Author: gilbert-guest Date: 2010-05-13 23:53:46 +0000 (Thu, 13 May 2010) New Revision: 14692 Modified: data/CVE/list Log: NFUs and new issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-05-13 21:14:30 UTC (rev 14691) +++ data/CVE/list 2010-05-13 23:53:46 UTC (rev 14692) @@ -1,27 +1,27 @@ CVE-2010-1936 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) - TODO: check + NOT-FOR-US: openMairie openComInterne CVE-2010-1935 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) - TODO: check + NOT-FOR-US: openMairie Openpresse CVE-2010-1934 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) - TODO: check + NOT-FOR-US: openMairie openPlanning CVE-2010-1928 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) - TODO: check + NOT-FOR-US: openMairie openPlanning CVE-2010-1927 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) - TODO: check + NOT-FOR-US: openMairie openCourrier CVE-2010-1926 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) - TODO: check + NOT-FOR-US: openMairie openCourrier CVE-2010-1925 (SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows ...) - TODO: check + NOT-FOR-US: tekno.Portal CVE-2010-1924 (SQL injection vulnerability in index.php in Hi Web Wiesbaden Live ...) - TODO: check + NOT-FOR-US: Hi Web Wiesbaden Live Shopping multi Portal System CVE-2010-1923 (SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 ...) - TODO: check + NOT-FOR-US: Hi Web Wiesbaden Web Social Network Community System CVE-2010-1922 (Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 ...) - TODO: check + NOT-FOR-US: 29o3 CMS CVE-2010-1921 (Multiple PHP remote file inclusion vulnerabilities in OpenMairie ...) - TODO: check + NOT-FOR-US: OpenMairie openAnnuaire CVE-2010-1920 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ...) - TODO: check + NOT-FOR-US: OpenMairie openAnnuaire CVE-2010-1933 RESERVED CVE-2010-1932 @@ -726,8 +726,15 @@ RESERVED CVE-2010-1622 RESERVED -CVE-2010-1621 +CVE-2010-1621 [mysql plugin issue] RESERVED + - mysql <undetermined> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=590190 + TODO: check +CVE-2010-XXXX [mysql symlink attack] + - mysql <undetermined> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648 + TODO: check CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c in ...) - gnustep-base <unfixed> CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency ...) @@ -1006,10 +1013,16 @@ RESERVED CVE-2010-1513 RESERVED -CVE-2010-1512 +CVE-2010-1512 [aria2 directory traversal] RESERVED -CVE-2010-1511 + - aria2 <undetermined> + NOTE: http://seclists.org/fulldisclosure/2010/May/168 + TODO: check +CVE-2010-1511 [kget insecure file get] RESERVED + - kdenetwork <undetermined> + NOTE: http://seclists.org/fulldisclosure/2010/May/164 + TODO: check CVE-2010-1510 RESERVED CVE-2010-1509 @@ -1168,7 +1181,7 @@ CVE-2010-1483 RESERVED CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in ...) NOT-FOR-US: PmWiki CVE-2010-1480 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...) @@ -2402,8 +2415,11 @@ RESERVED CVE-2010-1001 RESERVED -CVE-2010-1000 +CVE-2010-1000 [kget directory traversal] RESERVED + - kdenetwork <undetermined> + NOTE: http://seclists.org/fulldisclosure/2010/May/165 + TODO: check CVE-2010-0999 RESERVED CVE-2010-0998 @@ -4426,10 +4442,9 @@ - zope2.11 <removed> - zope2.9 <removed> NOTE: https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html -CVE-2010-XXXX [potential sudo vuln] - - sudo <undetermined> (low; bug #565223) - TODO: check - NOTE: bug report is very speculative, but is probably worth checking +CVE-2010-XXXX [sudo glob processing issue] + - sudo 1.7.0-1 (low; bug #565223) + [lenny] - sudo <no-dsa> (no known attack vector; attacker needs to be able to modify sudoers file) CVE-2010-XXXX [makepasswd: insecure passwords generated with default settings] - makepasswd 1.10-5 (low; bug #564559) [lenny] - makepasswd <no-dsa> (Minor issue) @@ -4533,6 +4548,10 @@ CVE-2010-XXXX [zend framework multiple issues] - zendframework 1.9.7-1 NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06 +CVE-2010-XXXX [ZF2010-07] + - zendframework <undetermined> + NOTE: http://framework.zend.com/security/advisory/ZF2010-07 + TODO: check CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...) - jetty 6.1.22-1 (bug #575789) CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing ...)