Author: joeyh
Date: 2010-09-07 21:15:43 +0000 (Tue, 07 Sep 2010)
New Revision: 15285
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-07 20:39:59 UTC (rev 15284)
+++ data/CVE/list 2010-09-07 21:15:43 UTC (rev 15285)
@@ -1,3 +1,85 @@
+CVE-2010-3243
+ RESERVED
+CVE-2010-3242
+ RESERVED
+CVE-2010-3241
+ RESERVED
+CVE-2010-3240
+ RESERVED
+CVE-2010-3239
+ RESERVED
+CVE-2010-3238
+ RESERVED
+CVE-2010-3237
+ RESERVED
+CVE-2010-3236
+ RESERVED
+CVE-2010-3235
+ RESERVED
+CVE-2010-3234
+ RESERVED
+CVE-2010-3233
+ RESERVED
+CVE-2010-3232
+ RESERVED
+CVE-2010-3231
+ RESERVED
+CVE-2010-3230
+ RESERVED
+CVE-2010-3229
+ RESERVED
+CVE-2010-3228
+ RESERVED
+CVE-2010-3227
+ RESERVED
+CVE-2010-3226
+ RESERVED
+CVE-2010-3225
+ RESERVED
+CVE-2010-3224
+ RESERVED
+CVE-2010-3223
+ RESERVED
+CVE-2010-3222
+ RESERVED
+CVE-2010-3221
+ RESERVED
+CVE-2010-3220
+ RESERVED
+CVE-2010-3219
+ RESERVED
+CVE-2010-3218
+ RESERVED
+CVE-2010-3217
+ RESERVED
+CVE-2010-3216
+ RESERVED
+CVE-2010-3215
+ RESERVED
+CVE-2010-3214
+ RESERVED
+CVE-2010-3213
+ RESERVED
+CVE-2010-3212 (SQL injection vulnerability in index.php in Seagull 0.6.7 and
earlier ...)
+ TODO: check
+CVE-2010-3211 (Multiple SQL injection vulnerabilities in the JE FAQ Pro ...)
+ TODO: check
+CVE-2010-3210 (Multiple PHP remote file inclusion vulnerabilities in
Multi-lingual ...)
+ TODO: check
+CVE-2010-3209 (Multiple PHP remote file inclusion vulnerabilities in Seagull
0.6.7 ...)
+ TODO: check
+CVE-2010-3208 (Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle
Web ...)
+ TODO: check
+CVE-2010-3207 (SQL injection vulnerability in index.php in GaleriaSHQIP 1.0,
when ...)
+ TODO: check
+CVE-2010-3206 (Multiple PHP remote file inclusion vulnerabilities in DiY-CMS
1.0 ...)
+ TODO: check
+CVE-2010-3205 (PHP remote file inclusion vulnerability in index.php in
Textpattern ...)
+ TODO: check
+CVE-2010-3204 (Multiple PHP remote file inclusion vulnerabilities in Pecio CMS
2.0.5 ...)
+ TODO: check
+CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell)
...)
+ TODO: check
CVE-2010-XXXX [vlc stack overflow]
- vlc <undetermined> (low; bug #595686)
NOTE: poc didn't work. may be windows-only
@@ -98,7 +180,7 @@
RESERVED
CVE-2010-3156
RESERVED
-CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 1.2.10 and
earlier ...)
+CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 0.8.4 through
1.0.15 ...)
- wireshark <not-affected> (Only affects Windows port)
CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox 3.6.8
and ...)
- xulrunner <not-affected> (Only affects Windows port)
@@ -251,7 +333,7 @@
CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement
file ...)
- webkit <not-affected> (chromium specific)
- chromium-browser 5.0.375.127~r55887-1
-CVE-2010-3111 (Google Chrome before 5.0.375.127 does not properly mitigate an
...)
+CVE-2010-3111 (Google Chrome before 6.0.472.53 does not properly mitigate an
...)
