thr3ads.net - Secure testing commits - [Secure-testing-commits] r15135

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Aug-05 21:15 UTC
[Secure-testing-commits] r15135 - data/CVE

Author: joeyh
Date: 2010-08-05 21:14:44 +0000 (Thu, 05 Aug 2010)
New Revision: 15135

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-08-05 09:14:42 UTC (rev 15134)
+++ data/CVE/list	2010-08-05 21:14:44 UTC (rev 15135)
@@ -1,6 +1,88 @@
+CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not
properly ...)
+	TODO: check
+CVE-2010-2970 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin
1.9.x ...)
+	TODO: check
+CVE-2010-2969 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin
1.7.3 ...)
+	TODO: check
+CVE-2010-2968 (The FTP daemon in Wind River VxWorks does not close the TCP
connection ...)
+	TODO: check
+CVE-2010-2967 (The loginDefaultEncrypt algorithm in loginLib in Wind River
VxWorks ...)
+	TODO: check
+CVE-2010-2966 (The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x,
5.x, and ...)
+	TODO: check
+CVE-2010-2965 (The WDB target agent debug service in Wind River VxWorks 6.x,
5.x, and ...)
+	TODO: check
+CVE-2010-2964
+	RESERVED
+CVE-2010-2963
+	RESERVED
+CVE-2010-2962
+	RESERVED
+CVE-2010-2961
+	RESERVED
+CVE-2010-2960
+	RESERVED
+CVE-2010-2959
+	RESERVED
+CVE-2010-2958
+	RESERVED
+CVE-2010-2957
+	RESERVED
+CVE-2010-2956
+	RESERVED
+CVE-2010-2955
+	RESERVED
+CVE-2010-2954
+	RESERVED
+CVE-2010-2953
+	RESERVED
+CVE-2010-2952
+	RESERVED
+CVE-2010-2951
+	RESERVED
+CVE-2010-2950
+	RESERVED
+CVE-2010-2949
+	RESERVED
+CVE-2010-2948
+	RESERVED
+CVE-2010-2947
+	RESERVED
+CVE-2010-2946
+	RESERVED
+CVE-2010-2945
+	RESERVED
+CVE-2010-2944
+	RESERVED
+CVE-2010-2943
+	RESERVED
+CVE-2010-2942
+	RESERVED
+CVE-2010-2941
+	RESERVED
+CVE-2010-2940
+	RESERVED
+CVE-2010-2939
+	RESERVED
+CVE-2010-2938
+	RESERVED
+CVE-2010-2937
+	RESERVED
+CVE-2010-2936
+	RESERVED
+CVE-2010-2935
+	RESERVED
+CVE-2010-2934
+	RESERVED
+CVE-2010-2933 (SQL injection vulnerability in AV Scripts AV Arcade 3 allows
remote ...)
+	TODO: check
+CVE-2010-2932 (Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control ...)
+	TODO: check
+CVE-2010-2931 (Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control
allows ...)
+	TODO: check
 CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in
hsolink ...)
 	TODO: check
-CVE-2010-2929 (hsolinkcontrol in hsolink 1.0.118 allows local users to gain
...)
+CVE-2010-2929 (Untrusted search path vulnerability in hsolinkcontrol in hsolink
...)
 	TODO: check
 CVE-2010-2928
 	RESERVED
@@ -158,8 +240,8 @@
 	RESERVED
 CVE-2010-2861
 	RESERVED
-CVE-2010-2860
-	RESERVED
+CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts
...)
+	TODO: check
 CVE-2009-4974 (Directory traversal vulnerability in box_display.php in
TotalCalendar ...)
 	NOT-FOR-US: TotalCalendar
 CVE-2009-4973 (SQL injection vulnerability in rss.php in TotalCalendar 2.4
allows ...)
@@ -343,8 +425,7 @@
 CVE-2010-2791 [apache2 mod_proxy information leak]
 	RESERVED
 	- apache2 2.2.10-1 (low)
-CVE-2010-2790 [zabbix XSS via formatQuery() of class.curl.php]
-	RESERVED
+CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the
formatQuery ...)
 	- zabbix <unfixed>
 	NOTE: https://support.zabbix.com/browse/ZBX-2326
 	[lenny] - zabbix <no-dsa> (Minor issue)
@@ -546,8 +627,8 @@
 	RESERVED
 CVE-2010-2726
 	RESERVED
-CVE-2010-2725
-	RESERVED
+CVE-2010-2725 (BarnOwl before 1.6.2 does not check the return code of calls to
the ...)
+	TODO: check
 CVE-2010-2724 (Cross-site scripting (XSS) vulnerability in the Hierarchical
Select ...)
 	NOT-FOR-US: Drupal addon module
 CVE-2010-2723 (Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16
allows ...)
@@ -971,8 +1052,7 @@
 	RESERVED
 	{DSA-2076-1}
 	- gnupg2 2.0.14-2
-CVE-2010-2546 [incomplete fix for CVE-2009-3995]
-	RESERVED
+CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in
...)
 	{DSA-2081-1}
 	- libmikmod 3.1.11-6.3
 CVE-2010-2545
@@ -1026,8 +1106,7 @@
 	RESERVED
 	{DSA-2070-1}
 	- freetype 2.4.0-1
-CVE-2010-2526
-	RESERVED
+CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in
lvm2-cluster in ...)
 	- clvm <unfixed> (bug #591204)
 CVE-2010-2525
 	RESERVED
@@ -1150,8 +1229,7 @@
 	RESERVED
 	{DSA-2069-1}
 	- znc 0.090-2 (bug #584929)
-CVE-2010-2487 [moin XSS]
-	RESERVED
+CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin
1.7.3 ...)
 	{DSA-2083-1}
 	- moin 1.9.3-1 (bug #584809)
 CVE-2010-2486
@@ -2655,8 +2733,8 @@
 	- php5 <unfixed> (unimportant)
 CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2
allows ...)
 	- php5 <unfixed> (unimportant)
-CVE-2010-1871
-	RESERVED
+CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise
Application ...)
+	TODO: check
 CVE-2010-1870
 	RESERVED
 CVE-2010-1869 (Stack-based buffer overflow in the parser function in
GhostScript 8.70 ...)
@@ -4686,7 +4764,7 @@
 	[lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above)
 	- iceape 2.0.6-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1208 (The attribute-cloning functionality in the DOM implementation in
...)
+CVE-2010-1208 (Use-after-free vulnerability in the attribute-cloning
functionality in ...)
 	{DSA-2075-1}
 	- xulrunner 1.9.1.11-1
 	- iceape 2.0.6-1
Secure testing commits - Aug 2010 - r15135 - data/CVE

[Secure-testing-commits] r15135 - data/CVE
