Author: joeyh Date: 2010-08-19 01:11:22 +0000 (Thu, 19 Aug 2010) New Revision: 15165 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-08-18 09:42:22 UTC (rev 15164) +++ data/CVE/list 2010-08-19 01:11:22 UTC (rev 15165) @@ -1,4 +1,114 @@ +CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows ...) + TODO: check +CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses insecure ...) + TODO: check +CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball Script ...) + TODO: check +CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in ...) + TODO: check +CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus ...) + TODO: check +CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) + TODO: check +CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in DiamondList ...) + TODO: check +CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance logging ...) + TODO: check +CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote ...) + TODO: check +CVE-2010-3020 (The news-feed preview feature in Opera before 10.61 does not properly ...) + TODO: check +CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote ...) + TODO: check +CVE-2010-3018 + RESERVED +CVE-2010-3017 + RESERVED +CVE-2010-3016 + RESERVED +CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...) + TODO: check +CVE-2010-3012 + RESERVED +CVE-2010-3011 + RESERVED +CVE-2010-3010 + RESERVED +CVE-2010-3009 + RESERVED +CVE-2010-3008 + RESERVED +CVE-2010-3007 + RESERVED +CVE-2010-3006 + RESERVED +CVE-2010-3005 + RESERVED +CVE-2010-3004 + RESERVED +CVE-2010-3003 + RESERVED +CVE-2010-3002 + RESERVED +CVE-2010-3001 + RESERVED +CVE-2010-3000 + RESERVED +CVE-2010-2999 + RESERVED +CVE-2010-2998 + RESERVED +CVE-2010-2997 + RESERVED +CVE-2010-2996 + RESERVED +CVE-2010-2991 (The IICAClient interface in the ICAClient library in the ICA Client ...) + TODO: check +CVE-2010-2990 (Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, ...) + TODO: check +CVE-2010-2989 (nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for ...) + TODO: check +CVE-2010-2988 (Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless ...) + TODO: check +CVE-2010-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless ...) + TODO: check +CVE-2010-2986 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2010-2985 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...) + TODO: check +CVE-2010-2984 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...) + TODO: check +CVE-2010-2983 (The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless ...) + TODO: check +CVE-2010-2982 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 ...) + TODO: check +CVE-2010-2981 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 ...) + TODO: check +CVE-2010-2980 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...) + TODO: check +CVE-2010-2979 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...) + TODO: check +CVE-2010-2978 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...) + TODO: check +CVE-2010-2977 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...) + TODO: check +CVE-2010-2976 (The controller in Cisco Unified Wireless Network (UWN) Solution 7.x ...) + TODO: check +CVE-2010-2975 (Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 ...) + TODO: check +CVE-2010-2974 (Stack-based buffer overflow in the IConfigurationAccess interface in ...) + TODO: check +CVE-2010-2973 (Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone ...) + TODO: check +CVE-2010-2972 + REJECTED + TODO: check +CVE-2008-7260 + RESERVED +CVE-2008-7259 + RESERVED CVE-2010-3014 [freebsd coda kernel memory disclosure] + RESERVED - kfreebsd-7 <undetermined> - kfreebsd-8 8.1-5 CVE-2010-XXXX [lynx heap overflow] @@ -7,15 +117,16 @@ NOTE: exploit scenario really obscure NOTE: https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254 CVE-2010-3015 [ext4 integer overflow] + RESERVED - linux-2.6 <unfixed> -CVE-2010-2995 [Wireshark 1.2.10 SigComp Universal Decompressor Virtual Machine could overrun a buffer] +CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark ...) - wireshark 1.2.10-1 -CVE-2010-2992 [Wireshark 1.2.10 GSM A RR dissector could crash] +CVE-2010-2992 (packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through ...) - wireshark 1.2.10-1 [lenny] - wireshark <not-affected> (Only affects 1.2.x) -CVE-2010-2994 [Wireshark 1.2.10 Due to a regression the ASN.1 BER dissector could overrun the stack] +CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark ...) - wireshark 1.2.10-1 -CVE-2010-2993 [Wireshark 1.2.10 The IPMI dissector could go into an infinite loop] +CVE-2010-2993 (The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote ...) - wireshark 1.2.10-1 [lenny] - wireshark <not-affected> (Only affects 1.2.x) CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly ...) @@ -267,10 +378,10 @@ RESERVED CVE-2010-2863 RESERVED -CVE-2010-2862 - RESERVED -CVE-2010-2861 - RESERVED +CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and ...) + TODO: check +CVE-2010-2861 (Directory traversal vulnerability in Adobe ColdFusion 9.0.1 and ...) + TODO: check CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts ...) NOT-FOR-US: EMC CVE-2009-4974 (Directory traversal vulnerability in box_display.php in TotalCalendar ...) @@ -375,36 +486,37 @@ RESERVED CVE-2010-2828 RESERVED -CVE-2010-2827 - RESERVED -CVE-2010-2826 - RESERVED -CVE-2010-2825 - RESERVED -CVE-2010-2824 - RESERVED -CVE-2010-2823 - RESERVED -CVE-2010-2822 - RESERVED -CVE-2010-2821 - RESERVED -CVE-2010-2820 - RESERVED -CVE-2010-2819 - RESERVED -CVE-2010-2818 - RESERVED -CVE-2010-2817 - RESERVED -CVE-2010-2816 - RESERVED -CVE-2010-2815 - RESERVED -CVE-2010-2814 - RESERVED +CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of ...) + TODO: check +CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) ...) + TODO: check +CVE-2010-2825 (Unspecified vulnerability in the SIP inspection feature on the Cisco ...) + TODO: check +CVE-2010-2824 (Unspecified vulnerability on the Cisco Application Control Engine ...) + TODO: check +CVE-2010-2823 (Unspecified vulnerability in the deep packet inspection feature on the ...) + TODO: check +CVE-2010-2822 (Unspecified vulnerability in the RTSP inspection feature on the Cisco ...) + TODO: check +CVE-2010-2821 (Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) ...) + TODO: check +CVE-2010-2820 (Unspecified vulnerability in the SunRPC inspection feature on the ...) + TODO: check +CVE-2010-2819 (Unspecified vulnerability in the SunRPC inspection feature on the ...) + TODO: check +CVE-2010-2818 (Unspecified vulnerability in the SunRPC inspection feature on the ...) + TODO: check +CVE-2010-2817 (Unspecified vulnerability in the IKE implementation on Cisco Adaptive ...) + TODO: check +CVE-2010-2816 (Unspecified vulnerability in the SIP inspection feature on Cisco ...) + TODO: check +CVE-2010-2815 (Unspecified vulnerability in the Transport Layer Security (TLS) ...) + TODO: check +CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) ...) + TODO: check CVE-2010-2813 [squirrelmail denial of service with 8bit login characters] RESERVED + {DSA-2091-1} - squirrelmail 2:1.4.21-1 (low) [lenny] - squirrelmail <no-dsa> (low-risk issue) CVE-2010-2812 @@ -433,33 +545,31 @@ RESERVED CVE-2010-2802 RESERVED -CVE-2010-2801 [Integer wrap-around (crash) by processing certain *.cab files in test archive mode] - RESERVED +CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract ...) {DSA-2087-1} - cabextract 1.3-1 (bug #591552) -CVE-2010-2800 [Infinite loop in MS-ZIP and Quantum decoders] - RESERVED +CVE-2010-2800 (The MS-ZIP decompressor in cabextract before 1.3 allows remote ...) - cabextract 1.3-1 (bug #591552; unimportant) CVE-2010-2799 [socat buffer overflow] RESERVED + {DSA-2090-1} - socat 1.7.1.3-1 (bug #591443; medium) CVE-2010-2798 [gfs2 null ptr dereference] RESERVED - linux-2.6 2.6.32-20 CVE-2010-2797 RESERVED -CVE-2010-2796 - RESERVED -CVE-2010-2795 - RESERVED +CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...) + TODO: check +CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack ...) + TODO: check CVE-2010-2794 RESERVED CVE-2010-2793 RESERVED CVE-2010-2792 RESERVED -CVE-2010-2791 [apache2 mod_proxy information leak] - RESERVED +CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...) - apache2 2.2.10-1 (low) CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...) - zabbix <unfixed> @@ -583,14 +693,14 @@ RESERVED CVE-2010-2760 RESERVED -CVE-2010-2759 - RESERVED -CVE-2010-2758 - RESERVED -CVE-2010-2757 - RESERVED -CVE-2010-2756 - RESERVED +CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...) + TODO: check +CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...) + TODO: check +CVE-2010-2757 (The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through ...) + TODO: check +CVE-2010-2756 (Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 ...) + TODO: check CVE-2010-2755 (layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not ...) - xulrunner <not-affected> (Only exploitable in Firefox 3.6.x and above) CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 ...) @@ -690,8 +800,7 @@ NOT-FOR-US: TCW PHP Album CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 ...) NOT-FOR-US: TCW PHP Album -CVE-2010-2713 [vte: responds to get window title escape sequence request] - RESERVED +CVE-2010-2713 (The vte_sequence_handler_window_manipulation function in vteseq.c in ...) - vte 1:0.24.3-1 NOTE: http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74 NOTE: http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91 @@ -701,16 +810,16 @@ RESERVED CVE-2010-2710 RESERVED -CVE-2010-2709 - RESERVED -CVE-2010-2708 - RESERVED -CVE-2010-2707 - RESERVED -CVE-2010-2706 - RESERVED -CVE-2010-2705 - RESERVED +CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView Network ...) + TODO: check +CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before ...) + TODO: check +CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches ...) + TODO: check +CVE-2010-2706 (Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 ...) + TODO: check +CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch with ...) + TODO: check CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and ...) NOT-FOR-US: HP OpenView CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the ov.dll ...) @@ -900,8 +1009,8 @@ RESERVED CVE-2010-2635 RESERVED -CVE-2010-2634 - RESERVED +CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...) + TODO: check CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, ...) NOT-FOR-US: EMC CVE-2010-2632 @@ -1019,14 +1128,14 @@ RESERVED CVE-2010-2578 RESERVED -CVE-2010-2577 - RESERVED -CVE-2010-2576 - RESERVED +CVE-2010-2577 (Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow ...) + TODO: check +CVE-2010-2576 (Opera before 10.61 does not properly suppress clicks on download ...) + TODO: check CVE-2010-2575 RESERVED -CVE-2010-2574 - RESERVED +CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...) + TODO: check CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as ...) - tiff <unfixed> (unimportant) CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...) @@ -1049,46 +1158,45 @@ NOT-FOR-US: Microsoft CVE-2010-2567 RESERVED -CVE-2010-2566 - RESERVED +CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft ...) + TODO: check CVE-2010-2565 RESERVED -CVE-2010-2564 - RESERVED +CVE-2010-2564 (Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 does not ...) + TODO: check CVE-2010-2563 RESERVED -CVE-2010-2562 - RESERVED -CVE-2010-2561 - RESERVED -CVE-2010-2560 - RESERVED -CVE-2010-2559 - RESERVED -CVE-2010-2558 - RESERVED -CVE-2010-2557 - RESERVED -CVE-2010-2556 - RESERVED -CVE-2010-2555 - RESERVED -CVE-2010-2554 - RESERVED -CVE-2010-2553 - RESERVED -CVE-2010-2552 - RESERVED -CVE-2010-2551 - RESERVED -CVE-2010-2550 - RESERVED +CVE-2010-2562 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...) + TODO: check +CVE-2010-2561 (Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle ...) + TODO: check +CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...) + TODO: check +CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in ...) + TODO: check +CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows ...) + TODO: check +CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in ...) + TODO: check +CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...) + TODO: check +CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and ...) + TODO: check +CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and ...) + TODO: check +CVE-2010-2553 (The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista ...) + TODO: check +CVE-2010-2552 (Stack consumption vulnerability in the SMB Server in Microsoft Windows ...) + TODO: check +CVE-2010-2551 (The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server ...) + TODO: check +CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server ...) + TODO: check CVE-2010-2549 (Use-after-free vulnerability in Microsoft Windows Vista and Server ...) NOT-FOR-US: Microsoft CVE-2010-2548 RESERVED -CVE-2010-2547 [gnupg2: use-after-free in certificate parsing] - RESERVED +CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG ...) {DSA-2076-1} - gnupg2 2.0.14-2 CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in ...) @@ -1100,8 +1208,7 @@ RESERVED CVE-2010-2543 RESERVED -CVE-2010-2542 [git buffer overflow] - RESERVED +CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in ...) - git-core 1:1.7.1-1.1 (low; bug #590026) [lenny] - git-core <no-dsa> (Minor issue) CVE-2010-2541 @@ -1248,8 +1355,8 @@ - freetype 2.4.0-1 CVE-2010-2496 RESERVED -CVE-2010-2493 - RESERVED +CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) ...) + TODO: check CVE-2010-2492 RESERVED CVE-2010-2491 [roundup XSS] @@ -1301,8 +1408,8 @@ NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56 CVE-2010-2475 RESERVED -CVE-2010-2474 - RESERVED +CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise ...) + TODO: check CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...) - bugzilla <not-affected> (Only affects 3.5 to 3.7) CVE-2010-2476 [syscp open_basedir bypassing] @@ -1942,25 +2049,21 @@ RESERVED CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1) ...) - iscsitarget <undetermined> -CVE-2010-2220 - RESERVED -CVE-2010-2219 - RESERVED -CVE-2010-2218 - RESERVED -CVE-2010-2217 - RESERVED -CVE-2010-2216 - RESERVED +CVE-2010-2220 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...) + TODO: check +CVE-2010-2219 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...) + TODO: check +CVE-2010-2218 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...) + TODO: check +CVE-2010-2217 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...) + TODO: check +CVE-2010-2216 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) NOT-FOR-US: Adobe Flash Plugin -CVE-2010-2215 - RESERVED +CVE-2010-2215 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) NOT-FOR-US: Adobe Flash Plugin -CVE-2010-2214 - RESERVED +CVE-2010-2214 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) NOT-FOR-US: Adobe Flash Plugin -CVE-2010-2213 - RESERVED +CVE-2010-2213 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) NOT-FOR-US: Adobe Flash Plugin CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x ...) NOT-FOR-US: Adobe Reader @@ -2701,50 +2804,50 @@ NOT-FOR-US: Consona CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager Client 1.5.x allows ...) NOT-FOR-US: EMC RSA key manager -CVE-2010-1903 - RESERVED -CVE-2010-1902 - RESERVED -CVE-2010-1901 - RESERVED -CVE-2010-1900 - RESERVED +CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, ...) + TODO: check +CVE-2010-1902 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 ...) + TODO: check +CVE-2010-1901 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft ...) + TODO: check +CVE-2010-1900 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft ...) + TODO: check CVE-2010-1899 RESERVED -CVE-2010-1898 - RESERVED -CVE-2010-1897 - RESERVED -CVE-2010-1896 - RESERVED -CVE-2010-1895 - RESERVED -CVE-2010-1894 - RESERVED -CVE-2010-1893 - RESERVED -CVE-2010-1892 - RESERVED +CVE-2010-1898 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, ...) + TODO: check +CVE-2010-1897 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) + TODO: check +CVE-2010-1896 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) + TODO: check +CVE-2010-1895 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) + TODO: check +CVE-2010-1894 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) + TODO: check +CVE-2010-1893 (Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, ...) + TODO: check +CVE-2010-1892 (The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows ...) + TODO: check CVE-2010-1891 RESERVED -CVE-2010-1890 - RESERVED -CVE-2010-1889 - RESERVED -CVE-2010-1888 - RESERVED -CVE-2010-1887 - RESERVED -CVE-2010-1886 - RESERVED +CVE-2010-1890 (The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 ...) + TODO: check +CVE-2010-1889 (Double free vulnerability in the kernel in Microsoft Windows Vista SP1 ...) + TODO: check +CVE-2010-1888 (Race condition in the kernel in Microsoft Windows XP SP3 allows local ...) + TODO: check +CVE-2010-1887 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) + TODO: check +CVE-2010-1886 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...) + TODO: check CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help ...) NOT-FOR-US: Microsoft Windows CVE-2010-1884 RESERVED CVE-2010-1883 RESERVED -CVE-2010-1882 - RESERVED +CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for ...) + TODO: check CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls ...) NOT-FOR-US: Microsoft CVE-2010-1880 (Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft ...) @@ -3000,12 +3103,11 @@ RESERVED CVE-2010-1800 RESERVED -CVE-2010-1799 - RESERVED +CVE-2010-1799 (Stack-based buffer overflow in the error-logging functionality in ...) + TODO: check CVE-2010-1798 RESERVED -CVE-2010-1797 [freetype CFF buffer overflow] - RESERVED +CVE-2010-1797 (Stack-based buffer overflow in FreeType in Apple iOS before 4.0.2 on ...) - freetype 2.4.2-1 CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 ...) - webkit <undetermined> @@ -3206,6 +3308,7 @@ CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component ...) NOT-FOR-US: com_newsfeeds component for joomla! CVE-2010-1738 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...) + {DSA-2092-1} - lxr <unfixed> (low; bug #585411) - lxr-cvs <unfixed> (low; bug #585412) NOTE: likely to be rejected as a dupe of CVE-2010-1448 @@ -3495,6 +3598,7 @@ - mysql-dfsg-5.0 <removed> (low; bug #584400) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648 CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...) + {DSA-2092-1} - lxr <unfixed> (low; bug #588138) - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137) CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...) @@ -3602,14 +3706,14 @@ NOT-FOR-US: Tirzen Framework CVE-2010-1582 RESERVED -CVE-2010-1581 - RESERVED -CVE-2010-1580 - RESERVED -CVE-2010-1579 - RESERVED -CVE-2010-1578 - RESERVED +CVE-2010-1581 (Unspecified vulnerability in the Transport Layer Security (TLS) ...) + TODO: check +CVE-2010-1580 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...) + TODO: check +CVE-2010-1579 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...) + TODO: check +CVE-2010-1578 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...) + TODO: check CVE-2010-1577 (Directory traversal vulnerability in Cisco Internet Streamer, as used ...) NOT-FOR-US: Cisco CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software before ...) @@ -3775,8 +3879,8 @@ NOT-FOR-US: TaskFreak! Original multi user CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! ...) NOT-FOR-US: TaskFreak! Original multi user -CVE-2010-1519 - RESERVED +CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow ...) + TODO: check CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ...) NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers ...) @@ -4065,6 +4169,7 @@ - python2.4 <removed> (low) [lenny] - python2.4 <no-dsa> (Minor issue) CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...) + {DSA-2092-1} - lxr <unfixed> (low; bug #585411) - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036) TODO: prod maintainer (and find out why we have lxr and lxr-cvs) @@ -4620,8 +4725,8 @@ NOT-FOR-US: Microsoft CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote ...) NOT-FOR-US: Microsoft -CVE-2010-1258 - RESERVED +CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine ...) + TODO: check CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as ...) NOT-FOR-US: Microsoft CVE-2010-1256 (Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when ...) @@ -5934,8 +6039,8 @@ NOT-FOR-US: Oracle CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle Fusion ...) NOT-FOR-US: Oracle -CVE-2010-0834 - RESERVED +CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before ...) + TODO: check CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build ...) NOT-FOR-US: Likewise CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before ...) @@ -7862,8 +7967,7 @@ NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570 CVE-2010-0210 RESERVED -CVE-2010-0209 - RESERVED +CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) NOT-FOR-US: Adobe Flash Plugin CVE-2010-0208 RESERVED @@ -8355,6 +8459,7 @@ CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...) - zabbix 1:1.8-1 (bug #562613) CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...) + {DSA-2092-1} - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #575745) NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2 at 3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...) @@ -8994,8 +9099,8 @@ NOT-FOR-US: Microsoft Windows Vista Gold CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows -CVE-2010-0019 - RESERVED +CVE-2010-0019 (Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before ...) + TODO: check CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...) NOT-FOR-US: Microsoft Windows CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows ...) @@ -9160,8 +9265,8 @@ CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...) {DSA-2080-1} - ghostscript 8.70~dfsg-2.1 (medium; bug #562643) -CVE-2009-4269 - RESERVED +CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...) + TODO: check CVE-2009-4268 RESERVED CVE-2009-4267 @@ -13252,6 +13357,7 @@ CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in ...) NOT-FOR-US: Radvision Scopia CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) + {DSA-2091-1} - squirrelmail 2:1.4.20~rc2-1 (low; bug #543818) CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar Uninstaller ...) NOT-FOR-US: Toolbar Uninstaller @@ -14394,8 +14500,7 @@ - linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.19) CVE-2009-2697 (The Red Hat build script for the GNOME Display Manager (GDM) before ...) - gdm <not-affected> (TCP Wrappers support enabled correctly) -CVE-2009-2696 - RESERVED +CVE-2009-2696 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...) NOT-FOR-US: Red-Hat-specific patching problem in Tomcat NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=616717 CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent mmap ...)