[Secure-testing-commits] r14668 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue May 11 03:19:20 UTC 2010
Author: gilbert-guest
Date: 2010-05-11 03:19:19 +0000 (Tue, 11 May 2010)
New Revision: 14668
Modified:
data/CVE/list
Log:
NFUs and various new issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-05-10 23:33:03 UTC (rev 14667)
+++ data/CVE/list 2010-05-11 03:19:19 UTC (rev 14668)
@@ -263,19 +263,20 @@
CVE-2010-1724 (Multiple cross-site scripting (XSS) vulnerabilities in Zikula ...)
NOT-FOR-US: Zikula Application Framework
CVE-2009-4841 (Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: Roxio CinePlayer
CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: Roxio CinePlayer
CVE-2009-4839 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...)
- TODO: check
+ NOT-FOR-US: Basic Analysis Security Engine (BASE)
CVE-2009-4838 (SQL injection vulnerability in base_ag_common.php in Basic Analysis ...)
- TODO: check
+ NOT-FOR-US: Basic Analysis Security Engine (BASE)
CVE-2009-4837 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...)
- TODO: check
+ NOT-FOR-US: Basic Analysis and Security Engine (BASE)
CVE-2009-4836 (Eval injection vulnerability in system/services/init.php in Movie PHP ...)
- TODO: check
+ NOT-FOR-US: Movie PHP Script
CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, ...)
- TODO: check
+ - libsndfile <unfixed> (unimportant; bug #530831)
+ NOTE: application crash only, so not security-relevant
CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw ...)
NOT-FOR-US: com_drawroot component for joomla!
CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) ...)
@@ -301,7 +302,7 @@
CVE-2010-1712 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Webmobo WB News
CVE-2010-1711 (Cross-site scripting (XSS) vulnerability in carga_foto_al.php in ...)
- TODO: check
+ NOT-FOR-US: Siestta
CVE-2010-1710 (Directory traversal vulnerability in login.php in Siestta 2.0, when ...)
NOT-FOR-US: Siestta
CVE-2010-1709 (Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in ...)
@@ -396,8 +397,10 @@
- chromium-browser <undetermined>
TODO: check
CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 ...)
+ - chromium-browser <undetermined>
TODO: check
CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google ...)
+ - chromium-browser <undetermined>
TODO: check
CVE-2010-1662 (Cross-site scripting (XSS) vulnerability in acpmoderate.php in ...)
NOT-FOR-US: PHP-Quick-Arcade
@@ -567,15 +570,16 @@
CVE-2010-1588 (SQL injection vulnerability in the Getwebsess function in ...)
NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1587 (The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and ...)
- TODO: check
+ NOT-FOR-US: Apache ActiveMQ
CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management ...)
NOT-FOR-US: HP System Management Homepage
CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in Mozilla Firefox ...)
+ - xulrunner <undetermined>
TODO: check
CVE-2010-1584
RESERVED
CVE-2010-1583 (SQL injection vulnerability in the loadByKey function in the ...)
- TODO: check
+ NOT-FOR-US: Tirzen Framework
CVE-2010-1582
RESERVED
CVE-2010-1581
@@ -635,7 +639,8 @@
CVE-2009-4825 (8pixel.net Blog 4 stores sensitive information under the web root with ...)
NOT-FOR-US: 8pixel.net Blog
CVE-2009-4824 (Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab ...)
- TODO: check
+ - kolab-webclient <undetermined>
+ NOTE: package only in experimental; claimed fixed in version 20091202, but not enough info to check
CVE-2009-4823 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: cPanel
CVE-2009-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
@@ -818,6 +823,7 @@
CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog) ...)
NOT-FOR-US: com_mmsblog component for joomla!
CVE-2009-4810 (The Secure Remote Password (SRP) implementation in Samhain before ...)
+ - samhain <undetermined>
TODO: check
CVE-2009-4809 (Directory traversal vulnerability in thumbnail.ghp in Easy File ...)
