thr3ads.net - Secure testing commits - [Secure-testing-commits] r15405

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Sep-30 21:14 UTC
[Secure-testing-commits] r15405 - data/CVE

Author: joeyh
Date: 2010-09-30 21:14:31 +0000 (Thu, 30 Sep 2010)
New Revision: 15405

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-30 21:02:01 UTC (rev 15404)
+++ data/CVE/list	2010-09-30 21:14:31 UTC (rev 15405)
@@ -1,3 +1,9 @@
+CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and
earlier ...)
+	TODO: check
+CVE-2010-3686 (The OpenID module in Drupal 6.x before 6.18, and the OpenID
module 5.x ...)
+	TODO: check
+CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID
module 5.x ...)
+	TODO: check
 CVE-2010-XXXX [bind9 two issues]
 	- bind9 <unfixed>
 	TODO: check
@@ -19,9 +25,9 @@
 CVE-2010-XXXX [horde gollem XSS]
 	- gollem <unfixed> (bug #598585)
 	NOTE: http://bugs.horde.org/ticket/9191
-CVE-2010-3688
+CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in
NetArtMEDIA ...)
 	NOT-FOR-US: NetArtMEDIA WebSiteAdmin
-CVE-2010-3684
+CVE-2010-3684 (The FTP authentication module in Synology Disk Station 2.x logs
...)
 	NOT-FOR-US: Synology Disk Station
 CVE-2010-3683
 	RESERVED
@@ -507,8 +513,7 @@
 	NOT-FOR-US: IBM FileNet P8 Application Engine
 CVE-2010-3469
 	RESERVED
-CVE-2010-3468
-	RESERVED
+CVE-2010-3468 (Directory traversal vulnerability in fileManager.cfc in Mura CMS
5.1 ...)
 	NOT-FOR-US: Mura CMS
 CVE-2009-5002 (The Workplace (aka WP) component in IBM FileNet P8 Application
Engine ...)
 	NOT-FOR-US: IBM FileNet P8 Application Engine
@@ -794,8 +799,7 @@
 CVE-2010-3381
 	RESERVED
 	- tangerine <unfixed> (bug #598302)
-CVE-2010-3380 [slurm: insecure library loading]
-	RESERVED
+CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM
before ...)
 	- slurm-llnl <unfixed>
 	NOTE: Debian package ships its own, also vulnerable, init script. NOT fixed in
2.1.14-1
 	NOTE:
http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view
@@ -975,8 +979,7 @@
 	RESERVED
 	- freetype <unfixed>
 	TODO: report
-CVE-2010-3310 [heap corruption in net/rose]
-	RESERVED
+CVE-2010-3310 (Multiple integer signedness errors in net/rose/af_rose.c in the
Linux ...)
 	- linux-2.6 <unfixed>
 CVE-2010-3309
 	RESERVED
@@ -1586,8 +1589,7 @@
 CVE-2010-3092 (The upload module in Drupal 5.x before 5.23 and 6.x before 6.18
does ...)
 	{DSA-2113-1}
 	- drupal6 6.18-1 (low; bug #592716)
-CVE-2010-3091 [drupal OpenID authentication bypass]
-	RESERVED
+CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID
module 5.x ...)
 	{DSA-2113-1}
 	- drupal6 6.18-1 (low; bug #592716)
 CVE-2010-3090 [mailman, will be rejected]
@@ -1605,8 +1607,7 @@
 	RESERVED
 	- mednafen 0.8.D-1 (unimportant)
 	NOTE: Extremely obscure attack vector, marking as unimportant
-CVE-2010-3084 [kernel: niu buffer overflow for ETHTOOL_GRXCLSRLALL]
-	RESERVED
+CVE-2010-3084 (Buffer overflow in the niu_get_ethtool_tcam_all function in ...)
 	- linux-2.6 <unfixed>
 CVE-2010-3083
 	RESERVED
@@ -1926,8 +1927,7 @@
 CVE-2010-2947 (Heap-based buffer overflow in the HX_split function in string.c
in ...)
 	- libhx 3.5-2 (low; bug #594393)
 	[lenny] - libhx <no-dsa> (Minor issue, asked maintainer to fix through
spu)
-CVE-2010-2946 [jfs issue]
-	RESERVED
+CVE-2010-2946 (fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not
properly ...)
 	- linux-2.6 2.6.32-21
 	[lenny] - linux-2.6 2.6.26-25
 CVE-2010-2945 (The default configuration of SLiM before 1.3.2 places ./ (dot
slash) ...)
@@ -3074,8 +3074,7 @@
 	- lxsession 0.4.4-3 (bug #591409)
 CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before
5.3.3 ...)
 	- php5 <unfixed> (low)
-CVE-2010-2530
-	RESERVED
+CVE-2010-2530 (Multiple integer signedness errors in smb_subr.c in the netsmb
module ...)
 	NOT-FOR-US: NetBSD
 CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927,
20070202, ...)
 	- iputils 3:20100418-2
@@ -3223,8 +3222,7 @@
 CVE-2010-2480 (Mako before 0.3.4 relies on the cgi.escape function in the
Python ...)
 	- mako 0.3.4-1 (low)
 	[lenny] - mako <no-dsa> (Minor issue)
-CVE-2010-2478 [kernel buffer overflow in ETHTOOL_GRXCLSRLALL]
-	RESERVED
+CVE-2010-2478 (Integer overflow in the ethtool_get_rxnfc function in ...)
 	- linux-2.6 2.6.32-19
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=608950
@@ -3279,8 +3277,7 @@
 	NOTE: i tested both firefox and safari poc''s, and neither of them
caused the
 	NOTE: address bar to be spoofed in either webkit or chrome
 	NOTE: this will be address in iceweasel in cve-2010-1206 
-CVE-2010-2453
-	RESERVED
+CVE-2010-2453 (Multiple cross-site scripting (XSS) vulnerabilities in Synology
Disk ...)
 	NOT-FOR-US: Synology Disk Station
 CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct ...)
 	NOT-FOR-US: oBlog
Secure testing commits - Sep 2010 - r15405 - data/CVE

[Secure-testing-commits] r15405 - data/CVE
