commit: 332e7353e9cfbfc0db3a6ad837b7e406441e9311
Author: Stefan Behte <craig <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 28 00:35:51 2011 +0000
Commit: Pavlos Ratis <dastergon <AT> gentoo <DOT> org>
CommitDate: Mon Mar 28 00:35:51 2011 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/security.git;a=commit;h=332e7353
NFU, bug nrs.
svn path=/; revision=2222
---
data/CVE/list | 250 +++++++++++++++++++++++++++++-----------------------------
1 file changed, 125 insertions(+), 125 deletions(-)
diff --git a/data/CVE/list b/data/CVE/list
index b9de8d6..1a27a9e 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -75604,7 +75604,7 @@ CVE-2008-7272
CVE-2008-7273
RESERVED
CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS
Login ...)
- TODO: check
+ NOT-FOR-US: ibm websphere_application_server
CVE-2008-7275 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Ticket ...)
TODO: check
CVE-2008-7276 (Kernel/System/Web/Request.pm in Open Ticket Request System
(OTRS) ...)
@@ -75624,11 +75624,11 @@ CVE-2008-7282
(Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in O
CVE-2008-7283 (Open Ticket Request System (OTRS) before 2.2.6, when customer
group ...)
TODO: check
CVE-2008-7284 (IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino
allows ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_quickr
CVE-2008-7285 (Unspecified vulnerability in the docnote string handling ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_quickr
CVE-2008-7286 (IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino
does not ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_quickr
CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows
remote ...)
NOT-FOR-US: apple quicktime
CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows
remote ...)
@@ -81713,7 +81713,7 @@ CVE-2009-3026 (protocols/jabber/auth.c in libpurple in
Pidgin 2.6.0, and possibl
CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous
Protection ...)
NOT-FOR-US: VRTSweb in Symantec Backup Exec Continuous Protection
Server CPS
CVE-2009-3028 (The Altiris eXpress NS SC Download ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: symantec management_platform
CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in
Symantec ...)
NOT-FOR-US: symantec securityexpressions_audit_and_compliance_server
CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...)
@@ -85714,9 +85714,9 @@ CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2
does not require the l ...
CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in
pyftpdlib ...)
NOT-FOR-US: g rodola pyftpdlib
CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2)
before ...)
- TODO: check
+ NOT-FOR-US: trubogear
CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before
2.0.2 ...)
- TODO: check
+ NOT-FOR-US: turbogears2
CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in
ext/xml/xml.c in ...)
TODO: check
CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle
overlong ...)
@@ -85750,23 +85750,23 @@ CVE-2009-5030
CVE-2009-5031
RESERVED
CVE-2009-5032 (The encrypted e-mail feature in IBM Lotus Notes Traveler before
...)
- TODO: check
+ NOT-FOR-US: ibm lotus_notes_traveler
CVE-2009-5033 (IBM Lotus Notes Traveler before 8.5.0.2 does not properly
handle a "* ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_notes_traveler
CVE-2009-5034 (IBM Lotus Notes Traveler before 8.5.0.2 allows remote
authenticated ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_notes_traveler
CVE-2009-5035 (The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2
does not ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_notes_traveler
CVE-2009-5036 (traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1
allows ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_notes_traveler
CVE-2009-5037 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
- TODO: check
+ NOT-FOR-US: cisco asa_5500
CVE-2009-5038 (Cisco IOS before 15.0(1)XA does not properly handle IRC traffic
during ...)
- TODO: check
+ NOT-FOR-US: cisco ios
CVE-2009-5039 (Memory leak in the gk_circuit_info_do_in_acf function in the
H.323 ...)
- TODO: check
+ NOT-FOR-US: cisco ios
CVE-2009-5040 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows
remote ...)
- TODO: check
+ NOT-FOR-US: cisco ios
CVE-2009-5041
RESERVED
CVE-2009-5042
@@ -85788,7 +85788,7 @@ CVE-2009-5049
CVE-2009-5050
RESERVED
CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the
session ...)
- TODO: check
+ NOT-FOR-US: hastymail2
CVE-2009-5052 (Multiple unspecified vulnerabilities in Smarty before 3.0.0
beta 6 ...)
