[Secure-testing-commits] r14725 - data/CVE
Pedro Ribeiro
pedrib-guest at alioth.debian.org
Sat May 22 01:51:48 UTC 2010
Author: pedrib-guest
Date: 2010-05-22 01:51:46 +0000 (Sat, 22 May 2010)
New Revision: 14725
Modified:
data/CVE/list
Log:
new issues with mydms,iceweasel plus a few NFUs and drupal not affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-05-21 21:14:47 UTC (rev 14724)
+++ data/CVE/list 2010-05-22 01:51:46 UTC (rev 14725)
@@ -1,41 +1,49 @@
CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...)
- TODO: check
+ - mydms <unfixed> (bug #582587; medium)
+ [lenny] - mydms <unfixed> (bug #582587; medium)
+ NOTE: seems to have changed name to letoDMS
CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS ...)
- TODO: check
+ - mydms <unfixed> (bug #582587; medium)
+ [lenny] - mydms <unfixed> (bug #582587; medium)
+ NOTE: seems to have changed name to letoDMS
CVE-2010-2005 (Multiple PHP remote file inclusion vulnerabilities in DataLife Engine ...)
- TODO: check
+ NOT-FOR-US: Datalife Engine
CVE-2010-2004 (Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 ...)
- TODO: check
+ NOT-FOR-US: BS.Player
CVE-2010-2003 (Cross-site scripting (XSS) vulnerability in misc/get_admin.php in ...)
- TODO: check
+ NOT-FOR-US: Advanced Poll
CVE-2010-2002 (Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x ...)
- TODO: check
+ - drupal6 <not-affected> (Vulnerable code not present)
CVE-2010-2001 (Cross-site scripting (XSS) vulnerability in the CiviRegister module ...)
- TODO: check
+ - drupal6 <not-affected> (Vulnerable code not present)
CVE-2010-2000 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...)
- TODO: check
+ - drupal6 <not-affected> (Vulnerable code not present)
CVE-2010-1999 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ...)
- TODO: check
+ NOT-FOR-US: OpenMairie Opencatalogue
CVE-2010-1998 (Cross-site scripting (XSS) vulnerability in the CCK TableField module ...)
- TODO: check
+ - drupal6 <not-affected> (Vulnerable code not present)
CVE-2010-1997 (Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus ...)
- TODO: check
+ NOT-FOR-US: Saurus CMS
CVE-2010-1996 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: Tomato CMS
CVE-2010-1995 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: Tomato CMS
CVE-2010-1994 (SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 ...)
- TODO: check
+ NOT-FOR-US: Tomato CMS
CVE-2010-1993 (Opera 9.52 does not properly handle an IFRAME element with a mailto: ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations ...)
- TODO: check
+ - chromium-browser <not-affected> (Linux version seems to be unaffected)
+ NOTE: http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en
+ NOTE: tested with Chromium, only seems to open 1 new window, but does not cause DoS
+ NOTE: might be better to re-test later
CVE-2010-1991 (Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1990 (Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, ...)
- TODO: check
+ - iceweasel <unfixed> (bug #582590; medium)
+ [lenny] - iceweasel <unfixed> (bug #582590; medium)
CVE-2010-1989 (Opera 9.52 executes a mail application in situations where an IMG ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2010-1988 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...)
TODO: check
CVE-2010-1987 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...)
More information about the Secure-testing-commits
mailing list