thr3ads.net - Secure testing commits - [Secure-testing-commits] r14250

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Mar-11 21:14 UTC
[Secure-testing-commits] r14250 - data/CVE

Author: joeyh
Date: 2010-03-11 21:14:20 +0000 (Thu, 11 Mar 2010)
New Revision: 14250

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-03-11 19:44:35 UTC (rev 14249)
+++ data/CVE/list	2010-03-11 21:14:20 UTC (rev 14250)
@@ -1,3 +1,71 @@
+CVE-2010-0962 (The FTP proxy server in Apple AirPort Express, AirPort Extreme,
and ...)
+	TODO: check
+CVE-2010-0961 (Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1
and ...)
+	TODO: check
+CVE-2010-0960 (Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1
and ...)
+	TODO: check
+CVE-2010-0959 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2010-0958 (Directory traversal vulnerability in modules/hayoo/index.php in
...)
+	TODO: check
+CVE-2010-0957 (Directory traversal vulnerability in content.php in
Saskia''s ...)
+	TODO: check
+CVE-2010-0956 (SQL injection vulnerability in index.php in OpenCart 1.3.2
allows ...)
+	TODO: check
+CVE-2010-0955 (SQL injection vulnerability in index.php in Bild Flirt Community
2.0 ...)
+	TODO: check
+CVE-2010-0954 (SQL injection vulnerability in search_result.asp in Pre Projects
Pre ...)
+	TODO: check
+CVE-2010-0953 (Directory traversal vulnerability in mod.php in phpCOIN 1.2.1
allows ...)
+	TODO: check
+CVE-2010-0952 (SQL injection vulnerability in index.php in OneCMS 2.5, when
...)
+	TODO: check
+CVE-2010-0951 (SQL injection vulnerability in go_target.php in dev4u CMS allows
...)
+	TODO: check
+CVE-2010-0950 (Multiple SQL injection vulnerabilities in Natychmiast CMS allow
remote ...)
+	TODO: check
+CVE-2010-0949 (Multiple cross-site scripting (XSS) vulnerabilities in
Natychmiast CMS ...)
+	TODO: check
+CVE-2010-0948 (SQL injection vulnerability in profil.php in Bigforum 4.5, when
...)
+	TODO: check
+CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max
Network ...)
+	TODO: check
+CVE-2009-4697 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2009-4696 (SQL injection vulnerability in index.php in RadNICS Gold 5
allows ...)
+	TODO: check
+CVE-2009-4695 (SQL injection vulnerability in index.php in RadScripts RadLance
Gold ...)
+	TODO: check
+CVE-2009-4694 (Cross-site scripting (XSS) vulnerability in index.php in
RadScripts ...)
+	TODO: check
+CVE-2009-4693 (Multiple PHP remote file inclusion vulnerabilities in GraFX
MiniCWB ...)
+	TODO: check
+CVE-2009-4692 (Cross-site scripting (XSS) vulnerability in index.php in
RadScripts ...)
+	TODO: check
+CVE-2009-4691 (SQL injection vulnerability in addlink.php in Classified
Linktrader ...)
+	TODO: check
+CVE-2009-4690 (Multiple cross-site scripting (XSS) vulnerabilities in
YourFreeWorld ...)
+	TODO: check
+CVE-2009-4689 (SQL injection vulnerability in index.php in PHP Shopping Cart
Selling ...)
+	TODO: check
+CVE-2009-4688 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2009-4687 (SQL injection vulnerability in silentum_guestbook.php in
Silentum ...)
+	TODO: check
+CVE-2009-4686 (Cross-site scripting (XSS) vulnerability in account.php in
phplemon ...)
+	TODO: check
+CVE-2009-4685 (Cross-site scripting (XSS) vulnerability in celebrities.php in
PHP ...)
+	TODO: check
+CVE-2009-4684 (Cross-site scripting (XSS) vulnerability in index.php in EZodiak
...)
+	TODO: check
+CVE-2009-4683 (Directory traversal vulnerability in vote.php in Good/Bad Vote
allows ...)
+	TODO: check
+CVE-2009-4682 (Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad
Vote ...)
+	TODO: check
+CVE-2009-4681 (Cross-site scripting (XSS) vulnerability in search.php in ...)
+	TODO: check
+CVE-2009-4680 (SQL injection vulnerability in search.php in phpDirectorySource
1.x ...)
+	TODO: check
 CVE-2010-XXXX [spamass-milter report on full-disclosure]
 	- spamass-milter <unfixed> (bug #573228)
 CVE-2010-XXXX [mediawiki CSS validation]
@@ -44,8 +112,8 @@
 	NOTE: http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195
 CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx
...)
 	TODO: check
-CVE-2010-0926
-	RESERVED
+CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x
