thr3ads.net - Secure testing commits - [Secure-testing-commits] r13885

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Jan-22 21:15 UTC
[Secure-testing-commits] r13885 - data/CVE

Author: joeyh
Date: 2010-01-22 21:15:00 +0000 (Fri, 22 Jan 2010)
New Revision: 13885

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-01-22 16:40:56 UTC (rev 13884)
+++ data/CVE/list	2010-01-22 21:15:00 UTC (rev 13885)
@@ -1,3 +1,35 @@
+CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash
ActiveX ...)
+	TODO: check
+CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as
...)
+	TODO: check
+CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP
MySpace ...)
+	TODO: check
+CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in
...)
+	TODO: check
+CVE-2010-0375 (SQL injection vulnerability in product_list.php in JCE-Tech PHP
...)
+	TODO: check
+CVE-2010-0374 (Cross-site scripting (XSS) vulnerability in the Marketplace ...)
+	TODO: check
+CVE-2010-0373 (SQL injection vulnerability in the libros (com_libros) component
for ...)
+	TODO: check
+CVE-2010-0372 (SQL injection vulnerability in the Articlemanager
(com_articlemanager) ...)
+	TODO: check
+CVE-2010-0371 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2010-0370 (Cross-site scripting (XSS) vulnerability in the Node Blocks
module ...)
+	TODO: check
+CVE-2010-0369
+	RESERVED
+CVE-2010-0368
+	RESERVED
+CVE-2010-0367 (Multiple PHP remote file inclusion vulnerabilities in BitScripts
Bits ...)
+	TODO: check
+CVE-2010-0366 (Multiple unrestricted file upload vulnerabilities in (1)
register.php ...)
+	TODO: check
+CVE-2010-0365 (Cross-site scripting (XSS) vulnerability in search.php in
BitScripts ...)
+	TODO: check
+CVE-2010-0364 (Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6
allows ...)
+	TODO: check
 CVE-2010-0363 (Cross-site scripting (XSS) vulnerability in Zeus Web Server
before ...)
 	NOT-FOR-US: Zeus Web Server
 CVE-2010-0362 (Zeus Web Server before 4.3r5 does not use random transaction IDs
for ...)
@@ -230,17 +262,20 @@
 	RESERVED
 CVE-2010-0289 [dokuwiki CSRF]
 	RESERVED
+	{DSA-1976-1}
 	- dokuwiki 0.0.20090214b-3.1 (low)
 	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
 	NOTE: http://secunia.com/advisories/38205/
 CVE-2010-0288 [dokuwiki insufficient permissions checks, allowing attacker to
change ACLs]
 	RESERVED
+	{DSA-1976-1}
 	- dokuwiki 0.0.20090214b-3.1 (medium; bug #565406)
 	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
 	NOTE: http://bugs.splitbrain.org/index.php?do=details&task_id=1847
 	NOTE: issue being exploited
 CVE-2010-0287 [dokuwiki directory structure information leak]
 	RESERVED
+	{DSA-1976-1}
 	- dokuwiki 0.0.20090214b-3.1 (low)
 	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
 	NOTE: http://secunia.com/advisories/38205/
@@ -390,8 +425,8 @@
 	RESERVED
 CVE-2010-0233
 	RESERVED
-CVE-2010-0232
-	RESERVED
+CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7,
including ...)
+	TODO: check
 CVE-2010-0231
 	RESERVED
 CVE-2010-0230
@@ -605,10 +640,10 @@
 	RESERVED
 CVE-2010-0139
 	RESERVED
-CVE-2010-0138
-	RESERVED
-CVE-2010-0137
-	RESERVED
+CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance
Monitor ...)
+	TODO: check
+CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in
the SSH ...)
+	TODO: check
 CVE-2010-0136
 	RESERVED
 CVE-2010-0135
@@ -1457,7 +1492,7 @@
 	RESERVED
 CVE-2010-0019
 	RESERVED
-CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine in
...)
+CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-0017
 	RESERVED
@@ -2355,10 +2390,10 @@
 CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in
the ...)
 	- linux-2.6 2.6.32-1 (low)
 	- linux-2.6.24 <removed> (low)
-CVE-2009-4003
-	RESERVED
-CVE-2009-4002
-	RESERVED
+CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before
11.5.6.606 ...)
+	TODO: check
+CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before
11.5.6.606 ...)
+	TODO: check
 CVE-2009-4001
 	RESERVED
 CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs
in HP ...)
@@ -2658,8 +2693,8 @@
 	NOTE: All Debian kernels have MMU support enabled
 CVE-2009-3887 [evolution path traversal]
 	RESERVED
-        - evolution <unfixed>
-        NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
+	- evolution <unfixed>
+	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update
17 ...)
 	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
@@ -3184,8 +3219,8 @@
 	NOTE: http://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
 CVE-2009-3721 [evolution buffer overflow]
 	RESERVED
-        - evolution <unfixed>
-        NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
+	- evolution <unfixed>
+	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
 CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in
Expat ...)
 	{DSA-1921-1}
 	- expat 2.0.1-5 (low; bug #551936)
Secure testing commits - Jan 2010 - r13885 - data/CVE

[Secure-testing-commits] r13885 - data/CVE
