Author: jmm-guest Date: 2009-05-01 21:59:24 +0000 (Fri, 01 May 2009) New Revision: 11762 Modified: data/CVE/list Log: - new memcached issue - NFUs - zoneminder permission fixed some time ago Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-05-01 21:29:35 UTC (rev 11761) +++ data/CVE/list 2009-05-01 21:59:24 UTC (rev 11762) @@ -3,11 +3,11 @@ NOTE: http://jira.codehaus.org/browse/JETTY-1004 NOTE: It''s not entirely clear, whether version 5 is affected CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...) - TODO: check + - memcached <unfixed> (low; bug filed) CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in Adobe ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader and ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2009-1491 RESERVED CVE-2009-1490 @@ -164,27 +164,27 @@ CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki before ...) - TODO: check + - foswiki <itp> (bug #509864) CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for ...) - TODO: check + - zoneminder 1.22.3-5 CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to ...) TODO: check CVE-2008-6754 (The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote ...) - TODO: check + NOT-FOR-US: vBullerin addon CVE-2008-6753 (SQL injection vulnerability in SilverStripe before 2.2.2 allows remote ...) - TODO: check + NOT-FOR-US: SilverStripe CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php) in ...) NOT-FOR-US: SilverStripe CVE-2009-1432 (Symantec Reporting Server, as used in Symantec AntiVirus (SAV) ...) - TODO: check + NOT-FOR-US: Symantec CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in Symantec ...) - TODO: check + NOT-FOR-US: Symantec CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert ...) - TODO: check + NOT-FOR-US: Symantec CVE-2009-1429 (The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management ...) - TODO: check + NOT-FOR-US: Symantec CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in ...) - TODO: check + NOT-FOR-US: Symantec CVE-2009-1427 RESERVED CVE-2009-1426 @@ -402,7 +402,7 @@ CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule ...) - amule <unfixed> (low; bug #525078) CVE-2009-1348 (The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, ...) - TODO: check + NOT-FOR-US: Various AV junk CVE-2009-1347 (Multiple SQL injection vulnerabilities in stats/index.php in chCounter ...) NOT-FOR-US: chCounter CVE-2009-1346 (SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 ...)