Secure testing commits - Aug 2010 - r15227 - data/CVE

Author: kees
Date: 2010-08-28 20:13:55 +0000 (Sat, 28 Aug 2010)
New Revision: 15227

Modified:
   data/CVE/list
Log:
NFUs: 87

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-08-28 13:45:39 UTC (rev 15226)
+++ data/CVE/list	2010-08-28 20:13:55 UTC (rev 15227)
@@ -1,3 +1,103 @@
+CVE-2010-3155
+	NOT-FOR-US: Adobe ExtendedScript Toolkit
+CVE-2010-3154
+	NOT-FOR-US: Adobe Extension Manager
+CVE-2010-3153
+	NOT-FOR-US: Adobe InDesign
+CVE-2010-3152
+	NOT-FOR-US: Adobe Illustrator
+CVE-2010-3151
+	NOT-FOR-US: Adobe On Location
+CVE-2010-3150
+	NOT-FOR-US: Adobe Premier Pro
+CVE-2010-3149
+	NOT-FOR-US: Adobe Device Central
+CVE-2010-3148
+	NOT-FOR-US: Microsoft Visio
+CVE-2010-3147
+	NOT-FOR-US: Microsoft Address Book
+CVE-2010-3146
+	NOT-FOR-US: Microsoft Office Groove
+CVE-2010-3145
+	NOT-FOR-US: Microsoft Vista BitLocker
+CVE-2010-3144
+	NOT-FOR-US: Microsoft Internet Connection Signup Wizard
+CVE-2010-3143
+	NOT-FOR-US: Microsoft Windows Contacts
+CVE-2010-3142
+	NOT-FOR-US: Microsoft Office PowerPoint
+CVE-2010-3141
+	NOT-FOR-US: Microsoft Power Point
+CVE-2010-3140
+	NOT-FOR-US: Microsoft Windows Internet Communication Settings
+CVE-2010-3139
+	NOT-FOR-US: Microsoft Windows Progman Group Converter
+CVE-2010-3138
+	NOT-FOR-US: Microsoft Windows Media Player
+CVE-2010-3137
+	NOT-FOR-US: Nullsoft Winamp
+CVE-2010-3136
+	NOT-FOR-US: Skype
+CVE-2010-3135
+	NOT-FOR-US: Cisco Packet Tracer
+CVE-2010-3134
+	NOT-FOR-US: Google Earth
+CVE-2010-3132
+	NOT-FOR-US: Adobe Dreamweaver
+CVE-2010-3130
+	NOT-FOR-US: TechSmith Snagit
+CVE-2010-3129
+	NOT-FOR-US: uTorrent
+CVE-2010-3128
+	NOT-FOR-US: TeamViewer
+CVE-2010-3127
+	NOT-FOR-US: Adobe PhotoShop
+CVE-2010-3126
+	NOT-FOR-US: avast! Free Antivirus version
+CVE-2010-3125
+	NOT-FOR-US: TeamMate Audit Management Software Suite
+CVE-2010-3122
+	NOT-FOR-US: DevonIT thin-client management tool
+CVE-2010-3121
+	NOT-FOR-US: DevonIT thin-client management tool
+CVE-2009-4995
+	NOT-FOR-US: SmarterTools SmarterTrack
+CVE-2009-4994
+	NOT-FOR-US: SmarterTools SmarterTrack
+CVE-2009-4993
+	NOT-FOR-US: LM Starmail Paidmail
+CVE-2009-4992
+	NOT-FOR-US: LM Starmail Paidmail
+CVE-2009-4991
+	NOT-FOR-US: Omnistar Recruiting
+CVE-2009-4990
+	NOT-FOR-US: Webform report module for Drupal
+CVE-2009-4989
+	NOT-FOR-US: AJ Auction Pro OOPD
+CVE-2009-4988
+	NOT-FOR-US: SAP Business One
+CVE-2009-4987
+	NOT-FOR-US: Scripteen Free Image Hosting Script
+CVE-2009-4986
+	NOT-FOR-US: In-Portal
+CVE-2009-4985
+	NOT-FOR-US: Accessories Me PHP Affiliate Script
+CVE-2009-4984
+	NOT-FOR-US: Accessories Me PHP Affiliate Script
+CVE-2009-4983
+	NOT-FOR-US: Silurus Classifieds
+CVE-2009-4982
+	NOT-FOR-US: Irokez CMS
+CVE-2009-4981
+	NOT-FOR-US: Photokorn Gallery
+CVE-2009-4980
+	NOT-FOR-US: Photokorn Gallery
+CVE-2009-4979
+	NOT-FOR-US: Photokorn Gallery
+CVE-2009-4978
+	NOT-FOR-US: MyBackup
+CVE-2009-4977
+	NOT-FOR-US: MyBackup
 CVE-2010-3124 [DLL issue and VLC]
 	- vlc <not-affected> (Windows specific vulnerability)
 CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the
...)
@@ -566,45 +666,45 @@
 CVE-2010-2883
 	RESERVED
 CVE-2010-2882
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2881
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2880
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2879
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2878
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2877
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2876
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2875
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2874
 	RESERVED
 CVE-2010-2873
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2872
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2871
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2870
