thr3ads.net - Secure testing commits - [Secure-testing-commits] r14995

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Jul-14 21:14 UTC
[Secure-testing-commits] r14995 - data/CVE

Author: joeyh
Date: 2010-07-14 21:14:54 +0000 (Wed, 14 Jul 2010)
New Revision: 14995

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-07-14 20:21:36 UTC (rev 14994)
+++ data/CVE/list	2010-07-14 21:14:54 UTC (rev 14995)
@@ -1,3 +1,27 @@
+CVE-2010-2724 (Cross-site scripting (XSS) vulnerability in the Hierarchical
Select ...)
+	TODO: check
+CVE-2010-2723 (Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16
allows ...)
+	TODO: check
+CVE-2010-2722 (Cross-site scripting (XSS) vulnerability in index.php in
RightInPoint ...)
+	TODO: check
+CVE-2010-2721 (SQL injection vulnerability in index.php in RightInPoint Lyrics
Script ...)
+	TODO: check
+CVE-2010-2720 (SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8,
and ...)
+	TODO: check
+CVE-2010-2719 (SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8,
and ...)
+	TODO: check
+CVE-2010-2718 (Multiple cross-site scripting (XSS) vulnerabilities in
CruxSoftware ...)
+	TODO: check
+CVE-2010-2717 (Cross-site scripting (XSS) vulnerability in manager/login.php in
...)
+	TODO: check
+CVE-2010-2716 (Multiple SQL injection vulnerabilities in PsNews 1.3 allow
remote ...)
+	TODO: check
+CVE-2010-2715 (Cross-site scripting (XSS) vulnerability in photos/index.php in
TCW ...)
+	TODO: check
+CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album
1.0 ...)
+	TODO: check
+CVE-2010-2713
+	RESERVED
 CVE-2010-2712
 	RESERVED
 CVE-2010-2711
@@ -36,8 +60,7 @@
 	TODO: check
 CVE-2010-2694 (SQL injection vulnerability in the redSHOP Component
(com_redshop) 1.0 ...)
 	TODO: check
-CVE-2010-2693
-	RESERVED
+CVE-2010-2693 (FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only
flag ...)
 	- kfreebsd-7 7.3-5
 	- kfreebsd-8 8.0-10
 CVE-2010-2692 (Cross-site scripting (XSS) vulnerability in 2daybiz Custom
T-Shirt ...)
@@ -415,6 +438,7 @@
 	RESERVED
 CVE-2010-2527
 	RESERVED
+	{DSA-2070-1}
 	- freetype 2.4.0-1
 CVE-2010-2526
 	RESERVED
@@ -422,17 +446,19 @@
 	RESERVED
 CVE-2010-2524
 	RESERVED
-CVE-2010-2523
-	RESERVED
-CVE-2010-2522
-	RESERVED
+CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP
0.4 ...)
+	TODO: check
+CVE-2010-2522 (The mipv6 daemon in UMIP 0.4 does not verify that netlink
messages ...)
+	TODO: check
 CVE-2010-2521
 	RESERVED
 CVE-2010-2520 [freetype]
 	RESERVED
+	{DSA-2070-1}
 	- freetype 2.4.0-1
 CVE-2010-2519
 	RESERVED
+	{DSA-2070-1}
 CVE-2010-2518 (Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1
before ...)
 	NOT-FOR-US: P8 Content Search Engine
 CVE-2010-2517 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest
before ...)
@@ -504,15 +530,19 @@
 	RESERVED
 CVE-2010-2500 [freetype]
 	RESERVED
+	{DSA-2070-1}
 	- freetype 2.4.0-1
 CVE-2010-2499 [freetype]
 	RESERVED
+	{DSA-2070-1}
 	- freetype 2.4.0-1
 CVE-2010-2498 [freetype]
 	RESERVED
+	{DSA-2070-1}
 	- freetype 2.4.0-1
 CVE-2010-2497 [freetype]
 	RESERVED
+	{DSA-2070-1}
 	- freetype 2.4.0-1
 CVE-2010-2496
 	RESERVED
@@ -731,30 +761,30 @@
 	RESERVED
 CVE-2010-2404
 	RESERVED
-CVE-2010-2403
-	RESERVED
-CVE-2010-2402
-	RESERVED
-CVE-2010-2401
-	RESERVED
-CVE-2010-2400
-	RESERVED
-CVE-2010-2399
-	RESERVED
-CVE-2010-2398
-	RESERVED
-CVE-2010-2397
-	RESERVED
+CVE-2010-2403 (Unspecified vulnerability in the PeopleSoft Enterprise Campus
...)
