[Secure-testing-commits] r28910 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Sep 19 07:16:05 UTC 2014
Author: carnil
Date: 2014-09-19 07:16:05 +0000 (Fri, 19 Sep 2014)
New Revision: 28910
Modified:
data/CVE/list
Log:
Cleanup: remove trailing whitespaces in entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-19 07:13:34 UTC (rev 28909)
+++ data/CVE/list 2014-09-19 07:16:05 UTC (rev 28910)
@@ -3219,7 +3219,7 @@
- wordpress 3.9.2+dfsg-1 (bug #757312)
[wheezy] - wordpress <not-affected> (Vulnerable code not present)
[squeeze] - wordpress <not-affected> (Vulnerable code not present)
- NOTE: https://core.trac.wordpress.org/changeset/29389
+ NOTE: https://core.trac.wordpress.org/changeset/29389
CVE-2014-3528 (Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before ...)
- subversion 1.8.10-1 (low)
[squeeze] - subversion <no-dsa> (Minor issue)
@@ -3834,7 +3834,7 @@
{DSA-2992-1}
- linux 3.14.13-1
- linux-2.6 <removed>
- NOTE: upstream commit: https://git.kernel.org/linus/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
+ NOTE: upstream commit: https://git.kernel.org/linus/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
CVE-2014-4942 (The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows ...)
NOT-FOR-US: WordPress plugin
CVE-2014-4941 (Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) ...)
@@ -6851,7 +6851,7 @@
- libvirt <unfixed>
[squeeze] - libvirt <not-affected> (Vulnerable code introduced in v0.9.8)
NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
- NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=eca96694a7f992be633d48d5ca03cedc9bbc3c9a (v0.9.8)
+ NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=eca96694a7f992be633d48d5ca03cedc9bbc3c9a (v0.9.8)
CVE-2014-3632
RESERVED
- neutron <unfixed>
@@ -7084,9 +7084,9 @@
CVE-2014-3556 [SMTP STARTTLS plaintext injection flaw]
RESERVED
- nginx 1.6.1-1 (bug #757196)
- [wheezy] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
+ [wheezy] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
[squeeze] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
- NOTE: fixed in nginx 1.7.4, 1.6.1
+ NOTE: fixed in nginx 1.7.4, 1.6.1
CVE-2014-3555 (OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno ...)
- neutron 2014.1.1-3 (bug #755134)
CVE-2014-3554 (Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp ...)
@@ -8708,7 +8708,7 @@
NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194
CVE-2014-3111
RESERVED
- NOT-FOR-US: fog cloning solution, not in Debian
+ NOT-FOR-US: fog cloning solution, not in Debian
CVE-2014-2985
RESERVED
CVE-2014-2984
@@ -9169,17 +9169,17 @@
CVE-2014-2789 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2788 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2787 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2786 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2785 (Microsoft Internet Explorer 7 allows remote attackers to execute ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2784 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2783 (Microsoft Internet Explorer 7 through 11 does not prevent use of ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2782 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2781 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
@@ -9717,7 +9717,7 @@
CVE-2014-2614 (Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and ...)
NOT-FOR-US: HP SiteScope
CVE-2014-2613 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...)
- NOT-FOR-US: HP Release Control
+ NOT-FOR-US: HP Release Control
CVE-2014-2612 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...)
NOT-FOR-US: HP Release Control
CVE-2014-2611 (Directory traversal vulnerability in the fndwar web application in HP ...)
@@ -10992,7 +10992,7 @@
RESERVED
CVE-2014-2099 (The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- - libav <not-affected> (Vulnerable code not present)
+ - libav <not-affected> (Vulnerable code not present)
NOTE: [Anton] appears to not be present in any version of libav
CVE-2014-2098 (libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect ...)
- ffmpeg <not-affected> (Vulnerable code not present)
@@ -11227,7 +11227,7 @@
NOTE: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
- wordpress 3.9.2+dfsg-1 (bug #757312)
- NOTE: https://core.trac.wordpress.org/changeset/29390
+ NOTE: https://core.trac.wordpress.org/changeset/29390
CVE-2014-2052
RESERVED
- owncloud 6.0.2+dfsg-1
@@ -13433,19 +13433,19 @@
CVE-2014-1370 (The byte-swapping implementation in copyfile in Apple OS X before ...)
NOT-FOR-US: Apple
CVE-2014-1369 (WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows ...)
- NOT-FOR-US: WebKit
+ NOT-FOR-US: WebKit
CVE-2014-1368 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
- NOT-FOR-US: WebKit
+ NOT-FOR-US: WebKit
CVE-2014-1367 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
- NOT-FOR-US: WebKit
+ NOT-FOR-US: WebKit
CVE-2014-1366 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
- NOT-FOR-US: WebKit
+ NOT-FOR-US: WebKit
CVE-2014-1365 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
- NOT-FOR-US: WebKit
+ NOT-FOR-US: WebKit
CVE-2014-1364 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
- NOT-FOR-US: WebKit
+ NOT-FOR-US: WebKit
CVE-2014-1363 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
- NOT-FOR-US: WebKit
+ NOT-FOR-US: WebKit
CVE-2014-1362 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
NOT-FOR-US: WebKit
CVE-2014-1361 (Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, ...)
@@ -13537,7 +13537,7 @@
CVE-2014-1318 (The Intel Graphics Driver in Apple OS X through 10.9.2 does not ...)
NOT-FOR-US: Apple
CVE-2014-1317 (iBooks Commerce in Apple OS X before 10.9.4 places Apple ID ...)
- NOT-FOR-US: Apple
+ NOT-FOR-US: Apple
CVE-2014-1316 (Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers ...)
NOT-FOR-US: Apple
CVE-2014-1315 (Format string vulnerability in CoreServicesUIAgent in Apple OS X ...)
@@ -14487,11 +14487,11 @@
CVE-2014-0730 (Cisco Unified Computing System (UCS) Central Software 1.1 and earlier ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2014-0729 (SQL injection vulnerability in the Enterprise Mobility Application ...)
- NOT-FOR-US: Cisco Unified Communications Manager
+ NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0728 (SQL injection vulnerability in the Java database interface in Cisco ...)
- NOT-FOR-US: Cisco Unified Communications Manager
+ NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0727 (SQL injection vulnerability in the CallManager Interactive Voice ...)
- NOT-FOR-US: Cisco Unified Communications Manager
+ NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0726 (SQL injection vulnerability in the IP Manager Assistant (IPMA) ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0725 (Cisco Unified Communications Manager (UCM) does not require ...)
@@ -15341,7 +15341,7 @@
- openjdk-6 6b31-1.13.3-1
CVE-2014-0459 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
{DSA-2923-1 DSA-2912-1}
- - lcms <unfixed>
+ - lcms <unfixed>
[squeeze] - lcms <no-dsa> (Minor issue)
[wheezy] - lcms <no-dsa> (Minor issue)
- lcms2 2.6-1 (low; bug #745471)
@@ -16737,7 +16737,7 @@
NOTE: fixed as part of https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0
- php5 5.6.0~beta4+dfsg-1
[squeeze] - php5 5.3.3-7+squeeze21
- NOTE: https://bugs.php.net/bug.php?id=67326
+ NOTE: https://bugs.php.net/bug.php?id=67326
CVE-2014-0206 (Array index error in the aio_read_events_ring function in fs/aio.c in ...)
- linux 3.14.10-1
[wheezy] - linux <not-affected> (introduced by a31ad380bed817aa25f8830ad23e1a0480fef797)
@@ -18641,7 +18641,7 @@
CVE-2013-6471
RESERVED
CVE-2013-6470 (The default configuration in the standalone controller quickstack ...)
- NOT-FOR-US: openstack foreman-installer
+ NOT-FOR-US: openstack foreman-installer
CVE-2013-6469 (JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows ...)
NOT-FOR-US: JBoss SOA RTgov
CVE-2013-6468 (JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM ...)
@@ -21325,9 +21325,9 @@
CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the ...)
NOT-FOR-US: IBM DB2 and DB2 Connect
CVE-2013-5465 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, ...)
- NOT-FOR-US: IBM Maximo Asset Management
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5464 (IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 ...)
- NOT-FOR-US: IBM Maximo Asset Management
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5463 (The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-5462 (IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM ...)
@@ -22379,7 +22379,7 @@
CVE-2013-4945 (Multiple SQL injection vulnerabilities in BMC Service Desk Express ...)
NOT-FOR-US: BMC Service Desk Express
CVE-2013-4944 (Cross-site scripting (XSS) vulnerability in the BuddyPress Extended ...)
- NOT-FOR-US: BuddyPress
+ NOT-FOR-US: BuddyPress
CVE-2013-4943 (The client application in Siemens COMOS before 9.1 Update 458, 9.2 ...)
NOT-FOR-US: Siemens COMOS
CVE-2013-4942 (Cross-site scripting (XSS) vulnerability in flashuploader.swf in the ...)
@@ -22934,7 +22934,7 @@
NOT-FOR-US: SEO Pack for tt_news extension for TYPO3
CVE-2013-4718 [XSS]
RESERVED
- NOT-FOR-US: OTRS ITSM
+ NOT-FOR-US: OTRS ITSM
CVE-2013-4717 [SQL injection]
RESERVED
{DSA-2733-1}
@@ -23653,17 +23653,17 @@
- subversion 1.7.14-1 (bug #730541; unimportant)
NOTE: Not built in the binary packages
CVE-2013-4504 (The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote ...)
- NOT-FOR-US: Drupal contrib module
+ NOT-FOR-US: Drupal contrib module
CVE-2013-4503 (Cross-site scripting (XSS) vulnerability in the Feed Element Mapper ...)
- NOT-FOR-US: Drupal contrib module
+ NOT-FOR-US: Drupal contrib module
CVE-2013-4502 (The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before ...)
- NOT-FOR-US: Drupal contrib module
+ NOT-FOR-US: Drupal contrib module
CVE-2013-4501 (The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal ...)
- NOT-FOR-US: Drupal contrib module
+ NOT-FOR-US: Drupal contrib module
CVE-2013-4500 (The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote ...)
- NOT-FOR-US: Drupal contrib module
+ NOT-FOR-US: Drupal contrib module
CVE-2013-4499 (Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x ...)
- NOT-FOR-US: Drupal contrib module
+ NOT-FOR-US: Drupal contrib module
CVE-2013-4498 (The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 ...)
NOT-FOR-US: Drupal contrib module
CVE-2013-4497 (The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and ...)
@@ -24325,7 +24325,7 @@
CVE-2013-4312
RESERVED
CVE-2013-4311 (libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...)
- - libvirt <unfixed> (unimportant)
+ - libvirt <unfixed> (unimportant)
NOTE: polkit support not activated in Debian build, will be fixed in point update
CVE-2013-4310 (Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1)
@@ -24349,7 +24349,7 @@
- mediawiki 1:1.19.8+dfsg-1 (unimportant)
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=52746
- NOTE: IE6 lacks so many security features that this doesn't matter
+ NOTE: IE6 lacks so many security features that this doesn't matter
CVE-2013-4302 ((1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ...)
{DSA-2753-1}
- mediawiki 1:1.19.8+dfsg-1
@@ -24803,7 +24803,7 @@
CVE-2013-4166 [problem in GPG key selection when encrypting mail]
RESERVED
- evolution <unfixed> (unimportant)
- NOTE: Regular UI bug, not a security issue.
+ NOTE: Regular UI bug, not a security issue.
CVE-2013-4165 (The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 ...)
- bitcoin 0.8.4-1 (bug #717828)
NOTE: https://github.com/bitcoin/bitcoin/issues/2838
@@ -25023,7 +25023,7 @@
{DSA-2723-1}
- php5 5.5.0+dfsg-15 (bug #717139)
CVE-2013-4112 (The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and ...)
- - libjgroups-java 2.12.2.Final-4 (bug #717031)
+ - libjgroups-java 2.12.2.Final-4 (bug #717031)
[wheezy] - libjgroups-java <no-dsa> (Minor issue)
[squeeze] - libjgroups-java <no-dsa> (Minor issue)
NOTE: libjgroups-java/2.12.2.Final-4 disables diagnostic probing by default
@@ -26167,7 +26167,7 @@
CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed ...)
NOT-FOR-US: McAfee
CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate ...)
- NOT-FOR-US: Attachmate Verastream Host Integrator
+ NOT-FOR-US: Attachmate Verastream Host Integrator
CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 ...)
NOT-FOR-US: Baramundi Management Suite
CVE-2013-3624 (The OS deployment feature in Baramundi Management Suite 7.5 through ...)
@@ -27862,7 +27862,7 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2013-2886 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2732-1}
- - chromium-browser 28.0.1500.95-1
+ - chromium-browser 28.0.1500.95-1
[squeeze] - chromium-browser <end-of-life>
CVE-2013-2885 (Use-after-free vulnerability in Google Chrome before 28.0.1500.95 ...)
{DSA-2732-1}
@@ -28835,7 +28835,7 @@
CVE-2013-2507 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother ...)
NOT-FOR-US: Brother
CVE-2013-2506 (app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before ...)
- NOT-FOR-US: Spree
+ NOT-FOR-US: Spree
CVE-2012-6535 (DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, ...)
{DSA-2844-1}
- djvulibre 3.5.25.3-1
@@ -29614,7 +29614,7 @@
- linux-2.6 <removed> (low)
- linux <not-affected> (openvz flavour no longer included after Squeeze)
CVE-2013-2238 (Multiple buffer overflows in the switch_perform_substitution function ...)
- - freeswitch <itp> (bug #389591)
+ - freeswitch <itp> (bug #389591)
CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux ...)
{DSA-2766-1 DSA-2745-1}
- linux-2.6 <removed> (low)
@@ -29756,7 +29756,7 @@
RESERVED
NOT-FOR-US: Login Security Drupal contributed module
CVE-2013-2197 (The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before ...)
- NOT-FOR-US: Login Security Drupal contributed module
+ NOT-FOR-US: Login Security Drupal contributed module
CVE-2013-2196 (Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen ...)
{DSA-3006-1}
- xen 4.3.0-1
@@ -29841,7 +29841,7 @@
- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2172 (jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache ...)
- libxml-security-java 1.5.5-2 (bug #720375)
- NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
+ NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
CVE-2013-2171 (The vm_map_lookup function in sys/vm/vm_map.c in the mmap ...)
{DSA-2714-1}
- kfreebsd-9 9.0-12 (bug #712664)
@@ -30721,7 +30721,7 @@
NOTE: https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
NOTE: http://marc.info/?l=oss-security&m=136499182131283&w=2
CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in ...)
- - eglibc 2.17-2 (low; bug #704623)
+ - eglibc 2.17-2 (low; bug #704623)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X ...)
@@ -31034,7 +31034,7 @@
CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications form in ...)
NOT-FOR-US: Katello
CVE-2013-1822 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x ...)
- - owncloud <not-affected> (owncloud stable4 (4.0.x) is not affected)
+ - owncloud <not-affected> (owncloud stable4 (4.0.x) is not affected)
NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/
NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...)
@@ -31083,7 +31083,7 @@
CVE-2013-1809 [Gambas creates hijackable directory in /tmp]
RESERVED
- gambas3 3.5.1-1 (low; bug #702184)
- - gambas2 <removed>
+ - gambas2 <removed>
[wheezy] - gambas3 <no-dsa> (Minor issue)
[squeeze] - gambas2 <no-dsa> (Minor issue)
NOTE: https://code.google.com/p/gambas/issues/detail?id=365
@@ -31565,7 +31565,7 @@
{DSA-2720-1 DSA-2716-1}
- iceweasel 17.0.7esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31574,7 +31574,7 @@
{DSA-2720-1 DSA-2716-1}
- iceweasel 17.0.7esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31583,7 +31583,7 @@
{DSA-2720-1 DSA-2716-1}
- iceweasel 17.0.7esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31594,7 +31594,7 @@
{DSA-2720-1 DSA-2716-1}
- iceweasel 17.0.7esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31608,7 +31608,7 @@
{DSA-2720-1 DSA-2716-1}
- iceweasel 17.0.7esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31617,7 +31617,7 @@
{DSA-2720-1 DSA-2716-1}
- iceweasel 17.0.7esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31626,7 +31626,7 @@
{DSA-2720-1 DSA-2716-1}
- iceweasel 17.0.7esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31635,7 +31635,7 @@
{DSA-2720-1 DSA-2716-1}
- iceweasel 17.0.7esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31648,7 +31648,7 @@
{DSA-2720-1 DSA-2716-1}
- iceweasel 17.0.7esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31657,7 +31657,7 @@
{DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31666,7 +31666,7 @@
{DSA-2720-1 DSA-2699-1}
[squeeze] - iceweasel <end-of-life>
- iceweasel 17.0.6esr-1
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31675,7 +31675,7 @@
{DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31684,7 +31684,7 @@
{DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31693,7 +31693,7 @@
{DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31702,7 +31702,7 @@
{DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31711,7 +31711,7 @@
{DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31720,7 +31720,7 @@
{DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31737,7 +31737,7 @@
{DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- - icedove 17.0.7-1
+ - icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <removed>
[squeeze] - iceape <end-of-life>
@@ -31802,7 +31802,7 @@
CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...)
- limesurvey <itp> (bug #472802)
CVE-2013-1656 (Spree Commerce 1.0.x through 1.3.2 allow remote authenticated ...)
- NOT-FOR-US: Spree
+ NOT-FOR-US: Spree
CVE-2013-1655 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby ...)
{DSA-2643-1}
- puppet 2.7.18-3
@@ -35675,7 +35675,7 @@
- linux 3.2.39-1
- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-0312 (389 Directory Server before 1.3.0.4 allows remote attackers to cause a ...)
- - 389-ds-base 1.3.0.3-1
+ - 389-ds-base 1.3.0.3-1
CVE-2013-0311 (The translate_desc function in drivers/vhost/vhost.c in the Linux ...)
- linux 3.2.41-1
- linux-2.6 <not-affected> (Vulnerable code not present)
@@ -35956,7 +35956,7 @@
- linux 3.2.39-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48
- NOTE: was actually fixed in 2.6.32-46squeeze1 but upload was done and no DSA was released for that version.
+ NOTE: was actually fixed in 2.6.32-46squeeze1 but upload was done and no DSA was released for that version.
CVE-2013-0227 (Cross-site scripting (XSS) vulnerability in the Search API Sorts ...)
NOT-FOR-US: Drupal addon
CVE-2013-0226 (The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal ...)
@@ -40097,7 +40097,7 @@
CVE-2012-4960 (The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, ...)
NOT-FOR-US: Huawei devices
CVE-2012-4959 (Directory traversal vulnerability in NFRAgent.exe in Novell File ...)
- NOT-FOR-US: Novell File Reporter
+ NOT-FOR-US: Novell File Reporter
CVE-2012-4958 (Directory traversal vulnerability in NFRAgent.exe in Novell File ...)
NOT-FOR-US: Novell File Reporter
CVE-2012-4957 (Absolute path traversal vulnerability in NFRAgent.exe in Novell File ...)
@@ -40979,9 +40979,9 @@
CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and ...)
NOT-FOR-US: Tunnelblick
CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...)
- NOT-FOR-US: PluXml
+ NOT-FOR-US: PluXml
CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...)
- NOT-FOR-US: PluXml
+ NOT-FOR-US: PluXml
CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...)
