NFU, bug nrs.

svn path=/; revision=2222
author: Stefan Behte <craig@gentoo.org> 2011-03-28 00:35:51 +0000
committer: Stefan Behte <craig@gentoo.org> 2011-03-28 00:35:51 +0000
commit: 332e7353e9cfbfc0db3a6ad837b7e406441e9311 (patch)
tree: cf3ddc68d111351e833324c9acf535d6fc530629
parent: MITRE sync (diff)
download: security-332e7353e9cfbfc0db3a6ad837b7e406441e9311.tar.gz
security-332e7353e9cfbfc0db3a6ad837b7e406441e9311.tar.bz2
security-332e7353e9cfbfc0db3a6ad837b7e406441e9311.zip
1 files changed, 125 insertions, 125 deletions
diff --git a/data/CVE/list b/data/CVE/list
index b9de8d6..1a27a9e 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -75604,7 +75604,7 @@ CVE-2008-7272
 CVE-2008-7273
 	RESERVED
 CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login ...)
-	TODO: check
+	NOT-FOR-US: ibm websphere_application_server
 CVE-2008-7275 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
 	TODO: check
 CVE-2008-7276 (Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) ...)
@@ -75624,11 +75624,11 @@ CVE-2008-7282 (Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in O
 CVE-2008-7283 (Open Ticket Request System (OTRS) before 2.2.6, when customer group ...)
 	TODO: check
 CVE-2008-7284 (IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_quickr
 CVE-2008-7285 (Unspecified vulnerability in the docnote string handling ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_quickr
 CVE-2008-7286 (IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_quickr
 CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
 	NOT-FOR-US: apple quicktime
 CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
@@ -81713,7 +81713,7 @@ CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibl
 CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection ...)
 	NOT-FOR-US: VRTSweb in Symantec Backup Exec Continuous Protection Server  CPS
 CVE-2009-3028 (The Altiris eXpress NS SC Download ActiveX control in ...)
-	TODO: check
+	NOT-FOR-US: symantec management_platform
 CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec ...)
 	NOT-FOR-US: symantec securityexpressions_audit_and_compliance_server
 CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...)
@@ -85714,9 +85714,9 @@ CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2 does not require the l ...
 CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib ...)
 	NOT-FOR-US: g rodola pyftpdlib
 CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before ...)
-	TODO: check
+	NOT-FOR-US: trubogear
 CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 ...)
-	TODO: check
+	NOT-FOR-US: turbogears2
 CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ...)
 	TODO: check
 CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ...)
@@ -85750,23 +85750,23 @@ CVE-2009-5030
 CVE-2009-5031
 	RESERVED
 CVE-2009-5032 (The encrypted e-mail feature in IBM Lotus Notes Traveler before ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_notes_traveler
 CVE-2009-5033 (IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a &quot;* ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_notes_traveler
 CVE-2009-5034 (IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_notes_traveler
 CVE-2009-5035 (The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_notes_traveler
 CVE-2009-5036 (traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_notes_traveler
 CVE-2009-5037 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
-	TODO: check
+	NOT-FOR-US: cisco asa_5500
 CVE-2009-5038 (Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during ...)
-	TODO: check
+	NOT-FOR-US: cisco ios
 CVE-2009-5039 (Memory leak in the gk_circuit_info_do_in_acf function in the H.323 ...)
-	TODO: check
+	NOT-FOR-US: cisco ios
 CVE-2009-5040 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote ...)
-	TODO: check
+	NOT-FOR-US: cisco ios
 CVE-2009-5041
 	RESERVED
 CVE-2009-5042
@@ -85788,7 +85788,7 @@ CVE-2009-5049
 CVE-2009-5050
 	RESERVED
 CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session ...)
-	TODO: check
+	NOT-FOR-US: hastymail2
 CVE-2009-5052 (Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 ...)
 	TODO: check
 CVE-2009-5053 (Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote ...)
@@ -85802,15 +85802,15 @@ CVE-2009-5056 (Open Ticket Request System (OTRS) before 2.4.0-beta2 does not pro
 CVE-2009-5057 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 ...)
 	TODO: check
 CVE-2009-5058 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_quickr
 CVE-2009-5059 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_quickr
 CVE-2009-5060 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_quickr
 CVE-2009-5061 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_quickr
 CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX ...)