TODO: check
CVE-2009-5053 (Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows
remote ...)
@@ -85802,15 +85802,15 @@ CVE-2009-5056 (Open Ticket Request System (OTRS)
before 2.4.0-beta2 does not pro
CVE-2009-5057 (The S/MIME feature in Open Ticket Request System (OTRS) before
2.3.4 ...)
TODO: check
CVE-2009-5058 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before
8.1.0.5 ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_quickr
CVE-2009-5059 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before
8.1.0.10 ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_quickr
CVE-2009-5060 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before
8.1.0.11 ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_quickr
CVE-2009-5061 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before
8.1.0.14 ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_quickr
CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino
on AIX ...)
- TODO: check
+ NOT-FOR-US: ibm lotus_quickr
CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip
before 1.4 ...)
BUG: 300943
CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash
package for ...)
@@ -85888,7 +85888,7 @@ CVE-2010-0037 (Buffer overflow in Image RAW in Apple
Mac OS X 10.5.8 and 10.6.2
CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone
OS for ...)
NOT-FOR-US: apple iphone_os
CVE-2010-0039 (The Application-Level Gateway (ALG) on the Apple Time Capsule,
AirPort ...)
- TODO: check
+ NOT-FOR-US: apple time_capsule
CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on
Windows, ...)
NOT-FOR-US: apple safari
CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on
Windows ...)
@@ -86030,17 +86030,17 @@ CVE-2010-0108 (Buffer overflow in the
cliproxy.objects.1 ActiveX control in the
CVE-2010-0109
RESERVED
CVE-2010-0110 (Multiple stack-based buffer overflows in Intel Alert Management
System ...)
- TODO: check
+ NOT-FOR-US: symantec system_center
CVE-2010-0111 (HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec
Intel ...)
- TODO: check
+ NOT-FOR-US: symantec system_center
CVE-2010-0112 (Multiple SQL injection vulnerabilities in the Administrative
Interface ...)
NOT-FOR-US: symantec im_manager
CVE-2010-0113 (The Symantec Norton Mobile Security application 1.0 Beta for
Android ...)
NOT-FOR-US: symantec mobile_security
CVE-2010-0114 (fw_charts.php in the reporting module in the Manager (aka SEPM)
...)
- TODO: check
+ NOT-FOR-US: symantec endpoint_protection
CVE-2010-0115 (SQL injection vulnerability in login.php in the GUI management
console ...)
- TODO: check
+ NOT-FOR-US: symantec web_gateway
CVE-2010-0116 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1
and ...)
NOT-FOR-US: realnetworks realplayer_sp
CVE-2010-0117 (RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0
...)
@@ -86259,7 +86259,7 @@ CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers
to cause a denial of serv
CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has
a ...)
NOT-FOR-US: We already have 9.7.1-p2
CVE-2010-0214 (The administrative interface on the PolyVision RoomWizard with
...)
- TODO: check
+ NOT-FOR-US: polyvision roomwizard
CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to
bypass ...)
NOT-FOR-US: a51dev activecollab
CVE-2010-0216
@@ -89187,11 +89187,11 @@ CVE-2010-1675
CVE-2010-1676 (Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x
before ...)
TODO: check
CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of
service ...)
- TODO: check
+ BUG: 349563
CVE-2010-1678
RESERVED
CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before
...)
- TODO: check
+ BUG: 350877
CVE-2010-1680
RESERVED
CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft
Office ...)
@@ -89289,7 +89289,7 @@ CVE-2010-1726 (SQL injection vulnerability in
offers_buy.php in EC21 Clone 3.0 a
CVE-2010-1727 (SQL injection vulnerability in type.asp in JobPost 1.0 allows
remote ...)
NOT-FOR-US: aspsiteware jobpost
CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly
handle a ...)
- TODO: check
+ NOT-FOR-US: opera_browser
CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple
Safari, ...)
TODO: check
CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers
to cause ...)
@@ -91393,11 +91393,11 @@ CVE-2010-2775
CVE-2010-2776
RESERVED
CVE-2010-2777 (Stack-based buffer overflow in the IMAP server component in
GroupWise ...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-2778 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell
...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-2779 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell
...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-2780
RESERVED
CVE-2010-2781
@@ -91695,7 +91695,7 @@ CVE-2010-2926 (SQL injection vulnerability in index.php
in sNews 1.7 allows remo
CVE-2010-2927 (The slapi_printmessage function in IBM Tivoli Directory Server
(ITDS) ...)