NOT-FOR-US: Neoinvoice
CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...)
@@ -41245,7 +41245,7 @@
CVE-2011-5117 (Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, ...)
NOT-FOR-US: Sophos SafeGuard
CVE-2011-5116 (SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, ...)
- NOT-FOR-US: SetSeed CMS
+ NOT-FOR-US: SetSeed CMS
CVE-2011-5115 (Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and ...)
NOT-FOR-US: DLguard
CVE-2011-5114 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -42348,7 +42348,7 @@
CVE-2012-4225 (NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows ...)
- nvidia-graphics-drivers 304.37-1 (bug #684781)
- nvidia-graphics-drivers-legacy-173xx 173.14.35-3
- [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze2
+ [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze2
[squeeze] - nvidia-graphics-drivers-legacy-173xx <no-dsa> (Non-free not supported)
NOTE: http://seclists.org/fulldisclosure/2012/Aug/4
NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
@@ -42563,7 +42563,7 @@
CVE-2012-4178 (SQL injection vulnerability in spywall/includes/deptUploads_data.php ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-4177 (The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote ...)
- NOT-FOR-US: Ubisoft Uplay PC
+ NOT-FOR-US: Ubisoft Uplay PC
CVE-2012-4176 (Array index error in Adobe Shockwave Player before 11.6.8.638 allows ...)
NOT-FOR-US: Adobe Shockwave
CVE-2012-4175 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
@@ -42942,7 +42942,7 @@
CVE-2012-4006 (The GREE application before 1.4.0, GREE Tanken Dorirando application ...)
NOT-FOR-US: GREE application for Android
CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android does not ...)
- NOT-FOR-US: NHN Japan NAVER LINE
+ NOT-FOR-US: NHN Japan NAVER LINE
CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile ...)
NOT-FOR-US: Sleipnir Mobile
CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT ...)
@@ -43525,11 +43525,11 @@
CVE-2012-3793 (Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ...)
NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3792 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...)
- NOT-FOR-US: Pro-face WinGP PC Runtime
+ NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3791 (Multiple SQL injection vulnerabilities in Simple Web Content ...)
NOT-FOR-US: Simple Web Content Management System
CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in Adiscon ...)
- NOT-FOR-US: Adiscon LogAnalyzer
+ NOT-FOR-US: Adiscon LogAnalyzer
CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...)
- openssl 0.9.8a-1 (bug #684527)
NOTE: fips version not used in Debian
@@ -44101,7 +44101,7 @@
[squeeze] - dbus 1.2.24-4+squeeze2
- glib2.0 2.33.12+really2.32.4-2
[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
- NOTE: fixed in 2.34.0-1 from experimental
+ NOTE: fixed in 2.34.0-1 from experimental
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=697105
NOTE: http://stealth.openwall.net/null/dzug.c
@@ -44177,7 +44177,7 @@
- tinyproxy 1.8.3-3 (bug #685281)
NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
CVE-2012-3504 (The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 ...)
- NOT-FOR-US: genkey script from Red Hat, not present in Debian
+ NOT-FOR-US: genkey script from Red Hat, not present in Debian
CVE-2012-3503 (The installation script in Katello 1.0 and earlier does not properly ...)
NOT-FOR-US: Katello
CVE-2012-3502 (The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp ...)
@@ -44487,7 +44487,7 @@
CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...)
- eglibc 2.13-35 (low; bug #681473)
[squeeze] - eglibc <no-dsa> (Minor issue)
- NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=13446
+ NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=13446
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833704
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1d498daa95384e5c9ad5bcb35e7a996e5869ac39
@@ -44496,7 +44496,7 @@
CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...)
- eglibc 2.13-35 (low; bug #681473)
[squeeze] - eglibc <no-dsa> (Minor issue)
- NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445
+ NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=84a4211850e3d23a9d3a4f3b294752a3b30bc0ff
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
@@ -46531,13 +46531,13 @@
CVE-2012-2588
RESERVED
CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic ...)
- NOT-FOR-US: AfterLogic MailSuite Pro
+ NOT-FOR-US: AfterLogic MailSuite Pro
CVE-2012-2586 (Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq ...)
NOT-FOR-US: Mailtraq
CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon ...)
- NOT-FOR-US: Alt-N MDaemon Free
+ NOT-FOR-US: Alt-N MDaemon Free
CVE-2012-2583 (Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget ...)
TODO: check
CVE-2012-2582 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
@@ -46552,7 +46552,7 @@
CVE-2012-2578 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 ...)
NOT-FOR-US: SmarterMail
CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...)
- NOT-FOR-US: SolarWinds Orion Network Performance Monitor
+ NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-2576
RESERVED
CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 ...)
@@ -47602,7 +47602,7 @@
CVE-2012-2201
RESERVED
CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...)
- NOT-FOR-US: sendmail configuration in AIX
+ NOT-FOR-US: sendmail configuration in AIX
CVE-2012-2199 (The server message channel agent in the queue manager in the server in ...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2012-2198
@@ -47860,7 +47860,7 @@
[squeeze] - munin <not-affected> (Vulnerable code not present)
[lenny] - munin <not-affected> (Vulnerable code not present)
CVE-2012-2103 (The qmailscan plugin for Munin 1.4.5 allows local users to overwrite ...)
- - munin 2.0~rc6-1 (bug #668778)
+ - munin 2.0~rc6-1 (bug #668778)
[squeeze] - munin <not-affected> (Vulnerable code not present)
[lenny] - munin <not-affected> (Vulnerable code not present)
CVE-2012-2102 (MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote ...)
@@ -49201,7 +49201,7 @@
CVE-2012-1559
RESERVED
CVE-2012-1558 (yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of ...)
- - cyassl <not-affected> (Fixed before initial upload)
+ - cyassl <not-affected> (Fixed before initial upload)
NOTE: https://github.com/cyassl/cyassl/commit/6b77c8967aa34f2a0bae85e90a469c4170cb2bb1
CVE-2012-1557 (SQL injection vulnerability in admin/plib/api-rpc/Agent.php in ...)
NOT-FOR-US: Parallels Plesk Panel
@@ -49992,10 +49992,10 @@
[squeeze] - bitlbee <no-dsa> (Minor issue)
CVE-2012-1186 (Integer overflow in the SyncImageProfiles function in profile.c in ...)
{DSA-2462-1}
- - imagemagick 8:6.6.9.7-7 (bug #665007)
+ - imagemagick 8:6.6.9.7-7 (bug #665007)
CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) ...)
{DSA-2462-1}
- - imagemagick 8:6.6.9.7-7 (bug #665007)
+ - imagemagick 8:6.6.9.7-7 (bug #665007)
CVE-2012-1184 (Stack-based buffer overflow in the ast_parse_digest function in ...)
- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
[squeeze] - asterisk <not-affected> (HTTP digest authentication code not present)
@@ -51777,12 +51777,12 @@
- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0492 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0491 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0490 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0489 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0488 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
@@ -51793,10 +51793,10 @@
- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0485 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0484 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0483
RESERVED
CVE-2012-0482
@@ -52097,7 +52097,7 @@
CVE-2012-0422
RESERVED
CVE-2012-0421 (The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager ...)
- NOT-FOR-US: SUSE Audit Log Keeper daemon
+ NOT-FOR-US: SUSE Audit Log Keeper daemon
CVE-2012-0420 (zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before ...)
NOT-FOR-US: SUSE Zypper
CVE-2012-0419 (Directory traversal vulnerability in the agent HTTP interfaces in ...)
@@ -52330,7 +52330,7 @@
CVE-2012-0315 (Untrusted search path vulnerability in ALFTP before 5.31 allows local ...)
NOT-FOR-US: ALFTP
CVE-2012-0314 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
- NOT-FOR-US: eAccess Pocket WiFi
+ NOT-FOR-US: eAccess Pocket WiFi
CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 ...)
NOT-FOR-US: glucose
CVE-2012-0312 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...)
@@ -52490,8 +52490,8 @@
NOT-FOR-US: pfSense
CVE-2012-0287 (Cross-site scripting (XSS) vulnerability in wp-comments-post.php in ...)
- wordpress 3.3.1+dfsg-1
- [squeeze] - wordpress <not-affected> (only 3.3.x vulnerable)
- [lenny] - wordpress <not-affected> (only 3.3.x vulnerable)
+ [squeeze] - wordpress <not-affected> (only 3.3.x vulnerable)
+ [lenny] - wordpress <not-affected> (only 3.3.x vulnerable)
CVE-2012-0286 (Cross-site request forgery (CSRF) vulnerability in Stoneware ...)
NOT-FOR-US: Stoneware webNetwork
CVE-2012-0285 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware ...)
@@ -52983,7 +52983,7 @@
CVE-2012-0257 (Heap-based buffer overflow in the WWCabFile ActiveX component in the ...)
NOT-FOR-US: Invensys Wonderware Application Server
CVE-2012-0256 (Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before ...)
- - trafficserver 3.0.4-1
+ - trafficserver 3.0.4-1
CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does not ...)
{DSA-2459-1}
- quagga 0.99.20.1-1
@@ -53637,30 +53637,30 @@
- bokken 1.5-3 (bug #651931)
CVE-2012-0120 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0119 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0118 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0117 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0116 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0115 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0114 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0113 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0112 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0111 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox 4.1.8-dfsg-1 (bug #659950)
[squeeze] - virtualbox <not-affected> (Vulnerable code not present, see #659950)
@@ -53683,10 +53683,10 @@
NOT-FOR-US: Oracle Solaris Kernel
CVE-2012-0102 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0101 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0100 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express ...)
NOT-FOR-US: Oracle Solaris
CVE-2012-0099 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express ...)
@@ -53715,7 +53715,7 @@
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0087 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0086 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0085 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
@@ -53740,7 +53740,7 @@
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0075 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0074 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0073 (Unspecified vulnerability in the Oracle Forms component in Oracle ...)
@@ -53867,7 +53867,7 @@
[squeeze] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
NOTE: 5.5.2 implements strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
CVE-2011-4717 (Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows ...)
- NOT-FOR-US: zFTPServer Suite
+ NOT-FOR-US: zFTPServer Suite
CVE-2011-4716 (Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, ...)
NOT-FOR-US: DreamBox
CVE-2011-4715 (Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha ...)
@@ -53883,7 +53883,7 @@
CVE-2011-4710 (Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 ...)
NOT-FOR-US: Pixie CMS
CVE-2011-4709 (Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in ...)
- NOT-FOR-US: Hotaru
+ NOT-FOR-US: Hotaru
CVE-2011-4708 (Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager ...)
NOT-FOR-US: IBM Rational Asset Manager
CVE-2011-4707 (Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan ...)
@@ -54297,7 +54297,7 @@
- plib 1.8.5-5.1 (bug #654785)
CVE-2011-4619 (The Server Gated Cryptography (SGC) implementation in OpenSSL before ...)
{DSA-2390-1}
- - openssl 1.0.0h-1
+ - openssl 1.0.0h-1
CVE-2011-4618 (Cross-site scripting (XSS) vulnerability in advancedtext.php in ...)
NOT-FOR-US: WordPress advanced-text-widget
CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to overwrite ...)
@@ -54435,7 +54435,7 @@
NOTE: RFC 3779 support has not been enabled at compile time.
CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before ...)
{DSA-2390-1}
- - openssl 1.0.0f-1
+ - openssl 1.0.0f-1
CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in JBoss ...)
NOT-FOR-US: JMX Console
CVE-2011-4574
@@ -54462,7 +54462,7 @@
CVE-2011-4564 (Cross-site scripting (XSS) vulnerability in the admin script in Active ...)
NOT-FOR-US: Active CMS
CVE-2011-4563 (Cross-site scripting (XSS) vulnerability in index.php in JAKCMS ...)
- NOT-FOR-US: JAKCMS
+ NOT-FOR-US: JAKCMS
CVE-2011-4562 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Wordpress plugin
CVE-2011-4561 (Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 ...)
@@ -54619,9 +54619,9 @@
CVE-2010-5053 (SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 ...)
NOT-FOR-US: Joomla extension
CVE-2010-5052 (Cross-site scripting (XSS) vulnerability in admin/components.php in ...)
- NOT-FOR-US: GetSimple CMS
+ NOT-FOR-US: GetSimple CMS
CVE-2010-5051 (Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php ...)
- NOT-FOR-US: razorCMS
+ NOT-FOR-US: razorCMS
CVE-2010-5050 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: ManageEngine ADManager Plus
CVE-2010-5049 (SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier ...)
@@ -54729,13 +54729,13 @@
[squeeze] - jetty <no-dsa> (Minor issue)
CVE-2011-4460 (SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x ...)
{DSA-2480-1}
- - request-tracker4 4.0.5-3
+ - request-tracker4 4.0.5-3
CVE-2011-4459 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 ...)
{DSA-2480-1}
- - request-tracker4 4.0.5-3
+ - request-tracker4 4.0.5-3
CVE-2011-4458 (Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and ...)
{DSA-2480-1}
- - request-tracker4 4.0.5-3
+ - request-tracker4 4.0.5-3
CVE-2011-4457 (OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when ...)
NOT-FOR-US: OWASP HTML Sanitizer
CVE-2011-4456
@@ -55255,7 +55255,7 @@
CVE-2011-4267
RESERVED
CVE-2011-4266 (Untrusted search path vulnerability in FFFTP before 1.98d allows local ...)
- NOT-FOR-US: FFFTP
+ NOT-FOR-US: FFFTP
CVE-2011-4265 (Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 ...)
NOT-FOR-US: phpWebSite
CVE-2011-4264 (Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows ...)
@@ -55883,7 +55883,7 @@
[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP ...)
- openldap 2.4.28-1 (unimportant; bug #647610)
- NOTE: Not exploitable with glibc, see
+ NOTE: Not exploitable with glibc, see
NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4079
CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP ...)
@@ -55937,7 +55937,7 @@
CVE-2011-4062 (Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows ...)
{DSA-2325-1}
- kfreebsd-10 10.0~svn226224-1
- - kfreebsd-9 9.0~svn225873-1
+ - kfreebsd-9 9.0~svn225873-1
- kfreebsd-8 8.2-11 (bug #645377)
- kfreebsd-7 <removed>
CVE-2011-4061 (Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) ...)
@@ -56001,9 +56001,9 @@
CVE-2011-4035 (Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo ...)
NOT-FOR-US: Schneider Electric Vijeo
CVE-2011-4034 (Buffer overflow in the Steema TeeChart ActiveX control, as used in ...)
- NOT-FOR-US: Steema TeeChart
+ NOT-FOR-US: Steema TeeChart
CVE-2011-4033 (Buffer overflow in the Steema TeeChart ActiveX control, as used in ...)
- NOT-FOR-US: Steema TeeChart
+ NOT-FOR-US: Steema TeeChart
CVE-2011-4032
RESERVED
CVE-2011-4031 (Integer underflow in the asfrtp_parse_packet function in ...)
@@ -56016,7 +56016,7 @@
[squeeze] - xorg-server 2:1.7.7-14
[lenny] - xorg-server <no-dsa> (Minor issue)
NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4
- NOTE: this has a poc now: http://vladz.devzero.fr/Xorg-CVE-2011-4029.txt
+ NOTE: this has a poc now: http://vladz.devzero.fr/Xorg-CVE-2011-4029.txt
CVE-2011-4028 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 ...)
- xorg-server 2:1.11.1.901-2 (low)
[squeeze] - xorg-server 2:1.7.7-14
@@ -56035,7 +56035,7 @@
CVE-2010-4960 (Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka ...)
NOT-FOR-US: Branchenbuch
CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects Pre ...)
- NOT-FOR-US: Pre Projects Pre Podcast Portal
+ NOT-FOR-US: Pre Projects Pre Podcast Portal
CVE-2010-4958 (SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows ...)
NOT-FOR-US: Prado Portal
CVE-2010-4957 (SQL injection vulnerability in the Questionnaire (ke_questionnaire) ...)
@@ -56059,9 +56059,9 @@
CVE-2010-4948 (PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in ...)
NOT-FOR-US: PHP Free Photo Gallery
CVE-2010-4947 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
- NOT-FOR-US: ALLPC
+ NOT-FOR-US: ALLPC
CVE-2010-4946 (SQL injection vulnerability in product_info.php in ALLPC 2.5 allows ...)
- NOT-FOR-US: ALLPC
+ NOT-FOR-US: ALLPC
CVE-2010-4945 (SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) ...)
NOT-FOR-US: CamelcityDB
CVE-2010-4944 (SQL injection vulnerability in the Elite Experts (com_elite_experts) ...)
@@ -56069,7 +56069,7 @@
CVE-2010-4943 (Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 ...)
NOT-FOR-US: Saurus CMS
CVE-2010-4942 (SQL injection vulnerability in location.php in the eCal module in ...)
- NOT-FOR-US: E-Xoopport Samsara
+ NOT-FOR-US: E-Xoopport Samsara
CVE-2010-4941 (SQL injection vulnerability in the Teams (com_teams) component ...)
NOT-FOR-US: Joomla extension
CVE-2010-4940 (SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows ...)
@@ -56647,7 +56647,7 @@
- libav 4:0.8~beta2-1 (bug #654534; bug #654572)
- ffmpeg <removed>
[squeeze] - chromium-browser <not-affected>
- NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554
+ NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554
NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106599
NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106621
CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome ...)
@@ -57334,7 +57334,7 @@
- apache2 2.2.18-1
NOTE: Related to CVE-2011-3368 and CVE-2011-4317 but a different issue
CVE-2011-3638 (fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a ...)
- - linux-2.6 3.0.0-1
+ - linux-2.6 3.0.0-1
[squeeze] - linux-2.6 2.6.32-40
CVE-2011-3637 (The m_stop function in fs/proc/task_mmu.c in the Linux kernel before ...)
- linux-2.6 2.6.39-1
@@ -57351,7 +57351,7 @@
- apt 0.8.11 (low)
[squeeze] - apt 0.8.10.3+squeeze2
NOTE: Minor issue, apt is only affected if apt-transport-https is installed
- NOTE: http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28
+ NOTE: http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28
NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353
CVE-2011-3633
REJECTED
@@ -57407,7 +57407,7 @@
CVE-2011-3620 (Apache Qpid 0.12 does not properly verify credentials during the ...)
- qpid-cpp <not-affected> (Red Hat-specific extension, see bug #672124)
CVE-2011-3619 (The apparmor_setprocattr function in security/apparmor/lsm.c in the ...)
- - linux-2.6 3.0.0-1
+ - linux-2.6 3.0.0-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-3618 [atop insecure tempfile handling]
@@ -57470,7 +57470,7 @@
- radvd 1:1.8-1.2 (bug #644614)
[squeeze] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
[lenny] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
- NOTE: http://seclists.org/oss-sec/2011/q4/30
+ NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3600
RESERVED
- libxmlrpc3-java 3.1.3-1 (low)
@@ -58094,7 +58094,7 @@
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
- openjdk-6 6b23~pre11-1
- openjdk-7 7~b147-2.0-1
- - iceweasel <not-affected>
+ - iceweasel <not-affected>
NOTE: http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
- chromium-browser 15.0.874.106~r107270-1
[squeeze] - chromium-browser <end-of-life>
@@ -58276,7 +58276,7 @@
CVE-2011-3338
RESERVED
CVE-2011-3337 (eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 ...)
