Author: gilbert-guest
Date: 2010-04-30 01:51:35 +0000 (Fri, 30 Apr 2010)
New Revision: 14574
Modified:
data/CVE/list
Log:
NFUs; ocsinventory-server got cve ids
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-30 00:11:33 UTC (rev 14573)
+++ data/CVE/list 2010-04-30 01:51:35 UTC (rev 14574)
@@ -20,27 +20,29 @@
- moodle <undetermined>
TODO: check
CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP
authentication ...)
- TODO: check
+ NOT-FOR-US: Support Incident Tracker
CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php
in OCS ...)
- TODO: check
+ - ocsinventory-server 1.02.1-1 (unimportant)
+ NOTE: Authentication is needed, only supported in trusted environments,
see debtags
CVE-2010-1594 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ - ocsinventory-server 1.02.1-1 (unimportant)
+ NOTE: Authentication is needed, only supported in trusted environments,
see debtags
CVE-2010-1593 (Multiple cross-site scripting (XSS) vulnerabilities in
SilverStripe ...)
- TODO: check
+ - silverstripe <itp> (bug #528461)
CVE-2010-1592 (sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in
...)
- TODO: check
+ NOT-FOR-US: SiSoftware Sandra
CVE-2010-1591 (Beijing Rising International Rising Antivirus 2008 through 2010
does ...)
TODO: check
CVE-2010-1590 (Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp
in ...)
- TODO: check
+ NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1589 (Directory traversal vulnerability in shopsessionsubs.asp in
Rocksalt ...)
- TODO: check
+ NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1588 (SQL injection vulnerability in the Getwebsess function in ...)
- TODO: check
+ NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1587 (The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2
and ...)
TODO: check
CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System
Management ...)
- TODO: check
+ NOT-FOR-US: HP System Management Homepage
CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in Mozilla
Firefox ...)
TODO: check
CVE-2010-1584
@@ -90,49 +92,49 @@
CVE-2010-1561
RESERVED
CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before
FP9 ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker
(com_sermonspeaker) ...)
- TODO: check
+ NOT-FOR-US: com_sermonspeaker component for joomla!
CVE-2009-4830 (Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows
remote ...)
- TODO: check
+ - openx <itp> (bug #513771)
CVE-2009-4829 (Cross-site scripting (XSS) vulnerability in the Automated
Logout ...)
- TODO: check
+ NOT-FOR-US: Automated Logout module for drupal
CVE-2009-4828 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Ad Manager Pro
CVE-2009-4827 (Cross-site request forgery (CSRF) vulnerability in admin.php in
Mail ...)
- TODO: check
+ NOT-FOR-US: Mail Manager Pro
CVE-2009-4826 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ScriptsEz Mini Hosting Panel
CVE-2009-4825 (8pixel.net Blog 4 stores sensitive information under the web
root with ...)
- TODO: check
+ NOT-FOR-US: 8pixel.net Blog
CVE-2009-4824 (Unspecified vulnerability in Kolab Webclient before 1.2.0 in
Kolab ...)
TODO: check
CVE-2009-4823 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2009-4822 (Multiple cross-site scripting (XSS) vulnerabilities in
index.php in ...)
- TODO: check
+ NOT-FOR-US: Kasseler CMS
CVE-2009-4821 (The D-Link DIR-615 with firmware 3.10NA does not require ...)
- TODO: check
+ NOT-FOR-US: D-Link DIR-615
CVE-2009-4820 (Angelo-Emlak 1.0 stores sensitive information under the web
root with ...)
- TODO: check
+ NOT-FOR-US: Angelo-Emlak
CVE-2009-4819 (Multiple unrestricted file upload vulnerabilities in upload.php
in ...)
- TODO: check
+ NOT-FOR-US: PHPhotoalbum
CVE-2009-4818 (Unrestricted file upload vulnerability in upload.php in
PHPSimplicity ...)
- TODO: check
+ NOT-FOR-US: PHPSimplicity of Upload
CVE-2009-4817 (Unrestricted file upload vulnerability in Element-IT Ultimate
Uploader ...)
