Author: joeyh
Date: 2010-08-19 01:11:22 +0000 (Thu, 19 Aug 2010)
New Revision: 15165

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-08-18 09:42:22 UTC (rev 15164)
+++ data/CVE/list       2010-08-19 01:11:22 UTC (rev 15165)
@@ -1,4 +1,114 @@
+CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 
allows ...)
+       TODO: check
+CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses 
insecure ...)
+       TODO: check
+CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball 
Script ...)
+       TODO: check
+CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in ...)
+       TODO: check
+CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz 
Muraus ...)
+       TODO: check
+CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
+       TODO: check
+CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in 
DiamondList ...)
+       TODO: check
+CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance 
logging ...)
+       TODO: check
+CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote 
...)
+       TODO: check
+CVE-2010-3020 (The news-feed preview feature in Opera before 10.61 does not 
properly ...)
+       TODO: check
+CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote 
...)
+       TODO: check
+CVE-2010-3018
+       RESERVED
+CVE-2010-3017
+       RESERVED
+CVE-2010-3016
+       RESERVED
+CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 
1.1.1 ...)
+       TODO: check
+CVE-2010-3012
+       RESERVED
+CVE-2010-3011
+       RESERVED
+CVE-2010-3010
+       RESERVED
+CVE-2010-3009
+       RESERVED
+CVE-2010-3008
+       RESERVED
+CVE-2010-3007
+       RESERVED
+CVE-2010-3006
+       RESERVED
+CVE-2010-3005
+       RESERVED
+CVE-2010-3004
+       RESERVED
+CVE-2010-3003
+       RESERVED
+CVE-2010-3002
+       RESERVED
+CVE-2010-3001
+       RESERVED
+CVE-2010-3000
+       RESERVED
+CVE-2010-2999
+       RESERVED
+CVE-2010-2998
+       RESERVED
+CVE-2010-2997
+       RESERVED
+CVE-2010-2996
+       RESERVED
+CVE-2010-2991 (The IICAClient interface in the ICAClient library in the ICA 
Client ...)
+       TODO: check
+CVE-2010-2990 (Citrix Online Plug-in for Windows for XenApp & XenDesktop 
before 11.2, ...)
+       TODO: check
+CVE-2010-2989 (nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 
for ...)
+       TODO: check
+CVE-2010-2988 (Cross-site scripting (XSS) vulnerability in Cisco Unified 
Wireless ...)
+       TODO: check
+CVE-2010-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco 
Wireless ...)
+       TODO: check
+CVE-2010-2986 (Cross-site scripting (XSS) vulnerability in ...)
+       TODO: check
+CVE-2010-2985 (Multiple cross-site scripting (XSS) vulnerabilities in IBM 
WebSphere ...)
+       TODO: check
+CVE-2010-2984 (Cisco Unified Wireless Network (UWN) Solution 7.x before 
7.0.98.0 on ...)
+       TODO: check
+CVE-2010-2983 (The workgroup bridge (aka WGB) functionality in Cisco Unified 
Wireless ...)
+       TODO: check
+CVE-2010-2982 (Cisco Unified Wireless Network (UWN) Solution 7.x before 
7.0.98.0 ...)
+       TODO: check
+CVE-2010-2981 (Cisco Unified Wireless Network (UWN) Solution 7.x before 
7.0.98.0 ...)
+       TODO: check
+CVE-2010-2980 (Cisco Unified Wireless Network (UWN) Solution 7.x before 
7.0.98.0 on ...)
+       TODO: check
+CVE-2010-2979 (Cisco Unified Wireless Network (UWN) Solution 7.x before 
7.0.98.0 on ...)
+       TODO: check
+CVE-2010-2978 (Cisco Unified Wireless Network (UWN) Solution 7.x before 
7.0.98.0 does ...)
+       TODO: check
+CVE-2010-2977 (Cisco Unified Wireless Network (UWN) Solution 7.x before 
7.0.98.0 does ...)
+       TODO: check
+CVE-2010-2976 (The controller in Cisco Unified Wireless Network (UWN) Solution 
7.x ...)
