Author: iuculano Date: 2010-08-25 07:52:37 +0000 (Wed, 25 Aug 2010) New Revision: 15206 Modified: data/CVE/list Log: - NFUs - Filed bugs for CVE-2010-2790 CVE-2010-2809 and CVE-2010-2810 Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-08-25 07:12:02 UTC (rev 15205) +++ data/CVE/list 2010-08-25 07:52:37 UTC (rev 15206) @@ -1,15 +1,15 @@ CVE-2010-XXXX [two BGP DoS issues] - quagga <unfixed> (bug #594262) CVE-2010-3109 (Stack-based buffer overflow in the browser plugin in Novell iPrint ...) - TODO: check + NOT-FOR-US: browser plugin in Novell iPrint Client CVE-2010-3108 (Buffer overflow in the browser plugin in Novell iPrint Client before ...) - TODO: check + NOT-FOR-US: browser plugin in Novell iPrint Client CVE-2010-3107 (A certain ActiveX control in ienipp.ocx in the browser plugin in ...) - TODO: check + NOT-FOR-US: browser plugin in Novell iPrint Client CVE-2010-3106 (The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint ...) - TODO: check + NOT-FOR-US: browser plugin in Novell iPrint Client CVE-2010-3105 (The PluginGetDriverFile function in Novell iPrint Client before 5.44 ...) - TODO: check + NOT-FOR-US: browser plugin in Novell iPrint Client CVE-2010-3104 (Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, ...) NOT-FOR-US: DeskShare AutoFTP Manager CVE-2010-3103 (Directory traversal vulnerability in FTPGetter Team FTPGetter ...) @@ -166,25 +166,25 @@ CVE-2010-3033 RESERVED CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in ...) - TODO: check + NOT-FOR-US: SAP Crystal Reports 2008 CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other ...) - TODO: check + NOT-FOR-US: Wyse ThinOS CVE-2010-3030 (Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open ...) - TODO: check + NOT-FOR-US: Tomaz Muraus Open Blog CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows ...) - TODO: check + NOT-FOR-US: PHPKick CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses insecure ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball Script ...) - TODO: check + NOT-FOR-US: Tycoon Baseball Script CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in ...) - TODO: check + NOT-FOR-US: Tomaz Muraus Open Blog CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus ...) - TODO: check + NOT-FOR-US: Tomaz Muraus Open Blog CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + NOT-FOR-US: DiamondList CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in DiamondList ...) - TODO: check + NOT-FOR-US: DiamondList CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance logging ...) TODO: check CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote ...) @@ -200,7 +200,7 @@ CVE-2010-3016 REJECTED CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...) - TODO: check + NOT-FOR-US: Pligg CVE-2010-3012 RESERVED CVE-2010-3011 @@ -697,12 +697,12 @@ CVE-2010-2811 RESERVED CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in ...) - - lynx-cur <unfixed> + - lynx-cur <unfixed> (bug #594300) [lenny] - lynx-cur <no-dsa> (Minor issue) NOTE: exploit scenario really obscure TODO: File bug CVE-2010-2809 (The default configuration of the <Button2> binding in Uzbl before ...) - - uzbl <unfixed> + - uzbl <unfixed> (bug #594301) TODO: File bug CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...) - freetype 2.4.2-1 @@ -747,7 +747,7 @@ CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...) - apache2 2.2.10-1 (low) CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...) - - zabbix <unfixed> + - zabbix <unfixed> (bug #594304) NOTE: https://support.zabbix.com/browse/ZBX-2326 [lenny] - zabbix <no-dsa> (Minor issue) CVE-2010-2789 [mediawiki "register_globals arbitrary inclusion"]