- TODO: check
+ NOT-FOR-US: Element-IT Ultimate Uploader
CVE-2009-4816 (Directory traversal vulnerability in api/download_checker.php
in ...)
- TODO: check
+ NOT-FOR-US: MegaLab The Uploader
CVE-2009-4815 (Directory traversal vulnerability in Serv-U before 9.2.0.1
allows ...)
- TODO: check
+ NOT-FOR-US: Serv-U
CVE-2009-4814 (Cross-site scripting (XSS) vulnerability in Wolfram Research
...)
- TODO: check
+ NOT-FOR-US: Wolfram Research webMathematica
CVE-2009-4813 (Cross-site scripting (XSS) vulnerability in myps.php in MyBB
(aka ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2009-4812 (Wolfram Research webMathematica allows remote attackers to
obtain ...)
- TODO: check
+ NOT-FOR-US: Wolfram Research webMathematica
CVE-2009-4811 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the
VMware ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2010-XXXX [gitolite two weaknesses]
- gitolite <unfixed>
NOTE: http://secunia.com/advisories/39587/
@@ -166,39 +168,39 @@
CVE-2010-1545
RESERVED
CVE-2010-1544 (micro_httpd on the RCA DCM425 cable modem allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: RCA DCM425 Cable Modem
CVE-2010-1543 (Cross-site scripting (XSS) vulnerability in the eTracker module
before ...)
- TODO: check
+ NOT-FOR-US: eTracker module for drupal
CVE-2010-1542 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: DFD Cart
CVE-2010-1541 (Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart
1.198, ...)
- TODO: check
+ NOT-FOR-US: DFD Cart
CVE-2010-1540 (Directory traversal vulnerability in index.php in the MyBlog
...)
- TODO: check
+ NOT-FOR-US: com_myblog component for joomla!
CVE-2010-1539 (Cross-site scripting (XSS) vulnerability in the Workflow module
...)
- TODO: check
+ NOT-FOR-US: workflow module for drupal
CVE-2010-1538 (SQL injection vulnerability in print_raincheck.php in
phpRAINCHECK ...)
- TODO: check
+ NOT-FOR-US: phpRAINCHECK
CVE-2010-1537 (Multiple directory traversal vulnerabilities in phpCDB 1.0 and
earlier ...)
- TODO: check
+ NOT-FOR-US: phpCDB
CVE-2010-1536 (Cross-site scripting (XSS) vulnerability in the AddThis Button
module ...)
- TODO: check
+ NOT-FOR-US: AddThis Button module for drupal
CVE-2010-1535 (Directory traversal vulnerability in the TRAVELbook
(com_travelbook) ...)
- TODO: check
+ NOT-FOR-US: com_travelbook component for joomla!
CVE-2010-1534 (Directory traversal vulnerability in the Shoutbox Pro
(com_shoutbox) ...)
- TODO: check
+ NOT-FOR-US: com_shoutbox component for joomla!
CVE-2010-1533 (Directory traversal vulnerability in the TweetLA (com_tweetla)
...)
- TODO: check
+ NOT-FOR-US: com_tweetla component for joomla!
CVE-2010-1532 (Directory traversal vulnerability in the givesight PowerMail
Pro ...)
- TODO: check
+ NOT-FOR-US: com_powermail component for joomla!
CVE-2010-1531 (Directory traversal vulnerability in the redSHOP (com_redshop)
...)
- TODO: check
+ NOT-FOR-US: com_redshop component for joomla!
CVE-2010-1530 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Internationalization module for drupal
CVE-2010-1529 (SQL injection vulnerability in the Freestyle FAQs Lite
(com_fsf) ...)
- TODO: check
+ NOT-FOR-US: com_fsf component for joomla!
CVE-2010-1528 (PHP remote file inclusion vulnerability in include/template.php
in ...)
- TODO: check
+ NOT-FOR-US: Uiga Proxy
CVE-2010-1527
RESERVED
CVE-2010-1526
@@ -256,99 +258,99 @@
CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support
forms, ...)
TODO: check
CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox
3.3 ...)
