Author: joeyh
Date: 2010-10-13 21:15:07 +0000 (Wed, 13 Oct 2010)
New Revision: 15470
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-10-13 20:43:56 UTC (rev 15469)
+++ data/CVE/list 2010-10-13 21:15:07 UTC (rev 15470)
@@ -1,4 +1,201 @@
+CVE-2010-3933
+ RESERVED
+CVE-2010-3932
+ RESERVED
+CVE-2010-3931
+ RESERVED
+CVE-2010-3930
+ RESERVED
+CVE-2010-3929
+ RESERVED
+CVE-2010-3928
+ RESERVED
+CVE-2010-3927
+ RESERVED
+CVE-2010-3926
+ RESERVED
+CVE-2010-3925
+ RESERVED
+CVE-2010-3924
+ RESERVED
+CVE-2010-3923
+ RESERVED
+CVE-2010-3922
+ RESERVED
+CVE-2010-3921
+ RESERVED
+CVE-2010-3920
+ RESERVED
+CVE-2010-3919
+ RESERVED
+CVE-2010-3918
+ RESERVED
+CVE-2010-3917
+ RESERVED
+CVE-2010-3916
+ RESERVED
+CVE-2010-3915
+ RESERVED
+CVE-2010-3914
+ RESERVED
+CVE-2010-3913
+ RESERVED
+CVE-2010-3912
+ RESERVED
+CVE-2010-3911
+ RESERVED
+CVE-2010-3910
+ RESERVED
+CVE-2010-3909
+ RESERVED
+CVE-2010-3908
+ RESERVED
+CVE-2010-3907
+ RESERVED
+CVE-2010-3906
+ RESERVED
+CVE-2010-3905
+ RESERVED
+CVE-2010-3904
+ RESERVED
+CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows
remote ...)
+ TODO: check
+CVE-2010-3902 (OpenConnect before 2.26 places the webvpn cookie value in the
...)
+ TODO: check
+CVE-2010-3901 (OpenConnect before 2.25 does not properly validate X.509
certificates, ...)
+ TODO: check
+CVE-2010-3900 (Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup
before ...)
+ TODO: check
+CVE-2010-3899
+ RESERVED
+CVE-2010-3898
+ RESERVED
+CVE-2010-3897
+ RESERVED
+CVE-2010-3896
+ RESERVED
+CVE-2010-3895
+ RESERVED
+CVE-2010-3894
+ RESERVED
+CVE-2010-3893
+ RESERVED
+CVE-2010-3892
+ RESERVED
+CVE-2010-3891
+ RESERVED
+CVE-2010-3890
+ RESERVED
+CVE-2010-3889 (Unspecified vulnerability in Microsoft Windows on 32-bit
platforms ...)
+ TODO: check
+CVE-2010-3888 (Unspecified vulnerability in Microsoft Windows on 32-bit
platforms ...)
+ TODO: check
+CVE-2010-3887 (The Limit Mail feature in the Parental Controls functionality in
Mail ...)
+ TODO: check
+CVE-2010-3886 (The CTimeoutEventList::InsertIntoTimeoutList function in
Microsoft ...)
+ TODO: check
+CVE-2010-3885 (Stack-based buffer overflow in the UpdateFrameTitleForDocument
method ...)
+ TODO: check
+CVE-2010-3884 (Cross-site request forgery (CSRF) vulnerability in CMS Made
Simple ...)
+ TODO: check
+CVE-2010-3883 (Cross-site request forgery (CSRF) vulnerability in the Change
Group ...)
+ TODO: check
+CVE-2010-3882 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made
Simple ...)