NOT-FOR-US: ibm tivoli_directory_server
CVE-2010-2928 (The vCenter Tomcat Management Application in VMware vCenter
Server 4.1 ...)
- TODO: check
+ NOT-FOR-US: vmware vcenter_server
CVE-2010-2929 (Untrusted search path vulnerability in hsolinkcontrol in
hsolink ...)
NOT-FOR-US: pharscape hsolink
CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in
hsolink ...)
@@ -91923,13 +91923,13 @@ CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData
in Cisco Unified Communicati
CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup
Manager in ...)
NOT-FOR-US: cisco intelligent_contact_manager
CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format
(WRF) ...)
- TODO: check
+ NOT-FOR-US: cisco webex_recording_format_player
CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format
(WRF) ...)
- TODO: check
+ NOT-FOR-US: cisco webex_recording_format_player
CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format
(WRF) ...)
- TODO: check
+ NOT-FOR-US: cisco webex_recording_format_player
CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format
(WRF) ...)
- TODO: check
+ NOT-FOR-US: cisco webex_recording_format_player
CVE-2010-3045
RESERVED
CVE-2010-3046
@@ -91983,7 +91983,7 @@ CVE-2010-3069 (Stack-based buffer overflow in the (1)
sid_parse and (2) dom_sid_
CVE-2010-3070 (Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as
used in ...)
NOT-FOR-US: dietrich_ayala nusoap
CVE-2010-3071 (bip before 0.8.6 allows remote attackers to cause a denial of
service ...)
- TODO: check
+ BUG: 336321
CVE-2010-3072 (The string-comparison functions in String.cci in Squid 3.x
before ...)
BUG: 334263
CVE-2010-3073 (SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle
integer ...)
@@ -92377,19 +92377,19 @@ CVE-2010-3266 (Multiple cross-site scripting (XSS)
vulnerabilities in BugTracker
CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before
3.4.5 ...)
NOT-FOR-US: ifdefined bugtracker net
CVE-2010-3268 (The GetStringAMSHandler function in prgxhndl.dll in
hndlrsvc.exe in ...)
- TODO: check
+ NOT-FOR-US: symantec endpoint_protection
CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx
Recording ...)
- TODO: check
+ NOT-FOR-US: cisco webex_recording_format_player
CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB
before ...)
- TODO: check
+ NOT-FOR-US: cisco webex_meeting_center
CVE-2010-3271
RESERVED
CVE-2010-3272 (accounts/ValidateAnswers in the security-questions
implementation in ...)
- TODO: check
+ NOT-FOR-US: zohocorp manageengine_adselfservice_plus
CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500
allows ...)
- TODO: check
+ NOT-FOR-US: zohocorp manageengine_adselfservice_plus
CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: zohocorp manageengine_adselfservice_plus
CVE-2010-3275
RESERVED
CVE-2010-3276
@@ -92540,7 +92540,7 @@ CVE-2010-3347
CVE-2010-3348 (Microsoft Internet Explorer 6, 7, and 8 does not prevent
rendering of ...)
NOT-FOR-US: microsoft ie
CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the ...)
- TODO: check
+ BUG: 341567
CVE-2010-3350 (bareFTP 0.3.4 places a zero-length directory name in the ...)
TODO: check
CVE-2010-3351 (startBristol in Bristol 0.60.5 places a zero-length directory
name in ...)
@@ -92570,7 +92570,7 @@ CVE-2010-3362 (lastfm 1.5.4 places a zero-length
directory name in the ...)
CVE-2010-3363 (roarify in roaraudio 0.3 places a zero-length directory name in
the ...)
NOT-FOR-US: roaraudio
CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length
directory ...)
- TODO: check
+ BUG: 344561
CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the ...)
NOT-FOR-US: mistelix
CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the ...)
@@ -92580,7 +92580,7 @@ CVE-2010-3367
CVE-2010-3368
RESERVED
CVE-2010-3369 (The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger
2.4.3, ...)
