[Secure-testing-commits] r12785 - data/CVE

Kees Cook kees at alioth.debian.org
Thu Sep 10 22:02:04 UTC 2009 

Author: kees
Date: 2009-09-10 22:02:04 +0000 (Thu, 10 Sep 2009)
New Revision: 12785

Modified:
   data/CVE/list
Log:
NFUs: 50

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-10 21:14:14 UTC (rev 12784)
+++ data/CVE/list	2009-09-10 22:02:04 UTC (rev 12785)
@@ -1,71 +1,105 @@
+CVE-2009-3162
+	NOT-FOR-US: Multi Website
+CVE-2009-3161
+	NOT-FOR-US: IBM WebSphere MQ
+CVE-2009-3160
+	NOT-FOR-US: IBM WebSphere MQ
+CVE-2009-3159
+	NOT-FOR-US: IBM WebSphere MQ
+CVE-2009-3158
+	NOT-FOR-US: simplePHPWeb
+CVE-2009-3157
+	NOT-FOR-US: Calendar module for Drupal
+CVE-2009-3156
+	NOT-FOR-US: Date module for Drupal
+CVE-2009-3155
+	NOT-FOR-US: Almond Classifieds component for Joomla!
+CVE-2009-3154
+	NOT-FOR-US: Almond Classifieds component for Joomla!
+CVE-2009-3153
+	NOT-FOR-US: x10 MP3 Search engine
+CVE-2009-3152
+	NOT-FOR-US: NTSOFT BBS E-Market Professional
+CVE-2009-3151
+	NOT-FOR-US: Ultrize TimeSheet
+CVE-2009-3150
+	NOT-FOR-US: Multi Website
+CVE-2009-3149
+	NOT-FOR-US: Elgg
+CVE-2009-3148
+	NOT-FOR-US: PortalXP Teacher Edition
+CVE-2009-3147
+	NOT-FOR-US: ReviewPost Pro
+CVE-2009-3146
+	NOT-FOR-US: ArticleFriend Script
 CVE-2009-3125
 	RESERVED
 CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in QuarkMail ...)
-	TODO: check
+	NOT-FOR-US: QuarkMail
 CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in Wap-Motor ...)
-	TODO: check
+	NOT-FOR-US: Wap-Motor
 CVE-2009-3122 (The Ajax Table module 5.x for Drupal does not perform access control, ...)
-	TODO: check
+	NOT-FOR-US: Ajax Table module module for Drupal
 CVE-2009-3121 (Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x ...)
-	TODO: check
+	NOT-FOR-US: Ajax Table module module for Drupal
 CVE-2009-3120 (Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE ...)
-	TODO: check
+	NOT-FOR-US: BIGACE Web CMS
 CVE-2009-3119 (SQL injection vulnerability in screen.php in the Download System mSF ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2009-3118 (SQL injection vulnerability in mod/poll/comment.php in the vote module ...)
-	TODO: check
+	NOT-FOR-US: Danneo CMS
 CVE-2009-3117 (SQL injection vulnerability in category.php in Snow Hall Silurus ...)
-	TODO: check
+	NOT-FOR-US: Snow Hall Silurus System
 CVE-2009-3116 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...)
-	TODO: check
+	NOT-FOR-US: Uiga Church Portal
 CVE-2009-3115 (SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds TFTP Server
 CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.5 saves items from an RSS ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Notes
 CVE-2009-3113 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...)
-	TODO: check
+	NOT-FOR-US: OXID eShop Professional
 CVE-2009-3112 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...)
-	TODO: check
+	NOT-FOR-US: OXID eShop Professional
 CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote ...)
 	TODO: check
 CVE-2008-7202 (Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail ...)
-	TODO: check
+	NOT-FOR-US: OpenWebMail
 CVE-2008-7201 (Lantronix MSS485-T allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Lantronix MSS485-T
 CVE-2008-7200 (Double free vulnerability in Deliantra server engine before 2.4 has ...)
-	TODO: check
+	NOT-FOR-US: Deliantra server engine
 CVE-2008-7199 (Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact FL IL 24 BK-PAC
 CVE-2008-7198 (Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have ...)
-	TODO: check
+	NOT-FOR-US: phpns
 CVE-2008-7197 (Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have ...)
-	TODO: check
+	NOT-FOR-US: G15Daemon
 CVE-2008-7196 (Unspecified vulnerability in metashell before 0.03 has unknown impact ...)
-	TODO: check
+	NOT-FOR-US: metashell
 CVE-2008-7195 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used ...)
-	TODO: check
+	NOT-FOR-US: Fujitsu Interstage HTTP Server
 CVE-2008-7194 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used ...)
-	TODO: check
+	NOT-FOR-US: Fujitsu Interstage HTTP Server
 CVE-2008-7193 (PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows ...)
-	TODO: check
+	NOT-FOR-US: PHPKIT
 CVE-2008-7192 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
-	TODO: check
+	NOT-FOR-US: WoltLab Burning Board
 CVE-2008-7191 (Unspecified vulnerability in Polipo before 1.0.4 allows remote ...)
 	TODO: check
 CVE-2008-7190 (Unspecified vulnerability in Adium before 1.2 has unknown impact and ...)
-	TODO: check
+	NOT-FOR-US: Adium
 CVE-2008-7189 (Multiple unspecified vulnerabilities in Local Media Browser before 0.1 ...)
-	TODO: check
+	NOT-FOR-US: Local Media Browser
 CVE-2008-7188 (ClipShare 2.6 does not properly restrict access to certain ...)
-	TODO: check
+	NOT-FOR-US: ClipShare
 CVE-2008-7187 (Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2008-7186 (Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to ...)
-	TODO: check
+	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2007-6730 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
-	TODO: check
+	NOT-FOR-US: ZyXEL P-330W
 CVE-2007-6729 (Cross-site scripting (XSS) vulnerability in the web management ...)
-	TODO: check
+	NOT-FOR-US: ZyXEL P-330W
 CVE-2009-3110 (Race condition in the file transfer functionality in Symantec Altiris ...)
 	NOT-FOR-US: Symantec Altiris Deployment Solution
 CVE-2009-3109 (Unspecified vulnerability in the AClient agent in Symantec Altiris ...)
@@ -2958,7 +2992,7 @@
 CVE-2009-2267
 	RESERVED
 CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote ...)
-	TODO: check
+	NOT-FOR-US: OXID eShop
 CVE-2009-2281 [Heap-based buffer underflow in the readPostBody function in cgiutil.c ...]
 	RESERVED
 	- mapserver 5.4.2-1 (medium; bug #535340)
@@ -3142,7 +3176,7 @@
 CVE-2009-2206
 	RESERVED
 CVE-2009-2205 (Stack-based buffer overflow in the Java Web Start command launcher in ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2009-2204 (Unspecified vulnerability in the CoreTelephony component in Apple ...)
 	NOT-FOR-US: Apple iPhone OS 
 CVE-2009-2203

More information about the Secure-testing-commits mailing list