thr3ads.net - Secure testing commits - [Secure-testing-commits] r13829

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Jan-15 21:14 UTC
[Secure-testing-commits] r13829 - data/CVE

Author: joeyh
Date: 2010-01-15 21:14:19 +0000 (Fri, 15 Jan 2010)
New Revision: 13829

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-01-15 20:19:46 UTC (rev 13828)
+++ data/CVE/list	2010-01-15 21:14:19 UTC (rev 13829)
@@ -1,3 +1,87 @@
+CVE-2010-0350 (Directory traversal vulnerability in the Photo Book
(goof_fotoboek) ...)
+	TODO: check
+CVE-2010-0349 (Cross-site scripting (XSS) vulnerability in C3 Corp.
WebCalenderC3 ...)
+	TODO: check
+CVE-2010-0348 (Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32
and ...)
+	TODO: check
+CVE-2010-0347 (Cross-site scripting (XSS) vulnerability in the VD / Geomap ...)
+	TODO: check
+CVE-2010-0346 (Cross-site scripting (XSS) vulnerability in the Tip many friends
...)
+	TODO: check
+CVE-2010-0345 (Cross-site scripting (XSS) vulnerability in the Majordomo
extension ...)
+	TODO: check
+CVE-2010-0344 (SQL injection vulnerability in the zak_store_management
extension ...)
+	TODO: check
+CVE-2010-0343 (SQL injection vulnerability in the Clan Users List (pb_clanlist)
...)
+	TODO: check
+CVE-2010-0342 (SQL injection vulnerability in the Reports for Job (job_reports)
...)
+	TODO: check
+CVE-2010-0341 (SQL injection vulnerability in the BB Simple Jobs
(bb_simplejobs) ...)
+	TODO: check
+CVE-2010-0340 (SQL injection vulnerability in the MJS Event Pro (mjseventpro)
...)
+	TODO: check
+CVE-2010-0339 (SQL injection vulnerability in the User Links (vm19_userlinks)
...)
+	TODO: check
+CVE-2010-0338 (SQL injection vulnerability in the TT_Products editor (ttpedit)
...)
+	TODO: check
+CVE-2010-0337 (SQL injection vulnerability in the tt_news Mail alert ...)
+	TODO: check
+CVE-2010-0336 (Unspecified vulnerability in the kiddog_mysqldumper ...)
+	TODO: check
+CVE-2010-0335 (Cross-site scripting (XSS) vulnerability in the Vote rank for
news ...)
+	TODO: check
+CVE-2010-0334 (SQL injection vulnerability in the Vote rank for news ...)
+	TODO: check
+CVE-2010-0333 (SQL injection vulnerability in the Helpdesk (mg_help) extension
1.1.6 ...)
+	TODO: check
+CVE-2010-0332 (SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow)
...)
+	TODO: check
+CVE-2010-0331 (Cross-site scripting (XSS) vulnerability in the TV21 Talkshow
...)
+	TODO: check
+CVE-2010-0330 (SQL injection vulnerability in the Googlemaps for tt_news ...)
+	TODO: check
+CVE-2010-0329 (SQL injection vulnerability in the powermail extension 1.5.1 and
...)
+	TODO: check
+CVE-2010-0328 (Cross-site scripting (XSS) vulnerability in the Unit Converter
...)
+	TODO: check
+CVE-2010-0327 (Cross-site scripting (XSS) vulnerability in the KJ:
Imagelightbox ...)
+	TODO: check
+CVE-2010-0326 (Cross-site scripting (XSS) vulnerability in the Developer log
(devlog) ...)
+	TODO: check
+CVE-2010-0325 (Unspecified vulnerability in the SB Folderdownload
(sb_folderdownload) ...)
+	TODO: check
+CVE-2010-0324 (SQL injection vulnerability in the Customer Reference List
(ref_list) ...)
+	TODO: check
+CVE-2010-0323 (Unspecified vulnerability in the Photo Book (goof_fotoboek)
extension ...)
+	TODO: check
+CVE-2010-0322 (SQL injection vulnerability in the init function in
MK-AnydropdownMenu ...)
+	TODO: check
+CVE-2010-0321 (Cross-site scripting (XSS) vulnerability in jobs/index.php in
Jamit ...)
+	TODO: check
+CVE-2010-0320 (Cross-site scripting (XSS) vulnerability in submitlink.php in
Glitter ...)
+	TODO: check
+CVE-2010-0319 (Cross-site scripting (XSS) vulnerability in index.php in Docmint