- TODO: check
+ BUG: 346401
CVE-2010-3370
RESERVED
CVE-2010-3371
@@ -92630,7 +92630,7 @@ CVE-2010-3392
CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory
name ...)
NOT-FOR-US: ecmwf magics
CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs
1.0.7.4 place ...)
- TODO: check
+ BUG: 337532
CVE-2010-3395
RESERVED
CVE-2010-3396 (Buffer overflow in kavfm.sys in Kingsoft Antivirus
2010.04.26.648 and ...)
@@ -92973,7 +92973,7 @@ CVE-2010-3562 (Unspecified vulnerability in the 2D
component in Oracle Java SE a
CVE-2010-3563 (Unspecified vulnerability in the Deployment component in Oracle
Java ...)
TODO: check
CVE-2010-3564 (Unspecified vulnerability in the Oracle Communications
Messaging ...)
- TODO: check
+ NOT-FOR-US: oracle sun_product_suite
CVE-2010-3565 (Unspecified vulnerability in the 2D component in Oracle Java SE
and ...)
TODO: check
CVE-2010-3566 (Unspecified vulnerability in the 2D component in Oracle Java SE
and ...)
@@ -93017,7 +93017,7 @@ CVE-2010-3584 (Unspecified vulnerability in the Oracle
VM component in Oracle VM
CVE-2010-3585 (Unspecified vulnerability in the OracleVM component in Oracle
VM 2.2.1 ...)
NOT-FOR-US: oracle vm
CVE-2010-3586 (Unspecified vulnerability in Oracle Solaris 9 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: sunos
CVE-2010-3587 (Unspecified vulnerability in the Oracle Common Applications
component ...)
NOT-FOR-US: oracle e business_suite
CVE-2010-3588 (Unspecified vulnerability in the Oracle Discoverer component in
Oracle ...)
@@ -93063,7 +93063,7 @@ CVE-2010-3607 (Cross-site scripting (XSS) vulnerability
in AGENTS/index.php in N
CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow
remote ...)
NOT-FOR-US: wire_plastic_design wpquiz
CVE-2010-3609 (Unspecified vulnerability in the Service Location Protocol
daemon ...)
- TODO: check
+ NOT-FOR-US: vmware esxi
CVE-2010-3610
RESERVED
CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2
before ...)
@@ -93071,17 +93071,17 @@ CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1
before 4.1.2, and 4.2 befor
CVE-2010-3612
RESERVED
CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before
9.6-ESV-R3, ...)
- TODO: check
+ BUG: 347621
CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3,
9.4-ESV ...)
- TODO: check
+ BUG: 347621
CVE-2010-3615 (named in ISC BIND 9.7.2-P2 does not check all intended
locations for ...)
- TODO: check
+ BUG: 347621
CVE-2010-3616 (ISC DHCP server 4.2 before 4.2.0-P2, when configured to use
failover ...)
TODO: check
CVE-2010-3617
RESERVED
CVE-2010-3618 (PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0
SP1 does ...)
- TODO: check
+ NOT-FOR-US: pgp desktop_for_windows
CVE-2010-3619 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5
on ...)
TODO: check
CVE-2010-3620 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x
before 9.4, ...)
@@ -93283,7 +93283,7 @@ CVE-2010-3717 (The t3lib_div::validEmail function in
TYPO3 4.2.x before 4.2.15,
CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when
running ...)
TODO: check
CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the ...)
- TODO: check
+ NOT-FOR-US: symantec im_manager
CVE-2010-3720
RESERVED
CVE-2010-3721
@@ -93700,13 +93700,13 @@ CVE-2010-3925 (Contents-Mall before 15 does not
properly handle passwords, which
CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi
in ...)
NOT-FOR-US: wb i sgx sp_final_ne
CVE-2010-3927 (Untrusted search path vulnerability in Lunascape before 6.4.0
allows ...)
- TODO: check
+ NOT-FOR-US: lunascape
CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to
a ...)
NOT-FOR-US: Ruby
CVE-2010-3929 (SQL injection vulnerability in MODx Evolution 1.0.4 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: modxcms evolution
CVE-2010-3930 (Directory traversal vulnerability in MODx Evolution 1.0.4 and
earlier ...)
