Author: joeyh Date: 2010-04-07 21:14:47 +0000 (Wed, 07 Apr 2010) New Revision: 14435 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-07 20:00:51 UTC (rev 14434) +++ data/CVE/list 2010-04-07 21:14:47 UTC (rev 14435) @@ -1,3 +1,111 @@ +CVE-2010-1298 (Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 ...) + TODO: check +CVE-2010-1297 + RESERVED +CVE-2010-1296 + RESERVED +CVE-2010-1295 + RESERVED +CVE-2010-1294 + RESERVED +CVE-2010-1293 + RESERVED +CVE-2010-1292 + RESERVED +CVE-2010-1291 + RESERVED +CVE-2010-1290 + RESERVED +CVE-2010-1289 + RESERVED +CVE-2010-1288 + RESERVED +CVE-2010-1287 + RESERVED +CVE-2010-1286 + RESERVED +CVE-2010-1285 + RESERVED +CVE-2010-1284 + RESERVED +CVE-2010-1283 + RESERVED +CVE-2010-1282 + RESERVED +CVE-2010-1281 + RESERVED +CVE-2010-1280 + RESERVED +CVE-2010-1279 + RESERVED +CVE-2010-1278 + RESERVED +CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...) + TODO: check +CVE-2010-1276 (Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 ...) + TODO: check +CVE-2010-1275 (Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 ...) + TODO: check +CVE-2010-1274 (Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 ...) + TODO: check +CVE-2010-1273 (Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form ...) + TODO: check +CVE-2010-1272 (PHP remote file inclusion vulnerability in includes/tgpinc.php in ...) + TODO: check +CVE-2010-1271 (SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows ...) + TODO: check +CVE-2010-1270 (SQL injection vulnerability in auktion.php in Multi Auktions Komplett ...) + TODO: check +CVE-2010-1269 (SQL injection vulnerability in auktion.php in phpscripte24 Niedrig ...) + TODO: check +CVE-2010-1268 (Directory traversal vulnerability in index.php in justVisual CMS 2.0, ...) + TODO: check +CVE-2010-1267 (Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta ...) + TODO: check +CVE-2010-1266 (Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS ...) + TODO: check +CVE-2010-1265 (SQL injection vulnerability in Adam Corley dcsFlashGames ...) + TODO: check +CVE-2010-1264 + RESERVED +CVE-2010-1263 + RESERVED +CVE-2010-1262 + RESERVED +CVE-2010-1261 + RESERVED +CVE-2010-1260 + RESERVED +CVE-2010-1259 + RESERVED +CVE-2010-1258 + RESERVED +CVE-2010-1257 + RESERVED +CVE-2010-1256 + RESERVED +CVE-2010-1255 + RESERVED +CVE-2010-1254 + RESERVED +CVE-2010-1253 + RESERVED +CVE-2010-1252 + RESERVED +CVE-2010-1251 + RESERVED +CVE-2010-1250 + RESERVED +CVE-2010-1249 + RESERVED +CVE-2010-1248 + RESERVED +CVE-2010-1247 + RESERVED +CVE-2010-1246 + RESERVED +CVE-2010-1245 + RESERVED CVE-2010-XXXX [tcpdf code execution via tcpdf tag] - moodle <undetermined> - phpmyadmin <undetermined> @@ -279,15 +387,13 @@ RESERVED - linux-2.6 <unfixed> [lenny] - linux-2.6 <not-affected> (vulnerable code not yet present) -CVE-2010-1147 [opendchub] - RESERVED +CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC ...) - opendchub <unfixed> (bug #576308) CVE-2010-1146 RESERVED CVE-2010-1145 RESERVED -CVE-2010-0751 [libnids null pointer dereference] - RESERVED +CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as used in ...) - libnids <unfixed> (low; bug #576281) [lenny] - libnids <no-dsa> (Minor issue) NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor @@ -460,24 +566,18 @@ NOT-FOR-US: phpMySite CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 ...) NOT-FOR-US: PHP Trouble Ticket -CVE-2010-1088 [linux-2.6: nfs denial-of-service] - RESERVED +CVE-2010-1088 (fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always ...) - linux-2.6 2.6.32-10 -CVE-2010-1087 [linux-2.6: nfs oops when truncating a file] - RESERVED +CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel ...) - linux-2.6 2.6.32-9 (low) -CVE-2010-1086 [linux-2.6: ule decapsulation dos] - RESERVED +CVE-2010-1086 (The ULE decapsulation functionality in ...) - linux-2.6 2.6.32-10 (low) -CVE-2010-1085 [linux-2.6: hda_intel divide by zero] - RESERVED +CVE-2010-1085 (The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 ...) - linux-2.6 2.6.32-9 [lenny] - linux-2.6 <not-affected> (affected call not present) -CVE-2010-1084 [linux-2.6: bad memory access with sysfs] - RESERVED +CVE-2010-1084 (Linux kernel 2.6.18 through 2.6.33, and possibly other versions, ...) - linux-2.6 <unfixed> -CVE-2010-1083 [linux-2.6: info leak via usb interface] - RESERVED +CVE-2010-1083 (The processcompl_compat function in drivers/usb/core/devio.c in Linux ...) - linux-2.6 2.6.32-9 CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when ...) NOT-FOR-US: OI.Blogs @@ -637,8 +737,8 @@ NOT-FOR-US: yatse extension for typo3 CVE-2009-4738 RESERVED -CVE-2009-4737 - RESERVED +CVE-2009-4737 (Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, ...) + TODO: check CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in CommonSense ...) NOT-FOR-US: CommonSense CMS CVE-2010-XXXX [alien-arena: server dos] @@ -1465,11 +1565,10 @@ CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type module ...) NOT-FOR-US: Weekly Archive by Node Type (Drupal module) CVE-2010-1144 [zabbix SQL injection] - RESERVED + REJECTED - zabbix <unfixed> TODO: File bug -CVE-2010-0750 [policykit information disclosure] - RESERVED +CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users ...) - policykit <not-affected> (pkexec introduced in 0.92) [lenny] - policykit <not-affected> (pkexec introduced in 0.92) CVE-2010-0749 @@ -1761,7 +1860,7 @@ CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...) - chromium-browser <itp> (bug #520334) - webkit 1.1.21-1 (low) - [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) + [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) - qt4-x11 <undetermined> (low) - kdelibs <undetermined> (low) - kde4libs <undetermined> (low) @@ -2764,7 +2863,7 @@ CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...) - chromium-browser <itp> (bug #520324) - webkit 1.1.21-1 (low) - [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) + [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) - qt4-x11 <undetermined> - kdelibs <undetermined> - kde4libs <undetermined> @@ -9056,7 +9155,7 @@ NOT-FOR-US: Apple QuickTime CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and ...) - webkit 1.1.21-1 (low; bug #559759) - [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) + [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 <undetermined> @@ -43636,7 +43735,7 @@ RESERVED CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...) NOT-FOR-US: Geeklog -CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4 beta ...) +CVE-2007-2792 (SQL injection vulnerability in the Yet another Newsletter Component ...) NOT-FOR-US: com_yanc for Mambo NOTE: com_yanc component not in Mambo Debian package CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...)