thr3ads.net - Secure testing commits - [Secure-testing-commits] r15580

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Nov-13 21:14 UTC
[Secure-testing-commits] r15580 - data/CVE

Author: joeyh
Date: 2010-11-13 21:14:28 +0000 (Sat, 13 Nov 2010)
New Revision: 15580

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-11-13 14:14:59 UTC (rev 15579)
+++ data/CVE/list	2010-11-13 21:14:28 UTC (rev 15580)
@@ -1,29 +1,174 @@
-CVE-2010-4203
+CVE-2010-4221 (Multiple stack-based buffer overflows in the
pr_netio_telnet_gets ...)
+	TODO: check
+CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated
Solution ...)
+	TODO: check
+CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in
SemanticTagService.js in ...)
+	TODO: check
+CVE-2010-4218 (Unspecified vulnerability in Web Services in IBM ENOVIA 6 has
unknown ...)
+	TODO: check
+CVE-2010-4217 (Use-after-free vulnerability in the proxy server in IBM Tivoli
...)
+	TODO: check
+CVE-2010-4216 (IBM Tivoli Directory Server (TDS) 6.0.0.x before ...)
+	TODO: check
+CVE-2010-4215
+	RESERVED
+CVE-2010-4214 (The Wells Fargo Mobile application 1.1 for Android stores a
username ...)
+	TODO: check
+CVE-2010-4213 (The Bank of America application 2.12 for Android stores a
security ...)
+	TODO: check
+CVE-2010-4212 (The USAA application 3.0 for Android stores a mirror image of
each ...)
+	TODO: check
+CVE-2010-4211 (The PayPal app before 3.0.1 for iOS does not verify that the
server ...)
+	TODO: check
+CVE-2010-4210
+	RESERVED
+CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
+	TODO: check
+CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
+	TODO: check
+CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
+	TODO: check
+CVE-2010-4206 (Google Chrome before 7.0.517.44 accesses memory at an
out-of-bounds ...)
+	TODO: check
+CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the
data ...)
+	TODO: check
+CVE-2010-4204 (Google Chrome before 7.0.517.44 accesses a frame object after
this ...)
+	TODO: check
+CVE-2010-4202 (Multiple integer overflows in Google Chrome before 7.0.517.44 on
Linux ...)
+	TODO: check
+CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44
allows ...)
+	TODO: check
+CVE-2010-4200 (Google Chrome before 7.0.517.44 reads from invalid memory
locations ...)
+	TODO: check
+CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast
of an ...)
+	TODO: check
+CVE-2010-4198 (Google Chrome before 7.0.517.44 does not properly handle large
text ...)
+	TODO: check
+CVE-2010-4197 (Use-after-free vulnerability in Google Chrome before 7.0.517.44
allows ...)
+	TODO: check
+CVE-2010-4196
+	RESERVED
+CVE-2010-4195
+	RESERVED
+CVE-2010-4194
+	RESERVED
+CVE-2010-4193
+	RESERVED
+CVE-2010-4192
+	RESERVED
+CVE-2010-4191
+	RESERVED
+CVE-2010-4190
+	RESERVED
+CVE-2010-4189
+	RESERVED
+CVE-2010-4188
+	RESERVED
+CVE-2010-4187
+	RESERVED
+CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools
Online ...)
+	TODO: check
+CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly
2.3.8 ...)
+	TODO: check
+CVE-2010-4184 (NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers
with ...)
+	TODO: check
+CVE-2010-4183 (Multiple cross-site scripting (XSS) vulnerabilities in HTML
Purifier ...)
+	TODO: check
+CVE-2010-4182 (Untrusted search path vulnerability in the Data Access Objects
(DAO) ...)
+	TODO: check
+CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote
attackers ...)