+       TODO: check
+CVE-2010-2975 (Cisco Unified Wireless Network (UWN) Solution 7.x through 
7.0.98.0 ...)
+       TODO: check
+CVE-2010-2974 (Stack-based buffer overflow in the IConfigurationAccess 
interface in ...)
+       TODO: check
+CVE-2010-2973 (Integer overflow in IOSurface in Apple iOS before 4.0.2 on the 
iPhone ...)
+       TODO: check
+CVE-2010-2972
+       REJECTED
+       TODO: check
+CVE-2008-7260
+       RESERVED
+CVE-2008-7259
+       RESERVED
 CVE-2010-3014 [freebsd coda kernel memory disclosure]
+       RESERVED
        - kfreebsd-7 <undetermined>
        - kfreebsd-8 8.1-5
 CVE-2010-XXXX [lynx heap overflow]
@@ -7,15 +117,16 @@
        NOTE: exploit scenario really obscure
        NOTE: https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254
 CVE-2010-3015 [ext4 integer overflow]
+       RESERVED
        - linux-2.6 <unfixed>
-CVE-2010-2995 [Wireshark 1.2.10 SigComp Universal Decompressor Virtual Machine 
could overrun a buffer]
+CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in 
Wireshark ...)
        - wireshark 1.2.10-1
-CVE-2010-2992 [Wireshark 1.2.10 GSM A RR dissector could crash]
+CVE-2010-2992 (packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 
through ...)
        - wireshark 1.2.10-1
        [lenny] - wireshark <not-affected> (Only affects 1.2.x)
-CVE-2010-2994 [Wireshark 1.2.10 Due to a regression the ASN.1 BER dissector 
could overrun the stack]
+CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in 
Wireshark ...)
        - wireshark 1.2.10-1
-CVE-2010-2993 [Wireshark 1.2.10 The IPMI dissector could go into an infinite 
loop]
+CVE-2010-2993 (The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows 
remote ...)
        - wireshark 1.2.10-1
        [lenny] - wireshark <not-affected> (Only affects 1.2.x)
 CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not 
properly ...)
@@ -267,10 +378,10 @@
        RESERVED
 CVE-2010-2863
        RESERVED
-CVE-2010-2862
-       RESERVED
-CVE-2010-2861
-       RESERVED
+CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 
9.3.3, and ...)
+       TODO: check
+CVE-2010-2861 (Directory traversal vulnerability in Adobe ColdFusion 9.0.1 and 
...)
+       TODO: check
 CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance 
accepts ...)
        NOT-FOR-US: EMC
 CVE-2009-4974 (Directory traversal vulnerability in box_display.php in 
TotalCalendar ...)
@@ -375,36 +486,37 @@
        RESERVED
 CVE-2010-2828
        RESERVED
-CVE-2010-2827
-       RESERVED
-CVE-2010-2826
-       RESERVED
-CVE-2010-2825
-       RESERVED
-CVE-2010-2824
-       RESERVED
-CVE-2010-2823
-       RESERVED
-CVE-2010-2822
-       RESERVED
-CVE-2010-2821
-       RESERVED
-CVE-2010-2820
-       RESERVED
-CVE-2010-2819
-       RESERVED
-CVE-2010-2818
-       RESERVED
-CVE-2010-2817
-       RESERVED
-CVE-2010-2816
-       RESERVED
-CVE-2010-2815
-       RESERVED
-CVE-2010-2814
-       RESERVED
+CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of 
...)
+       TODO: check
+CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System 
(WCS) ...)
+       TODO: check
+CVE-2010-2825 (Unspecified vulnerability in the SIP inspection feature on the 
Cisco ...)
+       TODO: check
+CVE-2010-2824 (Unspecified vulnerability on the Cisco Application Control 
Engine ...)
+       TODO: check
+CVE-2010-2823 (Unspecified vulnerability in the deep packet inspection feature 
on the ...)
+       TODO: check
+CVE-2010-2822 (Unspecified vulnerability in the RTSP inspection feature on the 
Cisco ...)
