Author: joeyh
Date: 2010-01-27 21:14:24 +0000 (Wed, 27 Jan 2010)
New Revision: 13940
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-27 21:03:02 UTC (rev 13939)
+++ data/CVE/list 2010-01-27 21:14:24 UTC (rev 13940)
@@ -1,3 +1,33 @@
+CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec
VPN ...)
+ TODO: check
+CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero
Technologies ...)
+ TODO: check
+CVE-2010-0390 (Unrestricted file upload vulnerability in
maxImageUpload/index.php in ...)
+ TODO: check
+CVE-2010-0389 (The admin server in Sun Java System Web Server 7.0 Update 6
allows ...)
+ TODO: check
+CVE-2010-0388 (Format string vulnerability in the WebDAV implementation in
webservd ...)
+ TODO: check
+CVE-2010-0387 (Multiple heap-based buffer overflows in (1) webservd and (2)
the admin ...)
+ TODO: check
+CVE-2010-0386 (The default configuration of Sun Java System Application Server
7 and ...)
+ TODO: check
+CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when ...)
+ TODO: check
+CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a
directory ...)
+ TODO: check
+CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses
deprecated ...)
+ TODO: check
+CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
...)
+ TODO: check
+CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP
MySpace ...)
+ TODO: check
+CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121,
allows ...)
+ TODO: check
+CVE-2008-7253 (The default configuration of the web server in IBM Lotus Domino
...)
+ TODO: check
+CVE-2005-4884 (Unspecified vulnerability in the Oracle OLAP component in
Oracle ...)
+ TODO: check
CVE-2010-XXXX [gmetad incorrect file permissions]
- gmetad <unfixed> (low; bug #567175)
TODO: check old/stable versions
@@ -282,6 +312,7 @@
RESERVED
CVE-2010-0300 [ircd-ratbox: NULL pointer vulnerability]
RESERVED
+ {DSA-1980-1}
- ircd-ratbox <unfixed> (low; bug #567191)
CVE-2010-0299
RESERVED
@@ -301,8 +332,7 @@
RESERVED
CVE-2010-0291
RESERVED
-CVE-2010-0290 [bind: CVE-2009-4022 fix incomplete]
- RESERVED
+CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4
before ...)
- bind9 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
CVE-2010-0289 [dokuwiki CSRF]
@@ -439,16 +469,16 @@
RESERVED
CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6,
6 SP1, ...)
NOT-FOR-US: Microsoft
-CVE-2010-0248
- RESERVED
-CVE-2010-0247
- RESERVED
-CVE-2010-0246
- RESERVED
-CVE-2010-0245
- RESERVED
-CVE-2010-0244
- RESERVED
+CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not
properly ...)
+ TODO: check
+CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not
properly ...)
+ TODO: check
+CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects
in ...)
+ TODO: check
+CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects
in ...)
+ TODO: check
+CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not
properly ...)
+ TODO: check
CVE-2010-0243
RESERVED
CVE-2010-0242
@@ -475,8 +505,8 @@
TODO: check
CVE-2010-0231
RESERVED
-CVE-2010-0230
- RESERVED
+CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to
listen ...)
+ TODO: check
CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB
flash ...)
NOT-FOR-US: Verbatim Corporate Secure
CVE-2010-0228 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB
flash ...)
@@ -866,8 +896,8 @@
RESERVED
CVE-2010-0098
RESERVED
-CVE-2010-0097
- RESERVED
+CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
...)
+ TODO: check
CVE-2010-0096
RESERVED
CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux
kernel ...)
@@ -1531,8 +1561,8 @@
RESERVED
CVE-2010-0028
RESERVED
-CVE-2010-0027
- RESERVED
+CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer
7 and ...)
+ TODO: check
CVE-2010-0026
RESERVED
CVE-2010-0025
@@ -1590,8 +1620,7 @@
CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the
...)
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
-CVE-2010-0006 [ipv6 null ptr dereference]
- RESERVED
+CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux
kernel ...)
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
@@ -1604,8 +1633,7 @@
RESERVED
- viewvc <unfixed>
TODO: check
-CVE-2010-0003 [all kernel memory dumpable to userspace when
print-fatal-signals=1]
- RESERVED
+CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux
kernel ...)
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash
package for ...)