+	TODO: check
+CVE-2010-4180
+	RESERVED
+CVE-2010-4179
+	RESERVED
+CVE-2010-4178
+	RESERVED
+CVE-2010-4177
+	RESERVED
+CVE-2010-4176
+	RESERVED
+CVE-2010-4175
+	RESERVED
+CVE-2010-4174
+	RESERVED
+CVE-2010-4173
+	RESERVED
+CVE-2010-4172
+	RESERVED
+CVE-2010-4171
+	RESERVED
+CVE-2010-4170
+	RESERVED
+CVE-2010-4169
+	RESERVED
+CVE-2010-4168
+	RESERVED
+CVE-2010-4167
+	RESERVED
+CVE-2010-4166
+	RESERVED
+CVE-2010-4165
+	RESERVED
+CVE-2010-4164
+	RESERVED
+CVE-2010-4163
+	RESERVED
+CVE-2010-4162
+	RESERVED
+CVE-2010-4161
+	RESERVED
+CVE-2010-4159
+	RESERVED
+CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x
through ...)
+	TODO: check
+CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS
2.10 ...)
+	TODO: check
+CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP
Voyager ...)
+	TODO: check
+CVE-2010-4153 (Directory traversal vulnerability in CrossFTP Pro 1.65a, and
probably ...)
+	TODO: check
+CVE-2010-4152 (SQL injection vulnerability in catalog/index.shtml in 4site CMS
2.6, ...)
+	TODO: check
+CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and
possibly ...)
+	TODO: check
+CVE-2010-4150
+	RESERVED
+CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2
...)
+	TODO: check
+CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2)
before ...)
+	TODO: check
+CVE-2008-7265 (The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows
remote ...)
+	TODO: check
+CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK), as used in Google Chrome
before ...)
 	- libvpx 0.9.1-2 (bug #602693)
 CVE-2010-4160
+	RESERVED
 	- linux-2.6 <unfixed> (low)
 CVE-2010-4158
+	RESERVED
 	- linux-2.6 <unfixed> (low)
 CVE-2010-4157
+	RESERVED
 	- linux-2.6 <unfixed> (low)
 CVE-2010-XXXX
 	- proftpd-dfsg 1.3.3a-5 (bug #602279)
 	[lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3)
-CVE-2010-4149
+CVE-2010-4149 (Directory traversal vulnerability in FreshWebMaster Fresh FTP
5.36, ...)
 	NOT-FOR-US: FreshWebMaster Fresh FTP
-CVE-2010-4148
+CVE-2010-4148 (Directory traversal vulnerability in AnyConnect 1.2.3.0, and
possibly ...)
 	NOT-FOR-US: AnyConnect
-CVE-2010-4147
+CVE-2010-4147 (Multiple SQL injection vulnerabilities in Pentasoft Avactis
Shopping ...)
 	NOT-FOR-US: Pentasoft Avactis Shopping Cart
-CVE-2010-4146
+CVE-2010-4146 (Cross-site scripting (XSS) vulnerability in Attachmate
Reflection for ...)
 	NOT-FOR-US: Attachmate Reflection
-CVE-2010-4145
+CVE-2010-4145 (Kisisel Radyo Script stores sensitive information under the web
root ...)
 	NOT-FOR-US: Kisisel Radyo Script
-CVE-2010-4144
+CVE-2010-4144 (SQL injection vulnerability in radyo.asp in Kisisel Radyo Script
...)
 	NOT-FOR-US: Kisisel Radyo Script
-CVE-2010-4143
+CVE-2010-4143 (SQL injection vulnerability in chart.php in phpCheckZ 1.1.0,
when ...)
 	NOT-FOR-US: phpCheckZ
-CVE-2010-4142
+CVE-2010-4142 (Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build
...)
 	NOT-FOR-US: DATAC RealWin
 CVE-2010-XXXX
 	- pithos 0.3.5-1
@@ -99,19 +244,19 @@
 	RESERVED
 CVE-2010-4107
 	RESERVED
-CVE-2010-4106
+CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight
Control ...)
 	NOT-FOR-US: HP Insight Orchestration
-CVE-2010-4105
+CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2
...)
 	NOT-FOR-US: HP Insight Orchestration
-CVE-2010-4104
+CVE-2010-4104 (Unspecified vulnerability in HP Insight Orchestration before 6.2
...)
 	NOT-FOR-US: HP Insight Orchestration
-CVE-2010-4103
+CVE-2010-4103 (Unspecified vulnerability in HP Insight Managed System Setup
Wizard ...)
 	NOT-FOR-US: HP Insight Managed System Setup Wizard
-CVE-2010-4102
+CVE-2010-4102 (Unspecified vulnerability in HP Insight Recovery before 6.2
allows ...)
