thr3ads.net - Secure testing commits - [Secure-testing-commits] r14896

If this information is useful, please help other people find it:
Share via:
Michael Gilbert
2010-Jun-23 00:08 UTC
[Secure-testing-commits] r14896 - data/CVE

Author: gilbert-guest
Date: 2010-06-23 00:08:44 +0000 (Wed, 23 Jun 2010)
New Revision: 14896

Modified:
   data/CVE/list
Log:
NFUs and new issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-06-22 21:14:38 UTC (rev 14895)
+++ data/CVE/list	2010-06-23 00:08:44 UTC (rev 14896)
@@ -119,83 +119,85 @@
 CVE-2010-2360
 	RESERVED
 CVE-2010-2359 (SQL injection vulnerability in eWebQuiz.asp in
ActiveWebSoftwares.com ...)
-	TODO: check
+	NOT-FOR-US: eWebquiz
 CVE-2010-2358 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Nakid CMS
 CVE-2010-2357 (SQL injection vulnerability in index.php in Eicra Realestate
Script ...)
-	TODO: check
+	NOT-FOR-US: Eicra Realestate Script
 CVE-2010-2356 (Cross-site scripting (XSS) vulnerability in subscribe.php in
Pilot ...)
-	TODO: check
+	NOT-FOR-US: Pilot Group eLMS Pro
 CVE-2010-2355 (Cross-site scripting (XSS) vulnerability in error.php in Pilot
Group ...)
-	TODO: check
+	NOT-FOR-US: Pilot Group eLMS Pro
 CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG)
eLMS ...)
-	TODO: check
+	NOT-FOR-US: Pilot Group eLMS Pro
 CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK)
module 6.x ...)
-	TODO: check
+	NOT-FOR-US: CCK module for Drupal
 CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK)
module 5.x ...)
-	TODO: check
+	NOT-FOR-US: CCK module for Drupal
 CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware
SMB 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Novell Netware
 CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0
allows ...)
+	- ziproxy <undetermined>
 	TODO: check
 CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of
service ...)
-	TODO: check
+	NOT-FOR-US: H264WebCam
 CVE-2010-2348 (Stack-based buffer overflow in Batch Audio Converter Lite
Edition ...)
-	TODO: check
+	NOT-FOR-US: Batch Audio Converter
 CVE-2010-2347 (The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR)
6.40 ...)
-	TODO: check
+	NOT-FOR-US: SAP J2EE Telnet Interface
 CVE-2010-2346
 	RESERVED
 CVE-2010-2345 (Cross-site request forgery (CSRF) vulnerability in odCMS 1.06,
and ...)
-	TODO: check
+	NOT-FOR-US: odCMS
 CVE-2010-2344 (Multiple cross-site scripting (XSS) vulnerabilities in odCMS
1.06, and ...)
-	TODO: check
+	NOT-FOR-US: odCMS
 CVE-2010-2343 (Stack-based buffer overflow in D.R. Software Audio Converter
8.1, ...)
-	TODO: check
+	NOT-FOR-US: D.R. Software Audio Converter
 CVE-2010-2342 (SQL injection vulnerability in onlinenotebookmanager.asp in
DMXReady ...)
-	TODO: check
+	NOT-FOR-US: DMXReady Online Notebook Manager
 CVE-2010-2341 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: EZPX Photoblog
 CVE-2010-2340 (SQL injection vulnerability in members.php in Arab Portal 2.2,
when ...)
-	TODO: check
+	NOT-FOR-US: Arab Portal
 CVE-2010-2339 (SQL injection vulnerability in admin/pages.php in Subdreamer CMS
3.x.x ...)
-	TODO: check
+	NOT-FOR-US: Subdreamer CMS
 CVE-2010-2338 (Multiple SQL injection vulnerabilities in redir.asp in VU Web
Visitor ...)
-	TODO: check
+	NOT-FOR-US: VU Web Visitor Analyst
 CVE-2010-2337
 	RESERVED
 CVE-2010-2336 (index.php in Yamamah Photo Gallery 1.00 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Yamamah Photo Gallery
 CVE-2010-2335 (SQL injection vulnerability in index.php in Yamamah Photo
Gallery ...)
-	TODO: check
+	NOT-FOR-US: Yamamah Photo Gallery
 CVE-2010-2334 (Directory traversal vulnerability in themes/default/download.php
in ...)
-	TODO: check
+	NOT-FOR-US: Yamamah Phote Gallery
 CVE-2010-2333 (LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15
allows ...)
-	TODO: check
+	NOT-FOR-US: LiteSpeed Web Server
 CVE-2010-2332 (Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other
versions ...)
-	TODO: check
+	NOT-FOR-US: Impact PDF Reader
 CVE-2010-2331 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0
...)
