thr3ads.net - Secure testing commits - [Secure-testing-commits] r14169

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Mar-01 21:14 UTC
[Secure-testing-commits] r14169 - data/CVE

Author: joeyh
Date: 2010-03-01 21:14:35 +0000 (Mon, 01 Mar 2010)
New Revision: 14169

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-03-01 18:34:30 UTC (rev 14168)
+++ data/CVE/list	2010-03-01 21:14:35 UTC (rev 14169)
@@ -1,48 +1,126 @@
-CVE-2010-0725
+CVE-2010-0760 (Multiple directory traversal vulnerabilities in the Core Design
...)
+	TODO: check
+CVE-2010-0759 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2010-0758 (SQL injection vulnerability in news_desc.php in Softbiz Jobs
allows ...)
+	TODO: check
+CVE-2010-0757 (Unrestricted file upload vulnerability in index.php/Attach in
WikyBlog ...)
+	TODO: check
+CVE-2010-0756 (Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows
remote ...)
+	TODO: check
+CVE-2010-0755 (PHP remote file inclusion vulnerability in include/WBmap.php in
...)
+	TODO: check
+CVE-2010-0754 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2010-0753 (SQL injection vulnerability in the SQL Reports (com_sqlreport)
...)
+	TODO: check
+CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type
module ...)
+	TODO: check
+CVE-2010-0751
+	RESERVED
+CVE-2010-0750
+	RESERVED
+CVE-2010-0749
+	RESERVED
+CVE-2010-0748
+	RESERVED
+CVE-2010-0747
+	RESERVED
+CVE-2010-0746
+	RESERVED
+CVE-2010-0745
+	RESERVED
+CVE-2010-0744
+	RESERVED
+CVE-2010-0743
+	RESERVED
+CVE-2010-0742
+	RESERVED
+CVE-2010-0741
+	RESERVED
+CVE-2010-0740
+	RESERVED
+CVE-2010-0739
+	RESERVED
+CVE-2010-0738
+	RESERVED
+CVE-2010-0737
+	RESERVED
+CVE-2010-0736
+	RESERVED
+CVE-2010-0735
+	RESERVED
+CVE-2010-0734
+	RESERVED
+CVE-2010-0733
+	RESERVED
+CVE-2010-0732
+	RESERVED
+CVE-2010-0731
+	RESERVED
+CVE-2010-0730
+	RESERVED
+CVE-2010-0729
+	RESERVED
+CVE-2010-0728
+	RESERVED
+CVE-2010-0727
+	RESERVED
+CVE-2010-0726
+	RESERVED
+CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded
in ...)
+	TODO: check
+CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in
...)
+	TODO: check
+CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server
6.0 SP3 ...)
+	TODO: check
+CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server
4.1 ...)
+	TODO: check
+CVE-2010-0725 (Cross-site scripting (XSS) vulnerability in showimg.php in Arab
Cart ...)
 	NOT-FOR-US: Arab Cart
-CVE-2010-0724
+CVE-2010-0724 (SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0
allows ...)
 	NOT-FOR-US: Arab Cart
-CVE-2010-0723
+CVE-2010-0723 (SQL injection vulnerability in news.php in Ero Auktion 2.0 and
2010 ...)
 	NOT-FOR-US: Ero Auktion
-CVE-2010-0722
+CVE-2010-0722 (SQL injection vulnerability in news.php in Php Auktion Pro
allows ...)
 	NOT-FOR-US: Php Auktion Pro
-CVE-2010-0721
+CVE-2010-0721 (SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0
...)
 	NOT-FOR-US: Auktionshaus Gelb
-CVE-2010-0720
+CVE-2010-0720 (SQL injection vulnerability in news.php in Erotik Auktionshaus
allows ...)
 	NOT-FOR-US: Erotik Auktionshaus
-CVE-2010-0719
+CVE-2010-0719 (An unspecified API in Microsoft Windows 2000, Windows XP,
Windows ...)
 	NOT-FOR-US: Microsoft
-CVE-2010-0718
+CVE-2010-0718 (Buffer overflow in Microsoft Windows Media Player 9 and
11.0.5721.5145 ...)