+ TODO: check
+CVE-2010-3881
+ RESERVED
+CVE-2010-3880
+ RESERVED
+CVE-2010-3879
+ RESERVED
+CVE-2010-3878
+ RESERVED
+CVE-2010-3877
+ RESERVED
+CVE-2010-3876
+ RESERVED
+CVE-2010-3875
+ RESERVED
+CVE-2010-3874
+ RESERVED
+CVE-2010-3873
+ RESERVED
+CVE-2010-3872
+ RESERVED
+CVE-2010-3871
+ RESERVED
+CVE-2010-3870
+ RESERVED
+CVE-2010-3869
+ RESERVED
+CVE-2010-3868
+ RESERVED
+CVE-2010-3867
+ RESERVED
+CVE-2010-3866
+ RESERVED
+CVE-2010-3865
+ RESERVED
+CVE-2010-3864
+ RESERVED
+CVE-2010-3863
+ RESERVED
+CVE-2010-3862
+ RESERVED
+CVE-2010-3861
+ RESERVED
+CVE-2010-3860
+ RESERVED
+CVE-2010-3859
+ RESERVED
+CVE-2010-3858
+ RESERVED
+CVE-2010-3857
+ RESERVED
+CVE-2010-3856
+ RESERVED
+CVE-2010-3855
+ RESERVED
+CVE-2010-3854
+ RESERVED
+CVE-2010-3853
+ RESERVED
+CVE-2010-3852
+ RESERVED
+CVE-2010-3851
+ RESERVED
+CVE-2010-3850
+ RESERVED
+CVE-2010-3849
+ RESERVED
+CVE-2010-3848
+ RESERVED
+CVE-2010-3847
+ RESERVED
+CVE-2010-3846
+ RESERVED
+CVE-2010-3844
+ RESERVED
+CVE-2010-3843
+ RESERVED
+CVE-2010-3842
+ RESERVED
+CVE-2010-3841
+ RESERVED
+CVE-2009-5009 (Double free vulnerability in OpenConnect before 1.40 might allow
...)
+ TODO: check
+CVE-2009-5008 (Cisco Secure Desktop (CSD), when used in conjunction with an
...)
+ TODO: check
+CVE-2009-5007 (The Cisco trial client on Linux for Cisco AnyConnect SSL VPN
allows ...)
+ TODO: check
+CVE-2009-5006
+ RESERVED
+CVE-2009-5005
+ RESERVED
+CVE-2009-5004
+ RESERVED
CVE-2010-3845
+ RESERVED
- libapache-authenhook-perl <unfixed> (low; bug #599712)
[lenny] - libapache-authenhook-perl <no-dsa> (Will be fixed in stable
update)
CVE-2010-XXXX
@@ -222,8 +419,8 @@
RESERVED
CVE-2010-3744
RESERVED
-CVE-2010-3743
- RESERVED
+CVE-2010-3743 (Directory traversal vulnerability in Visual Synapse HTTP Server
1.0 ...)
+ TODO: check
CVE-2010-3742 (Multiple PHP remote file inclusion vulnerabilities in ...)
NOT-FOR-US: Free Simple CMS 1.0
CVE-2010-3741 (The offline backup mechanism in Research In Motion (RIM)
BlackBerry ...)
@@ -336,8 +533,8 @@
- poppler <unfixed> (bug #599165)
NOTE:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
TODO: kdegrahics/okular and xpdf have switched to dynamic linking, Lenny needs
to be checked
-CVE-2010-3701
- RESERVED
+CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2
allows ...)
+ TODO: check
CVE-2010-3700
RESERVED
CVE-2010-3699
@@ -1411,8 +1608,7 @@
{DSA-2013-1}
- egroupware <removed> (high; bug #573279)
[lenny] - egroupware 1.4.004-2.dfsg-4.2
-CVE-2010-3312
- RESERVED
+CVE-2010-3312 (Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, ...)
- epiphany-browser 2.29.91-1 (bug #564690)
[lenny] - epiphany-browser <not-affected> (Introduced with the switch to
webkit after Lenny release)
CVE-2010-3311 [freetype heap-based buffer overflow]
@@ -1501,7 +1697,8 @@
CVE-2010-3292 [mailscanner may use spoofed data]
RESERVED
- mailscanner <unfixed> (bug #596396; low)
-CVE-2010-3278 (Multiple buffer overflows in the Novell Client novfs module for
the ...)
+CVE-2010-3278
+ REJECTED
NOT-FOR-US: novfs kernel module (only included in SUSE it seems)
CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build
301548 and ...)
NOT-FOR-US: VMware Workstation
@@ -1717,8 +1914,8 @@
NOT-FOR-US: IBM DB2
CVE-2010-3193 (Unspecified vulnerability in the DB2STST program in IBM DB2 9.1
before ...)
NOT-FOR-US: IBM DB2
-CVE-2010-3192
- RESERVED
+CVE-2010-3192 (Certain run-time memory protection mechanisms in the GNU C
Library ...)
+ TODO: check
CVE-2010-3191 (Untrusted search path vulnerability in Adobe Captivate
5.0.0.596, and ...)
