[Secure-testing-commits] r14679 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue May 11 23:21:12 UTC 2010
Author: gilbert-guest
Date: 2010-05-11 23:21:12 +0000 (Tue, 11 May 2010)
New Revision: 14679
Modified:
data/CVE/list
Log:
NFUs and new issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-05-11 22:31:12 UTC (rev 14678)
+++ data/CVE/list 2010-05-11 23:21:12 UTC (rev 14679)
@@ -5,103 +5,110 @@
CVE-2010-1869
RESERVED
CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...)
+ - php <undetermined>
TODO: check
CVE-2010-1867 (SQL injection vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Campsite
CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...)
+ - php <undetermined>
TODO: check
CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and ...)
- TODO: check
+ NOT-FOR-US: ClanSphere
CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...)
+ - php <undetermined>
TODO: check
CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...)
- TODO: check
+ NOT-FOR-US: ClanTiger
CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...)
+ - php <undetermined>
TODO: check
CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...)
+ - php <undetermined>
TODO: check
CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...)
+ - php <undetermined>
TODO: check
CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and ...)
- TODO: check
+ NOT-FOR-US: DeluxeBB
CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage (com_smestorage) ...)
- TODO: check
+ NOT-FOR-US: com_smestorage component for joomla!
CVE-2010-1857 (SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, ...)
- TODO: check
+ NOT-FOR-US: RepairShop2
CVE-2010-1856 (Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 ...)
- TODO: check
+ NOT-FOR-US: RepairShop2
CVE-2010-1855 (SQL injection vulnerability in auktion.php in Pay Per Watch & Bid ...)
- TODO: check
+ NOT-FOR-US: Pay Per Watch & Bid Auktions System
CVE-2010-1854 (Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per ...)
- TODO: check
+ NOT-FOR-US: Pay Per Watch & Bid Auktions System
CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse function ...)
- TODO: check
+ - transmission 1.92-1
CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension is ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled, uses ...)
- TODO: check
+ NOT-FOR-US: Invisible Hand extension for chromium
CVE-2009-4872 (Multiple SQL injection vulnerabilities in globepersonnel_login.asp in ...)
- TODO: check
+ NOT-FOR-US: Logoshows BBS
CVE-2009-4871 (SQL injection vulnerability in globepersonnel_forum.asp in Logoshows ...)
- TODO: check
+ NOT-FOR-US: Logoshows BBS
CVE-2009-4870 (Multiple SQL injection vulnerabilities in login.php in PHPCityPortal ...)
- TODO: check
+ NOT-FOR-US: PHPCityPortal
CVE-2009-4869 (Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest ...)
- TODO: check
+ NOT-FOR-US: Nasim Guest Book
CVE-2009-4868 (Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 ...)
- TODO: check
+ NOT-FOR-US: Hitron Soft Answer Me
CVE-2009-4867 (Buffer overflow in Tuniac 090517c allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Tuniac
CVE-2009-4866 (Cross-site scripting (XSS) vulnerability in search.cgi in Matt's ...)
- TODO: check
+ NOT-FOR-US: Matt's Script Archive (MSA) Simple Search
CVE-2009-4865 (Multiple SQL injection vulnerabilities in escorts_search.php in ...)
- TODO: check
+ NOT-FOR-US: I-Escorts Directory Script and Agency Script
CVE-2009-4864 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: I-Escorts Directory Script and Agency Script
CVE-2009-4863 (Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows ...)
- TODO: check
+ NOT-FOR-US: UltraPlayer Media Player
CVE-2009-4862 (Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote ...)
- TODO: check
+ NOT-FOR-US: Alwasel
CVE-2009-4861 (Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO ...)
- TODO: check
+ NOT-FOR-US: SupportPRO SupportDesk
CVE-2009-4860 (SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: Typing Pal
CVE-2009-4859 (Multiple cross-site scripting (XSS) vulnerabilities in Online Work ...)
- TODO: check
+ NOT-FOR-US: Online Work Order Suite (OWOS)
CVE-2009-4858 (Cross-site scripting (XSS) vulnerability in questiondetail.php in ...)
- TODO: check
+ NOT-FOR-US: Yahoo Answers Clone
CVE-2009-4857 (Cross-site scripting (XSS) vulnerability in login.php in PHP Photo ...)
- TODO: check
+ NOT-FOR-US: PHP Photo Vote
CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy ...)
- TODO: check
+ NOT-FOR-US: PHP Easy Shopping Cart
CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows remote ...)
+ - typo3 <undetermined>
TODO: check
CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: TalkBack
CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before ...)
- TODO: check
+ NOT-FOR-US: JumpBox
CVE-2009-4852 (Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle ...)
- TODO: check
+ NOT-FOR-US: SemanticScuttle
CVE-2009-4851 (The activation resend function in the Profiles module in XOOPS before ...)
- TODO: check
+ NOT-FOR-US: XOOPS
CVE-2009-4850 (The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote ...)
- TODO: check
+ NOT-FOR-US: Awingsoft Awakening Winds3D Viewer
CVE-2009-4849 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4848 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual ...)
- TODO: check
+ NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4847 (Deliantra Server before 2.82 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Deliantra Server
CVE-2009-4846 (Multiple buffer overflows in Deliantra Server before 2.82 allow remote ...)
- TODO: check
+ NOT-FOR-US: Deliantra Server
CVE-2009-4845 (The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 ...)
- TODO: check
+ NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4844 (ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to ...)
- TODO: check
+ NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4843 (ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require ...)
- TODO: check
+ NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4842 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual ...)
- TODO: check
+ NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2010-1850
RESERVED
CVE-2010-XXXX [serendipity xinha issue]
@@ -451,9 +458,9 @@
CVE-2010-1691
RESERVED
CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-1688
RESERVED
CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows ...)
@@ -798,7 +805,7 @@
CVE-2010-1550
RESERVED
CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 ...)
- TODO: check
+ NOT-FOR-US: HP LoadRunner
CVE-2010-1548
RESERVED
CVE-2010-1547
@@ -1121,7 +1128,7 @@
CVE-2010-1452
RESERVED
CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the ...)
- TODO: check
+ - linux-2.6 2.6.32-10
CVE-2010-1450
RESERVED
CVE-2010-1449
@@ -1591,7 +1598,6 @@
NOTE: http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27
CVE-2010-XXXX [dovecot wrong Mail dir permissions]
- dovecot 1:1.2.11-1 (low)
- TODO: check
NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
CVE-2010-XXXX [Linux ThinkPad video output status local DoS]
- linux-2.6 2.6.32-12 (bug #565790)
@@ -1891,7 +1897,7 @@
[lenny] - libnids <no-dsa> (Minor issue)
NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor
CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View (formerly ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...)
NOT-FOR-US: VMware products
CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...)
@@ -3603,7 +3609,6 @@
CVE-2010-XXXX [multiple mod_security issues]
- libapache-mod-security 2.5.12-1 (bug #569658)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455
- TODO: check
CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux kernel ...)
- linux-2.6 2.6.32-9
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
More information about the Secure-testing-commits
mailing list