- NOT-FOR-US: eEye Digital Security Audits
+ NOT-FOR-US: eEye Digital Security Audits
CVE-2011-3336
RESERVED
CVE-2011-3335
@@ -59527,10 +59527,10 @@
- rails 2.3.14
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in ...)
{DSA-2301-1}
- - rails 2.3.14
+ - rails 2.3.14
CVE-2011-2930 (Multiple SQL injection vulnerabilities in the quote_table_name method ...)
{DSA-2301-1}
- - rails 2.3.14
+ - rails 2.3.14
CVE-2011-2929 (The template selection functionality in ...)
- rails <not-affected> (Only affects RoR 3.0 and above)
CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux ...)
@@ -60296,7 +60296,7 @@
NOTE: it's modified somehow
CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote attackers ...)
{DSA-2288-1}
- - libsndfile 1.0.25-1
+ - libsndfile 1.0.25-1
CVE-2011-2695 (Multiple off-by-one errors in the ext4 subsystem in the Linux kernel ...)
- linux-2.6 3.0.0-1
[squeeze] - linux-2.6 2.6.32-48
@@ -61049,7 +61049,7 @@
CVE-2011-2398 (Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, ...)
NOT-FOR-US: HP-UX
CVE-2011-2397 (The Agent service in Iron Mountain Connected Backup 8.4 allows remote ...)
- NOT-FOR-US: Iron Mountain Connected Backup
+ NOT-FOR-US: Iron Mountain Connected Backup
CVE-2011-2396
RESERVED
CVE-2011-2394
@@ -61255,7 +61255,7 @@
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/88456
CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112, performs an ...)
- - libv8 3.4.14-1
+ - libv8 3.4.14-1
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: Fixed in V8 bleeding edge r8230, 3.2.10.17 and 3.3.10.9.
CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle Cascading ...)
@@ -61384,17 +61384,17 @@
CVE-2011-2285 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
NOT-FOR-US: Oracle Solaris
CVE-2011-2284 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
- NOT-FOR-US: Oracle PeopleSoft Products
+ NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2283 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component ...)
- NOT-FOR-US: Oracle PeopleSoft Products
+ NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2282 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
- NOT-FOR-US: Oracle PeopleSoft Products
+ NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2281 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
- NOT-FOR-US: Oracle PeopleSoft Products
+ NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2280 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
- NOT-FOR-US: Oracle PeopleSoft Products
+ NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2279 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
- NOT-FOR-US: Oracle PeopleSoft Products
+ NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2278 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2277 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...)
@@ -61429,7 +61429,7 @@
NOT-FOR-US: Oracle SysFW
CVE-2011-2262 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2429-1}
- - mysql-5.1 5.1.61-2 (bug #659687)
+ - mysql-5.1 5.1.61-2 (bug #659687)
CVE-2011-2261 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
NOT-FOR-US: Oracle Secure Backup
CVE-2011-2260 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
@@ -61956,16 +61956,16 @@
RESERVED
CVE-2011-2085 (Multiple cross-site request forgery (CSRF) vulnerabilities in Best ...)
{DSA-2480-1}
- - request-tracker4 4.0.5-3
+ - request-tracker4 4.0.5-3
CVE-2011-2084 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 ...)
{DSA-2480-1}
- - request-tracker4 4.0.5-3
+ - request-tracker4 4.0.5-3
CVE-2011-2083 (Multiple cross-site scripting (XSS) vulnerabilities in Best Practical ...)
{DSA-2480-1}
- - request-tracker4 4.0.5-3
+ - request-tracker4 4.0.5-3
CVE-2011-2082 (The vulnerable-passwords script in Best Practical Solutions RT 3.x ...)
{DSA-2480-1}
- - request-tracker4 4.0.5-3
+ - request-tracker4 4.0.5-3
CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for ...)
NOT-FOR-US: MediaCAST
CVE-2011-2080 (Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier ...)
@@ -62290,7 +62290,7 @@
RESERVED
- libpcap 1.1.1-4 (low; bug #623868)
[squeeze] - libpcap 1.1.1-2+squeeze1
- [lenny] - libpcap <not-affected>
+ [lenny] - libpcap <not-affected>
NOTE: <878vsbyviu.fsf at silenus.orebokech.com>
CVE-2011-1934 [lilo: lilo.conf world-readable]
RESERVED
@@ -62887,7 +62887,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975
CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before ...)
{DSA-2264-1 DSA-2240-1}
- - linux-2.6 2.6.39-1
+ - linux-2.6 2.6.39-1
CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not ...)
- linux-2.6 <unfixed> (unimportant)
NOTE: Can only be triggered with root equivalent privs -> non-issue
@@ -63078,7 +63078,7 @@
CVE-2011-1671 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Tracks
CVE-2011-1670 (Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra ...)
- NOT-FOR-US: InTerra
+ NOT-FOR-US: InTerra
CVE-2011-1669 (Directory traversal vulnerability in wp-download.php in the WP Custom ...)
NOT-FOR-US: WP Custom Pages module for WordPress
CVE-2011-1668 (Cross-site scripting (XSS) vulnerability in search.php in AR Web ...)
@@ -63480,11 +63480,11 @@
[lenny] - krb5 <not-affected> (Introduced in 1.9)
CVE-2011-1526 (ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 ...)
{DSA-2283-1}
- - krb5-appl 1:1.0.1-1.1
+ - krb5-appl 1:1.0.1-1.1
CVE-2011-1525 (Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer ...)
NOT-FOR-US: RealPlayer
CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management login GUI ...)
- NOT-FOR-US: Symantec LiveUpdate Administrator
+ NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2011-1523 (Cross-site scripting (XSS) vulnerability in statusmap.c in ...)
- nagios3 3.2.3-3 (bug #629127)
- icinga 1.4.1-1 (bug #629131)
@@ -64360,9 +64360,9 @@
CVE-2011-1224 (IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not ...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2011-1223 (Buffer overflow in the Alternate Data Stream (aka ADS or named stream) ...)
- NOT-FOR-US: IBM Tivoli Storage Manager
+ NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in the ...)
- NOT-FOR-US: IBM Tivoli Storage Manager
+ NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2011-1221 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control ...)
NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM ...)
@@ -64537,7 +64537,7 @@
NOT-FOR-US: SPICE Firefox plug-in
CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx.c in ...)
- gimp 2.6.10-1
- NOTE: Likely fixed earlier, but only the squeeze version was checked
+ NOTE: Likely fixed earlier, but only the squeeze version was checked
CVE-2011-1177
RESERVED
CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...)
@@ -64956,7 +64956,7 @@
CVE-2011-1064 (SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 ...)
NOT-FOR-US: Qi Bo CMS
CVE-2011-1063 (Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design ...)
- NOT-FOR-US: Cherry-Design Photopad
+ NOT-FOR-US: Cherry-Design Photopad
CVE-2011-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: TaskFreak!
CVE-2011-1061 (SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows ...)
@@ -65035,7 +65035,7 @@
CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in ...)
NOT-FOR-US: MediaDBPlayback.DLL
CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool ...)
- NOT-FOR-US: Moxa Device Manager
+ NOT-FOR-US: Moxa Device Manager
CVE-2011-1034 (Cross-site scripting (XSS) vulnerability in the UI in IBM Rational ...)
NOT-FOR-US: IBM Rational Build Forge
CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...)
@@ -65045,7 +65045,7 @@
CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real Estate ...)
NOT-FOR-US: Rae Media INC Real Estate Single and Multi Agent System
CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb ...)
- NOT-FOR-US: HotWebScripts HotWeb Rentals
+ NOT-FOR-US: HotWebScripts HotWeb Rentals
CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and ...)
NOT-FOR-US: GateSoft DocuSafe
CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax ...)
@@ -65232,7 +65232,7 @@
NOT-FOR-US: Apple IPv6 implementation
CVE-2011-XXXX [kfreebsd dos]
- kfreebsd-8 8.2-1 (low; bug #613312; bug #611476)
- [squeeze] - kfreebsd-8 8.1+dfsg-8
+ [squeeze] - kfreebsd-8 8.1+dfsg-8
[lenny] - kfreebsd-8 <no-dsa> (Not-supported in Lenny)
- kfreebsd-7 <removed>
[lenny] - kfreebsd-7 <no-dsa> (Not supported in Lenny)
@@ -65776,7 +65776,7 @@
{DSA-2188-1 DSA-2166-1}
- chromium-browser 9.0.597.84~r72991-1
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- - webkit 1.2.7-1
+ - webkit 1.2.7-1
NOTE: http://trac.webkit.org/changeset/71925
CVE-2011-0777 (Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows ...)
{DSA-2166-1}
@@ -65934,7 +65934,7 @@
NOT-FOR-US: ModX
CVE-2011-0740 (Cross-site scripting (XSS) vulnerability in ...)
- magpierss 0.72-10 (low; bug #611940)
- [squeeze] - magpierss 0.72-8+squeeze1
+ [squeeze] - magpierss 0.72-8+squeeze1
[lenny] - magpierss 0.72-5+lenny1
CVE-2011-0739 (The deliver function in the sendmail delivery agent ...)
NOT-FOR-US: Ruby mail gem
@@ -65984,7 +65984,7 @@
- ffmpeg-debian <end-of-life>
CVE-2011-0722 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows ...)
{DSA-2306-1}
- - libav 4:0.6-1
+ - libav 4:0.6-1
- ffmpeg <removed>
- ffmpeg-debian <end-of-life>
CVE-2011-0721 (Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in ...)
@@ -66236,7 +66236,7 @@
CVE-2011-0636 (The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA ...)
NOT-FOR-US: NVIDIA CUDA Toolkit
CVE-2011-0635 (Static code injection vulnerability in Simploo CMS 1.7.1 and earlier ...)
- NOT-FOR-US: Simploo
+ NOT-FOR-US: Simploo
CVE-2010-4708 (The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the ...)
- pam 1.1.3-7.1 (low; bug #611136)
[lenny] - pam <no-dsa> (Minor issue, too invasive for a stable release)
@@ -66634,7 +66634,7 @@
CVE-2011-0482 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
{DSA-2188-1}
- chromium-browser 6.0.472.63~r59945-5
- - webkit 1.2.7-1
+ - webkit 1.2.7-1
NOTE: http://trac.webkit.org/changeset/74779
CVE-2011-0481 (Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS ...)
- chromium-browser <not-affected> (Chrome PDF plugin)
@@ -66868,7 +66868,7 @@
NOTE: http://www.postfix.org/CVE-2011-0411.html
NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for ...)
- NOT-FOR-US: CollabNet ScrumWorks Basic
+ NOT-FOR-US: CollabNet ScrumWorks Basic
CVE-2011-0409
RESERVED
CVE-2011-0408 (pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to ...)
@@ -67284,7 +67284,7 @@
CVE-2010-4654 [Malformed commands may cause corruption of the internal stack]
RESERVED
- kdegraphics <not-affected> (no stackheight)
- - xpdf <not-affected> (no stackheight)
+ - xpdf <not-affected> (no stackheight)
- poppler 0.16.3-1
[lenny] - poppler <not-affected> (stackheights introduced after 0.12)
[squeeze] - poppler <not-affected> (stackheights introduced after 0.12)
@@ -68118,7 +68118,7 @@
CVE-2010-4577 (The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp ...)
{DSA-2188-1}
- chromium-browser 6.0.472.63~r59945-4
- - webkit 1.2.7-1
+ - webkit 1.2.7-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=49883
NOTE: http://code.google.com/p/chromium/issues/detail?id=63866
NOTE: http://trac.webkit.org/changeset/72685
@@ -68427,7 +68427,7 @@
CVE-2009-5023 (The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, ...)
- fail2ban 0.8.4+svn20110323-1 (low; bug #544232)
[lenny] - fail2ban <no-dsa> (Minor issue)
- [squeeze] - fail2ban 0.8.4-3+squeeze1
+ [squeeze] - fail2ban 0.8.4-3+squeeze1
CVE-2009-5022 (Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in ...)
{DSA-2256-1}
- tiff 3.9.5-1 (bug #624287)
@@ -68544,8 +68544,8 @@
NOT-FOR-US: TIBCO ActiveMatrix
CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used ...)
{DSA-2137-1}
- - libxml2 2.7.8.dfsg-2 (bug #607922)
- - chromium-browser 5.0.375.29~r46008-1
+ - libxml2 2.7.8.dfsg-2 (bug #607922)
+ - chromium-browser 5.0.375.29~r46008-1
- webkit <not-affected> (never embedded libxml2's xpath.c)
CVE-2010-4493 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...)
{DSA-2188-1}
@@ -68555,7 +68555,7 @@
CVE-2010-4492 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...)
{DSA-2188-1}
- chromium-browser 6.0.472.63~r59945-3
- - webkit 1.2.7-1
+ - webkit 1.2.7-1
NOTE: http://trac.webkit.org/changeset/71686
CVE-2010-4491 (Google Chrome before 8.0.552.215 does not properly restrict privileged ...)
- chromium-browser 9.0.597.45~r70550-1
@@ -68739,7 +68739,7 @@
CVE-2010-4446 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
NOT-FOR-US: Solaris
CVE-2010-4445 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
- NOT-FOR-US: PeopleSoft
+ NOT-FOR-US: PeopleSoft
CVE-2010-4444 (Unspecified vulnerability in Oracle Sun Java System Access Manager and ...)
NOT-FOR-US: OpenSSO
CVE-2010-4443 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...)
@@ -68751,7 +68751,7 @@
CVE-2010-4440 (Unspecified vulnerability in Oracle 10 and 11 Express allows local ...)
NOT-FOR-US: Oracle Express
CVE-2010-4439 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
- NOT-FOR-US: PeopleSoft
+ NOT-FOR-US: PeopleSoft
CVE-2010-4438 (Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, ...)
- glassfish <not-affected> (Only builds a few class libs)
CVE-2010-4437 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
@@ -68761,27 +68761,27 @@
CVE-2010-4435 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...)
NOT-FOR-US: Solaris
CVE-2010-4434 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
- NOT-FOR-US: PeopleSoft
+ NOT-FOR-US: PeopleSoft
CVE-2010-4433 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
NOT-FOR-US: Solaris
CVE-2010-4432 (Unspecified vulnerability in the Oracle Transportation Manager ...)
NOT-FOR-US: Oracle Supply Chain
CVE-2010-4431 (Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 ...)
- NOT-FOR-US: Oracle Sun Java System Portal Server
+ NOT-FOR-US: Oracle Sun Java System Portal Server
CVE-2010-4430 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
- NOT-FOR-US: PeopleSoft
+ NOT-FOR-US: PeopleSoft
CVE-2010-4429 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...)
NOT-FOR-US: Oracle Supply Chain
CVE-2010-4428 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
- NOT-FOR-US: PeopleSoft
+ NOT-FOR-US: PeopleSoft
CVE-2010-4427 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
NOT-FOR-US: Oracle BI Publisher
CVE-2010-4426 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
- NOT-FOR-US: PeopleSoft
+ NOT-FOR-US: PeopleSoft
CVE-2010-4425 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
NOT-FOR-US: Oracle BI Publisher
CVE-2010-4424 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
- NOT-FOR-US: PeopleSoft
+ NOT-FOR-US: PeopleSoft
CVE-2010-4423 (Unspecified vulnerability in the Cluster Verify Utility component in ...)
NOT-FOR-US: Oracle Database
CVE-2010-4422 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
@@ -68793,9 +68793,9 @@
CVE-2010-4420 (Unspecified vulnerability in the Database Vault component in Oracle ...)
NOT-FOR-US: Oracle Database
CVE-2010-4419 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...)
- NOT-FOR-US: PeopleSoft
+ NOT-FOR-US: PeopleSoft
CVE-2010-4418 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
- NOT-FOR-US: PeopleSoft
+ NOT-FOR-US: PeopleSoft
CVE-2010-4417 (Unspecified vulnerability in the Services for Beehive component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-4416 (Unspecified vulnerability in the Oracle GoldenGate Veridata component ...)
@@ -69164,7 +69164,7 @@
CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows ...)
NOT-FOR-US: Pandora FMS
CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...)
- NOT-FOR-US: Embedded Video plugin 4.1 for WordPress
+ NOT-FOR-US: Embedded Video plugin 4.1 for WordPress
CVE-2010-4276 (Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid ...)
NOT-FOR-US: LiveZilla
CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager ...)
@@ -69240,7 +69240,7 @@
- linux-2.6 2.6.32-30
CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the ...)
{DSA-2153-1}
- - linux-2.6 2.6.32-29
+ - linux-2.6 2.6.32-29
CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and ...)
- linux-2.6 <not-affected> (changes included since introduction of dom0 support)
CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in ...)
@@ -69256,7 +69256,7 @@
- linux-2.6 2.6.32-30
CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver ...)
{DSA-2153-1}
- - linux-2.6 2.6.32-28
+ - linux-2.6 2.6.32-28
CVE-2010-4241
RESERVED
- tikiwiki <removed>
@@ -69368,7 +69368,7 @@
REJECTED
CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast of an ...)
{DSA-2188-1}
- - webkit 1.2.7-1
+ - webkit 1.2.7-1
- chromium-browser 6.0.472.63~r59945-2
NOTE: http://trac.webkit.org/changeset/69936
CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...)
@@ -69434,7 +69434,7 @@
- dracut <not-affected> (vulnerable script not shipped)
- udev <not-affected> (vulnerable script not shipped; fedora-specific issue)
CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) ...)
- - linux-2.6 2.6.32-28
+ - linux-2.6 2.6.32-28
[lenny] - linux-2.6 <not-affected> (RDS introduced in 2.6.30)
CVE-2010-4174
REJECTED
@@ -69473,7 +69473,7 @@
{DSA-2153-1}
- linux-2.6 2.6.32-29
CVE-2010-4161 (The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat ...)
- - linux-2.6 2.6.28-1
+ - linux-2.6 2.6.28-1
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 ...)
- mono 2.6.7-4 (bug #605097)
@@ -70095,7 +70095,7 @@
{DSA-2306-1}
- libav 4:0.6-1
- ffmpeg <removed>
- - ffmpeg-debian <end-of-life>
+ - ffmpeg-debian <end-of-life>
CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin in ...)
- vlc 1.1.3-1squeeze1
[lenny] - vlc <not-affected> (Vulnerable code not present)
@@ -70295,35 +70295,35 @@
[lenny] - mercurial <no-dsa> (Minor issue)
CVE-2010-3840 (The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL ...)
{DSA-2143-1}
- - mysql-5.1 5.1.49-3 (bug #599937)
+ - mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
CVE-2010-3839 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote ...)
- - mysql-5.1 5.1.49-3 (bug #599937)
+ - mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...)
{DSA-2143-1}
- - mysql-5.1 5.1.49-3 (bug #599937)
+ - mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...)
{DSA-2143-1}
- - mysql-5.1 5.1.49-3 (bug #599937)
+ - mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...)
{DSA-2143-1}
- - mysql-5.1 5.1.49-3 (bug #599937)
+ - mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote ...)
{DSA-2143-1}
- - mysql-5.1 5.1.49-3 (bug #599937)
+ - mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before ...)
{DSA-2143-1}
- - mysql-5.1 5.1.49-3 (bug #599937)
+ - mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does ...)