+       TODO: check
+CVE-2010-2821 (Unspecified vulnerability on the Cisco Firewall Services Module 
(FWSM) ...)
+       TODO: check
+CVE-2010-2820 (Unspecified vulnerability in the SunRPC inspection feature on 
the ...)
+       TODO: check
+CVE-2010-2819 (Unspecified vulnerability in the SunRPC inspection feature on 
the ...)
+       TODO: check
+CVE-2010-2818 (Unspecified vulnerability in the SunRPC inspection feature on 
the ...)
+       TODO: check
+CVE-2010-2817 (Unspecified vulnerability in the IKE implementation on Cisco 
Adaptive ...)
+       TODO: check
+CVE-2010-2816 (Unspecified vulnerability in the SIP inspection feature on 
Cisco ...)
+       TODO: check
+CVE-2010-2815 (Unspecified vulnerability in the Transport Layer Security (TLS) 
...)
+       TODO: check
+CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) 
...)
+       TODO: check
 CVE-2010-2813 [squirrelmail denial of service with 8bit login characters]
        RESERVED
+       {DSA-2091-1}
        - squirrelmail 2:1.4.21-1 (low)
        [lenny] - squirrelmail <no-dsa> (low-risk issue)
 CVE-2010-2812
@@ -433,33 +545,31 @@
        RESERVED
 CVE-2010-2802
        RESERVED
-CVE-2010-2801 [Integer wrap-around (crash) by processing certain *.cab files 
in test archive mode]
-       RESERVED
+CVE-2010-2801 (Integer signedness error in the Quantum decompressor in 
cabextract ...)
        {DSA-2087-1}
        - cabextract 1.3-1 (bug #591552)
-CVE-2010-2800 [Infinite loop in MS-ZIP and Quantum decoders]
-       RESERVED
+CVE-2010-2800 (The MS-ZIP decompressor in cabextract before 1.3 allows remote 
...)
        - cabextract 1.3-1 (bug #591552; unimportant)
 CVE-2010-2799 [socat buffer overflow]
        RESERVED
+       {DSA-2090-1}
        - socat 1.7.1.3-1 (bug #591443; medium)
 CVE-2010-2798 [gfs2 null ptr dereference]
        RESERVED
        - linux-2.6 2.6.32-20
 CVE-2010-2797
        RESERVED
-CVE-2010-2796
-       RESERVED
-CVE-2010-2795
-       RESERVED
+CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 
1.1.2, when ...)
+       TODO: check
+CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack 
...)
+       TODO: check
 CVE-2010-2794
        RESERVED
 CVE-2010-2793
        RESERVED
 CVE-2010-2792
        RESERVED
-CVE-2010-2791 [apache2 mod_proxy information leak]
-       RESERVED
+CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on 
Unix, ...)
        - apache2 2.2.10-1 (low)
 CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the 
formatQuery ...)
        - zabbix <unfixed>
@@ -583,14 +693,14 @@
        RESERVED
 CVE-2010-2760
        RESERVED
-CVE-2010-2759
-       RESERVED
-CVE-2010-2758
-       RESERVED
-CVE-2010-2757
-       RESERVED
-CVE-2010-2756
-       RESERVED
+CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 
through ...)
+       TODO: check
+CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 
through ...)
+       TODO: check
+CVE-2010-2757 (The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 
through ...)
+       TODO: check
+CVE-2010-2756 (Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 
3.4.7, 3.5.1 ...)
+       TODO: check
 CVE-2010-2755 (layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does 
not ...)
        - xulrunner <not-affected> (Only exploitable in Firefox 3.6.x and above)
 CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 
3.5.11 ...)
@@ -690,8 +800,7 @@
        NOT-FOR-US: TCW PHP Album
 CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP 
Album 1.0 ...)
        NOT-FOR-US: TCW PHP Album
-CVE-2010-2713 [vte: responds to get window title escape sequence request]
-       RESERVED
+CVE-2010-2713 (The vte_sequence_handler_window_manipulation function in 
vteseq.c in ...)
