Author: jmm-guest Date: 2010-09-13 21:27:44 +0000 (Mon, 13 Sep 2010) New Revision: 15321 Modified: data/CVE/list Log: - new potential webkit/chromium issues (vague information, announced by apple, could very well all be Safari/Apple specific) - NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-09-13 21:24:28 UTC (rev 15320) +++ data/CVE/list 2010-09-13 21:27:44 UTC (rev 15321) @@ -177,7 +177,7 @@ CVE-2010-3212 (SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier ...) NOT-FOR-US: Seagull CVE-2010-3211 (Multiple SQL injection vulnerabilities in the JE FAQ Pro ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2010-3210 (Multiple PHP remote file inclusion vulnerabilities in Multi-lingual ...) NOT-FOR-US: Multi-lingual E-Commerce System CVE-2010-3209 (Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 ...) @@ -189,11 +189,11 @@ CVE-2010-3206 (Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 ...) NOT-FOR-US: DiY-CMS CVE-2010-3205 (PHP remote file inclusion vulnerability in index.php in Textpattern ...) - TODO: check + NOT-FOR-US: Textpattern CMS CVE-2010-3204 (Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 ...) NOT-FOR-US: Pecio CMS CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) ...) - TODO: check + NOT-FOR-US: PicSell CVE-2010-XXXX [vlc stack overflow] - vlc <undetermined> (low; bug #595686) NOTE: poc didn''t work. may be windows-only @@ -205,7 +205,7 @@ CVE-2010-3200 RESERVED CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...) - TODO: check + NOT-FOR-US: TortoiseSVN CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows ...) - zope2.10 <removed> - zope2.11 <removed> @@ -657,9 +657,9 @@ CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not ...) NOT-FOR-US: Cisco IOS XR CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...) - TODO: check + NOT-FOR-US: Cisco CVE-2010-3033 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...) - TODO: check + NOT-FOR-US: Cisco CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in ...) NOT-FOR-US: SAP Crystal Reports 2008 CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other ...) @@ -689,9 +689,9 @@ CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote ...) NOT-FOR-US: Opera CVE-2010-3018 (RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before ...) - TODO: check + NOT-FOR-US: RSA Access Manager CVE-2010-3017 (Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before ...) - TODO: check + NOT-FOR-US: RSA Access Manager CVE-2010-3016 REJECTED CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...) @@ -1141,11 +1141,11 @@ CVE-2010-2844 (Cross-site scripting (XSS) vulnerability in news_show.php in Newanz ...) NOT-FOR-US: Newanz NewsOffice CVE-2010-2843 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...) - TODO: check + NOT-FOR-US: Cisco WLC CVE-2010-2842 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...) - TODO: check + NOT-FOR-US: Cisco WLC CVE-2010-2841 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...) - TODO: check + NOT-FOR-US: Cisco WLC CVE-2010-2840 (The Presence Engine (PE) service in Cisco Unified Presence 6.x before ...) NOT-FOR-US: Cisco CVE-2010-2839 (SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) ...) @@ -3823,31 +3823,38 @@ CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple ...) NOT-FOR-US: QuickTime CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and ...) - TODO: check + NOT-FOR-US: Apple iOS CVE-2010-1816 RESERVED CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...) - TODO: check + - webkit <undetermined> + - chromium-browser <undetermined> CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) - TODO: check + - webkit <undetermined> + - chromium-browser <undetermined> CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) - TODO: check + - webkit <undetermined> + - chromium-browser <undetermined> CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...) - TODO: check + - webkit <undetermined> + - chromium-browser <undetermined> CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) - TODO: check + NOT-FOR-US: Apple iOS CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...) - TODO: check + NOT-FOR-US: Apple iOS CVE-2010-1809 (The Accessibility component in Apple iOS before 4.1 on the iPhone and ...) - TODO: check + NOT-FOR-US: Apple iOS CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 does not ...) - TODO: check + - webkit <undetermined> + - chromium-browser <undetermined> CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...) - TODO: check + - webkit <undetermined> + - chromium-browser <undetermined> CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 ...) - TODO: check + - webkit <undetermined> + - chromium-browser <undetermined> CVE-2010-1804 RESERVED CVE-2010-1803 @@ -7599,9 +7606,9 @@ CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x ...) NOT-FOR-US: Cisco IOS CVE-2010-0575 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...) - TODO: check + NOT-FOR-US: Cisco WLC CVE-2010-0574 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...) - TODO: check + NOT-FOR-US: Cisco WLC CVE-2010-0573 (Unspecified vulnerability on the Cisco Digital Media Player before 5.2 ...) NOT-FOR-US: Cisco Digital Media Player CVE-2010-0572 (Cisco Digital Media Manager (DMM) before 5.2 allows remote ...)