Author: joeyh Date: 2010-12-09 21:14:28 +0000 (Thu, 09 Dec 2010) New Revision: 15674 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-12-09 19:45:30 UTC (rev 15673) +++ data/CVE/list 2010-12-09 21:14:28 UTC (rev 15674) @@ -1,3 +1,19 @@ +CVE-2010-4507 + RESERVED +CVE-2010-4506 + RESERVED +CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, ...) + TODO: check +CVE-2010-4504 (Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat ...) + TODO: check +CVE-2010-4503 (SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows ...) + TODO: check +CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite ...) + TODO: check +CVE-2010-4501 (IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, ...) + TODO: check +CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...) + TODO: check CVE-2010-XXXX - puppet 2.6.2-3 CVE-2011-0025 @@ -101,8 +117,8 @@ - webkit <undetermined> CVE-2010-4481 RESERVED -CVE-2010-4480 - RESERVED +CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers to ...) + TODO: check CVE-2010-4510 REJECTED CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before ...) @@ -1000,10 +1016,10 @@ RESERVED CVE-2010-4110 RESERVED -CVE-2010-4109 - RESERVED -CVE-2010-4108 - RESERVED +CVE-2010-4109 (Cross-site scripting (XSS) vulnerability in the Contacts Application ...) + TODO: check +CVE-2010-4108 (HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support ...) + TODO: check CVE-2010-4107 (The default configuration of the PJL Access value in the File System ...) NOT-FOR-US: HP LaserJet CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) @@ -1230,8 +1246,8 @@ RESERVED CVE-2010-4013 RESERVED -CVE-2010-4012 - RESERVED +CVE-2010-4012 (Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later ...) + TODO: check CVE-2010-4011 (Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage ...) NOT-FOR-US: Dovecot in Apple Mac OS X CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS ...) @@ -1445,8 +1461,8 @@ RESERVED CVE-2010-3921 RESERVED -CVE-2010-3920 - RESERVED +CVE-2010-3920 (The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 ...) + TODO: check CVE-2010-3919 RESERVED CVE-2010-3918 @@ -1587,8 +1603,7 @@ RESERVED - linux-2.6 2.6.32-29 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27) -CVE-2010-3860 - RESERVED +CVE-2010-3860 (IcedTea before 1.9.2, as based on OpenJDK 6, declares multiple ...) - openjdk-6 6b18-1.8.3-1 CVE-2010-3859 RESERVED @@ -2029,8 +2044,7 @@ NOT-FOR-US: Red Hat Enterprise MRG CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before ...) NOT-FOR-US: VMware SpringSource Spring Security -CVE-2010-3699 [linux guest->host denial of service from invalid xenbus transitions] - RESERVED +CVE-2010-3699 (The backend driver in Xen 3.x allows guest OS users to cause a denial ...) - linux-2.6 <unfixed> CVE-2010-3698 (The KVM implementation in the Linux kernel before 2.6.36 does not ...) - linux-2.6 2.6.32-28 @@ -2908,8 +2922,7 @@ CVE-2010-3373 RESERVED - paxtest 1:0.9.9-1 (unimportant; bug #598413) -CVE-2010-3372 [nordugrid LD_LIBRARY_PATH] - RESERVED +CVE-2010-3372 (Untrusted search path vulnerability in NorduGrid Advanced Resource ...) - nordugrid-arc-nox <unfixed> (bug #606151) NOTE: already fixed upstream; maintainer was aware already CVE-2010-3371 @@ -4431,8 +4444,8 @@ - moodle 1.9.9.dfsg2-2 (bug #601384) CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users ...) NOT-FOR-US: SPICE plugin for Firefox -CVE-2010-2793 - RESERVED +CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for Internet ...) + TODO: check CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox ...) NOT-FOR-US: SPICE plugin for Firefox CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...)