thr3ads.net - Secure testing commits - [Secure-testing-commits] r15778

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Jan-03 21:15 UTC
[Secure-testing-commits] r15778 - data/CVE

Author: joeyh
Date: 2011-01-03 21:15:12 +0000 (Mon, 03 Jan 2011)
New Revision: 15778

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-01-03 18:14:54 UTC (rev 15777)
+++ data/CVE/list	2011-01-03 21:15:12 UTC (rev 15778)
@@ -1,3 +1,49 @@
+CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise
before ...)
+	TODO: check
+CVE-2010-4641 (SQL injection vulnerability in XWiki Enterprise before 2.5
allows ...)
+	TODO: check
+CVE-2010-4640 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki
Watch 1.0 ...)
+	TODO: check
+CVE-2010-4639 (SQL injection vulnerability in index.php in MySource Matrix
allows ...)
+	TODO: check
+CVE-2010-4638 (SQL injection vulnerability in the submitSurvey function in ...)
+	TODO: check
+CVE-2010-4637 (Cross-site scripting (XSS) vulnerability in
feedlist/handler_image.php ...)
+	TODO: check
+CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business
...)
+	TODO: check
+CVE-2010-4635 (SQL injection vulnerability in detail.asp in Site2Nite Vacation
Rental ...)
+	TODO: check
+CVE-2010-4634 (** DISPUTED ** ...)
+	TODO: check
+CVE-2010-4633 (SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows
...)
+	TODO: check
+CVE-2010-4632 (Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3
allow ...)
+	TODO: check
+CVE-2010-4631 (Multiple cross-site scripting (XSS) vulnerabilities in ASPilot
Pilot ...)
+	TODO: check
+CVE-2010-4630 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2010-4629 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly
restrict ...)
+	TODO: check
+CVE-2010-4628 (member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a
certain ...)
+	TODO: check
+CVE-2010-4627 (Cross-site request forgery (CSRF) vulnerability in usercp2.php
in MyBB ...)
+	TODO: check
+CVE-2010-4626 (The my_rand function in functions.php in MyBB (aka
MyBulletinBoard) ...)
+	TODO: check
+CVE-2010-4625 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly
handle a ...)
+	TODO: check
+CVE-2010-4624 (MyBB (aka MyBulletinBoard) before 1.4.12 allows remote
authenticated ...)
+	TODO: check
+CVE-2010-4623 (WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before
...)
+	TODO: check
+CVE-2010-4622 (Directory traversal vulnerability in WebSEAL in IBM Tivoli
Access ...)
+	TODO: check
+CVE-2010-4621
+	RESERVED
+CVE-2010-4620
+	RESERVED
 CVE-2010-XXXX
 	- gimp <unfixed> (bug #608497)
 CVE-2010-XXXX
@@ -766,8 +812,8 @@
 CVE-2010-4524 [mhonarc XSS]
 	RESERVED
 	- mhonarc <unfixed> (bug #607693)
-CVE-2010-4522
-	RESERVED
+CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka
...)
+	TODO: check
 CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x
...)
 	NOT-FOR-US: mod for Drupal
 CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views
...)
@@ -818,8 +864,8 @@
 	RESERVED
 CVE-2009-5021 (Cobbler before 1.6.1 does not properly determine whether an ...)
 	- cobbler <itp> (bug #545583)
-CVE-2010-4507
-	RESERVED
+CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on
the ...)
+	TODO: check
 CVE-2010-4506
 	RESERVED
 CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader
2.4.4, ...)
@@ -1262,8 +1308,7 @@
 	NOT-FOR-US: Cisco ASA
 CVE-2010-4353
 	RESERVED
-CVE-2010-4352 [dbus stack overflow on excessive number of nested variants]
-	RESERVED
+CVE-2010-4352 (Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1
...)
 	- dbus 1.2.24-4
 CVE-2010-4351
 	RESERVED
@@ -1288,8 +1333,7 @@
 CVE-2010-4343 (drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35
does not ...)
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
-CVE-2010-4342 [linux: NULL pointer dereference in AF_ECONET]
-	RESERVED
+CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux
...)
 	- linux-2.6 <unfixed>
 CVE-2010-4341
 	RESERVED
@@ -1318,8 +1362,8 @@
 	RESERVED
 CVE-2010-4322
 	RESERVED
-CVE-2010-4321
-	RESERVED
+CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx
in ...)
+	TODO: check
 CVE-2010-4320
 	RESERVED
 CVE-2010-4319
@@ -1449,8 +1493,8 @@
 	NOT-FOR-US: Pandora FMS
 CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php
