Author: joeyh
Date: 2010-03-08 21:14:54 +0000 (Mon, 08 Mar 2010)
New Revision: 14222
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-03-08 19:31:06 UTC (rev 14221)
+++ data/CVE/list 2010-03-08 21:14:54 UTC (rev 14222)
@@ -1,3 +1,7 @@
+CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx
...)
+ TODO: check
+CVE-2010-0926
+ RESERVED
CVE-2010-XXXX [dovecot DoS]
- dovecot <unfixed> (low)
[lenny] - dovecot <not-affected> (Vulnerable code not present)
@@ -5,45 +9,45 @@
TODO: Request CVE ID
NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
NOTE: maintainer is aware of it
-CVE-2010-0935
+CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is
...)
NOT-FOR-US: Perforce Server
-CVE-2010-0934
+CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows
remote ...)
NOT-FOR-US: Perforce Server
-CVE-2010-0933
+CVE-2010-0933 (Directory traversal vulnerability in Perforce Server 2008.1
allows ...)
NOT-FOR-US: Perforce Server
-CVE-2010-0932
+CVE-2010-0932 (The FTP server in Perforce Server 2008.1 allows remote attackers
to ...)
NOT-FOR-US: Perforce Server
-CVE-2010-0931
+CVE-2010-0931 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows
remote ...)
NOT-FOR-US: Perforce Server
-CVE-2010-0930
+CVE-2010-0930 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows
remote ...)
NOT-FOR-US: Perforce Server
-CVE-2010-0929
+CVE-2010-0929 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows
remote ...)
NOT-FOR-US: Perforce Server
-CVE-2010-0927
+CVE-2010-0927 (Cross-site scripting (XSS) vulnerability in
help/readme.nsf/Header in ...)
NOT-FOR-US: IBM Lotus Domino
-CVE-2009-4676
+CVE-2009-4676 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in
jetAudio ...)
NOT-FOR-US: JetCast.exe
-CVE-2009-4675
+CVE-2009-4675 (admin/admin_info/index.php in the Mole Group Gastro Portal
(Restaurant ...)
NOT-FOR-US: Mole Group Gastro Portal
-CVE-2009-4674
+CVE-2009-4674 (admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale
Script ...)
NOT-FOR-US: Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket
-CVE-2009-4673
+CVE-2009-4673 (SQL injection vulnerability in profile.php in Mole Group Adult
Portal ...)
NOT-FOR-US: Mole Group Adult Portal Script
-CVE-2009-4672
+CVE-2009-4672 (Directory traversal vulnerability in main.php in the WP-Lytebox
plugin ...)
NOT-FOR-US: WP-Lytebox plugin for WordPress
-CVE-2009-4671
+CVE-2009-4671 (Login.php in RoomPHPlanning 1.6 allows remote attackers to
bypass ...)
NOT-FOR-US: RoomPHPlanning
-CVE-2009-4670
+CVE-2009-4670 (admin/delitem.php in RoomPHPlanning 1.6 does not require ...)
NOT-FOR-US: RoomPHPlanning
-CVE-2009-4669
+CVE-2009-4669 (Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6
allow ...)
NOT-FOR-US: RoomPHPlanning
-CVE-2009-4668
+CVE-2009-4668 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in
jetAudio ...)
NOT-FOR-US: JetCast.exe
-CVE-2009-4667
+CVE-2009-4667 (SQL injection vulnerability in form.php in WebMember 1.0 allows
remote ...)
NOT-FOR-US: WebMember
-CVE-2009-4666
+CVE-2009-4666 (Multiple PHP remote file inclusion vulnerabilities in Webradev
...)
NOT-FOR-US: Webradev Download Protect
-CVE-2009-4665
+CVE-2009-4665 (Directory traversal vulnerability in ...)
NOT-FOR-US: Cute Editor
CVE-2010-0925 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe
531.21.10 ...)
NOT-FOR-US: Apple Safari
@@ -369,8 +373,7 @@
RESERVED
CVE-2010-0793
RESERVED
-CVE-2010-0792 [fcrontab information disclosure]
- RESERVED
+CVE-2010-0792 (fcrontab in fcron before 3.0.5 allows local users to read
arbitrary ...)
- fcron <unfixed> (low; bug #572587)
[lenny] - fcron <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2010/Mar/97
@@ -879,22 +882,17 @@
RESERVED
CVE-2010-0593
RESERVED
-CVE-2010-0592
- RESERVED
+CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager
(aka ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2010-0591
- RESERVED
+CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2010-0590
- RESERVED
+CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications
Manager ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0589
RESERVED
-CVE-2010-0588
- RESERVED
+CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2010-0587
- RESERVED
+CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0586
RESERVED
@@ -922,17 +920,13 @@
RESERVED
CVE-2010-0574
RESERVED
-CVE-2010-0573
- RESERVED
+CVE-2010-0573 (Unspecified vulnerability on the Cisco Digital Media Player
before 5.2 ...)
