Secure testing commits - Feb 2010 - r14087 - data/CVE

Author: kees
Date: 2010-02-13 01:06:56 +0000 (Sat, 13 Feb 2010)
New Revision: 14087

Modified:
   data/CVE/list
Log:
NFUs: 53

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-02-12 21:18:31 UTC (rev 14086)
+++ data/CVE/list	2010-02-13 01:06:56 UTC (rev 14087)
@@ -1,3 +1,17 @@
+CVE-2010-0637
+	NOT-FOR-US: WebCalendar
+CVE-2010-0636
+	NOT-FOR-US: WebCalendar
+CVE-2010-0635
+	NOT-FOR-US: JEvents Search plugin for Joomla!
+CVE-2010-0633
+	NOT-FOR-US: Citrix XenServer
+CVE-2010-0632
+	NOT-FOR-US: Parkview Consultants SimpleFAQ component for Joomla!
+CVE-2010-0631
+	NOT-FOR-US: Eicra Car Rental-Script
+CVE-2010-0630
+	NOT-FOR-US: Evernew Free Joke Script
 CVE-2010-0627
 	RESERVED
 CVE-2010-0626
@@ -15,31 +29,31 @@
 CVE-2010-0618
 	RESERVED
 CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI
...)
-	TODO: check
+	NOT-FOR-US: evalSMSI
 CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database,
which ...)
-	TODO: check
+	NOT-FOR-US: evalSMSI
 CVE-2010-0615 (Cross-site scripting (XSS) vulnerability in assess.php in
evalSMSI ...)
-	TODO: check
+	NOT-FOR-US: evalSMSI
 CVE-2010-0614 (SQL injection vulnerability in ajax.php in evalSMSI 2.1.03
allows ...)
-	TODO: check
+	NOT-FOR-US: evalSMSI
 CVE-2010-0613 (Directory traversal vulnerability in viewfile.php in ARWScripts
Fonts ...)
-	TODO: check
+	NOT-FOR-US: ARWScripts Fonts Script
 CVE-2010-0612 (Unspecified vulnerability in DocumentManager before 4.0 has
unknown ...)
-	TODO: check
+	NOT-FOR-US: DocumentManager
 CVE-2010-0611 (Multiple SQL injection vulnerabilities in adminlogin.php in Baal
...)
-	TODO: check
+	NOT-FOR-US: Baal Systems
 CVE-2010-0610 (Multiple SQL injection vulnerabilities in the Photoblog ...)
-	TODO: check
+	NOT-FOR-US: Photoblog component for Joomla!
 CVE-2010-0609 (SQL injection vulnerability in header.php in NovaBoard 1.1.2
allows ...)
-	TODO: check
+	NOT-FOR-US: NovaBoard
 CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2
allows ...)
-	TODO: check
+	NOT-FOR-US: NovaBoard
 CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in
Forms/status_statistics_1 ...)
-	TODO: check
+	NOT-FOR-US: Sterlite SAM300 AX Router
 CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in
osTicket ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before
1.6.0 ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2010-0604
 	RESERVED
 CVE-2010-0603
@@ -190,9 +204,9 @@
 	[etch] - fetchmail <not-affected> (This issue was introduced in 6.3.11)
 	NOTE: the conditions so that this is exploitable are rather obscure
 CVE-2010-0561 (Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current
before ...)
-	TODO: check
+	NOT-FOR-US: NetBSD
 CVE-2010-0560 (Unspecified vulnerability in the BIOS in Intel Desktop Board DB,
DG, ...)
-	TODO: check
+	NOT-FOR-US: Intel Desktop BIOS
 CVE-2003-1588 (Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are
used, ...)
 	NOT-FOR-US: Sun Cluster
 CVE-2010-0559 (The default configuration of Oracle OpenSolaris snv_91 through
snv_131 ...)
@@ -463,11 +477,11 @@
 CVE-2010-0447
 	RESERVED
 CVE-2010-0446
-	RESERVED
+	NOT-FOR-US: HP DreamScreen
 CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10,
8.11, ...)
-	TODO: check
+	NOT-FOR-US: HP Network Node Manager
 CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10
uses a ...)
-	TODO: check
+	NOT-FOR-US: HP Operations Agent
 CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS)
before ...)
 	NOT-FOR-US: HP OpenVMS
 CVE-2010-0441 (Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before
1.6.1.14, ...)
@@ -1112,11 +1126,11 @@
 CVE-2010-0253
 	RESERVED
 CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office
Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Data Analyzer ActiveX control
 CVE-2010-0251
 	RESERVED
 CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX,
as used ...)
-	TODO: check
+	NOT-FOR-US: Microsoft DirectX
 CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6
SP1, ...)
 	NOT-FOR-US: Microsoft
 CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly
...)
@@ -1130,15 +1144,15 @@
 CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly
...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office
2004 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office XP
 CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Vista Gold
 CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Vista Gold
 CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Vista Gold
 CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Vista Gold
 CVE-2010-0238
 	RESERVED
 CVE-2010-0237
@@ -1150,11 +1164,11 @@
 CVE-2010-0234
 	RESERVED
 CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7,
including ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-0231 (The SMB implementation in the Server service in Microsoft
Windows 2000 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to
listen ...)
 	- postfix <not-affected> (SUSE-specific packaging issue)
 CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB
flash ...)
@@ -1360,11 +1374,11 @@
 CVE-2010-0146
 	RESERVED
 CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the
Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco IronPort Encryption Appliance
 CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in
the ...)
-	TODO: check
+	NOT-FOR-US: Cisco IronPort Encryption Appliance
 CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the
...)
-	TODO: check
+	NOT-FOR-US: Cisco IronPort Encryption Appliance
 CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and
possibly ...)
 	NOT-FOR-US: Cisco Unified MeetingPlace
 CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and
possibly ...)
@@ -2199,45 +2213,45 @@
 CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2
...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft
Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003
SP3 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office PowerPoint
 CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003
SP3 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office PowerPoint
 CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002
SP3 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office PowerPoint
 CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and
2003 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office PowerPoint
 CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002
SP3 and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office PowerPoint
 CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office PowerPoint
 CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Paint
 CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer
5.01, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server
2008 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Server
 CVE-2010-0025
 	RESERVED
 CVE-2010-0024
 	RESERVED
 CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft
Windows 2000 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0022 (The SMB implementation in the Server service in Microsoft
Windows 2000 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Vista Gold
 CVE-2010-0020 (The SMB implementation in the Server service in Microsoft
Windows 2000 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0019
 	RESERVED
 CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft
Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Server
 CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP
SP2 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)
2.7 ...)
 	{DSA-1973-1}
 	- eglibc 2.10.2-4 (medium; bug #560333)
@@ -3933,7 +3947,7 @@
 	NOTE: From Squeeze onwards the system copy of ltdl is used, use the current
version from Squeeze,
 	NOTE: might''ve been fixed earlier
 CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before
...)
-	TODO: check
+	NOT-FOR-US: ActiveScan Installer ActiveX control
 CVE-2009-3734 (Unspecified vulnerability in the management console in the S2
Security ...)
 	NOT-FOR-US: S2 Security Linear eMerge Access Control System
 CVE-2009-XXXX [mandos 0600 file being included in initrd]