Author: geissert Date: 2009-12-01 06:01:58 +0000 (Tue, 01 Dec 2009) New Revision: 13412 Modified: data/CVE/list Log: NFUs, new dstat, roundcube and libtool issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-01 03:26:34 UTC (rev 13411) +++ data/CVE/list 2009-12-01 06:01:58 UTC (rev 13412) @@ -1,17 +1,17 @@ CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search functionality ...) - TODO: check + NOT-FOR-US: DotNetNuke CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent ...) - TODO: check + NOT-FOR-US: DotNetNuke CVE-2009-4108 (XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to ...) - TODO: check + NOT-FOR-US: XM Easy Personal FTP Server CVE-2009-4107 (Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted ...) - TODO: check + NOT-FOR-US: Invisible Browsing CVE-2009-4106 (Unrestricted file upload vulnerability in admintools/editpage-2.php in ...) - TODO: check + NOT-FOR-US: Agoko CMS CVE-2009-4105 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...) TODO: check CVE-2009-4104 (SQL injection vulnerability in Lyften Designs LyftenBloggie ...) - TODO: check + NOT-FOR-US: Joomla! component CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, ...) TODO: check CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain ...) @@ -21,9 +21,9 @@ CVE-2009-4100 (Yoono extension 6.1.1 for Firefox performs certain operations with ...) TODO: check CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar ...) - TODO: check + NOT-FOR-US: Joomla! Component CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ...) - TODO: check + NOT-FOR-US: OpenX adserver CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...) TODO: check CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web ...) @@ -31,7 +31,7 @@ CVE-2009-4095 (myPhile 1.2.1 allows remote attackers to bypass authentication via an ...) TODO: check CVE-2009-4094 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Joomla! component CVE-2009-4093 (Multiple cross-site scripting (XSS) vulnerabilities in comments.php in ...) TODO: check CVE-2009-4092 (Cross-site request forgery (CSRF) vulnerability in user.php in Simplog ...) @@ -57,6 +57,7 @@ CVE-2009-4082 (PHP remote file inclusion vulnerability in ...) TODO: check CVE-2009-4081 (Untrusted search path vulnerability in dstat before r3199 allows local ...) + - dstat <unfixed> TODO: check CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP ...) TODO: check @@ -65,13 +66,15 @@ CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 ...) TODO: check CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...) + - roundcube <unfixed> TODO: check CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...) + - roundcube <unfixed> TODO: check CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in Sun ...) TODO: check CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer 8 CVE-2008-7247 RESERVED CVE-2009-XXXX [rails insufficient escaping XSS] @@ -191,7 +194,7 @@ CVE-2009-4026 RESERVED CVE-2009-4025 (Argument injection vulnerability in the traceroute function in ...) - TODO: check + NOT-FOR-US: Net_Traceroute PEAR module CVE-2009-4024 (Argument injection in the ping function in Ping.php in the Net_Ping ...) - php-net-ping <unfixed> TODO: check @@ -658,7 +661,7 @@ CVE-2009-3844 RESERVED CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a "hidden account" in ...) - TODO: check + NOT-FOR-US: HP Operations Manager CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...) NOT-FOR-US: HP Color LaserJet CVE-2009-3841 (Unspecified vulnerability in HP Discovery & Dependency Mapping ...) @@ -900,6 +903,7 @@ CVE-2009-3737 RESERVED CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, ...) + - libtool <unfixed> TODO: check CVE-2009-3735 RESERVED @@ -1409,7 +1413,7 @@ CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 ...) NOT-FOR-US: McAfee IntruShield Network Security Manager CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: McAfee IntruShield Network Security Manager CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups ...) - puppet <unfixed> (low; bug #551073) [etch] - puppet <no-dsa> (minor issue) @@ -6582,7 +6586,7 @@ CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client ...) NOT-FOR-US: ActiveX CVE-2009-1928 (Stack consumption vulnerability in the LDAP service in Active ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2009-1927 RESERVED CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista ...)