[Secure-testing-commits] r14401 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Apr 5 02:00:59 UTC 2010
Author: gilbert-guest
Date: 2010-04-05 02:00:51 +0000 (Mon, 05 Apr 2010)
New Revision: 14401
Modified:
data/CVE/list
Log:
NFUs; libesmtp issue was under the wrong cve
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-05 01:21:09 UTC (rev 14400)
+++ data/CVE/list 2010-04-05 02:00:51 UTC (rev 14401)
@@ -47,11 +47,11 @@
- chromium <itp> (bug #520324)
NOTE: chrome-specific sandboxing issue
CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Communication Express
CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G ...)
NOT-FOR-US: Apple iPhone
CVE-2010-1225 (The memory-management implementation in the Virtual Machine Monitor ...)
- TODO: check
+ NOT-FOR-US: Microsoft Virtual PC
CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x ...)
TODO: check
CVE-2010-1223
@@ -65,15 +65,15 @@
CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability]
- interchange 5.7.6-1
CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews) ...)
- TODO: check
+ NOT-FOR-US: com_janews component for Joomla!
CVE-2010-XXXX [opendchub]
- opendchub <unfixed> (bug #576308)
CVE-2010-1218 (Cross-site scripting (XSS) vulnerability in the mm_forum extension ...)
- TODO: check
+ NOT-FOR-US: mm_forum extension for TYPO3
CVE-2010-1217 (Directory traversal vulnerability in the JE Form Creator ...)
- TODO: check
+ NOT-FOR-US: com_jeformcr component for Joomla!
CVE-2010-1216 (PHP remote file inclusion vulnerability in templates/template.php in ...)
- TODO: check
+ NOT-FOR-US: notsoPureEdit
CVE-2010-1215
RESERVED
CVE-2010-1214
@@ -115,9 +115,10 @@
CVE-2010-1196
RESERVED
CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and ...)
- TODO: check
+ - libesmtp <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2010/03/30/10
CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other ...)
- NOT-FOR-US: Sahana
+ - sahana <itp> (bug #497414)
CVE-2010-1186
RESERVED
CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in ...)
@@ -226,27 +227,27 @@
CVE-2010-1138
RESERVED
CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...)
- TODO: check
+ NOT-FOR-US: VMware Server
CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs ...)
TODO: check
CVE-2009-4761 (Stack-based buffer overflow in Mini-stream RM Downloader allows remote ...)
- TODO: check
+ NOT-FOR-US: Mini-stream RM Downloader
CVE-2009-4760 (Winn ASP Guestbook 1.01 Beta stores sensitive information under the ...)
- TODO: check
+ NOT-FOR-US: Winn ASP Guestbook
CVE-2009-4759 (Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: BrotherSoft BMXPlay
CVE-2009-4758 (Stack-based buffer overflow in dicas Mpegable Player 2.12 allows ...)
- TODO: check
+ NOT-FOR-US: Mpegable Player
CVE-2009-4757 (Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows ...)
- TODO: check
+ NOT-FOR-US: BrotherSoft EW-MusicPlayer
CVE-2009-4756 (Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in ...)
- TODO: check
+ NOT-FOR-US: Beatport Player
CVE-2009-4755 (Multiple stack-based buffer overflows in Mercury Audio Player 1.21 ...)
- TODO: check
+ NOT-FOR-US: Mercury Audio Player
CVE-2009-4754 (Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote ...)
- TODO: check
+ NOT-FOR-US: Mercury Audio Player
CVE-2009-4753 (Multiple buffer overflows in the FTP server on the Addonics NAS ...)
- TODO: check
+ NOT-FOR-US: Addonics NAS Adapter NASU2FW41
CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 ...)
TODO: check
CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does ...)
@@ -264,43 +265,43 @@
CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...)
TODO: check
CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...)
TODO: check
CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x allows remote ...)
TODO: check
CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile with ...)
- TODO: check
+ - deliver <removed>
CVE-2009-4752 (PHP remote file inclusion vulnerability in anzeiger/start.php in ...)
- TODO: check
+ NOT-FOR-US: Swinger Club Portal
CVE-2009-4751 (SQL injection vulnerability in anzeiger/start.php in Swinger Club ...)
- TODO: check
+ NOT-FOR-US: Swinger Club Portal
CVE-2009-4750 (PHP remote file inclusion vulnerability in home.php in Top Paidmailer ...)
- TODO: check
+ NOT-FOR-US: Top Paidmailer
CVE-2009-4749 (Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 ...)
- TODO: check
+ NOT-FOR-US: PHP Live!
CVE-2009-4748 (SQL injection vulnerability in mycategoryorder.php in the My Category ...)
- TODO: check
+ NOT-FOR-US: My Category Order plugin for wordpress
CVE-2009-4747 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2009-4746 (Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels ...)