        - vte 1:0.24.3-1
        NOTE: 
http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74
        NOTE: 
http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
@@ -701,16 +810,16 @@
        RESERVED
 CVE-2010-2710
        RESERVED
-CVE-2010-2709
-       RESERVED
-CVE-2010-2708
-       RESERVED
-CVE-2010-2707
-       RESERVED
-CVE-2010-2706
-       RESERVED
-CVE-2010-2705
-       RESERVED
+CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView 
Network ...)
+       TODO: check
+CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before 
...)
+       TODO: check
+CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 
switches ...)
+       TODO: check
+CVE-2010-2706 (Unspecified vulnerability in the In-band Agent on the HP 
ProCurve 2610 ...)
+       TODO: check
+CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch 
with ...)
+       TODO: check
 CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 
7.51 and ...)
        NOT-FOR-US: HP OpenView 
 CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the 
ov.dll ...)
@@ -900,8 +1009,8 @@
        RESERVED
 CVE-2010-2635
        RESERVED
-CVE-2010-2634
-       RESERVED
+CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users 
to cause ...)
+       TODO: check
 CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 
3.2.7, ...)
        NOT-FOR-US: EMC
 CVE-2010-2632
@@ -1019,14 +1128,14 @@
        RESERVED
 CVE-2010-2578
        RESERVED
-CVE-2010-2577
-       RESERVED
-CVE-2010-2576
-       RESERVED
+CVE-2010-2577 (Multiple SQL injection vulnerabilities in Pligg before 1.1.1 
allow ...)
+       TODO: check
+CVE-2010-2576 (Opera before 10.61 does not properly suppress clicks on 
download ...)
+       TODO: check
 CVE-2010-2575
        RESERVED
-CVE-2010-2574
-       RESERVED
+CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in 
manage_proj_cat_add.php in ...)
+       TODO: check
 CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 
platforms, as ...)
        - tiff <unfixed> (unimportant)
 CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 
3.9.2 ...)
@@ -1049,46 +1158,45 @@
        NOT-FOR-US: Microsoft
 CVE-2010-2567
        RESERVED
-CVE-2010-2566
-       RESERVED
+CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft 
...)
+       TODO: check
 CVE-2010-2565
        RESERVED
-CVE-2010-2564
-       RESERVED
+CVE-2010-2564 (Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 does not 
...)
+       TODO: check
 CVE-2010-2563
        RESERVED
-CVE-2010-2562
-       RESERVED
-CVE-2010-2561
-       RESERVED
-CVE-2010-2560
-       RESERVED
-CVE-2010-2559
-       RESERVED
-CVE-2010-2558
-       RESERVED
-CVE-2010-2557
-       RESERVED
-CVE-2010-2556
-       RESERVED
-CVE-2010-2555
-       RESERVED
-CVE-2010-2554
-       RESERVED
-CVE-2010-2553
-       RESERVED
-CVE-2010-2552
-       RESERVED
-CVE-2010-2551
-       RESERVED
-CVE-2010-2550
-       RESERVED
+CVE-2010-2562 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 
2008 for ...)
+       TODO: check
+CVE-2010-2561 (Microsoft XML Core Services (aka MSXML) 3.0 does not properly 
handle ...)
+       TODO: check
+CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly 
handle ...)
+       TODO: check
+CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects 
in ...)
+       TODO: check
+CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 
allows ...)
+       TODO: check
+CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects 
in ...)
+       TODO: check
+CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly 
handle ...)
+       TODO: check
+CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 
and ...)
+       TODO: check
+CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 
and ...)
+       TODO: check
+CVE-2010-2553 (The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows 
Vista ...)
+       TODO: check
+CVE-2010-2552 (Stack consumption vulnerability in the SMB Server in Microsoft 
Windows ...)
+       TODO: check
+CVE-2010-2551 (The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows 
Server ...)
+       TODO: check
+CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows 
Server ...)
+       TODO: check
 CVE-2010-2549 (Use-after-free vulnerability in Microsoft Windows Vista and 
Server ...)
        NOT-FOR-US: Microsoft
 CVE-2010-2548
        RESERVED
-CVE-2010-2547 [gnupg2: use-after-free in certificate parsing]
-       RESERVED
+CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in 
GnuPG ...)
