Author: joeyh
Date: 2011-01-04 21:15:31 +0000 (Tue, 04 Jan 2011)
New Revision: 15785
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-01-04 17:24:03 UTC (rev 15784)
+++ data/CVE/list 2011-01-04 21:15:31 UTC (rev 15785)
@@ -1,3 +1,65 @@
+CVE-2011-0285
+ RESERVED
+CVE-2011-0284
+ RESERVED
+CVE-2011-0283
+ RESERVED
+CVE-2011-0282
+ RESERVED
+CVE-2011-0281
+ RESERVED
+CVE-2010-4668 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux
...)
+ TODO: check
+CVE-2010-4667
+ RESERVED
+CVE-2010-4666
+ RESERVED
+CVE-2010-4665
+ RESERVED
+CVE-2010-4664
+ RESERVED
+CVE-2010-4663
+ RESERVED
+CVE-2010-4662
+ RESERVED
+CVE-2010-4661
+ RESERVED
+CVE-2010-4660
+ RESERVED
+CVE-2010-4659
+ RESERVED
+CVE-2010-4658
+ RESERVED
+CVE-2010-4657
+ RESERVED
+CVE-2010-4656
+ RESERVED
+CVE-2010-4655
+ RESERVED
+CVE-2010-4654
+ RESERVED
+CVE-2010-4653
+ RESERVED
+CVE-2010-4652
+ RESERVED
+CVE-2010-4651
+ RESERVED
+CVE-2010-4650
+ RESERVED
+CVE-2010-4649
+ RESERVED
+CVE-2010-4648
+ RESERVED
+CVE-2010-4647
+ RESERVED
+CVE-2010-4646
+ RESERVED
+CVE-2010-4645
+ RESERVED
+CVE-2010-4644
+ RESERVED
+CVE-2010-4643
+ RESERVED
CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise
before ...)
NOT-FOR-US: XWiki
CVE-2010-4641 (SQL injection vulnerability in XWiki Enterprise before 2.5
allows ...)
@@ -769,8 +831,7 @@
RESERVED
CVE-2010-4537
RESERVED
-CVE-2010-4536
- RESERVED
+CVE-2010-4536 (Multiple cross-site scripting (XSS) vulnerabilities in KSES, as
used ...)
- wordpress 3.0.4+dfsg-1
NOTE: http://wordpress.org/news/2010/12/3-0-4-update/
CVE-2010-4535
@@ -801,6 +862,7 @@
RESERVED
- linux-2.6 2.6.32-30
CVE-2010-4528 [pidgin msn issue]
+ RESERVED
- pidgin 2.7.9-1 (bug #608331; medium)
CVE-2010-4527
RESERVED
@@ -809,8 +871,7 @@
RESERVED
CVE-2010-4525
RESERVED
-CVE-2010-4524 [mhonarc XSS]
- RESERVED
+CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in
...)
- mhonarc <unfixed> (bug #607693)
CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka
...)
NOT-FOR-US: MyBB
@@ -1312,14 +1373,11 @@
- dbus 1.2.24-4
CVE-2010-4351
RESERVED
-CVE-2010-4350 [mantisbt local file inclusion]
- RESERVED
+CVE-2010-4350 (Directory traversal vulnerability in
admin/upgrade_unattended.php in ...)
- mantis <not-affected> (admin dir procected in Apache config, see
#607159)
-CVE-2010-4349 [mantisbt path disclosure]
- RESERVED
+CVE-2010-4349 (admin/upgrade_unattended.php in MantisBT before 1.2.4 allows
remote ...)
- mantis <not-affected> (admin dir procected in Apache config, see
#607159)
-CVE-2010-4348 [mantisbt XSS]
- RESERVED
+CVE-2010-4348 (Cross-site scripting (XSS) vulnerability in ...)
- mantis <not-affected> (admin dir procected in Apache config, see
#607159)
CVE-2010-4347 (The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222
...)
- linux-2.6 <not-affected> (Introduced in 2.6.33 and fixed in 2.6.36.2,
we never released an affected kernel)
@@ -1779,15 +1837,12 @@
RESERVED
CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux
kernel ...)
- linux-2.6 2.6.32-28
-CVE-2010-4164
- RESERVED
+CVE-2010-4164 (Multiple integer underflows in the x25_parse_facilities function
in ...)
{DSA-2126-1}
- linux-2.6 2.6.32-28
-CVE-2010-4163
- RESERVED
+CVE-2010-4163 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux
...)
- linux-2.6 2.6.32-29
-CVE-2010-4162
- RESERVED
+CVE-2010-4162 (Multiple integer overflows in fs/bio.c in the Linux kernel
before ...)
- linux-2.6 2.6.32-29
CVE-2010-4161 (The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain
Red Hat ...)
- linux-2.6 2.6.28-1
@@ -2383,7 +2438,7 @@
NOT-FOR-US: vtiger CRM
CVE-2010-3908
RESERVED
-CVE-2010-3907 [videolan SA 1007]
+CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin
in ...)
- vlc 1.1.3-1squeeze1
CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and
earlier ...)
- git-core <removed>
@@ -2450,23 +2505,19 @@
- fuse <unfixed> (bug #602333)
CVE-2010-3878 (Cross-site request forgery (CSRF) vulnerability in the JMX
Console in ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
-CVE-2010-3877
- RESERVED
+CVE-2010-3877 (The get_name function in net/tipc/socket.c in the Linux kernel
before ...)
{DSA-2126-1}
- linux-2.6 <unfixed> (low)
-CVE-2010-3876
- RESERVED
+CVE-2010-3876 (net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2
does not ...)
{DSA-2126-1}
- linux-2.6 <unfixed> (low)
-CVE-2010-3875
- RESERVED
+CVE-2010-3875 (The ax25_getname function in net/ax25/af_ax25.c in the Linux
kernel ...)
{DSA-2126-1}
- linux-2.6 <unfixed> (low)
CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in ...)
{DSA-2126-1}
- linux-2.6 <unfixed> (unimportant)
-CVE-2010-3873
- RESERVED
+CVE-2010-3873 (The X.25 implementation in the Linux kernel before 2.6.36.2 does
not ...)
{DSA-2126-1}
- linux-2.6 2.6.32-28 (low)
CVE-2010-3872 (The apr_status_t fcgid_header_bucket_read function in
fcgid_bucket.c ...)
@@ -3661,8 +3712,7 @@
RESERVED
CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback
before ...)
NOT-FOR-US: Redback
-CVE-2010-3448 [Linux ThinkPad video output status local DoS]
- RESERVED
+CVE-2010-3448 (drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before
2.6.34 ...)
{DSA-2126-1}
- linux-2.6 2.6.32-12 (bug #565790; unimportant)
NOTE: this is more of a hardware bug rather than a security issue
@@ -8433,8 +8483,8 @@
RESERVED
CVE-2010-1678
RESERVED
-CVE-2010-1677
- RESERVED
+CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of
service ...)
+ TODO: check
CVE-2010-1676 (Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x
before ...)
{DSA-2136-1}
- tor 0.2.1.26-6