-	TODO: check
+	NOT-FOR-US: iSharer File Sharing Wizard
 CVE-2010-2330 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0
...)
-	TODO: check
+	NOT-FOR-US: iSharer File Sharing Wizard
 CVE-2010-2329 (Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Rosoft Audio Converter
 CVE-2010-2328 (The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0
before ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-2327 (mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before
...)
-	TODO: check
+	NOT-FOR-US: IBM HTTP Server
 CVE-2010-2326 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when
...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-2325 (Cross-site scripting (XSS) vulnerability in the administrative
console ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-2324 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on
z/OS ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-2323 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on
z/OS ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-2322 (Absolute path traversal vulnerability in the extract_jar
function in ...)
-	TODO: check
+	- fastjar 2:0.98-3
+	- openjdk <undetermined>
 CVE-2010-2321 (Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted
remote ...)
-	TODO: check
+	NOT-FOR-US: Adobe InDesign
 CVE-2009-4902 (Buffer overflow in the MSGFunctionDemarshall function in ...)
 	TODO: check
 CVE-2009-4901 (The MSGFunctionDemarshall function in winscard_svc.c in the
PC/SC ...)
@@ -235,23 +237,32 @@
 CVE-2010-2304 (The toAlphabetic function in rendering/RenderListMarker.cpp in
WebCore ...)
 	- webkit <unfixed> (medium; bug #586547)
 CVE-2010-2303 (page/Geolocation.cpp in WebCore in WebKit in Google Chrome
before ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google
Chrome ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp
in ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes
...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2299 (The Clipboard::DispatchObject function in
app/clipboard/clipboard.cc ...)
-	TODO: check
+	- webkit <not-affected> (chromium-specific)
+	- chromium-browser <undetermined>
 CVE-2010-2298 (browser/renderer_host/database_dispatcher_host.cc in Google
Chrome ...)
-	TODO: check
+	- webkit <not-affected> (chromium-specific)
+	- chromium-browser <undetermined>
 CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google
Chrome ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome
before ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome
before ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2009-4900
 	RESERVED
 CVE-2009-4899
@@ -800,9 +811,10 @@
 	- pyftpd 0.8.5 (low; bug #585773)
 	[lenny] - pyftpd <no-dsa> (Minor issue)
 CVE-2010-2071 (The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in
the ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	[lenny] - linux-2.6 <not-affected> (btrfs introduced in 2.6.29)
 CVE-2010-2070 (arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel
2.6.18, and ...)
-	TODO: check
+	- linux-2.6 <not-affected> (redhat-specific issue)
 CVE-2010-2069
 	RESERVED
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server
2.2.9 ...)
@@ -1062,7 +1074,7 @@
 CVE-2010-1965
 	RESERVED
 CVE-2010-1964 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter
allows ...)
 	NOT-FOR-US: HP ServiceCenter
 CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5
...)
@@ -1841,11 +1853,9 @@
 	NOT-FOR-US: Joomla
 CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login
interface ...)
 	- mediawiki 1.15.4-1 (bug #585918; low)
-	[lenny] - mediawiki <unfixed> (low)
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
 CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15
before ...)
 	- mediawiki 1.15.4-1 (bug #585918; low)
-	[lenny] - mediawiki <unfixed> (low)
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
 CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22
and ...)
 	{DSA-2062-1}
Secure testing commits - Jun 2010 - r14896 - data/CVE

[Secure-testing-commits] r14896 - data/CVE