{DSA-2143-1}
- - mysql-5.1 5.1.49-3 (bug #599937)
+ - mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
CVE-2010-3832 (Heap-based buffer overflow in the GSM mobility management ...)
NOT-FOR-US: Apple iOS Telophony
@@ -70411,7 +70411,7 @@
CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not ...)
NOT-FOR-US: Apple Safari RSS
CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...)
- NOT-FOR-US: Apple QuickTime
+ NOT-FOR-US: Apple QuickTime
CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...)
NOT-FOR-US: Apple QuickTime
CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...)
@@ -71441,7 +71441,7 @@
CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in ...)
- clamav 0.96.3+dfsg-1
[lenny] - clamav <end-of-life>
- NOTE: libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226)
+ NOTE: libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226)
CVE-2010-3433 (The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before ...)
{DSA-2120-1}
- postgresql-9.0 9.0.1-1
@@ -71463,7 +71463,7 @@
CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in ...)
{DSA-2165-1}
- ffmpeg 4:0.5.2-6 (bug #598590)
- - ffmpeg-debian <removed>
+ - ffmpeg-debian <removed>
NOTE: http://www.ocert.org/advisories/ocert-2010-004.html
CVE-2010-XXXX [mingetty directory traversal]
- mingetty 1.07-2 (low; bug #597382)
@@ -71696,19 +71696,19 @@
CVE-2010-3344
RESERVED
CVE-2010-3343 (Microsoft Internet Explorer 6 does not properly handle objects in ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3342 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3341
RESERVED
CVE-2010-3340 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3339
RESERVED
CVE-2010-3338 (The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and ...)
- NOT-FOR-US: Microsoft Office 2007 SP2
+ NOT-FOR-US: Microsoft Office 2007 SP2
CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac ...)
NOT-FOR-US: Microsoft Office XP SP3
CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...)
@@ -71722,17 +71722,17 @@
CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3330 (Microsoft Internet Explorer 6 through 8 does not properly restrict ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3329 (mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3328 (Use-after-free vulnerability in the CAttrArray::PrivateFind function ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3327 (The implementation of HTML content creation in Microsoft Internet ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3326 (Microsoft Internet Explorer 6 does not properly handle objects in ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3325 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8, and the ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session ...)
@@ -71794,7 +71794,7 @@
- openswan 1:2.6.28+dfsg-2
[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3301 (The IA32 system call emulation functionality in ...)
- - linux-2.6 2.6.32-23
+ - linux-2.6 2.6.32-23
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.27)
CVE-2010-3300
RESERVED
@@ -71921,7 +71921,7 @@
NOTE: chromium specific
CVE-2010-3255 (Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not ...)
- chromium-browser 6.0.472.53~r57914-1
- - webkit 1.2.5-1
+ - webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812
NOTE: http://trac.webkit.org/changeset/66052
@@ -71979,7 +71979,7 @@
CVE-2010-3306 (Directory traversal vulnerability in the modURL function in instance.c ...)
- weborf 0.12.3-1 (bug #596112)
CVE-2010-3243 (Cross-site scripting (XSS) vulnerability in the toStaticHTML function ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3242 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...)
NOT-FOR-US: Microsoft Excel
CVE-2010-3241 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...)
@@ -72362,7 +72362,7 @@
NOTE: http://trac.webkit.org/changeset/65325
CVE-2010-3119 (Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not ...)
- chromium-browser 5.0.375.127~r55887-1
- - webkit 1.2.4-1
+ - webkit 1.2.4-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795
NOTE: http://trac.webkit.org/changeset/65090
@@ -72388,13 +72388,13 @@
NOTE: http://trac.webkit.org/changeset/64077
NOTE: only partially fixed: only 64077 applied in 1.2.4-1
CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127, ...)
- - webkit 1.2.4-1
+ - webkit 1.2.4-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655
NOTE: http://trac.webkit.org/changeset/63773
CVE-2010-3113 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not ...)
- - webkit 1.2.5-1
+ - webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659
@@ -72530,7 +72530,7 @@
{DSA-2126-1}
- linux-2.6 2.6.32-24
CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel before ...)
- - linux-2.6 2.6.23-1
+ - linux-2.6 2.6.23-1
CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...)
- php5 <unfixed> (unimportant)
NOTE: mysqlnd not used in squeeze/sid
@@ -72609,7 +72609,7 @@
CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in ...)
NOT-FOR-US: SAP Crystal Reports 2008
CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other ...)
- NOT-FOR-US: Wyse ThinOS
+ NOT-FOR-US: Wyse ThinOS
CVE-2010-3030 (Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open ...)
NOT-FOR-US: Tomaz Muraus Open Blog
CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows ...)
@@ -72766,7 +72766,7 @@
CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the ...)
NOT-FOR-US: mountall
CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...)
- - linux-2.6 2.6.32-23
+ - linux-2.6 2.6.32-23
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) ...)
{DSA-2094-1}
@@ -72844,7 +72844,7 @@
CVE-2010-2933 (SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote ...)
NOT-FOR-US: AV Arcade
CVE-2010-2932 (Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control ...)
- NOT-FOR-US: BarCodeWiz BarCode
+ NOT-FOR-US: BarCodeWiz BarCode
CVE-2010-2931 (Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows ...)
NOT-FOR-US: SigPlus Pro activex control
CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in hsolink ...)
@@ -72909,7 +72909,7 @@
- webkit <not-affected> (Chromium specific issue)
- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2902 (The SVG implementation in Google Chrome before 5.0.375.125 allows ...)
- - webkit 1.2.4-1
+ - webkit 1.2.4-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.125~r53311-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=41621
@@ -72929,7 +72929,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=41962
NOTE: http://trac.webkit.org/changeset/63219
CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google ...)
- - webkit 1.2.4-1
+ - webkit 1.2.4-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.125~r53311-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977
@@ -73026,7 +73026,7 @@
CVE-2009-4972 (Cross-site scripting (XSS) vulnerability in index.php (aka the log in ...)
NOT-FOR-US: SimpleID
CVE-2009-4971 (SQL injection vulnerability in the AJAX Chat (vjchat) extension before ...)
- NOT-FOR-US: AJAX Chat
+ NOT-FOR-US: AJAX Chat
CVE-2009-4970 (SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for ...)
NOT-FOR-US: Typo3 addon
CVE-2009-4969 (SQL injection vulnerability in the Solidbase Bannermanagement ...)
@@ -73076,11 +73076,11 @@
CVE-2010-2849 (Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php ...)
NOT-FOR-US: nuBuilder
CVE-2010-2848 (Directory traversal vulnerability in ...)
- NOT-FOR-US: Joomla! ArtForms
+ NOT-FOR-US: Joomla! ArtForms
CVE-2010-2847 (Multiple SQL injection vulnerabilities in the InterJoomla ArtForms ...)
- NOT-FOR-US: Joomla! ArtForms
+ NOT-FOR-US: Joomla! ArtForms
CVE-2010-2846 (Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms ...)
- NOT-FOR-US: Joomla! ArtForms
+ NOT-FOR-US: Joomla! ArtForms
CVE-2010-2845 (SQL injection vulnerability in the QuickFAQ (com_quickfaq) component ...)
NOT-FOR-US: Joomla! QuickFAQ
CVE-2010-2844 (Cross-site scripting (XSS) vulnerability in news_show.php in Newanz ...)
@@ -73247,7 +73247,7 @@
CVE-2009-4954 (SQL injection vulnerability in the Versatile Calendar Extension [VCE] ...)
NOT-FOR-US: typo3 third party component (sk_calendar)
CVE-2009-4953 (Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit ...)
- NOT-FOR-US: typo3 third party component (sg_userdata)
+ NOT-FOR-US: typo3 third party component (sg_userdata)
CVE-2009-4952 (Directory traversal vulnerability in the Directory Listing ...)
NOT-FOR-US: typo3 third party component (dir_listing)
CVE-2009-4951 (Unspecified vulnerability in the ClickStream Analyzer [output] ...)
@@ -73477,11 +73477,11 @@
CVE-2010-2735
RESERVED
CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in ...)
- NOT-FOR-US: Microsoft Forefront Unified Access Gateway
+ NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in ...)
- NOT-FOR-US: Microsoft Forefront Unified Access Gateway
+ NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft ...)
- NOT-FOR-US: Microsoft Forefront Unified Access Gateway
+ NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, ...)
@@ -73529,9 +73529,9 @@
CVE-2010-2711 (Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the ...)
NOT-FOR-US: HP MagCloud app
CVE-2010-2710 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
- NOT-FOR-US: HP OpenView
+ NOT-FOR-US: HP OpenView
CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView Network ...)
- NOT-FOR-US: HP OpenView
+ NOT-FOR-US: HP OpenView
CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before ...)
NOT-FOR-US: HP ProCurve
CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches ...)
@@ -73541,17 +73541,17 @@
CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch with ...)
NOT-FOR-US: HP ProCurve
CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and ...)
- NOT-FOR-US: HP OpenView
+ NOT-FOR-US: HP OpenView
CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the ov.dll ...)
- NOT-FOR-US: HP OpenView
+ NOT-FOR-US: HP OpenView
CVE-2010-2702 (Buffer overflow in the UGameEngine::UpdateConnectingMessage function ...)
NOT-FOR-US: Unreal engine
CVE-2010-2701 (Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow ...)
NOT-FOR-US: FathFTP ActiveX control
CVE-2010-2700 (Cross-site scripting (XSS) vulnerability in index.php in Edge PHP ...)
- NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script
+ NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script
CVE-2010-2699 (SQL injection vulnerability in index.php in Edge PHP Clickbank ...)
- NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script
+ NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script
CVE-2010-2698 (Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community ...)
NOT-FOR-US: Sijio Community Software
CVE-2010-2697 (Cross-site scripting (XSS) vulnerability in Sijio Community Software ...)
@@ -73559,7 +73559,7 @@
CVE-2010-2696 (SQL injection vulnerability in gallery/index.php in Sijio Community ...)
NOT-FOR-US: Sijio Community Software
CVE-2010-2695 (Directory traversal vulnerability in the SFTP/SSH2 virtual server in ...)
- NOT-FOR-US: Xlight FTP Server
+ NOT-FOR-US: Xlight FTP Server
CVE-2010-2694 (SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 ...)
NOT-FOR-US: Joomla addon
CVE-2010-2693 (FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag ...)
@@ -73569,7 +73569,7 @@
CVE-2010-2692 (Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt ...)
NOT-FOR-US: 2daybiz Custom T-Shirt Design Script
CVE-2010-2691 (Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt ...)
- NOT-FOR-US: 2daybiz Custom T-Shirt Design Script
+ NOT-FOR-US: 2daybiz Custom T-Shirt Design Script
CVE-2010-2690 (SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) ...)
NOT-FOR-US: Joomla addon
CVE-2010-2689 (SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS ...)
@@ -73655,13 +73655,13 @@
CVE-2009-4932 (Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote ...)
NOT-FOR-US: 1by1
CVE-2009-4931 (Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote ...)
- NOT-FOR-US: Groovy Media Player
+ NOT-FOR-US: Groovy Media Player
CVE-2009-4930 (Cross-site scripting (XSS) vulnerability in the ...)
- NOT-FOR-US: SunGard Banner Student System
+ NOT-FOR-US: SunGard Banner Student System
CVE-2009-4929 (admin/manage_users.php in TotalCalendar 2.4 does not require ...)
- NOT-FOR-US: TotalCalendar
+ NOT-FOR-US: TotalCalendar
CVE-2009-4928 (PHP remote file inclusion vulnerability in config.php in TotalCalendar ...)
- NOT-FOR-US: TotalCalendar
+ NOT-FOR-US: TotalCalendar
CVE-2009-4927 (WB News 2.1.2 allows remote attackers to bypass authentication and ...)
NOT-FOR-US: WB News
CVE-2009-4926 (Multiple cross-site scripting (XSS) vulnerabilities in Online Contact ...)
@@ -73793,7 +73793,7 @@
[lenny] - bogofilter 1.1.7-1+lenny1
NOTE: this is "only" null write to an invalid pointer, no arbitrary location
CVE-2010-2495 (The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP ...)
- - linux-2.6 2.6.32-16
+ - linux-2.6 2.6.32-16
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.29)
CVE-2010-2618 (PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in ...)
NOT-FOR-US: AdaptCMS
@@ -74117,7 +74117,7 @@
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in ...)
{DSA-2110-1}
- - linux-2.6 2.6.32-19
+ - linux-2.6 2.6.32-19
CVE-2010-2491 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup ...)
- roundup 1.4.13-3.1 (bug #590769)
NOTE: http://bugs.gentoo.org/show_bug.cgi?id=326395
@@ -74209,7 +74209,7 @@
- chromium-browser <not-affected> (iceweasel/safari-specific issues)
NOTE: i tested both firefox and safari poc's, and neither of them caused the
NOTE: address bar to be spoofed in either webkit or chrome
- NOTE: this will be address in iceweasel in cve-2010-1206
+ NOTE: this will be address in iceweasel in cve-2010-1206
CVE-2010-2453 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk ...)
NOT-FOR-US: Synology Disk Station
CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct ...)
@@ -74392,7 +74392,7 @@
CVE-2010-2374 (Unspecified vulnerability in Solaris Studio 12 update 1 allows local ...)
NOT-FOR-US: Solaris
CVE-2010-2373 (Unspecified vulnerability in the Console component in Oracle ...)
- NOT-FOR-US: Oracle Enterprise Manager Grid Control
+ NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2010-2372 (Unspecified vulnerability in the Oracle Transportation Management ...)
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2010-2371 (Unspecified vulnerability in the Oracle Transportation Management ...)
@@ -74561,7 +74561,7 @@
- webkit 1.2.1-3
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
- NOTE: http://trac.webkit.org/changeset/59109
+ NOTE: http://trac.webkit.org/changeset/59109
NOTE: duplicate of cve-2010-1759
CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc ...)
- webkit <not-affected> (chromium-specific)
@@ -74570,7 +74570,7 @@
- webkit <not-affected> (chromium-specific)
- chromium-browser 5.0.375.70~r48679-1
CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome ...)
- - webkit 1.2.1-3
+ - webkit 1.2.1-3
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: http://trac.webkit.org/changeset/59495
@@ -74585,7 +74585,7 @@
NOTE: http://trac.webkit.org/changeset/59769
NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159
CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...)
- - webkit 1.2.1-3
+ - webkit 1.2.1-3
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: http://trac.webkit.org/changeset/58829
@@ -74983,15 +74983,15 @@
CVE-2010-2147 (Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) ...)
NOT-FOR-US: My Car for Joomla
CVE-2010-2146 (PHP remote file inclusion vulnerability in banned.php in Visitor ...)
- NOT-FOR-US: Visitor Logger
+ NOT-FOR-US: Visitor Logger
CVE-2010-2145 (Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta ...)
- NOT-FOR-US: ClearSite
+ NOT-FOR-US: ClearSite
CVE-2010-2144 (Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways ...)
NOT-FOR-US: Zeeways eBay Clone auction script
CVE-2010-2143 (Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 ...)
- NOT-FOR-US: Symphony CMS
+ NOT-FOR-US: Symphony CMS
CVE-2010-2142 (SQL injection vulnerability in default.asp in Cyberhost allows remote ...)
- NOT-FOR-US: Cyberhost
+ NOT-FOR-US: Cyberhost
CVE-2010-2141 (SQL injection vulnerability in index.php in NITRO Web Gallery allows ...)
NOT-FOR-US: NITRO Web Gallery
CVE-2010-2140 (SQL injection vulnerability in itemdetail.php in Multishop CMS allows ...)
@@ -75011,11 +75011,11 @@
CVE-2010-2133 (SQL injection vulnerability in contact.php in My Little Forum allows ...)
NOT-FOR-US: My Little Forum
CVE-2010-2132 (Multiple PHP remote file inclusion vulnerabilities in Open Education ...)
- NOT-FOR-US: Open Education System
+ NOT-FOR-US: Open Education System
CVE-2010-2131 (SQL injection vulnerability in the Calendar Base (cal) extension ...)
NOT-FOR-US: Typo3 extenson Calendar Base
CVE-2010-2130 (Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ...)
- NOT-FOR-US: Aris Global ARISg
+ NOT-FOR-US: Aris Global ARISg
CVE-2009-4882 (Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ...)
{DSA-2056-1}
- zonecheck 2.1.1-1 (bug #583290)
@@ -75031,11 +75031,11 @@
CVE-2010-2126 (Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery ...)
NOT-FOR-US: Snipe Gallery
CVE-2010-2125 (Multiple cross-site scripting (XSS) vulnerabilities in the Rotor ...)
- NOT-FOR-US: Rotor Banner module for Drupal
+ NOT-FOR-US: Rotor Banner module for Drupal
CVE-2010-2124 (SQL injection vulnerability in firma.php in Bartels Schone ConPresso ...)
NOT-FOR-US: Bartels Schone ConPresso
CVE-2010-2123 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm ...)
- NOT-FOR-US: Storm module for Drupal
+ NOT-FOR-US: Storm module for Drupal
CVE-2010-2122 (Directory traversal vulnerability in the SimpleDownload ...)
NOT-FOR-US: SimpleDownload for Joomla
CVE-2010-2121 (Opera 9.52 allows remote attackers to cause a denial of service ...)
@@ -75070,7 +75070,7 @@
CVE-2010-2112 (Directory traversal vulnerability in the FTP service in FileCOPA ...)
NOT-FOR-US: FileCOPA
CVE-2010-2111 (Cross-site request forgery (CSRF) vulnerability in user/user-set.do in ...)
- NOT-FOR-US: Pacific Timesheet
+ NOT-FOR-US: Pacific Timesheet
CVE-2010-2110 (Google Chrome before 5.0.375.55 does not properly execute JavaScript ...)
- chromium-browser 5.0.375.55~r47796-1
- webkit <not-affected> (issue in chrome's libv8 bindings)
@@ -75224,7 +75224,7 @@
RESERVED
{DSA-2044-1 DSA-2043-1}
- vlc 1.0.1-1
- [lenny] - vlc 0.8.6.h-4+lenny2.3
+ [lenny] - vlc 0.8.6.h-4+lenny2.3
- mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245)
[lenny] - mplayer 1.0~rc2-17+lenny3.2
- xine-lib <not-affected> (immune due to additional check in xio_rw_abbort())
@@ -75256,7 +75256,7 @@
NOT-FOR-US: SBLIM SFCB
CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local ...)
- emesene 1.6.2-1 (low)
- [lenny] - emesene <not-affected> (Introduced in 1.6.1)
+ [lenny] - emesene <not-affected> (Introduced in 1.6.1)
CVE-2010-2052
REJECTED
CVE-2010-2051 (SQL injection vulnerability in article.php in Debliteck DBCart allows ...)
@@ -75270,13 +75270,13 @@
CVE-2010-2047 (SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 ...)
NOT-FOR-US: JE CMS
CVE-2010-2046 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- NOT-FOR-US: ActiveHelper LiveHelp for Joomla
+ NOT-FOR-US: ActiveHelper LiveHelp for Joomla
CVE-2010-2045 (Directory traversal vulnerability in the Dione Form Wizard (aka FDione ...)
NOT-FOR-US: Dione Form Wizard
CVE-2010-2044 (SQL injection vulnerability in the Konsultasi (com_konsultasi) ...)
- NOT-FOR-US: Konsultasi for Joomla
+ NOT-FOR-US: Konsultasi for Joomla
CVE-2010-2043 (Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack ...)