- TODO: check
+ NOT-FOR-US: modxcms evolution
CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion
...)
NOT-FOR-US: multiple Rocomotion products including P board
CVE-2010-3932
@@ -94220,25 +94220,25 @@ CVE-2010-4185 (SQL injection vulnerability in
index.php in Energine, possibly 2.
CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools
Online ...)
NOT-FOR-US: onlinetechtools com oasys_professional
CVE-2010-4187 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4188 (The dirapi.dll module in Adobe Shockwave Player before
11.5.9.620 ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4189 (The IML32 module in Adobe Shockwave Player before 11.5.9.620
allows ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4190 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4191 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4192 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4193 (Adobe Shockwave Player before 11.5.9.620 does not properly
validate ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4194 (The dirapi.dll module in Adobe Shockwave Player before
11.5.9.620 does ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4195 (The TextXtra module in Adobe Shockwave Player before 11.5.9.620
does ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4196 (The Shockwave 3d Asset module in Adobe Shockwave Player before
...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google
Chrome ...)
TODO: check
CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk
before ...)
@@ -94301,9 +94301,9 @@ CVE-2010-4225 (Unspecified vulnerability in the
mod_mono module for XSP in Mono
CVE-2010-4226
RESERVED
CVE-2010-4227 (The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5
before ...)
- TODO: check
+ NOT-FOR-US: novell netware
CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the
FTP ...)
- TODO: check
+ NOT-FOR-US: novell netware
CVE-2010-4229
RESERVED
CVE-2010-4230 (Stack-based buffer overflow in a certain ActiveX control for
the ...)
@@ -94459,9 +94459,9 @@ CVE-2010-4304 (The web interface in Cisco Unified
Videoconferencing (UVC) System
CVE-2010-4305 (Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115,
and ...)
NOT-FOR-US: cisco unified_videoconferencing_system_5230
CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4307 (Buffer overflow in Adobe Shockwave Player before 11.5.9.620
allows ...)
- TODO: check
+ NOT-FOR-US: adobe shockwave_player
CVE-2010-4308
RESERVED
CVE-2010-4309
@@ -94493,17 +94493,17 @@ CVE-2010-4321 (Stack-based buffer overflow in an
ActiveX control in ienipp.ocx i
CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in
Novell ...)
NOT-FOR-US: novell vibe_onprem
CVE-2010-4323 (Heap-based buffer overflow in novell-tftp.exe in Novell
ZENworks ...)
- TODO: check
+ NOT-FOR-US: novell zenworks_configuration_manager
CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form
in the ...)
NOT-FOR-US: novell identity_manager_roles_based_provisioning_module
CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent
(GWIA) in ...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet
Agent ...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-4327 (Unspecified vulnerability in the NCP service in Novell
eDirectory ...)
- TODO: check
+ NOT-FOR-US: novell edirectory
CVE-2010-4328 (Multiple stack-based buffer overflows in
opt/novell/iprint/bin/ipsmd ...)
- TODO: check
+ NOT-FOR-US: novell iprint_open_enterprise_server_2
CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the
PMA_linkOrButton ...)
TODO: check
CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in
Pulse ...)
@@ -94517,7 +94517,7 @@ CVE-2010-4333 (Pointter PHP Micro-Blogging Social
Network 1.8 allows remote atta
CVE-2010-4334 (IO::Socket::SSL Perl module 1.35, when verify_mode is not
VERIFY_NONE, ...)
TODO: check
CVE-2010-4335 (The _validatePost function in
libs/controller/components/security.php ...)
- TODO: check
+ NOT-FOR-US: cakefoundation cakephp
CVE-2010-4336 (The cu_rrd_create_file function (src/utils_rrdcreate.c) in
collectd ...)
TODO: check
CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to
overwrite ...)
@@ -94860,7 +94860,7 @@ CVE-2010-4504 (Multiple cross-site scripting (XSS)
vulnerabilities in eSyndiCat
CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader
2.4.4, ...)
NOT-FOR-US: injader
CVE-2010-4506 (Passlogix v-GO Self-Service Password Reset (SSPR) and OEM
before 7.0A ...)
