[Secure-testing-commits] r15671 - data/CVE
Federico Ceratto
federico-guest at alioth.debian.org
Thu Dec 9 19:40:19 UTC 2010
Author: federico-guest
Date: 2010-12-09 19:40:19 +0000 (Thu, 09 Dec 2010)
New Revision: 15671
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-12-09 09:14:50 UTC (rev 15670)
+++ data/CVE/list 2010-12-09 19:40:19 UTC (rev 15671)
@@ -230,7 +230,7 @@
CVE-2010-4413
RESERVED
CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote ...)
- libcgi-pm-perl <unfixed> (bug #606370)
CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm ...)
@@ -262,9 +262,9 @@
[lenny] - php5 <not-affected> (intl extension included since 5.3)
NOTE: http://www.kb.cert.org/vuls/id/479900
CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: AlGuest
CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton ...)
- TODO: check
+ NOT-FOR-US: LittlePhpGallery
CVE-2010-4405 (Cross-site scripting (XSS) vulnerability in the Yannick Gaultier ...)
TODO: check
CVE-2010-4404 (SQL injection vulnerability in the Yannick Gaultier sh404SEF component ...)
@@ -274,11 +274,11 @@
CVE-2010-4402 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...)
TODO: check
CVE-2010-4401 (languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: DynPG
CVE-2010-4400 (SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows ...)
- TODO: check
+ NOT-FOR-US: DynPG
CVE-2010-4399 (Directory traversal vulnerability in languages.inc.php in DynPG CMS ...)
- TODO: check
+ NOT-FOR-US: DynPG
CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-4397
@@ -353,37 +353,37 @@
RESERVED
- hypermail <removed> (low; bug #598743)
CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Chameleon Social Networking
CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar ...)
TODO: check
CVE-2010-4364 (DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does ...)
- TODO: check
+ NOT-FOR-US: DaDaBIK
CVE-2010-4363 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...)
- TODO: check
+ NOT-FOR-US: FreeTicket
CVE-2010-4362 (Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer ...)
- TODO: check
+ NOT-FOR-US: MicroNetsoft RV Dealer
CVE-2010-4361 (Cross-site scripting (XSS) vulnerability in url-gateway.php in ...)
- TODO: check
+ NOT-FOR-US: Jurpopage
CVE-2010-4360 (Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 ...)
- TODO: check
+ NOT-FOR-US: Jurpopage
CVE-2010-4359 (SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows ...)
- TODO: check
+ NOT-FOR-US: Jurpopage
CVE-2010-4358 (Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in ...)
- TODO: check
+ NOT-FOR-US: MRCGIGUY (MCG) Guestbook
CVE-2010-4357 (SQL injection vulnerability in comments.php in SiteEngine 7.1 allows ...)
- TODO: check
+ NOT-FOR-US: SiteEngine
CVE-2010-4356 (SQL injection vulnerability in news_default.asp in Site2Nite Big Truck ...)
- TODO: check
+ NOT-FOR-US: Site2Nite Big Truck
CVE-2010-4355 (Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, ...)
- TODO: check
+ NOT-FOR-US: DaDaBIK
CVE-2009-5019 (Web Wiz NewsPad stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: Web Wiz NewsPad
CVE-2008-7269 (Open redirect vulnerability in api.php in SiteEngine 5.x allows ...)
- TODO: check
+ NOT-FOR-US: SiteEngine
CVE-2008-7268 (The phpinfo function in SiteEngine 5.x allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: SiteEngine
CVE-2008-7267 (SQL injection vulnerability in announcements.php in SiteEngine 5.x ...)
- TODO: check
+ NOT-FOR-US: SiteEngine
CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes]
- elfsign <unfixed> (low; bug #555668)
[lenny] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
@@ -424,7 +424,7 @@
CVE-2010-4331
RESERVED
CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse ...)
- TODO: check
+ NOT-FOR-US: Pulse CMS Basic
CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton ...)
- phpmyadmin 4:3.3.7-2
CVE-2010-4328
@@ -486,13 +486,13 @@
CVE-2010-4298 (SQL injection vulnerability in the download module in Free Simple ...)
NOT-FOR-US: Free Simple Software
CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation 6.5.x ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2008-7266 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave ...)
NOT-FOR-US: RSA Adaptive Authentication
CVE-2010-XXXX [directory traversal]
@@ -648,7 +648,7 @@
RESERVED
- linux-2.6 <unfixed>
CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2010-4245
RESERVED
- pootle 2.0.5-0.3 (low; bug #604060)
@@ -2661,7 +2661,7 @@
CVE-2010-3450
RESERVED
CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback before ...)
- TODO: check
+ NOT-FOR-US: Redback
CVE-2010-3448 [Linux ThinkPad video output status local DoS]
RESERVED
{DSA-2126-1}
@@ -4922,7 +4922,7 @@
CVE-2010-2640
RESERVED
CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0
CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 ...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not ...)
@@ -5034,7 +5034,7 @@
CVE-2010-2587
RESERVED
CVE-2010-2586 (Multiple integer overflows in in_nsv.dll in the in_nsv plugin in ...)
- TODO: check
+ NOT-FOR-US: Winamp
CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX ...)
NOT-FOR-US: RealPage Module ActiveX Controls
CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in ...)
More information about the Secure-testing-commits
mailing list