-	TODO: check
+	NOT-FOR-US: ibm lotus_quickr
 CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 ...)
 	BUG: 300943
 CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for ...)
@@ -85888,7 +85888,7 @@ CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2
 CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for ...)
 	NOT-FOR-US: apple iphone_os
 CVE-2010-0039 (The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort ...)
-	TODO: check
+	NOT-FOR-US: apple time_capsule
 CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, ...)
 	NOT-FOR-US: apple safari
 CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...)
@@ -86030,17 +86030,17 @@ CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the
 CVE-2010-0109
 	RESERVED
 CVE-2010-0110 (Multiple stack-based buffer overflows in Intel Alert Management System ...)
-	TODO: check
+	NOT-FOR-US: symantec system_center
 CVE-2010-0111 (HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel ...)
-	TODO: check
+	NOT-FOR-US: symantec system_center
 CVE-2010-0112 (Multiple SQL injection vulnerabilities in the Administrative Interface ...)
 	NOT-FOR-US: symantec im_manager
 CVE-2010-0113 (The Symantec Norton Mobile Security application 1.0 Beta for Android ...)
 	NOT-FOR-US: symantec mobile_security
 CVE-2010-0114 (fw_charts.php in the reporting module in the Manager (aka SEPM) ...)
-	TODO: check
+	NOT-FOR-US: symantec endpoint_protection
 CVE-2010-0115 (SQL injection vulnerability in login.php in the GUI management console ...)
-	TODO: check
+	NOT-FOR-US: symantec web_gateway
 CVE-2010-0116 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and ...)
 	NOT-FOR-US: realnetworks realplayer_sp
 CVE-2010-0117 (RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 ...)
@@ -86259,7 +86259,7 @@ CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of serv
 CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a ...)
 	NOT-FOR-US: We already have 9.7.1-p2
 CVE-2010-0214 (The administrative interface on the PolyVision RoomWizard with ...)
-	TODO: check
+	NOT-FOR-US: polyvision roomwizard
 CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to bypass ...)
 	NOT-FOR-US: a51dev activecollab
 CVE-2010-0216
@@ -89187,11 +89187,11 @@ CVE-2010-1675
 CVE-2010-1676 (Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before ...)
 	TODO: check
 CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	BUG: 349563
 CVE-2010-1678
 	RESERVED
 CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before ...)
-	TODO: check
+	BUG: 350877
 CVE-2010-1680
 	RESERVED
 CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office ...)
@@ -89289,7 +89289,7 @@ CVE-2010-1726 (SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 a
 CVE-2010-1727 (SQL injection vulnerability in type.asp in JobPost 1.0 allows remote ...)
 	NOT-FOR-US: aspsiteware jobpost
 CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly handle a ...)
-	TODO: check
+	NOT-FOR-US: opera_browser
 CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...)
 	TODO: check
 CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause ...)
@@ -91393,11 +91393,11 @@ CVE-2010-2775
 CVE-2010-2776
 	RESERVED
 CVE-2010-2777 (Stack-based buffer overflow in the IMAP server component in GroupWise ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-2778 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-2779 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-2780
 	RESERVED
 CVE-2010-2781
@@ -91695,7 +91695,7 @@ CVE-2010-2926 (SQL injection vulnerability in index.php in sNews 1.7 allows remo
 CVE-2010-2927 (The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) ...)
 	NOT-FOR-US: ibm tivoli_directory_server
 CVE-2010-2928 (The vCenter Tomcat Management Application in VMware vCenter Server 4.1 ...)
-	TODO: check
+	NOT-FOR-US: vmware vcenter_server
 CVE-2010-2929 (Untrusted search path vulnerability in hsolinkcontrol in hsolink ...)
 	NOT-FOR-US: pharscape hsolink
 CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in hsolink ...)
@@ -91923,13 +91923,13 @@ CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communicati
 CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...)
 	NOT-FOR-US: cisco intelligent_contact_manager
 CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
-	TODO: check
+	NOT-FOR-US: cisco webex_recording_format_player
 CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
-	TODO: check
+	NOT-FOR-US: cisco webex_recording_format_player
 CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
-	TODO: check
+	NOT-FOR-US: cisco webex_recording_format_player
 CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
-	TODO: check
+	NOT-FOR-US: cisco webex_recording_format_player
 CVE-2010-3045
 	RESERVED
 CVE-2010-3046
@@ -91983,7 +91983,7 @@ CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_
 CVE-2010-3070 (Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in ...)
