[Secure-testing-commits] r13944 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Thu Jan 28 02:37:34 UTC 2010
Author: geissert
Date: 2010-01-28 02:37:34 +0000 (Thu, 28 Jan 2010)
New Revision: 13944
Modified:
data/CVE/list
Log:
tor, bind, systemtap, NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-27 22:37:22 UTC (rev 13943)
+++ data/CVE/list 2010-01-28 02:37:34 UTC (rev 13944)
@@ -5,11 +5,11 @@
- hybserv <unfixed> (low; bug #550389)
NOTE: CVE id requested
CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN ...)
- TODO: check
+ NOT-FOR-US: TheGreenBow IPSec VPN Client
CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero Technologies ...)
- TODO: check
+ NOT-FOR-US: InterBase SMP 2009 9.0.3.437
CVE-2010-0390 (Unrestricted file upload vulnerability in maxImageUpload/index.php in ...)
- TODO: check
+ NOT-FOR-US: PHP F1 Max's Image Uploader
CVE-2010-0389 (The admin server in Sun Java System Web Server 7.0 Update 6 allows ...)
TODO: check
CVE-2010-0388 (Format string vulnerability in the WebDAV implementation in webservd ...)
@@ -19,21 +19,25 @@
CVE-2010-0386 (The default configuration of Sun Java System Application Server 7 and ...)
TODO: check
CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when ...)
+ - tor 0.2.1.22-1 (low)
TODO: check
CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory ...)
+ - tor <unfixed>
TODO: check
CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...)
+ - tor 0.2.1.22-1 (low)
TODO: check
CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...)
+ - bind9 <unfixed>
TODO: check
CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
- TODO: check
+ NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows ...)
- TODO: check
+ NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2008-7253 (The default configuration of the web server in IBM Lotus Domino ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Domino Server
CVE-2005-4884 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2010-XXXX [gmetad incorrect file permissions]
- gmetad <unfixed> (low; bug #567175)
TODO: check old/stable versions
@@ -74,21 +78,21 @@
NOTE: http://www.openwall.com/lists/oss-security/2010/01/16/2
TODO: check
CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...)
- TODO: check
+ NOT-FOR-US: Macromedia Flash ActiveX
CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
- TODO: check
+ NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in ...)
- TODO: check
+ NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2010-0375 (SQL injection vulnerability in product_list.php in JCE-Tech PHP ...)
- TODO: check
+ NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2010-0374 (Cross-site scripting (XSS) vulnerability in the Marketplace ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-0373 (SQL injection vulnerability in the libros (com_libros) component for ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-0372 (SQL injection vulnerability in the Articlemanager (com_articlemanager) ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-0371 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
TODO: check
CVE-2010-0370 (Cross-site scripting (XSS) vulnerability in the Node Blocks module ...)
@@ -98,12 +102,13 @@
CVE-2010-0368
RESERVED
CVE-2010-0367 (Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits ...)
- TODO: check
+ NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0366 (Multiple unrestricted file upload vulnerabilities in (1) register.php ...)
- TODO: check
+ NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0365 (Cross-site scripting (XSS) vulnerability in search.php in BitScripts ...)
- TODO: check
+ NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0364 (Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows ...)
+ - vlc <unfixed>
TODO: check
CVE-2010-0363 (Cross-site scripting (XSS) vulnerability in Zeus Web Server before ...)
NOT-FOR-US: Zeus Web Server
@@ -476,15 +481,15 @@
CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, ...)
NOT-FOR-US: Microsoft
CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0243
RESERVED
CVE-2010-0242
@@ -508,7 +513,7 @@
CVE-2010-0233
RESERVED
CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-0231
RESERVED
CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen ...)
@@ -729,9 +734,9 @@
CVE-2010-0139
RESERVED
CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor ...)
- TODO: check
+ NOT-FOR-US: Cisco CiscoWorks Internetwork Performance Monitor
CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in the SSH ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS XR
CVE-2010-0136
RESERVED
CVE-2010-0135
@@ -903,6 +908,7 @@
CVE-2010-0098
RESERVED
CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...)
+ - bind9 <unfixed>
TODO: check
CVE-2010-0096
RESERVED
@@ -1548,9 +1554,9 @@
CVE-2010-0038
RESERVED
CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2010-0035
RESERVED
CVE-2010-0034
@@ -1568,7 +1574,7 @@
CVE-2010-0028
RESERVED
CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 7 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0026
RESERVED
CVE-2010-0025
@@ -1731,6 +1737,7 @@
CVE-2009-4274
RESERVED
CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...)
+ - systemtap 1.1-1
TODO: check
CVE-2009-4272 [linux deadlock or null pointer dereference via routing hash table's emergency route flush]
RESERVED
@@ -1854,7 +1861,7 @@
CVE-2009-4258
RESERVED
CVE-2009-4257 (Heap-based buffer overflow in smlrender.dll in RealNetworks RealPlayer ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 ...)
NOT-FOR-US: AlefMentor
CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit! template ...)
@@ -1872,21 +1879,21 @@
CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP ...)
NOT-FOR-US: CuteNews
CVE-2009-4248 (Buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2009-4247 (RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2009-4242 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in the ...)
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in IBM ...)
@@ -2494,15 +2501,15 @@
- linux-2.6 2.6.32-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4001
RESERVED
CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP ...)
- TODO: check
+ NOT-FOR-US: HP Power Manager
CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power ...)
- TODO: check
+ NOT-FOR-US: HP Power Manager
CVE-2009-3998
RESERVED
CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...)
@@ -3163,7 +3170,7 @@
CVE-2009-3740
RESERVED
CVE-2009-3739 (Multiple unspecified vulnerabilities on the Rockwell Automation AB ...)
- TODO: check
+ NOT-FOR-US: Micrologix
CVE-2009-3738
RESERVED
CVE-2009-3737
More information about the Secure-testing-commits
mailing list