 	NOT-FOR-US: HP Insight Recovery
-CVE-2010-4101
+CVE-2010-4101 (Cross-site scripting (XSS) vulnerability in HP Insight Recovery
before ...)
 	NOT-FOR-US: HP Insight Recovery
-CVE-2010-4100
+CVE-2010-4100 (Unspecified vulnerability in HP Insight Control Performance
Management ...)
 	NOT-FOR-US: HP Insight Control Performance Management
 CVE-2010-4099 (ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is
...)
 	NOT-FOR-US: NitroSecurity NitroView
@@ -126,10 +271,10 @@
 	NOT-FOR-US: IBM Rational Quality Manager
 CVE-2010-4093
 	RESERVED
-CVE-2010-4092
-	RESERVED
-CVE-2010-4091
-	RESERVED
+CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility
component ...)
+	TODO: check
+CVE-2010-4091 (The EScript.api plugin in Adobe Acrobat Reader 9.4.0, 8.1.7, and
...)
+	TODO: check
 CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows
attackers ...)
@@ -284,11 +429,11 @@
 	- chromium-browser <undetermined>
 	NOTE: http://trac.webkit.org/changeset/63786
 	NOTE: http://trac.webkit.org/changeset/67240
-CVE-2010-4032
+CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight
Control ...)
 	NOT-FOR-US: HP Insight Control Performance Management
-CVE-2010-4031
+CVE-2010-4031 (Unspecified vulnerability in HP Insight Control Performance
Management ...)
 	NOT-FOR-US: HP Insight Control Performance Management
-CVE-2010-4030
+CVE-2010-4030 (Cross-site scripting (XSS) vulnerability in HP Insight Control
...)
 	NOT-FOR-US: HP Insight Control Performance Management
 CVE-2010-4029 (Unspecified vulnerability in HP Storage Essentials before 6.3.0,
when ...)
 	NOT-FOR-US: HP Storage Essentials
@@ -337,28 +482,28 @@
 	- libxml2 2.7.8.dfsg-1 (bug #602609)
 CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message
...)
 	NOT-FOR-US: Oracle Mojarra
-CVE-2010-4006
-	RESERVED
-CVE-2010-4005
-	RESERVED
+CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN
Links ...)
+	TODO: check
+CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy
1.5.2 and ...)
+	TODO: check
 CVE-2010-4004
 	RESERVED
 CVE-2010-4003
 	RESERVED
 CVE-2010-4002
 	RESERVED
-CVE-2010-4001
-	RESERVED
-CVE-2010-4000
-	RESERVED
-CVE-2010-3999
-	RESERVED
-CVE-2010-3998
-	RESERVED
+CVE-2010-4001 (** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a
...)
+	TODO: check
+CVE-2010-4000 (gnome-shell in GNOME Shell 2.31.5 places a zero-length directory
name ...)
+	TODO: check
+CVE-2010-3999 (gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length
...)
+	TODO: check
+CVE-2010-3998 (The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and
...)
+	TODO: check
 CVE-2010-3997
 	RESERVED
-CVE-2010-3996
-	RESERVED
+CVE-2010-3996 (festival_server in Centre for Speech Technology Research (CSTR)
...)
+	TODO: check
 CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in
pyftpdlib ...)
 	- python-pyftpdlib 0.5.2-1
 CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2 does not require the l
...)
@@ -421,9 +566,9 @@
 	NOT-FOR-US: SAP BusinessObjects Enterprise
 CVE-2010-3978
 	RESERVED
-CVE-2010-3977
-	RESERVED
-CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player
10.1.82.76, ...)
+CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before
...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9
allows ...)
 	NOT-FOR-US: Adobe Flash Player
@@ -451,8 +596,8 @@
 	RESERVED
 CVE-2010-3963
 	RESERVED
-CVE-2010-3962
-	RESERVED
+CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6,
7, and ...)
+	TODO: check
 CVE-2010-3961
 	RESERVED
 CVE-2010-3960
@@ -503,8 +648,8 @@
 	RESERVED
 CVE-2010-3937
 	RESERVED
-CVE-2010-3936
-	RESERVED
+CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in
Microsoft ...)
+	TODO: check
 CVE-2010-3935
 	RESERVED
 CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device
Software ...)