 	NOT-FOR-US: dietrich_ayala nusoap
 CVE-2010-3071 (bip before 0.8.6 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	BUG: 336321
 CVE-2010-3072 (The string-comparison functions in String.cci in Squid 3.x before ...)
 	BUG: 334263
 CVE-2010-3073 (SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer ...)
@@ -92377,19 +92377,19 @@ CVE-2010-3266 (Multiple cross-site scripting (XSS) vulnerabilities in BugTracker
 CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 ...)
 	NOT-FOR-US: ifdefined bugtracker net
 CVE-2010-3268 (The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in ...)
-	TODO: check
+	NOT-FOR-US: symantec endpoint_protection
 CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx Recording ...)
-	TODO: check
+	NOT-FOR-US: cisco webex_recording_format_player
 CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before ...)
-	TODO: check
+	NOT-FOR-US: cisco webex_meeting_center
 CVE-2010-3271
 	RESERVED
 CVE-2010-3272 (accounts/ValidateAnswers in the security-questions implementation in ...)
-	TODO: check
+	NOT-FOR-US: zohocorp manageengine_adselfservice_plus
 CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows ...)
-	TODO: check
+	NOT-FOR-US: zohocorp manageengine_adselfservice_plus
 CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: zohocorp manageengine_adselfservice_plus
 CVE-2010-3275
 	RESERVED
 CVE-2010-3276
@@ -92540,7 +92540,7 @@ CVE-2010-3347
 CVE-2010-3348 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...)
 	NOT-FOR-US: microsoft ie
 CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the ...)
-	TODO: check
+	BUG: 341567
 CVE-2010-3350 (bareFTP 0.3.4 places a zero-length directory name in the ...)
 	TODO: check
 CVE-2010-3351 (startBristol in Bristol 0.60.5 places a zero-length directory name in ...)
@@ -92570,7 +92570,7 @@ CVE-2010-3362 (lastfm 1.5.4 places a zero-length directory name in the ...)
 CVE-2010-3363 (roarify in roaraudio 0.3 places a zero-length directory name in the ...)
 	NOT-FOR-US: roaraudio
 CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length directory ...)
-	TODO: check
+	BUG: 344561
 CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the ...)
 	NOT-FOR-US: mistelix
 CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the ...)
@@ -92580,7 +92580,7 @@ CVE-2010-3367
 CVE-2010-3368
 	RESERVED
 CVE-2010-3369 (The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, ...)
-	TODO: check
+	BUG: 346401
 CVE-2010-3370
 	RESERVED
 CVE-2010-3371
@@ -92630,7 +92630,7 @@ CVE-2010-3392
 CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory name ...)
 	NOT-FOR-US: ecmwf magics
 CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place ...)
-	TODO: check
+	BUG: 337532
 CVE-2010-3395
 	RESERVED
 CVE-2010-3396 (Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and ...)
@@ -92973,7 +92973,7 @@ CVE-2010-3562 (Unspecified vulnerability in the 2D component in Oracle Java SE a
 CVE-2010-3563 (Unspecified vulnerability in the Deployment component in Oracle Java ...)
 	TODO: check
 CVE-2010-3564 (Unspecified vulnerability in the Oracle Communications Messaging ...)
-	TODO: check
+	NOT-FOR-US: oracle sun_product_suite
 CVE-2010-3565 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
 	TODO: check
 CVE-2010-3566 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
@@ -93017,7 +93017,7 @@ CVE-2010-3584 (Unspecified vulnerability in the Oracle VM component in Oracle VM
 CVE-2010-3585 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...)
 	NOT-FOR-US: oracle vm
 CVE-2010-3586 (Unspecified vulnerability in Oracle Solaris 9 allows local users to ...)
-	TODO: check
+	NOT-FOR-US: sunos
 CVE-2010-3587 (Unspecified vulnerability in the Oracle Common Applications component ...)
 	NOT-FOR-US: oracle e business_suite
 CVE-2010-3588 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...)
@@ -93063,7 +93063,7 @@ CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in N
 CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...)