1.0 ...)
+	TODO: check
+CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD
7.1, 7.2, ...)
+	TODO: check
+CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote
...)
+	TODO: check
+CVE-2010-0315 (Google Chrome allows remote attackers to discover a
redirect''s target ...)
+	TODO: check
+CVE-2010-0314 (Apple Safari allows remote attackers to discover a
redirect''s target ...)
+	TODO: check
+CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java
System ...)
+	TODO: check
+CVE-2010-0312 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory
Server ...)
+	TODO: check
+CVE-2010-0311 (Unspecified vulnerability in Sun Java System Identity Manager
(aka ...)
+	TODO: check
+CVE-2010-0310 (Trusted Extensions in Sun Solaris 10 allows local users to gain
...)
+	TODO: check
+CVE-2009-4613 (SQL injection vulnerability in realestate20/loginaction.php in
NetArt ...)
+	TODO: check
 CVE-2010-XXXX [zend framework multiple issues]
 	- zendframework 1.9.7-1
 	NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06
@@ -74,8 +158,7 @@
 	RESERVED
 CVE-2010-0281
 	RESERVED
-CVE-2010-0280 [lib3ds memory corruption]
-	RESERVED
+CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in
...)
 	- lib3ds <unfixed> (medium)
 	NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability
 	TODO: check affected versions and file bug
@@ -168,8 +251,8 @@
 	RESERVED
 CVE-2010-0250
 	RESERVED
-CVE-2010-0249
-	RESERVED
+CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6
SP1, ...)
+	TODO: check
 CVE-2010-0248
 	RESERVED
 CVE-2010-0247
@@ -326,8 +409,8 @@
 	RESERVED
 CVE-2010-0185
 	RESERVED
-CVE-2010-0184
-	RESERVED
+CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in
TIBCO ...)
+	TODO: check
 CVE-2010-0183
 	RESERVED
 CVE-2010-0182
@@ -1081,8 +1164,7 @@
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters
in ...)
 	NOT-FOR-US: Winamp
-CVE-2009-4355 [openssl/mod_ssl/php-curl memory leak]
-	RESERVED
+CVE-2009-4355 (Memory leak in the zlib_stateful_finish function in ...)
 	{DSA-1970-1}
 	- openssl <unfixed> (low)
 	[etch] - openssl <not-affected> (affects only 0.9.8f and later)
@@ -1270,12 +1352,11 @@
 	RESERVED
 CVE-2010-0016
 	RESERVED
-CVE-2010-0015 [nis users shadow password leakage]
-	RESERVED
+CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)
2.7 ...)
 	- eglibc 2.10.2-4 (medium; bug #560333)
 	- glibc <removed> (medium)
-CVE-2010-0014
-	RESERVED
+CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the
krb5 ...)
+	TODO: check
 CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol
plugin ...)
 	- pidgin 2.6.5-1 (medium; bug #563206)
 	[lenny] - pidgin <not-affected> (vulnerable code not present)
@@ -1320,8 +1401,7 @@
 	RESERVED
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
-CVE-2010-0002 [mandriva bash issue]
-	RESERVED
+CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash
package for ...)
 	- bash <not-affected> (mandriva-specific packaging issue)
 CVE-2010-0001
 	RESERVED
@@ -1680,8 +1760,8 @@
 	RESERVED
 CVE-2009-4183
 	RESERVED
-CVE-2009-4182
-	RESERVED
+CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2,
when a ...)
+	TODO: check
 CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView
Network ...)
 	NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView
Network ...)
@@ -2132,6 +2212,7 @@
 	RESERVED
 CVE-2009-4012 [libthai integer overflow]
 	RESERVED
+	{DSA-1971-1}
 	- libthai 0.1.13-1
 CVE-2009-4011 [dtc-xen race condition]
 	RESERVED
Secure testing commits - Jan 2010 - r13829 - data/CVE

[Secure-testing-commits] r13829 - data/CVE