before ...)
+	TODO: check
 CVE-2010-XXXX [dovecot DoS]
 	- dovecot 1:1.2.11-1 (low)
 	[lenny] - dovecot <not-affected> (Vulnerable code not present)
@@ -390,8 +458,8 @@
 	RESERVED
 CVE-2010-0807
 	RESERVED
-CVE-2010-0806
-	RESERVED
+CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka
...)
+	TODO: check
 CVE-2010-0805
 	RESERVED
 CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in
iBoutique 4.0 ...)
@@ -422,13 +490,11 @@
 	- fcron <unfixed> (low; bug #572587)
 	[lenny] - fcron <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2010/Mar/97
-CVE-2010-0791 [ncpfs denial-of-service]
-	RESERVED
+CVE-2010-0791 (The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in
ncpfs ...)
 	- ncpfs <unfixed> (bug #572937)
 	[lenny] - ncpfs <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2010/Mar/122
-CVE-2010-0790 [ncpmount info disclosure]
-	RESERVED
+CVE-2010-0790 (sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain
...)
 	- ncpfs <unfixed> (bug #572937)
 	[lenny] - ncpfs <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2010/Mar/122
@@ -560,8 +626,7 @@
 	RESERVED
 CVE-2010-0729
 	RESERVED
-CVE-2010-0728 [samba insufficient permission validation]
-	RESERVED
+CVE-2010-0728 (smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is
...)
 	- samba 2:3.4.7~dfsg-1 (high)
 	[lenny] - samba <not-affected> (Only affects 3.3.11, 3.4.6 and 3.5.0)
 CVE-2010-0727
@@ -1015,7 +1080,7 @@
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
 CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel
...)
-	{DSA-2005-1 DSA-2003-1}
+	{DSA-2012-1 DSA-2005-1 DSA-2003-1}
 	- linux-2.6 2.6.32-9 
 	- linux-2.6.24 <removed>
 CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in
...)
@@ -1340,8 +1405,8 @@
 	RESERVED
 CVE-2010-0448
 	RESERVED
-CVE-2010-0447
-	RESERVED
+CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView
Performance ...)
+	TODO: check
 CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with
...)
 	NOT-FOR-US: HP DreamScreen
 CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10,
8.11, ...)
@@ -1415,8 +1480,8 @@
 CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for
Symmetric ...)
 	{DSA-2010-1}
 	TODO: check
-CVE-2010-0418
-	RESERVED
+CVE-2010-0418 (The web interface in chumby one before 1.0.4 and chumby classic
before ...)
+	TODO: check
 CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6
and ...)
 	NOT-FOR-US: RealPlayer/Helix Player
 CVE-2010-0416 (Buffer overflow in the Unescape function in
common/util/hxurl.cpp and ...)
@@ -1987,24 +2052,24 @@
 	RESERVED
 CVE-2010-0266
 	RESERVED
-CVE-2010-0265
-	RESERVED
-CVE-2010-0264
-	RESERVED
-CVE-2010-0263
-	RESERVED
-CVE-2010-0262
-	RESERVED
-CVE-2010-0261
-	RESERVED
-CVE-2010-0260
-	RESERVED
+CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and
6.0, ...)
+	TODO: check
+CVE-2010-0264 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac,
and ...)
+	TODO: check
+CVE-2010-0263 (Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac;
Open XML ...)
+	TODO: check
+CVE-2010-0262 (Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac
do not ...)
+	TODO: check
+CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1
and SP2 ...)
+	TODO: check
+CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1
and SP2; ...)
+	TODO: check
 CVE-2010-0259
 	RESERVED
-CVE-2010-0258
-	RESERVED
-CVE-2010-0257
-	RESERVED
+CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2;
...)
+	TODO: check
+CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the
Excel file ...)
+	TODO: check
 CVE-2010-0256
 	RESERVED
 CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does
not ...)
@@ -2453,8 +2518,8 @@
 	RESERVED
 CVE-2010-0104
 	RESERVED
-CVE-2010-0103
-	RESERVED
+CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger software
...)
+	TODO: check
 CVE-2010-0102
 	RESERVED
 CVE-2010-0101
@@ -4897,6 +4962,7 @@
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not
...)
+	{DSA-2012-1}
 	- linux-2.6 2.6.31-1 (medium)
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux-2.6.24 <removed> (medium)
Secure testing commits - Mar 2010 - r14250 - data/CVE

[Secure-testing-commits] r14250 - data/CVE