 	NOT-FOR-US: wire_plastic_design wpquiz
 CVE-2010-3609 (Unspecified vulnerability in the Service Location Protocol daemon ...)
-	TODO: check
+	NOT-FOR-US: vmware esxi
 CVE-2010-3610
 	RESERVED
 CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before ...)
@@ -93071,17 +93071,17 @@ CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 befor
 CVE-2010-3612
 	RESERVED
 CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, ...)
-	TODO: check
+	BUG: 347621
 CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV ...)
-	TODO: check
+	BUG: 347621
 CVE-2010-3615 (named in ISC BIND 9.7.2-P2 does not check all intended locations for ...)
-	TODO: check
+	BUG: 347621
 CVE-2010-3616 (ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover ...)
 	TODO: check
 CVE-2010-3617
 	RESERVED
 CVE-2010-3618 (PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does ...)
-	TODO: check
+	NOT-FOR-US: pgp desktop_for_windows
 CVE-2010-3619 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...)
 	TODO: check
 CVE-2010-3620 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...)
@@ -93283,7 +93283,7 @@ CVE-2010-3717 (The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15,
 CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running ...)
 	TODO: check
 CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the ...)
-	TODO: check
+	NOT-FOR-US: symantec im_manager
 CVE-2010-3720
 	RESERVED
 CVE-2010-3721
@@ -93700,13 +93700,13 @@ CVE-2010-3925 (Contents-Mall before 15 does not properly handle passwords, which
 CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in ...)
 	NOT-FOR-US: wb i sgx sp_final_ne
 CVE-2010-3927 (Untrusted search path vulnerability in Lunascape before 6.4.0 allows ...)
-	TODO: check
+	NOT-FOR-US: lunascape
 CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to a ...)
 	NOT-FOR-US: Ruby
 CVE-2010-3929 (SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: modxcms evolution
 CVE-2010-3930 (Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier ...)
-	TODO: check
+	NOT-FOR-US: modxcms evolution
 CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion ...)
 	NOT-FOR-US: multiple Rocomotion products  including P board
 CVE-2010-3932
@@ -94220,25 +94220,25 @@ CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly 2.
 CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools Online ...)
 	NOT-FOR-US: onlinetechtools com oasys_professional
 CVE-2010-4187 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4188 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4189 (The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4190 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4191 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4192 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4193 (Adobe Shockwave Player before 11.5.9.620 does not properly validate ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4194 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4195 (The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4196 (The Shockwave 3d Asset module in Adobe Shockwave Player before ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
 	TODO: check
 CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...)
@@ -94301,9 +94301,9 @@ CVE-2010-4225 (Unspecified vulnerability in the mod_mono module for XSP in Mono
 CVE-2010-4226
 	RESERVED
 CVE-2010-4227 (The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before ...)
-	TODO: check
+	NOT-FOR-US: novell netware
 CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP ...)
-	TODO: check
+	NOT-FOR-US: novell netware
 CVE-2010-4229
 	RESERVED
 CVE-2010-4230 (Stack-based buffer overflow in a certain ActiveX control for the ...)
@@ -94459,9 +94459,9 @@ CVE-2010-4304 (The web interface in Cisco Unified Videoconferencing (UVC) System
 CVE-2010-4305 (Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and ...)
 	NOT-FOR-US: cisco unified_videoconferencing_system_5230
 CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4307 (Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows ...)
-	TODO: check
+	NOT-FOR-US: adobe shockwave_player
 CVE-2010-4308
 	RESERVED
 CVE-2010-4309
@@ -94493,17 +94493,17 @@ CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx i
 CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell ...)
 	NOT-FOR-US: novell vibe_onprem
 CVE-2010-4323 (Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks ...)
-	TODO: check
+	NOT-FOR-US: novell zenworks_configuration_manager
 CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the ...)
 	NOT-FOR-US: novell identity_manager_roles_based_provisioning_module
 CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-4327 (Unspecified vulnerability in the NCP service in Novell eDirectory ...)
-	TODO: check
+	NOT-FOR-US: novell edirectory
 CVE-2010-4328 (Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd ...)
-	TODO: check
+	NOT-FOR-US: novell iprint_open_enterprise_server_2
 CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton ...)
 	TODO: check
 CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse ...)
