Secure testing commits - Sep 2010 - r15333 - data/CVE

Author: joeyh
Date: 2010-09-15 21:14:59 +0000 (Wed, 15 Sep 2010)
New Revision: 15333

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-15 19:37:09 UTC (rev 15332)
+++ data/CVE/list	2010-09-15 21:14:59 UTC (rev 15333)
@@ -1,3 +1,137 @@
+CVE-2010-3348
+	RESERVED
+CVE-2010-3347
+	RESERVED
+CVE-2010-3346
+	RESERVED
+CVE-2010-3345
+	RESERVED
+CVE-2010-3344
+	RESERVED
+CVE-2010-3343
+	RESERVED
+CVE-2010-3342
+	RESERVED
+CVE-2010-3341
+	RESERVED
+CVE-2010-3340
+	RESERVED
+CVE-2010-3339
+	RESERVED
+CVE-2010-3338
+	RESERVED
+CVE-2010-3337
+	RESERVED
+CVE-2010-3336
+	RESERVED
+CVE-2010-3335
+	RESERVED
+CVE-2010-3334
+	RESERVED
+CVE-2010-3333
+	RESERVED
+CVE-2010-3332
+	RESERVED
+CVE-2010-3331
+	RESERVED
+CVE-2010-3330
+	RESERVED
+CVE-2010-3329
+	RESERVED
+CVE-2010-3328
+	RESERVED
+CVE-2010-3327
+	RESERVED
+CVE-2010-3326
+	RESERVED
+CVE-2010-3325
+	RESERVED
+CVE-2010-3324
+	RESERVED
+CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct
session ...)
+	TODO: check
+CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote ...)
+	TODO: check
+CVE-2010-3321
+	RESERVED
+CVE-2010-3320 (Open redirect vulnerability in IBM Records Manager (RM) 4.5.x
before ...)
+	TODO: check
+CVE-2010-3319 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a
...)
+	TODO: check
+CVE-2010-3318 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001
transmits ...)
+	TODO: check
+CVE-2010-3317 (Cross-site scripting (XSS) vulnerability in IBM Records Manager
(RM) ...)
+	TODO: check
+CVE-2010-3316
+	RESERVED
+CVE-2010-3315
+	RESERVED
+CVE-2010-3314
+	RESERVED
+CVE-2010-3313
+	RESERVED
+CVE-2010-3312
+	RESERVED
+CVE-2010-3311
+	RESERVED
+CVE-2010-3310
+	RESERVED
+CVE-2010-3309
+	RESERVED
+CVE-2010-3308
+	RESERVED
+CVE-2010-3307
+	RESERVED
+CVE-2010-3306
+	RESERVED
+CVE-2010-3305
+	RESERVED
+CVE-2010-3304
+	RESERVED
+CVE-2010-3303
+	RESERVED
+CVE-2010-3302
+	RESERVED
+CVE-2010-3301
+	RESERVED
+CVE-2010-3300
+	RESERVED
+CVE-2010-3299
+	RESERVED
+CVE-2010-3298
+	RESERVED
+CVE-2010-3297
+	RESERVED
+CVE-2010-3296
+	RESERVED
+CVE-2010-3295
+	RESERVED
+CVE-2010-3291
+	RESERVED
+CVE-2010-3290
+	RESERVED
+CVE-2010-3289
+	RESERVED
+CVE-2010-3288
+	RESERVED
+CVE-2010-3287
+	RESERVED
+CVE-2010-3286
+	RESERVED
+CVE-2010-3285
+	RESERVED
+CVE-2010-3284
+	RESERVED
+CVE-2010-3283
+	RESERVED
+CVE-2010-3282
+	RESERVED
+CVE-2010-3281
+	RESERVED
+CVE-2010-3280
+	RESERVED
+CVE-2010-3279
+	RESERVED
 CVE-2010-XXXX [piwigo multiple vulnerabilities]
 	- piwigo <unfixed>
 	TODO: check, secunia only reported the XSS one
@@ -3,11 +137,14 @@
 	NOTE: http://www.exploit-db.com/exploits/14973/
 CVE-2010-3294 [php-apc apc.php XSS]
+	RESERVED
 	- php-apc <unfixed> (unimportant)
 	NOTE: vulnerable script is, mainly, for debugging purposes
 	NOTE: and is distributed gzip-compressed
 CVE-2010-3293 [mailscanner virus updates DoS]
+	RESERVED
 	- mailscanner <unfixed> (bug #596397; low)
 	NOTE: or even unimportant, the script is not used by default
 CVE-2010-3292 [mailscanner may use spoofed data]
+	RESERVED
 	- mailscanner <unfixed> (bug #596396; low)
 CVE-2010-3278 (Multiple buffer overflows in the Novell Client novfs module for
the ...)