- TODO: check
+ NOT-FOR-US: MusicBox
CVE-2010-1498 (Multiple SQL injection vulnerabilities in dl_stats before 2.0
allow ...)
- TODO: check
+ NOT-FOR-US: dl_stats
CVE-2010-1497 (Cross-site scripting (XSS) vulnerability in download_proc.php
in ...)
- TODO: check
+ NOT-FOR-US: dl_stats
CVE-2010-1496 (SQL injection vulnerability in the JoltCard (com_joltcard)
component ...)
- TODO: check
+ NOT-FOR-US: com_joltcard component for joomla!
CVE-2010-1495 (Directory traversal vulnerability in the Matamko (com_matamko)
...)
- TODO: check
+ NOT-FOR-US: com_matamko component for joomla!
CVE-2010-1494 (Directory traversal vulnerability in the AWDwall (com_awdwall)
...)
- TODO: check
+ NOT-FOR-US: com_awdwall component for joomla!
CVE-2010-1493 (SQL injection vulnerability in the AWDwall (com_awdwall)
component ...)
- TODO: check
+ NOT-FOR-US: com_awdwall component for joomla!
CVE-2010-1492 (Directory traversal vulnerability in help/frameRight.php in
Elastix ...)
- TODO: check
+ NOT-FOR-US: Elastix
CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog)
...)
- TODO: check
+ NOT-FOR-US: com_mmsblog component for joomla!
CVE-2009-4810 (The Secure Remote Password (SRP) implementation in Samhain
before ...)
TODO: check
CVE-2009-4809 (Directory traversal vulnerability in thumbnail.ghp in Easy File
...)
- TODO: check
+ NOT-FOR-US: Easy File Sharing Web Server
CVE-2009-4808 (admin.php in Graugon PHP Article Publisher 1.0 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Graugon PHP Article Publisher
CVE-2009-4807 (Multiple SQL injection vulnerabilities in Graugon PHP Article
...)
- TODO: check
+ NOT-FOR-US: Graugon PHP Article Publisher
CVE-2009-4806 (admin/save_user.asp in Digital Interchange Document Library
1.0.1 does ...)
- TODO: check
+ NOT-FOR-US: Digital Interchange Document Library
CVE-2009-4805 (Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when
...)
- TODO: check
+ NOT-FOR-US: EZ-Blog
CVE-2009-4804 (Cross-site scripting (XSS) vulnerability in the Calendar Base
(cal) ...)
- TODO: check
+ NOT-FOR-US: cal extension for typo3
CVE-2009-4803 (SQL injection vulnerability in the Accessibility Glossary ...)
- TODO: check
+ NOT-FOR-US: a21glossary extension for typo3
CVE-2009-4802 (SQL injection vulnerability in the Flat Manager (flatmgr)
extension ...)
- TODO: check
+ NOT-FOR-US: fsatmgr extension for typo3
CVE-2009-4801 (EZ-Blog Beta 1 does not require authentication, which allows
remote ...)
- TODO: check
+ NOT-FOR-US: EZ-Blog
CVE-2010-1490 (Unspecified vulnerability in IBM Cognos 8 Business Intelligence
before ...)
- TODO: check
+ NOT-FOR-US: IBM Cognos
CVE-2009-4800 (Directory traversal vulnerability in Sysax Multi Server 4.3 and
4.5 ...)
- TODO: check
+ NOT-FOR-US: Sysax Multi Server
CVE-2009-4799 (Diskos CMS 6.x stores sensitive information under the web root
with ...)
- TODO: check
+ NOT-FOR-US: Diskos CMS
CVE-2009-4798 (Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow
remote ...)
- TODO: check
+ NOT-FOR-US: Diskos CMS
CVE-2009-4797 (SQL injection vulnerability in browse.php in JobHut 1.2 and
earlier ...)
- TODO: check
+ NOT-FOR-US: JobHut
CVE-2009-4796 (Multiple SQL injection vulnerabilities in the ExecuteQueries
function ...)
