diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
| commit | b52483e988b611ffa7ff016030b0a61101f28219 (patch) | |
| tree | 440ead7c2c2cb0bf02ecc5929bee37f271401d72 /data/CVE/2010.list | |
| parent | 48e42f485f4e01f92211c58abc88e5304d6a9667 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2010.list')
| -rw-r--r-- | data/CVE/2010.list | 9866 |
1 files changed, 4933 insertions, 4933 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 73a1e69738..d9690a92e2 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1,14 +1,14 @@ -CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...) +CVE-2010-5329 - linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2) -CVE-2010-5328 (include/linux/init_task.h in the Linux kernel before 2.6.35 does not ...) +CVE-2010-5328 - linux <not-affected> (Fixed before the src:linux-2.6 -> src:linux rename) - linux-2.6 2.6.37-1 -CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users to ...) +CVE-2010-5327 NOT-FOR-US: Liferay Portal -CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java ...) +CVE-2010-5326 NOT-FOR-US: SAP -CVE-2010-5325 (Heap-based buffer overflow in the unhtmlify function in foomatic-rip ...) +CVE-2010-5325 - foomatic-filters 4.0.5-6 - cups-filters <not-affected> (Vulnerable code not present) NOTE: cups-filters 1.0.42 introduced foomatic-rip filter which already was fixed. @@ -16,41 +16,41 @@ CVE-2010-5325 (Heap-based buffer overflow in the unhtmlify function in foomatic- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1218297 NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic/foomatic-filters/revision/239 (HEAD) NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/revision/225 (4.0.x branch) -CVE-2010-5324 (Directory traversal vulnerability in UploadServlet in the Remote ...) +CVE-2010-5324 NOT-FOR-US: Novell ZENworks Configuration Management -CVE-2010-5323 (Directory traversal vulnerability in UploadServlet in the Remote ...) +CVE-2010-5323 NOT-FOR-US: Novell ZENworks Configuration Management -CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier ...) +CVE-2010-5322 NOT-FOR-US: ZeusCart CVE-2010-XXXX [crash when parsing overly long links] - lynx-cur 2.8.8dev.4-1 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2 -CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the videobuf ...) +CVE-2010-5321 - linux <unfixed> (unimportant; bug #827340) - linux-2.6 <removed> (unimportant) NOTE: Unclear, old report for Linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=620629#c0 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120571 -CVE-2010-5320 (Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT ...) +CVE-2010-5320 NOT-FOR-US: MemHT Portal -CVE-2010-5319 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat ...) +CVE-2010-5319 NOT-FOR-US: Kandidat CMS -CVE-2010-5318 (The password-reset feature in as/index.php in SweetRice CMS before ...) +CVE-2010-5318 NOT-FOR-US: SweetRice CMS -CVE-2010-5317 (Multiple SQL injection vulnerabilities in index.php in SweetRice CMS ...) +CVE-2010-5317 NOT-FOR-US: SweetRice CMS -CVE-2010-5316 (Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice ...) +CVE-2010-5316 NOT-FOR-US: SweetRice CMS -CVE-2010-5315 (Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita ...) +CVE-2010-5315 NOT-FOR-US: BEdita -CVE-2010-5314 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-5314 NOT-FOR-US: BEdita -CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 ...) +CVE-2010-5313 - linux 2.6.38-1 - linux-2.6 2.6.38-1 [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314 (v2.6.38-rc1) -CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...) +CVE-2010-5312 {DSA-3249-1 DLA-258-1} - jqueryui 1.10.1+dfsg-1 - owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed) @@ -62,359 +62,359 @@ CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst] - riece 8.0.0-1.3 (unimportant; bug #601325) [squeeze] - riece <no-dsa> (Minor issue) NOTE: Not exploitable with kernel hardening since wheezy -CVE-2010-5310 (The Acquisition Workstation for the GE Healthcare Revolution XQ/i has ...) +CVE-2010-5310 NOT-FOR-US: GE Healthcare Revolution XQ/i -CVE-2010-5309 (GE Healthcare CADStream Server has a default password of confirma for ...) +CVE-2010-5309 NOT-FOR-US: GE Healthcare CADStream Server -CVE-2010-5308 (GE Healthcare Optima MR360 does not require authentication for the ...) +CVE-2010-5308 NOT-FOR-US: GE Healthcare Optima MR360 -CVE-2010-5307 (The HIPAA configuration interface in GE Healthcare Optima MR360 has a ...) +CVE-2010-5307 NOT-FOR-US: GE Healthcare Optima MR360 -CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default ...) +CVE-2010-5306 NOT-FOR-US: GE Healthcare Optima CVE-2010-5305 RESERVED CVE-2010-5304 RESERVED NOT-FOR-US: RealVNC -CVE-2010-5303 (Cross-site scripting (XSS) vulnerability in the displayError function ...) +CVE-2010-5303 NOT-FOR-US: TimThumb -CVE-2010-5302 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...) +CVE-2010-5302 NOT-FOR-US: TimThumb -CVE-2010-5301 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...) +CVE-2010-5301 NOT-FOR-US: Kolibri -CVE-2010-5300 (Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows ...) +CVE-2010-5300 NOT-FOR-US: www.jzip.com NOTE: This is the jzip Z-code interpreter in Debian. -CVE-2010-5299 (Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote ...) +CVE-2010-5299 NOT-FOR-US: MicroP -CVE-2010-5298 (Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL ...) +CVE-2010-5298 {DSA-2908-1} - openssl 1.0.1g-3 (unimportant) [squeeze] - openssl <not-affected> (Introduced in 1.0.0) NOTE: Only exploitable with OPENSSL_NO_BUF_FREELIST enabled -CVE-2010-5297 (WordPress before 3.0.1, when a Multisite installation is used, ...) +CVE-2010-5297 - wordpress 3.0.1-1 -CVE-2010-5296 (wp-includes/capabilities.php in WordPress before 3.0.2, when a ...) +CVE-2010-5296 - wordpress 3.0.2-1 -CVE-2010-5295 (Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in ...) +CVE-2010-5295 - wordpress 3.0.2-1 -CVE-2010-5294 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2010-5294 - wordpress 3.0.2-1 -CVE-2010-5293 (wp-includes/comment.php in WordPress before 3.0.2 does not properly ...) +CVE-2010-5293 - wordpress 3.0.2-1 -CVE-2010-5292 (Amberdms Billing System (ABS) before 1.4.1, when a multi-instance ...) +CVE-2010-5292 NOT-FOR-US: Amberdms Billing System -CVE-2010-5291 (Amberdms Billing System (ABS) before 1.4.1 does not properly implement ...) +CVE-2010-5291 NOT-FOR-US: Amberdms Billing System -CVE-2010-5289 (Buffer overflow in the Authenticate method in the ...) +CVE-2010-5289 NOT-FOR-US: IncrediMail -CVE-2010-5288 (Buffer overflow in the lsConnectionCached function in editcp in ...) +CVE-2010-5288 NOT-FOR-US: EDItran Communications Platform -CVE-2010-5290 (The authentication process in Adobe ColdFusion before 10 does not ...) +CVE-2010-5290 NOT-FOR-US: Adobe ColdFusion -CVE-2010-5287 (SQL injection vulnerability in default.php in Cornerstone Technologies ...) +CVE-2010-5287 NOT-FOR-US: Cornerstone Technologies webConductor -CVE-2010-5286 (Directory traversal vulnerability in Jstore (com_jstore) component for ...) +CVE-2010-5286 NOT-FOR-US: Joomla jstore -CVE-2010-5285 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) +CVE-2010-5285 NOTE: Old report against collabtive, Poc has vanished and likely fixed in current release, see #695348 -CVE-2010-5284 (Multiple cross-site scripting (XSS) vulnerabilities in Collabtive ...) +CVE-2010-5284 - collabtive 0.7.6-1 (bug #695348) NOTE: Might be fixed earlier, but 0.7.6 was tested -CVE-2010-5283 (Cross-site request forgery (CSRF) vulnerability in OpenText ECM ...) +CVE-2010-5283 NOT-FOR-US: OpenText ECM -CVE-2010-5282 (Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM ...) +CVE-2010-5282 NOT-FOR-US: OpenText ECM -CVE-2010-5281 (Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 ...) +CVE-2010-5281 NOT-FOR-US: CMScout IBrowser TinyMCE Plugin -CVE-2010-5280 (Directory traversal vulnerability in the Community Builder Enhanced ...) +CVE-2010-5280 NOT-FOR-US: CBE for Joomla -CVE-2010-5279 (article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...) +CVE-2010-5279 NOT-FOR-US: VWar -CVE-2010-5278 (Directory traversal vulnerability in ...) +CVE-2010-5278 NOT-FOR-US: MODx Revolution -CVE-2010-5277 (Unspecified vulnerability in the Views Bulk Operations module 6 before ...) +CVE-2010-5277 NOT-FOR-US: Drupal Views Bulk Operations -CVE-2010-5276 (The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for ...) +CVE-2010-5276 NOT-FOR-US: Drupal Memcache -CVE-2010-5275 (Cross-site scripting (XSS) vulnerability in memcache_admin in the ...) +CVE-2010-5275 NOT-FOR-US: Drupal Memcache -CVE-2010-5274 (Untrusted search path vulnerability in PKZIP before 12.50.0014 allows ...) +CVE-2010-5274 NOT-FOR-US: PKZIP -CVE-2010-5273 (Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise ...) +CVE-2010-5273 NOT-FOR-US: Altova DiffDog 2011 Enterprise -CVE-2010-5272 (Untrusted search path vulnerability in Altova DatabaseSpy 2011 ...) +CVE-2010-5272 NOT-FOR-US: Altova DatabaseSpy 2011 -CVE-2010-5271 (Untrusted search path vulnerability in Altova MapForce 2011 Enterprise ...) +CVE-2010-5271 NOT-FOR-US: Altova MapForce 2011 -CVE-2010-5270 (Multiple untrusted search path vulnerabilities in Adobe Device Central ...) +CVE-2010-5270 NOT-FOR-US: Adobe Device Central -CVE-2010-5269 (Untrusted search path vulnerability in tbb.dll in Intel Threading ...) +CVE-2010-5269 NOT-FOR-US: Intel Threading Building Blocks -CVE-2010-5268 (Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 ...) +CVE-2010-5268 NOT-FOR-US: Amazon Kindle for PC -CVE-2010-5267 (Untrusted search path vulnerability in MunSoft Easy Office Recovery ...) +CVE-2010-5267 NOT-FOR-US: MunSoft Easy Office Recovery -CVE-2010-5266 (Untrusted search path vulnerability in VideoCharge Studio 2.9.0.632 ...) +CVE-2010-5266 NOT-FOR-US: VideoCharge Studio -CVE-2010-5265 (Untrusted search path vulnerability in SmartSniff 1.71 allows local ...) +CVE-2010-5265 NOT-FOR-US: SmartSniff -CVE-2010-5264 (Untrusted search path vulnerability in the CExtDWM::CExtDWM method in ...) +CVE-2010-5264 NOT-FOR-US: Prof-UIS -CVE-2010-5263 (Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 ...) +CVE-2010-5263 NOT-FOR-US: Sothink SWF Decompiler -CVE-2010-5262 (Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in ...) +CVE-2010-5262 NOT-FOR-US: Gromada Multimedia Conversion Library -CVE-2010-5261 (Untrusted search path vulnerability in SnowFox Total Video Converter ...) +CVE-2010-5261 NOT-FOR-US: SnowFox Total Video Converter -CVE-2010-5260 (Untrusted search path vulnerability in Agrin All DVD Ripper 4.0 allows ...) +CVE-2010-5260 NOT-FOR-US: Agrin All DVD Ripper -CVE-2010-5259 (Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow ...) +CVE-2010-5259 NOT-FOR-US: IsoBuster -CVE-2010-5258 (Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 ...) +CVE-2010-5258 NOT-FOR-US: Adobe Audition -CVE-2010-5257 (Multiple untrusted search path vulnerabilities in ArchiCAD 13 and 14 ...) +CVE-2010-5257 NOT-FOR-US: ArchiCAD -CVE-2010-5256 (Untrusted search path vulnerability in CDisplay 1.8.1 allows local ...) +CVE-2010-5256 NOT-FOR-US: CDisplay -CVE-2010-5255 (Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows ...) +CVE-2010-5255 NOT-FOR-US: UltraISO -CVE-2010-5254 (Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 ...) +CVE-2010-5254 NOT-FOR-US: GFI Backup -CVE-2010-5253 (Untrusted search path vulnerability in WinImage 8.50 allows local ...) +CVE-2010-5253 NOT-FOR-US: WinImage -CVE-2010-5252 (Untrusted search path vulnerability in HTTrack 3.43-9 allows local ...) +CVE-2010-5252 - httrack <not-affected> (Only affects Windows) -CVE-2010-5251 (Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 ...) +CVE-2010-5251 NOT-FOR-US: IBM Lotus Notes -CVE-2010-5250 (Untrusted search path vulnerability in the ...) +CVE-2010-5250 NOT-FOR-US: Pthreads-win32 -CVE-2010-5249 (Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 ...) +CVE-2010-5249 NOT-FOR-US: Sophos Free Encryption -CVE-2010-5248 (Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local ...) +CVE-2010-5248 NOT-FOR-US: UltraVNC -CVE-2010-5247 (Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 ...) +CVE-2010-5247 NOT-FOR-US: QtWeb Browser -CVE-2010-5246 (Multiple untrusted search path vulnerabilities in Maxthon Browser ...) +CVE-2010-5246 NOT-FOR-US: Maxthon Browser -CVE-2010-5245 (Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build ...) +CVE-2010-5245 NOT-FOR-US: PDF-XChange Viewer -CVE-2010-5244 (Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite ...) +CVE-2010-5244 NOT-FOR-US: SiSoftware Sandra -CVE-2010-5243 (Multiple untrusted search path vulnerabilities in Cyberlink Power2Go ...) +CVE-2010-5243 NOT-FOR-US: Cyberlink Power2Go -CVE-2010-5242 (Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 ...) +CVE-2010-5242 NOT-FOR-US: Sound Forge Pro -CVE-2010-5241 (Multiple untrusted search path vulnerabilities in Autodesk AutoCAD ...) +CVE-2010-5241 NOT-FOR-US: Autodesk AutoCAD -CVE-2010-5240 (Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT ...) +CVE-2010-5240 NOT-FOR-US: Corel PHOTO-PAINT and CorelDRAW -CVE-2010-5239 (Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 ...) +CVE-2010-5239 NOT-FOR-US: DAEMON Tools Lite and Pro Standard -CVE-2010-5238 (Untrusted search path vulnerability in CyberLink PowerDirector ...) +CVE-2010-5238 NOT-FOR-US: CyberLink PowerDirector -CVE-2010-5237 (Untrusted search path vulnerability in CyberLink PowerDirector 7 ...) +CVE-2010-5237 NOT-FOR-US: CyberLink PowerDirector -CVE-2010-5236 (Untrusted search path vulnerability in Roxio Easy Media Creator Home ...) +CVE-2010-5236 NOT-FOR-US: Roxio Easy Media Creator Home -CVE-2010-5235 (Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows ...) +CVE-2010-5235 NOT-FOR-US: IZArc Archiver -CVE-2010-5234 (Multiple untrusted search path vulnerabilities in Camtasia Studio ...) +CVE-2010-5234 NOT-FOR-US: Camtasia Studio -CVE-2010-5233 (Untrusted search path vulnerability in Virtual DJ 6.1.2 Trial b301 ...) +CVE-2010-5233 NOT-FOR-US: Virtual DJ -CVE-2010-5232 (Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows ...) +CVE-2010-5232 NOT-FOR-US: DivX Plus Player -CVE-2010-5231 (Untrusted search path vulnerability in DivX Player 7.2.019 allows ...) +CVE-2010-5231 NOT-FOR-US: DivX Player -CVE-2010-5230 (Multiple untrusted search path vulnerabilities in MicroStation 7.1 ...) +CVE-2010-5230 NOT-FOR-US: MicroStation -CVE-2010-5229 (Untrusted search path vulnerability in 010 Editor before 3.1.3 allows ...) +CVE-2010-5229 NOT-FOR-US: 010 Editor -CVE-2010-5228 (Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 ...) +CVE-2010-5228 NOT-FOR-US: RealPlayer SP -CVE-2010-5227 (Untrusted search path vulnerability in Opera before 10.62 allows local ...) +CVE-2010-5227 NOT-FOR-US: Opera -CVE-2010-5226 (Multiple untrusted search path vulnerabilities in Autodesk Design ...) +CVE-2010-5226 NOT-FOR-US: Autodesk Design Review -CVE-2010-5225 (Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local ...) +CVE-2010-5225 NOT-FOR-US: Babylon 8.1.0 -CVE-2010-5224 (Untrusted search path vulnerability in Cool iPhone Ringtone Maker ...) +CVE-2010-5224 NOT-FOR-US: Cool iPhone Ringtone Maker -CVE-2010-5223 (Multiple untrusted search path vulnerabilities in Phoenix Project ...) +CVE-2010-5223 NOT-FOR-US: Phoenix Project Manager -CVE-2010-5222 (Untrusted search path vulnerability in Ease Jukebox 1.40 allows local ...) +CVE-2010-5222 NOT-FOR-US: Ease Jukebox -CVE-2010-5221 (Untrusted search path vulnerability in STDU Explorer 1.0.201 allows ...) +CVE-2010-5221 NOT-FOR-US: STDU Explorer -CVE-2010-5220 (Untrusted search path vulnerability in MEO Encryption Software 2.02 ...) +CVE-2010-5220 NOT-FOR-US: MEO Encryption Software -CVE-2010-5219 (Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows ...) +CVE-2010-5219 NOT-FOR-US: SmartFTP -CVE-2010-5218 (Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows ...) +CVE-2010-5218 NOT-FOR-US: Dupehunter -CVE-2010-5217 (Multiple untrusted search path vulnerabilities in TuneUp Utilities ...) +CVE-2010-5217 NOT-FOR-US: TuneUp Utilities -CVE-2010-5216 (Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 ...) +CVE-2010-5216 NOT-FOR-US: LINGO -CVE-2010-5215 (Multiple untrusted search path vulnerabilities in SWiSH Max3 3.0 ...) +CVE-2010-5215 NOT-FOR-US: SWiSH Max3 -CVE-2010-5214 (Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 ...) +CVE-2010-5214 NOT-FOR-US: Fotobook Editor -CVE-2010-5213 (Untrusted search path vulnerability in Adobe LiveCycle Designer ...) +CVE-2010-5213 NOT-FOR-US: Adobe LiveCycle Designer -CVE-2010-5212 (Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 ...) +CVE-2010-5212 NOT-FOR-US: Adobe LiveCycle Designer ES2 -CVE-2010-5211 (Untrusted search path vulnerability in ALSee 6.20.0.1 allows local ...) +CVE-2010-5211 NOT-FOR-US: ALSee -CVE-2010-5210 (Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows ...) +CVE-2010-5210 NOT-FOR-US: Sorax Reader -CVE-2010-5209 (Multiple untrusted search path vulnerabilities in Nuance PDF Reader ...) +CVE-2010-5209 NOT-FOR-US: Nuance PDF Reader -CVE-2010-5208 (Multiple untrusted search path vulnerabilities in the (1) ...) +CVE-2010-5208 NOT-FOR-US: Kingsoft Office -CVE-2010-5207 (Multiple untrusted search path vulnerabilities in CelFrame Office 2008 ...) +CVE-2010-5207 NOT-FOR-US: CelFrame Office -CVE-2010-5206 (Multiple untrusted search path vulnerabilities in e-press ONE Office ...) +CVE-2010-5206 NOT-FOR-US: ONE Office -CVE-2010-5205 (Multiple untrusted search path vulnerabilities in e-press ONE Office ...) +CVE-2010-5205 NOT-FOR-US: ONE Office -CVE-2010-5204 (Multiple untrusted search path vulnerabilities in IBM Lotus Symphony ...) +CVE-2010-5204 NOT-FOR-US: IBM Lotus Symphony -CVE-2010-5203 (Multiple untrusted search path vulnerabilities in NCP Secure ...) +CVE-2010-5203 NOT-FOR-US: NCP Secure Enterprise -CVE-2010-5202 (Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic ...) +CVE-2010-5202 NOT-FOR-US: JetAudio -CVE-2010-5201 (Untrusted search path vulnerability in MAGIX Samplitude Producer 11 ...) +CVE-2010-5201 NOT-FOR-US: MAGIX Samplitude Producer -CVE-2010-5200 (Untrusted search path vulnerability in KeePass Password Safe before ...) +CVE-2010-5200 NOT-FOR-US: KeePass 1 (a Windows only program) is not in Debian, only KeePass 2 (multi-OS version of KeePass) and KeePassX (port/rewrite of KeePass) -CVE-2010-5199 (Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 ...) +CVE-2010-5199 NOT-FOR-US: PhotoImpact -CVE-2010-5198 (Multiple untrusted search path vulnerabilities in Intuit QuickBooks ...) +CVE-2010-5198 NOT-FOR-US: Intuit QuickBooks -CVE-2010-5197 (Untrusted search path vulnerability in Pixia 4.70j allows local users ...) +CVE-2010-5197 NOT-FOR-US: Pixia 4.70j -CVE-2010-5196 (Untrusted search path vulnerability in KeePass Password Safe before ...) +CVE-2010-5196 - keepass2 <not-affected> (only affects Windows) -CVE-2010-5195 (Untrusted search path vulnerability in Roxio MyDVD 9 allows local ...) +CVE-2010-5195 NOT-FOR-US: Roxio MyDVD 9 -CVE-2010-5194 (Stack-based buffer overflow in the Image2PDF function in the ...) +CVE-2010-5194 NOT-FOR-US: Viscom Image Viewer CP Pro -CVE-2010-5193 (Stack-based buffer overflow in the TIFMergeMultiFiles function in the ...) +CVE-2010-5193 NOT-FOR-US: Viscom Image Viewer CP Pro -CVE-2010-5192 (Cross-site scripting (XSS) vulnerability in the Java Management ...) +CVE-2010-5192 NOT-FOR-US: Blue Coat -CVE-2010-5191 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue ...) +CVE-2010-5191 NOT-FOR-US: Blue Coat -CVE-2010-5190 (The Active Content Transformation functionality in Blue Coat ProxySG ...) +CVE-2010-5190 NOT-FOR-US: Blue Coat -CVE-2010-5189 (Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 ...) +CVE-2010-5189 NOT-FOR-US: Blue Coat -CVE-2010-5188 (SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain ...) +CVE-2010-5188 - silverstripe <itp> (bug #528461) -CVE-2010-5187 (SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running ...) +CVE-2010-5187 - silverstripe <itp> (bug #528461) -CVE-2010-5186 (The Antivirus component in Comodo Internet Security before ...) +CVE-2010-5186 NOT-FOR-US: Comodo Internet Security -CVE-2010-5185 (The Antivirus component in Comodo Internet Security before ...) +CVE-2010-5185 NOT-FOR-US: Comodo Internet Security -CVE-2010-5184 (** DISPUTED ** Race condition in ZoneAlarm Extreme Security ...) +CVE-2010-5184 NOT-FOR-US: Anti virus snake oil -CVE-2010-5183 (** DISPUTED ** Race condition in Webroot Internet Security Essentials ...) +CVE-2010-5183 NOT-FOR-US: Anti virus snake oil -CVE-2010-5182 (** DISPUTED ** Race condition in VirusBuster Internet Security Suite ...) +CVE-2010-5182 NOT-FOR-US: Anti virus snake oil -CVE-2010-5181 (** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on ...) +CVE-2010-5181 NOT-FOR-US: Anti virus snake oil -CVE-2010-5180 (** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows ...) +CVE-2010-5180 NOT-FOR-US: Anti virus snake oil -CVE-2010-5179 (** DISPUTED ** Race condition in Trend Micro Internet Security Pro ...) +CVE-2010-5179 NOT-FOR-US: Anti virus snake oil -CVE-2010-5178 (** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP ...) +CVE-2010-5178 NOT-FOR-US: Anti virus snake oil -CVE-2010-5177 (** DISPUTED ** Race condition in Sophos Endpoint Security and Control ...) +CVE-2010-5177 NOT-FOR-US: Anti virus snake oil -CVE-2010-5176 (** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on ...) +CVE-2010-5176 NOT-FOR-US: Anti virus snake oil -CVE-2010-5175 (** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on Windows ...) +CVE-2010-5175 NOT-FOR-US: Anti virus snake oil -CVE-2010-5174 (** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows ...) +CVE-2010-5174 NOT-FOR-US: Anti virus snake oil -CVE-2010-5173 (** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on ...) +CVE-2010-5173 NOT-FOR-US: Anti virus snake oil -CVE-2010-5172 (** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 ...) +CVE-2010-5172 NOT-FOR-US: Anti virus snake oil -CVE-2010-5171 (** DISPUTED ** Race condition in Outpost Security Suite Pro ...) +CVE-2010-5171 NOT-FOR-US: Anti virus snake oil -CVE-2010-5170 (** DISPUTED ** Race condition in Online Solutions Security Suite ...) +CVE-2010-5170 NOT-FOR-US: Anti virus snake oil -CVE-2010-5169 (** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35 on ...) +CVE-2010-5169 NOT-FOR-US: Anti virus snake oil -CVE-2010-5168 (** DISPUTED ** Race condition in Symantec Norton Internet Security ...) +CVE-2010-5168 NOT-FOR-US: Anti virus snake oil -CVE-2010-5167 (** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on ...) +CVE-2010-5167 NOT-FOR-US: Anti virus snake oil -CVE-2010-5166 (** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 ...) +CVE-2010-5166 NOT-FOR-US: Anti virus snake oil -CVE-2010-5165 (** DISPUTED ** Race condition in Malware Defender 2.6.0 on Windows XP ...) +CVE-2010-5165 NOT-FOR-US: Anti virus snake oil -CVE-2010-5164 (** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus ...) +CVE-2010-5164 NOT-FOR-US: Anti virus snake oil -CVE-2010-5163 (** DISPUTED ** Race condition in Kaspersky Internet Security 2010 ...) +CVE-2010-5163 NOT-FOR-US: Anti virus snake oil -CVE-2010-5162 (** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP ...) +CVE-2010-5162 NOT-FOR-US: Anti virus snake oil -CVE-2010-5161 (** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 ...) +CVE-2010-5161 NOT-FOR-US: Anti virus snake oil -CVE-2010-5160 (** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on ...) +CVE-2010-5160 NOT-FOR-US: Anti virus snake oil -CVE-2010-5159 (** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 ...) +CVE-2010-5159 NOT-FOR-US: Anti virus snake oil -CVE-2010-5158 (** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on ...) +CVE-2010-5158 NOT-FOR-US: Anti virus snake oil -CVE-2010-5157 (Race condition in Comodo Internet Security before 4.1.149672.916 on ...) +CVE-2010-5157 NOT-FOR-US: Comodo Internet Security -CVE-2010-5156 (** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 ...) +CVE-2010-5156 NOT-FOR-US: Anti virus snake oil -CVE-2010-5155 (** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows ...) +CVE-2010-5155 NOT-FOR-US: Anti virus snake oil -CVE-2010-5154 (** DISPUTED ** Race condition in BitDefender Total Security 2010 ...) +CVE-2010-5154 NOT-FOR-US: Anti virus snake oil -CVE-2010-5153 (** DISPUTED ** Race condition in Avira Premium Security Suite ...) +CVE-2010-5153 NOT-FOR-US: Anti virus snake oil -CVE-2010-5152 (** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on ...) +CVE-2010-5152 NOT-FOR-US: Anti virus snake oil -CVE-2010-5151 (** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on ...) +CVE-2010-5151 NOT-FOR-US: Anti virus snake oil -CVE-2010-5150 (** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 ...) +CVE-2010-5150 NOT-FOR-US: Anti virus snake oil -CVE-2010-5149 (Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x ...) +CVE-2010-5149 NOT-FOR-US: Websense -CVE-2010-5148 (Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set ...) +CVE-2010-5148 NOT-FOR-US: Websense -CVE-2010-5147 (The Remote Filtering component in Websense Web Security and Web Filter ...) +CVE-2010-5147 NOT-FOR-US: Websense -CVE-2010-5146 (The Remote Filtering component in Websense Web Security and Web Filter ...) +CVE-2010-5146 NOT-FOR-US: Websense -CVE-2010-5145 (The Filtering Service in Websense Web Security and Web Filter before ...) +CVE-2010-5145 NOT-FOR-US: Websense -CVE-2010-5144 (The ISAPI Filter plug-in in Websense Enterprise, Websense Web ...) +CVE-2010-5144 NOT-FOR-US: Websense -CVE-2010-5143 (McAfee VirusScan Enterprise before 8.8 allows local users to disable ...) +CVE-2010-5143 NOT-FOR-US: McAfee -CVE-2010-5142 (chef-server-api/app/controllers/users.rb in the API in Chef before ...) +CVE-2010-5142 - chef 0.10.10-1 -CVE-2010-5141 (wxBitcoin and bitcoind before 0.3.5 do not properly handle script ...) +CVE-2010-5141 - bitcoin <not-affected> (Fixed before initial release) -CVE-2010-5140 (wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins ...) +CVE-2010-5140 - bitcoin <not-affected> (Fixed before initial release) -CVE-2010-5139 (Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote ...) +CVE-2010-5139 - bitcoin <not-affected> (Fixed before initial release) -CVE-2010-5138 (wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial ...) +CVE-2010-5138 - bitcoin 0.4.0-1 -CVE-2010-5137 (wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a ...) +CVE-2010-5137 - bitcoin <not-affected> (Fixed before initial release) CVE-2010-5136 REJECTED @@ -466,18 +466,18 @@ CVE-2010-5113 RESERVED CVE-2010-5112 RESERVED -CVE-2010-5111 (Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote ...) +CVE-2010-5111 - echoping 6.0.2-4 (low; bug #606808) [squeeze] - echoping <no-dsa> (Minor issue) NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/ NOTE: https://bugs.gentoo.org/show_bug.cgi?id=349569 NOTE: http://xforce.iss.net/xforce/xfdb/64141 NOTE: http://secunia.com/advisories/42619/ -CVE-2010-5110 (DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause ...) +CVE-2010-5110 {DLA-24-1} - poppler 0.16.3-1 (bug #722705) [squeeze] - poppler 0.12.4-1.2+squeeze4 -CVE-2010-5109 (Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's ...) +CVE-2010-5109 - libytnef 1.5-5 (low; bug #705468) [squeeze] - libytnef <no-dsa> (Minor issue) [wheezy] - libytnef <no-dsa> (Minor issue) @@ -490,614 +490,614 @@ CVE-2010-5109 (Off-by-one error in the DecompressRTF function in ytnef.c in Yera CVE-2010-5108 [Trac Ticket Modification Workflow Permission Restriction Bypass] RESERVED - trac 0.11.7-1 (bug #573260) -CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time ...) +CVE-2010-5107 - openssh 1:6.0p1-4 (low; bug #700102) [squeeze] - openssh 1:5.5p1-6+squeeze3 -CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...) +CVE-2010-5106 - wordpress 3.0.3-1 -CVE-2010-5105 (The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ...) +CVE-2010-5105 - blender <unfixed> (unimportant; bug #584621) [squeeze] - blender <no-dsa> (Minor issue) [wheezy] - blender <no-dsa> (Minor issue) NOTE: Neutralised by kernel temp hardening -CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...) +CVE-2010-5104 - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5103 (SQL injection vulnerability in the list module in TYPO3 4.2.x before ...) +CVE-2010-5103 - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5102 (Directory traversal vulnerability in mod/tools/em/class.em_unzip.php ...) +CVE-2010-5102 - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5101 (Directory traversal vulnerability in the TypoScript setup in TYPO3 ...) +CVE-2010-5101 - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5100 (Multiple cross-site scripting (XSS) vulnerabilities in the Install ...) +CVE-2010-5100 - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5099 (The fileDenyPattern functionality in the PHP file inclusion protection ...) +CVE-2010-5099 - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5098 (Cross-site scripting (XSS) vulnerability in the FORM content object in ...) +CVE-2010-5098 - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5097 (Cross-site scripting (XSS) vulnerability in the click enlarge ...) +CVE-2010-5097 - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5096 (** DISPUTED ** ...) +CVE-2010-5096 NOT-FOR-US: MyBB -CVE-2010-5095 (Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before ...) +CVE-2010-5095 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5094 (The deleteinstallfiles function in control/ContentController.php in ...) +CVE-2010-5094 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5093 (Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before ...) +CVE-2010-5093 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5092 (The Add Member dialog in the Security admin page in SilverStripe 2.4.0 ...) +CVE-2010-5092 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5091 (The setName function in filesystem/File.php in SilverStripe 2.3.x ...) +CVE-2010-5091 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5090 (SilverStripe before 2.4.2 allows remote authenticated users to change ...) +CVE-2010-5090 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5089 (SilverStripe before 2.4.2 does not properly restrict access to pages ...) +CVE-2010-5089 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5088 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2010-5088 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5087 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote ...) +CVE-2010-5087 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5086 (Directory traversal vulnerability in wiki/rankings.php in Bitweaver ...) +CVE-2010-5086 NOT-FOR-US: Bitweaver -CVE-2010-5085 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2010-5085 NOT-FOR-US: Hulihan Amethyst -CVE-2010-5084 (The cross-site request forgery (CSRF) protection mechanism in e107 ...) +CVE-2010-5084 NOT-FOR-US: e107 -CVE-2010-5083 (SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 ...) +CVE-2010-5083 NOT-FOR-US: PHP-Nuke -CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in ...) +CVE-2010-5082 NOT-FOR-US: Windows Server -CVE-2010-5081 (Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 ...) +CVE-2010-5081 NOT-FOR-US: Mini-Stream RM-MP3 Converter -CVE-2010-5080 (The Security/changepassword URL action in SilverStripe 2.3.x before ...) +CVE-2010-5080 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5079 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak ...) +CVE-2010-5079 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5078 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores ...) +CVE-2010-5078 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-5077 (server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, ...) +CVE-2010-5077 {DSA-2442-1} - openarena 0.8.5-6 (medium; bug #665656) - ioquake3 <not-affected> (fixed before upload) - tremulous 1.1.0-8 (bug #665842) [squeeze] - tremulous 1.1.0-7~squeeze1 -CVE-2010-5076 (QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in ...) +CVE-2010-5076 - qt4-x11 4:4.6.3-1 NOTE: Might be fixed earlier, but Squeeze version has been validated to be fixed -CVE-2010-5075 (Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security ...) +CVE-2010-5075 NOT-FOR-US: Avast! Internet Security -CVE-2010-5074 (The layout engine in Mozilla Firefox before 4.0, Thunderbird before ...) +CVE-2010-5074 - iceweasel 4.0-1 (unimportant) -CVE-2010-5073 (The JavaScript implementation in Google Chrome 4 does not properly ...) +CVE-2010-5073 - chromium-browser <not-affected> - webkit <not-affected> -CVE-2010-5072 (The JavaScript implementation in Opera 10.5 does not properly restrict ...) +CVE-2010-5072 NOT-FOR-US: Opera -CVE-2010-5071 (The JavaScript implementation in Microsoft Internet Explorer 8.0 and ...) +CVE-2010-5071 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-5070 (The JavaScript implementation in Apple Safari 4 does not properly ...) +CVE-2010-5070 NOT-FOR-US: Safari -CVE-2010-5069 (The Cascading Style Sheets (CSS) implementation in Google Chrome 4 ...) +CVE-2010-5069 - chromium-browser <not-affected> - webkit <not-affected> -CVE-2010-5068 (The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not ...) +CVE-2010-5068 NOT-FOR-US: Opera -CVE-2010-5067 (Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that ...) +CVE-2010-5067 NOT-FOR-US: Virtual War -CVE-2010-5066 (The createRandomPassword function in includes/functions_common.php in ...) +CVE-2010-5066 NOT-FOR-US: Virtual War -CVE-2010-5065 (popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...) +CVE-2010-5065 NOT-FOR-US: Virtual War -CVE-2010-5064 (Multiple cross-site scripting (XSS) vulnerabilities in Virtual War ...) +CVE-2010-5064 NOT-FOR-US: Virtual War -CVE-2010-5063 (SQL injection vulnerability in article.php in Virtual War (aka VWar) ...) +CVE-2010-5063 NOT-FOR-US: Virtual War -CVE-2010-5062 (SQL injection vulnerability in search.php in MH Products ...) +CVE-2010-5062 NOT-FOR-US: MH Products kleinanzeigenmarkt -CVE-2010-5061 (SQL injection vulnerability in index.php in RSStatic allows remote ...) +CVE-2010-5061 NOT-FOR-US: RSStatic -CVE-2010-5060 (SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows ...) +CVE-2010-5060 NOT-FOR-US: NUs Newssystem -CVE-2010-5059 (SQL injection vulnerability in index.php in CMScout 2.0.8 allows ...) +CVE-2010-5059 NOT-FOR-US: CMScout -CVE-2010-5058 (SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 ...) +CVE-2010-5058 NOT-FOR-US: CMS Ariadna -CVE-2010-5057 (SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 ...) +CVE-2010-5057 NOT-FOR-US: CMS Ariadna -CVE-2010-5056 (SQL injection vulnerability in the GBU Facebook (com_gbufacebook) ...) +CVE-2010-5056 NOT-FOR-US: GBU Facebook -CVE-2010-5055 (SQL injection vulnerability in index.php in Almnzm 2.1 allows remote ...) +CVE-2010-5055 NOT-FOR-US: Almnzm -CVE-2010-5054 (Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki ...) +CVE-2010-5054 NOT-FOR-US: JAMWiki -CVE-2010-5053 (SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 ...) +CVE-2010-5053 NOT-FOR-US: Joomla extension -CVE-2010-5052 (Cross-site scripting (XSS) vulnerability in admin/components.php in ...) +CVE-2010-5052 NOT-FOR-US: GetSimple CMS -CVE-2010-5051 (Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php ...) +CVE-2010-5051 NOT-FOR-US: razorCMS -CVE-2010-5050 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-5050 NOT-FOR-US: ManageEngine ADManager Plus -CVE-2010-5049 (SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier ...) +CVE-2010-5049 - zabbix 1:1.8.2-1 -CVE-2010-5048 (Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the ...) +CVE-2010-5048 NOT-FOR-US: Joomla extension -CVE-2010-5047 (SQL injection vulnerability in page.php in V-EVA Press Release Script ...) +CVE-2010-5047 NOT-FOR-US: V-EVA Press Release Script -CVE-2010-5046 (Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows ...) +CVE-2010-5046 NOT-FOR-US: ecoCMS -CVE-2010-5045 (Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ...) +CVE-2010-5045 NOT-FOR-US: Smart ASP Survey -CVE-2010-5044 (SQL injection vulnerability in models/log.php in the Search Log ...) +CVE-2010-5044 NOT-FOR-US: Search log Joomla addon -CVE-2010-5043 (SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) ...) +CVE-2010-5043 NOT-FOR-US: Joomla extension -CVE-2010-5042 (Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery ...) +CVE-2010-5042 NOT-FOR-US: Joomla extension -CVE-2010-5041 (SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 ...) +CVE-2010-5041 NOT-FOR-US: Nucleus CMS extension -CVE-2010-5040 (PHP remote file inclusion vulnerability in ...) +CVE-2010-5040 NOT-FOR-US: Nucleus CMS extension -CVE-2010-5039 (SQL injection vulnerability in control/admin_login.php in ScriptsFeed ...) +CVE-2010-5039 NOT-FOR-US: ScriptsFeed Recipes Listing Portal -CVE-2010-5038 (PHP remote file inclusion vulnerability in contact/contact.php in ...) +CVE-2010-5038 NOT-FOR-US: Groone's Simple Contact Form -CVE-2010-5037 (SQL injection vulnerability in article.php in SenseSites CommonSense ...) +CVE-2010-5037 NOT-FOR-US: SenseSites CommonSense CMS -CVE-2010-5036 (SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 ...) +CVE-2010-5036 NOT-FOR-US: iScripts eSwap -CVE-2010-5035 (Cross-site scripting (XSS) vulnerability in search.php in iScripts ...) +CVE-2010-5035 NOT-FOR-US: iScripts eSwap -CVE-2010-5034 (SQL injection vulnerability in viewhistorydetail.php in iScripts ...) +CVE-2010-5034 NOT-FOR-US: iScripts EasyBiller -CVE-2010-5033 (SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows ...) +CVE-2010-5033 NOT-FOR-US: Fusebox -CVE-2010-5032 (SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component ...) +CVE-2010-5032 NOT-FOR-US: Joomla extension -CVE-2010-5031 (Cross-site scripting (XSS) vulnerability in index.php in fileNice 1.1 ...) +CVE-2010-5031 NOT-FOR-US: fileNice -CVE-2010-5030 (Cross-site scripting (XSS) vulnerability in index.php in Ecomat CMS ...) +CVE-2010-5030 NOT-FOR-US: Ecomat CMS -CVE-2010-5029 (SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows ...) +CVE-2010-5029 NOT-FOR-US: Ecomat CMS -CVE-2010-5028 (SQL injection vulnerability in the JExtensions JE Job (com_jejob) ...) +CVE-2010-5028 NOT-FOR-US: Joomla extension -CVE-2010-5027 (Cross-site scripting (XSS) vulnerability in winners.php in Science ...) +CVE-2010-5027 NOT-FOR-US: Science Fair In A Box (SFIAB) -CVE-2010-5026 (SQL injection vulnerability in winners.php in Science Fair In A Box ...) +CVE-2010-5026 NOT-FOR-US: Science Fair In A Box (SFIAB) -CVE-2010-5025 (Cross-site scripting (XSS) vulnerability in manage/main.php in ...) +CVE-2010-5025 NOT-FOR-US: CuteSITE CMS -CVE-2010-5024 (SQL injection vulnerability in manage/add_user.php in CuteSITE CMS ...) +CVE-2010-5024 NOT-FOR-US: CuteSITE CMS -CVE-2010-5023 (SQL injection vulnerability in index.asp in Digital Interchange ...) +CVE-2010-5023 NOT-FOR-US: Digital Interchange Calendar -CVE-2010-5022 (SQL injection vulnerability in the JExtensions JE Story Submit ...) +CVE-2010-5022 NOT-FOR-US: Joomla extension -CVE-2010-5021 (SQL injection vulnerability in view_group.asp in Digital Interchange ...) +CVE-2010-5021 NOT-FOR-US: Digital Interchange Calendar -CVE-2010-5020 (SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 ...) +CVE-2010-5020 NOT-FOR-US: NetArt Media iBoutique -CVE-2010-5019 (SQL injection vulnerability in view_photo.php in 2daybiz Online ...) +CVE-2010-5019 NOT-FOR-US: 2daybiz Online Classified Script -CVE-2010-5018 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-5018 NOT-FOR-US: 2daybiz Online Classified Script -CVE-2010-5017 (SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 ...) +CVE-2010-5017 NOT-FOR-US: Elite Gaming Ladders -CVE-2010-5016 (SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 ...) +CVE-2010-5016 NOT-FOR-US: Elite Gaming Ladders -CVE-2010-5015 (SQL injection vulnerability in view_photo.php in 2daybiz Network ...) +CVE-2010-5015 NOT-FOR-US: 2daybiz Network Community Script -CVE-2010-5014 (SQL injection vulnerability in standings.php in Elite Gaming Ladders ...) +CVE-2010-5014 NOT-FOR-US: Elite Gaming Ladders -CVE-2010-5013 (SQL injection vulnerability in listing_detail.asp in Mckenzie ...) +CVE-2010-5013 NOT-FOR-US: Mckenzie Creations Virtual Real Estate Manager -CVE-2010-5012 (SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows ...) +CVE-2010-5012 NOT-FOR-US: DaLogin -CVE-2010-5011 (SQL injection vulnerability in schoolmv2/html/studentmain.php in ...) +CVE-2010-5011 NOT-FOR-US: SchoolMation -CVE-2010-5010 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-5010 NOT-FOR-US: SchoolMation -CVE-2010-5009 (SQL injection vulnerability in index.php in UTStats Beta 4 and earlier ...) +CVE-2010-5009 NOT-FOR-US: UTStats -CVE-2010-5008 (SQL injection vulnerability in pages/contact_list_mail_form.asp in ...) +CVE-2010-5008 NOT-FOR-US: BrightSuite Groupware -CVE-2010-5007 (Cross-site scripting (XSS) vulnerability in pages/match_report.php in ...) +CVE-2010-5007 NOT-FOR-US: UTStats -CVE-2010-5006 (SQL injection vulnerability in googlemap/index.php in EMO Realty ...) +CVE-2010-5006 NOT-FOR-US: EMO Realty Manager -CVE-2010-5005 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-5005 NOT-FOR-US: Rayzz Photoz -CVE-2010-5004 (SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka ...) +CVE-2010-5004 NOT-FOR-US: 2daybiz Polls -CVE-2010-5000 (SQL injection vulnerability in login/login_index.php in MCLogin System ...) +CVE-2010-5000 NOT-FOR-US: MCLogin System -CVE-2010-4998 (PHP remote file inclusion vulnerability in ...) +CVE-2010-4998 NOT-FOR-US: ardeaCore PHP Framework -CVE-2010-4997 (SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 ...) +CVE-2010-4997 NOT-FOR-US: OlyKit Swoopo Clone 2010 -CVE-2010-4971 (Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way ...) +CVE-2010-4971 NOT-FOR-US: VideoWhisper PHP 2 Way Video Chat -CVE-2010-5003 (SQL injection vulnerability in the AutarTimonial (com_autartimonial) ...) +CVE-2010-5003 NOT-FOR-US: Joomla extension -CVE-2010-5002 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-5002 NOT-FOR-US: Exponent CMS -CVE-2010-5001 (SQL injection vulnerability in view.php in esoftpro Online Contact ...) +CVE-2010-5001 NOT-FOR-US: esoftpro Online Contact Manager -CVE-2010-4999 (SQL injection vulnerability in index.php in esoftpro Online Photo Pro ...) +CVE-2010-4999 NOT-FOR-US: esoftpro Online Photo Pro -CVE-2010-4996 (SQL injection vulnerability in ogp_show.php in esoftpro Online ...) +CVE-2010-4996 NOT-FOR-US: esoftpro Online Guestbook Pro -CVE-2010-4995 (SQL injection vulnerability in the NeoRecruit (com_neorecruit) ...) +CVE-2010-4995 NOT-FOR-US: Joomla extension -CVE-2010-4994 (SQL injection vulnerability in the Jobs Pro component 1.6.4 for ...) +CVE-2010-4994 NOT-FOR-US: Joomla extension -CVE-2010-4993 (SQL injection vulnerability in the eventcal (com_eventcal) component ...) +CVE-2010-4993 NOT-FOR-US: Joomla extension -CVE-2010-4992 (SQL injection vulnerability in the Payments Plus component 2.1.5 for ...) +CVE-2010-4992 NOT-FOR-US: Joomla extension -CVE-2010-4991 (SQL injection vulnerability in the NinjaMonials (com_ninjamonials) ...) +CVE-2010-4991 NOT-FOR-US: Joomla extension -CVE-2010-4990 (SQL injection vulnerability in the Front-edit Address Book ...) +CVE-2010-4990 NOT-FOR-US: Joomla extension -CVE-2010-4989 (SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows ...) +CVE-2010-4989 NOT-FOR-US: Ziggurat Farsi CMS -CVE-2010-4988 (PHP remote file inclusion vulnerability in ...) +CVE-2010-4988 NOT-FOR-US: Family Connections Who is Chatting -CVE-2010-4987 (SQL injection vulnerability in default.asp in KMSoft Guestbook (aka ...) +CVE-2010-4987 NOT-FOR-US: KMSoft Guestbook (aka GBook) -CVE-2010-4986 (SQL injection vulnerability in detail.php in Simple Document ...) +CVE-2010-4986 NOT-FOR-US: Simple Document Management System (SDMS) -CVE-2010-4985 (Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam ...) +CVE-2010-4985 NOT-FOR-US: My Kazaam Notes Management System -CVE-2010-4984 (SQL injection vulnerability in notes.php in My Kazaam Notes Management ...) +CVE-2010-4984 NOT-FOR-US: My Kazaam Notes Management System -CVE-2010-4983 (SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 ...) +CVE-2010-4983 NOT-FOR-US: iScripts CyberMatch -CVE-2010-4982 (SQL injection vulnerability in address_book/contacts.php in My Kazaam ...) +CVE-2010-4982 NOT-FOR-US: My Kazaam Address & Contact Organizer -CVE-2010-4981 (SQL injection vulnerability in trackads.php in YourFreeWorld Banner ...) +CVE-2010-4981 NOT-FOR-US: YourFreeWorld Banner Management -CVE-2010-4980 (SQL injection vulnerability in packagedetails.php in iScripts ...) +CVE-2010-4980 NOT-FOR-US: iScripts ReserveLogic -CVE-2010-4979 (SQL injection vulnerability in image/view.php in CANDID allows remote ...) +CVE-2010-4979 NOT-FOR-US: CANDID -CVE-2010-4978 (Cross-site scripting (XSS) vulnerability in image/view.php in CANDID ...) +CVE-2010-4978 NOT-FOR-US: CANDID -CVE-2010-4977 (SQL injection vulnerability in menu.php in the Canteen (com_canteen) ...) +CVE-2010-4977 NOT-FOR-US: Joomla extension -CVE-2010-4976 (Cross-site scripting (XSS) vulnerability in search/search.php in ...) +CVE-2010-4976 NOT-FOR-US: MetInfo -CVE-2010-4975 (SQL injection vulnerability in the Techjoomla SocialAds For JomSocial ...) +CVE-2010-4975 NOT-FOR-US: Joomla extension -CVE-2010-4974 (SQL injection vulnerability in info.php in BrotherScripts (BS) and ...) +CVE-2010-4974 NOT-FOR-US: BrotherScripts (BS) and ScriptsFeed Auto Dealer -CVE-2010-4973 (Cross-site scripting (XSS) vulnerability in the search feature in ...) +CVE-2010-4973 NOT-FOR-US: Campsite -CVE-2010-4972 (SQL injection vulnerability in index.php in YPNinc JokeScript allows ...) +CVE-2010-4972 NOT-FOR-US: YPNinc JokeScript -CVE-2010-4970 (SQL injection vulnerability in handlers/getpage.php in Wiki Web Help ...) +CVE-2010-4970 NOT-FOR-US: Wiki Web Help -CVE-2010-4969 (SQL injection vulnerability in articlesdetails.php in BrotherScripts ...) +CVE-2010-4969 NOT-FOR-US: BrotherScripts (BS) Business Directory -CVE-2010-4968 (SQL injection vulnerability in the webmaster-tips.net Flash Gallery ...) +CVE-2010-4968 NOT-FOR-US: Joomla extension -CVE-2010-4967 (SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 ...) +CVE-2010-4967 NOT-FOR-US: ATCOM Netvolution -CVE-2010-4966 (Cross-site scripting (XSS) vulnerability in default.asp in ATCOM ...) +CVE-2010-4966 NOT-FOR-US: ATCOM Netvolution -CVE-2010-4965 (/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 ...) +CVE-2010-4965 NOT-FOR-US: D-Link DCS-2121 -CVE-2010-4964 (recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 ...) +CVE-2010-4964 NOT-FOR-US: D-Link DCS-2121 -CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows ...) +CVE-2010-4963 NOT-FOR-US: Hulihan BXR -CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension ...) +CVE-2010-4962 NOT-FOR-US: Typo3 extension -CVE-2010-4961 (SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension ...) +CVE-2010-4961 NOT-FOR-US: Typo3 extension -CVE-2010-4960 (Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka ...) +CVE-2010-4960 NOT-FOR-US: Branchenbuch -CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects Pre ...) +CVE-2010-4959 NOT-FOR-US: Pre Projects Pre Podcast Portal -CVE-2010-4958 (SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows ...) +CVE-2010-4958 NOT-FOR-US: Prado Portal -CVE-2010-4957 (SQL injection vulnerability in the Questionnaire (ke_questionnaire) ...) +CVE-2010-4957 NOT-FOR-US: Typo3 extension -CVE-2010-4956 (Cross-site scripting (XSS) vulnerability in the Questionnaire ...) +CVE-2010-4956 NOT-FOR-US: Typo3 extension -CVE-2010-4955 (SQL injection vulnerability in board/board.php in APBoard Developers ...) +CVE-2010-4955 NOT-FOR-US: APBoard Developers APBoard -CVE-2010-4954 (SQL injection vulnerability in product_reviews_info.php in xt:Commerce ...) +CVE-2010-4954 NOT-FOR-US: xt:Commerce Gambio -CVE-2010-4953 (Unspecified vulnerability in the JW Calendar (jw_calendar) extension ...) +CVE-2010-4953 NOT-FOR-US: Typo3 extension -CVE-2010-4952 (SQL injection vulnerability in the FE user statistic (festat) ...) +CVE-2010-4952 NOT-FOR-US: Typo3 extension -CVE-2010-4951 (Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox ...) +CVE-2010-4951 NOT-FOR-US: Typo3 extension -CVE-2010-4950 (SQL injection vulnerability in the Event (event) extension before ...) +CVE-2010-4950 NOT-FOR-US: Typo3 extension -CVE-2010-4949 (Cross-site scripting (XSS) vulnerability in the (1) FreiChat component ...) +CVE-2010-4949 NOT-FOR-US: Joomla extension -CVE-2010-4948 (PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in ...) +CVE-2010-4948 NOT-FOR-US: PHP Free Photo Gallery -CVE-2010-4947 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...) +CVE-2010-4947 NOT-FOR-US: ALLPC -CVE-2010-4946 (SQL injection vulnerability in product_info.php in ALLPC 2.5 allows ...) +CVE-2010-4946 NOT-FOR-US: ALLPC -CVE-2010-4945 (SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) ...) +CVE-2010-4945 NOT-FOR-US: CamelcityDB -CVE-2010-4944 (SQL injection vulnerability in the Elite Experts (com_elite_experts) ...) +CVE-2010-4944 NOT-FOR-US: Joomla extension -CVE-2010-4943 (Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 ...) +CVE-2010-4943 NOT-FOR-US: Saurus CMS -CVE-2010-4942 (SQL injection vulnerability in location.php in the eCal module in ...) +CVE-2010-4942 NOT-FOR-US: E-Xoopport Samsara -CVE-2010-4941 (SQL injection vulnerability in the Teams (com_teams) component ...) +CVE-2010-4941 NOT-FOR-US: Joomla extension -CVE-2010-4940 (SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows ...) +CVE-2010-4940 NOT-FOR-US: WAnewsletter -CVE-2010-4939 (PHP remote file inclusion vulnerability in index.php in MailForm 1.2 ...) +CVE-2010-4939 NOT-FOR-US: MailForm -CVE-2010-4938 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...) +CVE-2010-4938 NOT-FOR-US: Joomla extension -CVE-2010-4937 (Multiple SQL injection vulnerabilities in the Amblog (com_amblog) ...) +CVE-2010-4937 NOT-FOR-US: Amblog -CVE-2010-4936 (SQL injection vulnerability in the Slide Show (com_slideshow) ...) +CVE-2010-4936 NOT-FOR-US: Slide Show extension for Joomla -CVE-2010-4935 (SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier ...) +CVE-2010-4935 NOT-FOR-US: Entrans -CVE-2010-4934 (SQL injection vulnerability in video.php in Get Tube 4.51 and earlier ...) +CVE-2010-4934 NOT-FOR-US: Get Tube -CVE-2010-4933 (SQL injection vulnerability in filemgmt/singlefile.php in Geeklog ...) +CVE-2010-4933 NOT-FOR-US: Geeklog -CVE-2010-4932 (Cross-site scripting (XSS) vulnerability in search.php in Entrans ...) +CVE-2010-4932 NOT-FOR-US: Entrans -CVE-2010-4931 (** DISPUTED ** Directory traversal vulnerability in maincore.php in ...) +CVE-2010-4931 NOT-FOR-US: PHP-Fusion -CVE-2010-4930 (Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail ...) +CVE-2010-4930 NOT-FOR-US: @mail Webmail -CVE-2010-4929 (SQL injection vulnerability in the Joostina (com_ezautos) component ...) +CVE-2010-4929 NOT-FOR-US: Joomla extension -CVE-2010-4928 (Cross-site scripting (XSS) vulnerability in the Restaurant Guide ...) +CVE-2010-4928 NOT-FOR-US: Joomla extension -CVE-2010-4927 (SQL injection vulnerability in the Restaurant Guide ...) +CVE-2010-4927 NOT-FOR-US: Joomla extension -CVE-2010-4926 (SQL injection vulnerability in the TimeTrack (com_timetrack) component ...) +CVE-2010-4926 NOT-FOR-US: Joomla extension -CVE-2010-4925 (SQL injection vulnerability in clic.php in the Partenaires module 1.5 ...) +CVE-2010-4925 NOT-FOR-US: Nuked Klan -CVE-2010-4924 (** DISPUTED ** PHP remote file inclusion vulnerability in ...) +CVE-2010-4924 NOT-FOR-US: clearBudget -CVE-2010-4923 (SQL injection vulnerability in book/detail.php in Virtue Netz Virtue ...) +CVE-2010-4923 NOT-FOR-US: Virtue Netz Virtue -CVE-2010-4922 (Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow ...) +CVE-2010-4922 NOT-FOR-US: Allinta CMS -CVE-2010-4921 (SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady ...) +CVE-2010-4921 NOT-FOR-US: DMXReady Polling Booth Manager -CVE-2010-4920 (SQL injection vulnerability in detail.asp in Micronetsoft Rental ...) +CVE-2010-4920 NOT-FOR-US: Micronetsoft -CVE-2010-4919 (SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer ...) +CVE-2010-4919 NOT-FOR-US: Micronetsoft -CVE-2010-4918 (PHP remote file inclusion vulnerability in iJoomla Magazine ...) +CVE-2010-4918 NOT-FOR-US: Joomla extension -CVE-2010-4917 (SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows ...) +CVE-2010-4917 NOT-FOR-US: A-Blog -CVE-2010-4916 (Multiple SQL injection vulnerabilities in index.cfm in ColdGen ...) +CVE-2010-4916 NOT-FOR-US: ColdGen ColdUserGroup -CVE-2010-4915 (SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 ...) +CVE-2010-4915 NOT-FOR-US: ColdGen ColdBookmarks -CVE-2010-4914 (PHP remote file inclusion vulnerability in ...) +CVE-2010-4914 NOT-FOR-US: PHP Classifieds -CVE-2010-4913 (Cross-site scripting (XSS) vulnerability in the search feature in ...) +CVE-2010-4913 NOT-FOR-US: ColdGen ColdUserGroup -CVE-2010-4912 (SQL injection vulnerability in shop.php in UCenter Home 2.0 allows ...) +CVE-2010-4912 NOT-FOR-US: UCenter -CVE-2010-4911 (SQL injection vulnerability in classi/detail.php in PHP Classifieds ...) +CVE-2010-4911 NOT-FOR-US: PHP Classifieds -CVE-2010-4910 (SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 ...) +CVE-2010-4910 NOT-FOR-US: ColdGen ColdCalendar -CVE-2010-4909 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-4909 NOT-FOR-US: PaysiteReviewCMS -CVE-2010-4908 (SQL injection vulnerability in detail.php in Virtue Shopping Mall ...) +CVE-2010-4908 NOT-FOR-US: Virtue Shopping Mall -CVE-2010-4907 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in ...) +CVE-2010-4907 NOT-FOR-US: Zenphoto -CVE-2010-4906 (SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 ...) +CVE-2010-4906 NOT-FOR-US: Zenphoto -CVE-2010-4905 (SQL injection vulnerability in article_details.php in Softbiz Article ...) +CVE-2010-4905 NOT-FOR-US: Softbiz -CVE-2010-4904 (SQL injection vulnerability in the Aardvertiser (com_aardvertiser) ...) +CVE-2010-4904 NOT-FOR-US: Aardvertiser -CVE-2010-4903 (SQL injection vulnerability in index.php in CubeCart 4.3.3 allows ...) +CVE-2010-4903 NOT-FOR-US: CubeCart -CVE-2010-4902 (Multiple SQL injection vulnerabilities in the Clantools ...) +CVE-2010-4902 NOT-FOR-US: Joomla extension -CVE-2010-4901 (Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in ...) +CVE-2010-4901 NOT-FOR-US: MySource Matrix -CVE-2010-4900 (Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and ...) +CVE-2010-4900 NOT-FOR-US: CMS WebManager-Pro -CVE-2010-4899 (SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 ...) +CVE-2010-4899 NOT-FOR-US: CMS WebManager-Pro -CVE-2010-4898 (SQL injection vulnerability in the Gantry (com_gantry) component ...) +CVE-2010-4898 NOT-FOR-US: Joomla extension -CVE-2010-4897 (SQL injection vulnerability in comment.php in BlueCMS 1.6 allows ...) +CVE-2010-4897 NOT-FOR-US: BlueCMS -CVE-2010-4896 (Cross-site scripting (XSS) vulnerability in admin/index.asp in Member ...) +CVE-2010-4896 NOT-FOR-US: Member Management System -CVE-2010-4895 (Cross-site scripting (XSS) vulnerability in core/showsite.php in ...) +CVE-2010-4895 NOT-FOR-US: chillyCMS -CVE-2010-4894 (SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 ...) +CVE-2010-4894 NOT-FOR-US: chillyCMS -CVE-2010-4893 (Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS ...) +CVE-2010-4893 NOT-FOR-US: FestOS -CVE-2010-4892 (Cross-site scripting (XSS) vulnerability in the powermail extension ...) +CVE-2010-4892 NOT-FOR-US: TYPO3 extension -CVE-2010-4891 (SQL injection vulnerability in the Yet Another Calendar (ke_yac) ...) +CVE-2010-4891 NOT-FOR-US: TYPO3 extension -CVE-2010-4890 (Cross-site scripting (XSS) vulnerability in the Yet Another Calendar ...) +CVE-2010-4890 NOT-FOR-US: TYPO3 extension -CVE-2010-4889 (Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension ...) +CVE-2010-4889 NOT-FOR-US: TYPO3 extension -CVE-2010-4888 (SQL injection vulnerability in the Tiny Market (hm_tinymarket) ...) +CVE-2010-4888 NOT-FOR-US: TYPO3 extension -CVE-2010-4887 (SQL injection vulnerability in the Commenting system Backend Module ...) +CVE-2010-4887 NOT-FOR-US: TYPO3 extension -CVE-2010-4886 (Cross-site scripting (XSS) vulnerability in the "official twitter ...) +CVE-2010-4886 NOT-FOR-US: TYPO3 extension -CVE-2010-4885 (Cross-site scripting (XSS) vulnerability in the XING Button (xing) ...) +CVE-2010-4885 NOT-FOR-US: TYPO3 extension -CVE-2010-4884 (PHP remote file inclusion vulnerability in guestbook/gbook.php in ...) +CVE-2010-4884 NOT-FOR-US: Gaestebuch -CVE-2010-4883 (Cross-site scripting (XSS) vulnerability in manager/index.php in MODx ...) +CVE-2010-4883 NOT-FOR-US: MODx Revolution -CVE-2010-4882 (Cross-site scripting (XSS) vulnerability in autocms.php in Auto CMS ...) +CVE-2010-4882 NOT-FOR-US: Auto CMS -CVE-2010-4881 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2010-4881 NOT-FOR-US: ApPHP Calendar -CVE-2010-4880 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-4880 NOT-FOR-US: ApPHP Calendar -CVE-2010-4879 (PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 ...) +CVE-2010-4879 - php-dompdf 0.6.1+dfsg-1 -CVE-2010-4878 (PHP remote file inclusion vulnerability in formmailer.php in Kontakt ...) +CVE-2010-4878 NOT-FOR-US: Kontakt Formular -CVE-2010-4877 (Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 ...) +CVE-2010-4877 NOT-FOR-US: OneCMS -CVE-2010-4876 (SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows ...) +CVE-2010-4876 NOT-FOR-US: mBlogger -CVE-2010-4875 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-4875 NOT-FOR-US: Wordpress plugin -CVE-2010-4874 (Multiple cross-site scripting (XSS) vulnerabilities in users.php in ...) +CVE-2010-4874 NOT-FOR-US: NinkoBB -CVE-2010-4873 (Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 ...) +CVE-2010-4873 NOT-FOR-US: WeBid -CVE-2010-4872 (SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 ...) +CVE-2010-4872 NOT-FOR-US: ASPilot Pilot Cart -CVE-2010-4871 (Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows ...) +CVE-2010-4871 NOT-FOR-US: SmartFTP -CVE-2010-4870 (SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows ...) +CVE-2010-4870 NOT-FOR-US: BloofoxCMS -CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote ...) +CVE-2010-4869 NOT-FOR-US: DBHcms -CVE-2010-4868 (Cross-site scripting (XSS) vulnerability in search.php3 (aka ...) +CVE-2010-4868 NOT-FOR-US: W-Agora -CVE-2010-4867 (Directory traversal vulnerability in search.php3 (aka search.php) in ...) +CVE-2010-4867 NOT-FOR-US: W-Agora -CVE-2010-4866 (SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows ...) +CVE-2010-4866 NOT-FOR-US: Chipmunk Board -CVE-2010-4865 (SQL injection vulnerability in the JE Guestbook (com_jeguestbook) ...) +CVE-2010-4865 NOT-FOR-US: Joomla extension -CVE-2010-4864 (SQL injection vulnerability in the Club Manager (com_clubmanager) ...) +CVE-2010-4864 NOT-FOR-US: Joomla extension -CVE-2010-4863 (Cross-site scripting (XSS) vulnerability in admin/changedata.php in ...) +CVE-2010-4863 NOT-FOR-US: GetSimple CMS -CVE-2010-4862 (SQL injection vulnerability in the JExtensions JE Directory ...) +CVE-2010-4862 NOT-FOR-US: Joomla extension -CVE-2010-4861 (SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows ...) +CVE-2010-4861 NOT-FOR-US: webSPELL -CVE-2010-4860 (SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 ...) +CVE-2010-4860 NOT-FOR-US: MyPhpAuction -CVE-2010-4859 (SQL injection vulnerability in index.php in WebAsyst Shop-Script ...) +CVE-2010-4859 NOT-FOR-US: WebAsyst Shop-Script -CVE-2010-4858 (Directory traversal vulnerability in team.rc5-72.php in DNET ...) +CVE-2010-4858 NOT-FOR-US: DNET Live-Stats -CVE-2010-4857 (SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows ...) +CVE-2010-4857 NOT-FOR-US: CAG CMS -CVE-2010-4856 (SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote ...) +CVE-2010-4856 NOT-FOR-US: xWeblog -CVE-2010-4855 (SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote ...) +CVE-2010-4855 NOT-FOR-US: xWebLog -CVE-2010-4854 (SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when ...) +CVE-2010-4854 NOT-FOR-US: Zuitu -CVE-2010-4853 (SQL injection vulnerability in the ccInvoices (com_ccinvoices) ...) +CVE-2010-4853 NOT-FOR-US: Joomla extension -CVE-2010-4852 (Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b ...) +CVE-2010-4852 NOT-FOR-US: Eclime -CVE-2010-4851 (Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote ...) +CVE-2010-4851 NOT-FOR-US: Eclime -CVE-2010-4850 (Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 ...) +CVE-2010-4850 NOT-FOR-US: Diferior -CVE-2010-4849 (SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B ...) +CVE-2010-4849 NOT-FOR-US: Alibaba Clone B2B -CVE-2010-4848 (Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in ...) +CVE-2010-4848 NOT-FOR-US: AXScripts AxsLinks -CVE-2010-4847 (SQL injection vulnerability in view_item.php in MH Products MHP ...) +CVE-2010-4847 NOT-FOR-US: MH Products MHP Downloadshop -CVE-2010-4846 (SQL injection vulnerability in view_item.php in MH Products Pay Pal ...) +CVE-2010-4846 NOT-FOR-US: MH Products Pay Pal Shop Digital -CVE-2010-4845 (Multiple SQL injection vulnerabilities in MH Products Projekt Shop ...) +CVE-2010-4845 NOT-FOR-US: MH Products Projekt Shop -CVE-2010-4844 (SQL injection vulnerability in content.php in MH Products Easy Online ...) +CVE-2010-4844 NOT-FOR-US: MH Products Easy Online Shop -CVE-2010-4843 (SQL injection vulnerability in website-page.php in PHP Web Scripts Ad ...) +CVE-2010-4843 NOT-FOR-US: PHP Web Scripts Ad Manager Pro -CVE-2010-4842 (SQL injection vulnerability in admin/login.php in MHP DownloadScript ...) +CVE-2010-4842 NOT-FOR-US: MH Products Download Center -CVE-2010-4841 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...) +CVE-2010-4841 NOT-FOR-US: ManageEngine EventLog Analyzer -CVE-2010-4840 (Multiple buffer overflows in the Syslog server in ManageEngine ...) +CVE-2010-4840 NOT-FOR-US: ManageEngine EventLog Analyzer -CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and ...) +CVE-2010-4839 NOT-FOR-US: Wordpress plugin Event Registration -CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component ...) +CVE-2010-4838 NOT-FOR-US: Joomla! -CVE-2010-4837 (Cross-site scripting (XSS) vulnerability in the JSupport ...) +CVE-2010-4837 NOT-FOR-US: Joomla! -CVE-2010-4836 (Cross-site scripting (XSS) vulnerability in register.html in PHPShop ...) +CVE-2010-4836 NOT-FOR-US: PHPShop -CVE-2010-4835 (Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 ...) +CVE-2010-4835 NOT-FOR-US: OneOrZero AIMS -CVE-2010-4834 (Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS ...) +CVE-2010-4834 NOT-FOR-US: OneOrZero AIMS -CVE-2010-4833 (Untrusted search path vulnerability in ...) +CVE-2010-4833 - gtk+2.0 <not-affected> (win32 specific) -CVE-2010-4832 (Android OS before 2.2 does not display the correct SSL certificate in ...) +CVE-2010-4832 NOT-FOR-US: Android -CVE-2010-4831 (Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in ...) +CVE-2010-4831 - gtk+2.0 <not-affected> (Win32-specific) -CVE-2010-4830 (SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno ...) +CVE-2010-4830 NOT-FOR-US: Techno Dreams (T-Dreams) Job Career Package -CVE-2010-4829 (SQL injection vulnerability in processview.asp in Techno Dreams ...) +CVE-2010-4829 NOT-FOR-US: Techno Dreams -CVE-2010-4828 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...) +CVE-2010-4828 NOT-FOR-US: SolarWinds Orion Network Performance Monitor -CVE-2010-4827 (Cross-site scripting (XSS) vulnerability in members.asp in Snitz ...) +CVE-2010-4827 NOT-FOR-US: Snitz Forums -CVE-2010-4826 (SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 ...) +CVE-2010-4826 NOT-FOR-US: Snitz Forums -CVE-2010-4825 (Cross-site scripting (XSS) vulnerability in magpie_debug.php in the ...) +CVE-2010-4825 NOT-FOR-US: Wordpress plugin -CVE-2010-4824 (SQL injection vulnerability in the augmentSQL method in ...) +CVE-2010-4824 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-4823 (Cross-site scripting (XSS) vulnerability in the httpError method in ...) +CVE-2010-4823 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-4822 (core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when ...) +CVE-2010-4822 - silverstripe <itp> (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 -CVE-2010-4821 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 ...) +CVE-2010-4821 NOT-FOR-US: phpMyFAQ -CVE-2010-4820 (Untrusted search path vulnerability in Ghostscript 8.62 allows local ...) +CVE-2010-4820 - ghostscript 8.71~dfsg2-6.1 [lenny] - ghostscript <no-dsa> (too risky for regressions) -CVE-2010-4819 (The ProcRenderAddGlyphs function in the Render extension ...) +CVE-2010-4819 - xorg-server 2:1.9.0.901-1 [squeeze] - xorg-server 2:1.7.7-14 [lenny] - xorg-server <no-dsa> (Minor issue) -CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authenticated ...) +CVE-2010-4818 - xorg-server 2:1.9.99.902-1 [squeeze] - xorg-server 2:1.7.7-4 [lenny] - xorg-server <no-dsa> (Minor issue) @@ -1113,363 +1113,363 @@ CVE-2010-4816 CVE-2010-4815 RESERVED NOT-FOR-US: Coppermine Photo Gallery -CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) ...) +CVE-2010-4814 NOT-FOR-US: Best Soft Inc. -CVE-2010-4813 (Cross-site scripting (XSS) vulnerability in the Category Tokens module ...) +CVE-2010-4813 NOT-FOR-US: Drupal 6.x Category Tokens module -CVE-2010-4812 (Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 ...) +CVE-2010-4812 NOT-FOR-US: 6kbbs -CVE-2010-4811 (Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php ...) +CVE-2010-4811 NOT-FOR-US: 6kbbs -CVE-2010-4810 (Multiple PHP remote file inclusion vulnerabilities in AR Web Content ...) +CVE-2010-4810 NOT-FOR-US: AR Web Content Manager -CVE-2010-4809 (SQL injection vulnerability in index.php in DBSite 1.0 allows remote ...) +CVE-2010-4809 NOT-FOR-US: DBSite -CVE-2010-4808 (SQL injection vulnerability in index.php in Webmatic allows remote ...) +CVE-2010-4808 NOT-FOR-US: Webmatic -CVE-2010-4805 (The socket implementation in net/core/sock.c in the Linux kernel ...) +CVE-2010-4805 - linux-2.6 2.6.34-1 [squeeze] - linux-2.6 2.6.32-48 -CVE-2010-4807 (Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 ...) +CVE-2010-4807 NOT-FOR-US: IBM Web Content Manager -CVE-2010-4806 (The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 ...) +CVE-2010-4806 NOT-FOR-US: IBM Web Content Manager -CVE-2010-4804 (The Android browser in Android before 2.3.4 allows remote attackers to ...) +CVE-2010-4804 NOT-FOR-US: Android Browser -CVE-2010-4803 (Mojolicious before 0.999927 does not properly implement HMAC-MD5 ...) +CVE-2010-4803 {DSA-2239-1} - libmojolicious-perl 0.999929-1 -CVE-2010-4802 (Commands.pm in Mojolicious before 0.999928 does not properly perform ...) +CVE-2010-4802 {DSA-2239-1} - libmojolicious-perl 0.999929-1 -CVE-2010-4801 (Directory traversal vulnerability in admin/updatelist.php in BaconMap ...) +CVE-2010-4801 NOT-FOR-US: BaconMap -CVE-2010-4800 (SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote ...) +CVE-2010-4800 NOT-FOR-US: BaconMap -CVE-2010-4799 (Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when ...) +CVE-2010-4799 NOT-FOR-US: Chipmunk Pwngame -CVE-2010-4798 (Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 ...) +CVE-2010-4798 NOT-FOR-US: OrangeHRM -CVE-2010-4797 (Multiple SQL injection vulnerabilities in the log-in form in Truworth ...) +CVE-2010-4797 NOT-FOR-US: Truworth Flex Timesheet -CVE-2010-4796 (Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote ...) +CVE-2010-4796 NOT-FOR-US: PHPYun -CVE-2010-4795 (SQL injection vulnerability in the JS Calendar (com_jscalendar) ...) +CVE-2010-4795 NOT-FOR-US: JS Calendar component for Joomla! -CVE-2010-4794 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2010-4794 NOT-FOR-US: JoomlaSeller JS Calendar component for Joomla! -CVE-2010-4793 (SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager ...) +CVE-2010-4793 NOT-FOR-US: Site2Nite Auto e-Manager -CVE-2010-4792 (Cross-site scripting (XSS) vulnerability in title.php in OPEN IT ...) +CVE-2010-4792 NOT-FOR-US: OPEN IT OverLook -CVE-2010-4791 (SQL injection vulnerability in ...) +CVE-2010-4791 NOT-FOR-US: MG User-Fotoalbum module for PHP-Fusion -CVE-2010-4790 (Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and ...) +CVE-2010-4790 NOT-FOR-US: FilterFTP -CVE-2010-4789 (Use-after-free vulnerability in the proxy-server implementation in IBM ...) +CVE-2010-4789 NOT-FOR-US: IBM Tivoli Directory Server -CVE-2010-4788 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka ...) +CVE-2010-4788 NOT-FOR-US: Tivoli -CVE-2010-4787 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka ...) +CVE-2010-4787 NOT-FOR-US: Tivoli -CVE-2010-4786 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka ...) +CVE-2010-4786 NOT-FOR-US: Tivoli -CVE-2010-4785 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server ...) +CVE-2010-4785 NOT-FOR-US: Tivoli -CVE-2010-4784 (Multiple SQL injection vulnerabilities in member.php in PHP Web ...) +CVE-2010-4784 NOT-FOR-US: PHP Web Scripts Easy Banner Free -CVE-2010-4783 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2010-4783 NOT-FOR-US: PHP Web Scripts Easy Banner Free -CVE-2010-4782 (Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal ...) +CVE-2010-4782 NOT-FOR-US: Softwebs Nepal Ananda Real Estate -CVE-2010-4781 (index.php in Enano CMS 1.1.7pl1, and possibly other versions before ...) +CVE-2010-4781 NOT-FOR-US: Enano CMS -CVE-2010-4780 (SQL injection vulnerability in the check_banlist function in ...) +CVE-2010-4780 NOT-FOR-US: Enano CMS -CVE-2010-4779 (Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php ...) +CVE-2010-4779 NOT-FOR-US: WPtouch plugin for WordPress -CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-4778 - imp4 4.3.10+debian0-1 [squeeze] - imp4 <no-dsa> (Minor issue) -CVE-2010-4777 (The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, ...) +CVE-2010-4777 - perl 5.20.1-1 (unimportant; bug #628836) NOTE: Only affects Perl builds with enabled assertions, i.e. the debugperl binary from perl-debug NOTE: likely fixed sometime around 5.18, but 5.20 was the version checked -CVE-2010-4776 (SQL injection vulnerability in takefreestart.php in PreProjects Pre ...) +CVE-2010-4776 NOT-FOR-US: PreProjects Pre Online Tests Generator Pro -CVE-2010-4775 (The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 ...) +CVE-2010-4775 NOT-FOR-US: Relevant Content addon for Drupal -CVE-2010-4774 (SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote ...) +CVE-2010-4774 NOT-FOR-US: AuraCMS -CVE-2010-4773 (Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D ...) +CVE-2010-4773 NOT-FOR-US: Hitachi EUR Form, uCosminexus EUR Form Service -CVE-2010-4772 (Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS ...) +CVE-2010-4772 NOT-FOR-US: S-CMS -CVE-2010-4771 (SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows ...) +CVE-2010-4771 NOT-FOR-US: S-CMS -CVE-2010-4770 (SQL injection vulnerability in index.php in CommodityRentals DVD ...) +CVE-2010-4770 NOT-FOR-US: CommodityRentals DVD Rentals Script -CVE-2010-4769 (Directory traversal vulnerability in the Jimtawl (com_jimtawl) ...) +CVE-2010-4769 NOT-FOR-US: Jimtawl -CVE-2010-4768 (Open Ticket Request System (OTRS) before 2.3.5 does not properly ...) +CVE-2010-4768 - otrs2 2.4.5-1 (low) [lenny] - otrs2 <no-dsa> (Minor issue) -CVE-2010-4767 (Open Ticket Request System (OTRS) before 2.3.6 does not properly ...) +CVE-2010-4767 - otrs2 2.4.5-1 (low) [lenny] - otrs2 <no-dsa> (Minor issue) -CVE-2010-4766 (The AgentTicketForward feature in Open Ticket Request System (OTRS) ...) +CVE-2010-4766 - otrs2 2.4.7+dfsg1-1 (unimportant) NOTE: Marginal security impact, standard bug -CVE-2010-4765 (Race condition in the Kernel::System::Main::FileWrite method in Open ...) +CVE-2010-4765 - otrs2 2.4.8+dfsg1-1 (low) [lenny] - otrs2 <no-dsa> (Minor issue) -CVE-2010-4764 (Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, ...) +CVE-2010-4764 - otrs2 2.4.10+dfsg1-1 (unimportant) NOTE: Marginal security impact, standard bug -CVE-2010-4763 (The ACL-customer-status Ticket Type setting in Open Ticket Request ...) +CVE-2010-4763 - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: Negligible security impact -CVE-2010-4762 (Cross-site scripting (XSS) vulnerability in the rich-text-editor ...) +CVE-2010-4762 - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: Negligible security impact -CVE-2010-4761 (The customer-interface ticket-print dialog in Open Ticket Request ...) +CVE-2010-4761 - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: Marginal security impact, standard bug -CVE-2010-4760 (Open Ticket Request System (OTRS) before 3.0.0-beta6 adds ...) +CVE-2010-4760 - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: No security impact, feature enhancement -CVE-2010-4759 (Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly ...) +CVE-2010-4759 - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: No security impact, feature enhancement -CVE-2010-4758 (installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an ...) +CVE-2010-4758 - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: Negligible security enhancement -CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 ...) +CVE-2010-4757 NOT-FOR-US: e107 -CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) ...) +CVE-2010-4756 - glibc <removed> (unimportant) - eglibc <unfixed> (unimportant) NOTE: That's standard POSIX behaviour implemented by (e)glibc. Applications using NOTE: glob need to impose limits for themselves -CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put ...) +CVE-2010-4755 NOTE: That's essentially shooting yourself in your own foot: NOTE: http://lists.mindrot.org/pipermail/openssh-unix-dev/2011-March/029433.html -CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, ...) +CVE-2010-4754 NOT-FOR-US: FreeBSD/NetBSD libc -CVE-2010-4753 (Cross-site scripting (XSS) vulnerability in LightNEasy.php in ...) +CVE-2010-4753 NOT-FOR-US: LightNEasy -CVE-2010-4752 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, ...) +CVE-2010-4752 NOT-FOR-US: LightNEasy -CVE-2010-4751 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, ...) +CVE-2010-4751 NOT-FOR-US: LightNEasy -CVE-2010-4750 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2010-4750 NOT-FOR-US: BLOG:CMS -CVE-2010-4749 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS ...) +CVE-2010-4749 NOT-FOR-US: BLOG:CMS -CVE-2010-4748 (Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki ...) +CVE-2010-4748 NOT-FOR-US: pmwiki -CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-4747 NOT-FOR-US: Wordpress plugin -CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...) +CVE-2010-4746 NOT-FOR-US: 389 LDAP server -CVE-2010-4745 (Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before ...) +CVE-2010-4745 NOT-FOR-US: PHPXref -CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have ...) +CVE-2010-4744 - abcm2ps 5.9.22-1 (low) [squeeze] - abcm2ps <no-dsa> (Minor issue) [lenny] - abcm2ps <no-dsa> (Minor issue) -CVE-2010-4743 (Heap-based buffer overflow in the getarena function in abc2ps.c in ...) +CVE-2010-4743 - abcm2ps 5.9.22-1 (low) [squeeze] - abcm2ps <no-dsa> (Minor issue) [lenny] - abcm2ps <no-dsa> (Minor issue) -CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in ...) +CVE-2010-4742 NOT-FOR-US: MediaDBPlayback.DLL -CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool ...) +CVE-2010-4741 NOT-FOR-US: Moxa Device Manager -CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...) +CVE-2010-4740 NOT-FOR-US: SCADA Engine BACnet -CVE-2010-4739 (SQL injection vulnerability in the Maian Media Silver (com_maianmedia) ...) +CVE-2010-4739 NOT-FOR-US: Maian Media Silver -CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real Estate ...) +CVE-2010-4738 NOT-FOR-US: Rae Media INC Real Estate Single and Multi Agent System -CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb ...) +CVE-2010-4737 NOT-FOR-US: HotWebScripts HotWeb Rentals -CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and ...) +CVE-2010-4736 NOT-FOR-US: GateSoft DocuSafe -CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax ...) +CVE-2010-4735 NOT-FOR-US: Ecommercemax Solutions Digital-goods seller -CVE-2010-4734 (Multiple cross-site scripting (XSS) vulnerabilities in the comment ...) +CVE-2010-4734 NOT-FOR-US: Skeletonz CMS -CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway ...) +CVE-2010-4733 NOT-FOR-US: WebSCADA -CVE-2010-4732 (cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, ...) +CVE-2010-4732 NOT-FOR-US: WebSCADA -CVE-2010-4731 (Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA ...) +CVE-2010-4731 NOT-FOR-US: WebSCADA -CVE-2010-4730 (Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA ...) +CVE-2010-4730 NOT-FOR-US: WebSCADA -CVE-2010-4729 (Zikula before 1.2.3 does not use the authid protection mechanism for ...) +CVE-2010-4729 NOT-FOR-US: zikula -CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for random ...) +CVE-2010-4728 NOT-FOR-US: zikula -CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> ...) +CVE-2010-4727 - smarty3 3.0~rc1-1 - smarty <removed> [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts) [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts) -CVE-2010-4726 (Unspecified vulnerability in the math plugin in Smarty before 3.0.0 ...) +CVE-2010-4726 - smarty3 3.0.8-1 - smarty <removed> [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts) [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts) -CVE-2010-4725 (Smarty before 3.0.0 RC3 does not properly handle an on value of the ...) +CVE-2010-4725 - smarty3 3.0.8-1 - smarty <removed> [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts) [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts) -CVE-2010-4724 (Multiple unspecified vulnerabilities in the parser implementation in ...) +CVE-2010-4724 - smarty3 3.0.8-1 - smarty <removed> [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts) [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts) -CVE-2010-4723 (Smarty before 3.0.0, when security is enabled, does not prevent access ...) +CVE-2010-4723 - smarty3 3.0.8-1 - smarty <removed> [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts) [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts) -CVE-2010-4722 (Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 ...) +CVE-2010-4722 - smarty3 3.0.8-1 - smarty <removed> [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts) [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts) -CVE-2010-4721 (SQL injection vulnerability in news.php in Immo Makler allows remote ...) +CVE-2010-4721 NOT-FOR-US: Immo Makler -CVE-2010-4720 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...) +CVE-2010-4720 NOT-FOR-US: Joomla JEAuto addon -CVE-2010-4719 (Directory traversal vulnerability in JRadio (com_jradio) component ...) +CVE-2010-4719 NOT-FOR-US: Joomla JRadio addon -CVE-2010-4718 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2010-4718 NOT-FOR-US: Joomla Lyftenbloggie addon -CVE-2010-4717 (Multiple stack-based buffer overflows in the IMAP server component in ...) +CVE-2010-4717 NOT-FOR-US: Novell GroupWise -CVE-2010-4716 (Cross-site scripting (XSS) vulnerability in the WebPublisher component ...) +CVE-2010-4716 NOT-FOR-US: Novell GroupWise -CVE-2010-4715 (Multiple directory traversal vulnerabilities in the (1) WebAccess ...) +CVE-2010-4715 NOT-FOR-US: Novell GroupWise -CVE-2010-4714 (Multiple stack-based buffer overflows in Novell GroupWise before ...) +CVE-2010-4714 NOT-FOR-US: Novell GroupWise -CVE-2010-4713 (Integer signedness error in gwia.exe in GroupWise Internet Agent ...) +CVE-2010-4713 NOT-FOR-US: Novell GroupWise -CVE-2010-4712 (Multiple stack-based buffer overflows in gwia.exe in GroupWise ...) +CVE-2010-4712 NOT-FOR-US: Novell GroupWise -CVE-2010-4711 (Double free vulnerability in the IMAP server component in GroupWise ...) +CVE-2010-4711 NOT-FOR-US: Novell GroupWise -CVE-2010-4710 (Cross-site scripting (XSS) vulnerability in the addItem method in the ...) +CVE-2010-4710 - yui <removed> (unimportant) NOTE: Mostly a case of mis-documentation -CVE-2010-4709 (Heap-based buffer overflow in Automated Solutions Modbus/TCP Master ...) +CVE-2010-4709 NOT-FOR-US: Automated Solutions Modbus/TCP Master -CVE-2010-4708 (The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the ...) +CVE-2010-4708 - pam 1.1.3-7.1 (low; bug #611136) [lenny] - pam <no-dsa> (Minor issue, too invasive for a stable release) [squeeze] - pam <no-dsa> (Minor issue, too invasive for a stable release) -CVE-2010-4707 (The check_acl function in pam_xauth.c in the pam_xauth module in ...) +CVE-2010-4707 - pam 1.1.3-1 (low) [lenny] - pam <no-dsa> (Minor issue) [squeeze] - pam <no-dsa> (Minor issue) -CVE-2010-4706 (The pam_sm_close_session function in pam_xauth.c in the pam_xauth ...) +CVE-2010-4706 - pam 1.1.3-1 (low) [lenny] - pam <no-dsa> (Minor issue) [squeeze] - pam <no-dsa> (Minor issue) -CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function in ...) +CVE-2010-4705 {DSA-2165-1} - ffmpeg <not-affected> (issue introduced in 0.6.x series; bug #611495) - ffmpeg-debian <removed> NOTE: recheck when 0.6.x gets uploaded -CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and ...) +CVE-2010-4704 {DSA-2306-1 DSA-2165-1} - libav 4:0.6.2-1 (low; bug #611495) - ffmpeg 7:2.4.1-1 (low; bug #611495) - ffmpeg-debian <removed> NOTE: this is a crash found by fuzzing and not clearly exploitable (can be combined with other fixes so low urgency) -CVE-2010-4703 (SQL injection vulnerability in default.asp in HotWebScripts HotWeb ...) +CVE-2010-4703 NOT-FOR-US: HotWebScripts HotWeb Rentals -CVE-2010-4702 (SQL injection vulnerability in JRadio (com_jradio) component before ...) +CVE-2010-4702 NOT-FOR-US: Joomla component -CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function in ...) +CVE-2010-4701 NOT-FOR-US: Microsoft Windows Fax Services Cover Page Editor -CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...) +CVE-2010-4700 - php5 <not-affected> (vuln code in mysqlnd, we use libmysqlclient) -CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP ...) +CVE-2010-4699 - php5 5.3.5-1 (unimportant) -CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...) +CVE-2010-4698 - php5 5.3.3-7 (unimportant) NOTE: Only exloitable with malicious script -CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...) +CVE-2010-4697 {DSA-2408-1} - php5 5.3.5-1 (unimportant) NOTE: requires attacker to be able to execute code already -CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...) +CVE-2010-4696 NOT-FOR-US: Joomla! -CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as ...) +CVE-2010-4695 - gif2png 2.5.4-2 (low; bug #610479) [lenny] - gif2png <no-dsa> (Minor issue) [squeeze] - gif2png <no-dsa> (Minor issue) -CVE-2010-4694 (Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow ...) +CVE-2010-4694 - gif2png 2.5.4-2 (low; bug #610479) [lenny] - gif2png <no-dsa> (Minor issue) [squeeze] - gif2png <no-dsa> (Minor issue) -CVE-2010-4693 (Multiple cross-site scripting (XSS) vulnerabilities in Coppermine ...) +CVE-2010-4693 NOT-FOR-US: Coppermine Photo Gallery -CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2010-4692 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4691 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2010-4691 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4690 (The Mobile User Security (MUS) service on Cisco Adaptive Security ...) +CVE-2010-4690 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4689 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) +CVE-2010-4689 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4688 (Unspecified vulnerability in the SIP inspection feature on Cisco ...) +CVE-2010-4688 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4687 (STCAPP (aka the SCCP telephony control application) on Cisco IOS ...) +CVE-2010-4687 NOT-FOR-US: Cisco IOS -CVE-2010-4686 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not ...) +CVE-2010-4686 NOT-FOR-US: Cisco IOS -CVE-2010-4685 (Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a ...) +CVE-2010-4685 NOT-FOR-US: Cisco IOS -CVE-2010-4684 (Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, ...) +CVE-2010-4684 NOT-FOR-US: Cisco IOS -CVE-2010-4683 (Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote ...) +CVE-2010-4683 NOT-FOR-US: Cisco IOS -CVE-2010-4682 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series ...) +CVE-2010-4682 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4681 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2010-4681 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4680 (The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2010-4680 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4679 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) +CVE-2010-4679 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4678 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) +CVE-2010-4678 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4677 (emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices ...) +CVE-2010-4677 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4676 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2010-4676 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4675 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) +CVE-2010-4675 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4674 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) +CVE-2010-4674 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4673 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) +CVE-2010-4673 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4672 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) +CVE-2010-4672 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4671 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) +CVE-2010-4671 NOT-FOR-US: Cisco IOS -CVE-2010-4670 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) +CVE-2010-4670 NOT-FOR-US: Cisco Adaptive Security Appliances -CVE-2010-4669 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) +CVE-2010-4669 NOT-FOR-US: Microsoft Windows -CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...) +CVE-2010-4645 - php5 5.3.3-7 (high) [lenny] - php5 <not-affected> NOTE: lenny10 includes a test for the bug. With lenny's toolchain @@ -1479,17 +1479,17 @@ CVE-2010-XXXX [XSS in ftpls] [squeeze] - ftpcopy <no-dsa> (Minor issue) [lenny] - ftpcopy <no-dsa> (Minor issue) NOTE: CVE ID requested -CVE-2010-4668 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux ...) +CVE-2010-4668 {DSA-2153-1} - linux-2.6 2.6.32-29 -CVE-2010-4667 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ...) +CVE-2010-4667 NOT-FOR-US: Coppermine Photo Gallery -CVE-2010-4666 (Buffer overflow in libarchive 3.0 pre-release code allows remote ...) +CVE-2010-4666 - libarchive 3.0.4-2 (bug #669197) [squeeze] - libarchive <not-affected> (no cab support prior to 3.0) NOTE: http://code.google.com/p/libarchive/source/detail?r=488ef3fb28c416285ebe4c00266268db7330466b NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version -CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in ...) +CVE-2010-4665 {DSA-2552-1} - tiff <not-affected> (vulnerable code not present) - tiff3 3.9.5 @@ -1497,7 +1497,7 @@ CVE-2010-4664 RESERVED - consolekit 0.4.2-1 (low) [squeeze] - consolekit <no-dsa> (Minor issue) -CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple ...) +CVE-2010-4663 NOT-FOR-US: CMS Made Simple CVE-2010-4662 RESERVED @@ -1524,12 +1524,12 @@ CVE-2010-4657 [xmlTextWriterWriteAttribute heap disclosure] NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551 NOTE: Not sure when this was initially fixed, tested with the initial Wheezy version 5.4.4 NOTE: and the reproducer from https://bugs.launchpad.net/php/%2Bbug/655442 -CVE-2010-4656 (The iowarrior_write function in drivers/usb/misc/iowarrior.c in the ...) +CVE-2010-4656 {DSA-2153-1} - linux-2.6 2.6.37-1 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 -CVE-2010-4655 (net/core/ethtool.c in the Linux kernel before 2.6.36 does not ...) +CVE-2010-4655 {DSA-2264-1} - linux-2.6 2.6.32-27 CVE-2010-4654 [Malformed commands may cause corruption of the internal stack] @@ -1548,182 +1548,182 @@ CVE-2010-4653 [integer overflow when parsing CharCodes for fonts] [lenny] - poppler <no-dsa> (minor issue) [squeeze] - poppler 0.12.4-1.2+squeeze1 NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659 -CVE-2010-4652 (Heap-based buffer overflow in the sql_prepare_where function ...) +CVE-2010-4652 {DSA-2191-1} - proftpd-dfsg 1.3.3a-6 -CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ...) +CVE-2010-4651 - patch <unfixed> (unimportant) NOTE: Applying a patch blindly opens more severe security issues than only directory traversal... NOTE: openwall ships a fix NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=667529 for details -CVE-2010-4650 (Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the ...) +CVE-2010-4650 - linux-2.6 2.6.32-30 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29) -CVE-2010-4649 (Integer overflow in the ib_uverbs_poll_cq function in ...) +CVE-2010-4649 {DSA-2153-1} - linux-2.6 2.6.32-30 -CVE-2010-4648 (The orinoco_ioctl_set_auth function in ...) +CVE-2010-4648 - linux-2.6 2.6.32-30 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28) -CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...) +CVE-2010-4647 - eclipse 3.5.2-9 (low; bug #611849) [squeeze] - eclipse 3.5.2-6squeeze2 -CVE-2010-4646 (Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 ...) +CVE-2010-4646 - hastymail <removed> -CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...) +CVE-2010-4644 - subversion 1.6.12dfsg-3 (low; bug #608989) [lenny] - subversion <no-dsa> (Minor issue) -CVE-2010-4643 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and ...) +CVE-2010-4643 {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 -CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise before ...) +CVE-2010-4642 NOT-FOR-US: XWiki -CVE-2010-4641 (SQL injection vulnerability in XWiki Enterprise before 2.5 allows ...) +CVE-2010-4641 NOT-FOR-US: XWiki -CVE-2010-4640 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 ...) +CVE-2010-4640 NOT-FOR-US: XWiki -CVE-2010-4639 (SQL injection vulnerability in index.php in MySource Matrix allows ...) +CVE-2010-4639 NOT-FOR-US: MySource Matrix -CVE-2010-4638 (SQL injection vulnerability in the submitSurvey function in ...) +CVE-2010-4638 NOT-FOR-US: Joomla! JQuarks4s component -CVE-2010-4637 (Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php ...) +CVE-2010-4637 NOT-FOR-US: FeedList -CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business ...) +CVE-2010-4636 NOT-FOR-US: Site2Nite -CVE-2010-4635 (SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental ...) +CVE-2010-4635 NOT-FOR-US: Site2Nite -CVE-2010-4634 (** DISPUTED ** ...) +CVE-2010-4634 NOT-FOR-US: osTicket -CVE-2010-4633 (SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows ...) +CVE-2010-4633 NOT-FOR-US: digiSHOP -CVE-2010-4632 (Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow ...) +CVE-2010-4632 NOT-FOR-US: ASPilot Pilot Cart -CVE-2010-4631 (Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot ...) +CVE-2010-4631 NOT-FOR-US: ASPilot Pilot Cart -CVE-2010-4630 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-4630 NOT-FOR-US: WordPress Survey and Quiz Tool plugin -CVE-2010-4629 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict ...) +CVE-2010-4629 NOT-FOR-US: MyBB -CVE-2010-4628 (member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain ...) +CVE-2010-4628 NOT-FOR-US: MyBB -CVE-2010-4627 (Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB ...) +CVE-2010-4627 NOT-FOR-US: MyBB -CVE-2010-4626 (The my_rand function in functions.php in MyBB (aka MyBulletinBoard) ...) +CVE-2010-4626 NOT-FOR-US: MyBB -CVE-2010-4625 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a ...) +CVE-2010-4625 NOT-FOR-US: MyBB -CVE-2010-4624 (MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated ...) +CVE-2010-4624 NOT-FOR-US: MyBB -CVE-2010-4623 (WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before ...) +CVE-2010-4623 NOT-FOR-US: IBM Tivoli Access Manager -CVE-2010-4622 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...) +CVE-2010-4622 NOT-FOR-US: IBM Tivoli Access Manager CVE-2010-4621 RESERVED CVE-2010-4620 RESERVED -CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in ...) +CVE-2010-4543 {DSA-2426-1} - gimp 2.6.11-2 (low; bug #608497) -CVE-2010-4542 (Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb ...) +CVE-2010-4542 {DSA-2426-1} - gimp 2.6.11-2 (low; bug #608497) -CVE-2010-4541 (Stack-based buffer overflow in the loadit function in ...) +CVE-2010-4541 {DSA-2426-1} - gimp 2.6.11-2 (low; bug #608497) -CVE-2010-4540 (Stack-based buffer overflow in the load_preset_response function in ...) +CVE-2010-4540 {DSA-2426-1} - gimp 2.6.11-2 (low; bug #608497) -CVE-2010-4619 (SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka ...) +CVE-2010-4619 NOT-FOR-US: Mafya Oyun Scrpti -CVE-2010-4618 (Cross-site scripting (XSS) vulnerability in the Algis Info ...) +CVE-2010-4618 NOT-FOR-US: Algis Info for Joomla! -CVE-2010-4617 (Directory traversal vulnerability in the JotLoader (com_jotloader) ...) +CVE-2010-4617 NOT-FOR-US: JotLoader for Joomla! -CVE-2010-4616 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-4616 NOT-FOR-US: ImpressCMS -CVE-2010-4615 (Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow ...) +CVE-2010-4615 NOT-FOR-US: Oto Galeri Sistemi -CVE-2010-4614 (SQL injection vulnerability in item.php in Ero Auktion 2010 allows ...) +CVE-2010-4614 NOT-FOR-US: Ero Auktion -CVE-2010-4613 (Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow ...) +CVE-2010-4613 NOT-FOR-US: Hycus CMS -CVE-2010-4612 (Multiple SQL injection vulnerabilities in index.php in Hycus CMS ...) +CVE-2010-4612 NOT-FOR-US: Hycus CMS -CVE-2010-4611 (Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive ...) +CVE-2010-4611 NOT-FOR-US: Html-edit CMS -CVE-2010-4610 (Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS ...) +CVE-2010-4610 NOT-FOR-US: Html-edit CMS -CVE-2010-4609 (SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows ...) +CVE-2010-4609 NOT-FOR-US: Html-edit CMS -CVE-2010-4608 (Habari 0.6.5 allows remote attackers to obtain sensitive information ...) +CVE-2010-4608 NOT-FOR-US: Habari -CVE-2010-4607 (Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, ...) +CVE-2010-4607 NOT-FOR-US: Habari -CVE-2010-4606 (Unspecified vulnerability in the Space Management client in the ...) +CVE-2010-4606 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-4605 (Unspecified vulnerability in the backup-archive client in IBM Tivoli ...) +CVE-2010-4605 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-4604 (Stack-based buffer overflow in the GeneratePassword function in dsmtca ...) +CVE-2010-4604 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-4603 (IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, ...) +CVE-2010-4603 NOT-FOR-US: IBM Rational ClearQuest -CVE-2010-4602 (The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and ...) +CVE-2010-4602 NOT-FOR-US: IBM Rational ClearQuest -CVE-2010-4601 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x ...) +CVE-2010-4601 NOT-FOR-US: IBM Rational ClearQuest -CVE-2010-4600 (Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest ...) +CVE-2010-4600 NOT-FOR-US: IBM Rational ClearQuest -CVE-2010-4599 (Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 ...) +CVE-2010-4599 NOT-FOR-US: Ecava IntegraXor -CVE-2010-4598 (Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and ...) +CVE-2010-4598 NOT-FOR-US: Ecava IntegraXor -CVE-2010-4597 (Stack-based buffer overflow in the save method in the ...) +CVE-2010-4597 NOT-FOR-US: Ecava IntegraXor -CVE-2010-4596 (Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, ...) +CVE-2010-4596 NOT-FOR-US: RealNetworks Helix -CVE-2010-4595 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 ...) +CVE-2010-4595 NOT-FOR-US: IBM Lotus Mobile Connect -CVE-2010-4594 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when ...) +CVE-2010-4594 NOT-FOR-US: IBM Lotus Mobile Connect -CVE-2010-4593 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does ...) +CVE-2010-4593 NOT-FOR-US: IBM Lotus Mobile Connect -CVE-2010-4592 (The Mobile Network Connections functionality in the Connection Manager ...) +CVE-2010-4592 NOT-FOR-US: IBM Lotus Mobile Connect -CVE-2010-4591 (The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, ...) +CVE-2010-4591 NOT-FOR-US: IBM Lotus Mobile Connect -CVE-2010-4590 (Cross-site scripting (XSS) vulnerability in HTTP Access Services ...) +CVE-2010-4590 NOT-FOR-US: IBM Lotus Mobile Connect -CVE-2010-4589 (Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote ...) +CVE-2010-4589 NOT-FOR-US: IBM ENOVIA 6 -CVE-2010-4588 (The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI ...) +CVE-2010-4588 NOT-FOR-US: Microsoft -CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do ...) +CVE-2010-4578 {DSA-2188-1} - chromium-browser 6.0.472.63~r59945-4 - webkit 1.2.7-1 NOTE: http://trac.webkit.org/changeset/73432 -CVE-2010-4577 (The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp ...) +CVE-2010-4577 {DSA-2188-1} - chromium-browser 6.0.472.63~r59945-4 - webkit 1.2.7-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=49883 NOTE: http://code.google.com/p/chromium/issues/detail?id=63866 NOTE: http://trac.webkit.org/changeset/72685 -CVE-2010-4576 (browser/worker_host/message_port_dispatcher.cc in Google Chrome before ...) +CVE-2010-4576 - chromium-browser 6.0.472.63~r59945-4 (bug #607843; low) NOTE: http://code.google.com/p/chromium/issues/detail?id=63529 -CVE-2010-4575 (The ThemeInstalledInfoBarDelegate::Observe function in ...) +CVE-2010-4575 - chromium-browser 6.0.472.63~r59945-4 (bug #607846; low) NOTE: http://code.google.com/p/chromium/issues/detail?id=60761 NOTE: http://codereview.chromium.org/5326011/ -CVE-2010-4574 (The Pickle::Pickle function in base/pickle.cc in Google Chrome before ...) +CVE-2010-4574 - chromium-browser 6.0.472.63~r59945-4 (bug #607848; low) NOTE: http://code.google.com/p/chromium/issues/detail?id=56449 NOTE: http://codereview.chromium.org/4716006 -CVE-2010-4573 (The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is ...) +CVE-2010-4573 NOT-FOR-US: VMware ESXi -CVE-2010-4572 (CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, ...) +CVE-2010-4572 {DSA-2322-1} - bugzilla <removed> [squeeze] - bugzilla 3.6.2.0-4.4 @@ -1731,34 +1731,34 @@ CVE-2010-4572 (CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2. NOTE: perl and associate packages are CVE-2010-2761 and CVE-2010-4411 (see above reference) CVE-2010-4571 RESERVED -CVE-2010-4570 (Cross-site scripting (XSS) vulnerability in the duplicate-detection ...) +CVE-2010-4570 - bugzilla <not-affected> (vulnerable code introduced in 3.7) -CVE-2010-4569 (Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, ...) +CVE-2010-4569 - bugzilla <not-affected> (vulnerable code introduced in 3.7) -CVE-2010-4568 (Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; ...) +CVE-2010-4568 {DSA-2322-1} - bugzilla <removed> (bug #611176) [squeeze] - bugzilla 3.6.2.0-4.4 NOTE: http://www.bugzilla.org/security/3.2.9/ -CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and ...) +CVE-2010-4567 {DSA-2322-1} - bugzilla <removed> (high; bug #611176) [squeeze] - bugzilla 3.6.2.0-4.4 NOTE: http://www.bugzilla.org/security/3.2.9/ -CVE-2010-4566 (The web authentication form in the NT4 authentication component in ...) +CVE-2010-4566 NOT-FOR-US: Citrix Acces Gateway -CVE-2010-4565 (The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) ...) +CVE-2010-4565 {DSA-2153-1} - linux-2.6 2.6.37-1 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 CVE-2010-4564 RESERVED -CVE-2010-4563 (The Linux kernel, when using IPv6, allows remote attackers to ...) +CVE-2010-4563 - linux <unfixed> (unimportant) - linux-2.6 <removed> (unimportant) NOTE: http://seclists.org/fulldisclosure/2011/Apr/254 -CVE-2010-4562 (Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, ...) +CVE-2010-4562 NOT-FOR-US: Microsoft Windows CVE-2010-4561 RESERVED @@ -1766,23 +1766,23 @@ CVE-2010-4560 REJECTED CVE-2010-4559 REJECTED -CVE-2010-4587 (Opera before 11.00 on Windows does not properly implement the Insecure ...) +CVE-2010-4587 NOT-FOR-US: Opera -CVE-2010-4586 (The default configuration of Opera before 11.00 enables WebSockets ...) +CVE-2010-4586 NOT-FOR-US: Opera -CVE-2010-4585 (Unspecified vulnerability in the auto-update functionality in Opera ...) +CVE-2010-4585 NOT-FOR-US: Opera -CVE-2010-4584 (Opera before 11.00, when Opera Turbo is used, does not properly ...) +CVE-2010-4584 NOT-FOR-US: Opera -CVE-2010-4583 (Opera before 11.00, when Opera Turbo is enabled, does not display a ...) +CVE-2010-4583 NOT-FOR-US: Opera -CVE-2010-4582 (Opera before 11.00 does not properly handle security policies during ...) +CVE-2010-4582 NOT-FOR-US: Opera -CVE-2010-4581 (Unspecified vulnerability in Opera before 11.00 has unknown impact and ...) +CVE-2010-4581 NOT-FOR-US: Opera -CVE-2010-4580 (Opera before 11.00 does not clear WAP WML form fields after manual ...) +CVE-2010-4580 NOT-FOR-US: Opera -CVE-2010-4579 (Opera before 11.00 does not properly constrain dialogs to appear on ...) +CVE-2010-4579 NOT-FOR-US: Opera CVE-2010-XXXX [calibre XSS] - calibre 0.7.38+dfsg-1 (bug #608822) @@ -1799,63 +1799,63 @@ CVE-2010-XXXX [webkit info leak] [squeeze] - chromium-browser <end-of-life> NOTE: this was fixed much earlier (webkit 1.2), but this was the version checked NOTE: http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html -CVE-2010-4558 (phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and ...) +CVE-2010-4558 NOT-FOR-US: phpMyFAQ -CVE-2010-4557 (Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch ...) +CVE-2010-4557 NOT-FOR-US: Invensys Wonderware InBatch -CVE-2010-4556 (Stack-based buffer overflow in the SapThemeRepository ActiveX control ...) +CVE-2010-4556 NOT-FOR-US: SAP NetWeaver Business Client -CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 ...) +CVE-2010-4523 - opensc 0.11.13-1.1 (low; bug #607427) [lenny] - opensc 0.11.4-5+lenny1.1 -CVE-2010-4555 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) +CVE-2010-4555 {DSA-2291-1} - squirrelmail 2:1.4.22-1 (low) NOTE: difficult to exploit -CVE-2010-4554 (functions/page_header.php in SquirrelMail 1.4.21 and earlier does not ...) +CVE-2010-4554 {DSA-2291-1} - squirrelmail 2:1.4.22-1 -CVE-2010-4553 (An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 ...) +CVE-2010-4553 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2010-4552 (Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote ...) +CVE-2010-4552 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2010-4551 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated ...) +CVE-2010-4551 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2010-4550 (IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to ...) +CVE-2010-4550 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2010-4549 (IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device ...) +CVE-2010-4549 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2010-4548 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated ...) +CVE-2010-4548 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2010-4547 (IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain ...) +CVE-2010-4547 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2010-4546 (IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment ...) +CVE-2010-4546 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2010-4545 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated ...) +CVE-2010-4545 NOT-FOR-US: IBM Lotus Notes Traveler -CVE-2010-4544 (Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus ...) +CVE-2010-4544 NOT-FOR-US: IBM Lotus Notes Traveler CVE-2010-XXXX [ircd-ratbox password disclosure during TLS handshake] - ircd-ratbox 3.0.6.dfsg-2 [lenny] - ircd-ratbox <not-affected> (TLS support not yet activated) -CVE-2010-4539 (The walk function in repos.c in the mod_dav_svn module for the Apache ...) +CVE-2010-4539 - subversion 1.6.12dfsg-4 (low; bug #608989) [lenny] - subversion <no-dsa> (Minor issue) -CVE-2010-4538 (Buffer overflow in the sect_enttec_dmx_da function in ...) +CVE-2010-4538 {DSA-2144-1} - wireshark 1.2.11-6 (bug #608990) -CVE-2010-4537 (Unspecified vulnerability in CrawlTrack before 3.2.7, when a public ...) +CVE-2010-4537 NOT-FOR-US: CrawlTrack -CVE-2010-4536 (Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used ...) +CVE-2010-4536 - wordpress 3.0.4+dfsg-1 [lenny] - wordpress <not-affected> (2.x version is not affected) - moodle <not-affected> (Moodle's version of KSES is not affected) - egroupware <not-affected> (Only uses a minor subset of KSES) -CVE-2010-4535 (The password reset functionality in django.contrib.auth in Django ...) +CVE-2010-4535 - python-django 1.2.4-1 [squeeze] - python-django 1.2.3-3 NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/ -CVE-2010-4534 (The administrative interface in django.contrib.admin in Django before ...) +CVE-2010-4534 - python-django 1.2.4-1 [squeeze] - python-django 1.2.3-3 NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/ @@ -1870,166 +1870,166 @@ CVE-2010-4532 [no SSL cert validation] - offlineimap 6.3.2~rc3-2 (low; bug #603450) [squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed) [lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed) -CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the ...) +CVE-2010-4531 {DSA-2156-1} - pcsc-lite 1.5.5-4 (low; bug #607781) -CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart ...) +CVE-2010-4530 - ccid 1.3.11-2 (unimportant; bug #607780) NOTE: Theoretical attack -CVE-2010-4529 (Integer underflow in the irda_getsockopt function in ...) +CVE-2010-4529 {DSA-2153-1} - linux-2.6 2.6.32-30 -CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 through ...) +CVE-2010-4528 - pidgin 2.7.9-1 (bug #608331; medium) [squeeze] - pidgin <not-affected> (Vulnerable code not present) [lenny] - pidgin <not-affected> (Vulnerable code not present) -CVE-2010-4527 (The load_mixer_volumes function in sound/oss/soundcard.c in the OSS ...) +CVE-2010-4527 {DSA-2153-1} - linux-2.6 2.6.32-30 -CVE-2010-4526 (Race condition in the sctp_icmp_proto_unreachable function in ...) +CVE-2010-4526 {DSA-2153-1} - linux-2.6 2.6.32-30 -CVE-2010-4525 (Linux kernel 2.6.33 and 2.6.34.y does not initialize the ...) +CVE-2010-4525 - linux-2.6 2.6.35-1 [squeeze] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34) [lenny] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34) [wheezy] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34) -CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in ...) +CVE-2010-4524 - mhonarc 2.6.18-1 (low; bug #607693) [squeeze] - mhonarc <no-dsa> (Minor issue) -CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...) +CVE-2010-4522 NOT-FOR-US: MyBB -CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...) +CVE-2010-4521 - drupal6-mod-views 2.12-1 -CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...) +CVE-2010-4520 - drupal6-mod-views 2.11-1 -CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) +CVE-2010-4519 - drupal6-mod-views 2.11-1 -CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-4518 NOT-FOR-US: Safe Search plugin for WordPress -CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...) +CVE-2010-4517 NOT-FOR-US: Joomla! extension -CVE-2010-4516 (Multiple cross-site scripting (XSS) vulnerabilities in the JXtended ...) +CVE-2010-4516 NOT-FOR-US: Joomla! -CVE-2010-4515 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, ...) +CVE-2010-4515 NOT-FOR-US: Citrix Web Interface -CVE-2010-4514 (Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx ...) +CVE-2010-4514 NOT-FOR-US: DotNetNuke -CVE-2010-4513 (Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS ...) +CVE-2010-4513 NOT-FOR-US: Zimplit CMS -CVE-2010-4512 (Cobbler before 2.0.4 uses an incorrect umask value, which allows local ...) +CVE-2010-4512 - cobbler <not-affected> (Fixed before initial upload) -CVE-2010-4511 (Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x ...) +CVE-2010-4511 - movabletype-opensource 4.3.5+dfsg-1 (bug #606311) [lenny] - movabletype-opensource 4.2.3-1+lenny2 -CVE-2010-4509 (Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 ...) +CVE-2010-4509 - movabletype-opensource 4.3.5+dfsg-1 (bug #606311) [lenny] - movabletype-opensource 4.2.3-1+lenny2 -CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 ...) +CVE-2010-4508 - xulrunner <not-affected> (Only affects Firefox 4.x) -CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) +CVE-2010-4507 NOT-FOR-US: iSpot/ClearSpot hardware devices -CVE-2010-4506 (Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A ...) +CVE-2010-4506 NOT-FOR-US: Passlogix -CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, ...) +CVE-2010-4505 NOT-FOR-US: Injader -CVE-2010-4504 (Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat ...) +CVE-2010-4504 NOT-FOR-US: eSyndiCat -CVE-2010-4503 (SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows ...) +CVE-2010-4503 NOT-FOR-US: Aigaion -CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite ...) +CVE-2010-4502 NOT-FOR-US: CA Internet Security Suite CVE-2010-4501 REJECTED -CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...) +CVE-2010-4500 NOT-FOR-US: MRCGIGUY FreeTicket -CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager ...) +CVE-2010-4499 NOT-FOR-US: TIBCO Collaborative Information Manager -CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager server, ...) +CVE-2010-4498 NOT-FOR-US: TIBCO Collaborative Information Manager -CVE-2010-4497 (Cross-site scripting (XSS) vulnerability in Collaborative Information ...) +CVE-2010-4497 NOT-FOR-US: TIBCO Collaborative Information Manager -CVE-2010-4496 (Multiple SQL injection vulnerabilities in Collaborative Information ...) +CVE-2010-4496 NOT-FOR-US: TIBCO Collaborative Information Manager -CVE-2010-4495 (Unspecified vulnerability in the ActiveMatrix Runtime component in ...) +CVE-2010-4495 NOT-FOR-US: TIBCO ActiveMatrix -CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used ...) +CVE-2010-4494 {DSA-2137-1} - libxml2 2.7.8.dfsg-2 (bug #607922) - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (never embedded libxml2's xpath.c) -CVE-2010-4493 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...) +CVE-2010-4493 {DSA-2188-1} - chromium-browser 6.0.472.63~r59945-3 - webkit 1.2.7-1 NOTE: http://trac.webkit.org/changeset/72013 -CVE-2010-4492 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...) +CVE-2010-4492 {DSA-2188-1} - chromium-browser 6.0.472.63~r59945-3 - webkit 1.2.7-1 NOTE: http://trac.webkit.org/changeset/71686 -CVE-2010-4491 (Google Chrome before 8.0.552.215 does not properly restrict privileged ...) +CVE-2010-4491 - chromium-browser 9.0.597.45~r70550-1 [squeeze] - chromium-browser <not-affected> [wheezy] - chromium-browser <not-affected> - webkit <not-affected> (issue in chromium-specific webkit code) NOTE: http://code.google.com/p/chromium/issues/detail?id=62168 NOTE: http://trac.webkit.org/changeset/71533 -CVE-2010-4490 (Google Chrome before 8.0.552.215 allows remote attackers to cause a ...) +CVE-2010-4490 - chromium-browser 6.0.472.63~r59945-3 - webkit <not-affected> (chromium specific issue) -CVE-2010-4489 (libvpx, as used in Google Chrome before 8.0.552.215 and possibly other ...) +CVE-2010-4489 - chromium-browser <not-affected> - webkit <not-affected> - libvpx 0.9.5-1 (bug #610510) [squeeze] - libvpx <not-affected> (regression in later version) -CVE-2010-4488 (Google Chrome before 8.0.552.215 does not properly handle HTTP proxy ...) +CVE-2010-4488 - chromium-browser 9.0.597.83~r72435-1 (unimportant) [squeeze] - chromium-browser <not-affected> - webkit <not-affected> (chromium issue) NOTE: only a browser crash -CVE-2010-4487 (Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 ...) +CVE-2010-4487 - chromium-browser 6.0.472.63~r59945-3 - webkit <not-affected> (chromium issue) -CVE-2010-4486 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...) +CVE-2010-4486 - chromium-browser 6.0.472.63~r59945-3 - webkit <not-affected> (vulnerable code not present in 1.2) NOTE: http://trac.webkit.org/changeset/71170 -CVE-2010-4485 (Google Chrome before 8.0.552.215 does not properly restrict the ...) +CVE-2010-4485 - chromium-browser 9.0.597.83~r72435-1 (unimportant) NOTE: http://trac.webkit.org/changeset/69914 NOTE: only a browser crash due to opening too many dialogs (i.e. a dos) -CVE-2010-4484 (Google Chrome before 8.0.552.215 does not properly handle HTML5 ...) +CVE-2010-4484 - chromium-browser 9.0.597.83~r72435-1 (unimportant) [squeeze] - chromium-browser <not-affected> - webkit <not-affected> (chromium specific) NOTE: only a browser crash -CVE-2010-4483 (Google Chrome before 8.0.552.215 does not properly restrict read ...) +CVE-2010-4483 - chromium-browser 6.0.472.63~r59945-3 NOTE: https://bugs.webkit.org/show_bug.cgi?id=46678 -CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215 allows ...) +CVE-2010-4482 - chromium-browser <unfixed> (unimportant) NOTE: unimportant, bypass the pop-up blocker NOTE: http://trac.webkit.org/changeset/69990 -CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass ...) +CVE-2010-4481 {DSA-2139-1} - phpmyadmin 4:3.3.7-3 (bug #608290) NOTE: enables phpinfo output; this is disabled by default and phpinfo on Debian NOTE: systems is by and large full of otherwise predictable information. -CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1, and other versions before ...) +CVE-2010-4480 {DSA-2139-1} - phpmyadmin 4:3.3.7-3 (bug #608290) CVE-2010-4510 REJECTED -CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before ...) +CVE-2010-4479 - clamav 0.96.5+dfsg-1 [lenny] - clamav <not-affected> (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e) NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b -CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly ...) +CVE-2010-4478 - openssh <not-affected> (J-PAKE not activated, see bug #606922) CVE-2010-4477 REJECTED -CVE-2010-4476 (The Double.parseDouble method in Java Runtime Environment (JRE) in ...) +CVE-2010-4476 {DSA-2161-2 DSA-2161-1} - openjdk-6 6b18-1.8.7-1 (bug #612660) [lenny] - sun-java6 <no-dsa> (non-free not supported) @@ -2038,188 +2038,188 @@ CVE-2010-4476 (The Double.parseDouble method in Java Runtime Environment (JRE) i NOTE: Patch http://mail.openjdk.java.net/pipermail/core-libs-dev/2011-February/005795.html NOTE: Oracle http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html NOTE: Original report http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/ -CVE-2010-4475 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4475 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4474 (Unspecified vulnerability in the Java DB component in Oracle Java SE ...) +CVE-2010-4474 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4473 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4473 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4472 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4472 {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4471 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4471 {DSA-2224-1} - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4470 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4470 {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4469 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4469 {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4468 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4468 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4467 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4467 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4466 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4466 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4465 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4465 {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4464 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote ...) +CVE-2010-4464 NOT-FOR-US: Oracle Convergence -CVE-2010-4463 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4463 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4462 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4462 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4461 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) +CVE-2010-4461 NOT-FOR-US: PeopleSoft -CVE-2010-4460 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...) +CVE-2010-4460 NOT-FOR-US: Solaris -CVE-2010-4459 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...) +CVE-2010-4459 NOT-FOR-US: Solaris -CVE-2010-4458 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...) +CVE-2010-4458 NOT-FOR-US: Solaris -CVE-2010-4457 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote ...) +CVE-2010-4457 NOT-FOR-US: Solaris -CVE-2010-4456 (Unspecified vulnerability in Oracle Sun Java System Communications ...) +CVE-2010-4456 NOT-FOR-US: Oracle Sun Java System Communications Express -CVE-2010-4455 (Unspecified vulnerability in the Oracle HTTP Server component in ...) +CVE-2010-4455 NOT-FOR-US: Oracle Fusion -CVE-2010-4454 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4454 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4453 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) +CVE-2010-4453 NOT-FOR-US: Oracle WebLogic -CVE-2010-4452 (Unspecified vulnerability in the Deployment component in Java Runtime ...) +CVE-2010-4452 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4451 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4451 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4450 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4450 {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4449 (Unspecified vulnerability in the Audit Vault component in Oracle Audit ...) +CVE-2010-4449 NOT-FOR-US: Oracle Audit -CVE-2010-4448 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4448 {DSA-2224-1} - sun-java6 6.24-1 - openjdk-6 6b18-1.8.7-1 (bug #614033) [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4447 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4447 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4446 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...) +CVE-2010-4446 NOT-FOR-US: Solaris -CVE-2010-4445 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) +CVE-2010-4445 NOT-FOR-US: PeopleSoft -CVE-2010-4444 (Unspecified vulnerability in Oracle Sun Java System Access Manager and ...) +CVE-2010-4444 NOT-FOR-US: OpenSSO -CVE-2010-4443 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...) +CVE-2010-4443 NOT-FOR-US: Solaris -CVE-2010-4442 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...) +CVE-2010-4442 NOT-FOR-US: Solaris -CVE-2010-4441 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) +CVE-2010-4441 NOT-FOR-US: PeopleSoft -CVE-2010-4440 (Unspecified vulnerability in Oracle 10 and 11 Express allows local ...) +CVE-2010-4440 NOT-FOR-US: Oracle Express -CVE-2010-4439 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) +CVE-2010-4439 NOT-FOR-US: PeopleSoft -CVE-2010-4438 (Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, ...) +CVE-2010-4438 - glassfish <not-affected> (Only builds a few class libs) -CVE-2010-4437 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) +CVE-2010-4437 NOT-FOR-US: WebLogic -CVE-2010-4436 (Unspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0 ...) +CVE-2010-4436 NOT-FOR-US: SunMC -CVE-2010-4435 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...) +CVE-2010-4435 NOT-FOR-US: Solaris -CVE-2010-4434 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2010-4434 NOT-FOR-US: PeopleSoft -CVE-2010-4433 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...) +CVE-2010-4433 NOT-FOR-US: Solaris -CVE-2010-4432 (Unspecified vulnerability in the Oracle Transportation Manager ...) +CVE-2010-4432 NOT-FOR-US: Oracle Supply Chain -CVE-2010-4431 (Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 ...) +CVE-2010-4431 NOT-FOR-US: Oracle Sun Java System Portal Server -CVE-2010-4430 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) +CVE-2010-4430 NOT-FOR-US: PeopleSoft -CVE-2010-4429 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...) +CVE-2010-4429 NOT-FOR-US: Oracle Supply Chain -CVE-2010-4428 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) +CVE-2010-4428 NOT-FOR-US: PeopleSoft -CVE-2010-4427 (Unspecified vulnerability in the Oracle BI Publisher component in ...) +CVE-2010-4427 NOT-FOR-US: Oracle BI Publisher -CVE-2010-4426 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2010-4426 NOT-FOR-US: PeopleSoft -CVE-2010-4425 (Unspecified vulnerability in the Oracle BI Publisher component in ...) +CVE-2010-4425 NOT-FOR-US: Oracle BI Publisher -CVE-2010-4424 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2010-4424 NOT-FOR-US: PeopleSoft -CVE-2010-4423 (Unspecified vulnerability in the Cluster Verify Utility component in ...) +CVE-2010-4423 NOT-FOR-US: Oracle Database -CVE-2010-4422 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) +CVE-2010-4422 - sun-java6 6.24-1 [lenny] - sun-java6 <no-dsa> (non-free not supported) [squeeze] - sun-java6 <no-dsa> (non-free not supported) -CVE-2010-4421 (Unspecified vulnerability in the Database Vault component in Oracle ...) +CVE-2010-4421 NOT-FOR-US: Oracle Database -CVE-2010-4420 (Unspecified vulnerability in the Database Vault component in Oracle ...) +CVE-2010-4420 NOT-FOR-US: Oracle Database -CVE-2010-4419 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...) +CVE-2010-4419 NOT-FOR-US: PeopleSoft -CVE-2010-4418 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2010-4418 NOT-FOR-US: PeopleSoft -CVE-2010-4417 (Unspecified vulnerability in the Services for Beehive component in ...) +CVE-2010-4417 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-4416 (Unspecified vulnerability in the Oracle GoldenGate Veridata component ...) +CVE-2010-4416 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-4415 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) +CVE-2010-4415 NOT-FOR-US: Solaris -CVE-2010-4414 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local ...) +CVE-2010-4414 - virtualbox-ose <not-affected> (Support for extensions was added in 4.x, see #611925) -CVE-2010-4413 (Unspecified vulnerability in the Scheduler Agent component in Oracle ...) +CVE-2010-4413 NOT-FOR-US: Oracle Database -CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta ...) +CVE-2010-4412 NOT-FOR-US: pfSense -CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote ...) +CVE-2010-4411 - perl 5.10.1-17 (bug #606995) [lenny] - perl 5.10.0-19lenny3 - libcgi-simple-perl 1.111-2 (bug #606379) @@ -2227,7 +2227,7 @@ CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remot - libcgi-pm-perl 3.51-1 (bug #606370) [lenny] - libcgi-pm-perl 3.38-2lenny2 [squeeze] - libcgi-pm-perl 3.49-1squeeze1 -CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm ...) +CVE-2010-4410 - perl 5.10.1-17 (bug #606995) [lenny] - perl 5.10.0-19lenny3 - libcgi-pm-perl 3.50-1 (bug #606370) @@ -2235,209 +2235,209 @@ CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm [squeeze] - libcgi-pm-perl 3.49-1squeeze1 - libcgi-simple-perl 1.111-2 (bug #606379) [lenny] - libcgi-simple-perl 1.105-1lenny1 -CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through ...) +CVE-2010-4408 NOT-FOR-US: Apache archiva -CVE-2010-4334 (The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not ...) +CVE-2010-4334 - libio-socket-ssl-perl 1.35-1 (bug #606058) [squeeze] - libio-socket-ssl-perl 1.33-1+squeeze1 [lenny] - libio-socket-ssl-perl <not-affected> (Vulnerable code not present) -CVE-2010-4335 (The _validatePost function in libs/controller/components/security.php ...) +CVE-2010-4335 - cakephp 1.3.2-1.1 (bug #606386) [lenny] - cakephp <not-affected> NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb -CVE-2010-4336 (The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd ...) +CVE-2010-4336 {DSA-2133-1} - collectd 4.10.1-2.1 (bug #605092; low) [squeeze] - collectd 4.10.1-1+squeeze2 -CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to overwrite ...) +CVE-2010-4337 {DSA-2435-1} - gnash 0.8.8-8 (unimportant; bug #605419) -CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka ...) +CVE-2010-4409 - php5 5.3.3-6 [lenny] - php5 <not-affected> (intl extension included since 5.3) NOTE: http://www.kb.cert.org/vuls/id/479900 -CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2010-4407 NOT-FOR-US: AlGuest -CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton ...) +CVE-2010-4406 NOT-FOR-US: LittlePhpGallery -CVE-2010-4405 (Cross-site scripting (XSS) vulnerability in the Yannick Gaultier ...) +CVE-2010-4405 NOT-FOR-US: Joomla! extension -CVE-2010-4404 (SQL injection vulnerability in the Yannick Gaultier sh404SEF component ...) +CVE-2010-4404 NOT-FOR-US: Joomla! extension -CVE-2010-4403 (The Register Plus plugin 3.5.1 and earlier for WordPress allows remote ...) +CVE-2010-4403 NOT-FOR-US: The Register Plus plugin for WordPress -CVE-2010-4402 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...) +CVE-2010-4402 NOT-FOR-US: The Register Plus plugin for WordPress -CVE-2010-4401 (languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain ...) +CVE-2010-4401 NOT-FOR-US: DynPG -CVE-2010-4400 (SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows ...) +CVE-2010-4400 NOT-FOR-US: DynPG -CVE-2010-4399 (Directory traversal vulnerability in languages.inc.php in DynPG CMS ...) +CVE-2010-4399 NOT-FOR-US: DynPG -CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in ...) +CVE-2010-4398 NOT-FOR-US: Microsoft Windows -CVE-2010-4397 (Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer ...) +CVE-2010-4397 NOT-FOR-US: RealPlayer -CVE-2010-4396 (Cross-zone scripting vulnerability in the HandleAction method in a ...) +CVE-2010-4396 NOT-FOR-US: RealPlayer -CVE-2010-4395 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4395 NOT-FOR-US: RealPlayer -CVE-2010-4394 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4394 NOT-FOR-US: RealPlayer -CVE-2010-4393 (Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer ...) +CVE-2010-4393 NOT-FOR-US: RealPlayer -CVE-2010-4392 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4392 NOT-FOR-US: RealPlayer -CVE-2010-4391 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4391 NOT-FOR-US: RealPlayer -CVE-2010-4390 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 ...) +CVE-2010-4390 NOT-FOR-US: RealPlayer -CVE-2010-4389 (Heap-based buffer overflow in the cook codec in RealNetworks ...) +CVE-2010-4389 NOT-FOR-US: RealPlayer -CVE-2010-4388 (The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components ...) +CVE-2010-4388 NOT-FOR-US: RealPlayer -CVE-2010-4387 (The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, ...) +CVE-2010-4387 NOT-FOR-US: RealPlayer -CVE-2010-4386 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through ...) +CVE-2010-4386 NOT-FOR-US: RealPlayer -CVE-2010-4385 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, ...) +CVE-2010-4385 NOT-FOR-US: RealPlayer -CVE-2010-4384 (Array index error in RealNetworks RealPlayer 11.0 through 11.1, ...) +CVE-2010-4384 NOT-FOR-US: RealPlayer -CVE-2010-4383 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4383 NOT-FOR-US: RealPlayer -CVE-2010-4382 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 ...) +CVE-2010-4382 NOT-FOR-US: RealPlayer -CVE-2010-4381 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4381 NOT-FOR-US: RealPlayer -CVE-2010-4380 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4380 NOT-FOR-US: RealPlayer -CVE-2010-4379 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4379 NOT-FOR-US: RealPlayer -CVE-2010-4378 (The drv2.dll (aka RV20 decompression) module in RealNetworks ...) +CVE-2010-4378 NOT-FOR-US: RealPlayer -CVE-2010-4377 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4377 NOT-FOR-US: RealPlayer -CVE-2010-4376 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4376 NOT-FOR-US: RealPlayer -CVE-2010-4375 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-4375 NOT-FOR-US: RealPlayer -CVE-2010-4374 (The in_mkv plugin in Winamp before 5.6 allows remote attackers to ...) +CVE-2010-4374 NOT-FOR-US: Winamp -CVE-2010-4373 (The in_mp4 plugin in Winamp before 5.6 allows remote attackers to ...) +CVE-2010-4373 NOT-FOR-US: Winamp -CVE-2010-4372 (Integer overflow in the in_nsv plugin in Winamp before 5.6 allows ...) +CVE-2010-4372 NOT-FOR-US: Winamp -CVE-2010-4371 (Buffer overflow in the in_mod plugin in Winamp before 5.6 allows ...) +CVE-2010-4371 NOT-FOR-US: Winamp -CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6 ...) +CVE-2010-4370 NOT-FOR-US: Winamp -CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...) +CVE-2010-4369 - awstats 6.9.5~dfsg-5 (low; bug #606263) [lenny] - awstats 6.7.dfsg-5.1+lenny1 -CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir ...) +CVE-2010-4368 - awstats <not-affected> (Windows-specific issue) NOTE: looks like it's the same as CVE-2010-4367 -CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...) +CVE-2010-4367 - awstats 6.9.5~dfsg-5 (low; bug #606263) [lenny] - awstats 6.7.dfsg-5.1+lenny1 -CVE-2010-4338 (ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify ...) +CVE-2010-4338 - ocrodjvu 0.4.6-2 (low; bug #598134) -CVE-2010-4339 (Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows ...) +CVE-2010-4339 - hypermail <removed> (low; bug #598743) [lenny] - hypermail <no-dsa> (Minor issue) -CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-4366 NOT-FOR-US: Chameleon Social Networking -CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar ...) +CVE-2010-4365 NOT-FOR-US: Joomla! extension -CVE-2010-4364 (DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does ...) +CVE-2010-4364 NOT-FOR-US: DaDaBIK -CVE-2010-4363 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...) +CVE-2010-4363 NOT-FOR-US: FreeTicket -CVE-2010-4362 (Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer ...) +CVE-2010-4362 NOT-FOR-US: MicroNetsoft RV Dealer -CVE-2010-4361 (Cross-site scripting (XSS) vulnerability in url-gateway.php in ...) +CVE-2010-4361 NOT-FOR-US: Jurpopage -CVE-2010-4360 (Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 ...) +CVE-2010-4360 NOT-FOR-US: Jurpopage -CVE-2010-4359 (SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows ...) +CVE-2010-4359 NOT-FOR-US: Jurpopage -CVE-2010-4358 (Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in ...) +CVE-2010-4358 NOT-FOR-US: MRCGIGUY (MCG) Guestbook -CVE-2010-4357 (SQL injection vulnerability in comments.php in SiteEngine 7.1 allows ...) +CVE-2010-4357 NOT-FOR-US: SiteEngine -CVE-2010-4356 (SQL injection vulnerability in news_default.asp in Site2Nite Big Truck ...) +CVE-2010-4356 NOT-FOR-US: Site2Nite Big Truck -CVE-2010-4355 (Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, ...) +CVE-2010-4355 NOT-FOR-US: DaDaBIK CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes] - elfsign <removed> (low; bug #555668) [lenny] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package) -CVE-2010-4354 (The remote-access IPSec VPN implementation on Cisco Adaptive Security ...) +CVE-2010-4354 NOT-FOR-US: Cisco ASA -CVE-2010-4353 (Unrestricted file upload vulnerability in ...) +CVE-2010-4353 - gallery3 <itp> (bug #511715) -CVE-2010-4352 (Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 ...) +CVE-2010-4352 {DSA-2149-1} - dbus 1.2.24-4 -CVE-2010-4351 (The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 ...) +CVE-2010-4351 {DSA-2224-1} - openjdk-6 6b18-1.8.4-1 [squeeze] - openjdk-6 <no-dsa> (bug #614151) [lenny] - openjdk-6 <no-dsa> (bug #614151) -CVE-2010-4350 (Directory traversal vulnerability in admin/upgrade_unattended.php in ...) +CVE-2010-4350 - mantis <not-affected> (admin dir procected in Apache config, see #607159) -CVE-2010-4349 (admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote ...) +CVE-2010-4349 - mantis <not-affected> (admin dir procected in Apache config, see #607159) -CVE-2010-4348 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-4348 - mantis <not-affected> (admin dir procected in Apache config, see #607159) -CVE-2010-4347 (The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 ...) +CVE-2010-4347 - linux-2.6 <not-affected> (Introduced in 2.6.33 and fixed in 2.6.36.2, we never released an affected kernel) -CVE-2010-4346 (The install_special_mapping function in mm/mmap.c in the Linux kernel ...) +CVE-2010-4346 {DSA-2153-1} - linux-2.6 2.6.32-30 -CVE-2010-4345 (Exim 4.72 and earlier allows local users to gain privileges by ...) +CVE-2010-4345 {DSA-2154-1} - exim4 4.72-3 (bug #606527) -CVE-2010-4344 (Heap-based buffer overflow in the string_vformat function in string.c ...) +CVE-2010-4344 {DSA-2131-1} - exim4 4.70-1 (bug #606612) -CVE-2010-4343 (drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not ...) +CVE-2010-4343 - linux-2.6 2.6.32-30 [lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32) -CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux ...) +CVE-2010-4342 {DSA-2153-1} - linux-2.6 2.6.32-30 -CVE-2010-4341 (The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in ...) +CVE-2010-4341 - sssd 1.2.1-4.1 (bug #610032) [squeeze] - sssd 1.2.1-4+squeeze1 [wheezy] - sssd 1.2.1-4+squeeze1 -CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers ...) +CVE-2010-4333 NOT-FOR-US: Pointter PHP Micro-Blogging Social Network -CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to ...) +CVE-2010-4332 NOT-FOR-US: Pointter PHP Content Management System -CVE-2010-4331 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 ...) +CVE-2010-4331 NOT-FOR-US: Seo Panel -CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse ...) +CVE-2010-4330 NOT-FOR-US: Pulse CMS Basic -CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton ...) +CVE-2010-4329 {DSA-2139-1} - phpmyadmin 4:3.3.7-2 -CVE-2010-4328 (Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd ...) +CVE-2010-4328 NOT-FOR-US: Novell iPrint LPD -CVE-2010-4327 (Unspecified vulnerability in the NCP service in Novell eDirectory ...) +CVE-2010-4327 NOT-FOR-US: Novell eDirectory -CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent ...) +CVE-2010-4326 NOT-FOR-US: Groupwise -CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in ...) +CVE-2010-4325 NOT-FOR-US: Groupwise -CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the ...) +CVE-2010-4324 NOT-FOR-US: Novell Identity Manager -CVE-2010-4323 (Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks ...) +CVE-2010-4323 NOT-FOR-US: Novell ZENworks -CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell ...) +CVE-2010-4322 NOT-FOR-US: Novell Vibe -CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx in ...) +CVE-2010-4321 NOT-FOR-US: Novell iPrint client CVE-2010-4320 RESERVED @@ -2451,44 +2451,44 @@ CVE-2010-4316 RESERVED CVE-2010-4315 RESERVED -CVE-2010-4314 (Remote attackers can use the iPrint web-browser ActiveX plugin in ...) +CVE-2010-4314 NOT-FOR-US: iPrint web-browser ActiveX plugin in Novell iPrint Client -CVE-2010-4313 (Unrestricted file upload vulnerability in fileman_file_upload.php in ...) +CVE-2010-4313 NOT-FOR-US: Orbis CMS -CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include the ...) +CVE-2010-4312 - tomcat6 6.0.35-5 (unimportant; bug #608286) [lenny] - tomcat6 <not-affected> (Only ships the servlet package) -CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which allows ...) +CVE-2010-4311 NOT-FOR-US: Free Simple Software CVE-2010-4310 RESERVED -CVE-2010-4309 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute ...) +CVE-2010-4309 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4308 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute ...) +CVE-2010-4308 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4307 (Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows ...) +CVE-2010-4307 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...) +CVE-2010-4306 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4305 (Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and ...) +CVE-2010-4305 NOT-FOR-US: Cisco Unified Videoconferencing -CVE-2010-4304 (The web interface in Cisco Unified Videoconferencing (UVC) System ...) +CVE-2010-4304 NOT-FOR-US: Cisco Unified Videoconferencing -CVE-2010-4303 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the ...) +CVE-2010-4303 NOT-FOR-US: Cisco Unified Videoconferencing -CVE-2010-4302 (/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified ...) +CVE-2010-4302 NOT-FOR-US: Cisco Unified Videoconferencing -CVE-2010-4299 (Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 ...) +CVE-2010-4299 NOT-FOR-US: Novell Zenworks -CVE-2010-4298 (SQL injection vulnerability in the download module in Free Simple ...) +CVE-2010-4298 NOT-FOR-US: Free Simple Software -CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation 6.5.x ...) +CVE-2010-4297 NOT-FOR-US: VMware -CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on ...) +CVE-2010-4296 NOT-FOR-US: VMware -CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware ...) +CVE-2010-4295 NOT-FOR-US: VMware -CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in ...) +CVE-2010-4294 NOT-FOR-US: VMware CVE-2010-XXXX [directory traversal] - openacs 5.5.1+dfsg-2 @@ -2516,9 +2516,9 @@ CVE-2010-XXXX [insecure python path handling] - mmass 3.8.0-2 (low; bug #605150) [squeeze] - mmass <not-affected> (Doesn't set PYTHONPATH) - guake 0.4.2-3 (low; bug #605163) -CVE-2010-4301 (epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in ...) +CVE-2010-4301 - wireshark <not-affected> (Only affects >= 1.4) -CVE-2010-4300 (Heap-based buffer overflow in the dissect_ldss_transfer function ...) +CVE-2010-4300 - wireshark 1.2.11-4 [lenny] - wireshark <not-affected> (Only affects >= 1.2) CVE-2010-4293 @@ -2539,101 +2539,101 @@ CVE-2010-4286 REJECTED CVE-2010-4285 REJECTED -CVE-2010-4284 (SQL injection vulnerability in the authentication form in the ...) +CVE-2010-4284 NOT-FOR-US: Samsung Integrated Management System -CVE-2010-4283 (PHP remote file inclusion vulnerability in extras/pandora_diag.php in ...) +CVE-2010-4283 NOT-FOR-US: Pandora FMS -CVE-2010-4282 (Multiple directory traversal vulnerabilities in Pandora FMS before ...) +CVE-2010-4282 NOT-FOR-US: Pandora FMS -CVE-2010-4281 (Incomplete blacklist vulnerability in the safe_url_extraclean function ...) +CVE-2010-4281 NOT-FOR-US: Pandora FMS -CVE-2010-4280 (Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 ...) +CVE-2010-4280 NOT-FOR-US: Pandora FMS -CVE-2010-4279 (The default configuration of Pandora FMS 3.1 and earlier specifies an ...) +CVE-2010-4279 NOT-FOR-US: Pandora FMS -CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows ...) +CVE-2010-4278 NOT-FOR-US: Pandora FMS -CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...) +CVE-2010-4277 NOT-FOR-US: Embedded Video plugin 4.1 for WordPress -CVE-2010-4276 (Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid ...) +CVE-2010-4276 NOT-FOR-US: LiveZilla -CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager ...) +CVE-2010-4275 NOT-FOR-US: Radius Manager -CVE-2010-4274 (reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 ...) +CVE-2010-4274 NOT-FOR-US: IBM Systems Director -CVE-2010-4273 (SQL injection vulnerability in imoveis.php in DescargarVista ACC ...) +CVE-2010-4273 NOT-FOR-US: DescargarVista ACC -CVE-2010-4272 (SQL injection vulnerability in the Pulse Infotech Sponsor Wall ...) +CVE-2010-4272 NOT-FOR-US: Pulse Infotech Sponsor Wall -CVE-2010-4271 (SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows ...) +CVE-2010-4271 NOT-FOR-US: ImpressCMS -CVE-2010-4270 (Directory traversal vulnerability in the nBill (com_netinvoice) ...) +CVE-2010-4270 NOT-FOR-US: Joomla addon -CVE-2010-4269 (SQL injection vulnerability in managechat.php in Collabtive 0.65 ...) +CVE-2010-4269 NOT-FOR-US: Collabtive -CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall ...) +CVE-2010-4268 NOT-FOR-US: Pulse Infotech -CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in ...) +CVE-2010-4267 {DSA-2152-1} - hplip 3.10.6-2 (bug #610960) CVE-2010-4266 RESERVED -CVE-2010-4265 (The ...) +CVE-2010-4265 - jbossas4 <not-affected> (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update) CVE-2010-4264 RESERVED -CVE-2010-4263 (The igb_receive_skb function in drivers/net/igb/igb_main.c in the ...) +CVE-2010-4263 - linux-2.6 2.6.32-30 [lenny] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2010-4262 (Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote ...) +CVE-2010-4262 - xfig 1:3.2.5.b-1.1 (bug #606257) NOTE: details and patch at https://bugzilla.redhat.com/659676 -CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...) +CVE-2010-4261 - clamav 0.96.5+dfsg-1 [lenny] - clamav <not-affected> (icon extractor not yet present) NOTE: Fixed in 1f3db7f074995bd4e1d0183b2db8b1c472d2f41b -CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV ...) +CVE-2010-4260 - clamav 0.96.5+dfsg-1 [lenny] - clamav <not-affected> (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e) NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b -CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote ...) +CVE-2010-4259 {DSA-2253-1} - fontforge 0.0.20100501-4 (bug #605537) -CVE-2010-4258 (The do_exit function in kernel/exit.c in the Linux kernel before ...) +CVE-2010-4258 {DSA-2153-1} - linux-2.6 2.6.32-29 -CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in ...) +CVE-2010-4257 {DSA-2138-1} NOTE: http://core.trac.wordpress.org/changeset/16625 - wordpress 3.0.2-1 (bug #605603) -CVE-2010-4256 (The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 ...) +CVE-2010-4256 - linux-2.6 <not-affected> (introduced in 2.6.35; fixed in 2.6.37) -CVE-2010-4255 (The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and ...) +CVE-2010-4255 - xen 4.0.1-2 (bug #609531) -CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is ...) +CVE-2010-4254 - moon <not-affected> (Debian's version of Moonlight is not affected, see #608288) -CVE-2010-4253 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and ...) +CVE-2010-4253 {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 -CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly ...) +CVE-2010-4252 - openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug #606902) NOTE: http://www.openssl.org/news/secadv/20101202.txt -CVE-2010-4251 (The socket implementation in net/core/sock.c in the Linux kernel ...) +CVE-2010-4251 - linux-2.6 2.6.32-22 -CVE-2010-4250 (Memory leak in the inotify_init1 function in ...) +CVE-2010-4250 - linux-2.6 2.6.37-1 [squeeze] - linux-2.6 <not-affected> (Introduced after 2.6.32) [lenny] - linux-2.6 <not-affected> (Introduced after 2.6.32) [wheezy] - linux-2.6 <not-affected> (Introduced after 2.6.32) -CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux ...) +CVE-2010-4249 {DSA-2153-1} - linux-2.6 2.6.32-30 -CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the ...) +CVE-2010-4248 {DSA-2153-1} - linux-2.6 2.6.32-29 -CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and ...) +CVE-2010-4247 - linux-2.6 <not-affected> (changes included since introduction of dom0 support) -CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in ...) +CVE-2010-4246 NOT-FOR-US: pfSense CVE-2010-4245 RESERVED @@ -2641,10 +2641,10 @@ CVE-2010-4245 [lenny] - pootle <not-affected> (Vulnerable code not present) CVE-2010-4244 REJECTED -CVE-2010-4243 (fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM ...) +CVE-2010-4243 {DSA-2153-1} - linux-2.6 2.6.32-30 -CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver ...) +CVE-2010-4242 {DSA-2153-1} - linux-2.6 2.6.32-28 CVE-2010-4241 @@ -2656,32 +2656,32 @@ CVE-2010-4240 CVE-2010-4239 RESERVED - tikiwiki <removed> -CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on ...) +CVE-2010-4238 - linux-2.6 <not-affected> (RedHat-specific issue, does not affect Xen-upstream/Debian) -CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind ...) +CVE-2010-4236 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-4235 (Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, ...) +CVE-2010-4235 NOT-FOR-US: RealNetworks Helix -CVE-2010-4234 (The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz ...) +CVE-2010-4234 NOT-FOR-US: Camtron, TecVoz -CVE-2010-4233 (The Linux installation on the Camtron CMNC-200 Full HD IP Camera and ...) +CVE-2010-4233 NOT-FOR-US: Camtron, TecVoz -CVE-2010-4232 (The web-based administration interface on the Camtron CMNC-200 Full HD ...) +CVE-2010-4232 NOT-FOR-US: Camtron, TecVoz -CVE-2010-4231 (Directory traversal vulnerability in the web-based administration ...) +CVE-2010-4231 NOT-FOR-US: Camtron, TecVoz -CVE-2010-4230 (Stack-based buffer overflow in a certain ActiveX control for the ...) +CVE-2010-4230 NOT-FOR-US: Camtron, TecVoz -CVE-2010-4229 (Directory traversal vulnerability in an unspecified servlet in the ...) +CVE-2010-4229 NOT-FOR-US: Novell ZENworks Configuration Management -CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP ...) +CVE-2010-4228 NOT-FOR-US: Novell NetWare -CVE-2010-4227 (The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before ...) +CVE-2010-4227 NOT-FOR-US: Novell Netware -CVE-2010-4226 (cpio, as used in build 2007.05.10, 2010.07.28, and possibly other ...) +CVE-2010-4226 NOT-FOR-US: OpenSuSE build services NOTE: This might qualify as a cpio hardening issue, but this CVE-ID is not about cpio itself. -CVE-2010-4225 (Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x ...) +CVE-2010-4225 - mono 2.6.7-5 (bug #608288) CVE-2010-4224 RESERVED @@ -2689,119 +2689,119 @@ CVE-2010-4223 RESERVED CVE-2010-4222 RESERVED -CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets ...) +CVE-2010-4221 - proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279) [lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3) -CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...) +CVE-2010-4220 NOT-FOR-US: IBM WebSphere -CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...) +CVE-2010-4219 NOT-FOR-US: IBM WebSphere -CVE-2010-4218 (Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown ...) +CVE-2010-4218 NOT-FOR-US: IBM ENOVIA 6 -CVE-2010-4217 (Use-after-free vulnerability in the proxy server in IBM Tivoli ...) +CVE-2010-4217 NOT-FOR-US: IBM Tivoli Directory Server -CVE-2010-4216 (IBM Tivoli Directory Server (TDS) 6.0.0.x before ...) +CVE-2010-4216 NOT-FOR-US: IBM Tivoli Directory Server -CVE-2010-4215 (UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated ...) +CVE-2010-4215 - foswiki <itp> (bug #509864) -CVE-2010-4214 (The Wells Fargo Mobile application 1.1 for Android stores a username ...) +CVE-2010-4214 NOT-FOR-US: Wells Fargo Mobile for Android -CVE-2010-4213 (The Bank of America application 2.12 for Android stores a security ...) +CVE-2010-4213 NOT-FOR-US: Bank of America application for Android -CVE-2010-4212 (The USAA application 3.0 for Android stores a mirror image of each ...) +CVE-2010-4212 NOT-FOR-US: USAA application for Android -CVE-2010-4211 (The PayPal app before 3.0.1 for iOS does not verify that the server ...) +CVE-2010-4211 NOT-FOR-US: PayPal app for iOS -CVE-2010-4210 (The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x ...) +CVE-2010-4210 - kfreebsd-7 <unfixed> [lenny] - kfreebsd-7 <no-dsa> (Not covered by security support in Lenny) - kfreebsd-8 8.1-1 - kfreebsd-9 <not-affected> (fixed prior to first upload) - kfreebsd-10 <not-affected> (fixed prior to first upload) -CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component ...) +CVE-2010-4209 - yui 2.8.2r1~squeeze-1 (bug #603513) -CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component ...) +CVE-2010-4208 - yui 2.8.2r1~squeeze-1 (bug #603513) -CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component ...) +CVE-2010-4207 - yui 2.8.2r1~squeeze-1 (bug #603513) -CVE-2010-4206 (Array index error in the FEBlend::apply function in ...) +CVE-2010-4206 - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/70652 -CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data ...) +CVE-2010-4205 - chromium-browser 6.0.472.63~r59945-2 NOTE: https://bugs.webkit.org/show_bug.cgi?id=48159 NOTE: http://trac.webkit.org/changeset/70550 -CVE-2010-4204 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...) +CVE-2010-4204 - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: https://bugs.webkit.org/show_bug.cgi?id=48281 NOTE: http://trac.webkit.org/changeset/70517 -CVE-2010-4202 (Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux ...) +CVE-2010-4202 - webkit <not-affected> (skia issue) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://code.google.com/p/skia/source/detail?r=606 NOTE: http://code.google.com/p/skia/source/detail?r=607 -CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...) +CVE-2010-4201 - chromium-browser 6.0.472.63~r59945-2 NOTE: https://bugs.webkit.org/show_bug.cgi?id=47522 CVE-2010-4200 REJECTED -CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast of an ...) +CVE-2010-4199 {DSA-2188-1} - webkit 1.2.7-1 - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/69936 -CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...) +CVE-2010-4198 - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/69735 NOTE: style fix change set: http://trac.webkit.org/changeset/69801 -CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...) +CVE-2010-4197 - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/70594 -CVE-2010-4196 (The Shockwave 3d Asset module in Adobe Shockwave Player before ...) +CVE-2010-4196 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4195 (The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does ...) +CVE-2010-4195 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4194 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does ...) +CVE-2010-4194 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4193 (Adobe Shockwave Player before 11.5.9.620 does not properly validate ...) +CVE-2010-4193 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4192 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...) +CVE-2010-4192 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4191 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...) +CVE-2010-4191 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4190 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...) +CVE-2010-4190 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4189 (The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows ...) +CVE-2010-4189 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4188 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 ...) +CVE-2010-4188 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4187 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...) +CVE-2010-4187 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools Online ...) +CVE-2010-4186 NOT-FOR-US: OnlineTechTools -CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly 2.3.8 ...) +CVE-2010-4185 NOT-FOR-US: Energine -CVE-2010-4184 (NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with ...) +CVE-2010-4184 NOT-FOR-US: NetSupport Manager -CVE-2010-4183 (Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier ...) +CVE-2010-4183 - php-htmlpurifier 4.1.1+dfsg1-1 -CVE-2010-4182 (Untrusted search path vulnerability in the Data Access Objects (DAO) ...) +CVE-2010-4182 NOT-FOR-US: Microsoft Windows -CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...) +CVE-2010-4181 - yaws <not-affected> (Only affects Windows) -CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when ...) +CVE-2010-4180 {DSA-2141-1} - openssl 0.9.8o-4 NOTE: http://www.openssl.org/news/secadv/20101202.txt -CVE-2010-4179 (The installation documentation for Red Hat Enterprise Messaging, ...) +CVE-2010-4179 NOT-FOR-US: RedHat documentation of MRG CVE-2010-4178 RESERVED @@ -2813,96 +2813,96 @@ CVE-2010-4177 - mysql-gui-tools <unfixed> (low; bug #605542) [squeeze] - mysql-gui-tools <no-dsa> (Minor issue) [lenny] - mysql-gui-tools <no-dsa> (Minor issue) -CVE-2010-4176 (plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 ...) +CVE-2010-4176 - dracut <not-affected> (vulnerable script not shipped) - udev <not-affected> (vulnerable script not shipped; fedora-specific issue) -CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) ...) +CVE-2010-4175 - linux-2.6 2.6.32-28 [lenny] - linux-2.6 <not-affected> (RDS introduced in 2.6.30) CVE-2010-4174 REJECTED -CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...) +CVE-2010-4173 - libsdp 1.1.99-2.1 (bug #603841) -CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager ...) +CVE-2010-4172 - tomcat6 6.0.28-9 (bug #606388) [lenny] - tomcat6 <not-affected> (Only ships the servlet package) -CVE-2010-4171 (The staprun runtime tool in SystemTap 1.3 does not verify that a ...) +CVE-2010-4171 {DSA-2348-1} - systemtap 1.2-3 (bug #603946) -CVE-2010-4170 (The staprun runtime tool in SystemTap 1.3 does not properly clear the ...) +CVE-2010-4170 {DSA-2348-1} - systemtap 1.2-3 (bug #603946) -CVE-2010-4169 (Use-after-free vulnerability in mm/mprotect.c in the Linux kernel ...) +CVE-2010-4169 - linux-2.6 2.6.32-29 [lenny] - linux-2.6 <not-affected> (perf counters not yet present) -CVE-2010-4168 (Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 ...) +CVE-2010-4168 - openttd 1.0.4-3 (bug #603752) [lenny] - openttd <not-affected> (Introduced in 1.0) -CVE-2010-4167 (Untrusted search path vulnerability in configure.c in ImageMagick ...) +CVE-2010-4167 - imagemagick 8:6.6.0.4-3 (low; bug #601824) [lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4 -CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...) +CVE-2010-4166 NOT-FOR-US: Joomla! -CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel ...) +CVE-2010-4165 - linux-2.6 2.6.32-28 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28) -CVE-2010-4164 (Multiple integer underflows in the x25_parse_facilities function in ...) +CVE-2010-4164 {DSA-2126-1} - linux-2.6 2.6.32-28 -CVE-2010-4163 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux ...) +CVE-2010-4163 {DSA-2153-1} - linux-2.6 2.6.32-29 -CVE-2010-4162 (Multiple integer overflows in fs/bio.c in the Linux kernel before ...) +CVE-2010-4162 {DSA-2153-1} - linux-2.6 2.6.32-29 -CVE-2010-4161 (The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat ...) +CVE-2010-4161 - linux-2.6 2.6.28-1 [lenny] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 ...) +CVE-2010-4159 - mono 2.6.7-4 (bug #605097) [lenny] - mono <no-dsa> (Minor issue) -CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...) +CVE-2010-4156 - php5 5.3.3-4 (bug #603751) [lenny] - php5 <not-affected> (Only affects 5.3.x) -CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 ...) +CVE-2010-4155 NOT-FOR-US: eXV2 CMS -CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager ...) +CVE-2010-4154 NOT-FOR-US: Rhino Software, Inc. FTP Voyager -CVE-2010-4153 (Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably ...) +CVE-2010-4153 NOT-FOR-US: CrossFTP -CVE-2010-4152 (SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, ...) +CVE-2010-4152 NOT-FOR-US: 4site CMS -CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly ...) +CVE-2010-4151 NOT-FOR-US: DeluxeBB -CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP ...) +CVE-2010-4150 {DSA-2195-1} - php5 5.3.3-7 -CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google ...) +CVE-2010-4203 - libvpx 0.9.1-2 (bug #602693) -CVE-2010-4160 (Multiple integer overflows in the (1) pppol2tp_sendmsg function in ...) +CVE-2010-4160 {DSA-2126-1} - linux-2.6 2.6.32-27 (low) -CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux kernel ...) +CVE-2010-4158 {DSA-2153-1} - linux-2.6 2.6.32-29 (low) -CVE-2010-4157 (Integer overflow in the ioc_general function in drivers/scsi/gdth.c in ...) +CVE-2010-4157 {DSA-2126-1} - linux-2.6 2.6.32-28 (low) -CVE-2010-4149 (Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, ...) +CVE-2010-4149 NOT-FOR-US: FreshWebMaster Fresh FTP -CVE-2010-4148 (Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly ...) +CVE-2010-4148 NOT-FOR-US: AnyConnect -CVE-2010-4147 (Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping ...) +CVE-2010-4147 NOT-FOR-US: Pentasoft Avactis Shopping Cart -CVE-2010-4146 (Cross-site scripting (XSS) vulnerability in Attachmate Reflection for ...) +CVE-2010-4146 NOT-FOR-US: Attachmate Reflection -CVE-2010-4145 (Kisisel Radyo Script stores sensitive information under the web root ...) +CVE-2010-4145 NOT-FOR-US: Kisisel Radyo Script -CVE-2010-4144 (SQL injection vulnerability in radyo.asp in Kisisel Radyo Script ...) +CVE-2010-4144 NOT-FOR-US: Kisisel Radyo Script -CVE-2010-4143 (SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when ...) +CVE-2010-4143 NOT-FOR-US: phpCheckZ -CVE-2010-4142 (Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build ...) +CVE-2010-4142 NOT-FOR-US: DATAC RealWin CVE-2010-4141 REJECTED @@ -2944,11 +2944,11 @@ CVE-2010-4123 REJECTED CVE-2010-4122 REJECTED -CVE-2010-4121 (** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning ...) +CVE-2010-4121 NOT-FOR-US: IBM Tivoli CVE-2010-XXXX - weborf 0.12.4-1 (bug #601585) -CVE-2010-4120 (Multiple cross-site scripting (XSS) vulnerabilities in the TAM console ...) +CVE-2010-4120 NOT-FOR-US: IBM Tivoli CVE-2010-4119 REJECTED @@ -2956,122 +2956,122 @@ CVE-2010-4118 REJECTED CVE-2010-4117 REJECTED -CVE-2010-4116 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x ...) +CVE-2010-4116 NOT-FOR-US: HP StorageWorks Storage Mirroring -CVE-2010-4115 (HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, ...) +CVE-2010-4115 NOT-FOR-US: HP StorageWorks -CVE-2010-4114 (Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency ...) +CVE-2010-4114 NOT-FOR-US: HP DDMI -CVE-2010-4113 (Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 ...) +CVE-2010-4113 NOT-FOR-US: HP HPPM -CVE-2010-4112 (HP Insight Management Agents before 8.6 allows remote attackers to ...) +CVE-2010-4112 NOT-FOR-US: HP Insight Management Agents -CVE-2010-4111 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics ...) +CVE-2010-4111 NOT-FOR-US: HP Insight Diagnostics -CVE-2010-4110 (Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the ...) +CVE-2010-4110 NOT-FOR-US: HP OpenVMS -CVE-2010-4109 (Cross-site scripting (XSS) vulnerability in the Contacts Application ...) +CVE-2010-4109 NOT-FOR-US: HP Palm webOS -CVE-2010-4108 (HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support ...) +CVE-2010-4108 NOT-FOR-US: HP-UX -CVE-2010-4107 (The default configuration of the PJL Access value in the File System ...) +CVE-2010-4107 NOT-FOR-US: HP LaserJet -CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) +CVE-2010-4106 NOT-FOR-US: HP Insight Orchestration -CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2 ...) +CVE-2010-4105 NOT-FOR-US: HP Insight Orchestration -CVE-2010-4104 (Unspecified vulnerability in HP Insight Orchestration before 6.2 ...) +CVE-2010-4104 NOT-FOR-US: HP Insight Orchestration -CVE-2010-4103 (Unspecified vulnerability in HP Insight Managed System Setup Wizard ...) +CVE-2010-4103 NOT-FOR-US: HP Insight Managed System Setup Wizard -CVE-2010-4102 (Unspecified vulnerability in HP Insight Recovery before 6.2 allows ...) +CVE-2010-4102 NOT-FOR-US: HP Insight Recovery -CVE-2010-4101 (Cross-site scripting (XSS) vulnerability in HP Insight Recovery before ...) +CVE-2010-4101 NOT-FOR-US: HP Insight Recovery -CVE-2010-4100 (Unspecified vulnerability in HP Insight Control Performance Management ...) +CVE-2010-4100 NOT-FOR-US: HP Insight Control Performance Management -CVE-2010-4099 (ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is ...) +CVE-2010-4099 NOT-FOR-US: NitroSecurity NitroView -CVE-2010-4098 (monotone before 0.48.1, when configured to allow remote commands, ...) +CVE-2010-4098 - monotone 0.48-3 [lenny] - monotone <not-affected> (Vulnerable feature introduced in 0.46) -CVE-2010-4097 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2010-4097 NOT-FOR-US: Aardvark Topsites PHP -CVE-2010-4095 (Directory traversal vulnerability in the FTP client in Serengeti ...) +CVE-2010-4095 NOT-FOR-US: Serengeti Systems Incorporated Robo-FTP 3.7.3 -CVE-2010-4094 (The Tomcat server in IBM Rational Quality Manager and Rational Test ...) +CVE-2010-4094 NOT-FOR-US: IBM Rational Quality Manager -CVE-2010-4093 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...) +CVE-2010-4093 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility component ...) +CVE-2010-4092 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4091 (The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, ...) +CVE-2010-4091 NOT-FOR-US: Adobe Acrobat Reader -CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to execute ...) +CVE-2010-4090 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...) +CVE-2010-4089 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...) +CVE-2010-4088 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...) +CVE-2010-4087 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...) +CVE-2010-4086 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4085 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...) +CVE-2010-4085 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4084 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...) +CVE-2010-4084 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-4083 (The copy_semid_to_user function in ipc/sem.c in the Linux kernel ...) +CVE-2010-4083 {DSA-2126-1} - linux-2.6 2.6.32-29 (low) -CVE-2010-4082 (The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c ...) +CVE-2010-4082 - linux-2.6 2.6.32-24 (low) [lenny] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2010-4081 (The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the ...) +CVE-2010-4081 {DSA-2126-1} - linux-2.6 2.6.32-27 (low) -CVE-2010-4080 (The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the ...) +CVE-2010-4080 {DSA-2126-1} - linux-2.6 2.6.32-27 (low) -CVE-2010-4079 (The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the ...) +CVE-2010-4079 {DSA-2126-1} - linux-2.6 2.6.32-29 (low) -CVE-2010-4078 (The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux ...) +CVE-2010-4078 {DSA-2126-1} - linux-2.6 2.6.32-24 (low) -CVE-2010-4077 (The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the ...) +CVE-2010-4077 - linux-2.6 2.6.37-1 (low) [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 -CVE-2010-4076 (The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel ...) +CVE-2010-4076 - linux-2.6 2.6.37-1 (low) [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 -CVE-2010-4075 (The uart_get_count function in drivers/serial/serial_core.c in the ...) +CVE-2010-4075 {DSA-2264-1} - linux-2.6 2.6.37-1 (low) [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 -CVE-2010-4074 (The USB subsystem in the Linux kernel before 2.6.36-rc5 does not ...) +CVE-2010-4074 {DSA-2126-1} - linux-2.6 2.6.32-24 (low) -CVE-2010-4073 (The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not ...) +CVE-2010-4073 {DSA-2126-1} - linux-2.6 2.6.32-29 (low) -CVE-2010-4072 (The copy_shmid_to_user function in ipc/shm.c in the Linux kernel ...) +CVE-2010-4072 {DSA-2126-1} - linux-2.6 2.6.32-29 (low) -CVE-2010-4071 (Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS ...) +CVE-2010-4071 - otrs2 2.4.9+dfsg1-1 [lenny] - otrs2 <not-affected> (Only affects OTRS 2.4) -CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper ...) +CVE-2010-4070 NOT-FOR-US: portmap.exe -CVE-2010-4069 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x ...) +CVE-2010-4069 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2010-4068 (Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x ...) +CVE-2010-4068 {DSA-2121-1} - typo3-src 4.3.7-1 -CVE-2010-4096 (share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local ...) +CVE-2010-4096 - monkeysphere 0.31-3 (bug #600304) NOTE: micah requested this CVE from mitre, issue has been fixed in debian already CVE-2010-4067 @@ -3094,24 +3094,24 @@ CVE-2010-4059 RESERVED CVE-2010-4058 RESERVED -CVE-2010-4057 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...) +CVE-2010-4057 NOT-FOR-US: IBM solidDB -CVE-2010-4056 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...) +CVE-2010-4056 NOT-FOR-US: IBM solidDB -CVE-2010-4055 (Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 ...) +CVE-2010-4055 NOT-FOR-US: IBM solidDB -CVE-2010-4054 (The gs_type2_interpret function in Ghostscript allows remote attackers ...) +CVE-2010-4054 - ghostscript 8.71~dfsg-1 (unimportant) NOTE: Crash-only -CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function in ...) +CVE-2010-4053 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2010-4052 (Stack consumption vulnerability in the regcomp implementation in the ...) +CVE-2010-4052 - glibc <removed> (unimportant) - eglibc <unfixed> (unimportant) NOTE: Deficiency in the regexp engine of glibc, while there implementations which NOTE: process such expressions more efficiently, imposing a limit lies within NOTE: the application accepting it from user input -CVE-2010-4051 (The regcomp implementation in the GNU C Library (aka glibc or libc6) ...) +CVE-2010-4051 - glibc <removed> (unimportant) - eglibc <unfixed> (unimportant) NOTE: Deficiency in the regexp engine of glibc, while there implementations which @@ -3122,91 +3122,91 @@ CVE-2010-XXXX [XSS vulnerability discovered -plugin-globalsearch] CVE-2010-XXXX [insecure usage of temporary files in flash-kernel] - flash-kernel 2.33 (low) [lenny] - flash-kernel <no-dsa> (Minor issue) -CVE-2010-4050 (Opera before 10.63 allows remote attackers to cause a denial of ...) +CVE-2010-4050 NOT-FOR-US: Opera -CVE-2010-4049 (Opera before 10.63 allows remote attackers to cause a denial of ...) +CVE-2010-4049 NOT-FOR-US: Opera -CVE-2010-4048 (Opera before 10.63 allows user-assisted remote web servers to cause a ...) +CVE-2010-4048 NOT-FOR-US: Opera -CVE-2010-4047 (Opera before 10.63 does not properly select the security context of ...) +CVE-2010-4047 NOT-FOR-US: Opera -CVE-2010-4046 (Opera before 10.63 does not properly verify the origin of video ...) +CVE-2010-4046 NOT-FOR-US: Opera -CVE-2010-4045 (Opera before 10.63 does not properly restrict web script in ...) +CVE-2010-4045 NOT-FOR-US: Opera -CVE-2010-4044 (Opera before 10.63 does not ensure that the portion of a URL shown in ...) +CVE-2010-4044 NOT-FOR-US: Opera -CVE-2010-4043 (Opera before 10.63 does not prevent interpretation of a cross-origin ...) +CVE-2010-4043 NOT-FOR-US: Opera -CVE-2010-4042 (Google Chrome before 7.0.517.41 does not properly handle element maps, ...) +CVE-2010-4042 - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-1 NOTE: http://trac.webkit.org/changeset/68096 -CVE-2010-4041 (The sandbox implementation in Google Chrome before 7.0.517.41 on Linux ...) +CVE-2010-4041 - webkit <not-affected> (issue with chromium sandbox) - chromium-browser 6.0.472.63~r59945-1 -CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle animated GIF ...) +CVE-2010-4040 {DSA-2188-1} - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-1 NOTE: http://trac.webkit.org/changeset/68446 -CVE-2010-4039 (Google Chrome before 7.0.517.41 on Linux does not properly set the ...) +CVE-2010-4039 - webkit <not-affected> (chromium-specifc LD_LIBRARY_PATH issue) - chromium-browser <not-affected> (package uses its own startup script) -CVE-2010-4038 (The Web Sockets implementation in Google Chrome before 7.0.517.41 does ...) +CVE-2010-4038 - webkit <not-affected> (issue in chromium code base) - chromium-browser 9.0.570 [squeeze] - chromium-browser <not-affected> (websocket_experiment not enabled in v6) [wheezy] - chromium-browser <not-affected> -CVE-2010-4037 (Unspecified vulnerability in Google Chrome before 7.0.517.41 allows ...) +CVE-2010-4037 - webkit <not-affected> (affected gesture code not present in 1.2.x) - chromium-browser <unfixed> (unimportant) NOTE: http://trac.webkit.org/changeset/67716 -CVE-2010-4036 (Google Chrome before 7.0.517.41 does not properly handle the unloading ...) +CVE-2010-4036 - webkit <not-affected> (chromium-specifc issue) - chromium-browser 6.0.472.63~r59945-1 -CVE-2010-4035 (Google Chrome before 7.0.517.41 does not properly perform autofill ...) +CVE-2010-4035 - webkit <not-affected> (issue in chromium code base) - chromium-browser 6.0.472.63~r59945-1 -CVE-2010-4034 (Google Chrome before 7.0.517.41 does not properly handle forms, which ...) +CVE-2010-4034 - webkit <not-affected> (issue in chromium code base) - chromium-browser 6.0.472.63~r59945-1 -CVE-2010-4033 (Google Chrome before 7.0.517.41 does not properly implement the ...) +CVE-2010-4033 - webkit <not-affected> (issue in gestures, which resides in the webkit codebase, but is only used by chromium right now) - chromium-browser 6.0.472.63~r59945-1 NOTE: http://trac.webkit.org/changeset/63786 NOTE: http://trac.webkit.org/changeset/67240 -CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) +CVE-2010-4032 NOT-FOR-US: HP Insight Control Performance Management -CVE-2010-4031 (Unspecified vulnerability in HP Insight Control Performance Management ...) +CVE-2010-4031 NOT-FOR-US: HP Insight Control Performance Management -CVE-2010-4030 (Cross-site scripting (XSS) vulnerability in HP Insight Control ...) +CVE-2010-4030 NOT-FOR-US: HP Insight Control Performance Management -CVE-2010-4029 (Unspecified vulnerability in HP Storage Essentials before 6.3.0, when ...) +CVE-2010-4029 NOT-FOR-US: HP Storage Essentials -CVE-2010-4028 (Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP ...) +CVE-2010-4028 NOT-FOR-US: HP LoadRunner -CVE-2010-4027 (Unspecified vulnerability in the camera application in HP Palm webOS ...) +CVE-2010-4027 NOT-FOR-US: HP Palm webOS -CVE-2010-4026 (Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 ...) +CVE-2010-4026 NOT-FOR-US: HP Palm webOS -CVE-2010-4025 (Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows ...) +CVE-2010-4025 NOT-FOR-US: HP Palm webOS -CVE-2010-4024 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) +CVE-2010-4024 NOT-FOR-US: HP Insight Control Power Management -CVE-2010-4023 (Cross-site scripting (XSS) vulnerability in HP Insight Control Power ...) +CVE-2010-4023 NOT-FOR-US: HP Insight Control Power Management -CVE-2010-4022 (The do_standalone function in the MIT krb5 KDC database propagation ...) +CVE-2010-4022 - krb5 1.8.3+dfsg-5 (low) [squeeze] - krb5 1.8.3+dfsg-4squeeze1 [lenny] - krb5 <not-affected> (Only affects 1.7.x onwards) [etch] - krb5 <not-affected> (Only affects 1.7.x onwards) -CVE-2010-4021 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 ...) +CVE-2010-4021 - krb5 1.8+dfsg~alpha1-1 [lenny] - krb5 <not-affected> (Only affects 1.7.x) -CVE-2010-4020 (MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 ...) +CVE-2010-4020 - krb5 1.8.3+dfsg-3 (bug #605553) [lenny] - krb5 <not-affected> (Only affects krb5 >= 1.8) CVE-2010-4019 @@ -3217,31 +3217,31 @@ CVE-2010-4017 RESERVED CVE-2010-4016 RESERVED -CVE-2010-4015 (Buffer overflow in the gettoken function in ...) +CVE-2010-4015 {DSA-2157-1} - postgresql-9.0 9.0.3-1 - postgresql-8.4 8.4.7-1 - postgresql-8.3 <removed> CVE-2010-4014 RESERVED -CVE-2010-4013 (Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x ...) +CVE-2010-4013 NOT-FOR-US: This is not the PackageKit distributed by Debian, but a different code base -CVE-2010-4012 (Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later ...) +CVE-2010-4012 NOT-FOR-US: Apple iOS -CVE-2010-4011 (Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage ...) +CVE-2010-4011 - dovecot <not-affected> (HT4452 claims it is Apple-specific and doesn't affect the OSS version) -CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS ...) +CVE-2010-4010 NOT-FOR-US: Apple Type Services -CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote ...) +CVE-2010-4009 NOT-FOR-US: Apple QuickTime -CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, ...) +CVE-2010-4008 {DSA-2128-1} - libxml2 2.7.8.dfsg-1 (bug #602609) -CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...) +CVE-2010-4007 - mojarra <not-affected> (Fixed before initial upload, in 2.0.1) -CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links ...) +CVE-2010-4006 NOT-FOR-US: WSN Links -CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and ...) +CVE-2010-4005 - tomboy 1.2.2-2 (low; bug #605096) [lenny] - tomboy <no-dsa> (Minor issue) CVE-2010-4004 @@ -3250,364 +3250,364 @@ CVE-2010-4003 RESERVED CVE-2010-4002 RESERVED -CVE-2010-4001 (** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a ...) +CVE-2010-4001 NOTE: Not a security issue -CVE-2010-4000 (gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name ...) +CVE-2010-4000 - gnome-shell 2.91.3-1 (bug #605098) [lenny] - gnome-shell <no-dsa> (Minor issue) -CVE-2010-3999 (gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length ...) +CVE-2010-3999 - gnucash 2.2.9-10 (low; bug #603329) [lenny] - gnucash <no-dsa> (Minor issue) -CVE-2010-3998 (The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and ...) +CVE-2010-3998 - banshee 1.6.1-1.1 (bug #605095) [lenny] - banshee <no-dsa> (Minor issue) CVE-2010-3997 RESERVED -CVE-2010-3996 (festival_server in Centre for Speech Technology Research (CSTR) ...) +CVE-2010-3996 - festival <not-affected> (From Lenny onwards we don't include the server component) CVE-2010-3995 RESERVED -CVE-2010-3994 (Cross-site scripting (XSS) vulnerability in HP Version Control ...) +CVE-2010-3994 NOT-FOR-US: HP VCRM -CVE-2010-3993 (Unspecified vulnerability in HP Insight Control Server Migration ...) +CVE-2010-3993 NOT-FOR-US: HP Insight -CVE-2010-3992 (Unspecified vulnerability in HP Insight Control Server Migration ...) +CVE-2010-3992 NOT-FOR-US: HP Insight -CVE-2010-3991 (Cross-site scripting (XSS) vulnerability in HP Insight Control Server ...) +CVE-2010-3991 NOT-FOR-US: HP Insight -CVE-2010-3990 (Unspecified vulnerability in HP Virtual Server Environment before 6.2 ...) +CVE-2010-3990 NOT-FOR-US: HP Virtual Server Environment -CVE-2010-3989 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) +CVE-2010-3989 NOT-FOR-US: HP Insight -CVE-2010-3988 (Unspecified vulnerability in HP Insight Control Virtual Machine ...) +CVE-2010-3988 NOT-FOR-US: HP Insight -CVE-2010-3987 (Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual ...) +CVE-2010-3987 NOT-FOR-US: HP Insight -CVE-2010-3986 (Unspecified vulnerability in HP Virtual Connect Enterprise Manager ...) +CVE-2010-3986 NOT-FOR-US: HP VCEM -CVE-2010-3985 (Cross-site scripting (XSS) vulnerability in HP Operations ...) +CVE-2010-3985 NOT-FOR-US: HP Operations Orchestration -CVE-2010-3984 (Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 ...) +CVE-2010-3984 NOT-FOR-US: CA XOsoft -CVE-2010-3983 (CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote ...) +CVE-2010-3983 NOT-FOR-US: SAP BusinessObjects Enterprise -CVE-2010-3982 (SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to ...) +CVE-2010-3982 NOT-FOR-US: SAP BusinessObjects Enterprise -CVE-2010-3981 (Cross-site scripting (XSS) vulnerability in SAP BusinessObjects ...) +CVE-2010-3981 NOT-FOR-US: SAP BusinessObjects Enterprise -CVE-2010-3980 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the ...) +CVE-2010-3980 NOT-FOR-US: SAP BusinessObjects Enterprise -CVE-2010-3979 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different ...) +CVE-2010-3979 NOT-FOR-US: SAP BusinessObjects Enterprise -CVE-2010-3978 (Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data ...) +CVE-2010-3978 NOT-FOR-US: Spree -CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-3977 NOT-FOR-US: cForm wordpress plugin -CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before ...) +CVE-2010-3976 NOT-FOR-US: Adobe Flash Player -CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9 allows ...) +CVE-2010-3975 NOT-FOR-US: Adobe Flash Player -CVE-2010-3974 (fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 ...) +CVE-2010-3974 NOT-FOR-US: Microsoft Windows -CVE-2010-3973 (The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in ...) +CVE-2010-3973 NOT-FOR-US: Microsoft -CVE-2010-3972 (Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData ...) +CVE-2010-3972 NOT-FOR-US: Microsoft Internet Information Services -CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify function ...) +CVE-2010-3971 NOT-FOR-US: Microsoft Internet Explorer 7 and 8 -CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in ...) +CVE-2010-3970 NOT-FOR-US: Microsoft Windows CVE-2010-3969 REJECTED CVE-2010-3968 REJECTED -CVE-2010-3967 (Untrusted search path vulnerability in Microsoft Windows Movie Maker ...) +CVE-2010-3967 NOT-FOR-US: Microsoft Windows -CVE-2010-3966 (Untrusted search path vulnerability in Microsoft Windows Server 2008 ...) +CVE-2010-3966 NOT-FOR-US: Microsoft Windows -CVE-2010-3965 (Untrusted search path vulnerability in Windows Media Encoder 9 on ...) +CVE-2010-3965 NOT-FOR-US: Microsoft Windows -CVE-2010-3964 (Unrestricted file upload vulnerability in the Document Conversions ...) +CVE-2010-3964 NOT-FOR-US: Microsoft Office SharePoint Server -CVE-2010-3963 (Buffer overflow in the Routing and Remote Access NDProxy component in ...) +CVE-2010-3963 NOT-FOR-US: Microsoft Windows -CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and ...) +CVE-2010-3962 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3961 (The Consent User Interface (UI) in Microsoft Windows Vista SP1 and ...) +CVE-2010-3961 NOT-FOR-US: Microsoft Windows -CVE-2010-3960 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows ...) +CVE-2010-3960 NOT-FOR-US: Microsoft Windows -CVE-2010-3959 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, ...) +CVE-2010-3959 NOT-FOR-US: Microsoft Windows -CVE-2010-3958 (The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, ...) +CVE-2010-3958 NOT-FOR-US: Microsoft .NET Framework -CVE-2010-3957 (Double free vulnerability in the OpenType Font (OTF) driver in ...) +CVE-2010-3957 NOT-FOR-US: Microsoft Windows -CVE-2010-3956 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, ...) +CVE-2010-3956 NOT-FOR-US: Microsoft Windows -CVE-2010-3955 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher ...) +CVE-2010-3955 NOT-FOR-US: Microsoft Publisher -CVE-2010-3954 (Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote ...) +CVE-2010-3954 NOT-FOR-US: Microsoft Publisher CVE-2010-3953 REJECTED -CVE-2010-3952 (The FlashPix image converter in the graphics filters in Microsoft ...) +CVE-2010-3952 NOT-FOR-US: Microsoft Office -CVE-2010-3951 (Buffer overflow in the FlashPix image converter in the graphics ...) +CVE-2010-3951 NOT-FOR-US: Microsoft Office -CVE-2010-3950 (The TIFF image converter in the graphics filters in Microsoft Office ...) +CVE-2010-3950 NOT-FOR-US: Microsoft Office -CVE-2010-3949 (Buffer overflow in the TIFF image converter in the graphics filters in ...) +CVE-2010-3949 NOT-FOR-US: Microsoft Office CVE-2010-3948 REJECTED -CVE-2010-3947 (Heap-based buffer overflow in the TIFF image converter in the graphics ...) +CVE-2010-3947 NOT-FOR-US: Microsoft Office -CVE-2010-3946 (Integer overflow in the PICT image converter in the graphics filters ...) +CVE-2010-3946 NOT-FOR-US: Microsoft Office -CVE-2010-3945 (Buffer overflow in the CGM image converter in the graphics filters in ...) +CVE-2010-3945 NOT-FOR-US: Microsoft Office -CVE-2010-3944 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 ...) +CVE-2010-3944 NOT-FOR-US: Microsoft Windows -CVE-2010-3943 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) +CVE-2010-3943 NOT-FOR-US: Microsoft Windows -CVE-2010-3942 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) +CVE-2010-3942 NOT-FOR-US: Microsoft Windows -CVE-2010-3941 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...) +CVE-2010-3941 NOT-FOR-US: Microsoft Windows -CVE-2010-3940 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...) +CVE-2010-3940 NOT-FOR-US: Microsoft Windows -CVE-2010-3939 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) +CVE-2010-3939 NOT-FOR-US: Microsoft Windows CVE-2010-3938 REJECTED -CVE-2010-3937 (Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote ...) +CVE-2010-3937 NOT-FOR-US: Microsoft Exchange Server -CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft ...) +CVE-2010-3936 NOT-FOR-US: Forefront Unified Access Gateway CVE-2010-3935 REJECTED -CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Software ...) +CVE-2010-3934 NOT-FOR-US: BlackBerry Device Software -CVE-2010-3933 (Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested ...) +CVE-2010-3933 - rails <not-affected> (Only affects >= 2.3.9, which is not yet in the archive) CVE-2010-3932 REJECTED -CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion ...) +CVE-2010-3931 NOT-FOR-US: Rocomotion -CVE-2010-3930 (Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier ...) +CVE-2010-3930 NOT-FOR-US: MODx -CVE-2010-3929 (SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows ...) +CVE-2010-3929 NOT-FOR-US: MODx -CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to a ...) +CVE-2010-3928 NOT-FOR-US: Ruby Version Manager -CVE-2010-3927 (Untrusted search path vulnerability in Lunascape before 6.4.0 allows ...) +CVE-2010-3927 NOT-FOR-US: Lunascape -CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in ...) +CVE-2010-3926 NOT-FOR-US: SGX-SP Final -CVE-2010-3925 (Contents-Mall before 15 does not properly handle passwords, which ...) +CVE-2010-3925 NOT-FOR-US: Contents-Mall -CVE-2010-3924 (SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows ...) +CVE-2010-3924 NOT-FOR-US: Aimluck Aipo -CVE-2010-3923 (Untrusted search path vulnerability in AttacheCase before 2.70 allows ...) +CVE-2010-3923 NOT-FOR-US: AttacheCase -CVE-2010-3922 (SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x ...) +CVE-2010-3922 - movabletype-opensource 4.3.5+dfsg-1 (bug #606311) [lenny] - movabletype-opensource 4.2.3-1+lenny2 (bug #606311) -CVE-2010-3921 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x before ...) +CVE-2010-3921 - movabletype-opensource 4.3.5+dfsg-1 (bug #606311) [lenny] - movabletype-opensource 4.2.3-1+lenny2 (bug #606311) -CVE-2010-3920 (The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 ...) +CVE-2010-3920 NOT-FOR-US: Seiko Epson printer driver -CVE-2010-3919 (Fenrir Grani 4.5 and earlier does not prevent interaction between web ...) +CVE-2010-3919 NOT-FOR-US: Fenrir Grani -CVE-2010-3918 (Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between ...) +CVE-2010-3918 NOT-FOR-US: Fenrir Sleipnir CVE-2010-3917 RESERVED -CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...) +CVE-2010-3916 NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government -CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...) +CVE-2010-3915 NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government -CVE-2010-3914 (Untrusted search path vulnerability in VIM Development Group GVim ...) +CVE-2010-3914 - vim <not-affected> (Windows-specific) -CVE-2010-3913 (CRLF injection vulnerability in TransWARE Active! mail 6 build ...) +CVE-2010-3913 NOT-FOR-US: TransWARE Active! mail -CVE-2010-3912 (The supportconfig script in supportutils in SUSE Linux Enterprise 11 ...) +CVE-2010-3912 NOT-FOR-US: SLES support scripts -CVE-2010-3911 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...) +CVE-2010-3911 NOT-FOR-US: vTiger CRM -CVE-2010-3910 (Multiple directory traversal vulnerabilities in the ...) +CVE-2010-3910 NOT-FOR-US: vTiger CRM -CVE-2010-3909 (Incomplete blacklist vulnerability in config.template.php in vtiger ...) +CVE-2010-3909 NOT-FOR-US: vtiger CRM -CVE-2010-3908 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows ...) +CVE-2010-3908 {DSA-2306-1} - libav 4:0.6-1 - ffmpeg 7:2.4.1-1 - ffmpeg-debian <end-of-life> -CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin in ...) +CVE-2010-3907 - vlc 1.1.3-1squeeze1 [lenny] - vlc <not-affected> (Vulnerable code not present) -CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier ...) +CVE-2010-3906 - git-core <removed> [lenny] - git-core 1.5.6.5-3+lenny3.3 - git 1:1.7.2.3-2.2 -CVE-2010-3905 (The password reset feature in the administrator interface for ...) +CVE-2010-3905 - eucalyptus <not-affected> (bug #608289) (It was once removed from archive, then re-added as 3.1.0) -CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable ...) +CVE-2010-3904 - linux-2.6 2.6.32-26 [lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.30) -CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows remote ...) +CVE-2010-3903 - openconnect 2.25-0.1 -CVE-2010-3902 (OpenConnect before 2.26 places the webvpn cookie value in the ...) +CVE-2010-3902 - openconnect 3.02-1 (unimportant) NOTE: This is an additional safety net for careless users, not a vulnerability -CVE-2010-3901 (OpenConnect before 2.25 does not properly validate X.509 certificates, ...) +CVE-2010-3901 - openconnect 2.25-0.1 (bug #590873) -CVE-2010-3900 (Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before ...) +CVE-2010-3900 - midori 0.2.7-1.1 (unimportant; bug #607497) NOTE: Current Midori SSL support is very limited NOTE: Midori should not be used if SSL support is important to you -CVE-2010-3899 (IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with ...) +CVE-2010-3899 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-3898 (IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict ...) +CVE-2010-3898 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-3897 (ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x ...) +CVE-2010-3897 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-3896 (The ESSearchApplication directory tree in IBM OmniFind Enterprise ...) +CVE-2010-3896 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-3895 (esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows ...) +CVE-2010-3895 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-3894 (Stack-based buffer overflow in the ...) +CVE-2010-3894 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-3893 (The administrator interface in IBM OmniFind Enterprise Edition 8.x and ...) +CVE-2010-3893 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-3892 (Session fixation vulnerability in the login form in the administrator ...) +CVE-2010-3892 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-3891 (Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do ...) +CVE-2010-3891 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-3890 (Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise ...) +CVE-2010-3890 NOT-FOR-US: IBM OmniFind Enterprise Edition -CVE-2010-3889 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms ...) +CVE-2010-3889 NOT-FOR-US: Microsoft Windows -CVE-2010-3888 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms ...) +CVE-2010-3888 NOT-FOR-US: Microsoft Windows -CVE-2010-3887 (The Limit Mail feature in the Parental Controls functionality in Mail ...) +CVE-2010-3887 NOT-FOR-US: Apple Mail -CVE-2010-3886 (The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft ...) +CVE-2010-3886 NOT-FOR-US: Microsoft Windows CVE-2010-3885 REJECTED -CVE-2010-3884 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simple ...) +CVE-2010-3884 NOT-FOR-US: CMS Made Simple -CVE-2010-3883 (Cross-site request forgery (CSRF) vulnerability in the Change Group ...) +CVE-2010-3883 NOT-FOR-US: CMS Made Simple -CVE-2010-3882 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...) +CVE-2010-3882 NOT-FOR-US: CMS Made Simple -CVE-2010-3881 (arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not ...) +CVE-2010-3881 - linux-2.6 2.6.32-29 (low) [lenny] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2010-3880 (net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not ...) +CVE-2010-3880 {DSA-2126-1} - linux-2.6 2.6.32-30 (low) -CVE-2010-3879 (FUSE, possibly 2.8.5 and earlier, allows local users to create mtab ...) +CVE-2010-3879 - fuse 2.8.5-1 (bug #602333) [squeeze] - fuse <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3879 -CVE-2010-3878 (Cross-site request forgery (CSRF) vulnerability in the JMX Console in ...) +CVE-2010-3878 - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) -CVE-2010-3877 (The get_name function in net/tipc/socket.c in the Linux kernel before ...) +CVE-2010-3877 {DSA-2126-1} - linux-2.6 2.6.32-30 (low) -CVE-2010-3876 (net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not ...) +CVE-2010-3876 {DSA-2126-1} - linux-2.6 2.6.32-30 (low) -CVE-2010-3875 (The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel ...) +CVE-2010-3875 {DSA-2264-1 DSA-2240-1 DSA-2126-1} - linux-2.6 2.6.32-30 (low) -CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in ...) +CVE-2010-3874 {DSA-2126-1} - linux-2.6 2.6.32-29 (low) -CVE-2010-3873 (The X.25 implementation in the Linux kernel before 2.6.36.2 does not ...) +CVE-2010-3873 {DSA-2126-1} - linux-2.6 2.6.32-28 (low) -CVE-2010-3872 (The fcgid_header_bucket_read function in fcgid_bucket.c in the ...) +CVE-2010-3872 {DSA-2140-1} - libapache2-mod-fcgid 1:2.3.6-1 (bug #605484) -CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-3871 - mahara <not-affected> (Vulnerable feature introduced in 1.3) -CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle ...) +CVE-2010-3870 {DSA-2195-1} - php5 5.3.3-4 (bug #603751) -CVE-2010-3869 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate ...) +CVE-2010-3869 NOT-FOR-US: Red Hat Certificate System -CVE-2010-3868 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate ...) +CVE-2010-3868 NOT-FOR-US: Red Hat Certificate System -CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc ...) +CVE-2010-3867 {DSA-2191-1} - proftpd-dfsg 1.3.3a-4 CVE-2010-3866 REJECTED -CVE-2010-3865 (Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in ...) +CVE-2010-3865 - linux-2.6 2.6.37-1 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30) -CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through ...) +CVE-2010-3864 {DSA-2125-1} - openssl 0.9.8o-3 -CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...) +CVE-2010-3863 - shiro <not-affected> (Fixed before the initial release in Debian) -CVE-2010-3862 (The ...) +CVE-2010-3862 - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) -CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux ...) +CVE-2010-3861 - linux-2.6 2.6.32-29 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27) -CVE-2010-3860 (IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before ...) +CVE-2010-3860 - openjdk-6 6b18-1.8.3-1 -CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in the ...) +CVE-2010-3859 {DSA-2126-1} - linux-2.6 2.6.32-27 -CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before ...) +CVE-2010-3858 {DSA-2126-1} - linux-2.6 2.6.32-27 CVE-2010-3857 [JBoss BRMS XSS via UUID parameter] RESERVED - jbossas4 <not-affected> (Vulnerable code not present) NOTE: JBoss 5 only; fixed in 5.1.0 -CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and ...) +CVE-2010-3856 {DSA-2122-2 DSA-2122-1} - glibc 2.11.2-8 - eglibc 2.11.2-8 (bug #600667) -CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in ...) +CVE-2010-3855 {DSA-2155-1} - freetype 2.4.2-2.1 (bug #602221) -CVE-2010-3854 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) +CVE-2010-3854 - couchdb 1.1.0-1 [squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts) -CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) ...) +CVE-2010-3853 - pam 1.1.3-1 (low; bug #608273) [squeeze] - pam <no-dsa> (Minor issue) [lenny] - pam <no-dsa> (Minor issue) -CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga ...) +CVE-2010-3852 NOT-FOR-US: Red Hat Conga -CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 ...) +CVE-2010-3851 NOT-FOR-US: libguestfs -CVE-2010-3850 (The ec_dev_ioctl function in net/econet/af_econet.c in the Linux ...) +CVE-2010-3850 {DSA-2126-1} - linux-2.6 2.6.32-28 -CVE-2010-3849 (The econet_sendmsg function in net/econet/af_econet.c in the Linux ...) +CVE-2010-3849 {DSA-2126-1} - linux-2.6 2.6.32-28 -CVE-2010-3848 (Stack-based buffer overflow in the econet_sendmsg function in ...) +CVE-2010-3848 {DSA-2126-1} - linux-2.6 2.6.32-28 -CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) ...) +CVE-2010-3847 {DSA-2122-2 DSA-2122-1} - eglibc 2.11.2-8 (bug #600667) - glibc 2.11.2-8 -CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS ...) +CVE-2010-3846 - cvs <not-affected> (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852 CVE-2010-3844 @@ -3618,171 +3618,171 @@ CVE-2010-3843 RESERVED - ettercap 1:0.7.4-1 (unimportant; bug #600130) NOTE: Very far-fetched attack vector -CVE-2010-3842 (Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, ...) +CVE-2010-3842 - curl <not-affected> (Doesn't affect POSIX systems) -CVE-2010-3841 (Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in ...) +CVE-2010-3841 NOT-FOR-US: TWiki -CVE-2010-3845 (libapache-authenhook-perl 2.00-04 stores usernames and passwords in ...) +CVE-2010-3845 - libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712) [lenny] - libapache-authenhook-perl 2.00-04+pristine-1+lenny1 CVE-2010-4237 RESERVED - mercurial 1.6.4-1 (low; bug #598841) [lenny] - mercurial <no-dsa> (Minor issue) -CVE-2010-3840 (The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL ...) +CVE-2010-3840 {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 <removed> -CVE-2010-3839 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote ...) +CVE-2010-3839 - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 <removed> [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present) -CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...) +CVE-2010-3838 {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 <removed> -CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...) +CVE-2010-3837 {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 <removed> -CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...) +CVE-2010-3836 {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 <removed> -CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote ...) +CVE-2010-3835 {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 <removed> -CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before ...) +CVE-2010-3834 {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 <removed> -CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does ...) +CVE-2010-3833 {DSA-2143-1} - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 <removed> -CVE-2010-3832 (Heap-based buffer overflow in the GSM mobility management ...) +CVE-2010-3832 NOT-FOR-US: Apple iOS Telophony -CVE-2010-3831 (Photos in Apple iOS before 4.2 enables support for HTTP Basic ...) +CVE-2010-3831 NOT-FOR-US: Apple iOS Photos -CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer during ...) +CVE-2010-3830 NOT-FOR-US: Apple iOS Networking -CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the ...) +CVE-2010-3829 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle ...) +CVE-2010-3828 NOT-FOR-US: Apple iOS iAd -CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before ...) +CVE-2010-3827 NOT-FOR-US: Apple iOS configuration installation utility -CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-3826 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3825 RESERVED -CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...) +CVE-2010-3824 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...) +CVE-2010-3823 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-3822 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-3821 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-3820 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-3819 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...) +CVE-2010-3818 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-3817 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...) +CVE-2010-3816 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3815 RESERVED -CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in ...) +CVE-2010-3814 {DSA-2155-1} - freetype 2.4.2-2.1 (bug #602221) -CVE-2010-3813 (The WebCore::HTMLLinkElement::process function in ...) +CVE-2010-3813 - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser <end-of-life> NOTE: fixed much earlier in chromium, but this was the version checked -CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp in ...) +CVE-2010-3812 - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser <end-of-life> NOTE: fixed much earlier in chromium, but this was the version checked NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257 -CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...) +CVE-2010-3811 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-3810 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-3809 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-3808 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2010-3807 RESERVED CVE-2010-3806 RESERVED -CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...) +CVE-2010-3805 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before 5.0.3 ...) +CVE-2010-3804 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...) +CVE-2010-3803 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote ...) +CVE-2010-3802 NOT-FOR-US: Apple QuickTime -CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute ...) +CVE-2010-3801 NOT-FOR-US: Apple QuickTime -CVE-2010-3800 (Apple QuickTime before 7.6.9 allows remote attackers to execute ...) +CVE-2010-3800 NOT-FOR-US: Apple QuickTime CVE-2010-3799 RESERVED -CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before ...) +CVE-2010-3798 - xar <removed> [lenny] - xar <no-dsa> (Minor issue) -CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...) +CVE-2010-3797 NOT-FOR-US: Apple Wiki Server -CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not ...) +CVE-2010-3796 NOT-FOR-US: Apple Safari RSS -CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...) +CVE-2010-3795 NOT-FOR-US: Apple QuickTime -CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...) +CVE-2010-3794 NOT-FOR-US: Apple QuickTime -CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...) +CVE-2010-3793 NOT-FOR-US: Apple QuickTime -CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before ...) +CVE-2010-3792 NOT-FOR-US: Apple QuickTime -CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 ...) +CVE-2010-3791 NOT-FOR-US: Apple QuickTime -CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...) +CVE-2010-3790 NOT-FOR-US: Apple QuickTime -CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...) +CVE-2010-3789 NOT-FOR-US: Apple QuickTime -CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...) +CVE-2010-3788 NOT-FOR-US: Apple QuickTime -CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x ...) +CVE-2010-3787 NOT-FOR-US: Apple QuickTime -CVE-2010-3786 (QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...) +CVE-2010-3786 NOT-FOR-US: Apple QuickLook -CVE-2010-3785 (Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x ...) +CVE-2010-3785 NOT-FOR-US: Apple QuickLook -CVE-2010-3784 (The PMPageFormatCreateWithDataRepresentation API in Printing in Apple ...) +CVE-2010-3784 NOT-FOR-US: Apple Printing -CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does ...) +CVE-2010-3783 NOT-FOR-US: Apple Password Server CVE-2010-3782 RESERVED -CVE-2010-3781 (The PL/php add-on 1.4 and earlier for PostgreSQL does not properly ...) +CVE-2010-3781 - postgresql-9.0 9.0.1-1 -CVE-2010-3780 (Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...) +CVE-2010-3780 - dovecot 1:1.2.15-1 (bug #599521) [lenny] - dovecot <not-affected> (Only affects 1.2.x) -CVE-2010-3779 (Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the ...) +CVE-2010-3779 - dovecot 1:1.2.15-1 (bug #599521) [lenny] - dovecot <not-affected> (Only affects 1.2.x) -CVE-2010-3778 (Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, ...) +CVE-2010-3778 {DSA-2132-1} - xulrunner <removed> (unimportant) - icedove 3.0.11-1 @@ -3792,9 +3792,9 @@ CVE-2010-3778 (Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, - iceape 2.0.11-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and ...) +CVE-2010-3777 - iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental) -CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2010-3776 {DSA-2132-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.16-1 @@ -3804,7 +3804,7 @@ CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in Moz - iceape 2.0.11-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3775 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...) +CVE-2010-3775 {DSA-2132-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.16-1 @@ -3812,7 +3812,7 @@ CVE-2010-3775 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMon - iceape 2.0.11-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3774 (The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h ...) +CVE-2010-3774 - xulrunner <removed> (unimportant) - iceweasel 3.5.16-1 [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) @@ -3820,7 +3820,7 @@ CVE-2010-3774 (The NS_SecurityCompareURIs function in netwerk/base/public/nsNetU [lenny] - iceape <not-affected> (Only a stub package) [lenny] - xulrunner <not-affected> (Doesn't affect 1.9.0) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3773 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...) +CVE-2010-3773 {DSA-2132-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.16-1 @@ -3828,7 +3828,7 @@ CVE-2010-3773 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMon - iceape 2.0.11-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3772 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...) +CVE-2010-3772 {DSA-2132-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.16-1 @@ -3836,7 +3836,7 @@ CVE-2010-3772 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMon - iceape 2.0.11-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3771 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...) +CVE-2010-3771 {DSA-2132-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.16-1 @@ -3844,7 +3844,7 @@ CVE-2010-3771 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMon - iceape 2.0.11-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3770 (Multiple cross-site scripting (XSS) vulnerabilities in the rendering ...) +CVE-2010-3770 {DSA-2132-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.16-1 @@ -3852,7 +3852,7 @@ CVE-2010-3770 (Multiple cross-site scripting (XSS) vulnerabilities in the render - iceape 2.0.11-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3769 (The line-breaking implementation in Mozilla Firefox before 3.5.16 and ...) +CVE-2010-3769 {DSA-2132-1} - xulrunner <removed> (unimportant) - icedove 3.0.11-1 @@ -3862,7 +3862,7 @@ CVE-2010-3769 (The line-breaking implementation in Mozilla Firefox before 3.5.16 [lenny] - iceape <not-affected> (Only a stub package) [lenny] - xulrunner <not-affected> (font-face support introduced in 1.9.1) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3768 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird ...) +CVE-2010-3768 - xulrunner <removed> (unimportant) [lenny] - xulrunner <not-affected> (Vulnerable code not present) - icedove 3.0.11-1 @@ -3871,7 +3871,7 @@ CVE-2010-3768 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbir - iceape 2.0.11-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3767 (Integer overflow in the NewIdArray function in Mozilla Firefox before ...) +CVE-2010-3767 {DSA-2132-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.16-1 @@ -3879,7 +3879,7 @@ CVE-2010-3767 (Integer overflow in the NewIdArray function in Mozilla Firefox be - iceape 2.0.11-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3766 (Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and ...) +CVE-2010-3766 - xulrunner <removed> (unimportant) [lenny] - xulrunner <not-affected> (Vulnerable code not present) - iceweasel 3.5.16-1 @@ -3887,7 +3887,7 @@ CVE-2010-3766 (Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and - iceape 2.0.11-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, ...) +CVE-2010-3765 {DSA-2124-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.15-1 @@ -3898,49 +3898,49 @@ CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, .. [lenny] - iceape <not-affected> (Only a stub package) [lenny] - xulrunner <not-affected> (bug in optimization added later) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, ...) +CVE-2010-3764 - bugzilla 3.6.3.0-1 (bug #602420; low) [squeeze] - bugzilla 3.6.2.0-4.2 -CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...) +CVE-2010-3763 - mantis 1.1.8+dfsg-9 (bug #601618) [lenny] - mantis 1.1.6+dfsg-2lenny4 -CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ...) +CVE-2010-3762 {DSA-2130-1} - bind9 1:9.7.2.dfsg.P2-1 (bug #599515) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html NOTE: ACL bypass claimed to only affect >=9.7.2: https://kb.isc.org/article/AA-00935/0/CVE-2010-3762%3A-failure-to-handle-bad-signatures-if-multiple-trust-anchors-configured.html NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in 9.6-ESV-R2. -CVE-2010-3761 (Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack ...) +CVE-2010-3761 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-3760 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ...) +CVE-2010-3760 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-3759 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ...) +CVE-2010-3759 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-3758 (Multiple stack-based buffer overflows in FastBackServer.exe in the ...) +CVE-2010-3758 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-3757 (Format string vulnerability in the _Eventlog function in ...) +CVE-2010-3757 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-3756 (The _CalcHashValueWithLength function in FastBackServer.exe in the ...) +CVE-2010-3756 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-3755 (The _DAS_ReadBlockReply function in FastBackServer.exe in the Server ...) +CVE-2010-3755 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-3754 (The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the ...) +CVE-2010-3754 NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2010-3753 (programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 ...) +CVE-2010-3753 - openswan 1:2.6.28+dfsg-2 [lenny] - openswan <not-affected> (Introduced in version 2.6.26) -CVE-2010-3752 (programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 ...) +CVE-2010-3752 - openswan 1:2.6.28+dfsg-2 [lenny] - openswan <not-affected> (Introduced in version 2.6.25) -CVE-2010-3751 (Multiple heap-based buffer overflows in an ActiveX control in ...) +CVE-2010-3751 NOT-FOR-US: RealNetworks RealPlayer -CVE-2010-3750 (rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer ...) +CVE-2010-3750 NOT-FOR-US: RealNetworks RealPlayer -CVE-2010-3749 (The browser-plugin implementation in RealNetworks RealPlayer 11.0 ...) +CVE-2010-3749 NOT-FOR-US: RealNetworks RealPlayer -CVE-2010-3748 (Stack-based buffer overflow in the RichFX component in RealNetworks ...) +CVE-2010-3748 NOT-FOR-US: RealNetworks RealPlayer -CVE-2010-3747 (An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, ...) +CVE-2010-3747 NOT-FOR-US: RealNetworks RealPlayer CVE-2010-3746 RESERVED @@ -3948,39 +3948,39 @@ CVE-2010-3745 RESERVED CVE-2010-3744 RESERVED -CVE-2010-3743 (Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 ...) +CVE-2010-3743 NOT-FOR-US: Visual Synapse HTTP Server -CVE-2010-3742 (Multiple PHP remote file inclusion vulnerabilities in ...) +CVE-2010-3742 NOT-FOR-US: Free Simple CMS 1.0 -CVE-2010-3741 (The offline backup mechanism in Research In Motion (RIM) BlackBerry ...) +CVE-2010-3741 NOT-FOR-US: BlackBerry Desktop Software -CVE-2010-3740 (The Net Search Extender (NSE) implementation in the Text Search ...) +CVE-2010-3740 NOT-FOR-US: IBM DB2 UDB 9.5 -CVE-2010-3739 (The audit facility in the Security component in IBM DB2 UDB 9.5 before ...) +CVE-2010-3739 NOT-FOR-US: IBM DB2 UDB 9.5 -CVE-2010-3738 (The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT ...) +CVE-2010-3738 NOT-FOR-US: IBM DB2 UDB 9.5 -CVE-2010-3737 (Memory leak in the Relational Data Services component in IBM DB2 UDB ...) +CVE-2010-3737 NOT-FOR-US: IBM DB2 UDB 9.5 -CVE-2010-3736 (Memory leak in the Relational Data Services component in IBM DB2 UDB ...) +CVE-2010-3736 NOT-FOR-US: IBM DB2 UDB 9.5 -CVE-2010-3735 (The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 ...) +CVE-2010-3735 NOT-FOR-US: IBM DB2 UDB 9.5 -CVE-2010-3734 (The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, ...) +CVE-2010-3734 NOT-FOR-US: IBM DB2 UDB 9.5 -CVE-2010-3733 (The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses ...) +CVE-2010-3733 NOT-FOR-US: IBM DB2 UDB 9.5 -CVE-2010-3732 (The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows ...) +CVE-2010-3732 NOT-FOR-US: IBM DB2 UDB 9.5 -CVE-2010-3731 (Stack-based buffer overflow in the validateUser implementation in the ...) +CVE-2010-3731 NOT-FOR-US: IBM DB2 UDB 9.5 -CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use information ...) +CVE-2010-3730 - webkit <not-affected> (issue in libv8) - chromium-browser 6.0.472.62~r59676-1 - libv8 <not-affected> NOTE: https://bugs.webkit.org/show_bug.cgi?id=45700 NOTE: http://trac.webkit.org/changeset/67509 -CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before 6.0.472.62 ...) +CVE-2010-3729 - webkit <not-affected> (chromium specific) - chromium-browser 6.0.472.62~r59676-1 CVE-2010-3728 @@ -4001,57 +4001,57 @@ CVE-2010-3721 REJECTED CVE-2010-3720 REJECTED -CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the ...) +CVE-2010-3719 NOT-FOR-US: Symantec IM Manager -CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running ...) +CVE-2010-3718 {DSA-2160-1} - tomcat5.5 <removed> (low) [lenny] - tomcat5.5 <no-dsa> (Minor issue) - tomcat6 6.0.28-10 (bug #612257) [lenny] - tomcat6 <not-affected> (Only ships the servlet package) -CVE-2010-3717 (The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x ...) +CVE-2010-3717 {DSA-2121-1} - typo3-src 4.3.7-1 -CVE-2010-3716 (The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x ...) +CVE-2010-3716 {DSA-2121-1} - typo3-src 4.3.7-1 -CVE-2010-3715 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x ...) +CVE-2010-3715 {DSA-2121-1} - typo3-src 4.3.7-1 -CVE-2010-3714 (The jumpUrl (aka access tracking) implementation in ...) +CVE-2010-3714 {DSA-2121-1} - typo3-src 4.3.7-1 -CVE-2010-3713 (rss.php in UseBB before 1.0.11 does not properly handle forum ...) +CVE-2010-3713 NOT-FOR-US: UseBB -CVE-2010-3712 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before ...) +CVE-2010-3712 NOT-FOR-US: Joomla! -CVE-2010-3711 (libpurple in Pidgin before 2.7.4 does not properly validate the return ...) +CVE-2010-3711 - pidgin 2.7.4-1 [squeeze] - pidgin 2.7.3-1+squeeze1 -CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP ...) +CVE-2010-3710 {DSA-2195-1} - php5 5.3.3-3 (bug #601619) -CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...) +CVE-2010-3709 {DSA-2195-1} - php5 5.3.3-4 (bug #603751) -CVE-2010-3708 (The serialization implementation in JBoss Drools in Red Hat JBoss ...) +CVE-2010-3708 - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) -CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...) +CVE-2010-3707 - dovecot 1:1.2.15-1 [lenny] - dovecot <not-affected> (Only affects 1.2.x) -CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...) +CVE-2010-3706 - dovecot 1:1.2.15-1 [lenny] - dovecot <not-affected> (Only affects 1.2.x) -CVE-2010-3705 (The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux ...) +CVE-2010-3705 {DSA-2126-1} - linux-2.6 2.6.32-25 -CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser ...) +CVE-2010-3704 {DSA-2135-1 DSA-2119-1} - kdegraphics 4:4.0.0-1 - xpdf 3.02-9 - poppler 0.12.4-1.2 (bug #599165) NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 -CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in ...) +CVE-2010-3703 - kdegraphics 4:4.0.0-1 [lenny] - kdegraphics <not-affected> (Vulnerable code not present) - xpdf 3.02-9 @@ -4059,222 +4059,222 @@ CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in ...) - poppler 0.12.4-1.2 (bug #599165) [lenny] - poppler <not-affected> (Vulnerable code not present) NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f -CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, ...) +CVE-2010-3702 {DSA-2135-1 DSA-2119-1} - kdegraphics 4:4.0.0-1 - xpdf 3.02-9 - poppler 0.12.4-1.2 (bug #599165) NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf -CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows ...) +CVE-2010-3701 NOT-FOR-US: Red Hat Enterprise MRG -CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before ...) +CVE-2010-3700 NOT-FOR-US: VMware SpringSource Spring Security -CVE-2010-3699 (The backend driver in Xen 3.x allows guest OS users to cause a denial ...) +CVE-2010-3699 {DSA-2153-1} - linux-2.6 2.6.32-31 -CVE-2010-3698 (The KVM implementation in the Linux kernel before 2.6.36 does not ...) +CVE-2010-3698 - linux-2.6 2.6.32-28 [lenny] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2010-3697 (The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x ...) +CVE-2010-3697 - freeradius 2.1.10+dfsg-1 (bug #600176; unimportant) NOTE: requires server to be down already -CVE-2010-3696 (The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in ...) +CVE-2010-3696 - freeradius 2.1.10+dfsg-1 (bug #600176) [lenny] - freeradius <not-affected> (Vulnerable code not present) -CVE-2010-3695 (Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in ...) +CVE-2010-3695 {DSA-2204-1} - imp4 4.3.7+debian0-2.1 (bug #598584; low) NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html -CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde ...) +CVE-2010-3694 {DSA-2278-1} - horde3 3.3.8+debian0-2 (bug #598582) NOTE: http://lists.horde.org/archives/announce/2010/000568.html -CVE-2010-3693 (Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) ...) +CVE-2010-3693 - dimp1 1.1.4+debian2-1.1 (bug #598583) NOTE: http://lists.horde.org/archives/announce/2010/000561.html -CVE-2010-3692 (Directory traversal vulnerability in the callback function in ...) +CVE-2010-3692 {DSA-2172-1} - libphp-cas <itp> (bug #495542) - glpi <removed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone - moodle 1.9.9.dfsg2-2 (bug #601384) -CVE-2010-3691 (PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ...) +CVE-2010-3691 {DSA-2172-1} - libphp-cas <itp> (bug #495542) - glpi <removed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone - moodle 1.9.9.dfsg2-2 (bug #601384) -CVE-2010-3690 (Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ...) +CVE-2010-3690 {DSA-2172-1} - libphp-cas <itp> (bug #495542) - glpi <removed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone - moodle 1.9.9.dfsg2-2 (bug #601384) -CVE-2010-3689 (soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length ...) +CVE-2010-3689 {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 -CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...) +CVE-2010-3687 NOT-FOR-US: powermail extension 1.5.3 for typo3 -CVE-2010-3686 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...) +CVE-2010-3686 {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) -CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...) +CVE-2010-3685 {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) -CVE-2010-4340 (libcloud before 0.4.1 does not verify SSL certificates for HTTPS ...) +CVE-2010-4340 - libcloud 0.5.0-1 (low; bug #598463) -CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA ...) +CVE-2010-3688 NOT-FOR-US: NetArtMEDIA WebSiteAdmin -CVE-2010-3684 (The FTP authentication module in Synology Disk Station 2.x logs ...) +CVE-2010-3684 NOT-FOR-US: Synology Disk Station -CVE-2010-3683 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet ...) +CVE-2010-3683 - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 <removed> [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present) -CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote ...) +CVE-2010-3682 {DSA-2143-1} - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 <removed> -CVE-2010-3681 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote ...) +CVE-2010-3681 {DSA-2143-1} - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 <removed> -CVE-2010-3680 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ...) +CVE-2010-3680 {DSA-2143-1} - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 <removed> -CVE-2010-3679 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ...) +CVE-2010-3679 - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 <removed> [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present) -CVE-2010-3678 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ...) +CVE-2010-3678 - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 <removed> [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present) -CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote ...) +CVE-2010-3677 {DSA-2143-1} - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 <removed> -CVE-2010-3676 (storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before ...) +CVE-2010-3676 - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 <removed> [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present) CVE-2010-3675 RESERVED -CVE-2010-3658 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) +CVE-2010-3658 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3657 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) +CVE-2010-3657 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3656 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) +CVE-2010-3656 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player ...) +CVE-2010-3655 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-3654 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...) +CVE-2010-3654 NOT-FOR-US: Adobe Flash Player -CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before ...) +CVE-2010-3653 NOT-FOR-US: Adobe Shockwave -CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3652 NOT-FOR-US: Adobe Flash Player CVE-2010-3651 REJECTED -CVE-2010-3650 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3650 NOT-FOR-US: Adobe Flash Player -CVE-2010-3649 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3649 NOT-FOR-US: Adobe Flash Player -CVE-2010-3648 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3648 NOT-FOR-US: Adobe Flash Player -CVE-2010-3647 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3647 NOT-FOR-US: Adobe Flash Player -CVE-2010-3646 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3646 NOT-FOR-US: Adobe Flash Player -CVE-2010-3645 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3645 NOT-FOR-US: Adobe Flash Player -CVE-2010-3644 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3644 NOT-FOR-US: Adobe Flash Player -CVE-2010-3643 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3643 NOT-FOR-US: Adobe Flash Player -CVE-2010-3642 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3642 NOT-FOR-US: Adobe Flash Player -CVE-2010-3641 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3641 NOT-FOR-US: Adobe Flash Player -CVE-2010-3640 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3640 NOT-FOR-US: Adobe Flash Player -CVE-2010-3639 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3639 NOT-FOR-US: Adobe Flash Player -CVE-2010-3638 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) +CVE-2010-3638 NOT-FOR-US: Adobe Flash Player -CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 ...) +CVE-2010-3637 NOT-FOR-US: Adobe Flash Player -CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...) +CVE-2010-3636 NOT-FOR-US: Adobe Flash Player -CVE-2010-3635 (Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, ...) +CVE-2010-3635 NOT-FOR-US: Adobe Flash Media Server -CVE-2010-3634 (Unspecified vulnerability in the edge process in Adobe Flash Media ...) +CVE-2010-3634 NOT-FOR-US: Adobe Flash Media Server -CVE-2010-3633 (Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, ...) +CVE-2010-3633 NOT-FOR-US: Adobe Flash Media Server -CVE-2010-3632 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) +CVE-2010-3632 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3631 (Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x ...) +CVE-2010-3631 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3630 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) +CVE-2010-3630 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3629 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) +CVE-2010-3629 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3628 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) +CVE-2010-3628 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) +CVE-2010-3627 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3626 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) +CVE-2010-3626 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3625 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) +CVE-2010-3625 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3624 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 ...) +CVE-2010-3624 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3623 (Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS ...) +CVE-2010-3623 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3622 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) +CVE-2010-3622 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3621 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) +CVE-2010-3621 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3620 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) +CVE-2010-3620 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3619 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) +CVE-2010-3619 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-3618 (PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does ...) +CVE-2010-3618 NOT-FOR-US: PGP Desktop CVE-2010-3617 RESERVED -CVE-2010-3616 (ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover ...) +CVE-2010-3616 - isc-dhcp <not-affected> (Only affects 4.2.x) - dhcp3 <not-affected> (Only affects 4.2.x) - dhcp <not-affected> (Only affects 4.2.x) -CVE-2010-3615 (named in ISC BIND 9.7.2-P2 does not check all intended locations for ...) +CVE-2010-3615 - bind9 1:9.7.2.dfsg.P3-1 (bug #605876) [lenny] - bind9 <not-affected> (Doesn't affect 9.6 ESV) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html -CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV ...) +CVE-2010-3614 {DSA-2130-1} - bind9 1:9.7.2.dfsg.P3-1 (bug #605876) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html -CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, ...) +CVE-2010-3613 {DSA-2130-1} - bind9 1:9.7.2.dfsg.P3-1 (bug #605876) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html CVE-2010-3612 RESERVED -CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before ...) +CVE-2010-3611 - isc-dhcp 4.1.1-P1-14 - dhcp3 <not-affected> (Only affects DHCP 4.x) - dhcp <not-affected> (Only affects DHCP 4.x) CVE-2010-3610 RESERVED -CVE-2010-3609 (The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other ...) +CVE-2010-3609 {DLA-304-1} - openslp-dfsg 1.2.1-8 (low; bug #623551) [squeeze] - openslp-dfsg <no-dsa> (Minor issue) [lenny] - openslp-dfsg <no-dsa> (Minor issue) -CVE-2010-3659 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x ...) +CVE-2010-3659 {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3660 [Multiple security issues] @@ -4342,406 +4342,406 @@ CVE-2010-XXXX [piwigo] NOTE: http://www.exploit-db.com/exploits/14973/ NOTE: First unfilled CVE-request http://www.openwall.com/lists/oss-security/2010/12/07/1 NOTE: Second CVE-request http://www.openwall.com/lists/oss-security/2012/10/06/3 -CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...) +CVE-2010-3608 NOT-FOR-US: wpQuiz -CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt ...) +CVE-2010-3607 NOT-FOR-US: NetArt MEDIA Real Estate Portal -CVE-2010-3606 (Multiple directory traversal vulnerabilities in AGENTS/index.php in ...) +CVE-2010-3606 NOT-FOR-US: NetArt MEDIA Real Estate Portal -CVE-2010-3605 (Cross-site scripting (XSS) vulnerability in the powermail extension ...) +CVE-2010-3605 NOT-FOR-US: powermail extension 1.5.3 for typo3 -CVE-2010-3604 (SQL injection vulnerability in the powermail extension 1.5.3 and ...) +CVE-2010-3604 NOT-FOR-US: powermail extension 1.5.3 for typo3 -CVE-2010-3603 (Cross-site request forgery (CSRF) vulnerability in the file manager ...) +CVE-2010-3603 NOT-FOR-US: mojoPortal -CVE-2010-3602 (Cross-site scripting (XSS) vulnerability in ProfileView.aspx in ...) +CVE-2010-3602 NOT-FOR-US: mojoPortal -CVE-2010-3601 (SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows ...) +CVE-2010-3601 NOT-FOR-US: ibPhotohost -CVE-2010-3499 (F-Secure Anti-Virus does not properly interact with the processing of ...) +CVE-2010-3499 NOT-FOR-US: F-Secure Anti-Virus -CVE-2010-3498 (AVG Anti-Virus does not properly interact with the processing of ...) +CVE-2010-3498 NOT-FOR-US: AVG Anti-Virus -CVE-2010-3497 (Symantec Norton AntiVirus 2011 does not properly interact with the ...) +CVE-2010-3497 NOT-FOR-US: Symantec Norton AntiVirus -CVE-2010-3496 (McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact ...) +CVE-2010-3496 NOT-FOR-US: McAfee VirusScan Enterprise -CVE-2010-3495 (Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) ...) +CVE-2010-3495 - zodb 1:3.9.4-1.1 (bug #599711) -CVE-2010-3494 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...) +CVE-2010-3494 - python-pyftpdlib 0.5.2-1 (low) NOTE: http://code.google.com/p/pyftpdlib/issues/detail?id=104 -CVE-2010-3493 (Multiple race conditions in smtpd.py in the smtpd module in Python ...) +CVE-2010-3493 - python3.1 3.1.2+20100829-1 - python2.6 2.6.6-1 (low; bug #601690) - python2.5 <unfixed> (low) [squeeze] - python2.5 <no-dsa> (Minor issue) [lenny] - python2.5 <no-dsa> (Minor issue) -CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly handle ...) +CVE-2010-3492 - python2.7 2.7.8-11 (unimportant) - python3.1 <removed> (unimportant) - python3.2 3.4.2-1 (unimportant) NOTE: likely fixed much earlier, but these were the versions checked -CVE-2010-3491 (The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator ...) +CVE-2010-3491 NOT-FOR-US: TIBCO ActiveMatrix Service Grid -CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...) +CVE-2010-3490 NOT-FOR-US: FreePBX -CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-3489 NOT-FOR-US: CMS Digital Workroom -CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote ...) +CVE-2010-3488 NOT-FOR-US: QuickShare -CVE-2010-3487 (Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows ...) +CVE-2010-3487 NOT-FOR-US: YelloSoft Pinky -CVE-2010-3486 (Directory traversal vulnerability in FileStorageUpload.ashx in ...) +CVE-2010-3486 NOT-FOR-US: SmarterMail -CVE-2010-3483 (cms_write.php in Primitive CMS 1.0.9 does not properly restrict ...) +CVE-2010-3483 NOT-FOR-US: Primitive CMS -CVE-2010-3482 (Multiple SQL injection vulnerabilities in cms_write.php in Primitive ...) +CVE-2010-3482 NOT-FOR-US: Primitive CMS -CVE-2010-3481 (Multiple SQL injection vulnerabilities in login.php in ApPHP PHP ...) +CVE-2010-3481 NOT-FOR-US: MicroCMS -CVE-2010-3480 (Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS ...) +CVE-2010-3480 NOT-FOR-US: MicroCMS -CVE-2010-3479 (SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote ...) +CVE-2010-3479 NOT-FOR-US: BoutikOne CVE-2010-3478 RESERVED -CVE-2010-3477 (The tcf_act_police_dump function in net/sched/act_police.c in the ...) +CVE-2010-3477 {DSA-2126-1} - linux-2.6 2.6.32-25 -CVE-2010-3600 (Unspecified vulnerability in the Client System Analyzer component in ...) +CVE-2010-3600 NOT-FOR-US: Oracle Database -CVE-2010-3599 (Unspecified vulnerability in the Oracle Document Capture component in ...) +CVE-2010-3599 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-3598 (Unspecified vulnerability in the Oracle Document Capture component in ...) +CVE-2010-3598 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-3597 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2010-3597 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-3596 (Unspecified vulnerability in the mod_ssl component in Oracle Secure ...) +CVE-2010-3596 NOT-FOR-US: Dupe of CVE-2009-3555, will be rejected -CVE-2010-3595 (Unspecified vulnerability in the Oracle Document Capture component in ...) +CVE-2010-3595 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-3594 (Unspecified vulnerability in the Real User Experience Insight ...) +CVE-2010-3594 NOT-FOR-US: Oracle Enterprise Manager Grid Control -CVE-2010-3593 (Unspecified vulnerability in the Health Sciences - Oracle Argus Safety ...) +CVE-2010-3593 NOT-FOR-US: Oracle Industry Applications -CVE-2010-3592 (Unspecified vulnerability in the Oracle Document Capture component in ...) +CVE-2010-3592 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-3591 (Unspecified vulnerability in the Oracle Document Capture component in ...) +CVE-2010-3591 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-3590 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) +CVE-2010-3590 NOT-FOR-US: Oracle Database -CVE-2010-3589 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2010-3589 NOT-FOR-US: Oracle Application Object Library component -CVE-2010-3588 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...) +CVE-2010-3588 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-3587 (Unspecified vulnerability in the Oracle Common Applications component ...) +CVE-2010-3587 NOT-FOR-US: Oracle Applications -CVE-2010-3586 (Unspecified vulnerability in Oracle Solaris 9 allows local users to ...) +CVE-2010-3586 - xscreensaver <not-affected> (Solaris-specific patch) -CVE-2010-3585 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...) +CVE-2010-3585 NOT-FOR-US: OracleVM -CVE-2010-3584 (Unspecified vulnerability in the Oracle VM component in Oracle VM ...) +CVE-2010-3584 NOT-FOR-US: OracleVM -CVE-2010-3583 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...) +CVE-2010-3583 NOT-FOR-US: OracleVM -CVE-2010-3582 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...) +CVE-2010-3582 NOT-FOR-US: OracleVM -CVE-2010-3581 (Unspecified vulnerability in the BPEL Console component in Oracle ...) +CVE-2010-3581 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-3580 (Unspecified vulnerability in Oracle OpenSolaris allows local users to ...) +CVE-2010-3580 NOT-FOR-US: Oracle OpenSolaris -CVE-2010-3579 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun ...) +CVE-2010-3579 NOT-FOR-US: Java Communications Suite -CVE-2010-3578 (Unspecified vulnerability in Oracle OpenSolaris allows remote ...) +CVE-2010-3578 NOT-FOR-US: Oracle OpenSolaris -CVE-2010-3577 (Unspecified vulnerability in Oracle OpenSolaris allows remote ...) +CVE-2010-3577 NOT-FOR-US: Oracle OpenSolaris -CVE-2010-3576 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) +CVE-2010-3576 NOT-FOR-US: Oracle OpenSolaris -CVE-2010-3575 (Unspecified vulnerability in the Oracle Communications Messaging ...) +CVE-2010-3575 NOT-FOR-US: Oracle Sun Products Suite -CVE-2010-3574 (Unspecified vulnerability in the Networking component in Oracle Java ...) +CVE-2010-3574 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3573 (Unspecified vulnerability in the Networking component in Oracle Java ...) +CVE-2010-3573 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3572 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) +CVE-2010-3572 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3571 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) +CVE-2010-3571 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3570 (Unspecified vulnerability in the Deployment Toolkit component in ...) +CVE-2010-3570 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3569 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-3569 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3568 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-3568 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3567 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) +CVE-2010-3567 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3566 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) +CVE-2010-3566 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3565 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) +CVE-2010-3565 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3564 (Unspecified vulnerability in the Oracle Communications Messaging ...) +CVE-2010-3564 - openjdk-6 6b18-1.8.2-1 -CVE-2010-3563 (Unspecified vulnerability in the Deployment component in Oracle Java ...) +CVE-2010-3563 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3562 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) +CVE-2010-3562 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3561 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...) +CVE-2010-3561 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3560 (Unspecified vulnerability in the Networking component in Oracle Java ...) +CVE-2010-3560 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3559 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) +CVE-2010-3559 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3558 (Unspecified vulnerability in the Java Web Start component in Oracle ...) +CVE-2010-3558 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3557 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...) +CVE-2010-3557 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3556 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) +CVE-2010-3556 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3555 (Unspecified vulnerability in the Deployment component in Oracle Java ...) +CVE-2010-3555 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3554 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...) +CVE-2010-3554 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3553 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...) +CVE-2010-3553 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3552 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...) +CVE-2010-3552 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3551 (Unspecified vulnerability in the Networking component in Oracle Java ...) +CVE-2010-3551 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3550 (Unspecified vulnerability in the Java Web Start component in Oracle ...) +CVE-2010-3550 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3549 (Unspecified vulnerability in the Networking component in Oracle Java ...) +CVE-2010-3549 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3548 (Unspecified vulnerability in the Java Naming and Directory Interface ...) +CVE-2010-3548 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3547 (Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in ...) +CVE-2010-3547 NOT-FOR-US: Oracle PeopleSoft -CVE-2010-3546 (Unspecified vulnerability in the Sun Java System Identity Manager ...) +CVE-2010-3546 NOT-FOR-US: Oracle Sun Products Suite -CVE-2010-3545 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...) +CVE-2010-3545 NOT-FOR-US: Oracle iPlanet Web Server -CVE-2010-3544 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...) +CVE-2010-3544 NOT-FOR-US: Oracle iPlanet Web Server CVE-2010-3543 REJECTED -CVE-2010-3542 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) +CVE-2010-3542 NOT-FOR-US: Oracle Solaris -CVE-2010-3541 (Unspecified vulnerability in the Networking component in Oracle Java ...) +CVE-2010-3541 - openjdk-6 6b18-1.8.2-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-3540 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) +CVE-2010-3540 NOT-FOR-US: Oracle Solaris -CVE-2010-3539 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL ...) +CVE-2010-3539 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3538 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL ...) +CVE-2010-3538 NOT-FOR-US: PeopleSoft Enterprise FMS -CVE-2010-3537 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM ...) +CVE-2010-3537 NOT-FOR-US: PeopleSoft Enterprise FMS -CVE-2010-3536 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...) +CVE-2010-3536 NOT-FOR-US: PeopleSoft Enterprise SCM -CVE-2010-3535 (Unspecified vulnerability in the Directory Server Enterprise Edition ...) +CVE-2010-3535 NOT-FOR-US: Oracle Sun Products Suite -CVE-2010-3534 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...) +CVE-2010-3534 NOT-FOR-US: Oracle Primavera Products Suite -CVE-2010-3533 (Unspecified vulnerability in the PeopleSoft Enterprise SCM OM and CRM ...) +CVE-2010-3533 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3532 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order ...) +CVE-2010-3532 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3531 (Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM ...) +CVE-2010-3531 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR ...) +CVE-2010-3530 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3529 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - Cash ...) +CVE-2010-3529 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3528 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Common ...) +CVE-2010-3528 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3527 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM ...) +CVE-2010-3527 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3526 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO ...) +CVE-2010-3526 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3525 (Unspecified vulnerability in the (1) PeopleSoft Enterprise FMS, (2) ...) +CVE-2010-3525 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3524 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - Strategic ...) +CVE-2010-3524 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3523 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2010-3523 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3522 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2010-3522 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay ...) +CVE-2010-3521 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3520 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France ...) +CVE-2010-3520 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3519 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2010-3519 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3518 (Unspecified vulnerability in the PeopleSoft Enterprise HCM GP - Japan ...) +CVE-2010-3518 NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite -CVE-2010-3517 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) +CVE-2010-3517 NOT-FOR-US: Oracle Solaris 10 and OpenSolaris -CVE-2010-3516 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) +CVE-2010-3516 NOT-FOR-US: Oracle Solaris 10 and OpenSolaris -CVE-2010-3515 (Unspecified vulnerability in the Solaris component in Oracle Solaris 9 ...) +CVE-2010-3515 NOT-FOR-US: Oracle Solaris 10 and OpenSolaris -CVE-2010-3514 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...) +CVE-2010-3514 NOT-FOR-US: Oracle Sun Products Suite -CVE-2010-3513 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...) +CVE-2010-3513 NOT-FOR-US: Oracle Solaris and OpenSolaris -CVE-2010-3512 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...) +CVE-2010-3512 NOT-FOR-US: Oracle iPlanet Web Server -CVE-2010-3511 (Unspecified vulnerability in Oracle OpenSolaris allows local users to ...) +CVE-2010-3511 NOT-FOR-US: Oracle OpenSolaris -CVE-2010-3510 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) +CVE-2010-3510 NOT-FOR-US: Oracle WebLogic -CVE-2010-3509 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...) +CVE-2010-3509 NOT-FOR-US: Oracle Solaris -CVE-2010-3508 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...) +CVE-2010-3508 NOT-FOR-US: Oracle Solaris -CVE-2010-3507 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) +CVE-2010-3507 NOT-FOR-US: Oracle Solaris -CVE-2010-3506 (Unspecified vulnerability in the Oracle Explorer (Sun Explorer) ...) +CVE-2010-3506 NOT-FOR-US: Oracle Explorer -CVE-2010-3505 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...) +CVE-2010-3505 NOT-FOR-US: Oracle Supply Chain Products -CVE-2010-3504 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) +CVE-2010-3504 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-3503 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) +CVE-2010-3503 NOT-FOR-US: Oracle Solaris 10 and OpenSolaris -CVE-2010-3502 (Unspecified vulnerability in the Siebel Core component in Oracle ...) +CVE-2010-3502 NOT-FOR-US: Oracle Siebel Suite -CVE-2010-3501 (Unspecified vulnerability in the OID component in Oracle Fusion ...) +CVE-2010-3501 NOT-FOR-US: Oracle Fusion -CVE-2010-3500 (Unspecified vulnerability in the Siebel Core - Highly Interactive ...) +CVE-2010-3500 NOT-FOR-US: Oracle Siebel Suite -CVE-2010-3476 (Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before ...) +CVE-2010-3476 - otrs2 2.4.8+dfsg1-1 [lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4) -CVE-2010-3475 (IBM DB2 9.7 before FP3 does not properly enforce privilege ...) +CVE-2010-3475 NOT-FOR-US: IBM DB2 -CVE-2010-3474 (IBM DB2 9.7 before FP3 does not perform the expected drops or ...) +CVE-2010-3474 NOT-FOR-US: IBM DB2 -CVE-2010-3473 (Open redirect vulnerability in the Workplace (aka WP) component in IBM ...) +CVE-2010-3473 NOT-FOR-US: IBM FileNet P8 Application Engine -CVE-2010-3472 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ...) +CVE-2010-3472 NOT-FOR-US: IBM FileNet P8 Application Engine -CVE-2010-3471 (Session fixation vulnerability in the Workplace (aka WP) component in ...) +CVE-2010-3471 NOT-FOR-US: IBM FileNet P8 Application Engine -CVE-2010-3470 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ...) +CVE-2010-3470 NOT-FOR-US: IBM FileNet P8 Application Engine CVE-2010-3469 RESERVED -CVE-2010-3468 (Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 ...) +CVE-2010-3468 NOT-FOR-US: Mura CMS -CVE-2010-3467 (SQL injection vulnerability in modules/sections/index.php in ...) +CVE-2010-3467 NOT-FOR-US: E-Xoopport Samsara -CVE-2010-3466 (Cross-site scripting (XSS) vulnerability in index.php in the ...) +CVE-2010-3466 NOT-FOR-US: NetArt Media iBoutique.MALL -CVE-2010-3465 (Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping ...) +CVE-2010-3465 NOT-FOR-US: XSE Shopping Cart -CVE-2010-3464 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2010-3464 NOT-FOR-US: SantaFox -CVE-2010-3463 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-3463 NOT-FOR-US: SantaFox -CVE-2010-3462 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-3462 NOT-FOR-US: Mollify -CVE-2010-3461 (SQL injection vulnerability in the Publisher module in eNdonesia 8.4 ...) +CVE-2010-3461 NOT-FOR-US: eNdonesia -CVE-2010-3460 (Directory traversal vulnerability in the HTTP interface in AXIGEN Mail ...) +CVE-2010-3460 NOT-FOR-US: AXIGEN Mail Server -CVE-2010-3459 (Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface ...) +CVE-2010-3459 NOT-FOR-US: AXIGEN Mail Server -CVE-2010-3458 (SQL injection vulnerability in lib/toolkit/events/event.section.php in ...) +CVE-2010-3458 NOT-FOR-US: Symphony CMS -CVE-2010-3457 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS ...) +CVE-2010-3457 NOT-FOR-US: Symphony CMS -CVE-2010-3456 (Directory traversal vulnerability in download.php in EnergyScripts ...) +CVE-2010-3456 NOT-FOR-US: EnergyScripts Simple Download -CVE-2010-3455 (Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 ...) +CVE-2010-3455 NOT-FOR-US: AChecker -CVE-2010-3454 (Multiple off-by-one errors in the WW8DopTypography::ReadFromMem ...) +CVE-2010-3454 {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 -CVE-2010-3453 (The WW8ListManager::WW8ListManager function in oowriter in ...) +CVE-2010-3453 {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 -CVE-2010-3452 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x ...) +CVE-2010-3452 {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 -CVE-2010-3451 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x ...) +CVE-2010-3451 {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 -CVE-2010-3450 (Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) ...) +CVE-2010-3450 {DSA-2151-1} - openoffice.org 1:3.2.1-11+squeeze2 -CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback before ...) +CVE-2010-3449 NOT-FOR-US: Redback -CVE-2010-3448 (drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 ...) +CVE-2010-3448 {DSA-2126-1} - linux-2.6 2.6.32-12 (bug #565790; unimportant) NOTE: this is more of a hardware bug rather than a security issue -CVE-2010-3447 (Cross-site scripting (XSS) vulnerability in view.php in the file ...) +CVE-2010-3447 - gollem 1.1.1+debian0-1.1 (bug #598585) [lenny] - gollem <not-affected> ($filename not printed directly and passed through htmlspecialchars()) NOTE: http://bugs.horde.org/ticket/9191 CVE-2010-3446 RESERVED -CVE-2010-3445 (Stack consumption vulnerability in the dissect_ber_unknown function in ...) +CVE-2010-3445 {DSA-2127-1} - wireshark 1.2.11-3 (low) NOTE: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html -CVE-2010-3444 (Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU ...) +CVE-2010-3444 - pyfribidi 0.10.0-2 (bug #570068) [lenny] - pyfribidi <not-affected> (fribidi 0.19.1 or higher needs to be installed to trigger this) -CVE-2010-3443 (ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows ...) +CVE-2010-3443 - quassel 0.7.1-1 (bug #597853) [squeeze] - quassel 0.6.3-1 NOTE: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774 -CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in ...) +CVE-2010-3442 {DSA-2126-1} - linux-2.6 2.6.32-25 NOTE: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779 -CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote ...) +CVE-2010-3441 - abcm2ps 5.9.13-0.1 (low; bug #577014) [lenny] - abcm2ps <no-dsa> (Minor issue) CVE-2010-3440 [babiloo insecure downloading and unpacking of dictionary files] @@ -4755,40 +4755,40 @@ CVE-2010-3438 [Insufficient stripping of CR/LF allows arbitrary IRC command exec RESERVED - libpoe-component-irc-perl 6.32+dfsg-1 [lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194) -CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in ...) +CVE-2010-3437 {DSA-2126-1} - linux-2.6 2.6.32-25 -CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote ...) +CVE-2010-3436 - php5 5.3.3-4 (unimportant) NOTE: http://svn.php.net/viewvc?view=revision&revision=303824 -CVE-2010-3435 (The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before ...) +CVE-2010-3435 - pam 1.1.3-1 (low; bug #599832) [squeeze] - pam <no-dsa> (Minor issue) [lenny] - pam <no-dsa> (Minor issue) NOTE: Fix from 1.1.2 is not fully complete -CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in ...) +CVE-2010-3434 - clamav 0.96.3+dfsg-1 [lenny] - clamav <end-of-life> NOTE: libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226) -CVE-2010-3433 (The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before ...) +CVE-2010-3433 {DSA-2120-1} - postgresql-9.0 9.0.1-1 - postgresql-8.4 8.4.5-1 [squeeze] - postgresql-8.4 8.4.5-0squeeze1 - postgresql-8.3 <removed> -CVE-2010-3432 (The sctp_packet_config function in net/sctp/output.c in the Linux ...) +CVE-2010-3432 {DSA-2126-1} - linux-2.6 2.6.32-24 -CVE-2010-3431 (The privilege-dropping implementation in the (1) pam_env and (2) ...) +CVE-2010-3431 - pam 1.1.3-1 (low; bug #599832) [squeeze] - pam <no-dsa> (Minor issue) NOTE: 20100924164823.GA21584@openwall.com -CVE-2010-3430 (The privilege-dropping implementation in the (1) pam_env and (2) ...) +CVE-2010-3430 - pam 1.1.3-1 (bug #599832) [squeeze] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832) [lenny] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832) NOTE: 20100924164823.GA21584@openwall.com -CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in ...) +CVE-2010-3429 {DSA-2165-1} - ffmpeg 4:0.5.2-6 (bug #598590) - ffmpeg-debian <removed> @@ -4809,52 +4809,52 @@ CVE-2010-XXXX [mediatomb directory traversal] [wheezy] - mediatomb 0.12.1-4+deb7u1 [squeeze] - mediatomb 0.12.0~svn2018-6.1 NOTE: was previously fixed in 580120 but patch was not applied to later maintainer uploads -CVE-2010-3428 (SQL injection vulnerability in modules/notes/json.php in Intermesh ...) +CVE-2010-3428 NOT-FOR-US: Intermesh Group-Office -CVE-2010-3427 (Multiple cross-site scripting (XSS) vulnerabilities in Open ...) +CVE-2010-3427 NOT-FOR-US: Open Classifieds -CVE-2010-3426 (Directory traversal vulnerability in jphone.php in the JPhone ...) +CVE-2010-3426 NOT-FOR-US: JPhone for Joomla -CVE-2010-3425 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-3425 NOT-FOR-US: SmarterStats -CVE-2010-3424 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-3424 NOT-FOR-US: Invision Power Board -CVE-2010-3423 (SQL injection vulnerability in the Yr Weatherdata module for Drupal ...) +CVE-2010-3423 NOT-FOR-US: Yr Weatherdata module for Drupal -CVE-2010-3422 (SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 ...) +CVE-2010-3422 NOT-FOR-US: JGen for Joomla -CVE-2010-3421 (Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ...) +CVE-2010-3421 NOT-FOR-US: ProductCart -CVE-2010-3420 (Cross-site scripting (XSS) vulnerability in Products_Results.php in ...) +CVE-2010-3420 NOT-FOR-US: PowerStore -CVE-2010-3419 (Multiple PHP remote file inclusion vulnerabilities in Haudenschilt ...) +CVE-2010-3419 NOT-FOR-US: Haudenschilt Family Connections CMS -CVE-2010-3418 (Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media ...) +CVE-2010-3418 NOT-FOR-US: NetArt Media Car Portal -CVE-2010-3417 (Google Chrome before 6.0.472.59 does not prompt the user before ...) +CVE-2010-3417 - webkit <not-affected> (chromium specific) - chromium-browser 6.0.472.59~r59126-1 -CVE-2010-3416 (Google Chrome before 6.0.472.59 on Linux does not properly implement ...) +CVE-2010-3416 - webkit <not-affected> (issue in chromium-specific code) - chromium-browser 6.0.472.59~r59126-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=44960 NOTE: http://trac.webkit.org/changeset/66689 -CVE-2010-3415 (Google Chrome before 6.0.472.59 does not properly implement ...) +CVE-2010-3415 - webkit <not-affected> (issue in chromium-specific code) - chromium-browser 6.0.472.59~r59126-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=45112 NOTE: http://trac.webkit.org/changeset/66837 NOTE: depends on http://trac.webkit.org/changeset/66837 NOTE: https://bugs.webkit.org/show_bug.cgi?id=45257 -CVE-2010-3414 (Google Chrome before 6.0.472.59 on Mac OS X does not properly ...) +CVE-2010-3414 - webkit <not-affected> (Does not affect linux) - chromium-browser <not-affected> (Does not affect linux) -CVE-2010-3413 (Unspecified vulnerability in the pop-up blocking functionality in ...) +CVE-2010-3413 - webkit <not-affected> (chromium specific) - chromium-browser 6.0.472.59~r59126-1 -CVE-2010-3412 (Race condition in the console implementation in Google Chrome before ...) +CVE-2010-3412 - libv8 2.2.24-6 (bug #597856) -CVE-2010-3411 (Google Chrome before 6.0.472.59 on Linux does not properly handle ...) +CVE-2010-3411 - webkit <not-affected> (chromium specific) - chromium-browser 6.0.472.59~r59126-1 CVE-2010-3410 @@ -4863,37 +4863,37 @@ CVE-2010-3409 REJECTED CVE-2010-3408 REJECTED -CVE-2010-3407 (Stack-based buffer overflow in the MailCheck821Address function in ...) +CVE-2010-3407 NOT-FOR-US: IBM Lotus Domino -CVE-2010-3406 (Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM ...) +CVE-2010-3406 NOT-FOR-US: AIX 5.3 -CVE-2010-3405 (Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, ...) +CVE-2010-3405 NOT-FOR-US: AIX 6.1, VIOS -CVE-2010-3404 (Multiple SQL injection vulnerabilities in eshtery CMS (aka ...) +CVE-2010-3404 NOT-FOR-US: eshtery CMS -CVE-2010-3403 (Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic ...) +CVE-2010-3403 NOT-FOR-US: Qualcomm eXtensible Diagnostic Monitor -CVE-2010-3402 (Untrusted search path vulnerability in IDM Computer Solutions ...) +CVE-2010-3402 NOT-FOR-US: UltraEdit CVE-2010-3401 RESERVED -CVE-2010-3400 (The js_InitRandom function in the JavaScript implementation in Mozilla ...) +CVE-2010-3400 NOTE: These will likely be rejected, Mozilla people will clarify with MITRE -CVE-2010-3399 (The js_InitRandom function in the JavaScript implementation in Mozilla ...) +CVE-2010-3399 NOTE: These will likely be rejected, Mozilla people will clarify with MITRE -CVE-2010-3398 (Unspecified vulnerability in the webcontainer implementation in IBM ...) +CVE-2010-3398 NOT-FOR-US: IBM Lotus Sametime Connect -CVE-2010-3397 (Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, ...) +CVE-2010-3397 NOT-FOR-US: PGP Desktop -CVE-2010-3396 (Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and ...) +CVE-2010-3396 NOT-FOR-US: Kingsoft Antivirus CVE-2010-3395 RESERVED -CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place ...) +CVE-2010-3394 - texmacs 1:1.0.7.7-1.1 (bug #598424) [squeeze] - texmacs 1:1.0.7.4-3.1 [lenny] - texmacs <no-dsa> (minor issue) -CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory name ...) +CVE-2010-3393 - magics++ 2.10.0.dfsg-5.1 (bug #598418) CVE-2010-3392 RESERVED @@ -4901,34 +4901,34 @@ CVE-2010-3391 RESERVED CVE-2010-3390 RESERVED -CVE-2010-3389 (The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents ...) +CVE-2010-3389 - cluster-agents 1:1.0.3-3.1 (bug #598549) CVE-2010-3388 RESERVED -CVE-2010-3387 (** DISPUTED ** ...) +CVE-2010-3387 - vdr 1.6.0-19.1 (unimportant; bug #598308) NOTE: Only affects a debugging tool, see bug #598308 -CVE-2010-3386 (usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length ...) +CVE-2010-3386 - ust 0.7-2.1 (bug #598309) [squeeze] - ust 0.5-1+squeeze1 [wheezy] - ust 0.5-1+squeeze1 -CVE-2010-3385 (TuxGuitar 1.2 places a zero-length directory name in the ...) +CVE-2010-3385 - tuxguitar 1.2-7 (bug #598307) [lenny] - tuxguitar <no-dsa> (Minor issue) -CVE-2010-3384 (The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and ...) +CVE-2010-3384 - torcs 1.3.1-5 (bug #598306) [lenny] - torcs <no-dsa> (Minor issue) -CVE-2010-3383 (The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 ...) +CVE-2010-3383 - teamspeak-client 2.0.32-3.1 (low; bug #598304) [lenny] - teamspeak-client <no-dsa> (Non-free not supported) - teamspeak-server 2.0.24.1+debian-1.1 (low; bug #598305) [lenny] - teamspeak-server <no-dsa> (Non-free not supported) -CVE-2010-3382 (tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a ...) +CVE-2010-3382 - tau 2.16.4-1.4 (bug #598303) -CVE-2010-3381 (The (1) tangerine and (2) tangerine-properties scripts in Tangerine ...) +CVE-2010-3381 - tangerine 0.3.2.2-6 (bug #598302) [lenny] - tangerine <no-dsa> (minor issue) -CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before ...) +CVE-2010-3380 - slurm-llnl 2.1.15-2 (bug #602340) [wheezy] - slurm-llnl 2.1.11-1squeeze1 (bug #602340) [squeeze] - slurm-llnl 2.1.11-1squeeze1 (bug #602340) @@ -4936,191 +4936,191 @@ CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM bef NOTE: Debian package ships its own, also vulnerable, init script. NOT fixed in 2.1.14-1 CVE-2010-3379 RESERVED -CVE-2010-3378 (The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in ...) +CVE-2010-3378 - scilab 5.2.2-8 (bug #598423; bug #598422) [lenny] - scilab <no-dsa> (Non-free not supported) -CVE-2010-3377 (The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) ...) +CVE-2010-3377 - salome 5.1.3-11 (bug #598421) -CVE-2010-3376 (The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ...) +CVE-2010-3376 - root-system 5.34.00-1 (bug #598420; bug #598419) [lenny] - root-system <no-dsa> (minor issue) CVE-2010-3375 RESERVED - qtparted 0.4.5-8 (low; bug #598301) [lenny] - qtparted <no-dsa> (Minor issue) -CVE-2010-3374 (Qt Creator before 2.0.1 places a zero-length directory name in the ...) +CVE-2010-3374 - qtcreator 1.3.1-3 (bug #598300) CVE-2010-3373 RESERVED - paxtest 1:0.9.9-1 (unimportant; bug #598413) -CVE-2010-3372 (Untrusted search path vulnerability in NorduGrid Advanced Resource ...) +CVE-2010-3372 - nordugrid-arc-nox 1.1.0~rc6-2.1 (bug #606151) CVE-2010-3371 RESERVED CVE-2010-3370 RESERVED -CVE-2010-3369 (The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, ...) +CVE-2010-3369 - mono-debugger 2.6.3-2.1 (low; bug #598299) [lenny] - mono-debugger <no-dsa> (Minor issue) CVE-2010-3368 RESERVED CVE-2010-3367 RESERVED -CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the ...) +CVE-2010-3366 - mn-fit <removed> (bug #598298) [lenny] - mn-fit <no-dsa> (Minor issue) -CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the ...) +CVE-2010-3365 - mistelix 0.31-2 (low; bug #598297) -CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length directory ...) +CVE-2010-3364 - vips 7.14.5-2 (unimportant; bug #598296) NOTE: Scripts are not used for any real world scenarios -CVE-2010-3363 (roarify in roaraudio 0.3 places a zero-length directory name in the ...) +CVE-2010-3363 - roaraudio 0.3-2 (low; bug #598295) [lenny] - roaraudio <no-dsa> (Minor issue) -CVE-2010-3362 (lastfm 1.5.4 places a zero-length directory name in the ...) +CVE-2010-3362 - lastfm 1:1.5.4.26862+dfsg-5 (low; bug #598294) [lenny] - lastfm 1:1.5.1.31879.dfsg-1+lenny1 -CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 ...) +CVE-2010-3361 - ike 2.1.5+dfsg-2 (low; bug #598292) [lenny] - ike <no-dsa> (Minor issue) -CVE-2010-3360 (Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, ...) +CVE-2010-3360 - hipo <removed> (bug #598291) [lenny] - hipo <no-dsa> (Minor issue) CVE-2010-3359 [gargoyle: insecure library loading] RESERVED - gargoyle-free 2009-08-25-2 NOTE: http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6 -CVE-2010-3358 (HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in ...) +CVE-2010-3358 - henplus <removed> (bug #598290) -CVE-2010-3357 (gnome-subtitles 1.0 places a zero-length directory name in the ...) +CVE-2010-3357 - gnome-subtitles 1.0-2 (low; bug #598289) [lenny] - gnome-subtitles <no-dsa> (Minor issue) CVE-2010-3356 RESERVED -CVE-2010-3355 (Ember 0.5.7 places a zero-length directory name in the ...) +CVE-2010-3355 - ember 0.5.7-1.1 (low; bug #598288) -CVE-2010-3354 (dropboxd in Dropbox 0.7.110 places a zero-length directory name in the ...) +CVE-2010-3354 - dropbox 0.8.107-1 (low; bug #598287) [lenny] - dropbox <no-dsa> (Non-free not supported) -CVE-2010-3353 (Cowbell 0.2.7.1 places a zero-length directory name in the ...) +CVE-2010-3353 - cowbell <not-affected> (See bug #598286) CVE-2010-3352 RESERVED -CVE-2010-3351 (startBristol in Bristol 0.60.5 places a zero-length directory name in ...) +CVE-2010-3351 - bristol 0.60.5-2 (bug #598285) -CVE-2010-3350 (bareFTP 0.3.4 places a zero-length directory name in the ...) +CVE-2010-3350 - bareftp 0.3.4-1.1 (bug #598284) -CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the ...) +CVE-2010-3349 - ardour 1:2.8.11-2 (low; bug #598282) -CVE-2010-3348 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...) +CVE-2010-3348 NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3347 REJECTED -CVE-2010-3346 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...) +CVE-2010-3346 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3345 (Microsoft Internet Explorer 8 does not properly handle objects in ...) +CVE-2010-3345 NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3344 REJECTED -CVE-2010-3343 (Microsoft Internet Explorer 6 does not properly handle objects in ...) +CVE-2010-3343 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3342 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...) +CVE-2010-3342 NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3341 REJECTED -CVE-2010-3340 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...) +CVE-2010-3340 NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3339 REJECTED -CVE-2010-3338 (The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, ...) +CVE-2010-3338 NOT-FOR-US: Microsoft Windows -CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and ...) +CVE-2010-3337 NOT-FOR-US: Microsoft Office 2007 SP2 -CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac ...) +CVE-2010-3336 NOT-FOR-US: Microsoft Office XP SP3 -CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...) +CVE-2010-3335 NOT-FOR-US: Microsoft Office XP SP3 -CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...) +CVE-2010-3334 NOT-FOR-US: Microsoft Office XP SP3 -CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 ...) +CVE-2010-3333 NOT-FOR-US: Microsoft Office -CVE-2010-3332 (Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, ...) +CVE-2010-3332 NOT-FOR-US: Microsoft .NET Framework -CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle ...) +CVE-2010-3331 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3330 (Microsoft Internet Explorer 6 through 8 does not properly restrict ...) +CVE-2010-3330 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3329 (mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote ...) +CVE-2010-3329 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3328 (Use-after-free vulnerability in the CAttrArray::PrivateFind function ...) +CVE-2010-3328 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3327 (The implementation of HTML content creation in Microsoft Internet ...) +CVE-2010-3327 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3326 (Microsoft Internet Explorer 6 does not properly handle objects in ...) +CVE-2010-3326 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3325 (Microsoft Internet Explorer 6 through 8 does not properly handle ...) +CVE-2010-3325 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8, and the ...) +CVE-2010-3324 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session ...) +CVE-2010-3323 NOT-FOR-US: Splunk -CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote ...) +CVE-2010-3322 NOT-FOR-US: Splunk -CVE-2010-3321 (RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not ...) +CVE-2010-3321 NOT-FOR-US: RSA Authentication Client -CVE-2010-3320 (Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before ...) +CVE-2010-3320 NOT-FOR-US: IBM Records Manager -CVE-2010-3319 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a ...) +CVE-2010-3319 NOT-FOR-US: IBM Records Manager -CVE-2010-3318 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits ...) +CVE-2010-3318 NOT-FOR-US: IBM Records Manager -CVE-2010-3317 (Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) ...) +CVE-2010-3317 NOT-FOR-US: IBM Records Manager -CVE-2010-3316 (The run_coprocess function in pam_xauth.c in the pam_xauth module in ...) +CVE-2010-3316 - pam 1.1.2-1 (unimportant; bug #599832) NOTE: partial fix http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6 NOTE: Not exploitable with current kernels -CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as ...) +CVE-2010-3315 {DSA-2118-1} - subversion 1.6.12dfsg-2 (low) -CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in EGroupware ...) +CVE-2010-3314 {DSA-2013-1} - egroupware <removed> (high; bug #573279) [lenny] - egroupware 1.4.004-2.dfsg-4.2 -CVE-2010-3313 (phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php ...) +CVE-2010-3313 {DSA-2013-1} - egroupware <removed> (high; bug #573279) [lenny] - egroupware 1.4.004-2.dfsg-4.2 -CVE-2010-3312 (Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, ...) +CVE-2010-3312 - epiphany-browser 2.29.91-1 (bug #564690) [lenny] - epiphany-browser <not-affected> (Introduced with the switch to webkit after Lenny release) -CVE-2010-3311 (Integer overflow in base/ftstream.c in libXft (aka the X FreeType ...) +CVE-2010-3311 {DSA-2116-1} - freetype 2.4.0-1 NOTE: Only the 2.3.x series is affected -CVE-2010-3310 (Multiple integer signedness errors in net/rose/af_rose.c in the Linux ...) +CVE-2010-3310 {DSA-2126-1} - linux-2.6 2.6.32-25 CVE-2010-3309 REJECTED -CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan ...) +CVE-2010-3308 - openswan 1:2.6.28+dfsg-2 [lenny] - openswan <not-affected> (Introduced in version 2.6.25) -CVE-2010-3307 (Multiple PHP remote file inclusion vulnerabilities in ...) +CVE-2010-3307 NOT-FOR-US: Free Simple CMS 1.0 CVE-2010-3305 [pixel CSRF] RESERVED - pixelpost <removed> (bug #597224) -CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...) +CVE-2010-3304 - dovecot 1.2.13-1 [lenny] - dovecot <not-affected> (only affects 1.2.x) -CVE-2010-3303 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...) +CVE-2010-3303 - mantis 1.1.8+dfsg-8 (bug #599710) [lenny] - mantis 1.1.6+dfsg-2lenny3 -CVE-2010-3302 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan ...) +CVE-2010-3302 - openswan 1:2.6.28+dfsg-2 [lenny] - openswan <not-affected> (Introduced in version 2.6.25) -CVE-2010-3301 (The IA32 system call emulation functionality in ...) +CVE-2010-3301 - linux-2.6 2.6.32-23 [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.27) CVE-2010-3300 @@ -5131,47 +5131,47 @@ CVE-2010-3299 [ruby on rails: padding oracle attack] NOTE: http://seclists.org/oss-sec/2010/q3/415 NOTE: http://seclists.org/oss-sec/2010/q3/413 NOTE: http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf -CVE-2010-3298 (The hso_get_count function in drivers/net/usb/hso.c in the Linux ...) +CVE-2010-3298 - linux-2.6 2.6.32-24 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27) -CVE-2010-3297 (The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel ...) +CVE-2010-3297 {DSA-2126-1} - linux-2.6 2.6.32-24 -CVE-2010-3296 (The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in ...) +CVE-2010-3296 {DSA-2126-1} - linux-2.6 2.6.32-24 CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory] RESERVED NOTE: assigned to linux-2.6, but claimed not a problem: http://www.openwall.com/lists/oss-security/2010/09/15/2 NOTE: will probably get rejected -CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x ...) +CVE-2010-3291 NOT-FOR-US: HP AssetCenter -CVE-2010-3290 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...) +CVE-2010-3290 NOT-FOR-US: HP Systems Insight Manager -CVE-2010-3289 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...) +CVE-2010-3289 NOT-FOR-US: HP Systems Insight Manager -CVE-2010-3288 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight ...) +CVE-2010-3288 NOT-FOR-US: HP Systems Insight Manager -CVE-2010-3287 (Unspecified vulnerability on HP ProCurve Access Points, Access ...) +CVE-2010-3287 NOT-FOR-US: HP ProCurve -CVE-2010-3286 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and ...) +CVE-2010-3286 NOT-FOR-US: HP Systems Insight Manager -CVE-2010-3285 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) +CVE-2010-3285 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) +CVE-2010-3284 NOT-FOR-US: HP System Management Homepage -CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) ...) +CVE-2010-3283 NOT-FOR-US: HP System Management Homepage CVE-2010-3282 RESERVED NOT-FOR-US: Red Hat Directory Server -CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in ...) +CVE-2010-3281 NOT-FOR-US: Alcatel-Lucent OmniVista -CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server (aka ...) +CVE-2010-3280 NOT-FOR-US: Alcatel-Lucent OmniTouch Contact Center -CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4 in the ...) +CVE-2010-3279 NOT-FOR-US: Alcatel-Lucent OmniTouch Contact Center -CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Alternative ...) +CVE-2010-3294 - php-apc <unfixed> (unimportant) NOTE: vulnerable script is, mainly, for debugging purposes NOTE: and is distributed gzip-compressed @@ -5185,244 +5185,244 @@ CVE-2010-3292 [mailscanner may use spoofed data] [squeeze] - mailscanner <no-dsa> (Minor issue) CVE-2010-3278 REJECTED -CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build 301548 and ...) +CVE-2010-3277 NOT-FOR-US: VMware Workstation -CVE-2010-3276 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...) +CVE-2010-3276 {DSA-2211-1} - vlc 1.1.8-1 NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch -CVE-2010-3275 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...) +CVE-2010-3275 {DSA-2211-1} - vlc 1.1.8-1 NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch -CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-3274 NOT-FOR-US: ZOHO ManageEngine -CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows ...) +CVE-2010-3273 NOT-FOR-US: ZOHO ManageEngine -CVE-2010-3272 (accounts/ValidateAnswers in the security-questions implementation in ...) +CVE-2010-3272 NOT-FOR-US: ZOHO ManageEngine -CVE-2010-3271 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) +CVE-2010-3271 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before ...) +CVE-2010-3270 NOT-FOR-US: Cisco WebEx Meeting Center -CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx Recording ...) +CVE-2010-3269 NOT-FOR-US: Cisco WebEx -CVE-2010-3268 (The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in ...) +CVE-2010-3268 NOT-FOR-US: Symantec Antivirus -CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 ...) +CVE-2010-3267 NOT-FOR-US: BugTracker.NET -CVE-2010-3266 (Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET ...) +CVE-2010-3266 NOT-FOR-US: BugTracker.NET CVE-2010-3265 RESERVED -CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...) +CVE-2010-3264 NOT-FOR-US: Novell Identity Manager -CVE-2010-3263 (Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php ...) +CVE-2010-3263 - phpmyadmin 4:3.3.7-1 (low) [lenny] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2010-3262 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before ...) +CVE-2010-3262 NOT-FOR-US: flock -CVE-2010-3261 (Directory traversal vulnerability in RSA Authentication Agent 7.0 ...) +CVE-2010-3261 NOT-FOR-US: RSA Authentication Agent 7.0 for Web -CVE-2010-3260 (oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server ...) +CVE-2010-3260 NOT-FOR-US: Orbeon Forms -CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, ...) +CVE-2010-3259 - chromium-browser 6.0.472.53~r57914-1 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: https://bugs.webkit.org/show_bug.cgi?id=44399 NOTE: http://trac.webkit.org/changeset/65826 -CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53 does not ...) +CVE-2010-3258 - chromium-browser 6.0.472.53~r57914-1 - webkit <not-affected> NOTE: chromium specific -CVE-2010-3257 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...) +CVE-2010-3257 - chromium-browser 6.0.472.53~r57914-1 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/65748 NOTE: https://bugs.webkit.org/show_bug.cgi?id=44226 -CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the number of ...) +CVE-2010-3256 - chromium-browser 6.0.472.53~r57914-1 - webkit <not-affected> NOTE: chromium specific -CVE-2010-3255 (Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not ...) +CVE-2010-3255 - chromium-browser 6.0.472.53~r57914-1 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812 NOTE: http://trac.webkit.org/changeset/66052 -CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53 does ...) +CVE-2010-3254 - chromium-browser 6.0.472.53~r57914-1 - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/65135 -CVE-2010-3253 (The implementation of notification permissions in Google Chrome before ...) +CVE-2010-3253 - chromium-browser 6.0.472.53~r57914-1 - webkit <not-affected> (notifications not yet used in webkit) NOTE: http://trac.webkit.org/changeset/64647 NOTE: http://trac.webkit.org/changeset/64651 -CVE-2010-3252 (Use-after-free vulnerability in the Notifications presenter in Google ...) +CVE-2010-3252 - chromium-browser 6.0.472.53~r57914-1 - webkit <not-affected> (notifications not yet used in webkit) NOTE: https://bugs.webkit.org/show_bug.cgi?id=43645 NOTE: http://trac.webkit.org/changeset/65742 -CVE-2010-3251 (The WebSockets implementation in Google Chrome before 6.0.472.53 ...) +CVE-2010-3251 - chromium-browser 6.0.472.53~r57914-1 - webkit <not-affected> NOTE: chromium specific -CVE-2010-3250 (Unspecified vulnerability in Google Chrome before 6.0.472.53 allows ...) +CVE-2010-3250 - chromium-browser 6.0.472.53~r57914-1 - webkit <not-affected> NOTE: chromium specific -CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG ...) +CVE-2010-3249 - chromium-browser 6.0.472.53~r57914-1 NOTE: http://trac.webkit.org/changeset/60541 -CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict copying to ...) +CVE-2010-3248 - chromium-browser 6.0.472.53~r57914-1 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/58703 -CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the ...) +CVE-2010-3247 - chromium-browser 6.0.472.53~r57914-1 - webkit <not-affected> NOTE: chromium specific -CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the _blank ...) +CVE-2010-3246 - chromium-browser 6.0.472.53~r57914-1 - webkit <not-affected> (vulnerable code not present in 1.2.x series) NOTE: https://bugs.webkit.org/show_bug.cgi?id=34541 NOTE: https://bugs.webkit.org/show_bug.cgi?id=44969 NOTE: http://trac.webkit.org/changeset/66742 -CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite ...) +CVE-2010-3245 NOT-FOR-US: Blackboard Transact Suite -CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly ...) +CVE-2010-3244 NOT-FOR-US: Blackboard Transact Suite -CVE-2010-3306 (Directory traversal vulnerability in the modURL function in instance.c ...) +CVE-2010-3306 - weborf 0.12.3-1 (bug #596112) -CVE-2010-3243 (Cross-site scripting (XSS) vulnerability in the toStaticHTML function ...) +CVE-2010-3243 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-3242 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...) +CVE-2010-3242 NOT-FOR-US: Microsoft Excel -CVE-2010-3241 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...) +CVE-2010-3241 NOT-FOR-US: Microsoft Excel -CVE-2010-3240 (Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office ...) +CVE-2010-3240 NOT-FOR-US: Microsoft Excel -CVE-2010-3239 (Microsoft Excel 2002 SP3 does not properly validate record ...) +CVE-2010-3239 NOT-FOR-US: Microsoft Excel -CVE-2010-3238 (Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does ...) +CVE-2010-3238 NOT-FOR-US: Microsoft Excel -CVE-2010-3237 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly ...) +CVE-2010-3237 NOT-FOR-US: Microsoft Excel -CVE-2010-3236 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...) +CVE-2010-3236 NOT-FOR-US: Microsoft Excel -CVE-2010-3235 (Microsoft Excel 2002 SP3 does not properly validate formula ...) +CVE-2010-3235 NOT-FOR-US: Microsoft Excel -CVE-2010-3234 (Microsoft Excel 2002 SP3 does not properly validate formula ...) +CVE-2010-3234 NOT-FOR-US: Microsoft Excel -CVE-2010-3233 (Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate ...) +CVE-2010-3233 NOT-FOR-US: Microsoft Excel -CVE-2010-3232 (Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; ...) +CVE-2010-3232 NOT-FOR-US: Microsoft Excel -CVE-2010-3231 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...) +CVE-2010-3231 NOT-FOR-US: Microsoft Excel -CVE-2010-3230 (Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers ...) +CVE-2010-3230 NOT-FOR-US: Microsoft Excel -CVE-2010-3229 (The Secure Channel (aka SChannel) security package in Microsoft ...) +CVE-2010-3229 NOT-FOR-US: Microsoft OSes -CVE-2010-3228 (The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms ...) +CVE-2010-3228 NOT-FOR-US: Microsoft .NET Framework -CVE-2010-3227 (Stack-based buffer overflow in the UpdateFrameTitleForDocument method ...) +CVE-2010-3227 NOT-FOR-US: Microsoft Windows CVE-2010-3226 REJECTED -CVE-2010-3225 (Use-after-free vulnerability in the Media Player Network Sharing ...) +CVE-2010-3225 NOT-FOR-US: Microsoft Windows Vista CVE-2010-3224 REJECTED -CVE-2010-3223 (The user interface in Microsoft Cluster Service (MSCS) in Microsoft ...) +CVE-2010-3223 NOT-FOR-US: Microsoft Windows -CVE-2010-3222 (Stack-based buffer overflow in the Remote Procedure Call Subsystem ...) +CVE-2010-3222 NOT-FOR-US: Microsoft Windows -CVE-2010-3221 (Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word ...) +CVE-2010-3221 NOT-FOR-US: Microsoft Word -CVE-2010-3220 (Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 ...) +CVE-2010-3220 NOT-FOR-US: Microsoft Word -CVE-2010-3219 (Array index vulnerability in Microsoft Word 2002 SP3 allows remote ...) +CVE-2010-3219 NOT-FOR-US: Microsoft Word -CVE-2010-3218 (Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote ...) +CVE-2010-3218 NOT-FOR-US: Microsoft Word -CVE-2010-3217 (Double free vulnerability in Microsoft Word 2002 SP3 allows remote ...) +CVE-2010-3217 NOT-FOR-US: Microsoft Word -CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers ...) +CVE-2010-3216 NOT-FOR-US: Microsoft Word -CVE-2010-3215 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...) +CVE-2010-3215 NOT-FOR-US: Microsoft Word -CVE-2010-3214 (Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 ...) +CVE-2010-3214 NOT-FOR-US: Microsoft Word -CVE-2010-3213 (Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook ...) +CVE-2010-3213 NOT-FOR-US: Microsoft Outlook Web Access -CVE-2010-3212 (SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier ...) +CVE-2010-3212 NOT-FOR-US: Seagull -CVE-2010-3211 (Multiple SQL injection vulnerabilities in the JE FAQ Pro ...) +CVE-2010-3211 NOT-FOR-US: Joomla addon -CVE-2010-3210 (Multiple PHP remote file inclusion vulnerabilities in Multi-lingual ...) +CVE-2010-3210 NOT-FOR-US: Multi-lingual E-Commerce System -CVE-2010-3209 (Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 ...) +CVE-2010-3209 NOT-FOR-US: Seagull -CVE-2010-3208 (Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web ...) +CVE-2010-3208 NOT-FOR-US: Wiccle Web Builder -CVE-2010-3207 (SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when ...) +CVE-2010-3207 NOT-FOR-US: GaleriaSHQIP -CVE-2010-3206 (Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 ...) +CVE-2010-3206 NOT-FOR-US: DiY-CMS -CVE-2010-3205 (PHP remote file inclusion vulnerability in index.php in Textpattern ...) +CVE-2010-3205 - textpattern <removed> [squeeze] - textpattern <no-dsa> (Minor issue) -CVE-2010-3204 (Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 ...) +CVE-2010-3204 NOT-FOR-US: Pecio CMS -CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) ...) +CVE-2010-3203 NOT-FOR-US: PicSell -CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 ...) +CVE-2010-3202 NOT-FOR-US: flock -CVE-2010-3201 (Cross-site scripting (XSS) vulnerability in NetWin Surgemail before ...) +CVE-2010-3201 NOT-FOR-US: NetWin Surgemail -CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote ...) +CVE-2010-3200 NOT-FOR-US: Microsoft Word -CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...) +CVE-2010-3199 NOT-FOR-US: TortoiseSVN -CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows ...) +CVE-2010-3198 - zope2.10 <removed> - zope2.11 <removed> -CVE-2010-3197 (IBM DB2 9.7 before FP2 does not perform the expected access control on ...) +CVE-2010-3197 NOT-FOR-US: IBM DB2 -CVE-2010-3196 (IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote ...) +CVE-2010-3196 NOT-FOR-US: IBM DB2 -CVE-2010-3195 (Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, ...) +CVE-2010-3195 NOT-FOR-US: IBM DB2 -CVE-2010-3194 (The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 ...) +CVE-2010-3194 NOT-FOR-US: IBM DB2 -CVE-2010-3193 (Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before ...) +CVE-2010-3193 NOT-FOR-US: IBM DB2 -CVE-2010-3192 (Certain run-time memory protection mechanisms in the GNU C Library ...) +CVE-2010-3192 - eglibc <unfixed> (unimportant) NOTE: Minor information leak -CVE-2010-3191 (Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and ...) +CVE-2010-3191 NOT-FOR-US: Adobe Captivate -CVE-2010-3190 (Untrusted search path vulnerability in the Microsoft Foundation Class ...) +CVE-2010-3190 NOT-FOR-US: ATL MFC Trace Tool -CVE-2010-3189 (The extSetOwner function in the UfProxyBrowserCtrl ActiveX control ...) +CVE-2010-3189 NOT-FOR-US: Trend Micro Internet Security Pro -CVE-2010-3188 (SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and ...) +CVE-2010-3188 NOT-FOR-US: BugTracker.NET -CVE-2010-3187 (Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote ...) +CVE-2010-3187 NOT-FOR-US: IBM AIX -CVE-2010-3186 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and ...) +CVE-2010-3186 NOT-FOR-US: WebSphere CVE-2010-3185 RESERVED CVE-2010-3184 RESERVED -CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox ...) +CVE-2010-3183 {DSA-2124-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.14-1 @@ -5433,13 +5433,13 @@ CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla Firefo [lenny] - iceape <not-affected> (Only a stub package) [lenny] - xulrunner <not-affected> (bug in optimization added later) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3182 (A certain application-launch script in Mozilla Firefox before 3.5.14 ...) +CVE-2010-3182 - icedove 3.0.9-1 [lenny] - icedove <end-of-life> - iceweasel <not-affected> (run-mozilla.sh not used) -CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 ...) +CVE-2010-3181 - iceweasel <not-affected> (Windows-specific) -CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in Mozilla ...) +CVE-2010-3180 {DSA-2124-1} - xulrunner <removed> (unimportant) - icedove 3.0.9-1 @@ -5449,7 +5449,7 @@ CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in Mozilla [lenny] - iceape <not-affected> (Only a stub package) [lenny] - icedove <end-of-life> NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality in ...) +CVE-2010-3179 {DSA-2124-1} - xulrunner <removed> (unimportant) - icedove 3.0.9-1 @@ -5459,7 +5459,7 @@ CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality i - iceape 2.0.9-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...) +CVE-2010-3178 {DSA-2124-1} - xulrunner <removed> (unimportant) - icedove 3.0.9-1 @@ -5469,7 +5469,7 @@ CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbir - iceape 2.0.9-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the Gopher ...) +CVE-2010-3177 {DSA-2124-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.14-1 @@ -5477,7 +5477,7 @@ CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the Gopher - iceape 2.0.9-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2010-3176 {DSA-2124-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.14-1 @@ -5485,9 +5485,9 @@ CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in Moz - iceape 2.0.9-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3175 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2010-3175 - iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental) -CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) +CVE-2010-3174 {DSA-2124-1} - xulrunner <removed> (unimportant) - icedove 3.0.9-1 @@ -5497,15 +5497,15 @@ CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla Firefo - iceape 2.0.9-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x ...) +CVE-2010-3173 {DSA-2123-1} - nss 3.12.8-1 -CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before ...) +CVE-2010-3172 - bugzilla 3.6.3.0-1 (bug #602420; low) [squeeze] - bugzilla 3.6.2.0-4.2 -CVE-2010-3171 (The Math.random function in the JavaScript implementation in Mozilla ...) +CVE-2010-3171 NOTE: Will likely be rejected by MITRE -CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...) +CVE-2010-3170 {DSA-2123-1} - nss 3.12.8-1 - kde4libs 4:4.4.5-4 (low) @@ -5514,7 +5514,7 @@ CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbir [lenny] - qt4-x11 <not-affected> (Vulnerable code not present) [squeeze] - kde4libs 4:4.4.5-2+squeeze2 [lenny] - kde4libs <no-dsa> (Minor issue) -CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2010-3169 {DSA-2106-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 @@ -5524,7 +5524,7 @@ CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Moz - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3168 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...) +CVE-2010-3168 {DSA-2106-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 @@ -5534,7 +5534,7 @@ CVE-2010-3168 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3167 (The nsTreeContentView function in Mozilla Firefox before 3.5.12 and ...) +CVE-2010-3167 {DSA-2106-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 @@ -5544,7 +5544,7 @@ CVE-2010-3167 (The nsTreeContentView function in Mozilla Firefox before 3.5.12 a - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3166 (Heap-based buffer overflow in the nsTextFrameUtils::TransformText ...) +CVE-2010-3166 - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) @@ -5554,98 +5554,98 @@ CVE-2010-3166 (Heap-based buffer overflow in the nsTextFrameUtils::TransformText - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-3165 (Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and ...) +CVE-2010-3165 NOT-FOR-US: Yokka NoEditor and others -CVE-2010-3164 (Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and ...) +CVE-2010-3164 NOT-FOR-US: Fenrir Sleipnir, Grani -CVE-2010-3163 (Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 ...) +CVE-2010-3163 NOT-FOR-US: Fenrir Sleipnir, Grani -CVE-2010-3162 (Untrusted search path vulnerability in Apsaly before 3.74 allows local ...) +CVE-2010-3162 NOT-FOR-US: Apsaly -CVE-2010-3161 (Untrusted search path vulnerability in TeraPad before 1.00 allows ...) +CVE-2010-3161 NOT-FOR-US: TeraPad -CVE-2010-3160 (Untrusted search path vulnerability in Archive Decoder 1.23 and ...) +CVE-2010-3160 NOT-FOR-US: Archive Decoder -CVE-2010-3159 (Untrusted search path vulnerability in Explzh 5.67 and earlier allows ...) +CVE-2010-3159 NOT-FOR-US: Explzh -CVE-2010-3158 (Untrusted search path vulnerability in Lhaplus before 1.58 allows ...) +CVE-2010-3158 NOT-FOR-US: Lhaplus -CVE-2010-3157 (Untrusted search path vulnerability in XacRett before 50 allows ...) +CVE-2010-3157 NOT-FOR-US: XacRett -CVE-2010-3156 (Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows ...) +CVE-2010-3156 NOT-FOR-US: K2Editor -CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 ...) +CVE-2010-3133 - wireshark <not-affected> (Only affects Windows port) -CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 ...) +CVE-2010-3131 - xulrunner <not-affected> (Only affects Windows port) - iceweasel <not-affected> (Only affects Windows port) CVE-2010-3123 RESERVED -CVE-2010-3155 (Untrusted search path vulnerability in Adobe ExtendScript Toolkit ...) +CVE-2010-3155 NOT-FOR-US: Adobe ExtendedScript Toolkit -CVE-2010-3154 (Untrusted search path vulnerability in Adobe Extension Manager CS5 ...) +CVE-2010-3154 NOT-FOR-US: Adobe Extension Manager -CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0, ...) +CVE-2010-3153 NOT-FOR-US: Adobe InDesign -CVE-2010-3152 (Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, ...) +CVE-2010-3152 NOT-FOR-US: Adobe Illustrator -CVE-2010-3151 (Untrusted search path vulnerability in Adobe On Location CS4 Build 315 ...) +CVE-2010-3151 NOT-FOR-US: Adobe On Location -CVE-2010-3150 (Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 ...) +CVE-2010-3150 NOT-FOR-US: Adobe Premier Pro -CVE-2010-3149 (Untrusted search path vulnerability in Adobe Device Central CS5 ...) +CVE-2010-3149 NOT-FOR-US: Adobe Device Central -CVE-2010-3148 (Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows ...) +CVE-2010-3148 NOT-FOR-US: Microsoft Visio -CVE-2010-3147 (Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in ...) +CVE-2010-3147 NOT-FOR-US: Microsoft Address Book -CVE-2010-3146 (Multiple untrusted search path vulnerabilities in Microsoft Groove ...) +CVE-2010-3146 NOT-FOR-US: Microsoft Office Groove -CVE-2010-3145 (Untrusted search path vulnerability in the BitLocker Drive Encryption ...) +CVE-2010-3145 NOT-FOR-US: Microsoft Vista BitLocker -CVE-2010-3144 (Untrusted search path vulnerability in the Internet Connection Signup ...) +CVE-2010-3144 NOT-FOR-US: Microsoft Internet Connection Signup Wizard -CVE-2010-3143 (Untrusted search path vulnerability in Microsoft Windows Contacts ...) +CVE-2010-3143 NOT-FOR-US: Microsoft Windows Contacts -CVE-2010-3142 (Untrusted search path vulnerability in Microsoft Office PowerPoint ...) +CVE-2010-3142 NOT-FOR-US: Microsoft Office PowerPoint -CVE-2010-3141 (Untrusted search path vulnerability in Microsoft PowerPoint 2010 ...) +CVE-2010-3141 NOT-FOR-US: Microsoft Power Point -CVE-2010-3140 (Untrusted search path vulnerability in Microsoft Windows Internet ...) +CVE-2010-3140 NOT-FOR-US: Microsoft Windows Internet Communication Settings -CVE-2010-3139 (Untrusted search path vulnerability in Microsoft Windows Progman Group ...) +CVE-2010-3139 NOT-FOR-US: Microsoft Windows Progman Group Converter -CVE-2010-3138 (Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax ...) +CVE-2010-3138 NOT-FOR-US: Microsoft Windows Media Player -CVE-2010-3137 (Untrusted search path vulnerability in Nullsoft Winamp 5.581, and ...) +CVE-2010-3137 NOT-FOR-US: Nullsoft Winamp -CVE-2010-3136 (Untrusted search path vulnerability in Skype 4.2.0.169 and earlier ...) +CVE-2010-3136 NOT-FOR-US: Skype -CVE-2010-3135 (Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows ...) +CVE-2010-3135 NOT-FOR-US: Cisco Packet Tracer -CVE-2010-3134 (Untrusted search path vulnerability in Google Earth 5.1.3535.3218 ...) +CVE-2010-3134 NOT-FOR-US: Google Earth -CVE-2010-3132 (Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 ...) +CVE-2010-3132 NOT-FOR-US: Adobe Dreamweaver -CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) ...) +CVE-2010-3130 NOT-FOR-US: TechSmith Snagit -CVE-2010-3129 (Untrusted search path vulnerability in uTorrent 2.0.3 and earlier ...) +CVE-2010-3129 NOT-FOR-US: uTorrent -CVE-2010-3128 (Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier ...) +CVE-2010-3128 NOT-FOR-US: TeamViewer -CVE-2010-3127 (Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 ...) +CVE-2010-3127 NOT-FOR-US: Adobe PhotoShop -CVE-2010-3126 (Untrusted search path vulnerability in avast! Free Antivirus version ...) +CVE-2010-3126 NOT-FOR-US: avast! Free Antivirus version -CVE-2010-3125 (Untrusted search path vulnerability in TeamMate Audit Management ...) +CVE-2010-3125 NOT-FOR-US: TeamMate Audit Management Software Suite -CVE-2010-3122 (The DevonIT thin-client management tool relies on a shared secret for ...) +CVE-2010-3122 NOT-FOR-US: DevonIT thin-client management tool -CVE-2010-3121 (Buffer overflow in tm-console-bin in the DevonIT thin-client ...) +CVE-2010-3121 NOT-FOR-US: DevonIT thin-client management tool -CVE-2010-3124 (Untrusted search path vulnerability in bin/winvlc.c in VLC Media ...) +CVE-2010-3124 - vlc <not-affected> (Windows specific vulnerability) -CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the ...) +CVE-2010-3120 - chromium-browser 5.0.375.127~r55887-1 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) @@ -5654,19 +5654,19 @@ CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096 NOTE: http://trac.webkit.org/changeset/65329 NOTE: http://trac.webkit.org/changeset/65325 -CVE-2010-3119 (Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not ...) +CVE-2010-3119 - chromium-browser 5.0.375.127~r55887-1 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795 NOTE: http://trac.webkit.org/changeset/65090 -CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google Chrome ...) +CVE-2010-3118 - chromium-browser 5.0.375.127~r55887-1 - webkit <not-affected> (chromium specific) -CVE-2010-3117 (Google Chrome before 5.0.375.127 does not properly implement the ...) +CVE-2010-3117 - chromium-browser 5.0.375.127~r55887-1 - webkit <not-affected> (chromium specific) -CVE-2010-3116 (Multiple use-after-free vulnerabilities in WebKit, as used in Apple ...) +CVE-2010-3116 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 @@ -5674,188 +5674,188 @@ CVE-2010-3116 (Multiple use-after-free vulnerabilities in WebKit, as used in App NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147 NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888 NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series -CVE-2010-3115 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not ...) +CVE-2010-3115 - webkit 1.2.5-1 (bug #599830) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: http://trac.webkit.org/changeset/63925 NOTE: http://trac.webkit.org/changeset/64077 NOTE: only partially fixed: only 64077 applied in 1.2.4-1 -CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127, ...) +CVE-2010-3114 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655 NOTE: http://trac.webkit.org/changeset/63773 -CVE-2010-3113 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not ...) +CVE-2010-3113 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659 NOTE: http://trac.webkit.org/changeset/63865 -CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement file ...) +CVE-2010-3112 - webkit <not-affected> (chromium specific) - chromium-browser 5.0.375.127~r55887-1 -CVE-2010-3111 (Google Chrome before 6.0.472.53 does not properly mitigate an ...) +CVE-2010-3111 - chromium-browser 5.0.375.127~r55887-1 - webkit <not-affected> (chromium specific) -CVE-2010-3110 (Multiple buffer overflows in the Novell Client novfs module for the ...) +CVE-2010-3110 NOT-FOR-US: novfs kernel module (only included in SUSE it seems) -CVE-2010-2948 (Stack-based buffer overflow in the bgp_route_refresh_receive function ...) +CVE-2010-2948 {DSA-2104-1} - quagga 0.99.17-1 (bug #594262) -CVE-2010-2949 (bgpd in Quagga before 0.99.17 does not properly parse AS paths, which ...) +CVE-2010-2949 {DSA-2104-1} - quagga 0.99.17-1 (bug #594262) -CVE-2010-3109 (Stack-based buffer overflow in the browser plugin in Novell iPrint ...) +CVE-2010-3109 NOT-FOR-US: browser plugin in Novell iPrint Client -CVE-2010-3108 (Buffer overflow in the browser plugin in Novell iPrint Client before ...) +CVE-2010-3108 NOT-FOR-US: browser plugin in Novell iPrint Client -CVE-2010-3107 (A certain ActiveX control in ienipp.ocx in the browser plugin in ...) +CVE-2010-3107 NOT-FOR-US: browser plugin in Novell iPrint Client -CVE-2010-3106 (The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint ...) +CVE-2010-3106 NOT-FOR-US: browser plugin in Novell iPrint Client -CVE-2010-3105 (The PluginGetDriverFile function in Novell iPrint Client before 5.44 ...) +CVE-2010-3105 NOT-FOR-US: browser plugin in Novell iPrint Client -CVE-2010-3104 (Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, ...) +CVE-2010-3104 NOT-FOR-US: DeskShare AutoFTP Manager -CVE-2010-3103 (Directory traversal vulnerability in FTPGetter Team FTPGetter ...) +CVE-2010-3103 NOT-FOR-US: FTPGetter -CVE-2010-3102 (Directory traversal vulnerability in SiteDesigner Technologies, Inc. ...) +CVE-2010-3102 NOT-FOR-US: SiteDesigner Technologies -CVE-2010-3101 (Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 ...) +CVE-2010-3101 NOT-FOR-US: FTPx Corp FTP Explorer -CVE-2010-3100 (Directory traversal vulnerability in Porta+ FTP Client 4.1, and ...) +CVE-2010-3100 NOT-FOR-US: Porta+ FTP Client -CVE-2010-3099 (Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client ...) +CVE-2010-3099 NOT-FOR-US: SmartSoft Ltd SmartFTP -CVE-2010-3098 (Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 ...) +CVE-2010-3098 NOT-FOR-US: IoRush Software FTP Rush -CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP client ...) +CVE-2010-3097 NOT-FOR-US: WinFrigate Frigate 3 FTP -CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...) +CVE-2010-3096 NOT-FOR-US: SoftX FTP Client 3.3 CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313] RESERVED - mailscanner 4.79.11-2.1 (bug #596403) -CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x ...) +CVE-2010-3094 {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) -CVE-2010-3093 (The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 ...) +CVE-2010-3093 {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) -CVE-2010-3092 (The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does ...) +CVE-2010-3092 {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) -CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...) +CVE-2010-3091 {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) CVE-2010-3090 REJECTED -CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman ...) +CVE-2010-3089 {DSA-2170-1} - mailman 1:2.1.13-4.1 (bug #599833) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id={631881,631859} -CVE-2010-3088 (The notify function in pidgin-knotify.c in the pidgin-knotify plugin ...) +CVE-2010-3088 NOT-FOR-US: Knotify plugin for Pidgin -CVE-2010-3087 (LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote ...) +CVE-2010-3087 - tiff 3.9.4-5 (bug #600188) - tiff3 <not-affected> (fixed before initial upload) [lenny] - tiff <not-affected> (Vulnerable code not present) -CVE-2010-3086 (include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not ...) +CVE-2010-3086 - linux-2.6 2.6.25-1 -CVE-2010-3085 (The network-play implementation in Mednafen before 0.8.D might allow ...) +CVE-2010-3085 - mednafen 0.8.D-1 (unimportant) NOTE: Extremely obscure attack vector, marking as unimportant -CVE-2010-3084 (Buffer overflow in the niu_get_ethtool_tcam_all function in ...) +CVE-2010-3084 - linux-2.6 2.6.32-25 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.30) -CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat ...) +CVE-2010-3083 - qpid-cpp <not-affected> (Fixed before initial upload to archive) -CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...) +CVE-2010-3082 - python-django 1.2.3-1 (low; bug #596205) NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/ -CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in ...) +CVE-2010-3081 {DSA-2110-1} - linux-2.6 2.6.32-23 (high) -CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in ...) +CVE-2010-3080 {DSA-2110-1} - linux-2.6 2.6.32-24 -CVE-2010-3079 (kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when ...) +CVE-2010-3079 - linux-2.6 2.6.32-24 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30) -CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...) +CVE-2010-3078 {DSA-2110-1} - linux-2.6 2.6.32-24 -CVE-2010-3077 (Cross-site scripting (XSS) vulnerability in util/icon_browser.php in ...) +CVE-2010-3077 {DSA-2278-1} - horde3 3.3.8+debian0-2 (bug #598582) NOTE: http://seclists.org/fulldisclosure/2010/Sep/82 -CVE-2010-3076 (The filter function in php/src/include.php in Simple Management for ...) +CVE-2010-3076 {DSA-2103-1} - smbind 0.4.7-5 (high) NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt -CVE-2010-3075 (EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher ...) +CVE-2010-3075 - encfs 1.7.2-1 (bug #595998) [lenny] - encfs <no-dsa> (Not backportable, breaks backwards-compatibility) -CVE-2010-3074 (SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of ...) +CVE-2010-3074 - encfs 1.7.2-1 (bug #595998) [lenny] - encfs <no-dsa> (Minor issue) -CVE-2010-3073 (SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer ...) +CVE-2010-3073 - encfs 1.7.2-1 (bug #595998) [lenny] - encfs <no-dsa> (Minor issue) -CVE-2010-3072 (The string-comparison functions in String.cci in Squid 3.x before ...) +CVE-2010-3072 {DSA-2111-1} - squid3 3.1.6-1.1 (bug #596086; low) - squid <not-affected> (Only affects 3.x) -CVE-2010-3071 (bip before 0.8.6 allows remote attackers to cause a denial of service ...) +CVE-2010-3071 - bip 0.8.6-1 (low; bug #595409) [lenny] - bip <not-affected> (vulnerable code ('LINK(lc)->name') not in 0.7.4-2) [squeeze] - bip 0.8.2-1squeeze2 -CVE-2010-3070 (Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in ...) +CVE-2010-3070 - nusoap 0.7.3-4 (low; bug #595248) -CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse ...) +CVE-2010-3069 {DSA-2109-1} - samba 2:3.5.5~dfsg-1 (bug #596891) CVE-2010-3068 REJECTED -CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the Linux ...) +CVE-2010-3067 {DSA-2126-1} - linux-2.6 2.6.32-24 -CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel before ...) +CVE-2010-3066 - linux-2.6 2.6.23-1 -CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...) +CVE-2010-3064 - php5 <removed> (unimportant) NOTE: mysqlnd not used in squeeze/sid -CVE-2010-3063 (The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...) +CVE-2010-3063 - php5 <removed> (unimportant) NOTE: mysqlnd not used in squeeze/sid -CVE-2010-3062 (mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...) +CVE-2010-3062 - php5 <removed> (unimportant) NOTE: mysqlnd not used in squeeze/sid -CVE-2010-3061 (Unspecified vulnerability in the message-protocol implementation in ...) +CVE-2010-3061 NOT-FOR-US: Tivoli -CVE-2010-3060 (Unspecified vulnerability in the message-protocol implementation in ...) +CVE-2010-3060 NOT-FOR-US: Tivoli -CVE-2010-3059 (Buffer overflow in the message-protocol implementation in the Server ...) +CVE-2010-3059 NOT-FOR-US: Tivoli -CVE-2010-3058 (The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x ...) +CVE-2010-3058 NOT-FOR-US: Tivoli -CVE-2010-3065 (The default session serializer in PHP 5.2 through 5.2.13 and 5.3 ...) +CVE-2010-3065 {DSA-2089-1} - php5 5.3.3-1 CVE-2010-3057 RESERVED -CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions before ...) +CVE-2010-3054 - freetype 2.4.2-1 (unimportant) -CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause ...) +CVE-2010-3053 {DSA-2105-1} - freetype 2.4.2-1 -CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) +CVE-2010-3056 {DSA-2097-2 DSA-2097-1} - phpmyadmin 4:3.3.5.1-1 NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php -CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in phpMyAdmin ...) +CVE-2010-3055 {DSA-2097-2 DSA-2097-1} - phpmyadmin 4:3.0.0 NOTE: Affects only 2.x branch @@ -5863,9 +5863,9 @@ CVE-2010-3052 RESERVED CVE-2010-3051 RESERVED -CVE-2010-3050 (Cisco IOS before 12.2(33)SXI allows remote authenticated users to ...) +CVE-2010-3050 NOT-FOR-US: Cisco -CVE-2010-3049 (Cisco IOS before 12.2(33)SXI allows local users to cause a denial of ...) +CVE-2010-3049 NOT-FOR-US: Cisco CVE-2010-3048 RESERVED @@ -5875,357 +5875,357 @@ CVE-2010-3046 RESERVED CVE-2010-3045 RESERVED -CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...) +CVE-2010-3044 NOT-FOR-US: Cisco WebEx -CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...) +CVE-2010-3043 NOT-FOR-US: Cisco WebEx -CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...) +CVE-2010-3042 NOT-FOR-US: Cisco WebEx -CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...) +CVE-2010-3041 NOT-FOR-US: Cisco WebEx -CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...) +CVE-2010-3040 NOT-FOR-US: Cisco Intelligent Contact Manager -CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications ...) +CVE-2010-3039 NOT-FOR-US: Cisco Unified Communications Manager -CVE-2010-3038 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the ...) +CVE-2010-3038 NOT-FOR-US: Cisco Unified Videoconferencing -CVE-2010-3037 (goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing ...) +CVE-2010-3037 NOT-FOR-US: Cisco Unified Videoconferencing -CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in the ...) +CVE-2010-3036 NOT-FOR-US: Cisco -CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not ...) +CVE-2010-3035 NOT-FOR-US: Cisco IOS XR -CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...) +CVE-2010-3034 NOT-FOR-US: Cisco -CVE-2010-3033 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...) +CVE-2010-3033 NOT-FOR-US: Cisco -CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in ...) +CVE-2010-3032 NOT-FOR-US: SAP Crystal Reports 2008 -CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other ...) +CVE-2010-3031 NOT-FOR-US: Wyse ThinOS -CVE-2010-3030 (Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open ...) +CVE-2010-3030 NOT-FOR-US: Tomaz Muraus Open Blog -CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows ...) +CVE-2010-3029 NOT-FOR-US: PHPKick -CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses insecure ...) +CVE-2010-3028 NOT-FOR-US: Joomla! -CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball Script ...) +CVE-2010-3027 NOT-FOR-US: Tycoon Baseball Script -CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2010-3026 NOT-FOR-US: Tomaz Muraus Open Blog -CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus ...) +CVE-2010-3025 NOT-FOR-US: Tomaz Muraus Open Blog -CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2010-3024 NOT-FOR-US: DiamondList -CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in DiamondList ...) +CVE-2010-3023 NOT-FOR-US: DiamondList -CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance logging ...) +CVE-2010-3022 NOT-FOR-US: Drupal Addon -CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote ...) +CVE-2010-3021 NOT-FOR-US: Opera -CVE-2010-3020 (The news-feed preview feature in Opera before 10.61 does not properly ...) +CVE-2010-3020 NOT-FOR-US: Opera -CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote ...) +CVE-2010-3019 NOT-FOR-US: Opera -CVE-2010-3018 (RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before ...) +CVE-2010-3018 NOT-FOR-US: RSA Access Manager -CVE-2010-3017 (Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before ...) +CVE-2010-3017 NOT-FOR-US: RSA Access Manager CVE-2010-3016 REJECTED -CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...) +CVE-2010-3013 NOT-FOR-US: Pligg -CVE-2010-3012 (Cross-site scripting (XSS) vulnerability in HP System Management ...) +CVE-2010-3012 NOT-FOR-US: HP System Management Homepage -CVE-2010-3011 (CRLF injection vulnerability in HP System Management Homepage (SMH) ...) +CVE-2010-3011 NOT-FOR-US: HP System Management Homepage -CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect ...) +CVE-2010-3010 NOT-FOR-US: HP 3Com OfficeConnect -CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for ...) +CVE-2010-3009 NOT-FOR-US: HP System Management Homepage -CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data ...) +CVE-2010-3008 NOT-FOR-US: HP Data Protector Express -CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data ...) +CVE-2010-3007 NOT-FOR-US: HP Data Protector Express -CVE-2010-3006 (Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote ...) +CVE-2010-3006 NOT-FOR-US: HP ProLiant G6 Lights-Out -CVE-2010-3005 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...) +CVE-2010-3005 NOT-FOR-US: HP Operations Agents -CVE-2010-3004 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...) +CVE-2010-3004 NOT-FOR-US: HP Operations Agents -CVE-2010-3003 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics ...) +CVE-2010-3003 NOT-FOR-US: HP Insight Diagnostics Online Edition -CVE-2010-3002 (Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 ...) +CVE-2010-3002 NOT-FOR-US: RealPlayer -CVE-2010-3001 (Unspecified vulnerability in an ActiveX control in the Internet ...) +CVE-2010-3001 NOT-FOR-US: Internet Explorer -CVE-2010-3000 (Multiple integer overflows in the ParseKnownType function in ...) +CVE-2010-3000 NOT-FOR-US: RealPlayer -CVE-2010-2999 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, ...) +CVE-2010-2999 NOT-FOR-US: RealPlayer -CVE-2010-2998 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 and ...) +CVE-2010-2998 NOT-FOR-US: RealNetworks RealPlayer -CVE-2010-2997 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-2997 NOT-FOR-US: RealPlayer -CVE-2010-2996 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 on ...) +CVE-2010-2996 NOT-FOR-US: RealPlayer -CVE-2010-2991 (The IICAClient interface in the ICAClient library in the ICA Client ...) +CVE-2010-2991 NOT-FOR-US: Citrix ICA Client -CVE-2010-2990 (Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, ...) +CVE-2010-2990 NOT-FOR-US: Citrix ICA Client -CVE-2010-2989 (nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for ...) +CVE-2010-2989 NOT-FOR-US: Nessus -CVE-2010-2988 (Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless ...) +CVE-2010-2988 NOT-FOR-US: Cisco -CVE-2010-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless ...) +CVE-2010-2987 NOT-FOR-US: Cisco -CVE-2010-2986 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-2986 NOT-FOR-US: Cisco -CVE-2010-2985 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...) +CVE-2010-2985 NOT-FOR-US: IBM WebSphere -CVE-2010-2984 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...) +CVE-2010-2984 NOT-FOR-US: Cisco -CVE-2010-2983 (The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless ...) +CVE-2010-2983 NOT-FOR-US: Cisco -CVE-2010-2982 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 ...) +CVE-2010-2982 NOT-FOR-US: Cisco -CVE-2010-2981 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 ...) +CVE-2010-2981 NOT-FOR-US: Cisco -CVE-2010-2980 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...) +CVE-2010-2980 NOT-FOR-US: Cisco -CVE-2010-2979 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...) +CVE-2010-2979 NOT-FOR-US: Cisco -CVE-2010-2978 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...) +CVE-2010-2978 NOT-FOR-US: Cisco -CVE-2010-2977 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...) +CVE-2010-2977 NOT-FOR-US: Cisco -CVE-2010-2976 (The controller in Cisco Unified Wireless Network (UWN) Solution 7.x ...) +CVE-2010-2976 NOT-FOR-US: Cisco -CVE-2010-2975 (Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 ...) +CVE-2010-2975 NOT-FOR-US: Cisco -CVE-2010-2974 (Stack-based buffer overflow in the IConfigurationAccess interface in ...) +CVE-2010-2974 NOT-FOR-US: Wonderware Application Server -CVE-2010-2973 (Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone ...) +CVE-2010-2973 NOT-FOR-US: Apple CVE-2010-2972 REJECTED -CVE-2010-3014 (The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when ...) +CVE-2010-3014 - kfreebsd-7 <unfixed> - kfreebsd-8 8.1-5 - kfreebsd-9 <not-affected> (fixed prior to first upload) - kfreebsd-10 <not-affected> (fixed prior to first upload) -CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in ...) +CVE-2010-3015 {DSA-2094-1} - linux-2.6 2.6.32-22 -CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark ...) +CVE-2010-2995 {DSA-2101-1} - wireshark 1.2.10-1 -CVE-2010-2992 (packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through ...) +CVE-2010-2992 - wireshark 1.2.10-1 [lenny] - wireshark <not-affected> (Only affects 1.2.x) -CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark ...) +CVE-2010-2994 {DSA-2101-1} - wireshark 1.2.10-1 -CVE-2010-2993 (The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote ...) +CVE-2010-2993 - wireshark 1.2.10-1 [lenny] - wireshark <not-affected> (Only affects 1.2.x) -CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly ...) +CVE-2010-2971 {DSA-2081-1} - libmikmod 3.1.11-6.3 -CVE-2010-2970 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x ...) +CVE-2010-2970 - moin 1.9.3-1 (low) -CVE-2010-2969 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...) +CVE-2010-2969 - moin 1.9.3-1 -CVE-2010-2968 (The FTP daemon in Wind River VxWorks does not close the TCP connection ...) +CVE-2010-2968 NOT-FOR-US: vxworks -CVE-2010-2967 (The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks ...) +CVE-2010-2967 NOT-FOR-US: vxworks -CVE-2010-2966 (The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and ...) +CVE-2010-2966 NOT-FOR-US: vxworks -CVE-2010-2965 (The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and ...) +CVE-2010-2965 NOT-FOR-US: vxworks CVE-2010-2964 RESERVED -CVE-2010-2963 (drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) ...) +CVE-2010-2963 {DSA-2126-1} - linux-2.6 2.6.32-26 -CVE-2010-2962 (drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager ...) +CVE-2010-2962 - linux-2.6 2.6.32-25 [lenny] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the ...) +CVE-2010-2961 NOT-FOR-US: mountall -CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...) +CVE-2010-2960 - linux-2.6 2.6.32-23 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32) -CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) ...) +CVE-2010-2959 {DSA-2094-1} - linux-2.6 2.6.32-20 -CVE-2010-2958 (Cross-site scripting (XSS) vulnerability in libraries/Error.class.php ...) +CVE-2010-2958 - phpmyadmin 4:3.3.6-1 [lenny] - phpmyadmin <not-affected> (only affects 3.x) NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php -CVE-2010-2957 (Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, ...) +CVE-2010-2957 - serendipity 1.5.3-2 (bug #594905) -CVE-2010-2956 (Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not ...) +CVE-2010-2956 - sudo 1.7.4p4-1 (bug #595935) [lenny] - sudo <not-affected> (Only affects 1.7.x) NOTE: http://www.sudo.ws/sudo/alerts/runas_group.html -CVE-2010-2955 (The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in ...) +CVE-2010-2955 - linux-2.6 2.6.32-23 -CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel ...) +CVE-2010-2954 {DSA-2110-1} - linux-2.6 2.6.32-22 -CVE-2010-2953 (Untrusted search path vulnerability in a certain Debian GNU/Linux ...) +CVE-2010-2953 {DSA-2107-1} - couchdb 0.11.0-1 (low; bug #594412) -CVE-2010-2952 (Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, ...) +CVE-2010-2952 - trafficserver <not-affected> (Fixed before initial release) -CVE-2010-2951 (dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not ...) +CVE-2010-2951 - squid3 3.1.6-1.2 (bug #599709) [lenny] - squid3 <not-affected> (vulnerable code introduced in 3.1.6) NOTE: http://marc.info/?l=squid-users&m=128263555724981&w=2 -CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP ...) +CVE-2010-2950 - php5 5.3.3-2 (low) [lenny] - php5 <not-affected> (phar extension introduced in 5.3) -CVE-2010-2947 (Heap-based buffer overflow in the HX_split function in string.c in ...) +CVE-2010-2947 - libhx 3.5-2 (low; bug #594393) [lenny] - libhx <no-dsa> (Minor issue, asked maintainer to fix through spu) -CVE-2010-2946 (fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly ...) +CVE-2010-2946 - linux-2.6 2.6.32-21 [lenny] - linux-2.6 2.6.26-25 -CVE-2010-2945 (The default configuration of SLiM before 1.3.2 places ./ (dot slash) ...) +CVE-2010-2945 - slim 1.3.1-7 (low; bug #594414) [lenny] - slim 1.3.0-1+lenny3 -CVE-2010-2944 (The authenticate function in LDAPUserFolder/LDAPUserFolder.py in ...) +CVE-2010-2944 {DSA-2096-1} - zope-ldapuserfolder <removed> (high; bug #593466) -CVE-2010-2943 (The xfs implementation in the Linux kernel before 2.6.35 does not look ...) +CVE-2010-2943 - linux-2.6 2.6.37-1 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 [lenny] - linux-2.6 <not-affected> (test case fails on 2.6.26) -CVE-2010-2942 (The actions implementation in the network queueing functionality in ...) +CVE-2010-2942 - linux-2.6 2.6.32-25 [lenny] - linux-2.6 2.6.26-25 -CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate ...) +CVE-2010-2941 {DSA-2176-1} - cups 1.4.4-7 (bug #603344) -CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System ...) +CVE-2010-2940 - sssd 1.2.1-4 (bug #594413) -CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function in the ...) +CVE-2010-2939 {DSA-2100-1} - openssl 0.9.8o-2 (low; bug #594415) -CVE-2010-2938 (arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure ...) +CVE-2010-2938 - linux-2.6 <not-affected> (affected code not present in any of the released kernels; only affects xen package itself) - xen 4.0.1-1 NOTE: probably fixed well before this version, but this is the one i checked and its fixed -CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in ...) +CVE-2010-2937 - vlc 1.1.3-1 [lenny] - vlc <not-affected> (Vulnerable code not present) -CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in ...) +CVE-2010-2936 {DSA-2099-1} - openoffice.org 1:3.2.1-6 -CVE-2010-2935 (simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x ...) +CVE-2010-2935 {DSA-2099-1} - openoffice.org 1:3.2.1-6 -CVE-2010-2934 (Multiple unspecified vulnerabilities in ZNC 0.092 allow remote ...) +CVE-2010-2934 - znc 0.092-2 (unimportant; bug #599708) -CVE-2010-2933 (SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote ...) +CVE-2010-2933 NOT-FOR-US: AV Arcade -CVE-2010-2932 (Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control ...) +CVE-2010-2932 NOT-FOR-US: BarCodeWiz BarCode -CVE-2010-2931 (Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows ...) +CVE-2010-2931 NOT-FOR-US: SigPlus Pro activex control -CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in hsolink ...) +CVE-2010-2930 - hsolink <removed> -CVE-2010-2929 (Untrusted search path vulnerability in hsolinkcontrol in hsolink ...) +CVE-2010-2929 - hsolink <removed> -CVE-2010-2928 (The vCenter Tomcat Management Application in VMware vCenter Server 4.1 ...) +CVE-2010-2928 NOT-FOR-US: VMware vCenter Server -CVE-2010-2927 (The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) ...) +CVE-2010-2927 NOT-FOR-US: Tivoli -CVE-2010-2926 (SQL injection vulnerability in index.php in sNews 1.7 allows remote ...) +CVE-2010-2926 NOT-FOR-US: sNews CMS -CVE-2010-2925 (SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 ...) +CVE-2010-2925 NOT-FOR-US: OpenFreeway -CVE-2010-2924 (SQL injection vulnerability in myLDlinker.php in the myLinksDump ...) +CVE-2010-2924 NOT-FOR-US: myLinksDump WordPress plugin -CVE-2010-2923 (SQL injection vulnerability in the YouTube (com_youtube) component 1.5 ...) +CVE-2010-2923 NOT-FOR-US: com_youtube Joomla extension -CVE-2010-2922 (SQL injection vulnerability in default.asp in AKY Blog allows remote ...) +CVE-2010-2922 NOT-FOR-US: Aspindir AKY Blog -CVE-2010-2921 (SQL injection vulnerability in the Golf Course Guide ...) +CVE-2010-2921 NOT-FOR-US: Joomla Component com_golfcourseguide -CVE-2010-2920 (Directory traversal vulnerability in the Foobla Suggestions ...) +CVE-2010-2920 