- NOT-FOR-US: DataTrack System
+ NOT-FOR-US: DataTrack System
CVE-2010-2042 (SQL injection vulnerability in search.php in ECShop 2.7.2 allows ...)
NOT-FOR-US: ECShop
CVE-2010-2041 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
@@ -75446,7 +75446,7 @@
CVE-2010-1973 (Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, ...)
NOT-FOR-US: OpenVMS
CVE-2010-1972 (The default configuration of HP Client Automation (HPCA) Enterprise ...)
- NOT-FOR-US: HP Client Automation
+ NOT-FOR-US: HP Client Automation
CVE-2010-1971 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...)
NOT-FOR-US: HP Insight
CVE-2010-1970 (Unspecified vulnerability in HP Insight Software Installer for Windows ...)
@@ -75466,7 +75466,7 @@
CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows ...)
NOT-FOR-US: HP ServiceCenter
CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...)
- NOT-FOR-US: HP StorageWorks
+ NOT-FOR-US: HP StorageWorks
CVE-2010-1961 (Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1960 (Buffer overflow in the error handling functionality in ...)
@@ -75666,7 +75666,7 @@
- libspring-2.5-java <not-affected> (Vulnerable code not present)
CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...)
{DSA-2080-1}
- - ghostscript 8.71~dfsg-4
+ - ghostscript 8.71~dfsg-4
NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3
CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...)
- php5 <unfixed> (unimportant)
@@ -75959,7 +75959,7 @@
CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
- webkit 1.2.4-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- - chromium-browser 5.0.375.99~r51029-1
+ - chromium-browser 5.0.375.99~r51029-1
NOTE: http://trac.webkit.org/changeset/61667
NOTE: duplicated as cve-2010-2647
CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
@@ -76006,31 +76006,31 @@
CVE-2010-1775 (Race condition in Passcode Lock in Apple iOS before 4 on the iPhone ...)
NOT-FOR-US: Apple iPhone Passcode Lock
CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261
NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-1773 (Off-by-one error in the toAlphabetic function in ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508
NOTE: http://trac.webkit.org/changeset/59950
CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore in ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388
NOTE: http://trac.webkit.org/changeset/59859
CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39453
NOTE: http://trac.webkit.org/changeset/59876
CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626
@@ -76043,7 +76043,7 @@
CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows local ...)
NOT-FOR-US: Apple iTunes
CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in ...)
- - webkit 1.2.1-3
+ - webkit 1.2.1-3
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843
@@ -76072,32 +76072,32 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39008
NOTE: http://trac.webkit.org/changeset/59486
CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38922
NOTE: http://trac.webkit.org/changeset/59241
NOTE: http://trac.webkit.org/changeset/59242
CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760
NOTE: http://trac.webkit.org/changeset/59263
CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.99~r51029-2
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37781
NOTE: http://trac.webkit.org/changeset/58409
CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38583
NOTE: http://trac.webkit.org/changeset/59109
CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
@@ -76343,7 +76343,7 @@
NOTE: http://trac.webkit.org/changeset/58201
CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 ...)
- chromium-browser 5.0.375.29~r46008-1
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: http://trac.webkit.org/changeset/57922
CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google ...)
@@ -76414,7 +76414,7 @@
CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...)
- squirrelmail 2:1.4.21-1 (unimportant)
CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs ...)
- - linux-2.6 2.6.32-14
+ - linux-2.6 2.6.32-14
[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.32)
CVE-2010-1635 (The chain_reply function in process.c in smbd in Samba before 3.4.8 ...)
- samba <unfixed> (unimportant)
@@ -76534,16 +76534,16 @@
NOTE: a patch exists I filed a bug anyway
CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when ...)
{DSA-2115-1}
- - moodle 1.9.8-1
+ - moodle 1.9.8-1
CVE-2010-1615 (Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 ...)
{DSA-2115-1}
- - moodle 1.9.8-1
+ - moodle 1.9.8-1
CVE-2010-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x ...)
{DSA-2115-1}
- - moodle 1.9.8-1
+ - moodle 1.9.8-1
CVE-2010-1613 (Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate ...)
{DSA-2115-1}
- - moodle 1.9.8-1
+ - moodle 1.9.8-1
CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication ...)
NOT-FOR-US: Support Incident Tracker
CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS ...)
@@ -77115,13 +77115,13 @@
CVE-2010-1424 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...)
NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=26824
NOTE: http://trac.webkit.org/changeset/58829
CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751
@@ -77135,7 +77135,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37618
NOTE: http://trac.webkit.org/changeset/58616
CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38260
@@ -77145,14 +77145,14 @@
NOTE: http://trac.webkit.org/changeset/56651
NOTE: http://trac.webkit.org/changeset/57627
CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001
NOTE: http://trac.webkit.org/changeset/58201
NOTE: if this commit is correct, this is a dup of cve-2010-1665
CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36838
@@ -77206,7 +77206,7 @@
NOTE: http://trac.webkit.org/changeset/56492
NOTE: http://trac.webkit.org/changeset/56879
CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36435
@@ -77219,7 +77219,7 @@
NOTE: http://trac.webkit.org/changeset/50226
NOTE: http://trac.webkit.org/changeset/50240
CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36198
@@ -77297,7 +77297,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=33683
NOTE: http://trac.webkit.org/changeset/53607
CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34641
@@ -77330,7 +77330,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=28755
NOTE: http://trac.webkit.org/changeset/47829
CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple ...)
- - webkit 1.2.1-2
+ - webkit 1.2.1-2
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34321
@@ -77338,7 +77338,7 @@
NOTE: http://trac.webkit.org/changeset/54141
NOTE: http://trac.webkit.org/changeset/54265
CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 and before ...)
- - webkit 1.2.2-1
+ - webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255
@@ -77523,7 +77523,7 @@
CVE-2010-1311 (The qtm_decompress function in libclamav/mspack.c in ClamAV before ...)
- clamav 0.96+dfsg-2 (bug #577462; low)
[lenny] - clamav <end-of-life> (bug #577462; low)
- NOTE: Lenny version achieved end of life! see
+ NOTE: Lenny version achieved end of life! see
NOTE: http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/
CVE-2010-1310 (Opera 10.50 allows remote attackers to obtain sensitive information ...)
NOT-FOR-US: Opera
@@ -77935,7 +77935,7 @@
CVE-2010-1183 (Certain patch-installation scripts in Oracle Solaris allow local users ...)
NOT-FOR-US: Oracle Solaris
CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative console in ...)
- NOT-FOR-US: IBM WebSphere Application Server
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
@@ -77949,7 +77949,7 @@
CVE-2010-1176 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
- webkit <not-affected>
CVE-2010-1175 (Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 ...)
- NOT-FOR-US: Microsoft Internet Explorer 7.0
+ NOT-FOR-US: Microsoft Internet Explorer 7.0
CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Cisco TFTP Server
CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the ...)
@@ -78225,7 +78225,7 @@
[lenny] - linux-2.6 <not-affected> (affected call not present)
CVE-2010-1084 (Linux kernel 2.6.18 through 2.6.33, and possibly other versions, ...)
{DSA-2053-1}
- - linux-2.6 2.6.32-11
+ - linux-2.6 2.6.32-11
CVE-2010-1083 (The processcompl_compat function in drivers/usb/core/devio.c in Linux ...)
{DSA-2053-1}
- linux-2.6 2.6.32-9
@@ -78707,7 +78707,7 @@
NOTE: on a fix just in case
CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...)
- samba 2:3.4.6~dfsg-1 (low; bug #568493; bug #572953)
- [lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications)
+ [lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications)
CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is ...)
NOT-FOR-US: Perforce Server
CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows remote ...)
@@ -79293,7 +79293,7 @@
[lenny] - samba <not-affected> (Only affects 3.3.11, 3.4.6 and 3.5.0)
CVE-2010-0727 (The gfs2_lock function in the Linux kernel before ...)
{DSA-2053-1}
- - linux-2.6 2.6.32-11
+ - linux-2.6 2.6.32-11
CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack ...)
{DSA-2009-1}
- tdiary 2.2.1-1.1 (low; bug #572417)
@@ -79571,7 +79571,7 @@
NOT-FOR-US: Juniper Installer Service
CVE-2009-XXXX [ffmpeg potentially remaining vulnerabilities after DSA 2000]
- ffmpeg 4:0.5.1-1 (medium; bug #570713)
- - ffmpeg-debian <end-of-life>
+ - ffmpeg-debian <end-of-life>
CVE-2010-XXXX [phpbb3 weak captcha]
- phpbb3 3.0.7-PL1-1 (unimportant; bug #570011)
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...)
@@ -79745,7 +79745,7 @@
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel ...)
{DSA-2012-1 DSA-2005-1 DSA-2003-1}
- - linux-2.6 2.6.32-9
+ - linux-2.6 2.6.32-9
- linux-2.6.24 <removed>
CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in ...)
NOT-FOR-US: Trend Micro URL Filtering Engine
@@ -79814,7 +79814,7 @@
CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote ...)
NOT-FOR-US: LoganPro
CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote ...)
- NOT-FOR-US: WebExpert
+ NOT-FOR-US: WebExpert
CVE-2003-1585 (Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote ...)
NOT-FOR-US: WebLogExpert
CVE-2003-1584 (Cross-site scripting (XSS) vulnerability in SurfStats allows remote ...)
@@ -80154,7 +80154,7 @@
[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0421 (Array index error in the hb_ot_layout_build_glyph_classes function in ...)
{DSA-2019-1}
- - pango1.0 1.26.2-1 (bug #574021)
+ - pango1.0 1.26.2-1 (bug #574021)
CVE-2010-0420 (libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user ...)
{DSA-2038-1}
- pidgin 2.6.6-1 (low)
@@ -80191,7 +80191,7 @@
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before 2.6.32.8 ...)
{DSA-2005-1 DSA-2003-1 DSA-1996-1}
- - linux-2.6 2.6.32-8
+ - linux-2.6 2.6.32-8
- linux-2.6.24 <removed>
NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7
CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in ...)
@@ -80515,7 +80515,7 @@
- webkit 1.1.21-1 (low)
[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target ...)
- - webkit 1.1.90-1
+ - webkit 1.1.90-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System ...)
@@ -80523,7 +80523,7 @@
CVE-2010-0312 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server ...)
NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-0311 (Unspecified vulnerability in Sun Java System Identity Manager (aka ...)
- NOT-FOR-US: Sun Java System Identity Manager
+ NOT-FOR-US: Sun Java System Identity Manager
CVE-2010-0310 (Trusted Extensions in Sun Solaris 10 allows local users to gain ...)
NOT-FOR-US: Trusted Extensions in Sun Solaris 10
CVE-2009-4613 (SQL injection vulnerability in realestate20/loginaction.php in NetArt ...)
@@ -80546,7 +80546,7 @@
NOTE: the exploitable servlet is not shipped in Debian packages
CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT) ...)
{DSA-2010-1 DSA-1996-1}
- - linux-2.6 2.6.32-8
+ - linux-2.6 2.6.32-8
[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
- kvm <removed>
@@ -80588,7 +80588,7 @@
- ircd-ratbox 3.0.6.dfsg-1 (low; bug #567191)
- ircd-hybrid 1:7.2.2.dfsg.2-6.1 (low)
CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure ...)
- - linux-2.6 2.6.32-6
+ - linux-2.6 2.6.32-6
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
@@ -80825,7 +80825,7 @@
CVE-2009-4605 (scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before ...)
{DSA-2034-1}
- phpmyadmin 4:3.2.4-1
- NOTE: vulnerable code does not in the 3.x series (sid and squeeze checked)
+ NOTE: vulnerable code does not in the 3.x series (sid and squeeze checked)
NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
NOTE: there is still at least one unserialize() call on _POST data
CVE-2009-4594 (Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access ...)
@@ -80873,7 +80873,7 @@
[lenny] - bind9 <not-affected> (vulnerability introduced in 9.7.1)
CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of service ...)
{DSA-2077-1}
- - openldap 2.4.23-1
+ - openldap 2.4.23-1
CVE-2010-0211 (The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not ...)
{DSA-2077-1}
- openldap 2.4.23-1
@@ -80943,7 +80943,7 @@
CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not restrict ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO ...)
- NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent
+ NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent
CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots ...)
{DSA-2064-1}
- xulrunner 1.9.1.10-1
@@ -81702,9 +81702,9 @@
CVE-2009-4386 (SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur ...)
NOT-FOR-US: Venalsur Booking Centre Booking System
CVE-2009-4385 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- NOT-FOR-US: Scriptsez.net Ez Poll Hoster
+ NOT-FOR-US: Scriptsez.net Ez Poll Hoster
CVE-2009-4384 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
- NOT-FOR-US: Scriptsez.net Ez Poll Hoster
+ NOT-FOR-US: Scriptsez.net Ez Poll Hoster
CVE-2009-4383 (Directory traversal vulnerability in Pforum.php in Rocomotion P forum ...)
NOT-FOR-US: Rocomotion P forum
CVE-2009-4382 (Cross-site scripting (XSS) vulnerability in module.php in PHPFABER ...)
@@ -81837,11 +81837,11 @@
CVE-2009-4367 (The Staging Webservice ("sitecore modules/staging/service/api.asmx") ...)
NOT-FOR-US: Sitecore Staging Module
CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
- NOT-FOR-US: ScriptsEz Ez Blog
+ NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- NOT-FOR-US: ScriptsEz Ez Blog
+ NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
- NOT-FOR-US: ScriptsEz Ez Blog
+ NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application ...)
{DSA-1966-1}
- horde3 3.3.6+debian0-1 (low)
@@ -82560,7 +82560,7 @@
CVE-2009-4151 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...)
{DSA-1944-1}
- request-tracker3.6 3.6.9-2 (low)
- - request-tracker3.4 <removed>
+ - request-tracker3.4 <removed>
CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and ...)
NOT-FOR-US: IBM DB2
CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in CA ...)
@@ -82568,9 +82568,9 @@
CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers ...)
NOT-FOR-US: DAZ Studio
CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
- - kfreebsd-6 <not-affected> (the affected file -rtld.c- is not in the archive, not even kFreeBSD)
+ - kfreebsd-6 <not-affected> (the affected file -rtld.c- is not in the archive, not even kFreeBSD)
CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
- - kfreebsd-6 <not-affected> (the affected file -rtld.c- is not in the archive, not even kFreeBSD)
+ - kfreebsd-6 <not-affected> (the affected file -rtld.c- is not in the archive, not even kFreeBSD)
CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection ...)
- network-manager-applet 0.7.2-2 (low; bug #563371)
- network-manager <not-affected> (-editor introduced in 0.7 on the -applet package)
@@ -83091,7 +83091,7 @@
CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3976 (Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to ...)
- NOT-FOR-US: Labtam ProFTP
+ NOT-FOR-US: Labtam ProFTP
CVE-2009-3975 (SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and ...)
NOT-FOR-US: Moa Gallery
CVE-2009-3974 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB or ...)
@@ -83185,7 +83185,7 @@
CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not ...)
- - msmtp <not-affected> (uses GnuTLS and not OpenSSL; bug #557324)
+ - msmtp <not-affected> (uses GnuTLS and not OpenSSL; bug #557324)
CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not ...)
- mpop <not-affected> (uses GnuTLS and not OpenSSL; bug #557326)
CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox ...)
@@ -83443,7 +83443,7 @@
CVE-2009-3853 (Stack-based buffer overflow in the client acceptor daemon (CAD) ...)
NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes for ...)
- NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0
+ NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0
CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operation of ...)
NOT-FOR-US: Sun Solaris 10
CVE-2009-3850 (Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to ...)
@@ -83506,7 +83506,7 @@
CVE-2009-3824 (Directory traversal vulnerability in include/processor.php in ...)
NOT-FOR-US: Greenwood PHP Content Manager
CVE-2009-3823 (Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, ...)
- NOT-FOR-US: Mobilelib GOLD
+ NOT-FOR-US: Mobilelib GOLD
CVE-2009-3822 (PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat ...)
NOT-FOR-US: com_ajaxchat component for Joomla
CVE-2009-3821 (Cross-site scripting (XSS) vulnerability in the Apache Solr Search ...)
@@ -84462,7 +84462,7 @@
[squeeze] - zorp <no-dsa> (Minor issue)
[lenny] - zorp <no-dsa> (Minor issue)
- lighttpd 1.4.30-1
- NOTE: for any of the currently unfixed implementations, you can solve the problem by disabling renegotiation
+ NOTE: for any of the currently unfixed implementations, you can solve the problem by disabling renegotiation
NOTE: the following implement RFC 5746:
NOTE: - openssl 0.9.8m-1
NOTE: - apache 2.2.15-1
@@ -84636,7 +84636,7 @@
NOT-FOR-US: Kinfusion SportFusion
CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a ...)
{DSA-1904-1}
- - wget 1.12-1 (medium; bug #549293)
+ - wget 1.12-1 (medium; bug #549293)
CVE-2009-3489 (Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 ...)
NOT-FOR-US: Adobe Photoshop Elements
CVE-2009-3488 (Cross-site scripting (XSS) vulnerability in the Bibliography (aka ...)
@@ -84693,11 +84693,11 @@
CVE-2009-3471 (IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before ...)
NOT-FOR-US: IBM DB2
CVE-2009-3470 (IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 ...)
- NOT-FOR-US: IBM Informix Dynamic Server (IDS)
+ NOT-FOR-US: IBM Informix Dynamic Server (IDS)
CVE-2009-3469 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: IBM Lotus Connections
CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop Environment ...)
- NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris
+ NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris
CVE-2009-3467 (Cross-site scripting (XSS) vulnerability in an unspecified method in ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
@@ -85005,13 +85005,13 @@
CVE-2009-3355 (Cross-site scripting (XSS) vulnerability in profile.php in Datetopia ...)
NOT-FOR-US: Datetopia Buy Dating Site
CVE-2009-3354 (Multiple unspecified vulnerabilities in the Rest API module for Drupal ...)
- NOT-FOR-US: Rest API module for Drupal
+ NOT-FOR-US: Rest API module for Drupal
CVE-2009-3353 (Multiple unspecified vulnerabilities in the Node2Node module for ...)
NOT-FOR-US: Node2Node module for Drupal
CVE-2009-3352 (Multiple unspecified vulnerabilities in the quota_by_role (Quota by ...)
- NOT-FOR-US: quota_by_role (Quota by role) module for Drupal
+ NOT-FOR-US: quota_by_role (Quota by role) module for Drupal
CVE-2009-3351 (Multiple unspecified vulnerabilities in the Node Browser module for ...)
- NOT-FOR-US: Node Browser module for Drupal
+ NOT-FOR-US: Node Browser module for Drupal
CVE-2009-3350 (Multiple unspecified vulnerabilities in the Subdomain Manager module ...)
NOT-FOR-US: Subdomain Manager module for Drupal
CVE-2009-3349 (SQL injection vulnerability in Datavore Gyro 5.0 allows remote ...)
@@ -85037,7 +85037,7 @@
CVE-2009-3339 (Unspecified vulnerability in McAfee Email and Web Security Appliance ...)
NOT-FOR-US: McAfee Email and Web Security Appliance
CVE-2009-3338 (Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b ...)
