CVE-2010-5340 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...) NOT-FOR-US: IceWarp Webclient CVE-2010-5339 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...) NOT-FOR-US: IceWarp Webclient CVE-2010-5338 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...) NOT-FOR-US: IceWarp Webclient CVE-2010-5337 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...) NOT-FOR-US: IceWarp Webclient CVE-2010-5336 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admi ...) NOT-FOR-US: IceWarp Webclient CVE-2010-5335 (IceWarp Webclient before 10.2.1 has a directory traversal vulnerabilit ...) NOT-FOR-US: IceWarp Webclient CVE-2010-5334 (IceWarp Webclient before 10.2.1 has a directory traversal vulnerabilit ...) NOT-FOR-US: IceWarp Webclient CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x be ...) NOT-FOR-US: Integard CVE-2010-5332 (In the Linux kernel before 2.6.37, an out of bounds array access happe ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://git.kernel.org/linus/0926f91083f34d047abc74f1ca4fa6a9c161f7db CVE-2010-5331 (** DISPUTED ** In the Linux kernel before 2.6.34, a range check issue ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://git.kernel.org/linus/0031c41be5c529f8329e327b63cde92ba1284842 CVE-2010-5330 (On certain Ubiquiti devices, Command Injection exists via a GET reques ...) NOT-FOR-US: Ubiquiti CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2) CVE-2010-5328 (include/linux/init_task.h in the Linux kernel before 2.6.35 does not p ...) - linux (Fixed before the src:linux-2.6 -> src:linux rename) - linux-2.6 2.6.37-1 CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users to exe ...) NOT-FOR-US: Liferay Portal CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java platforms ...) NOT-FOR-US: SAP CVE-2010-5325 (Heap-based buffer overflow in the unhtmlify function in foomatic-rip i ...) - foomatic-filters 4.0.5-6 - cups-filters (Vulnerable code not present) NOTE: cups-filters 1.0.42 introduced foomatic-rip filter which already was fixed. NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=515 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1218297 NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic/foomatic-filters/revision/239 (HEAD) NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/revision/225 (4.0.x branch) CVE-2010-5324 (Directory traversal vulnerability in UploadServlet in the Remote Manag ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2010-5323 (Directory traversal vulnerability in UploadServlet in the Remote Manag ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier a ...) NOT-FOR-US: ZeusCart CVE-2010-XXXX [crash when parsing overly long links] - lynx-cur 2.8.8dev.4-1 NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/07/2 CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the videobuf sub ...) - linux (unimportant; bug #827340) - linux-2.6 (unimportant) NOTE: Unclear, old report for Linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=620629#c0 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120571 CVE-2010-5320 (Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Po ...) NOT-FOR-US: MemHT Portal CVE-2010-5319 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat ...) NOT-FOR-US: Kandidat CMS CVE-2010-5318 (The password-reset feature in as/index.php in SweetRice CMS before 0.6 ...) NOT-FOR-US: SweetRice CMS CVE-2010-5317 (Multiple SQL injection vulnerabilities in index.php in SweetRice CMS b ...) NOT-FOR-US: SweetRice CMS CVE-2010-5316 (Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice ...) NOT-FOR-US: SweetRice CMS CVE-2010-5315 (Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita b ...) NOT-FOR-US: BEdita CVE-2010-5314 (Cross-site scripting (XSS) vulnerability in controllers/home_controlle ...) NOT-FOR-US: BEdita CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 ...) - linux 2.6.38-1 - linux-2.6 2.6.38-1 [squeeze] - linux-2.6 (KVM not supported in Squeeze LTS) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314 (v2.6.38-rc1) CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...) {DSA-3249-1 DLA-258-1} - jqueryui 1.10.1+dfsg-1 - owncloud (embedded copy, bug #722500, of version 1.10.1, already fixed) NOTE: http://bugs.jqueryui.com/ticket/6016 NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3 CVE-2010-5311 RESERVED CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst] - riece 8.0.0-1.3 (unimportant; bug #601325) [squeeze] - riece (Minor issue) NOTE: Not exploitable with kernel hardening since wheezy CVE-2010-5310 (The Acquisition Workstation for the GE Healthcare Revolution XQ/i has ...) NOT-FOR-US: GE Healthcare Revolution XQ/i CVE-2010-5309 (GE Healthcare CADStream Server has a default password of confirma for ...) NOT-FOR-US: GE Healthcare CADStream Server CVE-2010-5308 (GE Healthcare Optima MR360 does not require authentication for the HIP ...) NOT-FOR-US: GE Healthcare Optima MR360 CVE-2010-5307 (The HIPAA configuration interface in GE Healthcare Optima MR360 has a ...) NOT-FOR-US: GE Healthcare Optima MR360 CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default pass ...) NOT-FOR-US: GE Healthcare Optima CVE-2010-5305 (The potential exists for exposure of the product's password used to re ...) NOT-FOR-US: Rockwell CVE-2010-5304 (A NULL pointer dereference flaw was found in the way LibVNCServer befo ...) NOT-FOR-US: RealVNC CVE-2010-5303 (Cross-site scripting (XSS) vulnerability in the displayError function ...) NOT-FOR-US: TimThumb CVE-2010-5302 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb b ...) NOT-FOR-US: TimThumb CVE-2010-5301 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...) NOT-FOR-US: Kolibri CVE-2010-5300 (Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows re ...) NOT-FOR-US: www.jzip.com NOTE: This is the jzip Z-code interpreter in Debian. CVE-2010-5299 (Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attacke ...) NOT-FOR-US: MicroP CVE-2010-5298 (Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL ...) {DSA-2908-1} - openssl 1.0.1g-3 (unimportant) [squeeze] - openssl (Introduced in 1.0.0) NOTE: Only exploitable with OPENSSL_NO_BUF_FREELIST enabled CVE-2010-5297 (WordPress before 3.0.1, when a Multisite installation is used, permane ...) - wordpress 3.0.1-1 CVE-2010-5296 (wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisi ...) - wordpress 3.0.2-1 CVE-2010-5295 (Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in Wo ...) - wordpress 3.0.2-1 CVE-2010-5294 (Multiple cross-site scripting (XSS) vulnerabilities in the request_fil ...) - wordpress 3.0.2-1 CVE-2010-5293 (wp-includes/comment.php in WordPress before 3.0.2 does not properly wh ...) - wordpress 3.0.2-1 CVE-2010-5292 (Amberdms Billing System (ABS) before 1.4.1, when a multi-instance inst ...) NOT-FOR-US: Amberdms Billing System CVE-2010-5291 (Amberdms Billing System (ABS) before 1.4.1 does not properly implement ...) NOT-FOR-US: Amberdms Billing System CVE-2010-5289 (Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Po ...) NOT-FOR-US: IncrediMail CVE-2010-5288 (Buffer overflow in the lsConnectionCached function in editcp in EDItra ...) NOT-FOR-US: EDItran Communications Platform CVE-2010-5290 (The authentication process in Adobe ColdFusion before 10 does not requ ...) NOT-FOR-US: Adobe ColdFusion CVE-2010-5287 (SQL injection vulnerability in default.php in Cornerstone Technologies ...) NOT-FOR-US: Cornerstone Technologies webConductor CVE-2010-5286 (Directory traversal vulnerability in Jstore (com_jstore) component for ...) NOT-FOR-US: Joomla jstore CVE-2010-5285 (Cross-site request forgery (CSRF) vulnerability in admin.php in Collab ...) NOTE: Old report against collabtive, Poc has vanished and likely fixed in current release, see #695348 CVE-2010-5284 (Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6. ...) - collabtive 0.7.6-1 (bug #695348) NOTE: Might be fixed earlier, but 0.7.6 was tested CVE-2010-5283 (Cross-site request forgery (CSRF) vulnerability in OpenText ECM (forme ...) NOT-FOR-US: OpenText ECM CVE-2010-5282 (Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (f ...) NOT-FOR-US: OpenText ECM CVE-2010-5281 (Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 ...) NOT-FOR-US: CMScout IBrowser TinyMCE Plugin CVE-2010-5280 (Directory traversal vulnerability in the Community Builder Enhanced (C ...) NOT-FOR-US: CBE for Joomla CVE-2010-5279 (article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...) NOT-FOR-US: VWar CVE-2010-5278 (Directory traversal vulnerability in manager/controllers/default/resou ...) NOT-FOR-US: MODx Revolution CVE-2010-5277 (Unspecified vulnerability in the Views Bulk Operations module 6 before ...) NOT-FOR-US: Drupal Views Bulk Operations CVE-2010-5276 (The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Dru ...) NOT-FOR-US: Drupal Memcache CVE-2010-5275 (Cross-site scripting (XSS) vulnerability in memcache_admin in the Memc ...) NOT-FOR-US: Drupal Memcache CVE-2010-5274 (Untrusted search path vulnerability in PKZIP before 12.50.0014 allows ...) NOT-FOR-US: PKZIP CVE-2010-5273 (Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise ...) NOT-FOR-US: Altova DiffDog 2011 Enterprise CVE-2010-5272 (Untrusted search path vulnerability in Altova DatabaseSpy 2011 Enterpr ...) NOT-FOR-US: Altova DatabaseSpy 2011 CVE-2010-5271 (Untrusted search path vulnerability in Altova MapForce 2011 Enterprise ...) NOT-FOR-US: Altova MapForce 2011 CVE-2010-5270 (Multiple untrusted search path vulnerabilities in Adobe Device Central ...) NOT-FOR-US: Adobe Device Central CVE-2010-5269 (Untrusted search path vulnerability in tbb.dll in Intel Threading Buil ...) NOT-FOR-US: Intel Threading Building Blocks CVE-2010-5268 (Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 3088 ...) NOT-FOR-US: Amazon Kindle for PC CVE-2010-5267 (Untrusted search path vulnerability in MunSoft Easy Office Recovery 1. ...) NOT-FOR-US: MunSoft Easy Office Recovery CVE-2010-5266 (Untrusted search path vulnerability in VideoCharge Studio 2.9.0.632 al ...) NOT-FOR-US: VideoCharge Studio CVE-2010-5265 (Untrusted search path vulnerability in SmartSniff 1.71 allows local us ...) NOT-FOR-US: SmartSniff CVE-2010-5264 (Untrusted search path vulnerability in the CExtDWM::CExtDWM method in ...) NOT-FOR-US: Prof-UIS CVE-2010-5263 (Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 Buil ...) NOT-FOR-US: Sothink SWF Decompiler CVE-2010-5262 (Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in ...) NOT-FOR-US: Gromada Multimedia Conversion Library CVE-2010-5261 (Untrusted search path vulnerability in SnowFox Total Video Converter 2 ...) NOT-FOR-US: SnowFox Total Video Converter CVE-2010-5260 (Untrusted search path vulnerability in Agrin All DVD Ripper 4.0 allows ...) NOT-FOR-US: Agrin All DVD Ripper CVE-2010-5259 (Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow ...) NOT-FOR-US: IsoBuster CVE-2010-5258 (Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 ...) NOT-FOR-US: Adobe Audition CVE-2010-5257 (Multiple untrusted search path vulnerabilities in ArchiCAD 13 and 14 a ...) NOT-FOR-US: ArchiCAD CVE-2010-5256 (Untrusted search path vulnerability in CDisplay 1.8.1 allows local use ...) NOT-FOR-US: CDisplay CVE-2010-5255 (Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows loca ...) NOT-FOR-US: UltraISO CVE-2010-5254 (Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2 ...) NOT-FOR-US: GFI Backup CVE-2010-5253 (Untrusted search path vulnerability in WinImage 8.50 allows local user ...) NOT-FOR-US: WinImage CVE-2010-5252 (Untrusted search path vulnerability in HTTrack 3.43-9 allows local use ...) - httrack (Only affects Windows) CVE-2010-5251 (Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 ...) NOT-FOR-US: IBM Lotus Notes CVE-2010-5250 (Untrusted search path vulnerability in the pthread_win32_process_attac ...) NOT-FOR-US: Pthreads-win32 CVE-2010-5249 (Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 ...) NOT-FOR-US: Sophos Free Encryption CVE-2010-5248 (Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local u ...) NOT-FOR-US: UltraVNC CVE-2010-5247 (Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 all ...) NOT-FOR-US: QtWeb Browser CVE-2010-5246 (Multiple untrusted search path vulnerabilities in Maxthon Browser 1.6. ...) NOT-FOR-US: Maxthon Browser CVE-2010-5245 (Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54 ...) NOT-FOR-US: PDF-XChange Viewer CVE-2010-5244 (Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite 201 ...) NOT-FOR-US: SiSoftware Sandra CVE-2010-5243 (Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7 ...) NOT-FOR-US: Cyberlink Power2Go CVE-2010-5242 (Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 ...) NOT-FOR-US: Sound Forge Pro CVE-2010-5241 (Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 201 ...) NOT-FOR-US: Autodesk AutoCAD CVE-2010-5240 (Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT an ...) NOT-FOR-US: Corel PHOTO-PAINT and CorelDRAW CVE-2010-5239 (Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 a ...) NOT-FOR-US: DAEMON Tools Lite and Pro Standard CVE-2010-5238 (Untrusted search path vulnerability in CyberLink PowerDirector 8.00.30 ...) NOT-FOR-US: CyberLink PowerDirector CVE-2010-5237 (Untrusted search path vulnerability in CyberLink PowerDirector 7 allow ...) NOT-FOR-US: CyberLink PowerDirector CVE-2010-5236 (Untrusted search path vulnerability in Roxio Easy Media Creator Home 9 ...) NOT-FOR-US: Roxio Easy Media Creator Home CVE-2010-5235 (Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows loc ...) NOT-FOR-US: IZArc Archiver CVE-2010-5234 (Multiple untrusted search path vulnerabilities in Camtasia Studio 7.0. ...) NOT-FOR-US: Camtasia Studio CVE-2010-5233 (Untrusted search path vulnerability in Virtual DJ 6.1.2 Trial b301 all ...) NOT-FOR-US: Virtual DJ CVE-2010-5232 (Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows l ...) NOT-FOR-US: DivX Plus Player CVE-2010-5231 (Untrusted search path vulnerability in DivX Player 7.2.019 allows loca ...) NOT-FOR-US: DivX Player CVE-2010-5230 (Multiple untrusted search path vulnerabilities in MicroStation 7.1 all ...) NOT-FOR-US: MicroStation CVE-2010-5229 (Untrusted search path vulnerability in 010 Editor before 3.1.3 allows ...) NOT-FOR-US: 010 Editor CVE-2010-5228 (Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 ...) NOT-FOR-US: RealPlayer SP CVE-2010-5227 (Untrusted search path vulnerability in Opera before 10.62 allows local ...) NOT-FOR-US: Opera CVE-2010-5226 (Multiple untrusted search path vulnerabilities in Autodesk Design Revi ...) NOT-FOR-US: Autodesk Design Review CVE-2010-5225 (Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local ...) NOT-FOR-US: Babylon 8.1.0 CVE-2010-5224 (Untrusted search path vulnerability in Cool iPhone Ringtone Maker 2.2. ...) NOT-FOR-US: Cool iPhone Ringtone Maker CVE-2010-5223 (Multiple untrusted search path vulnerabilities in Phoenix Project Mana ...) NOT-FOR-US: Phoenix Project Manager CVE-2010-5222 (Untrusted search path vulnerability in Ease Jukebox 1.40 allows local ...) NOT-FOR-US: Ease Jukebox CVE-2010-5221 (Untrusted search path vulnerability in STDU Explorer 1.0.201 allows lo ...) NOT-FOR-US: STDU Explorer CVE-2010-5220 (Untrusted search path vulnerability in MEO Encryption Software 2.02 al ...) NOT-FOR-US: MEO Encryption Software CVE-2010-5219 (Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows loca ...) NOT-FOR-US: SmartFTP CVE-2010-5218 (Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows lo ...) NOT-FOR-US: Dupehunter CVE-2010-5217 (Multiple untrusted search path vulnerabilities in TuneUp Utilities 200 ...) NOT-FOR-US: TuneUp Utilities CVE-2010-5216 (Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 al ...) NOT-FOR-US: LINGO CVE-2010-5215 (Multiple untrusted search path vulnerabilities in SWiSH Max3 3.0 2009. ...) NOT-FOR-US: SWiSH Max3 CVE-2010-5214 (Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 all ...) NOT-FOR-US: Fotobook Editor CVE-2010-5213 (Untrusted search path vulnerability in Adobe LiveCycle Designer 8.2.1. ...) NOT-FOR-US: Adobe LiveCycle Designer CVE-2010-5212 (Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 9. ...) NOT-FOR-US: Adobe LiveCycle Designer ES2 CVE-2010-5211 (Untrusted search path vulnerability in ALSee 6.20.0.1 allows local use ...) NOT-FOR-US: ALSee CVE-2010-5210 (Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows ...) NOT-FOR-US: Sorax Reader CVE-2010-5209 (Multiple untrusted search path vulnerabilities in Nuance PDF Reader 6. ...) NOT-FOR-US: Nuance PDF Reader CVE-2010-5208 (Multiple untrusted search path vulnerabilities in the (1) Presentation ...) NOT-FOR-US: Kingsoft Office CVE-2010-5207 (Multiple untrusted search path vulnerabilities in CelFrame Office 2008 ...) NOT-FOR-US: CelFrame Office CVE-2010-5206 (Multiple untrusted search path vulnerabilities in e-press ONE Office E ...) NOT-FOR-US: ONE Office CVE-2010-5205 (Multiple untrusted search path vulnerabilities in e-press ONE Office A ...) NOT-FOR-US: ONE Office CVE-2010-5204 (Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1 ...) NOT-FOR-US: IBM Lotus Symphony CVE-2010-5203 (Multiple untrusted search path vulnerabilities in NCP Secure Enterpris ...) NOT-FOR-US: NCP Secure Enterprise CVE-2010-5202 (Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allow ...) NOT-FOR-US: JetAudio CVE-2010-5201 (Untrusted search path vulnerability in MAGIX Samplitude Producer 11 al ...) NOT-FOR-US: MAGIX Samplitude Producer CVE-2010-5200 (Untrusted search path vulnerability in KeePass Password Safe before 1. ...) NOT-FOR-US: KeePass 1 (a Windows only program) is not in Debian, only KeePass 2 (multi-OS version of KeePass) and KeePassX (port/rewrite of KeePass) CVE-2010-5199 (Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 all ...) NOT-FOR-US: PhotoImpact CVE-2010-5198 (Multiple untrusted search path vulnerabilities in Intuit QuickBooks 20 ...) NOT-FOR-US: Intuit QuickBooks CVE-2010-5197 (Untrusted search path vulnerability in Pixia 4.70j allows local users ...) NOT-FOR-US: Pixia 4.70j CVE-2010-5196 (Untrusted search path vulnerability in KeePass Password Safe before 2. ...) - keepass2 (only affects Windows) CVE-2010-5195 (Untrusted search path vulnerability in Roxio MyDVD 9 allows local user ...) NOT-FOR-US: Roxio MyDVD 9 CVE-2010-5194 (Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE. ...) NOT-FOR-US: Viscom Image Viewer CP Pro CVE-2010-5193 (Stack-based buffer overflow in the TIFMergeMultiFiles function in the ...) NOT-FOR-US: Viscom Image Viewer CP Pro CVE-2010-5192 (Cross-site scripting (XSS) vulnerability in the Java Management Consol ...) NOT-FOR-US: Blue Coat CVE-2010-5191 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue ...) NOT-FOR-US: Blue Coat CVE-2010-5190 (The Active Content Transformation functionality in Blue Coat ProxySG b ...) NOT-FOR-US: Blue Coat CVE-2010-5189 (Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 be ...) NOT-FOR-US: Blue Coat CVE-2010-5188 (SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sens ...) - silverstripe (bug #528461) CVE-2010-5187 (SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running o ...) - silverstripe (bug #528461) CVE-2010-5186 (The Antivirus component in Comodo Internet Security before 4.1.150349. ...) NOT-FOR-US: Comodo Internet Security CVE-2010-5185 (The Antivirus component in Comodo Internet Security before 5.3.174622. ...) NOT-FOR-US: Comodo Internet Security CVE-2010-5184 (** DISPUTED ** Race condition in ZoneAlarm Extreme Security 9.1.507.00 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5183 (** DISPUTED ** Race condition in Webroot Internet Security Essentials ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5182 (** DISPUTED ** Race condition in VirusBuster Internet Security Suite 3 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5181 (** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on W ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5180 (** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows X ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5179 (** DISPUTED ** Race condition in Trend Micro Internet Security Pro 201 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5178 (** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP all ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5177 (** DISPUTED ** Race condition in Sophos Endpoint Security and Control ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5176 (** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on W ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5175 (** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on Windows ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5174 (** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5173 (** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on Wi ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5172 (** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5171 (** DISPUTED ** Race condition in Outpost Security Suite Pro 6.7.3.3063 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5170 (** DISPUTED ** Race condition in Online Solutions Security Suite 1.5.1 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5169 (** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35 on Wind ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5168 (** DISPUTED ** Race condition in Symantec Norton Internet Security 201 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5167 (** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on Wind ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5166 (** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5165 (** DISPUTED ** Race condition in Malware Defender 2.6.0 on Windows XP ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5164 (** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus 200 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5163 (** DISPUTED ** Race condition in Kaspersky Internet Security 2010 9.0. ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5162 (** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP a ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5161 (** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5160 (** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on Windo ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5159 (** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5158 (** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5157 (Race condition in Comodo Internet Security before 4.1.149672.916 on Wi ...) NOT-FOR-US: Comodo Internet Security CVE-2010-5156 (** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5155 (** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows X ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5154 (** DISPUTED ** Race condition in BitDefender Total Security 2010 13.0. ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5153 (** DISPUTED ** Race condition in Avira Premium Security Suite 10.0.0.5 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5152 (** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on Wind ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5151 (** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on W ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5150 (** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5149 (Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x be ...) NOT-FOR-US: Websense CVE-2010-5148 (Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set t ...) NOT-FOR-US: Websense CVE-2010-5147 (The Remote Filtering component in Websense Web Security and Web Filter ...) NOT-FOR-US: Websense CVE-2010-5146 (The Remote Filtering component in Websense Web Security and Web Filter ...) NOT-FOR-US: Websense CVE-2010-5145 (The Filtering Service in Websense Web Security and Web Filter before 6 ...) NOT-FOR-US: Websense CVE-2010-5144 (The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security ...) NOT-FOR-US: Websense CVE-2010-5143 (McAfee VirusScan Enterprise before 8.8 allows local users to disable t ...) NOT-FOR-US: McAfee CVE-2010-5142 (chef-server-api/app/controllers/users.rb in the API in Chef before 0.9 ...) - chef 0.10.10-1 CVE-2010-5141 (wxBitcoin and bitcoind before 0.3.5 do not properly handle script opco ...) - bitcoin (Fixed before initial release) CVE-2010-5140 (wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins a ...) - bitcoin (Fixed before initial release) CVE-2010-5139 (Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote ...) - bitcoin (Fixed before initial release) CVE-2010-5138 (wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial ...) - bitcoin 0.4.0-1 CVE-2010-5137 (wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a ...) - bitcoin (Fixed before initial release) CVE-2010-5136 REJECTED CVE-2010-5135 REJECTED CVE-2010-5134 REJECTED CVE-2010-5133 REJECTED CVE-2010-5132 REJECTED CVE-2010-5131 REJECTED CVE-2010-5130 REJECTED CVE-2010-5129 REJECTED CVE-2010-5128 REJECTED CVE-2010-5127 REJECTED CVE-2010-5126 REJECTED CVE-2010-5125 REJECTED CVE-2010-5124 REJECTED CVE-2010-5123 REJECTED CVE-2010-5122 REJECTED CVE-2010-5121 REJECTED CVE-2010-5120 REJECTED CVE-2010-5119 REJECTED CVE-2010-5118 REJECTED CVE-2010-5117 REJECTED CVE-2010-5116 REJECTED CVE-2010-5115 REJECTED CVE-2010-5114 REJECTED CVE-2010-5113 REJECTED CVE-2010-5112 REJECTED CVE-2010-5111 (Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote ...) - echoping 6.0.2-4 (low; bug #606808) [squeeze] - echoping (Minor issue) NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/ NOTE: https://bugs.gentoo.org/show_bug.cgi?id=349569 NOTE: http://xforce.iss.net/xforce/xfdb/64141 NOTE: http://secunia.com/advisories/42619/ CVE-2010-5110 (DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause ...) {DLA-24-1} - poppler 0.16.3-1 (bug #722705) [squeeze] - poppler 0.12.4-1.2+squeeze4 CVE-2010-5109 (Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's ...) - libytnef 1.5-5 (low; bug #705468) [squeeze] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) - claws-mail-extra-plugins (low) [squeeze] - claws-mail-extra-plugins (Minor issue) [wheezy] - claws-mail-extra-plugins (Minor issue) - claws-mail 3.11.1-2 (bug #771360) [squeeze] - claws-mail (In Squeeze, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins) [wheezy] - claws-mail (In Wheezy, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins) CVE-2010-5108 (Trac 0.11.6 does not properly check workflow permissions before modify ...) - trac 0.11.7-1 (bug #573260) CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time ...) - openssh 1:6.0p1-4 (low; bug #700102) [squeeze] - openssh 1:5.5p1-6+squeeze3 CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress bef ...) - wordpress 3.0.3-1 CVE-2010-5105 (The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ea ...) - blender (unimportant; bug #584621) [squeeze] - blender (Minor issue) [wheezy] - blender (Minor issue) NOTE: Neutralised by kernel temp hardening CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5103 (SQL injection vulnerability in the list module in TYPO3 4.2.x before 4 ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5102 (Directory traversal vulnerability in mod/tools/em/class.em_unzip.php i ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5101 (Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2 ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5100 (Multiple cross-site scripting (XSS) vulnerabilities in the Install Too ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5099 (The fileDenyPattern functionality in the PHP file inclusion protection ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5098 (Cross-site scripting (XSS) vulnerability in the FORM content object in ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5097 (Cross-site scripting (XSS) vulnerability in the click enlarge function ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5096 NOT-FOR-US: MyBB CVE-2010-5095 (Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5094 (The deleteinstallfiles function in control/ContentController.php in Si ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5093 (Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5092 (The Add Member dialog in the Security admin page in SilverStripe 2.4.0 ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5091 (The setName function in filesystem/File.php in SilverStripe 2.3.x befo ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5090 (SilverStripe before 2.4.2 allows remote authenticated users to change ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5089 (SilverStripe before 2.4.2 does not properly restrict access to pages i ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5088 (Multiple cross-site request forgery (CSRF) vulnerabilities in SilverSt ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5087 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5086 (Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2. ...) NOT-FOR-US: Bitweaver CVE-2010-5085 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin/up ...) NOT-FOR-US: Hulihan Amethyst CVE-2010-5084 (The cross-site request forgery (CSRF) protection mechanism in e107 bef ...) NOT-FOR-US: e107 CVE-2010-5083 (SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 a ...) NOT-FOR-US: PHP-Nuke CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in ...) NOT-FOR-US: Windows Server CVE-2010-5081 (Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 al ...) NOT-FOR-US: Mini-Stream RM-MP3 Converter CVE-2010-5080 (The Security/changepassword URL action in SilverStripe 2.3.x before 2. ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5079 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entr ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5078 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensiti ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5077 (server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, Op ...) {DSA-2442-1} - openarena 0.8.5-6 (medium; bug #665656) - ioquake3 (fixed before upload) - tremulous 1.1.0-8 (bug #665842) [squeeze] - tremulous 1.1.0-7~squeeze1 CVE-2010-5076 (QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in ...) - qt4-x11 4:4.6.3-1 NOTE: Might be fixed earlier, but Squeeze version has been validated to be fixed CVE-2010-5075 (Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5. ...) NOT-FOR-US: Avast! Internet Security CVE-2010-5074 (The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3. ...) - iceweasel 4.0-1 (unimportant) CVE-2010-5073 (The JavaScript implementation in Google Chrome 4 does not properly res ...) - chromium-browser - webkit CVE-2010-5072 (The JavaScript implementation in Opera 10.5 does not properly restrict ...) NOT-FOR-US: Opera CVE-2010-5071 (The JavaScript implementation in Microsoft Internet Explorer 8.0 and e ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-5070 (The JavaScript implementation in Apple Safari 4 does not properly rest ...) NOT-FOR-US: Safari CVE-2010-5069 (The Cascading Style Sheets (CSS) implementation in Google Chrome 4 doe ...) - chromium-browser - webkit CVE-2010-5068 (The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not ...) NOT-FOR-US: Opera CVE-2010-5067 (Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depen ...) NOT-FOR-US: Virtual War CVE-2010-5066 (The createRandomPassword function in includes/functions_common.php in ...) NOT-FOR-US: Virtual War CVE-2010-5065 (popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers t ...) NOT-FOR-US: Virtual War CVE-2010-5064 (Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (ak ...) NOT-FOR-US: Virtual War CVE-2010-5063 (SQL injection vulnerability in article.php in Virtual War (aka VWar) 1 ...) NOT-FOR-US: Virtual War CVE-2010-5062 (SQL injection vulnerability in search.php in MH Products kleinanzeigen ...) NOT-FOR-US: MH Products kleinanzeigenmarkt CVE-2010-5061 (SQL injection vulnerability in index.php in RSStatic allows remote att ...) NOT-FOR-US: RSStatic CVE-2010-5060 (SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows r ...) NOT-FOR-US: NUs Newssystem CVE-2010-5059 (SQL injection vulnerability in index.php in CMScout 2.0.8 allows remot ...) NOT-FOR-US: CMScout CVE-2010-5058 (SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 al ...) NOT-FOR-US: CMS Ariadna CVE-2010-5057 (SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 al ...) NOT-FOR-US: CMS Ariadna CVE-2010-5056 (SQL injection vulnerability in the GBU Facebook (com_gbufacebook) comp ...) NOT-FOR-US: GBU Facebook CVE-2010-5055 (SQL injection vulnerability in index.php in Almnzm 2.1 allows remote a ...) NOT-FOR-US: Almnzm CVE-2010-5054 (Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki b ...) NOT-FOR-US: JAMWiki CVE-2010-5053 (SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 ...) NOT-FOR-US: Joomla extension CVE-2010-5052 (Cross-site scripting (XSS) vulnerability in admin/components.php in Ge ...) NOT-FOR-US: GetSimple CMS CVE-2010-5051 (Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php ...) NOT-FOR-US: razorCMS CVE-2010-5050 (Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_sha ...) NOT-FOR-US: ManageEngine ADManager Plus CVE-2010-5049 (SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier ...) - zabbix 1:1.8.2-1 CVE-2010-5048 (Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the ...) NOT-FOR-US: Joomla extension CVE-2010-5047 (SQL injection vulnerability in page.php in V-EVA Press Release Script ...) NOT-FOR-US: V-EVA Press Release Script CVE-2010-5046 (Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows ...) NOT-FOR-US: ecoCMS CVE-2010-5045 (Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ...) NOT-FOR-US: Smart ASP Survey CVE-2010-5044 (SQL injection vulnerability in models/log.php in the Search Log (com_s ...) NOT-FOR-US: Search log Joomla addon CVE-2010-5043 (SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) co ...) NOT-FOR-US: Joomla extension CVE-2010-5042 (Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_dja ...) NOT-FOR-US: Joomla extension CVE-2010-5041 (SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 ...) NOT-FOR-US: Nucleus CMS extension CVE-2010-5040 (PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery. ...) NOT-FOR-US: Nucleus CMS extension CVE-2010-5039 (SQL injection vulnerability in control/admin_login.php in ScriptsFeed ...) NOT-FOR-US: ScriptsFeed Recipes Listing Portal CVE-2010-5038 (PHP remote file inclusion vulnerability in contact/contact.php in Groo ...) NOT-FOR-US: Groone's Simple Contact Form CVE-2010-5037 (SQL injection vulnerability in article.php in SenseSites CommonSense C ...) NOT-FOR-US: SenseSites CommonSense CMS CVE-2010-5036 (SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allow ...) NOT-FOR-US: iScripts eSwap CVE-2010-5035 (Cross-site scripting (XSS) vulnerability in search.php in iScripts eSw ...) NOT-FOR-US: iScripts eSwap CVE-2010-5034 (SQL injection vulnerability in viewhistorydetail.php in iScripts EasyB ...) NOT-FOR-US: iScripts EasyBiller CVE-2010-5033 (SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows ...) NOT-FOR-US: Fusebox CVE-2010-5032 (SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component ...) NOT-FOR-US: Joomla extension CVE-2010-5031 (Cross-site scripting (XSS) vulnerability in index.php in fileNice 1.1 ...) NOT-FOR-US: fileNice CVE-2010-5030 (Cross-site scripting (XSS) vulnerability in index.php in Ecomat CMS 5. ...) NOT-FOR-US: Ecomat CMS CVE-2010-5029 (SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remo ...) NOT-FOR-US: Ecomat CMS CVE-2010-5028 (SQL injection vulnerability in the JExtensions JE Job (com_jejob) comp ...) NOT-FOR-US: Joomla extension CVE-2010-5027 (Cross-site scripting (XSS) vulnerability in winners.php in Science Fai ...) NOT-FOR-US: Science Fair In A Box (SFIAB) CVE-2010-5026 (SQL injection vulnerability in winners.php in Science Fair In A Box (S ...) NOT-FOR-US: Science Fair In A Box (SFIAB) CVE-2010-5025 (Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSIT ...) NOT-FOR-US: CuteSITE CMS CVE-2010-5024 (SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2 ...) NOT-FOR-US: CuteSITE CMS CVE-2010-5023 (SQL injection vulnerability in index.asp in Digital Interchange Calend ...) NOT-FOR-US: Digital Interchange Calendar CVE-2010-5022 (SQL injection vulnerability in the JExtensions JE Story Submit (com_je ...) NOT-FOR-US: Joomla extension CVE-2010-5021 (SQL injection vulnerability in view_group.asp in Digital Interchange D ...) NOT-FOR-US: Digital Interchange Calendar CVE-2010-5020 (SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 ...) NOT-FOR-US: NetArt Media iBoutique CVE-2010-5019 (SQL injection vulnerability in view_photo.php in 2daybiz Online Classi ...) NOT-FOR-US: 2daybiz Online Classified Script CVE-2010-5018 (Cross-site scripting (XSS) vulnerability in products/classified/header ...) NOT-FOR-US: 2daybiz Online Classified Script CVE-2010-5017 (SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 a ...) NOT-FOR-US: Elite Gaming Ladders CVE-2010-5016 (SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 ...) NOT-FOR-US: Elite Gaming Ladders CVE-2010-5015 (SQL injection vulnerability in view_photo.php in 2daybiz Network Commu ...) NOT-FOR-US: 2daybiz Network Community Script CVE-2010-5014 (SQL injection vulnerability in standings.php in Elite Gaming Ladders 3 ...) NOT-FOR-US: Elite Gaming Ladders CVE-2010-5013 (SQL injection vulnerability in listing_detail.asp in Mckenzie Creation ...) NOT-FOR-US: Mckenzie Creations Virtual Real Estate Manager CVE-2010-5012 (SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows ...) NOT-FOR-US: DaLogin CVE-2010-5011 (SQL injection vulnerability in schoolmv2/html/studentmain.php in Schoo ...) NOT-FOR-US: SchoolMation CVE-2010-5010 (Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain ...) NOT-FOR-US: SchoolMation CVE-2010-5009 (SQL injection vulnerability in index.php in UTStats Beta 4 and earlier ...) NOT-FOR-US: UTStats CVE-2010-5008 (SQL injection vulnerability in pages/contact_list_mail_form.asp in Bri ...) NOT-FOR-US: BrightSuite Groupware CVE-2010-5007 (Cross-site scripting (XSS) vulnerability in pages/match_report.php in ...) NOT-FOR-US: UTStats CVE-2010-5006 (SQL injection vulnerability in googlemap/index.php in EMO Realty Manag ...) NOT-FOR-US: EMO Realty Manager CVE-2010-5005 (Cross-site scripting (XSS) vulnerability in members/profileCommentsRes ...) NOT-FOR-US: Rayzz Photoz CVE-2010-5004 (SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Ad ...) NOT-FOR-US: 2daybiz Polls CVE-2010-5000 (SQL injection vulnerability in login/login_index.php in MCLogin System ...) NOT-FOR-US: MCLogin System CVE-2010-4998 (PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaIni ...) NOT-FOR-US: ardeaCore PHP Framework CVE-2010-4997 (SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 a ...) NOT-FOR-US: OlyKit Swoopo Clone 2010 CVE-2010-4971 (Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Vid ...) NOT-FOR-US: VideoWhisper PHP 2 Way Video Chat CVE-2010-5003 (SQL injection vulnerability in the AutarTimonial (com_autartimonial) c ...) NOT-FOR-US: Joomla extension CVE-2010-5002 (Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/sl ...) NOT-FOR-US: Exponent CMS CVE-2010-5001 (SQL injection vulnerability in view.php in esoftpro Online Contact Man ...) NOT-FOR-US: esoftpro Online Contact Manager CVE-2010-4999 (SQL injection vulnerability in index.php in esoftpro Online Photo Pro ...) NOT-FOR-US: esoftpro Online Photo Pro CVE-2010-4996 (SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbo ...) NOT-FOR-US: esoftpro Online Guestbook Pro CVE-2010-4995 (SQL injection vulnerability in the NeoRecruit (com_neorecruit) compone ...) NOT-FOR-US: Joomla extension CVE-2010-4994 (SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla ...) NOT-FOR-US: Joomla extension CVE-2010-4993 (SQL injection vulnerability in the eventcal (com_eventcal) component 1 ...) NOT-FOR-US: Joomla extension CVE-2010-4992 (SQL injection vulnerability in the Payments Plus component 2.1.5 for J ...) NOT-FOR-US: Joomla extension CVE-2010-4991 (SQL injection vulnerability in the NinjaMonials (com_ninjamonials) com ...) NOT-FOR-US: Joomla extension CVE-2010-4990 (SQL injection vulnerability in the Front-edit Address Book (com_addres ...) NOT-FOR-US: Joomla extension CVE-2010-4989 (SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows r ...) NOT-FOR-US: Ziggurat Farsi CMS CVE-2010-4988 (PHP remote file inclusion vulnerability in mod_chatting/themes/default ...) NOT-FOR-US: Family Connections Who is Chatting CVE-2010-4987 (SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GB ...) NOT-FOR-US: KMSoft Guestbook (aka GBook) CVE-2010-4986 (SQL injection vulnerability in detail.php in Simple Document Managemen ...) NOT-FOR-US: Simple Document Management System (SDMS) CVE-2010-4985 (Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam Not ...) NOT-FOR-US: My Kazaam Notes Management System CVE-2010-4984 (SQL injection vulnerability in notes.php in My Kazaam Notes Management ...) NOT-FOR-US: My Kazaam Notes Management System CVE-2010-4983 (SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 ...) NOT-FOR-US: iScripts CyberMatch CVE-2010-4982 (SQL injection vulnerability in address_book/contacts.php in My Kazaam ...) NOT-FOR-US: My Kazaam Address & Contact Organizer CVE-2010-4981 (SQL injection vulnerability in trackads.php in YourFreeWorld Banner Ma ...) NOT-FOR-US: YourFreeWorld Banner Management CVE-2010-4980 (SQL injection vulnerability in packagedetails.php in iScripts ReserveL ...) NOT-FOR-US: iScripts ReserveLogic CVE-2010-4979 (SQL injection vulnerability in image/view.php in CANDID allows remote ...) NOT-FOR-US: CANDID CVE-2010-4978 (Cross-site scripting (XSS) vulnerability in image/view.php in CANDID a ...) NOT-FOR-US: CANDID CVE-2010-4977 (SQL injection vulnerability in menu.php in the Canteen (com_canteen) c ...) NOT-FOR-US: Joomla extension CVE-2010-4976 (Cross-site scripting (XSS) vulnerability in search/search.php in MetIn ...) NOT-FOR-US: MetInfo CVE-2010-4975 (SQL injection vulnerability in the Techjoomla SocialAds For JomSocial ...) NOT-FOR-US: Joomla extension CVE-2010-4974 (SQL injection vulnerability in info.php in BrotherScripts (BS) and Scr ...) NOT-FOR-US: BrotherScripts (BS) and ScriptsFeed Auto Dealer CVE-2010-4973 (Cross-site scripting (XSS) vulnerability in the search feature in Camp ...) NOT-FOR-US: Campsite CVE-2010-4972 (SQL injection vulnerability in index.php in YPNinc JokeScript allows r ...) NOT-FOR-US: YPNinc JokeScript CVE-2010-4970 (SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0 ...) NOT-FOR-US: Wiki Web Help CVE-2010-4969 (SQL injection vulnerability in articlesdetails.php in BrotherScripts ( ...) NOT-FOR-US: BrotherScripts (BS) Business Directory CVE-2010-4968 (SQL injection vulnerability in the webmaster-tips.net Flash Gallery (c ...) NOT-FOR-US: Joomla extension CVE-2010-4967 (SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 ...) NOT-FOR-US: ATCOM Netvolution CVE-2010-4966 (Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvo ...) NOT-FOR-US: ATCOM Netvolution CVE-2010-4965 (/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 co ...) NOT-FOR-US: D-Link DCS-2121 CVE-2010-4964 (recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 all ...) NOT-FOR-US: D-Link DCS-2121 CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows ...) NOT-FOR-US: Hulihan BXR CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension bef ...) NOT-FOR-US: TYPO3 extension CVE-2010-4961 (SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension b ...) NOT-FOR-US: TYPO3 extension CVE-2010-4960 (Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yell ...) NOT-FOR-US: Branchenbuch CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects Pre P ...) NOT-FOR-US: Pre Projects Pre Podcast Portal CVE-2010-4958 (SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows ...) NOT-FOR-US: Prado Portal CVE-2010-4957 (SQL injection vulnerability in the Questionnaire (ke_questionnaire) ex ...) NOT-FOR-US: TYPO3 extension CVE-2010-4956 (Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_ques ...) NOT-FOR-US: TYPO3 extension CVE-2010-4955 (SQL injection vulnerability in board/board.php in APBoard Developers A ...) NOT-FOR-US: APBoard Developers APBoard CVE-2010-4954 (SQL injection vulnerability in product_reviews_info.php in xt:Commerce ...) NOT-FOR-US: xt:Commerce Gambio CVE-2010-4953 (Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1 ...) NOT-FOR-US: TYPO3 extension CVE-2010-4952 (SQL injection vulnerability in the FE user statistic (festat) extensio ...) NOT-FOR-US: TYPO3 extension CVE-2010-4951 (Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xaj ...) NOT-FOR-US: TYPO3 extension CVE-2010-4950 (SQL injection vulnerability in the Event (event) extension before 0.3. ...) NOT-FOR-US: TYPO3 extension CVE-2010-4949 (Cross-site scripting (XSS) vulnerability in the (1) FreiChat component ...) NOT-FOR-US: Joomla extension CVE-2010-4948 (PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in ...) NOT-FOR-US: PHP Free Photo Gallery CVE-2010-4947 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...) NOT-FOR-US: ALLPC CVE-2010-4946 (SQL injection vulnerability in product_info.php in ALLPC 2.5 allows re ...) NOT-FOR-US: ALLPC CVE-2010-4945 (SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) comp ...) NOT-FOR-US: CamelcityDB CVE-2010-4944 (SQL injection vulnerability in the Elite Experts (com_elite_experts) c ...) NOT-FOR-US: Joomla extension CVE-2010-4943 (Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 ...) NOT-FOR-US: Saurus CMS CVE-2010-4942 (SQL injection vulnerability in location.php in the eCal module in E-Xo ...) NOT-FOR-US: E-Xoopport Samsara CVE-2010-4941 (SQL injection vulnerability in the Teams (com_teams) component 1_1028_ ...) NOT-FOR-US: Joomla extension CVE-2010-4940 (SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows ...) NOT-FOR-US: WAnewsletter CVE-2010-4939 (PHP remote file inclusion vulnerability in index.php in MailForm 1.2 a ...) NOT-FOR-US: MailForm CVE-2010-4938 (SQL injection vulnerability in the Weblinks (com_weblinks) component i ...) NOT-FOR-US: Joomla extension CVE-2010-4937 (Multiple SQL injection vulnerabilities in the Amblog (com_amblog) comp ...) NOT-FOR-US: Amblog CVE-2010-4936 (SQL injection vulnerability in the Slide Show (com_slideshow) componen ...) NOT-FOR-US: Slide Show extension for Joomla CVE-2010-4935 (SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier a ...) NOT-FOR-US: Entrans CVE-2010-4934 (SQL injection vulnerability in video.php in Get Tube 4.51 and earlier ...) NOT-FOR-US: Get Tube CVE-2010-4933 (SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3. ...) NOT-FOR-US: Geeklog CVE-2010-4932 (Cross-site scripting (XSS) vulnerability in search.php in Entrans befo ...) NOT-FOR-US: Entrans CVE-2010-4931 (** DISPUTED ** Directory traversal vulnerability in maincore.php in PH ...) NOT-FOR-US: PHP-Fusion CVE-2010-4930 (Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail ...) NOT-FOR-US: @mail Webmail CVE-2010-4929 (SQL injection vulnerability in the Joostina (com_ezautos) component fo ...) NOT-FOR-US: Joomla extension CVE-2010-4928 (Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_ ...) NOT-FOR-US: Joomla extension CVE-2010-4927 (SQL injection vulnerability in the Restaurant Guide (com_restaurantgui ...) NOT-FOR-US: Joomla extension CVE-2010-4926 (SQL injection vulnerability in the TimeTrack (com_timetrack) component ...) NOT-FOR-US: Joomla extension CVE-2010-4925 (SQL injection vulnerability in clic.php in the Partenaires module 1.5 ...) NOT-FOR-US: Nuked Klan CVE-2010-4924 (** DISPUTED ** PHP remote file inclusion vulnerability in logic/contro ...) NOT-FOR-US: clearBudget CVE-2010-4923 (SQL injection vulnerability in book/detail.php in Virtue Netz Virtue B ...) NOT-FOR-US: Virtue Netz Virtue CVE-2010-4922 (Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow ...) NOT-FOR-US: Allinta CMS CVE-2010-4921 (SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady ...) NOT-FOR-US: DMXReady Polling Booth Manager CVE-2010-4920 (SQL injection vulnerability in detail.asp in Micronetsoft Rental Prope ...) NOT-FOR-US: Micronetsoft CVE-2010-4919 (SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer We ...) NOT-FOR-US: Micronetsoft CVE-2010-4918 (PHP remote file inclusion vulnerability in iJoomla Magazine (com_magaz ...) NOT-FOR-US: Joomla extension CVE-2010-4917 (SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows ...) NOT-FOR-US: A-Blog CVE-2010-4916 (Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUse ...) NOT-FOR-US: ColdGen ColdUserGroup CVE-2010-4915 (SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 ...) NOT-FOR-US: ColdGen ColdBookmarks CVE-2010-4914 (PHP remote file inclusion vulnerability in tools/phpmailer/class.phpma ...) NOT-FOR-US: PHP Classifieds CVE-2010-4913 (Cross-site scripting (XSS) vulnerability in the search feature in Cold ...) NOT-FOR-US: ColdGen ColdUserGroup CVE-2010-4912 (SQL injection vulnerability in shop.php in UCenter Home 2.0 allows rem ...) NOT-FOR-US: UCenter CVE-2010-4911 (SQL injection vulnerability in classi/detail.php in PHP Classifieds Ad ...) NOT-FOR-US: PHP Classifieds CVE-2010-4910 (SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 ...) NOT-FOR-US: ColdGen ColdCalendar CVE-2010-4909 (Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCM ...) NOT-FOR-US: PaysiteReviewCMS CVE-2010-4908 (SQL injection vulnerability in detail.php in Virtue Shopping Mall allo ...) NOT-FOR-US: Virtue Shopping Mall CVE-2010-4907 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenph ...) NOT-FOR-US: Zenphoto CVE-2010-4906 (SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 ...) NOT-FOR-US: Zenphoto CVE-2010-4905 (SQL injection vulnerability in article_details.php in Softbiz Article ...) NOT-FOR-US: Softbiz CVE-2010-4904 (SQL injection vulnerability in the Aardvertiser (com_aardvertiser) com ...) NOT-FOR-US: Aardvertiser CVE-2010-4903 (SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remo ...) NOT-FOR-US: CubeCart CVE-2010-4902 (Multiple SQL injection vulnerabilities in the Clantools (com_clantools ...) NOT-FOR-US: Joomla extension CVE-2010-4901 (Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in ...) NOT-FOR-US: MySource Matrix CVE-2010-4900 (Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and ear ...) NOT-FOR-US: CMS WebManager-Pro CVE-2010-4899 (SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 ...) NOT-FOR-US: CMS WebManager-Pro CVE-2010-4898 (SQL injection vulnerability in the Gantry (com_gantry) component 3.0.1 ...) NOT-FOR-US: Joomla extension CVE-2010-4897 (SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remot ...) NOT-FOR-US: BlueCMS CVE-2010-4896 (Cross-site scripting (XSS) vulnerability in admin/index.asp in Member ...) NOT-FOR-US: Member Management System CVE-2010-4895 (Cross-site scripting (XSS) vulnerability in core/showsite.php in chill ...) NOT-FOR-US: chillyCMS CVE-2010-4894 (SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 al ...) NOT-FOR-US: chillyCMS CVE-2010-4893 (Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS ...) NOT-FOR-US: FestOS CVE-2010-4892 (Cross-site scripting (XSS) vulnerability in the powermail extension be ...) NOT-FOR-US: TYPO3 extension CVE-2010-4891 (SQL injection vulnerability in the Yet Another Calendar (ke_yac) exten ...) NOT-FOR-US: TYPO3 extension CVE-2010-4890 (Cross-site scripting (XSS) vulnerability in the Yet Another Calendar ( ...) NOT-FOR-US: TYPO3 extension CVE-2010-4889 (Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension ...) NOT-FOR-US: TYPO3 extension CVE-2010-4888 (SQL injection vulnerability in the Tiny Market (hm_tinymarket) extensi ...) NOT-FOR-US: TYPO3 extension CVE-2010-4887 (SQL injection vulnerability in the Commenting system Backend Module (c ...) NOT-FOR-US: TYPO3 extension CVE-2010-4886 (Cross-site scripting (XSS) vulnerability in the "official twitter twee ...) NOT-FOR-US: TYPO3 extension CVE-2010-4885 (Cross-site scripting (XSS) vulnerability in the XING Button (xing) ext ...) NOT-FOR-US: TYPO3 extension CVE-2010-4884 (PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaes ...) NOT-FOR-US: Gaestebuch CVE-2010-4883 (Cross-site scripting (XSS) vulnerability in manager/index.php in MODx ...) NOT-FOR-US: MODx Revolution CVE-2010-4882 (Cross-site scripting (XSS) vulnerability in autocms.php in Auto CMS 1. ...) NOT-FOR-US: Auto CMS CVE-2010-4881 (Multiple cross-site request forgery (CSRF) vulnerabilities in calendar ...) NOT-FOR-US: ApPHP Calendar CVE-2010-4880 (Multiple cross-site scripting (XSS) vulnerabilities in calendar.class. ...) NOT-FOR-US: ApPHP Calendar CVE-2010-4879 (PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 ...) - php-dompdf 0.6.1+dfsg-1 CVE-2010-4878 (PHP remote file inclusion vulnerability in formmailer.php in Kontakt F ...) NOT-FOR-US: Kontakt Formular CVE-2010-4877 (Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 ...) NOT-FOR-US: OneCMS CVE-2010-4876 (SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows ...) NOT-FOR-US: mBlogger CVE-2010-4875 (Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpo ...) NOT-FOR-US: Wordpress plugin CVE-2010-4874 (Multiple cross-site scripting (XSS) vulnerabilities in users.php in Ni ...) NOT-FOR-US: NinkoBB CVE-2010-4873 (Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 ...) NOT-FOR-US: WeBid CVE-2010-4872 (SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 ...) NOT-FOR-US: ASPilot Pilot Cart CVE-2010-4871 (Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows att ...) NOT-FOR-US: SmartFTP CVE-2010-4870 (SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows re ...) NOT-FOR-US: BloofoxCMS CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote ...) NOT-FOR-US: DBHcms CVE-2010-4868 (Cross-site scripting (XSS) vulnerability in search.php3 (aka search.ph ...) NOT-FOR-US: W-Agora CVE-2010-4867 (Directory traversal vulnerability in search.php3 (aka search.php) in W ...) NOT-FOR-US: W-Agora CVE-2010-4866 (SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows ...) NOT-FOR-US: Chipmunk Board CVE-2010-4865 (SQL injection vulnerability in the JE Guestbook (com_jeguestbook) comp ...) NOT-FOR-US: Joomla extension CVE-2010-4864 (SQL injection vulnerability in the Club Manager (com_clubmanager) comp ...) NOT-FOR-US: Joomla extension CVE-2010-4863 (Cross-site scripting (XSS) vulnerability in admin/changedata.php in Ge ...) NOT-FOR-US: GetSimple CMS CVE-2010-4862 (SQL injection vulnerability in the JExtensions JE Directory (com_jedir ...) NOT-FOR-US: Joomla extension CVE-2010-4861 (SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows re ...) NOT-FOR-US: webSPELL CVE-2010-4860 (SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 a ...) NOT-FOR-US: MyPhpAuction CVE-2010-4859 (SQL injection vulnerability in index.php in WebAsyst Shop-Script allow ...) NOT-FOR-US: WebAsyst Shop-Script CVE-2010-4858 (Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stat ...) NOT-FOR-US: DNET Live-Stats CVE-2010-4857 (SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows re ...) NOT-FOR-US: CAG CMS CVE-2010-4856 (SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote ...) NOT-FOR-US: xWeblog CVE-2010-4855 (SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote at ...) NOT-FOR-US: xWebLog CVE-2010-4854 (SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magi ...) NOT-FOR-US: Zuitu CVE-2010-4853 (SQL injection vulnerability in the ccInvoices (com_ccinvoices) compone ...) NOT-FOR-US: Joomla extension CVE-2010-4852 (Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b ...) NOT-FOR-US: Eclime CVE-2010-4851 (Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote a ...) NOT-FOR-US: Eclime CVE-2010-4850 (Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 a ...) NOT-FOR-US: Diferior CVE-2010-4849 (SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B ...) NOT-FOR-US: Alibaba Clone B2B CVE-2010-4848 (Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in ...) NOT-FOR-US: AXScripts AxsLinks CVE-2010-4847 (SQL injection vulnerability in view_item.php in MH Products MHP Downlo ...) NOT-FOR-US: MH Products MHP Downloadshop CVE-2010-4846 (SQL injection vulnerability in view_item.php in MH Products Pay Pal Sh ...) NOT-FOR-US: MH Products Pay Pal Shop Digital CVE-2010-4845 (Multiple SQL injection vulnerabilities in MH Products Projekt Shop all ...) NOT-FOR-US: MH Products Projekt Shop CVE-2010-4844 (SQL injection vulnerability in content.php in MH Products Easy Online ...) NOT-FOR-US: MH Products Easy Online Shop CVE-2010-4843 (SQL injection vulnerability in website-page.php in PHP Web Scripts Ad ...) NOT-FOR-US: PHP Web Scripts Ad Manager Pro CVE-2010-4842 (SQL injection vulnerability in admin/login.php in MHP DownloadScript ( ...) NOT-FOR-US: MH Products Download Center CVE-2010-4841 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ev ...) NOT-FOR-US: ManageEngine EventLog Analyzer CVE-2010-4840 (Multiple buffer overflows in the Syslog server in ManageEngine EventLo ...) NOT-FOR-US: ManageEngine EventLog Analyzer CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and ...) NOT-FOR-US: Wordpress plugin Event Registration CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component 1 ...) NOT-FOR-US: Joomla! CVE-2010-4837 (Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport ...) NOT-FOR-US: Joomla! CVE-2010-4836 (Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2 ...) NOT-FOR-US: PHPShop CVE-2010-4835 (Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 ...) NOT-FOR-US: OneOrZero AIMS CVE-2010-4834 (Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS ...) NOT-FOR-US: OneOrZero AIMS CVE-2010-4833 (Untrusted search path vulnerability in modules/engines/ms-windows/xp_t ...) - gtk+2.0 (win32 specific) CVE-2010-4832 (Android OS before 2.2 does not display the correct SSL certificate in ...) NOT-FOR-US: Android CVE-2010-4831 (Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in G ...) - gtk+2.0 (Win32-specific) CVE-2010-4830 (SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno ...) NOT-FOR-US: Techno Dreams (T-Dreams) Job Career Package CVE-2010-4829 (SQL injection vulnerability in processview.asp in Techno Dreams (T-Dre ...) NOT-FOR-US: Techno Dreams CVE-2010-4828 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orio ...) NOT-FOR-US: SolarWinds Orion Network Performance Monitor CVE-2010-4827 (Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forum ...) NOT-FOR-US: Snitz Forums CVE-2010-4826 (SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 ...) NOT-FOR-US: Snitz Forums CVE-2010-4825 (Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Tw ...) NOT-FOR-US: Wordpress plugin CVE-2010-4824 (SQL injection vulnerability in the augmentSQL method in core/model/Tra ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-4823 (Cross-site scripting (XSS) vulnerability in the httpError method in sa ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-4822 (core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-4821 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allo ...) NOT-FOR-US: phpMyFAQ CVE-2010-4820 (Untrusted search path vulnerability in Ghostscript 8.62 allows local u ...) - ghostscript 8.71~dfsg2-6.1 [lenny] - ghostscript (too risky for regressions) CVE-2010-4819 (The ProcRenderAddGlyphs function in the Render extension (render/rende ...) - xorg-server 2:1.9.0.901-1 [squeeze] - xorg-server 2:1.7.7-14 [lenny] - xorg-server (Minor issue) CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authenticated u ...) - xorg-server 2:1.9.99.902-1 [squeeze] - xorg-server 2:1.7.7-4 [lenny] - xorg-server (Minor issue) NOTE: As per https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4818 three commits with theoretical sec impact: NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543 NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4 NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=3f0d3f4d97bce75c1828635c322b6560a45a037f CVE-2010-4817 (pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. ...) - pithos 0.3.5-1 CVE-2010-4816 (It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null ...) NOT-FOR-US: Historic freeBSD issue CVE-2010-4815 (Coppermine gallery before 1.4.26 has an input validation vulnerability ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Adva ...) NOT-FOR-US: Best Soft Inc. CVE-2010-4813 (Cross-site scripting (XSS) vulnerability in the Category Tokens module ...) NOT-FOR-US: Drupal 6.x Category Tokens module CVE-2010-4812 (Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 all ...) NOT-FOR-US: 6kbbs CVE-2010-4811 (Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php ...) NOT-FOR-US: 6kbbs CVE-2010-4810 (Multiple PHP remote file inclusion vulnerabilities in AR Web Content M ...) NOT-FOR-US: AR Web Content Manager CVE-2010-4809 (SQL injection vulnerability in index.php in DBSite 1.0 allows remote a ...) NOT-FOR-US: DBSite CVE-2010-4808 (SQL injection vulnerability in index.php in Webmatic allows remote att ...) NOT-FOR-US: Webmatic CVE-2010-4805 (The socket implementation in net/core/sock.c in the Linux kernel befor ...) - linux-2.6 2.6.34-1 [squeeze] - linux-2.6 2.6.32-48 CVE-2010-4807 (Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 a ...) NOT-FOR-US: IBM Web Content Manager CVE-2010-4806 (The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 ...) NOT-FOR-US: IBM Web Content Manager CVE-2010-4804 (The Android browser in Android before 2.3.4 allows remote attackers to ...) NOT-FOR-US: Android Browser CVE-2010-4803 (Mojolicious before 0.999927 does not properly implement HMAC-MD5 check ...) {DSA-2239-1} - libmojolicious-perl 0.999929-1 CVE-2010-4802 (Commands.pm in Mojolicious before 0.999928 does not properly perform C ...) {DSA-2239-1} - libmojolicious-perl 0.999929-1 CVE-2010-4801 (Directory traversal vulnerability in admin/updatelist.php in BaconMap ...) NOT-FOR-US: BaconMap CVE-2010-4800 (SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote ...) NOT-FOR-US: BaconMap CVE-2010-4799 (Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when m ...) NOT-FOR-US: Chipmunk Pwngame CVE-2010-4798 (Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 al ...) NOT-FOR-US: OrangeHRM CVE-2010-4797 (Multiple SQL injection vulnerabilities in the log-in form in Truworth ...) NOT-FOR-US: Truworth Flex Timesheet CVE-2010-4796 (Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote at ...) NOT-FOR-US: PHPYun CVE-2010-4795 (SQL injection vulnerability in the JS Calendar (com_jscalendar) compon ...) NOT-FOR-US: JS Calendar component for Joomla! CVE-2010-4794 (Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSelle ...) NOT-FOR-US: JoomlaSeller JS Calendar component for Joomla! CVE-2010-4793 (SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager ...) NOT-FOR-US: Site2Nite Auto e-Manager CVE-2010-4792 (Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverL ...) NOT-FOR-US: OPEN IT OverLook CVE-2010-4791 (SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_us ...) NOT-FOR-US: MG User-Fotoalbum module for PHP-Fusion CVE-2010-4790 (Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and proba ...) NOT-FOR-US: FilterFTP CVE-2010-4789 (Use-after-free vulnerability in the proxy-server implementation in IBM ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2010-4788 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV ...) NOT-FOR-US: Tivoli CVE-2010-4787 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV ...) NOT-FOR-US: Tivoli CVE-2010-4786 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV ...) NOT-FOR-US: Tivoli CVE-2010-4785 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server ...) NOT-FOR-US: Tivoli CVE-2010-4784 (Multiple SQL injection vulnerabilities in member.php in PHP Web Script ...) NOT-FOR-US: PHP Web Scripts Easy Banner Free CVE-2010-4783 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in PH ...) NOT-FOR-US: PHP Web Scripts Easy Banner Free CVE-2010-4782 (Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal ( ...) NOT-FOR-US: Softwebs Nepal Ananda Real Estate CVE-2010-4781 (index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1. ...) NOT-FOR-US: Enano CMS CVE-2010-4780 (SQL injection vulnerability in the check_banlist function in includes/ ...) NOT-FOR-US: Enano CMS CVE-2010-4779 (Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php ...) NOT-FOR-US: WPtouch plugin for WordPress CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs. ...) - imp4 4.3.10+debian0-1 [squeeze] - imp4 (Minor issue) CVE-2010-4777 (The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14 ...) - perl 5.20.1-1 (unimportant; bug #628836) NOTE: Only affects Perl builds with enabled assertions, i.e. the debugperl binary from perl-debug NOTE: likely fixed sometime around 5.18, but 5.20 was the version checked CVE-2010-4776 (SQL injection vulnerability in takefreestart.php in PreProjects Pre On ...) NOT-FOR-US: PreProjects Pre Online Tests Generator Pro CVE-2010-4775 (The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 ...) NOT-FOR-US: Relevant Content addon for Drupal CVE-2010-4774 (SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote a ...) NOT-FOR-US: AuraCMS CVE-2010-4773 (Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D ...) NOT-FOR-US: Hitachi EUR Form, uCosminexus EUR Form Service CVE-2010-4772 (Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2 ...) NOT-FOR-US: S-CMS CVE-2010-4771 (SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remot ...) NOT-FOR-US: S-CMS CVE-2010-4770 (SQL injection vulnerability in index.php in CommodityRentals DVD Renta ...) NOT-FOR-US: CommodityRentals DVD Rentals Script CVE-2010-4769 (Directory traversal vulnerability in the Jimtawl (com_jimtawl) compone ...) NOT-FOR-US: Jimtawl CVE-2010-4768 (Open Ticket Request System (OTRS) before 2.3.5 does not properly disab ...) - otrs2 2.4.5-1 (low) [lenny] - otrs2 (Minor issue) CVE-2010-4767 (Open Ticket Request System (OTRS) before 2.3.6 does not properly handl ...) - otrs2 2.4.5-1 (low) [lenny] - otrs2 (Minor issue) CVE-2010-4766 (The AgentTicketForward feature in Open Ticket Request System (OTRS) be ...) - otrs2 2.4.7+dfsg1-1 (unimportant) NOTE: Marginal security impact, standard bug CVE-2010-4765 (Race condition in the Kernel::System::Main::FileWrite method in Open T ...) - otrs2 2.4.8+dfsg1-1 (low) [lenny] - otrs2 (Minor issue) CVE-2010-4764 (Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, ...) - otrs2 2.4.10+dfsg1-1 (unimportant) NOTE: Marginal security impact, standard bug CVE-2010-4763 (The ACL-customer-status Ticket Type setting in Open Ticket Request Sys ...) - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: Negligible security impact CVE-2010-4762 (Cross-site scripting (XSS) vulnerability in the rich-text-editor compo ...) - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: Negligible security impact CVE-2010-4761 (The customer-interface ticket-print dialog in Open Ticket Request Syst ...) - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: Marginal security impact, standard bug CVE-2010-4760 (Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notifi ...) - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: No security impact, feature enhancement CVE-2010-4759 (Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly ...) - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: No security impact, feature enhancement CVE-2010-4758 (installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an ...) - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: Negligible security enhancement CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 bef ...) NOT-FOR-US: e107 CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) allo ...) - glibc (unimportant) - eglibc (unimportant) NOTE: That's standard POSIX behaviour implemented by (e)glibc. Applications using NOTE: glob need to impose limits for themselves CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put fu ...) NOTE: That's essentially shooting yourself in your own foot: NOTE: http://lists.mindrot.org/pipermail/openssh-unix-dev/2011-March/029433.html CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, ...) NOT-FOR-US: FreeBSD/NetBSD libc CVE-2010-4753 (Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEa ...) NOT-FOR-US: LightNEasy CVE-2010-4752 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, whe ...) NOT-FOR-US: LightNEasy CVE-2010-4751 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, whe ...) NOT-FOR-US: LightNEasy CVE-2010-4750 (Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.ph ...) NOT-FOR-US: BLOG:CMS CVE-2010-4749 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1. ...) NOT-FOR-US: BLOG:CMS CVE-2010-4748 (Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.2 ...) NOT-FOR-US: pmwiki CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in wordpress-processing-embed ...) NOT-FOR-US: Wordpress plugin CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 Direct ...) NOT-FOR-US: 389 LDAP server CVE-2010-4745 (Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before ...) NOT-FOR-US: PHPXref CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unk ...) - abcm2ps 5.9.22-1 (low) [squeeze] - abcm2ps (Minor issue) [lenny] - abcm2ps (Minor issue) CVE-2010-4743 (Heap-based buffer overflow in the getarena function in abc2ps.c in abc ...) - abcm2ps 5.9.22-1 (low) [squeeze] - abcm2ps (Minor issue) [lenny] - abcm2ps (Minor issue) CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in MediaDBPla ...) NOT-FOR-US: MediaDBPlayback.DLL CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool ...) NOT-FOR-US: Moxa Device Manager CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...) NOT-FOR-US: SCADA Engine BACnet CVE-2010-4739 (SQL injection vulnerability in the Maian Media Silver (com_maianmedia) ...) NOT-FOR-US: Maian Media Silver CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Si ...) NOT-FOR-US: Rae Media INC Real Estate Single and Multi Agent System CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Ren ...) NOT-FOR-US: HotWebScripts HotWeb Rentals CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and ...) NOT-FOR-US: GateSoft DocuSafe CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax Soluti ...) NOT-FOR-US: Ecommercemax Solutions Digital-goods seller CVE-2010-4734 (Multiple cross-site scripting (XSS) vulnerabilities in the comment fea ...) NOT-FOR-US: Skeletonz CMS CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway ...) NOT-FOR-US: WebSCADA CVE-2010-4732 (cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modb ...) NOT-FOR-US: WebSCADA CVE-2010-4731 (Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA ...) NOT-FOR-US: WebSCADA CVE-2010-4730 (Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS10 ...) NOT-FOR-US: WebSCADA CVE-2010-4729 (Zikula before 1.2.3 does not use the authid protection mechanism for ( ...) NOT-FOR-US: zikula CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for random n ...) NOT-FOR-US: zikula CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the <?php and ? ...) - smarty3 3.0~rc1-1 - smarty [squeeze] - smarty3 (Unsupported in squeeze-lts) [squeeze] - smarty (Unsupported in squeeze-lts) CVE-2010-4726 (Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC ...) - smarty3 3.0.8-1 - smarty [squeeze] - smarty3 (Unsupported in squeeze-lts) [squeeze] - smarty (Unsupported in squeeze-lts) CVE-2010-4725 (Smarty before 3.0.0 RC3 does not properly handle an on value of the as ...) - smarty3 3.0.8-1 - smarty [squeeze] - smarty3 (Unsupported in squeeze-lts) [squeeze] - smarty (Unsupported in squeeze-lts) CVE-2010-4724 (Multiple unspecified vulnerabilities in the parser implementation in S ...) - smarty3 3.0.8-1 - smarty [squeeze] - smarty3 (Unsupported in squeeze-lts) [squeeze] - smarty (Unsupported in squeeze-lts) CVE-2010-4723 (Smarty before 3.0.0, when security is enabled, does not prevent access ...) - smarty3 3.0.8-1 - smarty [squeeze] - smarty3 (Unsupported in squeeze-lts) [squeeze] - smarty (Unsupported in squeeze-lts) CVE-2010-4722 (Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 h ...) - smarty3 3.0.8-1 - smarty [squeeze] - smarty3 (Unsupported in squeeze-lts) [squeeze] - smarty (Unsupported in squeeze-lts) CVE-2010-4721 (SQL injection vulnerability in news.php in Immo Makler allows remote a ...) NOT-FOR-US: Immo Makler CVE-2010-4720 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) co ...) NOT-FOR-US: Joomla JEAuto addon CVE-2010-4719 (Directory traversal vulnerability in JRadio (com_jradio) component bef ...) NOT-FOR-US: Joomla JRadio addon CVE-2010-4718 (Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenblogg ...) NOT-FOR-US: Joomla Lyftenbloggie addon CVE-2010-4717 (Multiple stack-based buffer overflows in the IMAP server component in ...) NOT-FOR-US: Novell GroupWise CVE-2010-4716 (Cross-site scripting (XSS) vulnerability in the WebPublisher component ...) NOT-FOR-US: Novell GroupWise CVE-2010-4715 (Multiple directory traversal vulnerabilities in the (1) WebAccess Agen ...) NOT-FOR-US: Novell GroupWise CVE-2010-4714 (Multiple stack-based buffer overflows in Novell GroupWise before 8.02H ...) NOT-FOR-US: Novell GroupWise CVE-2010-4713 (Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA ...) NOT-FOR-US: Novell GroupWise CVE-2010-4712 (Multiple stack-based buffer overflows in gwia.exe in GroupWise Interne ...) NOT-FOR-US: Novell GroupWise CVE-2010-4711 (Double free vulnerability in the IMAP server component in GroupWise In ...) NOT-FOR-US: Novell GroupWise CVE-2010-4710 (Cross-site scripting (XSS) vulnerability in the addItem method in the ...) - yui (unimportant) NOTE: Mostly a case of mis-documentation CVE-2010-4709 (Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OP ...) NOT-FOR-US: Automated Solutions Modbus/TCP Master CVE-2010-4708 (The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the ...) - pam 1.1.3-7.1 (low; bug #611136) [lenny] - pam (Minor issue, too invasive for a stable release) [squeeze] - pam (Minor issue, too invasive for a stable release) CVE-2010-4707 (The check_acl function in pam_xauth.c in the pam_xauth module in Linux ...) - pam 1.1.3-1 (low) [lenny] - pam (Minor issue) [squeeze] - pam (Minor issue) CVE-2010-4706 (The pam_sm_close_session function in pam_xauth.c in the pam_xauth modu ...) - pam 1.1.3-1 (low) [lenny] - pam (Minor issue) [squeeze] - pam (Minor issue) CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function in lib ...) {DSA-2165-1} - ffmpeg (issue introduced in 0.6.x series; bug #611495) - ffmpeg-debian NOTE: recheck when 0.6.x gets uploaded CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earl ...) {DSA-2306-1 DSA-2165-1} - libav 4:0.6.2-1 (low; bug #611495) - ffmpeg 7:2.4.1-1 (low; bug #611495) - ffmpeg-debian NOTE: this is a crash found by fuzzing and not clearly exploitable (can be combined with other fixes so low urgency) CVE-2010-4703 (SQL injection vulnerability in default.asp in HotWebScripts HotWeb Ren ...) NOT-FOR-US: HotWebScripts HotWeb Rentals CVE-2010-4702 (SQL injection vulnerability in JRadio (com_jradio) component before 1. ...) NOT-FOR-US: Joomla component CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function in fxs ...) NOT-FOR-US: Microsoft Windows Fax Services Cover Page Editor CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...) - php5 (vuln code in mysqlnd, we use libmysqlclient) CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP b ...) - php5 5.3.5-1 (unimportant) CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 a ...) - php5 5.3.3-7 (unimportant) NOTE: Only exloitable with malicious script CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 a ...) {DSA-2408-1} - php5 5.3.5-1 (unimportant) NOTE: requires attacker to be able to execute code already CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...) NOT-FOR-US: Joomla! CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as di ...) - gif2png 2.5.4-2 (low; bug #610479) [lenny] - gif2png (Minor issue) [squeeze] - gif2png (Minor issue) CVE-2010-4694 (Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow ...) - gif2png 2.5.4-2 (low; bug #610479) [lenny] - gif2png (Minor issue) [squeeze] - gif2png (Minor issue) CVE-2010-4693 (Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Phot ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4691 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4690 (The Mobile User Security (MUS) service on Cisco Adaptive Security Appl ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4689 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4688 (Unspecified vulnerability in the SIP inspection feature on Cisco Adapt ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4687 (STCAPP (aka the SCCP telephony control application) on Cisco IOS befor ...) NOT-FOR-US: Cisco IOS CVE-2010-4686 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not prop ...) NOT-FOR-US: Cisco IOS CVE-2010-4685 (Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a ...) NOT-FOR-US: Cisco IOS CVE-2010-4684 (Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, a ...) NOT-FOR-US: Cisco IOS CVE-2010-4683 (Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attacker ...) NOT-FOR-US: Cisco IOS CVE-2010-4682 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series de ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4681 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4680 (The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4679 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4678 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4677 (emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4676 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4675 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4674 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4673 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4672 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4671 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) NOT-FOR-US: Cisco IOS CVE-2010-4670 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2010-4669 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) NOT-FOR-US: Microsoft Windows CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...) - php5 5.3.3-7 (high) [lenny] - php5 NOTE: lenny10 includes a test for the bug. With lenny's toolchain NOTE: and settings, the bug can't be reproduced. CVE-2010-XXXX [XSS in ftpls] - ftpcopy 0.6.7-3 (bug #607494) [squeeze] - ftpcopy (Minor issue) [lenny] - ftpcopy (Minor issue) NOTE: CVE ID requested CVE-2010-4668 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...) {DSA-2153-1} - linux-2.6 2.6.32-29 CVE-2010-4667 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ( ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2010-4666 (Buffer overflow in libarchive 3.0 pre-release code allows remote attac ...) - libarchive 3.0.4-2 (bug #669197) [squeeze] - libarchive (no cab support prior to 3.0) NOTE: http://code.google.com/p/libarchive/source/detail?r=488ef3fb28c416285ebe4c00266268db7330466b NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in tiffdu ...) {DSA-2552-1} - tiff (vulnerable code not present) - tiff3 3.9.5 CVE-2010-4664 (In ConsoleKit before 0.4.2, an intended security policy restriction by ...) - consolekit 0.4.2-1 (low) [squeeze] - consolekit (Minor issue) CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple (CMSMS ...) NOT-FOR-US: CMS Made Simple CVE-2010-4662 (PmWiki before 2.2.21 has XSS. ...) NOT-FOR-US: pmwiki CVE-2010-4661 (udisks before 1.0.3 allows a local user to load arbitrary Linux kernel ...) - udisks 1.0.3-1 [squeeze] - udisks (Minor issue) NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232 NOTE: fixed by http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037 CVE-2010-4660 (Unspecified vulnerability in statusnet through 2010 due to the way add ...) - statusnet (bug #491723) CVE-2010-4659 (Cross-site scripting (XSS) vulnerability in statusnet through 2010 in ...) - statusnet (bug #491723) CVE-2010-4658 (statusnet through 2010 allows attackers to spoof syslog messages via n ...) - statusnet (bug #491723) CVE-2010-4657 (PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ...) - php5 5.4.4-1 (low) [squeeze] - php5 (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551 NOTE: Not sure when this was initially fixed, tested with the initial Wheezy version 5.4.4 NOTE: and the reproducer from https://bugs.launchpad.net/php/%2Bbug/655442 CVE-2010-4656 (The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Li ...) {DSA-2153-1} - linux-2.6 2.6.37-1 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 CVE-2010-4655 (net/core/ethtool.c in the Linux kernel before 2.6.36 does not initiali ...) {DSA-2264-1} - linux-2.6 2.6.32-27 CVE-2010-4654 (poppler before 0.16.3 has malformed commands that may cause corruption ...) - kdegraphics (no stackheight) - xpdf (no stackheight) - poppler 0.16.3-1 [lenny] - poppler (stackheights introduced after 0.12) [squeeze] - poppler (stackheights introduced after 0.12) NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9 CVE-2010-4653 (An integer overflow condition in poppler before 0.16.3 can occur when ...) - kdegraphics 4:4.0.0-1 - xpdf 3.02-9 - poppler 0.16.3-1 (low) [lenny] - poppler (minor issue) [squeeze] - poppler 0.12.4-1.2+squeeze1 NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659 CVE-2010-4652 (Heap-based buffer overflow in the sql_prepare_where function (contrib/ ...) {DSA-2191-1} - proftpd-dfsg 1.3.3a-6 CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ear ...) - patch (unimportant) NOTE: Applying a patch blindly opens more severe security issues than only directory traversal... NOTE: openwall ships a fix NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=667529 for details CVE-2010-4650 (Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the ...) - linux-2.6 2.6.32-30 [lenny] - linux-2.6 (Introduced in 2.6.29) CVE-2010-4649 (Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniba ...) {DSA-2153-1} - linux-2.6 2.6.32-30 CVE-2010-4648 (The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/we ...) - linux-2.6 2.6.32-30 [lenny] - linux-2.6 (Introduced in 2.6.28) CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help Conten ...) - eclipse 3.5.2-9 (low; bug #611849) [squeeze] - eclipse 3.5.2-6squeeze2 CVE-2010-4646 (Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 all ...) - hastymail CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...) - subversion 1.6.12dfsg-3 (low; bug #608989) [lenny] - subversion (Minor issue) CVE-2010-4643 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and ...) {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2. ...) NOT-FOR-US: XWiki CVE-2010-4641 (SQL injection vulnerability in XWiki Enterprise before 2.5 allows remo ...) NOT-FOR-US: XWiki CVE-2010-4640 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 ...) NOT-FOR-US: XWiki CVE-2010-4639 (SQL injection vulnerability in index.php in MySource Matrix allows rem ...) NOT-FOR-US: MySource Matrix CVE-2010-4638 (SQL injection vulnerability in the submitSurvey function in controller ...) NOT-FOR-US: Joomla! JQuarks4s component CVE-2010-4637 (Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php ...) NOT-FOR-US: FeedList CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business e-List ...) NOT-FOR-US: Site2Nite CVE-2010-4635 (SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental ...) NOT-FOR-US: Site2Nite CVE-2010-4634 NOT-FOR-US: osTicket CVE-2010-4633 (SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remot ...) NOT-FOR-US: digiSHOP CVE-2010-4632 (Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow ...) NOT-FOR-US: ASPilot Pilot Cart CVE-2010-4631 (Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot C ...) NOT-FOR-US: ASPilot Pilot Cart CVE-2010-4630 (Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create ...) NOT-FOR-US: WordPress Survey and Quiz Tool plugin CVE-2010-4629 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict ui ...) NOT-FOR-US: MyBB CVE-2010-4628 (member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain ...) NOT-FOR-US: MyBB CVE-2010-4627 (Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB ...) NOT-FOR-US: MyBB CVE-2010-4626 (The my_rand function in functions.php in MyBB (aka MyBulletinBoard) be ...) NOT-FOR-US: MyBB CVE-2010-4625 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a co ...) NOT-FOR-US: MyBB CVE-2010-4624 (MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated u ...) NOT-FOR-US: MyBB CVE-2010-4623 (WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1 ...) NOT-FOR-US: IBM Tivoli Access Manager CVE-2010-4622 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Mana ...) NOT-FOR-US: IBM Tivoli Access Manager CVE-2010-4621 RESERVED CVE-2010-4620 RESERVED CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in file-p ...) {DSA-2426-1} - gimp 2.6.11-2 (low; bug #608497) CVE-2010-4542 (Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb functi ...) {DSA-2426-1} - gimp 2.6.11-2 (low; bug #608497) CVE-2010-4541 (Stack-based buffer overflow in the loadit function in plug-ins/common/ ...) {DSA-2426-1} - gimp 2.6.11-2 (low; bug #608497) CVE-2010-4540 (Stack-based buffer overflow in the load_preset_response function in pl ...) {DSA-2426-1} - gimp 2.6.11-2 (low; bug #608497) CVE-2010-4619 (SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Ma ...) NOT-FOR-US: Mafya Oyun Scrpti CVE-2010-4618 (Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSa ...) NOT-FOR-US: Algis Info for Joomla! CVE-2010-4617 (Directory traversal vulnerability in the JotLoader (com_jotloader) com ...) NOT-FOR-US: JotLoader for Joomla! CVE-2010-4616 (Cross-site scripting (XSS) vulnerability in modules/content/admin/cont ...) NOT-FOR-US: ImpressCMS CVE-2010-4615 (Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow ...) NOT-FOR-US: Oto Galeri Sistemi CVE-2010-4614 (SQL injection vulnerability in item.php in Ero Auktion 2010 allows rem ...) NOT-FOR-US: Ero Auktion CVE-2010-4613 (Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow ...) NOT-FOR-US: Hycus CMS CVE-2010-4612 (Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3 ...) NOT-FOR-US: Hycus CMS CVE-2010-4611 (Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Html-edit CMS CVE-2010-4610 (Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS ...) NOT-FOR-US: Html-edit CMS CVE-2010-4609 (SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows ...) NOT-FOR-US: Html-edit CMS CVE-2010-4608 (Habari 0.6.5 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: Habari CVE-2010-4607 (Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, w ...) NOT-FOR-US: Habari CVE-2010-4606 (Unspecified vulnerability in the Space Management client in the Hierar ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-4605 (Unspecified vulnerability in the backup-archive client in IBM Tivoli S ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-4604 (Stack-based buffer overflow in the GeneratePassword function in dsmtca ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-4603 (IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2010-4602 (The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7 ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2010-4601 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2010-4600 (Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1 ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2010-4599 (Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 all ...) NOT-FOR-US: Ecava IntegraXor CVE-2010-4598 (Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and e ...) NOT-FOR-US: Ecava IntegraXor CVE-2010-4597 (Stack-based buffer overflow in the save method in the IntegraXor.Proje ...) NOT-FOR-US: Ecava IntegraXor CVE-2010-4596 (Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, a ...) NOT-FOR-US: RealNetworks Helix CVE-2010-4595 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disabl ...) NOT-FOR-US: IBM Lotus Mobile Connect CVE-2010-4594 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when ...) NOT-FOR-US: IBM Lotus Mobile Connect CVE-2010-4593 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does n ...) NOT-FOR-US: IBM Lotus Mobile Connect CVE-2010-4592 (The Mobile Network Connections functionality in the Connection Manager ...) NOT-FOR-US: IBM Lotus Mobile Connect CVE-2010-4591 (The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, ...) NOT-FOR-US: IBM Lotus Mobile Connect CVE-2010-4590 (Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP ...) NOT-FOR-US: IBM Lotus Mobile Connect CVE-2010-4589 (Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote ...) NOT-FOR-US: IBM ENOVIA 6 CVE-2010-4588 (The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Ad ...) NOT-FOR-US: Microsoft CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do n ...) {DSA-2188-1} - chromium-browser 6.0.472.63~r59945-4 - webkit 1.2.7-1 NOTE: http://trac.webkit.org/changeset/73432 CVE-2010-4577 (The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp ...) {DSA-2188-1} - chromium-browser 6.0.472.63~r59945-4 - webkit 1.2.7-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=49883 NOTE: http://code.google.com/p/chromium/issues/detail?id=63866 NOTE: http://trac.webkit.org/changeset/72685 CVE-2010-4576 (browser/worker_host/message_port_dispatcher.cc in Google Chrome before ...) - chromium-browser 6.0.472.63~r59945-4 (bug #607843; low) NOTE: http://code.google.com/p/chromium/issues/detail?id=63529 CVE-2010-4575 (The ThemeInstalledInfoBarDelegate::Observe function in browser/extensi ...) - chromium-browser 6.0.472.63~r59945-4 (bug #607846; low) NOTE: http://code.google.com/p/chromium/issues/detail?id=60761 NOTE: http://codereview.chromium.org/5326011/ CVE-2010-4574 (The Pickle::Pickle function in base/pickle.cc in Google Chrome before ...) - chromium-browser 6.0.472.63~r59945-4 (bug #607848; low) NOTE: http://code.google.com/p/chromium/issues/detail?id=56449 NOTE: http://codereview.chromium.org/4716006 CVE-2010-4573 (The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is p ...) NOT-FOR-US: VMware ESXi CVE-2010-4572 (CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3 ...) {DSA-2322-1} - bugzilla [squeeze] - bugzilla 3.6.2.0-4.4 NOTE: http://www.bugzilla.org/security/3.2.9/ NOTE: perl and associate packages are CVE-2010-2761 and CVE-2010-4411 (see above reference) CVE-2010-4571 RESERVED CVE-2010-4570 (Cross-site scripting (XSS) vulnerability in the duplicate-detection fu ...) - bugzilla (vulnerable code introduced in 3.7) CVE-2010-4569 (Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7 ...) - bugzilla (vulnerable code introduced in 3.7) CVE-2010-4568 (Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3 ...) {DSA-2322-1} - bugzilla (bug #611176) [squeeze] - bugzilla 3.6.2.0-4.4 NOTE: http://www.bugzilla.org/security/3.2.9/ CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4 ...) {DSA-2322-1} - bugzilla (high; bug #611176) [squeeze] - bugzilla 3.6.2.0-4.4 NOTE: http://www.bugzilla.org/security/3.2.9/ CVE-2010-4566 (The web authentication form in the NT4 authentication component in Cit ...) NOT-FOR-US: Citrix Acces Gateway CVE-2010-4565 (The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) ...) {DSA-2153-1} - linux-2.6 2.6.37-1 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 CVE-2010-4564 RESERVED CVE-2010-4563 (The Linux kernel, when using IPv6, allows remote attackers to determin ...) - linux (unimportant) - linux-2.6 (unimportant) NOTE: http://seclists.org/fulldisclosure/2011/Apr/254 CVE-2010-4562 (Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, ...) NOT-FOR-US: Microsoft Windows CVE-2010-4561 RESERVED CVE-2010-4560 REJECTED CVE-2010-4559 REJECTED CVE-2010-4587 (Opera before 11.00 on Windows does not properly implement the Insecure ...) NOT-FOR-US: Opera CVE-2010-4586 (The default configuration of Opera before 11.00 enables WebSockets fun ...) NOT-FOR-US: Opera CVE-2010-4585 (Unspecified vulnerability in the auto-update functionality in Opera be ...) NOT-FOR-US: Opera CVE-2010-4584 (Opera before 11.00, when Opera Turbo is used, does not properly presen ...) NOT-FOR-US: Opera CVE-2010-4583 (Opera before 11.00, when Opera Turbo is enabled, does not display a pa ...) NOT-FOR-US: Opera CVE-2010-4582 (Opera before 11.00 does not properly handle security policies during u ...) NOT-FOR-US: Opera CVE-2010-4581 (Unspecified vulnerability in Opera before 11.00 has unknown impact and ...) NOT-FOR-US: Opera CVE-2010-4580 (Opera before 11.00 does not clear WAP WML form fields after manual nav ...) NOT-FOR-US: Opera CVE-2010-4579 (Opera before 11.00 does not properly constrain dialogs to appear on to ...) NOT-FOR-US: Opera CVE-2010-XXXX [calibre XSS] - calibre 0.7.38+dfsg-1 (bug #608822) [squeeze] - calibre (Vulnerable code not present, see #608822) NOTE: http://www.waraxe.us/advisory-77.html NOTE: CVE ID requested CVE-2010-XXXX [calibre file disclosure] - calibre 0.7.38+dfsg-1 (bug #608822) [squeeze] - calibre (Vulnerable code not present, see #608822) NOTE: http://www.waraxe.us/advisory-77.html NOTE: CVE ID requested CVE-2010-XXXX [webkit info leak] - chromium-browser 26.0.1410.43-1 (low) [squeeze] - chromium-browser NOTE: this was fixed much earlier (webkit 1.2), but this was the version checked NOTE: http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html CVE-2010-4558 (phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and De ...) NOT-FOR-US: phpMyFAQ CVE-2010-4557 (Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8 ...) NOT-FOR-US: Invensys Wonderware InBatch CVE-2010-4556 (Stack-based buffer overflow in the SapThemeRepository ActiveX control ...) NOT-FOR-US: SAP NetWeaver Business Client CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 a ...) - opensc 0.11.13-1.1 (low; bug #607427) [lenny] - opensc 0.11.4-5+lenny1.1 CVE-2010-4555 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...) {DSA-2291-1} - squirrelmail 2:1.4.22-1 (low) NOTE: difficult to exploit CVE-2010-4554 (functions/page_header.php in SquirrelMail 1.4.21 and earlier does not ...) {DSA-2291-1} - squirrelmail 2:1.4.22-1 CVE-2010-4553 (An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 d ...) NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-4552 (Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote a ...) NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-4551 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated us ...) NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-4550 (IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cau ...) NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-4549 (IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device succes ...) NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-4548 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated us ...) NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-4547 (IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environmen ...) NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-4546 (IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment ...) NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-4545 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated us ...) NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-4544 (Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus N ...) NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-XXXX [ircd-ratbox password disclosure during TLS handshake] - ircd-ratbox 3.0.6.dfsg-2 [lenny] - ircd-ratbox (TLS support not yet activated) CVE-2010-4539 (The walk function in repos.c in the mod_dav_svn module for the Apache ...) - subversion 1.6.12dfsg-4 (low; bug #608989) [lenny] - subversion (Minor issue) CVE-2010-4538 (Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/ ...) {DSA-2144-1} - wireshark 1.2.11-6 (bug #608990) CVE-2010-4537 (Unspecified vulnerability in CrawlTrack before 3.2.7, when a public st ...) NOT-FOR-US: CrawlTrack CVE-2010-4536 (Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used i ...) - wordpress 3.0.4+dfsg-1 [lenny] - wordpress (2.x version is not affected) - moodle (Moodle's version of KSES is not affected) - egroupware (Only uses a minor subset of KSES) CVE-2010-4535 (The password reset functionality in django.contrib.auth in Django befo ...) - python-django 1.2.4-1 [squeeze] - python-django 1.2.3-3 NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/ CVE-2010-4534 (The administrative interface in django.contrib.admin in Django before ...) - python-django 1.2.4-1 [squeeze] - python-django 1.2.3-3 NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/ CVE-2010-4533 (offlineimap before 6.3.4 added support for SSL server certificate vali ...) - offlineimap 6.3.4-1 (low; bug #606962) NOTE: offlineimap uses the "ssl" standard lib in Python, marking the version of offlineimap in wheezy as fixed [squeeze] - offlineimap (Long-standing, documented behaviour, can be updated in spu if needed) [lenny] - offlineimap (Long-standing, documented behaviour, can be updated in spu if needed) CVE-2010-4532 (offlineimap before 6.3.2 does not check for SSL server certificate val ...) - offlineimap 6.3.2~rc3-2 (low; bug #603450) [squeeze] - offlineimap (Long-standing, documented behaviour, can be updated in spu if needed) [lenny] - offlineimap (Long-standing, documented behaviour, can be updated in spu if needed) CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the Answer ...) {DSA-2156-1} - pcsc-lite 1.5.5-4 (low; bug #607781) CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Car ...) - ccid 1.3.11-2 (unimportant; bug #607780) NOTE: Theoretical attack CVE-2010-4529 (Integer underflow in the irda_getsockopt function in net/irda/af_irda. ...) {DSA-2153-1} - linux-2.6 2.6.32-30 CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7 ...) - pidgin 2.7.9-1 (bug #608331; medium) [squeeze] - pidgin (Vulnerable code not present) [lenny] - pidgin (Vulnerable code not present) CVE-2010-4527 (The load_mixer_volumes function in sound/oss/soundcard.c in the OSS so ...) {DSA-2153-1} - linux-2.6 2.6.32-30 CVE-2010-4526 (Race condition in the sctp_icmp_proto_unreachable function in net/sctp ...) {DSA-2153-1} - linux-2.6 2.6.32-30 CVE-2010-4525 (Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_even ...) - linux-2.6 2.6.35-1 [squeeze] - linux-2.6 (Only affects 2.6.33/2.6.34) [lenny] - linux-2.6 (Only affects 2.6.33/2.6.34) [wheezy] - linux-2.6 (Only affects 2.6.33/2.6.34) CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonAr ...) - mhonarc 2.6.18-1 (low; bug #607693) [squeeze] - mhonarc (Minor issue) CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBul ...) NOT-FOR-US: MyBB CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x befor ...) - drupal6-mod-views 2.12-1 CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views modul ...) - drupal6-mod-views 2.11-1 CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the View ...) - drupal6-mod-views 2.11-1 CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-sea ...) NOT-FOR-US: Safe Search plugin for WordPress CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) co ...) NOT-FOR-US: Joomla! extension CVE-2010-4516 (Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Co ...) NOT-FOR-US: Joomla! CVE-2010-4515 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, ...) NOT-FOR-US: Citrix Web Interface CVE-2010-4514 (Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx ...) NOT-FOR-US: DotNetNuke CVE-2010-4513 (Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0 ...) NOT-FOR-US: Zimplit CMS CVE-2010-4512 (Cobbler before 2.0.4 uses an incorrect umask value, which allows local ...) - cobbler (Fixed before initial upload) CVE-2010-4511 (Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x befo ...) - movabletype-opensource 4.3.5+dfsg-1 (bug #606311) [lenny] - movabletype-opensource 4.2.3-1+lenny2 CVE-2010-4509 (Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 a ...) - movabletype-opensource 4.3.5+dfsg-1 (bug #606311) [lenny] - movabletype-opensource 4.2.3-1+lenny2 CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 ...) - xulrunner (Only affects Firefox 4.x) CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpo ...) NOT-FOR-US: iSpot/ClearSpot hardware devices CVE-2010-4506 (Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A ...) NOT-FOR-US: Passlogix CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, ...) NOT-FOR-US: Injader CVE-2010-4504 (Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Direc ...) NOT-FOR-US: eSyndiCat CVE-2010-4503 (SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows ...) NOT-FOR-US: Aigaion CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite ...) NOT-FOR-US: CA Internet Security Suite CVE-2010-4501 REJECTED CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG ...) NOT-FOR-US: MRCGIGUY FreeTicket CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager se ...) NOT-FOR-US: TIBCO Collaborative Information Manager CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager server, ...) NOT-FOR-US: TIBCO Collaborative Information Manager CVE-2010-4497 (Cross-site scripting (XSS) vulnerability in Collaborative Information ...) NOT-FOR-US: TIBCO Collaborative Information Manager CVE-2010-4496 (Multiple SQL injection vulnerabilities in Collaborative Information Ma ...) NOT-FOR-US: TIBCO Collaborative Information Manager CVE-2010-4495 (Unspecified vulnerability in the ActiveMatrix Runtime component in TIB ...) NOT-FOR-US: TIBCO ActiveMatrix CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used ...) {DSA-2137-1} - libxml2 2.7.8.dfsg-2 (bug #607922) - chromium-browser 5.0.375.29~r46008-1 - webkit (never embedded libxml2's xpath.c) CVE-2010-4493 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 allow ...) {DSA-2188-1} - chromium-browser 6.0.472.63~r59945-3 - webkit 1.2.7-1 NOTE: http://trac.webkit.org/changeset/72013 CVE-2010-4492 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 allow ...) {DSA-2188-1} - chromium-browser 6.0.472.63~r59945-3 - webkit 1.2.7-1 NOTE: http://trac.webkit.org/changeset/71686 CVE-2010-4491 (Google Chrome before 8.0.552.215 does not properly restrict privileged ...) - chromium-browser 9.0.597.45~r70550-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (issue in chromium-specific webkit code) NOTE: http://code.google.com/p/chromium/issues/detail?id=62168 NOTE: http://trac.webkit.org/changeset/71533 CVE-2010-4490 (Google Chrome before 8.0.552.215 allows remote attackers to cause a de ...) - chromium-browser 6.0.472.63~r59945-3 - webkit (chromium specific issue) CVE-2010-4489 (libvpx, as used in Google Chrome before 8.0.552.215 and possibly other ...) - chromium-browser - webkit - libvpx 0.9.5-1 (bug #610510) [squeeze] - libvpx (regression in later version) CVE-2010-4488 (Google Chrome before 8.0.552.215 does not properly handle HTTP proxy a ...) - chromium-browser 9.0.597.83~r72435-1 (unimportant) [squeeze] - chromium-browser - webkit (chromium issue) NOTE: only a browser crash CVE-2010-4487 (Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 ...) - chromium-browser 6.0.472.63~r59945-3 - webkit (chromium issue) CVE-2010-4486 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 allow ...) - chromium-browser 6.0.472.63~r59945-3 - webkit (vulnerable code not present in 1.2) NOTE: http://trac.webkit.org/changeset/71170 CVE-2010-4485 (Google Chrome before 8.0.552.215 does not properly restrict the genera ...) - chromium-browser 9.0.597.83~r72435-1 (unimportant) NOTE: http://trac.webkit.org/changeset/69914 NOTE: only a browser crash due to opening too many dialogs (i.e. a dos) CVE-2010-4484 (Google Chrome before 8.0.552.215 does not properly handle HTML5 databa ...) - chromium-browser 9.0.597.83~r72435-1 (unimportant) [squeeze] - chromium-browser - webkit (chromium specific) NOTE: only a browser crash CVE-2010-4483 (Google Chrome before 8.0.552.215 does not properly restrict read acces ...) - chromium-browser 6.0.472.63~r59945-3 NOTE: https://bugs.webkit.org/show_bug.cgi?id=46678 CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215 allows r ...) - chromium-browser (unimportant) NOTE: unimportant, bypass the pop-up blocker NOTE: http://trac.webkit.org/changeset/69990 CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authen ...) {DSA-2139-1} - phpmyadmin 4:3.3.7-3 (bug #608290) NOTE: enables phpinfo output; this is disabled by default and phpinfo on Debian NOTE: systems is by and large full of otherwise predictable information. CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1 ...) {DSA-2139-1} - phpmyadmin 4:3.3.7-3 (bug #608290) CVE-2010-4510 REJECTED CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96. ...) - clamav 0.96.5+dfsg-1 [lenny] - clamav (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e) NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly val ...) - openssh (J-PAKE not activated, see bug #606922) CVE-2010-4477 REJECTED CVE-2010-4476 (The Double.parseDouble method in Java Runtime Environment (JRE) in Ora ...) {DSA-2161-2 DSA-2161-1} - openjdk-6 6b18-1.8.7-1 (bug #612660) [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) - sun-java6 6.24-1 NOTE: Patch http://mail.openjdk.java.net/pipermail/core-libs-dev/2011-February/005795.html NOTE: Oracle http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html NOTE: Original report http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/ CVE-2010-4475 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4474 (Unspecified vulnerability in the Java DB component in Oracle Java SE a ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4473 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4472 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4471 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) {DSA-2224-1} - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4470 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4469 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4468 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4467 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4466 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4465 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4464 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote ...) NOT-FOR-US: Oracle Convergence CVE-2010-4463 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4462 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4461 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: PeopleSoft CVE-2010-4460 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Solaris CVE-2010-4459 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...) NOT-FOR-US: Solaris CVE-2010-4458 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...) NOT-FOR-US: Solaris CVE-2010-4457 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote a ...) NOT-FOR-US: Solaris CVE-2010-4456 (Unspecified vulnerability in Oracle Sun Java System Communications Exp ...) NOT-FOR-US: Oracle Sun Java System Communications Express CVE-2010-4455 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...) NOT-FOR-US: Oracle Fusion CVE-2010-4454 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4453 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle WebLogic CVE-2010-4452 (Unspecified vulnerability in the Deployment component in Java Runtime ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4451 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4450 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4449 (Unspecified vulnerability in the Audit Vault component in Oracle Audit ...) NOT-FOR-US: Oracle Audit CVE-2010-4448 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4447 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4446 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...) NOT-FOR-US: Solaris CVE-2010-4445 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: PeopleSoft CVE-2010-4444 (Unspecified vulnerability in Oracle Sun Java System Access Manager and ...) NOT-FOR-US: OpenSSO CVE-2010-4443 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...) NOT-FOR-US: Solaris CVE-2010-4442 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...) NOT-FOR-US: Solaris CVE-2010-4441 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: PeopleSoft CVE-2010-4440 (Unspecified vulnerability in Oracle 10 and 11 Express allows local use ...) NOT-FOR-US: Oracle Express CVE-2010-4439 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: PeopleSoft CVE-2010-4438 (Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, a ...) - glassfish (Only builds a few class libs) CVE-2010-4437 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: WebLogic CVE-2010-4436 (Unspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0 ...) NOT-FOR-US: SunMC CVE-2010-4435 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...) NOT-FOR-US: Solaris CVE-2010-4434 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft CVE-2010-4433 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...) NOT-FOR-US: Solaris CVE-2010-4432 (Unspecified vulnerability in the Oracle Transportation Manager compone ...) NOT-FOR-US: Oracle Supply Chain CVE-2010-4431 (Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 ...) NOT-FOR-US: Oracle Sun Java System Portal Server CVE-2010-4430 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: PeopleSoft CVE-2010-4429 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...) NOT-FOR-US: Oracle Supply Chain CVE-2010-4428 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: PeopleSoft CVE-2010-4427 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...) NOT-FOR-US: Oracle BI Publisher CVE-2010-4426 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft CVE-2010-4425 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...) NOT-FOR-US: Oracle BI Publisher CVE-2010-4424 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft CVE-2010-4423 (Unspecified vulnerability in the Cluster Verify Utility component in O ...) NOT-FOR-US: Oracle Database CVE-2010-4422 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - sun-java6 6.24-1 [lenny] - sun-java6 (non-free not supported) [squeeze] - sun-java6 (non-free not supported) CVE-2010-4421 (Unspecified vulnerability in the Database Vault component in Oracle Da ...) NOT-FOR-US: Oracle Database CVE-2010-4420 (Unspecified vulnerability in the Database Vault component in Oracle Da ...) NOT-FOR-US: Oracle Database CVE-2010-4419 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component i ...) NOT-FOR-US: PeopleSoft CVE-2010-4418 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft CVE-2010-4417 (Unspecified vulnerability in the Services for Beehive component in Ora ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-4416 (Unspecified vulnerability in the Oracle GoldenGate Veridata component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-4415 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) NOT-FOR-US: Solaris CVE-2010-4414 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local use ...) - virtualbox-ose (Support for extensions was added in 4.x, see #611925) CVE-2010-4413 (Unspecified vulnerability in the Scheduler Agent component in Oracle D ...) NOT-FOR-US: Oracle Database CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta ...) NOT-FOR-US: pfSense CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote att ...) - perl 5.10.1-17 (bug #606995) [lenny] - perl 5.10.0-19lenny3 - libcgi-simple-perl 1.111-2 (bug #606379) [lenny] - libcgi-simple-perl 1.105-1lenny1 - libcgi-pm-perl 3.51-1 (bug #606370) [lenny] - libcgi-pm-perl 3.38-2lenny2 [squeeze] - libcgi-pm-perl 3.49-1squeeze1 CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm befo ...) - perl 5.10.1-17 (bug #606995) [lenny] - perl 5.10.0-19lenny3 - libcgi-pm-perl 3.50-1 (bug #606370) [lenny] - libcgi-pm-perl 3.38-2lenny2 [squeeze] - libcgi-pm-perl 3.49-1squeeze1 - libcgi-simple-perl 1.111-2 (bug #606379) [lenny] - libcgi-simple-perl 1.105-1lenny1 CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2 ...) NOT-FOR-US: Apache archiva CVE-2010-4334 (The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERI ...) - libio-socket-ssl-perl 1.35-1 (bug #606058) [squeeze] - libio-socket-ssl-perl 1.33-1+squeeze1 [lenny] - libio-socket-ssl-perl (Vulnerable code not present) CVE-2010-4335 (The _validatePost function in libs/controller/components/security.php ...) - cakephp 1.3.2-1.1 (bug #606386) [lenny] - cakephp NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb CVE-2010-4336 (The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4. ...) {DSA-2133-1} - collectd 4.10.1-2.1 (bug #605092; low) [squeeze] - collectd 4.10.1-1+squeeze2 CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to overwrite ar ...) {DSA-2435-1} - gnash 0.8.8-8 (unimportant; bug #605419) CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_sym ...) - php5 5.3.3-6 [lenny] - php5 (intl extension included since 5.3) NOTE: http://www.kb.cert.org/vuls/id/479900 CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Al ...) NOT-FOR-US: AlGuest CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton LittlePh ...) NOT-FOR-US: LittlePhpGallery CVE-2010-4405 (Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404 ...) NOT-FOR-US: Joomla! extension CVE-2010-4404 (SQL injection vulnerability in the Yannick Gaultier sh404SEF component ...) NOT-FOR-US: Joomla! extension CVE-2010-4403 (The Register Plus plugin 3.5.1 and earlier for WordPress allows remote ...) NOT-FOR-US: The Register Plus plugin for WordPress CVE-2010-4402 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...) NOT-FOR-US: The Register Plus plugin for WordPress CVE-2010-4401 (languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain ...) NOT-FOR-US: DynPG CVE-2010-4400 (SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows r ...) NOT-FOR-US: DynPG CVE-2010-4399 (Directory traversal vulnerability in languages.inc.php in DynPG CMS 4. ...) NOT-FOR-US: DynPG CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in ...) NOT-FOR-US: Microsoft Windows CVE-2010-4397 (Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer ...) NOT-FOR-US: RealPlayer CVE-2010-4396 (Cross-zone scripting vulnerability in the HandleAction method in a cer ...) NOT-FOR-US: RealPlayer CVE-2010-4395 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4394 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4393 (Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 1 ...) NOT-FOR-US: RealPlayer CVE-2010-4392 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4391 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4390 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 t ...) NOT-FOR-US: RealPlayer CVE-2010-4389 (Heap-based buffer overflow in the cook codec in RealNetworks RealPlaye ...) NOT-FOR-US: RealPlayer CVE-2010-4388 (The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components ...) NOT-FOR-US: RealPlayer CVE-2010-4387 (The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, Real ...) NOT-FOR-US: RealPlayer CVE-2010-4386 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1 ...) NOT-FOR-US: RealPlayer CVE-2010-4385 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPla ...) NOT-FOR-US: RealPlayer CVE-2010-4384 (Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPl ...) NOT-FOR-US: RealPlayer CVE-2010-4383 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4382 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 t ...) NOT-FOR-US: RealPlayer CVE-2010-4381 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4380 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4379 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4378 (The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlaye ...) NOT-FOR-US: RealPlayer CVE-2010-4377 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4376 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4375 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-4374 (The in_mkv plugin in Winamp before 5.6 allows remote attackers to caus ...) NOT-FOR-US: Winamp CVE-2010-4373 (The in_mp4 plugin in Winamp before 5.6 allows remote attackers to caus ...) NOT-FOR-US: Winamp CVE-2010-4372 (Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remo ...) NOT-FOR-US: Winamp CVE-2010-4371 (Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remot ...) NOT-FOR-US: Winamp CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6 ...) NOT-FOR-US: Winamp CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...) - awstats 6.9.5~dfsg-5 (low; bug #606263) [lenny] - awstats 6.7.dfsg-5.1+lenny1 CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir param ...) - awstats (Windows-specific issue) NOTE: looks like it's the same as CVE-2010-4367 CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...) - awstats 6.9.5~dfsg-5 (low; bug #606263) [lenny] - awstats 6.7.dfsg-5.1+lenny1 CVE-2010-4338 (ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbi ...) - ocrodjvu 0.4.6-2 (low; bug #598134) CVE-2010-4339 (Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows rem ...) - hypermail (low; bug #598743) [lenny] - hypermail (Minor issue) CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic ...) NOT-FOR-US: Chameleon Social Networking CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxevent ...) NOT-FOR-US: Joomla! extension CVE-2010-4364 (DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does ...) NOT-FOR-US: DaDaBIK CVE-2010-4363 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG ...) NOT-FOR-US: FreeTicket CVE-2010-4362 (Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Websi ...) NOT-FOR-US: MicroNetsoft RV Dealer CVE-2010-4361 (Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopa ...) NOT-FOR-US: Jurpopage CVE-2010-4360 (Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 ...) NOT-FOR-US: Jurpopage CVE-2010-4359 (SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows rem ...) NOT-FOR-US: Jurpopage CVE-2010-4358 (Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGI ...) NOT-FOR-US: MRCGIGUY (MCG) Guestbook CVE-2010-4357 (SQL injection vulnerability in comments.php in SiteEngine 7.1 allows r ...) NOT-FOR-US: SiteEngine CVE-2010-4356 (SQL injection vulnerability in news_default.asp in Site2Nite Big Truck ...) NOT-FOR-US: Site2Nite Big Truck CVE-2010-4355 (Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, ...) NOT-FOR-US: DaDaBIK CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes] - elfsign (low; bug #555668) [lenny] - elfsign (a stronger hashing algorithm would completely change functionality of the package) CVE-2010-4354 (The remote-access IPSec VPN implementation on Cisco Adaptive Security ...) NOT-FOR-US: Cisco ASA CVE-2010-4353 (Unrestricted file upload vulnerability in modules/gallery/models/item. ...) - gallery3 (bug #511715) CVE-2010-4352 (Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allow ...) {DSA-2149-1} - dbus 1.2.24-4 CVE-2010-4351 (The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 ...) {DSA-2224-1} - openjdk-6 6b18-1.8.4-1 [squeeze] - openjdk-6 (bug #614151) [lenny] - openjdk-6 (bug #614151) CVE-2010-4350 (Directory traversal vulnerability in admin/upgrade_unattended.php in M ...) - mantis (admin dir procected in Apache config, see #607159) CVE-2010-4349 (admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote at ...) - mantis (admin dir procected in Apache config, see #607159) CVE-2010-4348 (Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.p ...) - mantis (admin dir procected in Apache config, see #607159) CVE-2010-4347 (The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permi ...) - linux-2.6 (Introduced in 2.6.33 and fixed in 2.6.36.2, we never released an affected kernel) CVE-2010-4346 (The install_special_mapping function in mm/mmap.c in the Linux kernel ...) {DSA-2153-1} - linux-2.6 2.6.32-30 CVE-2010-4345 (Exim 4.72 and earlier allows local users to gain privileges by leverag ...) {DSA-2154-1} - exim4 4.72-3 (bug #606527) CVE-2010-4344 (Heap-based buffer overflow in the string_vformat function in string.c ...) {DSA-2131-1} - exim4 4.70-1 (bug #606612) CVE-2010-4343 (drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not ...) - linux-2.6 2.6.32-30 [lenny] - linux-2.6 (Driver introduced in 2.6.32) CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux kerne ...) {DSA-2153-1} - linux-2.6 2.6.32-30 CVE-2010-4341 (The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in ...) - sssd 1.2.1-4.1 (bug #610032) [squeeze] - sssd 1.2.1-4+squeeze1 [wheezy] - sssd 1.2.1-4+squeeze1 CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers ...) NOT-FOR-US: Pointter PHP Micro-Blogging Social Network CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to ...) NOT-FOR-US: Pointter PHP Content Management System CVE-2010-4331 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 ...) NOT-FOR-US: Seo Panel CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse ...) NOT-FOR-US: Pulse CMS Basic CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton funct ...) {DSA-2139-1} - phpmyadmin 4:3.3.7-2 CVE-2010-4328 (Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd i ...) NOT-FOR-US: Novell iPrint LPD CVE-2010-4327 (Unspecified vulnerability in the NCP service in Novell eDirectory 8.8. ...) NOT-FOR-US: Novell eDirectory CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (G ...) NOT-FOR-US: Groupwise CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in No ...) NOT-FOR-US: Groupwise CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the U ...) NOT-FOR-US: Novell Identity Manager CVE-2010-4323 (Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Confi ...) NOT-FOR-US: Novell ZENworks CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell V ...) NOT-FOR-US: Novell Vibe CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Nov ...) NOT-FOR-US: Novell iPrint client CVE-2010-4320 RESERVED CVE-2010-4319 RESERVED CVE-2010-4318 RESERVED CVE-2010-4317 RESERVED CVE-2010-4316 RESERVED CVE-2010-4315 RESERVED CVE-2010-4314 (Remote attackers can use the iPrint web-browser ActiveX plugin in Nove ...) NOT-FOR-US: iPrint web-browser ActiveX plugin in Novell iPrint Client CVE-2010-4313 (Unrestricted file upload vulnerability in fileman_file_upload.php in O ...) NOT-FOR-US: Orbis CMS CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include the HT ...) - tomcat6 6.0.35-5 (unimportant; bug #608286) [lenny] - tomcat6 (Only ships the servlet package) CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which allows c ...) NOT-FOR-US: Free Simple Software CVE-2010-4310 RESERVED CVE-2010-4309 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4308 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4307 (Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows att ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4305 (Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 523 ...) NOT-FOR-US: Cisco Unified Videoconferencing CVE-2010-4304 (The web interface in Cisco Unified Videoconferencing (UVC) System 3545 ...) NOT-FOR-US: Cisco Unified Videoconferencing CVE-2010-4303 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the L ...) NOT-FOR-US: Cisco Unified Videoconferencing CVE-2010-4302 (/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Vi ...) NOT-FOR-US: Cisco Unified Videoconferencing CVE-2010-4299 (Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handhe ...) NOT-FOR-US: Novell Zenworks CVE-2010-4298 (SQL injection vulnerability in the download module in Free Simple Soft ...) NOT-FOR-US: Free Simple Software CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation 6.5.x befo ...) NOT-FOR-US: VMware CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Li ...) NOT-FOR-US: VMware CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware Works ...) NOT-FOR-US: VMware CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in VMwar ...) NOT-FOR-US: VMware CVE-2010-XXXX [directory traversal] - openacs 5.5.1+dfsg-2 - dotlrn 2.5.0+dfsg-2 CVE-2010-XXXX [insecure python path handling] - pymca 4.4.1p1-1 (low; bug #605160) - opendnssec 1.1.3-2 (low; bug #605161) - pybliographer 1.2.14-3 (low; bug #605153) [squeeze] - pybliographer 1.2.12-4squeeze1 - calendarserver 2.4.dfsg-2.1 (low; bug #605157) [lenny] - calendarserver (Minor issue) - gquilt 0.22-1.1 (low; bug #605152) [lenny] - gquilt 0.20-2+lenny1 - snappea 3.0d3-20 (low; bug #605151) [lenny] - snappea (Minor issue) - dlr-languages 20090805+git.e6b28d27+dfsg-3 (low; bug #605158) [lenny] - ironpython (Minor issue) - gnome-schedule 2.1.1-3.1 (low; bug #605169) [lenny] - gnome-schedule (Minor issue) - gnumed-client 0.8.5-1 (low; bug #605159) [squeeze] - gnumed-client 0.7.10-1 [lenny] - gnumed-client (Minor issue) - distcc 3.1-3.2 (low; bug #605168) [lenny] - distcc (Vulnerable code not present) - mmass 3.8.0-2 (low; bug #605150) [squeeze] - mmass (Doesn't set PYTHONPATH) - guake 0.4.2-3 (low; bug #605163) CVE-2010-4301 (epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wires ...) - wireshark (Only affects >= 1.4) CVE-2010-4300 (Heap-based buffer overflow in the dissect_ldss_transfer function (epan ...) - wireshark 1.2.11-4 [lenny] - wireshark (Only affects >= 1.2) CVE-2010-4293 REJECTED CVE-2010-4292 REJECTED CVE-2010-4291 REJECTED CVE-2010-4290 REJECTED CVE-2010-4289 REJECTED CVE-2010-4288 REJECTED CVE-2010-4287 REJECTED CVE-2010-4286 REJECTED CVE-2010-4285 REJECTED CVE-2010-4284 (SQL injection vulnerability in the authentication form in the integrat ...) NOT-FOR-US: Samsung Integrated Management System CVE-2010-4283 (PHP remote file inclusion vulnerability in extras/pandora_diag.php in ...) NOT-FOR-US: Pandora FMS CVE-2010-4282 (Multiple directory traversal vulnerabilities in Pandora FMS before 3.1 ...) NOT-FOR-US: Pandora FMS CVE-2010-4281 (Incomplete blacklist vulnerability in the safe_url_extraclean function ...) NOT-FOR-US: Pandora FMS CVE-2010-4280 (Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 all ...) NOT-FOR-US: Pandora FMS CVE-2010-4279 (The default configuration of Pandora FMS 3.1 and earlier specifies an ...) NOT-FOR-US: Pandora FMS CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows re ...) NOT-FOR-US: Pandora FMS CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...) NOT-FOR-US: Embedded Video plugin 4.1 for WordPress CVE-2010-4276 (Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid ...) NOT-FOR-US: LiveZilla CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager ...) NOT-FOR-US: Radius Manager CVE-2010-4274 (reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 ...) NOT-FOR-US: IBM Systems Director CVE-2010-4273 (SQL injection vulnerability in imoveis.php in DescargarVista ACC IMove ...) NOT-FOR-US: DescargarVista ACC CVE-2010-4272 (SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sp ...) NOT-FOR-US: Pulse Infotech Sponsor Wall CVE-2010-4271 (SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remo ...) NOT-FOR-US: ImpressCMS CVE-2010-4270 (Directory traversal vulnerability in the nBill (com_netinvoice) compon ...) NOT-FOR-US: Joomla addon CVE-2010-4269 (SQL injection vulnerability in managechat.php in Collabtive 0.65 allow ...) NOT-FOR-US: Collabtive CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipw ...) NOT-FOR-US: Pulse Infotech CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/ ...) {DSA-2152-1} - hplip 3.10.6-2 (bug #610960) CVE-2010-4266 (It was found in vanilla forums before 2.0.10 a potential linkbait vuln ...) NOT-FOR-US: Vanilla Forums CVE-2010-4265 (The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$Second ...) - jbossas4 (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update) CVE-2010-4264 (It was found in vanilla forums before 2.0.10 a cross-site scripting vu ...) NOT-FOR-US: Vanilla Forums CVE-2010-4263 (The igb_receive_skb function in drivers/net/igb/igb_main.c in the Inte ...) - linux-2.6 2.6.32-30 [lenny] - linux-2.6 (Vulnerable code not present) CVE-2010-4262 (Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote atta ...) - xfig 1:3.2.5.b-1.1 (bug #606257) NOTE: details and patch at https://bugzilla.redhat.com/659676 CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...) - clamav 0.96.5+dfsg-1 [lenny] - clamav (icon extractor not yet present) NOTE: Fixed in 1f3db7f074995bd4e1d0183b2db8b1c472d2f41b CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV b ...) - clamav 0.96.5+dfsg-1 [lenny] - clamav (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e) NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote attack ...) {DSA-2253-1} - fontforge 0.0.20100501-4 (bug #605537) CVE-2010-4258 (The do_exit function in kernel/exit.c in the Linux kernel before 2.6.3 ...) {DSA-2153-1} - linux-2.6 2.6.32-29 CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in wp-includ ...) {DSA-2138-1} NOTE: http://core.trac.wordpress.org/changeset/16625 - wordpress 3.0.2-1 (bug #605603) CVE-2010-4256 (The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 ...) - linux-2.6 (introduced in 2.6.35; fixed in 2.6.37) CVE-2010-4255 (The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and ear ...) - xen 4.0.1-2 (bug #609531) CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used ...) - moon (Debian's version of Moonlight is not affected, see #608288) CVE-2010-4253 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and ...) {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly valid ...) - openssl (configured with -DOPENSSL_NO_JPAKE; bug #606902) NOTE: http://www.openssl.org/news/secadv/20101202.txt CVE-2010-4251 (The socket implementation in net/core/sock.c in the Linux kernel befor ...) - linux-2.6 2.6.32-22 CVE-2010-4250 (Memory leak in the inotify_init1 function in fs/notify/inotify/inotify ...) - linux-2.6 2.6.37-1 [squeeze] - linux-2.6 (Introduced after 2.6.32) [lenny] - linux-2.6 (Introduced after 2.6.32) [wheezy] - linux-2.6 (Introduced after 2.6.32) CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux kerne ...) {DSA-2153-1} - linux-2.6 2.6.32-30 CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the L ...) {DSA-2153-1} - linux-2.6 2.6.32-29 CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and ( ...) - linux-2.6 (changes included since introduction of dom0 support) CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pf ...) NOT-FOR-US: pfSense CVE-2010-4245 (pootle 2.0.5 has XSS via 'match_names' parameter ...) - pootle 2.0.5-0.3 (low; bug #604060) [lenny] - pootle (Vulnerable code not present) CVE-2010-4244 REJECTED CVE-2010-4243 (fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Ki ...) {DSA-2153-1} - linux-2.6 2.6.32-30 CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver (drivers/bluetoo ...) {DSA-2153-1} - linux-2.6 2.6.32-28 CVE-2010-4241 (Tiki Wiki CMS Groupware 5.2 has CSRF ...) - tikiwiki CVE-2010-4240 (Tiki Wiki CMS Groupware 5.2 has XSS ...) - tikiwiki CVE-2010-4239 (Tiki Wiki CMS Groupware 5.2 has Local File Inclusion ...) - tikiwiki CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on ...) - linux-2.6 (RedHat-specific issue, does not affect Xen-upstream/Debian) CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind E ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-4235 (Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, a ...) NOT-FOR-US: RealNetworks Helix CVE-2010-4234 (The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CM ...) NOT-FOR-US: Camtron, TecVoz CVE-2010-4233 (The Linux installation on the Camtron CMNC-200 Full HD IP Camera and T ...) NOT-FOR-US: Camtron, TecVoz CVE-2010-4232 (The web-based administration interface on the Camtron CMNC-200 Full HD ...) NOT-FOR-US: Camtron, TecVoz CVE-2010-4231 (Directory traversal vulnerability in the web-based administration inte ...) NOT-FOR-US: Camtron, TecVoz CVE-2010-4230 (Stack-based buffer overflow in a certain ActiveX control for the Camtr ...) NOT-FOR-US: Camtron, TecVoz CVE-2010-4229 (Directory traversal vulnerability in an unspecified servlet in the Inv ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP se ...) NOT-FOR-US: Novell NetWare CVE-2010-4227 (The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before ...) NOT-FOR-US: Novell Netware CVE-2010-4226 (cpio, as used in build 2007.05.10, 2010.07.28, and possibly other vers ...) NOT-FOR-US: OpenSuSE build services NOTE: This might qualify as a cpio hardening issue, but this CVE-ID is not about cpio itself. CVE-2010-4225 (Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x ...) - mono 2.6.7-5 (bug #608288) CVE-2010-4224 RESERVED CVE-2010-4223 RESERVED CVE-2010-4222 RESERVED CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets func ...) - proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279) [lenny] - proftpd-dfsg (Introduced in 1.3.2rc3) CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution Co ...) NOT-FOR-US: IBM WebSphere CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in I ...) NOT-FOR-US: IBM WebSphere CVE-2010-4218 (Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown ...) NOT-FOR-US: IBM ENOVIA 6 CVE-2010-4217 (Use-after-free vulnerability in the proxy server in IBM Tivoli Directo ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2010-4216 (IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF00 ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2010-4215 (UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated us ...) - foswiki (bug #509864) CVE-2010-4214 (The Wells Fargo Mobile application 1.1 for Android stores a username a ...) NOT-FOR-US: Wells Fargo Mobile for Android CVE-2010-4213 (The Bank of America application 2.12 for Android stores a security que ...) NOT-FOR-US: Bank of America application for Android CVE-2010-4212 (The USAA application 3.0 for Android stores a mirror image of each vis ...) NOT-FOR-US: USAA application for Android CVE-2010-4211 (The PayPal app before 3.0.1 for iOS does not verify that the server ho ...) NOT-FOR-US: PayPal app for iOS CVE-2010-4210 (The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x ...) - kfreebsd-7 [lenny] - kfreebsd-7 (Not covered by security support in Lenny) - kfreebsd-8 8.1-1 - kfreebsd-9 (fixed prior to first upload) - kfreebsd-10 (fixed prior to first upload) CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...) - yui 2.8.2r1~squeeze-1 (bug #603513) CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...) - yui 2.8.2r1~squeeze-1 (bug #603513) CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...) - yui 2.8.2r1~squeeze-1 (bug #603513) CVE-2010-4206 (Array index error in the FEBlend::apply function in WebCore/platform/g ...) - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/70652 CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data type ...) - chromium-browser 6.0.472.63~r59945-2 NOTE: https://bugs.webkit.org/show_bug.cgi?id=48159 NOTE: http://trac.webkit.org/changeset/70550 CVE-2010-4204 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1 ...) - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: https://bugs.webkit.org/show_bug.cgi?id=48281 NOTE: http://trac.webkit.org/changeset/70517 CVE-2010-4202 (Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux ...) - webkit (skia issue) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://code.google.com/p/skia/source/detail?r=606 NOTE: http://code.google.com/p/skia/source/detail?r=607 CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...) - chromium-browser 6.0.472.63~r59945-2 NOTE: https://bugs.webkit.org/show_bug.cgi?id=47522 CVE-2010-4200 REJECTED CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast of an ...) {DSA-2188-1} - webkit 1.2.7-1 - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/69936 CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1 ...) - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/69735 NOTE: style fix change set: http://trac.webkit.org/changeset/69801 CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google Chrome befor ...) - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/70594 CVE-2010-4196 (The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9. ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4195 (The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does n ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4194 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4193 (Adobe Shockwave Player before 11.5.9.620 does not properly validate un ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4192 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4191 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4190 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4189 (The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows at ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4188 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allo ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4187 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools Online W ...) NOT-FOR-US: OnlineTechTools CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly 2.3.8 a ...) NOT-FOR-US: Energine CVE-2010-4184 (NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cle ...) NOT-FOR-US: NetSupport Manager CVE-2010-4183 (Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier b ...) - php-htmlpurifier 4.1.1+dfsg1-1 CVE-2010-4182 (Untrusted search path vulnerability in the Data Access Objects (DAO) l ...) NOT-FOR-US: Microsoft Windows CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...) - yaws (Only affects Windows) CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_R ...) {DSA-2141-1} - openssl 0.9.8o-4 NOTE: http://www.openssl.org/news/secadv/20101202.txt CVE-2010-4179 (The installation documentation for Red Hat Enterprise Messaging, Realt ...) NOT-FOR-US: RedHat documentation of MRG CVE-2010-4178 (MySQL-GUI-tools (mysql-administrator) leaks passwords into process lis ...) - mysql-gui-tools (low; bug #605542) [squeeze] - mysql-gui-tools (Minor issue) [lenny] - mysql-gui-tools (Minor issue) CVE-2010-4177 (mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+op ...) - mysql-gui-tools (low; bug #605542) [squeeze] - mysql-gui-tools (Minor issue) [lenny] - mysql-gui-tools (Minor issue) CVE-2010-4176 (plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 a ...) - dracut (vulnerable script not shipped) - udev (vulnerable script not shipped; fedora-specific issue) CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) i ...) - linux-2.6 2.6.32-28 [lenny] - linux-2.6 (RDS introduced in 2.6.30) CVE-2010-4174 REJECTED CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...) - libsdp 1.1.99-2.1 (bug #603841) CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager app ...) - tomcat6 6.0.28-9 (bug #606388) [lenny] - tomcat6 (Only ships the servlet package) CVE-2010-4171 (The staprun runtime tool in SystemTap 1.3 does not verify that a modul ...) {DSA-2348-1} - systemtap 1.2-3 (bug #603946) CVE-2010-4170 (The staprun runtime tool in SystemTap 1.3 does not properly clear the ...) {DSA-2348-1} - systemtap 1.2-3 (bug #603946) CVE-2010-4169 (Use-after-free vulnerability in mm/mprotect.c in the Linux kernel befo ...) - linux-2.6 2.6.32-29 [lenny] - linux-2.6 (perf counters not yet present) CVE-2010-4168 (Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 ...) - openttd 1.0.4-3 (bug #603752) [lenny] - openttd (Introduced in 1.0) CVE-2010-4167 (Untrusted search path vulnerability in configure.c in ImageMagick befo ...) - imagemagick 8:6.6.0.4-3 (low; bug #601824) [lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4 CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...) NOT-FOR-US: Joomla! CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel b ...) - linux-2.6 2.6.32-28 [lenny] - linux-2.6 (Introduced in 2.6.28) CVE-2010-4164 (Multiple integer underflows in the x25_parse_facilities function in ne ...) {DSA-2126-1} - linux-2.6 2.6.32-28 CVE-2010-4163 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...) {DSA-2153-1} - linux-2.6 2.6.32-29 CVE-2010-4162 (Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6. ...) {DSA-2153-1} - linux-2.6 2.6.32-29 CVE-2010-4161 (The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat ...) - linux-2.6 2.6.28-1 [lenny] - linux-2.6 (Vulnerable code not present) CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 a ...) - mono 2.6.7-4 (bug #605097) [lenny] - mono (Minor issue) CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...) - php5 5.3.3-4 (bug #603751) [lenny] - php5 (Only affects 5.3.x) CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 a ...) NOT-FOR-US: eXV2 CMS CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager ...) NOT-FOR-US: Rhino Software, Inc. FTP Voyager CVE-2010-4153 (Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably ...) NOT-FOR-US: CrossFTP CVE-2010-4152 (SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, a ...) NOT-FOR-US: 4site CMS CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly ...) NOT-FOR-US: DeluxeBB CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP ext ...) {DSA-2195-1} - php5 5.3.3-7 CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Ch ...) - libvpx 0.9.1-2 (bug #602693) CVE-2010-4160 (Multiple integer overflows in the (1) pppol2tp_sendmsg function in net ...) {DSA-2126-1} - linux-2.6 2.6.32-27 (low) CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux kernel be ...) {DSA-2153-1} - linux-2.6 2.6.32-29 (low) CVE-2010-4157 (Integer overflow in the ioc_general function in drivers/scsi/gdth.c in ...) {DSA-2126-1} - linux-2.6 2.6.32-28 (low) CVE-2010-4149 (Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5. ...) NOT-FOR-US: FreshWebMaster Fresh FTP CVE-2010-4148 (Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly ...) NOT-FOR-US: AnyConnect CVE-2010-4147 (Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping C ...) NOT-FOR-US: Pentasoft Avactis Shopping Cart CVE-2010-4146 (Cross-site scripting (XSS) vulnerability in Attachmate Reflection for ...) NOT-FOR-US: Attachmate Reflection CVE-2010-4145 (Kisisel Radyo Script stores sensitive information under the web root w ...) NOT-FOR-US: Kisisel Radyo Script CVE-2010-4144 (SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allow ...) NOT-FOR-US: Kisisel Radyo Script CVE-2010-4143 (SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magi ...) NOT-FOR-US: phpCheckZ CVE-2010-4142 (Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8 ...) NOT-FOR-US: DATAC RealWin CVE-2010-4141 REJECTED CVE-2010-4140 REJECTED CVE-2010-4139 REJECTED CVE-2010-4138 REJECTED CVE-2010-4137 REJECTED CVE-2010-4136 REJECTED CVE-2010-4135 REJECTED CVE-2010-4134 REJECTED CVE-2010-4133 REJECTED CVE-2010-4132 REJECTED CVE-2010-4131 REJECTED CVE-2010-4130 REJECTED CVE-2010-4129 REJECTED CVE-2010-4128 REJECTED CVE-2010-4127 REJECTED CVE-2010-4126 REJECTED CVE-2010-4125 REJECTED CVE-2010-4124 REJECTED CVE-2010-4123 REJECTED CVE-2010-4122 REJECTED CVE-2010-4121 (** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Mana ...) NOT-FOR-US: IBM Tivoli CVE-2010-XXXX - weborf 0.12.4-1 (bug #601585) CVE-2010-4120 (Multiple cross-site scripting (XSS) vulnerabilities in the TAM console ...) NOT-FOR-US: IBM Tivoli CVE-2010-4119 REJECTED CVE-2010-4118 REJECTED CVE-2010-4117 REJECTED CVE-2010-4116 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x bef ...) NOT-FOR-US: HP StorageWorks Storage Mirroring CVE-2010-4115 (HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100 ...) NOT-FOR-US: HP StorageWorks CVE-2010-4114 (Cross-site scripting (XSS) vulnerability in HP Discovery & Depende ...) NOT-FOR-US: HP DDMI CVE-2010-4113 (Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 al ...) NOT-FOR-US: HP HPPM CVE-2010-4112 (HP Insight Management Agents before 8.6 allows remote attackers to obt ...) NOT-FOR-US: HP Insight Management Agents CVE-2010-4111 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Onl ...) NOT-FOR-US: HP Insight Diagnostics CVE-2010-4110 (Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the I ...) NOT-FOR-US: HP OpenVMS CVE-2010-4109 (Cross-site scripting (XSS) vulnerability in the Contacts Application i ...) NOT-FOR-US: HP Palm webOS CVE-2010-4108 (HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threa ...) NOT-FOR-US: HP-UX CVE-2010-4107 (The default configuration of the PJL Access value in the File System E ...) NOT-FOR-US: HP LaserJet CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) NOT-FOR-US: HP Insight Orchestration CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2 allow ...) NOT-FOR-US: HP Insight Orchestration CVE-2010-4104 (Unspecified vulnerability in HP Insight Orchestration before 6.2 allow ...) NOT-FOR-US: HP Insight Orchestration CVE-2010-4103 (Unspecified vulnerability in HP Insight Managed System Setup Wizard be ...) NOT-FOR-US: HP Insight Managed System Setup Wizard CVE-2010-4102 (Unspecified vulnerability in HP Insight Recovery before 6.2 allows rem ...) NOT-FOR-US: HP Insight Recovery CVE-2010-4101 (Cross-site scripting (XSS) vulnerability in HP Insight Recovery before ...) NOT-FOR-US: HP Insight Recovery CVE-2010-4100 (Unspecified vulnerability in HP Insight Control Performance Management ...) NOT-FOR-US: HP Insight Control Performance Management CVE-2010-4099 (ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabl ...) NOT-FOR-US: NitroSecurity NitroView CVE-2010-4098 (monotone before 0.48.1, when configured to allow remote commands, allo ...) - monotone 0.48-3 [lenny] - monotone (Vulnerable feature introduced in 0.46) CVE-2010-4097 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aa ...) NOT-FOR-US: Aardvark Topsites PHP CVE-2010-4095 (Directory traversal vulnerability in the FTP client in Serengeti Syste ...) NOT-FOR-US: Serengeti Systems Incorporated Robo-FTP 3.7.3 CVE-2010-4094 (The Tomcat server in IBM Rational Quality Manager and Rational Test La ...) NOT-FOR-US: IBM Rational Quality Manager CVE-2010-4093 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility component ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4091 (The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4085 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4084 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4083 (The copy_semid_to_user function in ipc/sem.c in the Linux kernel befor ...) {DSA-2126-1} - linux-2.6 2.6.32-29 (low) CVE-2010-4082 (The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c i ...) - linux-2.6 2.6.32-24 (low) [lenny] - linux-2.6 (Vulnerable code not present) CVE-2010-4081 (The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the ...) {DSA-2126-1} - linux-2.6 2.6.32-27 (low) CVE-2010-4080 (The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the L ...) {DSA-2126-1} - linux-2.6 2.6.32-27 (low) CVE-2010-4079 (The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the ...) {DSA-2126-1} - linux-2.6 2.6.32-29 (low) CVE-2010-4078 (The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux ...) {DSA-2126-1} - linux-2.6 2.6.32-24 (low) CVE-2010-4077 (The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Li ...) - linux-2.6 2.6.37-1 (low) [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 CVE-2010-4076 (The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel ...) - linux-2.6 2.6.37-1 (low) [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 CVE-2010-4075 (The uart_get_count function in drivers/serial/serial_core.c in the Lin ...) {DSA-2264-1} - linux-2.6 2.6.37-1 (low) [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 CVE-2010-4074 (The USB subsystem in the Linux kernel before 2.6.36-rc5 does not prope ...) {DSA-2126-1} - linux-2.6 2.6.32-24 (low) CVE-2010-4073 (The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initi ...) {DSA-2126-1} - linux-2.6 2.6.32-29 (low) CVE-2010-4072 (The copy_shmid_to_user function in ipc/shm.c in the Linux kernel befor ...) {DSA-2126-1} - linux-2.6 2.6.32-29 (low) CVE-2010-4071 (Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2. ...) - otrs2 2.4.9+dfsg1-1 [lenny] - otrs2 (Only affects OTRS 2.4) CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper ...) NOT-FOR-US: portmap.exe CVE-2010-4069 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x t ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2010-4068 (Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x befo ...) {DSA-2121-1} - typo3-src 4.3.7-1 CVE-2010-4096 (share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local user ...) - monkeysphere 0.31-3 (bug #600304) NOTE: micah requested this CVE from mitre, issue has been fixed in debian already CVE-2010-4067 RESERVED CVE-2010-4066 RESERVED CVE-2010-4065 RESERVED CVE-2010-4064 RESERVED CVE-2010-4063 RESERVED CVE-2010-4062 RESERVED CVE-2010-4061 RESERVED CVE-2010-4060 RESERVED CVE-2010-4059 RESERVED CVE-2010-4058 RESERVED CVE-2010-4057 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...) NOT-FOR-US: IBM solidDB CVE-2010-4056 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...) NOT-FOR-US: IBM solidDB CVE-2010-4055 (Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 an ...) NOT-FOR-US: IBM solidDB CVE-2010-4054 (The gs_type2_interpret function in Ghostscript allows remote attackers ...) - ghostscript 8.71~dfsg-1 (unimportant) NOTE: Crash-only CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function in onin ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2010-4052 (Stack consumption vulnerability in the regcomp implementation in the G ...) - glibc 2.19-4 (unimportant) - eglibc 2.13-1 (unimportant) NOTE: Deficiency in the regexp engine of glibc, while there implementations which NOTE: process such expressions more efficiently, imposing a limit lies within NOTE: the application accepting it from user input CVE-2010-4051 (The regcomp implementation in the GNU C Library (aka glibc or libc6) t ...) - glibc 2.19-4 (unimportant) - eglibc 2.13-1 (unimportant) NOTE: Deficiency in the regexp engine of glibc, while there implementations which NOTE: process such expressions more efficiently, imposing a limit lies within NOTE: the application accepting it from user input CVE-2010-XXXX [XSS vulnerability discovered -plugin-globalsearch] - fusionforge 5.0.2-3 CVE-2010-XXXX [insecure usage of temporary files in flash-kernel] - flash-kernel 2.33 (low) [lenny] - flash-kernel (Minor issue) CVE-2010-4050 (Opera before 10.63 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2010-4049 (Opera before 10.63 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2010-4048 (Opera before 10.63 allows user-assisted remote web servers to cause a ...) NOT-FOR-US: Opera CVE-2010-4047 (Opera before 10.63 does not properly select the security context of Ja ...) NOT-FOR-US: Opera CVE-2010-4046 (Opera before 10.63 does not properly verify the origin of video conten ...) NOT-FOR-US: Opera CVE-2010-4045 (Opera before 10.63 does not properly restrict web script in unspecifie ...) NOT-FOR-US: Opera CVE-2010-4044 (Opera before 10.63 does not ensure that the portion of a URL shown in ...) NOT-FOR-US: Opera CVE-2010-4043 (Opera before 10.63 does not prevent interpretation of a cross-origin d ...) NOT-FOR-US: Opera CVE-2010-4042 (Google Chrome before 7.0.517.41 does not properly handle element maps, ...) - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-1 NOTE: http://trac.webkit.org/changeset/68096 CVE-2010-4041 (The sandbox implementation in Google Chrome before 7.0.517.41 on Linux ...) - webkit (issue with chromium sandbox) - chromium-browser 6.0.472.63~r59945-1 CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle animated GIF ...) {DSA-2188-1} - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-1 NOTE: http://trac.webkit.org/changeset/68446 CVE-2010-4039 (Google Chrome before 7.0.517.41 on Linux does not properly set the PAT ...) - webkit (chromium-specifc LD_LIBRARY_PATH issue) - chromium-browser (package uses its own startup script) CVE-2010-4038 (The Web Sockets implementation in Google Chrome before 7.0.517.41 does ...) - webkit (issue in chromium code base) - chromium-browser 9.0.570 [squeeze] - chromium-browser (websocket_experiment not enabled in v6) [wheezy] - chromium-browser CVE-2010-4037 (Unspecified vulnerability in Google Chrome before 7.0.517.41 allows re ...) - webkit (affected gesture code not present in 1.2.x) - chromium-browser (unimportant) NOTE: http://trac.webkit.org/changeset/67716 CVE-2010-4036 (Google Chrome before 7.0.517.41 does not properly handle the unloading ...) - webkit (chromium-specifc issue) - chromium-browser 6.0.472.63~r59945-1 CVE-2010-4035 (Google Chrome before 7.0.517.41 does not properly perform autofill ope ...) - webkit (issue in chromium code base) - chromium-browser 6.0.472.63~r59945-1 CVE-2010-4034 (Google Chrome before 7.0.517.41 does not properly handle forms, which ...) - webkit (issue in chromium code base) - chromium-browser 6.0.472.63~r59945-1 CVE-2010-4033 (Google Chrome before 7.0.517.41 does not properly implement the autofi ...) - webkit (issue in gestures, which resides in the webkit codebase, but is only used by chromium right now) - chromium-browser 6.0.472.63~r59945-1 NOTE: http://trac.webkit.org/changeset/63786 NOTE: http://trac.webkit.org/changeset/67240 CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) NOT-FOR-US: HP Insight Control Performance Management CVE-2010-4031 (Unspecified vulnerability in HP Insight Control Performance Management ...) NOT-FOR-US: HP Insight Control Performance Management CVE-2010-4030 (Cross-site scripting (XSS) vulnerability in HP Insight Control Perform ...) NOT-FOR-US: HP Insight Control Performance Management CVE-2010-4029 (Unspecified vulnerability in HP Storage Essentials before 6.3.0, when ...) NOT-FOR-US: HP Storage Essentials CVE-2010-4028 (Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunne ...) NOT-FOR-US: HP LoadRunner CVE-2010-4027 (Unspecified vulnerability in the camera application in HP Palm webOS 1 ...) NOT-FOR-US: HP Palm webOS CVE-2010-4026 (Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 al ...) NOT-FOR-US: HP Palm webOS CVE-2010-4025 (Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows ...) NOT-FOR-US: HP Palm webOS CVE-2010-4024 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) NOT-FOR-US: HP Insight Control Power Management CVE-2010-4023 (Cross-site scripting (XSS) vulnerability in HP Insight Control Power M ...) NOT-FOR-US: HP Insight Control Power Management CVE-2010-4022 (The do_standalone function in the MIT krb5 KDC database propagation da ...) - krb5 1.8.3+dfsg-5 (low) [squeeze] - krb5 1.8.3+dfsg-4squeeze1 [lenny] - krb5 (Only affects 1.7.x onwards) [etch] - krb5 (Only affects 1.7.x onwards) CVE-2010-4021 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 doe ...) - krb5 1.8+dfsg~alpha1-1 [lenny] - krb5 (Only affects 1.7.x) CVE-2010-4020 (MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key- ...) - krb5 1.8.3+dfsg-3 (bug #605553) [lenny] - krb5 (Only affects krb5 >= 1.8) CVE-2010-4019 RESERVED CVE-2010-4018 RESERVED CVE-2010-4017 RESERVED CVE-2010-4016 RESERVED CVE-2010-4015 (Buffer overflow in the gettoken function in contrib/intarray/_int_bool ...) {DSA-2157-1} - postgresql-9.0 9.0.3-1 - postgresql-8.4 8.4.7-1 - postgresql-8.3 CVE-2010-4014 RESERVED CVE-2010-4013 (Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x bef ...) NOT-FOR-US: This is not the PackageKit distributed by Debian, but a different code base CVE-2010-4012 (Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later al ...) NOT-FOR-US: Apple iOS CVE-2010-4011 (Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memor ...) - dovecot (HT4452 claims it is Apple-specific and doesn't affect the OSS version) CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS ...) NOT-FOR-US: Apple Type Services CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote attacke ...) NOT-FOR-US: Apple QuickTime CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Appl ...) {DSA-2128-1} - libxml2 2.7.8.dfsg-1 (bug #602609) CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message Authenti ...) - mojarra (Fixed before initial upload, in 2.0.1) CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0. ...) NOT-FOR-US: WSN Links CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and ...) - tomboy 1.2.2-2 (low; bug #605096) [lenny] - tomboy (Minor issue) CVE-2010-4004 RESERVED CVE-2010-4003 RESERVED CVE-2010-4002 RESERVED CVE-2010-4001 (** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-l ...) NOTE: Not a security issue CVE-2010-4000 (gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name ...) - gnome-shell 2.91.3-1 (bug #605098) [lenny] - gnome-shell (Minor issue) CVE-2010-3999 (gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length direct ...) - gnucash 2.2.9-10 (low; bug #603329) [lenny] - gnucash (Minor issue) CVE-2010-3998 (The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlie ...) - banshee 1.6.1-1.1 (bug #605095) [lenny] - banshee (Minor issue) CVE-2010-3997 RESERVED CVE-2010-3996 (festival_server in Centre for Speech Technology Research (CSTR) Festiv ...) - festival (From Lenny onwards we don't include the server component) CVE-2010-3995 RESERVED CVE-2010-3994 (Cross-site scripting (XSS) vulnerability in HP Version Control Reposit ...) NOT-FOR-US: HP VCRM CVE-2010-3993 (Unspecified vulnerability in HP Insight Control Server Migration befor ...) NOT-FOR-US: HP Insight CVE-2010-3992 (Unspecified vulnerability in HP Insight Control Server Migration befor ...) NOT-FOR-US: HP Insight CVE-2010-3991 (Cross-site scripting (XSS) vulnerability in HP Insight Control Server ...) NOT-FOR-US: HP Insight CVE-2010-3990 (Unspecified vulnerability in HP Virtual Server Environment before 6.2 ...) NOT-FOR-US: HP Virtual Server Environment CVE-2010-3989 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) NOT-FOR-US: HP Insight CVE-2010-3988 (Unspecified vulnerability in HP Insight Control Virtual Machine Manage ...) NOT-FOR-US: HP Insight CVE-2010-3987 (Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual ...) NOT-FOR-US: HP Insight CVE-2010-3986 (Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VC ...) NOT-FOR-US: HP VCEM CVE-2010-3985 (Cross-site scripting (XSS) vulnerability in HP Operations Orchestratio ...) NOT-FOR-US: HP Operations Orchestration CVE-2010-3984 (Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 ...) NOT-FOR-US: CA XOsoft CVE-2010-3983 (CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenti ...) NOT-FOR-US: SAP BusinessObjects Enterprise CVE-2010-3982 (SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigg ...) NOT-FOR-US: SAP BusinessObjects Enterprise CVE-2010-3981 (Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterp ...) NOT-FOR-US: SAP BusinessObjects Enterprise CVE-2010-3980 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the ...) NOT-FOR-US: SAP BusinessObjects Enterprise CVE-2010-3979 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different ...) NOT-FOR-US: SAP BusinessObjects Enterprise CVE-2010-3978 (Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data usi ...) NOT-FOR-US: Spree CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plug ...) NOT-FOR-US: cForm wordpress plugin CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before 9.