[Secure-testing-commits] r14087 - data/CVE
Kees Cook
kees at alioth.debian.org
Sat Feb 13 01:06:58 UTC 2010
Author: kees
Date: 2010-02-13 01:06:56 +0000 (Sat, 13 Feb 2010)
New Revision: 14087
Modified:
data/CVE/list
Log:
NFUs: 53
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-12 21:18:31 UTC (rev 14086)
+++ data/CVE/list 2010-02-13 01:06:56 UTC (rev 14087)
@@ -1,3 +1,17 @@
+CVE-2010-0637
+ NOT-FOR-US: WebCalendar
+CVE-2010-0636
+ NOT-FOR-US: WebCalendar
+CVE-2010-0635
+ NOT-FOR-US: JEvents Search plugin for Joomla!
+CVE-2010-0633
+ NOT-FOR-US: Citrix XenServer
+CVE-2010-0632
+ NOT-FOR-US: Parkview Consultants SimpleFAQ component for Joomla!
+CVE-2010-0631
+ NOT-FOR-US: Eicra Car Rental-Script
+CVE-2010-0630
+ NOT-FOR-US: Evernew Free Joke Script
CVE-2010-0627
RESERVED
CVE-2010-0626
@@ -15,31 +29,31 @@
CVE-2010-0618
RESERVED
CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI ...)
- TODO: check
+ NOT-FOR-US: evalSMSI
CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database, which ...)
- TODO: check
+ NOT-FOR-US: evalSMSI
CVE-2010-0615 (Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI ...)
- TODO: check
+ NOT-FOR-US: evalSMSI
CVE-2010-0614 (SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows ...)
- TODO: check
+ NOT-FOR-US: evalSMSI
CVE-2010-0613 (Directory traversal vulnerability in viewfile.php in ARWScripts Fonts ...)
- TODO: check
+ NOT-FOR-US: ARWScripts Fonts Script
CVE-2010-0612 (Unspecified vulnerability in DocumentManager before 4.0 has unknown ...)
- TODO: check
+ NOT-FOR-US: DocumentManager
CVE-2010-0611 (Multiple SQL injection vulnerabilities in adminlogin.php in Baal ...)
- TODO: check
+ NOT-FOR-US: Baal Systems
CVE-2010-0610 (Multiple SQL injection vulnerabilities in the Photoblog ...)
- TODO: check
+ NOT-FOR-US: Photoblog component for Joomla!
CVE-2010-0609 (SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows ...)
- TODO: check
+ NOT-FOR-US: NovaBoard
CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows ...)
- TODO: check
+ NOT-FOR-US: NovaBoard
CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 ...)
- TODO: check
+ NOT-FOR-US: Sterlite SAM300 AX Router
CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2010-0604
RESERVED
CVE-2010-0603
@@ -190,9 +204,9 @@
[etch] - fetchmail <not-affected> (This issue was introduced in 6.3.11)
NOTE: the conditions so that this is exploitable are rather obscure
CVE-2010-0561 (Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2010-0560 (Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, ...)
- TODO: check
+ NOT-FOR-US: Intel Desktop BIOS
CVE-2003-1588 (Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, ...)
NOT-FOR-US: Sun Cluster
CVE-2010-0559 (The default configuration of Oracle OpenSolaris snv_91 through snv_131 ...)
@@ -463,11 +477,11 @@
CVE-2010-0447
RESERVED
CVE-2010-0446
- RESERVED
+ NOT-FOR-US: HP DreamScreen
CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, ...)
- TODO: check
+ NOT-FOR-US: HP Network Node Manager
CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a ...)
- TODO: check
+ NOT-FOR-US: HP Operations Agent
CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS) before ...)
NOT-FOR-US: HP OpenVMS
CVE-2010-0441 (Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, ...)
@@ -1112,11 +1126,11 @@
CVE-2010-0253
RESERVED
CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ...)
- TODO: check
+ NOT-FOR-US: Microsoft Data Analyzer ActiveX control
CVE-2010-0251
RESERVED
CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used ...)
- TODO: check
+ NOT-FOR-US: Microsoft DirectX
CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, ...)
NOT-FOR-US: Microsoft
CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
@@ -1130,15 +1144,15 @@
CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office XP
CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0238
RESERVED
CVE-2010-0237
@@ -1150,11 +1164,11 @@
CVE-2010-0234
RESERVED
CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-0231 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen ...)
- postfix <not-affected> (SUSE-specific packaging issue)
CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...)
@@ -1360,11 +1374,11 @@
CVE-2010-0146
RESERVED
CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the ...)
- TODO: check
+ NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the ...)
- TODO: check
+ NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...)
NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...)
@@ -2199,45 +2213,45 @@
CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 ...)
NOT-FOR-US: Apple Mac OS X
CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Paint
CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Server
CVE-2010-0025
RESERVED
CVE-2010-0024
RESERVED
CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-0019
RESERVED
CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Server
CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 ...)
{DSA-1973-1}
- eglibc 2.10.2-4 (medium; bug #560333)
@@ -3933,7 +3947,7 @@
NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
NOTE: might've been fixed earlier
CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before ...)
- TODO: check
+ NOT-FOR-US: ActiveScan Installer ActiveX control
CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...)
NOT-FOR-US: S2 Security Linear eMerge Access Control System
CVE-2009-XXXX [mandos 0600 file being included in initrd]
More information about the Secure-testing-commits
mailing list