thr3ads.net - Secure testing commits - [Secure-testing-commits] r14085

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Feb-12 21:14 UTC
[Secure-testing-commits] r14085 - data/CVE

Author: joeyh
Date: 2010-02-12 21:14:28 +0000 (Fri, 12 Feb 2010)
New Revision: 14085

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-02-12 18:28:04 UTC (rev 14084)
+++ data/CVE/list	2010-02-12 21:14:28 UTC (rev 14085)
@@ -1,3 +1,131 @@
+CVE-2010-0627
+	RESERVED
+CVE-2010-0626
+	RESERVED
+CVE-2010-0625
+	RESERVED
+CVE-2010-0624
+	RESERVED
+CVE-2010-0621
+	RESERVED
+CVE-2010-0620
+	RESERVED
+CVE-2010-0619
+	RESERVED
+CVE-2010-0618
+	RESERVED
+CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI
...)
+	TODO: check
+CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database,
which ...)
+	TODO: check
+CVE-2010-0615 (Cross-site scripting (XSS) vulnerability in assess.php in
evalSMSI ...)
+	TODO: check
+CVE-2010-0614 (SQL injection vulnerability in ajax.php in evalSMSI 2.1.03
allows ...)
+	TODO: check
+CVE-2010-0613 (Directory traversal vulnerability in viewfile.php in ARWScripts
Fonts ...)
+	TODO: check
+CVE-2010-0612 (Unspecified vulnerability in DocumentManager before 4.0 has
unknown ...)
+	TODO: check
+CVE-2010-0611 (Multiple SQL injection vulnerabilities in adminlogin.php in Baal
...)
+	TODO: check
+CVE-2010-0610 (Multiple SQL injection vulnerabilities in the Photoblog ...)
+	TODO: check
+CVE-2010-0609 (SQL injection vulnerability in header.php in NovaBoard 1.1.2
allows ...)
+	TODO: check
+CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2
allows ...)
+	TODO: check
+CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in
Forms/status_statistics_1 ...)
+	TODO: check
+CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in
osTicket ...)
+	TODO: check
+CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before
1.6.0 ...)
+	TODO: check
+CVE-2010-0604
+	RESERVED
+CVE-2010-0603
+	RESERVED
+CVE-2010-0602
+	RESERVED
+CVE-2010-0601
+	RESERVED
+CVE-2010-0600
+	RESERVED
+CVE-2010-0599
+	RESERVED
+CVE-2010-0598
+	RESERVED
+CVE-2010-0597
+	RESERVED
+CVE-2010-0596
+	RESERVED
+CVE-2010-0595
+	RESERVED
+CVE-2010-0594
+	RESERVED
+CVE-2010-0593
+	RESERVED
+CVE-2010-0592
+	RESERVED
+CVE-2010-0591
+	RESERVED
+CVE-2010-0590
+	RESERVED
+CVE-2010-0589
+	RESERVED
+CVE-2010-0588
+	RESERVED
+CVE-2010-0587
+	RESERVED
+CVE-2010-0586
+	RESERVED
+CVE-2010-0585
+	RESERVED
+CVE-2010-0584
+	RESERVED
+CVE-2010-0583
+	RESERVED
+CVE-2010-0582
+	RESERVED
+CVE-2010-0581
+	RESERVED
+CVE-2010-0580
+	RESERVED
+CVE-2010-0579
+	RESERVED
+CVE-2010-0578
+	RESERVED
+CVE-2010-0577
+	RESERVED
+CVE-2010-0576
+	RESERVED
+CVE-2010-0575
+	RESERVED
+CVE-2010-0574
+	RESERVED
+CVE-2010-0573
+	RESERVED
+CVE-2010-0572
+	RESERVED
+CVE-2010-0571
+	RESERVED
+CVE-2010-0570
+	RESERVED
+CVE-2010-0569
+	RESERVED
+CVE-2010-0568
+	RESERVED
+CVE-2010-0567
+	RESERVED
+CVE-2010-0566
+	RESERVED
+CVE-2010-0565
+	RESERVED
+CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus
interface ...)
+	TODO: check
+CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its
activation ...)
+	TODO: check
+CVE-2001-1586
+	RESERVED
 CVE-2010-XXXX [multiple mod_security issues]
 	- libapache-mod-security <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455
@@ -3,9 +131,11 @@
 	TODO: check
 CVE-2010-0623 [futex refcount leak]
+	RESERVED
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
 CVE-2010-0622 [futex null ptr dereference]
+	RESERVED
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
@@ -334,8 +464,8 @@
 	RESERVED
 CVE-2010-0446
 	RESERVED
-CVE-2010-0445
-	RESERVED
+CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10,
8.11, ...)
+	TODO: check
 CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10
uses a ...)
 	TODO: check
 CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS)
before ...)
@@ -402,8 +532,7 @@
 	RESERVED
 	- linux-2.6 2.6.32-8
 	- linux-2.6.24 <removed>
-CVE-2010-0414 [gnome-screensaver vulnerability]
-	RESERVED
+CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate
attackers ...)
 	- gnome-screensaver 2.28.2-1 (bug #569084)
 	[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
 	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
@@ -982,12 +1111,12 @@
 	RESERVED
 CVE-2010-0253
 	RESERVED
-CVE-2010-0252
-	RESERVED
+CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office
Excel ...)
+	TODO: check
 CVE-2010-0251
 	RESERVED
-CVE-2010-0250
-	RESERVED
+CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX,
as used ...)
+	TODO: check
 CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6
SP1, ...)
 	NOT-FOR-US: Microsoft
 CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly
...)
@@ -1000,16 +1129,16 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly
...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2010-0243
-	RESERVED
-CVE-2010-0242
-	RESERVED
-CVE-2010-0241
-	RESERVED
-CVE-2010-0240
-	RESERVED
-CVE-2010-0239
-	RESERVED
+CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office
2004 ...)
+	TODO: check
+CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
+	TODO: check
+CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
+	TODO: check
+CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
+	TODO: check
+CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
+	TODO: check
 CVE-2010-0238
 	RESERVED
 CVE-2010-0237
@@ -1020,12 +1149,12 @@
 	RESERVED
 CVE-2010-0234
 	RESERVED
-CVE-2010-0233
-	RESERVED
+CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
+	TODO: check
 CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7,
including ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-0231
-	RESERVED
+CVE-2010-0231 (The SMB implementation in the Server service in Microsoft
Windows 2000 ...)
+	TODO: check
 CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to
listen ...)
 	- postfix <not-affected> (SUSE-specific packaging issue)
 CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB
flash ...)
@@ -1230,12 +1359,12 @@
 	RESERVED
 CVE-2010-0146
 	RESERVED
-CVE-2010-0145
-	RESERVED
-CVE-2010-0144
-	RESERVED
-CVE-2010-0143
-	RESERVED
+CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the
Cisco ...)
+	TODO: check
+CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in
the ...)
+	TODO: check
+CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the
...)
+	TODO: check
 CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and
possibly ...)
 	NOT-FOR-US: Cisco Unified MeetingPlace
 CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and
possibly ...)
@@ -1250,6 +1379,7 @@
 	NOT-FOR-US: Cisco IOS XR
 CVE-2010-0136
 	RESERVED
+	{DSA-1995-1}
 CVE-2010-0135
 	RESERVED
 CVE-2010-0134
@@ -2068,46 +2198,46 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2
...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2010-0035
-	RESERVED
-CVE-2010-0034
-	RESERVED
-CVE-2010-0033
-	RESERVED
-CVE-2010-0032
-	RESERVED
-CVE-2010-0031
-	RESERVED
-CVE-2010-0030
-	RESERVED
-CVE-2010-0029
-	RESERVED
-CVE-2010-0028
-	RESERVED
-CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer
7 and ...)
+CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft
Windows ...)
+	TODO: check
+CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003
SP3 ...)
+	TODO: check
+CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003
SP3 ...)
+	TODO: check
+CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002
SP3 ...)
+	TODO: check
+CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and
2003 ...)
+	TODO: check
+CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002
SP3 and ...)
+	TODO: check
+CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows
remote ...)
+	TODO: check
+CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2
and ...)
+	TODO: check
+CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer
5.01, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2010-0026
-	RESERVED
+CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server
2008 ...)
+	TODO: check
 CVE-2010-0025
 	RESERVED
 CVE-2010-0024
 	RESERVED
-CVE-2010-0023
-	RESERVED
-CVE-2010-0022
-	RESERVED
-CVE-2010-0021
-	RESERVED
-CVE-2010-0020
-	RESERVED
+CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft
Windows 2000 ...)
+	TODO: check
+CVE-2010-0022 (The SMB implementation in the Server service in Microsoft
Windows 2000 ...)
+	TODO: check
+CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server
...)
+	TODO: check
+CVE-2010-0020 (The SMB implementation in the Server service in Microsoft
Windows 2000 ...)
+	TODO: check
 CVE-2010-0019
 	RESERVED
 CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-0017
-	RESERVED
-CVE-2010-0016
-	RESERVED
+CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft
Windows ...)
+	TODO: check
+CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP
SP2 ...)
+	TODO: check
 CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)
2.7 ...)
 	{DSA-1973-1}
 	- eglibc 2.10.2-4 (medium; bug #560333)
@@ -3803,8 +3933,8 @@
 	NOTE: the dlopened path is always below /usr/lib/heartbeat, which
isn''t under control of an attacker
 	NOTE: From Squeeze onwards the system copy of ltdl is used, use the current
version from Squeeze,
 	NOTE: might''ve been fixed earlier
-CVE-2009-3735
-	RESERVED
+CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before
...)
+	TODO: check
 CVE-2009-3734 (Unspecified vulnerability in the management console in the S2
Security ...)
 	NOT-FOR-US: S2 Security Linear eMerge Access Control System
 CVE-2009-XXXX [mandos 0600 file being included in initrd]
@@ -5045,8 +5175,10 @@
 	- gforge 4.8.1-3 (low)
 CVE-2009-3302
 	RESERVED
+	{DSA-1995-1}
 CVE-2009-3301
 	RESERVED
+	{DSA-1995-1}
 CVE-2009-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the
Identity ...)
 	{DSA-1947-1}
 	- shibboleth-sp2 2.3+dfsg-1 (medium; bug #555608)
@@ -6426,8 +6558,10 @@
 	NOT-FOR-US: LogMeIn
 CVE-2009-2950
 	RESERVED
+	{DSA-1995-1}
 CVE-2009-2949
 	RESERVED
+	{DSA-1995-1}
 CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3
before ...)
 	{DSA-1908-1}
 	- samba 2:3.4.2-1 (medium; bug #550423)
@@ -16026,7 +16160,7 @@
 CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch
...)
 	NOT-FOR-US: IntraLaunch Application Launcher ActiveX control
 CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing
(XMLDsig) ...)
-	{DSA-1849-1}
+	{DSA-1995-1 DSA-1849-1}
 	- xml-security-c 1.4.0-4
 	- xmlsec1 1.2.12-1
 	- mono 2.4.2.3+dfsg-1
Secure testing commits - Feb 2010 - r14085 - data/CVE

[Secure-testing-commits] r14085 - data/CVE
