Secure testing commits - Sep 2010 - r15378 - data/CVE

Author: joeyh
Date: 2010-09-27 21:14:47 +0000 (Mon, 27 Sep 2010)
New Revision: 15378

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-27 16:32:43 UTC (rev 15377)
+++ data/CVE/list	2010-09-27 21:14:47 UTC (rev 15378)
@@ -1,3 +1,39 @@
+CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow
remote ...)
+	TODO: check
+CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in
NetArt ...)
+	TODO: check
+CVE-2010-3606 (Multiple directory traversal vulnerabilities in AGENTS/index.php
in ...)
+	TODO: check
+CVE-2010-3605 (Cross-site scripting (XSS) vulnerability in the powermail
extension ...)
+	TODO: check
+CVE-2010-3604 (SQL injection vulnerability in the powermail extension 1.5.3 and
...)
+	TODO: check
+CVE-2010-3603 (Cross-site request forgery (CSRF) vulnerability in the file
manager ...)
+	TODO: check
+CVE-2010-3602 (Cross-site scripting (XSS) vulnerability in ProfileView.aspx in
...)
+	TODO: check
+CVE-2010-3601 (SQL injection vulnerability in index.php in ibPhotohost 1.1.2
allows ...)
+	TODO: check
+CVE-2010-3499
+	RESERVED
+CVE-2010-3498
+	RESERVED
+CVE-2010-3497
+	RESERVED
+CVE-2010-3496
+	RESERVED
+CVE-2010-3495
+	RESERVED
+CVE-2010-3494
+	RESERVED
+CVE-2010-3493
+	RESERVED
+CVE-2010-3492
+	RESERVED
+CVE-2010-3491
+	RESERVED
+CVE-2010-3490
+	RESERVED
 CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: CMS Digital Workroom
 CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows
remote ...)
@@ -400,17 +436,20 @@
 CVE-2010-3411 (Google Chrome before 6.0.472.59 on Linux does not properly
handle ...)
 	- webkit <not-affected> (chromium specific)
 	- chromium-browser 6.0.472.59~r59126-1
-CVE-2010-3410 (Use-after-free vulnerability in Google Chrome before 6.0.472.59
allows ...)
+CVE-2010-3410
+	REJECTED
 	- webkit <undetermined>
 	- chromium-browser 6.0.472.59~r59126-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43587
 	NOTE: http://trac.webkit.org/changeset/66847
-CVE-2010-3409 (Use-after-free vulnerability in Google Chrome before 6.0.472.59
allows ...)
+CVE-2010-3409
+	REJECTED
 	- webkit <undetermined>
 	- chromium-browser 6.0.472.59~r59126-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43260
 	NOTE: http://trac.webkit.org/changeset/66795
-CVE-2010-3408 (Use-after-free vulnerability in Google Chrome before 6.0.472.59
allows ...)
+CVE-2010-3408
+	REJECTED
 	- webkit <undetermined>
 	- chromium-browser 6.0.472.59~r59126-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43055
@@ -608,9 +647,11 @@
 CVE-2010-3315
 	RESERVED
 CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in
EGroupware ...)
+	{DSA-2013-1}
 	- egroupware <removed> (high; bug #573279)
 	[lenny] - egroupware 1.4.004-2.dfsg-4.2
 CVE-2010-3313
(phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php
...)
+	{DSA-2013-1}
 	- egroupware <removed> (high; bug #573279)
 	[lenny] - egroupware 1.4.004-2.dfsg-4.2
 CVE-2010-3312
@@ -629,8 +670,7 @@
 CVE-2010-3305 [pixel CSRF]
 	RESERVED
 	- pixelpost <unfixed>
-CVE-2010-3304 [dovecot Maildir ACL]
-	RESERVED
+CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX
ACLs to ...)