- TODO: check
+ NOT-FOR-US: Dreamlevels DreamPoll
CVE-2009-4745 (Multiple SQL injection vulnerabilities in index.php in Dreamlevels ...)
- TODO: check
+ NOT-FOR-US: Dreamlevels DreamPoll
CVE-2009-4744 (Cross-site scripting (XSS) vulnerability in the Contact module in ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2009-4743 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: AfterLogic WebMail
CVE-2009-4742 (Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote ...)
- TODO: check
+ NOT-FOR-US: Docebo
CVE-2009-4741 (Unspecified vulnerability in the Extras Manager before 2.0.0.67 in ...)
- TODO: check
+ NOT-FOR-US: Skype
CVE-2009-4740 (Directory traversal vulnerability in the Webesse E-Card (ws_ecard) ...)
- TODO: check
+ NOT-FOR-US: ws_ecard extension for typo3
CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...)
- TODO: check
+ NOT-FOR-US: SkaDate Dating
CVE-2010-XXXX [freeciv lua]
- freeciv <unfixed> (low)
[lenny] - freeciv <no-dsa> (Minor issue)
@@ -497,9 +498,9 @@
CVE-2010-1032
RESERVED
CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka ...)
- TODO: check
+ NOT-FOR-US: HP Insight Control
CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function ...)
TODO: check
CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate) ...)
@@ -602,9 +603,9 @@
CVE-2010-0990
RESERVED
CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before ...)
- TODO: check
+ NOT-FOR-US: Pulse CMS
CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ...)
- TODO: check
+ NOT-FOR-US: Pulse CMS
CVE-2010-0987
RESERVED
CVE-2010-0986
@@ -1202,9 +1203,7 @@
- libesmtp <unfixed> (bug #572960)
NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...)
- - libesmtp <undetermined>
- NOTE: http://www.openwall.com/lists/oss-security/2010/03/30/10
- TODO: check
+ NOT-FOR-US: VMware Server
CVE-2010-XXXX [argyll unsafe udev rules]
- argyll <not-affected> (issue with redhat-specific changes to the package)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050
@@ -1255,11 +1254,11 @@
CVE-2010-0808
RESERVED
CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft Internet ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 ...)
NOT-FOR-US: iBoutique
CVE-2010-0803 (SQL injection vulnerability in the jVideoDirect (com_jvideodirect) ...)
@@ -1339,11 +1338,11 @@
CVE-2010-0771
RESERVED
CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0768 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0767
RESERVED
CVE-2010-0766 (Integer overflow in the Swap4 function in valet4.dll in Luxology Modo ...)
@@ -1548,7 +1547,7 @@
CVE-2010-0687
RESERVED
CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, ...)
- TODO: check
+ NOT-FOR-US: VMware Server
CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source ...)
- asterisk <unfixed>
[lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
@@ -2034,105 +2033,105 @@
CVE-2010-0538
RESERVED
CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly ...)
- TODO: check
+ NOT-FOR-US: Apple DesktopServices
CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is ...)
TODO: check
CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the ...)
- TODO: check
+ NOT-FOR-US: Apple Wiki Server
CVE-2010-0533 (Directory traversal vulnerability in AFP Server in Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple AFP Server
CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1 ...)
- TODO: check
+ NOT-FOR-US: Apple itunes
CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes
CVE-2010-0530
RESERVED
CVE-2010-0529 (Heap-based buffer overflow in Apple QuickTime before 7.6.6 on Windows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple Quicktime
CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0526 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...)
- TODO: check
+ NOT-FOR-US: Apple Mail
CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X ...)
TODO: check
CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types ...)
- TODO: check
+ NOT-FOR-US: Apple Wiki Server
CVE-2010-0522 (Server Admin in Apple Mac OS X Server 10.5.8 does not properly ...)
- TODO: check
+ NOT-FOR-US: Apple Server Admin
CVE-2010-0521 (Server Admin in Apple Mac OS X Server before 10.6.3 does not properly ...)
- TODO: check
+ NOT-FOR-US: Apple Server Admin
CVE-2010-0520 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0518 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0517 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0516 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0515 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0514 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0513 (Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before ...)
- TODO: check
+ NOT-FOR-US: Apple PS Normalizer
CVE-2010-0512 (The Accounts Preferences implementation in Apple Mac OS X 10.6 before ...)
- TODO: check
+ NOT-FOR-US: Apple Accounts Preferences
CVE-2010-0511 (Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the ...)
- TODO: check
+ NOT-FOR-US: Apple Podcast Producer
CVE-2010-0510 (Password Server in Apple Mac OS X Server before 10.6.3 does not ...)
- TODO: check
+ NOT-FOR-US: Apple Password Server
CVE-2010-0509 (SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local ...)
- TODO: check
+ NOT-FOR-US: Apple SFLServer
CVE-2010-0508 (Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules ...)
