Secure testing commits - May 2010 - r14677 - data/CVE

Author: joeyh
Date: 2010-05-11 21:14:36 +0000 (Tue, 11 May 2010)
New Revision: 14677

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-05-11 19:33:46 UTC (rev 14676)
+++ data/CVE/list	2010-05-11 21:14:36 UTC (rev 14677)
@@ -1,3 +1,107 @@
+CVE-2010-1871
+	RESERVED
+CVE-2010-1870
+	RESERVED
+CVE-2010-1869
+	RESERVED
+CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions
in ...)
+	TODO: check
+CVE-2010-1867 (SQL injection vulnerability in the ...)
+	TODO: check
+CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an
HTTP ...)
+	TODO: check
+CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3
and ...)
+	TODO: check
+CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3
through ...)
+	TODO: check
+CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...)
+	TODO: check
+CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3
through ...)
+	TODO: check
+CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through
5.3.2 ...)
+	TODO: check
+CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and
5.3 ...)
+	TODO: check
+CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and
...)
+	TODO: check
+CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage
(com_smestorage) ...)
+	TODO: check
+CVE-2010-1857 (SQL injection vulnerability in index.php in RepairShop2 1.9.023
Trial, ...)
+	TODO: check
+CVE-2010-1856 (Cross-site scripting (XSS) vulnerability in index.php in
RepairShop2 ...)
+	TODO: check
+CVE-2010-1855 (SQL injection vulnerability in auktion.php in Pay Per Watch
& Bid ...)
+	TODO: check
+CVE-2010-1854 (Cross-site scripting (XSS) vulnerability in auktion.php in Pay
Per ...)
+	TODO: check
+CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse
function ...)
+	TODO: check
+CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension
is ...)
+	TODO: check
+CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled,
uses ...)
+	TODO: check
+CVE-2009-4872 (Multiple SQL injection vulnerabilities in
globepersonnel_login.asp in ...)
+	TODO: check
+CVE-2009-4871 (SQL injection vulnerability in globepersonnel_forum.asp in
Logoshows ...)
+	TODO: check
+CVE-2009-4870 (Multiple SQL injection vulnerabilities in login.php in
PHPCityPortal ...)
+	TODO: check
+CVE-2009-4869 (Cross-site scripting (XSS) vulnerability in index.php in Nasim
Guest ...)
+	TODO: check
+CVE-2009-4868 (Cross-site scripting (XSS) vulnerability in Hitron Soft Answer
Me 1.0 ...)
+	TODO: check
+CVE-2009-4867 (Buffer overflow in Tuniac 090517c allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2009-4866 (Cross-site scripting (XSS) vulnerability in search.cgi in
Matt''s ...)
+	TODO: check
+CVE-2009-4865 (Multiple SQL injection vulnerabilities in escorts_search.php in
...)
+	TODO: check
+CVE-2009-4864 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2009-4863 (Stack-based buffer overflow in UltraPlayer Media Player 2.112
allows ...)
+	TODO: check
+CVE-2009-4862 (Multiple SQL injection vulnerabilities in Alwasel 1.5 allow
remote ...)
+	TODO: check
+CVE-2009-4861 (Cross-site scripting (XSS) vulnerability in shownews.php in
SupportPRO ...)
+	TODO: check
+CVE-2009-4860 (SQL injection vulnerability in demo.php in Typing Pal 1.0 and
earlier ...)
+	TODO: check
+CVE-2009-4859 (Multiple cross-site scripting (XSS) vulnerabilities in Online
Work ...)
+	TODO: check
+CVE-2009-4858 (Cross-site scripting (XSS) vulnerability in questiondetail.php
in ...)
+	TODO: check
+CVE-2009-4857 (Cross-site scripting (XSS) vulnerability in login.php in PHP
Photo ...)
+	TODO: check
+CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP
Easy ...)
+	TODO: check
+CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows
remote ...)
+	TODO: check
+CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to
...)
+	TODO: check
+CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox
before ...)
+	TODO: check
+CVE-2009-4852 (Multiple cross-site scripting (XSS) vulnerabilities in
SemanticScuttle ...)
+	TODO: check
+CVE-2009-4851 (The activation resend function in the Profiles module in XOOPS
before ...)
+	TODO: check
+CVE-2009-4850 (The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows
remote ...)
+	TODO: check
+CVE-2009-4849 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2009-4848 (Multiple cross-site scripting (XSS) vulnerabilities in
ToutVirtual ...)
+	TODO: check
+CVE-2009-4847 (Deliantra Server before 2.82 allows remote authenticated users
to ...)
+	TODO: check
+CVE-2009-4846 (Multiple buffer overflows in Deliantra Server before 2.82 allow
remote ...)