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2869
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2868
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2867
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2866
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2865
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2864
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2863
-	RESERVED
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and
9.3.3, and ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2010-2861 (Multiple directory traversal vulnerabilities in the
administrator ...)
@@ -688,13 +788,13 @@
 CVE-2010-2841
 	RESERVED
 CVE-2010-2840
-	RESERVED
+	NOT-FOR-US: Cisco
 CVE-2010-2839
-	RESERVED
+	NOT-FOR-US: Cisco
 CVE-2010-2838
-	RESERVED
+	NOT-FOR-US: Cisco
 CVE-2010-2837
-	RESERVED
+	NOT-FOR-US: Cisco
 CVE-2010-2836
 	RESERVED
 CVE-2010-2835
@@ -785,9 +885,9 @@
 CVE-2010-2797
 	RESERVED
 CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2,
when ...)
-	TODO: check
+	NOT-FOR-US: phpCAS
 CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack
...)
-	TODO: check
+	NOT-FOR-US: phpCAS
 CVE-2010-2794
 	RESERVED
 CVE-2010-2793
@@ -1033,7 +1133,7 @@
 CVE-2010-2712
 	RESERVED
 CVE-2010-2711
-	RESERVED
+	NOT-FOR-US: HP MagCloud app
 CVE-2010-2710 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
 	NOT-FOR-US: HP OpenView 
 CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView
Network ...)
@@ -1878,11 +1978,11 @@
 CVE-2010-2363
 	RESERVED
 CVE-2010-2362
-	RESERVED
+	NOT-FOR-US: Winny
 CVE-2010-2361
-	RESERVED
+	NOT-FOR-US: Winny
 CVE-2010-2360
-	RESERVED
+	NOT-FOR-US: Winny
 CVE-2010-2359 (SQL injection vulnerability in eWebQuiz.asp in
ActiveWebSoftwares.com ...)
 	NOT-FOR-US: eWebquiz
 CVE-2010-2358 (PHP remote file inclusion vulnerability in ...)
@@ -2224,7 +2324,7 @@
 	- libvirt 0.8.3-1 (low)
 	[lenny] - libvirt <no-dsa> (Minor issue)
 CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for
Red ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Directory Server
 CVE-2010-2240 [mm: keep a guard page below a grow-down stack segment]
 	RESERVED
 	{DSA-2094-1}
@@ -2631,7 +2731,7 @@
 CVE-2010-2077
 	REJECTED
 CVE-2010-2076 (Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x
before ...)
-	TODO: check
+	NOT-FOR-US: Apache CXF
 CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from
...)
 	- unrealircd <itp> (bug #515130)
 CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...)
@@ -3312,7 +3412,7 @@
 CVE-2010-1809
 	RESERVED
 CVE-2010-1808
-	RESERVED
+	NOT-FOR-US: Apple Mac OS X
 CVE-2010-1807
 	RESERVED
 CVE-2010-1806
@@ -3324,11 +3424,11 @@
 CVE-2010-1803
 	RESERVED
 CVE-2010-1802
-	RESERVED
+	NOT-FOR-US: Apple Mac OS X
 CVE-2010-1801
-	RESERVED
+	NOT-FOR-US: CoreGraphics
 CVE-2010-1800
-	RESERVED
+	NOT-FOR-US: CFNetwork
 CVE-2010-1799 (Stack-based buffer overflow in the error-logging functionality
in ...)
 	NOT-FOR-US: Apple QuickTime on Windows
 CVE-2010-1798
@@ -8426,7 +8526,7 @@
 CVE-2010-0135 (Heap-based buffer overflow in the WordPerfect 5.x reader
(wosr.dll), ...)
 	NOT-FOR-US: WordPerfect reader on Windows
 CVE-2010-0134 (Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4
and ...)
-	TODO: check
+	NOT-FOR-US: Autonomy KeyView
 CVE-2010-0133 (Multiple stack-based buffer overflows in the SpreadSheet Lotus
123 ...)
 	NOT-FOR-US: SpreadSheet Lotus 123 reader
 CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before
1.1.5 ...)
@@ -8442,7 +8542,7 @@
 CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers
to ...)
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-0126 (Heap-based buffer overflow in an unspecified library in Autonomy
...)
-	TODO: check
+	NOT-FOR-US: Autonomy KeyView
 CVE-2010-0125
 	RESERVED
 CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on
the ...)