- TODO: check
+ NOT-FOR-US: oracle passlogix_v go_self service_password_reset_and_oem
CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on
the ...)
NOT-FOR-US: clear ispot
CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0
Beta 7 ...)
@@ -95267,31 +95267,31 @@ CVE-2010-4707 (The check_acl function in pam_xauth.c
in the pam_xauth module in
CVE-2010-4708 (The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier
reads the ...)
TODO: check
CVE-2010-4709 (Heap-based buffer overflow in Automated Solutions Modbus/TCP
Master ...)
- TODO: check
+ NOT-FOR-US: automatedsolutions modbus tcp_master_opc_server
CVE-2010-4710 (Cross-site scripting (XSS) vulnerability in the addItem method
in the ...)
- TODO: check
+ NOT-FOR-US: yahoo yui
CVE-2010-4711 (Double free vulnerability in the IMAP server component in
GroupWise ...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-4712 (Multiple stack-based buffer overflows in gwia.exe in GroupWise
...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-4713 (Integer signedness error in gwia.exe in GroupWise Internet
Agent ...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-4714 (Multiple stack-based buffer overflows in Novell GroupWise
before ...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-4715 (Multiple directory traversal vulnerabilities in the (1)
WebAccess ...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-4716 (Cross-site scripting (XSS) vulnerability in the WebPublisher
component ...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-4717 (Multiple stack-based buffer overflows in the IMAP server
component in ...)
- TODO: check
+ NOT-FOR-US: novell groupwise
CVE-2010-4718 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: com_lyftenbloggie
CVE-2010-4719 (Directory traversal vulnerability in JRadio (com_jradio)
component ...)
- TODO: check
+ NOT-FOR-US: fxwebdesign com_jradio
CVE-2010-4720 (SQL injection vulnerability in the JExtensions JE Auto
(com_jeauto) ...)
- TODO: check
+ NOT-FOR-US: harmistechnology com_jeauto
CVE-2010-4721 (SQL injection vulnerability in news.php in Immo Makler allows
remote ...)
- TODO: check
+ NOT-FOR-US: mhproducts immo_makler
CVE-2010-4722 (Unspecified vulnerability in the fetch plugin in Smarty before
3.0.2 ...)
TODO: check
CVE-2010-4723 (Smarty before 3.0.0, when security is enabled, does not prevent
access ...)
@@ -95305,57 +95305,57 @@ CVE-2010-4726 (Unspecified vulnerability in the math
plugin in Smarty before 3.0
CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the
<?php and ?> ...)
TODO: check
CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for
random ...)
- TODO: check
+ NOT-FOR-US: zikula_application_framework
CVE-2010-4729 (Zikula before 1.2.3 does not use the authid protection
mechanism for ...)
- TODO: check
+ NOT-FOR-US: zikula_application_framework
CVE-2010-4730 (Directory traversal vulnerability in cgi-bin/read.cgi in
WebSCADA ...)
- TODO: check
+ NOT-FOR-US: intellicom netbiter_webscada_ws200
CVE-2010-4731 (Absolute path traversal vulnerability in cgi-bin/read.cgi in
WebSCADA ...)
- TODO: check
+ NOT-FOR-US: intellicom netbiter_webscada_ws200
CVE-2010-4732 (cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect
EC150, ...)
- TODO: check
+ NOT-FOR-US: intellicom netbiter_webscada_ws200
CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP
Gateway ...)
- TODO: check
+ NOT-FOR-US: intellicom netbiter_webscada_ws200
CVE-2010-4734 (Multiple cross-site scripting (XSS) vulnerabilities in the
comment ...)
- TODO: check
+ NOT-FOR-US: amix skeletonz_cms_1 0
CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax
...)
- TODO: check
+ NOT-FOR-US: ecommercemax digital goods_seller
CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe
4.1.0 and ...)
- TODO: check
+ NOT-FOR-US: gatesoft docusafe
CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts
HotWeb ...)
- TODO: check
+ NOT-FOR-US: hotwebscripts hotweb_rentals
CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real
Estate ...)
- TODO: check
+ NOT-FOR-US: raemedia real_estate_single_and_multi_agent_system
CVE-2010-4739 (SQL injection vulnerability in the Maian Media Silver
(com_maianmedia) ...)
