thr3ads.net - Secure testing commits - [Secure-testing-commits] r16918

If this information is useful, please help other people find it:
Share via:
Helmut Grohne
2011-Jul-10 14:22 UTC
[Secure-testing-commits] r16918 - data/CVE

Author: helmut-guest
Date: 2011-07-10 14:22:17 +0000 (Sun, 10 Jul 2011)
New Revision: 16918

Modified:
   data/CVE/list
Log:
added NFUs and possibly affected packages

Note that the NFU for CVE-2011-2608 was wrong.

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-07-09 14:57:20 UTC (rev 16917)
+++ data/CVE/list	2011-07-10 14:22:17 UTC (rev 16918)
@@ -1,3 +1,17 @@
+CVE-2010-4814 (SQL injection vulnerability in index1.php ...)
+	NOT-FOR-US: Best Soft Inc.
+CVE-2010-4813 (Cross-site scripting (XSS) vulnerability in the Category Tokens
module ...)
+	NOT-FOR-US: Drupal 6.x Category Tokens module
+CVE-2010-4812 (Multiple SQL injection vulnerabilities ...)
+	NOT-FOR-US: 6kbbs
+CVE-2010-4811 (Multiple cross-site scripting (XSS) vulnerabilities in
ajaxmember.php ...)
+	NOT-FOR-US: 6kbbs
+CVE-2010-4810 (Multiple PHP remote file inclusion vulnerabilities ...)
+	NOT-FOR-US: AR Web Content Manager
+CVE-2010-4809 (SQL injection vulnerability in index.php ...)
+	NOT-FOR-US: DBSite
+CVE-2010-4808 (SQL injection vulnerability in index.php ...)
+	NOT-FOR-US: Webmatic
 CVE-2011-2682 (The Login component in IBM Rational DOORS Web Access 1.4.x
before ...)
 	NOT-FOR-US: IBM Rational DOORS Web Access
 CVE-2011-2681 (IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not
properly ...)
@@ -38,11 +52,12 @@
 CVE-2011-2667
 	RESERVED
 CVE-2011-2666 (The default configuration of the SIP channel driver in Asterisk
Open ...)
-	TODO: check
+	- asterisk <undetermined>
 CVE-2011-2665 (reqresp_parser.c in the SIP channel driver in Asterisk Open
Source ...)
-	TODO: check
-CVE-2011-2664
+	- asterisk <undetermined>
+CVE-2011-2664 (... allows local users on the MDS system to overwrite arbitrary
files ...)
 	RESERVED
+	NOT-FOR-US: Check Point Multi-Domain Management
 CVE-2011-2663
 	RESERVED
 CVE-2011-2662
@@ -162,7 +177,7 @@
 CVE-2011-2609 (Opera before 11.50 does not properly restrict data: URIs, which
makes ...)
 	NOT-FOR-US: Opera
 CVE-2011-2608 (ovbbccb.exe 6.20.50.0 and earlier in HP OpenView Performance
Agent ...)
-	NOT-FOR-US: Opera
+	NOT-FOR-US: HP OpenView
 CVE-2011-2607 (Cross-site scripting (XSS) vulnerability in IBM Rational Team
Concert ...)
 	NOT-FOR-US: IBM Rational Team Concert
 CVE-2011-2606 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM
Rational ...)
@@ -196,17 +211,18 @@
 	- groff 1.20.1-5 (unimportant; bug #538338)
 	NOTE: Only exploitable during build
 CVE-2009-5081 (The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and
(3) ...)
-	TODO: check
+	- groff <undetermined>
+	NOTE: Only exploitable during build
 CVE-2009-5080 (The (1) contrib/eqn2graph/eqn2graph.sh, (2) ...)
-	TODO: check
+	- groff <undetermined>
 CVE-2009-5079 (The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) ...)
-	TODO: check
+	- groff <undetermined>
 CVE-2009-5078 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21
...)
 	- groff 1.20.1-5 (low; bug #538338)
 	[etch] - groff <not-affected> (pdfroff not yet present)
 	[lenny] - groff <not-affected> (pdfroff not yet present)
 CVE-2011-2597 (The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18,
1.4.x ...)
-	TODO: check