- TODO: check
+ NOT-FOR-US: glFusion
CVE-2009-4795 (Multiple SQL injection vulnerabilities in Xlight FTP Server
before ...)
- TODO: check
+ NOT-FOR-US: Xlight FTP Server
CVE-2009-4794 (Multiple SQL injection vulnerabilities in Community CMS 0.5
allow ...)
- TODO: check
+ NOT-FOR-US: Community CMS
CVE-2009-4793 (Unrestricted file upload vulnerability in ...)
- TODO: check
+ NOT-FOR-US: BandSite CMS
CVE-2009-4792 (SQL injection vulnerability in
includes/content/member_content.php in ...)
- TODO: check
+ NOT-FOR-US: BandSite CMS
CVE-2009-4791 (Multiple SQL injection vulnerabilities in Family Connections
(aka ...)
- TODO: check
+ NOT-FOR-US: Family Connections
CVE-2009-4790 (Multiple directory traversal vulnerabilities in Sysax Multi
Server 4.5 ...)
- TODO: check
+ NOT-FOR-US: Sysax Multi Server
CVE-2009-4789 (Multiple PHP remote file inclusion vulnerabilities in the
MojoBlog ...)
- TODO: check
+ NOT-FOR-US: mojoblog component for joomla!
CVE-2009-4788 (Multiple open redirect vulnerabilities in Pligg 1.0.2 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Pligg
CVE-2009-4787 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Pligg ...)
- TODO: check
+ NOT-FOR-US: Pligg
CVE-2009-4786 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg
before ...)
- TODO: check
+ NOT-FOR-US: Pligg
CVE-2009-4785 (SQL injection vulnerability in the Quick News (com_quicknews)
...)
- TODO: check
+ NOT-FOR-US: com_quicknews component for joomla!
CVE-2009-4784 (SQL injection vulnerability in the Joaktree (com_joaktree)
component ...)
- TODO: check
+ NOT-FOR-US: com_joaktree component for joomla!
CVE-2009-4783 (Multiple SQL injection vulnerabilities in Theeta CMS, possibly
0.01, ...)
- TODO: check
+ NOT-FOR-US: Theeta CMS
CVE-2009-4782 (Multiple cross-site scripting (XSS) vulnerabilities in Theeta
CMS, ...)
- TODO: check
+ NOT-FOR-US: Theeta CMS
CVE-2009-4781 (TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded
password for ...)
- TODO: check
+ NOT-FOR-US: TUKEVA Password Reminder
CVE-2009-4780 (Multiple cross-site scripting (XSS) vulnerabilities in
index.php in ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2009-4779 (Multiple PHP remote file inclusion vulnerabilities in NukeHall
0.3 and ...)
- TODO: check
+ NOT-FOR-US: NukeHall
CVE-2009-4778 (Multiple unspecified vulnerabilities in the PDF distiller in
the ...)
- TODO: check
+ NOT-FOR-US: BlackBerry PDF distiller
CVE-2009-4777 (Unspecified vulnerability in multiple versions of Hitachi ...)
- TODO: check
+ NOT-FOR-US: Hitachi Job Management / System Observer
CVE-2009-4776 (Buffer overflow in Hitachi Cosminexus V4 through V8, Processing
Kit ...)
- TODO: check
+ NOT-FOR-US: Hitachi Cosminexus
CVE-2009-4775 (Format string vulnerability in Ipswitch WS_FTP Professional 12
before ...)
- TODO: check
+ NOT-FOR-US: Ipswitch WS_FTP Professional
CVE-2009-4774 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris
snv_49 ...)
- TODO: check
+ NOT-FOR-US: OpenSolaris
CVE-2010-XXXX [pbuilder installs untrusted packages]
- pbuilder <unfixed> (low; bug #579028)
[lenny] - pbuilder <no-dsa> (Minor issue)
@@ -370,7 +372,7 @@
CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative
credentials in ...)
NOT-FOR-US: IBM Lotus Notes
CVE-2010-1486 (Multiple cross-site scripting (XSS) vulnerabilities in
_invoice.asp in ...)
