Author: joeyh Date: 2010-04-13 21:14:45 +0000 (Tue, 13 Apr 2010) New Revision: 14469 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-13 02:21:28 UTC (rev 14468) +++ data/CVE/list 2010-04-13 21:14:45 UTC (rev 14469) @@ -1,3 +1,19 @@ +CVE-2010-1354 (Directory traversal vulnerability in the VJDEO (com_vjdeo) component ...) + TODO: check +CVE-2010-1353 (Directory traversal vulnerability in the LoginBox Pro (com_loginbox) ...) + TODO: check +CVE-2010-1352 (Directory traversal vulnerability in the JOOFORGE Jutebox ...) + TODO: check +CVE-2010-1351 (Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 ...) + TODO: check +CVE-2010-1350 (SQL injection vulnerability in the JP Jobs (com_jp_jobs) component ...) + TODO: check +CVE-2010-1349 (Integer overflow in Opera 10.10 through 10.50 allows remote attackers ...) + TODO: check +CVE-2010-1348 (Unspecified vulnerability in the login process in IBM WebSphere Portal ...) + TODO: check +CVE-2010-1347 (Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and ...) + TODO: check CVE-2010-1346 (SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, ...) NOT-FOR-US: Mini CMS RibaFS CVE-2010-1345 (Directory traversal vulnerability in the Cookex Agency CKForms ...) @@ -483,25 +499,22 @@ RESERVED CVE-2010-1153 RESERVED -CVE-2010-1152 - RESERVED +CVE-2010-1152 (memcached.c in memcached before 1.4.3 allows remote attackers to cause ...) + TODO: check CVE-2010-1151 RESERVED CVE-2010-1150 [mediawiki CRSF] RESERVED - mediawiki <unfixed> (low) NOTE: Maintainer is aware: http://blog.rastageeks.org/spip.php?article62 -CVE-2010-1149 [udisks information disclosure] - RESERVED +CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports ...) - udisks 1.0.1-1 (medium; bug #576687) -CVE-2010-1148 [linux-2.6: cifs null ptr dereference] - RESERVED +CVE-2010-1148 (The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 ...) - linux-2.6 <unfixed> [lenny] - linux-2.6 <not-affected> (vulnerable code not yet present) CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC ...) - opendchub <unfixed> (bug #576308) -CVE-2010-1146 [linux-2.6: reiserfs privilege escalation] - RESERVED +CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem ...) - linux-2.6 <unfixed> [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30) CVE-2010-1145 @@ -512,16 +525,16 @@ NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor CVE-2010-1143 RESERVED -CVE-2010-1142 - RESERVED -CVE-2010-1141 - RESERVED -CVE-2010-1140 - RESERVED -CVE-2010-1139 - RESERVED -CVE-2010-1138 - RESERVED +CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...) + TODO: check +CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...) + TODO: check +CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 ...) + TODO: check +CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware ...) + TODO: check +CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 ...) + TODO: check CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...) NOT-FOR-US: VMware Server CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs ...) @@ -1710,8 +1723,7 @@ - tgt <unfixed> (medium; bug #576086) CVE-2010-0742 RESERVED -CVE-2010-0741 [linux-2.6: virtio dos] - RESERVED +CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the ...) - linux-2.6 2.6.26-1 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...) - openssl 0.9.8n-1 (medium; bug #575607) @@ -6160,8 +6172,8 @@ - mandos 1.0.13-1 (bug #551907) CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...) - vmware-package <removed> -CVE-2009-3732 - RESERVED +CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware ...) + TODO: check CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help ...) NOT-FOR-US: WebWorks Help CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...) @@ -6290,7 +6302,7 @@ NOT-FOR-US: Konae Technologies Alleycode HTML Editor CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...) NOT-FOR-US: Konae Technologies Alleycode HTML Editor -CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe 6.5.3.8888 in the ...) +CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware ...) NOT-FOR-US: VMware CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and ...) NOT-FOR-US: ZFS filesystem in Sun Solaris @@ -13097,10 +13109,10 @@ NOT-FOR-US: ActiveX CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio ...) NOT-FOR-US: Roxio Easy Media Creator -CVE-2009-1565 - RESERVED -CVE-2009-1564 - RESERVED +CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 ...) + TODO: check +CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in ...) + TODO: check CVE-2009-1563 REJECTED NOTE: Tracked as CVE-2009-0689