@@ -543,14 +688,14 @@
 	RESERVED
 CVE-2010-3917
 	RESERVED
-CVE-2010-3916
-	RESERVED
-CVE-2010-3915
-	RESERVED
-CVE-2010-3914
-	RESERVED
-CVE-2010-3913
-	RESERVED
+CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro
...)
+	TODO: check
+CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro
...)
+	TODO: check
+CVE-2010-3914 (Untrusted search path vulnerability in VIM Development Group
GVim ...)
+	TODO: check
+CVE-2010-3913 (CRLF injection vulnerability in TransWARE Active! mail 6 build
...)
+	TODO: check
 CVE-2010-3912
 	RESERVED
 CVE-2010-3911
@@ -644,26 +789,26 @@
 	- linux-2.6 <unfixed> (low)
 CVE-2010-3872
 	RESERVED
-CVE-2010-3871
-	RESERVED
+CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2010-3870
 	RESERVED
 CVE-2010-3869
 	RESERVED
 CVE-2010-3868
 	RESERVED
-CVE-2010-3867
-	RESERVED
+CVE-2010-3867 (Multiple directory traversal vulnerabilities in the
mod_site_misc ...)
+	TODO: check
 CVE-2010-3866
-	RESERVED
+	REJECTED
 CVE-2010-3865
 	RESERVED
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
 CVE-2010-3864
 	RESERVED
-CVE-2010-3863
-	RESERVED
+CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not
canonicalize ...)
+	TODO: check
 CVE-2010-3862
 	RESERVED
 CVE-2010-3861
@@ -692,10 +837,10 @@
 	RESERVED
 CVE-2010-3853
 	RESERVED
-CVE-2010-3852
-	RESERVED
-CVE-2010-3851
-	RESERVED
+CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat
Conga ...)
+	TODO: check
+CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector
1.5.3 ...)
+	TODO: check
 CVE-2010-3850
 	RESERVED
 CVE-2010-3849
@@ -709,8 +854,7 @@
 	- glibc <removed>
 	[squeeze] - eglibc 2.11.2-6+squeeze1
 	NOTE: http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html
-CVE-2010-3846
-	RESERVED
+CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in
CVS ...)
 	- cvs <not-affected> (vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852
 CVE-2010-3844
@@ -912,7 +1056,7 @@
 	RESERVED
 CVE-2010-3766
 	RESERVED
-CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11,
when ...)
+CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11,
...)
 	{DSA-2124-1}
 	- xulrunner <removed>
 	- iceweasel 3.5.15-1
@@ -921,8 +1065,7 @@
 	- icedove 3.0.10-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 	[lenny] - xulrunner <not-affected> (bug in optimization added later)
-CVE-2010-3764
-	RESERVED
+CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8,
3.4.8, ...)
 	- bugzilla <unfixed> (bug #602420; low)
 CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php
in ...)
 	- mantis 1.1.8+dfsg-9 (bug #601618)
@@ -1050,8 +1193,8 @@
 	[squeeze] - pidgin 2.7.3-1+squeeze1
 CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in
PHP ...)
 	- php5 <unfixed> (bug filed)
-CVE-2010-3709
-	RESERVED
+CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through
5.2.14 ...)
+	TODO: check
 CVE-2010-3708
 	RESERVED
 CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15
and ...)
@@ -1063,15 +1206,13 @@
 CVE-2010-3705 [sctp out-of-bounds issue]
 	RESERVED
 	- linux-2.6 2.6.32-25
-CVE-2010-3704
-	RESERVED
+CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF
parser ...)
 	{DSA-2119-1}
 	- kdegraphics 4.0
 	- xpdf 3.02-9
 	- poppler 0.12.4-1.2 (bug #599165)
 	NOTE:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
-CVE-2010-3703
-	RESERVED
+CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in ...)
 	- kdegraphics 4.0
 	[lenny] - kdegraphics <not-affected> (Vulnerable code not present)
 	- xpdf 3.02-9
@@ -1079,8 +1220,7 @@
 	- poppler 0.12.4-1.2 (bug #599165)
 	[lenny] - poppler <not-affected> (Vulnerable code not present)
 	NOTE:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
-CVE-2010-3702
-	RESERVED
+CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before
3.02pl5, ...)