- NOT-FOR-US: Magic Morph
+ NOT-FOR-US: Magic Morph
CVE-2009-3337 (SQL injection vulnerability in the Freetag (serendipity_event_freetag) ...)
NOT-FOR-US: plugin for Serendipity
CVE-2009-3336 (SQL injection vulnerability in auction_details.php in PHP Pro Bid ...)
@@ -85189,7 +85189,7 @@
CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...)
NOT-FOR-US: QNAP TS-239 Pro and TS-639
CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...)
- NOT-FOR-US: QNAP TS-239 Pro and TS-639
+ NOT-FOR-US: QNAP TS-239 Pro and TS-639
CVE-2009-3277 (DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault ...)
NOT-FOR-US: datavault
CVE-2009-3276 (Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed ...)
@@ -85256,7 +85256,7 @@
CVE-2009-3259 (Multiple SQL injection vulnerabilities in RASH Quote Management System ...)
NOT-FOR-US: RASH Quote Management System (RQMS)
CVE-2009-3258 (vtiger CRM before 5.1.0 allows remote authenticated users, with ...)
- NOT-FOR-US: vtiger CRM
+ NOT-FOR-US: vtiger CRM
CVE-2009-3257 (vtiger CRM before 5.1.0 allows remote authenticated users to bypass ...)
NOT-FOR-US: vtiger CRM
CVE-2009-3256 (Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php ...)
@@ -85293,7 +85293,7 @@
- openssl 0.9.8m-1 (low; bug #575433)
[lenny] - openssl 0.9.8g-15+lenny7
CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...)
- NOT-FOR-US: Adobe ShockWave Player
+ NOT-FOR-US: Adobe ShockWave Player
CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and ...)
- wireshark <not-affected> (Windows-only issue)
CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in ...)
@@ -85412,13 +85412,13 @@
CVE-2009-3195 (Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech ...)
NOT-FOR-US: JCE-Tech Auction RSS Content Script
CVE-2009-3194 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech ...)
- NOT-FOR-US: JCE-Tech SearchFeed Script
+ NOT-FOR-US: JCE-Tech SearchFeed Script
CVE-2009-3193 (SQL injection vulnerability in the DigiFolio (com_digifolio) component ...)
NOT-FOR-US: component for Joomla!
CVE-2009-3192 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: LinkorCMS
CVE-2009-3191 (Multiple cross-site scripting (XSS) vulnerabilities in PAD Site ...)
- NOT-FOR-US: PAD Site Scripts
+ NOT-FOR-US: PAD Site Scripts
CVE-2009-3190 (Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow ...)
NOT-FOR-US: PAD Site Scripts
CVE-2009-3189 (Cross-site scripting (XSS) vulnerability in search.php in DigiOz ...)
@@ -85426,7 +85426,7 @@
CVE-2009-3188 (PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 ...)
NOT-FOR-US: phpSANE
CVE-2009-3187 (Cross-site scripting (XSS) vulnerability in gamelist.php in Stand ...)
- NOT-FOR-US: Stand Alone Arcade
+ NOT-FOR-US: Stand Alone Arcade
CVE-2009-3186 (Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ ...)
NOT-FOR-US: VideoGirls BiZ
CVE-2009-3185 (SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 ...)
@@ -85961,7 +85961,7 @@
CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweight ...)
NOT-FOR-US: Lightweight news portal
CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce ...)
- NOT-FOR-US: GSC build
+ NOT-FOR-US: GSC build
CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...)
NOT-FOR-US: Joomla
CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ...)
@@ -86181,7 +86181,7 @@
- rails 2.2.3-1 (low; bug #545063)
[etch] - rails <no-dsa> (Unsupported)
CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...)
- NOT-FOR-US: K-Meleon
+ NOT-FOR-US: K-Meleon
CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow ...)
{DSA-1922-1}
- xulrunner 1.9.1.3-3 (low)
@@ -86459,7 +86459,7 @@
CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...)
NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-7067 (PHP remote file inclusion vulnerability in ...)
- NOT-FOR-US: PageTree CMS
+ NOT-FOR-US: PageTree CMS
CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication ...)
NOT-FOR-US: OpenForum
CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers to ...)
@@ -86551,7 +86551,7 @@
CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro Director ...)
NOT-FOR-US: SlideShowPro Director
CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature in elka ...)
- NOT-FOR-US: elka CMS (aka Elkapax)
+ NOT-FOR-US: elka CMS (aka Elkapax)
CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management 0.x ...)
NOT-FOR-US: TGS Content Management
CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS Content ...)
@@ -86573,11 +86573,11 @@
CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication and ...)
NOT-FOR-US: NatterChat
CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers to ...)
- NOT-FOR-US: AJ Square Free Polling Script
+ NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows remote ...)
- NOT-FOR-US: AJ Square Free Polling Script
+ NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ Square ...)
- NOT-FOR-US: AJ Square Free Polling Script
+ NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in ...)
NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in FreshScripts ...)
@@ -86601,9 +86601,9 @@
CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
NOT-FOR-US: component for Joomla!
CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF) vulnerability ...)
- NOT-FOR-US: web management console in F5 BIG-IP
+ NOT-FOR-US: web management console in F5 BIG-IP
CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC ...)
- NOT-FOR-US: Foxit Remote Access Server (aka WAC Server)
+ NOT-FOR-US: Foxit Remote Access Server (aka WAC Server)
CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web ...)
NOT-FOR-US: Site2Nite Real Estate Web
CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG ...)
@@ -86629,7 +86629,7 @@
CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass ...)
NOT-FOR-US: Esqlanelapse
CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar ...)
- NOT-FOR-US: NashTech Easy PHP Calendar
+ NOT-FOR-US: NashTech Easy PHP Calendar
CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in CAcert ...)
NOT-FOR-US: CAcert
CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple ...)
@@ -86729,15 +86729,15 @@
CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in Scripteen Free ...)
NOT-FOR-US: Scripteen Free Image Hosting Script
CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now Riddles ...)
- NOT-FOR-US: PHP Scripts Now Riddles
+ NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts ...)
- NOT-FOR-US: PHP Scripts Now Riddles
+ NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts ...)
- NOT-FOR-US: PHP Scripts Now Riddles
+ NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now Hangman ...)
NOT-FOR-US: PHP Scripts Now Hangman
CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
- NOT-FOR-US: PHP Scripts Now President Bios
+ NOT-FOR-US: PHP Scripts Now President Bios
CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now President ...)
NOT-FOR-US: PHP Scripts Now President
CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now World's ...)
@@ -86843,7 +86843,7 @@
CVE-2008-7009 (Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security ...)
NOT-FOR-US: Check Point ZoneAlarm Security Suite
CVE-2008-7008 (HyperStop Web Host Directory 1.2 allows remote attackers to bypass ...)
- NOT-FOR-US: HyperStop Web Host Directory
+ NOT-FOR-US: HyperStop Web Host Directory
CVE-2008-7007 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass ...)
NOT-FOR-US: Free PHP VX Guestbook
CVE-2008-7006 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass ...)
@@ -87006,9 +87006,9 @@
CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for ...)
NOT-FOR-US: Apple iPhone OS
CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in Apple ...)
- NOT-FOR-US: Apple iPhone OS
+ NOT-FOR-US: Apple iPhone OS
CVE-2009-2794 (The Exchange Support component in Apple iPhone OS before 3.1, and ...)
- NOT-FOR-US: Apple iPhone OS
+ NOT-FOR-US: Apple iPhone OS
CVE-2009-2793 (The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms ...)
NOT-FOR-US: NetBSD kernel
CVE-2009-2792 (Directory traversal vulnerability in plugings/pagecontent.php in ...)
@@ -87040,7 +87040,7 @@
CVE-2009-2779 (SQL injection vulnerability in index.php in AJ Matrix DNA allows ...)
NOT-FOR-US: AJ Matrix DNA
CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS ...)
- NOT-FOR-US: The Rat CMS
+ NOT-FOR-US: The Rat CMS
CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...)
- php5 (unimportant)
NOTE: safe-mode and basedir violations not treated as security issues
@@ -87153,7 +87153,7 @@
- logrotate 3.7.8-4 (low; bug #388608)
[lenny] - logrotate <no-dsa> (Minor issue)
CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 ...)
- NOT-FOR-US: IBM WebSphere
+ NOT-FOR-US: IBM WebSphere
CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before ...)
- icedove 2.0.0.19-1
- iceape 1.1.14-1
@@ -87225,7 +87225,7 @@
CVE-2009-2742 (Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in the test ...)
- NOT-FOR-US: IBM WebSphere Business Events
+ NOT-FOR-US: IBM WebSphere Business Events
CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention ...)
NOT-FOR-US: CA Host-Based Intrusion Prevention System (HIPS)
CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 ...)
@@ -87567,7 +87567,7 @@
CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and ...)
NOT-FOR-US: Embedded Web Server in HP printers
CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote Graphics ...)
- NOT-FOR-US: HP Remote Graphics
+ NOT-FOR-US: HP Remote Graphics
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP ...)
NOT-FOR-US: HP-UX
CVE-2009-2681 (Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) ...)
@@ -87640,9 +87640,9 @@
CVE-2008-6903 (Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows ...)
NOT-FOR-US: Sophos SAVScan
CVE-2008-6902 (Unrestricted file upload vulnerability in upload_flyer.php in ...)
- NOT-FOR-US: 2532designs
+ NOT-FOR-US: 2532designs
CVE-2008-6901 (Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs ...)
- NOT-FOR-US: 2532designs
+ NOT-FOR-US: 2532designs
CVE-2008-6900 (Unrestricted file upload vulnerability in "Add Pen/Author Name" ...)
NOT-FOR-US: AvailScript Article Script
CVE-2008-6899 (Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated ...)
@@ -87653,9 +87653,9 @@
NOT-FOR-US: Andres Garcia Getleft
CVE-2009-2666 (socket.c in fetchmail before 6.3.11 does not properly handle a '\0' ...)
{DSA-1852-1}
- - fetchmail 6.3.9~rc2-6
+ - fetchmail 6.3.9~rc2-6
CVE-2009-2665 (The nsDocument::SetScriptGlobalObject function in ...)
- - xulrunner 1.9.1.8-1
+ - xulrunner 1.9.1.8-1
[lenny] - xulrunner <not-affected> (vulnerability introduced in firefox 3.5)
[etch] - xulrunner <not-affected> (vulnerability introduced in firefox 3.5)
CVE-2009-2664 (The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript ...)
@@ -87727,7 +87727,7 @@
[etch] - poppler <not-affected> (Vulnerable code not present)
CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...)
{DSA-2025-1 DSA-1874-1}
- - nss 3.12.3-1 (medium; bug #539934)
+ - nss 3.12.3-1 (medium; bug #539934)
- icedove 2.0.0.24-1 (medium)
CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...)
- asterisk 1:1.6.2.0~dfsg~rc1-1 (low; bug #539473)
@@ -87786,7 +87786,7 @@
CVE-2009-2637 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...)
NOT-FOR-US: Joomla! component
CVE-2009-2636 (Cross-site scripting (XSS) vulnerability in the Integration page in ...)
- NOT-FOR-US: WebMail component in Kerio MailServer
+ NOT-FOR-US: WebMail component in Kerio MailServer
CVE-2009-2635 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...)
NOT-FOR-US: Joomla! component
CVE-2009-2634 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...)
@@ -87872,7 +87872,7 @@
CVE-2009-2598 (Multiple SQL injection vulnerabilities in Online Grades & Attendance ...)
NOT-FOR-US: Online Grades & Attendance
CVE-2009-2597 (The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for ...)
- NOT-FOR-US: Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server
+ NOT-FOR-US: Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server
CVE-2009-2596 (Unspecified vulnerability in the Solaris Auditing subsystem in Sun ...)
NOT-FOR-US: Solaris Auditing subsystem
CVE-2008-6878 (** DISPUTED ** Directory traversal vulnerability in ...)
@@ -87883,13 +87883,13 @@
{DSA-1843-2 DSA-1843-1}
- squid3 3.0.STABLE18-1 (medium; bug #538989)
- squid <not-affected> (see NOTE)
- NOTE: squid 2.x not affected, according to
+ NOTE: squid 2.x not affected, according to
NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
CVE-2009-2621 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not ...)
{DSA-1843-2 DSA-1843-1}
- squid3 3.0.STABLE18-1 (medium; bug #538989)
- squid <not-affected> (see NOTE)
- NOTE: squid 2.x not affected, according to
+ NOTE: squid 2.x not affected, according to
NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
CVE-2009-2595 (Cross-site scripting (XSS) vulnerability in productSearch.html in ...)
NOT-FOR-US: Censura
@@ -88007,9 +88007,9 @@
[etch] - wireshark <not-affected> (Only affects 1.2.0)
[lenny] - wireshark <not-affected> (Only affects 1.2.0)
CVE-2009-2558 (system/message.php in Admin News Tools 2.5 does not properly restrict ...)
- NOT-FOR-US: Admin News Tools
+ NOT-FOR-US: Admin News Tools
CVE-2009-2557 (Directory traversal vulnerability in system/download.php in Admin News ...)
- NOT-FOR-US: Admin News Tools
+ NOT-FOR-US: Admin News Tools
CVE-2009-2556 (Google Chrome before 2.0.172.37 allows attackers to leverage renderer ...)
- chromium-browser <not-affected> (Only 2.x is affected)
- webkit <not-affected> (chrome-specfic renderer issue)
@@ -88021,7 +88021,7 @@
{DSA-1848-1}
- znc 0.074-1 (medium; bug #537977)
NOTE: http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570
- NOTE: CVE id requested
+ NOTE: CVE id requested
CVE-2009-2554 (SQL injection vulnerability in the search method in jobline.class.php ...)
NOT-FOR-US: Joomla!
CVE-2009-2553 (Multiple SQL injection vulnerabilities in comments.php in Super Simple ...)
@@ -88084,7 +88084,7 @@
CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...)
NOT-FOR-US: Microsoft Windows Media Runtime
CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the Local ...)
- NOT-FOR-US: Microsoft Windows XP
+ NOT-FOR-US: Microsoft Windows XP
CVE-2009-2523 (The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 ...)
NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2522
@@ -88148,7 +88148,7 @@
CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
- - movabletype-opensource 4.2.6.1-1 (low; bug #537935)
+ - movabletype-opensource 4.2.6.1-1 (low; bug #537935)
[lenny] - movabletype-opensource 4.2.3-1+lenny1
CVE-2009-4589 (Cross-site scripting (XSS) vulnerability in the Special:Block ...)
- mediawiki 1:1.15.0-1.1 (low; bug #537634)
@@ -88164,7 +88164,7 @@
CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...)
- vlc <not-affected> (The vulnerability affects Windows builds only)
CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote ...)
- - xulrunner 1.9.1.1-1
+ - xulrunner 1.9.1.1-1
[etch] - xulrunner <not-affected> (only affects firefox 3.5)
[lenny] - xulrunner <not-affected> (only affects firefox 3.5)
CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of ...)
@@ -88321,7 +88321,7 @@
[lenny] - xulrunner <not-affected> (vulnerable code introduced in firefox 3.5)
[etch] - xulrunner <not-affected> (vulnerable code introduced in firefox 3.5)
CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online ...)
- NOT-FOR-US: Tall Emu Online Armor Personal Firewall
+ NOT-FOR-US: Tall Emu Online Armor Personal Firewall
CVE-2009-2449 (Directory traversal vulnerability in ...)
NOT-FOR-US: ADbNewsSender
CVE-2009-2448 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online ...)
@@ -88383,13 +88383,13 @@
[lenny] - rails <not-affected> (vulnerable code not present, introduced in 2.3.x)
CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command ...)
{DSA-1877-1}
- - mysql-dfsg-5.0 <removed> (low; bug #536726)
+ - mysql-dfsg-5.0 <removed> (low; bug #536726)
[squeeze] - mysql-dfsg-5.0 5.0.51a-24+lenny2
CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
- libio-socket-ssl-perl 1.26-1 (low; bug #535946)
[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
- NOTE: hostname validition is not implemented until 1.14, so etch
- NOTE: is in a way is not affected, but in another sense, it is
+ NOTE: hostname validition is not implemented until 1.14, so etch
+ NOTE: is in a way is not affected, but in another sense, it is
NOTE: completely affected since no validation done at all
CVE-2009-2421 (The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in ...)
NOT-FOR-US: Apple Safari
@@ -88454,7 +88454,7 @@
[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla ...)
{DSA-2025-1 DSA-1874-1}
- - nss 3.12.3-1 (low; bug #539934)
+ - nss 3.12.3-1 (low; bug #539934)
- icedove 2.0.0.24-1 (low)
CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to ...)
NOT-FOR-US: SCMPX
@@ -88694,7 +88694,7 @@
[etch] - mimedecode <no-dsa> (minor issue)
[lenny] - mimedecode <no-dsa> (minor issue)
CVE-2009-2313 (Directory traversal vulnerability in index.php in Jinzora Media ...)
- NOT-FOR-US: Jinzora Media Jukebox
+ NOT-FOR-US: Jinzora Media Jukebox
CVE-2009-2312 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in ...)
NOT-FOR-US: Secure Computing SmartFilter
CVE-2009-2311 (SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab ...)
@@ -88756,7 +88756,7 @@
- tiff3 <not-affected> (fixed prior to initial upload)
NOTE: this doesn't allow code execution, only a crash.
CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help jsp ...)
- NOT-FOR-US: Sun Java Web Console in Solaris
+ NOT-FOR-US: Sun Java Web Console in Solaris
CVE-2009-2282 (The Virtual Network Terminal Server daemon (vntsd) for Logical Domains ...)
NOT-FOR-US: LDoms in Sun Solaris
CVE-2008-6847 (Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in ...)
@@ -88851,7 +88851,7 @@
- knowledgeroot 0.9.8.5-3 (medium; bug #538722)
- karrigell <removed>
[etch] - karrigell <not-affected> (Vulnerable code not present)
- NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
+ NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
CVE-2009-2264
RESERVED
CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega ...)
@@ -88921,7 +88921,7 @@
{DSA-1830-1}
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
- - iceape 1.1.17-1
+ - iceape 1.1.17-1
[squeeze] - iceape <not-affected> (only provides a stub for XPCOM)
[lenny] - iceape <not-affected> (Only provides a stub for XPCOM)
[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
@@ -88933,7 +88933,7 @@
CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...)
- zoph 0.8.0.1-1 (low; bug #535188)
[lenny] - zoph <no-dsa> (Minor issue, fringe package)
- NOTE: it seems a duplicate of CVE-2008-3258
+ NOTE: it seems a duplicate of CVE-2008-3258
CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...)
- zoph 0.8.0.1-1 (bug #535188)
[lenny] - zoph <no-dsa> (Minor issue, fringe package)
@@ -89019,7 +89019,7 @@
CVE-2009-2205 (Stack-based buffer overflow in the Java Web Start command launcher in ...)
NOT-FOR-US: Mac OS X
CVE-2009-2204 (Unspecified vulnerability in the CoreTelephony component in Apple ...)
- NOT-FOR-US: Apple iPhone OS
+ NOT-FOR-US: Apple iPhone OS
CVE-2009-2203 (Buffer overflow in Apple QuickTime before 7.6.4 allows remote ...)
