[Secure-testing-commits] r11762 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Fri May 1 21:59:24 UTC 2009
Author: jmm-guest
Date: 2009-05-01 21:59:24 +0000 (Fri, 01 May 2009)
New Revision: 11762
Modified:
data/CVE/list
Log:
- new memcached issue
- NFUs
- zoneminder permission fixed some time ago
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-01 21:29:35 UTC (rev 11761)
+++ data/CVE/list 2009-05-01 21:59:24 UTC (rev 11762)
@@ -3,11 +3,11 @@
NOTE: http://jira.codehaus.org/browse/JETTY-1004
NOTE: It's not entirely clear, whether version 5 is affected
CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...)
- TODO: check
+ - memcached <unfixed> (low; bug filed)
CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in Adobe ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader and ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2009-1491
RESERVED
CVE-2009-1490
@@ -164,27 +164,27 @@
CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 ...)
NOT-FOR-US: Trend Micro OfficeScan
CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki before ...)
- TODO: check
+ - foswiki <itp> (bug #509864)
CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for ...)
- TODO: check
+ - zoneminder 1.22.3-5
CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to ...)
TODO: check
CVE-2008-6754 (The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote ...)
- TODO: check
+ NOT-FOR-US: vBullerin addon
CVE-2008-6753 (SQL injection vulnerability in SilverStripe before 2.2.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php) in ...)
NOT-FOR-US: SilverStripe
CVE-2009-1432 (Symantec Reporting Server, as used in Symantec AntiVirus (SAV) ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2009-1429 (The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2009-1427
RESERVED
CVE-2009-1426
@@ -402,7 +402,7 @@
CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule ...)
- amule <unfixed> (low; bug #525078)
CVE-2009-1348 (The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, ...)
- TODO: check
+ NOT-FOR-US: Various AV junk
CVE-2009-1347 (Multiple SQL injection vulnerabilities in stats/index.php in chCounter ...)
NOT-FOR-US: chCounter
CVE-2009-1346 (SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 ...)
More information about the Secure-testing-commits
mailing list