in the ...)
 	NOT-FOR-US: Embedded Video plugin 4.1 for WordPress 
-CVE-2010-4276
-	RESERVED
+CVE-2010-4276 (Cross-site scripting (XSS) vulnerability in the
lz_tracking_set_sessid ...)
+	TODO: check
 CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius
Manager ...)
 	NOT-FOR-US: Radius Manager
 CVE-2010-4274 (reset_diragent_keys in the Common agent in IBM Systems Director
6.2.0 ...)
@@ -1471,8 +1515,7 @@
 	RESERVED
 CVE-2010-4266
 	RESERVED
-CVE-2010-4265 [jboss: CVE-2010-3862 not actually fixed]
-	RESERVED
+CVE-2010-4265 (The ...)
 	- jbossas4 <not-affected> (Red Hat issue, they didn''t include
the fix for CVE-2010-3862 in the update)
 CVE-2010-4264
 	RESERVED
@@ -1492,8 +1535,7 @@
 	NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b
 CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote
...)
 	- fontforge 0.0.20100501-4 (bug #605537)
-CVE-2010-4258 [linux failure to revert address limit override in OOPS error
path]
-	RESERVED
+CVE-2010-4258 (The do_exit function in kernel/exit.c in the Linux kernel before
...)
 	- linux-2.6 2.6.32-29
 CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in
...)
 	{DSA-2138-1}
@@ -1747,8 +1789,7 @@
 CVE-2010-4162
 	RESERVED
 	- linux-2.6 2.6.32-29
-CVE-2010-4161 [linux deadlock]
-	RESERVED
+CVE-2010-4161 (The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain
Red Hat ...)
 	- linux-2.6 2.6.28-1 
 	NOTE: https://bugzilla.redhat.com/CVE-2010-4161
 CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono
2.8 ...)
@@ -1781,8 +1822,7 @@
 CVE-2010-4160
 	RESERVED
 	- linux-2.6 <unfixed> (low)
-CVE-2010-4158
-	RESERVED
+CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux
kernel ...)
 	- linux-2.6 2.6.32-29 (low)
 CVE-2010-4157 (Integer overflow in the ioc_general function in
drivers/scsi/gdth.c in ...)
 	- linux-2.6 2.6.32-28 (low)
@@ -2309,8 +2349,8 @@
 	RESERVED
 CVE-2010-3924
 	RESERVED
-CVE-2010-3923
-	RESERVED
+CVE-2010-3923 (Untrusted search path vulnerability in AttacheCase before 2.70
allows ...)
+	TODO: check
 CVE-2010-3922 (SQL injection vulnerability in Movable Type 4.x before 4.35 and
5.x ...)
 	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
 	TODO: check
@@ -2408,8 +2448,7 @@
 CVE-2010-3879 [fuse: unprivileged user can unmount arbitrary locations via
symlink attack]
 	RESERVED
 	- fuse <unfixed> (bug #602333)
-CVE-2010-3878 [JBoss EAP jmx console FileDeployment CSRF]
-	RESERVED
+CVE-2010-3878 (Cross-site request forgery (CSRF) vulnerability in the JMX
Console in ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
 CVE-2010-3877
 	RESERVED
@@ -2454,8 +2493,7 @@
 	- openssl 0.9.8o-3
 CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not
canonicalize ...)
 	NOT-FOR-US: Apache Shiro / JSecurity
-CVE-2010-3862 [JBoss Remoting Denial-Of-Service]
-	RESERVED
+CVE-2010-3862 (The ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
 CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the
Linux ...)
 	- linux-2.6 2.6.32-29
@@ -2487,16 +2525,13 @@
 	NOT-FOR-US: Red Hat Conga
 CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector
1.5.3 ...)
 	NOT-FOR-US: libguestfs
-CVE-2010-3850
-	RESERVED
+CVE-2010-3850 (The ec_dev_ioctl function in net/econet/af_econet.c in the Linux
...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-28
-CVE-2010-3849
-	RESERVED
+CVE-2010-3849 (The econet_sendmsg function in net/econet/af_econet.c in the
Linux ...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-28
-CVE-2010-3848
-	RESERVED
+CVE-2010-3848 (Stack-based buffer overflow in the econet_sendmsg function in
...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-28
 CVE-2010-3847
@@ -2935,8 +2970,7 @@
 	- php5 5.3.3-3 (bug #601619)
 CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through
5.2.14 ...)
 	- php5 5.3.3-4 (bug #603751)
-CVE-2010-3708 [JBoss drools deserialization remote code execution]
-	RESERVED
+CVE-2010-3708 (The serialization implementation in JBoss Drools in Red Hat
JBoss ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
 CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15
and ...)
 	- dovecot 1.2.15-1
Secure testing commits - Jan 2011 - r15778 - data/CVE

[Secure-testing-commits] r15778 - data/CVE