NOT-FOR-US: Apple QuickTime
CVE-2009-2202 (Apple QuickTime before 7.6.4 allows remote attackers to execute ...)
@@ -89056,7 +89056,7 @@
CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 ...)
NOT-FOR-US: kernel in Apple Mac OS X
CVE-2009-2192 (MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete ...)
- NOT-FOR-US: MobileMe in Apple Mac OS X
+ NOT-FOR-US: MobileMe in Apple Mac OS X
CVE-2009-2191 (Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 ...)
NOT-FOR-US: Login Window in Apple Mac OS X
CVE-2009-2190 (launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers ...)
@@ -89066,7 +89066,7 @@
CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and ...)
NOT-FOR-US: ImageIO in Apple Mac OS X
CVE-2009-2187 (Multiple memory leaks in the (1) IP and (2) IPv6 multicast ...)
- NOT-FOR-US: Sun Solaris
+ NOT-FOR-US: Sun Solaris
CVE-2009-2186 (Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 ...)
NOT-FOR-US: Adobe Shockwave Playe
CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, ...)
@@ -89104,7 +89104,7 @@
CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated users ...)
NOT-FOR-US: Carom3D
CVE-2009-2172 (Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in ...)
- NOT-FOR-US: Radio and TV Player addon for vBulletin
+ NOT-FOR-US: Radio and TV Player addon for vBulletin
CVE-2009-2169 (Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX ...)
NOT-FOR-US: Edraw PDF Viewer
CVE-2009-2168 (cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a ...)
@@ -89428,7 +89428,7 @@
CVE-2009-2037 (Multiple directory traversal vulnerabilities in Online Grades & ...)
NOT-FOR-US: Online Grades
CVE-2009-2036 (SQL injection vulnerability in index.php in Open Biller 0.1 allows ...)
- NOT-FOR-US: Open Biller
+ NOT-FOR-US: Open Biller
CVE-2009-2035 (Unspecified vulnerability in Services 6.x before 6.x-0.14, a module ...)
NOT-FOR-US: Service module for Drupal
CVE-2009-2034 (SQL injection vulnerability in writemessage.php in Yogurt 0.3, when ...)
@@ -89688,7 +89688,7 @@
CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client ...)
NOT-FOR-US: ActiveX
CVE-2009-1928 (Stack consumption vulnerability in the LDAP service in Active ...)
- NOT-FOR-US: Microsoft Windows
+ NOT-FOR-US: Microsoft Windows
CVE-2009-1927
RESERVED
CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista ...)
@@ -89751,7 +89751,7 @@
- ruby1.9 <removed> (bug #575778)
NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows ...)
- - libapache-mod-security 2.5.9-1
+ - libapache-mod-security 2.5.9-1
CVE-2009-1902 (The multipart processor in ModSecurity before 2.5.9 allows remote ...)
- libapache-mod-security 2.5.9-1
CVE-2009-1901 (The Security component in IBM WebSphere Application Server (WAS) 6.0.2 ...)
@@ -89851,7 +89851,7 @@
CVE-2009-3870
REJECTED
CVE-2009-1879 (Cross-site scripting (XSS) vulnerability in index.template.html in the ...)
- NOT-FOR-US: Adobe Flex
+ NOT-FOR-US: Adobe Flex
CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and ...)
@@ -90641,7 +90641,7 @@
NOT-FOR-US: Novell GroupWise
CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel ...)
{DSA-1865-1 DSA-1844-1 DSA-1809-1}
- - linux-2.6 2.6.30-1
+ - linux-2.6 2.6.30-1
- linux-2.6.24 <removed>
CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote ...)
{DSA-1804-1}
@@ -90651,11 +90651,11 @@
NOTE: Mostly a security enhancement, only for local users/mail and open homedirs
CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client ...)
{DSA-1865-1 DSA-1844-1 DSA-1809-1}
- - linux-2.6 2.6.30-1
+ - linux-2.6 2.6.30-1
- linux-2.6.24 <removed>
CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with ...)
{DSA-1994-1}
- - ajaxterm 0.10-5 (medium; bug #528938)
+ - ajaxterm 0.10-5 (medium; bug #528938)
CVE-2009-1789 (mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and ...)
{DSA-1826-1}
- eggdrop 1.6.19-1.2 (medium; bug #528778)
@@ -90712,7 +90712,7 @@
CVE-2009-1608 (Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly ...)
NOT-FOR-US: Microchip MPLAB IDE
CVE-2009-1607 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
- NOT-FOR-US: LinkBase
+ NOT-FOR-US: LinkBase
CVE-2009-1606 (Multiple stack-based and heap-based buffer overflows in Dafolo ...)
NOT-FOR-US: Dafolo DafoloControl ActiveX
CVE-2009-1605 (Heap-based buffer overflow in the loadexponentialfunc function in ...)
@@ -90842,7 +90842,7 @@
[etch] - xulrunner <end-of-life>
- iceape 2.0.3-1
[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
- - icedove 3.0.2-1
+ - icedove 3.0.2-1
CVE-2009-1570 (Integer overflow in the ReadImage function in ...)
- gimp 2.6.7-1.1 (medium; bug #555929)
CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client 4.38, ...)
@@ -91173,11 +91173,11 @@
CVE-2009-1453 (SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 ...)
NOT-FOR-US: Tiny Blogr
CVE-2009-1452 (Multiple PHP remote file inclusion vulnerabilities in theme/format.php ...)
- NOT-FOR-US: SMA-DB
+ NOT-FOR-US: SMA-DB
CVE-2009-1451 (Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB ...)
- NOT-FOR-US: SMA-DB
+ NOT-FOR-US: SMA-DB
CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 ...)
- NOT-FOR-US: SMA-DB
+ NOT-FOR-US: SMA-DB
CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote ...)
{DSA-1871-2 DSA-1871-1}
- wordpress 2.8.3-1 (low; bug #531736)
@@ -91309,7 +91309,7 @@
- webkit <not-affected> (doesn't have a 'chromehtml' handler)
CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
- iodine 0.5.1 (low)
- [lenny] - iodine 0.4.2-2~lenny1
+ [lenny] - iodine 0.4.2-2~lenny1
CVE-2009-XXXX [ntop: access.log permissions]
- ntop <not-affected> (fedora-specific configuration issue; debian package not affected)
NOTE: bug #524801 (http://bugs.debian.org/524801)
@@ -91576,7 +91576,7 @@
NOTE: We should probably request removal from unstable, replaced by foswiki
CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux ...)
{DSA-1800-1 DSA-1787-1}
- - linux-2.6 2.6.29-1
+ - linux-2.6 2.6.29-1
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before ...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
@@ -91621,7 +91621,7 @@
CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Product ...)
NOT-FOR-US: ASP Product Catalog
CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOT-FOR-US: Zazzle Store Builder
+ NOT-FOR-US: Zazzle Store Builder
CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in GuestCal ...)
NOT-FOR-US: GuestCal
CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 ...)
@@ -92022,7 +92022,7 @@
- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.27 release)
CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...)
{DSA-1800-1 DSA-1787-1}
- - linux-2.6 2.6.30-1
+ - linux-2.6 2.6.30-1
[etch] - linux-2.6 <not-affected> (Doesn't include KVM yet)
- linux-2.6.24 <removed>
CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...)
@@ -92062,7 +92062,7 @@
CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
- ajaxplorer <itp> (bug #668381)
CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader ...)
- NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX
+ NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX
CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...)
NOT-FOR-US: Library Video Company SAFARI Montage
CVE-2008-6636 (PHP remote file inclusion vulnerability in skins/default.php in Geody ...)
@@ -92133,7 +92133,7 @@
CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...)
- clamav 0.95+dfsg-1 (medium; bug #526042)
[etch] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time)
- [lenny] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time)
+ [lenny] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time)
CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 ...)
NOT-FOR-US: IBM Proventia
CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in certain ...)
@@ -92315,12 +92315,12 @@
- apache2 2.2.11-6 (low; bug #530834)
CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in ...)
{DSA-1798-1}
- - pango1.0 1.24.0-2 (medium; bug #527474)
+ - pango1.0 1.24.0-2 (medium; bug #527474)
CVE-2009-1193
RESERVED
CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages ...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- - linux-2.6 2.6.29-4
+ - linux-2.6 2.6.29-4
- linux-2.6.24 <removed>
CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...)
- apache2 2.2.11-4 (low)
@@ -92426,7 +92426,7 @@
CVE-2008-6563 (Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly ...)
NOT-FOR-US: Trillian
CVE-2008-6562 (Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack ...)
- NOT-FOR-US: Jack (tR) Jax LinkLists
+ NOT-FOR-US: Jack (tR) Jax LinkLists
CVE-2008-6561 (Citrix Presentation Server Client for Windows before 10.200 does not ...)
NOT-FOR-US: Citrix
CVE-2007-6724 (Vidalia bundle before 0.1.2.18, when running on Windows, installs ...)
@@ -92436,7 +92436,7 @@
CVE-2007-6722 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, ...)
NOT-FOR-US: Vidalia
CVE-2006-7237 (PHP remote file inclusion vulnerability in ...)
- NOT-FOR-US: Ixprim
+ NOT-FOR-US: Ixprim
CVE-2005-4880 (Jax Guestbook 3.1 and 3.31 stores sensitive information under the web ...)
NOT-FOR-US: Jax Guestbook
CVE-2005-4879 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -92641,11 +92641,11 @@
CVE-2008-6543 (Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM ...)
NOT-FOR-US: ComScripts TEAM Quick Classifieds
CVE-2008-6542 (Unspecified vulnerability in the Skin Manager in DotNetNuke before ...)
- NOT-FOR-US: DotNetNuke
+ NOT-FOR-US: DotNetNuke
CVE-2008-6541 (Unrestricted file upload vulnerability in the file manager module in ...)
- NOT-FOR-US: DotNetNuke
+ NOT-FOR-US: DotNetNuke
CVE-2008-6540 (DotNetNuke before 4.8.2, during installation or upgrade, does not warn ...)
- NOT-FOR-US: DotNetNuke
+ NOT-FOR-US: DotNetNuke
CVE-2008-6539 (Static code injection vulnerability in user/settings/ in DeStar ...)
- destar <removed> (bug #522123)
CVE-2008-6538 (DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a ...)
@@ -92668,7 +92668,7 @@
- drupal6 6.9-1 (low)
[lenny] - drupal6 6.6-1.1
CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA before ...)
- NOT-FOR-US: Atlassian JIRA
+ NOT-FOR-US: Atlassian JIRA
CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in ...)
NOT-FOR-US: eZoneScripts Living Local
CVE-2008-6529 (Cross-site scripting (XSS) vulnerability in listtest.php in ...)
@@ -93233,7 +93233,7 @@
[etch] - postgresql-8.1 8.1.17-0etch1
[etch] - postgresql-7.4 <no-dsa> (Minor issue)
CVE-2008-6481 (SQL injection vulnerability in the Versioning component ...)
- NOT-FOR-US: Versioning component (com_versioning) in Joomla! and Mambo
+ NOT-FOR-US: Versioning component (com_versioning) in Joomla! and Mambo
CVE-2009-0921 (Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP ...)
NOT-FOR-US: HP Openview
CVE-2009-0920 (Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView ...)
@@ -93281,7 +93281,7 @@
CVE-2009-0907
REJECTED
CVE-2009-0906 (The Service Component Architecture (SCA) feature pack for IBM ...)
- NOT-FOR-US: IBM WebSphere
+ NOT-FOR-US: IBM WebSphere
CVE-2009-0905 (IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not ...)
NOT-FOR-US: IBM WebSphere
CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in IBM ...)
@@ -94449,17 +94449,17 @@
CVE-2008-6248 (Cross-site scripting (XSS) vulnerability in all.php in Galatolo ...)
NOT-FOR-US: Galatolo WebManager
CVE-2008-6247 (SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) ...)
- NOT-FOR-US: Scripts For Sites
+ NOT-FOR-US: Scripts For Sites
CVE-2008-6246 (SQL injection vulnerability in category.php in Scripts For Sites (SFS) ...)
- NOT-FOR-US: Scripts For Sites
+ NOT-FOR-US: Scripts For Sites
CVE-2008-6245 (SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ ...)
- NOT-FOR-US: Scripts For Sites
+ NOT-FOR-US: Scripts For Sites
CVE-2008-6244 (SQL injection vulnerability in view_reviews.php in Scripts for Sites ...)
- NOT-FOR-US: Scripts For Sites
+ NOT-FOR-US: Scripts For Sites
CVE-2008-6243 (SQL injection vulnerability in showcategory.php in Scripts For Sites ...)
- NOT-FOR-US: Scripts For Sites
+ NOT-FOR-US: Scripts For Sites
CVE-2008-6242 (SQL injection vulnerability in SearchResults.php in Scripts For Sites ...)
- NOT-FOR-US: Scripts For Sites
+ NOT-FOR-US: Scripts For Sites
CVE-2008-6241 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...)
NOT-FOR-US: FlexPHPSite
CVE-2008-6240 (Cross-site scripting (XSS) vulnerability in data/views/index.html in ...)
@@ -94469,7 +94469,7 @@
CVE-2008-6238 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6237 (SQL injection vulnerability in software-description.php in Scripts For ...)
- NOT-FOR-US: Scripts For Sites
+ NOT-FOR-US: Scripts For Sites
CVE-2008-6236 (SQL injection vulnerability in login.php in Simple Document Management ...)
NOT-FOR-US: Simple Document Management System
CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted ...)
@@ -94491,7 +94491,7 @@
CVE-2008-6228 (Pre Multi-Vendor Shopping Malls allows remote attackers to bypass ...)
NOT-FOR-US: Pre Multi-Vendor Shopping Malls
CVE-2008-6227 (SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor ...)
- NOT-FOR-US: Pre Multi-Vendor Shopping Malls
+ NOT-FOR-US: Pre Multi-Vendor Shopping Malls
CVE-2008-6226 (SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto ...)
NOT-FOR-US: Pre Projects PHP Auto Listings Script
CVE-2008-6225 (** DISPUTED ** ...)
@@ -94530,7 +94530,7 @@
NOTE: don't use encryption or something similar you have lost anyway
NOTE: - this ^ philosophy is flawed; it should not be trivial to get root just because you
NOTE: have local access to the machine. it is worth it to make it as difficult as
- NOTE: possible without impacting authorized users. otherwise, why spend so much effort
+ NOTE: possible without impacting authorized users. otherwise, why spend so much effort
NOTE: to make sure xscreensaver, gdm, and login are rock solid?
NOTE: - i would like to track as low, rather than unimportant
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...)
@@ -94745,7 +94745,7 @@
- linux-2.6 <not-affected> (CONFIG_KPROBES is not enabled)
- linux-2.6.24 <not-affected> (CONFIG_KPROBES is not enabled)
CVE-2008-6158 (Multiple unspecified vulnerabilities in the admin backend in w3b>cms ...)
- NOT-FOR-US: w3blabor CMS
+ NOT-FOR-US: w3blabor CMS
CVE-2008-6157 (SepCity Classified Ads stores the admin password in cleartext in ...)
NOT-FOR-US: SepCity Classified Ads
CVE-2009-0604 (SQL injection vulnerability in index.php in PHP Director 0.21 and ...)
@@ -94856,8 +94856,8 @@
- tomcat5.5 <removed> (low; bug #532366)
CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...)
- pam 1.0.1-10 (unimportant; bug #514437)
- NOTE: the ability to change a password earlier than scheduled is not a security
- NOTE: vulnerability in itself (unless the user changes their password back to
+ NOTE: the ability to change a password earlier than scheduled is not a security
+ NOTE: vulnerability in itself (unless the user changes their password back to
NOTE: their previous password; thus violating the security policy as defined by
NOTE: the administrator)
CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify ...)
@@ -95134,7 +95134,7 @@
NOTE: MSA-09-0004
CVE-2009-0501 (Unspecified vulnerability in the Calendar export feature in Moodle 1.8 ...)
{DTSA-195-1}
- - moodle 1.8.2.dfsg-4 (low)
+ - moodle 1.8.2.dfsg-4 (low)
[etch] - moodle <not-affected> (Vulnerable code not present)
CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle ...)
{DSA-1724-1 DTSA-195-1}
@@ -95412,7 +95412,7 @@
CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
NOT-FOR-US: Techsmith Camtasia Studio
CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
- NOT-FOR-US: InfoSoft FusionCharts
+ NOT-FOR-US: InfoSoft FusionCharts
CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not ...)
- webkit <not-affected> (bug #516555; low)
NOTE: webkit in linux needs libsoup for cookie support
@@ -95474,7 +95474,7 @@
CVE-2009-0403 (SQL injection vulnerability in admin/authenticate.php in Chipmunk ...)
NOT-FOR-US: Chipmunk Blogger Script
CVE-2009-0402 (SQL injection vulnerability in client/new_account.php in Domain ...)
- NOT-FOR-US: Domain Technologie Control
+ NOT-FOR-US: Domain Technologie Control
CVE-2009-0401 (SQL injection vulnerability in browsecats.php in E-Php CMS allows ...)
NOT-FOR-US: E-Php CMS
CVE-2009-0400 (SQL injection vulnerability in blog.php in SocialEngine 3.06 trial ...)
@@ -95508,7 +95508,7 @@
NOT-FOR-US: ActiveX
CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and ...)
- tightvnc <not-affected> (bug in the windows-specific client connection code)
- NOTE: http://bugs.debian.org/528204
+ NOTE: http://bugs.debian.org/528204
CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
{DSA-1729-1}
- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
@@ -95701,7 +95701,7 @@
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- - iceape 1.1.14-1.1
+ - iceape 1.1.14-1.1
[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
NOTE: Iceape in Lenny only provides XPCOM libs
- kompozer 1:0.8~alpha2+dfsg+svn129-1
@@ -95711,7 +95711,7 @@
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- - iceape 1.1.14-1.1
+ - iceape 1.1.14-1.1
[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
NOTE: Iceape in Lenny only provides XPCOM libs
- kompozer <not-affected> (.desktop file support is not available)
@@ -95731,7 +95731,7 @@
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- - iceape 1.1.14-1.1
+ - iceape 1.1.14-1.1
[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
NOTE: Iceape in Lenny only provides XPCOM libs
- icedove 2.0.0.22-1 (bug #535124)
@@ -95743,7 +95743,7 @@
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- - iceape 1.1.14-1.1
+ - iceape 1.1.14-1.1
[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
NOTE: Iceape in Lenny only provides XPCOM libs
- icedove 2.0.0.22-1 (bug #535124)
@@ -95842,7 +95842,7 @@
CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) ...)
NOT-FOR-US: Jetik Emlak Sistem
CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for ...)
- NOT-FOR-US: MailWatch for MailScanner
+ NOT-FOR-US: MailWatch for MailScanner
CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab ...)
NOT-FOR-US: emergecolab
CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and ...)
@@ -95989,7 +95989,7 @@
NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google ...)
- chromium-browser <not-affected> (only 1.x is affected)
- - libv8 1.3.11+dfsg-1
+ - libv8 1.3.11+dfsg-1
- webkit <not-affected> (libv8 issue)
CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, ...)
NOT-FOR-US: Novell GroupWise
@@ -96105,7 +96105,7 @@
CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
NOT-FOR-US: easyHDR PRO
CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into ...)