+	- wireshark <undetermined>
 CVE-2011-2596
 	RESERVED
 CVE-2011-2595
@@ -837,6 +853,7 @@
 	- webkit <not-affected>
 CVE-2011-2344
 	RESERVED
+	NOT-FOR-US: Android SDK
 CVE-2011-2343
 	RESERVED
 CVE-2011-2341
@@ -1110,7 +1127,8 @@
 	[squeeze] - dbus 1.2.24-4+squeeze1
 	[lenny] - dbus <no-dsa> (Minor issue)
 CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on
Rails 2.x ...)
-	TODO: check
+	- rails <undetermined>
+	NOTE: likely affected since sid is < 2.3.12
 CVE-2011-2196
 	RESERVED
 CVE-2011-2195
@@ -1822,7 +1840,7 @@
 	- fetchmail <unfixed> (unimportant)
 	NOTE:
http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt
 CVE-2011-1946 (gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message
but ...)
-	TODO: check
+	NOT-FOR-US: libgnomesu
 CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL
1.0.0d and ...)
 	- openssl <unfixed> (low)
 CVE-2011-1944
@@ -3154,11 +3172,11 @@
 CVE-2011-1483
 	RESERVED
 CVE-2011-1482 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke
 CVE-2011-1481 (Multiple cross-site scripting (XSS) vulnerabilities in Francisco
Burzi ...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke
 CVE-2011-1480 (SQL injection vulnerability in admin.php in the administration
backend ...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke
 CVE-2011-1479
 	RESERVED
 	- linux-2.6 2.6.38-4
@@ -3614,11 +3632,11 @@
 CVE-2011-1338
 	RESERVED
 CVE-2011-1337 (Opera before 11.50 allows remote attackers to cause a denial of
...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2011-1336 (Buffer overflow in ALZip 8.21 and earlier allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: ALZip
 CVE-2011-1335 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7,
and 8 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2011-1334 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6,
Cybozu ...)
 	NOT-FOR-US: Cybozu
 CVE-2011-1333 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and
Cybozu ...)
@@ -4185,15 +4203,15 @@
 	[lenny] - wireshark <not-affected> (Vulnerable code not present)
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 CVE-2011-1131 (The PlushSearch2 function in Search.php in Simple Machines Forum
(SMF) ...)
-	TODO: check
+	NOT-FOR-US: Simple Machines Forum
 CVE-2011-1130 (Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0
RC5, ...)
-	TODO: check
+	NOT-FOR-US: Simple Machines Forum
 CVE-2011-1129 (Cross-site scripting (XSS) vulnerability in the EditNews
function in ...)
-	TODO: check
+	NOT-FOR-US: Simple Machines Forum
 CVE-2011-1128 (The loadUserSettings function in Load.php in Simple Machines
Forum ...)
-	TODO: check
+	NOT-FOR-US: Simple Machines Forum
 CVE-2011-1127 (SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x
before ...)
-	TODO: check
+	NOT-FOR-US: Simple Machines Forum
 CVE-2011-1126 (VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware
...)
 	NOT-FOR-US: VMware Workstation
 CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or
libc6) ...)
@@ -4688,6 +4706,7 @@
 	NOTE: https://bugzilla.redhat.com/CVE-2011-0634 (duped with CVE-2011-1002)
 CVE-2011-1001
 	RESERVED
+	NOT-FOR-US: Android SDK
 CVE-2011-1000 (jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10
before ...)
 	{DSA-2169-1}
 	- telepathy-gabble 0.9.15-2
Secure testing commits - Jul 2011 - r16918 - data/CVE

[Secure-testing-commits] r16918 - data/CVE
