Author: atomo64-guest
Date: 2009-05-08 01:33:26 +0000 (Fri, 08 May 2009)
New Revision: 11838
Modified:
data/CVE/list
Log:
NFUs, xvfb CVEfied
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-07 21:25:15 UTC (rev 11837)
+++ data/CVE/list 2009-05-08 01:33:26 UTC (rev 11838)
@@ -14,8 +14,6 @@
TODO: check
CVE-2009-1574 (racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote
...)
TODO: check
-CVE-2009-1573 (xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and
possibly ...)
- TODO: check
CVE-2009-1571
RESERVED
CVE-2009-1570
@@ -37,33 +35,33 @@
CVE-2009-1562
RESERVED
CVE-2009-1561 (Cross-site request forgery (CSRF) vulnerability in
administration.cgi ...)
- TODO: check
+ NOT-FOR-US: Cisco Linksys
CVE-2009-1560 (The Cisco Linksys WVC54GCA wireless video camera with firmware
1.00R22 ...)
- TODO: check
+ NOT-FOR-US: Cisco Linksys
CVE-2009-1559 (Absolute path traversal vulnerability in adm/file.cgi on the
Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco Linksys
CVE-2009-1558 (Directory traversal vulnerability in adm/file.cgi on the Cisco
Linksys ...)
- TODO: check
+ NOT-FOR-US: Cisco Linksys
CVE-2009-1557 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco
...)
- TODO: check
+ NOT-FOR-US: Cisco Linksys
CVE-2009-1556 (img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera
with ...)
- TODO: check
+ NOT-FOR-US: Cisco Linksys
CVE-2009-1555 (The Cisco Linksys WVC54GCA wireless video camera with firmware
1.00R22 ...)
- TODO: check
+ NOT-FOR-US: Cisco Linksys
CVE-2009-1554 (Cross-site scripting (XSS) vulnerability in ThemeServlet.java in
Sun ...)
- TODO: check
+ NOT-FOR-US: Sun Woodstock
CVE-2009-1553 (Multiple cross-site scripting (XSS) vulnerabilities in the Admin
...)
- TODO: check
+ NOT-FOR-US: Sun GlassFish Enterprise Server
CVE-2009-1552 (Unspecified vulnerability in the IGMP driver in SCO Unixware
Release ...)
TODO: check
CVE-2009-1551 (Multiple PHP remote file inclusion vulnerabilities in Qt
quickteam 2 ...)
- TODO: check
+ NOT-FOR-US: Qt quickteam
CVE-2009-1550 (Zakkis Technology ABC Advertise 1.0 does not properly restrict
access ...)
- TODO: check
+ NOT-FOR-US: Zakkis Technology ABC Advertise
CVE-2009-1549 (AGTC MyShop 3.2b allows remote attackers to bypass
authentication and ...)
- TODO: check
+ NOT-FOR-US: AGTC MyShop
CVE-2009-1548 (SQL injection vulnerability in index.php in BluSky CMS allows
remote ...)
- TODO: check
+ NOT-FOR-US: BluSky CMS
CVE-2009-XXXX [prewkikka: pasword world-readable]
- prewikka <unfixed> (low; bug #527476)
NOTE: asked maintainer to determine wether debian is affected
@@ -170,7 +168,7 @@
NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6788 (SQL injection vulnerability in MindDezign Photo Gallery 2.2,
when ...)
NOT-FOR-US: MindDezign Photo Gallery
-CVE-2009-XXXX [xvfb insecure passing of magic cookie]
+CVE-2009-1573 (xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and
possibly ...)
- xorg-server <unfixed> (low; bug #526678)
[etch] - xorg-server <no-dsa> (minor issue)
[lenny] - xorg-server <no-dsa> (minor issue)
@@ -555,6 +553,7 @@
CVE-2009-1365 (Unspecified vulnerability in Adobe Flash Media Server (FMS)
before ...)
NOT-FOR-US: Adobe Flash Media Server
CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in
libwmf ...)
+ {DSA-1796-1}
- libwmf 0.2.8.4-6.1 (low; bug #526434)
CVE-2009-1363
RESERVED
@@ -3182,7 +3181,7 @@
CVE-2009-0721
RESERVED
CVE-2009-0720 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-0719 (Unspecified vulnerability in useradd in HP HP-UX B.11.11,
B.11.23, and ...)
NOT-FOR-US: HP-UX
CVE-2009-0718 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5
...)
@@ -8341,7 +8340,7 @@
{DSA-1683-1}
- streamripper 1.63.5-2 (bug #506377)
CVE-2008-4828 (Multiple stack-based buffer overflows in dsmagent.exe in the
Remote ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the
(1) ...)
NOT-FOR-US: ComponentOne SizerOne
CVE-2008-4826