- TODO: check
+ NOT-FOR-US: CactuShop
CVE-2010-1485
RESERVED
CVE-2010-1484
@@ -842,7 +844,7 @@
CVE-2010-1279
RESERVED
CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in
gp.ocx in ...)
- TODO: check
+ NOT-FOR-US: Adobe Download Manager
CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in
the API ...)
- zabbix 1:1.8.2-1 (bug #577058)
[lenny] - zabbix <not-affected> (vulnerable code not present)
@@ -1171,9 +1173,9 @@
NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html
TODO: check
CVE-2010-1165 (Atlassian JIRA 3.12 through 4.1 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Atlassian JIRA
CVE-2010-1164 (Multiple cross-site scripting (XSS) vulnerabilities in
Atlassian JIRA ...)
- TODO: check
+ NOT-FOR-US: Atlassian JIRA
CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through
1.7.2p5 does ...)
- sudo 1.7.2p6-1 (bug #578275)
[lenny] - sudo <not-affected> (ignore_dot default value is off and
can't be changed in runtime)
@@ -1507,19 +1509,19 @@
CVE-2010-1039
RESERVED
CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before
6.0 ...)
- TODO: check
+ NOT-FOR-US: HP System Insight Manager
CVE-2010-1037 (Cross-site request forgery (CSRF) vulnerability in HP System
Insight ...)
- TODO: check
+ NOT-FOR-US: HP System Insight Manager
CVE-2010-1036 (Cross-site scripting (XSS) vulnerability in HP System Insight
Manager ...)
- TODO: check
+ NOT-FOR-US: hP System Insight Manager
CVE-2010-1035 (Multiple unspecified vulnerabilities in HP Virtual Machine
Manager ...)
- TODO: check
+ NOT-FOR-US: HP Virtual Machine Manager
CVE-2010-1034 (Unspecified vulnerability in HP System Management Homepage
(SMH) 6.0 ...)
- TODO: check
+ NOT-FOR-US: HP System Management Homepage
CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne
ActiveX ...)
- TODO: check
+ NOT-FOR-US: HP Operations Manager
CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka
...)
NOT-FOR-US: HP Insight Control
CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter
rules ...)
@@ -1617,7 +1619,7 @@
CVE-2010-0995
RESERVED
CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization
Library ...)
- TODO: check
+ NOT-FOR-US: Visualization Library
CVE-2010-0993 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2
and ...)
NOT-FOR-US: Pulse CMS Basic
CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Pulse ...)
@@ -2010,25 +2012,25 @@
CVE-2010-0898
RESERVED
CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory
Server ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Directory Server
CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0895 (Unspecified vulnerability in the Solaris component in Oracle
Sun ...)
- TODO: check
+ NOT-FOR-US: OpenSolaris
CVE-2010-0894 (Unspecified vulnerability in the Sun Java System Access Manager
...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle sun Product Suite
CVE-2010-0892
RESERVED
CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle
Sun ...)
- TODO: check
+ NOT-FOR-US: OpenSolaris
CVE-2010-0889 (Unspecified vulnerability in the Solaris component in Oracle
Sun ...)
- TODO: check
+ NOT-FOR-US: OpenSolaris
CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in
Oracle ...)
- openjdk-6 <undetermined>
- sun-java6 6.20-1
@@ -2038,75 +2040,75 @@
- sun-java6 6.20-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications
...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in
Oracle Sun ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0883 (Unspecified vulnerability in the Sun Cluster component in
Oracle Sun ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0882 (Unspecified vulnerability in the Solaris component in Oracle
Sun ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0881 (Unspecified vulnerability in the User Interface Components in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Collaboration Suite
CVE-2010-0880 (Unspecified vulnerability in the PeopleTools component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0879 (Unspecified vulnerability in the PeopleTools component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0878 (Unspecified vulnerability in the PeopleTools component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0877 (Unspecified vulnerability in the PeopleTools component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0876 (Unspecified vulnerability in the Life Sciences - Oracle
Clinical ...)
- TODO: check
+ NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0875 (Unspecified vulnerability in the Life Sciences - Oracle
Thesaurus ...)
