyst Shop-Script FREE has ...) + TODO: check +CVE-2010-1461 (Directory traversal vulnerability in the Photo Battle ...) + TODO: check +CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...) + TODO: check +CVE-2010-1459 + RESERVED +CVE-2010-1458 + RESERVED CVE-2010-XXXX [fetchmail memory exhaustion DoS] - fetchmail 6.3.16-2 (low) [lenny] - fetchmail <no-dsa> (only vulnerable when run under debug verbosity level) @@ -706,21 +726,18 @@ RESERVED CVE-2010-1164 RESERVED -CVE-2010-1163 [another sudoedit issue] - RESERVED +CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...) - sudo <unfixed> (bug #578275) [lenny] - sudo <not-affected> (ignore_dot default value is off and can''t be changed in runtime) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=580441#c3 CVE-2010-1162 [linux-2.6: tty pid issue] RESERVED - linux-2.6 <unfixed> -CVE-2010-1161 [nano: unsafe creation of backup files] - RESERVED +CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a ...) - nano 2.2.4-1 (low; bug #577817) [lenny] - nano <no-dsa> (minor issue) NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4 -CVE-2010-1160 [nano: unsafe overwriting of existing files] - RESERVED +CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed ...) - nano 2.2.4-1 (low; bug #577817) [lenny] - nano <no-dsa> (minor issue) NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4 @@ -728,12 +745,10 @@ RESERVED CVE-2010-1157 RESERVED -CVE-2010-1156 - RESERVED +CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to ...) - irssi 0.8.15-1 (low) [lenny] - irssi <no-dsa> (Minor issue) -CVE-2010-1155 - RESERVED +CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server ...) - irssi 0.8.15-1 (low) [lenny] - irssi <no-dsa> (Minor issue) CVE-2010-1154 @@ -1987,8 +2002,7 @@ - openssl 0.9.8n-1 (medium; bug #575607) [lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts) NOTE: http://www.openssl.org/news/secadv_20100324.txt -CVE-2010-0739 [dvips sprintf buffer overflow] - RESERVED +CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips ...) NOTE: http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log - texlive-bin <unfixed> (low) [lenny] - texlive-bin <no-dsa> (minor issue)