@@ -1696,8 +1724,8 @@
RESERVED
CVE-2009-4274
RESERVED
-CVE-2009-4273
- RESERVED
+CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to
execute ...)
+ TODO: check
CVE-2009-4272 [linux deadlock or null pointer dereference via routing hash
table's emergency route flush]
RESERVED
- linux-2.6 <unfixed> (medium)
@@ -1819,8 +1847,8 @@
RESERVED
CVE-2009-4258
RESERVED
-CVE-2009-4257
- RESERVED
+CVE-2009-4257 (Heap-based buffer overflow in smlrender.dll in RealNetworks
RealPlayer ...)
+ TODO: check
CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in
AlefMentor 2.0 ...)
NOT-FOR-US: AlefMentor
CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit!
template ...)
@@ -1837,22 +1865,22 @@
NOT-FOR-US: CuteNews
CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP
...)
NOT-FOR-US: CuteNews
-CVE-2009-4248
- RESERVED
-CVE-2009-4247
- RESERVED
-CVE-2009-4246
- RESERVED
-CVE-2009-4245
- RESERVED
-CVE-2009-4244
- RESERVED
-CVE-2009-4243
- RESERVED
-CVE-2009-4242
- RESERVED
-CVE-2009-4241
- RESERVED
+CVE-2009-4248 (Buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5
...)
+ TODO: check
+CVE-2009-4247 (RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through
...)
+ TODO: check
+CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10,
RealPlayer ...)
+ TODO: check
+CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10,
RealPlayer ...)
+ TODO: check
+CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10;
RealPlayer ...)
+ TODO: check
+CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through
...)
+ TODO: check
+CVE-2009-4242 (Heap-based buffer overflow in RealNetworks RealPlayer 10;
RealPlayer ...)
+ TODO: check
+CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10,
RealPlayer ...)
+ TODO: check
CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in
the ...)
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in
IBM ...)
@@ -2392,7 +2420,7 @@
- php-mail 1.1.14-2 (medium; bug #557121)
[lenny] - php-mail 1.1.14-1+lenny1
[etch] - php-mail 1.1.6-2+etch1
-CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5
before ...)
+CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4
before ...)
{DSA-1961-1}
- bind9 1:9.6.1.dfsg.P2-1 (medium)
NOTE: <https://www.isc.org/node/504>
@@ -2418,17 +2446,21 @@
NOT-FOR-US: Tftpd32
CVE-2009-4016 [ircd integer underflow]
RESERVED
+ {DSA-1980-1}
- ircd-ratbox <unfixed> (medium; bug #567191)
- ircd-hybrid <unfixed> (medium; bug #567192)
- oftc-hybrid <unfixed> (medium; bug #567193)
CVE-2009-4015
RESERVED
+ {DSA-1979-1}
- lintian 2.3.2 (medium)
CVE-2009-4014
RESERVED
+ {DSA-1979-1}
- lintian 2.3.2 (medium)
CVE-2009-4013
RESERVED
+ {DSA-1979-1}
- lintian 2.3.2 (medium)
CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow
...)
{DSA-1971-1}
@@ -14762,9 +14794,9 @@
NOT-FOR-US: Joomla
CVE-2009-0377 (SQL injection vulnerability in the beamospetition
(com_beamospetition) ...)
NOT-FOR-US: Joomla
-CVE-2009-0376 (A DLL file in RealNetworks RealPlayer 11 allows remote
attackers to ...)
+CVE-2009-0376 (Heap-based buffer overflow in a DLL file in RealNetworks
RealPlayer ...)
NOT-FOR-US: RealPlayer
-CVE-2009-0375 (A DLL file in RealNetworks RealPlayer 11 allows remote
attackers to ...)
+CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10,
...)
NOT-FOR-US: RealPlayer
CVE-2009-0374 (** DISPUTED ** ...)
- chromium-browser <itp> (bug #520324)
@@ -16480,7 +16512,7 @@
CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2
and ...)
- classpath 2:0.98-1 (bug #512532; low)
- libgnucrypto-java <removed> (low; bug #559789)
- [lenny] - libgnucrypto-java <no-dsa> (Minor issue)
+ [lenny] - libgnucrypto-java <no-dsa> (Minor issue)
CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3
allows ...)
- quassel 0.2~rc1-1.1 (bug #506550)
CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin
for ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
