Author: joeyh Date: 2010-04-05 21:15:05 +0000 (Mon, 05 Apr 2010) New Revision: 14411 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-05 19:04:02 UTC (rev 14410) +++ data/CVE/list 2010-04-05 21:15:05 UTC (rev 14411) @@ -1,3 +1,53 @@ +CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in ...) + TODO: check +CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 ...) + TODO: check +CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web ...) + TODO: check +CVE-2010-1241 (The custom heap management system in Adobe Reader 9.3.1 allows remote ...) + TODO: check +CVE-2010-1240 (Adobe Reader 9.3.1 on Windows does not restrict the contents of one ...) + TODO: check +CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute ...) + TODO: check +CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha ...) + TODO: check +CVE-2009-4764 (Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that ...) + TODO: check +CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not ...) + TODO: check +CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 ...) + TODO: check +CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows ...) + TODO: check +CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 ...) + TODO: check +CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not ...) + TODO: check +CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...) + TODO: check +CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) + TODO: check +CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) + TODO: check +CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) + TODO: check +CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell ...) + TODO: check +CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) + TODO: check +CVE-2002-2434 (NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not ...) + TODO: check +CVE-2002-2433 (NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows ...) + TODO: check +CVE-2002-2432 (Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server ...) + TODO: check +CVE-2001-1587 (NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows ...) + TODO: check +CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 ...) + TODO: check +CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...) + TODO: check CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...) - webkit 1.1.90-1 - kdelibs <undetermined> @@ -1159,16 +1209,14 @@ RESERVED CVE-2010-0829 RESERVED -CVE-2010-0828 [moin despam action xss] - RESERVED +CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the ...) {DSA-2024-1} - moin 1.9.2-3 (low; bug #575995) CVE-2010-0827 RESERVED -CVE-2010-0826 - RESERVED -CVE-2010-0825 [emacs Race condition] - RESERVED +CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka ...) + TODO: check +CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users ...) - emacs21 <removed> - emacs22 <unfixed> - xemacs21 <unfixed> @@ -1387,7 +1435,7 @@ CVE-2010-1144 [zabbix SQL injection] RESERVED - zabbix <unfixed> - TODO: File bug + TODO: File bug CVE-2010-0750 [policykit information disclosure] RESERVED - policykit <not-affected> (pkexec introduced in 0.92) @@ -1401,10 +1449,10 @@ [lenny] - transmission <not-affected> (Support for Magnet links not yet available) CVE-2010-0746 [DeviceKit privilege escalation via pluggable storage device labels] RESERVED - - devicekit-disks 1.0.0~git20100212.aae17d9-1 - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178 - NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2 - NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235 + - devicekit-disks 1.0.0~git20100212.aae17d9-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178 + NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2 + NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235 CVE-2010-0745 [dovecot DoS] RESERVED - dovecot 1:1.2.11-1 (low) @@ -1567,8 +1615,8 @@ - asterisk <unfixed> [lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed) [squeeze] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed) -CVE-2010-0684 - RESERVED +CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action ...) + TODO: check CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...) NOT-FOR-US: TIBCO Administrator CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...) @@ -1774,8 +1822,8 @@ RESERVED CVE-2010-0626 RESERVED -CVE-2010-0625 - RESERVED +CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP ...) + TODO: check CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in ...) - cpio 2.11-1 (low) - tar 1.23-1 (low) @@ -3084,57 +3132,48 @@ NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent CVE-2010-0183 RESERVED -CVE-2010-0182 [XMLDocument::load() doesn''t check nsIContentPolicy] - RESERVED +CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and ...) - xulrunner <unfixed> (low) [lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series) - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0181 [Image src redirect to mailto: URL opens email editor] - RESERVED +CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey ...) - xulrunner 1.9.1.9-1 (unimportant) - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) CVE-2010-0180 RESERVED -CVE-2010-0179 - RESERVED +CVE-2010-0179 (Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0178 [Chrome privilege escalation via forced URL drag and drop] - RESERVED +CVE-2010-0178 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0177 [Dangling pointer vulnerability in nsPluginArray] - RESERVED +CVE-2010-0177 (The window.navigator.plugins object in Mozilla Firefox before 3.0.19, ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0176 [Dangling pointer vulnerability in nsTreeContentView] - RESERVED +CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0175 [Remote code execution with use-after-free in nsTreeSelection] - RESERVED +CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0174 [crashes in the browser engine] - RESERVED +CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0173 [crashes in the browser engine] - RESERVED +CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) @@ -4177,8 +4216,7 @@ NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server, NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse NOTE: proxy situations, the backend server is usually trusted, anyway. -CVE-2010-0009 [Apache CouchDB Timing Attack Vulnerability] - RESERVED +CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain ...) - couchdb <unfixed> (bug #576304) NOTE: I don''t really see the security implications? CVE-2010-0008 (The SCTP implementation in the Linux kernel before 2.6.23 allows ...) @@ -6261,13 +6299,13 @@ CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ...) - backintime 0.9.26-3 (bug #543785) CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) - swftools <removed> (medium; bug #551291) CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) @@ -6276,7 +6314,7 @@ {DSA-1941-1} - poppler 0.12.2-1 (medium; bug #551289) CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) @@ -6285,13 +6323,13 @@ {DSA-1941-1} - poppler 0.12.2-1 (medium; bug #551289) CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) - swftools <removed> (medium; bug #551291) CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) @@ -8526,8 +8564,7 @@ - planet-venus 0~bzr116-1 (low; bug #546179) [lenny] - planet-venus 0~bzr95-2+lenny1 [etch] - planet-venus <no-dsa> (Minor issue) -CVE-2009-2936 [varnish] - RESERVED +CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or ...) - varnish 2.1.0-2 (unimportant) NOTE: Only a security issue if used against best practices CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...) @@ -8916,8 +8953,8 @@ NOT-FOR-US: Apple Mac OS X CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the ...) NOT-FOR-US: Apple Mac OS X -CVE-2009-2822 - RESERVED +CVE-2009-2822 (AirPort Utility before 5.5.1 for Apple AirPort Base Station does not ...) + TODO: check CVE-2009-2821 RESERVED CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS X ...) @@ -14275,7 +14312,7 @@ NOTE: remote signature spoofing possible, and this was supposed to be NOTE: originally fixed with the updates for CVE-2008-3834 CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - poppler 0.10.6-1 (medium; bug #524806) [etch] - poppler <not-affected> (SplashBitmap code not present) - xpdf 3.02-2 (bug #575779) @@ -17277,6 +17314,7 @@ CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...) NOT-FOR-US: Joomla CVE-2008-6079 (Multiple unspecified vulnerabilities in imlib2 before 1.4.2 have ...) + {DSA-2029-1} - imlib2 1.4.2-1 (bug #576469) NOTE: poked upstream for more details CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging ...) @@ -25237,8 +25275,8 @@ - libxml2 2.6.32.dfsg-3 (medium) CVE-2008-3280 RESERVED -CVE-2008-3279 - RESERVED +CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...) + TODO: check CVE-2008-3278 RESERVED CVE-2008-3277