NOT-FOR-US: Cisco Digital Media Player
-CVE-2010-0572
- RESERVED
+CVE-2010-0572 (Cisco Digital Media Manager (DMM) before 5.2 allows remote ...)
NOT-FOR-US: Cisco Digital Media Manager
-CVE-2010-0571
- RESERVED
+CVE-2010-0571 (Unspecified vulnerability in Cisco Digital Media Manager (DMM)
5.0.x ...)
NOT-FOR-US: Cisco Digital Media Manager
-CVE-2010-0570
- RESERVED
+CVE-2010-0570 (Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default
...)
NOT-FOR-US: Cisco Digital Media Manager
CVE-2010-0569 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive
Security ...)
NOT-FOR-US: Cisco
@@ -1323,10 +1317,9 @@
RESERVED
CVE-2010-0435
RESERVED
-CVE-2010-0434
- RESERVED
-CVE-2010-0433 [openssl remote crash]
- RESERVED
+CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache
HTTP ...)
+ TODO: check
+CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL
before ...)
- openssl <not-affected> (Kerberos support not enabled)
NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5
CVE-2010-0432
@@ -1347,8 +1340,7 @@
{DSA-2006-1}
- sudo 1.7.2p1-1.2 (bug #570737)
NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
-CVE-2010-0425 [apache mod_isapi DoS]
- RESERVED
+CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP
Server ...)
- apache2 <not-affected> (Windows only)
CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4
and (2) ...)
- cron <undetermined>
@@ -1367,8 +1359,8 @@
- gaim <removed> (low)
[lenny] - gaim <not-affected> (gaim is a transitional dummy package
only)
- qutecom <undetermined> (low; bug #572946)
-CVE-2010-0419
- RESERVED
+CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for
Symmetric ...)
+ TODO: check
CVE-2010-0418
RESERVED
CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6
and ...)
@@ -1402,8 +1394,7 @@
CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in ...)
- gmime2.2 <unfixed> (bug #568291)
- gmime2.4 <unfixed> (bug #568291)
-CVE-2010-0408 [apache2 mod_proxy_ajp DoS]
- RESERVED
+CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in
mod_proxy_ajp ...)
- apache2 <unfixed> (low)
[lenny] - apache2 <no-dsa> (minor issue)
NOTE: Will be fixed in s-p-u
@@ -1436,8 +1427,7 @@
CVE-2010-0394 (PyGIT.py in the Trac Git plugin (trac-git) before ...)
{DSA-1990-2 DSA-1990-1}
- trac-git 0.0.20090320-1 (high; bug #567039)
-CVE-2010-0393 [lpasswd format string]
- RESERVED
+CVE-2010-0393 (The _cupsGetlang function, as used by lppasswd.c in lppasswd in
CUPS ...)
{DSA-2007-1}
- cupsys <removed>
- cups 1.4.2-9.1
@@ -1801,8 +1791,7 @@
CVE-2010-0303 (mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services)
1.9.2 ...)
{DSA-1982-1}
- hybserv 1.9.2-4.1 (low; bug #550389)
-CVE-2010-0302 [cups denial-of-service]
- RESERVED
+CVE-2010-0302 (Use-after-free vulnerability in the abstract file-descriptor
handling ...)
- cups <unfixed> (bug #572940)
[lenny] - cups <no-dsa> (Minor issue)
- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
@@ -6245,8 +6234,7 @@
CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to
cause a ...)
- xulrunner <unfixed> (unimportant)
NOTE: browser denial-of-services are unimportant
-CVE-2009-3245
- RESERVED
+CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value
from ...)
- openssl 0.9.8m-1 (low)
[lenny] - openssl <no-dsa> (Minor issue)
CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in
Adobe ...)
@@ -7079,8 +7067,7 @@
RESERVED
CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS
Console ...)
NOT-FOR-US: ActiveX
-CVE-2009-3032
- RESERVED
+CVE-2009-3032 (Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the
...)
NOT-FOR-US: Autonomy KeyView
CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in
the ...)
NOT-FOR-US: Symantec Altiris Notification Server
@@ -8136,11 +8123,9 @@
RESERVED
CVE-2009-2755
RESERVED
-CVE-2009-2754
- RESERVED
+CVE-2009-2754 (Integer signedness error in the authentication functionality in
...)
NOT-FOR-US: Informix Storage Manager
-CVE-2009-2753
- RESERVED
+CVE-2009-2753 (Multiple buffer overflows in the authentication functionality in
...)
NOT-FOR-US: Informix Storage Manager
CVE-2009-2752 (IBM WebSphere Commerce 7.0 does not properly encrypt data in a
...)
NOT-FOR-US: IBM WebSphere Commerce