Author: gilbert-guest Date: 2010-04-22 01:01:05 +0000 (Thu, 22 Apr 2010) New Revision: 14547 Modified: data/CVE/list Log: tested some webkit issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-22 00:17:28 UTC (rev 14546) +++ data/CVE/list 2010-04-22 01:01:05 UTC (rev 14547) @@ -753,17 +753,27 @@ CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative console in ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) - NOT-FOR-US: Apple Safari + - webkit <unfixed> + - qt4-x11 <undetermined> + - kdebase <undetermined> + - kde4base <undetermined> + NOTE: proof of concept works against webkit; author claims arbitrary code + NOTE: execution possible with a different payload CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) - NOT-FOR-US: Apple Safari + - webkit <unfixed> + - qt4-x11 <undetermined> + - kdebase <undetermined> + - kde4base <undetermined> + NOTE: proof of concept works against webkit; author claims arbitrary code + NOTE: execution possible with a different payload CVE-2010-1179 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) - NOT-FOR-US: Apple Safari + - webkit <not-affected> CVE-2010-1178 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) - NOT-FOR-US: Apple Safari + - webkit <not-affected> CVE-2010-1177 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) - NOT-FOR-US: Apple Safari + - webkit <not-affected> CVE-2010-1176 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) - NOT-FOR-US: Apple Safari + - webkit <not-affected> CVE-2010-1175 (Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 ...) NOT-FOR-US: Microsoft Internet Explorer 7.0 CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial of ...) @@ -1234,8 +1244,11 @@ NOT-FOR-US: Pulse CMS Basic CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse ...) NOT-FOR-US: Pulse CMS Basic -CVE-2010-0991 +CVE-2010-0991 [imlib2 issue] RESERVED + - imlib2 <undetermined> + NOTE: http://seclists.org/bugtraq/2010/Apr/196 + TODO: check CVE-2010-0990 RESERVED CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before ...) @@ -13667,6 +13680,12 @@ NOT-FOR-US: ActiveX CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a denial of ...) - chromium-browser <itp> (bug #520324) + - webkit <unfixed> + - qt4-x11 <undetermined> + - kdebase <undetermined> + - kde4base <undetermined> + NOTE: proof of concept works against webkit; claimed dos-only, but may be + NOTE: be worse with a different payload CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial ...) NOT-FOR-US: PumpKIN TFTP Server CVE-2008-6790 (The admin module in MindDezign Photo Gallery 2.2 allows remote ...)