NOT-FOR-US: Easy File Sharing Web Server
@@ -1053,7 +1059,7 @@
CVE-2010-1439
RESERVED
CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames ...)
- TODO: check
+ - wafp <itp> (bug #562949)
CVE-2010-1437 [keyring issue]
RESERVED
- linux-2.6 <unfixed>
@@ -1071,8 +1077,10 @@
CVE-2010-1430
RESERVED
CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) ...)
+ - jbossas4 <undetermined>
TODO: check
CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss ...)
+ - jbossas4 <undetermined>
TODO: check
CVE-2010-1427 (Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin ...)
NOT-FOR-US: MODx Evolution
@@ -1396,7 +1404,7 @@
CVE-2010-1280
RESERVED
CVE-2010-1279 (Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x ...)
- TODO: check
+ NOT-FOR-US: Adobe Photoshop
CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in ...)
NOT-FOR-US: Adobe Download Manager
CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...)
@@ -1739,8 +1747,10 @@
[lenny] - nano <no-dsa> (minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4
CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...)
+ - perl <undetermined>
TODO: check
CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might ...)
+ - tomcat6 <undetermined>
TODO: check
CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to ...)
- irssi 0.8.15-1 (low)
@@ -1841,8 +1851,9 @@
CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...)
- TODO: check
+ - webkit <not-affected> (proof-of-concept not effective; windows-only?)
CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x allows remote ...)
+ - xulrunner <undetermined>
TODO: check
CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...)
NOT-FOR-US: IBM AIX
@@ -2077,6 +2088,8 @@
CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules ...)
NOT-FOR-US: HP-UX
CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function ...)
+ - webkit <not-affected> (proof-of-concept not effective)
+ - chromium-browser <undetermined>
TODO: check
CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate) ...)
NOT-FOR-US: travelmate extension for typo3
@@ -2167,7 +2180,7 @@
CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows ...)
NOT-FOR-US: e107
CVE-2010-0995 (Stack-based buffer overflow in Internet Download Manager (IDM) before ...)
- TODO: check
+ NOT-FOR-US: Internet Download Manager
CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library ...)
NOT-FOR-US: Visualization Library
CVE-2010-0993 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and ...)
@@ -3418,7 +3431,7 @@
CVE-2010-0595
RESERVED
CVE-2010-0594 (Cross-site scripting (XSS) vulnerability in Cisco Router and Security ...)
- TODO: check
+ NOT-FOR-US: Cisco Router and Security Device Manager
CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, ...)
NOT-FOR-US: Cisco RVS4000 Router
CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka ...)
@@ -3657,6 +3670,8 @@
CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...)
NOT-FOR-US: Apple Mail
CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X ...)
+ - freeradius <undetermined>
+ NOTE: very likely os X specific (problem in their default settings), but needs checked
TODO: check
CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types ...)
NOT-FOR-US: Apple Wiki Server
@@ -3861,7 +3876,7 @@
- openssl <not-affected> (Kerberos support not enabled)
NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5
CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open ...)
- TODO: check
+ NOT-FOR-US: Apache Open For Business Project (OFBiz)
CVE-2010-0431
RESERVED
CVE-2010-0430
@@ -5003,7 +5018,7 @@
CVE-2010-0102
RESERVED
CVE-2010-0101 (The embedded HTTP server in multiple Lexmark laser and inkjet printers ...)
- TODO: check
+ NOT-FOR-US: Lexmark printers and MarkNet devices
CVE-2010-0100
RESERVED
CVE-2010-0099
@@ -5641,7 +5656,7 @@
CVE-2010-0059 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...)
NOT-FOR-US: Apple CoreAudio
CVE-2010-0058 (freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update ...)
- TODO: check
+ - clamav <not-affected> (apple-specific configuration issue)
CVE-2010-0057 (AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use ...)
NOT-FOR-US: Apple AFP Server
CVE-2010-0056 (Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X ...)
More information about the Secure-testing-commits
mailing list