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9 allows loc ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3974 (fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft Windows CVE-2010-3973 (The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Micr ...) NOT-FOR-US: Microsoft CVE-2010-3972 (Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData fu ...) NOT-FOR-US: Microsoft Internet Information Services CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify function ...) NOT-FOR-US: Microsoft Internet Explorer 7 and 8 CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in s ...) NOT-FOR-US: Microsoft Windows CVE-2010-3969 REJECTED CVE-2010-3968 REJECTED CVE-2010-3967 (Untrusted search path vulnerability in Microsoft Windows Movie Maker ( ...) NOT-FOR-US: Microsoft Windows CVE-2010-3966 (Untrusted search path vulnerability in Microsoft Windows Server 2008 R ...) NOT-FOR-US: Microsoft Windows CVE-2010-3965 (Untrusted search path vulnerability in Windows Media Encoder 9 on Micr ...) NOT-FOR-US: Microsoft Windows CVE-2010-3964 (Unrestricted file upload vulnerability in the Document Conversions Lau ...) NOT-FOR-US: Microsoft Office SharePoint Server CVE-2010-3963 (Buffer overflow in the Routing and Remote Access NDProxy component in ...) NOT-FOR-US: Microsoft Windows CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3961 (The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2 ...) NOT-FOR-US: Microsoft Windows CVE-2010-3960 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows gues ...) NOT-FOR-US: Microsoft Windows CVE-2010-3959 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Wi ...) NOT-FOR-US: Microsoft Windows CVE-2010-3958 (The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5 ...) NOT-FOR-US: Microsoft .NET Framework CVE-2010-3957 (Double free vulnerability in the OpenType Font (OTF) driver in Microso ...) NOT-FOR-US: Microsoft Windows CVE-2010-3956 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Wi ...) NOT-FOR-US: Microsoft Windows CVE-2010-3955 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2 ...) NOT-FOR-US: Microsoft Publisher CVE-2010-3954 (Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attacke ...) NOT-FOR-US: Microsoft Publisher CVE-2010-3953 REJECTED CVE-2010-3952 (The FlashPix image converter in the graphics filters in Microsoft Offi ...) NOT-FOR-US: Microsoft Office CVE-2010-3951 (Buffer overflow in the FlashPix image converter in the graphics filter ...) NOT-FOR-US: Microsoft Office CVE-2010-3950 (The TIFF image converter in the graphics filters in Microsoft Office X ...) NOT-FOR-US: Microsoft Office CVE-2010-3949 (Buffer overflow in the TIFF image converter in the graphics filters in ...) NOT-FOR-US: Microsoft Office CVE-2010-3948 REJECTED CVE-2010-3947 (Heap-based buffer overflow in the TIFF image converter in the graphics ...) NOT-FOR-US: Microsoft Office CVE-2010-3946 (Integer overflow in the PICT image converter in the graphics filters i ...) NOT-FOR-US: Microsoft Office CVE-2010-3945 (Buffer overflow in the CGM image converter in the graphics filters in ...) NOT-FOR-US: Microsoft Office CVE-2010-3944 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 ...) NOT-FOR-US: Microsoft Windows CVE-2010-3943 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2010-3942 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2010-3941 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...) NOT-FOR-US: Microsoft Windows CVE-2010-3940 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...) NOT-FOR-US: Microsoft Windows CVE-2010-3939 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2010-3938 REJECTED CVE-2010-3937 (Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote a ...) NOT-FOR-US: Microsoft Exchange Server CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft F ...) NOT-FOR-US: Forefront Unified Access Gateway CVE-2010-3935 REJECTED CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Software 5.0 ...) NOT-FOR-US: BlackBerry Device Software CVE-2010-3933 (Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attribut ...) - rails (Only affects >= 2.3.9, which is not yet in the archive) CVE-2010-3932 REJECTED CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion produc ...) NOT-FOR-US: Rocomotion CVE-2010-3930 (Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier ...) NOT-FOR-US: MODx CVE-2010-3929 (SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows ...) NOT-FOR-US: MODx CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to a term ...) NOT-FOR-US: Ruby Version Manager CVE-2010-3927 (Untrusted search path vulnerability in Lunascape before 6.4.0 allows l ...) NOT-FOR-US: Lunascape CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX ...) NOT-FOR-US: SGX-SP Final CVE-2010-3925 (Contents-Mall before 15 does not properly handle passwords, which allo ...) NOT-FOR-US: Contents-Mall CVE-2010-3924 (SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remo ...) NOT-FOR-US: Aimluck Aipo CVE-2010-3923 (Untrusted search path vulnerability in AttacheCase before 2.70 allows ...) NOT-FOR-US: AttacheCase CVE-2010-3922 (SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x be ...) - movabletype-opensource 4.3.5+dfsg-1 (bug #606311) [lenny] - movabletype-opensource 4.2.3-1+lenny2 (bug #606311) CVE-2010-3921 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4. ...) - movabletype-opensource 4.3.5+dfsg-1 (bug #606311) [lenny] - movabletype-opensource 4.2.3-1+lenny2 (bug #606311) CVE-2010-3920 (The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 a ...) NOT-FOR-US: Seiko Epson printer driver CVE-2010-3919 (Fenrir Grani 4.5 and earlier does not prevent interaction between web ...) NOT-FOR-US: Fenrir Grani CVE-2010-3918 (Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between ...) NOT-FOR-US: Fenrir Sleipnir CVE-2010-3917 (Google Chrome before 3.0 does not properly handle XML documents, which ...) - chromium-browser (Fixed before initial upload to Debian) CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Governm ...) NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Governm ...) NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government CVE-2010-3914 (Untrusted search path vulnerability in VIM Development Group GVim befo ...) - vim (Windows-specific) CVE-2010-3913 (CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.01 ...) NOT-FOR-US: TransWARE Active! mail CVE-2010-3912 (The supportconfig script in supportutils in SUSE Linux Enterprise 11 S ...) NOT-FOR-US: SLES support scripts CVE-2010-3911 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM befo ...) NOT-FOR-US: vTiger CRM CVE-2010-3910 (Multiple directory traversal vulnerabilities in the return_application ...) NOT-FOR-US: vTiger CRM CVE-2010-3909 (Incomplete blacklist vulnerability in config.template.php in vtiger CR ...) NOT-FOR-US: vtiger CRM CVE-2010-3908 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows rem ...) {DSA-2306-1} - libav 4:0.6-1 - ffmpeg 7:2.4.1-1 - ffmpeg-debian CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin in Vid ...) - vlc 1.1.3-1squeeze1 [lenny] - vlc (Vulnerable code not present) CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier ...) - git-core [lenny] - git-core 1.5.6.5-3+lenny3.3 - git 1:1.7.2.3-2.2 CVE-2010-3905 (The password reset feature in the administrator interface for Eucalypt ...) - eucalyptus (bug #608289) (It was once removed from archive, then re-added as 3.1.0) CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable Data ...) - linux-2.6 2.6.32-26 [lenny] - linux-2.6 (Vulnerable code introduced in 2.6.30) CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows remote Any ...) - openconnect 2.25-0.1 CVE-2010-3902 (OpenConnect before 2.26 places the webvpn cookie value in the debuggin ...) - openconnect 3.02-1 (unimportant) NOTE: This is an additional safety net for careless users, not a vulnerability CVE-2010-3901 (OpenConnect before 2.25 does not properly validate X.509 certificates, ...) - openconnect 2.25-0.1 (bug #590873) CVE-2010-3900 (Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2 ...) - midori 0.2.7-1.1 (unimportant; bug #607497) NOTE: Current Midori SSL support is very limited NOTE: Midori should not be used if SSL support is important to you CVE-2010-3899 (IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with a ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3898 (IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3897 (ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3896 (The ESSearchApplication directory tree in IBM OmniFind Enterprise Edit ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3895 (esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows loca ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3894 (Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3893 (The administrator interface in IBM OmniFind Enterprise Edition 8.x and ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3892 (Session fixation vulnerability in the login form in the administrator ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3891 (Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3890 (Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Ed ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3889 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms all ...) NOT-FOR-US: Microsoft Windows CVE-2010-3888 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms all ...) NOT-FOR-US: Microsoft Windows CVE-2010-3887 (The Limit Mail feature in the Parental Controls functionality in Mail ...) NOT-FOR-US: Apple Mail CVE-2010-3886 (The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft msh ...) NOT-FOR-US: Microsoft Windows CVE-2010-3885 REJECTED CVE-2010-3884 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8 ...) NOT-FOR-US: CMS Made Simple CVE-2010-3883 (Cross-site request forgery (CSRF) vulnerability in the Change Group Pe ...) NOT-FOR-US: CMS Made Simple CVE-2010-3882 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...) NOT-FOR-US: CMS Made Simple CVE-2010-3881 (arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initia ...) - linux-2.6 2.6.32-29 (low) [lenny] - linux-2.6 (Vulnerable code not present) CVE-2010-3880 (net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not pr ...) {DSA-2126-1} - linux-2.6 2.6.32-30 (low) CVE-2010-3879 (FUSE, possibly 2.8.5 and earlier, allows local users to create mtab en ...) - fuse 2.8.5-1 (bug #602333) [squeeze] - fuse (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3879 CVE-2010-3878 (Cross-site request forgery (CSRF) vulnerability in the JMX Console in ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2010-3877 (The get_name function in net/tipc/socket.c in the Linux kernel before ...) {DSA-2126-1} - linux-2.6 2.6.32-30 (low) CVE-2010-3876 (net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not ...) {DSA-2126-1} - linux-2.6 2.6.32-30 (low) CVE-2010-3875 (The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel be ...) {DSA-2264-1 DSA-2240-1 DSA-2126-1} - linux-2.6 2.6.32-30 (low) CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in net/can/bcm. ...) {DSA-2126-1} - linux-2.6 2.6.32-29 (low) CVE-2010-3873 (The X.25 implementation in the Linux kernel before 2.6.36.2 does not p ...) {DSA-2126-1} - linux-2.6 2.6.32-28 (low) CVE-2010-3872 (The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcg ...) {DSA-2140-1} - libapache2-mod-fcgid 1:2.3.6-1 (bug #605484) CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme ...) - mahara (Vulnerable feature introduced in 1.3) CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle ...) {DSA-2195-1} - php5 5.3.3-4 (bug #603751) CVE-2010-3869 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate Sys ...) NOT-FOR-US: Red Hat Certificate System CVE-2010-3868 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate Sys ...) NOT-FOR-US: Red Hat Certificate System CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc modu ...) {DSA-2191-1} - proftpd-dfsg 1.3.3a-4 CVE-2010-3866 REJECTED CVE-2010-3865 (Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in t ...) - linux-2.6 2.6.37-1 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 [lenny] - linux-2.6 (Introduced in 2.6.30) CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9 ...) {DSA-2125-1} - openssl 0.9.8o-3 CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...) - shiro (Fixed before the initial release in Debian) CVE-2010-3862 (The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$Second ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kern ...) - linux-2.6 2.6.32-29 [lenny] - linux-2.6 (Introduced in 2.6.27) CVE-2010-3860 (IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2 ...) - openjdk-6 6b18-1.8.3-1 CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in the L ...) {DSA-2126-1} - linux-2.6 2.6.32-27 CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before 2 ...) {DSA-2126-1} - linux-2.6 2.6.32-27 CVE-2010-3857 (JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID paramet ...) - jbossas4 (Vulnerable code not present) NOTE: JBoss 5 only; fixed in 5.1.0 CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.1 ...) {DSA-2122-2 DSA-2122-1} - glibc 2.11.2-8 - eglibc 2.11.2-8 (bug #600667) CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in truetype/tt ...) {DSA-2155-1} - freetype 2.4.2-2.1 (bug #602221) CVE-2010-3854 (Multiple cross-site scripting (XSS) vulnerabilities in the web adminis ...) - couchdb 1.1.0-1 [squeeze] - couchdb (Unsupported in squeeze-lts) CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) bef ...) - pam 1.1.3-1 (low; bug #608273) [squeeze] - pam (Minor issue) [lenny] - pam (Minor issue) CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga ...) NOT-FOR-US: Red Hat Conga CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 an ...) NOT-FOR-US: libguestfs CVE-2010-3850 (The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kerne ...) {DSA-2126-1} - linux-2.6 2.6.32-28 CVE-2010-3849 (The econet_sendmsg function in net/econet/af_econet.c in the Linux ker ...) {DSA-2126-1} - linux-2.6 2.6.32-28 CVE-2010-3848 (Stack-based buffer overflow in the econet_sendmsg function in net/econ ...) {DSA-2126-1} - linux-2.6 2.6.32-28 CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) throu ...) {DSA-2122-2 DSA-2122-1} - eglibc 2.11.2-8 (bug #600667) - glibc 2.11.2-8 CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS 1.1 ...) - cvs (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852 CVE-2010-3844 (An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure ...) - ettercap 1:0.7.4-1 (unimportant; bug #600130) NOTE: Very far-fetched attack vector CVE-2010-3843 (The GTK version of ettercap uses a global settings file at /tmp/.etter ...) - ettercap 1:0.7.4-1 (unimportant; bug #600130) NOTE: Very far-fetched attack vector CVE-2010-3842 (Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, w ...) - curl (Doesn't affect POSIX systems) CVE-2010-3841 (Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in ...) NOT-FOR-US: TWiki CVE-2010-3845 (libapache-authenhook-perl 2.00-04 stores usernames and passwords in pl ...) - libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712) [lenny] - libapache-authenhook-perl 2.00-04+pristine-1+lenny1 CVE-2010-4237 (Mercurial before 1.6.4 fails to verify the Common Name field of SSL ce ...) - mercurial 1.6.4-1 (low; bug #598841) [lenny] - mercurial (Minor issue) CVE-2010-3840 (The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL ...) {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 CVE-2010-3839 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticat ...) - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 [lenny] - mysql-dfsg-5.0 (vulnerable code not present) CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allow ...) {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allow ...) {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allow ...) {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticat ...) {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.5 ...) {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does ...) {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 CVE-2010-3832 (Heap-based buffer overflow in the GSM mobility management implementati ...) NOT-FOR-US: Apple iOS Telophony CVE-2010-3831 (Photos in Apple iOS before 4.2 enables support for HTTP Basic Authenti ...) NOT-FOR-US: Apple iOS Photos CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer during ...) NOT-FOR-US: Apple iOS Networking CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the r ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle a ...) NOT-FOR-US: Apple iOS iAd CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before disp ...) NOT-FOR-US: Apple iOS configuration installation utility CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3825 RESERVED CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3815 RESERVED CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in Fr ...) {DSA-2155-1} - freetype 2.4.2-2.1 (bug #602221) CVE-2010-3813 (The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLin ...) - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser NOTE: fixed much earlier in chromium, but this was the version checked CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp in WebK ...) - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser NOTE: fixed much earlier in chromium, but this was the version checked NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257 CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3807 RESERVED CVE-2010-3806 RESERVED CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 1 ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before 5.0.3 o ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10 ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitr ...) NOT-FOR-US: Apple QuickTime CVE-2010-3800 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitr ...) NOT-FOR-US: Apple QuickTime CVE-2010-3799 RESERVED CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6 ...) - xar [lenny] - xar (Minor issue) CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac O ...) NOT-FOR-US: Apple Wiki Server CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not ...) NOT-FOR-US: Apple Safari RSS CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialize ...) NOT-FOR-US: Apple QuickTime CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialize ...) NOT-FOR-US: Apple QuickTime CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...) NOT-FOR-US: Apple QuickTime CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before ...) NOT-FOR-US: Apple QuickTime CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 al ...) NOT-FOR-US: Apple QuickTime CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...) NOT-FOR-US: Apple QuickTime CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...) NOT-FOR-US: Apple QuickTime CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialize ...) NOT-FOR-US: Apple QuickTime CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x befor ...) NOT-FOR-US: Apple QuickTime CVE-2010-3786 (QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...) NOT-FOR-US: Apple QuickLook CVE-2010-3785 (Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x befor ...) NOT-FOR-US: Apple QuickLook CVE-2010-3784 (The PMPageFormatCreateWithDataRepresentation API in Printing in Apple ...) NOT-FOR-US: Apple Printing CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does ...) NOT-FOR-US: Apple Password Server CVE-2010-3782 (obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to ...) - open-build-service (Fixed before initial upload to archive) CVE-2010-3781 (The PL/php add-on 1.4 and earlier for PostgreSQL does not properly pro ...) - postgresql-9.0 9.0.1-1 CVE-2010-3780 (Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...) - dovecot 1:1.2.15-1 (bug #599521) [lenny] - dovecot (Only affects 1.2.x) CVE-2010-3779 (Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admi ...) - dovecot 1:1.2.15-1 (bug #599521) [lenny] - dovecot (Only affects 1.2.x) CVE-2010-3778 (Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thun ...) {DSA-2132-1} - xulrunner (unimportant) - icedove 3.0.11-1 [lenny] - icedove - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and T ...) - iceweasel (Only affects Firefox 3.6, which is only in experimental) CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2132-1} - xulrunner (unimportant) - iceweasel 3.5.16-1 - icedove 3.0.11-1 [lenny] - icedove [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3775 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...) {DSA-2132-1} - xulrunner (unimportant) - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3774 (The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h ...) - xulrunner (unimportant) - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) [lenny] - xulrunner (Doesn't affect 1.9.0) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3773 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...) {DSA-2132-1} - xulrunner (unimportant) - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3772 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...) {DSA-2132-1} - xulrunner (unimportant) - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3771 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...) {DSA-2132-1} - xulrunner (unimportant) - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3770 (Multiple cross-site scripting (XSS) vulnerabilities in the rendering e ...) {DSA-2132-1} - xulrunner (unimportant) - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3769 (The line-breaking implementation in Mozilla Firefox before 3.5.16 and ...) {DSA-2132-1} - xulrunner (unimportant) - icedove 3.0.11-1 - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) [lenny] - xulrunner (font-face support introduced in 1.9.1) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3768 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird bef ...) - xulrunner (unimportant) [lenny] - xulrunner (Vulnerable code not present) - icedove 3.0.11-1 - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3767 (Integer overflow in the NewIdArray function in Mozilla Firefox before ...) {DSA-2132-1} - xulrunner (unimportant) - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3766 (Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6. ...) - xulrunner (unimportant) [lenny] - xulrunner (Vulnerable code not present) - iceweasel 3.5.16-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunder ...) {DSA-2124-1} - xulrunner (unimportant) - iceweasel 3.5.15-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.10-1 - icedove 3.0.10-1 [lenny] - icedove [lenny] - iceape (Only a stub package) [lenny] - xulrunner (bug in optimization added later) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3 ...) - bugzilla 3.6.3.0-1 (bug #602420; low) [squeeze] - bugzilla 3.6.2.0-4.2 CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in Ma ...) - mantis 1.1.8+dfsg-9 (bug #601618) [lenny] - mantis 1.1.6+dfsg-2lenny4 CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ...) {DSA-2130-1} - bind9 1:9.7.2.dfsg.P2-1 (bug #599515) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html NOTE: ACL bypass claimed to only affect >=9.7.2: https://kb.isc.org/article/AA-00935/0/CVE-2010-3762%3A-failure-to-handle-bad-signatures-if-multiple-trust-anchors-configured.html NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in 9.6-ESV-R2. CVE-2010-3761 (Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-3760 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ( ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-3759 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ( ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-3758 (Multiple stack-based buffer overflows in FastBackServer.exe in the Ser ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-3757 (Format string vulnerability in the _Eventlog function in FastBackServe ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-3756 (The _CalcHashValueWithLength function in FastBackServer.exe in the Ser ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-3755 (The _DAS_ReadBlockReply function in FastBackServer.exe in the Server i ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-3754 (The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Ser ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2010-3753 (programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 ...) - openswan 1:2.6.28+dfsg-2 [lenny] - openswan (Introduced in version 2.6.26) CVE-2010-3752 (programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 ...) - openswan 1:2.6.28+dfsg-2 [lenny] - openswan (Introduced in version 2.6.25) CVE-2010-3751 (Multiple heap-based buffer overflows in an ActiveX control in RealNetw ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2010-3750 (rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2010-3749 (The browser-plugin implementation in RealNetworks RealPlayer 11.0 thro ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2010-3748 (Stack-based buffer overflow in the RichFX component in RealNetworks Re ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2010-3747 (An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealP ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2010-3746 RESERVED CVE-2010-3745 RESERVED CVE-2010-3744 RESERVED CVE-2010-3743 (Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC ...) NOT-FOR-US: Visual Synapse HTTP Server CVE-2010-3742 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...) NOT-FOR-US: Free Simple CMS 1.0 CVE-2010-3741 (The offline backup mechanism in Research In Motion (RIM) BlackBerry De ...) NOT-FOR-US: BlackBerry Desktop Software CVE-2010-3740 (The Net Search Extender (NSE) implementation in the Text Search compon ...) NOT-FOR-US: IBM DB2 UDB 9.5 CVE-2010-3739 (The audit facility in the Security component in IBM DB2 UDB 9.5 before ...) NOT-FOR-US: IBM DB2 UDB 9.5 CVE-2010-3738 (The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT event ...) NOT-FOR-US: IBM DB2 UDB 9.5 CVE-2010-3737 (Memory leak in the Relational Data Services component in IBM DB2 UDB 9 ...) NOT-FOR-US: IBM DB2 UDB 9.5 CVE-2010-3736 (Memory leak in the Relational Data Services component in IBM DB2 UDB 9 ...) NOT-FOR-US: IBM DB2 UDB 9.5 CVE-2010-3735 (The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 ...) NOT-FOR-US: IBM DB2 UDB 9.5 CVE-2010-3734 (The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, a ...) NOT-FOR-US: IBM DB2 UDB 9.5 CVE-2010-3733 (The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses wor ...) NOT-FOR-US: IBM DB2 UDB 9.5 CVE-2010-3732 (The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remo ...) NOT-FOR-US: IBM DB2 UDB 9.5 CVE-2010-3731 (Stack-based buffer overflow in the validateUser implementation in the ...) NOT-FOR-US: IBM DB2 UDB 9.5 CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use information abou ...) - webkit (issue in libv8) - chromium-browser 6.0.472.62~r59676-1 - libv8 NOTE: https://bugs.webkit.org/show_bug.cgi?id=45700 NOTE: http://trac.webkit.org/changeset/67509 CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before 6.0.472.62 do ...) - webkit (chromium specific) - chromium-browser 6.0.472.62~r59676-1 CVE-2010-3728 REJECTED CVE-2010-3727 REJECTED CVE-2010-3726 REJECTED CVE-2010-3725 REJECTED CVE-2010-3724 REJECTED CVE-2010-3723 REJECTED CVE-2010-3722 REJECTED CVE-2010-3721 REJECTED CVE-2010-3720 REJECTED CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the administra ...) NOT-FOR-US: Symantec IM Manager CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ...) {DSA-2160-1} - tomcat5.5 (low) [lenny] - tomcat5.5 (Minor issue) - tomcat6 6.0.28-10 (bug #612257) [lenny] - tomcat6 (Only ships the servlet package) CVE-2010-3717 (The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x ...) {DSA-2121-1} - typo3-src 4.3.7-1 CVE-2010-3716 (The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x befor ...) {DSA-2121-1} - typo3-src 4.3.7-1 CVE-2010-3715 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x bef ...) {DSA-2121-1} - typo3-src 4.3.7-1 CVE-2010-3714 (The jumpUrl (aka access tracking) implementation in tslib/class.tslib_ ...) {DSA-2121-1} - typo3-src 4.3.7-1 CVE-2010-3713 (rss.php in UseBB before 1.0.11 does not properly handle forum configur ...) NOT-FOR-US: UseBB CVE-2010-3712 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.2 ...) NOT-FOR-US: Joomla! CVE-2010-3711 (libpurple in Pidgin before 2.7.4 does not properly validate the return ...) - pidgin 2.7.4-1 [squeeze] - pidgin 2.7.3-1+squeeze1 CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP 5.2. ...) {DSA-2195-1} - php5 5.3.3-3 (bug #601619) CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...) {DSA-2195-1} - php5 5.3.3-4 (bug #603751) CVE-2010-3708 (The serialization implementation in JBoss Drools in Red Hat JBoss Ente ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0 ...) - dovecot 1:1.2.15-1 [lenny] - dovecot (Only affects 1.2.x) CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0 ...) - dovecot 1:1.2.15-1 [lenny] - dovecot (Only affects 1.2.x) CVE-2010-3705 (The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux k ...) {DSA-2126-1} - linux-2.6 2.6.32-25 CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser i ...) {DSA-2135-1 DSA-2119-1} - kdegraphics 4:4.0.0-1 - xpdf 3.02-9 - poppler 0.12.4-1.2 (bug #599165) NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in poppler/Functio ...) - kdegraphics 4:4.0.0-1 [lenny] - kdegraphics (Vulnerable code not present) - xpdf 3.02-9 [lenny] - xpdf (Vulnerable code not present) - poppler 0.12.4-1.2 (bug #599165) [lenny] - poppler (Vulnerable code not present) NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, pop ...) {DSA-2135-1 DSA-2119-1} - kdegraphics 4:4.0.0-1 - xpdf 3.02-9 - poppler 0.12.4-1.2 (bug #599165) NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows ...) NOT-FOR-US: Red Hat Enterprise MRG CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3. ...) NOT-FOR-US: VMware SpringSource Spring Security CVE-2010-3699 (The backend driver in Xen 3.x allows guest OS users to cause a denial ...) {DSA-2153-1} - linux-2.6 2.6.32-31 CVE-2010-3698 (The KVM implementation in the Linux kernel before 2.6.36 does not prop ...) - linux-2.6 2.6.32-28 [lenny] - linux-2.6 (Vulnerable code not present) CVE-2010-3697 (The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x ...) - freeradius 2.1.10+dfsg-1 (bug #600176; unimportant) NOTE: requires server to be down already CVE-2010-3696 (The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in cert ...) - freeradius 2.1.10+dfsg-1 (bug #600176) [lenny] - freeradius (Vulnerable code not present) CVE-2010-3695 (Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Hord ...) {DSA-2204-1} - imp4 4.3.7+debian0-2.1 (bug #598584; low) NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde Applicati ...) {DSA-2278-1} - horde3 3.3.8+debian0-2 (bug #598582) NOTE: http://lists.horde.org/archives/announce/2010/000568.html CVE-2010-3693 (Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) b ...) - dimp1 1.1.4+debian2-1.1 (bug #598583) NOTE: http://lists.horde.org/archives/announce/2010/000561.html CVE-2010-3692 (Directory traversal vulnerability in the callback function in client.p ...) {DSA-2172-1} - libphp-cas (bug #495542) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone - moodle 1.9.9.dfsg2-2 (bug #601384) CVE-2010-3691 (PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ena ...) {DSA-2172-1} - libphp-cas (bug #495542) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone - moodle 1.9.9.dfsg2-2 (bug #601384) CVE-2010-3690 (Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1 ...) {DSA-2172-1} - libphp-cas (bug #495542) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone - moodle 1.9.9.dfsg2-2 (bug #601384) CVE-2010-3689 (soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length di ...) {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...) NOT-FOR-US: powermail extension 1.5.3 for typo3 CVE-2010-3686 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...) {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...) {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) CVE-2010-4340 (libcloud before 0.4.1 does not verify SSL certificates for HTTPS conne ...) - libcloud 0.5.0-1 (low; bug #598463) CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA We ...) NOT-FOR-US: NetArtMEDIA WebSiteAdmin CVE-2010-3684 (The FTP authentication module in Synology Disk Station 2.x logs passwo ...) NOT-FOR-US: Synology Disk Station CVE-2010-3683 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet ...) - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 [lenny] - mysql-dfsg-5.0 (vulnerable code not present) CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote aut ...) {DSA-2143-1} - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 CVE-2010-3681 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote auth ...) {DSA-2143-1} - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 CVE-2010-3680 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ca ...) {DSA-2143-1} - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 CVE-2010-3679 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ca ...) - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 [lenny] - mysql-dfsg-5.0 (vulnerable code not present) CVE-2010-3678 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ca ...) - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 [lenny] - mysql-dfsg-5.0 (vulnerable code not present) CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote aut ...) {DSA-2143-1} - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 CVE-2010-3676 (storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before ...) - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 [lenny] - mysql-dfsg-5.0 (vulnerable code not present) CVE-2010-3675 RESERVED CVE-2010-3658 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3657 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3656 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player be ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-3654 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5 ...) NOT-FOR-US: Adobe Shockwave CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3651 REJECTED CVE-2010-3650 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3649 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3648 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3647 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3646 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3645 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3644 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3643 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3642 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3641 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3640 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3639 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3638 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2010-3635 (Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, ...) NOT-FOR-US: Adobe Flash Media Server CVE-2010-3634 (Unspecified vulnerability in the edge process in Adobe Flash Media Ser ...) NOT-FOR-US: Adobe Flash Media Server CVE-2010-3633 (Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5. ...) NOT-FOR-US: Adobe Flash Media Server CVE-2010-3632 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3631 (Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3630 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3629 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3628 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3626 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3625 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3624 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3623 (Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3622 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3621 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3620 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3619 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3618 (PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does ...) NOT-FOR-US: PGP Desktop CVE-2010-3617 RESERVED CVE-2010-3616 (ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover p ...) - isc-dhcp (Only affects 4.2.x) - dhcp3 (Only affects 4.2.x) - dhcp (Only affects 4.2.x) CVE-2010-3615 (named in ISC BIND 9.7.2-P2 does not check all intended locations for a ...) - bind9 1:9.7.2.dfsg.P3-1 (bug #605876) [lenny] - bind9 (Doesn't affect 9.6 ESV) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV ...) {DSA-2130-1} - bind9 1:9.7.2.dfsg.P3-1 (bug #605876) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, an ...) {DSA-2130-1} - bind9 1:9.7.2.dfsg.P3-1 (bug #605876) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html CVE-2010-3612 RESERVED CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2 ...) - isc-dhcp 4.1.1-P1-14 - dhcp3 (Only affects DHCP 4.x) - dhcp (Only affects DHCP 4.x) CVE-2010-3610 RESERVED CVE-2010-3609 (The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other ve ...) {DLA-304-1} - openslp-dfsg 1.2.1-8 (low; bug #623551) [squeeze] - openslp-dfsg (Minor issue) [lenny] - openslp-dfsg (Minor issue) CVE-2010-3659 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3660 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3661 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3662 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3663 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3664 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3665 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3666 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3667 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3668 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3669 (TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3670 (TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3671 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3672 (TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea v ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3673 (TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3674 (TYPO3 before 4.4.1 allows XSS in the frontend search box. ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-XXXX [piwigo] - piwigo 2.1.2-2 NOTE: http://www.exploit-db.com/exploits/14973/ NOTE: First unfilled CVE-request https://www.openwall.com/lists/oss-security/2010/12/07/1 NOTE: Second CVE-request https://www.openwall.com/lists/oss-security/2012/10/06/3 CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote atta ...) NOT-FOR-US: wpQuiz CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt ...) NOT-FOR-US: NetArt MEDIA Real Estate Portal CVE-2010-3606 (Multiple directory traversal vulnerabilities in AGENTS/index.php in Ne ...) NOT-FOR-US: NetArt MEDIA Real Estate Portal CVE-2010-3605 (Cross-site scripting (XSS) vulnerability in the powermail extension 1. ...) NOT-FOR-US: powermail extension 1.5.3 for typo3 CVE-2010-3604 (SQL injection vulnerability in the powermail extension 1.5.3 and earli ...) NOT-FOR-US: powermail extension 1.5.3 for typo3 CVE-2010-3603 (Cross-site request forgery (CSRF) vulnerability in the file manager se ...) NOT-FOR-US: mojoPortal CVE-2010-3602 (Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPo ...) NOT-FOR-US: mojoPortal CVE-2010-3601 (SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows r ...) NOT-FOR-US: ibPhotohost CVE-2010-3499 (F-Secure Anti-Virus does not properly interact with the processing of ...) NOT-FOR-US: F-Secure Anti-Virus CVE-2010-3498 (AVG Anti-Virus does not properly interact with the processing of hcp:/ ...) NOT-FOR-US: AVG Anti-Virus CVE-2010-3497 (Symantec Norton AntiVirus 2011 does not properly interact with the pro ...) NOT-FOR-US: Symantec Norton AntiVirus CVE-2010-3496 (McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact w ...) NOT-FOR-US: McAfee VirusScan Enterprise CVE-2010-3495 (Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) ...) - zodb 1:3.9.4-1.1 (bug #599711) CVE-2010-3494 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib be ...) - python-pyftpdlib 0.5.2-1 (low) NOTE: http://code.google.com/p/pyftpdlib/issues/detail?id=104 CVE-2010-3493 (Multiple race conditions in smtpd.py in the smtpd module in Python 2.6 ...) - python3.1 3.1.2+20100829-1 - python2.6 2.6.6-1 (low; bug #601690) - python2.5 (low) [squeeze] - python2.5 (Minor issue) [lenny] - python2.5 (Minor issue) CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly handle unsu ...) - python2.7 2.7.8-11 (unimportant) - python3.1 (unimportant) - python3.2 3.4.2-1 (unimportant) NOTE: likely fixed much earlier, but these were the versions checked CVE-2010-3491 (The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator compon ...) NOT-FOR-US: TIBCO ActiveMatrix Service Grid CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...) NOT-FOR-US: FreePBX CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login ...) NOT-FOR-US: CMS Digital Workroom CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote atta ...) NOT-FOR-US: QuickShare CVE-2010-3487 (Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows a ...) NOT-FOR-US: YelloSoft Pinky CVE-2010-3486 (Directory traversal vulnerability in FileStorageUpload.ashx in Smarter ...) NOT-FOR-US: SmarterMail CVE-2010-3483 (cms_write.php in Primitive CMS 1.0.9 does not properly restrict access ...) NOT-FOR-US: Primitive CMS CVE-2010-3482 (Multiple SQL injection vulnerabilities in cms_write.php in Primitive C ...) NOT-FOR-US: Primitive CMS CVE-2010-3481 (Multiple SQL injection vulnerabilities in login.php in ApPHP PHP Micro ...) NOT-FOR-US: MicroCMS CVE-2010-3480 (Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1 ...) NOT-FOR-US: MicroCMS CVE-2010-3479 (SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote ...) NOT-FOR-US: BoutikOne CVE-2010-3478 RESERVED CVE-2010-3477 (The tcf_act_police_dump function in net/sched/act_police.c in the acti ...) {DSA-2126-1} - linux-2.6 2.6.32-25 CVE-2010-3600 (Unspecified vulnerability in the Client System Analyzer component in O ...) NOT-FOR-US: Oracle Database CVE-2010-3599 (Unspecified vulnerability in the Oracle Document Capture component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-3598 (Unspecified vulnerability in the Oracle Document Capture component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-3597 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-3596 (Unspecified vulnerability in the mod_ssl component in Oracle Secure Ba ...) NOT-FOR-US: Dupe of CVE-2009-3555, will be rejected CVE-2010-3595 (Unspecified vulnerability in the Oracle Document Capture component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-3594 (Unspecified vulnerability in the Real User Experience Insight componen ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2010-3593 (Unspecified vulnerability in the Health Sciences - Oracle Argus Safety ...) NOT-FOR-US: Oracle Industry Applications CVE-2010-3592 (Unspecified vulnerability in the Oracle Document Capture component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-3591 (Unspecified vulnerability in the Oracle Document Capture component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-3590 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...) NOT-FOR-US: Oracle Database CVE-2010-3589 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle Application Object Library component CVE-2010-3588 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-3587 (Unspecified vulnerability in the Oracle Common Applications component ...) NOT-FOR-US: Oracle Applications CVE-2010-3586 (Unspecified vulnerability in Oracle Solaris 9 allows local users to af ...) - xscreensaver (Solaris-specific patch) CVE-2010-3585 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...) NOT-FOR-US: OracleVM CVE-2010-3584 (Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2. ...) NOT-FOR-US: OracleVM CVE-2010-3583 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...) NOT-FOR-US: OracleVM CVE-2010-3582 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...) NOT-FOR-US: OracleVM CVE-2010-3581 (Unspecified vulnerability in the BPEL Console component in Oracle Fusi ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-3580 (Unspecified vulnerability in Oracle OpenSolaris allows local users to ...) NOT-FOR-US: Oracle OpenSolaris CVE-2010-3579 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Jav ...) NOT-FOR-US: Java Communications Suite CVE-2010-3578 (Unspecified vulnerability in Oracle OpenSolaris allows remote attacker ...) NOT-FOR-US: Oracle OpenSolaris CVE-2010-3577 (Unspecified vulnerability in Oracle OpenSolaris allows remote attacker ...) NOT-FOR-US: Oracle OpenSolaris CVE-2010-3576 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...) NOT-FOR-US: Oracle OpenSolaris CVE-2010-3575 (Unspecified vulnerability in the Oracle Communications Messaging Serve ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2010-3574 (Unspecified vulnerability in the Networking component in Oracle Java S ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3573 (Unspecified vulnerability in the Networking component in Oracle Java S ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3572 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3571 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3570 (Unspecified vulnerability in the Deployment Toolkit component in Oracl ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3569 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3568 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3567 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3566 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3565 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3564 (Unspecified vulnerability in the Oracle Communications Messaging Serve ...) - openjdk-6 6b18-1.8.2-1 CVE-2010-3563 (Unspecified vulnerability in the Deployment component in Oracle Java S ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3562 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3561 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3560 (Unspecified vulnerability in the Networking component in Oracle Java S ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3559 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3558 (Unspecified vulnerability in the Java Web Start component in Oracle Ja ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3557 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3556 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3555 (Unspecified vulnerability in the Deployment component in Oracle Java S ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3554 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3553 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3552 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3551 (Unspecified vulnerability in the Networking component in Oracle Java S ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3550 (Unspecified vulnerability in the Java Web Start component in Oracle Ja ...) - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3549 (Unspecified vulnerability in the Networking component in Oracle Java S ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3548 (Unspecified vulnerability in the Java Naming and Directory Interface ( ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3547 (Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in ...) NOT-FOR-US: Oracle PeopleSoft CVE-2010-3546 (Unspecified vulnerability in the Sun Java System Identity Manager comp ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2010-3545 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...) NOT-FOR-US: Oracle iPlanet Web Server CVE-2010-3544 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...) NOT-FOR-US: Oracle iPlanet Web Server CVE-2010-3543 REJECTED CVE-2010-3542 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...) NOT-FOR-US: Oracle Solaris CVE-2010-3541 (Unspecified vulnerability in the Networking component in Oracle Java S ...) - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-3540 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: Oracle Solaris CVE-2010-3539 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL compon ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3538 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL compon ...) NOT-FOR-US: PeopleSoft Enterprise FMS CVE-2010-3537 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM compon ...) NOT-FOR-US: PeopleSoft Enterprise FMS CVE-2010-3536 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...) NOT-FOR-US: PeopleSoft Enterprise SCM CVE-2010-3535 (Unspecified vulnerability in the Directory Server Enterprise Edition c ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2010-3534 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...) NOT-FOR-US: Oracle Primavera Products Suite CVE-2010-3533 (Unspecified vulnerability in the PeopleSoft Enterprise SCM OM and CRM ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3532 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order Cap ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3531 (Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM co ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR compon ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3529 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - Cash Mana ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3528 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Common Co ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3527 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM compon ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3526 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO compon ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3525 (Unspecified vulnerability in the (1) PeopleSoft Enterprise FMS, (2) SC ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3524 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - Strategic ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3523 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3522 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay compon ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3520 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3519 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3518 (Unspecified vulnerability in the PeopleSoft Enterprise HCM GP - Japan ...) NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite CVE-2010-3517 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: Oracle Solaris 10 and OpenSolaris CVE-2010-3516 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: Oracle Solaris 10 and OpenSolaris CVE-2010-3515 (Unspecified vulnerability in the Solaris component in Oracle Solaris 9 ...) NOT-FOR-US: Oracle Solaris 10 and OpenSolaris CVE-2010-3514 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2010-3513 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...) NOT-FOR-US: Oracle Solaris and OpenSolaris CVE-2010-3512 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...) NOT-FOR-US: Oracle iPlanet Web Server CVE-2010-3511 (Unspecified vulnerability in Oracle OpenSolaris allows local users to ...) NOT-FOR-US: Oracle OpenSolaris CVE-2010-3510 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle WebLogic CVE-2010-3509 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...) NOT-FOR-US: Oracle Solaris CVE-2010-3508 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2010-3507 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) NOT-FOR-US: Oracle Solaris CVE-2010-3506 (Unspecified vulnerability in the Oracle Explorer (Sun Explorer) compon ...) NOT-FOR-US: Oracle Explorer CVE-2010-3505 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...) NOT-FOR-US: Oracle Supply Chain Products CVE-2010-3504 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-3503 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: Oracle Solaris 10 and OpenSolaris CVE-2010-3502 (Unspecified vulnerability in the Siebel Core component in Oracle Siebe ...) NOT-FOR-US: Oracle Siebel Suite CVE-2010-3501 (Unspecified vulnerability in the OID component in Oracle Fusion Middle ...) NOT-FOR-US: Oracle Fusion CVE-2010-3500 (Unspecified vulnerability in the Siebel Core - Highly Interactive Clie ...) NOT-FOR-US: Oracle Siebel Suite CVE-2010-3476 (Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before ...) - otrs2 2.4.8+dfsg1-1 [lenny] - otrs2 (Only affects OTRS 2.3 and 2.4) CVE-2010-3475 (IBM DB2 9.7 before FP3 does not properly enforce privilege requirement ...) NOT-FOR-US: IBM DB2 CVE-2010-3474 (IBM DB2 9.7 before FP3 does not perform the expected drops or invalida ...) NOT-FOR-US: IBM DB2 CVE-2010-3473 (Open redirect vulnerability in the Workplace (aka WP) component in IBM ...) NOT-FOR-US: IBM FileNet P8 Application Engine CVE-2010-3472 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ( ...) NOT-FOR-US: IBM FileNet P8 Application Engine CVE-2010-3471 (Session fixation vulnerability in the Workplace (aka WP) component in ...) NOT-FOR-US: IBM FileNet P8 Application Engine CVE-2010-3470 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ( ...) NOT-FOR-US: IBM FileNet P8 Application Engine CVE-2010-3469 RESERVED CVE-2010-3468 (Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 b ...) NOT-FOR-US: Mura CMS CVE-2010-3467 (SQL injection vulnerability in modules/sections/index.php in E-Xooppor ...) NOT-FOR-US: E-Xoopport Samsara CVE-2010-3466 (Cross-site scripting (XSS) vulnerability in index.php in the hosted_si ...) NOT-FOR-US: NetArt Media iBoutique.MALL CVE-2010-3465 (Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Ca ...) NOT-FOR-US: XSE Shopping Cart CVE-2010-3464 (Cross-site request forgery (CSRF) vulnerability in admin/manager_users ...) NOT-FOR-US: SantaFox CVE-2010-3463 (Cross-site scripting (XSS) vulnerability in modules/search/search.clas ...) NOT-FOR-US: SantaFox CVE-2010-3462 (Cross-site scripting (XSS) vulnerability in backend/plugin/Registratio ...) NOT-FOR-US: Mollify CVE-2010-3461 (SQL injection vulnerability in the Publisher module in eNdonesia 8.4 a ...) NOT-FOR-US: eNdonesia CVE-2010-3460 (Directory traversal vulnerability in the HTTP interface in AXIGEN Mail ...) NOT-FOR-US: AXIGEN Mail Server CVE-2010-3459 (Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface ...) NOT-FOR-US: AXIGEN Mail Server CVE-2010-3458 (SQL injection vulnerability in lib/toolkit/events/event.section.php in ...) NOT-FOR-US: Symphony CMS CVE-2010-3457 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2. ...) NOT-FOR-US: Symphony CMS CVE-2010-3456 (Directory traversal vulnerability in download.php in EnergyScripts (ES ...) NOT-FOR-US: EnergyScripts Simple Download CVE-2010-3455 (Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 ...) NOT-FOR-US: AChecker CVE-2010-3454 (Multiple off-by-one errors in the WW8DopTypography::ReadFromMem functi ...) {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 CVE-2010-3453 (The WW8ListManager::WW8ListManager function in oowriter in OpenOffice. ...) {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 CVE-2010-3452 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x a ...) {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 CVE-2010-3451 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x a ...) {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 CVE-2010-3450 (Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2 ...) {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback before 1.2. ...) NOT-FOR-US: Redback CVE-2010-3448 (drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 ...) {DSA-2126-1} - linux-2.6 2.6.32-12 (bug #565790; unimportant) NOTE: this is more of a hardware bug rather than a security issue CVE-2010-3447 (Cross-site scripting (XSS) vulnerability in view.php in the file viewe ...) - gollem 1.1.1+debian0-1.1 (bug #598585) [lenny] - gollem ($filename not printed directly and passed through htmlspecialchars()) NOTE: http://bugs.horde.org/ticket/9191 CVE-2010-3446 REJECTED CVE-2010-3445 (Stack consumption vulnerability in the dissect_ber_unknown function in ...) {DSA-2127-1} - wireshark 1.2.11-3 (low) NOTE: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html CVE-2010-3444 (Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU Fri ...) - pyfribidi 0.10.0-2 (bug #570068) [lenny] - pyfribidi (fribidi 0.19.1 or higher needs to be installed to trigger this) CVE-2010-3443 (ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows ...) - quassel 0.7.1-1 (bug #597853) [squeeze] - quassel 0.6.3-1 NOTE: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774 CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in sound/core/c ...) {DSA-2126-1} - linux-2.6 2.6.32-25 NOTE: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779 CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote ...) - abcm2ps 5.9.13-0.1 (low; bug #577014) [lenny] - abcm2ps (Minor issue) CVE-2010-3440 (babiloo 2.0.9 before 2.0.11 creates temporary files with predictable n ...) - babiloo 2.0.11-1 (low; bug #591995) CVE-2010-3439 (It is possible to cause a DoS condition by causing the server to crash ...) - alien-arena 7.33-5 (low; bug #575621) [lenny] - alien-arena 7.0-1+lenny2 CVE-2010-3438 (libpoe-component-irc-perl before v6.32 does not remove carriage return ...) - libpoe-component-irc-perl 6.32+dfsg-1 [lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194) CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in dr ...) {DSA-2126-1} - linux-2.6 2.6.32-25 CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attacke ...) - php5 5.3.3-4 (unimportant) NOTE: http://svn.php.net/viewvc?view=revision&revision=303824 CVE-2010-3435 (The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before ...) - pam 1.1.3-1 (low; bug #599832) [squeeze] - pam (Minor issue) [lenny] - pam (Minor issue) NOTE: Fix from 1.1.2 is not fully complete CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in libclam ...) - clamav 0.96.3+dfsg-1 [lenny] - clamav NOTE: libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226) CVE-2010-3433 (The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30 ...) {DSA-2120-1} - postgresql-9.0 9.0.1-1 - postgresql-8.4 8.4.5-1 [squeeze] - postgresql-8.4 8.4.5-0squeeze1 - postgresql-8.3 CVE-2010-3432 (The sctp_packet_config function in net/sctp/output.c in the Linux kern ...) {DSA-2126-1} - linux-2.6 2.6.32-24 CVE-2010-3431 (The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...) - pam 1.1.3-1 (low; bug #599832) [squeeze] - pam (Minor issue) NOTE: 20100924164823.GA21584@openwall.com CVE-2010-3430 (The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...) - pam 1.1.3-1 (bug #599832) [squeeze] - pam (Affected functionality introduced in 1.1.2, see #599832) [lenny] - pam (Affected functionality introduced in 1.1.2, see #599832) NOTE: 20100924164823.GA21584@openwall.com CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlaye ...) {DSA-2165-1} - ffmpeg 4:0.5.2-6 (bug #598590) - ffmpeg-debian NOTE: http://www.ocert.org/advisories/ocert-2010-004.html CVE-2010-XXXX [mingetty directory traversal] - mingetty 1.07-2 (low; bug #597382) [lenny] - mingetty (Minor issue) CVE-2010-XXXX [config file world readable] - sabnzbdplus 0.5.4-1 (low; bug #593829) CVE-2010-XXXX [signature verification issue] - dpkg 1.15.1 (unimportant; bug #592115) CVE-2010-XXXX [numpy memory corruption] - python-numpy 1:1.4.1-5 (low; bug #581058) [lenny] - python-numpy (Minor issue) NOTE: http://projects.scipy.org/numpy/changeset/8364 CVE-2010-XXXX [mediatomb directory traversal] - mediatomb 0.12.1-47-g7ab7616-1 (low; bug #580120; bug #778669) [wheezy] - mediatomb 0.12.1-4+deb7u1 [squeeze] - mediatomb 0.12.0~svn2018-6.1 NOTE: was previously fixed in 580120 but patch was not applied to later maintainer uploads CVE-2010-3428 (SQL injection vulnerability in modules/notes/json.php in Intermesh Gro ...) NOT-FOR-US: Intermesh Group-Office CVE-2010-3427 (Multiple cross-site scripting (XSS) vulnerabilities in Open Classified ...) NOT-FOR-US: Open Classifieds CVE-2010-3426 (Directory traversal vulnerability in jphone.php in the JPhone (com_jph ...) NOT-FOR-US: JPhone for Joomla CVE-2010-3425 (Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHel ...) NOT-FOR-US: SmarterStats CVE-2010-3424 (Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbco ...) NOT-FOR-US: Invision Power Board CVE-2010-3423 (SQL injection vulnerability in the Yr Weatherdata module for Drupal 6. ...) NOT-FOR-US: Yr Weatherdata module for Drupal CVE-2010-3422 (SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 fo ...) NOT-FOR-US: JGen for Joomla CVE-2010-3421 (Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in Prod ...) NOT-FOR-US: ProductCart CVE-2010-3420 (Cross-site scripting (XSS) vulnerability in Products_Results.php in Po ...) NOT-FOR-US: PowerStore CVE-2010-3419 (Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Fam ...) NOT-FOR-US: Haudenschilt Family Connections CMS CVE-2010-3418 (Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Ca ...) NOT-FOR-US: NetArt Media Car Portal CVE-2010-3417 (Google Chrome before 6.0.472.59 does not prompt the user before granti ...) - webkit (chromium specific) - chromium-browser 6.0.472.59~r59126-1 CVE-2010-3416 (Google Chrome before 6.0.472.59 on Linux does not properly implement t ...) - webkit (issue in chromium-specific code) - chromium-browser 6.0.472.59~r59126-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=44960 NOTE: http://trac.webkit.org/changeset/66689 CVE-2010-3415 (Google Chrome before 6.0.472.59 does not properly implement Geolocatio ...) - webkit (issue in chromium-specific code) - chromium-browser 6.0.472.59~r59126-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=45112 NOTE: http://trac.webkit.org/changeset/66837 NOTE: depends on http://trac.webkit.org/changeset/66837 NOTE: https://bugs.webkit.org/show_bug.cgi?id=45257 CVE-2010-3414 (Google Chrome before 6.0.472.59 on Mac OS X does not properly implemen ...) - webkit (Does not affect linux) - chromium-browser (Does not affect linux) CVE-2010-3413 (Unspecified vulnerability in the pop-up blocking functionality in Goog ...) - webkit (chromium specific) - chromium-browser 6.0.472.59~r59126-1 CVE-2010-3412 (Race condition in the console implementation in Google Chrome before 6 ...) - libv8 2.2.24-6 (bug #597856) CVE-2010-3411 (Google Chrome before 6.0.472.59 on Linux does not properly handle curs ...) - webkit (chromium specific) - chromium-browser 6.0.472.59~r59126-1 CVE-2010-3410 REJECTED CVE-2010-3409 REJECTED CVE-2010-3408 REJECTED CVE-2010-3407 (Stack-based buffer overflow in the MailCheck821Address function in nno ...) NOT-FOR-US: IBM Lotus Domino CVE-2010-3406 (Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM ...) NOT-FOR-US: AIX 5.3 CVE-2010-3405 (Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, ...) NOT-FOR-US: AIX 6.1, VIOS CVE-2010-3404 (Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com ...) NOT-FOR-US: eshtery CMS CVE-2010-3403 (Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic ...) NOT-FOR-US: Qualcomm eXtensible Diagnostic Monitor CVE-2010-3402 (Untrusted search path vulnerability in IDM Computer Solutions UltraEdi ...) NOT-FOR-US: UltraEdit CVE-2010-3401 RESERVED CVE-2010-3400 (The js_InitRandom function in the JavaScript implementation in Mozilla ...) NOTE: These will likely be rejected, Mozilla people will clarify with MITRE CVE-2010-3399 (The js_InitRandom function in the JavaScript implementation in Mozilla ...) NOTE: These will likely be rejected, Mozilla people will clarify with MITRE CVE-2010-3398 (Unspecified vulnerability in the webcontainer implementation in IBM Lo ...) NOT-FOR-US: IBM Lotus Sametime Connect CVE-2010-3397 (Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9. ...) NOT-FOR-US: PGP Desktop CVE-2010-3396 (Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and ...) NOT-FOR-US: Kingsoft Antivirus CVE-2010-3395 RESERVED CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place ...) - texmacs 1:1.0.7.7-1.1 (bug #598424) [squeeze] - texmacs 1:1.0.7.4-3.1 [lenny] - texmacs (minor issue) CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory name i ...) - magics++ 2.10.0.dfsg-5.1 (bug #598418) CVE-2010-3392 RESERVED CVE-2010-3391 RESERVED CVE-2010-3390 RESERVED CVE-2010-3389 (The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents ...) - cluster-agents 1:1.0.3-3.1 (bug #598549) CVE-2010-3388 RESERVED CVE-2010-3387 - vdr 1.6.0-19.1 (unimportant; bug #598308) NOTE: Only affects a debugging tool, see bug #598308 CVE-2010-3386 (usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length ...) - ust 0.7-2.1 (bug #598309) [squeeze] - ust 0.5-1+squeeze1 [wheezy] - ust 0.5-1+squeeze1 CVE-2010-3385 (TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PA ...) - tuxguitar 1.2-7 (bug #598307) [lenny] - tuxguitar (Minor issue) CVE-2010-3384 (The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and ...) - torcs 1.3.1-5 (bug #598306) [lenny] - torcs (Minor issue) CVE-2010-3383 (The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 ...) - teamspeak-client 2.0.32-3.1 (low; bug #598304) [lenny] - teamspeak-client (Non-free not supported) - teamspeak-server 2.0.24.1+debian-1.1 (low; bug #598305) [lenny] - teamspeak-server (Non-free not supported) CVE-2010-3382 (tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-leng ...) - tau 2.16.4-1.4 (bug #598303) CVE-2010-3381 (The (1) tangerine and (2) tangerine-properties scripts in Tangerine 0. ...) - tangerine 0.3.2.2-6 (bug #598302) [lenny] - tangerine (minor issue) CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2 ...) - slurm-llnl 2.1.15-2 (bug #602340) [wheezy] - slurm-llnl 2.1.11-1squeeze1 (bug #602340) [squeeze] - slurm-llnl 2.1.11-1squeeze1 (bug #602340) [lenny] - slurm-llnl (Minor issue) NOTE: Debian package ships its own, also vulnerable, init script. NOT fixed in 2.1.14-1 CVE-2010-3379 RESERVED CVE-2010-3378 (The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scil ...) - scilab 5.2.2-8 (bug #598423; bug #598422) [lenny] - scilab (Non-free not supported) CVE-2010-3377 (The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hx ...) - salome 5.1.3-11 (bug #598421) CVE-2010-3376 (The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ...) - root-system 5.34.00-1 (bug #598420; bug #598419) [lenny] - root-system (minor issue) CVE-2010-3375 (qtparted has insecure library loading which may allow arbitrary code e ...) - qtparted 0.4.5-8 (low; bug #598301) [lenny] - qtparted (Minor issue) CVE-2010-3374 (Qt Creator before 2.0.1 places a zero-length directory name in the LD_ ...) - qtcreator 1.3.1-3 (bug #598300) CVE-2010-3373 (paxtest handles temporary files insecurely ...) - paxtest 1:0.9.9-1 (unimportant; bug #598413) CVE-2010-3372 (Untrusted search path vulnerability in NorduGrid Advanced Resource Con ...) - nordugrid-arc-nox 1.1.0~rc6-2.1 (bug #606151) CVE-2010-3371 RESERVED CVE-2010-3370 RESERVED CVE-2010-3369 (The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, a ...) - mono-debugger 2.6.3-2.1 (low; bug #598299) [lenny] - mono-debugger (Minor issue) CVE-2010-3368 RESERVED CVE-2010-3367 RESERVED CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the LD_LIBRARY_PATH ...) - mn-fit (bug #598298) [lenny] - mn-fit (Minor issue) CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PA ...) - mistelix 0.31-2 (low; bug #598297) CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length directory nam ...) - vips 7.14.5-2 (unimportant; bug #598296) NOTE: Scripts are not used for any real world scenarios CVE-2010-3363 (roarify in roaraudio 0.3 places a zero-length directory name in the LD ...) - roaraudio 0.3-2 (low; bug #598295) [lenny] - roaraudio (Minor issue) CVE-2010-3362 (lastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PAT ...) - lastfm 1:1.5.4.26862+dfsg-5 (low; bug #598294) [lenny] - lastfm 1:1.5.1.31879.dfsg-1+lenny1 CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 p ...) - ike 2.1.5+dfsg-2 (low; bug #598292) [lenny] - ike (Minor issue) CVE-2010-3360 (Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, ...) - hipo (bug #598291) [lenny] - hipo (Minor issue) CVE-2010-3359 (If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, th ...) - gargoyle-free 2009-08-25-2 NOTE: http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6 CVE-2010-3358 (HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in th ...) - henplus (bug #598290) CVE-2010-3357 (gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBR ...) - gnome-subtitles 1.0-2 (low; bug #598289) [lenny] - gnome-subtitles (Minor issue) CVE-2010-3356 RESERVED CVE-2010-3355 (Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH ...) - ember 0.5.7-1.1 (low; bug #598288) CVE-2010-3354 (dropboxd in Dropbox 0.7.110 places a zero-length directory name in the ...) - dropbox 0.8.107-1 (low; bug #598287) [lenny] - dropbox (Non-free not supported) CVE-2010-3353 (Cowbell 0.2.7.1 places a zero-length directory name in the LD_LIBRARY_ ...) - cowbell (See bug #598286) CVE-2010-3352 RESERVED CVE-2010-3351 (startBristol in Bristol 0.60.5 places a zero-length directory name in ...) - bristol 0.60.5-2 (bug #598285) CVE-2010-3350 (bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PA ...) - bareftp 0.3.4-1.1 (bug #598284) CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PA ...) - ardour 1:2.8.11-2 (low; bug #598282) CVE-2010-3348 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3347 REJECTED CVE-2010-3346 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3345 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3344 REJECTED CVE-2010-3343 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3342 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3341 REJECTED CVE-2010-3340 (Microsoft Internet Explorer 6 and 7 does not properly handle objects i ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3339 REJECTED CVE-2010-3338 (The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Win ...) NOT-FOR-US: Microsoft Windows CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2 ...) NOT-FOR-US: Microsoft Office 2007 SP2 CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac ...) NOT-FOR-US: Microsoft Office XP SP3 CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010 ...) NOT-FOR-US: Microsoft Office XP SP3 CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010 ...) NOT-FOR-US: Microsoft Office XP SP3 CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP ...) NOT-FOR-US: Microsoft Office CVE-2010-3332 (Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1 ...) NOT-FOR-US: Microsoft .NET Framework CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3330 (Microsoft Internet Explorer 6 through 8 does not properly restrict scr ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3329 (mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote atta ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3328 (Use-after-free vulnerability in the CAttrArray::PrivateFind function i ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3327 (The implementation of HTML content creation in Microsoft Internet Expl ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3326 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3325 (Microsoft Internet Explorer 6 through 8 does not properly handle unspe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8, and the Sa ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session ...) NOT-FOR-US: Splunk CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticat ...) NOT-FOR-US: Splunk CVE-2010-3321 (RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not ...) NOT-FOR-US: RSA Authentication Client CVE-2010-3320 (Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4 ...) NOT-FOR-US: IBM Records Manager CVE-2010-3319 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a sessi ...) NOT-FOR-US: IBM Records Manager CVE-2010-3318 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits pass ...) NOT-FOR-US: IBM Records Manager CVE-2010-3317 (Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4 ...) NOT-FOR-US: IBM Records Manager CVE-2010-3316 (The run_coprocess function in pam_xauth.c in the pam_xauth module in L ...) - pam 1.1.2-1 (unimportant; bug #599832) NOTE: partial fix http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6 NOTE: Not exploitable with current kernels CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as distr ...) {DSA-2118-1} - subversion 1.6.12dfsg-2 (low) CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1. ...) {DSA-2013-1} - egroupware (high; bug #573279) [lenny] - egroupware 1.4.004-2.dfsg-4.2 CVE-2010-3313 (phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serv ...) {DSA-2013-1} - egroupware (high; bug #573279) [lenny] - egroupware 1.4.004-2.dfsg-4.2 CVE-2010-3312 (Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditiona ...) - epiphany-browser 2.29.91-1 (bug #564690) [lenny] - epiphany-browser (Introduced with the switch to webkit after Lenny release) CVE-2010-3311 (Integer overflow in base/ftstream.c in libXft (aka the X FreeType libr ...) {DSA-2116-1} - freetype 2.4.0-1 NOTE: Only the 2.3.x series is affected CVE-2010-3310 (Multiple integer signedness errors in net/rose/af_rose.c in the Linux ...) {DSA-2126-1} - linux-2.6 2.6.32-25 CVE-2010-3309 REJECTED CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2. ...) - openswan 1:2.6.28+dfsg-2 [lenny] - openswan (Introduced in version 2.6.25) CVE-2010-3307 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...) NOT-FOR-US: Free Simple CMS 1.0 CVE-2010-3305 (Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 cou ...) - pixelpost (bug #597224) CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...) - dovecot 1.2.13-1 [lenny] - dovecot (only affects 1.2.x) CVE-2010-3303 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...) - mantis 1.1.8+dfsg-8 (bug #599710) [lenny] - mantis 1.1.6+dfsg-2lenny3 CVE-2010-3302 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2. ...) - openswan 1:2.6.28+dfsg-2 [lenny] - openswan (Introduced in version 2.6.25) CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia32entr ...) - linux-2.6 2.6.32-23 [lenny] - linux-2.6 (vulnerability introduced in 2.6.27) CVE-2010-3300 (It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are v ...) NOT-FOR-US: OWASP ESAPI CVE-2010-3299 (The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...) - rails (unimportant) NOTE: http://seclists.org/oss-sec/2010/q3/415 NOTE: http://seclists.org/oss-sec/2010/q3/413 NOTE: http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf CVE-2010-3298 (The hso_get_count function in drivers/net/usb/hso.c in the Linux kerne ...) - linux-2.6 2.6.32-24 [lenny] - linux-2.6 (Introduced in 2.6.27) CVE-2010-3297 (The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel ...) {DSA-2126-1} - linux-2.6 2.6.32-24 CVE-2010-3296 (The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in ...) {DSA-2126-1} - linux-2.6 