Author: joeyh
Date: 2010-08-23 21:14:35 +0000 (Mon, 23 Aug 2010)
New Revision: 15191
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-08-23 14:25:27 UTC (rev 15190)
+++ data/CVE/list 2010-08-23 21:14:35 UTC (rev 15191)
@@ -1,4 +1,96 @@
-CVE-2010-3065 [php MOPS 60]
+CVE-2010-3104 (Directory traversal vulnerability in DeskShare AutoFTP Manager
4.31, ...)
+ TODO: check
+CVE-2010-3103 (Directory traversal vulnerability in FTPGetter Team FTPGetter
...)
+ TODO: check
+CVE-2010-3102 (Directory traversal vulnerability in SiteDesigner Technologies,
Inc. ...)
+ TODO: check
+CVE-2010-3101 (Directory traversal vulnerability in FTPx Corp FTP Explorer
10.5.19.1 ...)
+ TODO: check
+CVE-2010-3100 (Directory traversal vulnerability in Porta+ FTP Client 4.1, and
...)
+ TODO: check
+CVE-2010-3099 (Directory traversal vulnerability in SmartSoft Ltd SmartFTP
Client ...)
+ TODO: check
+CVE-2010-3098 (Directory traversal vulnerability in IoRush Software FTP Rush
1.1.3 ...)
+ TODO: check
+CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP
client ...)
+ TODO: check
+CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and
possibly ...)
+ TODO: check
+CVE-2010-3095
+ RESERVED
+CVE-2010-3094
+ RESERVED
+CVE-2010-3093
+ RESERVED
+CVE-2010-3092
+ RESERVED
+CVE-2010-3091
+ RESERVED
+CVE-2010-3090
+ RESERVED
+CVE-2010-3089
+ RESERVED
+CVE-2010-3088
+ RESERVED
+CVE-2010-3087
+ RESERVED
+CVE-2010-3086
+ RESERVED
+CVE-2010-3085
+ RESERVED
+CVE-2010-3084
+ RESERVED
+CVE-2010-3083
+ RESERVED
+CVE-2010-3082
+ RESERVED
+CVE-2010-3081
+ RESERVED
+CVE-2010-3080
+ RESERVED
+CVE-2010-3079
+ RESERVED
+CVE-2010-3078
+ RESERVED
+CVE-2010-3077
+ RESERVED
+CVE-2010-3076
+ RESERVED
+CVE-2010-3075
+ RESERVED
+CVE-2010-3074
+ RESERVED
+CVE-2010-3073
+ RESERVED
+CVE-2010-3072
+ RESERVED
+CVE-2010-3071
+ RESERVED
+CVE-2010-3070
+ RESERVED
+CVE-2010-3069
+ RESERVED
+CVE-2010-3068
+ RESERVED
+CVE-2010-3067
+ RESERVED
+CVE-2010-3066
+ RESERVED
+CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write
function in ...)
+ TODO: check
+CVE-2010-3063 (The php_mysqlnd_read_error_from_line function in the Mysqlnd
extension ...)
+ TODO: check
+CVE-2010-3062 (mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3
through ...)
+ TODO: check
+CVE-2010-3061 (Unspecified vulnerability in the message-protocol implementation
in ...)
+ TODO: check
+CVE-2010-3060 (Unspecified vulnerability in the message-protocol implementation
in ...)
+ TODO: check
+CVE-2010-3059 (Buffer overflow in the message-protocol implementation in the
Server ...)
+ TODO: check
+CVE-2010-3058 (The Mount service in IBM Tivoli Storage Manager (TSM) FastBack
5.x.x ...)
+ TODO: check
+CVE-2010-3065 (The default session serializer in PHP 5.2 through 5.2.13 and 5.3
...)
{DSA-2089-1}
- php5 <unfixed>
CVE-2010-3057
@@ -172,8 +264,7 @@
RESERVED
CVE-2008-7259
RESERVED
-CVE-2010-3014 [freebsd coda kernel memory disclosure]
- RESERVED
+CVE-2010-3014 (The Coda filesystem kernel module, as used in NetBSD and
FreeBSD, when ...)
- kfreebsd-7 <undetermined>
- kfreebsd-8 8.1-5
CVE-2010-XXXX [lynx heap overflow]
@@ -181,8 +272,7 @@
[lenny] - lynx <no-dsa> (Minor issue)
NOTE: exploit scenario really obscure
NOTE: https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254
-CVE-2010-3015 [ext4 integer overflow]
- RESERVED
+CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in ...)
{DSA-2094-1}
- linux-2.6 <unfixed>
CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in
Wireshark ...)
@@ -254,8 +344,7 @@
RESERVED
CVE-2010-2945
RESERVED
-CVE-2010-2944
- RESERVED
+CVE-2010-2944 (The authenticate function in LDAPUserFolder/LDAPUserFolder.py in
...)
- zope-ldapuserfolder <unfixed> (high; bug #593466)
CVE-2010-2943 [xfs infoleak]
RESERVED
@@ -271,8 +360,7 @@
TODO: check
CVE-2010-2938
RESERVED
-CVE-2010-2937 [vlc input validation issue]
- RESERVED
+CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib
plugin in ...)
- vlc 1.1.3-1
CVE-2010-2936 [buffer overflow in impress]
RESERVED
@@ -454,7 +542,7 @@
RESERVED
CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and
9.3.3, and ...)
TODO: check
-CVE-2010-2861 (Directory traversal vulnerability in Adobe ColdFusion 9.0.1 and
...)
