[Secure-testing-commits] r14255 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Fri Mar 12 04:36:14 UTC 2010
Author: gilbert-guest
Date: 2010-03-12 04:36:13 +0000 (Fri, 12 Mar 2010)
New Revision: 14255
Modified:
data/CVE/list
Log:
NFUs; openssl issue got a CVE id
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-12 04:16:02 UTC (rev 14254)
+++ data/CVE/list 2010-03-12 04:36:13 UTC (rev 14255)
@@ -2,37 +2,37 @@
- moin 1.8.4-1 (low)
NOTE: http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
CVE-2010-0962 (The FTP proxy server in Apple AirPort Express, AirPort Extreme, and ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2010-0961 (Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and ...)
- TODO: check
+ NOT-FOR-US: IBM AIX and VIOS
CVE-2010-0960 (Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and ...)
- TODO: check
+ NOT-FOR-US: IBM AIX and VIOS
CVE-2010-0959 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: IBM ENOVIA SmarTeam
CVE-2010-0958 (Directory traversal vulnerability in modules/hayoo/index.php in ...)
- TODO: check
+ NOT-FOR-US: Tribisur
CVE-2010-0957 (Directory traversal vulnerability in content.php in Saskia's ...)
- TODO: check
+ NOT-FOR-US: Saskia's Shopsystem
CVE-2010-0956 (SQL injection vulnerability in index.php in OpenCart 1.3.2 allows ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2010-0955 (SQL injection vulnerability in index.php in Bild Flirt Community 2.0 ...)
- TODO: check
+ NOT-FOR-US: Bild Flirt Community
CVE-2010-0954 (SQL injection vulnerability in search_result.asp in Pre Projects Pre ...)
- TODO: check
+ NOT-FOR-US: Pre Projects Pre E-Learning Portal
CVE-2010-0953 (Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows ...)
- TODO: check
+ NOT-FOR-US: phpCOIN
CVE-2010-0952 (SQL injection vulnerability in index.php in OneCMS 2.5, when ...)
- TODO: check
+ NOT-FOR-US: OneCMS
CVE-2010-0951 (SQL injection vulnerability in go_target.php in dev4u CMS allows ...)
- TODO: check
+ NOT-FOR-US: dev4u CMS
CVE-2010-0950 (Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote ...)
- TODO: check
+ NOT-FOR-US: Natychmiast CMS
CVE-2010-0949 (Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS ...)
- TODO: check
+ NOT-FOR-US: Natychmiast CMS
CVE-2010-0948 (SQL injection vulnerability in profil.php in Bigforum 4.5, when ...)
- TODO: check
+ NOT-FOR-US: Bigforum
CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max Network ...)
- TODO: check
+ NOT-FOR-US: BBSMAX
CVE-2009-4697 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
TODO: check
CVE-2009-4696 (SQL injection vulnerability in index.php in RadNICS Gold 5 allows ...)
@@ -114,7 +114,10 @@
- phpbb3 <not-affected> (older version is in the archive)
NOTE: http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195
CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx ...)
- TODO: check
+ - openssl <unfixed> (unimportant)
+ NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
+ NOTE: somewhat impractical right now, but the openssl developers are working
+ NOTE: on a fix just in case
CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...)
- samba 2:3.5.1~dfsg-1 (low; bug #568493; bug #572953)
[lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications)
@@ -421,11 +424,6 @@
CVE-2010-XXXX [linux-ftpd: null ptr dereference]
- linux-ftpd <unfixed> (low; bug #572813)
[lenny] - linux-ftpd <no-dsa> (Minor issue)
-CVE-2010-XXXX [openssl power supply fluctuation fault-based key disclosure]
- - openssl <unfixed> (unimportant)
- NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
- NOTE: somewhat impractical right now, but the openssl developers are working
- NOTE: on a fix just in case
CVE-2010-0824
RESERVED
CVE-2010-0823
@@ -463,7 +461,7 @@
CVE-2010-0807
RESERVED
CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0805
RESERVED
CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 ...)
@@ -1410,7 +1408,7 @@
CVE-2010-0448
RESERVED
CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Performance Insight
CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with ...)
NOT-FOR-US: HP DreamScreen
CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, ...)
@@ -1485,7 +1483,7 @@
{DSA-2010-1}
TODO: check
CVE-2010-0418 (The web interface in chumby one before 1.0.4 and chumby classic before ...)
- TODO: check
+ NOT-FOR-US: Chumby device's web interface
CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and ...)
NOT-FOR-US: RealPlayer/Helix Player
CVE-2010-0416 (Buffer overflow in the Unescape function in common/util/hxurl.cpp and ...)
@@ -2054,23 +2052,23 @@
CVE-2010-0266
RESERVED
CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Movie Maker
CVE-2010-0264 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2010-0263 (Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2010-0262 (Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2010-0259
RESERVED
CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2010-0256
RESERVED
CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...)
@@ -2520,7 +2518,7 @@
CVE-2010-0104
RESERVED
CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger software ...)
- TODO: check
+ NOT-FOR-US: Energizer DUO USB Battery Charger Software
CVE-2010-0102
RESERVED
CVE-2010-0101
More information about the Secure-testing-commits
mailing list