NOT-FOR-US: Adobe Captivate
CVE-2010-3190 (Untrusted search path vulnerability in ATL MFC Trace Tool ...)
@@ -1973,8 +2170,8 @@
CVE-2010-3111 (Google Chrome before 6.0.472.53 does not properly mitigate an
...)
- chromium-browser 5.0.375.127~r55887-1
- webkit <not-affected> (chromium specific)
-CVE-2010-3110
- RESERVED
+CVE-2010-3110 (Multiple buffer overflows in the Novell Client novfs module for
the ...)
+ TODO: check
CVE-2010-2948 (Stack-based buffer overflow in the bgp_route_refresh_receive
function ...)
{DSA-2104-1}
- quagga 0.99.17-1 (bug #594262)
@@ -2029,20 +2226,19 @@
CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU
Mailman ...)
- mailman <unfixed> (bug #599833)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id={631881,631859}
-CVE-2010-3088
- RESERVED
+CVE-2010-3088 (The notify function in pidgin-knotify.c in the pidgin-knotify
plugin ...)
+ TODO: check
CVE-2010-3087 (LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote
...)
TODO: check
CVE-2010-3086
RESERVED
-CVE-2010-3085 [mednafen stack overflow in network play]
- RESERVED
+CVE-2010-3085 (The network-play implementation in Mednafen before 0.8.D might
allow ...)
- mednafen 0.8.D-1 (unimportant)
NOTE: Extremely obscure attack vector, marking as unimportant
CVE-2010-3084 (Buffer overflow in the niu_get_ethtool_tcam_all function in ...)
- linux-2.6 <unfixed>
-CVE-2010-3083
- RESERVED
+CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red
Hat ...)
+ TODO: check
CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before
1.2.2 ...)
- python-django 1.2.3-1 (low; bug #596205)
NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
@@ -2062,8 +2258,7 @@
RESERVED
- horde3 <unfixed> (bug #598582)
NOTE: http://seclists.org/fulldisclosure/2010/Sep/82
-CVE-2010-3076 [smbind sql injection]
- RESERVED
+CVE-2010-3076 (The filter function in php/src/include.php in Simple Management
for ...)
{DSA-2103-1}
- smbind 0.4.7-5 (high)
NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
@@ -2077,8 +2272,7 @@
{DSA-2111-1}
- squid3 3.1.6-1.1 (bug #596086; low)
- squid <not-affected> (Only affects 3.x)
-CVE-2010-3071 [bip DoS]
- RESERVED
+CVE-2010-3071 (bip before 0.8.6 allows remote attackers to cause a denial of
service ...)
- bip 0.8.6-1 (low; bug #595409)
[lenny] - bip <not-affected> (vulnerable code
(''LINK(lc)->name'') not in 0.7.4-2)
[squeeze] - bip 0.8.2-1squeeze2
@@ -2351,8 +2545,7 @@
- couchdb 0.11.0-1 (low; bug #594412)
CVE-2010-2952 (Apache Traffic Server before 2.0.1, and 2.1.x before
2.1.2-unstable, ...)
NOT-FOR-US: Apache Traffic Server
-CVE-2010-2951 [squid3 DoS via TCP DNS request]
- RESERVED
+CVE-2010-2951 (dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not
...)
- squid3 <unfixed> (bug #599709)
[lenny] - squid3 <not-affected> (vulnerable code introduced in 3.1.6)
NOTE: http://marc.info/?l=squid-users&m=128263555724981&w=2
@@ -2383,8 +2576,8 @@
CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function
in the ...)
{DSA-2100-1}
- openssl 0.9.8o-2 (low; bug #594415)
-CVE-2010-2938
- RESERVED
+CVE-2010-2938 (arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure
...)
+ TODO: check
CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib
plugin in ...)
- vlc 1.1.3-1
CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in ...)
@@ -2738,8 +2931,8 @@
CVE-2010-2798 (The gfs2_dirent_find_space function in fs/gfs2/dir.c in the
Linux ...)
{DSA-2094-1}
- linux-2.6 2.6.32-20
-CVE-2010-2797
- RESERVED
+CVE-2010-2797 (Directory traversal vulnerability in
lib/translation.functions.php in ...)
+ TODO: check
CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2,
when ...)
- libphp-cas <itp> (bug #495542)
- glpi <unfixed> (unimportant)