 	NOT-FOR-US: Microsoft
-CVE-2010-0716
+CVE-2010-0716 (_layouts/Upload.aspx in the Documents module in Microsoft
SharePoint ...)
 	NOT-FOR-US: Microsoft
-CVE-2010-0715
+CVE-2010-0715 (Open redirect vulnerability in login.jsp in IBM WebSphere
Portal, IBM ...)
 	NOT-FOR-US: IBM WebSphere Portal
-CVE-2010-0714
+CVE-2010-0714 (Cross-site scripting (XSS) vulnerability in login.jsp in IBM
WebSphere ...)
 	NOT-FOR-US: IBM WebSphere Portal
-CVE-2010-0713
+CVE-2010-0713 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Zenoss ...)
 	NOT-FOR-US: Zenoss
-CVE-2010-0712
+CVE-2010-0712 (Multiple SQL injection vulnerabilities in ...)
 	NOT-FOR-US: Zenoss
-CVE-2010-0711
+CVE-2010-0711 (Cross-site request forgery (CSRF) vulnerability in default.asp
in ...)
 	NOT-FOR-US: ASPCode CMS
-CVE-2010-0710
+CVE-2010-0710 (SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8,
2.0.0 ...)
 	NOT-FOR-US: ASPCode CMS
-CVE-2010-0709
+CVE-2010-0709 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Limny ...)
 	NOT-FOR-US: Limny
-CVE-2010-0708
+CVE-2010-0708 (Multiple unspecified vulnerabilities in (1) ns-slapd and (2)
slapd.exe ...)
 	NOT-FOR-US: Sun Directory Server Enterprise Edition
-CVE-2010-0707
+CVE-2010-0707 (Cross-site request forgery (CSRF) vulnerability in add_user.php
in ...)
 	NOT-FOR-US: Employee Timeclock Software
-CVE-2010-0706
+CVE-2010-0706 (Cross-site scripting (XSS) vulnerability in the login/prompt
component ...)
 	NOT-FOR-US: Subex Nikira Fraud Management System
-CVE-2010-0705
+CVE-2010-0705 (Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before
5.0.418.0 ...)
 	NOT-FOR-US: Windows 2000
-CVE-2009-4655
+CVE-2009-4655 (The dhost web service in Novell eDirectory 8.8.5 uses a
predictable ...)
 	NOT-FOR-US: Novell eDirectory
-CVE-2009-4654
+CVE-2009-4654 (Stack-based buffer overflow in the dhost module in Novell
eDirectory ...)
 	NOT-FOR-US: Novell eDirectory
-CVE-2009-4653
+CVE-2009-4653 (Stack-based buffer overflow in the dhost module in Novell
eDirectory ...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2010-0704 (Cross-site scripting (XSS) vulnerability in the Portlet Palette
in IBM ...)
 	NOT-FOR-US: IBM WebSphere Portal
@@ -74,8 +152,7 @@
 	NOT-FOR-US: JTL-Shop
 CVE-2010-0690 (SQL injection vulnerability in index.php in CommodityRentals
Video ...)
 	NOT-FOR-US: CommodityRentals Video Games Rentals
-CVE-2010-0689
-	RESERVED
+CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control
...)
 	NOT-FOR-US: ActiveX
 CVE-2010-0688
 	RESERVED
@@ -87,8 +164,7 @@
 	TODO: check
 CVE-2010-0684
 	RESERVED
-CVE-2010-0683
-	RESERVED
+CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO
Administrator ...)
 	NOT-FOR-US: TIBCO Administrator
 CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to
read ...)
 	TODO: check
@@ -121,12 +197,12 @@
 	NOT-FOR-US: KR MEDIA Pogodny CMS
 CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks)
...)
 	NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component
-CVE-2010-0669
-	RESERVED
-CVE-2010-0668
-	RESERVED
-CVE-2010-0667
-	RESERVED
+CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly
...)
+	TODO: check
+CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x
...)
+	TODO: check
+CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing
of ...)
