Author: joeyh Date: 2010-10-21 21:14:45 +0000 (Thu, 21 Oct 2010) New Revision: 15495 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-10-21 16:40:58 UTC (rev 15494) +++ data/CVE/list 2010-10-21 21:14:45 UTC (rev 15495) @@ -1,3 +1,37 @@ +CVE-2010-4022 + RESERVED +CVE-2010-4021 + RESERVED +CVE-2010-4020 + RESERVED +CVE-2010-4019 + RESERVED +CVE-2010-4018 + RESERVED +CVE-2010-4017 + RESERVED +CVE-2010-4016 + RESERVED +CVE-2010-4015 + RESERVED +CVE-2010-4014 + RESERVED +CVE-2010-4013 + RESERVED +CVE-2010-4012 + RESERVED +CVE-2010-4011 + RESERVED +CVE-2010-4010 + RESERVED +CVE-2010-4009 + RESERVED +CVE-2010-4008 + RESERVED +CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...) + TODO: check +CVE-2010-4006 + RESERVED CVE-2010-4005 RESERVED CVE-2010-4004 @@ -1534,11 +1568,9 @@ NOT-FOR-US: Kingsoft Antivirus CVE-2010-3395 RESERVED -CVE-2010-3394 - RESERVED +CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place ...) - texmacs 1:1.0.7.4-3 (bug #598424) -CVE-2010-3393 - RESERVED +CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory name ...) - magics++ <unfixed> (bug #598418) CVE-2010-3392 RESERVED @@ -1546,37 +1578,29 @@ RESERVED CVE-2010-3390 RESERVED -CVE-2010-3389 - RESERVED +CVE-2010-3389 (The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents ...) - cluster-agents <unfixed> (bug #598549) CVE-2010-3388 RESERVED -CVE-2010-3387 - RESERVED +CVE-2010-3387 (** DISPUTED ** ...) - vdr 1.6.0-18.1 (unimportant; bug #598308) NOTE: Only affects a debugging tool, see bug #598308 -CVE-2010-3386 - RESERVED +CVE-2010-3386 (usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length ...) - ust <unfixed> (bug #598309) -CVE-2010-3385 - RESERVED +CVE-2010-3385 (TuxGuitar 1.2 places a zero-length directory name in the ...) - tuxguitar 1.2-7 (bug #598307) [lenny] - tuxguitar <no-dsa> (Minor issue) -CVE-2010-3384 - RESERVED +CVE-2010-3384 (The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and ...) - torcs 1.3.1-5 (bug #598306) [lenny] - torcs <no-dsa> (Minor issue) -CVE-2010-3383 - RESERVED +CVE-2010-3383 (The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 ...) - teamspeak-client <unfixed> (low; bug #598304) [lenny] - teamspeak-client <no-dsa> (Non-free not supported) - teamspeak-server <unfixed> (low; bug #598305) [lenny] - teamspeak-server <no-dsa> (Non-free not supported) -CVE-2010-3382 - RESERVED +CVE-2010-3382 (tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a ...) - tau 2.16.4-1.4 (bug #598303) -CVE-2010-3381 - RESERVED +CVE-2010-3381 (The (1) tangerine and (2) tangerine-properties scripts in Tangerine ...) - tangerine <unfixed> (bug #598302) CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before ...) - slurm-llnl <unfixed> @@ -1584,15 +1608,12 @@ NOTE: http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view CVE-2010-3379 RESERVED -CVE-2010-3378 - RESERVED +CVE-2010-3378 (The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in ...) - scilab 5.2.2-8 (bug #598423; bug #598422) [lenny] - scilab <no-dsa> (Non-free not supported) -CVE-2010-3377 - RESERVED +CVE-2010-3377 (The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) ...) - salome <unfixed> (bug #598421) -CVE-2010-3376 - RESERVED +CVE-2010-3376 (The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ...) - root-system <unfixed> (bug #598420; bug #598419) CVE-2010-3375 RESERVED @@ -1609,71 +1630,55 @@ RESERVED CVE-2010-3370 RESERVED -CVE-2010-3369 - RESERVED +CVE-2010-3369 (The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3 ...) - mono-debugger <unfixed> (bug #598299) CVE-2010-3368 RESERVED CVE-2010-3367 RESERVED -CVE-2010-3366 - RESERVED +CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the ...) - mn-fit <unfixed> (bug #598298) -CVE-2010-3365 - RESERVED +CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the ...) - mistelix 0.31-2 (low; bug #598297) -CVE-2010-3364 - RESERVED +CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length directory ...) - vips 7.14.5-2 (low; bug #598296) [lenny] - vips <no-dsa> (Minor issue) -CVE-2010-3363 - RESERVED +CVE-2010-3363 (roarify in roaraudio 0.3 places a zero-length directory name in the ...) - roaraudio 0.3-2 (low; bug #598295) [lenny] - roaraudio <no-dsa> (Minor issue) -CVE-2010-3362 - RESERVED +CVE-2010-3362 (lastfm 1.5.4 places a zero-length directory name in the ...) - lastfm 1:1.5.4.26862+dfsg-5 (low; bug #598294) [lenny] - lastfm <no-dsa> (Minor issue) -CVE-2010-3361 - RESERVED +CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 ...) - ike 2.1.5+dfsg-2 (low; bug #598292) [lenny] - ike <no-dsa> (Minor issue) -CVE-2010-3360 - RESERVED +CVE-2010-3360 (Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, ...) - hipo <removed> (bug #598291) [lenny] - hipo <no-dsa> (Minor issue) CVE-2010-3359 [gargoyle: insecure library loading] RESERVED - gargoyle-free 2009-08-25-2 NOTE: http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6 -CVE-2010-3358 - RESERVED +CVE-2010-3358 (HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in ...) - henplus <unfixed> (bug #598290) -CVE-2010-3357 - RESERVED +CVE-2010-3357 (gnome-subtitles 1.0 places a zero-length directory name in the ...) - gnome-subtitles 1.0-2 (bug #598289) CVE-2010-3356 RESERVED -CVE-2010-3355 - RESERVED +CVE-2010-3355 (Ember 0.5.7 places a zero-length directory name in the ...) - ember <unfixed> (bug #598288) -CVE-2010-3354 - RESERVED +CVE-2010-3354 (dropboxd in Dropbox 0.7.110 places a zero-length directory name in the ...) - dropbox 0.8.107-1 (low; bug #598287) [lenny] - dropbox <no-dsa> (Non-free not supported) -CVE-2010-3353 - RESERVED +CVE-2010-3353 (Cowbell 0.2.7.1 places a zero-length directory name in the ...) - cowbell <unfixed> (bug #598286) CVE-2010-3352 RESERVED -CVE-2010-3351 - RESERVED +CVE-2010-3351 (startBristol in Bristol 0.60.5 places a zero-length directory name in ...) - bristol 0.60.5-2 (bug #598285) -CVE-2010-3350 - RESERVED +CVE-2010-3350 (bareFTP 0.3.4 places a zero-length directory name in the ...) - bareftp 0.3.4-1.1 (bug #598284) -CVE-2010-3349 - RESERVED +CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the ...) - ardour 1:2.8.11-2 (low; bug #598282) CVE-2010-3348 RESERVED @@ -5077,8 +5082,8 @@ CVE-2010-2058 (setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable ...) - prewikka 1.0.0-1.1 (low; bug #584469) [lenny] - prewikka <no-dsa> (The insecure permissions only apply for a very short timeframe during pkg update) -CVE-2010-2057 - RESERVED +CVE-2010-2057 (shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, ...) + TODO: check CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary files ...) - gv 1:3.7.1-1 (low) [lenny] - gv <no-dsa> (Minor issue) @@ -8924,8 +8929,8 @@ RESERVED CVE-2010-0783 RESERVED -CVE-2010-0782 - RESERVED +CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows ...) + TODO: check CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0780