- TODO: check
+ NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0873
RESERVED
CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory
component ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object
Library ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0870 (Unspecified vulnerability in the Change Data Capture component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2010-0869 (Unspecified vulnerability in the Oracle Transportation
Management ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0868 (Unspecified vulnerability in the Oracle iStore component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0867 (Unspecified vulnerability in the JavaVM component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2010-0866 (Unspecified vulnerability in the JavaVM component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2010-0865 (Unspecified vulnerability in the Oracle Agile Engineering Data
...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0864 (Unspecified vulnerability in the Retail - Oracle Retail Place
...)
- TODO: check
+ NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0863 (Unspecified vulnerability in the Retail - Oracle Retail Plan
In-Season ...)
- TODO: check
+ NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0862 (Unspecified vulnerability in the Retail - Oracle Retail
Markdown ...)
- TODO: check
+ NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0861 (Unspecified vulnerability in the Oracle HRMS (Self Service)
component ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0860 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2010-0859 (Unspecified vulnerability in the Oracle Application Object
Library ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0858 (Unspecified vulnerability in the E-Business Intelligence
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0857 (Unspecified vulnerability in the Oracle Workflow Cartridge
component ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0856 (Unspecified vulnerability in the Portal component in Oracle
Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0855 (Unspecified vulnerability in the Portal component in Oracle
Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0854 (Unspecified vulnerability in the Audit component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2010-0853 (Unspecified vulnerability in the Oracle Internet Directory
component ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2010-0852 (Unspecified vulnerability in the XML DB component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2010-0851 (Unspecified vulnerability in the XML DB component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle
Java SE ...)
- openjdk-6 <undetermined>
- sun-java6 6.19-1
@@ -2371,7 +2373,7 @@
CVE-2010-0773
RESERVED
CVE-2010-0772 (Unspecified vulnerability in the channel process in IBM
WebSphere MQ ...)
- TODO: check
+ NOT-FOR-US: IMB WebSphere MQ
CVE-2010-0771
RESERVED
CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1
before ...)
@@ -2870,7 +2872,7 @@
CVE-2010-0594
RESERVED
CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before
1.3.2.0, ...)
- TODO: check
+ NOT-FOR-US: Cisco RVS4000 Router
CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager
(aka ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
@@ -3222,11 +3224,6 @@
NOT-FOR-US: PaperThin CommonSpot Content Server
CVE-2010-0467 (Directory traversal vulnerability in the ccNewsletter ...)
NOT-FOR-US: ccNewsletter component for Joomla!
-CVE-2010-XXXX [ocsinventory-server: multiple vulnerabilities]
- - ocsinventory-server <unfixed> (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2010/02/01/4
- NOTE: claimed fixed in upstream 1.02.1
- NOTE: Authentication is needed, only supported in trusted environments,
see debtags
CVE-2010-XXXX [nautilus: file preview html script execution]
- nautilus <not-affected> (proof-of-concept script is previewed as
text, not executed)
NOTE: http://seclists.org/fulldisclosure/2010/Feb/112
@@ -4452,7 +4449,7 @@
CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x
before ...)
NOT-FOR-US: Symantec AntiVirus
CVE-2010-0105 (The hfs implementation in Apple Mac OS X 10.6.2 and 10.6.3
supports ...)
- TODO: check
+ NOT-FOR-US: Apple hfs implementation
CVE-2010-0104 (Unspecified vulnerability in the Broadcom Integrated NIC
Management ...)
NOT-FOR-US: Broadcom Integrated NIC Management Firmware
CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger
software ...)
@@ -4534,11 +4531,11 @@
CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3,
when ...)
NOT-FOR-US: Oscailt
CVE-2009-4511 (Multiple directory traversal vulnerabilities in the web
administration ...)
- TODO: check
+ NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4510 (The SSH service on the TANDBERG Video Communication Server
(VCS) ...)
- TODO: check
+ NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4509 (The administrative web console on the TANDBERG Video
Communication ...)
- TODO: check
+ NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4508
RESERVED
CVE-2009-4507
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
