Author: joeyh Date: 2010-02-25 21:14:52 +0000 (Thu, 25 Feb 2010) New Revision: 14155 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-02-25 03:29:31 UTC (rev 14154) +++ data/CVE/list 2010-02-25 21:14:52 UTC (rev 14155) @@ -1,3 +1,33 @@ +CVE-2010-0704 (Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM ...) + TODO: check +CVE-2010-0703 (Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL ...) + TODO: check +CVE-2010-0702 (SQL injection vulnerability in cisco/services/PhonecDirectory.php in ...) + TODO: check +CVE-2010-0701 (SQL injection vulnerability in ForceChangePassword.jsp in Newgen ...) + TODO: check +CVE-2010-0700 (Cross-site scripting (XSS) vulnerability in index.php in WampServer ...) + TODO: check +CVE-2010-0699 (Cross-site scripting (XSS) vulnerability in index.php in ...) + TODO: check +CVE-2010-0698 (SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC ...) + TODO: check +CVE-2010-0697 (Cross-site scripting (XSS) vulnerability in the iTweak Upload module ...) + TODO: check +CVE-2010-0696 (Directory traversal vulnerability in includes/download.php in the ...) + TODO: check +CVE-2010-0695 (Cross-site scripting (XSS) vulnerability in pages/index.php in ...) + TODO: check +CVE-2010-0694 (SQL injection vulnerability in the PerchaGallery (com_perchagallery) ...) + TODO: check +CVE-2010-0693 (SQL injection vulnerability in products.php in CommodityRentals Trade ...) + TODO: check +CVE-2010-0692 (SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) ...) + TODO: check +CVE-2010-0691 (SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows ...) + TODO: check +CVE-2010-0690 (SQL injection vulnerability in index.php in CommodityRentals Video ...) + TODO: check CVE-2010-0689 RESERVED CVE-2010-0688 @@ -6,14 +36,14 @@ RESERVED CVE-2010-0686 RESERVED -CVE-2010-0685 - RESERVED +CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source ...) + TODO: check CVE-2010-0684 RESERVED CVE-2010-0683 RESERVED -CVE-2010-0682 - RESERVED +CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...) + TODO: check CVE-2010-XXXX [multiple typo issues] - typo3-src <unfixed> (bug #571151) CVE-2010-0681 (ZeusCMS 0.2 stores sensitive information under the web root with ...) @@ -144,8 +174,8 @@ NOT-FOR-US: Cisco Collaboration Server CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Cisco Collaboration Server -CVE-2010-0640 - RESERVED +CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance ...) + TODO: check CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 ...) TODO: check CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 ...) @@ -214,8 +244,8 @@ RESERVED CVE-2010-0621 RESERVED -CVE-2010-0620 - RESERVED +CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase ...) + TODO: check CVE-2010-0619 RESERVED CVE-2010-0618 @@ -718,25 +748,21 @@ RESERVED - sudo <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4 -CVE-2010-0426 [sudoedit arbitrary code execution] - RESERVED +CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a ...) - sudo <unfixed> (bug #570737) NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4 CVE-2010-0425 RESERVED CVE-2010-0424 RESERVED -CVE-2010-0423 [pidgin remote denial-of-service] - RESERVED +CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a ...) - pidgin 2.6.6-1 (low) -CVE-2010-0422 [another gnome-screensaver issue] - RESERVED +CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize ...) - gnome-screensaver 2.28.3-1 [lenny] - gnome-screensaver <not-affected> (Vulnerable code not present) CVE-2010-0421 RESERVED -CVE-2010-0420 [pidgin crash] - RESERVED +CVE-2010-0420 (libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user ...) - pidgin 2.6.6-1 (low) CVE-2010-0419 RESERVED @@ -756,8 +782,8 @@ [lenny] - gnome-screensaver <not-affected> (Vulnerable code not present) CVE-2010-0413 RESERVED -CVE-2010-0412 - RESERVED +CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of ...) + TODO: check CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) ...) - systemtap <unfixed> (low; bug #568809) [lenny] - systemtap <not-affected> (Vulnerable code not present) @@ -1226,8 +1252,7 @@ - typo3-src 4.3.1-1 (bug #567163) [lenny] - typo3-src <not-affected> (Only affects 4.3.x) NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/ -CVE-2010-0285 [gnome screensaver not locking second screen] - RESERVED +CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the ...) - gnome-screensaver <unfixed> (low) NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=593616 @@ -1279,7 +1304,7 @@ NOT-FOR-US: PHP Inventory CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows ...) NOT-FOR-US: PHP Inventory -CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and ...) +CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, ...) - pidgin 2.6.6-1 (low; bug #566775) CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for ...) NOT-FOR-US: IBM Lotus iNotes @@ -1487,8 +1512,8 @@ RESERVED CVE-2010-0190 RESERVED -CVE-2010-0189 - RESERVED +CVE-2010-0189 (Unspecified vulnerability in Adobe Download Manager allows remote ...) + TODO: check CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...) NOT-FOR-US: Adobe Reader CVE-2010-0187 (Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 ...) @@ -1582,12 +1607,12 @@ NOT-FOR-US: Cisco CVE-2010-0149 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) NOT-FOR-US: Cisco -CVE-2010-0148 - RESERVED -CVE-2010-0147 - RESERVED -CVE-2010-0146 - RESERVED +CVE-2010-0148 (Unspecified vulnerability in Cisco Security Agent 5.2 before ...) + TODO: check +CVE-2010-0147 (SQL injection vulnerability in the Management Center for Cisco ...) + TODO: check +CVE-2010-0146 (Directory traversal vulnerability in the Management Center for Cisco ...) + TODO: check CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco ...) NOT-FOR-US: Cisco IronPort Encryption Appliance CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the ...) @@ -1641,10 +1666,10 @@ RESERVED CVE-2010-0120 RESERVED -CVE-2010-0119 - RESERVED -CVE-2010-0118 - RESERVED +CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, ...) + TODO: check +CVE-2010-0118 (Bournal before 1.4.1 allows local users to overwrite arbitrary files ...) + TODO: check CVE-2010-0117 RESERVED CVE-2010-0116 @@ -1755,10 +1780,10 @@ RESERVED CVE-2010-0109 RESERVED -CVE-2010-0108 (Buffer overflow in an ActiveX control in the Symantec Client Proxy ...) +CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the ...) NOT-FOR-US: Symantec AntiVirus -CVE-2010-0107 - RESERVED +CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 ...) + TODO: check CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before ...) NOT-FOR-US: Symantec AntiVirus CVE-2010-0105 @@ -6423,8 +6448,8 @@ NOT-FOR-US: onlinetools.org EasyImageCatalogue CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan ...) NOT-FOR-US: Nuked-Klan -CVE-2009-3036 - RESERVED +CVE-2009-3036 (Cross-site scripting (XSS) vulnerability in the console in Symantec IM ...) + TODO: check CVE-2009-3035 (The web console in Symantec Altiris Notification Server 6.0.x before ...) NOT-FOR-US: Symantec Altiris Notification Server CVE-2009-3034