Author: joeyh Date: 2010-04-21 21:14:19 +0000 (Wed, 21 Apr 2010) New Revision: 14543 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-21 20:41:29 UTC (rev 14542) +++ data/CVE/list 2010-04-21 21:14:19 UTC (rev 14543) @@ -1,3 +1,63 @@ +CVE-2010-1489 (The XSS Filter in Microsoft Internet Explorer 8 does not properly ...) + TODO: check +CVE-2010-1488 (The proc_oom_score function in fs/proc/base.c in the Linux kernel ...) + TODO: check +CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...) + TODO: check +CVE-2010-1486 + RESERVED +CVE-2010-1485 + RESERVED +CVE-2010-1484 + RESERVED +CVE-2010-1483 + RESERVED +CVE-2010-1482 + RESERVED +CVE-2010-1481 + RESERVED +CVE-2010-1480 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...) + TODO: check +CVE-2010-1479 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...) + TODO: check +CVE-2010-1478 (Directory traversal vulnerability in the Ternaria Informatica ...) + TODO: check +CVE-2010-1477 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) ...) + TODO: check +CVE-2010-1476 (Directory traversal vulnerability in the AlphaUserPoints ...) + TODO: check +CVE-2010-1475 (Directory traversal vulnerability in the Preventive & Reservation ...) + TODO: check +CVE-2010-1474 (Directory traversal vulnerability in the Sweety Keeper ...) + TODO: check +CVE-2010-1473 (Directory traversal vulnerability in the Advertising (com_advertising) ...) + TODO: check +CVE-2010-1472 (Directory traversal vulnerability in the Daily Horoscope ...) + TODO: check +CVE-2010-1471 (Directory traversal vulnerability in the AddressBook (com_addressbook) ...) + TODO: check +CVE-2010-1470 (Directory traversal vulnerability in the Web TV (com_webtv) component ...) + TODO: check +CVE-2010-1469 (Directory traversal vulnerability in the Ternaria Informatica JProject ...) + TODO: check +CVE-2010-1468 (SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager ...) + TODO: check +CVE-2009-4773 (Cross-site request forgery (CSRF) vulnerability in the ...) + TODO: check +CVE-2009-4772 (Unspecified vulnerability in the PayPal Website Payments Standard ...) + TODO: check +CVE-2009-4771 (The PayPal Website Payments Standard functionality in the Ubercart ...) + TODO: check +CVE-2009-4770 (The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 ...) + TODO: check +CVE-2009-4769 (Multiple format string vulnerabilities in the tolog function in httpdx ...) + TODO: check +CVE-2009-4768 (Unspecified vulnerability in the JASS script interpreter in Warcraft ...) + TODO: check +CVE-2009-4767 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check +CVE-2008-7255 (login_screen.tcl in aMSN (aka Alvaro''s Messenger) before 0.97.1 saves ...) + TODO: check CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...) NOT-FOR-US: openUrgence CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...) @@ -3,5 +63,5 @@ NOT-FOR-US: openUrgence CVE-2010-1465 (Stack-based buffer overflow in Trellian FTP client 3.01, including ...) - NOT-FOR-US: Trellian FTP + NOT-FOR-US: Trellian FTP CVE-2010-1464 (Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst ...) NOT-FOR-US: WebAsyst Shop-Script FREE @@ -11,13 +71,13 @@ CVE-2010-1462 (Directory traversal vulnerability in WebAsyst Shop-Script FREE has ...) NOT-FOR-US: WebAsyst Shop-Script FREE CVE-2010-1461 (Directory traversal vulnerability in the Photo Battle ...) - NOT-FOR-US: Photo Battle Component for Joomla! + NOT-FOR-US: Photo Battle Component for Joomla! CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...) - NOT-FOR-US: IBM BladeCenter Management Module + NOT-FOR-US: IBM BladeCenter Management Module CVE-2010-1459 RESERVED -CVE-2010-1458 - RESERVED +CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip ...) + TODO: check CVE-2010-1167 [fetchmail memory exhaustion DoS] RESERVED - fetchmail 6.3.16-2 (low) @@ -315,12 +375,12 @@ - krb5 1.8.1+dfsg-2 (bug #577490) [lenny] - krb5 <not-affected> (Only affects 1.7/1.8) NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt -CVE-2010-1319 - RESERVED -CVE-2010-1318 - RESERVED -CVE-2010-1317 - RESERVED +CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ ...) + TODO: check +CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in ...) + TODO: check +CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in ...) + TODO: check CVE-2010-1316 (Multiple stack-based buffer overflows in Tembria Server Monitor before ...) NOT-FOR-US: Tembria Server Monitor CVE-2010-1315 (Directory traversal vulnerability in weberpcustomer.php in the ...) @@ -721,16 +781,15 @@ RESERVED CVE-2010-1166 RESERVED -CVE-2010-1165 - RESERVED -CVE-2010-1164 - RESERVED +CVE-2010-1165 (Atlassian JIRA 3.12 through 4.1 allows remote authenticated ...) + TODO: check +CVE-2010-1164 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...) + TODO: check CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...) - sudo 1.7.2p6-1 (bug #578275) [lenny] - sudo <not-affected> (ignore_dot default value is off and can''t be changed in runtime) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=580441#c3 -CVE-2010-1162 [linux-2.6: tty pid issue] - RESERVED +CVE-2010-1162 (The release_one_tty function in drivers/char/tty_io.c in the Linux ...) - linux-2.6 <unfixed> CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a ...) - nano 2.2.4-1 (low; bug #577817) @@ -740,8 +799,8 @@ - nano 2.2.4-1 (low; bug #577817) [lenny] - nano <no-dsa> (minor issue) NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4 -CVE-2010-1158 - RESERVED +CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...) + TODO: check CVE-2010-1157 RESERVED CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to ...) @@ -754,18 +813,15 @@ RESERVED - irssi 0.8.15-1 (low) [lenny] - irssi <no-dsa> (Minor issue) -CVE-2010-1153 [typo3] - RESERVED +CVE-2010-1153 (PHP remote file inclusion vulnerability in the autoloader in TYPO3 ...) - typo3-src <unfixed> (bug filed) [lenny] - typo3-src <not-affected> (Only affects 4.3.x) CVE-2010-1152 (memcached.c in memcached before 1.4.3 allows remote attackers to cause ...) - memcached <unfixed> (low) TODO: file bug -CVE-2010-1151 [credential issue] - RESERVED +CVE-2010-1151 (Race condition in the mod_auth_shadow module for the Apache HTTP ...) - libapache2-mod-auth-shadow <itp> (bug #503184) -CVE-2010-1150 [mediawiki login CRSF] - RESERVED +CVE-2010-1150 (MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not ...) - mediawiki 1:1.15.3-1 (low) CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports ...) - udisks 1.0.1-1 (medium; bug #576687) @@ -1165,10 +1221,10 @@ RESERVED CVE-2010-0998 RESERVED -CVE-2010-0997 - RESERVED -CVE-2010-0996 - RESERVED +CVE-2010-0997 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows ...) + TODO: check CVE-2010-0995 RESERVED CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library ...) @@ -1582,13 +1638,11 @@ TODO: check CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software component in ...) TODO: check -CVE-2010-0887 - RESERVED +CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...) - openjdk-6 <undetermined> - sun-java6 6.20-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) -CVE-2010-0886 - RESERVED +CVE-2010-0886 (Unspecified vulnerability in the Java Deployment Toolkit component in ...) - openjdk-6 <undetermined> - sun-java6 6.20-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) @@ -1992,8 +2046,7 @@ [lenny] - dovecot <not-affected> (Vulnerable code not present) [etch] - dovecot <not-affected> (Vulnerable code not present) NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html -CVE-2010-0744 [amsn SSL verification vuln] - RESERVED +CVE-2010-0744 (aMSN (aka Alvaro''s Messenger) 0.98.3 and earlier, when SSL is used, ...) - amsn <unfixed> (bug #572818) [lenny] - amsn <no-dsa> (Minor issue) NOTE: http://www.juniper.net/security/auto/vulnerabilities/vuln35507.html @@ -2431,7 +2484,7 @@ NOT-FOR-US: Cisco Unified Communications Manager CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications Manager ...) NOT-FOR-US: Cisco Unified Communications Manager -CVE-2010-0589 (The Web Install ActiveX control in Cisco Secure Desktop (CSD) before ...) +CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure ...) NOT-FOR-US: Cisco Secure Desktop CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: Cisco Unified Communications Manager