From b73fa09140f43202efc84e779e696e8183f23d13 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 13 Nov 2019 08:10:19 +0000 Subject: automatic update --- data/CVE/2010.list | 33 +++++++++++---------------------- 1 file changed, 11 insertions(+), 22 deletions(-) (limited to 'data/CVE/2010.list') diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 6e9139c7da..525612b5d4 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -2827,8 +2827,7 @@ CVE-2010-4178 (MySQL-GUI-tools (mysql-administrator) leaks passwords into proces - mysql-gui-tools (low; bug #605542) [squeeze] - mysql-gui-tools (Minor issue) [lenny] - mysql-gui-tools (Minor issue) -CVE-2010-4177 - RESERVED +CVE-2010-4177 (mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+op ...) - mysql-gui-tools (low; bug #605542) [squeeze] - mysql-gui-tools (Minor issue) [lenny] - mysql-gui-tools (Minor issue) @@ -3591,8 +3590,7 @@ CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before 2 ...) {DSA-2126-1} - linux-2.6 2.6.32-27 -CVE-2010-3857 [JBoss BRMS XSS via UUID parameter] - RESERVED +CVE-2010-3857 (JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID paramet ...) - jbossas4 (Vulnerable code not present) NOTE: JBoss 5 only; fixed in 5.1.0 CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.1 ...) @@ -3629,8 +3627,7 @@ CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS 1.1 ...) - cvs (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852 -CVE-2010-3844 - RESERVED +CVE-2010-3844 (An unchecked sscanf() call in ettercap 0.7.3 allows an insecure tempor ...) - ettercap 1:0.7.4-1 (unimportant; bug #600130) NOTE: Very far-fetched attack vector CVE-2010-3843 @@ -4747,15 +4744,12 @@ CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in sound/c CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote ...) - abcm2ps 5.9.13-0.1 (low; bug #577014) [lenny] - abcm2ps (Minor issue) -CVE-2010-3440 [babiloo insecure downloading and unpacking of dictionary files] - RESERVED +CVE-2010-3440 (babiloo 2.0.9 before 2.0.11 creates temporary files with predictable n ...) - babiloo 2.0.11-1 (low; bug #591995) -CVE-2010-3439 [alien-arena: server dos] - RESERVED +CVE-2010-3439 (It is possible to cause a DoS condition by causing the server to crash ...) - alien-arena 7.33-5 (low; bug #575621) [lenny] - alien-arena 7.0-1+lenny2 -CVE-2010-3438 [Insufficient stripping of CR/LF allows arbitrary IRC command execution] - RESERVED +CVE-2010-3438 (libpoe-component-irc-perl before v6.32 does not remove carriage return ...) - libpoe-component-irc-perl 6.32+dfsg-1 [lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194) CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in dr ...) @@ -5108,8 +5102,7 @@ CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Opensw [lenny] - openswan (Introduced in version 2.6.25) CVE-2010-3307 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...) NOT-FOR-US: Free Simple CMS 1.0 -CVE-2010-3305 [pixel CSRF] - RESERVED +CVE-2010-3305 (Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 cou ...) - pixelpost (bug #597224) CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...) - dovecot 1.2.13-1 @@ -5125,8 +5118,7 @@ CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia3 [lenny] - linux-2.6 (vulnerability introduced in 2.6.27) CVE-2010-3300 RESERVED -CVE-2010-3299 [ruby on rails: padding oracle attack] - RESERVED +CVE-2010-3299 (The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...) - rails (unimportant) NOTE: http://seclists.org/oss-sec/2010/q3/415 NOTE: http://seclists.org/oss-sec/2010/q3/413 @@ -5178,8 +5170,7 @@ CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Altern CVE-2010-3293 (mailscanner can allow local users to prevent virus signatures from bei ...) - mailscanner (bug #596397; unimportant) NOTE: or even unimportant, the script is not used by default -CVE-2010-3292 [mailscanner may use spoofed data] - RESERVED +CVE-2010-3292 (The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 down ...) - mailscanner (bug #596396; low) [squeeze] - mailscanner (Minor issue) CVE-2010-3278 @@ -5734,8 +5725,7 @@ CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP cli NOT-FOR-US: WinFrigate Frigate 3 FTP CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...) NOT-FOR-US: SoftX FTP Client 3.3 -CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313] - RESERVED +CVE-2010-3095 (mailscanner before 4.79.11-2.1 might allow local users to overwrite ar ...) - mailscanner 4.79.11-2.1 (bug #596403) CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...) {DSA-2113-1} @@ -7294,8 +7284,7 @@ CVE-2010-2490 (Mumble: murmur-server has DoS due to malformed client query ...) CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...) - ruby1.8 (Windows-specific) - ruby1.9.1 (Windows-specific) -CVE-2010-2488 [znc null pointer deref] - RESERVED +CVE-2010-2488 (NULL pointer dereference vulnerability in ZNC before 0.092 caused by t ...) {DSA-2069-1} - znc 0.090-2 (bug #584929) CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...) -- cgit v1.2.3