Author: joeyh
Date: 2010-04-13 21:14:45 +0000 (Tue, 13 Apr 2010)
New Revision: 14469
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-13 02:21:28 UTC (rev 14468)
+++ data/CVE/list 2010-04-13 21:14:45 UTC (rev 14469)
@@ -1,3 +1,19 @@
+CVE-2010-1354 (Directory traversal vulnerability in the VJDEO (com_vjdeo)
component ...)
+ TODO: check
+CVE-2010-1353 (Directory traversal vulnerability in the LoginBox Pro
(com_loginbox) ...)
+ TODO: check
+CVE-2010-1352 (Directory traversal vulnerability in the JOOFORGE Jutebox ...)
+ TODO: check
+CVE-2010-1351 (Multiple PHP remote file inclusion vulnerabilities in
Nodesforum 1.033 ...)
+ TODO: check
+CVE-2010-1350 (SQL injection vulnerability in the JP Jobs (com_jp_jobs)
component ...)
+ TODO: check
+CVE-2010-1349 (Integer overflow in Opera 10.10 through 10.50 allows remote
attackers ...)
+ TODO: check
+CVE-2010-1348 (Unspecified vulnerability in the login process in IBM WebSphere
Portal ...)
+ TODO: check
+CVE-2010-1347 (Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on
AIX and ...)
+ TODO: check
CVE-2010-1346 (SQL injection vulnerability in admin/login.php in Mini CMS
RibaFS 1.0, ...)
NOT-FOR-US: Mini CMS RibaFS
CVE-2010-1345 (Directory traversal vulnerability in the Cookex Agency CKForms
...)
@@ -483,25 +499,22 @@
RESERVED
CVE-2010-1153
RESERVED
-CVE-2010-1152
- RESERVED
+CVE-2010-1152 (memcached.c in memcached before 1.4.3 allows remote attackers
to cause ...)
+ TODO: check
CVE-2010-1151
RESERVED
CVE-2010-1150 [mediawiki CRSF]
RESERVED
- mediawiki <unfixed> (low)
NOTE: Maintainer is aware: http://blog.rastageeks.org/spip.php?article62
-CVE-2010-1149 [udisks information disclosure]
- RESERVED
+CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports ...)
- udisks 1.0.1-1 (medium; bug #576687)
-CVE-2010-1148 [linux-2.6: cifs null ptr dereference]
- RESERVED
+CVE-2010-1148 (The cifs_create function in fs/cifs/dir.c in the Linux kernel
2.6.33.2 ...)
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (vulnerable code not yet present)
CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka
Open DC ...)
- opendchub <unfixed> (bug #576308)
-CVE-2010-1146 [linux-2.6: reiserfs privilege escalation]
- RESERVED
+CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS
filesystem ...)
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2010-1145
@@ -512,16 +525,16 @@
NOTE: dsniff is the only software in Debian using this lib so the
impact is pretty minor
CVE-2010-1143
RESERVED
-CVE-2010-1142
- RESERVED
-CVE-2010-1141
- RESERVED
-CVE-2010-1140
- RESERVED
-CVE-2010-1139
- RESERVED
-CVE-2010-1138
- RESERVED
+CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build
246459; ...)
+ TODO: check
+CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build
246459; ...)
+ TODO: check
+CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build
227600 ...)
+ TODO: check
+CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x,
VMware ...)
+ TODO: check
+CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before
7.0.1 ...)
+ TODO: check
CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware
...)
NOT-FOR-US: VMware Server
CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks
parent ACLs ...)
@@ -1710,8 +1723,7 @@
- tgt <unfixed> (medium; bug #576086)
CVE-2010-0742
RESERVED
-CVE-2010-0741 [linux-2.6: virtio dos]
- RESERVED
+CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the
...)
- linux-2.6 2.6.26-1
CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f
through ...)
- openssl 0.9.8n-1 (medium; bug #575607)
@@ -6160,8 +6172,8 @@
- mandos 1.0.13-1 (bug #551907)
CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before
1.0.10 ...)
- vmware-package <removed>
-CVE-2009-3732
- RESERVED
+CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in
VMware ...)
+ TODO: check
CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks
Help ...)
NOT-FOR-US: WebWorks Help
CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the
ReqWeb Help ...)
@@ -6290,7 +6302,7 @@
NOT-FOR-US: Konae Technologies Alleycode HTML Editor
CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in
Konae ...)
NOT-FOR-US: Konae Technologies Alleycode HTML Editor
-CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe 6.5.3.8888
in the ...)
+CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the
VMware ...)
NOT-FOR-US: VMware
CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris
10, and ...)
NOT-FOR-US: ZFS filesystem in Sun Solaris
@@ -13097,10 +13109,10 @@
NOT-FOR-US: ActiveX
CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio
...)
NOT-FOR-US: Roxio Easy Media Creator
-CVE-2009-1565
- RESERVED
-CVE-2009-1564
- RESERVED
+CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before
6.5.4 ...)
+ TODO: check
+CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec
in ...)
+ TODO: check
CVE-2009-1563
REJECTED
NOTE: Tracked as CVE-2009-0689
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
