Author: gilbert-guest Date: 2010-04-30 01:51:35 +0000 (Fri, 30 Apr 2010) New Revision: 14574 Modified: data/CVE/list Log: NFUs; ocsinventory-server got cve ids Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-30 00:11:33 UTC (rev 14573) +++ data/CVE/list 2010-04-30 01:51:35 UTC (rev 14574) @@ -20,27 +20,29 @@ - moodle <undetermined> TODO: check CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication ...) - TODO: check + NOT-FOR-US: Support Incident Tracker CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS ...) - TODO: check + - ocsinventory-server 1.02.1-1 (unimportant) + NOTE: Authentication is needed, only supported in trusted environments, see debtags CVE-2010-1594 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + - ocsinventory-server 1.02.1-1 (unimportant) + NOTE: Authentication is needed, only supported in trusted environments, see debtags CVE-2010-1593 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...) - TODO: check + - silverstripe <itp> (bug #528461) CVE-2010-1592 (sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in ...) - TODO: check + NOT-FOR-US: SiSoftware Sandra CVE-2010-1591 (Beijing Rising International Rising Antivirus 2008 through 2010 does ...) TODO: check CVE-2010-1590 (Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in ...) - TODO: check + NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart CVE-2010-1589 (Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt ...) - TODO: check + NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart CVE-2010-1588 (SQL injection vulnerability in the Getwebsess function in ...) - TODO: check + NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart CVE-2010-1587 (The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and ...) TODO: check CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management ...) - TODO: check + NOT-FOR-US: HP System Management Homepage CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in Mozilla Firefox ...) TODO: check CVE-2010-1584 @@ -90,49 +92,49 @@ CVE-2010-1561 RESERVED CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) ...) - TODO: check + NOT-FOR-US: com_sermonspeaker component for joomla! CVE-2009-4830 (Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote ...) - TODO: check + - openx <itp> (bug #513771) CVE-2009-4829 (Cross-site scripting (XSS) vulnerability in the Automated Logout ...) - TODO: check + NOT-FOR-US: Automated Logout module for drupal CVE-2009-4828 (Cross-site request forgery (CSRF) vulnerability in ...) - TODO: check + NOT-FOR-US: Ad Manager Pro CVE-2009-4827 (Cross-site request forgery (CSRF) vulnerability in admin.php in Mail ...) - TODO: check + NOT-FOR-US: Mail Manager Pro CVE-2009-4826 (Cross-site request forgery (CSRF) vulnerability in ...) - TODO: check + NOT-FOR-US: ScriptsEz Mini Hosting Panel CVE-2009-4825 (8pixel.net Blog 4 stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: 8pixel.net Blog CVE-2009-4824 (Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab ...) TODO: check CVE-2009-4823 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: cPanel CVE-2009-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Kasseler CMS CVE-2009-4821 (The D-Link DIR-615 with firmware 3.10NA does not require ...) - TODO: check + NOT-FOR-US: D-Link DIR-615 CVE-2009-4820 (Angelo-Emlak 1.0 stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: Angelo-Emlak CVE-2009-4819 (Multiple unrestricted file upload vulnerabilities in upload.php in ...) - TODO: check + NOT-FOR-US: PHPhotoalbum CVE-2009-4818 (Unrestricted file upload vulnerability in upload.php in PHPSimplicity ...) - TODO: check + NOT-FOR-US: PHPSimplicity of Upload CVE-2009-4817 (Unrestricted file upload vulnerability in Element-IT Ultimate Uploader ...) - TODO: check + NOT-FOR-US: Element-IT Ultimate Uploader CVE-2009-4816 (Directory traversal vulnerability in api/download_checker.php in ...) - TODO: check + NOT-FOR-US: MegaLab The Uploader CVE-2009-4815 (Directory traversal vulnerability in Serv-U before 9.2.0.1 allows ...) - TODO: check + NOT-FOR-US: Serv-U CVE-2009-4814 (Cross-site scripting (XSS) vulnerability in Wolfram Research ...) - TODO: check + NOT-FOR-US: Wolfram Research webMathematica CVE-2009-4813 (Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka ...) - TODO: check + NOT-FOR-US: MyBB CVE-2009-4812 (Wolfram Research webMathematica allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Wolfram Research webMathematica CVE-2009-4811 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware ...) - TODO: check + NOT-FOR-US: