[Secure-testing-commits] r14876 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Wed Jun 16 01:12:47 UTC 2010
Author: gilbert-guest
Date: 2010-06-16 01:12:39 +0000 (Wed, 16 Jun 2010)
New Revision: 14876
Modified:
data/CVE/list
Log:
nfus and various new issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-06-16 01:11:41 UTC (rev 14875)
+++ data/CVE/list 2010-06-16 01:12:39 UTC (rev 14876)
@@ -1,83 +1,86 @@
CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and ...)
- TODO: check
+ NOT-FOR-US: Plume CMS
CVE-2010-2293 (The Ping tools web interface in Dlink Di-604 router allows remote ...)
- TODO: check
+ NOT-FOR-US: Dlink Di-604
CVE-2010-2292 (Cross-site scripting (XSS) vulnerability in the Ping tools web ...)
- TODO: check
+ NOT-FOR-US: Dlink Di-604 Router
CVE-2010-2291 (Unspecified vulnerability in the web interface in snom VoIP Phone ...)
- TODO: check
+ NOT-FOR-US: snom VoIP Phone
CVE-2010-2290 (Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2010-2289 (Open redirect vulnerability in dana/home/homepage.cgi in Juniper ...)
- TODO: check
+ NOT-FOR-US: Juniper Networks
CVE-2010-2288 (Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in ...)
- TODO: check
+ NOT-FOR-US: Juniper Networks
CVE-2010-2282 (Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 ...)
- TODO: check
+ NOT-FOR-US: TomatoCMS
CVE-2010-2281 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: TomatoCMS
CVE-2010-2280 (Open redirect vulnerability in the Mobile component in IBM Lotus ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Connections
CVE-2010-2279 (The Top Updates implementation in the Homepage component in IBM Lotus ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Connections
CVE-2010-2278 (The bookmarklet pop-up in the Bookmarks component in IBM Lotus ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Connections
CVE-2010-2277 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Connections
CVE-2010-2276 (The default configuration of the build process in Dojo 0.4.x before ...)
- TODO: check
+ - dojo 1.4.2+dfsg-1
CVE-2010-2275 (Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js ...)
- TODO: check
+ - dojo 1.4.2+dfsg-1
CVE-2010-2274 (Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, ...)
- TODO: check
+ - dojo 1.4.2+dfsg-1
CVE-2010-2273 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x ...)
- TODO: check
+ - dojo 1.4.2+dfsg-1
CVE-2010-2272 (Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before ...)
- TODO: check
+ - dojo <not-affected> (only affects 0.4 branch)
CVE-2010-2271 (Format string vulnerability in authcfg.cgi in Accoria Web Server (aka ...)
- TODO: check
+ NOT-FOR-US: Accoria Web Server
CVE-2010-2270 (Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable ...)
- TODO: check
+ NOT-FOR-US: Accoria Web Server
CVE-2010-2269 (Directory traversal vulnerability in loadstatic.cgi in Accoria Web ...)
- TODO: check
+ NOT-FOR-US: Accoria Web Server
CVE-2010-2268 (Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in ...)
- TODO: check
+ NOT-FOR-US: Accoria Web Server
CVE-2010-2267 (Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web ...)
- TODO: check
+ NOT-FOR-US: Accoria Web Server
CVE-2010-2266 (nginx 0.8.36 allows remote attackers to cause a denial of service ...)
+ - nginx <undetermined>
TODO: check
CVE-2009-4895 [linux tty null ptr dereference]
- linux-2.6 2.6.32-9
CVE-2009-4894 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
- TODO: check
+ NOT-FOR-US: PunBB
CVE-2009-4893 (Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when ...)
- TODO: check
+ - unrealircd <itp> (bug #515130)
CVE-2010-2265 (Cross-site scripting (XSS) vulnerability in the GetServerName function ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
- webkit <undetermined>
CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...)
+ - nginx <undetermined>
+ NOTE: claimed windows-only
TODO: check
CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...)
- TODO: check
+ NOT-FOR-US: Content Management System WEBjump!
CVE-2009-4891 (SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 ...)
- TODO: check
+ NOT-FOR-US: CS-Cart
CVE-2009-4890 (Multiple cross-site scripting (XSS) vulnerabilities in the login ...)
- TODO: check
+ NOT-FOR-US: vBook
CVE-2009-4889 (SQL injection vulnerability in books.php in the Book Panel ...)
- TODO: check
+ NOT-FOR-US: book_panel module for php-fusion
CVE-2009-4888 (Cross-site scripting (XSS) vulnerability in poster.php in PHortail ...)
- TODO: check
+ NOT-FOR-US: PHortail
CVE-2009-4887 (PHP remote file inclusion vulnerability in index.php in CMS S.Builder ...)
- TODO: check
+ NOT-FOR-US: CMS S.Builder
CVE-2009-4886 (Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 ...)