- TODO: check
+ NOT-FOR-US: Apple Mail
CVE-2010-0507 (Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Image RAW
CVE-2010-0506 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple Image RAW
CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 ...)
- TODO: check
+ NOT-FOR-US: Apple ImageIO
CVE-2010-0504 (Multiple stack-based buffer overflows in iChat Server in Apple Mac OS ...)
- TODO: check
+ NOT-FOR-US: Apple iChat
CVE-2010-0503 (Use-after-free vulnerability in iChat Server in Apple Mac OS X Server ...)
- TODO: check
+ NOT-FOR-US: Apple iChat
CVE-2010-0502 (iChat Server in Apple Mac OS X Server before 10.6.3, when group chat ...)
- TODO: check
+ NOT-FOR-US: Apple iChat
CVE-2010-0501 (Directory traversal vulnerability in FTP Server in Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple FTP Server
CVE-2010-0500 (Event Monitor in Apple Mac OS X before 10.6.3 does not properly ...)
- TODO: check
+ NOT-FOR-US: Apple Event Monitor
CVE-2010-0499
RESERVED
CVE-2010-0498 (Directory Services in Apple Mac OS X before 10.6.3 does not properly ...)
- TODO: check
+ NOT-FOR-US: Apple Directory Services
CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the ...)
- TODO: check
+ NOT-FOR-US: Apple Disk Images
CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for ...)
NOT-FOR-US: Apple iPhone OS
CVE-2010-0495
RESERVED
CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0493
RESERVED
CVE-2010-0492 (mstime.dll in Microsoft Internet Explorer 8 does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0487
RESERVED
CVE-2010-0486
@@ -2218,15 +2217,15 @@
CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and ...)
NOT-FOR-US: Sun Solaris
CVE-2010-0452 (Multiple cross-site scripting (XSS) vulnerabilities in HP Project and ...)
- TODO: check
+ NOT-FOR-US: HP Project and Portfolio Management Center
CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier on HP ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...)
- TODO: check
+ NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation ...)
- TODO: check
+ NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...)
- TODO: check
+ NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance ...)
NOT-FOR-US: HP OpenView Performance Insight
CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with ...)
@@ -2865,7 +2864,7 @@
CVE-2010-0268
RESERVED
CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0266
RESERVED
CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, ...)
@@ -3459,7 +3458,7 @@
CVE-2009-4506
RESERVED
CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP ...)
- TODO: check
+ NOT-FOR-US: OpenCMS
CVE-2009-4504
RESERVED
CVE-2009-4503
@@ -3771,7 +3770,7 @@
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Java SE
CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
@@ -3785,7 +3784,7 @@
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
- TODO: check
+ NOT-FOR-US: Oracle Sava SE
CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
@@ -3992,25 +3991,25 @@
NOTE: CVE requested
NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Apple Disk Images
CVE-2010-0064 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ...)
- TODO: check
+ NOT-FOR-US: Apple DesktopServices
CVE-2010-0063 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple CoreTypes
CVE-2010-0062 (Heap-based buffer overflow in CoreMedia and QuickTime in Apple Mac OS ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2010-0061
RESERVED
CVE-2010-0060 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple CoreAudio
CVE-2010-0059 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple CoreAudio
CVE-2010-0058 (freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update ...)
TODO: check
CVE-2010-0057 (AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use ...)
- TODO: check
+ NOT-FOR-US: Apple AFP Server
CVE-2010-0056 (Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple AppKit
CVE-2010-0055 (xar in Apple Mac OS X 10.5.8 does not properly validate package ...)
- xar <removed> (bug #572556)
[lenny] - xar <no-dsa> (Minor issue)
@@ -6182,7 +6181,7 @@
[lenny] - perl <not-affected> (Vulnerable code not present)
[etch] - perl <not-affected> (Vulnerable code not present)
CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 ...)
- NOT-FOR-US: Sahana
+ - sahana <itp> (bug #497414)
CVE-2009-3624 (The get_instantiation_keyring function in security/keys/keyctl.c in ...)
- linux-2.6 2.6.31-2 (low)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
@@ -8951,7 +8950,7 @@
CVE-2009-2802
RESERVED
CVE-2009-2801 (The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified ...)
- TODO: check
+ NOT-FOR-US: Apple Application Firewall
CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 ...)
NOT-FOR-US: Apple Mac OS X
CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...)
@@ -10781,7 +10780,7 @@
CVE-2009-2278
RESERVED
CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2009-2276 (SQL injection vulnerability in voteforus.php in the Vote For Us ...)
NOT-FOR-US: voteforus.php extension for PunBB
CVE-2009-2275 (Directory traversal vulnerability in frontend/x3/stats/lastvisit.html ...)
More information about the Secure-testing-commits
mailing list