Author: joeyh Date: 2010-07-07 21:14:24 +0000 (Wed, 07 Jul 2010) New Revision: 14971 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-07-07 09:15:39 UTC (rev 14970) +++ data/CVE/list 2010-07-07 21:14:24 UTC (rev 14971) @@ -1,3 +1,75 @@ +CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement modal ...) + TODO: check +CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...) + TODO: check +CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99 has ...) + TODO: check +CVE-2010-2649 (Unspecified vulnerability in Google Chrome before 5.0.375.99 allows ...) + TODO: check +CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka Bidi ...) + TODO: check +CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a ...) + TODO: check +CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed ...) + TODO: check +CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99, when ...) + TODO: check +CVE-2010-2644 + RESERVED +CVE-2010-2643 + RESERVED +CVE-2010-2642 + RESERVED +CVE-2010-2641 + RESERVED +CVE-2010-2640 + RESERVED +CVE-2010-2639 + RESERVED +CVE-2010-2638 + RESERVED +CVE-2010-2637 + RESERVED +CVE-2010-2636 + RESERVED +CVE-2010-2635 + RESERVED +CVE-2010-2634 + RESERVED +CVE-2010-2633 + RESERVED +CVE-2010-2632 + RESERVED +CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first ...) + TODO: check +CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly ...) + TODO: check +CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 ...) + TODO: check +CVE-2010-2628 + RESERVED +CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 ...) + TODO: check +CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...) + TODO: check +CVE-2010-2625 (Unspecified vulnerability in the Client Service for DPM in Hitachi ...) + TODO: check +CVE-2010-2624 (Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow ...) + TODO: check +CVE-2010-2623 (SQL injection vulnerability in pages.php in Internet DM Specialist Bed ...) + TODO: check +CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly ...) + TODO: check +CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in ...) + TODO: check +CVE-2010-2620 (Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote ...) + TODO: check +CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and ...) + TODO: check +CVE-2009-4924 (Dan Pascu python-cjson 1.0.5 does not properly handle a [''/''] argument ...) + TODO: check +CVE-2004-2769 (Cerberus FTP Server before 4.0.3.0 allows remote authenticated users ...) + TODO: check CVE-2010-2494 [bogofilter invalid null write] RESERVED - bogofilter 1.2.1-3 (low; bug #588090) @@ -145,8 +217,8 @@ RESERVED CVE-2010-2550 RESERVED -CVE-2010-2549 - RESERVED +CVE-2010-2549 (Use-after-free vulnerability in Microsoft Windows Vista and Server ...) + TODO: check CVE-2010-2548 RESERVED CVE-2010-2547 @@ -319,17 +391,13 @@ CVE-2010-2484 [strrchr() interruption] RESERVED - php5 <unfixed> (unimportant) -CVE-2010-2483 [OOB read in TIFFRGBAImageGet()] - RESERVED +CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...) - tiff <unfixed> (unimportant) -CVE-2010-2482 [NULL pointer dereference due to invalid td_stripbytecount] - RESERVED +CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid ...) - tiff 3.9.4-1 (unimportant) -CVE-2010-2481 [OOB read in TIFFExtractData()] - RESERVED +CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly ...) - tiff 3.9.4-1 (unimportant) -CVE-2010-2480 [XSS in python mako''s escape.cgi] - RESERVED +CVE-2010-2480 (Mako before 0.3.4 relies on the cgi.escape function in the Python ...) - python-mako <undetermined> TODO: check NOTE: http://bugs.python.org/issue9061 @@ -410,7 +478,7 @@ CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in ...) {DSA-2065-1} - kvirc 4:4.0.0~svn4340+rc3-1 -CVE-2010-2443 (Unspecified vulnerability in LibTIFF before 3.9.3 allows remote ...) +CVE-2010-2443 (The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before ...) - tiff 3.9.4-1 (unimportant) NOTE: Triggers a NULL pointer deref, crasher only CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...) @@ -464,8 +532,7 @@ NOT-FOR-US: Sleipnir CVE-2008-7257 (CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco ...) NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-2479 [IE-specific XSS issue] - RESERVED +CVE-2010-2479 (Cross-site scripting (XSS) vulnerability in HTML Purifier before ...) {DSA-2067-1} - php-htmlpurifier 4.1.1+dfsg1-1 - mahara 1.2.5-1 @@ -890,15 +957,12 @@ NOT-FOR-US: com_bfsurvey component for joomla! CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope template for ...) NOT-FOR-US: joomla! -CVE-2010-2253 [lftp, wget, libwww-perl unexpected download issue] - RESERVED +CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject downloads to ...) - libwww-perl 5.835-1 (low) [lenny] - libwww-perl <no-dsa> (Minor issue) -CVE-2010-2252 - RESERVED +CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename instead of ...) - wget <unfixed> -CVE-2010-2251 - RESERVED +CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does not ...) - lftp 4.0.6-1 (low) [lenny] - lftp <no-dsa> (Minor issue) NOTE: http://www.ocert.org/advisories/ocert-2010-001.html @@ -990,7 +1054,7 @@ RESERVED CVE-2010-2213 RESERVED -CVE-2010-2212 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2010-2211 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) NOT-FOR-US: Adobe Reader @@ -1002,7 +1066,7 @@ NOT-FOR-US: Adobe Reader CVE-2010-2207 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) NOT-FOR-US: Adobe Reader -CVE-2010-2206 (Array index error in Adobe Reader and Acrobat 9.x before 9.3.3, and ...) +CVE-2010-2206 (Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x ...) NOT-FOR-US: Adobe Reader CVE-2010-2205 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) NOT-FOR-US: Adobe Reader @@ -1885,7 +1949,7 @@ NOT-FOR-US: PHP Photo Vote CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy ...) NOT-FOR-US: PHP Easy Shopping Cart -CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows remote ...) +CVE-2009-4855 (** DISPUTED ** ...) NOT-FOR-US: Bogus issue claimed for typo3 NOTE: See http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/4.2.5-1+lenny3 CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...) @@ -2378,24 +2442,19 @@ RESERVED CVE-2010-1671 RESERVED -CVE-2010-1670 - RESERVED +CVE-2010-1670 (Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has ...) {DSA-2067-1} - mahara 1.2.5-1 -CVE-2010-1669 - RESERVED +CVE-2010-1669 (SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x ...) - mahara 1.2.5-1 [lenny] - mahara <not-affected> -CVE-2010-1668 - RESERVED +CVE-2010-1668 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara ...) {DSA-2067-1} - mahara 1.2.5-1 -CVE-2010-1667 - RESERVED +CVE-2010-1667 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before ...) {DSA-2067-1} - mahara 1.2.5-1 -CVE-2010-1666 [python-cjson buffer overflow] - RESERVED +CVE-2010-1666 (Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding ...) - python-cjson <unfixed> (bug #587700) NOTE: https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274 CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, ...) @@ -2622,10 +2681,10 @@ RESERVED CVE-2010-1577 RESERVED -CVE-2010-1576 - RESERVED -CVE-2010-1575 - RESERVED +CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software before ...) + TODO: check +CVE-2010-1575 (The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 ...) + TODO: check CVE-2010-1574 RESERVED CVE-2010-1573 (Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded ...) @@ -3472,10 +3531,10 @@ RESERVED CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall ...) NOT-FOR-US: Imperva SecureSphere Web Application Firewall and Database Firewall -CVE-2010-1328 - RESERVED -CVE-2010-1327 - RESERVED +CVE-2010-1328 (Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore ...) + TODO: check +CVE-2010-1327 (Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and ...) + TODO: check CVE-2010-1326 RESERVED CVE-2010-1325