VMware CVE-2010-XXXX [gitolite two weaknesses] - gitolite <unfixed> NOTE: http://secunia.com/advisories/39587/ @@ -166,39 +168,39 @@ CVE-2010-1545 RESERVED CVE-2010-1544 (micro_httpd on the RCA DCM425 cable modem allows remote attackers to ...) - TODO: check + NOT-FOR-US: RCA DCM425 Cable Modem CVE-2010-1543 (Cross-site scripting (XSS) vulnerability in the eTracker module before ...) - TODO: check + NOT-FOR-US: eTracker module for drupal CVE-2010-1542 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + NOT-FOR-US: DFD Cart CVE-2010-1541 (Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, ...) - TODO: check + NOT-FOR-US: DFD Cart CVE-2010-1540 (Directory traversal vulnerability in index.php in the MyBlog ...) - TODO: check + NOT-FOR-US: com_myblog component for joomla! CVE-2010-1539 (Cross-site scripting (XSS) vulnerability in the Workflow module ...) - TODO: check + NOT-FOR-US: workflow module for drupal CVE-2010-1538 (SQL injection vulnerability in print_raincheck.php in phpRAINCHECK ...) - TODO: check + NOT-FOR-US: phpRAINCHECK CVE-2010-1537 (Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier ...) - TODO: check + NOT-FOR-US: phpCDB CVE-2010-1536 (Cross-site scripting (XSS) vulnerability in the AddThis Button module ...) - TODO: check + NOT-FOR-US: AddThis Button module for drupal CVE-2010-1535 (Directory traversal vulnerability in the TRAVELbook (com_travelbook) ...) - TODO: check + NOT-FOR-US: com_travelbook component for joomla! CVE-2010-1534 (Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) ...) - TODO: check + NOT-FOR-US: com_shoutbox component for joomla! CVE-2010-1533 (Directory traversal vulnerability in the TweetLA (com_tweetla) ...) - TODO: check + NOT-FOR-US: com_tweetla component for joomla! CVE-2010-1532 (Directory traversal vulnerability in the givesight PowerMail Pro ...) - TODO: check + NOT-FOR-US: com_powermail component for joomla! CVE-2010-1531 (Directory traversal vulnerability in the redSHOP (com_redshop) ...) - TODO: check + NOT-FOR-US: com_redshop component for joomla! CVE-2010-1530 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: Internationalization module for drupal CVE-2010-1529 (SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) ...) - TODO: check + NOT-FOR-US: com_fsf component for joomla! CVE-2010-1528 (PHP remote file inclusion vulnerability in include/template.php in ...) - TODO: check + NOT-FOR-US: Uiga Proxy CVE-2010-1527 RESERVED CVE-2010-1526 @@ -256,99 +258,99 @@ CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, ...) TODO: check CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 ...) - TODO: check + NOT-FOR-US: MusicBox CVE-2010-1498 (Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow ...) - TODO: check + NOT-FOR-US: dl_stats CVE-2010-1497 (Cross-site scripting (XSS) vulnerability in download_proc.php in ...) - TODO: check + NOT-FOR-US: dl_stats CVE-2010-1496 (SQL injection vulnerability in the JoltCard (com_joltcard) component ...) - TODO: check + NOT-FOR-US: com_joltcard component for joomla! CVE-2010-1495 (Directory traversal vulnerability in the Matamko (com_matamko) ...) - TODO: check + NOT-FOR-US: com_matamko component for joomla! CVE-2010-1494 (Directory traversal vulnerability in the AWDwall (com_awdwall) ...) - TODO: check + NOT-FOR-US: com_awdwall component for joomla! CVE-2010-1493 (SQL injection vulnerability in the AWDwall (com_awdwall) component ...) - TODO: check + NOT-FOR-US: com_awdwall component for joomla! CVE-2010-1492 (Directory traversal vulnerability in help/frameRight.php in Elastix ...) - TODO: check + NOT-FOR-US: Elastix CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog) ...) - TODO: check + NOT-FOR-US: com_mmsblog component for joomla! CVE-2009-4810 (The Secure Remote Password (SRP) implementation in Samhain before ...) TODO: check CVE-2009-4809 (Directory traversal vulnerability in thumbnail.ghp in Easy File ...) - TODO: check + NOT-FOR-US: Easy File Sharing Web Server CVE-2009-4808 (admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: Graugon PHP Article Publisher CVE-2009-4807 (Multiple SQL injection vulnerabilities in Graugon PHP Article ...) - TODO: check + NOT-FOR-US: Graugon PHP Article Publisher CVE-2009-4806 (admin/save_user.asp in Digital Interchange Document Library 1.0.1 does ...) - TODO: check + NOT-FOR-US: Digital Interchange Document Library CVE-2009-4805 (Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when ...) - TODO: check + NOT-FOR-US: EZ-Blog CVE-2009-4804 (Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) ...) - TODO: check + NOT-FOR-US: cal extension for typo3 CVE-2009-4803 (SQL injection vulnerability in the Accessibility Glossary ...) - TODO: check + NOT-FOR-US: a21glossary extension for typo3 CVE-2009-4802 (SQL injection vulnerability in the Flat Manager (flatmgr) extension ...) - TODO: check + NOT-FOR-US: fsatmgr extension for typo3 CVE-2009-4801 (EZ-Blog Beta 1 does not require authentication, which allows remote ...) - TODO: check + NOT-FOR-US: EZ-Blog CVE-2010-1490 (Unspecified vulnerability in IBM Cognos 8 Business Intelligence before ...) - TODO: check + NOT-FOR-US: IBM Cognos CVE-2009-4800 (Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 ...) - TODO: check + NOT-FOR-US: Sysax Multi Server CVE-2009-4799 (Diskos CMS 6.x stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: Diskos CMS CVE-2009-4798 (Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote ...) - TODO: check + NOT-FOR-US: Diskos CMS CVE-2009-4797 (SQL injection vulnerability in browse.php in JobHut 1.2 and earlier ...) - TODO: check + NOT-FOR-US: JobHut CVE-2009-4796 (Multiple SQL injection vulnerabilities in the ExecuteQueries function ...) - TODO: check + NOT-FOR-US: glFusion CVE-2009-4795 (Multiple SQL injection vulnerabilities in Xlight FTP Server before ...) - TODO: check + NOT-FOR-US: Xlight FTP Server CVE-2009-4794 (Multiple SQL injection vulnerabilities in Community CMS 0.5 allow ...) - TODO: check + NOT-FOR-US: Community CMS CVE-2009-4793 (Unrestricted file upload vulnerability in ...) - TODO: check + NOT-FOR-US: BandSite CMS CVE-2009-4792 (SQL injection vulnerability in includes/content/member_content.php in ...) - TODO: check + NOT-FOR-US: BandSite CMS CVE-2009-4791 (Multiple SQL injection vulnerabilities in Family Connections (aka ...) - TODO: check + NOT-FOR-US: Family Connections CVE-2009-4790 (Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 ...) - TODO: check + NOT-FOR-US: Sysax Multi Server CVE-2009-4789 (Multiple PHP remote file inclusion vulnerabilities in the MojoBlog ...) - TODO: check + NOT-FOR-US: mojoblog component for joomla! CVE-2009-4788 (Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier ...) - TODO: check + NOT-FOR-US: Pligg CVE-2009-4787 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg ...) - TODO: check + NOT-FOR-US: Pligg CVE-2009-4786 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg before ...) - TODO: check + NOT-FOR-US: Pligg CVE-2009-4785 (SQL injection vulnerability in the Quick News (com_quicknews) ...) - TODO: check + NOT-FOR-US: com_quicknews component for joomla! CVE-2009-4784 (SQL injection vulnerability in the Joaktree (com_joaktree) component ...) - TODO: check + NOT-FOR-US: com_joaktree component for joomla! CVE-2009-4783 (Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, ...) - TODO: check + NOT-FOR-US: Theeta CMS CVE-2009-4782 (Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, ...) - TODO: check + NOT-FOR-US: Theeta CMS CVE-2009-4781 (TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for ...) - TODO: check + NOT-FOR-US: TUKEVA Password Reminder CVE-2009-4780 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: phpMyFAQ CVE-2009-4779 (Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and ...) - TODO: check + NOT-FOR-US: NukeHall CVE-2009-4778 (Multiple unspecified vulnerabilities in the PDF distiller in the ...) - TODO: check + NOT-FOR-US: BlackBerry PDF distiller CVE-2009-4777 (Unspecified vulnerability in multiple versions of Hitachi ...) - TODO: check + NOT-FOR-US: Hitachi Job Management / System Observer CVE-2009-4776 (Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit ...) - TODO: check + NOT-FOR-US: Hitachi Cosminexus CVE-2009-4775 (Format string vulnerability in Ipswitch WS_FTP Professional 12 before ...) - TODO: check + NOT-FOR-US: Ipswitch WS_FTP Professional CVE-2009-4774 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 ...) - TODO: check + NOT-FOR-US: OpenSolaris CVE-2010-XXXX [pbuilder installs untrusted packages] - pbuilder <unfixed> (low; bug #579028) [lenny] - pbuilder <no-dsa> (Minor issue) @@ -370,7 +372,7 @@ CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...) NOT-FOR-US: IBM Lotus Notes CVE-2010-1486 (Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in ...) - TODO: check + NOT-FOR-US: CactuShop CVE-2010-1485 RESERVED CVE-2010-1484 @@ -842,7 +844,7 @@ CVE-2010-1279 RESERVED CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in ...) - TODO: check + NOT-FOR-US: Adobe Download Manager CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...) - zabbix 1:1.8.2-1 (bug #577058) [lenny] - zabbix <not-affected> (vulnerable code not present) @@ -1171,9 +1173,9 @@ NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html TODO: check CVE-2010-1165 (Atlassian JIRA 3.12 through 4.1 allows remote authenticated ...) - TODO: check + NOT-FOR-US: Atlassian JIRA CVE-2010-1164 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...) - TODO: check + NOT-FOR-US: Atlassian JIRA CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...) - sudo 1.7.2p6-1 (bug #578275) [lenny] - sudo <not-affected> (ignore_dot default value is off and can''t be changed in runtime) @@ -1507,19 +1509,19 @@ CVE-2010-1039 RESERVED CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before 6.0 ...) - TODO: check + NOT-FOR-US: HP System Insight Manager CVE-2010-1037 (Cross-site request forgery (CSRF) vulnerability in HP System Insight ...) - TODO: check + NOT-FOR-US: HP System Insight Manager CVE-2010-1036 (Cross-site scripting (XSS) vulnerability in HP System Insight Manager ...) - TODO: check + NOT-FOR-US: hP System Insight Manager CVE-2010-1035 (Multiple unspecified vulnerabilities in HP Virtual Machine Manager ...) - TODO: check + NOT-FOR-US: HP Virtual Machine Manager CVE-2010-1034 (Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 ...) - TODO: check + NOT-FOR-US: HP System Management Homepage CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne ActiveX ...) - TODO: check + NOT-FOR-US: HP Operations Manager CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local users to ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka ...) NOT-FOR-US: HP Insight Control CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules ...) @@ -1617,7 +1619,7 @@ CVE-2010-0995 RESERVED CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library ...) - TODO: check + NOT-FOR-US: Visualization Library CVE-2010-0993 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and ...) NOT-FOR-US: Pulse CMS Basic CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse ...) @@ -2010,25 +2012,25 @@ CVE-2010-0898 RESERVED CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory Server ...) - TODO: check + NOT-FOR-US: Sun Java System Directory Server CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0895 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) - TODO: check + NOT-FOR-US: OpenSolaris CVE-2010-0894 (Unspecified vulnerability in the Sun Java System Access Manager ...) - TODO: check + NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle sun Product Suite CVE-2010-0892 RESERVED CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center component in ...) - TODO: check + NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) - TODO: check + NOT-FOR-US: OpenSolaris CVE-2010-0889 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) - TODO: check + NOT-FOR-US: OpenSolaris CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software component in ...) - TODO: check + NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...) - openjdk-6 <undetermined> - sun-java6 6.20-1 @@ -2038,75 +2040,75 @@ - sun-java6 6.20-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications ...) - TODO: check + NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...) - TODO: check + NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0883 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...) - TODO: check + NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0882 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) - TODO: check + NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0881 (Unspecified vulnerability in the User Interface Components in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Collaboration Suite CVE-2010-0880 (Unspecified vulnerability in the PeopleTools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft CVE-2010-0879 (Unspecified vulnerability in the PeopleTools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft CVE-2010-0878 (Unspecified vulnerability in the PeopleTools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft CVE-2010-0877 (Unspecified vulnerability in the PeopleTools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft CVE-2010-0876 (Unspecified vulnerability in the Life Sciences - Oracle Clinical ...) - TODO: check + NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0875 (Unspecified vulnerability in the Life Sciences - Oracle Thesaurus ...) - TODO: check + NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle ...) - TODO: check + NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0873 RESERVED CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory component ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2010-0870 (Unspecified vulnerability in the Change Data Capture component in ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-0869 (Unspecified vulnerability in the Oracle Transportation Management ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2010-0868 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2010-0867 (Unspecified vulnerability in the JavaVM component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-0866 (Unspecified vulnerability in the JavaVM component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-0865 (Unspecified vulnerability in the Oracle Agile Engineering Data ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2010-0864 (Unspecified vulnerability in the Retail - Oracle Retail Place ...) - TODO: check + NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0863 (Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season ...) - TODO: check + NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0862 (Unspecified vulnerability in the Retail - Oracle Retail Markdown ...) - TODO: check + NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0861 (Unspecified vulnerability in the Oracle HRMS (Self Service) component ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2010-0860 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-0859 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2010-0858 (Unspecified vulnerability in the E-Business Intelligence component in ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2010-0857 (Unspecified vulnerability in the Oracle Workflow Cartridge component ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2010-0856 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2010-0855 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2010-0854 (Unspecified vulnerability in the Audit component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-0853 (Unspecified vulnerability in the Oracle Internet Directory component ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-0852 (Unspecified vulnerability in the XML DB component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-0851 (Unspecified vulnerability in the XML DB component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 @@ -2371,7 +2373,7 @@ CVE-2010-0773 RESERVED CVE-2010-0772 (Unspecified vulnerability in the channel process in IBM WebSphere MQ ...) - TODO: check + NOT-FOR-US: IMB WebSphere MQ CVE-2010-0771 RESERVED CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...) @@ -2870,7 +2872,7 @@ CVE-2010-0594 RESERVED CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, ...) - TODO: check + NOT-FOR-US: Cisco RVS4000 Router CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) @@ -3222,11 +3224,6 @@ NOT-FOR-US: PaperThin CommonSpot Content Server CVE-2010-0467 (Directory traversal vulnerability in the ccNewsletter ...) NOT-FOR-US: ccNewsletter component for Joomla! -CVE-2010-XXXX [ocsinventory-server: multiple vulnerabilities] - - ocsinventory-server <unfixed> (unimportant) - NOTE: http://www.openwall.com/lists/oss-security/2010/02/01/4 - NOTE: claimed fixed in upstream 1.02.1 - NOTE: Authentication is needed, only supported in trusted environments, see debtags CVE-2010-XXXX [nautilus: file preview html script execution] - nautilus <not-affected> (proof-of-concept script is previewed as text, not executed) NOTE: http://seclists.org/fulldisclosure/2010/Feb/112 @@ -4452,7 +4449,7 @@ CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before ...) NOT-FOR-US: Symantec AntiVirus CVE-2010-0105 (The hfs implementation in Apple Mac OS X 10.6.2 and 10.6.3 supports ...) - TODO: check + NOT-FOR-US: Apple hfs implementation CVE-2010-0104 (Unspecified vulnerability in the Broadcom Integrated NIC Management ...) NOT-FOR-US: Broadcom Integrated NIC Management Firmware CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger software ...) @@ -4534,11 +4531,11 @@ CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3, when ...) NOT-FOR-US: Oscailt CVE-2009-4511 (Multiple directory traversal vulnerabilities in the web administration ...) - TODO: check + NOT-FOR-US: TANDBERG Video Communication Server CVE-2009-4510 (The SSH service on the TANDBERG Video Communication Server (VCS) ...) - TODO: check + NOT-FOR-US: TANDBERG Video Communication Server CVE-2009-4509 (The administrative web console on the TANDBERG Video Communication ...) - TODO: check + NOT-FOR-US: TANDBERG Video Communication Server CVE-2009-4508 RESERVED CVE-2009-4507