 	- dovecot 1.2.13-1
 	TODO: check whether this is true: [lenny] - dovecot <not-affected> (only
affects 1.2.x)
 	NOTE: http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
@@ -677,26 +717,25 @@
 	RESERVED
 CVE-2010-3286
 	RESERVED
-CVE-2010-3285
-	RESERVED
-CVE-2010-3284
-	RESERVED
-CVE-2010-3283
-	RESERVED
+CVE-2010-3285 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
+	TODO: check
+CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH)
...)
+	TODO: check
+CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage
(SMH) ...)
+	TODO: check
 CVE-2010-3282
 	RESERVED
-CVE-2010-3281
-	RESERVED
-CVE-2010-3280
-	RESERVED
-CVE-2010-3279
-	RESERVED
+CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in ...)
+	TODO: check
+CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server
(aka ...)
+	TODO: check
+CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4
in the ...)
+	TODO: check
 CVE-2010-XXXX [piwigo multiple vulnerabilities]
 	- piwigo <unfixed>
 	TODO: check, secunia only reported the XSS one
 	NOTE: http://www.exploit-db.com/exploits/14973/
-CVE-2010-3294 [php-apc apc.php XSS]
-	RESERVED
+CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the
Alternative ...)
 	- php-apc <unfixed> (unimportant)
 	NOTE: vulnerable script is, mainly, for debugging purposes
 	NOTE: and is distributed gzip-compressed
@@ -742,8 +781,8 @@
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2010-3262 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.x
before ...)
 	NOT-FOR-US: flock
-CVE-2010-3261
-	RESERVED
+CVE-2010-3261 (Directory traversal vulnerability in RSA Authentication Agent
7.0 ...)
+	TODO: check
 CVE-2010-3260
 	RESERVED
 CVE-2010-3259 (Google Chrome before 6.0.472.53 does not properly restrict read
access ...)
@@ -816,8 +855,7 @@
 CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
 	- gnome-power-manager <unfixed>
 	TODO: check
-CVE-2010-3306 [weborf directory traversal]
-	RESERVED
+CVE-2010-3306 (Directory traversal vulnerability in the modURL function in
instance.c ...)
 	- weborf 0.12.3-1 (bug #596112)
 	NOTE: http://www.exploit-db.com/exploits/14925/
 CVE-2010-3243
@@ -1258,8 +1296,7 @@
 CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before
1.2.2 ...)
 	- python-django 1.2.3-1 (low; bug #596205)
 	NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
-CVE-2010-3081 [64-bit Compatibility Mode Stack Pointer Underflow]
-	RESERVED
+CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h
files in ...)
 	{DSA-2110-1}
 	- linux-2.6 2.6.32-23 (high)
 CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in
...)
@@ -1871,24 +1908,24 @@
 	NOT-FOR-US: Cisco
 CVE-2010-2837 (The SIPStationInit implementation in Cisco Unified
Communications ...)
 	NOT-FOR-US: Cisco
-CVE-2010-2836
-	RESERVED
-CVE-2010-2835
-	RESERVED
-CVE-2010-2834
-	RESERVED
-CVE-2010-2833
-	RESERVED
-CVE-2010-2832
-	RESERVED
-CVE-2010-2831
-	RESERVED
-CVE-2010-2830
-	RESERVED
-CVE-2010-2829
-	RESERVED
-CVE-2010-2828
-	RESERVED
+CVE-2010-2836 (Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and
15.1, ...)
+	TODO: check
+CVE-2010-2835 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE
2.5.x ...)
+	TODO: check
+CVE-2010-2834 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE
2.5.x ...)
+	TODO: check
+CVE-2010-2833 (Unspecified vulnerability in the NAT for H.225.0 implementation
in ...)
+	TODO: check
+CVE-2010-2832 (Unspecified vulnerability in the NAT for H.323 implementation in
Cisco ...)
+	TODO: check
+CVE-2010-2831 (Unspecified vulnerability in the NAT for SIP implementation in
Cisco ...)
+	TODO: check
+CVE-2010-2830 (The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and
15.0 and ...)