        {DSA-2076-1}
        - gnupg2 2.0.14-2
 CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in 
...)
@@ -1100,8 +1208,7 @@
        RESERVED
 CVE-2010-2543
        RESERVED
-CVE-2010-2542 [git buffer overflow]
-       RESERVED
+CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in 
...)
        - git-core 1:1.7.1-1.1 (low; bug #590026)
        [lenny] - git-core <no-dsa> (Minor issue)
 CVE-2010-2541
@@ -1248,8 +1355,8 @@
        - freetype 2.4.0-1
 CVE-2010-2496
        RESERVED
-CVE-2010-2493
-       RESERVED
+CVE-2010-2493 (The default configuration of the deployment descriptor (aka 
web.xml) ...)
+       TODO: check
 CVE-2010-2492
        RESERVED
 CVE-2010-2491 [roundup XSS]
@@ -1301,8 +1408,8 @@
        NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
 CVE-2010-2475
        RESERVED
-CVE-2010-2474
-       RESERVED
+CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss 
Enterprise ...)
+       TODO: check
 CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 
through ...)
        - bugzilla <not-affected> (Only affects 3.5 to 3.7)
 CVE-2010-2476 [syscp open_basedir bypassing]
@@ -1942,25 +2049,21 @@
        RESERVED
 CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c 
in (1) ...)
        - iscsitarget <undetermined>
-CVE-2010-2220
-       RESERVED
-CVE-2010-2219
-       RESERVED
-CVE-2010-2218
-       RESERVED
-CVE-2010-2217
-       RESERVED
-CVE-2010-2216
-       RESERVED
+CVE-2010-2220 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 
3.5.4, ...)
+       TODO: check
+CVE-2010-2219 (Unspecified vulnerability in Adobe Flash Media Server (FMS) 
before ...)
+       TODO: check
+CVE-2010-2218 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 
3.5.4, ...)
+       TODO: check
+CVE-2010-2217 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 
3.5.4, ...)
+       TODO: check
+CVE-2010-2216 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, 
and ...)
        NOT-FOR-US: Adobe Flash Plugin
-CVE-2010-2215
-       RESERVED
+CVE-2010-2215 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, 
and ...)
        NOT-FOR-US: Adobe Flash Plugin
-CVE-2010-2214
-       RESERVED
+CVE-2010-2214 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, 
and ...)
        NOT-FOR-US: Adobe Flash Plugin
-CVE-2010-2213
-       RESERVED
+CVE-2010-2213 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, 
and ...)
        NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, 
and 8.x ...)
        NOT-FOR-US: Adobe Reader
@@ -2701,50 +2804,50 @@
        NOT-FOR-US: Consona
 CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager Client 1.5.x 
allows ...)
        NOT-FOR-US: EMC RSA key manager
-CVE-2010-1903
-       RESERVED
-CVE-2010-1902
-       RESERVED
-CVE-2010-1901
-       RESERVED
-CVE-2010-1900
-       RESERVED
+CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word 
Viewer, ...)
+       TODO: check
+CVE-2010-1902 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, 
and 2007 ...)
+       TODO: check
+CVE-2010-1901 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; 
Microsoft ...)
+       TODO: check
+CVE-2010-1900 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; 
Microsoft ...)
+       TODO: check
 CVE-2010-1899
        RESERVED
-CVE-2010-1898
-       RESERVED
-CVE-2010-1897
-       RESERVED
-CVE-2010-1896
-       RESERVED
-CVE-2010-1895
-       RESERVED
-CVE-2010-1894
-       RESERVED
-CVE-2010-1893
-       RESERVED
-CVE-2010-1892
-       RESERVED
+CVE-2010-1898 (The Common Language Runtime (CLR) in Microsoft .NET Framework 
2.0 SP1, ...)
+       TODO: check
+CVE-2010-1897 (The Windows kernel-mode drivers in win32k.sys in Microsoft 
Windows XP ...)
+       TODO: check
+CVE-2010-1896 (The Windows kernel-mode drivers in win32k.sys in Microsoft 
Windows XP ...)
