Author: white
Date: 2009-02-12 00:20:06 +0000 (Thu, 12 Feb 2009)
New Revision: 11196
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-02-11 21:56:37 UTC (rev 11195)
+++ data/CVE/list 2009-02-12 00:20:06 UTC (rev 11196)
@@ -25,15 +25,15 @@
CVE-2009-0518
RESERVED
CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1
and ...)
- TODO: check
+ NOT-FOR-US: phpSlash
CVE-2009-0516 (SQL injection vulnerability in the classified page
(classified.php) in ...)
- TODO: check
+ NOT-FOR-US: BusinessSpace
CVE-2009-0515 (Directory traversal vulnerability in check_lang.php in Yet
Another ...)
- TODO: check
+ NOT-FOR-US: YANOCC
CVE-2009-0514 (Multiple directory traversal vulnerabilities in WebFrame 0.76
allow ...)
- TODO: check
+ NOT-FOR-US: WebFrame
CVE-2009-0513 (Multiple PHP remote file inclusion vulnerabilities in WebFrame
0.76 ...)
- TODO: check
+ NOT-FOR-US: WebFrame
CVE-2009-0512
RESERVED
CVE-2009-0511
@@ -55,29 +55,29 @@
CVE-2009-0503
RESERVED
CVE-2008-6110 (Unspecified vulnerability in SemanticScuttle before 0.90 has
unknown ...)
- TODO: check
+ NOT-FOR-US: SemanticScuttle
CVE-2008-6109 (Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2
does not ...)
- TODO: check
+ NOT-FOR-US: Robin Rawson-Tetley Animal Shelter Manager
CVE-2008-6108 (Cross-site scripting (XSS) vulnerability in result.php in
Galatolo ...)
- TODO: check
+ NOT-FOR-US: Galatolo WebManager
CVE-2008-6107 (The (1) sys32_mremap function in
arch/sparc64/kernel/sys_sparc32.c, ...)
TODO: check
CVE-2008-6106 (Cross-site request forgery (CSRF) vulnerability in IBM
Workplace for ...)
- TODO: check
+ NOT-FOR-US: IBM Workplace for Business Controls
CVE-2008-6105 (Cross-site scripting (XSS) vulnerability in IBM Workplace for
Business ...)
- TODO: check
+ NOT-FOR-US: IBM Workplace for Business Controls
CVE-2008-6104 (SQL injection vulnerability in A4Desk PHP Event Calendar allows
remote ...)
- TODO: check
+ NOT-FOR-US: A4Desk PHP Event Calendar
CVE-2008-6103 (PHP remote file inclusion vulnerability in index.php in A4Desk
Event ...)
- TODO: check
+ NOT-FOR-US: A4Desk PHP Event Calendar
CVE-2008-6102 (SQL injection vulnerability in ratelink.php in Link Trader
Script ...)
- TODO: check
+ NOT-FOR-US: Link Trader Script
CVE-2008-6101 (SQL injection vulnerability in click.php in Adult Banner
Exchange ...)
- TODO: check
+ NOT-FOR-US: Adult Banner Exchange Website
CVE-2008-6100 (Multiple SQL injection vulnerabilities in Discussion Forums 2k
3.3, ...)
- TODO: check
+ NOT-FOR-US: Discussion Forums
CVE-2008-6099 (PHP remote file inclusion vulnerability in index.php in RPortal
1.1 ...)
- TODO: check
+ NOT-FOR-US: RPortal
CVE-2009-XXXX [tor: potential crash on exit nodes when processing malformed
input]
- tor 0.2.0.34-1
CVE-2009-XXXX [tor: DoS vulnerability that could be performed by a directory
mirror]
@@ -95,7 +95,7 @@
- moodle 1.8.2.dfsg-3 (low)
[etch] - moodle <not-affected> (Vulnerable code not present)
CVE-2009-0498 (Virtual GuestBook (vgbook) 2.1 stores sensitive information
under the ...)
- TODO: check
+ NOT-FOR-US: Virtual GuestBook
CVE-2009-0497 (Directory traversal vulnerability in log.jsp in Ignite Realtime
...)
NOT-FOR-US: Openfire
CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite
Realtime ...)
@@ -156,7 +156,7 @@
CVE-2009-0476 (Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll
7.11.1.0 ...)
NOT-FOR-US: MultiMedia Soft audio components
CVE-2009-0475 (Integer underflow in the Huffman decoding functionality ...)
- TODO: check
+ NOT-FOR-US: OpenCORE
CVE-2009-0474 (The web interface in the Rockwell Automation ControlLogix
1756-ENBT/A ...)
NOT-FOR-US: Rockwell EtherNet/IP Bridge Module
CVE-2009-0473 (Open redirect vulnerability in the web interface in the
Rockwell ...)