+CVE-2010-2861 (Multiple directory traversal vulnerabilities in the
administrator ...)
TODO: check
CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts
...)
NOT-FOR-US: EMC
@@ -596,8 +684,8 @@
TODO: check
CVE-2010-2811
RESERVED
-CVE-2010-2810
- RESERVED
+CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in
...)
+ TODO: check
CVE-2010-2809 (The default configuration of the <Button2> binding
in Uzbl before ...)
- uzbl <unfixed>
TODO: File bug
@@ -881,8 +969,8 @@
RESERVED
CVE-2010-2711
RESERVED
-CVE-2010-2710
- RESERVED
+CVE-2010-2710 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
+ TODO: check
CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView
Network ...)
TODO: check
CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before
...)
@@ -1094,8 +1182,8 @@
- tiff <unfixed> (unimportant)
CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software
8.20.4.02 ...)
NOT-FOR-US: Cisco
-CVE-2010-2628
- RESERVED
+CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before
4.4.1 ...)
+ TODO: check
CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2
...)
NOT-FOR-US: Refractor 2
CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote
attackers to ...)
@@ -1235,7 +1323,7 @@
TODO: check
CVE-2010-2565
RESERVED
-CVE-2010-2564 (Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 does not
...)
+CVE-2010-2564 (Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6,
and ...)
TODO: check
CVE-2010-2563
RESERVED
@@ -1309,12 +1397,12 @@
[lenny] - openttd <not-affected> (Introduced in 1.0.1)
NOTE: http://bugs.openttd.org/task/3909
CVE-2010-2533
- RESERVED
+ REJECTED
CVE-2010-2532
RESERVED
- lxsession 0.4.4-3 (bug #591409)
-CVE-2010-2531
- RESERVED
+CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before
5.3.3 ...)
+ TODO: check
CVE-2010-2530
RESERVED
CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927,
20070202, ...)
@@ -1326,6 +1414,7 @@
{DSA-2070-1}
- freetype 2.4.0-1
CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in
lvm2-cluster in ...)
+ {DSA-2095-1}
- lvm2 2.02.66-3 (bug #591204)
CVE-2010-2525
RESERVED
@@ -1452,8 +1541,7 @@
RESERVED
CVE-2010-2485
RESERVED
-CVE-2010-2484 [strrchr() interruption]
- RESERVED
+CVE-2010-2484 (The strrchr function in PHP 5.2 before 5.2.14 allows
context-dependent ...)
- php5 5.3.3-1 (unimportant)
CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote
attackers ...)
- tiff <unfixed> (unimportant)
@@ -1593,8 +1681,7 @@
NOT-FOR-US: Opera
CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc.
ActiveGeckoBrowser ...)
NOT-FOR-US: Sleipnir
-CVE-2008-7258 [ssmtp buffer overflow]
- RESERVED
+CVE-2008-7258 (** DISPUTED ** ...)
- ssmtp <unfixed> (bug #591515)
CVE-2008-7257 (CRLF injection vulnerability in +webvpn+/index.html in WebVPN on
Cisco ...)
NOT-FOR-US: Cisco Adaptive Security Appliances
@@ -3180,8 +3267,8 @@
CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X
10.5 ...)
- webkit <undetermined>
- chromium-browser <undetermined>
-CVE-2010-1795
- RESERVED
+CVE-2010-1795 (Untrusted search path vulnerability in Apple iTunes before 9.1,
when ...)
+ TODO: check
CVE-2010-1794 (The webdav_mount function in webdav_vfsops.c in the WebDAV
kernel ...)
NOT-FOR-US: Apple
CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple
Safari ...)
@@ -3267,8 +3354,8 @@
- webkit <undetermined>
- chromium-browser 5.0.375.55~r47796-1
TODO: someone with access to the webkit security list please track down commit
-CVE-2010-1768
- RESERVED
+CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows
local ...)
+ TODO: check
CVE-2010-1767
RESERVED
- webkit 1.2.1-3
@@ -3374,7 +3461,8 @@
NOT-FOR-US: GuppY
CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds)
component ...)
NOT-FOR-US: com_newsfeeds component for joomla!
-CVE-2010-1738 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in
LXR ...)
+CVE-2010-1738
+ REJECTED
{DSA-2092-1}
- lxr <removed> (low; bug #585411)
- lxr-cvs <removed> (low; bug #585412)
@@ -5090,8 +5178,7 @@
CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c
in the ...)
{DSA-2053-1}
- linux-2.6 2.6.32-12
-CVE-2010-1172 [unvalidated property access]
- RESERVED
+CVE-2010-1172 (DBus-GLib 0.73 disregards the access flag of exported GObject
...)
- dbus-glib 0.88-1 (bug #592753)
CVE-2010-1171
RESERVED
@@ -9117,13 +9204,13 @@
NOTE: apple''s pubsub is rss-oriented and all debian packages with
pubsub
NOTE: components are not; hence this is very likely an issue specifically with
NOTE: their own code, or their wrapper code around another PubSub library
-CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 on Windows allows remote
...)
+CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on
Windows ...)
NOT-FOR-US: Apple Safari
-CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 on Windows does not ensure
that ...)
+CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on
Windows ...)
NOT-FOR-US: Apple Safari
-CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 on Windows does not ensure
that ...)
+CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on
Windows ...)
NOT-FOR-US: Apple Safari
-CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on
Windows ...)
+CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on
Windows, ...)
NOT-FOR-US: Apple Safari
CVE-2010-0039
RESERVED