[Secure-testing-commits] r14611 - data/CVE

Kees Cook kees at alioth.debian.org
Thu May 6 01:12:36 UTC 2010


Author: kees
Date: 2010-05-06 01:12:31 +0000 (Thu, 06 May 2010)
New Revision: 14611

Modified:
   data/CVE/list
Log:
NFUs: 31

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-05-05 21:36:38 UTC (rev 14610)
+++ data/CVE/list	2010-05-06 01:12:31 UTC (rev 14611)
@@ -1,7 +1,7 @@
 CVE-2010-XXXX [gdomap file disclosure]
 	- gnustep-base-runtime <unfixed>
 	[lenny] - gnustep-base-runtime <not-affected> (Not installed setuid root)
-        NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
+	NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
 CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw ...)
 	TODO: check
 CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) ...)
@@ -125,11 +125,11 @@
 CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google ...)
 	TODO: check
 CVE-2010-1662 (Cross-site scripting (XSS) vulnerability in acpmoderate.php in ...)
-	TODO: check
+	NOT-FOR-US: PHP-Quick-Arcade
 CVE-2010-1661 (Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) ...)
-	TODO: check
+	NOT-FOR-US: PHP-Quick-Arcade
 CVE-2010-1660 (SQL injection vulnerability in help-details.php in CLScript ...)
-	TODO: check
+	NOT-FOR-US: CLScript Classifieds Script
 CVE-2010-1659 (Directory traversal vulnerability in the Ultimate Portfolio ...)
 	NOT-FOR-US: component for Joomla!
 CVE-2010-1658 (Directory traversal vulnerability in the Code-Garage NoticeBoard ...)
@@ -141,15 +141,15 @@
 CVE-2010-1655 (Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in ...)
 	NOT-FOR-US: PowerEasy
 CVE-2010-1654 (Multiple SQL injection vulnerabilities in system_member_login.php in ...)
-	TODO: check
+	NOT-FOR-US: Infocus Real Estate Enterprise Edition
 CVE-2010-1653 (Directory traversal vulnerability in graphics.php in the Graphics ...)
-	TODO: check
+	NOT-FOR-US: Graphics component for Joomla!
 CVE-2010-1652 (Directory traversal vulnerability in the HelpCenter module in Help ...)
-	TODO: check
+	NOT-FOR-US: Help Center Live
 CVE-2010-1651 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-1649
 	RESERVED
 CVE-2010-1648
@@ -211,45 +211,45 @@
 CVE-2010-1620
 	RESERVED
 CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere DataPower XML Accelerator
 CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 ...)
-	TODO: check
+	NOT-FOR-US: AlegroCart
 CVE-2010-1610 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
-	TODO: check
+	NOT-FOR-US: OpenCart
 CVE-2010-1609 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before ...)
-	TODO: check
+	NOT-FOR-US: SAP NetWeaver
 CVE-2010-1608 (Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Notes
 CVE-2010-1607 (Directory traversal vulnerability in wmi.php in the Webmoney Web ...)
-	TODO: check
+	NOT-FOR-US: Webmoney Web Merchant Interface component for Joomla!
 CVE-2010-1606 (Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal ...)
-	TODO: check
+	NOT-FOR-US: NCT Jobs Portal Script
 CVE-2010-1605 (Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs ...)
-	TODO: check
+	NOT-FOR-US: NCT Jobs Portal Script
 CVE-2010-1604 (Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs ...)
-	TODO: check
+	NOT-FOR-US: NCT Jobs Portal Script
 CVE-2010-1603 (Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or ...)
-	TODO: check
+	NOT-FOR-US: ZiMB Core component for Joomla!
 CVE-2010-1602 (Directory traversal vulnerability in the ZiMB Comment ...)
-	TODO: check
+	NOT-FOR-US: ZiMB Comment component for Joomla!
 CVE-2010-1601 (Directory traversal vulnerability in the JA Comment (com_jacomment) ...)
-	TODO: check
+	NOT-FOR-US: JA Comment component for Joomla!
 CVE-2010-1600 (SQL injection vulnerability in the Media Mall Factory (com_mediamall) ...)
-	TODO: check
+	NOT-FOR-US: Media Mall Factory component for Joomla!
 CVE-2010-1599 (SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and ...)
-	TODO: check
+	NOT-FOR-US: NKInFoWeb
 CVE-2010-1598 (phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ...)
-	TODO: check
+	NOT-FOR-US: phpThumb()
 CVE-2010-1597 (Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 ...)
-	TODO: check
+	NOT-FOR-US: ZipGenius
 CVE-2009-4834 (lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute ...)
 	TODO: check
 CVE-2009-4833 (MySQL Connector/NET before 6.0.4, when using encryption, does not ...)
-	TODO: check
+	NOT-FOR-US: MySQL Connector/NET
 CVE-2009-4832 (The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local ...)
-	TODO: check
+	NOT-FOR-US: DLPCryptCore
 CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates ...)
-	TODO: check
+	NOT-FOR-US: Cerulean Studios Trillian
 CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...)
 	- moodle <undetermined>
 	TODO: check
@@ -1651,7 +1651,7 @@
 CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended ...)
 	- arora <not-affected> (Advisory is wrong, URL range is protected by QUrl)
 CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when ...)
@@ -1878,7 +1878,7 @@
 CVE-2010-0998
 	RESERVED
 CVE-2010-0997 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows ...)
 	NOT-FOR-US: e107
 CVE-2010-0995
@@ -2539,7 +2539,7 @@
 CVE-2010-0818
 	RESERVED
 CVE-2010-0817 (Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft SharePoint Server
 CVE-2010-0816
 	RESERVED
 CVE-2010-0815
@@ -2726,7 +2726,7 @@
 	- texlive-bin <unfixed> (low)
 	[lenny] - texlive-bin <no-dsa> (minor issue)
 CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...)
-	TODO: check
+	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
 CVE-2010-0737
 	RESERVED
 CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform ...)




More information about the Secure-testing-commits mailing list