Author: joeyh
Date: 2010-09-09 21:15:10 +0000 (Thu, 09 Sep 2010)
New Revision: 15301
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-09-09 20:54:18 UTC (rev 15300)
+++ data/CVE/list 2010-09-09 21:15:10 UTC (rev 15301)
@@ -1,3 +1,7 @@
+CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1
stores ...)
+ TODO: check
+CVE-2010-3263
+ RESERVED
CVE-2010-3262
RESERVED
CVE-2010-3261
@@ -169,8 +173,7 @@
RESERVED
CVE-2010-3199
RESERVED
-CVE-2010-3198 [zope DoS via PluggableAuthService]
- RESERVED
+CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7
allows ...)
- zope2.10 <removed>
- zope2.11 <removed>
CVE-2010-3197 (IBM DB2 9.7 before FP2 does not perform the expected access
control on ...)
@@ -677,10 +680,10 @@
RESERVED
CVE-2010-3006
RESERVED
-CVE-2010-3005
- RESERVED
-CVE-2010-3004
- RESERVED
+CVE-2010-3005 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on
...)
+ TODO: check
+CVE-2010-3004 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on
...)
+ TODO: check
CVE-2010-3003
RESERVED
CVE-2010-3002 (Unspecified vulnerability in RealNetworks RealPlayer 11.0
through 11.1 ...)
@@ -784,16 +787,13 @@
RESERVED
CVE-2010-2961
RESERVED
-CVE-2010-2960 [kernel: keyctl_session_to_parent null ptr deref]
- RESERVED
+CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c
in the ...)
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.32)
-CVE-2010-2959 [nframes issue]
- RESERVED
+CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network
(CAN) ...)
{DSA-2094-1}
- linux-2.6 2.6.32-20
-CVE-2010-2958 [phpmyadmin backtrace XSS]
- RESERVED
+CVE-2010-2958 (Cross-site scripting (XSS) vulnerability in
libraries/Error.class.php ...)
- phpmyadmin 4:3.3.6-1
[lenny] - phpmyadmin <not-affected> (only affects 3.x)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php
@@ -805,13 +805,13 @@
- sudo 1.7.4p4-1 (bug #595935)
[lenny] - sudo <not-affected> (Only affects 1.7.x)
NOTE: http://www.sudo.ws/sudo/alerts/runas_group.html
-CVE-2010-2955 [infoleak in wireless extensions]
- RESERVED
+CVE-2010-2955 (The cfg80211_wext_giwessid function in
net/wireless/wext-compat.c in ...)
- linux-2.6 <unfixed>
CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel
...)
- linux-2.6 <unfixed>
CVE-2010-2953 [CouchDB insecure library loading]
RESERVED
+ {DSA-2107-1}
- couchdb 0.11.0-2 (low; bug #594412)
CVE-2010-2952
RESERVED
@@ -1199,8 +1199,7 @@
- freetype 2.4.2-1
CVE-2010-2804
RESERVED
-CVE-2010-2803
- RESERVED
+CVE-2010-2803 (The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the
Direct ...)
{DSA-2094-1}
- linux-2.6 2.6.32-22
CVE-2010-2802 (Cross-site scripting (XSS) vulnerability in MantisBT before
1.2.2 ...)
@@ -1215,8 +1214,7 @@
RESERVED
{DSA-2090-1}
- socat 1.7.1.3-1 (bug #591443; medium)
-CVE-2010-2798 [gfs2 null ptr dereference]
- RESERVED
+CVE-2010-2798 (The gfs2_dirent_find_space function in fs/gfs2/dir.c in the
Linux ...)
{DSA-2094-1}
- linux-2.6 2.6.32-20
CVE-2010-2797
@@ -1788,8 +1786,7 @@
- bogofilter 1.2.1-3 (low; bug #588090)
[lenny] - bogofilter <no-dsa> (Minor issue)
NOTE: this is "only" null write to an invalid pointer, no arbitrary
location
-CVE-2010-2495 [l2tp oops]
- RESERVED
+CVE-2010-2495 (The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP
...)
- linux-2.6 2.6.32-16
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.29)
CVE-2010-2618 (PHP remote file inclusion vulnerability in
inc/smarty/libs/init.php in ...)
@@ -2002,8 +1999,7 @@
- lvm2 2.02.66-3 (bug #591204)
CVE-2010-2525
RESERVED
-CVE-2010-2524 [ms-dfs referrals]
- RESERVED
+CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in
the ...)
- linux-2.6 2.6.32-19
CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP
0.4 ...)
NOT-FOR-US: UMIP
@@ -2098,8 +2094,8 @@
RESERVED
CVE-2010-2493 (The default configuration of the deployment descriptor (aka
web.xml) ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
-CVE-2010-2492
- RESERVED
+CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in ...)
+ TODO: check
CVE-2010-2491 [roundup XSS]
RESERVED
- roundup 1.4.13-3.1 (bug #590769)
@@ -2628,8 +2624,7 @@
NOT-FOR-US: Accoria Web Server
CVE-2010-2266 (nginx 0.8.36 allows remote attackers to cause a denial of
service ...)
- nginx <not-affected> (Confirmed Windows only, see bug #590768)
-CVE-2009-4895 [linux tty null ptr dereference]
- RESERVED
+CVE-2009-4895 (Race condition in the tty_fasync function in
drivers/char/tty_io.c in ...)
{DSA-2094-1}
- linux-2.6 2.6.32-9
CVE-2009-4894 (Multiple cross-site scripting (XSS) vulnerabilities in
profile.php in ...)
@@ -3168,8 +3163,7 @@
CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance
function ...)
- tiff 3.9.4-1
[lenny] - tiff <not-affected> (Only affects 3.9.x)
-CVE-2010-2066 [ext4 ioctl issue]
- RESERVED
+CVE-2010-2066 (The mext_check_arguments function in fs/ext4/move_extent.c in
the ...)
- linux-2.6 2.6.32-21
[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in
2.6.31)
CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before
3.9.3 ...)