- chromium-browser 5.0.375.127~r55887-1
- webkit <not-affected> (chromium specific)
CVE-2010-3110
@@ -332,6 +414,7 @@
RESERVED
CVE-2010-3076 [smbind sql injection]
RESERVED
+ {DSA-2103-1}
- smbind 0.4.7-5 (high)
NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
CVE-2010-3075
@@ -382,6 +465,7 @@
CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions
before ...)
- freetype 2.4.2-1 (unimportant)
CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers
to cause ...)
+ {DSA-2105-1}
- freetype 2.4.2-1
CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
{DSA-2097-1}
@@ -612,8 +696,7 @@
CVE-2010-2955 [infoleak in wireless extensions]
RESERVED
- linux-2.6 <unfixed>
-CVE-2010-2954 [irda null ptr dereference]
- RESERVED
+CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux
kernel ...)
- linux-2.6 <unfixed>
CVE-2010-2953 [CouchDB insecure library loading]
RESERVED
@@ -989,12 +1072,16 @@
CVE-2010-2809 (The default configuration of the <Button2> binding in
Uzbl before ...)
- uzbl 0.0.0~git.20100403-3 (bug #594301)
CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
+ {DSA-2105-1}
- freetype 2.4.2-1
CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during
bounds ...)
+ {DSA-2105-1}
- freetype 2.4.2-1
CVE-2010-2806 (Array index error in the t42_parse_sfnts function in
type42/t42parse.c ...)
+ {DSA-2105-1}
- freetype 2.4.2-1
CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in
FreeType ...)
+ {DSA-2105-1}
- freetype 2.4.2-1
CVE-2010-2804
RESERVED
@@ -1696,6 +1783,7 @@
- git-core 1:1.7.1-1.1 (low; bug #590026)
[lenny] - git-core <no-dsa> (Minor issue)
CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in
FreeType ...)
+ {DSA-2105-1}
- freetype 2.4.2-1 (low)
CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before
5.6.4 ...)
{DSA-2079-1}
@@ -1721,8 +1809,7 @@
NOTE: http://bugs.openttd.org/task/3909
CVE-2010-2533
REJECTED
-CVE-2010-2532
- RESERVED
+CVE-2010-2532 (** DISPUTED ** ...)
- lxsession 0.4.4-3 (bug #591409)
CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before
5.3.3 ...)
- php5 <unfixed> (low)
@@ -2480,8 +2567,7 @@
[lenny] - libvirt <no-dsa> (Minor issue)
CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for
Red ...)
NOT-FOR-US: Red Hat Directory Server
-CVE-2010-2240 [mm: keep a guard page below a grow-down stack segment]
- RESERVED
+CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux
kernel ...)
{DSA-2094-1}
- linux-2.6 2.6.32-21
CVE-2010-2239 (Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new
images ...)
@@ -2514,8 +2600,7 @@
- tomcat5.5 <removed>
- tomcat6 6.0.28-1 (bug #588813)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
-CVE-2010-2226 [xfs SWAPEXT ioctl permissions bypass]
- RESERVED
+CVE-2010-2226 (The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux
kernel ...)
{DSA-2094-1}
- linux-2.6 2.6.32-19
CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage
unserializer in ...)
@@ -3592,6 +3677,7 @@
CVE-2010-1798
RESERVED
CVE-2010-1797 (Multiple stack-based buffer overflows in the ...)
+ {DSA-2105-1}
- freetype 2.4.2-1
CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X
10.5 ...)
- webkit <undetermined>
@@ -4422,8 +4508,8 @@
NOT-FOR-US: IrfanView
CVE-2010-1508
RESERVED
-CVE-2010-1507
- RESERVED
+CVE-2010-1507 (WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on
the ...)
+ TODO: check
CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059
allow ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit <not-affected> (doesn't use v8 bindings yet)
@@ -5088,8 +5174,8 @@
RESERVED
- cvsnt <unfixed> (medium; bug #593884)
NOTE: http://march-hare.com/cvspro/vuln.htm
-CVE-2010-1325
- RESERVED
+CVE-2010-1325 (Cross-site request forgery (CSRF) vulnerability in the
apache2-slms ...)
+ TODO: check
CVE-2010-1324
RESERVED
CVE-2010-1323
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
