Author: gilbert-guest Date: 2010-06-27 02:10:35 +0000 (Sun, 27 Jun 2010) New Revision: 14908 Modified: data/CVE/list Log: NFUs and new issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-25 21:14:41 UTC (rev 14907) +++ data/CVE/list 2010-06-27 02:10:35 UTC (rev 14908) @@ -3,53 +3,56 @@ CVE-2010-2451 RESERVED CVE-2010-2443 (Unspecified vulnerability in LibTIFF before 3.9.3 allows remote ...) + - tiff <undetermined> TODO: check CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...) - TODO: check + - webkit <unfixed> (low) + - chromium-browser <unfixed> (low) + NOTE: poc seems to work, but only intermitently (maybe every 20th character) CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation ...) - TODO: check + NOT-FOR-US: Subtitle Translation Wizard CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to ...) - TODO: check + NOT-FOR-US: MoreAmp CVE-2010-2438 (SQL injection vulnerability in G.CMS generator allows remote attackers ...) - TODO: check + NOT-FOR-US: G.CMS CVE-2010-2437 (Cross-site scripting (XSS) vulnerability in class/tools.class.php in ...) - TODO: check + NOT-FOR-US: AneCMS BLog CVE-2010-2436 (SQL injection vulnerability in modules/blog/index.php in AneCMS Blog ...) - TODO: check + NOT-FOR-US: AneCMS Blog CVE-2010-2435 (Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause ...) - TODO: check + - weborf 0.12.2-1 CVE-2010-2434 RESERVED CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS ...) - TODO: check + - cups <unfixed> CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local users, ...) - TODO: check + - cups <unfixed> CVE-2010-2430 RESERVED CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, ...) - TODO: check + NOT-FOR-US: Splunk CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the ...) - TODO: check + NOT-FOR-US: Wing FTP Server CVE-2010-2427 RESERVED CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River ...) - TODO: check + NOT-FOR-US: Titan FTP Server CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River ...) - TODO: check + NOT-FOR-US: Titan FTP Server CVE-2010-2424 RESERVED CVE-2010-2423 RESERVED CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone ...) - TODO: check + NOT-FOR-US: PortalTransforms CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have ...) - TODO: check + NOT-FOR-US: Opera CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...) - TODO: check + NOT-FOR-US: Sleipnir CVE-2008-7257 RESERVED CVE-2010-XXXX [IE-specific XSS issue] @@ -482,8 +485,9 @@ RESERVED CVE-2010-2244 RESERVED -CVE-2010-2243 +CVE-2010-2243 [timekeeping oops] RESERVED + - linux-2.6 2.6.32-11 CVE-2010-2242 RESERVED CVE-2010-2241 @@ -523,11 +527,12 @@ CVE-2010-2226 RESERVED CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...) + - php5 <undetermined> TODO: check CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...) - TODO: check + NOT-FOR-US: Reh Had Enterprise Virtualization Manager (RHEV-M) CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...) - TODO: check + NOT-FOR-US: Red Hat Enterprise Virtualization Hypervisor (RHEV-H) CVE-2010-2222 RESERVED CVE-2010-2221 @@ -917,6 +922,7 @@ CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...) - apache2 <not-affected> (does not affect UNIX, only Windows, etc.) CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function ...) + - tiff <undetermined> TODO: check CVE-2010-2066 RESERVED @@ -1629,7 +1635,7 @@ CVE-2010-1776 RESERVED CVE-2010-1775 (Race condition in Passcode Lock in Apple iOS before 4 on the iPhone ...) - TODO: check + NOT-FOR-US: Apple iPhone Passcode Lock CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit <undetermined> NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261 @@ -1702,19 +1708,23 @@ NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697 NOTE: http://trac.webkit.org/changeset/59098 CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...) + - webkit <undetermined> + - chromium-browser <undetermined> + NOTE: is this CVE-2010-2441 a dup of this? TODO: check CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...) - TODO: check + NOT-FOR-US: Apple iPhone CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2010-1754 (Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does ...) - TODO: check + NOT-FOR-US: Apple Passcode Lock CVE-2010-1753 (ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows ...) + - tiff <undetermined> TODO: check CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the ...) - TODO: check + NOT-FOR-US: Apple CFNetwork CVE-2010-1751 (Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch ...) - TODO: check + NOT-FOR-US: Apple Application Sandbox CVE-2010-1750 (Use-after-free vulnerability in Apple Safari before 5.0 on Windows ...) - webkit <undetermined> CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) @@ -1723,7 +1733,7 @@ NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625 NOTE: http://trac.webkit.org/changeset/45941 CVE-2010-1748 (The cgi_initialize_string function in cgi-bin/var.c in the web ...) - TODO: check + - cups <unfixed> CVE-2010-1747 RESERVED CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table JX ...) @@ -1980,6 +1990,8 @@ - clamav 0.96.1+dfsg-1 (bug #584183) [lenny] - clamav <end-of-life> CVE-2010-1638 (The IMP plugin in Horde allows remote attackers to bypass firewall ...) + - horde3 <undetermined> + - squirrelmail <undetermined> TODO: check CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...) - squirrelmail <unfixed> (unimportant) @@ -2001,6 +2013,7 @@ - openssl <not-affected> (This bug is only present in OpenSSL 1.0.0) TODO: recheck once >= 1.0.0 gets uploaded CVE-2010-1632 (Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server ...) + - axis2c <undetermined> TODO: check CVE-2010-1631 RESERVED @@ -2021,6 +2034,8 @@ - mysql-dfsg-5.0 <removed> (low; bug #584400) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648 CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...) + - lxr <undetermined> + - lxr-cvs <undetermined> TODO: check CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...) - pidgin 2.7.0-1 (low) @@ -3392,7 +3407,7 @@ - postgresql-8.4 8.4.4-1 (low) - postgresql-8.3 <removed> CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows ...) - TODO: check + - perl 5.10.1-13 (bug #582978) CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X ...) - xorg-server <not-affected> (Xorg in Lenny onwards uses Pixman, which isn''t affected) NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html @@ -4609,9 +4624,9 @@ CVE-2010-0780 RESERVED CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2010-0778 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2010-0777 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0776 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...) @@ -5335,13 +5350,15 @@ NOTE: http://trac.webkit.org/changeset/58792 NOTE: http://trac.webkit.org/changeset/58796 CVE-2010-0543 (ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows ...) + - tiff <undetermined> TODO: check CVE-2010-0542 (The _WriteProlog function in texttops.c in texttops in the Text Filter ...) - TODO: check + - cups <unfixed> CVE-2010-0541 (Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in ...) + - libwebapp-ruby <undetermined> TODO: check CVE-2010-0540 (Cross-site request forgery (CSRF) vulnerability in the web interface ...) - TODO: check + - cups <unfixed> CVE-2010-0539 (Integer signedness error in the window drawing implementation in Apple ...) NOT-FOR-US: Apple Java CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X ...) @@ -8985,7 +9002,7 @@ CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...) NOT-FOR-US: Adobe Flash CVE-2009-3793 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) ...) NOT-FOR-US: Adobe Flash Media Server CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...)