+	TODO: check
 CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5
Patch ...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information
under ...)
@@ -147,8 +223,8 @@
 	NOT-FOR-US: Accellion Secure File Transfer Appliance
 CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows
remote ...)
 	NOT-FOR-US: Accellion Secure File Transfer Appliance
-CVE-2005-4886
-	RESERVED
+CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c
in the ...)
+	TODO: check
 CVE-2010-XXXX [konversation DoS]
 	- konversation 1.2.3-1 (low)
 	NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
@@ -426,7 +502,7 @@
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
 CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel
...)
-	{DSA-2004-1 DSA-2003-1}
+	{DSA-2005-1 DSA-2003-1}
 	- linux-2.6 2.6.32-9 
 	- linux-2.6.24 <removed>
 CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in
...)
@@ -797,8 +873,7 @@
 	RESERVED
 CVE-2010-0428
 	RESERVED
-CVE-2010-0427 [sudo fails to reset cached groups]
-	RESERVED
+CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is
used, ...)
 	- sudo <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
 CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a ...)
@@ -806,8 +881,8 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
 CVE-2010-0425
 	RESERVED
-CVE-2010-0424
-	RESERVED
+CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4
and (2) ...)
+	TODO: check
 CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to
cause a ...)
 	- pidgin 2.6.6-1 (low)
 CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly
synchronize ...)
@@ -826,7 +901,7 @@
 CVE-2010-0416 (Buffer overflow in the Unescape function in
common/util/hxurl.cpp and ...)
 	TODO: check
 CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel
before ...)
-	{DSA-2004-1 DSA-2003-1 DSA-1996-1}
+	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
 	- linux-2.6 2.6.32-8
 	- linux-2.6.24 <removed>
 CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate
attackers ...)
@@ -843,7 +918,7 @@
 	[etch] - systemtap <no-dsa> (Minor issue)
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
 CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before
2.6.32.8 ...)
-	{DSA-2004-1 DSA-2003-1 DSA-1996-1}
+	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
 	- linux-2.6 2.6.32-8 
 	- linux-2.6.24 <removed>
 	NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7
@@ -1280,7 +1355,7 @@
 	{DSA-1992-1}
 	- chrony 1.23-7 (medium)
 CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain
privileges ...)
-	{DSA-2004-1 DSA-1996-1}
+	{DSA-2005-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6
 CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4
before ...)
 	- bind9 <unfixed>
@@ -1565,7 +1640,7 @@
 	RESERVED
 CVE-2010-0190
 	RESERVED
-CVE-2010-0189 (Unspecified vulnerability in Adobe Download Manager allows
remote ...)
+CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download
Manager ...)
 	NOT-FOR-US: Adobe Download Manager
 CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before
8.2.1 ...)
 	NOT-FOR-US: Adobe Reader
@@ -1861,7 +1936,7 @@
 CVE-2010-0096
 	RESERVED
 CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux
kernel ...)
-	{DSA-2004-1 DSA-1996-1}
+	{DSA-2005-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6 (low; bug #564114)
 	[etch] - linux-2.6 <not-affected> (does not have e1000e driver)
 	- linux-2.6.24 <removed> (low)
@@ -1870,7 +1945,7 @@
 	- linux-2.6 <unfixed> (medium; bug #564110)
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux
kernel ...)
-	{DSA-2004-1 DSA-2003-1 DSA-1996-1}
+	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6 (low; bug #564114)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the
...)
@@ -2566,8 +2641,7 @@
 	TODO: check affected versions
 	NOTE: http://trac.transmissionbt.com/changeset/9829/
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/500625
-CVE-2010-0011 [remote code execution through the "run" function]
-	RESERVED
+CVE-2010-0011 (The eval_js function in uzbl-core.c in Uzbl before 2010.01.05
exposes ...)
 	- uzbl 0.0.0~git.20100105-1 (medium)
 	NOTE: http://www.uzbl.org/news.php?id=22
 	NOTE: maintainer is aware of it
@@ -2581,7 +2655,7 @@
 CVE-2010-0008
 	RESERVED
 CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the
...)