+       TODO: check
+CVE-2010-1895 (The Windows kernel-mode drivers in win32k.sys in Microsoft 
Windows XP ...)
+       TODO: check
+CVE-2010-1894 (The Windows kernel-mode drivers in win32k.sys in Microsoft 
Windows XP ...)
+       TODO: check
+CVE-2010-1893 (Integer overflow in the TCP/IP stack in Microsoft Windows Vista 
SP1, ...)
+       TODO: check
+CVE-2010-1892 (The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, 
Windows ...)
+       TODO: check
 CVE-2010-1891
        RESERVED
-CVE-2010-1890
-       RESERVED
-CVE-2010-1889
-       RESERVED
-CVE-2010-1888
-       RESERVED
-CVE-2010-1887
-       RESERVED
-CVE-2010-1886
-       RESERVED
+CVE-2010-1890 (The kernel in Microsoft Windows Vista SP1 and SP2, Windows 
Server 2008 ...)
+       TODO: check
+CVE-2010-1889 (Double free vulnerability in the kernel in Microsoft Windows 
Vista SP1 ...)
+       TODO: check
+CVE-2010-1888 (Race condition in the kernel in Microsoft Windows XP SP3 allows 
local ...)
+       TODO: check
+CVE-2010-1887 (The Windows kernel-mode drivers in win32k.sys in Microsoft 
Windows XP ...)
+       TODO: check
+CVE-2010-1886 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, 
Windows ...)
+       TODO: check
 CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows 
Help ...)
        NOT-FOR-US: Microsoft Windows
 CVE-2010-1884
        RESERVED
 CVE-2010-1883
        RESERVED
-CVE-2010-1882
-       RESERVED
+CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for 
...)
+       TODO: check
 CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard 
Controls ...)
        NOT-FOR-US: Microsoft
 CVE-2010-1880 (Unspecified vulnerability in Quartz.dll for DirectShow on 
Microsoft ...)
@@ -3000,12 +3103,11 @@
        RESERVED
 CVE-2010-1800
        RESERVED
-CVE-2010-1799
-       RESERVED
+CVE-2010-1799 (Stack-based buffer overflow in the error-logging functionality 
in ...)
+       TODO: check
 CVE-2010-1798
        RESERVED
-CVE-2010-1797 [freetype CFF buffer overflow]
-       RESERVED
+CVE-2010-1797 (Stack-based buffer overflow in FreeType in Apple iOS before 
4.0.2 on ...)
        - freetype 2.4.2-1
 CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 
10.5 ...)
        - webkit <undetermined>
@@ -3206,6 +3308,7 @@
 CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) 
component ...)
        NOT-FOR-US: com_newsfeeds component for joomla!
 CVE-2010-1738 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm 
in LXR ...)
+       {DSA-2092-1}
        - lxr <unfixed> (low; bug #585411)
        - lxr-cvs <unfixed> (low; bug #585412)
        NOTE: likely to be rejected as a dupe of CVE-2010-1448
@@ -3495,6 +3598,7 @@
        - mysql-dfsg-5.0 <removed> (low; bug #584400)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
 CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross 
Referencer ...)
+       {DSA-2092-1}
        - lxr <unfixed> (low; bug #588138)
        - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137)
 CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol 
plugin in ...)
@@ -3602,14 +3706,14 @@
        NOT-FOR-US: Tirzen Framework
 CVE-2010-1582
        RESERVED
-CVE-2010-1581
-       RESERVED
-CVE-2010-1580
-       RESERVED
-CVE-2010-1579
-       RESERVED
-CVE-2010-1578
-       RESERVED
+CVE-2010-1581 (Unspecified vulnerability in the Transport Layer Security (TLS) 
...)
+       TODO: check
+CVE-2010-1580 (Unspecified vulnerability in the SunRPC inspection feature on 
Cisco ...)
+       TODO: check
+CVE-2010-1579 (Unspecified vulnerability in the SunRPC inspection feature on 
Cisco ...)