@@ -94517,7 +94517,7 @@ CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote atta
 CVE-2010-4334 (IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, ...)
 	TODO: check
 CVE-2010-4335 (The _validatePost function in libs/controller/components/security.php ...)
-	TODO: check
+	NOT-FOR-US: cakefoundation cakephp
 CVE-2010-4336 (The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd ...)
 	TODO: check
 CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to overwrite ...)
@@ -94860,7 +94860,7 @@ CVE-2010-4504 (Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat
 CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, ...)
 	NOT-FOR-US: injader
 CVE-2010-4506 (Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A ...)
-	TODO: check
+	NOT-FOR-US: oracle passlogix_v go_self service_password_reset_and_oem
 CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
 	NOT-FOR-US: clear ispot
 CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 ...)
@@ -95267,31 +95267,31 @@ CVE-2010-4707 (The check_acl function in pam_xauth.c in the pam_xauth module in
 CVE-2010-4708 (The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the ...)
 	TODO: check
 CVE-2010-4709 (Heap-based buffer overflow in Automated Solutions Modbus/TCP Master ...)
-	TODO: check
+	NOT-FOR-US: automatedsolutions modbus tcp_master_opc_server
 CVE-2010-4710 (Cross-site scripting (XSS) vulnerability in the addItem method in the ...)
-	TODO: check
+	NOT-FOR-US: yahoo yui
 CVE-2010-4711 (Double free vulnerability in the IMAP server component in GroupWise ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-4712 (Multiple stack-based buffer overflows in gwia.exe in GroupWise ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-4713 (Integer signedness error in gwia.exe in GroupWise Internet Agent ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-4714 (Multiple stack-based buffer overflows in Novell GroupWise before ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-4715 (Multiple directory traversal vulnerabilities in the (1) WebAccess ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-4716 (Cross-site scripting (XSS) vulnerability in the WebPublisher component ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-4717 (Multiple stack-based buffer overflows in the IMAP server component in ...)
-	TODO: check
+	NOT-FOR-US: novell groupwise
 CVE-2010-4718 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: com_lyftenbloggie
 CVE-2010-4719 (Directory traversal vulnerability in JRadio (com_jradio) component ...)
-	TODO: check
+	NOT-FOR-US: fxwebdesign com_jradio
 CVE-2010-4720 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...)
-	TODO: check
+	NOT-FOR-US: harmistechnology com_jeauto
 CVE-2010-4721 (SQL injection vulnerability in news.php in Immo Makler allows remote ...)
-	TODO: check
+	NOT-FOR-US: mhproducts immo_makler
 CVE-2010-4722 (Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 ...)
 	TODO: check
 CVE-2010-4723 (Smarty before 3.0.0, when security is enabled, does not prevent access ...)
@@ -95305,57 +95305,57 @@ CVE-2010-4726 (Unspecified vulnerability in the math plugin in Smarty before 3.0
 CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the &lt;?php and ?&gt; ...)
 	TODO: check
 CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for random ...)
-	TODO: check
+	NOT-FOR-US: zikula_application_framework
 CVE-2010-4729 (Zikula before 1.2.3 does not use the authid protection mechanism for ...)
-	TODO: check
+	NOT-FOR-US: zikula_application_framework
 CVE-2010-4730 (Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA ...)
-	TODO: check
+	NOT-FOR-US: intellicom netbiter_webscada_ws200
 CVE-2010-4731 (Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA ...)
-	TODO: check
+	NOT-FOR-US: intellicom netbiter_webscada_ws200
 CVE-2010-4732 (cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, ...)
-	TODO: check
+	NOT-FOR-US: intellicom netbiter_webscada_ws200
 CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway ...)
-	TODO: check
+	NOT-FOR-US: intellicom netbiter_webscada_ws200
 CVE-2010-4734 (Multiple cross-site scripting (XSS) vulnerabilities in the comment ...)
-	TODO: check
+	NOT-FOR-US: amix skeletonz_cms_1 0
 CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax ...)
-	TODO: check
+	NOT-FOR-US: ecommercemax digital goods_seller
 CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and ...)
-	TODO: check
+	NOT-FOR-US: gatesoft docusafe
 CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb ...)
-	TODO: check
+	NOT-FOR-US: hotwebscripts hotweb_rentals
 CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real Estate ...)