- NOTE: Mozilla #474967, upstream disputes this being a bug
+ NOTE: Mozilla #474967, upstream disputes this being a bug
CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb ...)
NOT-FOR-US: Enthrallweb eReservations
CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...)
@@ -96743,7 +96743,7 @@
CVE-2008-5869 (Cross-site scripting (XSS) vulnerability in the Proxim Wireless ...)
NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5868 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows ...)
- NOT-FOR-US: IntelliTamper
+ NOT-FOR-US: IntelliTamper
CVE-2009-0069 (Unspecified vulnerability in the nfs4rename_persistent_fh function in ...)
NOT-FOR-US: Solaris
CVE-2009-0068 (Interaction error in xdg-open allows remote attackers to execute ...)
@@ -98359,7 +98359,7 @@
- gallery 1.5.9-1.2 (low; bug #506824)
[etch] - gallery <not-affected> (vulnerable code introduced in 1.5.8-svn-b34)
CVE-2008-5295 (SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 ...)
- NOT-FOR-US: Jamit Job Board
+ NOT-FOR-US: Jamit Job Board
CVE-2008-5294 (SQL injection vulnerability in index.php in WebStudio eCatalogue ...)
NOT-FOR-US: WebStudio eCatalogue
CVE-2008-5293 (SQL injection vulnerability in index.php in WebStudio eHotel allows ...)
@@ -98411,7 +98411,7 @@
CVE-2008-5267 (SQL injection vulnerability in answer.php in Experts 1.0.0, when ...)
NOT-FOR-US: Experts
CVE-2008-5266 (Cross-site scripting (XSS) vulnerability in ...)
- NOT-FOR-US: Sun Java System Application Server
+ NOT-FOR-US: Sun Java System Application Server
CVE-2008-5265 (Directory traversal vulnerability in index.php in TNT Forum 0.9.4, ...)
NOT-FOR-US: TNT Forum
CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado ...)
@@ -99354,7 +99354,7 @@
[etch] - kino <not-affected> (Does not ship ffmpeg)
- gstreamer0.10-ffmpeg 0.10.3-2
CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in ...)
- - ffmpeg <not-affected> (Vulnerable code not present)
+ - ffmpeg <not-affected> (Vulnerable code not present)
- ffmpeg-debian <not-affected> (Vulnerable code not present)
[etch] - ffmpeg <not-affected> (Vulnerable code not present)
- mplayer 1.0~rc2-14
@@ -99532,7 +99532,7 @@
- htop 0.8.1-2 (unimportant; bug #504144)
NOTE: That scenario is too constructed to call it a security issue, especially
NOTE: given that the standard top will display the maliciously hidden processes
- NOTE: just fine.
+ NOTE: just fine.
CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek ...)
- virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149)
CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD service ...)
@@ -99849,7 +99849,7 @@
CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in ...)
- wordpress <not-affected> (Vulnerable code only in mulitiuser wordpress)
CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol ...)
- NOT-FOR-US: Ed Pudol Clickbank Portal
+ NOT-FOR-US: Ed Pudol Clickbank Portal
CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher ...)
NOT-FOR-US: Dan Fletcher Recipe Script
CVE-2008-4668 (Directory traversal vulnerability in the Image Browser ...)
@@ -99863,7 +99863,7 @@
CVE-2008-4664 (Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control ...)
NOT-FOR-US: QvodInsert
CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used ...)
- NOT-FOR-US: K's CGI Access Log Kaiseki
+ NOT-FOR-US: K's CGI Access Log Kaiseki
CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when ...)
NOT-FOR-US: LokiCMS
CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements ...)
@@ -100206,7 +100206,7 @@
CVE-2008-4522 (Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio ...)
NOT-FOR-US: JMweb MP3 Music Audio Search and Download Script
CVE-2008-4521 (SQL injection vulnerability in thisraidprogress.php in the World of ...)
- NOT-FOR-US: World of Warcraft tracker
+ NOT-FOR-US: World of Warcraft tracker
CVE-2008-4520 (Cross-site scripting (XSS) vulnerability in bulk_update.pl in ...)
NOT-FOR-US: AutoNessus
CVE-2008-4519 (Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 ...)
@@ -100351,7 +100351,7 @@
CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in Positive ...)
NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 ...)
- NOT-FOR-US: Nucleus EUC-JP
+ NOT-FOR-US: Nucleus EUC-JP
CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream ...)
{DSA-1655-1}
- linux-2.6 2.6.26-5
@@ -100376,7 +100376,7 @@
CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog ...)
NOT-FOR-US: bBlog
CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT ...)
- NOT-FOR-US: RMSOFT Downloads Plus
+ NOT-FOR-US: RMSOFT Downloads Plus
CVE-2008-4434 (Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and ...)
NOT-FOR-US: uTorrent/Bittorrent
CVE-2008-4433 (SQL injection vulnerability in search.php in the RMSOFT MiniShop ...)
@@ -100636,7 +100636,7 @@
CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom 0.2 ...)
NOT-FOR-US: phpSmartCom
CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 ...)
- NOT-FOR-US: vbLOGIX Tutorial Script
+ NOT-FOR-US: vbLOGIX Tutorial Script
CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
NOT-FOR-US: s0nic Paranews
CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, ...)
@@ -100849,7 +100849,7 @@
CVE-2008-4251
RESERVED
CVE-2008-4250 (The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
- NOT-FOR-US: Microsoft Windows
+ NOT-FOR-US: Microsoft Windows
CVE-2008-4249
RESERVED
CVE-2008-4248
@@ -100948,7 +100948,7 @@
CVE-2008-4205 (SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 ...)
NOT-FOR-US: Attachmax Dolphin
CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation ...)
- NOT-FOR-US: SoftAcid Hotel Reservation System
+ NOT-FOR-US: SoftAcid Hotel Reservation System
CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and ...)
NOT-FOR-US: CzarNews
CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 ...)
@@ -100974,7 +100974,7 @@
[lenny] - redhat-cluster 2.20080801-4+lenny1
CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to ...)
- emacspeak 28.0-2 (bug #496431; low)
- [lenny] - emacspeak 26.0-3+lenny1
+ [lenny] - emacspeak 26.0-3+lenny1
[etch] - emacspeak <no-dsa> (Minor issue)
CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x ...)
{DSA-1760-1}
@@ -101809,7 +101809,7 @@
CVE-2008-3861 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and ...)
NOT-FOR-US: phpMyRealty
CVE-2008-3860 (Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG ...)
- NOT-FOR-US: IBM, Lotus Quickr 8.1
+ NOT-FOR-US: IBM, Lotus Quickr 8.1
CVE-2008-3859 (Davlin Thickbox Gallery 2 allows remote attackers to obtain the ...)
NOT-FOR-US: Davlin Thickbox Gallery
CVE-2008-3858 (The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a ...)
@@ -101998,7 +101998,7 @@
CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, ...)
NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory ...)
- NOT-FOR-US: Web Directory Script
+ NOT-FOR-US: Web Directory Script
CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO ...)
NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content component in ...)
@@ -102012,15 +102012,15 @@
CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 ...)
NOT-FOR-US: GMOD GBrowse
CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review ...)
- NOT-FOR-US: Five Star Review Script
+ NOT-FOR-US: Five Star Review Script
CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in Five ...)
- NOT-FOR-US: Five Star Review Script
+ NOT-FOR-US: Five Star Review Script
CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES) ...)
NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement ...)
NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin View ...)
- NOT-FOR-US: Fujitsu Web-Based Admin View
+ NOT-FOR-US: Fujitsu Web-Based Admin View
CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the ...)
NOT-FOR-US: Folder Lock
CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows remote ...)
@@ -102036,7 +102036,7 @@
CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php ...)
NOT-FOR-US: Freeway
CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey ...)
- NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
+ NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows ...)
NOT-FOR-US: phpBazar
CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet) Connection ...)
@@ -102865,7 +102865,7 @@
CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ...)
- NOT-FOR-US: Anzio Web Print Object
+ NOT-FOR-US: Anzio Web Print Object
CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...)
NOT-FOR-US: Microsoft Windows
CVE-2008-3478
@@ -102895,7 +102895,7 @@
CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not ...)
NOT-FOR-US: Microsoft
CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 ...)
- NOT-FOR-US: Microsoft Windows
+ NOT-FOR-US: Microsoft Windows
CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2008-3463
@@ -103043,7 +103043,7 @@
CVE-2008-3402 (Multiple PHP remote file inclusion vulnerabilities in HIOX Browser ...)
NOT-FOR-US: HIOX Browser Statistics
CVE-2008-3401 (PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX ...)
- NOT-FOR-US: HIOX Random Ad
+ NOT-FOR-US: HIOX Random Ad
CVE-2008-3400 (XRMS CRM 1.99.2 allows remote attackers to obtain configuration ...)
NOT-FOR-US: XRMS CRM
CVE-2008-3399 (PHP remote file inclusion vulnerability in ...)
@@ -103075,7 +103075,7 @@
CVE-2008-3386 (SQL injection vulnerability in album.php in AlstraSoft Video Share ...)
NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2008-3385 (Directory traversal vulnerability in include/head_chat.inc.php in php ...)
- NOT-FOR-US: Help Agent
+ NOT-FOR-US: Help Agent
CVE-2008-3384 (Multiple directory traversal vulnerabilities in help/help.php in ...)
NOT-FOR-US: Interact Learning Community Environment Interact
CVE-2008-3383 (SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote ...)
@@ -103310,7 +103310,7 @@
{DSA-1636-1 DSA-1630-1}
- linux-2.6.24 2.6.24-6~etchnhalf.5
- linux-2.6 2.6.26-2
- NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77
+ NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77
CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA ...)
NOT-FOR-US: FreeIPA
CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before ...)
@@ -103394,7 +103394,7 @@
CVE-2008-3241 (SQL injection vulnerability in players-detail.php in UltraStats ...)
NOT-FOR-US: UltraStats
CVE-2008-3240 (SQL injection vulnerability in index.php in AlstraSoft Affiliate ...)
- NOT-FOR-US: AlstraSoft Affiliate Network Pro
+ NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2008-3239 (Unrestricted file upload vulnerability in the writeLogEntry function ...)
NOT-FOR-US: PHPizabi
CVE-2008-3238 (Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow ...)
@@ -103784,9 +103784,9 @@
CVE-2008-3093 (Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier ...)
NOT-FOR-US: ImperialBB
CVE-2008-3092 (SQL injection vulnerability in the Taxonomy Autotagger module 5.x ...)
- NOT-FOR-US: additional drupal module Taxonomy Autotagger
+ NOT-FOR-US: additional drupal module Taxonomy Autotagger
CVE-2008-3091 (Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger ...)
- NOT-FOR-US: additional drupal module Taxonomy Autotagger
+ NOT-FOR-US: additional drupal module Taxonomy Autotagger
CVE-2008-3090 (Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO ...)
NOT-FOR-US: BlognPlus
CVE-2008-3089 (SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze ...)
@@ -104062,7 +104062,7 @@
CVE-2008-2962 (Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow ...)
NOT-FOR-US: MyBlog
CVE-2008-2961 (Multiple directory traversal vulnerabilities in view/index.php in CMS ...)
- NOT-FOR-US: CMS Mini
+ NOT-FOR-US: CMS Mini
CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in ...)
NOT-FOR-US: ActiveX control
CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before 0.10.5 ...)
@@ -104252,7 +104252,7 @@
CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 ...)
NOT-FOR-US: E-topbiz Viral
CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in Caupo.net ...)
- NOT-FOR-US: CaupoShop Classic
+ NOT-FOR-US: CaupoShop Classic
CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site ...)
NOT-FOR-US: Kalptaru Infotech PHP Site
CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote ...)
@@ -104293,7 +104293,7 @@
CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x ...)
NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
- NOT-FOR-US: MindTouch DekiWiki
+ NOT-FOR-US: MindTouch DekiWiki
CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 ...)
NOT-FOR-US: Maxtrade
CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts Classifieds ...)
@@ -104624,7 +104624,7 @@
- linux-2.6 2.6.26
[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.23)
- linux-2.6.24 2.6.24-6~etchnhalf.4
- NOTE: 6b6707a50c7598a83820077393f8823ab791abf8
+ NOTE: 6b6707a50c7598a83820077393f8823ab791abf8
CVE-2008-2749 (Unspecified vulnerability in cshttpd in Sun Java System Calendar ...)
NOT-FOR-US: Sun Java System Application Server
CVE-2008-2748 (Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a ...)
@@ -104811,7 +104811,7 @@
CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...)
NOT-FOR-US: DCFM Blog
CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...)
- NOT-FOR-US: Insanely Simple Blog
+ NOT-FOR-US: Insanely Simple Blog
CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote ...)
NOT-FOR-US: yBlog
CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...)
@@ -105214,7 +105214,7 @@
- kfreebsd-7 7.0-6
NOTE: IPv6 NDP flaw not affecting Linux
CVE-2008-2475 (eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) ...)
- NOT-FOR-US: eBay Enhanced Picture Uploader ActiveX control
+ NOT-FOR-US: eBay Enhanced Picture Uploader ActiveX control
CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit ...)
NOT-FOR-US: ABB Process Communication Unit
CVE-2008-2473
@@ -105324,7 +105324,7 @@
CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web ...)
NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of ...)
- NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484
+ NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484
CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun ...)
NOT-FOR-US: STREAMS Administrative Driver SUN
CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard ...)
@@ -105701,7 +105701,7 @@
CVE-2008-2264 (Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 ...)
NOT-FOR-US: CyrixMED
CVE-2008-2263 (SQL injection vulnerability in linking.page.php in Automated Link ...)
- NOT-FOR-US: Automated Link Exchange Portal
+ NOT-FOR-US: Automated Link Exchange Portal
CVE-2008-2262
RESERVED
CVE-2008-2261
@@ -105739,7 +105739,7 @@
CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile function in ...)
NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute ...)
- NOT-FOR-US: Microsoft Office Word
+ NOT-FOR-US: Microsoft Office Word
CVE-2008-2243
RESERVED
CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA ...)
@@ -107026,7 +107026,7 @@
CVE-2008-1695
RESERVED
CVE-2008-1694 (vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local ...)
- - emacs21 21.4a+1-5.6 (low; bug #476612)
+ - emacs21 21.4a+1-5.6 (low; bug #476612)
[etch] - emacs21 <no-dsa> (Minor issue)
- emacs22 22.2+2-2 (low; bug #476611)
- xemacs21 21.4.21-4 (low; bug #476613)
@@ -107055,7 +107055,7 @@
NOTE: elevated privileges.
CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...)
- m4 <unfixed> (unimportant)
- NOTE: This is more a generic bug and not a security issue: the random output would
+ NOTE: This is more a generic bug and not a security issue: the random output would
NOTE: need to match the name of an existing macro
CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in ...)
{DSA-1586-1 DSA-1585-1 DSA-1584-1 DTSA-127-1 DTSA-128-1 DTSA-129-1}
@@ -108575,7 +108575,7 @@
CVE-2008-1094 (SQL injection vulnerability in index.cgi in the Account View page in ...)
NOT-FOR-US: Barracuda Spam Firewall
CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the ...)
- NOT-FOR-US: FLEXnet Connect
+ NOT-FOR-US: FLEXnet Connect
CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet ...)
NOT-FOR-US: Microsoft Jet Database Engine
CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...)
@@ -108762,7 +108762,7 @@
CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava objects ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station ...)
- NOT-FOR-US: Apple AirPort
+ NOT-FOR-US: Apple AirPort
CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
NOTE: As far as I can see this has been addressed in revision 30871.
NOTE: Please doublecheck.
@@ -111295,7 +111295,7 @@
CVE-2007-6589 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and ...)
{DSA-1534-1}
- iceape 1.1.7-1 (medium)
- - iceweasel 2.0.0.10-1 (medium)
+ - iceweasel 2.0.0.10-1 (medium)
CVE-2007-6588 (Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows ...)
NOT-FOR-US: PHCDownload
CVE-2007-6587 (SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 ...)
@@ -112078,7 +112078,7 @@
{DSA-1630-1}
- linux-2.6 2.6.25-1
- linux-2.6.24 2.6.24-6~etchnhalf.4
- NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69
+ NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69
CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...)
NOT-FOR-US: St. Bernard Open File Manager
CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before ...)
@@ -112789,7 +112789,7 @@
CVE-2007-6010 (Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 ...)
{DTSA-89-1}
- pioneers 0.11.3-2 (low; bug #449541)
- [etch] - pioneers <no-dsa> (Minor issue)
+ [etch] - pioneers <no-dsa> (Minor issue)
CVE-2007-6009 (Multiple buffer overflows in ACD products allow user-assisted remote ...)
NOT-FOR-US: ACD products
CVE-2007-6008 (Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy ...)
@@ -113017,7 +113017,7 @@
CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to ...)
{DTSA-89-1}
- pioneers 0.11.3-2 (low; bug #449541)
- [etch] - pioneers <no-dsa> (Minor issue)
+ [etch] - pioneers <no-dsa> (Minor issue)
CVE-2006-7226 (Perl-Compatible Regular Expression (PCRE) library before 6.7 does not ...)
- pcre3 6.7-1
- glib2.0 2.14.3-1 (unimportant)
@@ -113108,7 +113108,7 @@
{DSA-1428-1}
- linux-2.6 2.6.24-1
- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
- NOTE: Upstream commit 133672efbc1085f9af990bdc145e1822ea93bcf3
+ NOTE: Upstream commit 133672efbc1085f9af990bdc145e1822ea93bcf3
CVE-2007-5903
RESERVED
CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in ...)
@@ -116466,7 +116466,7 @@
- racket 5.0.2-1 (unimportant; bug #601525)
NOTE: Only present in one of the sample pl-scheme packages (plot)
- libgd2 2.0.35.dfsg-3
- [etch] - libgd2 2.0.33-5.2etch1
+ [etch] - libgd2 2.0.33-5.2etch1
CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in ...)
NOT-FOR-US: PDWizard
CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX ...)
@@ -118481,7 +118481,7 @@
NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other ...)
- cupsys 1.2
- - cups 1.2
+ - cups 1.2
NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
CVE-2007-4044
REJECTED
@@ -120550,7 +120550,7 @@
[lenny] - mahara 1.0.4-3
[etch] - phpgroupware <not-affected> (bug #504255; Vulnerable code not used)
- phpgroupware 0.9.16.012+dfsg-9 (medium; bug #504255)
- - egroupware <not-affected> (bug #504283; Vulnerable code not used)
+ - egroupware <not-affected> (bug #504283; Vulnerable code not used)
CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02 and ...)
NOT-FOR-US: e-Vision CMS
CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in ...)
@@ -120915,7 +120915,7 @@
- iceape 1.0.9-1 (low)
- xulrunner 1.8.1.4-1 (low)
CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...)
- NOTE: Duplicate of CVE-2008-4067
+ NOTE: Duplicate of CVE-2008-4067
CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...)
- iceweasel <not-affected> (Only affects Windows versions of Firefox)
CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...)
@@ -122863,7 +122863,7 @@
CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before ...)
NOT-FOR-US: Cisco
CVE-2007-2281 (Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe ...)
- NOT-FOR-US: HP OpenView Storage Data Protector
+ NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2280 (Stack-based buffer overflow in OmniInet.exe (aka the backup client ...)
NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage ...)
More information about the Secure-testing-commits
mailing list