[Secure-testing-commits] r14636 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sat May 8 04:26:38 UTC 2010
Author: gilbert-guest
Date: 2010-05-08 04:26:34 +0000 (Sat, 08 May 2010)
New Revision: 14636
Modified:
data/CVE/list
Log:
NFUs and some new issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-05-08 03:09:34 UTC (rev 14635)
+++ data/CVE/list 2010-05-08 04:26:34 UTC (rev 14636)
@@ -207,51 +207,61 @@
CVE-2010-1747
RESERVED
CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table JX ...)
- TODO: check
+ NOT-FOR-US: com_grid component for joomla!
CVE-2010-1745 (SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Campsite
CVE-2010-1744 (SQL injection vulnerability in product.html in B2B Gold Script allows ...)
- TODO: check
+ NOT-FOR-US: B2B Gold Script
CVE-2010-1743 (SQL injection vulnerability in projects.php in Scratcher allows remote ...)
- TODO: check
+ NOT-FOR-US: Scratcher
CVE-2010-1742 (Cross-site scripting (XSS) vulnerability in projects.php in Scratcher ...)
- TODO: check
+ NOT-FOR-US: Scratcher
CVE-2010-1741 (SQL injection vulnerability in request_account.php in Billwerx RC ...)
- TODO: check
+ NOT-FOR-US: Billwerx
CVE-2010-1740 (SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows ...)
- TODO: check
+ NOT-FOR-US: GuppY
CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component ...)
- TODO: check
+ NOT-FOR-US: com_newsfeeds component for joomla!
CVE-2010-1738 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...)
+ - lxr <undetermined>
+ - lxr-cvs <undetermined>
TODO: check
CVE-2010-1737 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Gallo
CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: KrM Haber
CVE-2010-1735 (The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-1734 (The SfnINSTRING function in win32k.sys in the kernel in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-1733 (Multiple SQL injection vulnerabilities in OCS Inventory NG before ...)
+ - ocsinventory-server <undetermined>
TODO: check
CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users module in ...)
- TODO: check
+ NOT-FOR-US: Zikula Application Framework
CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a ...)
- TODO: check
+ - chromium-browser <unfixed>
+ NOTE: various crashes on window close after opening the file on chromium (including sometimes segfaults)
+ NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause ...)
- TODO: check
+ - kdelibs <undetermined>
+ - kde4libs <undetermined>
+ NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...)
- TODO: check
+ - webkit <unfixed>
+ - qt4-x11 <undetermined>
+ NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
+ NOTE: dos-only on webkit
CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly handle a ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2010-1727 (SQL injection vulnerability in type.asp in JobPost 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: JobPost
CVE-2010-1726 (SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows ...)
- TODO: check
+ NOT-FOR-US: EC21
CVE-2010-1725 (SQL injection vulnerability in offers_buy.php in Alibaba Clone ...)
- TODO: check
+ NOT-FOR-US: Alibaba Clone Platinum
CVE-2010-1724 (Multiple cross-site scripting (XSS) vulnerabilities in Zikula ...)
- TODO: check
+ NOT-FOR-US: Zikula Application Framework
CVE-2009-4841 (Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in ...)
TODO: check
CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in ...)
@@ -267,51 +277,51 @@
CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, ...)
TODO: check
CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw ...)
- TODO: check
+ NOT-FOR-US: com_drawroot component for joomla!
CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) ...)
- TODO: check
+ NOT-FOR-US: com_market component for joomla!
CVE-2010-1721 (SQL injection vulnerability in the Intellectual Property (aka ...)
- TODO: check
+ NOT-FOR-US: com_iproperty component for joomla!
CVE-2010-1720 (SQL injection vulnerability in the Q-Personel (com_qpersonel) ...)
- TODO: check
+ NOT-FOR-US: com_qpersonel component for joomla!
CVE-2010-1719 (Directory traversal vulnerability in the MT Fire Eagle ...)
- TODO: check
+ NOT-FOR-US: com_mtfireeagle component for joomla!
CVE-2010-1718 (Directory traversal vulnerability in archeryscores.php in the Archery ...)
- TODO: check
+ NOT-FOR-US: com_archeryscores component for joomla!
CVE-2010-1717 (Directory traversal vulnerability in the iF surfALERT ...)
- TODO: check
+ NOT-FOR-US: com_if_surfalert component for joomla!
CVE-2010-1716 (SQL injection vulnerability in the Agenda Address Book (com_agenda) ...)
- TODO: check
+ NOT-FOR-US: com_agenda component for joomla!
CVE-2010-1715 (Directory traversal vulnerability in the Online Examination (aka ...)
- TODO: check
+ NOT-FOR-US: com_onlineexam component for joomla!
CVE-2010-1714 (Directory traversal vulnerability in the Arcade Games ...)
- TODO: check
+ NOT-FOR-US: com_arcadegames component for joomla!
CVE-2010-1713 (SQL injection vulnerability in modules.php in PostNuke 0.764 allows ...)
- TODO: check
+ NOT-FOR-US: PostNuke
CVE-2010-1712 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Webmobo WB News
CVE-2010-1711 (Cross-site scripting (XSS) vulnerability in carga_foto_al.php in ...)
TODO: check
CVE-2010-1710 (Directory traversal vulnerability in login.php in Siestta 2.0, when ...)
- TODO: check
+ NOT-FOR-US: Siestta
CVE-2010-1709 (Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in ...)
- TODO: check
+ NOT-FOR-US: G5-Scripts
CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free ...)
- TODO: check
+ NOT-FOR-US: Free Realty
CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
- TODO: check
+ NOT-FOR-US: Piwigo
CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Auction Script
CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows ...)
- TODO: check
+ NOT-FOR-US: Modelbook
CVE-2010-1704 (Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Polls Script
CVE-2010-1703 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Polls Script
CVE-2010-1702 (SQL injection vulnerability in submitticket.php in WHMCompleteSolution ...)
- TODO: check
+ NOT-FOR-US: WHMCompleteSolution
CVE-2010-1701 (SQL injection vulnerability in browse.html in PHP Video Battle Script ...)
- TODO: check
+ NOT-FOR-US: PHP Video Battle Script
CVE-2010-1700
RESERVED
CVE-2010-1699
@@ -339,11 +349,11 @@
CVE-2010-1688
RESERVED
CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows ...)
- TODO: check
+ NOT-FOR-US: Mocha W32 LPD
CVE-2010-1686 (Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC ...)
- TODO: check
+ NOT-FOR-US: Urgent Backup
CVE-2010-1685 (Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows ...)
- TODO: check
+ NOT-FOR-US: CursorArts ZipWrangler
CVE-2010-1684
RESERVED
CVE-2010-1683
@@ -351,7 +361,7 @@
CVE-2010-1682
RESERVED
CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office Visio
CVE-2010-1680
RESERVED
CVE-2010-1679
@@ -383,6 +393,7 @@
CVE-2010-1666
RESERVED
CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, ...)
+ - chromium-browser <undetermined>
TODO: check
CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 ...)
TODO: check
More information about the Secure-testing-commits
mailing list