-	{DSA-2004-1 DSA-2003-1 DSA-1996-1}
+	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6
 	- linux-2.6.24 <removed>
 CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux
kernel ...)
@@ -2596,7 +2670,7 @@
 	- viewvc <unfixed>
 	TODO: check
 CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux
kernel ...)
-	{DSA-2004-1 DSA-1996-1}
+	{DSA-2005-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6
 	[etch] - linux-2.6 <not-affected> (does not have print-fatal-signals)
 	- linux-2.6.24 <removed>
@@ -2638,7 +2712,7 @@
 CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for
Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4
...)
-	{DSA-2004-1}
+	{DSA-2005-1}
 	- linux-2.6 2.6.32-1 (medium)
 	[etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19)
 	[lenny] - linux-2.6 2.6.26-21
@@ -3075,7 +3149,7 @@
 CVE-2009-4139
 	RESERVED
 CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9,
when ...)
-	{DSA-2004-1}
+	{DSA-2005-1}
 	- linux-2.6 2.6.32-3 (medium)
 	[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
 	[lenny] - linux-2.6 2.6.26-21
@@ -3407,7 +3481,7 @@
 	NOTE: Only affects installations with trust anchors, but then the
 	NOTE: consequences are quite severe.
 CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux
kernel ...)
-	{DSA-2004-1 DSA-2003-1}
+	{DSA-2005-1 DSA-2003-1}
 	- linux-2.6 2.6.32-3 (medium)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
@@ -3462,7 +3536,7 @@
 CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in
RhinoSoft ...)
 	NOT-FOR-US: Serv-U FTP server
 CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in
the ...)
-	{DSA-2004-1 DSA-2003-1}
+	{DSA-2005-1 DSA-2003-1}
 	- linux-2.6 2.6.32-1 (low)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (low)
@@ -3587,13 +3661,13 @@
 	NOTE: workarounds include using 5.3.1 or php5-suhosin
 	NOTE: 4B068517.802 at acunetix.com on bugtraq explains it
 CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
-	{DSA-2004-1 DSA-2003-1}
+	{DSA-2005-1 DSA-2003-1}
 	- linux-2.6 2.6.32-1 (medium)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
 	NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
 CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse
subsystem in ...)
-	{DSA-2004-1 DSA-2003-1}
+	{DSA-2005-1 DSA-2003-1}
 	- linux-2.6 2.6.32-1 (low)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (low)
@@ -3771,7 +3845,7 @@
 	[etch] - wordpress <not-affected> (Vulnerable code not present)
 	[lenny] - wordpress <not-affected> (Vulnerable code not present)
 CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel
...)
-	{DSA-2004-1}
+	{DSA-2005-1}
 	- linux-2.6 2.6.27-1 (low)
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	[lenny] - linux-2.6 2.6.26-21
@@ -4281,7 +4355,7 @@
 	[lenny] - asterisk <no-dsa> (Minor issue)
 	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by
security support)
 CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4
client ...)
-	{DSA-2004-1 DSA-2003-1}
+	{DSA-2005-1 DSA-2003-1}
 	- linux-2.6 2.6.31-1 (medium)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
@@ -7908,7 +7982,7 @@
 CVE-2009-2696
 	RESERVED
 CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent
mmap ...)
-	{DSA-2004-1 DSA-1915-1}
+	{DSA-2005-1 DSA-1915-1}
 	- linux-2.6 2.6.31-1 (medium)
 	[etch] - linux-2.6 <not-affected> (2.6.18 does not have mmap_min_addr)
 	- linux-2.6.24 <removed> (medium)
@@ -7927,7 +8001,7 @@
 	- linux-2.6 2.6.30-6 (high; bug #541403)
 	- linux-2.6.24 <removed>
 CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel
...)
-	{DSA-2004-1}
+	{DSA-2005-1}
 	- linux-2.6 2.6.30-7 (low)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed>
Secure testing commits - Mar 2010 - r14169 - data/CVE

[Secure-testing-commits] r14169 - data/CVE