+	TODO: check
+CVE-2009-4845 (The configuration page in ToutVirtual VirtualIQ Pro 3.2 build
7882 ...)
+	TODO: check
+CVE-2009-4844 (ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict
access to ...)
+	TODO: check
+CVE-2009-4843 (ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require
...)
+	TODO: check
+CVE-2009-4842 (Multiple cross-site scripting (XSS) vulnerabilities in
ToutVirtual ...)
+	TODO: check
 CVE-2010-1850
 	RESERVED
 CVE-2010-XXXX [serendipity xinha issue]
@@ -346,10 +450,10 @@
 	RESERVED
 CVE-2010-1691
 	RESERVED
-CVE-2010-1690
-	RESERVED
-CVE-2010-1689
-	RESERVED
+CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in
...)
+	TODO: check
+CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in
...)
+	TODO: check
 CVE-2010-1688
 	RESERVED
 CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9
allows ...)
@@ -693,8 +797,8 @@
 	RESERVED
 CVE-2010-1550
 	RESERVED
-CVE-2010-1549
-	RESERVED
+CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before
9.50 ...)
+	TODO: check
 CVE-2010-1548
 	RESERVED
 CVE-2010-1547
@@ -994,8 +1098,7 @@
 	RESERVED
 CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS
Zip ...)
 	NOT-FOR-US: TweakFS
-CVE-2010-1167 [fetchmail memory exhaustion DoS]
-	RESERVED
+CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does
not ...)
 	- fetchmail 6.3.16-2 (low)
 	[lenny] - fetchmail <no-dsa> (only vulnerable when run under debug
verbosity level)
 	NOTE: http://www.fetchmail.info/fetchmail-SA-2010-02.txt
@@ -1013,13 +1116,12 @@
 	NOTE: Not triggerable remotely
 CVE-2010-1454
 	RESERVED
-CVE-2010-1453
-	RESERVED
+CVE-2010-1453 (Cross-site scripting (XSS) vulnerability in the Login form in
Piwik ...)
 	- piwik <itp> (bug #506933)
 CVE-2010-1452
 	RESERVED
-CVE-2010-1451
-	RESERVED
+CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in
the ...)
+	TODO: check
 CVE-2010-1450
 	RESERVED
 CVE-2010-1449
@@ -1054,16 +1156,14 @@
 	RESERVED
 	- vlc 1.0.6-1
 	NOTE: http://www.videolan.org/security/sa1003.html
-CVE-2010-1440 [integer overflow]
-	RESERVED
+CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX
Live ...)
 	- texlive-bin 2009-6 (low; bug #580668)
 	[lenny] - texlive-bin <no-dsa> (minor issue)
 CVE-2010-1439
 	RESERVED
 CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed
pathnames ...)
 	- wafp <itp> (bug #562949)
-CVE-2010-1437 [keyring issue]
-	RESERVED
+CVE-2010-1437 (Race condition in the find_keyring_by_name function in ...)
 	- linux-2.6 <unfixed>
 CVE-2010-1436 [gfs2 issue]
 	RESERVED
@@ -1714,8 +1814,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer 7.0 
 CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial
of ...)
 	NOT-FOR-US: Cisco TFTP Server
-CVE-2010-1173 [skb issue]
-	RESERVED
+CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c
in the ...)
 	- linux-2.6 2.6.32-12
 CVE-2010-1172
 	RESERVED
@@ -1791,8 +1890,8 @@
 	- libnids <unfixed> (low; bug #576281)
 	[lenny] - libnids <no-dsa> (Minor issue)
 	NOTE: dsniff is the only software in Debian using this lib so the impact is
pretty minor
-CVE-2010-1143
-	RESERVED
+CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View
(formerly ...)
+	TODO: check
 CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build
246459; ...)
 	NOT-FOR-US: VMware products
 CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build
246459; ...)
@@ -2742,14 +2841,12 @@
 	RESERVED
 CVE-2010-0830
 	RESERVED
-CVE-2010-0829
-	RESERVED
+CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12,
and ...)
 	- dvipng 1.13-1 (low; bug filed)
 CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in
the ...)
 	{DSA-2024-1}
 	- moin 1.9.2-3 (low; bug #575995)
-CVE-2010-0827 [dvips integer overflow]
-	RESERVED
+CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and
teTeX, ...)
 	- texlive-bin 2009-6 (low; bug #580669)
 	[lenny] - texlive-bin <no-dsa> (minor issue)
 CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka
...)
@@ -8514,6 +8611,7 @@
 CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2)
...)
 	NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
 CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as
used ...)
+	{DSA-2045-1}
 	- libtheora 1.1 (bug #572950)
 	[etch] - libtheora <not-affected> (vulnerable code not present)
 	- xulrunner 1.9.1.6-1