-	TODO: check
+	NOT-FOR-US: raemedia real_estate_single_and_multi_agent_system
 CVE-2010-4739 (SQL injection vulnerability in the Maian Media Silver (com_maianmedia) ...)
-	TODO: check
+	NOT-FOR-US: aretimes com_maianmedia
 CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...)
-	TODO: check
+	NOT-FOR-US: scadaengine bacnet_opc_client
 CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool ...)
-	TODO: check
+	NOT-FOR-US: moxa mdm_tool
 CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in ...)
-	TODO: check
+	NOT-FOR-US: moxa activex_sdk
 CVE-2010-4743 (Heap-based buffer overflow in the getarena function in abc2ps.c in ...)
 	TODO: check
 CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have ...)
 	TODO: check
 CVE-2010-4745 (Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before ...)
-	TODO: check
+	NOT-FOR-US: gareth_watts phpxref
 CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...)
 	TODO: check
 CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: ahmattox processing_embed_plugin
 CVE-2010-4748 (Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki ...)
-	TODO: check
+	NOT-FOR-US: pmwiki
 CVE-2010-4749 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS ...)
 	TODO: check
 CVE-2010-4750 (Cross-site request forgery (CSRF) vulnerability in ...)
 	TODO: check
 CVE-2010-4751 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, ...)
-	TODO: check
+	NOT-FOR-US: lightneasy
 CVE-2010-4752 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, ...)
-	TODO: check
+	NOT-FOR-US: lightneasy
 CVE-2010-4753 (Cross-site scripting (XSS) vulnerability in LightNEasy.php in ...)
-	TODO: check
+	NOT-FOR-US: lightneasy
 CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, ...)
 	TODO: check
 CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put ...)
@@ -95363,7 +95363,7 @@ CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_p
 CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) ...)
 	TODO: check
 CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2010-4758 (installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an ...)
 	TODO: check
 CVE-2010-4759 (Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly ...)
@@ -95387,21 +95387,21 @@ CVE-2010-4767 (Open Ticket Request System (OTRS) before 2.3.6 does not properly
 CVE-2010-4768 (Open Ticket Request System (OTRS) before 2.3.5 does not properly ...)
 	TODO: check
 CVE-2010-4769 (Directory traversal vulnerability in the Jimtawl (com_jimtawl) ...)
-	TODO: check
+	NOT-FOR-US: janguo com_jimtawl
 CVE-2010-4770 (SQL injection vulnerability in index.php in CommodityRentals DVD ...)
-	TODO: check
+	NOT-FOR-US: commodityrentals dvd_rentals_script
 CVE-2010-4771 (SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows ...)
-	TODO: check
+	NOT-FOR-US: matteoiammarrone s cms
 CVE-2010-4772 (Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS ...)
-	TODO: check
+	NOT-FOR-US: matteoiammarrone s cms
 CVE-2010-4773 (Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D ...)
-	TODO: check
+	NOT-FOR-US: hitachi ucosminexus_eur_form_service
 CVE-2010-4774 (SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote ...)
-	TODO: check
+	NOT-FOR-US: auracms
 CVE-2010-4775 (The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 ...)
-	TODO: check
+	NOT-FOR-US: nicholas_thompson relevant_content
 CVE-2010-4776 (SQL injection vulnerability in takefreestart.php in PreProjects Pre ...)
-	TODO: check
+	NOT-FOR-US: preprojects pre_online_tests_generator
 CVE-2011-0001 (Double free vulnerability in the iscsi_rx_handler function ...)
 	TODO: check
 CVE-2011-0002 (libuser before 0.57 uses a cleartext password value of (1) !! or (2) x ...)
author	Stefan Behte <craig@gentoo.org>	2011-03-28 00:35:51 +0000
committer	Stefan Behte <craig@gentoo.org>	2011-03-28 00:35:51 +0000
commit	332e7353e9cfbfc0db3a6ad837b7e406441e9311 (patch)
tree	cf3ddc68d111351e833324c9acf535d6fc530629
parent	MITRE sync (diff)
download	security-332e7353e9cfbfc0db3a6ad837b7e406441e9311.tar.gz security-332e7353e9cfbfc0db3a6ad837b7e406441e9311.tar.bz2 security-332e7353e9cfbfc0db3a6ad837b7e406441e9311.zip