2.6.32-24 CVE-2010-3295 REJECTED CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x throug ...) NOT-FOR-US: HP AssetCenter CVE-2010-3290 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 6 ...) NOT-FOR-US: HP Systems Insight Manager CVE-2010-3289 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...) NOT-FOR-US: HP Systems Insight Manager CVE-2010-3288 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight ...) NOT-FOR-US: HP Systems Insight Manager CVE-2010-3287 (Unspecified vulnerability on HP ProCurve Access Points, Access Control ...) NOT-FOR-US: HP ProCurve CVE-2010-3286 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and ...) NOT-FOR-US: HP Systems Insight Manager CVE-2010-3285 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) bef ...) NOT-FOR-US: HP System Management Homepage CVE-2010-3282 (389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) ...) NOT-FOR-US: Red Hat Directory Server CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucen ...) NOT-FOR-US: Alcatel-Lucent OmniVista CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server (aka T ...) NOT-FOR-US: Alcatel-Lucent OmniTouch Contact Center CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4 in the ...) NOT-FOR-US: Alcatel-Lucent OmniTouch Contact Center CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Alternative ...) - php-apc (unimportant) NOTE: vulnerable script is, mainly, for debugging purposes NOTE: and is distributed gzip-compressed CVE-2010-3293 (mailscanner can allow local users to prevent virus signatures from bei ...) - mailscanner (bug #596397; unimportant) NOTE: or even unimportant, the script is not used by default CVE-2010-3292 (The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 down ...) - mailscanner (bug #596396; low) [squeeze] - mailscanner (Minor issue) CVE-2010-3278 REJECTED CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build 301548 and ...) NOT-FOR-US: VMware Workstation CVE-2010-3276 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...) {DSA-2211-1} - vlc 1.1.8-1 NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch CVE-2010-3275 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...) {DSA-2211-1} - vlc 1.1.8-1 NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch. ...) NOT-FOR-US: ZOHO ManageEngine CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remo ...) NOT-FOR-US: ZOHO ManageEngine CVE-2010-3272 (accounts/ValidateAnswers in the security-questions implementation in Z ...) NOT-FOR-US: ZOHO ManageEngine CVE-2010-3271 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Inte ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before ...) NOT-FOR-US: Cisco WebEx Meeting Center CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx Recording For ...) NOT-FOR-US: Cisco WebEx CVE-2010-3268 (The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in th ...) NOT-FOR-US: Symantec Antivirus CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 ...) NOT-FOR-US: BugTracker.NET CVE-2010-3266 (Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET ...) NOT-FOR-US: BugTracker.NET CVE-2010-3265 RESERVED CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...) NOT-FOR-US: Novell Identity Manager CVE-2010-3263 (Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php ...) - phpmyadmin 4:3.3.7-1 (low) [lenny] - phpmyadmin (Vulnerable code not present) CVE-2010-3262 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3 ...) NOT-FOR-US: flock CVE-2010-3261 (Directory traversal vulnerability in RSA Authentication Agent 7.0 befo ...) NOT-FOR-US: RSA Authentication Agent 7.0 for Web CVE-2010-3260 (oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server co ...) NOT-FOR-US: Orbeon Forms CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, G ...) - chromium-browser 6.0.472.53~r57914-1 - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: https://bugs.webkit.org/show_bug.cgi?id=44399 NOTE: http://trac.webkit.org/changeset/65826 CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53 does not ...) - chromium-browser 6.0.472.53~r57914-1 - webkit NOTE: chromium specific CVE-2010-3257 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...) - chromium-browser 6.0.472.53~r57914-1 - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/65748 NOTE: https://bugs.webkit.org/show_bug.cgi?id=44226 CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the number of ...) - chromium-browser 6.0.472.53~r57914-1 - webkit NOTE: chromium specific CVE-2010-3255 (Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not prop ...) - chromium-browser 6.0.472.53~r57914-1 - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812 NOTE: http://trac.webkit.org/changeset/66052 CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53 does ...) - chromium-browser 6.0.472.53~r57914-1 - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/65135 CVE-2010-3253 (The implementation of notification permissions in Google Chrome before ...) - chromium-browser 6.0.472.53~r57914-1 - webkit (notifications not yet used in webkit) NOTE: http://trac.webkit.org/changeset/64647 NOTE: http://trac.webkit.org/changeset/64651 CVE-2010-3252 (Use-after-free vulnerability in the Notifications presenter in Google ...) - chromium-browser 6.0.472.53~r57914-1 - webkit (notifications not yet used in webkit) NOTE: https://bugs.webkit.org/show_bug.cgi?id=43645 NOTE: http://trac.webkit.org/changeset/65742 CVE-2010-3251 (The WebSockets implementation in Google Chrome before 6.0.472.53 allow ...) - chromium-browser 6.0.472.53~r57914-1 - webkit NOTE: chromium specific CVE-2010-3250 (Unspecified vulnerability in Google Chrome before 6.0.472.53 allows re ...) - chromium-browser 6.0.472.53~r57914-1 - webkit NOTE: chromium specific CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG filter ...) - chromium-browser 6.0.472.53~r57914-1 NOTE: http://trac.webkit.org/changeset/60541 CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict copying to ...) - chromium-browser 6.0.472.53~r57914-1 - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/58703 CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the charact ...) - chromium-browser 6.0.472.53~r57914-1 - webkit NOTE: chromium specific CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the _blank va ...) - chromium-browser 6.0.472.53~r57914-1 - webkit (vulnerable code not present in 1.2.x series) NOTE: https://bugs.webkit.org/show_bug.cgi?id=34541 NOTE: https://bugs.webkit.org/show_bug.cgi?id=44969 NOTE: http://trac.webkit.org/changeset/66742 CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite (forme ...) NOT-FOR-US: Blackboard Transact Suite CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackbo ...) NOT-FOR-US: Blackboard Transact Suite CVE-2010-3306 (Directory traversal vulnerability in the modURL function in instance.c ...) - weborf 0.12.3-1 (bug #596112) CVE-2010-3243 (Cross-site scripting (XSS) vulnerability in the toStaticHTML function ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3242 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...) NOT-FOR-US: Microsoft Excel CVE-2010-3241 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...) NOT-FOR-US: Microsoft Excel CVE-2010-3240 (Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Co ...) NOT-FOR-US: Microsoft Excel CVE-2010-3239 (Microsoft Excel 2002 SP3 does not properly validate record information ...) NOT-FOR-US: Microsoft Excel CVE-2010-3238 (Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does n ...) NOT-FOR-US: Microsoft Excel CVE-2010-3237 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly valid ...) NOT-FOR-US: Microsoft Excel CVE-2010-3236 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...) NOT-FOR-US: Microsoft Excel CVE-2010-3235 (Microsoft Excel 2002 SP3 does not properly validate formula informatio ...) NOT-FOR-US: Microsoft Excel CVE-2010-3234 (Microsoft Excel 2002 SP3 does not properly validate formula informatio ...) NOT-FOR-US: Microsoft Excel CVE-2010-3233 (Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate recor ...) NOT-FOR-US: Microsoft Excel CVE-2010-3232 (Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; O ...) NOT-FOR-US: Microsoft Excel CVE-2010-3231 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...) NOT-FOR-US: Microsoft Excel CVE-2010-3230 (Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers t ...) NOT-FOR-US: Microsoft Excel CVE-2010-3229 (The Secure Channel (aka SChannel) security package in Microsoft Window ...) NOT-FOR-US: Microsoft OSes CVE-2010-3228 (The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms d ...) NOT-FOR-US: Microsoft .NET Framework CVE-2010-3227 (Stack-based buffer overflow in the UpdateFrameTitleForDocument method ...) NOT-FOR-US: Microsoft Windows CVE-2010-3226 REJECTED CVE-2010-3225 (Use-after-free vulnerability in the Media Player Network Sharing Servi ...) NOT-FOR-US: Microsoft Windows Vista CVE-2010-3224 REJECTED CVE-2010-3223 (The user interface in Microsoft Cluster Service (MSCS) in Microsoft Wi ...) NOT-FOR-US: Microsoft Windows CVE-2010-3222 (Stack-based buffer overflow in the Remote Procedure Call Subsystem (RP ...) NOT-FOR-US: Microsoft Windows CVE-2010-3221 (Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Vi ...) NOT-FOR-US: Microsoft Word CVE-2010-3220 (Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 f ...) NOT-FOR-US: Microsoft Word CVE-2010-3219 (Array index vulnerability in Microsoft Word 2002 SP3 allows remote att ...) NOT-FOR-US: Microsoft Word CVE-2010-3218 (Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote at ...) NOT-FOR-US: Microsoft Word CVE-2010-3217 (Double free vulnerability in Microsoft Word 2002 SP3 allows remote att ...) NOT-FOR-US: Microsoft Word CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers ...) NOT-FOR-US: Microsoft Word CVE-2010-3215 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...) NOT-FOR-US: Microsoft Word CVE-2010-3214 (Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 ...) NOT-FOR-US: Microsoft Word CVE-2010-3213 (Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook W ...) NOT-FOR-US: Microsoft Outlook Web Access CVE-2010-3212 (SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier ...) NOT-FOR-US: Seagull CVE-2010-3211 (Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro ...) NOT-FOR-US: Joomla addon CVE-2010-3210 (Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E- ...) NOT-FOR-US: Multi-lingual E-Commerce System CVE-2010-3209 (Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 al ...) NOT-FOR-US: Seagull CVE-2010-3208 (Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web Bui ...) NOT-FOR-US: Wiccle Web Builder CVE-2010-3207 (SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when mag ...) NOT-FOR-US: GaleriaSHQIP CVE-2010-3206 (Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allo ...) NOT-FOR-US: DiY-CMS CVE-2010-3205 (PHP remote file inclusion vulnerability in index.php in Textpattern CM ...) - textpattern [squeeze] - textpattern (Minor issue) CVE-2010-3204 (Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 ...) NOT-FOR-US: Pecio CMS CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) compone ...) NOT-FOR-US: PicSell CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 a ...) NOT-FOR-US: flock CVE-2010-3201 (Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4. ...) NOT-FOR-US: NetWin Surgemail CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attac ...) NOT-FOR-US: Microsoft Word CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...) NOT-FOR-US: TortoiseSVN CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows ...) - zope2.10 - zope2.11 CVE-2010-3197 (IBM DB2 9.7 before FP2 does not perform the expected access control on ...) NOT-FOR-US: IBM DB2 CVE-2010-3196 (IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote au ...) NOT-FOR-US: IBM DB2 CVE-2010-3195 (Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, a ...) NOT-FOR-US: IBM DB2 CVE-2010-3194 (The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 ...) NOT-FOR-US: IBM DB2 CVE-2010-3193 (Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before ...) NOT-FOR-US: IBM DB2 CVE-2010-3192 (Certain run-time memory protection mechanisms in the GNU C Library (ak ...) - eglibc (unimportant) NOTE: Minor information leak CVE-2010-3191 (Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and ...) NOT-FOR-US: Adobe Captivate CVE-2010-3190 (Untrusted search path vulnerability in the Microsoft Foundation Class ...) NOT-FOR-US: ATL MFC Trace Tool CVE-2010-3189 (The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (Uf ...) NOT-FOR-US: Trend Micro Internet Security Pro CVE-2010-3188 (SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and ...) NOT-FOR-US: BugTracker.NET CVE-2010-3187 (Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attac ...) NOT-FOR-US: IBM AIX CVE-2010-3186 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSph ...) NOT-FOR-US: WebSphere CVE-2010-3185 RESERVED CVE-2010-3184 RESERVED CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox bef ...) {DSA-2124-1} - xulrunner (unimportant) - iceweasel 3.5.14-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.9-1 [lenny] - icedove - iceape 2.0.9-1 [lenny] - iceape (Only a stub package) [lenny] - xulrunner (bug in optimization added later) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3182 (A certain application-launch script in Mozilla Firefox before 3.5.14 a ...) - icedove 3.0.9-1 [lenny] - icedove - iceweasel (run-mozilla.sh not used) CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 a ...) - iceweasel (Windows-specific) CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in Mozilla Fire ...) {DSA-2124-1} - xulrunner (unimportant) - icedove 3.0.9-1 - iceweasel 3.5.14-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.9-1 [lenny] - iceape (Only a stub package) [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality in Moz ...) {DSA-2124-1} - xulrunner (unimportant) - icedove 3.0.9-1 [lenny] - icedove - iceweasel 3.5.14-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.9-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird bef ...) {DSA-2124-1} - xulrunner (unimportant) - icedove 3.0.9-1 [lenny] - icedove - iceweasel 3.5.14-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.9-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the Gopher pars ...) {DSA-2124-1} - xulrunner (unimportant) - iceweasel 3.5.14-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.9-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2124-1} - xulrunner (unimportant) - iceweasel 3.5.14-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.9-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3175 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 3.6, which is only in experimental) CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...) {DSA-2124-1} - xulrunner (unimportant) - icedove 3.0.9-1 [lenny] - icedove - iceweasel 3.5.14-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.9-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x befo ...) {DSA-2123-1} - nss 3.12.8-1 CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3. ...) - bugzilla 3.6.3.0-1 (bug #602420; low) [squeeze] - bugzilla 3.6.2.0-4.2 CVE-2010-3171 (The Math.random function in the JavaScript implementation in Mozilla F ...) NOTE: Will likely be rejected by MITRE CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird bef ...) {DSA-2123-1} - nss 3.12.8-1 - kde4libs 4:4.4.5-4 (low) - qt4-x11 4:4.7.2-4 (low) [squeeze] - qt4-x11 4:4.6.3-4+squeeze1 [lenny] - qt4-x11 (Vulnerable code not present) [squeeze] - kde4libs 4:4.4.5-2+squeeze2 [lenny] - kde4libs (Minor issue) CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2106-1} - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.7-1 [lenny] - icedove - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3168 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...) {DSA-2106-1} - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.7-1 [lenny] - icedove - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3167 (The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3. ...) {DSA-2106-1} - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.7-1 [lenny] - icedove - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3166 (Heap-based buffer overflow in the nsTextFrameUtils::TransformText func ...) - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) [lenny] - xulrunner (Doesn't affect Xulrunner 1.9.0 code base) - icedove 3.0.7-1 [lenny] - icedove (Doesn't affect Xulrunner 1.9.0 code base) - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-3165 (Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and ear ...) NOT-FOR-US: Yokka NoEditor and others CVE-2010-3164 (Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earli ...) NOT-FOR-US: Fenrir Sleipnir, Grani CVE-2010-3163 (Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 an ...) NOT-FOR-US: Fenrir Sleipnir, Grani CVE-2010-3162 (Untrusted search path vulnerability in Apsaly before 3.74 allows local ...) NOT-FOR-US: Apsaly CVE-2010-3161 (Untrusted search path vulnerability in TeraPad before 1.00 allows loca ...) NOT-FOR-US: TeraPad CVE-2010-3160 (Untrusted search path vulnerability in Archive Decoder 1.23 and earlie ...) NOT-FOR-US: Archive Decoder CVE-2010-3159 (Untrusted search path vulnerability in Explzh 5.67 and earlier allows ...) NOT-FOR-US: Explzh CVE-2010-3158 (Untrusted search path vulnerability in Lhaplus before 1.58 allows loca ...) NOT-FOR-US: Lhaplus CVE-2010-3157 (Untrusted search path vulnerability in XacRett before 50 allows attack ...) NOT-FOR-US: XacRett CVE-2010-3156 (Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows ...) NOT-FOR-US: K2Editor CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 ...) - wireshark (Only affects Windows port) CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 a ...) - xulrunner (Only affects Windows port) - iceweasel (Only affects Windows port) CVE-2010-3123 RESERVED CVE-2010-3155 (Untrusted search path vulnerability in Adobe ExtendScript Toolkit (EST ...) NOT-FOR-US: Adobe ExtendedScript Toolkit CVE-2010-3154 (Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0 ...) NOT-FOR-US: Adobe Extension Manager CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesig ...) NOT-FOR-US: Adobe InDesign CVE-2010-3152 (Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, C ...) NOT-FOR-US: Adobe Illustrator CVE-2010-3151 (Untrusted search path vulnerability in Adobe On Location CS4 Build 315 ...) NOT-FOR-US: Adobe On Location CVE-2010-3150 (Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 (31 ...) NOT-FOR-US: Adobe Premier Pro CVE-2010-3149 (Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0( ...) NOT-FOR-US: Adobe Device Central CVE-2010-3148 (Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows ...) NOT-FOR-US: Microsoft Visio CVE-2010-3147 (Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windo ...) NOT-FOR-US: Microsoft Address Book CVE-2010-3146 (Multiple untrusted search path vulnerabilities in Microsoft Groove 200 ...) NOT-FOR-US: Microsoft Office Groove CVE-2010-3145 (Untrusted search path vulnerability in the BitLocker Drive Encryption ...) NOT-FOR-US: Microsoft Vista BitLocker CVE-2010-3144 (Untrusted search path vulnerability in the Internet Connection Signup ...) NOT-FOR-US: Microsoft Internet Connection Signup Wizard CVE-2010-3143 (Untrusted search path vulnerability in Microsoft Windows Contacts allo ...) NOT-FOR-US: Microsoft Windows Contacts CVE-2010-3142 (Untrusted search path vulnerability in Microsoft Office PowerPoint 200 ...) NOT-FOR-US: Microsoft Office PowerPoint CVE-2010-3141 (Untrusted search path vulnerability in Microsoft PowerPoint 2010 allow ...) NOT-FOR-US: Microsoft Power Point CVE-2010-3140 (Untrusted search path vulnerability in Microsoft Windows Internet Comm ...) NOT-FOR-US: Microsoft Windows Internet Communication Settings CVE-2010-3139 (Untrusted search path vulnerability in Microsoft Windows Progman Group ...) NOT-FOR-US: Microsoft Windows Progman Group Converter CVE-2010-3138 (Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2010-3137 (Untrusted search path vulnerability in Nullsoft Winamp 5.581, and prob ...) NOT-FOR-US: Nullsoft Winamp CVE-2010-3136 (Untrusted search path vulnerability in Skype 4.2.0.169 and earlier all ...) NOT-FOR-US: Skype CVE-2010-3135 (Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows ...) NOT-FOR-US: Cisco Packet Tracer CVE-2010-3134 (Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allo ...) NOT-FOR-US: Google Earth CVE-2010-3132 (Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 buil ...) NOT-FOR-US: Adobe Dreamweaver CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit all versions 1 ...) NOT-FOR-US: TechSmith Snagit CVE-2010-3129 (Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allo ...) NOT-FOR-US: uTorrent CVE-2010-3128 (Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier ...) NOT-FOR-US: TeamViewer CVE-2010-3127 (Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 ...) NOT-FOR-US: Adobe PhotoShop CVE-2010-3126 (Untrusted search path vulnerability in avast! Free Antivirus version 5 ...) NOT-FOR-US: avast! Free Antivirus version CVE-2010-3125 (Untrusted search path vulnerability in TeamMate Audit Management Softw ...) NOT-FOR-US: TeamMate Audit Management Software Suite CVE-2010-3122 (The DevonIT thin-client management tool relies on a shared secret for ...) NOT-FOR-US: DevonIT thin-client management tool CVE-2010-3121 (Buffer overflow in tm-console-bin in the DevonIT thin-client managemen ...) NOT-FOR-US: DevonIT thin-client management tool CVE-2010-3124 (Untrusted search path vulnerability in bin/winvlc.c in VLC Media Playe ...) - vlc (Windows specific vulnerability) CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the Geolo ...) - chromium-browser 5.0.375.127~r55887-1 - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: https://bugs.webkit.org/show_bug.cgi?id=43776 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39879 NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096 NOTE: http://trac.webkit.org/changeset/65329 NOTE: http://trac.webkit.org/changeset/65325 CVE-2010-3119 (Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not pro ...) - chromium-browser 5.0.375.127~r55887-1 - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795 NOTE: http://trac.webkit.org/changeset/65090 CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google Chrome ...) - chromium-browser 5.0.375.127~r55887-1 - webkit (chromium specific) CVE-2010-3117 (Google Chrome before 5.0.375.127 does not properly implement the notif ...) - chromium-browser 5.0.375.127~r55887-1 - webkit (chromium specific) CVE-2010-3116 (Multiple use-after-free vulnerabilities in WebKit, as used in Apple Sa ...) - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: http://trac.webkit.org/changeset/64293 NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147 NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888 NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series CVE-2010-3115 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not ...) - webkit 1.2.5-1 (bug #599830) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: http://trac.webkit.org/changeset/63925 NOTE: http://trac.webkit.org/changeset/64077 NOTE: only partially fixed: only 64077 applied in 1.2.4-1 CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127, a ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655 NOTE: http://trac.webkit.org/changeset/63773 CVE-2010-3113 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not ...) - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659 NOTE: http://trac.webkit.org/changeset/63865 CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement file dial ...) - webkit (chromium specific) - chromium-browser 5.0.375.127~r55887-1 CVE-2010-3111 (Google Chrome before 6.0.472.53 does not properly mitigate an unspecif ...) - chromium-browser 5.0.375.127~r55887-1 - webkit (chromium specific) CVE-2010-3110 (Multiple buffer overflows in the Novell Client novfs module for the Li ...) NOT-FOR-US: novfs kernel module (only included in SUSE it seems) CVE-2010-2948 (Stack-based buffer overflow in the bgp_route_refresh_receive function ...) {DSA-2104-1} - quagga 0.99.17-1 (bug #594262) CVE-2010-2949 (bgpd in Quagga before 0.99.17 does not properly parse AS paths, which ...) {DSA-2104-1} - quagga 0.99.17-1 (bug #594262) CVE-2010-3109 (Stack-based buffer overflow in the browser plugin in Novell iPrint Cli ...) NOT-FOR-US: browser plugin in Novell iPrint Client CVE-2010-3108 (Buffer overflow in the browser plugin in Novell iPrint Client before 5 ...) NOT-FOR-US: browser plugin in Novell iPrint Client CVE-2010-3107 (A certain ActiveX control in ienipp.ocx in the browser plugin in Novel ...) NOT-FOR-US: browser plugin in Novell iPrint Client CVE-2010-3106 (The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint ...) NOT-FOR-US: browser plugin in Novell iPrint Client CVE-2010-3105 (The PluginGetDriverFile function in Novell iPrint Client before 5.44 i ...) NOT-FOR-US: browser plugin in Novell iPrint Client CVE-2010-3104 (Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, a ...) NOT-FOR-US: DeskShare AutoFTP Manager CVE-2010-3103 (Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.0 ...) NOT-FOR-US: FTPGetter CVE-2010-3102 (Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3 ...) NOT-FOR-US: SiteDesigner Technologies CVE-2010-3101 (Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 ...) NOT-FOR-US: FTPx Corp FTP Explorer CVE-2010-3100 (Directory traversal vulnerability in Porta+ FTP Client 4.1, and possib ...) NOT-FOR-US: Porta+ FTP Client CVE-2010-3099 (Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0 ...) NOT-FOR-US: SmartSoft Ltd SmartFTP CVE-2010-3098 (Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 an ...) NOT-FOR-US: IoRush Software FTP Rush CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3 ...) NOT-FOR-US: WinFrigate Frigate 3 FTP CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...) NOT-FOR-US: SoftX FTP Client 3.3 CVE-2010-3095 (mailscanner before 4.79.11-2.1 might allow local users to overwrite ar ...) - mailscanner 4.79.11-2.1 (bug #596403) CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...) {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) CVE-2010-3093 (The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allow ...) {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) CVE-2010-3092 (The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does n ...) {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...) {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) CVE-2010-3090 REJECTED CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman bef ...) {DSA-2170-1} - mailman 1:2.1.13-4.1 (bug #599833) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id={631881,631859} CVE-2010-3088 (The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0 ...) NOT-FOR-US: Knotify plugin for Pidgin CVE-2010-3087 (LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attacke ...) - tiff 3.9.4-5 (bug #600188) - tiff3 (fixed before initial upload) [lenny] - tiff (Vulnerable code not present) CVE-2010-3086 (include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not pro ...) - linux-2.6 2.6.25-1 CVE-2010-3085 (The network-play implementation in Mednafen before 0.8.D might allow r ...) - mednafen 0.8.D-1 (unimportant) NOTE: Extremely obscure attack vector, marking as unimportant CVE-2010-3084 (Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/ne ...) - linux-2.6 2.6.32-25 [lenny] - linux-2.6 (vulnerable code introduced in 2.6.30) CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Ente ...) - qpid-cpp (Fixed before initial upload to archive) CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...) - python-django 1.2.3-1 (low; bug #596205) NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/ CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in ...) {DSA-2110-1} - linux-2.6 2.6.32-23 (high) CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in sound/co ...) {DSA-2110-1} - linux-2.6 2.6.32-24 CVE-2010-3079 (kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugf ...) - linux-2.6 2.6.32-24 [lenny] - linux-2.6 (Introduced in 2.6.30) CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...) {DSA-2110-1} - linux-2.6 2.6.32-24 CVE-2010-3077 (Cross-site scripting (XSS) vulnerability in util/icon_browser.php in t ...) {DSA-2278-1} - horde3 3.3.8+debian0-2 (bug #598582) NOTE: http://seclists.org/fulldisclosure/2010/Sep/82 CVE-2010-3076 (The filter function in php/src/include.php in Simple Management for BI ...) {DSA-2103-1} - smbind 0.4.7-5 (high) NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt CVE-2010-3075 (EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher ...) - encfs 1.7.2-1 (bug #595998) [lenny] - encfs (Not backportable, breaks backwards-compatibility) CVE-2010-3074 (SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of a ...) - encfs 1.7.2-1 (bug #595998) [lenny] - encfs (Minor issue) CVE-2010-3073 (SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer ...) - encfs 1.7.2-1 (bug #595998) [lenny] - encfs (Minor issue) CVE-2010-3072 (The string-comparison functions in String.cci in Squid 3.x before 3.1. ...) {DSA-2111-1} - squid3 3.1.6-1.1 (bug #596086; low) - squid (Only affects 3.x) CVE-2010-3071 (bip before 0.8.6 allows remote attackers to cause a denial of service ...) - bip 0.8.6-1 (low; bug #595409) [lenny] - bip (vulnerable code ('LINK(lc)->name') not in 0.7.4-2) [squeeze] - bip 0.8.2-1squeeze2 CVE-2010-3070 (Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in M ...) - nusoap 0.7.3-4 (low; bug #595248) CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse ...) {DSA-2109-1} - samba 2:3.5.5~dfsg-1 (bug #596891) CVE-2010-3068 REJECTED CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the Linux ...) {DSA-2126-1} - linux-2.6 2.6.32-24 CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel before 2.6. ...) - linux-2.6 2.6.23-1 CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...) - php5 (unimportant) NOTE: mysqlnd not used in squeeze/sid CVE-2010-3063 (The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...) - php5 (unimportant) NOTE: mysqlnd not used in squeeze/sid CVE-2010-3062 (mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3 ...) - php5 (unimportant) NOTE: mysqlnd not used in squeeze/sid CVE-2010-3061 (Unspecified vulnerability in the message-protocol implementation in th ...) NOT-FOR-US: Tivoli CVE-2010-3060 (Unspecified vulnerability in the message-protocol implementation in th ...) NOT-FOR-US: Tivoli CVE-2010-3059 (Buffer overflow in the message-protocol implementation in the Server i ...) NOT-FOR-US: Tivoli CVE-2010-3058 (The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x b ...) NOT-FOR-US: Tivoli CVE-2010-3065 (The default session serializer in PHP 5.2 through 5.2.13 and 5.3 throu ...) {DSA-2089-1} - php5 5.3.3-1 CVE-2010-3057 RESERVED CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions before ...) - freetype 2.4.2-1 (unimportant) CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause ...) {DSA-2105-1} - freetype 2.4.2-1 CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11 ...) {DSA-2097-2 DSA-2097-1} - phpmyadmin 4:3.3.5.1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2010-5/ CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2 ...) {DSA-2097-2 DSA-2097-1} - phpmyadmin 4:3.0.0 NOTE: Affects only 2.x branch CVE-2010-3052 RESERVED CVE-2010-3051 RESERVED CVE-2010-3050 (Cisco IOS before 12.2(33)SXI allows remote authenticated users to caus ...) NOT-FOR-US: Cisco CVE-2010-3049 (Cisco IOS before 12.2(33)SXI allows local users to cause a denial of s ...) NOT-FOR-US: Cisco CVE-2010-3048 (Cisco Unified Personal Communicator 7.0 (1.13056) does not free alloca ...) NOT-FOR-US: Cisco CVE-2010-3047 RESERVED CVE-2010-3046 RESERVED CVE-2010-3045 RESERVED CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...) NOT-FOR-US: Cisco WebEx CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...) NOT-FOR-US: Cisco WebEx CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...) NOT-FOR-US: Cisco WebEx CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...) NOT-FOR-US: Cisco WebEx CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...) NOT-FOR-US: Cisco Intelligent Contact Manager CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications M ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2010-3038 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the L ...) NOT-FOR-US: Cisco Unified Videoconferencing CVE-2010-3037 (goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing ( ...) NOT-FOR-US: Cisco Unified Videoconferencing CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in the w ...) NOT-FOR-US: Cisco CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not proper ...) NOT-FOR-US: Cisco IOS XR CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possib ...) NOT-FOR-US: Cisco CVE-2010-3033 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0 ...) NOT-FOR-US: Cisco CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in ...) NOT-FOR-US: SAP Crystal Reports 2008 CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other version ...) NOT-FOR-US: Wyse ThinOS CVE-2010-3030 (Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open B ...) NOT-FOR-US: Tomaz Muraus Open Blog CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows re ...) NOT-FOR-US: PHPKick CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses insecure perm ...) NOT-FOR-US: Joomla! CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0 ...) NOT-FOR-US: Tycoon Baseball Script CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in application/modules ...) NOT-FOR-US: Tomaz Muraus Open Blog CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Op ...) NOT-FOR-US: Tomaz Muraus Open Blog CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in user/mai ...) NOT-FOR-US: DiamondList CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1 ...) NOT-FOR-US: DiamondList CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance logging mo ...) NOT-FOR-US: Drupal Addon CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote attacker ...) NOT-FOR-US: Opera CVE-2010-3020 (The news-feed preview feature in Opera before 10.61 does not properly ...) NOT-FOR-US: Opera CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote attacke ...) NOT-FOR-US: Opera CVE-2010-3018 (RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.5 ...) NOT-FOR-US: RSA Access Manager CVE-2010-3017 (Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7 ...) NOT-FOR-US: RSA Access Manager CVE-2010-3016 REJECTED CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 al ...) NOT-FOR-US: Pligg CVE-2010-3012 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...) NOT-FOR-US: HP System Management Homepage CVE-2010-3011 (CRLF injection vulnerability in HP System Management Homepage (SMH) be ...) NOT-FOR-US: HP System Management Homepage CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect ...) NOT-FOR-US: HP 3Com OfficeConnect CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for L ...) NOT-FOR-US: HP System Management Homepage CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data Prote ...) NOT-FOR-US: HP Data Protector Express CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data Prote ...) NOT-FOR-US: HP Data Protector Express CVE-2010-3006 (Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote ...) NOT-FOR-US: HP ProLiant G6 Lights-Out CVE-2010-3005 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windo ...) NOT-FOR-US: HP Operations Agents CVE-2010-3004 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windo ...) NOT-FOR-US: HP Operations Agents CVE-2010-3003 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Onl ...) NOT-FOR-US: HP Insight Diagnostics Online Edition CVE-2010-3002 (Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 ...) NOT-FOR-US: RealPlayer CVE-2010-3001 (Unspecified vulnerability in an ActiveX control in the Internet Explor ...) NOT-FOR-US: Internet Explorer CVE-2010-3000 (Multiple integer overflows in the ParseKnownType function in RealNetwo ...) NOT-FOR-US: RealPlayer CVE-2010-2999 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPla ...) NOT-FOR-US: RealPlayer CVE-2010-2998 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 and Rea ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2010-2997 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 1 ...) NOT-FOR-US: RealPlayer CVE-2010-2996 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Wind ...) NOT-FOR-US: RealPlayer CVE-2010-2991 (The IICAClient interface in the ICAClient library in the ICA Client Ac ...) NOT-FOR-US: Citrix ICA Client CVE-2010-2990 (Citrix Online Plug-in for Windows for XenApp & XenDesktop before 1 ...) NOT-FOR-US: Citrix ICA Client CVE-2010-2989 (nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Ness ...) NOT-FOR-US: Nessus CVE-2010-2988 (Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Net ...) NOT-FOR-US: Cisco CVE-2010-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless ...) NOT-FOR-US: Cisco CVE-2010-2986 (Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.d ...) NOT-FOR-US: Cisco CVE-2010-2985 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere S ...) NOT-FOR-US: IBM WebSphere CVE-2010-2984 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4 ...) NOT-FOR-US: Cisco CVE-2010-2983 (The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless ...) NOT-FOR-US: Cisco CVE-2010-2982 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allo ...) NOT-FOR-US: Cisco CVE-2010-2981 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allo ...) NOT-FOR-US: Cisco CVE-2010-2980 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5 ...) NOT-FOR-US: Cisco CVE-2010-2979 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5 ...) NOT-FOR-US: Cisco CVE-2010-2978 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...) NOT-FOR-US: Cisco CVE-2010-2977 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...) NOT-FOR-US: Cisco CVE-2010-2976 (The controller in Cisco Unified Wireless Network (UWN) Solution 7.x th ...) NOT-FOR-US: Cisco CVE-2010-2975 (Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 doe ...) NOT-FOR-US: Cisco CVE-2010-2974 (Stack-based buffer overflow in the IConfigurationAccess interface in t ...) NOT-FOR-US: Wonderware Application Server CVE-2010-2973 (Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone ...) NOT-FOR-US: Apple CVE-2010-2972 REJECTED CVE-2010-3014 (The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when ...) - kfreebsd-7 - kfreebsd-8 8.1-5 - kfreebsd-9 (fixed prior to first upload) - kfreebsd-10 (fixed prior to first upload) CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extent ...) {DSA-2094-1} - linux-2.6 2.6.32-22 CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark ...) {DSA-2101-1} - wireshark 1.2.10-1 CVE-2010-2992 (packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through ...) - wireshark 1.2.10-1 [lenny] - wireshark (Only affects 1.2.x) CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0. ...) {DSA-2101-1} - wireshark 1.2.10-1 CVE-2010-2993 (The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote atta ...) - wireshark 1.2.10-1 [lenny] - wireshark (Only affects 1.2.x) CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly acc ...) {DSA-2081-1} - libmikmod 3.1.11-6.3 CVE-2010-2970 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x ...) - moin 1.9.3-1 (low) CVE-2010-2969 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...) - moin 1.9.3-1 CVE-2010-2968 (The FTP daemon in Wind River VxWorks does not close the TCP connection ...) NOT-FOR-US: vxworks CVE-2010-2967 (The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks be ...) NOT-FOR-US: vxworks CVE-2010-2966 (The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and ...) NOT-FOR-US: vxworks CVE-2010-2965 (The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and ...) NOT-FOR-US: vxworks CVE-2010-2964 RESERVED CVE-2010-2963 (drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) imp ...) {DSA-2126-1} - linux-2.6 2.6.32-26 CVE-2010-2962 (drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM ...) - linux-2.6 2.6.32-25 [lenny] - linux-2.6 (Vulnerable code not present) CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the roo ...) NOT-FOR-US: mountall CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...) - linux-2.6 2.6.32-23 [lenny] - linux-2.6 (vulnerable code introduced in 2.6.32) CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) ...) {DSA-2094-1} - linux-2.6 2.6.32-20 CVE-2010-2958 (Cross-site scripting (XSS) vulnerability in libraries/Error.class.php ...) - phpmyadmin 4:3.3.6-1 [lenny] - phpmyadmin (only affects 3.x) NOTE: https://www.phpmyadmin.net/security/PMASA-2010-6/ CVE-2010-2957 (Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, ...) - serendipity 1.5.3-2 (bug #594905) CVE-2010-2956 (Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not ...) - sudo 1.7.4p4-1 (bug #595935) [lenny] - sudo (Only affects 1.7.x) NOTE: http://www.sudo.ws/sudo/alerts/runas_group.html CVE-2010-2955 (The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in t ...) - linux-2.6 2.6.32-23 CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel befor ...) {DSA-2110-1} - linux-2.6 2.6.32-22 CVE-2010-2953 (Untrusted search path vulnerability in a certain Debian GNU/Linux patc ...) {DSA-2107-1} - couchdb 0.11.0-1 (low; bug #594412) CVE-2010-2952 (Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, d ...) - trafficserver (Fixed before initial release) CVE-2010-2951 (dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enable ...) - squid3 3.1.6-1.2 (bug #599709) [lenny] - squid3 (vulnerable code introduced in 3.1.6) NOTE: http://marc.info/?l=squid-users&m=128263555724981&w=2 CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP 5 ...) - php5 5.3.3-2 (low) [lenny] - php5 (phar extension introduced in 5.3) CVE-2010-2947 (Heap-based buffer overflow in the HX_split function in string.c in lib ...) - libhx 3.5-2 (low; bug #594393) [lenny] - libhx (Minor issue, asked maintainer to fix through spu) CVE-2010-2946 (fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly h ...) - linux-2.6 2.6.32-21 [lenny] - linux-2.6 2.6.26-25 CVE-2010-2945 (The default configuration of SLiM before 1.3.2 places ./ (dot slash) a ...) - slim 1.3.1-7 (low; bug #594414) [lenny] - slim 1.3.0-1+lenny3 CVE-2010-2944 (The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope- ...) {DSA-2096-1} - zope-ldapuserfolder (high; bug #593466) CVE-2010-2943 (The xfs implementation in the Linux kernel before 2.6.35 does not look ...) - linux-2.6 2.6.37-1 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 [lenny] - linux-2.6 (test case fails on 2.6.26) CVE-2010-2942 (The actions implementation in the network queueing functionality in th ...) - linux-2.6 2.6.32-25 [lenny] - linux-2.6 2.6.26-25 CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate me ...) {DSA-2176-1} - cups 1.4.4-7 (bug #603344) CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System Securit ...) - sssd 1.2.1-4 (bug #594413) CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function in the ...) {DSA-2100-1} - openssl 0.9.8o-2 (low; bug #594415) CVE-2010-2938 (arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS ...) - linux-2.6 (affected code not present in any of the released kernels; only affects xen package itself) - xen 4.0.1-1 NOTE: probably fixed well before this version, but this is the one i checked and its fixed CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in V ...) - vlc 1.1.3-1 [lenny] - vlc (Vulnerable code not present) CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in OpenOffice.o ...) {DSA-2099-1} - openoffice.org 1:3.2.1-6 CVE-2010-2935 (simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x ...) {DSA-2099-1} - openoffice.org 1:3.2.1-6 CVE-2010-2934 (Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attacke ...) - znc 0.092-2 (unimportant; bug #599708) CVE-2010-2933 (SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote at ...) NOT-FOR-US: AV Arcade CVE-2010-2932 (Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz ...) NOT-FOR-US: BarCodeWiz BarCode CVE-2010-2931 (Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows ...) NOT-FOR-US: SigPlus Pro activex control CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in hsolink 1.0 ...) - hsolink CVE-2010-2929 (Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.1 ...) - hsolink CVE-2010-2928 (The vCenter Tomcat Management Application in VMware vCenter Server 4.1 ...) NOT-FOR-US: VMware vCenter Server CVE-2010-2927 (The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) ...) NOT-FOR-US: Tivoli CVE-2010-2926 (SQL injection vulnerability in index.php in sNews 1.7 allows remote at ...) NOT-FOR-US: sNews CMS CVE-2010-2925 (SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allo ...) NOT-FOR-US: OpenFreeway CVE-2010-2924 (SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugi ...) NOT-FOR-US: myLinksDump WordPress plugin CVE-2010-2923 (SQL injection vulnerability in the YouTube (com_youtube) component 1.5 ...) NOT-FOR-US: com_youtube Joomla extension CVE-2010-2922 (SQL injection vulnerability in default.asp in AKY Blog allows remote a ...) NOT-FOR-US: Aspindir AKY Blog CVE-2010-2921 (SQL injection vulnerability in the Golf Course Guide (com_golfcoursegu ...) NOT-FOR-US: Joomla Component com_golfcourseguide CVE-2010-2920 (Directory traversal vulnerability in the Foobla Suggestions (com_foobl ...) NOT-FOR-US: Joomla Component Foobla Suggestions CVE-2010-2919 (SQL injection vulnerability in the StaticXT (com_staticxt) component f ...) NOT-FOR-US: Joomla Component StaticXT CVE-2010-2918 (PHP remote file inclusion vulnerability in core/include/myMailer.class ...) NOT-FOR-US: Joomla Component Visites CVE-2010-2917 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ ...) NOT-FOR-US: AJ square CVE-2010-2916 (SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN ...) NOT-FOR-US: AJ square CVE-2010-2915 (SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME ...) NOT-FOR-US: AJ square CVE-2010-2914 (Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in ...) NOT-FOR-US: Nessus plugin CVE-2010-2913 (The Citibank Citi Mobile app before 2.0.3 for iOS stores account data ...) NOT-FOR-US: Citibank Citi Mobile app CVE-2010-2912 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 al ...) NOT-FOR-US: Kayako eSupport CVE-2010-2911 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 al ...) NOT-FOR-US: Kayako eSupport CVE-2010-2910 (SQL injection vulnerability in the Ozio Gallery (com_oziogallery) comp ...) NOT-FOR-US: Ozio Gallery CVE-2010-2909 (SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo ...) NOT-FOR-US: Joomla addon CVE-2010-2908 (SQL injection vulnerability in the Joomdle (com_joomdle) component 0.2 ...) NOT-FOR-US: Joomla addon CVE-2010-2907 (SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) co ...) NOT-FOR-US: Joomla addon CVE-2010-2906 (SQL injection vulnerability in articlesdetails.php in ScriptsFeed and ...) NOT-FOR-US: ScriptsFeed / BrotherScripts CVE-2010-2905 (SQL injection vulnerability in info.php in ScriptsFeed and BrotherScri ...) NOT-FOR-US: ScriptsFeed / BrotherScripts CVE-2010-2904 (Multiple cross-site scripting (XSS) vulnerabilities in the System Land ...) NOT-FOR-US: System Landscape Directory CVE-2010-2903 (Google Chrome before 5.0.375.125 performs unexpected truncation and im ...) - webkit (Chromium specific issue) - chromium-browser 5.0.375.125~r53311-1 CVE-2010-2902 (The SVG implementation in Google Chrome before 5.0.375.125 allows remo ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41621 NOTE: http://trac.webkit.org/changeset/62662 NOTE: duplicate of cve-2010-1793 CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125 allow ...) {DSA-2188-1} - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41373 NOTE: http://trac.webkit.org/changeset/63048 CVE-2010-2900 (Google Chrome before 5.0.375.125 does not properly handle a large canv ...) - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41962 NOTE: http://trac.webkit.org/changeset/63219 CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google Chrom ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977 NOTE: http://trac.webkit.org/changeset/62134 CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an unspeci ...) - webkit (chromium specific issue) - chromium-browser 5.0.375.125~r53311-1 CVE-2010-2897 (Google Chrome before 5.0.375.125 does not properly mitigate an unspeci ...) - webkit (chromium specific issue) - chromium-browser 5.0.375.125~r53311-1 CVE-2010-2896 (IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before ...) NOT-FOR-US: IBM FileNet Content Manager CVE-2010-XXXX [flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it.] - openjdk-6 6b18-1.8.1-1 CVE-2010-XXXX [flaw in NetX that allows arbitrary unsigned apps to set any java property] - openjdk-6 6b18-1.8.1-1 CVE-2010-2895 RESERVED CVE-2010-2894 RESERVED CVE-2010-2893 RESERVED CVE-2010-2892 (gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and ...) NOT-FOR-US: LANDesk Management Gateway CVE-2010-2891 (Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4. ...) {DSA-2145-1} - libsmi 0.4.8+dfsg2-3 CVE-2010-2890 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-2889 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-2888 (Multiple unspecified vulnerabilities in an ActiveX control in Adobe Re ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-2887 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x b ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-2886 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp ...) NOT-FOR-US: Adobe RoboHelp CVE-2010-2885 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, an ...) NOT-FOR-US: Adobe RoboHelp CVE-2010-2884 (Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2883 (Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acroba ...) NOT-FOR-US: Adobe Reader CVE-2010-2882 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not proper ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2881 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2880 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not proper ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2879 (Multiple integer overflows in the allocator in the TextXtra.x32 module ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2878 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not prope ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2877 (Adobe Shockwave Player before 11.5.8.612 does not properly validate a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2876 (Adobe Shockwave Player before 11.5.8.612 does not properly validate va ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2875 (Integer signedness error in Adobe Shockwave Player before 11.5.8.612 a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2874 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2873 (Adobe Shockwave Player before 11.5.8.612 does not properly validate of ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2872 (Adobe Shockwave Player before 11.5.8.612 does not properly validate an ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2871 (Integer overflow in the 3D object functionality in Adobe Shockwave Pla ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2870 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not prope ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2869 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2868 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2867 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not prope ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2866 (Integer signedness error in the DIRAPI module in Adobe Shockwave Playe ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2865 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2864 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2863 (Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a d ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and ...) NOT-FOR-US: Adobe Reader CVE-2010-2861 (Multiple directory traversal vulnerabilities in the administrator cons ...) NOT-FOR-US: Adobe ColdFusion CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts exter ...) NOT-FOR-US: EMC CVE-2010-2859 (news.php in SimpNews 2.47.3 and earlier allows remote attackers to obt ...) NOT-FOR-US: SimpNews CVE-2010-2858 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in Sim ...) NOT-FOR-US: SimpNews CVE-2010-2857 (Directory traversal vulnerability in the Music Manager component for J ...) NOT-FOR-US: Joomla! Music Manager CVE-2010-2856 (Cross-site scripting (XSS) vulnerability in admin/currencies.php in os ...) NOT-FOR-US: osCSS CVE-2010-2855 (Multiple SQL injection vulnerabilities in modfile.php in Event Horizon ...) NOT-FOR-US: Event Horizon CVE-2010-2854 (Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in ...) NOT-FOR-US: Event Horizon CVE-2010-2853 (SQL injection vulnerability in flashPlayer/playVideo.php in iScripts V ...) NOT-FOR-US: iScripts VisualCaster CVE-2010-2852 (Cross-site scripting (XSS) vulnerability in modules/headlines/magpiers ...) NOT-FOR-US: RunCMS CVE-2010-2851 (SQL injection vulnerability in the BookLibrary From Same Author (com_b ...) NOT-FOR-US: Joomla! BookLibrary From Same Author CVE-2010-2850 (Directory traversal vulnerability in productionnu2/fileuploader.php in ...) NOT-FOR-US: nuBuilder CVE-2010-2849 (Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php i ...) NOT-FOR-US: nuBuilder CVE-2010-2848 (Directory traversal vulnerability in assets/captcha/includes/alikon/pl ...) NOT-FOR-US: Joomla! ArtForms CVE-2010-2847 (Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (co ...) NOT-FOR-US: Joomla! ArtForms CVE-2010-2846 (Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms ( ...) NOT-FOR-US: Joomla! ArtForms CVE-2010-2845 (SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1 ...) NOT-FOR-US: Joomla! QuickFAQ CVE-2010-2844 (Cross-site scripting (XSS) vulnerability in news_show.php in Newanz Ne ...) NOT-FOR-US: Newanz NewsOffice CVE-2010-2843 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0 ...) NOT-FOR-US: Cisco WLC CVE-2010-2842 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0 ...) NOT-FOR-US: Cisco WLC CVE-2010-2841 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) softw ...) NOT-FOR-US: Cisco WLC CVE-2010-2840 (The Presence Engine (PE) service in Cisco Unified Presence 6.x before ...) NOT-FOR-US: Cisco CVE-2010-2839 (SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) ...) NOT-FOR-US: Cisco CVE-2010-2838 (The SendCombinedStatusInfo implementation in Cisco Unified Communicati ...) NOT-FOR-US: Cisco CVE-2010-2837 (The SIPStationInit implementation in Cisco Unified Communications Mana ...) NOT-FOR-US: Cisco CVE-2010-2836 (Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, ...) NOT-FOR-US: Cisco CVE-2010-2835 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...) NOT-FOR-US: Cisco CVE-2010-2834 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...) NOT-FOR-US: Cisco CVE-2010-2833 (Unspecified vulnerability in the NAT for H.225.0 implementation in Cis ...) NOT-FOR-US: Cisco CVE-2010-2832 (Unspecified vulnerability in the NAT for H.323 implementation in Cisco ...) NOT-FOR-US: Cisco CVE-2010-2831 (Unspecified vulnerability in the NAT for SIP implementation in Cisco I ...) NOT-FOR-US: Cisco CVE-2010-2830 (The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and ...) NOT-FOR-US: Cisco CVE-2010-2829 (Unspecified vulnerability in the H.323 implementation in Cisco IOS 12. ...) NOT-FOR-US: Cisco CVE-2010-2828 (Unspecified vulnerability in the H.323 implementation in Cisco IOS 12. ...) NOT-FOR-US: Cisco CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Cisco CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0 ...) NOT-FOR-US: Cisco CVE-2010-2825 (Unspecified vulnerability in the SIP inspection feature on the Cisco A ...) NOT-FOR-US: Cisco CVE-2010-2824 (Unspecified vulnerability on the Cisco Application Control Engine (ACE ...) NOT-FOR-US: Cisco CVE-2010-2823 (Unspecified vulnerability in the deep packet inspection feature on the ...) NOT-FOR-US: Cisco CVE-2010-2822 (Unspecified vulnerability in the RTSP inspection feature on the Cisco ...) NOT-FOR-US: Cisco CVE-2010-2821 (Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) ...) NOT-FOR-US: Cisco CVE-2010-2820 (Unspecified vulnerability in the SunRPC inspection feature on the Cisc ...) NOT-FOR-US: Cisco CVE-2010-2819 (Unspecified vulnerability in the SunRPC inspection feature on the Cisc ...) NOT-FOR-US: Cisco CVE-2010-2818 (Unspecified vulnerability in the SunRPC inspection feature on the Cisc ...) NOT-FOR-US: Cisco CVE-2010-2817 (Unspecified vulnerability in the IKE implementation on Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2010-2816 (Unspecified vulnerability in the SIP inspection feature on Cisco Adapt ...) NOT-FOR-US: Cisco CVE-2010-2815 (Unspecified vulnerability in the Transport Layer Security (TLS) implem ...) NOT-FOR-US: Cisco CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) implem ...) NOT-FOR-US: Cisco CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not prop ...) {DSA-2091-1} - squirrelmail 2:1.4.21-1 (low) [lenny] - squirrelmail (low-risk issue) CVE-2010-2812 (Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of s ...) - znc 0.092-2 (unimportant; bug #599708) CVE-2010-2811 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualiza ...) - vdsm (bug #668538) CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in WWW/Libr ...) - lynx-cur 2.8.8dev.5-1 (bug #594300) [lenny] - lynx-cur (Minor issue, exploit scenario really obscure) CVE-2010-2809 (The default configuration of the <Button2> binding in Uzbl befor ...) - uzbl 0.0.0~git.20100403-3 (bug #594301) CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs. ...) {DSA-2105-1} - freetype 2.4.2-1 CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during bounds ...) {DSA-2105-1} - freetype 2.4.2-1 CVE-2010-2806 (Array index error in the t42_parse_sfnts function in type42/t42parse.c ...) {DSA-2105-1} - freetype 2.4.2-1 CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType befor ...) {DSA-2105-1} - freetype 2.4.2-1 CVE-2010-2804 REJECTED CVE-2010-2803 (The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rend ...) {DSA-2094-1} - linux-2.6 2.6.32-22 CVE-2010-2802 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allo ...) - mantis (vulnerable code introduced in 1.2.x) NOTE: http://www.mantisbt.org/bugs/view.php?id=11952 CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract bef ...) {DSA-2087-1} - cabextract 1.3-1 (bug #591552) CVE-2010-2800 (The MS-ZIP decompressor in cabextract before 1.3 allows remote attacke ...) - cabextract 1.3-1 (bug #591552; unimportant) CVE-2010-2799 (Stack-based buffer overflow in the nestlex function in nestlex.c in So ...) {DSA-2090-1} - socat 1.7.1.3-1 (bug #591443; medium) CVE-2010-2798 (The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kern ...) {DSA-2094-1} - linux-2.6 2.6.32-20 CVE-2010-2797 (Directory traversal vulnerability in lib/translation.functions.php in ...) NOT-FOR-US: CMS Made Simple CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...) {DSA-2172-1} - libphp-cas (bug #495542) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone - moodle 1.9.9.dfsg2-2 (bug #601384) CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack sessio ...) {DSA-2172-1} - libphp-cas (bug #495542) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone - moodle 1.9.9.dfsg2-2 (bug #601384) CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users t ...) - spice-xpi [jessie] - spice-xpi (Broken with newer Firefox versions) CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for Internet E ...) NOT-FOR-US: SPICE plugin for Internet Explorer CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox al ...) - spice-xpi [jessie] - spice-xpi (Broken with newer Firefox versions) CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...) - apache2 2.2.9-10 (low) CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...) - zabbix 1:1.8.3-1 (bug #594304) [squeeze] - zabbix 1:1.8.2-1squeeze1 [lenny] - zabbix (Minor issue) CVE-2010-2789 (PHP remote file inclusion vulnerability in MediaWikiParserTest.php in ...) - mediawiki (Affects mediawiki 1:1.16.0beta* - was not and will not be in Debian) NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html CVE-2010-2788 (Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWi ...) - mediawiki 1:1.15.5-1 (bug #590669; low) [lenny] - mediawiki 1:1.12.0-2lenny6 NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html CVE-2010-2787 (api.php in MediaWiki before 1.15.5 does not prevent use of public cach ...) - mediawiki 1:1.15.5-1 (bug #590660; low) [lenny] - mediawiki (Minor issue) NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows re ...) - piwik (bug #506933) CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not ...) {DSA-2078-1} - kvirc 4:4.0.0-3 CVE-2010-2784 (The subpage MMIO initialization functionality in the subpage_register ...) - qemu-kvm 0.12.5+dfsg-3 (bug #594478) - kvm [lenny] - kvm 72+dfsg-5~lenny6 CVE-2010-2783 (IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary ...) - openjdk-6 6b18-1.8.1-1 CVE-2010-2782 RESERVED CVE-2010-2781 RESERVED CVE-2010-2780 RESERVED CVE-2010-2779 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupW ...) NOT-FOR-US: GroupWise CVE-2010-2778 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupW ...) NOT-FOR-US: GroupWise CVE-2010-2777 (Stack-based buffer overflow in the IMAP server component in GroupWise ...) NOT-FOR-US: GroupWise CVE-2010-2776 RESERVED CVE-2010-2775 RESERVED CVE-2010-2774 RESERVED CVE-2010-2773 RESERVED CVE-2010-2772 (Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded passwor ...) NOT-FOR-US: SCADA CVE-2010-2771 (solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to exe ...) NOT-FOR-US: IBM solidDB CVE-2010-3484 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows r ...) - mapserver 5.6.4-1 (low) [lenny] - mapserver (Minor issue) CVE-2010-3485 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows r ...) - mapserver 5.6.4-1 (low) [lenny] - mapserver (Minor issue) CVE-2010-2770 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...) - xulrunner (The vulnerability is MacOS-specific) - iceweasel (The vulnerability is MacOS-specific) - iceape (The vulnerability is MacOS-specific) CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5 ...) {DSA-2124-1 DSA-2106-1} - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.7-1 [lenny] - icedove - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-2768 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...) {DSA-2106-1} - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.7-1 [lenny] - icedove - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-2767 (The navigator.plugins implementation in Mozilla Firefox before 3.5.12 ...) {DSA-2106-1} - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.7-1 [lenny] - icedove - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-2766 (The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3. ...) {DSA-2106-1} - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.7-1 [lenny] - icedove - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-2765 (Integer overflow in the FRAMESET element implementation in Mozilla Fir ...) {DSA-2106-1} - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.7-1 [lenny] - icedove - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-2764 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...) - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) [lenny] - xulrunner (Doesn't affect Xulrunner 1.9.0 code base) - icedove 3.0.7-1 [lenny] - icedove (Doesn't affect Xulrunner 1.9.0 code base) - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-2763 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...) {DSA-2106-1} - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.7-1 [lenny] - icedove - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...) - xulrunner (Only affects 3.6, only in experimental) - iceweasel (Only affects 3.6, only in experimental) CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.p ...) - perl 5.10.1-17 (bug #606995) - libcgi-pm-perl 3.50-1 (bug #606370) [lenny] - libcgi-pm-perl 3.38-2lenny2 [squeeze] - libcgi-pm-perl 3.49-1squeeze1 - libcgi-simple-perl 1.111-2 (bug #606379) [lenny] - libcgi-simple-perl 1.105-1lenny1 [lenny] - perl 5.10.0-19lenny3 (bug #606995) CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in Mozill ...) {DSA-2106-1} - xulrunner (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - icedove 3.0.7-1 [lenny] - icedove - iceape 2.0.7-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6. ...) - bugzilla 3.6.2.0-1 (bug #595015; medium) CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6. ...) - bugzilla 3.6.2.0-1 (bug #595015; low) CVE-2010-2757 (The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4. ...) - bugzilla 3.6.2.0-1 (bug #595015; low) CVE-2010-2756 (Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 ...) - bugzilla 3.6.2.0-1 (bug #595015; low) CVE-2010-2755 (layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not pro ...) - xulrunner (Only exploitable in Firefox 3.6.x and above) - iceweasel (Only exploitable in Firefox 3.6.x and above) CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 an ...) {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - icedove 3.0.6-1 [lenny] - icedove - iceape 2.0.6-1 [lenny] - iceape (Only a stub package) CVE-2010-2753 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x befo ...) {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.6-1 [lenny] - iceape (Only a stub package) - icedove 3.0.6-1 [lenny] - icedove CVE-2010-2752 (Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5 ...) - xulrunner 1.9.1.11-1 [lenny] - xulrunner (Only affects 1.9.1 and above) - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.6-1 [lenny] - iceape (Only a stub package) - icedove 3.0.6-1 [lenny] - icedove CVE-2010-2751 (The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocS ...) {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.6-1 [lenny] - iceape (Only a stub package) CVE-2010-2750 (Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac a ...) NOT-FOR-US: Microsoft Word CVE-2010-2749 REJECTED CVE-2010-2748 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check ...) NOT-FOR-US: Microsoft Word CVE-2010-2747 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...) NOT-FOR-US: Microsoft Word CVE-2010-2746 (Heap-based buffer overflow in Comctl32.dll (aka the common control lib ...) NOT-FOR-US: Microsoft Windows CVE-2010-2745 (Microsoft Windows Media Player (WMP) 9 through 12 does not properly de ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...) NOT-FOR-US: Microsoft Windows CVE-2010-2743 (The kernel-mode drivers in Microsoft Windows XP SP3 do not properly pe ...) NOT-FOR-US: Microsoft Windows CVE-2010-2742 (The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Serv ...) NOT-FOR-US: Microsoft Windows CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2010-2740 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2010-2739 (Buffer overflow in the CreateDIBPalette function in win32k.sys in Micr ...) NOT-FOR-US: Windows CVE-2010-2738 (The Uniscribe (aka new Unicode Script Processor) implementation in USP ...) NOT-FOR-US: Microsoft Windows CVE-2010-2737 REJECTED CVE-2010-2736 REJECTED CVE-2010-2735 REJECTED CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in Micro ...) NOT-FOR-US: Microsoft Forefront Unified Access Gateway CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in Microso ...) NOT-FOR-US: Microsoft Forefront Unified Access Gateway CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft Forefron ...) NOT-FOR-US: Microsoft Forefront Unified Access Gateway CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services ( ...) NOT-FOR-US: Microsoft Windows CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, ...) NOT-FOR-US: Microsoft IIS CVE-2010-2729 (The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2010-2728 (Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, an ...) NOT-FOR-US: Microsoft Outlook CVE-2010-2727 REJECTED CVE-2010-2726 REJECTED CVE-2010-2725 (BarnOwl before 1.6.2 does not check the return code of calls to the (1 ...) {DSA-2102-1} - barnowl 1.6.2-1 (bug #593299) CVE-2010-2724 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select mo ...) NOT-FOR-US: Drupal addon module CVE-2010-2723 (Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows ...) NOT-FOR-US: LISTSERV CVE-2010-2722 (Cross-site scripting (XSS) vulnerability in index.php in RightInPoint ...) NOT-FOR-US: RightInPoint Lyrics Script CVE-2010-2721 (SQL injection vulnerability in index.php in RightInPoint Lyrics Script ...) NOT-FOR-US: RightInPoint Lyrics Script CVE-2010-2720 (SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and p ...) NOT-FOR-US: phpaaCms CVE-2010-2719 (SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and p ...) NOT-FOR-US: phpaaCms CVE-2010-2718 (Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware Cr ...) NOT-FOR-US: CruxSoftware CVE-2010-2717 (Cross-site scripting (XSS) vulnerability in manager/login.php in CruxS ...) NOT-FOR-US: CruxSoftware CVE-2010-2716 (Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote atta ...) NOT-FOR-US: PsNews CVE-2010-2715 (Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PH ...) NOT-FOR-US: TCW PHP Album CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 a ...) NOT-FOR-US: TCW PHP Album CVE-2010-2713 (The vte_sequence_handler_window_manipulation function in vteseq.c in l ...) [lenny] - vte (Uses a hardcoded string in the terminal icon/window title) - vte 1:0.24.3-1 NOTE: http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74 NOTE: http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91 CVE-2010-2712 (Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.1 ...) NOT-FOR-US: Software Distributor in HP HP-UX CVE-2010-2711 (Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the ...) NOT-FOR-US: HP MagCloud app CVE-2010-2710 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: HP OpenView CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView Network No ...) NOT-FOR-US: HP OpenView CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.2 ...) NOT-FOR-US: HP ProCurve CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches be ...) NOT-FOR-US: HP ProCurve CVE-2010-2706 (Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 ...) NOT-FOR-US: HP ProCurve CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch with soft ...) NOT-FOR-US: HP ProCurve CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and ...) NOT-FOR-US: HP OpenView CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the ov.dll mo ...) NOT-FOR-US: HP OpenView CVE-2010-2702 (Buffer overflow in the UGameEngine::UpdateConnectingMessage function i ...) NOT-FOR-US: Unreal engine CVE-2010-2701 (Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow rem ...) NOT-FOR-US: FathFTP ActiveX control CVE-2010-2700 (Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clic ...) NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script CVE-2010-2699 (SQL injection vulnerability in index.php in Edge PHP Clickbank Affilia ...) NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script CVE-2010-2698 (Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community ...) NOT-FOR-US: Sijio Community Software CVE-2010-2697 (Cross-site scripting (XSS) vulnerability in Sijio Community Software a ...) NOT-FOR-US: Sijio Community Software CVE-2010-2696 (SQL injection vulnerability in gallery/index.php in Sijio Community So ...) NOT-FOR-US: Sijio Community Software CVE-2010-2695 (Directory traversal vulnerability in the SFTP/SSH2 virtual server in X ...) NOT-FOR-US: Xlight FTP Server CVE-2010-2694 (SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 ...) NOT-FOR-US: Joomla addon CVE-2010-2693 (FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag wh ...) - kfreebsd-7 7.3-5 [lenny] - kfreebsd-7 (Not covered by security support in Lenny) - kfreebsd-8 8.0-10 CVE-2010-2692 (Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Des ...) NOT-FOR-US: 2daybiz Custom T-Shirt Design Script CVE-2010-2691 (Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Desig ...) NOT-FOR-US: 2daybiz Custom T-Shirt Design Script CVE-2010-2690 (SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) co ...) NOT-FOR-US: Joomla addon CVE-2010-2689 (SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS ...) NOT-FOR-US: Internet DM WebDM CMS CVE-2010-2688 (SQL injection vulnerability in detail.asp in Site2Nite Boat Classified ...) NOT-FOR-US: Site2Nite Boat Classifieds CVE-2010-2687 (SQL injection vulnerability in printdetail.asp in Site2Nite Boat Class ...) NOT-FOR-US: Site2Nite Boat Classifieds CVE-2010-2686 (Multiple SQL injection vulnerabilities in clientes.asp in the TopManag ...) NOT-FOR-US: SAP module CVE-2010-2685 (siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not p ...) NOT-FOR-US: Customer Paradigm PageDirector CMS CVE-2010-2684 (SQL injection vulnerability in index.php in Customer Paradigm PageDire ...) NOT-FOR-US: Customer Paradigm PageDirector CMS CVE-2010-2683 (SQL injection vulnerability in result.php in Customer Paradigm PageDir ...) NOT-FOR-US: Customer Paradigm PageDirector CMS CVE-2010-2682 (Directory traversal vulnerability in the Realtyna Translator (com_real ...) NOT-FOR-US: Joomla addon CVE-2010-2681 (PHP remote file inclusion vulnerability in the SEF404x (com_sef) compo ...) NOT-FOR-US: Joomla addon CVE-2010-2680 (Directory traversal vulnerability in the JExtensions JE Section/Proper ...) NOT-FOR-US: Joomla addon CVE-2010-2679 (SQL injection vulnerability in the Weblinks (com_weblinks) component i ...) NOT-FOR-US: Joomla addon CVE-2010-2678 (SQL injection vulnerability in xmap (com_xmap) component for Joomla! a ...) NOT-FOR-US: Joomla addon CVE-2010-2677 (PHP remote file inclusion vulnerability in mw_plugin.php in Open Web A ...) NOT-FOR-US: Open Web Analytics CVE-2010-2676 (Multiple directory traversal vulnerabilities in index.php in Open Web ...) NOT-FOR-US: Open Web Analytics CVE-2010-2675 (Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1 ...) NOT-FOR-US: TSOKA:CMS CVE-2010-2674 (SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2. ...) NOT-FOR-US: TSOKA:CMS CVE-2010-2673 (SQL injection vulnerability in profile_view.php in Devana 1.6.6 and ea ...) NOT-FOR-US: Devana CVE-2010-2672 (Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2 ...) - ezpublish CVE-2010-2671 (Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ P ...) - ezpublish CVE-2010-2670 (SQL injection vulnerability in recipedetail.php in BrotherScripts Reci ...) NOT-FOR-US: BrotherScripts Recipe Website CVE-2010-2669 (Cross-site scripting (XSS) vulnerability in admin/editors/text/editor- ...) NOT-FOR-US: Orbis CMS CVE-2010-2668 (Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Ada ...) NOT-FOR-US: Adaptive Micro Systems ALPHA Ethernet Adapter CVE-2010-2667 (Multiple unspecified vulnerabilities in the Virtual Appliance Manageme ...) NOT-FOR-US: VMware Studio CVE-2010-2666 (Opera before 10.54 on Windows and Mac OS X does not properly enforce p ...) NOT-FOR-US: Opera CVE-2010-2665 (Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Wind ...) NOT-FOR-US: Opera CVE-2010-2664 (Opera before 10.60 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2010-2663 (Opera before 10.60 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2010-2662 (Opera before 10.60 allows remote attackers to bypass the popup blocker ...) NOT-FOR-US: Opera CVE-2010-2661 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX p ...) NOT-FOR-US: Opera CVE-2010-2660 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX p ...) NOT-FOR-US: Opera CVE-2010-2659 (Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10 ...) NOT-FOR-US: Opera CVE-2010-2658 (Opera before 10.60 does not properly restrict certain interaction betw ...) NOT-FOR-US: Opera CVE-2010-2657 (Opera before 10.60 on Windows and Mac OS X does not properly prevent c ...) NOT-FOR-US: Opera CVE-2010-2656 (The IBM BladeCenter with Advanced Management Module (AMM) firmware bui ...) NOT-FOR-US: BladeCenter software CVE-2010-2655 (Directory traversal vulnerability in private/file_management.php on th ...) NOT-FOR-US: BladeCenter software CVE-2010-2654 (Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCe ...) NOT-FOR-US: BladeCenter software CVE-2010-2653 (Race condition in the hvc_close function in drivers/char/hvc_console.c ...) - linux-2.6 2.6.32-25 CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement modal dial ...) - webkit (chromium specific issue) - chromium-browser 5.0.375.99~r51029-1 CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome befor ...) - webkit 1.2.5-1 (bug #599830) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891 NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014 NOTE: http://trac.webkit.org/changeset/59247 CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99 has unkno ...) - webkit (chromium specific) - chromium-browser 5.0.375.99~r51029-1 CVE-2010-2649 (Unspecified vulnerability in Google Chrome before 5.0.375.99 allows re ...) - webkit (issue in chromium-specific code) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39797 NOTE: http://trac.webkit.org/changeset/60973 NOTE: http://trac.webkit.org/changeset/60977 CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka Bidi al ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39305 NOTE: http://trac.webkit.org/projects/webkit/changeset/61921 CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a den ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38627 NOTE: http://trac.webkit.org/changeset/61667 NOTE: http://trac.webkit.org/changeset/61669 mac fixes NOTE: http://trac.webkit.org/changeset/61676 chromium fixes NOTE: http://trac.webkit.org/changeset/61679 additional layout test NOTE: duplicate of cve-2010-1786 CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed IF ...) - webkit 1.2.5-1 (bug #599830) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151 NOTE: http://trac.webkit.org/changeset/58873 NOTE: http://trac.webkit.org/changeset/59870 chromium updates CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99, when Web ...) - webkit (doesn't include webgl code yet) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38039 NOTE: http://trac.webkit.org/changeset/58957 CVE-2010-2644 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 ...) NOT-FOR-US: IBM WebSphere Service Registry and Repository CVE-2010-2643 (Integer overflow in the TFM font parser in the dvi-backend component i ...) {DSA-2357-1} - evince 2.30.3-2 (bug #609534) CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend c ...) {DSA-2388-1 DSA-2357-1} - evince 3.0.2-1 (bug #609534) [squeeze] - evince 2.30.3-2+squeeze1 - t1lib 5.1.2-3.5 [lenny] - t1lib 5.1.2-3+lenny1 [squeeze] - t1lib 5.1.2-3+squeeze1 CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend component i ...) {DSA-2357-1} - evince 2.30.3-2 (bug #609534) CVE-2010-2640 (Array index error in the PK font parser in the dvi-backend component i ...) {DSA-2357-1} - evince 2.30.3-2 (bug #609534) CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote att ...) NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0 CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allow ...) NOT-FOR-US: IBM WebSphere MQ CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not en ...) NOT-FOR-US: IBM WebSphere CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample store pa ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0 ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...) NOT-FOR-US: RSA enVision CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3. ...) NOT-FOR-US: EMC CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10 ...) NOT-FOR-US: Solaris FTP server CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first stag ...) - tiff 3.9.4-1 - tiff3 (fixed before initial upload) CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly vali ...) {DSA-2552-1} - tiff 3.9.6-1 - tiff3 3.9.6-1 NOTE: may have been fixed earlier CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 ...) NOT-FOR-US: Cisco CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 ...) - strongswan 4.4.1-1 [lenny] - strongswan (Vulnerability introduced in 4.3.3) [squeeze] - strongswan (Vulnerability introduced in 4.3.3) CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 engine ...) NOT-FOR-US: Refractor 2 CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...) NOT-FOR-US: Miyabi CGI Tools SEO Links CVE-2010-2625 (Unspecified vulnerability in the Client Service for DPM in Hitachi Ser ...) NOT-FOR-US: Hitachi ServerConductor CVE-2010-2624 (Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow ...) NOT-FOR-US: iScripts EasySnaps CVE-2010-2623 (SQL injection vulnerability in pages.php in Internet DM Specialist Bed ...) NOT-FOR-US: Internet DM Specialist Bed and Breakfast CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly 1.1. ...) NOT-FOR-US: Joomanager CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in src_network_ssl_qss ...) - qt4-x11 4:4.6.3-2 (low; bug #587711) [lenny] - qt4-x11 (Harmless impact) NOTE: Fixed by commit c25c7c9bdfade6b906f37ac8bad44f6f0de57597 CVE-2010-2620 (Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote ...) NOT-FOR-US: Open&Compact FTP Server CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlie ...) NOT-FOR-US: Citrix XenServer (it's based on Xen, likely a duplicate of an existing Xen issue) CVE-2010-2494 (Multiple buffer underflows in the base64 decoder in base64.c in (1) bo ...) - bogofilter 1.2.1-3 (low; bug #588090) [lenny] - bogofilter 1.1.7-1+lenny1 NOTE: this is "only" null write to an invalid pointer, no arbitrary location CVE-2010-2495 (The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP imple ...) - linux-2.6 2.6.32-16 [lenny] - linux-2.6 (vulnerability introduced in 2.6.29) CVE-2010-2618 (PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in ...) NOT-FOR-US: AdaptCMS CVE-2010-2617 (Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Sea ...) NOT-FOR-US: PHP Bible Search CVE-2010-2616 (SQL injection vulnerability in bible.php in PHP Bible Search, probably ...) NOT-FOR-US: PHP Bible Search CVE-2010-2615 (Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php ...) NOT-FOR-US: Grafik CMS CVE-2010-2614 (SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, an ...) NOT-FOR-US: Grafik CMS CVE-2010-2613 (Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Son ...) NOT-FOR-US: com_awd_song component for joomla! CVE-2010-2612 (Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVM ...) NOT-FOR-US: HP OpenVMS CVE-2010-2611 (SQL injection vulnerability in show_search_result.php in i-netsolution ...) NOT-FOR-US: i-netsolution Job Search Engine CVE-2010-2610 (Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allo ...) NOT-FOR-US: 2daybiz Job Site Script CVE-2010-2609 (SQL injection vulnerability in show_search_result.php in 2daybiz Job S ...) NOT-FOR-US: 2daybiz Job Search Engine Script CVE-2010-2608 RESERVED CVE-2010-2607 RESERVED CVE-2010-2606 RESERVED CVE-2010-2605 RESERVED CVE-2010-2604 (Multiple buffer overflows in the PDF Distiller in the BlackBerry Attac ...) NOT-FOR-US: BlackBerry Enterprise Server CVE-2010-2603 (RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Ma ...) NOT-FOR-US: RIM BlackBerry Desktop Software CVE-2010-2602 (Multiple buffer overflows in the PDF distiller component in the BlackB ...) NOT-FOR-US: BlackBerry Enterprise Serve CVE-2010-2601 (Multiple buffer overflows in the PDF distiller in the Attachment Servi ...) NOT-FOR-US: BlackBerry Enterprise Server CVE-2010-2600 (Untrusted search path vulnerability in BlackBerry Desktop Software bef ...) NOT-FOR-US: BlackBerry Desktop Software CVE-2010-2599 (Unspecified vulnerability in Research In Motion (RIM) BlackBerry Devic ...) NOT-FOR-US: BlackBerry Device Software CVE-2010-2594 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: InterSect Allience Snare Agent CVE-2010-2593 RESERVED CVE-2010-2592 RESERVED CVE-2010-2591 RESERVED CVE-2010-2590 (Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl ...) NOT-FOR-US: ActiveX CVE-2010-2589 (Integer overflow in the dirapi.dll module in Adobe Shockwave Player be ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2588 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allo ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2587 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allo ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2586 (Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winam ...) NOT-FOR-US: Winamp CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX contro ...) NOT-FOR-US: RealPage Module ActiveX Controls CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in Rea ...) NOT-FOR-US: RealPage Module ActiveX Controls CVE-2010-2583 (Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogato ...) NOT-FOR-US: SonicWALL CVE-2010-2582 (An unspecified function in TextXtra.x32 in Adobe Shockwave Player befo ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not pro ...) NOT-FOR-US: MailEnable CVE-2010-2579 (The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlaye ...) NOT-FOR-US: RealPlayer CVE-2010-2578 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2010-2577 (Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow rem ...) NOT-FOR-US: Pligg CVE-2010-2576 (Opera before 10.61 does not properly suppress clicks on download dialo ...) NOT-FOR-US: Opera CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality in t ...) - okular 4:4.4.5-2 [lenny] - okular 0.7-2+lenny1 - kdegraphics 4:4.4.5-2 [lenny] - kdegraphics (Lenny's kdegraphics doesn't yet contain Okular) NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt NOTE: Okular was initially a single source package (lenny days), then it was merged into NOTE: kdegraphics (squeeze days) and later split off again (wheezy) CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...) - mantis 1.1.8+dfsg-6 (low; bug #595510) [lenny] - mantis 1.1.6+dfsg-2lenny2 CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as u ...) - tiff 3.9.4-1 - tiff3 (fixed prior to initial upload) CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...) {DSA-2552-1} - tiff 3.9.6-1 - tiff3 3.9.6-1 NOTE: may have been fixed earlier CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2 ...) {DLA-610-1} - tiff 4.0.6-1 (unimportant) - tiff3 (unimportant) NOTE: fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2209 NOTE: according to upstream http://bugzilla.maptools.org/show_bug.cgi?id=2209#c6 NOTE: unreproducible in VCS. Confirmed for version 4.0.6 in Stretch by verifying NOTE: that the reproducer does not trigger the crash anymore. NOTE: Tom Lane's patch should be applied for tiff in Wheezy too. NOTE: Not confirmed which exact version should fix the issue. CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in Ima ...) {DSA-2552-1} - tiff 3.9.6-1 - tiff3 3.9.6-1 NOTE: may have been fixed earlier CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, Power ...) NOT-FOR-US: Microsoft PowerPoint CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows r ...) NOT-FOR-US: Microsoft PowerPoint CVE-2010-2571 (Array index error in pubconv.dll (aka the Publisher Converter DLL) in ...) NOT-FOR-US: Microsoft Publisher CVE-2010-2570 (Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter ...) NOT-FOR-US: Microsoft Publisher CVE-2010-2569 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2 ...) NOT-FOR-US: Microsoft Publisher CVE-2010-2568 (Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 ...) NOT-FOR-US: Microsoft CVE-2010-2567 (The RPC client implementation in Microsoft Windows XP SP2 and SP3 and ...) NOT-FOR-US: Microsoft Windows CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft Window ...) NOT-FOR-US: Microsoft CVE-2010-2565 REJECTED CVE-2010-2564 (Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6 ...) NOT-FOR-US: Microsoft CVE-2010-2563 (The Word 97 text converter in the WordPad Text Converters in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2010-2562 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...) NOT-FOR-US: Microsoft CVE-2010-2561 (Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle H ...) NOT-FOR-US: Microsoft CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...) NOT-FOR-US: Microsoft CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remot ...) NOT-FOR-US: Microsoft CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...) NOT-FOR-US: Microsoft CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP ...) NOT-FOR-US: Microsoft CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP ...) NOT-FOR-US: Microsoft CVE-2010-2553 (The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista S ...) NOT-FOR-US: Microsoft CVE-2010-2552 (Stack consumption vulnerability in the SMB Server in Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2010-2551 (The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 200 ...) NOT-FOR-US: Microsoft CVE-2010-2549 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft CVE-2010-2548 (IcedTea6 before 1.7.4 does not properly check property access, which a ...) - openjdk-6 6b18-1.8.1-1 CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2. ...) {DSA-2076-1} - gnupg2 2.0.14-2 CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod ...) {DSA-2081-1} - libmikmod 3.1.11-6.3 CVE-2010-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0. ...) {DSA-2384-1} - cacti 0.8.7g-1 CVE-2010-2544 (Cross-site scripting (XSS) vulnerability in utilities.php in Cacti bef ...) - cacti 0.8.7g-1 CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in include/top_graph_header.p ...) {DSA-2384-1} - cacti 0.8.7g-1 CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in setup. ...) {DSA-2114-1} - git-core 1:1.7.1-1.1 (low; bug #590026) CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType b ...) {DSA-2105-1} - freetype 2.4.2-1 (low) CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 d ...) {DSA-2079-1} - mapserver 5.6.4-1 CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in mapserv in M ...) {DSA-2079-1} - mapserver 5.6.4-1 CVE-2010-2538 (Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c ...) - linux-2.6 2.6.32-19 [lenny] - linux-2.6 (brtfs introduced in 2.6.29) CVE-2010-2537 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel ...) - linux-2.6 2.6.32-19 [lenny] - linux-2.6 (brtfs introduced in 2.6.29) CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and ...) - rekonq 0.5.0-2 (bug #593300) CVE-2010-2535 (Multiple cross-site scripting (XSS) vulnerabilities in the Back End in ...) NOT-FOR-US: Joomla! CVE-2010-2534 (The NetworkSyncCommandQueue function in network/network_command.cpp in ...) - openttd 1.0.3-1 [lenny] - openttd (Introduced in 1.0.1) NOTE: http://bugs.openttd.org/task/3909 CVE-2010-2533 REJECTED CVE-2010-2532 - lxsession 0.4.4-3 (bug #591409) CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 ...) {DSA-2266-1} - php5 5.3.3-2 (low) CVE-2010-2530 (Multiple integer signedness errors in smb_subr.c in the netsmb module ...) NOT-FOR-US: NetBSD CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 200 ...) {DSA-2645-1} - iputils 3:20100418-2 - inetutils 2:1.9-2 [lenny] - iputils 3:20071127-1+lenny1 CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar protocol plu ...) - pidgin 2.7.2-1 [lenny] - pidgin (Vulnerable code not present, support for X-Status was added later) CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4.0 al ...) {DSA-2070-1} - freetype 2.4.0-1 CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in lvm2-cluster in L ...) {DSA-2095-1} - lvm2 2.02.66-3 (bug #591204) CVE-2010-2525 (A flaw was discovered in gfs2 file system’s handling of acls (ac ...) - linux-2.6 2.6.32-19 CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the Lin ...) {DSA-2264-1} - linux-2.6 2.6.32-19 CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allo ...) NOT-FOR-US: UMIP CVE-2010-2522 (The mipv6 daemon in UMIP 0.4 does not verify that netlink messages ori ...) NOT-FOR-US: UMIP CVE-2010-2521 (Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementati ...) {DSA-2094-1} - linux-2.6 2.6.32-13 CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in truetype/ttinter ...) {DSA-2070-1} - freetype 2.4.0-1 CVE-2010-2519 (Heap-based buffer overflow in the Mac_Read_POST_Resource function in b ...) {DSA-2070-1} - freetype 2.4.0-1 CVE-2010-2518 (Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before ...) NOT-FOR-US: P8 Content Search Engine CVE-2010-2517 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest before ...) NOT-FOR-US: ClearQuest CVE-2010-2516 (Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketin ...) NOT-FOR-US: 2daybiz Multi Level Marketing CVE-2010-2515 (Multiple SQL injection vulnerabilities in index.php in the JFaq (com_j ...) NOT-FOR-US: component for Joomla! CVE-2010-2514 (Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) compon ...) NOT-FOR-US: component for Joomla! CVE-2010-2513 (SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxe ...) NOT-FOR-US: component for Joomla! CVE-2010-2512 (SQL injection vulnerability in customprofile.php in 2daybiz Matrimonia ...) NOT-FOR-US: 2daybiz Matrimonial Script CVE-2010-2511 (SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Mar ...) NOT-FOR-US: 2daybiz Multi Level Marketing CVE-2010-2510 (SQL injection vulnerability in customize.php in 2daybiz Web Template S ...) NOT-FOR-US: 2daybiz Web Template CVE-2010-2509 (Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Tem ...) NOT-FOR-US: 2daybiz Web Template CVE-2010-2508 (SQL injection vulnerability in user-profile.php in 2daybiz Video Commu ...) NOT-FOR-US: 2daybiz Video CVE-2010-2507 (Directory traversal vulnerability in the Picasa2Gallery (com_picasa2ga ...) NOT-FOR-US: component for Joomla! CVE-2010-2506 (Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54 ...) NOT-FOR-US: Linksys CVE-2010-2505 (Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remo ...) NOT-FOR-US: Soft SaschArt SasCAM Webcam Server CVE-2010-2504 (Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenti ...) NOT-FOR-US: Splunk CVE-2010-2503 (Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 thro ...) NOT-FOR-US: Splunk CVE-2010-2502 (Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0 ...) NOT-FOR-US: Splunk CVE-2010-2501 RESERVED CVE-2010-2500 (Integer overflow in the gray_render_span function in smooth/ftgrays.c ...) {DSA-2070-1} - freetype 2.4.0-1 CVE-2010-2499 (Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs. ...) {DSA-2070-1} - freetype 2.4.0-1 CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c in Fre ...) {DSA-2070-1} - freetype 2.4.0-1 CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows re ...) {DSA-2070-1} - freetype 2.4.0-1 CVE-2010-2496 [cluster-glue: passes the stonith parameters via the commandline which could result in password leaks] RESERVED - cluster-glue 1.0.6-1 - pacemaker 1.1.13-1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=620781 NOTE: https://github.com/ClusterLabs/cluster-glue/commit/3d7b464439ee0271da76e0ee9480f3dc14005879 (glue-1.0.6) NOTE: https://github.com/ClusterLabs/pacemaker/commit/7901f43c5800374d41ae2287fe122692fe045664 (Pacemaker-1.1.3) CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) i ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messagin ...) {DSA-2110-1} - linux-2.6 2.6.32-19 CVE-2010-2491 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup b ...) - roundup 1.4.13-3.1 (bug #590769) NOTE: http://bugs.gentoo.org/show_bug.cgi?id=326395 NOTE: http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486 CVE-2010-2490 (Mumble: murmur-server has DoS due to malformed client query ...) - mumble 1.2.2-4 (bug #587713) [lenny] - mumble (Minor issue) - qt4-x11 (low; bug #587713) CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...) - ruby1.8 (Windows-specific) - ruby1.9.1 (Windows-specific) CVE-2010-2488 (NULL pointer dereference vulnerability in ZNC before 0.092 caused by t ...) {DSA-2069-1} - znc 0.090-2 (bug #584929) CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...) {DSA-2083-1} - moin 1.9.3-1 (bug #584809) CVE-2010-2486 REJECTED CVE-2010-2485 REJECTED CVE-2010-2484 (The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...) - php5 5.3.3-1 (unimportant) CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...) - tiff 3.9.4-4 (unimportant) - tiff3 (fixed prior to initial upload) CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid td_strip ...) {DSA-2552-1} - tiff 3.9.4-1 (unimportant) - tiff3 (fixed prior to initial upload) CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly ha ...) - tiff 3.9.4-1 (unimportant) - tiff3 (fixed prior to initial upload) CVE-2010-2480 (Mako before 0.3.4 relies on the cgi.escape function in the Python stan ...) - mako 0.3.4-1 (low) [lenny] - mako (Minor issue) CVE-2010-2478 (Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool ...) - linux-2.6 2.6.32-19 [lenny] - linux-2.6 (Introduced in 2.6.27) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=608950 NOTE: http://thread.gmane.org/gmane.linux.network/164869 CVE-2010-2477 (Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpe ...) - paste 1.7.4-1 (low) [lenny] - paste 1.7.1-1+lenny1 NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56 CVE-2010-2475 REJECTED CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...) - bugzilla (Only affects 3.5 to 3.7) CVE-2010-2476 (syscp 1.4.2.1 allows attackers to add arbitrary paths via the document ...) - syscp (bug #587481) CVE-2010-2469 (The Linear eMerge 50 and 5000 uses a default password of eMerge for th ...) NOT-FOR-US: Linear eMerge CVE-2010-2468 (The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 an ...) NOT-FOR-US: S2 Security NetBox CVE-2010-2467 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eM ...) NOT-FOR-US: S2 Security NetBox CVE-2010-2466 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eM ...) NOT-FOR-US: S2 Security NetBox CVE-2010-2465 (The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge ...) NOT-FOR-US: S2 Security NetBox CVE-2010-2464 (Multiple cross-site scripting (XSS) vulnerabilities in the RSComments ...) NOT-FOR-US: component for Joomla! CVE-2010-2463 (Cross-site scripting (XSS) vulnerability in forum.php in Jamroom befor ...) NOT-FOR-US: Jamroom CVE-2010-2462 (SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP ...) NOT-FOR-US: Toma Cero OroHYIP CVE-2010-2461 (SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 al ...) NOT-FOR-US: JCE-Tech Overstock CVE-2010-2460 (SQL injection vulnerability in merchant_product_list.php in JCE-Tech S ...) NOT-FOR-US: JCE-Tech Shareasale Script CVE-2010-2459 (SQL injection vulnerability in video.php in 2daybiz Video Community Po ...) NOT-FOR-US: 2daybiz Video Community Portal Script CVE-2010-2458 (Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video ...) NOT-FOR-US: 2daybiz Video Community Portal Script CVE-2010-2457 (Cross-site scripting (XSS) vulnerability in index.php in K-Search allo ...) NOT-FOR-US: K-Search CVE-2010-2456 (Multiple directory traversal vulnerabilities in index.php in Linker IM ...) NOT-FOR-US: Linker IMG CVE-2010-2455 (Opera does not properly manage the address bar between the request to ...) NOT-FOR-US: Opera CVE-2010-2454 (Apple Safari does not properly manage the address bar between the requ ...) - webkit (iceweasel/safari-specific issues) - chromium-browser (iceweasel/safari-specific issues) NOTE: i tested both firefox and safari poc's, and neither of them caused the NOTE: address bar to be spoofed in either webkit or chrome NOTE: this will be address in iceweasel in cve-2010-1206 CVE-2010-2453 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk S ...) NOT-FOR-US: Synology Disk Station CVE-2010-2452 (Directory traversal vulnerability in the DCC functionality in KVIrc 3. ...) {DSA-2065-1} - kvirc 4:4.0.0~svn4340+rc3-1 CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in KVI ...) {DSA-2065-1} - kvirc 4:4.0.0~svn4340+rc3-1 CVE-2010-2443 (The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9. ...) - tiff 3.9.4-1 (unimportant) - tiff3 (fixed prior to initial upload) NOTE: Triggers a NULL pointer deref, crasher only CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict fo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote a ...) - webkit 1.2.1-3 (low) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/58829 CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation W ...) NOT-FOR-US: Subtitle Translation Wizard CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to exec ...) NOT-FOR-US: MoreAmp CVE-2010-2438 (SQL injection vulnerability in G.CMS generator allows remote attackers ...) NOT-FOR-US: G.CMS CVE-2010-2437 (Cross-site scripting (XSS) vulnerability in class/tools.class.php in A ...) NOT-FOR-US: AneCMS BLog CVE-2010-2436 (SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1 ...) NOT-FOR-US: AneCMS Blog CVE-2010-2435 (Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause ...) - weborf 0.12.2-1 CVE-2010-2434 (Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explz ...) NOT-FOR-US: Explzh CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in content/interna ...) NOT-FOR-US: IBM WebSphere CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS befo ...) {DSA-2176-1} - cups 1.4.4-1 CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local users, wit ...) {DSA-2176-1} - cups 1.4.4-1 CVE-2010-2430 RESERVED CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, ...) NOT-FOR-US: Splunk CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the ...) NOT-FOR-US: Wing FTP Server CVE-2010-2427 (VMware Studio 2.0 does not properly write to temporary files, which al ...) NOT-FOR-US: VMware Studio CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River Technolo ...) NOT-FOR-US: Titan FTP Server CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River Technolo ...) NOT-FOR-US: Titan FTP Server CVE-2010-2424 RESERVED CVE-2010-2423 RESERVED CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone ...) - plone3 CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have unknow ...) NOT-FOR-US: Opera CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...) NOT-FOR-US: Sleipnir CVE-2010-2479 (Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1 ...) {DSA-2067-1} - php-htmlpurifier 4.1.1+dfsg1-1 - mahara 1.2.5-1 - moodle 1.9.9.dfsg2-1 (low; bug #593301) [lenny] - moodle (doesn't ship/use htmlpurifier) - knowledgeroot 0.9.9.5-5 [lenny] - knowledgeroot (low) CVE-2010-2419 (Unspecified vulnerability in the Java Virtual Machine component in Ora ...) NOT-FOR-US: Oracle Database Server CVE-2010-2418 (Unspecified vulnerability in the Oracle Territory Management component ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-2417 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2010-2416 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...) NOT-FOR-US: Oracle E-Business Intelligence CVE-2010-2415 (Unspecified vulnerability in the Change Data Capture component in Orac ...) NOT-FOR-US: Oracle Database Server CVE-2010-2414 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Jav ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2010-2413 (Unspecified vulnerability in the BI Publisher component in Oracle Fusi ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-2412 (Unspecified vulnerability in the OLAP component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2010-2411 (Unspecified vulnerability in the Job Queue component in Oracle Databas ...) NOT-FOR-US: Oracle Database Server CVE-2010-2410 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion M ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-2409 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion M ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-2408 (Unspecified vulnerability in the Oracle iRecruitment component in Orac ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-2407 (Unspecified vulnerability in the XDK component in Oracle Database Serv ...) NOT-FOR-US: Oracle Database Server CVE-2010-2406 (Unspecified vulnerability in the Siebel Core - Highly Interactive Clie ...) NOT-FOR-US: Oracle Siebel Suite CVE-2010-2405 (Unspecified vulnerability in the Siebel Core - Highly Interactive Clie ...) NOT-FOR-US: Oracle Siebel Suite CVE-2010-2404 (Unspecified vulnerability in the Oracle iRecruitment component in Orac ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-2403 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solution ...) NOT-FOR-US: PeopleSoft CVE-2010-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft CVE-2010-2401 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile ...) NOT-FOR-US: PeopleSoft CVE-2010-2400 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...) NOT-FOR-US: Solaris CVE-2010-2399 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: Solaris CVE-2010-2398 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...) NOT-FOR-US: PeopleSoft CVE-2010-2397 (Unspecified vulnerability in Oracle Sun Java System Application Server ...) NOT-FOR-US: Oracle Sun Java System Application Serve CVE-2010-2396 (Unspecified vulnerability in the Forms component in Oracle Fusion Midd ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-2395 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion M ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-2394 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Solaris CVE-2010-2393 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: Solaris CVE-2010-2392 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: Solaris CVE-2010-2391 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2010-2390 (Unspecified vulnerability in the Database Control component in EM Cons ...) NOT-FOR-US: Oracle Database Server CVE-2010-2389 (Unspecified vulnerability in the Perl component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2010-2388 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-2387 (vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x bef ...) - gdm 2.20.11-1 CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...) NOT-FOR-US: Solaris CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy Server 4 ...) NOT-FOR-US: Oracle Sun Java System Web Proxy Server CVE-2010-2384 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local user ...) NOT-FOR-US: Solaris CVE-2010-2383 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...) NOT-FOR-US: Solaris CVE-2010-2382 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) NOT-FOR-US: Solaris CVE-2010-2381 (Unspecified vulnerability in the Application Server Control component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-2380 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component ...) NOT-FOR-US: PeopleSoft CVE-2010-2379 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - Time & ...) NOT-FOR-US: PeopleSoft CVE-2010-2378 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component i ...) NOT-FOR-US: PeopleSoft CVE-2010-2377 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft CVE-2010-2376 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) NOT-FOR-US: Solaris CVE-2010-2375 (Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspeci ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-2374 (Unspecified vulnerability in Solaris Studio 12 update 1 allows local u ...) NOT-FOR-US: Solaris CVE-2010-2373 (Unspecified vulnerability in the Console component in Oracle Enterpris ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2010-2372 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2010-2371 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2010-2370 (Unspecified vulnerability in the Oracle Business Process Management co ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-2369 (Untrusted search path vulnerability in Lhasa 0.19 and earlier allows l ...) NOT-FOR-US: Lhasa CVE-2010-2368 (Untrusted search path vulnerability in Lhaplus before 1.58 allows loca ...) NOT-FOR-US: Lhaplus CVE-2010-2367 (Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 bef ...) NOT-FOR-US: AD-EDIT2 CVE-2010-2366 (Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Ana ...) NOT-FOR-US: CGI Cafe Access Analyzer CVE-2010-2365 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 befor ...) NOT-FOR-US: Free CGI Moo moobbs2 CVE-2010-2364 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before ...) NOT-FOR-US: Free CGI Moo moobbs2 CVE-2010-2363 (The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the S ...) NOT-FOR-US: SEIL/X1, SEIL/X2, and SEIL/B1 routers CVE-2010-2362 (Winny 2.0b7.1 and earlier does not properly process node information, ...) NOT-FOR-US: Winny CVE-2010-2361 (Winny 2.0b7.1 and earlier does not properly process BBS information, w ...) NOT-FOR-US: Winny CVE-2010-2360 (Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow rem ...) NOT-FOR-US: Winny CVE-2010-2359 (SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com ...) NOT-FOR-US: eWebquiz CVE-2010-2358 (PHP remote file inclusion vulnerability in modules/catalog/upload_phot ...) NOT-FOR-US: Nakid CMS CVE-2010-2357 (SQL injection vulnerability in index.php in Eicra Realestate Script 1. ...) NOT-FOR-US: Eicra Realestate Script CVE-2010-2356 (Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Gro ...) NOT-FOR-US: Pilot Group eLMS Pro CVE-2010-2355 (Cross-site scripting (XSS) vulnerability in error.php in Pilot Group ( ...) NOT-FOR-US: Pilot Group eLMS Pro CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS ...) NOT-FOR-US: Pilot Group eLMS Pro CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK) module 6.x ...) - drupal6-mod-cck (Fixed before initial upload) CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK) module 5.x ...) - drupal6-mod-cck (Fixed before initial upload) CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...) NOT-FOR-US: Novell Netware CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...) - ziproxy 3.1.1-1 (bug #587039) [lenny] - ziproxy (Introduced in 3.1.0) CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: H264WebCam CVE-2010-2348 (Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0. ...) NOT-FOR-US: Batch Audio Converter CVE-2010-2347 (The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 thr ...) NOT-FOR-US: SAP J2EE Telnet Interface CVE-2010-2346 RESERVED CVE-2010-2345 (Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and pos ...) NOT-FOR-US: odCMS CVE-2010-2344 (Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and ...) NOT-FOR-US: odCMS CVE-2010-2343 (Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007 ...) NOT-FOR-US: D.R. Software Audio Converter CVE-2010-2342 (SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady O ...) NOT-FOR-US: DMXReady Online Notebook Manager CVE-2010-2341 (PHP remote file inclusion vulnerability in system/application/views/pu ...) NOT-FOR-US: EZPX Photoblog CVE-2010-2340 (SQL injection vulnerability in members.php in Arab Portal 2.2, when ma ...) NOT-FOR-US: Arab Portal CVE-2010-2339 (SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x ...) NOT-FOR-US: Subdreamer CMS CVE-2010-2338 (Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor ...) NOT-FOR-US: VU Web Visitor Analyst CVE-2010-2337 (Open redirect vulnerability in RSA Federated Identity Manager 4.0 befo ...) NOT-FOR-US: RSA Federated Identity Manager CVE-2010-2336 (index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obt ...) NOT-FOR-US: Yamamah Photo Gallery CVE-2010-2335 (SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00 ...) NOT-FOR-US: Yamamah Photo Gallery CVE-2010-2334 (Directory traversal vulnerability in themes/default/download.php in Ya ...) NOT-FOR-US: Yamamah Phote Gallery CVE-2010-2333 (LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows ...) NOT-FOR-US: LiteSpeed Web Server CVE-2010-2332 (Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions ...) NOT-FOR-US: Impact PDF Reader CVE-2010-2331 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allow ...) NOT-FOR-US: iSharer File Sharing Wizard CVE-2010-2330 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allow ...) NOT-FOR-US: iSharer File Sharing Wizard CVE-2010-2329 (Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attacker ...) NOT-FOR-US: Rosoft Audio Converter CVE-2010-2328 (The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-2327 (mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.3 ...) NOT-FOR-US: IBM HTTP Server CVE-2010-2326 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNo ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-2325 (Cross-site scripting (XSS) vulnerability in the administrative console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-2324 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS all ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-2323 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS mig ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-2322 (Absolute path traversal vulnerability in the extract_jar function in j ...) - fastjar 2:0.98-3 (low) [lenny] - fastjar (Minor issue) CVE-2010-2321 (Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote ...) NOT-FOR-US: Adobe InDesign CVE-2010-2320 (bozotic HTTP server (aka bozohttpd) before 20100621 allows remote atta ...) - bozohttpd 20100621-1 (low; bug #590298) [lenny] - bozohttpd (Minor information leak) CVE-2010-2319 (SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allo ...) NOT-FOR-US: IDevSpot TextAds CVE-2010-2318 (Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPor ...) NOT-FOR-US: PHPCityPortal CVE-2010-2317 (Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow ...) NOT-FOR-US: WmsCms CVE-2010-2316 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) NOT-FOR-US: WmsCms CVE-2010-2315 (PHP remote file inclusion vulnerability in picturelib.php in SmartISof ...) NOT-FOR-US: SmartISoft phpBazar CVE-2010-2314 (PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter. ...) NOT-FOR-US: NP_Twitter Plugin CVE-2010-2313 (Directory traversal vulnerability in index.php in Anodyne Productions ...) NOT-FOR-US: SIMM Management System CVE-2010-2312 (SQL injection vulnerability in index.php in HauntmAx Haunted House Dir ...) NOT-FOR-US: HauntmAx Haunted House Directory Listing CMS CVE-2010-2311 (Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows us ...) NOT-FOR-US: Power Tab Editor CVE-2010-2310 (SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a de ...) NOT-FOR-US: SolarWinds TFTP Server CVE-2010-2309 (Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6. ...) NOT-FOR-US: EvoLogical EvoCam CVE-2010-2308 (Unspecified vulnerability in the filter driver (savonaccessfilter.sys) ...) NOT-FOR-US: Sophos Anti-Virus CVE-2010-2307 (Multiple directory traversal vulnerabilities in the web server for Mot ...) NOT-FOR-US: Motorola firmware CVE-2010-2306 (The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; ...) NOT-FOR-US: Sourcefire 3D Sensor CVE-2010-2305 (Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Syg ...) NOT-FOR-US: Symantec Sygate Personal Firewall CVE-2010-2304 REJECTED CVE-2010-2303 REJECTED CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome bef ...) - webkit 1.2.1-3 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59876 NOTE: duplicate of cve-2010-1771 CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebC ...) - webkit 1.2.1-3 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59241 NOTE: http://trac.webkit.org/changeset/59242 NOTE: duplicate of cve-2010-1762 CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes funct ...) - webkit 1.2.1-3 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59109 NOTE: duplicate of cve-2010-1759 CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc i ...) - webkit (chromium-specific) - chromium-browser 5.0.375.70~r48679-1 CVE-2010-2298 (browser/renderer_host/database_dispatcher_host.cc in Google Chrome bef ...) - webkit (chromium-specific) - chromium-browser 5.0.375.70~r48679-1 CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome b ...) - webkit 1.2.1-3 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/59495 CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031 NOTE: http://trac.webkit.org/changeset/57627 NOTE: http://trac.webkit.org/changeset/57658 NOTE: http://trac.webkit.org/changeset/57658 NOTE: http://trac.webkit.org/changeset/59769 NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159 CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0 ...) - webkit 1.2.1-3 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/58829 CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and ...) NOT-FOR-US: Plume CMS CVE-2010-2293 (The Ping tools web interface in Dlink Di-604 router allows remote auth ...) NOT-FOR-US: Dlink Di-604 CVE-2010-2292 (Cross-site scripting (XSS) vulnerability in the Ping tools web interfa ...) NOT-FOR-US: Dlink Di-604 Router CVE-2010-2291 (Unspecified vulnerability in the web interface in snom VoIP Phone firm ...) NOT-FOR-US: snom VoIP Phone CVE-2010-2290 (Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfe ...) NOT-FOR-US: McAfee CVE-2010-2289 (Open redirect vulnerability in dana/home/homepage.cgi in Juniper Netwo ...) NOT-FOR-US: Juniper Networks CVE-2010-2288 (Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Junip ...) NOT-FOR-US: Juniper Networks CVE-2010-2282 (Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 all ...) NOT-FOR-US: TomatoCMS CVE-2010-2281 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...) NOT-FOR-US: TomatoCMS CVE-2010-2280 (Open redirect vulnerability in the Mobile component in IBM Lotus Conne ...) NOT-FOR-US: IBM Lotus Connections CVE-2010-2279 (The Top Updates implementation in the Homepage component in IBM Lotus ...) NOT-FOR-US: IBM Lotus Connections CVE-2010-2278 (The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connect ...) NOT-FOR-US: IBM Lotus Connections CVE-2010-2277 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Conne ...) NOT-FOR-US: IBM Lotus Connections CVE-2010-2276 (The default configuration of the build process in Dojo 0.4.x before 0. ...) - dojo (Doesn't affect the Debian packaging) CVE-2010-2275 (Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js ...) - dojo 1.4.2+dfsg-1 CVE-2010-2274 (Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1 ...) - dojo 1.4.2+dfsg-1 CVE-2010-2273 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x befo ...) - dojo 1.4.2+dfsg-1 CVE-2010-2272 (Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before ...) - dojo (only affects 0.4 branch) CVE-2010-2271 (Format string vulnerability in authcfg.cgi in Accoria Web Server (aka ...) NOT-FOR-US: Accoria Web Server CVE-2010-2270 (Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable http ...) NOT-FOR-US: Accoria Web Server CVE-2010-2269 (Directory traversal vulnerability in loadstatic.cgi in Accoria Web Ser ...) NOT-FOR-US: Accoria Web Server CVE-2010-2268 (Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Acco ...) NOT-FOR-US: Accoria Web Server CVE-2010-2267 (Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Ser ...) NOT-FOR-US: Accoria Web Server CVE-2010-2266 (nginx 0.8.36 allows remote attackers to cause a denial of service (cra ...) - nginx (Confirmed Windows only, see bug #590768) CVE-2010-2265 (Cross-site scripting (XSS) vulnerability in the GetServerName function ...) NOT-FOR-US: Microsoft Windows CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...) - chromium-browser 6.0.466.0~r52279-1 NOTE: This is a large series of risky behaviour-changing changesets. NOTE: upstream changelog says this is fixed in 1.2.3, but i'm doubtful of that CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows ...) - nginx (Windows-specific vulnerability when running on NTFS) CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 throug ...) {DSA-2066-1} - wireshark 1.2.9-1 CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 th ...) {DSA-2066-1} - wireshark 1.2.9-1 CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 throug ...) {DSA-2066-1} - wireshark 1.2.9-1 CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine ...) {DSA-2066-1} - wireshark 1.2.9-1 CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in Wiresh ...) {DSA-2066-1} - wireshark 1.2.9-1 CVE-2010-2262 (Galileo Students Team Weborf before 0.12.1 allows remote attackers to ...) - weborf 0.12.1-1 CVE-2010-2261 (Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers ...) NOT-FOR-US: Linksys WAP54Gv3 CVE-2010-2260 (Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design B ...) NOT-FOR-US: Gabmbit Design Bandwidth Meter CVE-2010-2259 (Directory traversal vulnerability in the BF Survey (com_bfsurvey) comp ...) NOT-FOR-US: com_bfsurvey component for joomla! CVE-2010-2258 (Cross-site scripting (XSS) vulnerability in signupconfirm.php in phpBa ...) NOT-FOR-US: phpBannerExchange CVE-2010-2257 (SQL injection vulnerability in index_ie.php in Pay Per Minute Video Ch ...) NOT-FOR-US: Pay Per Minute Video Chat Script CVE-2010-2256 (Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute ...) NOT-FOR-US: Pay Per Minute Video Chat Script CVE-2010-2255 (SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) co ...) NOT-FOR-US: com_bfsurvey component for joomla! CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope template for ...) NOT-FOR-US: joomla! CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject downloads to ...) - libwww-perl 5.835-1 (low) [lenny] - libwww-perl 5.813-1+lenny2 CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename instead of t ...) {DSA-2088-1} - wget 1.12-2.1 (low; bug #590296) CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does not pr ...) {DSA-2085-1} - lftp 4.0.6-1 (low) [lenny] - lftp (Minor issue) NOTE: http://www.ocert.org/advisories/ocert-2010-001.html CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1. ...) {DSA-2072-1} - libpng 1.2.44-1 (low; bug #587670) - tuxonice-userui 1.0-1 (unimportant) NOTE: tuxonice-userui 1.0-1 was binNMUed CVE-2010-2248 (fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel befor ...) {DSA-2094-1} - linux-2.6 2.6.32-12 (low) CVE-2010-2247 (makepasswd 1.10 default settings generate insecure passwords ...) - makepasswd 1.10-5 (low; bug #564559) [lenny] - makepasswd 1.10-3+lenny1 CVE-2010-2246 (feh before 1.8, when the --wget-timestamp option is enabled, might all ...) - feh 1.8-1 (low; bug #587205) [lenny] - feh (Minor issue) CVE-2010-2245 (XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earli ...) NOT-FOR-US: Apache Wink CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in ...) {DSA-2086-1} - avahi 0.6.26-1 CVE-2010-2243 (A vulnerability exists in kernel/time/clocksource.c in the Linux kerne ...) - linux-2.6 2.6.32-11 [lenny] - linux-2.6 (Vulnerable code not present) CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improp ...) - libvirt 0.8.3-1 (low) [lenny] - libvirt 0.4.6-10+lenny1 CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Ha ...) NOT-FOR-US: Red Hat Directory Server CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel befo ...) {DSA-2094-1} - linux-2.6 2.6.32-21 CVE-2010-2239 (Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images with ...) - libvirt 0.8.3-1 (low) [lenny] - libvirt (only affects >= 0.6.0) CVE-2010-2238 (Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-imag ...) - libvirt 0.8.3-1 [lenny] - libvirt (only affects >= 0.7.2) CVE-2010-2237 (Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing s ...) - libvirt 0.8.3-1 [lenny] - libvirt (only affects >= 0.6.1) CVE-2010-2236 (The monitoring probe display in spacewalk-java before 2.1.148-1 and Re ...) NOT-FOR-US: Red Hat Satellite CVE-2010-2235 (template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Sa ...) - cobbler (Fixed before initial upload) CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used ...) - tiff 3.9.4-2 - tiff3 (fixed prior to initial upload) [lenny] - tiff (Only affects 3.9.x) CVE-2010-2232 (In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export pro ...) - derby (Fixed before initial upload to Debian) NOTE: https://issues.apache.org/jira/browse/DERBY-2925 CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in report/overview/rep ...) {DSA-2115-1} - moodle 1.9.9-1 (bug #586280) CVE-2010-2230 (The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.1 ...) {DSA-2115-1} - moodle 1.9.9-1 (bug #586280) - wordpress 3.0.4+dfsg-1 [lenny] - wordpress (2.x version is not affected) - egroupware (Only forks a minor subset of KSES) CVE-2010-2229 (Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php ...) {DSA-2115-1} - moodle 1.9.9-1 (bug #586280) CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET access-control in ...) {DSA-2115-1} - moodle 1.9.9-1 (bug #586280) CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 be ...) {DSA-2207-1} - tomcat5.5 - tomcat6 6.0.28-1 (bug #588813) [lenny] - tomcat6 (Only ships the servlet package) CVE-2010-2226 (The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel bef ...) {DSA-2094-1} - linux-2.6 2.6.32-19 CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in P ...) {DSA-2089-1} - php5 5.3.3-1 CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise Virtualizatio ...) NOT-FOR-US: Red Hat Enterprise Virtualization Manager (RHEV-M) CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualiza ...) - vdsm (bug #668538) CVE-2010-2222 (The _ger_parse_control function in Red Hat Directory Server 8 and the ...) NOT-FOR-US: Red Hat Directory Server CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1) ...) - iscsitarget 1.4.20.1-1 CVE-2010-2220 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, a ...) NOT-FOR-US: Adobe Flash Media Server CVE-2010-2219 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0 ...) NOT-FOR-US: Adobe Flash Media Server CVE-2010-2218 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, a ...) NOT-FOR-US: Adobe Flash Media Server CVE-2010-2217 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, a ...) NOT-FOR-US: Adobe Flash Media Server CVE-2010-2216 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...) NOT-FOR-US: Adobe Flash Plugin CVE-2010-2215 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...) NOT-FOR-US: Adobe Flash Plugin CVE-2010-2214 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...) NOT-FOR-US: Adobe Flash Plugin CVE-2010-2213 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...) NOT-FOR-US: Adobe Flash Plugin CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2010-2211 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-2210 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-2209 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-2208 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-2207 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-2206 (Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x befo ...) NOT-FOR-US: Adobe Reader CVE-2010-2205 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-2204 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3 ...) NOT-FOR-US: Adobe Reader CVE-2010-2203 (Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to e ...) NOT-FOR-US: Adobe Reader CVE-2010-2202 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-2201 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-2200 RESERVED CVE-2010-2199 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...) - rpm (bug #584257; unimportant) NOTE: Marking as unimportant since rpm isn't used as a package manager CVE-2010-2198 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...) - rpm (bug #584257; unimportant) NOTE: Marking as unimportant since rpm isn't used as a package manager CVE-2010-2197 (rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax o ...) - rpm 4.8.1-1 (low; bug #584257) [lenny] - rpm (Minor issue) CVE-2010-2196 RESERVED CVE-2010-2195 (bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows a ...) - bozohttpd 20100621-1 (low; bug #590298) [lenny] - bozohttpd (Only affects 20090522 to 20100512) CVE-2010-2194 RESERVED CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) Web ...) NOT-FOR-US: CA Global Advisor CVE-2010-2192 (The make_lockdir_name function in policy.c in pmount 0.9.18 allow loca ...) {DSA-2063-1} - pmount 0.9.23-1 CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...) - php5 5.3.3-1 (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions i ...) - php5 (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2189 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2188 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2187 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2186 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2185 (Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2184 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2183 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x befor ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2182 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2181 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x befor ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2180 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2179 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2178 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2177 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2176 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2175 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2174 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2173 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2172 (Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms al ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2171 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2170 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x befor ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2169 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2168 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-2167 (Multiple heap-based buffer overflows in Adobe Flash Player before 9.0. ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2166 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2165 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2164 (Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 an ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2163 (Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0. ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2162 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2161 (Array index error in Adobe Flash Player before 9.0.277.0 and 10.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2160 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2010-2159 (Dameng DM Database Server allows remote authenticated users to cause a ...) NOT-FOR-US: Dameng DM Database CVE-2010-2158 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm modul ...) NOT-FOR-US: Storm module for Drupal CVE-2010-2157 (Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, ...) NOT-FOR-US: CA ARCserve CVE-2010-2156 (ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote att ...) - isc-dhcp 4.1.1-P1-1 - dhcp3 (Only affects DHCP 4.x) - dhcp (Only affects DHCP 4.x) NOTE: http://www.isc.org/software/dhcp/advisories/cve-2010-2156 CVE-2010-2155 (Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/ht ...) {DSA-2056-1} - zonecheck 2.1.1-1 (bug #583290) CVE-2010-2154 (Cross-site scripting (XSS) vulnerability in the Search Site in CMScout ...) NOT-FOR-US: CMScout CVE-2010-2153 (Unrestricted file upload vulnerability in admin/code/tce_functions_tce ...) NOT-FOR-US: TCExam CVE-2010-2152 (Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, I ...) NOT-FOR-US: JustSystems Ichitaro CVE-2010-2151 (Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 ...) NOT-FOR-US: Fujitsu e-Pares CVE-2010-2150 (Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allow ...) NOT-FOR-US: Fujitsu e-Pares CVE-2010-2149 (Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L ...) NOT-FOR-US: Fujitsu e-Pares CVE-2010-2148 (SQL injection vulnerability in the My Car (com_mycar) component 1.0 fo ...) NOT-FOR-US: My Car for Joomla CVE-2010-2147 (Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) com ...) NOT-FOR-US: My Car for Joomla CVE-2010-2146 (PHP remote file inclusion vulnerability in banned.php in Visitor Logge ...) NOT-FOR-US: Visitor Logger CVE-2010-2145 (Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4 ...) NOT-FOR-US: ClearSite CVE-2010-2144 (Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways ...) NOT-FOR-US: Zeeways eBay Clone auction script CVE-2010-2143 (Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 a ...) NOT-FOR-US: Symphony CMS CVE-2010-2142 (SQL injection vulnerability in default.asp in Cyberhost allows remote ...) NOT-FOR-US: Cyberhost CVE-2010-2141 (SQL injection vulnerability in index.php in NITRO Web Gallery allows r ...) NOT-FOR-US: NITRO Web Gallery CVE-2010-2140 (SQL injection vulnerability in itemdetail.php in Multishop CMS allows ...) NOT-FOR-US: Multishop CMS CVE-2010-2139 (SQL injection vulnerability in pages.php in Multishop CMS allows remot ...) NOT-FOR-US: Multishop CMS CVE-2010-2138 (Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earli ...) NOT-FOR-US: ProMan CVE-2010-2137 (PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 ...) NOT-FOR-US: ProMan CVE-2010-2136 (Directory traversal vulnerability in admin/index.php in Article Friend ...) NOT-FOR-US: Article Friendly CVE-2010-2135 (Multiple SQL injection vulnerabilities in login.php in HazelPress Lite ...) NOT-FOR-US: HazelPress Lite CVE-2010-2134 (Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 ...) NOT-FOR-US: Project Man CVE-2010-2133 (SQL injection vulnerability in contact.php in My Little Forum allows r ...) NOT-FOR-US: My Little Forum CVE-2010-2132 (Multiple PHP remote file inclusion vulnerabilities in Open Education S ...) NOT-FOR-US: Open Education System CVE-2010-2131 (SQL injection vulnerability in the Calendar Base (cal) extension befor ...) NOT-FOR-US: TYPO3 extenson Calendar Base CVE-2010-2130 (Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ...) NOT-FOR-US: Aris Global ARISg CVE-2010-2129 (Directory traversal vulnerability in the JE Ajax Event Calendar (com_j ...) NOT-FOR-US: JE Ajax Event Calenda CVE-2010-2128 (Directory traversal vulnerability in the JE Quotation Form (com_jequot ...) NOT-FOR-US: JE Quotation Form for Joomla CVE-2010-2127 (PHP remote file inclusion vulnerability in gallery.php in JV2 Folder G ...) NOT-FOR-US: JV2 Folder Gallery CVE-2010-2126 (Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3. ...) NOT-FOR-US: Snipe Gallery CVE-2010-2125 (Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banne ...) NOT-FOR-US: Rotor Banner module for Drupal CVE-2010-2124 (SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4 ...) NOT-FOR-US: Bartels Schone ConPresso CVE-2010-2123 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm modul ...) NOT-FOR-US: Storm module for Drupal CVE-2010-2122 (Directory traversal vulnerability in the SimpleDownload (com_simpledow ...) NOT-FOR-US: SimpleDownload for Joomla CVE-2010-2121 (Opera 9.52 allows remote attackers to cause a denial of service (resou ...) NOT-FOR-US: Opera CVE-2010-2120 (Google Chrome 1.0.154.48 allows remote attackers to cause a denial of ...) NOT-FOR-US: Unclear, historic Chrome issue CVE-2010-2119 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to c ...) NOT-FOR-US: MS IE CVE-2010-2118 (Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows re ...) NOT-FOR-US: MS IE CVE-2010-2117 (Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to ca ...) - xulrunner (unimportant) CVE-2010-2116 (The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 al ...) NOT-FOR-US: McAfee Email Gateway CVE-2010-2115 (SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a de ...) NOT-FOR-US: SolarWinds TFTP Server CVE-2010-2114 (Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke ...) NOT-FOR-US: Brekeke PBX CVE-2010-2113 (Multiple cross-site request forgery (CSRF) vulnerabilities in The Unif ...) NOT-FOR-US: The Uniform Server CVE-2010-2112 (Directory traversal vulnerability in the FTP service in FileCOPA befor ...) NOT-FOR-US: FileCOPA CVE-2010-2111 (Cross-site request forgery (CSRF) vulnerability in user/user-set.do in ...) NOT-FOR-US: Pacific Timesheet CVE-2010-2110 (Google Chrome before 5.0.375.55 does not properly execute JavaScript c ...) - chromium-browser 5.0.375.55~r47796-1 - webkit (issue in chrome's libv8 bindings) NOTE: http://trac.webkit.org/changeset/58229 CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows us ...) - chromium-browser 5.0.375.55~r47796-1 - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/58441 CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows re ...) - chromium-browser 5.0.375.55~r47796-1 - webkit (chrome-specific issue) CVE-2010-2107 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows at ...) - chromium-browser 5.0.375.55~r47796-1 - webkit (doesn't have safebrowsing feature) CVE-2010-2106 (Unspecified vulnerability in Google Chrome before 5.0.375.55 might all ...) - chromium-browser 5.0.375.55~r47796-1 - webkit (chrome-specific issue) CVE-2010-2105 (Google Chrome before 5.0.375.55 does not properly follow the Safe Brow ...) - chromium-browser 5.0.375.55~r47796-1 - webkit (doesn't have safebrowsing feature) CVE-2010-2104 (Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0. ...) NOT-FOR-US: Orbit Downloader CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/en ...) - axis (axis != axis2, vulnerable code not present) CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to exe ...) NOT-FOR-US: Webby Webserver CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_w ...) - php5 (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2100 (The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_b ...) - php5 (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2099 (bbcode/php.bb in e107 0.7.20 and earlier does not perform access contr ...) NOT-FOR-US: e107 CVE-2010-2098 (Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 ...) NOT-FOR-US: e107 CVE-2010-2097 (The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...) - php5 (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2096 (Directory traversal vulnerability in index.php in CMSQlite 1.2 and ear ...) NOT-FOR-US: CMSQlite CVE-2010-2095 (SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier a ...) NOT-FOR-US: CMSQlite CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP 5. ...) - php5 5.3.3-1 (low) [lenny] - php5 (Vulnerable code not present) CVE-2010-2093 (Use-after-free vulnerability in the request shutdown functionality in ...) - php5 5.3.3-1 (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2092 (SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier a ...) {DSA-2060-1} - cacti 0.8.7e-4 (bug #582691) CVE-2010-2091 (Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 ...) NOT-FOR-US: Microsoft OWA CVE-2010-2090 (The npb_protocol_error function in sna V5router64 in IBM Communication ...) NOT-FOR-US: IBM Communications Server CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the relations ...) - python3.1 3.1.2+20100706-1 (low) - python2.7 2.7-1 (low) - python2.6 2.6.5+20100706-1 (low) - python2.5 2.5.5-10 (low; bug #599739) [lenny] - python2.5 (Minor issue) - python2.4 (low) [lenny] - python2.4 (Minor issue) CVE-2010-2088 (ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted ...) NOT-FOR-US: Microsoft .NET CVE-2010-2087 (Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...) - mojarra (unimportant; bug #611130) NOTE: Affected feature is fundamentally insecure CVE-2010-2086 (Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application S ...) NOT-FOR-US: Apache MyFaces CVE-2010-2085 (The default configuration of ASP.NET in Microsoft .NET before 1.1 has ...) NOT-FOR-US: Microsoft .NET CVE-2010-2084 (Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property ...) NOT-FOR-US: Microsoft .NET CVE-2010-2083 (Microsoft Dynamics GP has a default value of ACCESS for the system pas ...) NOT-FOR-US: Microsoft Dynamics GP CVE-2010-2082 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ca ...) NOT-FOR-US: Cisco CVE-2010-2081 RESERVED CVE-2010-2080 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...) - otrs2 2.4.8+dfsg1-1 [lenny] - otrs2 (Only affects OTRS 2.3 and 2.4) CVE-2010-2079 (DataTrack System 3.5 allows remote attackers to bypass intended restri ...) NOT-FOR-US: DataTrack System CVE-2010-2078 (DataTrack System 3.5 allows remote attackers to list the root director ...) NOT-FOR-US: DataTrack System CVE-2010-2077 REJECTED CVE-2010-2076 (Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before ...) NOT-FOR-US: Apache CXF CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from Novemb ...) - unrealircd (bug #515130) CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_se ...) - w3m 0.5.2-5 (low; bug #587445) [lenny] - w3m 0.5.2-2+lenny1 CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and pa ...) - pyftpd 0.8.5 (low; bug #585776) [lenny] - pyftpd 0.8.4.6+lenny1 CVE-2010-2072 (Pyftpd 0.8.4 creates log files with predictable names in a temporary d ...) - pyftpd 0.8.5 (low; bug #585773) [lenny] - pyftpd 0.8.4.6+lenny1 CVE-2010-2071 (The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Lin ...) - linux-2.6 2.6.32-16 [lenny] - linux-2.6 (btrfs introduced in 2.6.29) CVE-2010-2070 (arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and ...) - xen-3 3.2.1-2 NOTE: The respective patch is present in Lenny's version of xen-3, might be fixed even earlier CVE-2010-2069 REJECTED CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 thr ...) - apache2 (does not affect UNIX, only Windows, etc.) CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function i ...) - tiff 3.9.4-1 - tiff3 (fixed prior to initial upload) [lenny] - tiff (Only affects 3.9.x) CVE-2010-2066 (The mext_check_arguments function in fs/ext4/move_extent.c in the Linu ...) - linux-2.6 2.6.32-21 [lenny] - linux-2.6 (Vulnerable code introduced in 2.6.31) CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allo ...) - tiff 3.9.4-1 - tiff3 (fixed prior to initial upload) [lenny] - tiff (Only affects 3.9.x) NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145 NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565 CVE-2010-2064 (rpcbind 0.2.0 allows local users to write to arbitrary files or gain p ...) - rpcbind 0.2.0-4.1 NOTE: This version changed the state directory to /var/run/rpcbind, which is only writable by root CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the chai ...) {DSA-2061-1} - samba 2:3.4.0~pre1-1 (high) NOTE: the affected code has been completely rewritten since 3.4.x CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, as use ...) {DSA-2044-1 DSA-2043-1} - vlc 1.0.1-1 [lenny] - vlc 0.8.6.h-4+lenny2.3 - mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245) [lenny] - mplayer 1.0~rc2-17+lenny3.2 - xine-lib (immune due to additional check in xio_rw_abbort()) NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/ NOTE: DSA-2043 and DSA-2044 CVE-2010-2061 (rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) ...) - rpcbind 0.2.0-4.1 CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows r ...) - beanstalkd 1.4.6-1 (unimportant; bug #585162) NOTE: Package description reads: "Beanstalkd is meant to be ran in a trusted network, NOTE: "as it has no authorisation/authentication mechanisms". So this is likely a non-issue CVE-2010-2059 (lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and R ...) - rpm 4.8.1-1 (bug #584257; unimportant) NOTE: Marking as unimportant since rpm isn't used as a package manager CVE-2010-2058 (setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable ...) - prewikka 1.0.0-1.1 (low; bug #584469) [lenny] - prewikka (The insecure permissions only apply for a very short timeframe during pkg update) NOTE: FEDORA-2009-3761 http://lwn.net/Articles/330642 CVE-2010-2057 (shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2. ...) NOT-FOR-US: Apache MyFaces CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary files vi ...) - gv 1:3.7.1-1 (low) [lenny] - gv (Minor issue) CVE-2010-2055 (Ghostscript 8.71 and earlier reads initialization files from the curre ...) - ghostscript 8.71~dfsg2-6.1 (bug #584653; bug #592569; bug #584663) [lenny] - ghostscript (too risky for regressions) CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 t ...) NOT-FOR-US: SBLIM SFCB CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local user ...) - emesene 1.6.2-1 (low) [lenny] - emesene (Introduced in 1.6.1) CVE-2010-2052 REJECTED CVE-2010-2051 (SQL injection vulnerability in article.php in Debliteck DBCart allows ...) NOT-FOR-US: Debliteck DBCart CVE-2010-2050 (Directory traversal vulnerability in the Moron Solutions MS Comment (c ...) NOT-FOR-US: Moron Solutions MS Comment CVE-2010-2049 (Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportRe ...) NOT-FOR-US: ManageEngine ADAudit Plus CVE-2010-2048 (Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat m ...) NOT-FOR-US: Heartbeat module for Drupal CVE-2010-2047 (SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allow ...) NOT-FOR-US: JE CMS CVE-2010-2046 (Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelpe ...) NOT-FOR-US: ActiveHelper LiveHelp for Joomla CVE-2010-2045 (Directory traversal vulnerability in the Dione Form Wizard (aka FDione ...) NOT-FOR-US: Dione Form Wizard CVE-2010-2044 (SQL injection vulnerability in the Konsultasi (com_konsultasi) compone ...) NOT-FOR-US: Konsultasi for Joomla CVE-2010-2043 (Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack Sys ...) NOT-FOR-US: DataTrack System CVE-2010-2042 (SQL injection vulnerability in search.php in ECShop 2.7.2 allows remot ...) NOT-FOR-US: ECShop CVE-2010-2041 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in PH ...) NOT-FOR-US: PHP-Calendar CVE-2010-2040 (Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzi ...) NOT-FOR-US: V-EVA Shopzilla script CVE-2010-2039 (Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1 ...) NOT-FOR-US: gpEasy CMS CVE-2010-2038 (Cross-site scripting (XSS) vulnerability in include/tool/editing_files ...) NOT-FOR-US: gpEasy CMS CVE-2010-2037 (Directory traversal vulnerability in the Percha Downloads Attach (com_ ...) NOT-FOR-US: Percha CVE-2010-2036 (Directory traversal vulnerability in the Percha Fields Attach (com_per ...) NOT-FOR-US: Percha CVE-2010-2035 (Directory traversal vulnerability in the Percha Gallery (com_perchagal ...) NOT-FOR-US: Percha CVE-2010-2034 (Directory traversal vulnerability in the Percha Image Attach (com_perc ...) NOT-FOR-US: Percha CVE-2010-2033 (Directory traversal vulnerability in the Percha Multicategory Article ...) NOT-FOR-US: Percha CVE-2010-2032 (Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/dig ...) NOT-FOR-US: Caucho Technology Resin Professional CVE-2010-2031 (KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3 ...) NOT-FOR-US: Kingsoft Webshield CVE-2010-2030 (Cross-site scripting (XSS) vulnerability in the External Link Page mod ...) NOT-FOR-US: External Link Page module for Drupal CVE-2010-2029 (Cybozu Office 7 Ktai and Dotsales do not properly restrict access to t ...) NOT-FOR-US: Cybozu Office and Dotsales CVE-2010-2028 (Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 all ...) NOT-FOR-US: k23productions TFTPGUI CVE-2010-2027 (Mathematica 7, when running on Linux, allows local users to overwrite ...) NOT-FOR-US: Mathematica CVE-2010-2026 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ca ...) NOT-FOR-US: Cisco CVE-2010-2025 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: Cisco CVE-2010-2024 (transports/appendfile.c in Exim before 4.72, when MBX locking is enabl ...) - exim4 4.72-1 (low) [lenny] - exim4 (Minor issue) CVE-2010-2023 (transports/appendfile.c in Exim before 4.72, when a world-writable sti ...) - exim4 4.72-1 (low) [lenny] - exim4 (Minor issue) CVE-2010-2022 (jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root ...) - kfreebsd-6 (jail binary not yet provided, see bug #584930) - kfreebsd-7 (jail binary not yet provided, see bug #584930) - kfreebsd-8 (jail binary not yet provided, see bug #584930) CVE-2010-2021 (Open redirect vulnerability in the Global Redirect module 6.x-1.x befo ...) NOT-FOR-US: Global Redirect module for Drupal is not in Debian CVE-2010-2020 (sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD ...) - kfreebsd-6 [lenny] - kfreebsd-6 (Minor issue, not enabled by default) - kfreebsd-7 7.3-2 [lenny] - kfreebsd-7 (Minor issue, not enabled by default) - kfreebsd-8 8.0-6 (bug #584930) CVE-2010-2019 (SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, whe ...) NOT-FOR-US: Lokomedia CMS CVE-2010-2018 (Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4. ...) NOT-FOR-US: Lokomedia CMS CVE-2010-2017 (Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lo ...) NOT-FOR-US: Lokomedia CMS CVE-2010-2016 (SQL injection vulnerability in details.php in Iceberg CMS allows remot ...) NOT-FOR-US: Iceberg CMS CVE-2010-2015 (Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote at ...) NOT-FOR-US: LiSK CMS CVE-2010-2014 (Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiS ...) NOT-FOR-US: LiSK CMS CVE-2010-2013 (Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK ...) NOT-FOR-US: LiSK CMS CVE-2010-2012 (SQL injection vulnerability in function.php in MigasCMS 1.1, when magi ...) NOT-FOR-US: MigasCMS CVE-2010-2011 (Microsoft Dynamics GP uses a substitution cipher to encrypt the system ...) NOT-FOR-US: Microsoft Dynamics GP CVE-2010-2010 (Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool ...) NOT-FOR-US: CTools module for Drupal CVE-2010-2009 (Stack-based buffer overflow in the media library in BS.Global BS.Playe ...) NOT-FOR-US: BS.Global BS.Player CVE-2010-2008 (MySQL before 5.1.48 allows remote authenticated users with alter datab ...) - mysql-5.1 5.1.48-1 - mysql-dfsg-5.0 (Only affects MySQL 5.1 onwards) CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...) - mydms (bug #590904; low) [lenny] - mydms (Minor issue) NOTE: seems to have changed name to letoDMS CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS (forme ...) {DSA-2146-1} - mydms 1.7.2+1.7.3-1.1 (bug #582587; medium) NOTE: seems to have changed name to letoDMS CVE-2010-2005 (Multiple PHP remote file inclusion vulnerabilities in DataLife Engine ...) NOT-FOR-US: Datalife Engine CVE-2010-2004 (Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Fre ...) NOT-FOR-US: BS.Player CVE-2010-2003 (Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Adva ...) NOT-FOR-US: Advanced Poll CVE-2010-2002 (Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x ...) NOT-FOR-US: Wordfilter module for Drupal CVE-2010-2001 (Cross-site scripting (XSS) vulnerability in the CiviRegister module be ...) NOT-FOR-US: CiviRegister module for Drupal CVE-2010-2000 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...) NOT-FOR-US: Biblio module for Drupal CVE-2010-1999 (Directory traversal vulnerability in scr/soustab.php in OpenMairie Ope ...) NOT-FOR-US: OpenMairie CVE-2010-1998 (Cross-site scripting (XSS) vulnerability in the CCK TableField module ...) NOT-FOR-US: CCK TableField module for Drupal CVE-2010-1997 (Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus C ...) NOT-FOR-US: Saurus CMS CVE-2010-1996 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...) NOT-FOR-US: Tomato CMS CVE-2010-1995 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...) NOT-FOR-US: Tomato CMS CVE-2010-1994 (SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 all ...) NOT-FOR-US: Tomato CMS CVE-2010-1993 (Opera 9.52 does not properly handle an IFRAME element with a mailto: U ...) NOT-FOR-US: Opera CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations whe ...) - chromium-browser (unimportant) NOTE: http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en NOTE: poc is just one window, but can be changed to open many NOTE: this is a dos-only attack, so its considered unimportant CVE-2010-1991 (Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1990 (Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, exec ...) - xulrunner (unimportant; bug #582590) - iceape (unimportant) NOTE: browser dos attacks are not considered security-relevant CVE-2010-1989 (Opera 9.52 executes a mail application in situations where an IMG elem ...) NOT-FOR-US: Opera CVE-2010-1988 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cau ...) - xulrunner (unimportant) - iceape (unimportant) NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom) CVE-2010-1987 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cau ...) - xulrunner (unimportant) - iceape (unimportant) NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom) CVE-2010-1986 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cau ...) - xulrunner (unimportant) - iceape (unimportant) NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom) CVE-2010-1985 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: Six Apart Movable type CVE-2010-1984 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb mo ...) NOT-FOR-US: Taxonomy Breadcrumb module for Drupal CVE-2010-1983 (Directory traversal vulnerability in the redTWITTER (com_redtwitter) c ...) NOT-FOR-US: com_redtwitter component for joomla! CVE-2010-1982 (Directory traversal vulnerability in the JA Voice (com_javoice) compon ...) NOT-FOR-US: com_javoice component for joomla! CVE-2010-1981 (Directory traversal vulnerability in the Fabrik (com_fabrik) component ...) NOT-FOR-US: com_fabrik component for joomla! CVE-2010-1980 (Directory traversal vulnerability in joomlaflickr.php in the Joomla Fl ...) NOT-FOR-US: com_joomlaflickr component for joomla! CVE-2010-1979 (Directory traversal vulnerability in the Affiliate Datafeeds (com_data ...) NOT-FOR-US: com_datafeeds component for joomla! CVE-2010-1978 (PHP remote file inclusion vulnerability in default_theme.php in FreePH ...) NOT-FOR-US: FreePHPBlogSoftware CVE-2010-1977 (Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmc ...) NOT-FOR-US: com_jwhmcs component for joomla! CVE-2010-1976 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb mo ...) NOT-FOR-US: Taxonomy Breadcrumb module for Drupal CVE-2010-1975 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8. ...) {DSA-2051-1} - postgresql-8.4 8.4.4-1 (low) - postgresql-8.3 (low) CVE-2010-1974 REJECTED CVE-2010-1973 (Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, ...) NOT-FOR-US: OpenVMS CVE-2010-1972 (The default configuration of HP Client Automation (HPCA) Enterprise In ...) NOT-FOR-US: HP Client Automation CVE-2010-1971 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...) NOT-FOR-US: HP Insight CVE-2010-1970 (Unspecified vulnerability in HP Insight Software Installer for Windows ...) NOT-FOR-US: HP Insight CVE-2010-1969 (Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterpr ...) NOT-FOR-US: HP Virtual Connect Enterprise Manager CVE-2010-1968 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...) NOT-FOR-US: HP Insight CVE-2010-1967 (Unspecified vulnerability in HP Insight Software Installer for Windows ...) NOT-FOR-US: HP Insight CVE-2010-1966 (Unspecified vulnerability in HP Insight Control power management for W ...) NOT-FOR-US: HP Insight CVE-2010-1965 (Unspecified vulnerability in HP Insight Orchestration for Windows befo ...) NOT-FOR-US: HP Insight CVE-2010-1964 (Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manage ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows re ...) NOT-FOR-US: HP ServiceCenter CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 befor ...) NOT-FOR-US: HP StorageWorks CVE-2010-1961 (Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Netwo ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1960 (Buffer overflow in the error handling functionality in ovwebsnmpsrv.ex ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1959 (Unspecified vulnerability in HP TestDirector for Quality Center 9.2 be ...) NOT-FOR-US: HP TestDirector for Quality Center CVE-2010-1958 (Cross-site scripting (XSS) vulnerability in the FileField module 5.x b ...) NOT-FOR-US: Drupal addon CVE-2010-1957 (Directory traversal vulnerability in the Love Factory (com_lovefactory ...) NOT-FOR-US: com_lovefactory component for joomla! CVE-2010-1956 (Directory traversal vulnerability in the Gadget Factory (com_gadgetfac ...) NOT-FOR-US: com_gadgetfactory component for joomla! CVE-2010-1955 (Directory traversal vulnerability in the Deluxe Blog Factory (com_blog ...) NOT-FOR-US: com_blogfactory component for joomla! CVE-2010-1954 (Directory traversal vulnerability in the iNetLanka Multiple root (com_ ...) NOT-FOR-US: com_multiroot component for joomla! CVE-2010-1953 (Directory traversal vulnerability in the iNetLanka Multiple Map (com_m ...) NOT-FOR-US: com_multimap component for joomla! CVE-2010-1952 (Directory traversal vulnerability in the BeeHeard (com_beeheard) and B ...) NOT-FOR-US: com_beeheard component for joomla! CVE-2010-1951 (Multiple directory traversal vulnerabilities in 60cycleCMS allow remot ...) NOT-FOR-US: 60cycleCMS CVE-2010-1950 (SQL injection vulnerability in the Online News Paper Manager (com_jnew ...) NOT-FOR-US: Online News Paper Manager CVE-2010-1949 (SQL injection vulnerability in the Online News Paper Manager (com_jnew ...) NOT-FOR-US: Online News Paper Manager CVE-2010-1948 (Directory traversal vulnerability in scr/soustab.php in openMairie Ope ...) NOT-FOR-US: openMairie CVE-2010-1947 (Directory traversal vulnerability in scr/soustab.php in openMairie Ope ...) NOT-FOR-US: openMairie CVE-2010-1946 (Multiple PHP remote file inclusion vulnerabilities in openMairie Openr ...) NOT-FOR-US: openMairie CVE-2010-1945 (Multiple PHP remote file inclusion vulnerabilities in openMairie Openf ...) NOT-FOR-US: openMairie CVE-2010-1944 (Multiple PHP remote file inclusion vulnerabilities in openMairie openC ...) NOT-FOR-US: openMairie CVE-2010-1943 (Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister ...) NOT-FOR-US: NEC CapsSuite Small Edition CVE-2010-1942 (Unspecified vulnerability in the Servlet service in Fujitsu Limited In ...) NOT-FOR-US: Fujitsu Limited Interstage Application Server CVE-2010-1941 (Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and ear ...) NOT-FOR-US: NEC WebSAM DeploymentManager CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header ...) - chromium-browser - webkit NOTE: Safari-specific. Chromium and Safari have totally separate HTTP stacks. CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows r ...) - chromium-browser - webkit NOTE: poc seems to cause a dos in both chromium and webkit; not sure if code execution is possible NOTE: This is Safari only CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie ...) - opie 2.32.dfsg.1-0.2 (low; bug #584932) [lenny] - opie 2.32-10.2+lenny2 CVE-2010-1937 (Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SF ...) NOT-FOR-US: SBLIM SFCB CVE-2010-1936 (Directory traversal vulnerability in scr/soustab.php in openMairie ope ...) NOT-FOR-US: openMairie openComInterne CVE-2010-1935 (Directory traversal vulnerability in scr/soustab.php in openMairie Ope ...) NOT-FOR-US: openMairie Openpresse CVE-2010-1934 (Multiple PHP remote file inclusion vulnerabilities in openMairie openP ...) NOT-FOR-US: openMairie openPlanning CVE-2010-1928 (Directory traversal vulnerability in scr/soustab.php in openMairie ope ...) NOT-FOR-US: openMairie openPlanning CVE-2010-1927 (Multiple PHP remote file inclusion vulnerabilities in openMairie openC ...) NOT-FOR-US: openMairie openCourrier CVE-2010-1926 (Directory traversal vulnerability in scr/soustab.php in openMairie ope ...) NOT-FOR-US: openMairie openCourrier CVE-2010-1925 (SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows ...) NOT-FOR-US: tekno.Portal CVE-2010-1924 (SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shop ...) NOT-FOR-US: Hi Web Wiesbaden Live Shopping multi Portal System CVE-2010-1923 (SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 So ...) NOT-FOR-US: Hi Web Wiesbaden Web Social Network Community System CVE-2010-1922 (Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 all ...) NOT-FOR-US: 29o3 CMS CVE-2010-1921 (Multiple PHP remote file inclusion vulnerabilities in OpenMairie openA ...) NOT-FOR-US: OpenMairie openAnnuaire CVE-2010-1920 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ope ...) NOT-FOR-US: OpenMairie openAnnuaire CVE-2010-1933 RESERVED CVE-2010-1932 (Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allow ...) NOT-FOR-US: XnView CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in CubeCa ...) NOT-FOR-US: CubeCart PHP Shopping Cart CVE-2010-1930 (Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows ...) NOT-FOR-US: Novell iManager CVE-2010-1929 (Multiple stack-based buffer overflows in the jclient._Java_novell_jcli ...) NOT-FOR-US: Novell iImanager CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allow ...) NOT-FOR-US: EMC CVE-2010-1913 (The default configuration of pluginlicense.ini for the SdcWebSecureBas ...) NOT-FOR-US: Consona CVE-2010-1912 (The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistan ...) NOT-FOR-US: Consona CVE-2010-1911 (The site-locking implementation in the SdcWebSecureBase interface in t ...) NOT-FOR-US: Consona CVE-2010-1910 (The Forgot Password implementation in Consona Live Assistance, Dynamic ...) NOT-FOR-US: Consona CVE-2010-1909 (Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX c ...) NOT-FOR-US: Consona CVE-2010-1908 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live As ...) NOT-FOR-US: Consona CVE-2010-1907 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live As ...) NOT-FOR-US: ConsonA CVE-2010-1906 (tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manag ...) NOT-FOR-US: Consona CVE-2010-1905 (Multiple cross-site scripting (XSS) vulnerabilities in Consona Live As ...) NOT-FOR-US: Consona CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5. ...) NOT-FOR-US: EMC RSA key manager CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, a ...) NOT-FOR-US: Microsoft Word CVE-2010-1902 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 ...) NOT-FOR-US: Microsoft Word CVE-2010-1901 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Offi ...) NOT-FOR-US: Microsoft Word CVE-2010-1900 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Offi ...) NOT-FOR-US: Microsoft Office Word CVE-2010-1899 (Stack consumption vulnerability in the ASP implementation in Microsoft ...) NOT-FOR-US: Microsoft IIS CVE-2010-1898 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, ...) NOT-FOR-US: Microsoft .NET Framework CVE-2010-1897 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2010-1896 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2010-1895 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2010-1894 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2010-1893 (Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, W ...) NOT-FOR-US: Microsoft Windows CVE-2010-1892 (The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Serve ...) NOT-FOR-US: Microsoft Windows CVE-2010-1891 (The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem ...) NOT-FOR-US: Microsoft Windows CVE-2010-1890 (The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 ...) NOT-FOR-US: Microsoft Windows CVE-2010-1889 (Double free vulnerability in the kernel in Microsoft Windows Vista SP1 ...) NOT-FOR-US: Microsoft Windows CVE-2010-1888 (Race condition in the kernel in Microsoft Windows XP SP3 allows local ...) NOT-FOR-US: Microsoft Windows CVE-2010-1887 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2010-1886 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...) NOT-FOR-US: Microsoft Windows CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help an ...) NOT-FOR-US: Microsoft Windows CVE-2010-1884 REJECTED CVE-2010-1883 (Integer overflow in the Embedded OpenType (EOT) Font Engine in Microso ...) NOT-FOR-US: Microsoft Windows CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsof ...) NOT-FOR-US: MPEG Layer-3 Audio Codec for CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls ...) NOT-FOR-US: Microsoft CVE-2010-1880 (Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Wi ...) NOT-FOR-US: Microsoft CVE-2010-1879 (Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media ...) NOT-FOR-US: Microsoft CVE-2010-1878 (Directory traversal vulnerability in the OrgChart (com_orgchart) compo ...) NOT-FOR-US: com_orgchart component for joomla! CVE-2010-1877 (SQL injection vulnerability in the JTM Reseller (com_jtm) component 1. ...) NOT-FOR-US: com_jtm component for joomla! CVE-2010-1876 (SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allow ...) NOT-FOR-US: AJ Shopping Cart CVE-2010-1875 (Directory traversal vulnerability in the Real Estate Property (com_pro ...) NOT-FOR-US: com_properties component for joomla! CVE-2010-1874 (SQL injection vulnerability in the Real Estate Property (com_propertie ...) NOT-FOR-US: com_properties component for joomla! CVE-2010-1873 (SQL injection vulnerability in the Jvehicles (com_jvehicles) component ...) NOT-FOR-US: com_jvehicles component for joomla! CVE-2010-1872 (Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2 ...) NOT-FOR-US: FlashCard CVE-2010-1918 (SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlie ...) NOT-FOR-US: EFront ask_chat CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 thro ...) {DSA-2089-1} - php5 5.3.3-1 (low) [lenny] - php5 (Minor issue) CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 ...) - serendipity 1.5.3-1 [lenny] - serendipity (Only affects >= 1.4) - horde3 (Vulnerable code not included, see bug #585165) - openacs (Doesn't use the PHP interface, see bug #585163) - dotlrn (Doesn't use the PHP interface, see bug #585164) CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3. ...) - php5 (unimportant) CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...) - php5 (unimportant) CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Pl ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...) - libstruts1.2-java (issue involves a problem in xwork, which was introduced in struts2) - libspring-2.5-java (Vulnerable code not present) CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...) {DSA-2080-1} - ghostscript 8.71~dfsg-4 NOTE: https://www.openwall.com/lists/oss-security/2010/05/11/3 CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ex ...) - php5 (unimportant) CVE-2010-1867 (SQL injection vulnerability in the ArticleAttachment::GetAttachmentsBy ...) NOT-FOR-US: Campsite CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chu ...) - php5 5.3.3-1 (low) [lenny] - php5 (dechunk filter introduced in 5.3) CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earl ...) NOT-FOR-US: ClanSphere CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3 ...) - php5 5.3.3-1 (unimportant) CVE-2010-1863 (SQL injection vulnerability in the shoutbox module (modules/shoutbox.p ...) NOT-FOR-US: ClanTiger CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3 ...) - php5 (unimportant) CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...) - php5 (unimportant) CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 thro ...) - php5 5.3.3-1 (unimportant) CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier ...) NOT-FOR-US: DeluxeBB CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage (com_smestorage) c ...) NOT-FOR-US: com_smestorage component for joomla! CVE-2010-1857 (SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, ...) NOT-FOR-US: RepairShop2 CVE-2010-1856 (Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1 ...) NOT-FOR-US: RepairShop2 CVE-2010-1855 (SQL injection vulnerability in auktion.php in Pay Per Watch & Bid ...) NOT-FOR-US: Pay Per Watch & Bid Auktions System CVE-2010-1854 (Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Wat ...) NOT-FOR-US: Pay Per Watch & Bid Auktions System CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse function i ...) - transmission 1.92-1 [lenny] - transmission (Support for Magnet links not yet available) CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension is enab ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled, uses cook ...) NOT-FOR-US: Invisible Hand extension for chromium CVE-2010-1850 (Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allo ...) {DSA-2057-1} - mysql-5.1 5.1.47-1 (bug #582526) - mysql-dfsg-5.0 CVE-2010-XXXX [wicd changes permissions of resolv.conf] - wicd 1.7.0+ds1-3 (low; bug #582798) CVE-2010-1849 (The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through ...) {DSA-2057-1} - mysql-5.1 5.1.47-1 (bug #582526) - mysql-dfsg-5.0 CVE-2010-1848 (Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 ...) {DSA-2057-1} - mysql-5.1 5.1.47-1 (bug #582526) - mysql-dfsg-5.0 CVE-2010-1847 (The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly pe ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1846 (Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 1 ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1845 (ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remot ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1844 (Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x be ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1843 (Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attac ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1842 (Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allow ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1841 (Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows r ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1840 (Stack-based buffer overflow in the password-validation functionality i ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1839 RESERVED CVE-2010-1838 (Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 d ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1837 (CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remo ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1836 (Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 a ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1835 RESERVED CVE-2010-1834 (CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly val ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1833 (Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allow ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1832 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1831 (Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1830 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1829 (Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5 ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1828 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows re ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1827 RESERVED CVE-2010-1826 RESERVED CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome befor ...) - chromium-browser 6.0.472.59~r59126-1 NOTE: http://trac.webkit.org/changeset/66847 CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Apple iTunes before ...) - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.59~r59126-1 NOTE: http://trac.webkit.org/changeset/66795 CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in Googl ...) - webkit (vulnerable code not present in 1.2.x series) - chromium-browser 6.0.472.59~r59126-1 NOTE: http://trac.webkit.org/changeset/65958 CVE-2010-1822 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 an ...) - webkit (rendererIsNeeded function not present in 1.2.x series) - chromium-browser 6.0.472.62~r59676-1 CVE-2010-1821 (Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10 ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1820 (Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10 ...) NOT-FOR-US: Apple Filing Protocol Server CVE-2010-1819 (Untrusted search path vulnerability in the Picture Viewer in Apple Qui ...) NOT-FOR-US: Apple QuickTime CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple Quick ...) NOT-FOR-US: QuickTime CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and i ...) NOT-FOR-US: Apple iOS CVE-2010-1816 (Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and M ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...) - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webki ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows rem ...) - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser NOTE: http://trac.webkit.org/changeset/63048 CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows re ...) NOT-FOR-US: Apple iOS CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...) NOT-FOR-US: Apple iOS CVE-2010-1809 (The Accessibility component in Apple iOS before 4.1 on the iPhone and ...) NOT-FOR-US: Apple iOS CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android ...) - webkit 1.2.5-1 (bug #599830) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser NOTE: http://trac.webkit.org/changeset/64706 NOTE: https://bugs.webkit.org/show_bug.cgi?id=43461 NOTE: the problem is that the standard-library strtod() NOTE: parses "NAN(payload)" as a NaN with a user-defined payload, which is bad for the nan-boxing NOTE: scheme used by webkit (and mozilla). The fix is not to accept "NAN(payload)". NOTE: test-case: -parseFloat("NAN(ffffeeeeeff0f)") NOTE: reproduced with epiphany CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...) - chromium-browser 5.0.375.127~r55887-1 NOTE: http://trac.webkit.org/changeset/63772 CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 a ...) - webkit (windows-specific issue) - chromium-browser (windows-specific issue) NOTE: This is the windows DLL planting attack CVE-2010-1804 (Unspecified vulnerability in the network bridge functionality on the A ...) NOT-FOR-US: Apple CVE-2010-1803 (Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify th ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1802 (libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perf ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1801 (Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 an ...) NOT-FOR-US: CoreGraphics CVE-2010-1800 (CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL a ...) NOT-FOR-US: CFNetwork CVE-2010-1799 (Stack-based buffer overflow in the error-logging functionality in Appl ...) NOT-FOR-US: Apple QuickTime on Windows CVE-2010-1798 RESERVED CVE-2010-1797 (Multiple stack-based buffer overflows in the cff_decoder_parse_charstr ...) {DSA-2105-1} - freetype 2.4.2-1 CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 thr ...) - webkit - chromium-browser NOTE: Very Safari specific CVE-2010-1795 (Untrusted search path vulnerability in Apple iTunes before 9.1, when r ...) NOT-FOR-US: Apple iTunes on Windows CVE-2010-1794 (The webdav_mount function in webdav_vfsops.c in the WebDAV kernel exte ...) NOT-FOR-US: Apple CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple Safari befo ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: http://trac.webkit.org/changeset/62482 NOTE: http://trac.webkit.org/changeset/62662 NOTE: duplicated as cve-2010-2902 CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser NOTE: http://trac.webkit.org/changeset/62386 NOTE: Chromium uses a totally different regexp implementation. CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac ...) - webkit 1.2.6-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser NOTE: this is specific to Safari's JavaScript engine CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser NOTE: http://trac.webkit.org/changeset/62301 NOTE: this is specific to Safari's JavaScript engine CVE-2010-1789 (Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on M ...) - webkit - chromium-browser NOTE: this is specific to Safari's JavaScript engine CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=40994 NOTE: http://trac.webkit.org/changeset/62482 CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: http://trac.webkit.org/changeset/61044 CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: http://trac.webkit.org/changeset/61667 NOTE: duplicated as cve-2010-2647 CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: http://trac.webkit.org/changeset/61050 NOTE: http://trac.webkit.org/changeset/61051 CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS) impleme ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: http://trac.webkit.org/changeset/62271 CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) {DSA-2188-1} - webkit 1.2.7-1 - chromium-browser 5.0.375.127~r55887-1 NOTE: (Chromium Sec) This seems a duplicate of CVE-2010-2899 NOTE: http://trac.webkit.org/changeset/62134 CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375 NOTE: http://trac.webkit.org/changeset/61921 CVE-2010-1781 (Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPh ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...) - webkit 1.2.5-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=40407 NOTE: http://trac.webkit.org/changeset/60984 CVE-2010-1779 RESERVED CVE-2010-1778 (Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 ...) - webkit - chromium-browser NOTE: Safari only (chromium security team) CVE-2010-1777 (Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers t ...) NOT-FOR-US: Apple iTunes CVE-2010-1776 (Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iO ...) NOT-FOR-US: Apple iOS CVE-2010-1775 (Race condition in Passcode Lock in Apple iOS before 4 on the iPhone an ...) NOT-FOR-US: Apple iPhone Passcode Lock CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261 NOTE: http://trac.webkit.org/changeset/59495 CVE-2010-1773 (Off-by-one error in the toAlphabetic function in rendering/RenderListM ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508 NOTE: http://trac.webkit.org/changeset/59950 CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore in Web ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388 NOTE: http://trac.webkit.org/changeset/59859 CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39453 NOTE: http://trac.webkit.org/changeset/59876 CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626 NOTE: http://trac.webkit.org/changeset/59795 CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 o ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: dupe of CVE-2010-1774 CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows local user ...) NOT-FOR-US: Apple iTunes CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in loader/DocumentThre ...) - webkit 1.2.1-3 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843 NOTE: http://trac.webkit.org/changeset/57041 CVE-2010-1766 (Off-by-one error in the WebSocketHandshake::readServerHandshake functi ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36339 NOTE: http://trac.webkit.org/changeset/56380 CVE-2010-1765 RESERVED - webkit (doesn't include cf code) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37933 NOTE: http://trac.webkit.org/changeset/57995 CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=31410 NOTE: http://trac.webkit.org/changeset/55157 CVE-2010-1763 (Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Wind ...) - webkit (vulnerable code introduced in svn58950, which isn't included in 1.2.1 yet) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39008 NOTE: http://trac.webkit.org/changeset/59486 CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38922 NOTE: http://trac.webkit.org/changeset/59241 NOTE: http://trac.webkit.org/changeset/59242 CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760 NOTE: http://trac.webkit.org/changeset/59263 CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementati ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-2 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37781 NOTE: http://trac.webkit.org/changeset/58409 CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38583 NOTE: http://trac.webkit.org/changeset/59109 CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697 NOTE: http://trac.webkit.org/changeset/59098 CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enf ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...) NOT-FOR-US: Apple iPhone CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not pro ...) NOT-FOR-US: Apple Safari CVE-2010-1754 (Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does ...) NOT-FOR-US: Apple Passcode Lock CVE-2010-1753 (ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remo ...) NOT-FOR-US: iOS CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the ...) NOT-FOR-US: Apple CFNetwork CVE-2010-1751 (Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch ...) NOT-FOR-US: Apple Application Sandbox CVE-2010-1750 (Use-after-free vulnerability in Apple Safari before 5.0 on Windows all ...) NOT-FOR-US: Apple Safari CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=27193 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625 NOTE: http://trac.webkit.org/changeset/45941 CVE-2010-1748 (The cgi_initialize_string function in cgi-bin/var.c in the web interfa ...) {DSA-2176-1} - cups 1.4.4-1 CVE-2010-1747 RESERVED CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (c ...) NOT-FOR-US: com_grid component for joomla! CVE-2010-1745 REJECTED CVE-2010-1744 (SQL injection vulnerability in product.html in B2B Gold Script allows ...) NOT-FOR-US: B2B Gold Script CVE-2010-1743 (SQL injection vulnerability in projects.php in Scratcher allows remote ...) NOT-FOR-US: Scratcher CVE-2010-1742 (Cross-site scripting (XSS) vulnerability in projects.php in Scratcher ...) NOT-FOR-US: Scratcher CVE-2010-1741 (SQL injection vulnerability in request_account.php in Billwerx RC 5.2. ...) NOT-FOR-US: Billwerx CVE-2010-1740 (SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows r ...) NOT-FOR-US: GuppY CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component ...) NOT-FOR-US: com_newsfeeds component for joomla! CVE-2010-1738 REJECTED CVE-2010-1737 (PHP remote file inclusion vulnerability in core/includes/gfw_smarty.ph ...) NOT-FOR-US: Gallo CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ins ...) NOT-FOR-US: KrM Haber CVE-2010-1735 (The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2010-1734 (The SfnINSTRING function in win32k.sys in the kernel in Microsoft Wind ...) NOT-FOR-US: Microsoft Windows CVE-2010-1733 (Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02 ...) - ocsinventory-server (unimportant) NOTE: Authentication is needed, only supported in trusted environments, see debtags CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users module in ...) NOT-FOR-US: Zikula Application Framework CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a denia ...) - chromium-browser 5.0.375.55~r47796-1 NOTE: various crashes on window close after opening the file on chromium (including sometimes segfaults) NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects NOTE: not reproducible with chromium-browser 5.0.375.55~r47796-1 CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause ...) NOT-FOR-US: Dolphin browser, Konqueror not covered by security support NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...) - webkit (unimportant) NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects NOTE: dos-only on webkit CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly handle a ...) NOT-FOR-US: Opera CVE-2010-1727 (SQL injection vulnerability in type.asp in JobPost 1.0 allows remote a ...) NOT-FOR-US: JobPost CVE-2010-1726 (SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows ...) NOT-FOR-US: EC21 CVE-2010-1725 (SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinu ...) NOT-FOR-US: Alibaba Clone Platinum CVE-2010-1724 (Multiple cross-site scripting (XSS) vulnerabilities in Zikula Applicat ...) NOT-FOR-US: Zikula Application Framework CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw Roo ...) NOT-FOR-US: com_drawroot component for joomla! CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) co ...) NOT-FOR-US: com_market component for joomla! CVE-2010-1721 (SQL injection vulnerability in the Intellectual Property (aka IPropert ...) NOT-FOR-US: com_iproperty component for joomla! CVE-2010-1720 (SQL injection vulnerability in the Q-Personel (com_qpersonel) componen ...) NOT-FOR-US: com_qpersonel component for joomla! CVE-2010-1719 (Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagl ...) NOT-FOR-US: com_mtfireeagle component for joomla! CVE-2010-1718 (Directory traversal vulnerability in archeryscores.php in the Archery ...) NOT-FOR-US: com_archeryscores component for joomla! CVE-2010-1717 (Directory traversal vulnerability in the iF surfALERT (com_if_surfaler ...) NOT-FOR-US: com_if_surfalert component for joomla! CVE-2010-1716 (SQL injection vulnerability in the Agenda Address Book (com_agenda) co ...) NOT-FOR-US: com_agenda component for joomla! CVE-2010-1715 (Directory traversal vulnerability in the Online Examination (aka Onlin ...) NOT-FOR-US: com_onlineexam component for joomla! CVE-2010-1714 (Directory traversal vulnerability in the Arcade Games (com_arcadegames ...) NOT-FOR-US: com_arcadegames component for joomla! CVE-2010-1713 (SQL injection vulnerability in modules.php in PostNuke 0.764 allows re ...) NOT-FOR-US: PostNuke CVE-2010-1712 (Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.p ...) NOT-FOR-US: Webmobo WB News CVE-2010-1711 (Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siest ...) NOT-FOR-US: Siestta CVE-2010-1710 (Directory traversal vulnerability in login.php in Siestta 2.0, when re ...) NOT-FOR-US: Siestta CVE-2010-1709 (Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G ...) NOT-FOR-US: G5-Scripts CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free Realt ...) NOT-FOR-US: Free Realty CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) - piwigo 2.0.10-1 CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...) NOT-FOR-US: 2daybiz Auction Script CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows re ...) NOT-FOR-US: Modelbook CVE-2010-1704 (Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced ...) NOT-FOR-US: 2daybiz Polls Script CVE-2010-1703 (Multiple cross-site scripting (XSS) vulnerabilities in index_search.ph ...) NOT-FOR-US: 2daybiz Polls Script CVE-2010-1702 (SQL injection vulnerability in submitticket.php in WHMCompleteSolution ...) NOT-FOR-US: WHMCompleteSolution CVE-2010-1701 (SQL injection vulnerability in browse.html in PHP Video Battle Script ...) NOT-FOR-US: PHP Video Battle Script CVE-2010-1700 REJECTED CVE-2010-1699 REJECTED CVE-2010-1698 REJECTED CVE-2010-1697 REJECTED CVE-2010-1696 REJECTED CVE-2010-1695 REJECTED CVE-2010-1694 REJECTED CVE-2010-1693 (openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows loc ...) NOT-FOR-US: OpenFabrics Enterprise Distribution (OFED) NOTE: openibd is part of ofa-kernel (ofa_1_5_kernel-20101028-0200/ofed_scripts/openibd), fixed in 2010-10-28 build NOTE: http://www.openfabrics.org/downloads/ofa_1_5_kernel/ NOTE: ITP for ofa-kernel is bug #541849 CVE-2010-1692 REJECTED CVE-2010-1691 REJECTED CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsof ...) NOT-FOR-US: Microsoft Windows CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsof ...) NOT-FOR-US: Microsoft Windows CVE-2010-1688 (Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20. ...) NOT-FOR-US: 2BrightSparks SyncBack Freeware CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows rem ...) NOT-FOR-US: Mocha W32 LPD CVE-2010-1686 (Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Bac ...) NOT-FOR-US: Urgent Backup CVE-2010-1685 (Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user ...) NOT-FOR-US: CursorArts ZipWrangler CVE-2010-1684 RESERVED CVE-2010-1683 RESERVED CVE-2010-1682 RESERVED CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office ...) NOT-FOR-US: Microsoft Office Visio CVE-2010-1680 REJECTED CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before 1.14.3 ...) {DSA-2142-1} - dpkg 1.15.8.8 CVE-2010-1678 (Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol ...) - mapserver 5.6.5-2 NOTE: http://trac.osgeo.org/mapserver/ticket/3641 CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service (C ...) - mhonarc 2.6.18-1 (low) [squeeze] - mhonarc (Minor issue) CVE-2010-1676 (Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0 ...) {DSA-2136-1} - tor 0.2.1.26-6 CVE-2010-1675 (bgpd in Quagga before 0.99.18 allows remote attackers to cause a denia ...) {DSA-2197-1} - quagga 0.99.18-1 CVE-2010-1674 (The extended-community parser in bgpd in Quagga before 0.99.18 allows ...) {DSA-2197-1} - quagga 0.99.18-1 CVE-2010-1673 (A cross-site scripting (XSS) vulnerability in ikiwiki before 3.2010111 ...) - ikiwiki 3.20101112 [squeeze] - ikiwiki 3.20100815.2 [lenny] - ikiwiki CVE-2010-1672 RESERVED CVE-2010-1671 (hsolinkcontrol in hsolink 1.0.118 allows local users to gain privilege ...) - hsolink (bug #590670) CVE-2010-1670 (Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has i ...) {DSA-2067-1} - mahara 1.2.5-1 CVE-2010-1669 (SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x bef ...) - mahara 1.2.5-1 [lenny] - mahara CVE-2010-1668 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara b ...) {DSA-2067-1} - mahara 1.2.5-1 CVE-2010-1667 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1 ...) {DSA-2067-1} - mahara 1.2.5-1 CVE-2010-1666 (Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding i ...) {DSA-2068-1} - python-cjson 1.0.5-3 (bug #587700) NOTE: https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274 CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, whic ...) - chromium-browser 5.0.375.29~r46008-1 - webkit 1.2.1-3 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/58201 CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 media ...) - chromium-browser 5.0.375.29~r46008-1 - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/57922 CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google Chro ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (issue is in google url; i.e. chromium-specific) CVE-2010-1662 (Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Qui ...) NOT-FOR-US: PHP-Quick-Arcade CVE-2010-1661 (Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0 ...) NOT-FOR-US: PHP-Quick-Arcade CVE-2010-1660 (SQL injection vulnerability in help-details.php in CLScript Classified ...) NOT-FOR-US: CLScript Classifieds Script CVE-2010-1659 (Directory traversal vulnerability in the Ultimate Portfolio (com_ultim ...) NOT-FOR-US: component for Joomla! CVE-2010-1658 (Directory traversal vulnerability in the Code-Garage NoticeBoard (com_ ...) NOT-FOR-US: component for Joomla! CVE-2010-1657 (Directory traversal vulnerability in the SmartSite (com_smartsite) com ...) NOT-FOR-US: component for Joomla! CVE-2010-1656 (SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1. ...) NOT-FOR-US: component for Joomla! CVE-2010-1655 (Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in ...) NOT-FOR-US: PowerEasy CVE-2010-1654 (Multiple SQL injection vulnerabilities in system_member_login.php in I ...) NOT-FOR-US: Infocus Real Estate Enterprise Edition CVE-2010-1653 (Directory traversal vulnerability in graphics.php in the Graphics (com ...) NOT-FOR-US: Graphics component for Joomla! CVE-2010-1652 (Directory traversal vulnerability in the HelpCenter module in Help Cen ...) NOT-FOR-US: Help Center Live CVE-2010-1651 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x be ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back end in ...) NOT-FOR-US: Joomla! CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...) - mediawiki 1:1.15.4-1 (bug #585918; low) [lenny] - mediawiki 1:1.12.0-2lenny6 NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15 ...) - mediawiki 1:1.15.4-1 (bug #585918; low) [lenny] - mediawiki 1:1.12.0-2lenny6 NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1. ...) {DSA-2062-1} - sudo 1.7.2p7-1 (bug #585394) CVE-2010-1645 (Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HP ...) {DSA-2384-1} - cacti 0.8.7g-1 CVE-2010-1644 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0. ...) {DSA-2384-1} - cacti 0.8.7g-1 CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcomm ...) - linux-2.6 2.6.28-1 [lenny] - linux-2.6 2.6.26-23 CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Sa ...) - samba 2:3.5.4~dfsg-2 (unimportant) NOTE: Only crashes a single connection, not the entire smbd CVE-2010-1641 (The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel b ...) - linux-2.6 2.6.32-16 [lenny] - linux-2.6 2.6.26-23 CVE-2010-1640 (Off-by-one error in the parseicon function in libclamav/pe_icons.c in ...) - clamav 0.96.1+dfsg-1 (bug #584183) [lenny] - clamav CVE-2010-1639 (The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows ...) - clamav 0.96.1+dfsg-1 (bug #584183) [lenny] - clamav CVE-2010-1638 (The IMP plugin in Horde allows remote attackers to bypass firewall res ...) - horde3 (unimportant) CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...) - squirrelmail 2:1.4.21-1 (unimportant) CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functi ...) - linux-2.6 2.6.32-14 [lenny] - linux-2.6 (brtfs introduced in 2.6.32) CVE-2010-1635 (The chain_reply function in process.c in smbd in Samba before 3.4.8 an ...) - samba 2:3.6.1-2 (unimportant) NOTE: http://git.samba.org/?p=samba.git;a=commitdiff;h=25452a2268ac7013da28125f3df22085139af12d NOTE: Only crashes a single connection, not the entire smbd CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in Pytho ...) - python3.1 3.1.2+20100822-1 (low) - python2.7 2.7-1 (low) - python2.6 2.6.6-1 (low) - python2.5 2.5.5-10 (low; bug #599739) [lenny] - python2.5 (Minor issue) - python2.4 (low) [lenny] - python2.4 (Minor issue) CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover function in O ...) - openssl (This bug is only present in OpenSSL 1.0.0, first version of 1.0.0 ever uploaded was 1.0.0c) CVE-2010-1632 (Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server ...) - axis2c 1.6.0-1 CVE-2010-1631 REJECTED CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unk ...) - phpbb3 3.0.7-PL1-1 (low) [lenny] - phpbb3 (Minor issue) CVE-2010-1629 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allow ...) NOT-FOR-US: Phorum CVE-2010-1628 (Ghostscript 8.64, 8.70, and possibly other versions allows context-dep ...) {DSA-2093-1} - ghostscript 8.71~dfsg2-4 (medium; bug #584516) NOTE: no upstream fix available, see issue #1 in ubuntu bug report: NOTE: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009 NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=691295 CVE-2010-1627 (feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permi ...) - phpbb3 3.0.7-PL1-1 (low) [lenny] - phpbb3 (Minor issue) CVE-2010-1626 (MySQL before 5.1.46 allows local users to delete the data and index fi ...) {DSA-2057-1} - mysql-5.1 5.1.46-1 (bug #582526) - mysql-dfsg-5.0 (low; bug #584400) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648 CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer befor ...) {DSA-2092-1} - lxr (low; bug #588138) [lenny] - lxr (Minor issue) - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137) CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in l ...) - pidgin 2.7.0-1 (low) [lenny] - pidgin 2.4.3-4lenny6 NOTE: MSN support was disabled in 2.4.3-4lenny6 CVE-2010-1623 (Memory leak in the apr_brigade_split_line function in buckets/apr_brig ...) {DSA-2117-1} - apr-util 1.3.9+dfsg-4 (medium) - apache2 2.2.16-3 [lenny] - apache2 (vulnerable code introduced in 2.2.15-2 or -3) CVE-2010-1622 (SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2 ...) - libspring-2.5-java 2.5.6.SEC02-1 (medium) CVE-2010-1621 (The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 ...) - mysql-5.1 5.1.46-1 - mysql-dfsg-5.0 (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=590190 CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c in gdoma ...) - gnustep-base 1.19.3-2 (bug #584401) [lenny] - gnustep-base (Minor issue) CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Applianc ...) NOT-FOR-US: IBM WebSphere DataPower XML Accelerator CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allo ...) NOT-FOR-US: AlegroCart CVE-2010-1610 (Cross-site request forgery (CSRF) vulnerability in index.php in OpenCa ...) NOT-FOR-US: OpenCart CVE-2010-1609 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before ...) NOT-FOR-US: SAP NetWeaver CVE-2010-1608 (Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and pos ...) NOT-FOR-US: IBM Lotus Notes CVE-2010-1607 (Directory traversal vulnerability in wmi.php in the Webmoney Web Merch ...) NOT-FOR-US: Webmoney Web Merchant Interface component for Joomla! CVE-2010-1606 (Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal ...) NOT-FOR-US: NCT Jobs Portal Script CVE-2010-1605 (Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Port ...) NOT-FOR-US: NCT Jobs Portal Script CVE-2010-1604 (Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs ...) NOT-FOR-US: NCT Jobs Portal Script CVE-2010-1603 (Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or co ...) NOT-FOR-US: ZiMB Core component for Joomla! CVE-2010-1602 (Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment ...) NOT-FOR-US: ZiMB Comment component for Joomla! CVE-2010-1601 (Directory traversal vulnerability in the JA Comment (com_jacomment) co ...) NOT-FOR-US: JA Comment component for Joomla! CVE-2010-1600 (SQL injection vulnerability in the Media Mall Factory (com_mediamall) ...) NOT-FOR-US: Media Mall Factory component for Joomla! CVE-2010-1599 (SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2. ...) NOT-FOR-US: NKInFoWeb CVE-2010-1598 (phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when Ima ...) NOT-FOR-US: phpThumb() CVE-2010-1597 (Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 allo ...) NOT-FOR-US: ZipGenius CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the fix_non_standard_entit ...) {DSA-2115-1} - moodle 1.9.8-1 (low; bug #585425) - wordpress (Vulnerable code not present) - egroupware (Vulneable code not present) CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library ...) {DSA-2115-1} - libphp-cas (bug #495542) - moodle 1.9.8-1 (low; bug #574757) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 doe ...) {DSA-2115-1} - moodle 1.9.8-1 (unimportant; bug #585427) NOTE: i have a hard time seeing the security impact, moodle is a course management NOTE: system and the real names of your colleagues are probably not a secret, since NOTE: a patch exists I filed a bug anyway CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restorin ...) {DSA-2115-1} - moodle 1.9.8-1 CVE-2010-1615 (Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 a ...) {DSA-2115-1} - moodle 1.9.8-1 CVE-2010-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x be ...) {DSA-2115-1} - moodle 1.9.8-1 CVE-2010-1613 (Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate se ...) {DSA-2115-1} - moodle 1.9.8-1 CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication w ...) NOT-FOR-US: Support Incident Tracker CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS ...) - ocsinventory-server 1.02.1-1 (unimportant) NOTE: Authentication is needed, only supported in trusted environments, see debtags CVE-2010-1594 (Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/inde ...) - ocsinventory-server 1.02.1-1 (unimportant) NOTE: Authentication is needed, only supported in trusted environments, see debtags CVE-2010-1593 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe be ...) - silverstripe (bug #528461) CVE-2010-1592 (sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in SiSoft ...) NOT-FOR-US: SiSoftware Sandra CVE-2010-1591 (Beijing Rising International Rising Antivirus 2008 through 2010 does n ...) NOT-FOR-US: Beijing Rising International Rising Antivirus CVE-2010-1590 (Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Roc ...) NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart CVE-2010-1589 (Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt I ...) NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart CVE-2010-1588 (SQL injection vulnerability in the Getwebsess function in shopsessions ...) NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart CVE-2010-1587 (The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4. ...) NOT-FOR-US: Apache ActiveMQ CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management Ho ...) NOT-FOR-US: HP System Management Homepage CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFrag ...) {DSA-2187-1 DSA-2186-1 DSA-2180-1} - icedove 3.0.11-2 [lenny] - icedove - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2010-1584 (Cross-site scripting (XSS) vulnerability in the Context module before ...) NOT-FOR-US: Context module for drupal CVE-2010-1583 (SQL injection vulnerability in the loadByKey function in the TznDbConn ...) NOT-FOR-US: Tirzen Framework CVE-2010-1582 RESERVED CVE-2010-1581 (Unspecified vulnerability in the Transport Layer Security (TLS) implem ...) NOT-FOR-US: Cisco ASA CVE-2010-1580 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Ad ...) NOT-FOR-US: Cisco ASA CVE-2010-1579 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Ad ...) NOT-FOR-US: Cisco ASA CVE-2010-1578 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Ad ...) NOT-FOR-US: Cisco ASA CVE-2010-1577 (Directory traversal vulnerability in Cisco Internet Streamer, as used ...) NOT-FOR-US: Cisco CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software before 8.2 ...) NOT-FOR-US: Cisco CVE-2010-1575 (The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 ...) NOT-FOR-US: Cisco CVE-2010-1574 (IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 ...) NOT-FOR-US: Cisco CVE-2010-1573 (Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded userna ...) NOT-FOR-US: Linksys firmware CVE-2010-1572 (Unspecified vulnerability in the tech support diagnostic shell in Cisc ...) NOT-FOR-US: Cisco CVE-2010-1571 (Directory traversal vulnerability in the bootstrap service in Cisco Un ...) NOT-FOR-US: Cisco CVE-2010-1570 (The computer telephony integration (CTI) server component in Cisco Uni ...) NOT-FOR-US: Cisco CVE-2010-1569 RESERVED CVE-2010-1568 (The Send Secure functionality in the Cisco IronPort Desktop Flag Plug- ...) NOT-FOR-US: Cisco IronPort Desktop Flag Plug-in for Microsoft Outlook CVE-2010-1567 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: Cisco PGW CVE-2010-1566 RESERVED CVE-2010-1565 (Unspecified vulnerability in the SIP implementation on the Cisco PGW 2 ...) NOT-FOR-US: Cisco PGW CVE-2010-1563 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: Cisco PGW CVE-2010-1562 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: Cisco PGW CVE-2010-1561 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: Cisco PGW CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allow ...) NOT-FOR-US: IBM DB2 CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) c ...) NOT-FOR-US: com_sermonspeaker component for joomla! CVE-2010-2447 (gitolite before 1.4.1 does not filter src/ or hooks/ from path names. ...) - gitolite 1.4.2-1 (low) NOTE: http://secunia.com/advisories/39587/ CVE-2010-2448 (znc.cpp in ZNC before 0.092 allows remote authenticated users to cause ...) - gitolite 1.4.2-1 (medium) NOTE: http://secunia.com/advisories/39587/ CVE-2010-1558 (Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital ...) NOT-FOR-US: HP MFP Digital Sending Software CVE-2010-1557 (Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Cont ...) NOT-FOR-US: HP Insight Control Server Migration CVE-2010-1556 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 ...) NOT-FOR-US: HP Systems Insight Manager CVE-2010-1555 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network N ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1554 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network N ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1553 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network N ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1552 (Stack-based buffer overflow in the doLoad function in snmpviewer.exe i ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1551 (Stack-based buffer overflow in the _OVParseLLA function in ov.dll in n ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1550 (Format string vulnerability in ovet_demandpoll.exe in HP OpenView Netw ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 an ...) NOT-FOR-US: HP LoadRunner CVE-2010-1548 (The auto-complete functionality in the Chaos Tool Suite (aka CTools) m ...) NOT-FOR-US: CTools module for Drupal CVE-2010-1547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Chao ...) NOT-FOR-US: CTools module for Drupal CVE-2010-1546 (Multiple eval injection vulnerabilities in the import functionality in ...) NOT-FOR-US: CTools module for Drupal CVE-2010-1545 RESERVED CVE-2010-1544 (micro_httpd on the RCA DCM425 cable modem allows remote attackers to c ...) NOT-FOR-US: RCA DCM425 Cable Modem CVE-2010-1543 (Cross-site scripting (XSS) vulnerability in the eTracker module before ...) NOT-FOR-US: eTracker module for drupal CVE-2010-1542 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin/co ...) NOT-FOR-US: DFD Cart CVE-2010-1541 (Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, ...) NOT-FOR-US: DFD Cart CVE-2010-1540 (Directory traversal vulnerability in index.php in the MyBlog (com_mybl ...) NOT-FOR-US: com_myblog component for joomla! CVE-2010-1539 (Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2. ...) NOT-FOR-US: workflow module for drupal CVE-2010-1538 (SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0 ...) NOT-FOR-US: phpRAINCHECK CVE-2010-1537 (Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier ...) NOT-FOR-US: phpCDB CVE-2010-1536 (Cross-site scripting (XSS) vulnerability in the AddThis Button module ...) NOT-FOR-US: AddThis Button module for drupal CVE-2010-1535 (Directory traversal vulnerability in the TRAVELbook (com_travelbook) c ...) NOT-FOR-US: com_travelbook component for joomla! CVE-2010-1534 (Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) c ...) NOT-FOR-US: com_shoutbox component for joomla! CVE-2010-1533 (Directory traversal vulnerability in the TweetLA (com_tweetla) compone ...) NOT-FOR-US: com_tweetla component for joomla! CVE-2010-1532 (Directory traversal vulnerability in the givesight PowerMail Pro (com_ ...) NOT-FOR-US: com_powermail component for joomla! CVE-2010-1531 (Directory traversal vulnerability in the redSHOP (com_redshop) compone ...) NOT-FOR-US: com_redshop component for joomla! CVE-2010-1530 (Multiple cross-site scripting (XSS) vulnerabilities in the Internation ...) NOT-FOR-US: Internationalization module for drupal CVE-2010-1529 (SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) compo ...) NOT-FOR-US: com_fsf component for joomla! CVE-2010-1528 (PHP remote file inclusion vulnerability in include/template.php in Uig ...) NOT-FOR-US: Uiga Proxy CVE-2010-1527 (Stack-based buffer overflow in Novell iPrint Client before 5.44 allows ...) NOT-FOR-US: Novell iPrint Client CVE-2010-1526 (Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow ...) - libgdiplus 2.6.7-2 (low; bug #594155) [lenny] - libgdiplus 1.9-1+lenny1 CVE-2010-1525 (Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in A ...) NOT-FOR-US: SpreadSheet Lotus 123 reader CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 ...) NOT-FOR-US: SpreadSheet Lotus 123 reader CVE-2010-1523 (Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in ...) NOT-FOR-US: Winamp CVE-2010-1522 (Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_b ...) NOT-FOR-US: com_booklibrary component for joomla! CVE-2010-1521 (SQL injection vulnerability in include/classes/tzn_user.php in TaskFre ...) NOT-FOR-US: TaskFreak! Original multi user CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! O ...) NOT-FOR-US: TaskFreak! Original multi user CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow context-depe ...) - libglpng (low; bug #595171) [lenny] - libglpng (Minor issue) CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 Activ ...) NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers ...) NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control CVE-2010-1516 (Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to ...) NOT-FOR-US: SWFtools (were once packaged) CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...) NOT-FOR-US: TomatoCMS CVE-2010-1514 (Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier ...) NOT-FOR-US: TomatoCMS CVE-2010-1513 (Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allo ...) - ziproxy 3.1.0-1 (bug #584933) [lenny] - ziproxy (Minor issue, obscure attack vector) CVE-2010-1512 (Directory traversal vulnerability in aria2 before 1.9.3 allows remote ...) {DSA-2047-1} - aria2 1.9.3-1 NOTE: http://seclists.org/fulldisclosure/2010/May/168 CVE-2010-1511 (KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request dow ...) - kdenetwork 4:4.4.4-1 (low) [lenny] - kdenetwork (Metalink plugin not yet present) NOTE: http://seclists.org/fulldisclosure/2010/May/164 CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows remote atta ...) NOT-FOR-US: IrfanView CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified integer ...) NOT-FOR-US: IrfanView CVE-2010-1508 (Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows ...) NOT-FOR-US: Apple QuickTime CVE-2010-1507 (WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the We ...) NOT-FOR-US: YAST CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow atta ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (doesn't use v8 bindings yet) NOTE: http://trac.webkit.org/changeset/45826 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37210 NOTE: http://trac.webkit.org/changeset/57224 CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chromium-specific issue) CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.2 ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chromium-specific issue) CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.2 ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chromium-specific issue) CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chromium-specific directory traversal) CVE-2010-1501 REJECTED CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, whi ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (proof-of-concept not effective; chromium-specific issue) CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allow ...) NOT-FOR-US: MusicBox CVE-2010-1498 (Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow re ...) NOT-FOR-US: dl_stats CVE-2010-1497 (Cross-site scripting (XSS) vulnerability in download_proc.php in dl_st ...) NOT-FOR-US: dl_stats CVE-2010-1496 (SQL injection vulnerability in the JoltCard (com_joltcard) component 1 ...) NOT-FOR-US: com_joltcard component for joomla! CVE-2010-1495 (Directory traversal vulnerability in the Matamko (com_matamko) compone ...) NOT-FOR-US: com_matamko component for joomla! CVE-2010-1494 (Directory traversal vulnerability in the AWDwall (com_awdwall) compone ...) NOT-FOR-US: com_awdwall component for joomla! CVE-2010-1493 (SQL injection vulnerability in the AWDwall (com_awdwall) component bef ...) NOT-FOR-US: com_awdwall component for joomla! CVE-2010-1492 (Directory traversal vulnerability in help/frameRight.php in Elastix 1. ...) NOT-FOR-US: Elastix CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog) compon ...) NOT-FOR-US: com_mmsblog component for joomla! CVE-2010-1490 (Unspecified vulnerability in IBM Cognos 8 Business Intelligence before ...) NOT-FOR-US: IBM Cognos CVE-2010-XXXX [prosody password world-readable] - prosody 0.7.0-1 (low; bug #579087) CVE-2010-XXXX [gnome-orca: shell access without logon] - gnome-orca 2.30.0-2 (bug #578928) [lenny] - gnome-orca (Doesn't affect Lenny's version) CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e an ...) {DSA-2039-1} - cacti 0.8.7e-3 (bug #578909) NOTE: http://seclists.org/fulldisclosure/2010/Apr/272 NOTE: http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch CVE-2010-1489 (The XSS Filter in Microsoft Internet Explorer 8 does not properly perf ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1488 (The proc_oom_score function in fs/proc/base.c in the Linux kernel befo ...) - linux-2.6 2.6.32-12 [lenny] - linux-2.6 (vulnerable code introduced in 2.6.32) CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...) NOT-FOR-US: IBM Lotus Notes CVE-2010-1486 (Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in ...) NOT-FOR-US: CactuShop CVE-2010-1485 RESERVED CVE-2010-1484 RESERVED CVE-2010-1483 RESERVED CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the ...) NOT-FOR-US: CMS Made Simple CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in PmWik ...) NOT-FOR-US: PmWiki CVE-2010-1480 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...) NOT-FOR-US: component for Joomla! CVE-2010-1479 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...) NOT-FOR-US: component for Joomla! CVE-2010-1478 (Directory traversal vulnerability in the Ternaria Informatica Jfeedbac ...) NOT-FOR-US: component for Joomla! CVE-2010-1477 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) c ...) NOT-FOR-US: component for Joomla! CVE-2010-1476 (Directory traversal vulnerability in the AlphaUserPoints (com_alphause ...) NOT-FOR-US: component for Joomla! CVE-2010-1475 (Directory traversal vulnerability in the Preventive & Reservation ...) NOT-FOR-US: component for Joomla! CVE-2010-1474 (Directory traversal vulnerability in the Sweety Keeper (com_sweetykeep ...) NOT-FOR-US: component for Joomla! CVE-2010-1473 (Directory traversal vulnerability in the Advertising (com_advertising) ...) NOT-FOR-US: component for Joomla! CVE-2010-1472 (Directory traversal vulnerability in the Daily Horoscope (com_horoscop ...) NOT-FOR-US: component for Joomla! CVE-2010-1471 (Directory traversal vulnerability in the AddressBook (com_addressbook) ...) NOT-FOR-US: component for Joomla! CVE-2010-1470 (Directory traversal vulnerability in the Web TV (com_webtv) component ...) NOT-FOR-US: component for Joomla! CVE-2010-1469 (Directory traversal vulnerability in the Ternaria Informatica JProject ...) NOT-FOR-US: component for Joomla! CVE-2010-1468 (SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager ...) NOT-FOR-US: component for Joomla! CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence Vacc ...) NOT-FOR-US: openUrgence CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence Va ...) NOT-FOR-US: openUrgence CVE-2010-1465 (Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1 ...) NOT-FOR-US: Trellian FTP CVE-2010-1464 (Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-S ...) NOT-FOR-US: WebAsyst Shop-Script FREE CVE-2010-1463 (Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE al ...) NOT-FOR-US: WebAsyst Shop-Script FREE CVE-2010-1462 (Directory traversal vulnerability in WebAsyst Shop-Script FREE has unk ...) NOT-FOR-US: WebAsyst Shop-Script FREE CVE-2010-1461 (Directory traversal vulnerability in the Photo Battle (com_photobattle ...) NOT-FOR-US: Photo Battle Component for Joomla! CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware bef ...) NOT-FOR-US: IBM BladeCenter Management Module CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a value ...) - mono 2.4.4~svn151842-3 (bug #585440) CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Uti ...) NOT-FOR-US: TweakFS CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not p ...) - fetchmail 6.3.16-2 (low) [lenny] - fetchmail (only vulnerable when run under debug verbosity level) NOTE: http://www.fetchmail.info/fetchmail-SA-2010-02.txt NOTE: http://gitorious.org/fetchmail/fetchmail/commit/ec06293 CVE-2010-1457 (Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local us ...) - gnustep-base 1.19.3-2 (bug #584402) [lenny] - gnustep-base (Not installed setuid root) NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336 CVE-2010-1456 REJECTED CVE-2010-1455 (The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 throu ...) - wireshark 1.2.8-1 (unimportant) NOTE: Not triggerable remotely CVE-2010-1454 (com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMwa ...) NOT-FOR-US: VMware CVE-2010-1453 (Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0. ...) - piwik (bug #506933) CVE-2010-1452 (The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2. ...) - apache2 2.2.16-1 (low) [lenny] - apache2 2.2.9-10+lenny10 CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Li ...) {DSA-2053-1} - linux-2.6 2.6.32-10 CVE-2010-1450 (Multiple buffer overflows in the RLE decoder in the rgbimg module in P ...) - python3.1 (rgbimgmodule no longer included in source) - python2.7 (rgbimgmodule no longer included in source) - python2.6 (rgbimgmodule no longer included in source) - python2.5 2.5.5-11 (low; bug #603162) [lenny] - python2.5 (Minor issue) - python2.4 (low) [lenny] - python2.4 (Minor issue) CVE-2010-1449 (Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 ...) - python3.1 (rgbimgmodule no longer included in source) - python2.7 (rgbimgmodule no longer included in source) - python2.6 (rgbimgmodule no longer included in source) - python2.5 2.5.5-11 (low; bug #603162) [lenny] - python2.5 (Minor issue) - python2.4 (low) [lenny] - python2.4 (Minor issue) CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR C ...) {DSA-2092-1} - lxr (low; bug #585411) [lenny] - lxr (Minor issue) - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036) NOTE: seems to be a dupe of CVE-2010-1738 CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for ...) {DSA-2267-1 DSA-2051-1} - postgresql-8.4 8.4.4-1 - postgresql-8.3 - perl 5.12.3-1 NOTE: Originally attributed to Postgres, but also affects standard Perl CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and ...) {DSA-2053-1} - linux-2.6 2.6.32-12 (unimportant) NOTE: KGDB is not currently enabled in debian builds CVE-2010-1445 (Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 a ...) - vlc 1.0.6-1 [lenny] - vlc (Vulnerable code not present) NOTE: http://www.videolan.org/security/sa1003.html CVE-2010-1444 (The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 ...) - vlc 1.0.6-1 [lenny] - vlc (Vulnerable code not present) NOTE: http://www.videolan.org/security/sa1003.html CVE-2010-1443 (The parse_track_node function in modules/demux/playlist/xspf.c in the ...) - vlc 1.0.6-1 (unimportant) NOTE: http://www.videolan.org/security/sa1003.html CVE-2010-1442 (VideoLAN VLC media player before 1.0.6 allows remote attackers to caus ...) - vlc 1.0.6-1 [lenny] - vlc 0.8.6.h-4+lenny3 NOTE: http://www.videolan.org/security/sa1003.html CVE-2010-1441 (Multiple heap-based buffer overflows in VideoLAN VLC media player befo ...) - vlc 1.0.6-1 [lenny] - vlc 0.8.6.h-4+lenny3 NOTE: http://www.videolan.org/security/sa1003.html CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live ...) - texlive-bin 2009-6 (low; bug #580668) [lenny] - texlive-bin 2007.dfsg.2-4+lenny3 CVE-2010-1439 (yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) ...) NOT-FOR-US: Red Hat Network Client Tools CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames u ...) - wafp (bug #562949) CVE-2010-1437 (Race condition in the find_keyring_by_name function in security/keys/k ...) {DSA-2053-1} - linux-2.6 2.6.32-13 CVE-2010-1436 (gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not ...) - linux-2.6 2.6.32-25 [lenny] - linux-2.6 2.6.26-23 CVE-2010-1435 (Joomla! Core is prone to a security bypass vulnerability. Exploiting t ...) NOT-FOR-US: Joomla! CVE-2010-1434 (Joomla! Core is prone to a session fixation vulnerability. An attacker ...) NOT-FOR-US: Joomla! CVE-2010-1433 (Joomla! Core is prone to a vulnerability that lets attackers upload ar ...) NOT-FOR-US: Joomla! CVE-2010-1432 (Joomla! Core is prone to an information disclosure vulnerability. Atta ...) NOT-FOR-US: Joomla! CVE-2010-1430 REJECTED CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterpri ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2010-1427 (Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin ...) NOT-FOR-US: MODx Evolution CVE-2010-1426 (SQL injection vulnerability in MODx Evolution before 1.0.3 allows remo ...) NOT-FOR-US: MODx Evolution CVE-2010-1425 (F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft ...) NOT-FOR-US: F-Secure Internet Security CVE-2010-1424 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Governm ...) NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=26824 NOTE: http://trac.webkit.org/changeset/58829 CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before 5 ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751 NOTE: http://trac.webkit.org/changeset/58703 CVE-2010-1420 (Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari ...) NOT-FOR-US: Apple Safari CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37618 NOTE: http://trac.webkit.org/changeset/58616 CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38260 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36502 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031 NOTE: http://trac.webkit.org/changeset/58844 NOTE: http://trac.webkit.org/changeset/56651 NOTE: http://trac.webkit.org/changeset/57627 CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001 NOTE: http://trac.webkit.org/changeset/58201 NOTE: if this commit is correct, this is a dup of cve-2010-1665 CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36838 NOTE: http://trac.webkit.org/changeset/56810 CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36000 NOTE: http://trac.webkit.org/changeset/56420 CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35818 NOTE: http://trac.webkit.org/changeset/55783 CVE-2010-1413 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit (affected cf/iss code is not present) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37230 NOTE: http://trac.webkit.org/changeset/57232 CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635 NOTE: http://trac.webkit.org/changeset/57759 NOTE: http://trac.webkit.org/changeset/57817 CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in tif_fax3. ...) {DSA-2084-1} - tiff 3.9.4-1 - tiff3 (fixed prior to initial upload) CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35603 NOTE: http://trac.webkit.org/changeset/55511 CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before 5. ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34451 NOTE: http://trac.webkit.org/changeset/54193 CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36571 NOTE: http://trac.webkit.org/changeset/56489 NOTE: http://trac.webkit.org/changeset/56492 NOTE: http://trac.webkit.org/changeset/56879 CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not pro ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36435 NOTE: http://trac.webkit.org/changeset/56365 CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=30841 NOTE: http://trac.webkit.org/changeset/50226 NOTE: http://trac.webkit.org/changeset/50240 CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36198 NOTE: http://trac.webkit.org/changeset/56186 CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35709 NOTE: http://trac.webkit.org/changeset/53446 CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35708 NOTE: http://trac.webkit.org/changeset/53446 CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35598 NOTE: http://trac.webkit.org/changeset/55182 CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35353 NOTE: http://trac.webkit.org/changeset/55196 CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34734 NOTE: http://trac.webkit.org/changeset/54521 CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35599 NOTE: http://trac.webkit.org/changeset/46437 CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35305 NOTE: http://trac.webkit.org/changeset/55167 CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=32842 NOTE: http://trac.webkit.org/changeset/52034 NOTE: http://trac.webkit.org/changeset/55114 CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35621 NOTE: http://trac.webkit.org/changeset/55462 NOTE: http://trac.webkit.org/changeset/55465 CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=26868 NOTE: http://trac.webkit.org/changeset/46068 CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: http://trac.webkit.org/changeset/55203 NOTE: http://trac.webkit.org/changeset/55212 CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=33683 NOTE: http://trac.webkit.org/changeset/53607 CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34641 NOTE: http://trac.webkit.org/changeset/56297 CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local Storage ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36243 NOTE: http://trac.webkit.org/changeset/56139 CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=29078 NOTE: http://trac.webkit.org/changeset/49487 CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=30019 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34148 NOTE: https://bugs.webkit.org/show_bug.cgi?id=33970 NOTE: http://trac.webkit.org/changeset/53442 NOTE: http://trac.webkit.org/changeset/53835 NOTE: http://trac.webkit.org/changeset/53659 CVE-2010-1388 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and b ...) - webkit (issue in mac-specific code) - chromium-browser (issue in mac-specific code) NOTE: https://bugs.webkit.org/show_bug.cgi?id=28755 NOTE: http://trac.webkit.org/changeset/47829 CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTun ...) - webkit 1.2.1-2 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34321 NOTE: http://trac.webkit.org/changeset/54129 NOTE: http://trac.webkit.org/changeset/54141 NOTE: http://trac.webkit.org/changeset/54265 CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2 ...) - webkit 1.2.2-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255 NOTE: http://trac.webkit.org/changeset/56188 CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10 ...) - webkit (this is a bug in Apple's PDFKit) - chromium-browser (this is a bug in Apple's PDFKit) CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...) - chromium-browser (unimportant) NOTE: This is based on various misconceptions surrounding "phishing" The only supported browser security model NOTE: surrounding URLs is the accurate post-link-click indication of the final target URL in the URL bar. CVE-2010-1383 (CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web se ...) NOT-FOR-US: Apple Safari CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac O ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1381 (The default configuration of SMB File Server in Apple Mac OS X 10.5.8, ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1380 (Integer overflow in the cgtexttops CUPS filter in Printing in Apple Ma ...) NOT-FOR-US: Apple-specific CUPS filter "cgtexttops" CVE-2010-1379 (Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly i ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1378 (OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perfo ...) - openssl (fix for an apple-specific flaw) NOTE: sounds like a duplicate of CVE-2009-2409 CVE-2010-1377 (Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencry ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1376 (Multiple format string vulnerabilities in Network Authorization in App ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1375 (NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1374 (Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, a ...) NOT-FOR-US: iChat CVE-2010-1373 (Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac O ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI ...) - sun-java6 6.20-1 (high) [lenny] - sun-java6 6-20-0lenny1 CVE-2010-2449 (Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID. ...) - gource 0.26-2 (low; bug #577958) CVE-2010-1564 REJECTED CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) com ...) NOT-FOR-US: Joomla! CVE-2010-1371 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classifi ...) NOT-FOR-US: Pre Classified Listings ASP CVE-2010-1370 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...) NOT-FOR-US: Pre Classified Listings ASP CVE-2010-1369 (SQL injection vulnerability in signup.asp in Pre Classified Listings A ...) NOT-FOR-US: Pre Classified Listings ASP CVE-2010-1368 (SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows ...) NOT-FOR-US: GameScript CVE-2010-1367 (Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_log ...) NOT-FOR-US: Uiga Fan Club CVE-2010-1366 (Multiple SQL injection vulnerabilities in admin/admin_login.php in Uig ...) NOT-FOR-US: Uiga Fan Club CVE-2010-1365 (SQL injection vulnerability in index.php in Uiga Fan Club, as download ...) NOT-FOR-US: Uiga Fan Club CVE-2010-1364 (SQL injection vulnerability in index.php in Uiga Personal Portal, as d ...) NOT-FOR-US: Uiga Fan Club CVE-2010-1363 (SQL injection vulnerability in the JProjects (com_j-projects) componen ...) NOT-FOR-US: Joomla! CVE-2010-1362 (Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1. ...) NOT-FOR-US: Own Term module for Drupal CVE-2010-1361 (Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING ...) NOT-FOR-US: PHPepperShop CVE-2010-1360 (Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.0 ...) NOT-FOR-US: FAQEngine CVE-2010-1359 (SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL ...) NOT-FOR-US: xt:Commerce CVE-2010-1358 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...) NOT-FOR-US: Biblio module for Drupal CVE-2010-1357 (Cross-site scripting (XSS) vulnerability in editors/logindialogue.php ...) NOT-FOR-US: SBD Directory Software CVE-2010-1356 (Unspecified vulnerability on the TANDBERG Video Communication Server ( ...) NOT-FOR-US: TANDBERG Video Communication Server CVE-2010-1355 (Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communi ...) NOT-FOR-US: TANDBERG Video Communication Server CVE-2010-1354 (Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1 ...) NOT-FOR-US: Joomla! CVE-2010-1353 (Directory traversal vulnerability in the LoginBox Pro (com_loginbox) c ...) NOT-FOR-US: Joomla! CVE-2010-1352 (Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox ...) NOT-FOR-US: Joomla! CVE-2010-1351 (Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 ...) NOT-FOR-US: Nodesforum CVE-2010-1350 (SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4 ...) NOT-FOR-US: Joomla! CVE-2010-1349 (Integer overflow in Opera 10.10 through 10.50 allows remote attackers ...) NOT-FOR-US: Opera CVE-2010-1348 (Unspecified vulnerability in the login process in IBM WebSphere Portal ...) NOT-FOR-US: IBM WebSphere CVE-2010-1347 (Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and L ...) NOT-FOR-US: IBM AIX CVE-2010-1346 (SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, ...) NOT-FOR-US: Mini CMS RibaFS CVE-2010-1345 (Directory traversal vulnerability in the Cookex Agency CKForms (com_ck ...) NOT-FOR-US: Joomla! CVE-2010-1344 (SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) ...) NOT-FOR-US: Joomla! CVE-2010-1343 (SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows re ...) NOT-FOR-US: SiteX CVE-2010-1342 (Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10 ...) NOT-FOR-US: Direct News CVE-2010-1341 (SQL injection vulnerability in index.php in Systemsoftware Community B ...) NOT-FOR-US: Systemsoftware Community Black Forum CVE-2010-1340 (Directory traversal vulnerability in jresearch.php in the J!Research ( ...) NOT-FOR-US: Joomla! CVE-2010-1339 (Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsi ...) NOT-FOR-US: Teamsite Hack plugin CVE-2010-1338 (SQL injection vulnerability in ts_other.php in the Teamsite Hack plugi ...) NOT-FOR-US: Teamsite Hack plugin CVE-2010-1337 (Multiple PHP remote file inclusion vulnerabilities in definitions.php ...) NOT-FOR-US: Lussumo Vanilla CVE-2010-1336 (Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote at ...) NOT-FOR-US: INVOhost CVE-2010-1335 (Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-01 ...) NOT-FOR-US: Insky CMS CVE-2010-1334 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows ...) NOT-FOR-US: Pulse CMS Basic CVE-2010-1333 (Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Comp ...) NOT-FOR-US: Almas Inc. Compiere J300_A02 CVE-2010-1332 (Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail ...) NOT-FOR-US: PrettyBook PrettyFormMail CVE-2010-1331 (SQL injection vulnerability in Heartlogic HL-SiteManager allows remote ...) NOT-FOR-US: Heartlogic HL-SiteManager CVE-2010-1330 (The regular expression engine in JRuby before 1.4.1, when $KCODE is se ...) - jruby 1.5.0~rc1-1 CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall 5. ...) NOT-FOR-US: Imperva SecureSphere Web Application Firewall and Database Firewall CVE-2010-1328 (Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1. ...) NOT-FOR-US: TornadoStore CVE-2010-1327 (Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earli ...) NOT-FOR-US: TornadoStore CVE-2010-1326 (perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 ...) {DSA-2108-1} - cvsnt 2.5.04.3236-1.2 (medium; bug #593884) NOTE: http://march-hare.com/cvspro/vuln.htm CVE-2010-1325 (Cross-site request forgery (CSRF) vulnerability in the apache2-slms pa ...) NOT-FOR-US: SUSE Lifecycle Management Server CVE-2010-1324 (MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not prope ...) - krb5 1.8.3+dfsg-3 (bug #605553) [lenny] - krb5 (Only affects krb5 >= 1.7) CVE-2010-1323 (MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x ...) {DSA-2129-1} - krb5 1.8.3+dfsg-3 (bug #605553) CVE-2010-1322 (The merge_authdata function in kdc_authdata.c in the Key Distribution ...) - krb5 1.8.3+dfsg-2 (bug #599237) [lenny] - krb5 (Only affects 1.8) [etch] - krb5 (Only affects 1.8) NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt CVE-2010-1321 (The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-AP ...) {DSA-2052-1} - krb5 1.8.1+dfsg-3 (low; bug #582261) - heimdal 1.4.0~git20100605.dfsg.1-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny CVE-2010-1320 (Double free vulnerability in do_tgs_req.c in the Key Distribution Cent ...) - krb5 1.8.1+dfsg-2 (bug #577490) [lenny] - krb5 (Only affects 1.7/1.8) NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ 1. ...) NOT-FOR-US: Real Helix Server CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in ...) NOT-FOR-US: Real Helix Server CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in ...) NOT-FOR-US: Real Helix Server CVE-2010-1316 (Multiple stack-based buffer overflows in Tembria Server Monitor before ...) NOT-FOR-US: Tembria Server Monitor CVE-2010-1315 (Directory traversal vulnerability in weberpcustomer.php in the webERPc ...) NOT-FOR-US: Joomla! CVE-2010-1314 (Directory traversal vulnerability in the Highslide JS (com_hsconfig) c ...) NOT-FOR-US: Joomla! CVE-2010-1313 (Directory traversal vulnerability in the Seber Cart (com_sebercart) co ...) NOT-FOR-US: Joomla! CVE-2010-1312 (Directory traversal vulnerability in the iJoomla News Portal (com_news ...) NOT-FOR-US: Joomla! CVE-2010-1311 (The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.9 ...) - clamav 0.96+dfsg-2 (bug #577462; low) [lenny] - clamav (bug #577462; low) NOTE: Lenny version achieved end of life! see NOTE: http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/ CVE-2010-1310 (Opera 10.50 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: Opera CVE-2010-1309 (Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0. ...) NOT-FOR-US: Pepsi CMS CVE-2010-1308 (Directory traversal vulnerability in the SVMap (com_svmap) component 1 ...) NOT-FOR-US: Joomla! CVE-2010-1307 (Directory traversal vulnerability in the Magic Updater (com_joomlaupda ...) NOT-FOR-US: Joomla! CVE-2010-1306 (Directory traversal vulnerability in the Picasa (com_joomlapicasa2) co ...) NOT-FOR-US: Joomla! CVE-2010-1305 (Directory traversal vulnerability in jinventory.php in the JInventory ...) NOT-FOR-US: Joomla! CVE-2010-1304 (Directory traversal vulnerability in userstatus.php in the User Status ...) NOT-FOR-US: Joomla! CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Fi ...) NOT-FOR-US: Drupal module CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW ...) NOT-FOR-US: Joomla! CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5 allows remot ...) - centreon-web (bug #913903) CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Al ...) NOT-FOR-US: Yamamah CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, ...) NOT-FOR-US: DynPG CMS CVE-2010-1298 (Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allow ...) NOT-FOR-US: Pulse CMS CVE-2010-1297 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe ...) NOT-FOR-US: Adobe Flash Player CVE-2010-1296 (Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow u ...) NOT-FOR-US: Adobe Photoshop CS4 CVE-2010-1295 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-1294 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allo ...) NOT-FOR-US: Adobe ColdFusion CVE-2010-1293 (Cross-site scripting (XSS) vulnerability in the Administrator page in ...) NOT-FOR-US: Adobe ColdFusion CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave Playe ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allo ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1285 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D ob ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ca ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validat ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ex ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-1279 (Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x befor ...) NOT-FOR-US: Adobe Photoshop CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in ...) NOT-FOR-US: Adobe Download Manager CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...) - zabbix 1:1.8.2-1 (bug #577058) [lenny] - zabbix (vulnerable code not present) [etch] - zabbix (vulnerable code not present) NOTE: This is a bug that was introduced with the Zabbix 1.8 API CVE-2010-1276 (Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 ...) NOT-FOR-US: BBSXP CVE-2010-1275 (Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 ...) NOT-FOR-US: BBSXP CVE-2010-1274 (Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allo ...) NOT-FOR-US: Emweb Wt CVE-2010-1273 (Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form ...) NOT-FOR-US: Emweb Wt CVE-2010-1272 (PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat ...) NOT-FOR-US: Gnat-TGP CVE-2010-1271 (SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows ...) NOT-FOR-US: smartplugs CVE-2010-1270 (SQL injection vulnerability in auktion.php in Multi Auktions Komplett ...) NOT-FOR-US: Multi Auktions Komplett System CVE-2010-1269 (SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Geb ...) NOT-FOR-US: Gebote Pro Auktions System CVE-2010-1268 (Directory traversal vulnerability in index.php in justVisual CMS 2.0, ...) NOT-FOR-US: justVisual CMS CVE-2010-1267 (Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta ...) NOT-FOR-US: WebMaid CMS CVE-2010-1266 (Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2- ...) NOT-FOR-US: WebMaid CMS CVE-2010-1265 (SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flas ...) NOT-FOR-US: dcsFlashGames CVE-2010-1264 (Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 ...) NOT-FOR-US: Microsoft CVE-2010-1263 (Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows ...) NOT-FOR-US: Microsoft CVE-2010-1262 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote atta ...) NOT-FOR-US: Microsoft CVE-2010-1261 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, a ...) NOT-FOR-US: Microsoft CVE-2010-1260 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, a ...) NOT-FOR-US: Microsoft CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote atta ...) NOT-FOR-US: Microsoft CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine th ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as u ...) NOT-FOR-US: Microsoft CVE-2010-1256 (Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Ext ...) NOT-FOR-US: Microsoft CVE-2010-1255 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 200 ...) NOT-FOR-US: Microsoft CVE-2010-1254 (The installation for Microsoft Open XML File Format Converter for Mac ...) NOT-FOR-US: Microsoft CVE-2010-1253 (Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for ma ...) NOT-FOR-US: Microsoft CVE-2010-1252 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Offic ...) NOT-FOR-US: Microsoft CVE-2010-1251 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Offic ...) NOT-FOR-US: Microsoft CVE-2010-1250 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...) NOT-FOR-US: Microsoft CVE-2010-1249 (Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Ma ...) NOT-FOR-US: Microsoft CVE-2010-1248 (Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for ...) NOT-FOR-US: Microsoft CVE-2010-1247 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows re ...) NOT-FOR-US: Microsoft CVE-2010-1246 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows ...) NOT-FOR-US: Microsoft CVE-2010-1245 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2 ...) NOT-FOR-US: Microsoft CVE-2010-XXXX [tcpdf code execution via tcpdf tag] - moodle (Vulnerable code not present) - phpmyadmin (Vulnerable code not present) - tcpdf 6.0.010+dfsg-1 NOTE: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view NOTE: http://seclists.org/fulldisclosure/2010/Apr/104 NOTE: setting K_TCPDF_CALLS_IN_HTML to false mitigates the problem CVE-2010-XXXX [xmail insecure temp files handling] - xmail 1.27-1 (low) [lenny] - xmail (Minor issue) NOTE: http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27 CVE-2010-1159 (Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow r ...) - aircrack-ng 1:1.1-1 (low; bug #577758) [lenny] - aircrack-ng (low) [etch] - aircrack-ng (low) NOTE: http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in createDestination.a ...) NOT-FOR-US: Apache ActiveMQ CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 c ...) NOT-FOR-US: IBM Web Interface for Content Management CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Int ...) NOT-FOR-US: IBM Web Interface for Content Management CVE-2010-1241 (Heap-based buffer overflow in the custom heap management system in Ado ...) NOT-FOR-US: Acrobat Reader CVE-2010-1240 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute ...) NOT-FOR-US: Foxit Reader CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha protectio ...) - moin 1.9.2-3 (bug #575995; medium) [lenny] - moin 1.7.1-3+lenny4 (bug #575995; medium) NOTE: see http://www.debian.org/security/2010/dsa-2024 CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...) - webkit 1.1.90-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: http://trac.webkit.org/changeset/55511 NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061 CVE-2010-1236 (The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKi ...) - webkit (bug #577457; proof-of-concepts are not effective against webkit) - chromium-browser 5.0.375.29~r46008-1 NOTE: http://trac.webkit.org/changeset/55822 CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...) - chromium-browser 5.0.375.29~r46008-1 NOTE: issue in chrome-specific download dialog CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow ...) - webkit (v8 and webgl not yet included) - chromium-browser 5.0.375.29~r46008-1 NOTE: http://trac.webkit.org/changeset/55376 CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a d ...) - webkit 1.1.90-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: http://code.google.com/p/chromium/issues/detail?id=34978 CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before invoki ...) - webkit (does not yet have a "safe browsing" feature; i.e. chromium-specific issue) - chromium-browser 5.0.375.29~r46008-1 CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does n ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google Chrom ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System Communicat ...) NOT-FOR-US: Sun Java System Communication Express CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G ...) NOT-FOR-US: Apple iPhone CVE-2010-1225 (The memory-management implementation in the Virtual Machine Monitor (a ...) NOT-FOR-US: Microsoft Virtual PC CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x be ...) - asterisk 1:1.6.2.6-1 (low; bug #576560) [lenny] - asterisk (Vulnerable code not present) CVE-2010-1223 (Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote at ...) NOT-FOR-US: CA XOsoft CVE-2010-1222 (CA XOsoft r12.5 does not properly perform authentication, which allows ...) NOT-FOR-US: CA XOsoft CVE-2010-1221 (CA XOsoft r12.0 and r12.5 does not properly perform authentication, wh ...) NOT-FOR-US: CA XOsoft CVE-2010-1220 RESERVED CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability] - interchange 5.7.6-1 CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews) componen ...) NOT-FOR-US: com_janews component for Joomla! CVE-2010-1218 (Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8 ...) NOT-FOR-US: mm_forum extension for TYPO3 CVE-2010-1217 (Directory traversal vulnerability in the JE Form Creator (com_jeformcr ...) NOT-FOR-US: com_jeformcr component for Joomla! CVE-2010-1216 (PHP remote file inclusion vulnerability in templates/template.php in n ...) NOT-FOR-US: notsoPureEdit CVE-2010-1215 (Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 ...) - xulrunner (Only affects Firefox 3.6.x and above) - iceweasel (Only affects Firefox 3.6.x and above) CVE-2010-1214 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x befo ...) {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.6-1 [lenny] - iceape (Only a stub package) CVE-2010-1213 (The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3. ...) - xulrunner 1.9.1.11-1 [lenny] - xulrunner (Only affects 1.9.1 and above) - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.6-1 [lenny] - icedove [lenny] - iceape (Only a stub package) - icedove 3.0.6-1 CVE-2010-1212 (js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x bef ...) - xulrunner (Only affects Firefox 3.6.x and above) - iceweasel (Only affects Firefox 3.6.x and above) - icedove 3.0.6-1 [lenny] - icedove CVE-2010-1211 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.6-1 [lenny] - icedove - icedove 3.0.6-1 [lenny] - iceape (Only a stub package) CVE-2010-1210 (intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3. ...) - xulrunner (Only affects 1.9.2 and above) - iceweasel (Only affects 1.9.2 and above) CVE-2010-1209 (Use-after-free vulnerability in the NodeIterator implementation in Moz ...) - xulrunner 1.9.1.11-1 [lenny] - xulrunner (Only affects 1.9.1 and above) - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.6-1 [lenny] - iceape (Only a stub package) CVE-2010-1208 (Use-after-free vulnerability in the attribute-cloning functionality in ...) {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceape 2.0.6-1 [lenny] - iceape (Only a stub package) CVE-2010-1207 (Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not prope ...) - xulrunner (Only affects 1.9.2 and above) - iceweasel (Only affects 1.9.2 and above) CVE-2010-1206 (The startDocumentLoad function in browser/base/content/browser.js in M ...) - iceweasel 3.5.11-1 [lenny] - iceweasel (Vulnerable code not present) NOTE: Introduced by https://bugzilla.mozilla.org/show_bug.cgi?id=254714 CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before ...) {DSA-2075-1 DSA-2072-1} - libpng 1.2.44-1 (bug #587670) - icedove 3.0.6-1 [lenny] - icedove - tuxonice-userui 1.0-1 (unimportant) NOTE: tuxonice-userui 1.0-1 was binNMUed CVE-2010-1204 (Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 ...) - bugzilla 3.4.7.0-1 (low; bug #587663) [lenny] - bugzilla (Minor issue) CVE-2010-1203 (The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remo ...) - xulrunner (Only affects Firefox 3.6, i.e xulrunner 1.9.2) - iceweasel (Only affects Firefox 3.6, i.e xulrunner 1.9.2) CVE-2010-1202 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...) {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape (Only a stub package) CVE-2010-1201 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...) {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape (Only a stub package) CVE-2010-1200 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape (Only a stub package) CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in Mozilla Fi ...) {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - icedove - icedove 3.0.5-1 [lenny] - iceape (Only a stub package) CVE-2010-1198 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 an ...) {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape (Only a stub package) CVE-2010-1197 (Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMon ...) {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape (Only a stub package) CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal function ...) {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) [lenny] - icedove - iceape 2.0.5-1 - icedove 3.0.5-1 [lenny] - iceape (Only a stub package) CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and p ...) - libesmtp 1.0.4-2 (bug #311191) CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other versions ...) - sahana (bug #497414) CVE-2010-1186 (Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the N ...) NOT-FOR-US: NextGEN Gallery plugin for WordPress CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kern ...) - linux-2.6 2.6.20-1 CVE-2010-1187 (The Transparent Inter-Process Communication (TIPC) functionality in Li ...) {DSA-2053-1} - linux-2.6 2.6.32-12 CVE-2010-1185 (Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6 ...) NOT-FOR-US: SAP MaxDB CVE-2010-1184 (The Microsoft wireless keyboard uses XOR encryption with a key derived ...) NOT-FOR-US: Microsoft Wireless Keyboard CVE-2010-1183 (Certain patch-installation scripts in Oracle Solaris allow local users ...) NOT-FOR-US: Oracle Solaris CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative console in ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) NOTE: proof of concept maximum impact against webkit is dos-only CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) NOTE: proof of concept maximum impact against webkit is dos-only CVE-2010-1179 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) - webkit CVE-2010-1178 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) - webkit CVE-2010-1177 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) - webkit CVE-2010-1176 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) - webkit CVE-2010-1175 (Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 ...) NOT-FOR-US: Microsoft Internet Explorer 7.0 CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial of ser ...) NOT-FOR-US: Cisco TFTP Server CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the ...) {DSA-2053-1} - linux-2.6 2.6.32-12 CVE-2010-1172 (DBus-GLib 0.73 disregards the access flag of exported GObject properti ...) - dbus-glib 0.88-1 (low; bug #592753) [lenny] - dbus-glib (Minor issue) CVE-2010-1171 (Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsol ...) NOT-FOR-US: Red Hat Network Satellite Server CVE-2010-1170 (The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before ...) {DSA-2051-1} - postgresql-8.4 8.4.4-1 (low) - postgresql-8.3 CVE-2010-1169 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8. ...) {DSA-2051-1} - postgresql-8.4 8.4.4-1 (low) - postgresql-8.3 CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows context-depe ...) - perl 5.10.1-13 (bug #582978) [lenny] - perl 5.10.0-19lenny3 CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X ...) - xorg-server (Xorg in Lenny onwards uses Pixman, which isn't affected) NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html CVE-2010-1165 (Atlassian JIRA 3.12 through 4.1 allows remote authenticated administra ...) NOT-FOR-US: Atlassian JIRA CVE-2010-1164 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...) NOT-FOR-US: Atlassian JIRA CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...) - sudo 1.7.2p6-1 (bug #578275) [lenny] - sudo (ignore_dot default value is off and can't be changed in runtime) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=580441#c3 CVE-2010-1162 (The release_one_tty function in drivers/char/tty_io.c in the Linux ker ...) {DSA-2053-1} - linux-2.6 2.6.32-12 CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a fi ...) - nano 2.2.4-1 (low; bug #577817) [lenny] - nano 2.0.7-5 CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed ...) - nano 2.2.4-1 (low; bug #577817) [lenny] - nano 2.0.7-5 CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...) - perl (re engine rewritten for 5.10 to address issues such as this; and proof-of-concept not effective) CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allo ...) {DSA-2207-1} - tomcat6 6.0.26-5 (bug #587447; unimportant) - tomcat5.5 (unimportant) NOTE: Negligible information disclosure CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to caus ...) - irssi 0.8.15-1 (low) [lenny] - irssi (Minor issue) CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server ...) - irssi 0.8.15-1 (low) [lenny] - irssi (Minor issue) CVE-2010-1154 REJECTED CVE-2010-1153 (PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3 ...) - typo3-src 4.3.3-1 (bug #577993) [lenny] - typo3-src (Only affects 4.3.x) CVE-2010-1152 (memcached.c in memcached before 1.4.3 allows remote attackers to cause ...) - memcached 1.4.5-1 (low; bug #579913) [lenny] - memcached (Minor issue) CVE-2010-1151 (Race condition in the mod_auth_shadow module for the Apache HTTP Serve ...) - libapache2-mod-auth-shadow (bug #503184) CVE-2010-1150 (MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not proper ...) {DSA-2041-1} - mediawiki 1:1.15.3-1 (low) CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TA ...) - udisks 1.0.1-1 (medium; bug #576687) CVE-2010-1148 (The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 ...) - linux-2.6 2.6.32-12 [lenny] - linux-2.6 (vulnerable code not yet present) CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hu ...) - opendchub 0.8.2-1 (bug #576308) [lenny] - opendchub (Vulnerable code not present) CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exis ...) - linux-2.6 2.6.32-12 [lenny] - linux-2.6 (vulnerability introduced in 2.6.30) CVE-2010-1145 REJECTED CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids before 1.24, as us ...) - libnids 1.23-1.2 (low; bug #576281) [lenny] - libnids (Minor issue) NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View (formerly Virt ...) NOT-FOR-US: VMware CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VM ...) NOT-FOR-US: VMware products CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VM ...) NOT-FOR-US: VMware products CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 an ...) NOT-FOR-US: VMware products CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware W ...) NOT-FOR-US: VMware products CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 bu ...) NOT-FOR-US: VMware products CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Virtua ...) NOT-FOR-US: VMware Server CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 ...) - tikiwiki CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does ...) - tikiwiki CVE-2010-1134 (SQL injection vulnerability in the _find function in searchlib.php in ...) - tikiwiki CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x b ...) - tikiwiki CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, a ...) NOTE: browser crashes are not considered security-relevant CVE-2010-1130 (session.c in the session extension in PHP before 5.2.13, and 5.3.1, do ...) - php5 5.3.2-1 (unimportant) NOTE: open_basedir not supported CVE-2010-1129 (The safe_mode implementation in PHP before 5.2.13 does not properly ha ...) - php5 5.3.2-1 (unimportant) NOTE: safe_mode not supported CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...) {DSA-2195-1} - php5 5.3.2-1 (low) CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data s ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to sen ...) - webkit (proof-of-concept not effective; windows-only?) CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and ...) - xulrunner (Only affects Firefox 3.6, i.e xulrunner 1.9.2) NOTE: Description is wrong, only affects Firefox 3.6 per https://bugzilla.mozilla.org/show_bug.cgi?id=552255 CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...) NOT-FOR-US: IBM AIX CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile with th ...) - deliver CVE-2010-2445 (freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read ...) - freeciv 2.2.1-1 (low; bug #584589) [lenny] - freeciv (Minor issue) NOTE: http://gna.org/bugs/?15624 CVE-2010-2446 (Rbot Reaction plugin allows command execution ...) - rbot 0.9.14-2 (bug #575286) [lenny] - rbot ("reaction" plugin not present in 0.9.10) [etch] - rbot ("reaction" plugin not present in 0.9.10) CVE-2010-1122 (Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allow ...) - xulrunner (Only affects the Firefox 3.6 branch) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=552216 CVE-2010-1121 (Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes ...) - xulrunner (vulnerable code introduced in firefox 3.6) - iceape (vulnerable code introduced in firefox 3.6) CVE-2010-1120 (Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows re ...) NOT-FOR-US: Apple Type Services CVE-2010-1119 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...) - webkit 1.2.1-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: https://bugs.webkit.org/show_bug.cgi?id=33850 NOTE: http://trac.webkit.org/changeset/53501 NOTE: http://trac.webkit.org/changeset/53504 CVE-2010-1118 (Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows ...) NOT-FOR-US: Internet Explorer CVE-2010-1117 (Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows ...) NOT-FOR-US: Internet Explorer CVE-2010-1116 (LookMer Music Portal stores sensitive information under the web root w ...) NOT-FOR-US: LookMer Music Portal CVE-2010-1115 (Directory traversal vulnerability in news/include/customize.php in Web ...) NOT-FOR-US: Web Server Creator - Web Portal CVE-2010-1114 (Multiple PHP remote file inclusion vulnerabilities in Web Server Creat ...) NOT-FOR-US: Web Server Creator - Web Portal CVE-2010-1113 (Cross-site scripting (XSS) vulnerability in the forum page in Web Serv ...) NOT-FOR-US: Web Server Creator - Web Portal CVE-2010-1112 (Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 all ...) NOT-FOR-US: KloNews CVE-2010-1111 (Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete ...) NOT-FOR-US: Jokes Complete Website CVE-2010-1110 (Directory traversal vulnerability in index.php in phpMySport 1.4 allow ...) NOT-FOR-US: phpMySport CVE-2010-1109 (Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, ...) NOT-FOR-US: phpMySport CVE-2010-1108 (Cross-site scripting (XSS) vulnerability in the Control Panel module 5 ...) NOT-FOR-US: third-party Drupal module CVE-2010-1107 (Cross-site scripting (XSS) vulnerability in the Recent Comments module ...) NOT-FOR-US: third-party Drupal module CVE-2010-1106 (PHP remote file inclusion vulnerability in cgi/index.php in Advertisem ...) NOT-FOR-US: AdvertisementManager CVE-2010-1105 (Cross-site scripting (XSS) vulnerability in cgi/index.php in Advertise ...) NOT-FOR-US: AdvertisementManager CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass intend ...) NOT-FOR-US: Stainless CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass intended ...) NOT-FOR-US: OmniWeb CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote attackers to b ...) NOT-FOR-US: Alexander Clauss iCab CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended p ...) - arora (Advisory is wrong, URL range is protected by QUrl) CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass int ...) NOT-FOR-US: Apple Safari CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as u ...) NOT-FOR-US: Microsoft Windows CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_star ...) NOT-FOR-US: DeDeCMS CVE-2010-1096 (Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFe ...) NOT-FOR-US: ScriptsFeed Dating Software CVE-2010-1095 (Cross-site scripting (XSS) vulnerability in login_reset_password_page. ...) NOT-FOR-US: Tracking Requirements & Use Cases CVE-2010-1094 (SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rg ...) NOT-FOR-US: Auktionshaus V4rgo CVE-2010-1093 (SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_q ...) NOT-FOR-US: 1024 CMS CVE-2010-1092 (Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Bus ...) NOT-FOR-US: ScriptsFeed Business Directory CVE-2010-1091 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...) NOT-FOR-US: phpMySite CVE-2010-1090 (SQL injection vulnerability in index.php in phpMySite allows remote at ...) NOT-FOR-US: phpMySite CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 ...) NOT-FOR-US: PHP Trouble Ticket CVE-2010-1088 (fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follo ...) {DSA-2053-1} - linux-2.6 2.6.32-10 CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel ...) {DSA-2053-1} - linux-2.6 2.6.32-9 (low) CVE-2010-1086 (The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_ ...) {DSA-2053-1} - linux-2.6 2.6.32-10 (low) CVE-2010-1085 (The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 ...) - linux-2.6 2.6.32-9 [lenny] - linux-2.6 (affected call not present) CVE-2010-1084 (Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allow ...) {DSA-2053-1} - linux-2.6 2.6.32-11 CVE-2010-1083 (The processcompl_compat function in drivers/usb/core/devio.c in Linux ...) {DSA-2053-1} - linux-2.6 2.6.32-9 CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when m ...) NOT-FOR-US: OI.Blogs CVE-2010-1081 (Directory traversal vulnerability in the Community Polls (com_communit ...) NOT-FOR-US: com_communitypolls component for Joomla! CVE-2010-1080 (Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2. ...) NOT-FOR-US: Pulse CMS CVE-2010-1079 (Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allo ...) NOT-FOR-US: Sawmill CVE-2010-1078 (SQL injection vulnerability in archive.php in XlentProjects SphereCMS ...) NOT-FOR-US: Xlent Projects SphereCMS CVE-2010-1077 (Directory traversal vulnerability in vbseo.php in Crawlability vBSEO p ...) NOT-FOR-US: Crawlability vBSEO plugin for vBulletin CVE-2010-1076 (Cross-site scripting (XSS) vulnerability in index.php in Entry Level C ...) NOT-FOR-US: Entry Level CMS CVE-2010-1075 (SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) a ...) NOT-FOR-US: Entry Level CMS CVE-2010-1074 (Cross-site scripting (XSS) vulnerability in the Currency Exchange modu ...) NOT-FOR-US: Currency Exchange module for Drupal CVE-2010-1073 (SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) ...) NOT-FOR-US: com_jembed component for Joomla! CVE-2010-1072 (Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS ...) NOT-FOR-US: Sniggabo CMS CVE-2010-1071 (SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remot ...) NOT-FOR-US: phpMDJ CVE-2010-1070 (SQL injection vulnerability in index.php in ImagoScripts Deviant Art C ...) NOT-FOR-US: ImagoScripts CVE-2010-1069 (SQL injection vulnerability in games/game.php in ProArcadeScript allow ...) NOT-FOR-US: ProArcadeScript CVE-2010-1068 (Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi ...) NOT-FOR-US: NetWin SurgeFTP CVE-2010-1067 (E-membres 1.0 stores sensitive information under the web root with ins ...) NOT-FOR-US: E-membres CVE-2010-1066 (AR Web Content Manager (AWCM) 2.1 stores sensitive information under t ...) NOT-FOR-US: AR Web Content Manager CVE-2010-1065 (Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information un ...) NOT-FOR-US: Lebisoft Ziparetci Defteri CVE-2010-1064 (Erolife AjxGaleri VT stores sensitive information under the web root w ...) NOT-FOR-US: Erolife AjxGaleri VT CVE-2010-1063 (Multiple directory traversal vulnerabilities in Phpkobo Free Real Esta ...) NOT-FOR-US: Phpkobo Free Real Estate Contact Form CVE-2010-1062 (Directory traversal vulnerability in codelib/sys/common.inc.php in Php ...) NOT-FOR-US: Phpkobo Free Real Estate Contact Form CVE-2010-1061 (Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01 ...) NOT-FOR-US: Phpkbo Short URL CVE-2010-1060 (Directory traversal vulnerability in staff/app/common.inc.php in Phpko ...) NOT-FOR-US: Phpkobo Short URL CVE-2010-1059 (Directory traversal vulnerability in staff/app/common.inc.php in Phpko ...) NOT-FOR-US: Phpkobo Address Book Script CVE-2010-1058 (Directory traversal vulnerability in codelib/cfg/common.inc.php in Php ...) NOT-FOR-US: Phpkobo Adress Book Script CVE-2010-1057 (Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka ...) NOT-FOR-US: Phpkobo AdFreely CVE-2010-1056 (Directory traversal vulnerability in the RokDownloads (com_rokdownload ...) NOT-FOR-US: com_rokdownloads component for Joomla! CVE-2010-1055 (Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and ...) NOT-FOR-US: osDate CVE-2010-1054 (Multiple SQL injection vulnerabilities in ParsCMS allow remote attacke ...) NOT-FOR-US: ParsCMS CVE-2010-1053 (Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and ea ...) NOT-FOR-US: Zen Time Tracking CVE-2010-1052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Au ...) NOT-FOR-US: AudiStat CVE-2010-1051 (Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 al ...) NOT-FOR-US: AudiStat CVE-2010-1050 (SQL injection vulnerability in index.php in AudiStat 1.3 allows remote ...) NOT-FOR-US: AudiStat CVE-2010-1049 (Multiple SQL injection vulnerabilities in Uiga Business Portal allow r ...) NOT-FOR-US: Uiga Business Portal CVE-2010-1048 (Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Bus ...) NOT-FOR-US: Uiga Business Portal CVE-2010-1047 (SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and ...) NOT-FOR-US: MASA2EL Music City CVE-2010-1046 (Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 ...) NOT-FOR-US: Rostermain CVE-2010-1045 (SQL injection vulnerability in the Productbook (com_productbook) compo ...) NOT-FOR-US: com_productbook component for Joomla! CVE-2010-1044 (SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 al ...) NOT-FOR-US: ManageEngine OpUtils CVE-2010-1043 (Directory traversal vulnerability in index.php in jaxCMS 1.0 allows re ...) NOT-FOR-US: jaxCMS CVE-2010-1042 (Microsoft Windows Media Player 11 does not properly perform colorspace ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2010-1041 (Unspecified vulnerability in the single sign-on functionality in the W ...) NOT-FOR-US: IBM DB2 Content Manager Toolkit CVE-2010-1040 (The "IP address range limitation" function in OpenPNE 1.6 through 1.8, ...) NOT-FOR-US: OpenPNE CVE-2010-1039 (Format string vulnerability in the _msgout function in rpc.pcnfsd in I ...) NOT-FOR-US: HP-UX CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before 6.0 allo ...) NOT-FOR-US: HP System Insight Manager CVE-2010-1037 (Cross-site request forgery (CSRF) vulnerability in HP System Insight M ...) NOT-FOR-US: HP System Insight Manager CVE-2010-1036 (Cross-site scripting (XSS) vulnerability in HP System Insight Manager ...) NOT-FOR-US: hP System Insight Manager CVE-2010-1035 (Multiple unspecified vulnerabilities in HP Virtual Machine Manager (VM ...) NOT-FOR-US: HP Virtual Machine Manager CVE-2010-1034 (Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 b ...) NOT-FOR-US: HP System Management Homepage CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne ActiveX c ...) NOT-FOR-US: HP Operations Manager CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local users to ca ...) NOT-FOR-US: HP-UX CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linu ...) NOT-FOR-US: HP Insight Control CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabl ...) NOT-FOR-US: HP-UX CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function i ...) - webkit (proof-of-concept not effective) - chromium-browser 5.0.375.29~r46008-1 CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate) exten ...) NOT-FOR-US: travelmate extension for typo3 CVE-2010-1026 (SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) exten ...) NOT-FOR-US: tmsw_cleandb extension for typo3 CVE-2010-1025 (Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_ne ...) NOT-FOR-US: tgm_newsletter extension for typo3 CVE-2010-1024 (SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) ext ...) NOT-FOR-US: tgm_newsletter extension for typo3 CVE-2010-1023 (Cross-site scripting (XSS) vulnerability in the UserTask Center, Recen ...) NOT-FOR-US: taskcenter_recent extension for typo3 CVE-2010-1022 (The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) exte ...) NOT-FOR-US: t3sec_saltedpw extension for typo3 CVE-2010-1021 (Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3qu ...) NOT-FOR-US: t3quixplorer extension for typo3 CVE-2010-1020 (Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_sim ...) NOT-FOR-US: sk_simplegallery extension for typo3 CVE-2010-1019 (SQL injection vulnerability in the Simple Gallery (sk_simplegallery) e ...) NOT-FOR-US: sk_simplegallery extension for typo3 CVE-2010-1018 (SQL injection vulnerability in the Book Reviews (sk_bookreview) extens ...) NOT-FOR-US: sk_bookreview extension for typo3 CVE-2010-1017 (SQL injection vulnerability in the SAV Filter Months (sav_filter_month ...) NOT-FOR-US: sav_filter_months extension for typo3 CVE-2010-1016 (SQL injection vulnerability in the SAV Filter Selectors (sav_filter_se ...) NOT-FOR-US: sav_filter_selectors extension for typo3 CVE-2010-1015 (SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_a ...) NOT-FOR-US: sav_filter_abc extension for typo3 CVE-2010-1014 (Cross-site scripting (XSS) vulnerability in the Reports Logfile View ( ...) NOT-FOR-US: reports_logview extension for typo3 CVE-2010-1013 (SQL injection vulnerability in the Diocese of Portsmouth Database (pd_ ...) NOT-FOR-US: pd_diocesedatabase extension for typo3 CVE-2010-1012 (SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0. ...) NOT-FOR-US: nf_cleandb extension for typo3 CVE-2010-1011 (Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboa ...) NOT-FOR-US: mydashboard extension for typo3 CVE-2010-1010 (SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) ext ...) NOT-FOR-US: mk_wastebasket extension for typo3 CVE-2010-1009 (SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 ...) NOT-FOR-US: educator extension for typo3 CVE-2010-1008 (Cross-site scripting (XSS) vulnerability in the Sellector.com Widget I ...) NOT-FOR-US: chsellector extension for typo3 CVE-2010-1007 (Unspecified vulnerability in the Power Extension Manager (ch_lightem) ...) NOT-FOR-US: ch_lightem extension for typo3 CVE-2010-1006 (SQL injection vulnerability in the Brainstorming extension 0.1.8 and e ...) NOT-FOR-US: brainstorming extension for typo3 CVE-2010-1005 (Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 sear ...) NOT-FOR-US: yatse extension for typo3 CVE-2010-1004 (SQL injection vulnerability in the Yet another TYPO3 search engine (YA ...) NOT-FOR-US: yatse extension for typo3 CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52] - libphp-cas (bug #495542) - glpi 0.72.4-2 (bug #574760; unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52 CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Open Fo ...) - xulrunner (vulnerability introduced in firefox 3.6) - iceape (Vulnerable code not present) - calibre 2.38.0+dfsg-1 (bug #787085) [jessie] - calibre (Minor issue) [wheezy] - calibre (src/calibre/utils/fonts/woff/ not introduced until version 0.9.33) NOTE: 2.38.0+dfsg-1 removed the copy of woff below src/calibre/utils/fonts/woff/ CVE-2010-XXXX [Escape href attribute in auto links] - redmine 0.9.3-3 CVE-2010-XXXX [Fixes permission check in QueriesController] - redmine 0.9.3-3 CVE-2010-1003 (Directory traversal vulnerability in www/editor/tiny_mce/langs/languag ...) NOT-FOR-US: eFront-learning CVE-2010-1002 RESERVED CVE-2010-1001 RESERVED CVE-2010-1000 (Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4. ...) - kdenetwork 4:4.4.3-2 [lenny] - kdenetwork (Metalink plugin not yet present) NOTE: http://seclists.org/fulldisclosure/2010/May/165 CVE-2010-0999 (Directory traversal vulnerability in Free Download Manager (FDM) befor ...) NOT-FOR-US: Free Download Manager CVE-2010-0998 (Multiple stack-based buffer overflows in Free Download Manager (FDM) b ...) NOT-FOR-US: Free Download Manager CVE-2010-0997 (Cross-site scripting (XSS) vulnerability in 107_plugins/content/conten ...) NOT-FOR-US: e107 CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows re ...) NOT-FOR-US: e107 CVE-2010-0995 (Stack-based buffer overflow in Internet Download Manager (IDM) before ...) NOT-FOR-US: Internet Download Manager CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library ...) NOT-FOR-US: Visualization Library CVE-2010-0993 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1. ...) NOT-FOR-US: Pulse CMS Basic CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CM ...) NOT-FOR-US: Pulse CMS Basic CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dep ...) - imlib2 (vulnerable code introduced in 1.4.3) CVE-2010-0990 (Stack-based buffer overflow in Creative Software AutoUpdate Engine Act ...) NOT-FOR-US: Creative Software AutoUpdate CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before 1. ...) NOT-FOR-US: Pulse CMS CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ( ...) NOT-FOR-US: Pulse CMS CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly process ass ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-XXXX [dojo can be used as a redirector] - dojo 1.4.2+dfsg-1 (low) NOTE: http://web.archive.org/web/20101029020014/http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ NOTE: http://bugs.dojotoolkit.org/ticket/10773 CVE-2010-0985 (Directory traversal vulnerability in the Abbreviations Manager (com_ab ...) NOT-FOR-US: com_abbrev component for Joomla! CVE-2010-0984 (Acidcat CMS 3.5.3 and earlier stores sensitive information under the w ...) NOT-FOR-US: Acidcat CMS CVE-2010-0983 (PHP remote file inclusion vulnerability in include/mail.inc.php in Rez ...) NOT-FOR-US: Rezervi CVE-2010-0982 (Directory traversal vulnerability in the CARTwebERP (com_cartweberp) c ...) NOT-FOR-US: com_cartweberp component for Joomla! CVE-2010-0981 (SQL injection vulnerability in the TPJobs (com_tpjobs) component for J ...) NOT-FOR-US: com_tpjobs component for Joomla! CVE-2010-0980 (SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1 ...) NOT-FOR-US: Left 4 Dead Stats CVE-2010-0979 (Cross-site scripting (XSS) vulnerability in display.php in Obsession-D ...) NOT-FOR-US: Obsession-Design Image-Gallery CVE-2010-0978 (KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under th ...) NOT-FOR-US: KMSoft Guestbook CVE-2010-0977 (PD PORTAL 4.0 stores sensitive information under the web root with ins ...) NOT-FOR-US: PD PORTAL CVE-2010-0976 (Acidcat CMS 3.5.x does not prevent access to install.asp after install ...) NOT-FOR-US: Acidcat CMS CVE-2010-0975 (PHP remote file inclusion vulnerability in external.php in PHPCityPort ...) NOT-FOR-US: PHPCityPortal CVE-2010-0974 (Multiple SQL injection vulnerabilities in PHPCityPortal allow remote a ...) NOT-FOR-US: PHPCityPortal CVE-2010-0973 (SQL injection vulnerability in index.php in phppool media Domain Verka ...) NOT-FOR-US: phppool Media Domain Verkaus and Auktions Portal CVE-2010-0972 (Directory traversal vulnerability in the GCalendar (com_gcalendar) com ...) NOT-FOR-US: com_gcalendar component for Joomla! CVE-2010-0971 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 al ...) NOT-FOR-US: ATutor CMS CVE-2010-0970 (SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows r ...) NOT-FOR-US: PhpMyLogon CVE-2010-0968 (SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 a ...) NOT-FOR-US: Geekhelps ADMP CVE-2010-0967 (Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, w ...) NOT-FOR-US: Geekhelps ADMP CVE-2010-0966 (PHP remote file inclusion vulnerability in inc/config.php in deV!L`z C ...) NOT-FOR-US: deV!L`z Clanportal CVE-2010-0965 (Jevci Siparis Formu Scripti stores sensitive information under the web ...) NOT-FOR-US: Jevci Siparis Formu Scripti CVE-2010-0964 (SQL injection vulnerability in start.php in Eros Webkatalog allows rem ...) NOT-FOR-US: Eros Webkatalog CVE-2010-0963 (Cross-site scripting (XSS) vulnerability in index.php in dl Download T ...) NOT-FOR-US: dl Download Ticket Service CVE-2010-1195 (Cross-site scripting (XSS) vulnerability in the htmlscrubber component ...) {DSA-2020-1} - ikiwiki 3.20100312 (low) CVE-2010-0747 (drbd8 allows local users to bypass intended restrictions for certain a ...) {DSA-2015-1} - linux-2.6 (drbd introduced for the first time in 2.6.32-12, which included the fix for this issue, so no supported debian kernel was ever affected) - drbd8 2:8.3.7-1 [lenny] - drbd8 2:8.0.14-2+lenny1 CVE-2010-0969 (Unbound before 1.4.3 does not properly align structures on 64-bit plat ...) - unbound 1.4.3-1 [lenny] - unbound (Vulnerable code not present) CVE-2010-XXXX [moin: hierarchical ACLs security issue] - moin 1.8.4-1 (low) [lenny] - moin 1.7.1-3+lenny3 NOTE: http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2 CVE-2010-0962 (The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Ti ...) NOT-FOR-US: Apple CVE-2010-0961 (Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VI ...) NOT-FOR-US: IBM AIX and VIOS CVE-2010-0960 (Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIO ...) NOT-FOR-US: IBM AIX and VIOS CVE-2010-0959 (Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/L ...) NOT-FOR-US: IBM ENOVIA SmarTeam CVE-2010-0958 (Directory traversal vulnerability in modules/hayoo/index.php in Tribis ...) NOT-FOR-US: Tribisur CVE-2010-0957 (Directory traversal vulnerability in content.php in Saskia's Shopsyste ...) NOT-FOR-US: Saskia's Shopsystem CVE-2010-0956 (SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remo ...) NOT-FOR-US: OpenCart CVE-2010-0955 (SQL injection vulnerability in index.php in Bild Flirt Community 2.0 a ...) NOT-FOR-US: Bild Flirt Community CVE-2010-0954 (SQL injection vulnerability in search_result.asp in Pre Projects Pre E ...) NOT-FOR-US: Pre Projects Pre E-Learning Portal CVE-2010-0953 (Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows r ...) NOT-FOR-US: phpCOIN CVE-2010-0952 (SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quo ...) NOT-FOR-US: OneCMS CVE-2010-0951 (SQL injection vulnerability in go_target.php in dev4u CMS allows remot ...) NOT-FOR-US: dev4u CMS CVE-2010-0950 (Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote ...) NOT-FOR-US: Natychmiast CMS CVE-2010-0949 (Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS ...) NOT-FOR-US: Natychmiast CMS CVE-2010-0948 (SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_ ...) NOT-FOR-US: Bigforum CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max Network T ...) NOT-FOR-US: BBSMAX CVE-2010-1132 (The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter ...) {DSA-2021-2 DSA-2021-1} - spamass-milter 0.3.1-9 (bug #573228) [lenny] - spamass-milter 0.3.1-8+lenny1 CVE-2010-1189 (MediaWiki before 1.15.2 does not prevent wiki editors from linking to ...) {DSA-2022-1} - mediawiki 1:1.15.2-1 (low) NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html [lenny] - mediawiki 1:1.12.0-2lenny4 CVE-2010-1190 (thumb.php in MediaWiki before 1.15.2, when used with access-restrictio ...) {DSA-2022-1} - mediawiki 1:1.15.2-1 (low) [lenny] - mediawiki 1:1.12.0-2lenny4 NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS) Softwa ...) NOT-FOR-US: com_ksadvertiser component for Joomla! CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament Brackets (co ...) NOT-FOR-US: com_hotbrackets component for Joomla! CVE-2010-0944 (Directory traversal vulnerability in the JCollection (com_jcollection) ...) NOT-FOR-US: com_jcollection component for Joomla! CVE-2010-0943 (Directory traversal vulnerability in the JA Showcase (com_jashowcase) ...) NOT-FOR-US: com_jashowcase component for Joomla! CVE-2010-0942 (Directory traversal vulnerability in the jVideoDirect (com_jvideodirec ...) NOT-FOR-US: com_jvideodirect component for Joomla! CVE-2010-0941 (Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hi ...) NOT-FOR-US: eTek Systems Hit Counter CVE-2010-0940 (Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PH ...) NOT-FOR-US: Simple PHP Guestbook CVE-2010-0939 (Visialis ABB Forum 1.1 stores sensitive information under the web root ...) NOT-FOR-US: Visialis ABB Forum CVE-2010-0938 (Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Fo ...) NOT-FOR-US: Todoo Forum CVE-2010-0937 (Multiple unspecified vulnerabilities in Visualization Library before 2 ...) NOT-FOR-US: Visualization Library CVE-2010-0936 (Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKV ...) NOT-FOR-US: D-LINK firmware CVE-2010-XXXX [phpbb 3.0.7 permissions bypass] - phpbb3 3.0.7-PL1 [lenny] - phpbb3 (older version is in the archive) [squeeze] - phpbb3 (older version is in the archive) NOTE: http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195 CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex- ...) - openssl (unimportant) NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf NOTE: somewhat impractical right now, but the openssl developers are working NOTE: on a fix just in case CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...) - samba 2:3.4.6~dfsg-1 (low; bug #568493; bug #572953) [lenny] - samba (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications) CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is empty ...) NOT-FOR-US: Perforce Server CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows remote aut ...) NOT-FOR-US: Perforce Server CVE-2010-0933 (Directory traversal vulnerability in Perforce Server 2008.1 allows rem ...) NOT-FOR-US: Perforce Server CVE-2010-0932 (The FTP server in Perforce Server 2008.1 allows remote attackers to ca ...) NOT-FOR-US: Perforce Server CVE-2010-0931 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...) NOT-FOR-US: Perforce Server CVE-2010-0930 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...) NOT-FOR-US: Perforce Server CVE-2010-0929 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...) NOT-FOR-US: Perforce Server CVE-2010-0927 (Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in ...) NOT-FOR-US: IBM Lotus Domino CVE-2010-0925 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 ...) NOT-FOR-US: Apple Safari CVE-2010-0924 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 ...) NOT-FOR-US: Apple Safari CVE-2010-0923 (Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner loc ...) - kdebase 4:4.4.2-1 [lenny] - kdebase (Only affected version 4.4.0) - kdebase-workspace 4:4.4.2-1 CVE-2010-0922 (Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300- ...) NOT-FOR-US: IBM AIX CVE-2010-0921 (Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (a ...) NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access CVE-2010-0920 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domi ...) NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access CVE-2010-0919 (Stack-based buffer overflow in the Lotus Domino Web Access ActiveX con ...) NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access CVE-2010-0918 (Multiple unspecified vulnerabilities in the UltraLite functionality in ...) NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access CVE-2010-0917 (Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Microsoft Windows CVE-2010-0916 (Unspecified vulnerability in Oracle OpenSolaris 10 allows local users ...) NOT-FOR-US: Solaris CVE-2010-0915 (Unspecified vulnerability in the Oracle Advanced Product Catalog compo ...) NOT-FOR-US: Oracle CVE-2010-0914 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote ...) NOT-FOR-US: Oracle CVE-2010-0913 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: Oracle CVE-2010-0912 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle CVE-2010-0911 (Unspecified vulnerability in the Listener component in Oracle Database ...) NOT-FOR-US: Oracle CVE-2010-0910 (Unspecified vulnerability in the Data Server component in Oracle Times ...) NOT-FOR-US: Oracle CVE-2010-0909 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle CVE-2010-0908 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle CVE-2010-0907 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...) NOT-FOR-US: Oracle CVE-2010-0906 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...) NOT-FOR-US: Oracle CVE-2010-0905 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: Oracle CVE-2010-0904 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...) NOT-FOR-US: Oracle CVE-2010-0903 (Unspecified vulnerability in the Net Foundation Layer component in Ora ...) NOT-FOR-US: Oracle CVE-2010-0902 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...) NOT-FOR-US: Oracle CVE-2010-0901 (Unspecified vulnerability in the Export component in Oracle Database S ...) NOT-FOR-US: Oracle CVE-2010-0900 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...) NOT-FOR-US: Oracle CVE-2010-0899 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...) NOT-FOR-US: Oracle CVE-2010-0898 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...) NOT-FOR-US: Oracle CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory Server comp ...) NOT-FOR-US: Sun Java System Directory Server CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in Oracle S ...) NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0895 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...) NOT-FOR-US: OpenSolaris CVE-2010-0894 (Unspecified vulnerability in the Sun Java System Access Manager compon ...) NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in Oracle S ...) NOT-FOR-US: Oracle sun Product Suite CVE-2010-0892 (Unspecified vulnerability in the Application Express component in Orac ...) NOT-FOR-US: Oracle CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center component in Or ...) NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...) NOT-FOR-US: OpenSolaris CVE-2010-0889 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...) NOT-FOR-US: OpenSolaris CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software component in ...) NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...) - sun-java6 6.20-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0886 (Unspecified vulnerability in the Java Deployment Toolkit component in ...) - sun-java6 6.20-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications Expres ...) NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun P ...) NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0883 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun P ...) NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0882 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...) NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0881 (Unspecified vulnerability in the User Interface Components in Oracle C ...) NOT-FOR-US: Oracle Collaboration Suite CVE-2010-0880 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle PeopleSoft CVE-2010-0879 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle PeopleSoft CVE-2010-0878 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle PeopleSoft CVE-2010-0877 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle PeopleSoft CVE-2010-0876 (Unspecified vulnerability in the Life Sciences - Oracle Clinical Remot ...) NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0875 (Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Mana ...) NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle Communication ...) NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0873 (Unspecified vulnerability in the Data Server component in Oracle Times ...) NOT-FOR-US: Oracle CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory component i ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-0870 (Unspecified vulnerability in the Change Data Capture component in Orac ...) NOT-FOR-US: Oracle Database CVE-2010-0869 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-0868 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-0867 (Unspecified vulnerability in the JavaVM component in Oracle Database 1 ...) NOT-FOR-US: Oracle Database CVE-2010-0866 (Unspecified vulnerability in the JavaVM component in Oracle Database 1 ...) NOT-FOR-US: Oracle Database CVE-2010-0865 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-0864 (Unspecified vulnerability in the Retail - Oracle Retail Place In-Seaso ...) NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0863 (Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season ...) NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0862 (Unspecified vulnerability in the Retail - Oracle Retail Markdown Optim ...) NOT-FOR-US: Oracle Industry Product Suite CVE-2010-0861 (Unspecified vulnerability in the Oracle HRMS (Self Service) component ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-0860 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database CVE-2010-0859 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-0858 (Unspecified vulnerability in the E-Business Intelligence component in ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-0857 (Unspecified vulnerability in the Oracle Workflow Cartridge component i ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-0856 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-0855 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-0854 (Unspecified vulnerability in the Audit component in Oracle Database 9. ...) NOT-FOR-US: Oracle Database CVE-2010-0853 (Unspecified vulnerability in the Oracle Internet Directory component i ...) NOT-FOR-US: Oracle Database CVE-2010-0852 (Unspecified vulnerability in the XML DB component in Oracle Database 9 ...) NOT-FOR-US: Oracle Database CVE-2010-0851 (Unspecified vulnerability in the XML DB component in Oracle Database 9 ...) NOT-FOR-US: Oracle Database CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0849 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0846 (Unspecified vulnerability in the ImageIO component in Oracle Java SE a ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle Ja ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0843 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE a ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0839 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE a ...) - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0836 (Unspecified vulnerability in the Oracle Knowledge Management component ...) NOT-FOR-US: Oracle CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before ...) - base-files (ubuntu-specific fix for their default OEM configuration on the Dell Latitude 2110, which permitted installation of unsigned packages) CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8 ...) NOT-FOR-US: Likewise CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1 ...) - pam (flaw in ubuntu-specific changes to the package) CVE-2010-0831 (Directory traversal vulnerability in the extract_jar function in jarto ...) - fastjar 2:0.98-3 (low) [lenny] - fastjar (Minor issue) CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function in elf/d ...) {DSA-2058-1} - glibc 2.11-1 - eglibc 2.11-1 NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5 CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTe ...) {DSA-2048-1} - dvipng 1.13-1 (low; bug #580628) - texlive-bin (dvipng is not shipped in texlive-bin Debian packages) CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the De ...) {DSA-2024-1} - moin 1.9.2-3 (low; bug #575995) CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, all ...) - texlive-bin 2009-6 (low; bug #580669) [lenny] - texlive-bin 2007.dfsg.2-4+lenny3 CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss- ...) - libnss-db 2.2.3pre1-3.2 (low; bug #577057) [squeeze] - libnss-db (Minor issue) [lenny] - libnss-db (Minor issue) CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users t ...) - emacs21 (low) [lenny] - emacs21 (Minor issue) NOTE: Only exploitable when configured as setgid mail, which isn't set by default - emacs22 (low; bug #590301) [lenny] - emacs22 (Minor issue) - xemacs21 21.4.22-3.1 (low) [lenny] - xemacs21 (Minor issue) [lenny] - xmacs21 (Minor issue) - emacs23 23.2+1-1 (low) CVE-2010-XXXX [esmtp: world-readable config file] - esmtp 1.2-3 (unimportant; bug #568925) NOTE: Documentation advises against adding password data to the respective config file CVE-2010-XXXX [irssi emote leak] - irssi-plugin-otr 1.0.0~alpha2-1 (unimportant; bug #569506) CVE-2010-2450 (The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/s ...) - shibboleth-sp2 2.3.1+dfsg-2 (low; bug #571631) [lenny] - shibboleth-sp2 (Minor issue) - shibboleth-sp (Vulnerable code not present) CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' ...) - libesmtp 1.0.4-5 (bug #572960) [lenny] - libesmtp (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2010/03/03/6 CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...) NOT-FOR-US: VMware Server CVE-2010-XXXX [argyll unsafe udev rules] - argyll (issue with redhat-specific changes to the package) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050 CVE-2010-2473 (Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly b ...) {DSA-2016-1} - drupal6 6.18-1 (bug #592716) CVE-2010-2472 (Locale module and dependent contributed modules in Drupal 6.x before 6 ...) {DSA-2016-1} - drupal6 6.18-1 (bug #592716) CVE-2010-2471 (Drupal versions 5.x and 6.x has open redirection ...) {DSA-2016-1} - drupal6 6.18-1 (bug #592716) CVE-2010-2250 (Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output du ...) {DSA-2016-1} - drupal6 6.18-1 (bug #592716) CVE-2010-XXXX [linux-ftpd: null ptr dereference] - linux-ftpd (Performs proper length checks, see #572813) CVE-2010-0824 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Offic ...) NOT-FOR-US: Microsoft CVE-2010-0823 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3 ...) NOT-FOR-US: Microsoft CVE-2010-0822 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...) NOT-FOR-US: Microsoft CVE-2010-0821 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3 ...) NOT-FOR-US: Microsoft CVE-2010-0820 (Heap-based buffer overflow in the Local Security Authority Subsystem S ...) NOT-FOR-US: Microsoft Windows CVE-2010-0819 (Unspecified vulnerability in the Windows OpenType Compact Font Format ...) NOT-FOR-US: Microsoft CVE-2010-0818 (The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP S ...) NOT-FOR-US: Microsoft Windows CVE-2010-0817 (Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Micr ...) NOT-FOR-US: Microsoft SharePoint Server CVE-2010-0816 (Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, ...) NOT-FOR-US: Microsoft Outlook Express, Windows Live Mail, and Windows Mail CVE-2010-0815 (VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft O ...) NOT-FOR-US: Microsoft Office CVE-2010-0814 (The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2010-0813 REJECTED CVE-2010-0812 (Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, an ...) NOT-FOR-US: Microsoft Windows CVE-2010-0811 (Multiple unspecified vulnerabilities in the Microsoft Internet Explore ...) NOT-FOR-US: Microsoft CVE-2010-0810 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows ...) NOT-FOR-US: Microsoft Windows CVE-2010-0809 REJECTED CVE-2010-0808 (Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not p ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka iepeer ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft Internet E ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 ...) NOT-FOR-US: iBoutique CVE-2010-0803 (SQL injection vulnerability in the jVideoDirect (com_jvideodirect) com ...) NOT-FOR-US: jVideoDirect CVE-2010-0802 (SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modi ...) NOT-FOR-US: Invision Power Board CVE-2010-0801 (Directory traversal vulnerability in the AutartiTarot (com_autartitaro ...) NOT-FOR-US: Joomla! CVE-2010-0800 (SQL injection vulnerability in the Ossolution Team Documents Seller (a ...) NOT-FOR-US: Joomla! CVE-2010-0799 (Directory traversal vulnerability in misc/tell_a_friend/tell.php in ph ...) NOT-FOR-US: phpunity.newsmanager CVE-2010-0798 (SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier ...) NOT-FOR-US: T3BLOG extension for TYPO3 CVE-2010-0797 (Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 ...) NOT-FOR-US: T3BLOG extension for TYPO3 CVE-2010-0796 (SQL injection vulnerability in the JE Quiz (com_jequizmanagement) comp ...) NOT-FOR-US: Joomla! CVE-2010-0795 (SQL injection vulnerability in the JE Event Calendars (com_jeeventcale ...) NOT-FOR-US: Joomla! CVE-2010-0794 RESERVED CVE-2010-0793 (Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cau ...) {DSA-2049-1} - barnowl 1.5.1-1 (bug #574418) CVE-2010-0792 (fcrontab in fcron before 3.0.5 allows local users to read arbitrary fi ...) - fcron (unimportant; bug #572587) NOTE: On Debian runs suid/sgid fcron and the issue is limited to the exposure NOTE: of the content of crontabs CVE-2010-0791 (The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2. ...) - ncpfs 2.2.6-7 (bug #572937) [lenny] - ncpfs (Minor issue) CVE-2010-0790 (sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detaile ...) - ncpfs 2.2.6-7 (bug #572937) [lenny] - ncpfs (Minor issue) CVE-2010-0789 (fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local ...) {DSA-1989-1} - fuse 2.8.1-1.2 (bug #567633) NOTE: Initial DSA released as CVE-2009-3297 CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain se ...) - ncpfs 2.2.6-7 (bug #572937) [lenny] - ncpfs (Minor issue) CVE-2010-0787 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3 ...) {DSA-2004-1} - samba 2:3.4.5~dfsg-2 (bug #567554) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853 NOTE: Initial DSA released as CVE-2009-3297 CVE-2010-0786 (The Web Services Security component in IBM WebSphere Application Serve ...) NOT-FOR-US: IBM WebSphere Application CVE-2010-0785 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0784 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0783 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows rem ...) NOT-FOR-US: IBM WebSphere CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM WebSphe ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0780 (IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a ...) NOT-FOR-US: IBM WebSphere CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: IBM WebSphere CVE-2010-0778 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: IBM WebSphere CVE-2010-0777 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0776 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0775 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6. ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0774 (The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0773 RESERVED CVE-2010-0772 (Unspecified vulnerability in the channel process in IBM WebSphere MQ 7 ...) NOT-FOR-US: IMB WebSphere MQ CVE-2010-0771 REJECTED CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0768 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0767 RESERVED CVE-2010-0766 (Integer overflow in the Swap4 function in valet4.dll in Luxology Modo ...) NOT-FOR-US: Luxology Modo CVE-2010-0765 (fipsForum 2.6 stores sensitive information under the web root with ins ...) NOT-FOR-US: fipsForum CVE-2010-0764 (SQL injection vulnerability in index.php in KuwaitPHP eSmile allows re ...) NOT-FOR-US: KuwaitPHP eSmile CVE-2010-0763 (SQL injection vulnerability in index.php in CommodityRentals Vacation ...) NOT-FOR-US: ComodityRentals Vacation Rental Software CVE-2010-0762 (SQL injection vulnerability in index.php in CommodityRentals CD Rental ...) NOT-FOR-US: CommodityRentals CD Rental Software CVE-2010-0761 (SQL injection vulnerability in index.php in CommodityRentals Books/eBo ...) NOT-FOR-US: CommodityRentals Books/eBooks Rentals Script CVE-2010-0760 (Multiple directory traversal vulnerabilities in the Core Design Script ...) NOT-FOR-US: Joomla! CVE-2010-0759 (Directory traversal vulnerability in plugins/system/cdscriptegrator/li ...) NOT-FOR-US: Joomla! CVE-2010-0758 (SQL injection vulnerability in news_desc.php in Softbiz Jobs allows re ...) NOT-FOR-US: Softbiz Jobs CVE-2010-0757 (Unrestricted file upload vulnerability in index.php/Attach in WikyBlog ...) NOT-FOR-US: WikyBlog CVE-2010-0756 (Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote att ...) NOT-FOR-US: WikyBlog CVE-2010-0755 (PHP remote file inclusion vulnerability in include/WBmap.php in WikyBl ...) NOT-FOR-US: WikyBlog CVE-2010-0754 (Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Tem ...) NOT-FOR-US: WikyBlog CVE-2010-0753 (SQL injection vulnerability in the SQL Reports (com_sqlreport) compone ...) NOT-FOR-US: Joomla! CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type module ...) NOT-FOR-US: Weekly Archive by Node Type (Drupal module) CVE-2010-1144 REJECTED CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users t ...) - policykit-1 (pkexec introduced in 0.92) [lenny] - policykit-1 (pkexec introduced in 0.92) CVE-2010-0749 (Transmission before 1.92 allows attackers to prevent download of a fil ...) - transmission 1.92-1 (unimportant; bug #574507) CVE-2010-0748 (Transmission before 1.92 allows an attacker to cause a denial of servi ...) - transmission 1.92-1 (medium; bug #574507) [lenny] - transmission (Support for Magnet links not yet available) CVE-2010-0746 (Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as ...) - udisks 1.0.0~git20100212.aae17d9-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178 NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2 NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235 CVE-2010-0745 (Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote ...) - dovecot 1:1.2.11-1 (low) [lenny] - dovecot (this problem exists only with v1.2.x, not with v1.0 or v1.1) NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html [etch] - dovecot (Vulnerable code not present) CVE-2010-0744 (aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, do ...) - amsn 0.98.3-1 (low; bug #572818) [lenny] - amsn (Minor issue) CVE-2010-0743 (Multiple format string vulnerabilities in isns.c in (1) Linux SCSI tar ...) {DSA-2042-1} - iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935) - tgt 1:1.0.3-2 (medium; bug #576086) CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cm ...) - openssl 1.0.0e-1 (unimportant; bug #584592) [lenny] - openssl (CMS is only present in OpenSSL 0.9.8h and later) NOTE: unimportant since cms is disabled by default CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the virtio- ...) - linux-2.6 2.6.26-1 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...) - openssl 0.9.8n-1 (medium; bug #575607) [lenny] - openssl (only 0.9.8m is affected with 16 bit shorts) NOTE: http://www.openssl.org/news/secadv/20100324.txt CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips ...) - texlive-bin 2009-6 (low; bug #560668) [lenny] - texlive-bin 2007.dfsg.2-4+lenny3 CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2010-0737 (A missing permission check was found in The CLI in JBoss Operations Ne ...) NOT-FOR-US: JBoss Operations Network CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform functio ...) - viewvc 1.1.5-1 (bug #575787) CVE-2010-0735 REJECTED CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enab ...) {DSA-2023-1} - curl 7.20.0-1 (low) NOTE: https://www.openwall.com/lists/oss-security/2010/03/16/11 NOTE: depends on the application that uses libcurl CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4. ...) - postgresql-8.4 8.4.2-1 CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver be ...) - gtk+2.0 2.18.5-1 [lenny] - gtk+2.0 (issue only exposed by gnome-screensaver 2.28) [etch] - gtk+2.0 (issue only exposed by gnome-screensaver 2.28) NOTE: https://www.openwall.com/lists/oss-security/2010/02/12/1 CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library before 1 ...) - gnutls26 (Fixed before initial release) - gnutls13 1.2.1-1 CVE-2010-0730 (The MMIO instruction decoder in the Xen hypervisor in the Linux kernel ...) - linux-2.6 (redhat-specific issue in the 2.6.18 xen kernel) CVE-2010-0729 (A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Lin ...) - linux-2.6 (vulnerability in redhat-specific patch) CVE-2010-0728 (smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled ...) - samba 2:3.4.7~dfsg-1 (high; bug #573223) [lenny] - samba (Only affects 3.3.11, 3.4.6 and 3.5.0) CVE-2010-0727 (The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-2010 ...) {DSA-2053-1} - linux-2.6 2.6.32-11 CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack ...) {DSA-2009-1} - tdiary 2.2.1-1.1 (low; bug #572417) CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in Moin ...) {DSA-2014-1} - moin 1.9.0~rc2-1 CVE-2010-0725 (Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1 ...) NOT-FOR-US: Arab Cart CVE-2010-0724 (SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows ...) NOT-FOR-US: Arab Cart CVE-2010-0723 (SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 al ...) NOT-FOR-US: Ero Auktion CVE-2010-0722 (SQL injection vulnerability in news.php in Php Auktion Pro allows remo ...) NOT-FOR-US: Php Auktion Pro CVE-2010-0721 (SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allow ...) NOT-FOR-US: Auktionshaus Gelb CVE-2010-0720 (SQL injection vulnerability in news.php in Erotik Auktionshaus allows ...) NOT-FOR-US: Erotik Auktionshaus CVE-2010-0719 (An unspecified API in Microsoft Windows 2000, Windows XP, Windows Serv ...) NOT-FOR-US: Microsoft CVE-2010-0718 (Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 ...) NOT-FOR-US: Microsoft CVE-2010-0716 (_layouts/Upload.aspx in the Documents module in Microsoft SharePoint b ...) NOT-FOR-US: Microsoft CVE-2010-0715 (Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM ...) NOT-FOR-US: IBM WebSphere Portal CVE-2010-0714 (Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere Portal CVE-2010-0713 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2 ...) - zenoss (bug #361253) NOTE: http://seclists.org/fulldisclosure/2010/Jan/296 CVE-2010-0712 (Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEven ...) - zenoss (bug #361253) NOTE: http://seclists.org/fulldisclosure/2010/Jan/241 CVE-2010-0711 (Cross-site request forgery (CSRF) vulnerability in default.asp in ASPC ...) NOT-FOR-US: ASPCode CMS CVE-2010-0710 (SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 ...) NOT-FOR-US: ASPCode CMS CVE-2010-0709 (Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2. ...) NOT-FOR-US: Limny CVE-2010-0708 (Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe ...) NOT-FOR-US: Sun Directory Server Enterprise Edition CVE-2010-0707 (Cross-site request forgery (CSRF) vulnerability in add_user.php in Emp ...) NOT-FOR-US: Employee Timeclock Software CVE-2010-0706 (Cross-site scripting (XSS) vulnerability in the login/prompt component ...) NOT-FOR-US: Subex Nikira Fraud Management System CVE-2010-0705 (Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 ...) NOT-FOR-US: Windows 2000 CVE-2010-0704 (Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM ...) NOT-FOR-US: IBM WebSphere Portal CVE-2010-0703 (Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VP ...) NOT-FOR-US: PortWise SSL VPN CVE-2010-0702 (SQL injection vulnerability in cisco/services/PhonecDirectory.php in F ...) NOT-FOR-US: Fonality Trixbox CVE-2010-0701 (SQL injection vulnerability in ForceChangePassword.jsp in Newgen Softw ...) NOT-FOR-US: Newgen Software OmniDocs CVE-2010-0700 (Cross-site scripting (XSS) vulnerability in index.php in WampServer 2. ...) NOT-FOR-US: WampServer CVE-2010-0699 (Cross-site scripting (XSS) vulnerability in index.php in VideoSearchSc ...) NOT-FOR-US: VideoSearchScript Pro CVE-2010-0698 (SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC ...) NOT-FOR-US: Dynamicsoft WSC CMS CVE-2010-0697 (Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6 ...) NOT-FOR-US: iTweak Upload module for Drupal CVE-2010-0696 (Directory traversal vulnerability in includes/download.php in the Joom ...) NOT-FOR-US: Joomla! CVE-2010-0695 (Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-C ...) NOT-FOR-US: BASIC-CMS CVE-2010-0694 (SQL injection vulnerability in the PerchaGallery (com_perchagallery) c ...) NOT-FOR-US: Joomla! CVE-2010-0693 (SQL injection vulnerability in products.php in CommodityRentals Trade ...) NOT-FOR-US: CommodityRentals Trade Manager Script CVE-2010-0692 (SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Compo ...) NOT-FOR-US: Joomla! CVE-2010-0691 (SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows r ...) NOT-FOR-US: JTL-Shop CVE-2010-0690 (SQL injection vulnerability in index.php in CommodityRentals Video Gam ...) NOT-FOR-US: CommodityRentals Video Games Rentals CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0 ...) NOT-FOR-US: ActiveX CVE-2010-0688 (Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assiste ...) NOT-FOR-US: Orbital Viewer CVE-2010-0687 RESERVED CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, an ...) NOT-FOR-US: VMware Server CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source 1.2.x ...) - asterisk 1:1.6.2.6-1 NOTE: Design limitation documented in that version [lenny] - asterisk (Unfixable design issue, best practice docs need to be followed) [squeeze] - asterisk (Unfixable design issue, best practice docs need to be followed) CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action i ...) NOT-FOR-US: Apache ActiveMQ CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...) NOT-FOR-US: TIBCO Administrator CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read t ...) - wordpress 2.9.2-1 (low) [lenny] - wordpress (Only affects Wordpress >= 2.9) CVE-2010-XXXX [multiple typo issues] - typo3-src 4.3.2-1 (bug #571151) [lenny] - typo3-src 4.2.5-1+lenny3 NOTE: DSA-2008 CVE-2010-0681 (ZeusCMS 0.2 stores sensitive information under the web root with insuf ...) NOT-FOR-US: ZeusCMS CVE-2010-0680 (Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows r ...) NOT-FOR-US: ZeusCMS CVE-2010-0679 (Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ...) NOT-FOR-US: ActiveX CVE-2010-0678 (PHP remote file inclusion vulnerability in includes/moderation.php in ...) NOT-FOR-US: Katalog Stron Hurricane CVE-2010-0677 (SQL injection vulnerability in index.php in Katalog Stron Hurricane 1. ...) NOT-FOR-US: Katalog Stron Hurricane CVE-2010-0676 (Directory traversal vulnerability in index.php in the RWCards (com_rwc ...) NOT-FOR-US: RWCards component for Joomla! CVE-2010-0675 (Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik B ...) NOT-FOR-US: BGSvetionik BGS CMS CVE-2010-0674 (StatCounteX 3.1 stores sensitive information under the web root with i ...) NOT-FOR-US: StatCounteX CVE-2010-0673 (SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog ...) NOT-FOR-US: Copperleaf Photolog plugin for WordPress CVE-2010-0672 (SQL injection vulnerability in index.php in WSN Guest 1.02 allows remo ...) NOT-FOR-US: WSN Guest CVE-2010-0671 (SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allow ...) NOT-FOR-US: KR MEDIA Pogodny CMS CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Compone ...) NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitiz ...) {DSA-2014-1} - moin 1.9.2-1 (bug #569975) CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x befor ...) {DSA-2014-1} - moin 1.9.2-1 (bug #569975) CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of th ...) - moin 1.9.1-1 [lenny] - moin (versions before 1.9 are not affected) [etch] - moin (versions before 1.9 are not affected) NOTE: http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2 NOTE: http://hg.moinmo.in/moin/1.9/rev/04afdde50094 NOTE: http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18 CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch ...) NOT-FOR-US: Novell eDirectory CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information under t ...) NOT-FOR-US: JAG CVE-2010-0664 (Stack consumption vulnerability in the ChildProcessSecurityPolicy::Can ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-0663 (The ParamTraits<SkBitmap>::Read function in common/common_param_ ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-0662 (The ParamTraits<SkBitmap>::Read function in common/common_param_ ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r524 ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (libv8 issue) NOTE: http://trac.webkit.org/changeset/52401 CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer head ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome be ...) - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before 4. ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the expect ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) NOTE: claimed to be a windows-only issue CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, pres ...) - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-0654 (Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbir ...) {DSA-2124-1 DSA-2075-1} - xulrunner 1.9.1.11-1 (bug #570743) - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - icedove 3.0.6-1 [lenny] - icedove - iceape 2.0.6-1 [lenny] - iceape (Only a stub package) CVE-2010-0653 (Opera before 10.10 permits cross-origin loading of CSS stylesheets eve ...) NOT-FOR-US: Opera CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS styles ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and A ...) - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) [lenny] - webkit (Too intrusive to backport, disk of regression higher than impact at hand) NOTE: http://trac.webkit.org/changeset/52784 CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, a ...) - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (unimportant) NOTE: http://code.google.com/p/chromium/issues/detail?id=3275 NOTE: unimportant because this is just a popup blocker bypass CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function i ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to disco ...) - xulrunner (bug #570743) [wheezy] - xulrunner (no detailed information available) CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, allo ...) - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (medium) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before r ...) - chromium-browser 5.0.375.29~r46008-1 - libv8 2.1.6-1 - webkit (libv8 issue) CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...) - chromium-browser 5.0.375.29~r46008-1 - libv8 2.1.6-1 - webkit (libv8 issue) CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is config ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct connections to ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...) NOT-FOR-US: Cisco Collaboration Server CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/Log ...) NOT-FOR-US: Cisco Collaboration Server CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance Man ...) NOT-FOR-US: CA eHealth Performance Manager CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.ST ...) - squid 2.7.STABLE8-1 (bug #572553) [lenny] - squid (Minor issue, only affects non-default setup) - squid3 3.1.0.17-1 (bug #572554) [lenny] - squid3 (Minor issue, only affects non-default setup) CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 a ...) - webcalendar (bug #572557) CVE-2010-XXXX [phpbb3 weak captcha] - phpbb3 3.0.7-PL1-1 (unimportant; bug #570011) CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) be ...) - flex 2.5.35-1 CVE-2010-0629 (Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmin ...) {DSA-2031-1} - krb5 1.7+dfsg-1 (low) NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt CVE-2010-0628 (The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego ...) - krb5 1.8+dfsg-1.1 (bug #575740) [lenny] - krb5 (Only affects 1.7/1.8) CVE-2010-2234 (Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8. ...) - couchdb 0.11.0-2.1 (bug #570013) [lenny] - couchdb (does not support authentication at all) CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalen ...) - webcalendar (bug #572557) CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2 ...) - webcalendar (bug #572557) CVE-2010-0635 (SQL injection vulnerability in the plgSearchEventsearch::onSearch meth ...) NOT-FOR-US: JEvents Search plugin for Joomla! CVE-2010-0633 (Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier ...) NOT-FOR-US: Citrix XenServer CVE-2010-0632 (SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com ...) NOT-FOR-US: Parkview Consultants SimpleFAQ component for Joomla! CVE-2010-0631 (Multiple SQL injection vulnerabilities in index.php in Eicra Car Renta ...) NOT-FOR-US: Eicra Car Rental-Script CVE-2010-0630 (SQL injection vulnerability in viewjokes.php in Evernew Free Joke Scri ...) NOT-FOR-US: Evernew Free Joke Script CVE-2010-0627 RESERVED CVE-2010-0626 RESERVED CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP se ...) NOT-FOR-US: Novell NetWare CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib. ...) - cpio 2.11-1 (low) - tar 1.23-1 (low) [lenny] - tar 1.20-1+lenny1 [lenny] - cpio 2.9-13lenny1 CVE-2010-0621 RESERVED CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase S ...) NOT-FOR-US: EMC HomeBase Server CVE-2010-0619 (Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode ...) NOT-FOR-US: Lexmark laser printers CVE-2010-0618 (The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode ...) NOT-FOR-US: Lexmark laser and injet printers and MarkNet devices CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.0 ...) NOT-FOR-US: evalSMSI CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database, which a ...) NOT-FOR-US: evalSMSI CVE-2010-0615 (Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI 2.1 ...) NOT-FOR-US: evalSMSI CVE-2010-0614 (SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remo ...) NOT-FOR-US: evalSMSI CVE-2010-0613 (Directory traversal vulnerability in viewfile.php in ARWScripts Fonts ...) NOT-FOR-US: ARWScripts Fonts Script CVE-2010-0612 (Unspecified vulnerability in DocumentManager before 4.0 has unknown im ...) NOT-FOR-US: DocumentManager CVE-2010-0611 (Multiple SQL injection vulnerabilities in adminlogin.php in Baal Syste ...) NOT-FOR-US: Baal Systems CVE-2010-0610 (Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog ...) NOT-FOR-US: Photoblog component for Joomla! CVE-2010-0609 (SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows re ...) NOT-FOR-US: NovaBoard CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows rem ...) NOT-FOR-US: NovaBoard CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 ...) NOT-FOR-US: Sterlite SAM300 AX Router CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket b ...) NOT-FOR-US: osTicket CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 S ...) NOT-FOR-US: osTicket CVE-2010-0604 (Unspecified vulnerability in the SIP implementation on the Cisco PGW 2 ...) NOT-FOR-US: Cisco PGW CVE-2010-0603 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: Cisco PWG CVE-2010-0602 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: Cisco PGW CVE-2010-0601 (The MGCP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: Cisco PGW CVE-2010-0600 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...) NOT-FOR-US: Cisco Mediator Framework CVE-2010-0599 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...) NOT-FOR-US: Cisco Mediator Framework CVE-2010-0598 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...) NOT-FOR-US: Cisco Mediator Framework CVE-2010-0597 (Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5 ...) NOT-FOR-US: Cisco Mediator Framework CVE-2010-0596 (Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1 ...) NOT-FOR-US: Cisco Mediator Framework CVE-2010-0595 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...) NOT-FOR-US: Cisco Mediator Framework CVE-2010-0594 (Cross-site scripting (XSS) vulnerability in Cisco Router and Security ...) NOT-FOR-US: Cisco Router and Security Device Manager CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC23 ...) NOT-FOR-US: Cisco RVS4000 Router CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka C ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications Manager (ak ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desk ...) NOT-FOR-US: Cisco Secure Desktop CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2010-0586 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...) NOT-FOR-US: Cisco IOS CVE-2010-0585 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...) NOT-FOR-US: Cisco IOS CVE-2010-0584 (Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentati ...) NOT-FOR-US: Cisco IOS CVE-2010-0583 (Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4 ...) NOT-FOR-US: Cisco IOS CVE-2010-0582 (Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote ...) NOT-FOR-US: Cisco IOS CVE-2010-0581 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 ...) NOT-FOR-US: Cisco IOS CVE-2010-0580 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 ...) NOT-FOR-US: CiscoIOS CVE-2010-0579 (The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attack ...) NOT-FOR-US: Cisco IOS CVE-2010-0578 (The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 an ...) NOT-FOR-US: Cisco IOS CVE-2010-0577 (Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size ...) NOT-FOR-US: Cisco IOS CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x ...) NOT-FOR-US: Cisco IOS CVE-2010-0575 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possib ...) NOT-FOR-US: Cisco WLC CVE-2010-0574 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) softw ...) NOT-FOR-US: Cisco WLC CVE-2010-0573 (Unspecified vulnerability on the Cisco Digital Media Player before 5.2 ...) NOT-FOR-US: Cisco Digital Media Player CVE-2010-0572 (Cisco Digital Media Manager (DMM) before 5.2 allows remote authenticat ...) NOT-FOR-US: Cisco Digital Media Manager CVE-2010-0571 (Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x a ...) NOT-FOR-US: Cisco Digital Media Manager CVE-2010-0570 (Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default passwo ...) NOT-FOR-US: Cisco Digital Media Manager CVE-2010-0569 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...) NOT-FOR-US: Cisco CVE-2010-0568 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...) NOT-FOR-US: Cisco CVE-2010-0567 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...) NOT-FOR-US: Cisco CVE-2010-0566 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...) NOT-FOR-US: Cisco CVE-2010-0565 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...) NOT-FOR-US: Cisco CVE-2010-XXXX [multiple mod_security issues] - libapache-mod-security 2.5.12-1 (bug #569658) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455 CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux kernel befor ...) - linux-2.6 2.6.32-9 [etch] - linux-2.6 (vulnerable code introduced in 2.6.28) [lenny] - linux-2.6 (vulnerable code introduced in 2.6.28) - linux-2.6.24 (vulnerable code introduced in 2.6.28) CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel befor ...) {DSA-2012-1 DSA-2005-1 DSA-2003-1} - linux-2.6 2.6.32-9 - linux-2.6.24 CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeS ...) NOT-FOR-US: Trend Micro URL Filtering Engine CVE-2010-0563 (The Single Sign-on (SSO) functionality in IBM WebSphere Application Se ...) NOT-FOR-US: IBM WebSphere Application CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, ...) - fetchmail 6.3.13-2 (low) [lenny] - fetchmail (This issue was introduced in 6.3.11) [etch] - fetchmail (This issue was introduced in 6.3.11) NOTE: the conditions so that this is exploitable are rather obscure CVE-2010-0561 (Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before ...) NOT-FOR-US: NetBSD CVE-2010-0560 (Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, D ...) NOT-FOR-US: Intel Desktop BIOS CVE-2010-0559 (The default configuration of Oracle OpenSolaris snv_91 through snv_131 ...) NOT-FOR-US: Oracle OpenSolaris CVE-2010-0558 (The default configuration of Oracle OpenSolaris snv_77 through snv_131 ...) NOT-FOR-US: Oracle OpenSolaris CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified access t ...) NOT-FOR-US: IBM Cognos Express CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 popul ...) - chromium-browser 5.0.375.29~r46008-1 - webkit (chrome-specific issue) CVE-2010-0555 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prev ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0554 (The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and e ...) NOT-FOR-US: Geo++ GNCASTER CVE-2010-0553 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users t ...) NOT-FOR-US: Geo++ GNCASTER CVE-2010-0552 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Geo++ GNCASTER CVE-2010-0551 (HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earli ...) NOT-FOR-US: Geo++ GNCASTER CVE-2010-0550 (admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enfo ...) NOT-FOR-US: Geo++ GNCASTER CVE-2010-0549 (Unspecified vulnerability in the Network Controller in Xerox WorkCentr ...) NOT-FOR-US: Xerox WorkCentre CVE-2010-0548 (Multiple unspecified vulnerabilities in the Network Controller and Web ...) NOT-FOR-US: Xerox WorkCentre CVE-2010-0547 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier ...) {DSA-2004-1} - samba 2:3.4.5~dfsg-2 (bug #568942; medium) CVE-2010-0546 (Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allow ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0545 (The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 befor ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...) - webkit 1.2.1-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser (only Safari is affected, they have a different URL parsing implementation) NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662 NOTE: http://trac.webkit.org/changeset/58792 NOTE: http://trac.webkit.org/changeset/58796 CVE-2010-0543 (ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remot ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0542 (The _WriteProlog function in texttops.c in texttops in the Text Filter ...) {DSA-2176-1} - cups 1.4.4-1 CVE-2010-0541 (Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in ...) - ruby1.8 1.8.7.302-1 [lenny] - ruby1.8 (Minor issue) - ruby1.9 [lenny] - ruby1.9 (Minor issue) - ruby1.9.1 1.9.2.0-1 (bug #593298) CVE-2010-0540 (Cross-site request forgery (CSRF) vulnerability in the web interface i ...) {DSA-2176-1} - cups 1.4.4-1 CVE-2010-0539 (Integer signedness error in the window drawing implementation in Apple ...) NOT-FOR-US: Apple Java CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10. ...) NOT-FOR-US: Apple Java CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly ...) NOT-FOR-US: Apple DesktopServices CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to exe ...) NOT-FOR-US: Apple QuickTime CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled ...) - dovecot (Apple specific, http://marc.info/?l=oss-security&m=136546217008001&w=2) CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the ...) NOT-FOR-US: Apple Wiki Server CVE-2010-0533 (Directory traversal vulnerability in AFP Server in Apple Mac OS X befo ...) NOT-FOR-US: Apple AFP Server CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1 ...) NOT-FOR-US: Apple itunes CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Apple iTunes CVE-2010-0530 (Apple QuickTime before 7.6.9 on Windows sets weak permissions for the ...) NOT-FOR-US: QuickTime CVE-2010-0529 (Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before ...) NOT-FOR-US: Apple QuickTime CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to exe ...) NOT-FOR-US: Apple Quicktime CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows allows rem ...) NOT-FOR-US: Apple QuickTime CVE-2010-0526 (Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple ...) NOT-FOR-US: Apple QuickTime CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...) NOT-FOR-US: Apple Mail CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X S ...) - freeradius (Apple specific configuration issue) CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types ...) NOT-FOR-US: Apple Wiki Server CVE-2010-0522 (Server Admin in Apple Mac OS X Server 10.5.8 does not properly determi ...) NOT-FOR-US: Apple Server Admin CVE-2010-0521 (Server Admin in Apple Mac OS X Server before 10.6.3 does not properly ...) NOT-FOR-US: Apple Server Admin CVE-2010-0520 (Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in A ...) NOT-FOR-US: Apple QuickTime CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows r ...) NOT-FOR-US: Apple QuickTime CVE-2010-0518 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e ...) NOT-FOR-US: Apple QuickTime CVE-2010-0517 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6. ...) NOT-FOR-US: Apple QuickTime CVE-2010-0516 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6. ...) NOT-FOR-US: Apple QuickTime CVE-2010-0515 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e ...) NOT-FOR-US: Apple QuickTime CVE-2010-0514 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6. ...) NOT-FOR-US: Apple QuickTime CVE-2010-0513 (Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before ...) NOT-FOR-US: Apple PS Normalizer CVE-2010-0512 (The Accounts Preferences implementation in Apple Mac OS X 10.6 before ...) NOT-FOR-US: Apple Accounts Preferences CVE-2010-0511 (Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the acce ...) NOT-FOR-US: Apple Podcast Producer CVE-2010-0510 (Password Server in Apple Mac OS X Server before 10.6.3 does not proper ...) NOT-FOR-US: Apple Password Server CVE-2010-0509 (SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local ...) NOT-FOR-US: Apple SFLServer CVE-2010-0508 (Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules ...) NOT-FOR-US: Apple Mail CVE-2010-0507 (Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows re ...) NOT-FOR-US: Apple Image RAW CVE-2010-0506 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote at ...) NOT-FOR-US: Apple Image RAW CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 ...) NOT-FOR-US: Apple ImageIO CVE-2010-0504 (Multiple stack-based buffer overflows in iChat Server in Apple Mac OS ...) NOT-FOR-US: Apple iChat CVE-2010-0503 (Use-after-free vulnerability in iChat Server in Apple Mac OS X Server ...) NOT-FOR-US: Apple iChat CVE-2010-0502 (iChat Server in Apple Mac OS X Server before 10.6.3, when group chat i ...) NOT-FOR-US: Apple iChat CVE-2010-0501 (Directory traversal vulnerability in FTP Server in Apple Mac OS X Serv ...) NOT-FOR-US: Apple FTP Server CVE-2010-0500 (Event Monitor in Apple Mac OS X before 10.6.3 does not properly valida ...) NOT-FOR-US: Apple Event Monitor CVE-2010-0499 RESERVED CVE-2010-0498 (Directory Services in Apple Mac OS X before 10.6.3 does not properly p ...) NOT-FOR-US: Apple Directory Services CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the expec ...) NOT-FOR-US: Apple Disk Images CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for i ...) NOT-FOR-US: Apple iPhone OS CVE-2010-0495 REJECTED CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0493 REJECTED CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet Explo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properl ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0487 (The Authenticode Signature verification functionality in cabview.dll i ...) NOT-FOR-US: Microsoft Windows CVE-2010-0486 (The WinVerifyTrust function in Authenticode Signature Verification 5.1 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0485 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 200 ...) NOT-FOR-US: Microsoft CVE-2010-0484 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 200 ...) NOT-FOR-US: Microsoft CVE-2010-0483 (vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0482 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not ...) NOT-FOR-US: Microsoft Windows CVE-2010-0481 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Serv ...) NOT-FOR-US: Microsoft Windows CVE-2010-0480 (Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs ...) NOT-FOR-US: Microsoft Windows CVE-2010-0479 (Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and ...) NOT-FOR-US: Microsoft Windows CVE-2010-0478 (Stack-based buffer overflow in nsum.exe in the Windows Media Unicast S ...) NOT-FOR-US: Microsoft Windows CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...) NOT-FOR-US: Microsoft Windows CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, ...) NOT-FOR-US: Microsoft Windows CVE-2010-0475 (Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Pa ...) NOT-FOR-US: Palo Alto Networks Firewall CVE-2010-0474 RESERVED {DSA-2188-1} - webkit 1.4.0-1 CVE-2010-0473 RESERVED CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 ...) NOT-FOR-US: IBM DB2 CVE-2010-0471 (SQL injection vulnerability in the comment submission interface (inclu ...) NOT-FOR-US: Enano CMS CVE-2010-0470 (Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend C ...) NOT-FOR-US: Comtrend CVE-2010-0469 (SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, a ...) NOT-FOR-US: Files2Links CVE-2010-0468 (Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in ...) NOT-FOR-US: PaperThin CommonSpot Content Server CVE-2010-0467 (Directory traversal vulnerability in the ccNewsletter (com_ccnewslette ...) NOT-FOR-US: ccNewsletter component for Joomla! CVE-2010-XXXX [nautilus: file preview html script execution] - nautilus (proof-of-concept script is previewed as text, not executed) NOTE: http://seclists.org/fulldisclosure/2010/Feb/112 CVE-2010-XXXX [browser javascript document.write denial-of-service] - xulrunner (unimportant; bug #568486) - webkit (unimportant; bug #568485) - qt4-x11 (unimportant) - kdelibs (unimportant) - kde4libs (unimportant) CVE-2010-0466 RESERVED CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents funct ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser avoi ...) - roundcube 0.3.1-3 (bug #569660) CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser avoi ...) - imp4 4.3.7+debian0-2 (low; bug #569661) [lenny] - imp4 4.2-4lenny2 CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, ...) NOT-FOR-US: IBM DB2 CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component 1.0 f ...) NOT-FOR-US: Joomla! CVE-2010-0460 (Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php ...) NOT-FOR-US: Kayako SupportSuite CVE-2010-0459 (SQL injection vulnerability in the Mochigames (com_mochigames) compone ...) NOT-FOR-US: Joomla! CVE-2010-0458 (Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 ...) NOT-FOR-US: NetArt Media Blog System CVE-2010-0457 (SQL injection vulnerability in home.php in magic-portal 2.1 allows rem ...) NOT-FOR-US: magic-portal CVE-2010-0456 (SQL injection vulnerability in the indianpulse Game Server (com_gamese ...) NOT-FOR-US: Joomla! CVE-2010-0455 (Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in Pun ...) NOT-FOR-US: PunBB CVE-2010-0454 (SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publiqu ...) NOT-FOR-US: Publique! CMS CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and ...) NOT-FOR-US: Sun Solaris CVE-2010-0452 (Multiple cross-site scripting (XSS) vulnerabilities in HP Project and ...) NOT-FOR-US: HP Project and Portfolio Management Center CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier on HP ...) NOT-FOR-US: HP-UX CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...) NOT-FOR-US: HP SOA Registry Foundation CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation ...) NOT-FOR-US: HP SOA Registry Foundation CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...) NOT-FOR-US: HP SOA Registry Foundation CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance I ...) NOT-FOR-US: HP OpenView Performance Insight CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with firmw ...) NOT-FOR-US: HP DreamScreen CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, ...) NOT-FOR-US: HP Network Node Manager CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a bl ...) NOT-FOR-US: HP Operations Agent CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS) before V ...) NOT-FOR-US: HP OpenVMS CVE-2010-0441 (Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, ...) - asterisk 1:1.6.2.2-1 [lenny] - asterisk (Only affects 1.6.x) [etch] - asterisk (Only affects 1.6.x) CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cis ...) NOT-FOR-US: Cisco Secure Desktop CVE-2010-0439 (Chip Salzenberg Deliver allows local users to cause a denial of servic ...) - deliver CVE-2010-0438 (Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in O ...) {DSA-1993-1} - otrs (vulnerable code not present) [etch] - otrs2 (vulnerable code not present) - otrs2 2.4.7-1 (medium) NOTE: http://web.archive.org/web/20111224162621/http://otrs.org/advisory/OSA-2010-01-en/ CVE-2010-0437 (The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux ...) - linux-2.6 2.6.26-9 CVE-2010-0436 (Race condition in backend/ctrl.c in KDM in KDE Software Compilation (S ...) {DSA-2037-1} - kdebase 4:4.0 - kdebase-workspace 4:4.4.3-1 NOTE: The binary package kdm was built from kdebase in Lenny and from kdebase-workspace NOTE: in KDE 4.x, i.e. Squeeze onwards CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualizat ...) {DSA-2153-1} - linux-2.6 2.6.32-29 CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP S ...) {DSA-2035-1} - apache2 2.2.15-1 CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before ...) - openssl (Kerberos support not enabled) NOTE: https://www.openwall.com/lists/oss-security/2010/03/03/5 CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open ...) NOT-FOR-US: Apache Open For Business Project (OFBiz) CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat E ...) - qemu-kvm (QXL support not yet present in Debian packages) - kvm (QXL support not yet present in Debian packages) CVE-2010-0430 (libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hyp ...) - spice (Fixed before initial upload to archive) CVE-2010-0429 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...) - spice (Fixed before initial upload to archive) CVE-2010-0428 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...) - spice (Fixed before initial upload to archive) CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is used, doe ...) {DSA-2006-1} - sudo 1.7.0-1 NOTE: https://www.openwall.com/lists/oss-security/2010/02/23/4 CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-com ...) {DSA-2006-1} - sudo 1.7.2p1-1.2 (bug #570737) NOTE: https://www.openwall.com/lists/oss-security/2010/02/23/4 CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server ...) - apache2 (Windows only) CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) ...) - cron (vulnerability in redhat-specific changes to their cron forks; cronie and vixie-cron) CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a ...) {DSA-2038-1} - pidgin 2.6.6-1 (low) - gaim (low) [lenny] - gaim (gaim is a transitional dummy package only) - qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946) CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize t ...) - gnome-screensaver 2.28.3-1 [lenny] - gnome-screensaver (Vulnerable code not present) CVE-2010-0421 (Array index error in the hb_ot_layout_build_glyph_classes function in ...) {DSA-2019-1} - pango1.0 1.26.2-1 (bug #574021) CVE-2010-0420 (libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user cha ...) {DSA-2038-1} - pidgin 2.6.6-1 (low) - gaim (low) [lenny] - gaim (gaim is a transitional dummy package only) - qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946) CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for Symmetric M ...) {DSA-2010-1} - kvm CVE-2010-0418 (The web interface in chumby one before 1.0.4 and chumby classic before ...) NOT-FOR-US: Chumby device's web interface CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and R ...) NOT-FOR-US: RealPlayer/Helix Player CVE-2010-0416 (Buffer overflow in the Unescape function in common/util/hxurl.cpp and ...) NOT-FOR-US: RealPlayer/Helix Player CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel before ...) {DSA-2005-1 DSA-2003-1 DSA-1996-1} - linux-2.6 2.6.32-8 - linux-2.6.24 CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers ...) - gnome-screensaver 2.28.2-1 (bug #569084) [etch] - gnome-screensaver (Vulnerable code not present) [lenny] - gnome-screensaver (Vulnerable code not present) CVE-2010-0413 REJECTED CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of t ...) - systemtap 1.2-1 (bug #572560) [lenny] - systemtap (Server component not yet present) [etch] - systemtap (Server component not yet present) CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) __get ...) - systemtap 1.2-1 (low; bug #568809) [lenny] - systemtap (Vulnerable code not present) [etch] - systemtap (Minor issue) NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allo ...) {DSA-2005-1 DSA-2003-1 DSA-1996-1} - linux-2.6 2.6.32-8 - linux-2.6.24 NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7 CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodin ...) {DSA-2082-1} - gmime2.2 2.2.25-1.1 (bug #568291) - gmime2.4 2.4.14-1+nmu1 (bug #573877) CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp ...) {DSA-2035-1} - apache2 2.2.15-1 (low) [lenny] - apache2 (minor issue) NOTE: Will be fixed in s-p-u CVE-2010-0407 (Multiple buffer overflows in the MSGFunctionDemarshall function in win ...) {DSA-2059-1} - pcsc-lite 1.5.4-1 CVE-2010-0406 (OpenTTD before 1.0.1 allows remote attackers to cause a denial of serv ...) - openttd 1.0.1-1 [lenny] - openttd 0.6.2-1+lenny2 CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in bzi ...) {DSA-2112-1} - bzip2 1.0.5-6 - clamav 0.96.3+dfsg-1 [lenny] - clamav (No longer supported in Lenny) CVE-2010-0404 (Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before ...) {DSA-2046-1} - phpgroupware 1:0.9.16.016+dfsg-1 (bug #584517) CVE-2010-0403 (Directory traversal vulnerability in about.php in phpGroupWare (phpgw) ...) {DSA-2046-1} - phpgroupware 1:0.9.16.016+dfsg-1 (bug #584518) CVE-2010-0402 (OpenTTD before 1.0.1 does not properly validate index values of certai ...) - openttd 1.0.1-1 [lenny] - openttd 0.6.2-1+lenny2 CVE-2010-0401 (OpenTTD before 1.0.1 accepts a company password for authentication in ...) - openttd 1.0.1-1 [lenny] - openttd 0.6.2-1+lenny2 CVE-2010-0400 (SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows rem ...) {DSA-2030-1} - mahara 1.2.4-1 (medium) CVE-2010-0399 RESERVED CVE-2010-0398 (The init script in autokey before 0.61.3-2 allows local attackers to w ...) - autokey 0.61.3-2 CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing m ...) {DSA-2018-1} - php5 5.3.2-1 (medium; bug #573573) CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component in dpkg ...) {DSA-2011-1} - dpkg 1.15.6 CVE-2010-0395 (OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote at ...) {DSA-2055-1} - openoffice.org 1:3.2.1-1 (low) CVE-2010-0394 (PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny ...) {DSA-1990-2 DSA-1990-1} - trac-git 0.0.20090320-1 (high; bug #567039) CVE-2010-0393 (The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1 ...) {DSA-2007-1} - cupsys - cups 1.4.2-9.1 CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Cl ...) NOT-FOR-US: TheGreenBow IPSec VPN Client CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero Technologies Inte ...) NOT-FOR-US: InterBase SMP 2009 9.0.3.437 CVE-2010-0390 (Unrestricted file upload vulnerability in maxImageUpload/index.php in ...) NOT-FOR-US: PHP F1 Max's Image Uploader CVE-2010-0389 (The admin server in Sun Java System Web Server 7.0 Update 6 allows rem ...) NOT-FOR-US: Sun Java System Web Server CVE-2010-0388 (Format string vulnerability in the WebDAV implementation in webservd i ...) NOT-FOR-US: Sun Java System Web Server CVE-2010-0387 (Multiple heap-based buffer overflows in (1) webservd and (2) the admin ...) NOT-FOR-US: Sun Java System Web Server CVE-2010-0386 (The default configuration of Sun Java System Application Server 7 and ...) NOT-FOR-US: Sun Java System Application Server CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functionin ...) - tor 0.2.1.22-1 (low) [lenny] - tor (only affects versions > 0.2.1.6-alpha) NOTE: the CVE entry is wrong, only 0.2.1.6-alpha and up are affected NOTE: confirmed with Tor developers, Lenny is not affected CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirr ...) - tor (only affects versions 0.2.2.x) [lenny] - tor (only affects versions 0.2.2.x) NOTE: does not appear to be a real vulnerability? CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...) - tor 0.2.1.22-1 (medium) [lenny] - tor 0.2.0.35-1~lenny2 (medium) CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ...) {DSA-2054-1} - bind9 1:9.7.0.dfsg-1 CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...) NOT-FOR-US: PHP MySpace Gold Edition CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows rem ...) NOT-FOR-US: JCE-Tech PHP Calendars CVE-2010-XXXX [gmetad incorrect file permissions] - ganglia 3.1.2-3 (low; bug #567175) CVE-2010-0442 (The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0 ...) {DSA-2051-1} - postgresql-7.4 - postgresql-8.1 - postgresql-8.2 - postgresql-8.3 (low; bug #567058) - postgresql-8.4 8.4.3-1 CVE-2010-2444 (parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03 ...) - maradns 1.4.03-1 (low; bug #584587) [lenny] - maradns (minor issue) [etch] - maradns (vulnerable code introduced in 1.3.03) CVE-2010-XXXX [sqlite: info leak] - sqlite3 3.6.21-1 (low; bug #566326) [lenny] - sqlite3 (Minor information leak) CVE-2010-XXXX [backup-manager: make sure password is not written to world-readable files] - backup-manager 0.7.9-1 (low) [lenny] - backup-manager 0.7.7-2 NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html NOTE: checked in 0.7.9-1, but may have been fixed sooner CVE-2010-XXXX [sudosh3: many security weaknesses] - sudosh3 (high; bug #566142) CVE-2010-0379 (Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX c ...) NOT-FOR-US: Macromedia Flash ActiveX CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distribu ...) NOT-FOR-US: Adobe Flash Player CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...) NOT-FOR-US: PHP MySpace Gold Edition CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Te ...) NOT-FOR-US: JCE-Tech PHP Calendars CVE-2010-0375 (SQL injection vulnerability in product_list.php in JCE-Tech PHP Calend ...) NOT-FOR-US: JCE-Tech PHP Calendars CVE-2010-0374 (Cross-site scripting (XSS) vulnerability in the Marketplace (com_marke ...) NOT-FOR-US: component for Joomla! CVE-2010-0373 (SQL injection vulnerability in the libros (com_libros) component for J ...) NOT-FOR-US: component for Joomla! CVE-2010-0372 (SQL injection vulnerability in the Articlemanager (com_articlemanager) ...) NOT-FOR-US: component for Joomla! CVE-2010-0371 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hi ...) NOT-FOR-US: Hitmaaan Gallery CVE-2010-0370 (Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x ...) NOT-FOR-US: Node Blocks module for Drupal CVE-2010-0369 RESERVED CVE-2010-0368 RESERVED CVE-2010-0367 (Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits ...) NOT-FOR-US: BitScripts Bits Video Script CVE-2010-0366 (Multiple unrestricted file upload vulnerabilities in (1) register.php ...) NOT-FOR-US: BitScripts Bits Video Script CVE-2010-0365 (Cross-site scripting (XSS) vulnerability in search.php in BitScripts B ...) NOT-FOR-US: BitScripts Bits Video Script CVE-2010-0364 (Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows ...) - vlc 0.8.6.c-4.1 (low; bug #458318) NOTE: subset of CVE-2007-6681 CVE-2010-0363 (Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3 ...) NOT-FOR-US: Zeus Web Server CVE-2010-0362 (Zeus Web Server before 4.3r5 does not use random transaction IDs for D ...) NOT-FOR-US: Zeus Web Server CVE-2010-0361 (Stack-based buffer overflow in the WebDAV implementation in webservd i ...) NOT-FOR-US: Sun Java System Web Server CVE-2010-0360 (Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attac ...) NOT-FOR-US: Sun Java System Web Server CVE-2010-0359 (Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 a ...) NOT-FOR-US: Zeus Web Server CVE-2010-0358 (Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 ...) NOT-FOR-US: IBM Lotus Domino CVE-2010-0357 (Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotu ...) NOT-FOR-US: IBM Lotus Web Content Management CVE-2010-0356 (Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 Activ ...) NOT-FOR-US: ActiveX CVE-2010-0355 RESERVED CVE-2010-0354 RESERVED CVE-2010-0353 RESERVED CVE-2010-0352 RESERVED CVE-2010-0351 RESERVED CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, ...) - zope3 (low) [lenny] - zope3 (Minor issue) - zope2.11 - zope2.10 (low) [lenny] - zope2.10 (Minor issue) - zope2.9 NOTE: https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html CVE-2010-0350 (Directory traversal vulnerability in the Photo Book (goof_fotoboek) ex ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0349 (Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.3 ...) NOT-FOR-US: WebCalenderC3 CVE-2010-0348 (Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and e ...) NOT-FOR-US: WebCalenderC3 CVE-2010-0347 (Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0346 (Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0345 (Cross-site scripting (XSS) vulnerability in the Majordomo extension 1. ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0344 (SQL injection vulnerability in the zak_store_management extension 1.0. ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0343 (SQL injection vulnerability in the Clan Users List (pb_clanlist) exten ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0342 (SQL injection vulnerability in the Reports for Job (job_reports) exten ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0341 (SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) exte ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0340 (SQL injection vulnerability in the MJS Event Pro (mjseventpro) extensi ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0339 (SQL injection vulnerability in the User Links (vm19_userlinks) extensi ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0338 (SQL injection vulnerability in the TT_Products editor (ttpedit) extens ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0337 (SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_ale ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0336 (Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumpe ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0335 (Cross-site scripting (XSS) vulnerability in the Vote rank for news (vo ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0334 (SQL injection vulnerability in the Vote rank for news (vote_for_tt_new ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0333 (SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0332 (SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) exten ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0331 (Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_ta ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0330 (SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0329 (SQL injection vulnerability in the powermail extension 1.5.1 and earli ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0328 (Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_un ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0327 (Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_ ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0326 (Cross-site scripting (XSS) vulnerability in the Developer log (devlog) ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0325 (Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0324 (SQL injection vulnerability in the Customer Reference List (ref_list) ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0323 (Unspecified vulnerability in the Photo Book (goof_fotoboek) extension ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0322 (SQL injection vulnerability in the init function in MK-AnydropdownMenu ...) NOT-FOR-US: TYPO3 third party extensions CVE-2010-0321 (Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Jo ...) NOT-FOR-US: Jamit Job Board 3.0 CVE-2010-0320 (Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter ...) NOT-FOR-US: Glitter Central Script CVE-2010-0319 (Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 a ...) NOT-FOR-US: Docmint CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, ...) - kfreebsd-6 (vulnerable code introduced in freebsd 7) - kfreebsd-7 7.2-10 (medium; bug #566684) [lenny] - kfreebsd-7 (kfreebsd not support in Lenny) - kfreebsd-8 8.0-2 (medium) CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Novell Netware CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote attack ...) NOT-FOR-US: Google SketchUp CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, allo ...) - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) [lenny] - webkit (Too intrusive to backport, disk of regression higher than impact at hand) CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target U ...) - webkit 1.1.90-1 [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System Dire ...) NOT-FOR-US: Sun Java System Directory Server Enterprise Edition CVE-2010-0312 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2010-0311 (Unspecified vulnerability in Sun Java System Identity Manager (aka IdM ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2010-0310 (Trusted Extensions in Sun Solaris 10 allows local users to gain privil ...) NOT-FOR-US: Trusted Extensions in Sun Solaris 10 CVE-2010-XXXX [zend framework multiple issues] - zendframework 1.9.7-1 NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06 CVE-2010-XXXX [ZF2010-07] - zendframework 1.10.3-1 NOTE: http://framework.zend.com/security/advisory/ZF2010-07 CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT) ...) {DSA-2010-1 DSA-1996-1} - linux-2.6 2.6.32-8 [etch] - linux-2.6 (kvm introduced in 2.6.25) - linux-2.6.24 (kvm introduced in 2.6.25) - kvm NOTE: http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commitdiff;h=336f40a728b9a4a5db5e1df5c89852c79ff95604 CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...) {DSA-1991-1} - squid 2.7.STABLE8-1 - squid3 3.1.0.16-1 (bug #575747) CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel be ...) {DSA-1996-1} - linux-2.6 2.6.32-8 - linux-2.6.24 CVE-2010-0306 (The x86 emulator in KVM 83, when a guest is configured for Symmetric M ...) {DSA-2010-1 DSA-1996-1} - linux-2.6 2.6.32-8 [etch] - linux-2.6 (kvm introduced in 2.6.25) - linux-2.6.24 (kvm introduced in 2.6.25) - kvm CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to c ...) {DSA-2033-1} - ejabberd 2.1.2-2 (medium; bug #568383) NOTE: https://support.process-one.net/browse/EJAB-1173 CVE-2010-0304 (Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 t ...) {DSA-1983-1} - wireshark 1.2.6-1 CVE-2010-0303 (mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 ...) {DSA-1982-1} - hybserv 1.9.2-4.1 (low; bug #550389) CVE-2010-0302 (Use-after-free vulnerability in the abstract file-descriptor handling ...) - cups 1.4.2-10 (bug #572940) [lenny] - cups 1.3.8-1+lenny9 - cupsys (vulnerable code introduced in 1.3.x) NOTE: This is for an incomplete fix for CVE-2009-3553 CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the -d opt ...) {DSA-1981-1} - maildrop 2.2.0-3.1 (low; bug #564601) CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a ...) {DSA-1980-1} - ircd-ratbox 3.0.6.dfsg-1 (low; bug #567191) - ircd-hybrid 1:7.2.2.dfsg.2-6.1 (low) CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure permi ...) - linux-2.6 2.6.32-6 [etch] - linux-2.6 (vulnerable code introduced in 2.6.31) [lenny] - linux-2.6 (vulnerable code introduced in 2.6.31) - linux-2.6.24 (vulnerable code introduced in 2.6.31) CVE-2010-0298 (The x86 emulator in KVM 83 does not use the Current Privilege Level (C ...) {DSA-2010-1 DSA-1996-1} - linux-2.6 2.6.32-8 [etch] - linux-2.6 (kvm introduced in 2.6.25) - linux-2.6.24 (kvm introduced in 2.6.25) - kvm CVE-2010-0297 (Buffer overflow in the usb_host_handle_control function in the USB pas ...) - qemu-kvm 0.11.1+dfsg-1 - kvm (low) [lenny] - kvm (minor issue) CVE-2010-0296 (The encode_name macro in misc/mntent_r.c in the GNU C Library (aka gli ...) {DSA-2058-1} - glibc 2.11-1 (bug #583908) - eglibc 2.11-1 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ab00f4eac8f4932211259ff87be83144f5211540 CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read op ...) {DSA-1987-1} - lighttpd 1.4.26-1 (medium) CVE-2010-0294 (chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a s ...) {DSA-1992-1} - chrony 1.23-7 (low) CVE-2010-0293 (The client logging functionality in chronyd in Chrony before 1.23.1 do ...) {DSA-1992-1} - chrony 1.23-7 (low) CVE-2010-0292 (The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony bef ...) {DSA-1992-1} - chrony 1.23-7 (medium) CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain privileges ...) {DSA-2005-1 DSA-1996-1} - linux-2.6 2.6.32-6 CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...) {DSA-2054-1} - bind9 1:9.7.0.dfsg-1 (medium) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7 CVE-2010-0289 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL ...) {DSA-1976-1} - dokuwiki 0.0.20090214b-3.1 (low) [etch] - dokuwiki (Vulnerable code not present) NOTE: http://secunia.com/advisories/38205/ CVE-2010-0288 (A typo in the administrator permission check in the ACL Manager plugin ...) {DSA-1976-1} - dokuwiki 0.0.20090214b-3.1 (medium; bug #565406) [etch] - dokuwiki (Vulnerable code not present) NOTE: http://bugs.splitbrain.org/index.php?do=details&task_id=1847 NOTE: issue being exploited CVE-2010-0287 (Directory traversal vulnerability in the ACL Manager plugin (plugins/a ...) {DSA-1976-1} - dokuwiki 0.0.20090214b-3.1 (low) [etch] - dokuwiki (Vulnerable code not present) NOTE: http://secunia.com/advisories/38205/ CVE-2010-0286 (Unspecified vulnerability in the OpenID Identity Authentication extens ...) - typo3-src 4.3.1-1 (bug #567163) [lenny] - typo3-src (Only affects 4.3.x) NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/ CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the ...) - gnome-screensaver 2.28.3-1 (low) [lenny] - gnome-screensaver (Minor issue) NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=593616 CVE-2010-0284 (Directory traversal vulnerability in the getEntry method in the Portal ...) NOT-FOR-US: Novell Access Manager CVE-2010-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 bef ...) - krb5 1.8+dfsg~alpha1-7 [lenny] - krb5 (Only affects krb5 >= 1.7) CVE-2010-0282 RESERVED CVE-2010-0281 RESERVED CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Googl ...) - lib3ds 1.3.0-5 (low; bug #575741) [lenny] - lib3ds (Minor issue) [etch] - lib3ds (Minor issue) - openscenegraph 2.8.0-1 [lenny] - openscenegraph 2.4.0-1.1+lenny1 NOTE: openscenegraph embeds acopy of lib3ds NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability NOTE: issue was published saying it affects google sketchup, NOTE: but the vulnerable code is in lib3ds NOTE: http://code.google.com/p/lib3ds/issues/detail?id=9 CVE-2010-0279 (Unrestricted file upload vulnerability in upload.php in BTS-GI Read ex ...) NOT-FOR-US: BTS-GI Read excel CVE-2010-0278 (A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Wind ...) NOT-FOR-US: ActiveX CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, ...) {DSA-2038-1} - pidgin 2.6.6-1 (low; bug #566775) - gaim (low) [lenny] - gaim (gaim is a transitional dummy package only) - qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946) CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Dom ...) NOT-FOR-US: IBM Lotus iNotes CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) be ...) NOT-FOR-US: IBM Lotus iNotes CVE-2010-0274 (Unspecified vulnerability in the Edit Contact scene in Ultra-light Mod ...) NOT-FOR-US: IBM Lotus iNotes CVE-2010-0273 (Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 o ...) NOT-FOR-US: Sun Java System Web Server CVE-2010-0272 (Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 ...) NOT-FOR-US: Sun Java System Web Server CVE-2010-0271 (hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_ ...) NOT-FOR-US: hald in Sun OpenSolaris CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...) NOT-FOR-US: Microsoft Windows CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2010-0268 (Unspecified vulnerability in the Windows Media Player ActiveX control ...) NOT-FOR-US: Microsoft Windows CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle o ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0266 (Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does ...) NOT-FOR-US: Microsoft Office CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, an ...) NOT-FOR-US: Microsoft Windows Movie Maker CVE-2010-0264 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Ope ...) NOT-FOR-US: Microsoft Office CVE-2010-0263 (Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML ...) NOT-FOR-US: Microsoft Office CVE-2010-0262 (Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not ...) NOT-FOR-US: Microsoft Office CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 ...) NOT-FOR-US: Microsoft Office CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; ...) NOT-FOR-US: Microsoft Office CVE-2010-0259 REJECTED CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...) NOT-FOR-US: Microsoft Office CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...) NOT-FOR-US: Microsoft Office CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does n ...) NOT-FOR-US: Microsoft Office CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prev ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does n ...) NOT-FOR-US: Microsoft Office CVE-2010-0253 REJECTED CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel Acti ...) NOT-FOR-US: Microsoft Data Analyzer ActiveX control CVE-2010-0251 REJECTED CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used ...) NOT-FOR-US: Microsoft DirectX CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, ...) NOT-FOR-US: Microsoft CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly h ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 ...) NOT-FOR-US: Microsoft Office XP CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...) NOT-FOR-US: Microsoft Windows Vista Gold CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...) NOT-FOR-US: Microsoft Windows Vista Gold CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...) NOT-FOR-US: Microsoft Windows Vista Gold CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...) NOT-FOR-US: Microsoft Windows Vista Gold CVE-2010-0238 (Unspecified vulnerability in registry-key validation in the kernel in ...) NOT-FOR-US: Microsoft Windows CVE-2010-0237 (The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows loc ...) NOT-FOR-US: Microsoft Windows CVE-2010-0236 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0235 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0234 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Microsoft Windows CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including Wi ...) NOT-FOR-US: Microsoft Windows CVE-2010-0231 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures ...) - postfix (SUSE-specific packaging issue) CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...) NOT-FOR-US: Verbatim Corporate Secure CVE-2010-0228 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...) NOT-FOR-US: Verbatim Corporate Secure CVE-2010-0227 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...) NOT-FOR-US: Verbatim Corporate Secure CVE-2010-0226 (SanDisk Cruzer Enterprise USB flash drives do not prevent password rep ...) NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives CVE-2010-0225 (SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for ...) NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives CVE-2010-0224 (SanDisk Cruzer Enterprise USB flash drives validate passwords with a p ...) NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives CVE-2010-0223 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edi ...) NOT-FOR-US: Kingston USB flash drives CVE-2010-0222 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edi ...) NOT-FOR-US: Kingston USB flash drives CVE-2010-0221 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edi ...) NOT-FOR-US: Kingston USB flash drives CVE-2010-0220 (The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverL ...) - xulrunner (unimportant) NOTE: browser DoS not treated as security issue CVE-2010-0219 (Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterpri ...) NOT-FOR-US: SAP BusinessObjects Enterprise CVE-2010-0218 (ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ...) - bind9 (Only affects 9.7.2, which is not yet in the archive) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html CVE-2010-0217 (Zeacom Chat Server before 5.1 uses too short a random string for the J ...) NOT-FOR-US: Zeacom Chat Server CVE-2010-0216 (authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows r ...) NOT-FOR-US: MediaCAST CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to bypass ...) NOT-FOR-US: ActiveCollab CVE-2010-0214 (The administrative interface on the PolyVision RoomWizard with firmwar ...) NOT-FOR-US: PolyVision RoomWizard CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trus ...) - bind9 9.7.1.dfsg.P2 [lenny] - bind9 (vulnerability introduced in 9.7.1) CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of service ( ...) {DSA-2077-1} - openldap 2.4.23-1 CVE-2010-0211 (The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not ...) {DSA-2077-1} - openldap 2.4.23-1 CVE-2010-0210 RESERVED CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...) NOT-FOR-US: Adobe Flash Plugin CVE-2010-0208 RESERVED CVE-2010-0207 (In xpdf, the xref table contains an infinite loop which allows remote ...) - kdegraphics 4:4.0.0-1 (unimportant) - xpdf (unimportant) - poppler 0.16.3-1 (unimportant) [squeeze] - poppler 0.12.4-1.2+squeeze1 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=28172 NOTE: Just a crasher, not treated as a security issue CVE-2010-0206 (xpdf allows remote attackers to cause a denial of service (NULL pointe ...) - kdegraphics 4:4.0.0-1 (unimportant) - xpdf (unimportant) - poppler 0.16.3-1 (unimportant) [squeeze] - poppler 0.12.4-1.2+squeeze1 NOTE: Just a crasher, not treated as a security issue CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before ...) {DSA-2032-1} - libpng 1.2.43-1 (low; bug #572308) NOTE: http://www.kb.cert.org/vuls/id/576029 CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-0200 REJECTED CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2 ...) NOT-FOR-US: Adobe Reader CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2 ...) NOT-FOR-US: Adobe Reader CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2 ...) NOT-FOR-US: Adobe Reader CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...) NOT-FOR-US: Adobe Reader CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9 ...) NOT-FOR-US: Adobe Reader CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager ...) NOT-FOR-US: Adobe Download Manager CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...) NOT-FOR-US: Adobe Reader CVE-2010-0187 (Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 al ...) NOT-FOR-US: Adobe Flash plugin CVE-2010-0186 (Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Ado ...) NOT-FOR-US: Adobe Flash plugin CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not restrict ac ...) NOT-FOR-US: Adobe ColdFusion CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO Dom ...) NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots functi ...) {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape (Only a stub package) CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6 ...) {DSA-2075-1} - xulrunner 1.9.1.9-1 (low) [lenny] - xulrunner (Minor issue, no upstream fix for 3.0 series) - iceape 2.0.4-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - icedove 3.0.4-1 [lenny] - iceape (Only a stub package) [lenny] - icedove CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey bef ...) - xulrunner 1.9.1.9-1 (unimportant) - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 [lenny] - iceape (Only a stub package) CVE-2010-0180 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_ ...) - bugzilla (Only affects 3.5 to 3.7) CVE-2010-0179 (Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey be ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 [lenny] - iceape (Only a stub package) CVE-2010-0178 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 [lenny] - iceape (Only a stub package) CVE-2010-0177 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 [lenny] - iceape (Only a stub package) CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 - icedove 3.0.4-1 [lenny] - icedove [lenny] - iceape (Only a stub package) CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 - icedove 3.0.4-1 [lenny] - icedove [lenny] - iceape (Only a stub package) CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 - icedove 3.0.4-1 [lenny] - icedove [lenny] - iceape (Only a stub package) CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 - icedove 3.0.4-1 [lenny] - icedove [lenny] - iceape (Only a stub package) [lenny] - xulrunner (Only affects Firefox >= 3.5) CVE-2010-0172 (toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the as ...) - xulrunner (vulnerable code introduced in firefox 3.6) - iceape (vulnerable code introduced in firefox 3.6) - iceweasel (vulnerable code introduced in firefox 3.6) CVE-2010-0171 (Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x bef ...) {DSA-1999-1} - xulrunner 1.9.1.8-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.3-1 [lenny] - iceape (Lenny package only provide xpcom stubs) - icedove 3.0.2-1 [lenny] - icedove CVE-2010-0170 (Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected w ...) - xulrunner (vulnerable code introduced in firefox 3.6) - iceape (vulnerable code introduced in firefox 3.6) - iceweasel (vulnerable code introduced in firefox 3.6) CVE-2010-0169 (The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoade ...) {DSA-1999-1} - xulrunner 1.9.1.8-1 - iceape 2.0.3-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) [lenny] - iceape (Lenny package only provide xpcom stubs) - icedove 3.0.2-1 [lenny] - icedove CVE-2010-0168 (The nsDocument::MaybePreLoadImage function in content/base/src/nsDocum ...) - xulrunner (vulnerable code introduced in firefox 3.6) - iceape (vulnerable code introduced in firefox 3.6) - iceweasel (vulnerable code introduced in firefox 3.6) CVE-2010-0167 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x befor ...) {DSA-1999-1} - xulrunner 1.9.1.8-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.3-1 [lenny] - iceape (Lenny package only provide xpcom stubs) - icedove 3.0.2-1 [lenny] - icedove CVE-2010-0166 (The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.c ...) - xulrunner (vulnerable code introduced in firefox 3.6) - iceape (vulnerable code introduced in firefox 3.6) - iceweasel (vulnerable code introduced in firefox 3.6) CVE-2010-0165 (The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp ...) - xulrunner (vulnerable code introduced in firefox 3.6) - iceape (vulnerable code introduced in firefox 3.6) - iceweasel (vulnerable code introduced in firefox 3.6) CVE-2010-0164 (Use-after-free vulnerability in the imgContainer::InternalAddFrameHelp ...) - xulrunner (vulnerable code introduced in firefox 3.6) - iceape (vulnerable code introduced in firefox 3.6) - iceweasel (vulnerable code introduced in firefox 3.6) CVE-2010-0163 (Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 proces ...) {DSA-2025-1} - icedove 3.0.4-1 (medium) CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMon ...) {DSA-1999-1} - xulrunner 1.9.1.8-1 - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) [etch] - xulrunner - iceape 2.0.3-1 [lenny] - iceape (Lenny package only provide xpcom stubs) CVE-2010-0161 (The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in M ...) - xulrunner (Windows-specific) - iceape (Windows-specific) - iceweasel (Windows-specific) CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 an ...) - xulrunner 1.9.1.8-1 [etch] - xulrunner (web workers introduced in gecko 1.9.1) [lenny] - xulrunner (web workers introduced in gecko 1.9.1) - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.3-1 [etch] - iceape (web workers introduced in gecko 1.9.1) [lenny] - iceape (web workers introduced in gecko 1.9.1) CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x be ...) {DSA-1999-1} - xulrunner 1.9.1.8-1 [etch] - xulrunner - iceweasel 3.5.11-2 [lenny] - iceweasel (Iceweasel in Lenny links against xulrunner) - iceape 2.0.3-1 [lenny] - iceape (Lenny package only provide xpcom stubs) - icedove 3.0.2-1 [lenny] - icedove CVE-2010-0158 NOT-FOR-US: JoomlaBamboo (JB) Simpla Admin template CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy) ...) NOT-FOR-US: component for Joomla! CVE-2010-0156 (Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local user ...) - puppet 0.25.4-2 [lenny] - puppet (Minor issue) CVE-2010-0155 (CRLF injection vulnerability in load.php in the Local Management Inter ...) NOT-FOR-US: IBM Proventia Network Mail Security System CVE-2010-0154 (Directory traversal vulnerability in sla/index.php in the Local Manage ...) NOT-FOR-US: IBM Proventia Network Mail Security System CVE-2010-0153 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Loca ...) NOT-FOR-US: IBM Proventia Network Mail Security System CVE-2010-0152 (Multiple cross-site scripting (XSS) vulnerabilities in the Local Manag ...) NOT-FOR-US: IBM Proventia Network Mail Security System CVE-2010-0151 (The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used i ...) NOT-FOR-US: Cisco CVE-2010-0150 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...) NOT-FOR-US: Cisco CVE-2010-0149 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...) NOT-FOR-US: Cisco CVE-2010-0148 (Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285 ...) NOT-FOR-US: Cisco Security Agent CVE-2010-0147 (SQL injection vulnerability in the Management Center for Cisco Securit ...) NOT-FOR-US: Cisco CVE-2010-0146 (Directory traversal vulnerability in the Management Center for Cisco S ...) NOT-FOR-US: Cisco CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco Ir ...) NOT-FOR-US: Cisco IronPort Encryption Appliance CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the emb ...) NOT-FOR-US: Cisco IronPort Encryption Appliance CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the embed ...) NOT-FOR-US: Cisco IronPort Encryption Appliance CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5 ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5 ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco Unifie ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.6 ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor ( ...) NOT-FOR-US: Cisco CiscoWorks Internetwork Performance Monitor CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in the SSH ...) NOT-FOR-US: Cisco IOS XR CVE-2010-0136 (OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce ...) {DSA-1995-1} - openoffice.org 1:3.1.1-11 CVE-2010-0135 (Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), a ...) NOT-FOR-US: WordPerfect reader on Windows CVE-2010-0134 (Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and 10. ...) NOT-FOR-US: Autonomy KeyView CVE-2010-0133 (Multiple stack-based buffer overflows in the SpreadSheet Lotus 123 rea ...) NOT-FOR-US: SpreadSheet Lotus 123 reader CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 an ...) - viewvc 1.1.5-1 (bug #576307) CVE-2010-0131 (Stack-based buffer overflow in the SpreadSheet Lotus 123 reader (wkssr ...) NOT-FOR-US: SpreadSheet Lotus 123 reader CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might all ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player befor ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ex ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-0126 (Heap-based buffer overflow in an unspecified library in Autonomy KeyVi ...) NOT-FOR-US: Autonomy KeyView CVE-2010-0125 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1 ...) NOT-FOR-US: RealPlayer CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on the m ...) NOT-FOR-US: Employee Timeclock Software CVE-2010-0123 (The database backup implementation in Employee Timeclock Software 0.99 ...) NOT-FOR-US: Employee Timeclock Software CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock Software ...) NOT-FOR-US: Employee Timeclock Software CVE-2010-0121 (The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlaye ...) NOT-FOR-US: RealPlayer CVE-2010-0120 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealPlayer CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, place ...) NOT-FOR-US: Bournal CVE-2010-0118 (Bournal before 1.4.1 allows local users to overwrite arbitrary files v ...) NOT-FOR-US: Bournal CVE-2010-0117 (RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 throug ...) NOT-FOR-US: RealPlayer CVE-2010-0116 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and Real ...) NOT-FOR-US: RealPlayer CVE-2010-0115 (SQL injection vulnerability in login.php in the GUI management console ...) NOT-FOR-US: Symantec Web Gateway CVE-2010-0114 (fw_charts.php in the reporting module in the Manager (aka SEPM) compon ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2010-0113 (The Symantec Norton Mobile Security application 1.0 Beta for Android r ...) NOT-FOR-US: Symantec Norton Mobile Security application 1.0 CVE-2010-0112 (Multiple SQL injection vulnerabilities in the Administrative Interface ...) NOT-FOR-US: Symantec IM Manager CVE-2010-0111 (HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Ha ...) NOT-FOR-US: Symantec Intel Alert Handler CVE-2010-0110 (Multiple stack-based buffer overflows in Intel Alert Management System ...) NOT-FOR-US: Symantec Intel Alert Handler CVE-2010-0109 (DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 ...) NOT-FOR-US: Symantec CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the Syman ...) NOT-FOR-US: Symantec AntiVirus CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 ...) NOT-FOR-US: Symantec CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before ...) NOT-FOR-US: Symantec AntiVirus CVE-2010-0105 (The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6 ...) NOT-FOR-US: Apple hfs implementation CVE-2010-0104 (Unspecified vulnerability in the Broadcom Integrated NIC Management Fi ...) NOT-FOR-US: Broadcom Integrated NIC Management Firmware CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger software conta ...) NOT-FOR-US: Energizer DUO USB Battery Charger Software CVE-2010-0102 RESERVED CVE-2010-0101 (The embedded HTTP server in multiple Lexmark laser and inkjet printers ...) NOT-FOR-US: Lexmark printers and MarkNet devices CVE-2010-0100 RESERVED CVE-2010-0099 REJECTED CVE-2010-0098 (ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z fil ...) - clamav 0.96+dfsg-1 [lenny] - clamav (No longer supported in Lenny) CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ...) {DSA-2054-1} - bind9 1:9.7.0.dfsg-1 CVE-2010-0096 RESERVED CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in componen ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in componen ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b18-1.8-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0087 (Unspecified vulnerability in the Java Web Start, Java Plug-in componen ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0083 (Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows re ...) NOT-FOR-US: Solaris CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle Ja ...) - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0081 (Unspecified vulnerability in the Application Server Control component ...) NOT-FOR-US: Oracle Fusion CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile ...) NOT-FOR-US: PeopleSoft Enterprise HCM CVE-2010-0079 (Multiple vulnerabilities in the JRockit component in BEA Product Suite ...) NOT-FOR-US: BEA Product Suite CVE-2010-0078 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...) NOT-FOR-US: BEA Product Suite CVE-2010-0077 (Unspecified vulnerability in the CRM Technical Foundation (mobile) com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-0076 (Unspecified vulnerability in the Application Express Application Build ...) NOT-FOR-US: Oracle Database CVE-2010-0075 (Unspecified vulnerability in the Oracle HRMS (Self Service) component ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...) NOT-FOR-US: BEA Product Suite CVE-2010-0073 (Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Se ...) NOT-FOR-US: Oracle WebLogic Server CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle Secure Backup CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle Database ...) NOT-FOR-US: Oracle Database CVE-2010-0070 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Application Server CVE-2010-0069 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...) NOT-FOR-US: BEA Product Suite CVE-2010-0068 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...) NOT-FOR-US: BEA Product Suite CVE-2010-0067 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Application Server CVE-2010-0066 (Unspecified vulnerability in the Access Manager Identity Server compon ...) NOT-FOR-US: Oracle Application Server CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remot ...) NOT-FOR-US: Apple Disk Images CVE-2010-0064 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ow ...) NOT-FOR-US: Apple DesktopServices CVE-2010-0063 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X befo ...) NOT-FOR-US: Apple CoreTypes CVE-2010-0062 (Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime ...) NOT-FOR-US: Apple QuickTime CVE-2010-0061 RESERVED CVE-2010-0060 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to e ...) NOT-FOR-US: Apple CoreAudio CVE-2010-0059 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to e ...) NOT-FOR-US: Apple CoreAudio CVE-2010-0058 (freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009 ...) - clamav (apple-specific configuration issue) CVE-2010-0057 (AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use ...) NOT-FOR-US: Apple AFP Server CVE-2010-0056 (Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10 ...) NOT-FOR-US: Apple AppKit CVE-2010-0055 (xar in Apple Mac OS X 10.5.8 does not properly validate package signat ...) - xar (bug #572556) [lenny] - xar (Minor issue) CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...) - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/53812 NOTE: http://trac.webkit.org/changeset/53813 NOTE: http://trac.webkit.org/changeset/54242 CVE-2010-0053 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...) - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit (Vulnerable code not present) NOTE: http://trac.webkit.org/changeset/50466 CVE-2010-0052 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...) - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit (Vulnerable code not present) NOTE: http://trac.webkit.org/changeset/51877 CVE-2010-0051 (WebKit in Apple Safari before 4.0.5 does not properly validate the cro ...) NOTE: http://trac.webkit.org/changeset/52784 NOTE: duplicate of CVE-2010-0651 CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...) - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/52073 CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...) - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/52527 CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...) - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/51962 CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...) - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/50698 CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...) - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/51727 CVE-2010-0045 (Apple Safari before 4.0.5 on Windows does not properly validate extern ...) NOT-FOR-US: Apple Safari CVE-2010-0044 (PubSub in Apple Safari before 4.0.5 does not properly implement use of ...) NOT-FOR-US: Apple PubSub NOTE: apple's pubsub is rss-oriented and all debian packages with pubsub NOTE: components are not; hence this is very likely an issue specifically with NOTE: their own code, or their wrapper code around another PubSub library CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...) NOT-FOR-US: Apple Safari CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...) NOT-FOR-US: Apple Safari CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...) NOT-FOR-US: Apple Safari CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, ...) NOT-FOR-US: Apple Safari CVE-2010-0039 (The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort ...) NOT-FOR-US: Apple CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for ...) NOT-FOR-US: Apple iPhone OS CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allow ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allow ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 200 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 al ...) NOT-FOR-US: Microsoft Office PowerPoint CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 al ...) NOT-FOR-US: Microsoft Office PowerPoint CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 a ...) NOT-FOR-US: Microsoft Office PowerPoint CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 ...) NOT-FOR-US: Microsoft Office PowerPoint CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...) NOT-FOR-US: Microsoft Office PowerPoint CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote ...) NOT-FOR-US: Microsoft Office PowerPoint CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP ...) NOT-FOR-US: Microsoft Paint CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 Gol ...) NOT-FOR-US: Microsoft Windows Server CVE-2010-0025 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...) NOT-FOR-US: Microsoft Windows CVE-2010-0024 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...) NOT-FOR-US: Microsoft Windows CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server servi ...) NOT-FOR-US: Microsoft Windows Vista Gold CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0019 (Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0. ...) NOT-FOR-US: Microsoft Silverlight on Windows CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.d ...) NOT-FOR-US: Microsoft Windows CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows S ...) NOT-FOR-US: Microsoft Windows Server CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 an ...) NOT-FOR-US: Microsoft Windows CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 an ...) {DSA-1973-1} - eglibc 2.10.2-4 (medium; bug #560333) - glibc 2.10.2-4 (medium) CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the krb5 aut ...) - sssd 1.0.5-1 CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol plugin ...) - pidgin 2.6.5-1 (medium; bug #563206) [lenny] - pidgin (vulnerable code not present) - gaim (vulnerable code not present) NOTE: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf CVE-2010-0012 (Directory traversal vulnerability in libtransmission/metainfo.c in Tra ...) {DSA-1967-1} - transmission 1.77-1 (low) NOTE: http://trac.transmissionbt.com/changeset/9829/ NOTE: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/500625 CVE-2010-0011 (The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes ...) - uzbl 0.0.0~git.20100105-1 (medium) NOTE: http://www.uzbl.org/news.php?id=22 NOTE: maintainer is aware of it CVE-2010-0010 (Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util. ...) - apache (low) NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server, NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse NOTE: proxy situations, the backend server is usually trusted, anyway. CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain ...) - couchdb 0.11.0-1 (bug #576304) [lenny] - couchdb (Minor information leak) CVE-2010-0008 (The sctp_rcv_ootb function in the SCTP implementation in the Linux ker ...) - linux-2.6 2.6.23-1 CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the netfilte ...) {DSA-2005-1 DSA-2003-1 DSA-1996-1} - linux-2.6 2.6.32-6 - linux-2.6.24 CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...) - linux-2.6 2.6.32-6 [lenny] - linux-2.6 (vulnerable code introduced in 2.6.28) [etch] - linux-2.6 (vulnerable code introduced in 2.6.28) - linux-2.6.24 (vulnerable code introduced in 2.6.28) CVE-2010-0005 (query.py in the query interface in ViewVC before 1.1.3 does not reject ...) - viewvc 1.1.5-1 (bug #575777) CVE-2010-0004 (ViewVC before 1.1.3 composes the root listing view without using the a ...) - viewvc 1.1.5-1 (bug #575777) CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel ...) {DSA-2005-1 DSA-1996-1} - linux-2.6 2.6.32-6 [etch] - linux-2.6 (does not have print-fatal-signals) - linux-2.6.24 CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for ...) - bash (mandriva-specific packaging issue) CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 ...) {DSA-2074-1 DSA-1974-1} - gzip 1.3.12-9 (medium; bug #566002) - linux-2.6 (does not include unlzw.c in its gzip code copy) - klibc (does not include unlzw.c in its gzip code copy) - busybox (does not include unlzw.c in its gzip code copy) - pristine-tar (does not include unlzw.c in its gzip code copy) - ncompress 4.2.4.3-1