Author: geissert Date: 2010-01-28 02:37:34 +0000 (Thu, 28 Jan 2010) New Revision: 13944 Modified: data/CVE/list Log: tor, bind, systemtap, NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-27 22:37:22 UTC (rev 13943) +++ data/CVE/list 2010-01-28 02:37:34 UTC (rev 13944) @@ -5,11 +5,11 @@ - hybserv <unfixed> (low; bug #550389) NOTE: CVE id requested CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN ...) - TODO: check + NOT-FOR-US: TheGreenBow IPSec VPN Client CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero Technologies ...) - TODO: check + NOT-FOR-US: InterBase SMP 2009 9.0.3.437 CVE-2010-0390 (Unrestricted file upload vulnerability in maxImageUpload/index.php in ...) - TODO: check + NOT-FOR-US: PHP F1 Max''s Image Uploader CVE-2010-0389 (The admin server in Sun Java System Web Server 7.0 Update 6 allows ...) TODO: check CVE-2010-0388 (Format string vulnerability in the WebDAV implementation in webservd ...) @@ -19,21 +19,25 @@ CVE-2010-0386 (The default configuration of Sun Java System Application Server 7 and ...) TODO: check CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when ...) + - tor 0.2.1.22-1 (low) TODO: check CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory ...) + - tor <unfixed> TODO: check CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...) + - tor 0.2.1.22-1 (low) TODO: check CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...) + - bind9 <unfixed> TODO: check CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...) - TODO: check + NOT-FOR-US: PHP MySpace Gold Edition CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows ...) - TODO: check + NOT-FOR-US: JCE-Tech PHP Calendars CVE-2008-7253 (The default configuration of the web server in IBM Lotus Domino ...) - TODO: check + NOT-FOR-US: IBM Lotus Domino Server CVE-2005-4884 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2010-XXXX [gmetad incorrect file permissions] - gmetad <unfixed> (low; bug #567175) TODO: check old/stable versions @@ -74,21 +78,21 @@ NOTE: http://www.openwall.com/lists/oss-security/2010/01/16/2 TODO: check CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...) - TODO: check + NOT-FOR-US: Macromedia Flash ActiveX CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...) - TODO: check + NOT-FOR-US: PHP MySpace Gold Edition CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in ...) - TODO: check + NOT-FOR-US: JCE-Tech PHP Calendars CVE-2010-0375 (SQL injection vulnerability in product_list.php in JCE-Tech PHP ...) - TODO: check + NOT-FOR-US: JCE-Tech PHP Calendars CVE-2010-0374 (Cross-site scripting (XSS) vulnerability in the Marketplace ...) - TODO: check + NOT-FOR-US: component for Joomla! CVE-2010-0373 (SQL injection vulnerability in the libros (com_libros) component for ...) - TODO: check + NOT-FOR-US: component for Joomla! CVE-2010-0372 (SQL injection vulnerability in the Articlemanager (com_articlemanager) ...) - TODO: check + NOT-FOR-US: component for Joomla! CVE-2010-0371 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) TODO: check CVE-2010-0370 (Cross-site scripting (XSS) vulnerability in the Node Blocks module ...) @@ -98,12 +102,13 @@ CVE-2010-0368 RESERVED CVE-2010-0367 (Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits ...) - TODO: check + NOT-FOR-US: BitScripts Bits Video Script CVE-2010-0366 (Multiple unrestricted file upload vulnerabilities in (1) register.php ...) - TODO: check + NOT-FOR-US: BitScripts Bits Video Script CVE-2010-0365 (Cross-site scripting (XSS) vulnerability in search.php in BitScripts ...) - TODO: check + NOT-FOR-US: BitScripts Bits Video Script CVE-2010-0364 (Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows ...) + - vlc <unfixed> TODO: check CVE-2010-0363 (Cross-site scripting (XSS) vulnerability in Zeus Web Server before ...) NOT-FOR-US: Zeus Web Server @@ -476,15 +481,15 @@ CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, ...) NOT-FOR-US: Microsoft CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects in ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0243 RESERVED CVE-2010-0242 @@ -508,7 +513,7 @@ CVE-2010-0233 RESERVED CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0231 RESERVED CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen ...) @@ -729,9 +734,9 @@ CVE-2010-0139 RESERVED CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor ...) - TODO: check + NOT-FOR-US: Cisco CiscoWorks Internetwork Performance Monitor CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in the SSH ...) - TODO: check + NOT-FOR-US: Cisco IOS XR CVE-2010-0136 RESERVED CVE-2010-0135 @@ -903,6 +908,7 @@ CVE-2010-0098 RESERVED CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...) + - bind9 <unfixed> TODO: check CVE-2010-0096 RESERVED @@ -1548,9 +1554,9 @@ CVE-2010-0038 RESERVED CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2010-0035 RESERVED CVE-2010-0034 @@ -1568,7 +1574,7 @@ CVE-2010-0028 RESERVED CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 7 and ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0026 RESERVED CVE-2010-0025 @@ -1731,6 +1737,7 @@ CVE-2009-4274 RESERVED CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...) + - systemtap 1.1-1 TODO: check CVE-2009-4272 [linux deadlock or null pointer dereference via routing hash table''s emergency route flush] RESERVED @@ -1854,7 +1861,7 @@ CVE-2009-4258 RESERVED CVE-2009-4257 (Heap-based buffer overflow in smlrender.dll in RealNetworks RealPlayer ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 ...) NOT-FOR-US: AlefMentor CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit! template ...) @@ -1872,21 +1879,21 @@ CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP ...) NOT-FOR-US: CuteNews CVE-2009-4248 (Buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2009-4247 (RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2009-4242 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in the ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in IBM ...) @@ -2494,15 +2501,15 @@ - linux-2.6 2.6.32-1 (low) - linux-2.6.24 <removed> (low) CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 ...) - TODO: check + NOT-FOR-US: Adobe Shockwave Player CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 ...) - TODO: check + NOT-FOR-US: Adobe Shockwave Player CVE-2009-4001 RESERVED CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP ...) - TODO: check + NOT-FOR-US: HP Power Manager CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power ...) - TODO: check + NOT-FOR-US: HP Power Manager CVE-2009-3998 RESERVED CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...) @@ -3163,7 +3170,7 @@ CVE-2009-3740 RESERVED CVE-2009-3739 (Multiple unspecified vulnerabilities on the Rockwell Automation AB ...) - TODO: check + NOT-FOR-US: Micrologix CVE-2009-3738 RESERVED CVE-2009-3737