 	{DSA-2119-1}
 	- kdegraphics 4.0
 	- xpdf 3.02-9
@@ -1103,8 +1243,7 @@
 	RESERVED
 	- imp4 4.3.7+debian0-2.1 (bug #598584)
 	NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
-CVE-2010-3694 [Protected preference forms against CSRF attacks]
-	RESERVED
+CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde
...)
 	- horde3 3.3.8+debian0-2 (bug #598582)
 	NOTE: http://lists.horde.org/archives/announce/2010/000568.html
 CVE-2010-3693 [XSS vulnerability when showing mailbox names]
@@ -1184,50 +1323,50 @@
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave
Player ...)
 	NOT-FOR-US: Adobe Shockwave Player
-CVE-2010-3654 (Adobe Flash Player 10.1.85.3 and earlier on Windows, Mac OS X,
Linux, ...)
+CVE-2010-3654 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64
on ...)
 	NOT-FOR-US: Adobe Flash
 CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player
before ...)
 	NOT-FOR-US: Adobe Shockwave
-CVE-2010-3652
-	RESERVED
+CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
 CVE-2010-3651
 	RESERVED
-CVE-2010-3650
-	RESERVED
-CVE-2010-3649
-	RESERVED
-CVE-2010-3648
-	RESERVED
-CVE-2010-3647
-	RESERVED
-CVE-2010-3646
-	RESERVED
-CVE-2010-3645
-	RESERVED
-CVE-2010-3644
-	RESERVED
-CVE-2010-3643
-	RESERVED
-CVE-2010-3642
-	RESERVED
-CVE-2010-3641
-	RESERVED
-CVE-2010-3640
-	RESERVED
-CVE-2010-3639
-	RESERVED
-CVE-2010-3638
-	RESERVED
-CVE-2010-3637
-	RESERVED
-CVE-2010-3636
-	RESERVED
-CVE-2010-3635
-	RESERVED
-CVE-2010-3634
-	RESERVED
-CVE-2010-3633
-	RESERVED
+CVE-2010-3650 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3649 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3648 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3647 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3646 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3645 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3644 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3643 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3642 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3641 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3640 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3639 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3638 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0
and ...)
+	TODO: check
+CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before
9.0.289.0 ...)
+	TODO: check
+CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64
on ...)
+	TODO: check
+CVE-2010-3635 (Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before
3.5.5, ...)
+	TODO: check
+CVE-2010-3634 (Unspecified vulnerability in the edge process in Adobe Flash
Media ...)
+	TODO: check
+CVE-2010-3633 (Memory leak in Adobe Flash Media Server (FMS) 3.0.x before
3.0.7, ...)
+	TODO: check
 CVE-2010-3632 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on
...)
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2010-3631 (Array index error in Adobe Reader and Acrobat 8.x before 8.2.5
and 9.x ...)
@@ -1270,8 +1409,8 @@
 	RESERVED
 CVE-2010-3612
 	RESERVED
-CVE-2010-3611
-	RESERVED
+CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2
before ...)
+	TODO: check
 CVE-2010-3610
 	RESERVED
 CVE-2010-3609
@@ -1554,7 +1693,7 @@
 	- openjdk-6 6b18-1.8.2-1
 	- sun-java6 6.22-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-3548 (Unspecified vulnerability in the JNDI component in Oracle Java
SE and ...)
+CVE-2010-3548 (Unspecified vulnerability in the Java Naming and Directory
Interface ...)
 	- openjdk-6 6b18-1.8.2-1
 	- sun-java6 6.22-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -1771,8 +1910,7 @@
 	[lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194)
 CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function
in ...)
 	- linux-2.6 2.6.32-25
-CVE-2010-3436 [open_basedir bypass]
-	RESERVED
+CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote
...)
 	- php5 <unfixed> (unimportant)
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=303824
 CVE-2010-3435
@@ -2032,16 +2170,16 @@
 	RESERVED
 CVE-2010-3338
 	RESERVED
-CVE-2010-3337
-	RESERVED
-CVE-2010-3336
-	RESERVED
-CVE-2010-3335
-	RESERVED
-CVE-2010-3334
-	RESERVED
-CVE-2010-3333
-	RESERVED
+CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2
and ...)
+	TODO: check
+CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office
for Mac ...)
