Author: joeyh Date: 2010-06-24 21:14:28 +0000 (Thu, 24 Jun 2010) New Revision: 14903 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-24 17:21:53 UTC (rev 14902) +++ data/CVE/list 2010-06-24 21:14:28 UTC (rev 14903) @@ -1,3 +1,5 @@ +CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS ...) TODO: check CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local users, ...) @@ -4,22 +6,22 @@ TODO: check CVE-2010-2430 RESERVED -CVE-2010-2429 - RESERVED -CVE-2010-2428 - RESERVED +CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, ...) + TODO: check +CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the ...) + TODO: check CVE-2010-2427 RESERVED -CVE-2010-2426 - RESERVED -CVE-2010-2425 - RESERVED +CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River ...) + TODO: check +CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River ...) + TODO: check CVE-2010-2424 RESERVED CVE-2010-2423 RESERVED -CVE-2010-2422 - RESERVED +CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone ...) + TODO: check CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have ...) TODO: check CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...) @@ -481,8 +483,8 @@ RESERVED CVE-2010-2226 RESERVED -CVE-2010-2225 - RESERVED +CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...) + TODO: check CVE-2010-2224 RESERVED CVE-2010-2223 @@ -865,14 +867,13 @@ RESERVED CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...) - apache2 <not-affected> (does not affect UNIX, only Windows, etc.) -CVE-2010-2067 - RESERVED +CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function ...) + TODO: check CVE-2010-2066 RESERVED - linux-2.6 <unfixed> [lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.31) -CVE-2010-2065 [tiff integer overflow] - RESERVED +CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 ...) - tiff <undetermined> NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145 NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565 @@ -1119,7 +1120,7 @@ RESERVED CVE-2010-1965 RESERVED -CVE-2010-1964 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) +CVE-2010-1964 (Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows ...) NOT-FOR-US: HP ServiceCenter @@ -1964,8 +1965,8 @@ - mysql-5.1 5.1.46-1 (bug #582526) - mysql-dfsg-5.0 <removed> (low; bug #584400) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648 -CVE-2010-1625 - RESERVED +CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...) + TODO: check CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...) - pidgin 2.7.0-1 (low) [lenny] - pidgin 2.4.3-4lenny6 @@ -2529,8 +2530,7 @@ [lenny] - python2.5 <no-dsa> (Minor issue) - python2.4 <removed> (low) [lenny] - python2.4 <no-dsa> (Minor issue) -CVE-2010-1448 [lxr XSS on the search page] - RESERVED +CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...) - lxr-cvs <unfixed> TODO: prod maintainer (and find out why we have lxr and lxr-cvs) CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for ...) @@ -2642,7 +2642,7 @@ NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635 NOTE: http://trac.webkit.org/changeset/57759 NOTE: http://trac.webkit.org/changeset/57817 -CVE-2010-1411 (Multiple integer overflows in ImageIO in Apple Mac OS X 10.5.8, and ...) +CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in ...) - tiff <undetermined> TODO: check CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) @@ -3239,42 +3239,34 @@ RESERVED CVE-2010-1204 RESERVED -CVE-2010-1203 [browser crashes with evidence of memory corruption] - RESERVED +CVE-2010-1203 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) - xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2) -CVE-2010-1202 [browser crashes with evidence of memory corruption] - RESERVED +CVE-2010-1202 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) - xulrunner 1.9.1.10-1 - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1201 [browser crashes with evidence of memory corruption] - RESERVED +CVE-2010-1201 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) - xulrunner 1.9.1.10-1 - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1200 [browser crashes with evidence of memory corruption] - RESERVED +CVE-2010-1200 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner 1.9.1.10-1 - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1199 - RESERVED +CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in Mozilla ...) - xulrunner 1.9.1.10-1 - iceape 2.0.5-1 - icedove <unfixed> [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1198 [Freed object reuse across plugin instances] - RESERVED +CVE-2010-1198 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 ...) - xulrunner 1.9.1.10-1 - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1197 - RESERVED +CVE-2010-1197 (Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and ...) - xulrunner 1.9.1.10-1 - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1196 [Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal] - RESERVED +CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal function ...) - xulrunner 1.9.1.10-1 - iceape 2.0.5-1 - icedove <unfixed> @@ -3471,7 +3463,7 @@ NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...) - webkit <not-affected> (proof-of-concept not effective; windows-only?) -CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x allows remote ...) +CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and ...) - xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2) NOTE: Description is wrong, only affects Firefox 3.6 per https://bugzilla.mozilla.org/show_bug.cgi?id=552255 CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...) @@ -6323,8 +6315,7 @@ NOT-FOR-US: Adobe ColdFusion CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO ...) NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent -CVE-2010-0183 - RESERVED +CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots ...) - xulrunner 1.9.1.10-1 - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) @@ -21669,7 +21660,7 @@ NOT-FOR-US: Google CVE-2008-5914 (An unspecified function in the JavaScript implementation in Apple ...) NOT-FOR-US: Apple -CVE-2008-5913 (An unspecified function in the JavaScript implementation in Mozilla ...) +CVE-2008-5913 (The Math.random function in the JavaScript implementation in Mozilla ...) - xulrunner 1.9.1.10-1 (unimportant; bug #559792) - iceape 2.0.5-1 (unimportant) [lenny] - iceape <not-affected> (Just a stub package)