- TODO: check
+ NOT-FOR-US: phpCommunity
CVE-2009-4885 (Cross-site scripting (XSS) vulnerability in templates/1/login.php in ...)
- TODO: check
+ NOT-FOR-US: phpCommunity
CVE-2009-4884 (Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when ...)
- TODO: check
+ NOT-FOR-US: phpCommunity
CVE-2009-4883 (SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and ...)
- TODO: check
+ NOT-FOR-US: PHPRecipeBook
CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 ...)
- wireshark 1.2.9-1
CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 ...)
@@ -89,23 +92,23 @@
CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in ...)
- wireshark 1.2.9-1
CVE-2010-2262 (Galileo Students Team Weborf before 0.12.1 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Galileo Studens Team Weborf
CVE-2010-2261 (Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Linksys WAP54Gv3
CVE-2010-2260 (Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design ...)
- TODO: check
+ NOT-FOR-US: Gabmbit Design Bandwidth Meter
CVE-2010-2259 (Directory traversal vulnerability in the BF Survey (com_bfsurvey) ...)
- TODO: check
+ NOT-FOR-US: com_bfsurvey component for joomla!
CVE-2010-2258 (Cross-site scripting (XSS) vulnerability in signupconfirm.php in ...)
- TODO: check
+ NOT-FOR-US: phpBannerExchange
CVE-2010-2257 (SQL injection vulnerability in index_ie.php in Pay Per Minute Video ...)
- TODO: check
+ NOT-FOR-US: Pay Per Minute Video Chat Script
CVE-2010-2256 (Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute ...)
- TODO: check
+ NOT-FOR-US: Pay Per Minute Video Chat Script
CVE-2010-2255 (SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) ...)
- TODO: check
+ NOT-FOR-US: com_bfsurvey component for joomla!
CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope template for ...)
- TODO: check
+ NOT-FOR-US: joomla!
CVE-2010-2253
RESERVED
CVE-2010-2252
@@ -235,7 +238,7 @@
CVE-2010-2194
RESERVED
CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) ...)
- TODO: check
+ NOT-FOR-US: CA Global Advisor
CVE-2010-2192
RESERVED
CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...)
@@ -548,7 +551,7 @@
CVE-2010-2076
RESERVED
CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from ...)
- TODO: check
+ - unrealircd <itp> (bug #515130)
CVE-2010-2074 [w3m NULL byte in SSL cert]
RESERVED
- w3m <unfixed> (low)
@@ -617,7 +620,7 @@
CVE-2010-2055
RESERVED
CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 ...)
- TODO: check
+ NOT-FOR-US: SBLIM SFCB
CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local ...)
- emesene 1.6.2-1 (low)
[lenny] - emesene <not-affected> (Introduced in 1.6.1)
@@ -829,9 +832,9 @@
CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...)
NOT-FOR-US: HP StorageWorks
CVE-2010-1961 (Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1960 (Buffer overflow in the error handling functionality in ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1959 (Unspecified vulnerability in HP TestDirector for Quality Center 9.2 ...)
NOT-FOR-US: HP TestDirector for Quality Center
CVE-2010-1958
@@ -878,7 +881,7 @@
- opie <unfixed> (bug #584932)
[lenny] - opie <no-dsa> (Minor issue)
CVE-2010-1937 (Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM ...)
- TODO: check
+ NOT-FOR-US: SBLIM SFCB
CVE-2010-1936 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
NOT-FOR-US: openMairie openComInterne
CVE-2010-1935 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
@@ -908,7 +911,7 @@
CVE-2010-1932
RESERVED
CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in ...)
- TODO: check
+ NOT-FOR-US: CubeCart PHP Shopping Cart
CVE-2010-1930
RESERVED
CVE-2010-1929
@@ -972,7 +975,7 @@
CVE-2010-1886
RESERVED
CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-1884
RESERVED
CVE-2010-1883
@@ -1917,9 +1920,9 @@
CVE-2010-1516
RESERVED
CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: TomatoCMS
CVE-2010-1514 (Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier ...)
- TODO: check
+ NOT-FOR-US: TomatoCMS
CVE-2010-1513 (Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 ...)
- ziproxy 3.1.0-1 (bug #584933)
[lenny] - ziproxy <no-dsa> (Minor issue, obscure attack vector)
@@ -3370,7 +3373,7 @@
NOTE: http://seclists.org/bugtraq/2010/Apr/196
TODO: recheck when 1.4.3 gets uploaded to unstable
CVE-2010-0990 (Stack-based buffer overflow in Creative Software AutoUpdate Engine ...)
- TODO: check
+ NOT-FOR-US: Creative Software AutoUpdate
CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before ...)
NOT-FOR-US: Pulse CMS
CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ...)
@@ -4810,7 +4813,7 @@
CVE-2010-0545
RESERVED
CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- TODO: check
+ - webkit <undetermined>
CVE-2010-0543
RESERVED
CVE-2010-0542
More information about the Secure-testing-commits
mailing list