+	TODO: check
+CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2,
Office ...)
+	TODO: check
+CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2,
Office ...)
+	TODO: check
+CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office
2003 ...)
+	TODO: check
 CVE-2010-3332 (Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1,
...)
 	NOT-FOR-US: Microsoft .NET Framework
 CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle
...)
@@ -2483,8 +2621,7 @@
 CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and
3.6.x ...)
 	{DSA-2123-1}
 	- nss 3.12.8-1
-CVE-2010-3172
-	RESERVED
+CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x
before ...)
 	- bugzilla <unfixed> (bug #602420; low)
 CVE-2010-3171 (The Math.random function in the JavaScript implementation in
Mozilla ...)
 	NOTE: Will likely be rejected by MITRE
@@ -2555,7 +2692,7 @@
 	NOT-FOR-US: Adobe ExtendedScript Toolkit
 CVE-2010-3154 (Untrusted search path vulnerability in Adobe Extension Manager
CS5 ...)
 	NOT-FOR-US: Adobe Extension Manager
-CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0
allows ...)
+CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0,
...)
 	NOT-FOR-US: Adobe InDesign
 CVE-2010-3152 (Untrusted search path vulnerability in Adobe Illustrator CS4
14.0.0, ...)
 	NOT-FOR-US: Adobe Illustrator
@@ -2579,7 +2716,7 @@
 	NOT-FOR-US: Microsoft Windows Contacts
 CVE-2010-3142 (Untrusted search path vulnerability in Microsoft Office
PowerPoint ...)
 	NOT-FOR-US: Microsoft Office PowerPoint
-CVE-2010-3141 (Untrusted search path vulnerability in Microsoft Power Point
2010 ...)
+CVE-2010-3141 (Untrusted search path vulnerability in Microsoft PowerPoint 2010
...)
 	NOT-FOR-US: Microsoft Power Point
 CVE-2010-3140 (Untrusted search path vulnerability in Microsoft Windows
Internet ...)
 	NOT-FOR-US: Microsoft Windows Internet Communication Settings
@@ -2787,8 +2924,7 @@
 CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c
in the ...)
 	{DSA-2110-1}
 	- linux-2.6 2.6.32-24
-CVE-2010-3077 [horde XSS in icon_browser.php]
-	RESERVED
+CVE-2010-3077 (Cross-site scripting (XSS) vulnerability in
util/icon_browser.php in ...)
 	- horde3 3.3.8+debian0-2 (bug #598582)
 	NOTE: http://seclists.org/fulldisclosure/2010/Sep/82
 CVE-2010-3076 (The filter function in php/src/include.php in Simple Management
for ...)
@@ -2879,10 +3015,10 @@
 	RESERVED
 CVE-2010-3041
 	RESERVED
-CVE-2010-3040
-	RESERVED
-CVE-2010-3039
-	RESERVED
+CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup
Manager in ...)
+	TODO: check
+CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified
Communications ...)
+	TODO: check
 CVE-2010-3038
 	RESERVED
 CVE-2010-3037
@@ -3102,8 +3238,7 @@
 CVE-2010-2942 (The actions implementation in the network queueing functionality
in ...)
 	- linux-2.6 2.6.32-25
 	[lenny] - linux-2.6 2.6.26-25
-CVE-2010-2941 [cups: Incorrect memory handling in IPP - DOS / remote exploit]
-	RESERVED
+CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly
allocate ...)
 	- cups 1.4.4-7 (bug #603344)
 CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System
...)
 	- sssd 1.2.1-4 (bug #594413)
@@ -3736,12 +3871,12 @@
 	RESERVED
 CVE-2010-2735
 	RESERVED
-CVE-2010-2734
-	RESERVED
-CVE-2010-2733
-	RESERVED
-CVE-2010-2732
-	RESERVED
+CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in
...)
+	TODO: check
+CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in
...)
+	TODO: check
+CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft
...)
+	TODO: check
 CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information
Services ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS)
7.5, ...)
@@ -3987,10 +4122,10 @@
 	RESERVED
 CVE-2010-2637
 	RESERVED
-CVE-2010-2636
-	RESERVED
-CVE-2010-2635
-	RESERVED
+CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample
store ...)
+	TODO: check
+CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before
...)
