Author: gilbert-guest
Date: 2010-09-23 01:08:13 +0000 (Thu, 23 Sep 2010)
New Revision: 15366
Modified:
data/CVE/list
Log:
new kernel issues and some nfus
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-09-23 00:34:52 UTC (rev 15365)
+++ data/CVE/list 2010-09-23 01:08:13 UTC (rev 15366)
@@ -1,7 +1,7 @@
CVE-2010-3478
RESERVED
CVE-2010-3477 (The tcf_act_police_dump function in net/sched/act_police.c in
the ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2010-3600
RESERVED
CVE-2010-3599
@@ -554,7 +554,7 @@
CVE-2010-3325
RESERVED
CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct
session ...)
NOT-FOR-US: Splunk
CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote ...)
@@ -676,7 +676,7 @@
RESERVED
- mailscanner <unfixed> (bug #596396; low)
CVE-2010-3278 (Multiple buffer overflows in the Novell Client novfs module for
the ...)
- TODO: check
+ NOT-FOR-US: novfs kernel module (only included in SUSE it seems)
CVE-2010-3277
RESERVED
CVE-2010-3276
@@ -879,7 +879,7 @@
CVE-2010-3201
RESERVED
CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote
...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build
19898 ...)
NOT-FOR-US: TortoiseSVN
CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7
allows ...)
@@ -1272,7 +1272,7 @@
CVE-2010-3068
RESERVED
CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the
Linux ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2010-3066
RESERVED
CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write
function in ...)
@@ -1389,9 +1389,9 @@
CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before
1.1.1 ...)
NOT-FOR-US: Pligg
CVE-2010-3012 (Cross-site scripting (XSS) vulnerability in HP System Management
...)
- TODO: check
+ NOT-FOR-US: HP System Management Homepage
CVE-2010-3011 (CRLF injection vulnerability in HP System Management Homepage
(SMH) ...)
- TODO: check
+ NOT-FOR-US: HP System Management Homepage
CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com
OfficeConnect ...)
NOT-FOR-US: HP 3Com OfficeConnect
CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH)
for ...)
@@ -1508,7 +1508,7 @@
CVE-2010-2962
RESERVED
CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for
the ...)
- TODO: check
+ NOT-FOR-US: mountall
CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c
in the ...)
- linux-2.6 2.6.32-23
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.32)
@@ -4522,7 +4522,7 @@
CVE-2010-1821
RESERVED
CVE-2010-1820 (Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x
through ...)
- TODO: check
+ NOT-FOR-US: Apple Filing Protocol Server
CVE-2010-1819
RESERVED
CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple
...)
@@ -7780,7 +7780,7 @@
CVE-2010-0782
RESERVED
CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM
...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0780
RESERVED
CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration
Console ...)
@@ -8753,7 +8753,6 @@
CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise ...)
- linux-2.6 <undetermined>
- kvm <removed>
- TODO: check
CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache
HTTP ...)
{DSA-2035-1}
- apache2 2.2.15-1