@@ -207,8 +344,8 @@
 	- vlc <undetermined> (low; bug #595686)
 	NOTE: poc didn''t work.  may be windows-only
 	TODO: check with upstream
-CVE-2010-3202
-	RESERVED
+CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser
3.0.0.3989 ...)
+	TODO: check
 CVE-2010-3201
 	RESERVED
 CVE-2010-3200
@@ -555,8 +692,7 @@
 	RESERVED
 CVE-2010-3083
 	RESERVED
-CVE-2010-3082 [django csrf_token XSS]
-	RESERVED
+CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before
1.2.2 ...)
 	- python-django <unfixed> (bug #596205)
 	NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
 CVE-2010-3081
@@ -724,8 +860,8 @@
 	RESERVED
 CVE-2010-3009
 	RESERVED
-CVE-2010-3008
-	RESERVED
+CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data
...)
+	TODO: check
 CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data
...)
 	TODO: check
 CVE-2010-3006 (Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100
Remote ...)
@@ -835,8 +971,8 @@
 	RESERVED
 CVE-2010-2962
 	RESERVED
-CVE-2010-2961
-	RESERVED
+CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for
the ...)
+	TODO: check
 CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c
in the ...)
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.32)
@@ -857,12 +993,11 @@
 	- linux-2.6 <unfixed>
 CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel
...)
 	- linux-2.6 2.6.32-22
-CVE-2010-2953 [CouchDB insecure library loading]
-	RESERVED
+CVE-2010-2953 (Untrusted search path vulnerability in a certain Debian
GNU/Linux ...)
 	{DSA-2107-1}
 	- couchdb 0.11.0-2 (low; bug #594412)
-CVE-2010-2952
-	RESERVED
+CVE-2010-2952 (Apache Traffic Server before 2.0.1, and 2.1.x before
2.1.2-unstable, ...)
+	TODO: check
 CVE-2010-2951 [squid3 DoS via TCP DNS request]
 	RESERVED
 	- squid3 <unfixed>
@@ -1258,8 +1393,7 @@
 	- cabextract 1.3-1 (bug #591552)
 CVE-2010-2800 (The MS-ZIP decompressor in cabextract before 1.3 allows remote
...)
 	- cabextract 1.3-1 (bug #591552; unimportant)
-CVE-2010-2799 [socat buffer overflow]
-	RESERVED
+CVE-2010-2799 (Stack-based buffer overflow in the nestlex function in nestlex.c
in ...)
 	{DSA-2090-1}
 	- socat 1.7.1.3-1 (bug #591443; medium)
 CVE-2010-2798 (The gfs2_dirent_find_space function in fs/gfs2/dir.c in the
Linux ...)
@@ -2430,8 +2564,8 @@
 	RESERVED
 CVE-2010-2367
 	RESERVED
-CVE-2010-2366
-	RESERVED
+CVE-2010-2366 (Cross-site scripting (XSS) vulnerability in futomi CGI Cafe
Access ...)
+	TODO: check
 CVE-2010-2365 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2
...)
 	NOT-FOR-US: Free CGI Moo moobbs2
 CVE-2010-2364 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs
before ...)
@@ -9054,14 +9188,14 @@
 CVE-2010-0156 (Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows
local ...)
 	- puppet 0.25.4-2
 	[lenny] - puppet <no-dsa> (Minor issue)
-CVE-2010-0155
-	RESERVED
-CVE-2010-0154
-	RESERVED
-CVE-2010-0153
-	RESERVED
-CVE-2010-0152
-	RESERVED
+CVE-2010-0155 (CRLF injection vulnerability in load.php in the Local Management
...)
+	TODO: check
+CVE-2010-0154 (Directory traversal vulnerability in sla/index.php in the Local
...)
+	TODO: check
+CVE-2010-0153 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+	TODO: check
+CVE-2010-0152 (Multiple cross-site scripting (XSS) vulnerabilities in the Local
...)
+	TODO: check
 CVE-2010-0151 (The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as
used ...)
 	NOT-FOR-US: Cisco
 CVE-2010-0150 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive
Security ...)