- TODO: check
+ NOT-FOR-US: aretimes com_maianmedia
CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine
BACnet OPC ...)
- TODO: check
+ NOT-FOR-US: scadaengine bacnet_opc_client
CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in
MDM Tool ...)
- TODO: check
+ NOT-FOR-US: moxa mdm_tool
CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: moxa activex_sdk
CVE-2010-4743 (Heap-based buffer overflow in the getarena function in abc2ps.c
in ...)
TODO: check
CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13
have ...)
TODO: check
CVE-2010-4745 (Cross-site scripting (XSS) vulnerability in nav.html in PHPXref
before ...)
- TODO: check
+ NOT-FOR-US: gareth_watts phpxref
CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389
...)
TODO: check
CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ahmattox processing_embed_plugin
CVE-2010-4748 (Cross-site scripting (XSS) vulnerability in pmwiki.php in
PmWiki ...)
- TODO: check
+ NOT-FOR-US: pmwiki
CVE-2010-4749 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS
...)
TODO: check
CVE-2010-4750 (Cross-site request forgery (CSRF) vulnerability in ...)
TODO: check
CVE-2010-4751 (SQL injection vulnerability in LightNEasy.php in LightNEasy
3.2.1, ...)
- TODO: check
+ NOT-FOR-US: lightneasy
CVE-2010-4752 (SQL injection vulnerability in LightNEasy.php in LightNEasy
3.2.1, ...)
- TODO: check
+ NOT-FOR-US: lightneasy
CVE-2010-4753 (Cross-site scripting (XSS) vulnerability in LightNEasy.php in
...)
- TODO: check
+ NOT-FOR-US: lightneasy
CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD
5.0.2, ...)
TODO: check
CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2)
process_put ...)
@@ -95363,7 +95363,7 @@ CVE-2010-4755 (The (1) remote_glob function in
sftp-glob.c and the (2) process_p
CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or
libc6) ...)
TODO: check
CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in
e107 ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2010-4758 (installer.pl in Open Ticket Request System (OTRS) before 3.0.3
has an ...)
TODO: check
CVE-2010-4759 (Open Ticket Request System (OTRS) before 3.0.0-beta7 does not
properly ...)
@@ -95387,21 +95387,21 @@ CVE-2010-4767 (Open Ticket Request System (OTRS)
before 2.3.6 does not properly
CVE-2010-4768 (Open Ticket Request System (OTRS) before 2.3.5 does not
properly ...)
TODO: check
CVE-2010-4769 (Directory traversal vulnerability in the Jimtawl (com_jimtawl)
...)
- TODO: check
+ NOT-FOR-US: janguo com_jimtawl
CVE-2010-4770 (SQL injection vulnerability in index.php in CommodityRentals
DVD ...)
- TODO: check
+ NOT-FOR-US: commodityrentals dvd_rentals_script
CVE-2010-4771 (SQL injection vulnerability to viewforum.php in S-CMS 2.5
allows ...)
- TODO: check
+ NOT-FOR-US: matteoiammarrone s cms
CVE-2010-4772 (Cross-site scripting (XSS) vulnerability in blocks/lang.php in
S-CMS ...)
- TODO: check
+ NOT-FOR-US: matteoiammarrone s cms
CVE-2010-4773 (Unspecified vulnerability in Hitachi EUR Form Client before
05-10 -/D ...)
- TODO: check
+ NOT-FOR-US: hitachi ucosminexus_eur_form_service
CVE-2010-4774 (SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows
remote ...)
- TODO: check
+ NOT-FOR-US: auracms
CVE-2010-4775 (The Relevant Content module 5.x before 5.x-1.4 and 6.x before
6.x-1.5 ...)
- TODO: check
+ NOT-FOR-US: nicholas_thompson relevant_content
CVE-2010-4776 (SQL injection vulnerability in takefreestart.php in PreProjects
Pre ...)
- TODO: check
+ NOT-FOR-US: preprojects pre_online_tests_generator
CVE-2011-0001 (Double free vulnerability in the iscsi_rx_handler function ...)
TODO: check
CVE-2011-0002 (libuser before 0.57 uses a cleartext password value of (1) !!
or (2) x ...)