+	TODO: check
+CVE-2010-2402 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
+	TODO: check
+CVE-2010-2401 (Unspecified vulnerability in the PeopleSoft Enterprise HCM -
eProfile ...)
+	TODO: check
+CVE-2010-2400 (Unspecified vulnerability in Oracle Solaris 9 and 10, and
OpenSolaris, ...)
+	TODO: check
+CVE-2010-2399 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris
allows ...)
+	TODO: check
+CVE-2010-2398 (Unspecified vulnerability in the PeopleSoft Enterprise HCM
component ...)
+	TODO: check
+CVE-2010-2397 (Unspecified vulnerability in Oracle Sun Java System Application
Server ...)
+	TODO: check
 CVE-2010-2396
 	RESERVED
 CVE-2010-2395
 	RESERVED
-CVE-2010-2394
-	RESERVED
-CVE-2010-2393
-	RESERVED
-CVE-2010-2392
-	RESERVED
+CVE-2010-2394 (Unspecified vulnerability in Oracle Solaris 10 allows local
users to ...)
+	TODO: check
+CVE-2010-2393 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris
allows ...)
+	TODO: check
+CVE-2010-2392 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris
allows ...)
+	TODO: check
 CVE-2010-2391
 	RESERVED
 CVE-2010-2390
@@ -765,40 +795,40 @@
 	RESERVED
 CVE-2010-2387
 	RESERVED
-CVE-2010-2386
-	RESERVED
-CVE-2010-2385
-	RESERVED
-CVE-2010-2384
-	RESERVED
-CVE-2010-2383
-	RESERVED
-CVE-2010-2382
-	RESERVED
-CVE-2010-2381
-	RESERVED
-CVE-2010-2380
-	RESERVED
-CVE-2010-2379
-	RESERVED
-CVE-2010-2378
-	RESERVED
-CVE-2010-2377
-	RESERVED
-CVE-2010-2376
-	RESERVED
-CVE-2010-2375
-	RESERVED
-CVE-2010-2374
-	RESERVED
-CVE-2010-2373
-	RESERVED
-CVE-2010-2372
-	RESERVED
-CVE-2010-2371
-	RESERVED
-CVE-2010-2370
-	RESERVED
+CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and
...)
+	TODO: check
+CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy
Server ...)
+	TODO: check
+CVE-2010-2384 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows
local ...)
+	TODO: check
+CVE-2010-2383 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and
...)
+	TODO: check
+CVE-2010-2382 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows
local ...)
+	TODO: check
+CVE-2010-2381 (Unspecified vulnerability in the Application Server Control
component ...)
+	TODO: check
+CVE-2010-2380 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM
component ...)
+	TODO: check
+CVE-2010-2379 (Unspecified vulnerability in the PeopleSoft Enterprise HCM -
Time &amp; ...)
+	TODO: check
+CVE-2010-2378 (Unspecified vulnerability in the PeopleSoft Enterprise CRM
component ...)
+	TODO: check
+CVE-2010-2377 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
+	TODO: check
+CVE-2010-2376 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows
local ...)
+	TODO: check
+CVE-2010-2375 (Package/Privilege: Plugins for Apache, Sun and IIS web servers
...)
+	TODO: check
+CVE-2010-2374 (Unspecified vulnerability in Solaris Studio 12 update 1 allows
local ...)
+	TODO: check
+CVE-2010-2373 (Unspecified vulnerability in the Console component in Oracle
...)
+	TODO: check
+CVE-2010-2372 (Unspecified vulnerability in the Oracle Transportation
Management ...)
+	TODO: check
+CVE-2010-2371 (Unspecified vulnerability in the Oracle Transportation
Management ...)
