Author: gilbert-guest
Date: 2010-09-20 01:46:54 +0000 (Mon, 20 Sep 2010)
New Revision: 15352
Modified:
data/CVE/list
Log:
various non-numbered issues and bug numbers entered
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-09-20 00:08:07 UTC (rev 15351)
+++ data/CVE/list 2010-09-20 01:46:54 UTC (rev 15352)
@@ -1,3 +1,24 @@
+CVE-2010-XXXX [config file world readable]
+ - sabnzbdplus 0.5.4-1 (low; bug #593829)
+CVE-2010-XXXX [pin shown locally in cleartext]
+ - network-manager <unfixed> (low; bug #592364)
+CVE-2010-XXXX [signature verification issue]
+ - dpkg 1.15.1 (low; bug #592115)
+CVE-2010-XXXX [recipient domain checks in exim acl]
+ - greylistd 0.8.7+nmu2 (low; bug #591678)
+CVE-2008-XXXX [greylistd bypass]
+ - greylistd 0.8.7+nmu2 (low; bug #464084)
+CVE-2010-XXXX [stores passwords in cleartext converted to base64]
+ - kupfer 0+v201-2 (medium; bug #598288)
+CVE-2010-XXXX [register_globals needs to be turned off]
+ - phpldapadmin 1.2.0.5-1.1 (low; bug #587536)
+CVE-2010-XXXX [numpy memory corruption]
+ - numpy <unfixed> (medium; bug #581058)
+ NOTE: http://projects.scipy.org/numpy/changeset/8364
+CVE-2010-XXXX [glob processing issue]
+ - sudo 1.7.0-1 (low; bug #565223; bug #580342)
+CVE-2010-XXXX [mediatomb directory traversal]
+ - mediatomb 0.12.0~svn2018-6.1 (medium; bug #580120)
CVE-2010-3428 (SQL injection vulnerability in modules/notes/json.php in
Intermesh ...)
TODO: check
CVE-2010-3427 (Multiple cross-site scripting (XSS) vulnerabilities in Open ...)
@@ -444,7 +465,7 @@
TODO: check
CVE-2010-3306 [weborf directory traversal]
RESERVED
- - weborf 0.12.3-1
+ - weborf 0.12.3-1 (bug #596112)
NOTE: http://www.exploit-db.com/exploits/14925/
CVE-2010-3243
RESERVED
@@ -1182,7 +1203,7 @@
[lenny] - phpmyadmin <not-affected> (only affects 3.x)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php
CVE-2010-2957 (Cross-site scripting (XSS) vulnerability in Serendipity before
1.5.4, ...)
- - serendipity 1.5.3-2
+ - serendipity 1.5.3-2 (bug #594905)
CVE-2010-2956 (Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured,
does not ...)
- sudo 1.7.4p4-1 (bug #595935)
[lenny] - sudo <not-affected> (Only affects 1.7.x)
@@ -4010,7 +4031,7 @@
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in
Struts ...)
- libstruts1.2-java <not-affected> (issue involves a problem in xwork,
which was introduced in struts2)
- - libspring-webmvc-struts-2.5-java <undetermined>
+ - libspring-2.5-java <undetermined>
TODO: check
CVE-2010-1869 (Stack-based buffer overflow in the parser function in
GhostScript 8.70 ...)
{DSA-2080-1}
@@ -6937,7 +6958,7 @@
[lenny] - mediawiki 1:1.12.0-2lenny4
NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
CVE-2010-XXXX [egroupware issues]
- - egroupware <removed>
+ - egroupware <removed> (high; bug #573279)
[lenny] - egroupware 1.4.004-2.dfsg-4.2
NOTE: DSA-2013
CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS)
...)
@@ -7576,7 +7597,7 @@
CVE-2010-0729 (A certain Red Hat patch for the Linux kernel in Red Hat
Enterprise ...)
- linux-2.6 <not-affected> (vulnerability in redhat-specific patch)
CVE-2010-0728 (smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is
...)
- - samba 2:3.4.7~dfsg-1 (high)
+ - samba 2:3.4.7~dfsg-1 (high; bug #573223)
[lenny] - samba <not-affected> (Only affects 3.3.11, 3.4.6 and 3.5.0)
CVE-2010-0727 (The gfs2_lock function in the Linux kernel before ...)
{DSA-2053-1}