Author: joeyh Date: 2010-11-19 09:14:59 +0000 (Fri, 19 Nov 2010) New Revision: 15605 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-11-18 21:15:11 UTC (rev 15604) +++ data/CVE/list 2010-11-19 09:14:59 UTC (rev 15605) @@ -1,3 +1,41 @@ +CVE-2010-4293 + RESERVED +CVE-2010-4292 + RESERVED +CVE-2010-4291 + RESERVED +CVE-2010-4290 + RESERVED +CVE-2010-4289 + RESERVED +CVE-2010-4288 + RESERVED +CVE-2010-4287 + RESERVED +CVE-2010-4286 + RESERVED +CVE-2010-4285 + RESERVED +CVE-2010-4284 + RESERVED +CVE-2010-4283 + RESERVED +CVE-2010-4282 + RESERVED +CVE-2010-4281 + RESERVED +CVE-2010-4280 + RESERVED +CVE-2010-4279 + RESERVED +CVE-2010-4278 + RESERVED +CVE-2010-4277 + RESERVED +CVE-2010-4276 + RESERVED +CVE-2010-4275 + RESERVED CVE-2010-4274 (reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 ...) TODO: check CVE-2010-4273 (SQL injection vulnerability in imoveis.php in DescargarVista ACC ...) @@ -217,8 +255,7 @@ - systemtap <unfixed> (bug #603946) CVE-2010-4169 RESERVED -CVE-2010-4168 - RESERVED +CVE-2010-4168 (Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 ...) - openttd <unfixed> (bug #603752) [lenny] - openttd <not-affected> (Introduced in 1.0) CVE-2010-4167 @@ -237,8 +274,8 @@ RESERVED CVE-2010-4161 RESERVED -CVE-2010-4159 - RESERVED +CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 ...) + TODO: check CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...) - php5 5.3.3-4 (bug #603751) [lenny] - php5 <not-affected> (Only affects 5.3.x) @@ -359,8 +396,8 @@ RESERVED CVE-2010-4108 RESERVED -CVE-2010-4107 - RESERVED +CVE-2010-4107 (The default configuration of the PJL Access value in the File System ...) + TODO: check CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) NOT-FOR-US: HP Insight Orchestration CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2 ...) @@ -680,8 +717,8 @@ NOT-FOR-US: SAP BusinessObjects Enterprise CVE-2010-3979 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different ...) NOT-FOR-US: SAP BusinessObjects Enterprise -CVE-2010-3978 - RESERVED +CVE-2010-3978 (Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data ...) + TODO: check CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: cForm wordpress plugin CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before ...) @@ -910,10 +947,10 @@ TODO: File was introduced after 1.2.6, so check that next sid version is at least 1.3.3 or higher CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle ...) - php5 5.3.3-4 (bug #603751) -CVE-2010-3869 - RESERVED -CVE-2010-3868 - RESERVED +CVE-2010-3869 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate ...) + TODO: check +CVE-2010-3868 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate ...) + TODO: check CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc ...) - proftpd-dfsg 1.3.3a-4 [lenny] - proftpd-dfsg <no-dsa> (Minor issue) @@ -923,8 +960,7 @@ RESERVED - linux-2.6 <unfixed> [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30) -CVE-2010-3864 - RESERVED +CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through ...) - openssl 0.9.8o-3 CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...) NOT-FOR-US: Apache Shiro / JSecurity