+	TODO: check
 CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to
cause ...)
 	NOT-FOR-US: RSA enVision
 CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before
3.2.7, ...)
@@ -4099,11 +4234,11 @@
 	NOT-FOR-US: RealPage Module ActiveX Controls
 CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control
in ...)
 	NOT-FOR-US: RealPage Module ActiveX Controls
-CVE-2010-2583
-	RESERVED
-CVE-2010-2582 (Heap-based buffer overflow in Adobe Shockwave Player before
11.5.9.615 ...)
+CVE-2010-2583 (Stack-based buffer overflow in SonicWALL SSL-VPN End-Point ...)
+	TODO: check
+CVE-2010-2582 (An unspecified function in TextXtra.x32 in Adobe Shockwave
Player ...)
 	NOT-FOR-US: Adobe Shockwave Player
-CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows
...)
+CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows
remote ...)
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does
not ...)
 	NOT-FOR-US: MailEnable
@@ -4132,10 +4267,10 @@
 	- tiff <unfixed> (unimportant)
 CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used
in ...)
 	- tiff <unfixed> (unimportant)
-CVE-2010-2573
-	RESERVED
-CVE-2010-2572
-	RESERVED
+CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3,
...)
+	TODO: check
+CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3
allows ...)
+	TODO: check
 CVE-2010-2571
 	RESERVED
 CVE-2010-2570
@@ -4382,8 +4517,7 @@
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=608950
 	NOTE: http://thread.gmane.org/gmane.linux.network/164869
-CVE-2010-2477 [XSS in paste.httpexceptions]
-	RESERVED
+CVE-2010-2477 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- paste 1.7.4-1 (low)
 	[lenny] - paste 1.7.1-1+lenny1
 	NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
@@ -6085,7 +6219,7 @@
 	NOT-FOR-US: Apple iOS
 CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in
Apple Mac ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2
does not ...)
+CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2,
and ...)
 	- webkit 1.2.5-1 (bug #599830)
 	- chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/64706
@@ -6923,8 +7057,8 @@
 	NOT-FOR-US: SpreadSheet Lotus 123 reader
 CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView
10.4 ...)
 	NOT-FOR-US: SpreadSheet Lotus 123 reader
-CVE-2010-1523
-	RESERVED
+CVE-2010-1523 (Multiple heap-based buffer overflows in vp6.w5s (aka the VP6
codec) in ...)
+	TODO: check
 CVE-2010-1522 (Multiple SQL injection vulnerabilities in the BookLibrary Basic
...)
 	NOT-FOR-US: com_booklibrary component for joomla!
 CVE-2010-1521 (SQL injection vulnerability in include/classes/tzn_user.php in
...)
@@ -9281,14 +9415,14 @@
 	- samba 2:3.4.5~dfsg-2 (bug #567554)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
 	NOTE: Initial DSA released as CVE-2009-3297
-CVE-2010-0786
-	RESERVED
-CVE-2010-0785
-	RESERVED
-CVE-2010-0784
-	RESERVED
-CVE-2010-0783
-	RESERVED
+CVE-2010-0786 (The Web Services Security component in IBM WebSphere Application
...)
+	TODO: check
+CVE-2010-0785 (Cross-site request forgery (CSRF) vulnerability in the
Administrative ...)
+	TODO: check
+CVE-2010-0784 (Cross-site scripting (XSS) vulnerability in the Administrative
Console ...)
+	TODO: check
+CVE-2010-0783 (Cross-site scripting (XSS) vulnerability in the Administrative
Console ...)
+	TODO: check
 CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3
allows ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM
...)
@@ -19714,7 +19848,7 @@
 	NOT-FOR-US: MHF Media Pro
 CVE-2009-XXXX [predictable random number generator used in web browsers]
 	- webkit 1.2 (low; bug #532514)
-        NOTE: The implementations for UNIX seems fine, might be fixed earlier
+	NOTE: The implementations for UNIX seems fine, might be fixed earlier
 	[lenny] - webkit <no-dsa> (Minor issue)
 	- kdebase <unfixed> (low; bug #532519)
 	[squeeze] - kdebase <no-dsa> (Minor issue)
Secure testing commits - Nov 2010 - r15580 - data/CVE

[Secure-testing-commits] r15580 - data/CVE