+	TODO: check
+CVE-2010-2370 (Unspecified vulnerability in the Oracle Business Process
Management ...)
+	TODO: check
 CVE-2010-2369
 	RESERVED
 CVE-2010-2368
@@ -1182,8 +1212,7 @@
 	- moodle 1.9.9-1 (bug #586280)
 CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET
access-control ...)
 	- moodle 1.9.9-1 (bug #586280)
-CVE-2010-2227 [tomcat Apache Tomcat Remote Denial Of Service and Information
Disclosure Vulnerability]
-	RESERVED
+CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and
7.0.0 ...)
 	- tomcat5 <removed>
 	- tomcat6 <unfixed> (bug filed)
 CVE-2010-2226 [xfs SWAPEXT ioctl permissions bypass]
@@ -1734,8 +1763,8 @@
 	NOT-FOR-US: CTools module for Drupal
 CVE-2010-2009 (Stack-based buffer overflow in the media library in BS.Global
...)
 	NOT-FOR-US: BS.Global BS.Player
-CVE-2010-2008
-	RESERVED
+CVE-2010-2008 (MySQL before 5.1.48 allows remote authenticated users with alter
...)
+	TODO: check
 CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in
LetoDMS ...)
 	- mydms <unfixed> (bug #582587; medium)
 	NOTE: seems to have changed name to letoDMS
@@ -4947,44 +4976,44 @@
 	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
 CVE-2010-0917 (Stack-based buffer overflow in VBScript in Microsoft Windows
2000 SP4, ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-0916
-	RESERVED
-CVE-2010-0915
-	RESERVED
-CVE-2010-0914
-	RESERVED
-CVE-2010-0913
-	RESERVED
-CVE-2010-0912
-	RESERVED
-CVE-2010-0911
-	RESERVED
-CVE-2010-0910
-	RESERVED
-CVE-2010-0909
-	RESERVED
-CVE-2010-0908
-	RESERVED
-CVE-2010-0907
-	RESERVED
-CVE-2010-0906
-	RESERVED
-CVE-2010-0905
-	RESERVED
-CVE-2010-0904
-	RESERVED
-CVE-2010-0903
-	RESERVED
-CVE-2010-0902
-	RESERVED
-CVE-2010-0901
-	RESERVED
-CVE-2010-0900
-	RESERVED
-CVE-2010-0899
-	RESERVED
-CVE-2010-0898
-	RESERVED
+CVE-2010-0916 (Unspecified vulnerability in Oracle OpenSolaris 10 allows local
users ...)
+	TODO: check
+CVE-2010-0915 (Unspecified vulnerability in the Oracle Advanced Product Catalog
...)
+	TODO: check
+CVE-2010-0914 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows
remote ...)
+	TODO: check
+CVE-2010-0913 (Unspecified vulnerability in the Oracle Applications Manager
component ...)
+	TODO: check
+CVE-2010-0912 (Unspecified vulnerability in the Oracle Applications Framework
...)
+	TODO: check
+CVE-2010-0911 (Unspecified vulnerability in the Listener component in Oracle
Database ...)
+	TODO: check
+CVE-2010-0910 (Unspecified vulnerability in the Data Server component in Oracle
...)
+	TODO: check
+CVE-2010-0909 (Unspecified vulnerability in the Oracle Applications Framework
...)
+	TODO: check
+CVE-2010-0908 (Unspecified vulnerability in the Oracle Applications Framework
...)
+	TODO: check
+CVE-2010-0907 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1
allows ...)
+	TODO: check
+CVE-2010-0906 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1
allows ...)
+	TODO: check
+CVE-2010-0905 (Unspecified vulnerability in the Oracle Applications Manager
component ...)
+	TODO: check
+CVE-2010-0904 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1
allows ...)
+	TODO: check
+CVE-2010-0903 (Unspecified vulnerability in the Net Foundation Layer component
in ...)
+	TODO: check
+CVE-2010-0902 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
+	TODO: check
+CVE-2010-0901 (Unspecified vulnerability in the Export component in Oracle
Database ...)
