Author: gilbert-guest
Date: 2010-05-17 22:54:10 +0000 (Mon, 17 May 2010)
New Revision: 14698
Modified:
data/CVE/list
data/DSA/list
Log:
NFUs, new issues, and dsa-2038-2
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-05-17 21:15:08 UTC (rev 14697)
+++ data/CVE/list 2010-05-17 22:54:10 UTC (rev 14698)
@@ -1,7 +1,7 @@
CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the "Authorization:
Basic" header ...)
- TODO: check
+ TODO: check webkit, chromium, etc once sufficient details are revealed
CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows
allows ...)
- TODO: check
+ TODO: check webkit, chromium, etc. once sufficient details are revealed
CVE-2010-1938
RESERVED
CVE-2010-1937
@@ -727,6 +727,7 @@
CVE-2010-1625
RESERVED
CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol
plugin in ...)
+ - pidgin <undetermined>
TODO: check
CVE-2010-1623
RESERVED
@@ -863,19 +864,19 @@
CVE-2010-1569
RESERVED
CVE-2010-1568 (The Send Secure functionality in the Cisco IronPort Desktop Flag
...)
- TODO: check
+ NOT-FOR-US: Cisco IronPort Desktop Flag Plug-in for Microsoft Outlook
CVE-2010-1567 (The SIP implementation on the Cisco PGW 2200 Softswitch with
software ...)
- TODO: check
+ NOT-FOR-US: Cisco PGW
CVE-2010-1566
RESERVED
CVE-2010-1565 (Unspecified vulnerability in the SIP implementation on the Cisco
PGW ...)
- TODO: check
+ NOT-FOR-US: Cisco PGW
CVE-2010-1563 (The SIP implementation on the Cisco PGW 2200 Softswitch with
software ...)
- TODO: check
+ NOT-FOR-US: Cisco PGW
CVE-2010-1562 (The SIP implementation on the Cisco PGW 2200 Softswitch with
software ...)
- TODO: check
+ NOT-FOR-US: Cisco PGW
CVE-2010-1561 (The SIP implementation on the Cisco PGW 2200 Softswitch with
software ...)
- TODO: check
+ NOT-FOR-US: Cisco PGW
CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9
...)
NOT-FOR-US: IBM DB2
CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker
(com_sermonspeaker) ...)
@@ -927,23 +928,23 @@
- gitolite 1.4.2-1 (medium)
NOTE: http://secunia.com/advisories/39587/
CVE-2010-1558 (Unspecified vulnerability in HP Multifunction Peripheral (MFP)
Digital ...)
- TODO: check
+ NOT-FOR-US: HP MFP Digital Sending Software
CVE-2010-1557 (Multiple cross-site scripting (XSS) vulnerabilities in HP
Insight ...)
- TODO: check
+ NOT-FOR-US: HP Insight Control Server Migration
CVE-2010-1556 (Unspecified vulnerability in HP Systems Insight Manager (SIM)
5.3, 5.3 ...)
- TODO: check
+ NOT-FOR-US: HP Systems Insight Manager
CVE-2010-1555 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView
Network ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1554 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView
Network ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1553 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView
Network ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1552 (Stack-based buffer overflow in the doLoad function in
snmpviewer.exe ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1551 (Stack-based buffer overflow in the _OVParseLLA function in
ov.dll in ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1550 (Format string vulnerability in ovet_demandpoll.exe in HP
OpenView ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before
9.50 ...)
NOT-FOR-US: HP LoadRunner
CVE-2010-1548
@@ -1029,9 +1030,9 @@
NOTE: http://seclists.org/fulldisclosure/2010/May/164
TODO: check
CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows
remote ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified
integer ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2010-1508
RESERVED
CVE-2010-1507
@@ -1625,36 +1626,36 @@
CVE-2010-1295
RESERVED
CVE-2010-1294 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and
9.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2010-1293 (Cross-site scripting (XSS) vulnerability in the Administrator
page in ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave
...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609
might ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1285
RESERVED
CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to
cause a ...)
- texlive-bin 2009-1 (low; bug #520920)
[lenny] - texlive-bin 2007.dfsg.2-4+lenny2
CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse
3D ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not
...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1279 (Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x
...)
NOT-FOR-US: Adobe Photoshop
CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in
gp.ocx in ...)
@@ -2450,9 +2451,9 @@
CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3
allow ...)
NOT-FOR-US: Pulse CMS
CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before
11.5.7.609 ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly
process ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4735 (SQL injection vulnerability in login.php in Allomani Audio
& Video ...)
NOT-FOR-US: Allomani Audio & Video Library
CVE-2009-4734 (SQL injection vulnerability in login.php in Allomani Movies
Library ...)
@@ -3663,13 +3664,13 @@
CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before
1.6.0 ...)
NOT-FOR-US: osTicket
CVE-2010-0604 (Unspecified vulnerability in the SIP implementation on the Cisco
PGW ...)
- TODO: check
+ NOT-FOR-US: Cisco PGW
CVE-2010-0603 (The SIP implementation on the Cisco PGW 2200 Softswitch with
software ...)
- TODO: check
+ NOT-FOR-US: Cisco PWG
CVE-2010-0602 (The SIP implementation on the Cisco PGW 2200 Softswitch with
software ...)
- TODO: check
+ NOT-FOR-US: Cisco PGW
CVE-2010-0601 (The MGCP implementation on the Cisco PGW 2200 Softswitch with
software ...)
- TODO: check
+ NOT-FOR-US: Cisco PGW
CVE-2010-0600
RESERVED
CVE-2010-0599
@@ -4021,7 +4022,7 @@
CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold,
SP1, ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-0475 (Cross-site scripting (XSS) vulnerability in esp/editUser.esp in
the ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks Firewall
CVE-2010-0474
RESERVED
CVE-2010-0473
@@ -5124,13 +5125,13 @@
CVE-2010-0131
RESERVED
CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609
might ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before
11.5.7.609 ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player
...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0126
RESERVED
CVE-2010-0125
@@ -7955,7 +7956,7 @@
CVE-2009-3679
RESERVED
CVE-2009-3678 (Microsoft Windows 7, when running on 64-bit platforms, allows
local ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows
2000 ...)
NOT-FOR-US: Microsoft Internet Authentication Service
CVE-2009-3676 (The SMB client in the kernel in Microsoft Windows Server 2008 R2
and ...)
@@ -8592,7 +8593,7 @@
CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop
Environment ...)
NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris
CVE-2009-3467 (Cross-site scripting (XSS) vulnerability in an unspecified
method in ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers
to ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers
to ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2010-05-17 21:15:08 UTC (rev 14697)
+++ data/DSA/list 2010-05-17 22:54:10 UTC (rev 14698)
@@ -1,3 +1,6 @@
+[17 May 2010] DSA-2038-2 pidgin - regression fix
+ {CVE-2010-0420 CVE-2010-0423}
+ [lenny] - pidgin 2.4.3-4lenny7
[17 May 2010] DSA-2047-1 aria2 - directory traversal
{CVE-2010-1512}
[lenny] - aria2 0.14.0-1+lenny2