@@ -196,7 +196,7 @@
CVE-2009-0456 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: patForms
CVE-2009-0455 (Cross-site scripting (XSS) vulnerability in the anonymous
comments ...)
- TODO: check
+ NOT-FOR-US: glFusion
CVE-2009-0454 (Multiple SQL injection vulnerabilities in DMXReady Online
Notebook ...)
NOT-FOR-US: DMXReady Online Notebook Manager
CVE-2009-0453 (Online Grades 3.2.4 allows remote attackers to obtain
configuration ...)
@@ -230,19 +230,19 @@
CVE-2009-0439
RESERVED
CVE-2009-0438 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on
Windows ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-0437 (The Installation Factory installation process for IBM WebSphere
...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-0436 (The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server
6.0.x ...)
- TODO: check
+ NOT-FOR-US: IBM HTTP Server
CVE-2009-0435 (Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO
or ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-0434 (PerfServlet in the PMI/Performance Tools component in IBM
WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-0433 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-0432 (The installation process for the File Transfer servlet in the
System ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz
Mini ...)
NOT-FOR-US: ScriptsEz Mini Hosting Panel
CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy
Image ...)
@@ -274,7 +274,7 @@
CVE-2008-6076 (SQL injection vulnerability in the Daily Message
(com_dailymessage) ...)
NOT-FOR-US: Joomla
CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download
Script 2.0 ...)
- TODO: check
+ NOT-FOR-US: Bahar Download Script
CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06
and ...)
NOT-FOR-US: phpcrs
CVE-2008-6073 (StorageCrypt 2.0.1 does not properly encrypt disks, which
allows local ...)
@@ -794,7 +794,7 @@
CVE-2009-0306
RESERVED
CVE-2009-0305 (Buffer overflow in the Research in Motion RIM AxLoader ActiveX
control ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris
before ...)
NOT-FOR-US: Solaris
CVE-2009-0303 (Cross-site scripting (XSS) vulnerability in Web Help Desk
before ...)
@@ -1483,15 +1483,15 @@
CVE-2009-0100
RESERVED
CVE-2009-0099 (The Electronic Messaging System Microsoft Data Base (EMSMDB32)
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0098 (Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2,
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0097 (Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0096 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does
not ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0095 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does
not ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0094
RESERVED
CVE-2009-0093
@@ -1529,9 +1529,9 @@
CVE-2009-0077
RESERVED
CVE-2009-0076 (Microsoft Internet Explorer 7, when XHTML strict mode is used,
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0075 (Microsoft Internet Explorer 7 does not properly handle errors
during ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0074
RESERVED
CVE-2009-0073
@@ -1585,15 +1585,15 @@
CVE-2009-0063
RESERVED
CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller
(WLC), ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC)
TSEC ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-0060
RESERVED
CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500
Wireless ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500
Wireless ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in
Cisco ...)
NOT-FOR-US: Cisco
CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the
administration ...)
@@ -3651,7 +3651,7 @@
CVE-2008-5083
RESERVED
CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS)
...)
- TODO: check
+ NOT-FOR-US: Red Hat Certificate System
CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...)
{DSA-1690-1 DTSA-189-1}
- avahi 0.6.23-3 (bug #508700; low)
@@ -3910,7 +3910,7 @@
CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in
certain ...)
- wordpress 2.5.1-10 (bug #504771)
CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism,
before ...)
- TODO: check
+ NOT-FOR-US: Enomalism
CVE-2008-4989 (The _gnutls_x509_verify_certificate function in
lib/x509/verify.c in ...)
{DSA-1719-1}
- gnutls26 2.4.2-3 (bug #505360)
@@ -3991,7 +3991,7 @@
CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and
earlier and ...)
NOT-FOR-US: VMware Workstation
CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3
and ...)
NOT-FOR-US: LokiCMS
CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie
module ...)
@@ -4839,13 +4839,13 @@
CVE-2008-4563
RESERVED
CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView
Network ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4561
RESERVED
CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53
allows ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53
allows ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru
1.1.1 ...)
NOT-FOR-US: CuteNews.ru
CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in
sadmind ...)
@@ -5136,7 +5136,7 @@
CVE-2008-4420
RESERVED
CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web ...)
- TODO: check
+ NOT-FOR-US: HP-ChaiSOE
CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23,
and ...)
NOT-FOR-US: HP-UX
CVE-2008-4417
@@ -5504,9 +5504,9 @@
CVE-2008-4285
RESERVED
CVE-2008-4284 (Open redirect vulnerability in the ibm_security_logout servlet
in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4283 (CRLF injection vulnerability in the WebContainer component in
IBM ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4282
RESERVED
CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