+	TODO: check
+CVE-2010-2829 (Unspecified vulnerability in the H.323 implementation in Cisco
IOS ...)
+	TODO: check
+CVE-2010-2828 (Unspecified vulnerability in the H.323 implementation in Cisco
IOS ...)
+	TODO: check
 CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of
...)
 	NOT-FOR-US: Cisco
 CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System
(WCS) ...)
@@ -2698,6 +2735,7 @@
 CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in ...)
 	- cacti 0.8.7g-1
 CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in
...)
+	{DSA-2114-1}
 	- git-core 1:1.7.1-1.1 (low; bug #590026)
 CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in
FreeType ...)
 	{DSA-2105-1}
@@ -2843,8 +2881,7 @@
 CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in ...)
 	{DSA-2110-1}
 	- linux-2.6 2.6.32-19 
-CVE-2010-2491 [roundup XSS]
-	RESERVED
+CVE-2010-2491 (Cross-site scripting (XSS) vulnerability in cgi/client.py in
Roundup ...)
 	- roundup 1.4.13-3.1 (bug #590769)
 	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=326395
 	NOTE:
http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
@@ -3262,12 +3299,14 @@
 	NOT-FOR-US: Sourcefire 3D Sensor
 CVE-2010-2305 (Buffer overflow in an ActiveX control in SSHelper.dll for
Symantec ...)
 	NOT-FOR-US: Symantec Sygate Personal Firewall
-CVE-2010-2304 (The toAlphabetic function in rendering/RenderListMarker.cpp in
WebCore ...)
+CVE-2010-2304
+	REJECTED
 	- webkit 1.2.1-3 (medium; bug #586547)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: http://trac.webkit.org/changeset/59950
 	NOTE: duplicate of cve-2010-1773
-CVE-2010-2303 (page/Geolocation.cpp in WebCore in WebKit in Google Chrome
before ...)
+CVE-2010-2303
+	REJECTED
 	- webkit 1.2.1-3
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: http://trac.webkit.org/changeset/59859
@@ -4540,12 +4579,12 @@
 	RESERVED
 CVE-2010-1826
 	RESERVED
-CVE-2010-1825
-	RESERVED
-CVE-2010-1824
-	RESERVED
-CVE-2010-1823
-	RESERVED
+CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome
...)
+	TODO: check
+CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Google Chrome
...)
+	TODO: check
+CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in
...)
+	TODO: check
 CVE-2010-1822
 	RESERVED
 CVE-2010-1821
@@ -4710,14 +4749,12 @@
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261
 	NOTE: http://trac.webkit.org/changeset/59495
-CVE-2010-1773
-	RESERVED
+CVE-2010-1773 (Off-by-one error in the toAlphabetic function in ...)
 	- webkit 1.2.2-1 
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508
 	NOTE: http://trac.webkit.org/changeset/59950
-CVE-2010-1772
-	RESERVED
+CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore
in ...)
 	- webkit 1.2.2-1 
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388
@@ -4738,8 +4775,7 @@
 	TODO: someone with access to the webkit security list please track down commit
 CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows
local ...)
 	NOT-FOR-US: Apple iTunes
-CVE-2010-1767
-	RESERVED
+CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in ...)
 	- webkit 1.2.1-3 
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843
@@ -5474,7 +5510,8 @@
 CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059
allows ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <not-affected> (chromium-specific directory traversal)
-CVE-2010-1501 (Cross-site request forgery (CSRF) vulnerability in Google Chrome
...)
+CVE-2010-1501
+	REJECTED
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.2.2-1 
 	[lenny] - webkit <not-affected> (introduced in r47291)
@@ -17995,7 +18032,7 @@
 	NOT-FOR-US: Cisco
 CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
 	NOT-FOR-US: Cisco
-CVE-2009-2051 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
+CVE-2009-2051 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE
2.5.x ...)
 	NOT-FOR-US: Cisco
 CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
 	NOT-FOR-US: Cisco