From 5383385394efb4061fce416969e2c461f64395a0 Mon Sep 17 00:00:00 2001 From: cvebot Date: Wed, 10 Nov 2010 17:15:26 +0000 Subject: MITRE sync svn path=/; revision=2201 --- data/CVE/list | 128 +++++++++++++++++++++++++++++++++------------------------- 1 file changed, 72 insertions(+), 56 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 837df92..f7507a9 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -75584,6 +75584,8 @@ CVE-2008-7263 (ftpserver.py in pyftpdlib before 0.5.0 does not delay its respons NOT-FOR-US: g rodola pyftpdlib CVE-2008-7264 (The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows ...) NOT-FOR-US: g rodola pyftpdlib +CVE-2008-7265 (The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote ...) + TODO: check CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...) NOT-FOR-US: apple quicktime CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...) @@ -87257,14 +87259,14 @@ CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM .. NOT-FOR-US: ibm websphere_application_server CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows ...) TODO: check -CVE-2010-0783 - RESERVED -CVE-2010-0784 - RESERVED -CVE-2010-0785 - RESERVED -CVE-2010-0786 - RESERVED +CVE-2010-0783 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) + TODO: check +CVE-2010-0784 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) + TODO: check +CVE-2010-0785 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...) + TODO: check +CVE-2010-0786 (The Web Services Security component in IBM WebSphere Application ...) + TODO: check CVE-2010-0787 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, ...) BUG: 308067 CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain ...) @@ -90843,10 +90845,10 @@ CVE-2010-2570 RESERVED CVE-2010-2571 RESERVED -CVE-2010-2572 - RESERVED -CVE-2010-2573 - RESERVED +CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows ...) + TODO: check +CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, ...) + TODO: check CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...) BUG: 335850 CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality in ...) @@ -90969,10 +90971,10 @@ CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, NOT-FOR-US: emc disk_library CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...) NOT-FOR-US: rsa envision -CVE-2010-2635 - RESERVED -CVE-2010-2636 - RESERVED +CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before ...) + TODO: check +CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample store ...) + TODO: check CVE-2010-2637 RESERVED CVE-2010-2638 @@ -91163,12 +91165,12 @@ CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) NOT-FOR-US: microsoft iis CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services ...) NOT-FOR-US: microsoft iis -CVE-2010-2732 - RESERVED -CVE-2010-2733 - RESERVED -CVE-2010-2734 - RESERVED +CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft ...) + TODO: check +CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in ...) + TODO: check +CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in ...) + TODO: check CVE-2010-2735 RESERVED CVE-2010-2736 @@ -91779,10 +91781,10 @@ CVE-2010-3037 RESERVED CVE-2010-3038 RESERVED -CVE-2010-3039 - RESERVED -CVE-2010-3040 - RESERVED +CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications ...) + TODO: check +CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...) + TODO: check CVE-2010-3041 RESERVED CVE-2010-3042 @@ -91855,8 +91857,8 @@ CVE-2010-3075 (EncFS before 1.7.0 encrypts multiple blocks by means of the CFB c TODO: check CVE-2010-3076 (The filter function in php/src/include.php in Simple Management for ...) TODO: check -CVE-2010-3077 - RESERVED +CVE-2010-3077 (Cross-site scripting (XSS) vulnerability in util/icon_browser.php in ...) + TODO: check CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...) TODO: check CVE-2010-3079 (kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when ...) @@ -91983,7 +91985,7 @@ CVE-2010-3139 (Untrusted search path vulnerability in Microsoft Windows Progman NOT-FOR-US: microsoft windows CVE-2010-3140 (Untrusted search path vulnerability in Microsoft Windows Internet ...) NOT-FOR-US: microsoft windows_xp -CVE-2010-3141 (Untrusted search path vulnerability in Microsoft Power Point 2010 ...) +CVE-2010-3141 (Untrusted search path vulnerability in Microsoft PowerPoint 2010 ...) NOT-FOR-US: microsoft powerpoint CVE-2010-3142 (Untrusted search path vulnerability in Microsoft Office PowerPoint ...) NOT-FOR-US: microsoft powerpoint @@ -92368,16 +92370,16 @@ CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle TODO: check CVE-2010-3332 (Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, ...) NOT-FOR-US: microsoft net_framework -CVE-2010-3333 - RESERVED -CVE-2010-3334 - RESERVED -CVE-2010-3335 - RESERVED -CVE-2010-3336 - RESERVED -CVE-2010-3337 - RESERVED +CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 ...) + TODO: check +CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...) + TODO: check +CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...) + TODO: check +CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac ...) + TODO: check +CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and ...) + TODO: check CVE-2010-3338 RESERVED CVE-2010-3339 @@ -92971,12 +92973,12 @@ CVE-2010-3631 (Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 an TODO: check CVE-2010-3632 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) TODO: check -CVE-2010-3633 - RESERVED -CVE-2010-3634 - RESERVED -CVE-2010-3635 - RESERVED +CVE-2010-3633 (Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, ...) + TODO: check +CVE-2010-3634 (Unspecified vulnerability in the edge process in Adobe Flash Media ...) + TODO: check +CVE-2010-3635 (Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, ...) + TODO: check CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...) TODO: check CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 ...) @@ -93093,8 +93095,8 @@ CVE-2010-3692 (Directory traversal vulnerability in the callback function in ... NOT-FOR-US: jasig phpcas CVE-2010-3693 RESERVED -CVE-2010-3694 - RESERVED +CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde ...) + TODO: check CVE-2010-3695 RESERVED CVE-2010-3696 (The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in ...) @@ -93235,7 +93237,7 @@ CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php TODO: check CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, ...) TODO: check -CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when ...) +CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, ...) TODO: check CVE-2010-3766 RESERVED @@ -93439,16 +93441,16 @@ CVE-2010-3865 RESERVED CVE-2010-3866 REJECTED -CVE-2010-3867 - RESERVED +CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc ...) + TODO: check CVE-2010-3868 RESERVED CVE-2010-3869 RESERVED CVE-2010-3870 RESERVED -CVE-2010-3871 - RESERVED +CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check CVE-2010-3872 RESERVED CVE-2010-3873 @@ -93578,8 +93580,8 @@ CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Softwar TODO: check CVE-2010-3935 RESERVED -CVE-2010-3936 - RESERVED +CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft ...) + TODO: check CVE-2010-3937 RESERVED CVE-2010-3938 @@ -94018,8 +94020,8 @@ CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP Voy TODO: check CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 ...) TODO: check -CVE-2010-4156 - RESERVED +CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...) + TODO: check CVE-2010-4157 RESERVED CVE-2010-4158 @@ -94136,3 +94138,17 @@ CVE-2010-4213 (The Bank of America application 2.12 for Android stores a securit TODO: check CVE-2010-4214 (The Wells Fargo Mobile application 1.1 for Android stores a username ...) TODO: check +CVE-2010-4215 + RESERVED +CVE-2010-4216 (IBM Tivoli Directory Server (TDS) 6.0.0.x before ...) + TODO: check +CVE-2010-4217 (Use-after-free vulnerability in the proxy server in IBM Tivoli ...) + TODO: check +CVE-2010-4218 (Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown ...) + TODO: check +CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...) + TODO: check +CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...) + TODO: check +CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets ...) + TODO: check -- cgit v1.2.3