white at alioth.debian.org
2009-Feb-12 00:20 UTC
[Secure-testing-commits] r11196 - data/CVE
Author: white Date: 2009-02-12 00:20:06 +0000 (Thu, 12 Feb 2009) New Revision: 11196 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-02-11 21:56:37 UTC (rev 11195) +++ data/CVE/list 2009-02-12 00:20:06 UTC (rev 11196) @@ -25,15 +25,15 @@ CVE-2009-0518 RESERVED CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and ...) - TODO: check + NOT-FOR-US: phpSlash CVE-2009-0516 (SQL injection vulnerability in the classified page (classified.php) in ...) - TODO: check + NOT-FOR-US: BusinessSpace CVE-2009-0515 (Directory traversal vulnerability in check_lang.php in Yet Another ...) - TODO: check + NOT-FOR-US: YANOCC CVE-2009-0514 (Multiple directory traversal vulnerabilities in WebFrame 0.76 allow ...) - TODO: check + NOT-FOR-US: WebFrame CVE-2009-0513 (Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 ...) - TODO: check + NOT-FOR-US: WebFrame CVE-2009-0512 RESERVED CVE-2009-0511 @@ -55,29 +55,29 @@ CVE-2009-0503 RESERVED CVE-2008-6110 (Unspecified vulnerability in SemanticScuttle before 0.90 has unknown ...) - TODO: check + NOT-FOR-US: SemanticScuttle CVE-2008-6109 (Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not ...) - TODO: check + NOT-FOR-US: Robin Rawson-Tetley Animal Shelter Manager CVE-2008-6108 (Cross-site scripting (XSS) vulnerability in result.php in Galatolo ...) - TODO: check + NOT-FOR-US: Galatolo WebManager CVE-2008-6107 (The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, ...) TODO: check CVE-2008-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Workplace for ...) - TODO: check + NOT-FOR-US: IBM Workplace for Business Controls CVE-2008-6105 (Cross-site scripting (XSS) vulnerability in IBM Workplace for Business ...) - TODO: check + NOT-FOR-US: IBM Workplace for Business Controls CVE-2008-6104 (SQL injection vulnerability in A4Desk PHP Event Calendar allows remote ...) - TODO: check + NOT-FOR-US: A4Desk PHP Event Calendar CVE-2008-6103 (PHP remote file inclusion vulnerability in index.php in A4Desk Event ...) - TODO: check + NOT-FOR-US: A4Desk PHP Event Calendar CVE-2008-6102 (SQL injection vulnerability in ratelink.php in Link Trader Script ...) - TODO: check + NOT-FOR-US: Link Trader Script CVE-2008-6101 (SQL injection vulnerability in click.php in Adult Banner Exchange ...) - TODO: check + NOT-FOR-US: Adult Banner Exchange Website CVE-2008-6100 (Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, ...) - TODO: check + NOT-FOR-US: Discussion Forums CVE-2008-6099 (PHP remote file inclusion vulnerability in index.php in RPortal 1.1 ...) - TODO: check + NOT-FOR-US: RPortal CVE-2009-XXXX [tor: potential crash on exit nodes when processing malformed input] - tor 0.2.0.34-1 CVE-2009-XXXX [tor: DoS vulnerability that could be performed by a directory mirror] @@ -95,7 +95,7 @@ - moodle 1.8.2.dfsg-3 (low) [etch] - moodle <not-affected> (Vulnerable code not present) CVE-2009-0498 (Virtual GuestBook (vgbook) 2.1 stores sensitive information under the ...) - TODO: check + NOT-FOR-US: Virtual GuestBook CVE-2009-0497 (Directory traversal vulnerability in log.jsp in Ignite Realtime ...) NOT-FOR-US: Openfire CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime ...) @@ -156,7 +156,7 @@ CVE-2009-0476 (Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 ...) NOT-FOR-US: MultiMedia Soft audio components CVE-2009-0475 (Integer underflow in the Huffman decoding functionality ...) - TODO: check + NOT-FOR-US: OpenCORE CVE-2009-0474 (The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A ...) NOT-FOR-US: Rockwell EtherNet/IP Bridge Module CVE-2009-0473 (Open redirect vulnerability in the web interface in the Rockwell ...) @@ -196,7 +196,7 @@ CVE-2009-0456 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: patForms CVE-2009-0455 (Cross-site scripting (XSS) vulnerability in the anonymous comments ...) - TODO: check + NOT-FOR-US: glFusion CVE-2009-0454 (Multiple SQL injection vulnerabilities in DMXReady Online Notebook ...) NOT-FOR-US: DMXReady Online Notebook Manager CVE-2009-0453 (Online Grades 3.2.4 allows remote attackers to obtain configuration ...) @@ -230,19 +230,19 @@ CVE-2009-0439 RESERVED CVE-2009-0438 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2009-0437 (The Installation Factory installation process for IBM WebSphere ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2009-0436 (The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x ...) - TODO: check + NOT-FOR-US: IBM HTTP Server CVE-2009-0435 (Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2009-0434 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2009-0433 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2009-0432 (The installation process for the File Transfer servlet in the System ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz Mini ...) NOT-FOR-US: ScriptsEz Mini Hosting Panel CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy Image ...) @@ -274,7 +274,7 @@ CVE-2008-6076 (SQL injection vulnerability in the Daily Message (com_dailymessage) ...) NOT-FOR-US: Joomla CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 ...) - TODO: check + NOT-FOR-US: Bahar Download Script CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06 and ...) NOT-FOR-US: phpcrs CVE-2008-6073 (StorageCrypt 2.0.1 does not properly encrypt disks, which allows local ...) @@ -794,7 +794,7 @@ CVE-2009-0306 RESERVED CVE-2009-0305 (Buffer overflow in the Research in Motion RIM AxLoader ActiveX control ...) - TODO: check + NOT-FOR-US: ActiveX CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before ...) NOT-FOR-US: Solaris CVE-2009-0303 (Cross-site scripting (XSS) vulnerability in Web Help Desk before ...) @@ -1483,15 +1483,15 @@ CVE-2009-0100 RESERVED CVE-2009-0099 (The Electronic Messaging System Microsoft Data Base (EMSMDB32) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-0098 (Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-0097 (Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-0096 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-0095 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-0094 RESERVED CVE-2009-0093 @@ -1529,9 +1529,9 @@ CVE-2009-0077 RESERVED CVE-2009-0076 (Microsoft Internet Explorer 7, when XHTML strict mode is used, allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-0075 (Microsoft Internet Explorer 7 does not properly handle errors during ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-0074 RESERVED CVE-2009-0073 @@ -1585,15 +1585,15 @@ CVE-2009-0063 RESERVED CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0060 RESERVED CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...) NOT-FOR-US: Cisco CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the administration ...) @@ -3651,7 +3651,7 @@ CVE-2008-5083 RESERVED CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) ...) - TODO: check + NOT-FOR-US: Red Hat Certificate System CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...) {DSA-1690-1 DTSA-189-1} - avahi 0.6.23-3 (bug #508700; low) @@ -3910,7 +3910,7 @@ CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...) - wordpress 2.5.1-10 (bug #504771) CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before ...) - TODO: check + NOT-FOR-US: Enomalism CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in ...) {DSA-1719-1} - gnutls26 2.4.2-3 (bug #505360) @@ -3991,7 +3991,7 @@ CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...) NOT-FOR-US: VMware Workstation CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...) - TODO: check + NOT-FOR-US: VMware CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and ...) NOT-FOR-US: LokiCMS CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie module ...) @@ -4839,13 +4839,13 @@ CVE-2008-4563 RESERVED CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView Network ...) - TODO: check + NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-4561 RESERVED CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows ...) - TODO: check + NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows ...) - TODO: check + NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 ...) NOT-FOR-US: CuteNews.ru CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind ...) @@ -5136,7 +5136,7 @@ CVE-2008-4420 RESERVED CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web ...) - TODO: check + NOT-FOR-US: HP-ChaiSOE CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and ...) NOT-FOR-US: HP-UX CVE-2008-4417 @@ -5504,9 +5504,9 @@ CVE-2008-4285 RESERVED CVE-2008-4284 (Open redirect vulnerability in the ibm_security_logout servlet in IBM ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2008-4283 (CRLF injection vulnerability in the WebContainer component in IBM ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2008-4282 RESERVED CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ...)