diff options
| author |   cvebot <cvebot@localhost> | 2010-11-08 17:15:37 +0000 |
|---|---|---|
| committer | cvebot <cvebot@localhost> | 2010-11-08 17:15:37 +0000 |
| commit | fcc6c6ca2a92e66f3fa7af0b15ab4d2180a06179 (patch) | |
| tree | 49674c499d58477510b83495e9161665cabc89b3 | |
| parent | MITRE sync (diff) | |
| download | security-fcc6c6ca2a92e66f3fa7af0b15ab4d2180a06179.tar.gz security-fcc6c6ca2a92e66f3fa7af0b15ab4d2180a06179.tar.bz2 security-fcc6c6ca2a92e66f3fa7af0b15ab4d2180a06179.zip | |
MITRE sync
svn path=/; revision=2199
| -rw-r--r-- | data/CVE/list | 226 |
1 files changed, 143 insertions, 83 deletions
diff --git a/data/CVE/list b/data/CVE/list index b840c26..d6034ac 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -85668,6 +85668,10 @@ CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2 does not require the l ... NOT-FOR-US: g rodola pyftpdlib CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib ...) NOT-FOR-US: g rodola pyftpdlib +CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before ...) + TODO: check +CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 ...) + TODO: check CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 ...) BUG: 300943 CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for ...) @@ -88734,8 +88738,8 @@ CVE-2010-1521 (SQL injection vulnerability in include/classes/tzn_user.php in .. NOT-FOR-US: taskfreak CVE-2010-1522 (Multiple SQL injection vulnerabilities in the BookLibrary Basic ...) NOT-FOR-US: ordasoft com_booklibrary -CVE-2010-1523 - RESERVED +CVE-2010-1523 (Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in ...) + TODO: check CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 ...) NOT-FOR-US: autonomy keyview_viewer_sdk CVE-2010-1525 (Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in ...) @@ -89305,7 +89309,7 @@ CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4. TODO: check CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...) TODO: check -CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 does not ...) +CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2, and ...) TODO: check CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) NOT-FOR-US: apple mac_os_x_server @@ -90649,8 +90653,8 @@ CVE-2010-2475 RESERVED CVE-2010-2476 RESERVED -CVE-2010-2477 - RESERVED +CVE-2010-2477 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check CVE-2010-2478 (Integer overflow in the ethtool_get_rxnfc function in ...) TODO: check CVE-2010-2479 (Cross-site scripting (XSS) vulnerability in HTML Purifier before ...) @@ -91577,8 +91581,8 @@ CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function i BUG: 332027 CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System ...) NOT-FOR-US: fedoraproject sssd -CVE-2010-2941 - RESERVED +CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate ...) + TODO: check CVE-2010-2942 (The actions implementation in the network queueing functionality in ...) TODO: check CVE-2010-2943 (The xfs implementation in the Linux kernel before 2.6.35 does not look ...) @@ -92003,7 +92007,7 @@ CVE-2010-3151 (Untrusted search path vulnerability in Adobe On Location CS4 Buil NOT-FOR-US: adobe onlocation_cs4 CVE-2010-3152 (Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, ...) NOT-FOR-US: adobe illustrator -CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0 allows ...) +CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0, ...) NOT-FOR-US: adobe indesign_cs4 CVE-2010-3154 (Untrusted search path vulnerability in Adobe Extension Manager CS5 ...) NOT-FOR-US: adobe extension_manager_cs5 @@ -92041,8 +92045,8 @@ CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbir TODO: check CVE-2010-3171 (The Math.random function in the JavaScript implementation in Mozilla ...) TODO: check -CVE-2010-3172 - RESERVED +CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before ...) + TODO: check CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x ...) TODO: check CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) @@ -92973,43 +92977,43 @@ CVE-2010-3634 RESERVED CVE-2010-3635 RESERVED -CVE-2010-3636 - RESERVED -CVE-2010-3637 - RESERVED -CVE-2010-3638 - RESERVED -CVE-2010-3639 - RESERVED -CVE-2010-3640 - RESERVED -CVE-2010-3641 - RESERVED -CVE-2010-3642 - RESERVED -CVE-2010-3643 - RESERVED -CVE-2010-3644 - RESERVED -CVE-2010-3645 - RESERVED -CVE-2010-3646 - RESERVED -CVE-2010-3647 - RESERVED -CVE-2010-3648 - RESERVED -CVE-2010-3649 - RESERVED -CVE-2010-3650 - RESERVED +CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...) + TODO: check +CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 ...) + TODO: check +CVE-2010-3638 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3639 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3640 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3641 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3642 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3643 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3644 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3645 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3646 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3647 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3648 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3649 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check +CVE-2010-3650 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check CVE-2010-3651 RESERVED -CVE-2010-3652 - RESERVED +CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) + TODO: check CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before ...) TODO: check -CVE-2010-3654 (Adobe Flash Player 10.1.85.3 and earlier on Windows, Mac OS X, Linux, ...) +CVE-2010-3654 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...) TODO: check CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player ...) TODO: check @@ -93105,12 +93109,12 @@ CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x befo TODO: check CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows ...) TODO: check -CVE-2010-3702 - RESERVED -CVE-2010-3703 - RESERVED -CVE-2010-3704 - RESERVED +CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, ...) + TODO: check +CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in ...) + TODO: check +CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser ...) + TODO: check CVE-2010-3705 RESERVED CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...) @@ -93229,8 +93233,8 @@ CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does TODO: check CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...) TODO: check -CVE-2010-3764 - RESERVED +CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, ...) + TODO: check CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when ...) TODO: check CVE-2010-3766 @@ -93393,8 +93397,8 @@ CVE-2010-3844 RESERVED CVE-2010-3845 RESERVED -CVE-2010-3846 - RESERVED +CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS ...) + TODO: check CVE-2010-3847 RESERVED CVE-2010-3848 @@ -93405,8 +93409,8 @@ CVE-2010-3850 RESERVED CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 ...) TODO: check -CVE-2010-3852 - RESERVED +CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga ...) + TODO: check CVE-2010-3853 RESERVED CVE-2010-3854 @@ -93427,14 +93431,14 @@ CVE-2010-3861 RESERVED CVE-2010-3862 RESERVED -CVE-2010-3863 - RESERVED +CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...) + TODO: check CVE-2010-3864 RESERVED CVE-2010-3865 RESERVED CVE-2010-3866 - RESERVED + REJECTED CVE-2010-3867 RESERVED CVE-2010-3868 @@ -93528,14 +93532,14 @@ CVE-2010-3911 RESERVED CVE-2010-3912 RESERVED -CVE-2010-3913 - RESERVED +CVE-2010-3913 (CRLF injection vulnerability in TransWARE Active! mail 6 build ...) + TODO: check CVE-2010-3914 (Untrusted search path vulnerability in VIM Development Group GVim ...) TODO: check -CVE-2010-3915 - RESERVED -CVE-2010-3916 - RESERVED +CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...) + TODO: check +CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...) + TODO: check CVE-2010-3917 RESERVED CVE-2010-3918 @@ -93626,8 +93630,8 @@ CVE-2010-3960 RESERVED CVE-2010-3961 RESERVED -CVE-2010-3962 - RESERVED +CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and ...) + TODO: check CVE-2010-3963 RESERVED CVE-2010-3964 @@ -93654,7 +93658,7 @@ CVE-2010-3974 RESERVED CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9 allows ...) TODO: check -CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player 10.1.82.76, ...) +CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before ...) TODO: check CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check @@ -93694,26 +93698,26 @@ CVE-2010-3994 (Cross-site scripting (XSS) vulnerability in HP Version Control .. TODO: check CVE-2010-3995 RESERVED -CVE-2010-3996 - RESERVED +CVE-2010-3996 (festival_server in Centre for Speech Technology Research (CSTR) ...) + TODO: check CVE-2010-3997 RESERVED -CVE-2010-3998 - RESERVED -CVE-2010-3999 - RESERVED -CVE-2010-4000 - RESERVED -CVE-2010-4001 - RESERVED +CVE-2010-3998 (The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and ...) + TODO: check +CVE-2010-3999 (gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length ...) + TODO: check +CVE-2010-4000 (gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name ...) + TODO: check +CVE-2010-4001 (** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a ...) + TODO: check CVE-2010-4002 RESERVED CVE-2010-4003 RESERVED CVE-2010-4004 RESERVED -CVE-2010-4005 - RESERVED +CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and ...) + TODO: check CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links ...) TODO: check CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...) @@ -93884,10 +93888,10 @@ CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows atta TODO: check CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to execute ...) TODO: check -CVE-2010-4091 - RESERVED -CVE-2010-4092 - RESERVED +CVE-2010-4091 (The EScript.api plugin in Adobe Acrobat Reader 9.4.0, 8.1.7, and ...) + TODO: check +CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility component ...) + TODO: check CVE-2010-4093 RESERVED CVE-2010-4094 (The Tomcat server in IBM Rational Quality Manager and Rational Test ...) @@ -94068,3 +94072,59 @@ CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote atta TODO: check CVE-2010-4182 (Untrusted search path vulnerability in the Data Access Objects (DAO) ...) TODO: check +CVE-2010-4183 (Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier ...) + TODO: check +CVE-2010-4184 (NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with ...) + TODO: check +CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly 2.3.8 ...) + TODO: check +CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools Online ...) + TODO: check +CVE-2010-4187 + RESERVED +CVE-2010-4188 + RESERVED +CVE-2010-4189 + RESERVED +CVE-2010-4190 + RESERVED +CVE-2010-4191 + RESERVED +CVE-2010-4192 + RESERVED +CVE-2010-4193 + RESERVED +CVE-2010-4194 + RESERVED +CVE-2010-4195 + RESERVED +CVE-2010-4196 + RESERVED +CVE-2010-4197 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...) + TODO: check +CVE-2010-4198 (Google Chrome before 7.0.517.44 does not properly handle large text ...) + TODO: check +CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast of an ...) + TODO: check +CVE-2010-4200 (Google Chrome before 7.0.517.44 reads from invalid memory locations ...) + TODO: check +CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...) + TODO: check +CVE-2010-4202 (Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux ...) + TODO: check +CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK), as used in Google Chrome before ...) + TODO: check +CVE-2010-4204 (Google Chrome before 7.0.517.44 accesses a frame object after this ...) + TODO: check +CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data ...) + TODO: check +CVE-2010-4206 (Google Chrome before 7.0.517.44 accesses memory at an out-of-bounds ...) + TODO: check +CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component ...) + TODO: check +CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component ...) + TODO: check +CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component ...) + TODO: check +CVE-2010-4210 + RESERVED |