+       TODO: check
+CVE-2010-1578 (Unspecified vulnerability in the SunRPC inspection feature on 
Cisco ...)
+       TODO: check
 CVE-2010-1577 (Directory traversal vulnerability in Cisco Internet Streamer, 
as used ...)
        NOT-FOR-US: Cisco
 CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software 
before ...)
@@ -3775,8 +3879,8 @@
        NOT-FOR-US: TaskFreak! Original multi user
 CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in 
TaskFreak! ...)
        NOT-FOR-US: TaskFreak! Original multi user
-CVE-2010-1519
-       RESERVED
+CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow ...)
+       TODO: check
 CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE 
Dldrv2 ...)
        NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
 CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote 
attackers ...)
@@ -4065,6 +4169,7 @@
        - python2.4 <removed> (low)
        [lenny] - python2.4 <no-dsa> (Minor issue)
 CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm 
in LXR ...)
+       {DSA-2092-1}
        - lxr <unfixed> (low; bug #585411)
        - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036)
        TODO: prod maintainer (and find out why we have lxr and lxr-cvs)
@@ -4620,8 +4725,8 @@
        NOT-FOR-US: Microsoft
 CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows 
remote ...)
        NOT-FOR-US: Microsoft
-CVE-2010-1258
-       RESERVED
+CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly 
determine ...)
+       TODO: check
 CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML 
API, as ...)
        NOT-FOR-US: Microsoft
 CVE-2010-1256 (Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, 
when ...)
@@ -5934,8 +6039,8 @@
        NOT-FOR-US: Oracle
 CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle 
Fusion ...)
        NOT-FOR-US: Oracle
-CVE-2010-0834
-       RESERVED
+CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and 
before ...)
+       TODO: check
 CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before 
build ...)
        NOT-FOR-US: Likewise
 CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before ...)
@@ -7862,8 +7967,7 @@
        NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570
 CVE-2010-0210
        RESERVED
-CVE-2010-0209
-       RESERVED
+CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, 
and ...)
        NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-0208
        RESERVED
@@ -8355,6 +8459,7 @@
 CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 
allows ...)
        - zabbix 1:1.8-1 (bug #562613)
 CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross 
Referencer 0.9.5 ...)
+       {DSA-2092-1}
        - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #575745)
        NOTE: 
http://sourceforge.net/mailarchive/forum.php?thread_name=e1ns2s4-0001pe...@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
 CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing 
...)
@@ -8994,8 +9099,8 @@
        NOT-FOR-US: Microsoft Windows Vista Gold
 CVE-2010-0020 (The SMB implementation in the Server service in Microsoft 
Windows 2000 ...)
        NOT-FOR-US: Microsoft Windows
-CVE-2010-0019
-       RESERVED
+CVE-2010-0019 (Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and 
before ...)
+       TODO: check
 CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...)
        NOT-FOR-US: Microsoft Windows
 CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft 
Windows ...)
@@ -9160,8 +9265,8 @@
 CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in 
base/gsmisc.c ...)
        {DSA-2080-1}
        - ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
-CVE-2009-4269
-       RESERVED
+CVE-2009-4269 (The password hash generation algorithm in the BUILTIN 
authentication ...)
+       TODO: check
 CVE-2009-4268
        RESERVED
 CVE-2009-4267
@@ -13252,6 +13357,7 @@
 CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in 
...)
        NOT-FOR-US: Radvision Scopia
 CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
+       {DSA-2091-1}
        - squirrelmail 2:1.4.20~rc2-1 (low; bug #543818)
 CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar 
Uninstaller ...)
        NOT-FOR-US: Toolbar Uninstaller
@@ -14394,8 +14500,7 @@
        - linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.19)
 CVE-2009-2697 (The Red Hat build script for the GNOME Display Manager (GDM) 
before ...)
        - gdm <not-affected> (TCP Wrappers support enabled correctly)
-CVE-2009-2696
-       RESERVED
+CVE-2009-2696 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in 
the ...)
        NOT-FOR-US: Red-Hat-specific patching problem in Tomcat
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=616717
 CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent 
mmap ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to