+	TODO: check
+CVE-2010-0900 (Unspecified vulnerability in the Network Layer component in
Oracle ...)
+	TODO: check
+CVE-2010-0899 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1
allows ...)
+	TODO: check
+CVE-2010-0898 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1
allows ...)
+	TODO: check
 CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory
Server ...)
 	NOT-FOR-US: Sun Java System Directory Server
 CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in
Oracle ...)
@@ -4995,8 +5024,8 @@
 	NOT-FOR-US: Oracle Sun Product Suite
 CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in
Oracle ...)
 	NOT-FOR-US: Oracle sun Product Suite
-CVE-2010-0892
-	RESERVED
+CVE-2010-0892 (Unspecified vulnerability in the Application Express component
in ...)
+	TODO: check
 CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center component
in ...)
 	NOT-FOR-US: Oracle Sun Product Suite
 CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle Sun
...)
@@ -5037,8 +5066,8 @@
 	NOT-FOR-US: Oracle Industry Product Suite
 CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle ...)
 	NOT-FOR-US: Oracle Industry Product Suite
-CVE-2010-0873
-	RESERVED
+CVE-2010-0873 (Unspecified vulnerability in the Data Server component in Oracle
...)
+	TODO: check
 CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory
component ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object
Library ...)
@@ -5139,10 +5168,10 @@
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
 	[lenny] - sun-java6 6-20-0lenny1
-CVE-2010-0836
-	RESERVED
-CVE-2010-0835
-	RESERVED
+CVE-2010-0836 (Unspecified vulnerability in the Oracle Knowledge Management
component ...)
+	TODO: check
+CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle
Fusion ...)
+	TODO: check
 CVE-2010-0834
 	RESERVED
 CVE-2010-0833
@@ -7905,14 +7934,14 @@
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
 	[lenny] - sun-java6 6-20-0lenny1
-CVE-2010-0083
-	RESERVED
+CVE-2010-0083 (Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10
allows ...)
+	TODO: check
 CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in
Oracle ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
 	[lenny] - sun-java6 6-20-0lenny1
-CVE-2010-0081
-	RESERVED
+CVE-2010-0081 (Unspecified vulnerability in the Application Server Control
component ...)
+	TODO: check
 CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM -
eProfile ...)
 	NOT-FOR-US: PeopleSoft Enterprise HCM
 CVE-2010-0079 (Multiple vulnerabilities in the JRockit component in BEA Product
Suite ...)
@@ -9168,9 +9197,11 @@
 CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in)
in ...)
 	NOT-FOR-US: winamp
 CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder
...)
+	{DSA-2071-1}
 	- libmikmod 3.1.11-6.2 (bug #575742)
 	NOTE: http://secunia.com/secunia_research/2009-55/
 CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the
Module ...)
+	{DSA-2071-1}
 	- libmikmod 3.1.11-6.2 (bug #575742)
 	NOTE: http://secunia.com/secunia_research/2009-55/
 CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...)
@@ -9795,12 +9826,12 @@
 CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does
not ...)
 	- mutt <not-affected> (uses GnuTLS and not OpenSSL)
 	NOTE: our mutt is linked against gnutls
-CVE-2009-3764
-	RESERVED
-CVE-2009-3763
-	RESERVED
-CVE-2009-3762
-	RESERVED
+CVE-2009-3764 (Unspecified vulnerability in the OpenSSO component in Oracle
OpenSSO ...)
+	TODO: check
+CVE-2009-3763 (Unspecified vulnerability in the Access Manager / OpenSSO
component in ...)
+	TODO: check
+CVE-2009-3762 (Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0
allows ...)
+	TODO: check
 CVE-2009-3761
 	RESERVED
 CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php in
the ...)
@@ -27119,7 +27150,7 @@
 	[etch] - dist 3.70-31etch1
 CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite
arbitrary ...)
 	- lustre 1.6.5.1-1 (low; bug #496371)
-CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long
...)
+CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and
possibly ...)
 	- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
 	[etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1
 	- linux-ftpd 0.17-29 (bug #500278)
Secure testing commits - Jul 2010 - r14995 - data/CVE

[Secure-testing-commits] r14995 - data/CVE
