Author: jmw Date: 2011-01-21 22:27:25 +0000 (Fri, 21 Jan 2011) New Revision: 15936 Modified: data/CVE/list Log: NFUs asterisk buffer overflow has CVE and bug Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-01-21 21:14:41 UTC (rev 15935) +++ data/CVE/list 2011-01-21 22:27:25 UTC (rev 15936) @@ -229,53 +229,56 @@ CVE-2011-0520 RESERVED CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP Photo ...) - TODO: check + NOT-FOR-US: Gallarific CVE-2011-0518 (Directory traversal vulnerability in core/lib/router.php in LotusCMS ...) - TODO: check + NOT-FOR-US: LotusCMS CVE-2011-0517 (Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and ...) - TODO: check + NOT-FOR-US: Winlog Pro CVE-2011-0516 (SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site ...) - TODO: check + NOT-FOR-US: BetMore Site Suite CVE-2011-0515 (KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 ...) - TODO: check + NOT-FOR-US: Kingsoft AntiVirus CVE-2011-0514 (The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows ...) - TODO: check + NOT-FOR-US: HP Data Protector Manager CVE-2011-0513 (DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows ...) - TODO: check + NOT-FOR-US: SecurStar DriveCrypt CVE-2011-0512 (SQL injection vulnerability in team.php in the Teams Structure module ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2011-0511 (SQL injection vulnerability in the allCineVid component ...) - TODO: check + NOT-FOR-US: Joomla CVE-2011-0510 (SQL injection vulnerability in cart.php in Advanced Webhost Billing ...) - TODO: check + NOT-FOR-US: Advanced Webhost Billing System CVE-2011-0509 (Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows ...) - TODO: check + NOT-FOR-US: Vaadin CVE-2011-0508 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Contao CMS CVE-2011-0507 (FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 ...) - TODO: check + NOT-FOR-US: Blackmoon FTP + NOTE: Windows-only CVE-2011-0506 (Directory traversal vulnerability in modules/profile/user.php in Ax ...) - TODO: check + NOT-FOR-US: AxDCMS CVE-2011-0505 (Directory traversal vulnerability in system/system.php in Zwii 2.1.1, ...) - TODO: check + NOT-FOR-US: Zwii CVE-2011-0504 (Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, ...) - TODO: check + NOT-FOR-US: VaM Shop CVE-2011-0503 (Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, ...) - TODO: check + NOT-FOR-US: VaM Shop CVE-2011-0502 (Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly ...) - TODO: check + NOT-FOR-US: Music Animation Machine MIDI Player + NOTE: Windows-only CVE-2011-0501 (Stack-based buffer overflow in Music Animation Machine MIDI Player ...) - TODO: check + NOT-FOR-US: Music Animation Machine MIDI Player + NOTE: Windows-only CVE-2011-0500 (Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and ...) - TODO: check + NOT-FOR-US: VideoSpirit Pro CVE-2011-0499 (Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier ...) - TODO: check + NOT-FOR-US: VideoSpirit Pro CVE-2011-0498 (Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, ...) - TODO: check + NOT-FOR-US: Nokia Multimedia Player CVE-2011-0497 (Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ...) - TODO: check + NOT-FOR-US: Sybase EAServer CVE-2011-0496 (Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ...) - TODO: check + NOT-FOR-US: Sybase EAServer CVE-2010-4703 (SQL injection vulnerability in default.asp in HotWebScripts HotWeb ...) TODO: check CVE-2010-4702 (SQL injection vulnerability in JRadio (com_jradio) component before ...) @@ -283,9 +286,9 @@ CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function in ...) TODO: check CVE-2011-0495 (Stack-based buffer overflow in the ast_uri_encode function in ...) - TODO: check + - asterisk <unfixed> (bug #610487) CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...) - TODO: check + NOT-FOR-US: IBM Tivoli Access Manager CVE-2011-0489 (The server components in Objectivity/DB 10.0 do not require ...) TODO: check CVE-2011-0488 (Stack-based buffer overflow in NTWebServer.exe in the test web service ...)