NOT-FOR-US: Joomla Component Foobla Suggestions -CVE-2010-2919 (SQL injection vulnerability in the StaticXT (com_staticxt) component ...) +CVE-2010-2919 NOT-FOR-US: Joomla Component StaticXT -CVE-2010-2918 (PHP remote file inclusion vulnerability in ...) +CVE-2010-2918 NOT-FOR-US: Joomla Component Visites -CVE-2010-2917 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ ...) +CVE-2010-2917 NOT-FOR-US: AJ square -CVE-2010-2916 (SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN ...) +CVE-2010-2916 NOT-FOR-US: AJ square -CVE-2010-2915 (SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME ...) +CVE-2010-2915 NOT-FOR-US: AJ square -CVE-2010-2914 (Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in ...) +CVE-2010-2914 NOT-FOR-US: Nessus plugin -CVE-2010-2913 (The Citibank Citi Mobile app before 2.0.3 for iOS stores account data ...) +CVE-2010-2913 NOT-FOR-US: Citibank Citi Mobile app -CVE-2010-2912 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 ...) +CVE-2010-2912 NOT-FOR-US: Kayako eSupport -CVE-2010-2911 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 ...) +CVE-2010-2911 NOT-FOR-US: Kayako eSupport -CVE-2010-2910 (SQL injection vulnerability in the Ozio Gallery (com_oziogallery) ...) +CVE-2010-2910 NOT-FOR-US: Ozio Gallery -CVE-2010-2909 (SQL injection vulnerability in ttvideo.php in the TTVideo ...) +CVE-2010-2909 NOT-FOR-US: Joomla addon -CVE-2010-2908 (SQL injection vulnerability in the Joomdle (com_joomdle) component ...) +CVE-2010-2908 NOT-FOR-US: Joomla addon -CVE-2010-2907 (SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) ...) +CVE-2010-2907 NOT-FOR-US: Joomla addon -CVE-2010-2906 (SQL injection vulnerability in articlesdetails.php in ScriptsFeed and ...) +CVE-2010-2906 NOT-FOR-US: ScriptsFeed / BrotherScripts -CVE-2010-2905 (SQL injection vulnerability in info.php in ScriptsFeed and ...) +CVE-2010-2905 NOT-FOR-US: ScriptsFeed / BrotherScripts -CVE-2010-2904 (Multiple cross-site scripting (XSS) vulnerabilities in the System ...) +CVE-2010-2904 NOT-FOR-US: System Landscape Directory -CVE-2010-2903 (Google Chrome before 5.0.375.125 performs unexpected truncation and ...) +CVE-2010-2903 - webkit <not-affected> (Chromium specific issue) - chromium-browser 5.0.375.125~r53311-1 -CVE-2010-2902 (The SVG implementation in Google Chrome before 5.0.375.125 allows ...) +CVE-2010-2902 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41621 NOTE: http://trac.webkit.org/changeset/62662 NOTE: duplicate of cve-2010-1793 -CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125 ...) +CVE-2010-2901 {DSA-2188-1} - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41373 NOTE: http://trac.webkit.org/changeset/63048 -CVE-2010-2900 (Google Chrome before 5.0.375.125 does not properly handle a large ...) +CVE-2010-2900 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41962 NOTE: http://trac.webkit.org/changeset/63219 -CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google ...) +CVE-2010-2899 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977 NOTE: http://trac.webkit.org/changeset/62134 -CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an ...) +CVE-2010-2898 - webkit <not-affected> (chromium specific issue) - chromium-browser 5.0.375.125~r53311-1 -CVE-2010-2897 (Google Chrome before 5.0.375.125 does not properly mitigate an ...) +CVE-2010-2897 - webkit <not-affected> (chromium specific issue) - chromium-browser 5.0.375.125~r53311-1 -CVE-2010-2896 (IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before ...) +CVE-2010-2896 NOT-FOR-US: IBM FileNet Content Manager CVE-2010-XXXX [flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it.] - openjdk-6 6b18-1.8.1-1 @@ -6237,254 +6237,254 @@ CVE-2010-2894 RESERVED CVE-2010-2893 RESERVED -CVE-2010-2892 (gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and ...) +CVE-2010-2892 NOT-FOR-US: LANDesk Management Gateway -CVE-2010-2891 (Buffer overflow in the smiGetNode function in lib/smi.c in libsmi ...) +CVE-2010-2891 {DSA-2145-1} - libsmi 0.4.8+dfsg2-3 -CVE-2010-2890 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) +CVE-2010-2890 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-2889 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) +CVE-2010-2889 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-2888 (Multiple unspecified vulnerabilities in an ActiveX control in Adobe ...) +CVE-2010-2888 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-2887 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x ...) +CVE-2010-2887 NOT-FOR-US: Adobe Reader and Acrobat -CVE-2010-2886 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp ...) +CVE-2010-2886 NOT-FOR-US: Adobe RoboHelp -CVE-2010-2885 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, ...) +CVE-2010-2885 NOT-FOR-US: Adobe RoboHelp -CVE-2010-2884 (Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, ...) +CVE-2010-2884 NOT-FOR-US: Adobe Flash Player -CVE-2010-2883 (Stack-based buffer overflow in CoolType.dll in Adobe Reader and ...) +CVE-2010-2883 NOT-FOR-US: Adobe Reader -CVE-2010-2882 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) +CVE-2010-2882 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2881 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) +CVE-2010-2881 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2880 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) +CVE-2010-2880 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2879 (Multiple integer overflows in the allocator in the TextXtra.x32 module ...) +CVE-2010-2879 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2878 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) +CVE-2010-2878 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2877 (Adobe Shockwave Player before 11.5.8.612 does not properly validate a ...) +CVE-2010-2877 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2876 (Adobe Shockwave Player before 11.5.8.612 does not properly validate ...) +CVE-2010-2876 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2875 (Integer signedness error in Adobe Shockwave Player before 11.5.8.612 ...) +CVE-2010-2875 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2874 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 ...) +CVE-2010-2874 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2873 (Adobe Shockwave Player before 11.5.8.612 does not properly validate ...) +CVE-2010-2873 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2872 (Adobe Shockwave Player before 11.5.8.612 does not properly validate an ...) +CVE-2010-2872 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2871 (Integer overflow in the 3D object functionality in Adobe Shockwave ...) +CVE-2010-2871 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2870 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) +CVE-2010-2870 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2869 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) +CVE-2010-2869 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2868 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) +CVE-2010-2868 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2867 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) +CVE-2010-2867 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2866 (Integer signedness error in the DIRAPI module in Adobe Shockwave ...) +CVE-2010-2866 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2865 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 ...) +CVE-2010-2865 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2864 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) +CVE-2010-2864 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2863 (Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a ...) +CVE-2010-2863 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and ...) +CVE-2010-2862 NOT-FOR-US: Adobe Reader -CVE-2010-2861 (Multiple directory traversal vulnerabilities in the administrator ...) +CVE-2010-2861 NOT-FOR-US: Adobe ColdFusion -CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts ...) +CVE-2010-2860 NOT-FOR-US: EMC -CVE-2010-2859 (news.php in SimpNews 2.47.3 and earlier allows remote attackers to ...) +CVE-2010-2859 NOT-FOR-US: SimpNews -CVE-2010-2858 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) +CVE-2010-2858 NOT-FOR-US: SimpNews -CVE-2010-2857 (Directory traversal vulnerability in the Music Manager component for ...) +CVE-2010-2857 NOT-FOR-US: Joomla! Music Manager -CVE-2010-2856 (Cross-site scripting (XSS) vulnerability in admin/currencies.php in ...) +CVE-2010-2856 NOT-FOR-US: osCSS -CVE-2010-2855 (Multiple SQL injection vulnerabilities in modfile.php in Event Horizon ...) +CVE-2010-2855 NOT-FOR-US: Event Horizon -CVE-2010-2854 (Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in ...) +CVE-2010-2854 NOT-FOR-US: Event Horizon -CVE-2010-2853 (SQL injection vulnerability in flashPlayer/playVideo.php in iScripts ...) +CVE-2010-2853 NOT-FOR-US: iScripts VisualCaster -CVE-2010-2852 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-2852 NOT-FOR-US: RunCMS -CVE-2010-2851 (SQL injection vulnerability in the BookLibrary From Same Author ...) +CVE-2010-2851 NOT-FOR-US: Joomla! BookLibrary From Same Author -CVE-2010-2850 (Directory traversal vulnerability in productionnu2/fileuploader.php in ...) +CVE-2010-2850 NOT-FOR-US: nuBuilder -CVE-2010-2849 (Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php ...) +CVE-2010-2849 NOT-FOR-US: nuBuilder -CVE-2010-2848 (Directory traversal vulnerability in ...) +CVE-2010-2848 NOT-FOR-US: Joomla! ArtForms -CVE-2010-2847 (Multiple SQL injection vulnerabilities in the InterJoomla ArtForms ...) +CVE-2010-2847 NOT-FOR-US: Joomla! ArtForms -CVE-2010-2846 (Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms ...) +CVE-2010-2846 NOT-FOR-US: Joomla! ArtForms -CVE-2010-2845 (SQL injection vulnerability in the QuickFAQ (com_quickfaq) component ...) +CVE-2010-2845 NOT-FOR-US: Joomla! QuickFAQ -CVE-2010-2844 (Cross-site scripting (XSS) vulnerability in news_show.php in Newanz ...) +CVE-2010-2844 NOT-FOR-US: Newanz NewsOffice -CVE-2010-2843 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...) +CVE-2010-2843 NOT-FOR-US: Cisco WLC -CVE-2010-2842 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...) +CVE-2010-2842 NOT-FOR-US: Cisco WLC -CVE-2010-2841 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...) +CVE-2010-2841 NOT-FOR-US: Cisco WLC -CVE-2010-2840 (The Presence Engine (PE) service in Cisco Unified Presence 6.x before ...) +CVE-2010-2840 NOT-FOR-US: Cisco -CVE-2010-2839 (SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) ...) +CVE-2010-2839 NOT-FOR-US: Cisco -CVE-2010-2838 (The SendCombinedStatusInfo implementation in Cisco Unified ...) +CVE-2010-2838 NOT-FOR-US: Cisco -CVE-2010-2837 (The SIPStationInit implementation in Cisco Unified Communications ...) +CVE-2010-2837 NOT-FOR-US: Cisco -CVE-2010-2836 (Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, ...) +CVE-2010-2836 NOT-FOR-US: Cisco -CVE-2010-2835 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...) +CVE-2010-2835 NOT-FOR-US: Cisco -CVE-2010-2834 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...) +CVE-2010-2834 NOT-FOR-US: Cisco -CVE-2010-2833 (Unspecified vulnerability in the NAT for H.225.0 implementation in ...) +CVE-2010-2833 NOT-FOR-US: Cisco -CVE-2010-2832 (Unspecified vulnerability in the NAT for H.323 implementation in Cisco ...) +CVE-2010-2832 NOT-FOR-US: Cisco -CVE-2010-2831 (Unspecified vulnerability in the NAT for SIP implementation in Cisco ...) +CVE-2010-2831 NOT-FOR-US: Cisco -CVE-2010-2830 (The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and ...) +CVE-2010-2830 NOT-FOR-US: Cisco -CVE-2010-2829 (Unspecified vulnerability in the H.323 implementation in Cisco IOS ...) +CVE-2010-2829 NOT-FOR-US: Cisco -CVE-2010-2828 (Unspecified vulnerability in the H.323 implementation in Cisco IOS ...) +CVE-2010-2828 NOT-FOR-US: Cisco -CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of ...) +CVE-2010-2827 NOT-FOR-US: Cisco -CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) ...) +CVE-2010-2826 NOT-FOR-US: Cisco -CVE-2010-2825 (Unspecified vulnerability in the SIP inspection feature on the Cisco ...) +CVE-2010-2825 NOT-FOR-US: Cisco -CVE-2010-2824 (Unspecified vulnerability on the Cisco Application Control Engine ...) +CVE-2010-2824 NOT-FOR-US: Cisco -CVE-2010-2823 (Unspecified vulnerability in the deep packet inspection feature on the ...) +CVE-2010-2823 NOT-FOR-US: Cisco -CVE-2010-2822 (Unspecified vulnerability in the RTSP inspection feature on the Cisco ...) +CVE-2010-2822 NOT-FOR-US: Cisco -CVE-2010-2821 (Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) ...) +CVE-2010-2821 NOT-FOR-US: Cisco -CVE-2010-2820 (Unspecified vulnerability in the SunRPC inspection feature on the ...) +CVE-2010-2820 NOT-FOR-US: Cisco -CVE-2010-2819 (Unspecified vulnerability in the SunRPC inspection feature on the ...) +CVE-2010-2819 NOT-FOR-US: Cisco -CVE-2010-2818 (Unspecified vulnerability in the SunRPC inspection feature on the ...) +CVE-2010-2818 NOT-FOR-US: Cisco -CVE-2010-2817 (Unspecified vulnerability in the IKE implementation on Cisco Adaptive ...) +CVE-2010-2817 NOT-FOR-US: Cisco -CVE-2010-2816 (Unspecified vulnerability in the SIP inspection feature on Cisco ...) +CVE-2010-2816 NOT-FOR-US: Cisco -CVE-2010-2815 (Unspecified vulnerability in the Transport Layer Security (TLS) ...) +CVE-2010-2815 NOT-FOR-US: Cisco -CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) ...) +CVE-2010-2814 NOT-FOR-US: Cisco -CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not ...) +CVE-2010-2813 {DSA-2091-1} - squirrelmail 2:1.4.21-1 (low) [lenny] - squirrelmail <no-dsa> (low-risk issue) -CVE-2010-2812 (Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of ...) +CVE-2010-2812 - znc 0.092-2 (unimportant; bug #599708) -CVE-2010-2811 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...) +CVE-2010-2811 - vdsm <itp> (bug #668538) -CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in ...) +CVE-2010-2810 - lynx-cur 2.8.8dev.5-1 (bug #594300) [lenny] - lynx-cur <no-dsa> (Minor issue, exploit scenario really obscure) -CVE-2010-2809 (The default configuration of the <Button2> binding in Uzbl before ...) +CVE-2010-2809 - uzbl 0.0.0~git.20100403-3 (bug #594301) -CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...) +CVE-2010-2808 {DSA-2105-1} - freetype 2.4.2-1 -CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during bounds ...) +CVE-2010-2807 {DSA-2105-1} - freetype 2.4.2-1 -CVE-2010-2806 (Array index error in the t42_parse_sfnts function in type42/t42parse.c ...) +CVE-2010-2806 {DSA-2105-1} - freetype 2.4.2-1 -CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType ...) +CVE-2010-2805 {DSA-2105-1} - freetype 2.4.2-1 CVE-2010-2804 RESERVED -CVE-2010-2803 (The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct ...) +CVE-2010-2803 {DSA-2094-1} - linux-2.6 2.6.32-22 -CVE-2010-2802 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 ...) +CVE-2010-2802 - mantis <not-affected> (vulnerable code introduced in 1.2.x) NOTE: http://www.mantisbt.org/bugs/view.php?id=11952 -CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract ...) +CVE-2010-2801 {DSA-2087-1} - cabextract 1.3-1 (bug #591552) -CVE-2010-2800 (The MS-ZIP decompressor in cabextract before 1.3 allows remote ...) +CVE-2010-2800 - cabextract 1.3-1 (bug #591552; unimportant) -CVE-2010-2799 (Stack-based buffer overflow in the nestlex function in nestlex.c in ...) +CVE-2010-2799 {DSA-2090-1} - socat 1.7.1.3-1 (bug #591443; medium) -CVE-2010-2798 (The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux ...) +CVE-2010-2798 {DSA-2094-1} - linux-2.6 2.6.32-20 -CVE-2010-2797 (Directory traversal vulnerability in lib/translation.functions.php in ...) +CVE-2010-2797 NOT-FOR-US: CMS Made Simple -CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...) +CVE-2010-2796 {DSA-2172-1} - libphp-cas <itp> (bug #495542) - glpi <removed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone - moodle 1.9.9.dfsg2-2 (bug #601384) -CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack ...) +CVE-2010-2795 {DSA-2172-1} - libphp-cas <itp> (bug #495542) - glpi <removed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone - moodle 1.9.9.dfsg2-2 (bug #601384) -CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users ...) +CVE-2010-2794 - spice-xpi <removed> [jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions) -CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for Internet ...) +CVE-2010-2793 NOT-FOR-US: SPICE plugin for Internet Explorer -CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox ...) +CVE-2010-2792 - spice-xpi <removed> [jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions) -CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...) +CVE-2010-2791 - apache2 2.2.9-10 (low) -CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...) +CVE-2010-2790 - zabbix 1:1.8.3-1 (bug #594304) [squeeze] - zabbix 1:1.8.2-1squeeze1 [lenny] - zabbix <no-dsa> (Minor issue) -CVE-2010-2789 (PHP remote file inclusion vulnerability in MediaWikiParserTest.php in ...) +CVE-2010-2789 - mediawiki <not-affected> (Affects mediawiki 1:1.16.0beta* - was not and will not be in Debian) NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html -CVE-2010-2788 (Cross-site scripting (XSS) vulnerability in profileinfo.php in ...) +CVE-2010-2788 - mediawiki 1:1.15.5-1 (bug #590669; low) [lenny] - mediawiki 1:1.12.0-2lenny6 NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html -CVE-2010-2787 (api.php in MediaWiki before 1.15.5 does not prevent use of public ...) +CVE-2010-2787 - mediawiki 1:1.15.5-1 (bug #590660; low) [lenny] - mediawiki <no-dsa> (Minor issue) NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html -CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows ...) +CVE-2010-2786 - piwik <itp> (bug #506933) -CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not ...) +CVE-2010-2785 {DSA-2078-1} - kvirc 4:4.0.0-3 -CVE-2010-2784 (The subpage MMIO initialization functionality in the subpage_register ...) +CVE-2010-2784 - qemu-kvm 0.12.5+dfsg-3 (bug #594478) - kvm <removed> [lenny] - kvm 72+dfsg-5~lenny6 @@ -6497,11 +6497,11 @@ CVE-2010-2781 RESERVED CVE-2010-2780 RESERVED -CVE-2010-2779 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...) +CVE-2010-2779 NOT-FOR-US: GroupWise -CVE-2010-2778 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...) +CVE-2010-2778 NOT-FOR-US: GroupWise -CVE-2010-2777 (Stack-based buffer overflow in the IMAP server component in GroupWise ...) +CVE-2010-2777 NOT-FOR-US: GroupWise CVE-2010-2776 RESERVED @@ -6511,21 +6511,21 @@ CVE-2010-2774 RESERVED CVE-2010-2773 RESERVED -CVE-2010-2772 (Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded ...) +CVE-2010-2772 NOT-FOR-US: SCADA -CVE-2010-2771 (solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to ...) +CVE-2010-2771 NOT-FOR-US: IBM solidDB -CVE-2010-3484 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows ...) +CVE-2010-3484 - mapserver 5.6.4-1 (low) [lenny] - mapserver <no-dsa> (Minor issue) -CVE-2010-3485 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows ...) +CVE-2010-3485 - mapserver 5.6.4-1 (low) [lenny] - mapserver <no-dsa> (Minor issue) -CVE-2010-2770 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...) +CVE-2010-2770 - xulrunner <not-affected> (The vulnerability is MacOS-specific) - iceweasel <not-affected> (The vulnerability is MacOS-specific) - iceape <not-affected> (The vulnerability is MacOS-specific) -CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) +CVE-2010-2769 {DSA-2124-1 DSA-2106-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 @@ -6535,7 +6535,7 @@ CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox befor - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-2768 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...) +CVE-2010-2768 {DSA-2106-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 @@ -6545,7 +6545,7 @@ CVE-2010-2768 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-2767 (The navigator.plugins implementation in Mozilla Firefox before 3.5.12 ...) +CVE-2010-2767 {DSA-2106-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 @@ -6555,7 +6555,7 @@ CVE-2010-2767 (The navigator.plugins implementation in Mozilla Firefox before 3. - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-2766 (The normalizeDocument function in Mozilla Firefox before 3.5.12 and ...) +CVE-2010-2766 {DSA-2106-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 @@ -6565,7 +6565,7 @@ CVE-2010-2766 (The normalizeDocument function in Mozilla Firefox before 3.5.12 a - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-2765 (Integer overflow in the FRAMESET element implementation in Mozilla ...) +CVE-2010-2765 {DSA-2106-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 @@ -6575,7 +6575,7 @@ CVE-2010-2765 (Integer overflow in the FRAMESET element implementation in Mozill - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-2764 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...) +CVE-2010-2764 - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) @@ -6585,7 +6585,7 @@ CVE-2010-2764 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-2763 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...) +CVE-2010-2763 {DSA-2106-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 @@ -6595,10 +6595,10 @@ CVE-2010-2763 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...) +CVE-2010-2762 - xulrunner <not-affected> (Only affects 3.6, only in experimental) - iceweasel <not-affected> (Only affects 3.6, only in experimental) -CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) ...) +CVE-2010-2761 - perl 5.10.1-17 (bug #606995) - libcgi-pm-perl 3.50-1 (bug #606370) [lenny] - libcgi-pm-perl 3.38-2lenny2 @@ -6606,7 +6606,7 @@ CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) ... - libcgi-simple-perl 1.111-2 (bug #606379) [lenny] - libcgi-simple-perl 1.105-1lenny1 [lenny] - perl 5.10.0-19lenny3 (bug #606995) -CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...) +CVE-2010-2760 {DSA-2106-1} - xulrunner <removed> (unimportant) - iceweasel 3.5.12-1 @@ -6616,18 +6616,18 @@ CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in . - iceape 2.0.7-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...) +CVE-2010-2759 - bugzilla 3.6.2.0-1 (bug #595015; medium) -CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...) +CVE-2010-2758 - bugzilla 3.6.2.0-1 (bug #595015; low) -CVE-2010-2757 (The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through ...) +CVE-2010-2757 - bugzilla 3.6.2.0-1 (bug #595015; low) -CVE-2010-2756 (Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 ...) +CVE-2010-2756 - bugzilla 3.6.2.0-1 (bug #595015; low) -CVE-2010-2755 (layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not ...) +CVE-2010-2755 - xulrunner <not-affected> (Only exploitable in Firefox 3.6.x and above) - iceweasel <not-affected> (Only exploitable in Firefox 3.6.x and above) -CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 ...) +CVE-2010-2754 {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceweasel 3.5.11-2 @@ -6636,7 +6636,7 @@ CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5. [lenny] - icedove <end-of-life> - iceape 2.0.6-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-2753 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x ...) +CVE-2010-2753 {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceweasel 3.5.11-2 @@ -6645,7 +6645,7 @@ CVE-2010-2753 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x [lenny] - iceape <not-affected> (Only a stub package) - icedove 3.0.6-1 [lenny] - icedove <end-of-life> -CVE-2010-2752 (Integer overflow in an array class in Mozilla Firefox 3.5.x before ...) +CVE-2010-2752 - xulrunner 1.9.1.11-1 [lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above) - iceweasel 3.5.11-2 @@ -6654,38 +6654,38 @@ CVE-2010-2752 (Integer overflow in an array class in Mozilla Firefox 3.5.x befor [lenny] - iceape <not-affected> (Only a stub package) - icedove 3.0.6-1 [lenny] - icedove <end-of-life> -CVE-2010-2751 (The nsDocShell::OnRedirectStateChange function in ...) +CVE-2010-2751 {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.6-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-2750 (Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac ...) +CVE-2010-2750 NOT-FOR-US: Microsoft Word CVE-2010-2749 REJECTED -CVE-2010-2748 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check ...) +CVE-2010-2748 NOT-FOR-US: Microsoft Word -CVE-2010-2747 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...) +CVE-2010-2747 NOT-FOR-US: Microsoft Word -CVE-2010-2746 (Heap-based buffer overflow in Comctl32.dll (aka the common control ...) +CVE-2010-2746 NOT-FOR-US: Microsoft Windows -CVE-2010-2745 (Microsoft Windows Media Player (WMP) 9 through 12 does not properly ...) +CVE-2010-2745 NOT-FOR-US: Microsoft Windows Media Player -CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...) +CVE-2010-2744 NOT-FOR-US: Microsoft Windows -CVE-2010-2743 (The kernel-mode drivers in Microsoft Windows XP SP3 do not properly ...) +CVE-2010-2743 NOT-FOR-US: Microsoft Windows -CVE-2010-2742 (The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and ...) +CVE-2010-2742 NOT-FOR-US: Microsoft Windows -CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...) +CVE-2010-2741 NOT-FOR-US: Microsoft Windows -CVE-2010-2740 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...) +CVE-2010-2740 NOT-FOR-US: Microsoft Windows -CVE-2010-2739 (Buffer overflow in the CreateDIBPalette function in win32k.sys in ...) +CVE-2010-2739 NOT-FOR-US: Windows -CVE-2010-2738 (The Uniscribe (aka new Unicode Script Processor) implementation in ...) +CVE-2010-2738 NOT-FOR-US: Microsoft Windows CVE-2010-2737 REJECTED @@ -6693,202 +6693,202 @@ CVE-2010-2736 REJECTED CVE-2010-2735 REJECTED -CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in ...) +CVE-2010-2734 NOT-FOR-US: Microsoft Forefront Unified Access Gateway -CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in ...) +CVE-2010-2733 NOT-FOR-US: Microsoft Forefront Unified Access Gateway -CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft ...) +CVE-2010-2732 NOT-FOR-US: Microsoft Forefront Unified Access Gateway -CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services ...) +CVE-2010-2731 NOT-FOR-US: Microsoft Windows -CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, ...) +CVE-2010-2730 NOT-FOR-US: Microsoft IIS -CVE-2010-2729 (The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows ...) +CVE-2010-2729 NOT-FOR-US: Microsoft Windows -CVE-2010-2728 (Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, ...) +CVE-2010-2728 NOT-FOR-US: Microsoft Outlook CVE-2010-2727 REJECTED CVE-2010-2726 REJECTED -CVE-2010-2725 (BarnOwl before 1.6.2 does not check the return code of calls to the ...) +CVE-2010-2725 {DSA-2102-1} - barnowl 1.6.2-1 (bug #593299) -CVE-2010-2724 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select ...) +CVE-2010-2724 NOT-FOR-US: Drupal addon module -CVE-2010-2723 (Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows ...) +CVE-2010-2723 NOT-FOR-US: LISTSERV -CVE-2010-2722 (Cross-site scripting (XSS) vulnerability in index.php in RightInPoint ...) +CVE-2010-2722 NOT-FOR-US: RightInPoint Lyrics Script -CVE-2010-2721 (SQL injection vulnerability in index.php in RightInPoint Lyrics Script ...) +CVE-2010-2721 NOT-FOR-US: RightInPoint Lyrics Script -CVE-2010-2720 (SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and ...) +CVE-2010-2720 NOT-FOR-US: phpaaCms -CVE-2010-2719 (SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and ...) +CVE-2010-2719 NOT-FOR-US: phpaaCms -CVE-2010-2718 (Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware ...) +CVE-2010-2718 NOT-FOR-US: CruxSoftware -CVE-2010-2717 (Cross-site scripting (XSS) vulnerability in manager/login.php in ...) +CVE-2010-2717 NOT-FOR-US: CruxSoftware -CVE-2010-2716 (Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote ...) +CVE-2010-2716 NOT-FOR-US: PsNews -CVE-2010-2715 (Cross-site scripting (XSS) vulnerability in photos/index.php in TCW ...) +CVE-2010-2715 NOT-FOR-US: TCW PHP Album -CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 ...) +CVE-2010-2714 NOT-FOR-US: TCW PHP Album -CVE-2010-2713 (The vte_sequence_handler_window_manipulation function in vteseq.c in ...) +CVE-2010-2713 [lenny] - vte <not-affected> (Uses a hardcoded string in the terminal icon/window title) - vte 1:0.24.3-1 NOTE: http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74 NOTE: http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91 -CVE-2010-2712 (Unspecified vulnerability in Software Distributor (sd) in HP HP-UX ...) +CVE-2010-2712 NOT-FOR-US: Software Distributor in HP HP-UX -CVE-2010-2711 (Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the ...) +CVE-2010-2711 NOT-FOR-US: HP MagCloud app -CVE-2010-2710 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) +CVE-2010-2710 NOT-FOR-US: HP OpenView -CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView Network ...) +CVE-2010-2709 NOT-FOR-US: HP OpenView -CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before ...) +CVE-2010-2708 NOT-FOR-US: HP ProCurve -CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches ...) +CVE-2010-2707 NOT-FOR-US: HP ProCurve -CVE-2010-2706 (Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 ...) +CVE-2010-2706 NOT-FOR-US: HP ProCurve -CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch with ...) +CVE-2010-2705 NOT-FOR-US: HP ProCurve -CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and ...) +CVE-2010-2704 NOT-FOR-US: HP OpenView -CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the ov.dll ...) +CVE-2010-2703 NOT-FOR-US: HP OpenView -CVE-2010-2702 (Buffer overflow in the UGameEngine::UpdateConnectingMessage function ...) +CVE-2010-2702 NOT-FOR-US: Unreal engine -CVE-2010-2701 (Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow ...) +CVE-2010-2701 NOT-FOR-US: FathFTP ActiveX control -CVE-2010-2700 (Cross-site scripting (XSS) vulnerability in index.php in Edge PHP ...) +CVE-2010-2700 NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script -CVE-2010-2699 (SQL injection vulnerability in index.php in Edge PHP Clickbank ...) +CVE-2010-2699 NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script -CVE-2010-2698 (Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community ...) +CVE-2010-2698 NOT-FOR-US: Sijio Community Software -CVE-2010-2697 (Cross-site scripting (XSS) vulnerability in Sijio Community Software ...) +CVE-2010-2697 NOT-FOR-US: Sijio Community Software -CVE-2010-2696 (SQL injection vulnerability in gallery/index.php in Sijio Community ...) +CVE-2010-2696 NOT-FOR-US: Sijio Community Software -CVE-2010-2695 (Directory traversal vulnerability in the SFTP/SSH2 virtual server in ...) +CVE-2010-2695 NOT-FOR-US: Xlight FTP Server -CVE-2010-2694 (SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 ...) +CVE-2010-2694 NOT-FOR-US: Joomla addon -CVE-2010-2693 (FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag ...) +CVE-2010-2693 - kfreebsd-7 7.3-5 [lenny] - kfreebsd-7 <no-dsa> (Not covered by security support in Lenny) - kfreebsd-8 8.0-10 -CVE-2010-2692 (Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt ...) +CVE-2010-2692 NOT-FOR-US: 2daybiz Custom T-Shirt Design Script -CVE-2010-2691 (Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt ...) +CVE-2010-2691 NOT-FOR-US: 2daybiz Custom T-Shirt Design Script -CVE-2010-2690 (SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) ...) +CVE-2010-2690 NOT-FOR-US: Joomla addon -CVE-2010-2689 (SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS ...) +CVE-2010-2689 NOT-FOR-US: Internet DM WebDM CMS -CVE-2010-2688 (SQL injection vulnerability in detail.asp in Site2Nite Boat ...) +CVE-2010-2688 NOT-FOR-US: Site2Nite Boat Classifieds -CVE-2010-2687 (SQL injection vulnerability in printdetail.asp in Site2Nite Boat ...) +CVE-2010-2687 NOT-FOR-US: Site2Nite Boat Classifieds -CVE-2010-2686 (Multiple SQL injection vulnerabilities in clientes.asp in the TopManage ...) +CVE-2010-2686 NOT-FOR-US: SAP module -CVE-2010-2685 (siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not ...) +CVE-2010-2685 NOT-FOR-US: Customer Paradigm PageDirector CMS -CVE-2010-2684 (SQL injection vulnerability in index.php in Customer Paradigm ...) +CVE-2010-2684 NOT-FOR-US: Customer Paradigm PageDirector CMS -CVE-2010-2683 (SQL injection vulnerability in result.php in Customer Paradigm ...) +CVE-2010-2683 NOT-FOR-US: Customer Paradigm PageDirector CMS -CVE-2010-2682 (Directory traversal vulnerability in the Realtyna Translator ...) +CVE-2010-2682 NOT-FOR-US: Joomla addon -CVE-2010-2681 (PHP remote file inclusion vulnerability in the SEF404x (com_sef) ...) +CVE-2010-2681 NOT-FOR-US: Joomla addon -CVE-2010-2680 (Directory traversal vulnerability in the JExtensions JE ...) +CVE-2010-2680 NOT-FOR-US: Joomla addon -CVE-2010-2679 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...) +CVE-2010-2679 NOT-FOR-US: Joomla addon -CVE-2010-2678 (SQL injection vulnerability in xmap (com_xmap) component for Joomla! ...) +CVE-2010-2678 NOT-FOR-US: Joomla addon -CVE-2010-2677 (PHP remote file inclusion vulnerability in mw_plugin.php in Open Web ...) +CVE-2010-2677 NOT-FOR-US: Open Web Analytics -CVE-2010-2676 (Multiple directory traversal vulnerabilities in index.php in Open Web ...) +CVE-2010-2676 NOT-FOR-US: Open Web Analytics -CVE-2010-2675 (Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS ...) +CVE-2010-2675 NOT-FOR-US: TSOKA:CMS -CVE-2010-2674 (SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and ...) +CVE-2010-2674 NOT-FOR-US: TSOKA:CMS -CVE-2010-2673 (SQL injection vulnerability in profile_view.php in Devana 1.6.6 and ...) +CVE-2010-2673 NOT-FOR-US: Devana -CVE-2010-2672 (Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through ...) +CVE-2010-2672 - ezpublish <removed> -CVE-2010-2671 (Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ ...) +CVE-2010-2671 - ezpublish <removed> -CVE-2010-2670 (SQL injection vulnerability in recipedetail.php in BrotherScripts ...) +CVE-2010-2670 NOT-FOR-US: BrotherScripts Recipe Website -CVE-2010-2669 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-2669 NOT-FOR-US: Orbis CMS -CVE-2010-2668 (Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet ...) +CVE-2010-2668 NOT-FOR-US: Adaptive Micro Systems ALPHA Ethernet Adapter -CVE-2010-2667 (Multiple unspecified vulnerabilities in the Virtual Appliance ...) +CVE-2010-2667 NOT-FOR-US: VMware Studio -CVE-2010-2666 (Opera before 10.54 on Windows and Mac OS X does not properly enforce ...) +CVE-2010-2666 NOT-FOR-US: Opera -CVE-2010-2665 (Cross-site scripting (XSS) vulnerability in Opera before 10.54 on ...) +CVE-2010-2665 NOT-FOR-US: Opera -CVE-2010-2664 (Opera before 10.60 allows remote attackers to cause a denial of ...) +CVE-2010-2664 NOT-FOR-US: Opera -CVE-2010-2663 (Opera before 10.60 allows remote attackers to cause a denial of ...) +CVE-2010-2663 NOT-FOR-US: Opera -CVE-2010-2662 (Opera before 10.60 allows remote attackers to bypass the popup blocker ...) +CVE-2010-2662 NOT-FOR-US: Opera -CVE-2010-2661 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX ...) +CVE-2010-2661 NOT-FOR-US: Opera -CVE-2010-2660 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX ...) +CVE-2010-2660 NOT-FOR-US: Opera -CVE-2010-2659 (Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before ...) +CVE-2010-2659 NOT-FOR-US: Opera -CVE-2010-2658 (Opera before 10.60 does not properly restrict certain interaction ...) +CVE-2010-2658 NOT-FOR-US: Opera -CVE-2010-2657 (Opera before 10.60 on Windows and Mac OS X does not properly prevent ...) +CVE-2010-2657 NOT-FOR-US: Opera -CVE-2010-2656 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...) +CVE-2010-2656 NOT-FOR-US: BladeCenter software -CVE-2010-2655 (Directory traversal vulnerability in private/file_management.php on ...) +CVE-2010-2655 NOT-FOR-US: BladeCenter software -CVE-2010-2654 (Multiple cross-site scripting (XSS) vulnerabilities on the IBM ...) +CVE-2010-2654 NOT-FOR-US: BladeCenter software -CVE-2010-2653 (Race condition in the hvc_close function in drivers/char/hvc_console.c ...) +CVE-2010-2653 - linux-2.6 2.6.32-25 -CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement modal ...) +CVE-2010-2652 - webkit <not-affected> (chromium specific issue) - chromium-browser 5.0.375.99~r51029-1 -CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...) +CVE-2010-2651 - webkit 1.2.5-1 (bug #599830) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891 NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014 NOTE: http://trac.webkit.org/changeset/59247 -CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99 has ...) +CVE-2010-2650 - webkit <not-affected> (chromium specific) - chromium-browser 5.0.375.99~r51029-1 -CVE-2010-2649 (Unspecified vulnerability in Google Chrome before 5.0.375.99 allows ...) +CVE-2010-2649 - webkit <not-affected> (issue in chromium-specific code) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39797 NOTE: http://trac.webkit.org/changeset/60973 NOTE: http://trac.webkit.org/changeset/60977 -CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka Bidi ...) +CVE-2010-2648 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39305 NOTE: http://trac.webkit.org/projects/webkit/changeset/61921 -CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a ...) +CVE-2010-2647 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 @@ -6898,112 +6898,112 @@ CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause NOTE: http://trac.webkit.org/changeset/61676 chromium fixes NOTE: http://trac.webkit.org/changeset/61679 additional layout test NOTE: duplicate of cve-2010-1786 -CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed ...) +CVE-2010-2646 - webkit 1.2.5-1 (bug #599830) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151 NOTE: http://trac.webkit.org/changeset/58873 NOTE: http://trac.webkit.org/changeset/59870 chromium updates -CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99, when ...) +CVE-2010-2645 - webkit <not-affected> (doesn't include webgl code yet) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38039 NOTE: http://trac.webkit.org/changeset/58957 -CVE-2010-2644 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 ...) +CVE-2010-2644 NOT-FOR-US: IBM WebSphere Service Registry and Repository -CVE-2010-2643 (Integer overflow in the TFM font parser in the dvi-backend component ...) +CVE-2010-2643 {DSA-2357-1} - evince 2.30.3-2 (bug #609534) -CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend ...) +CVE-2010-2642 {DSA-2388-1 DSA-2357-1} - evince 3.0.2-1 (bug #609534) [squeeze] - evince 2.30.3-2+squeeze1 - t1lib 5.1.2-3.5 [lenny] - t1lib 5.1.2-3+lenny1 [squeeze] - t1lib 5.1.2-3+squeeze1 -CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend component ...) +CVE-2010-2641 {DSA-2357-1} - evince 2.30.3-2 (bug #609534) -CVE-2010-2640 (Array index error in the PK font parser in the dvi-backend component ...) +CVE-2010-2640 {DSA-2357-1} - evince 2.30.3-2 (bug #609534) -CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote ...) +CVE-2010-2639 NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0 -CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 ...) +CVE-2010-2638 NOT-FOR-US: IBM WebSphere MQ -CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not ...) +CVE-2010-2637 NOT-FOR-US: IBM WebSphere -CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample store ...) +CVE-2010-2636 NOT-FOR-US: IBM WebSphere Commerce -CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before ...) +CVE-2010-2635 NOT-FOR-US: IBM WebSphere Commerce -CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...) +CVE-2010-2634 NOT-FOR-US: RSA enVision -CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, ...) +CVE-2010-2633 NOT-FOR-US: EMC -CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, ...) +CVE-2010-2632 NOT-FOR-US: Solaris FTP server -CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first ...) +CVE-2010-2631 - tiff 3.9.4-1 - tiff3 <not-affected> (fixed before initial upload) -CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly ...) +CVE-2010-2630 {DSA-2552-1} - tiff 3.9.6-1 - tiff3 3.9.6-1 NOTE: may have been fixed earlier -CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 ...) +CVE-2010-2629 NOT-FOR-US: Cisco -CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 ...) +CVE-2010-2628 - strongswan 4.4.1-1 [lenny] - strongswan <not-affected> (Vulnerability introduced in 4.3.3) [squeeze] - strongswan <not-affected> (Vulnerability introduced in 4.3.3) -CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 ...) +CVE-2010-2627 NOT-FOR-US: Refractor 2 -CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...) +CVE-2010-2626 NOT-FOR-US: Miyabi CGI Tools SEO Links -CVE-2010-2625 (Unspecified vulnerability in the Client Service for DPM in Hitachi ...) +CVE-2010-2625 NOT-FOR-US: Hitachi ServerConductor -CVE-2010-2624 (Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow ...) +CVE-2010-2624 NOT-FOR-US: iScripts EasySnaps -CVE-2010-2623 (SQL injection vulnerability in pages.php in Internet DM Specialist Bed ...) +CVE-2010-2623 NOT-FOR-US: Internet DM Specialist Bed and Breakfast -CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly ...) +CVE-2010-2622 NOT-FOR-US: Joomanager -CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in ...) +CVE-2010-2621 - qt4-x11 4:4.6.3-2 (low; bug #587711) [lenny] - qt4-x11 <no-dsa> (Harmless impact) NOTE: Fixed by commit c25c7c9bdfade6b906f37ac8bad44f6f0de57597 -CVE-2010-2620 (Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote ...) +CVE-2010-2620 NOT-FOR-US: Open&Compact FTP Server -CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and ...) +CVE-2010-2619 NOT-FOR-US: Citrix XenServer (it's based on Xen, likely a duplicate of an existing Xen issue) -CVE-2010-2494 (Multiple buffer underflows in the base64 decoder in base64.c in (1) ...) +CVE-2010-2494 - bogofilter 1.2.1-3 (low; bug #588090) [lenny] - bogofilter 1.1.7-1+lenny1 NOTE: this is "only" null write to an invalid pointer, no arbitrary location -CVE-2010-2495 (The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP ...) +CVE-2010-2495 - linux-2.6 2.6.32-16 [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.29) -CVE-2010-2618 (PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in ...) +CVE-2010-2618 NOT-FOR-US: AdaptCMS -CVE-2010-2617 (Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible ...) +CVE-2010-2617 NOT-FOR-US: PHP Bible Search -CVE-2010-2616 (SQL injection vulnerability in bible.php in PHP Bible Search, probably ...) +CVE-2010-2616 NOT-FOR-US: PHP Bible Search -CVE-2010-2615 (Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php ...) +CVE-2010-2615 NOT-FOR-US: Grafik CMS -CVE-2010-2614 (SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, ...) +CVE-2010-2614 NOT-FOR-US: Grafik CMS -CVE-2010-2613 (Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd ...) +CVE-2010-2613 NOT-FOR-US: com_awd_song component for joomla! -CVE-2010-2612 (Unspecified vulnerability in the HP OpenVMS Auditing feature in ...) +CVE-2010-2612 NOT-FOR-US: HP OpenVMS -CVE-2010-2611 (SQL injection vulnerability in show_search_result.php in i-netsolution ...) +CVE-2010-2611 NOT-FOR-US: i-netsolution Job Search Engine -CVE-2010-2610 (Multiple SQL injection vulnerabilities in 2daybiz Job Site Script ...) +CVE-2010-2610 NOT-FOR-US: 2daybiz Job Site Script -CVE-2010-2609 (SQL injection vulnerability in show_search_result.php in 2daybiz Job ...) +CVE-2010-2609 NOT-FOR-US: 2daybiz Job Search Engine Script CVE-2010-2608 RESERVED @@ -7013,19 +7013,19 @@ CVE-2010-2606 RESERVED CVE-2010-2605 RESERVED -CVE-2010-2604 (Multiple buffer overflows in the PDF Distiller in the BlackBerry ...) +CVE-2010-2604 NOT-FOR-US: BlackBerry Enterprise Server -CVE-2010-2603 (RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for ...) +CVE-2010-2603 NOT-FOR-US: RIM BlackBerry Desktop Software -CVE-2010-2602 (Multiple buffer overflows in the PDF distiller component in the ...) +CVE-2010-2602 NOT-FOR-US: BlackBerry Enterprise Serve -CVE-2010-2601 (Multiple buffer overflows in the PDF distiller in the Attachment ...) +CVE-2010-2601 NOT-FOR-US: BlackBerry Enterprise Server -CVE-2010-2600 (Untrusted search path vulnerability in BlackBerry Desktop Software ...) +CVE-2010-2600 NOT-FOR-US: BlackBerry Desktop Software -CVE-2010-2599 (Unspecified vulnerability in Research In Motion (RIM) BlackBerry ...) +CVE-2010-2599 NOT-FOR-US: BlackBerry Device Software -CVE-2010-2594 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) +CVE-2010-2594 NOT-FOR-US: InterSect Allience Snare Agent CVE-2010-2593 RESERVED @@ -7033,37 +7033,37 @@ CVE-2010-2592 RESERVED CVE-2010-2591 RESERVED -CVE-2010-2590 (Heap-based buffer overflow in the ...) +CVE-2010-2590 NOT-FOR-US: ActiveX -CVE-2010-2589 (Integer overflow in the dirapi.dll module in Adobe Shockwave Player ...) +CVE-2010-2589 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2588 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 ...) +CVE-2010-2588 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2587 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 ...) +CVE-2010-2587 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2586 (Multiple integer overflows in in_nsv.dll in the in_nsv plugin in ...) +CVE-2010-2586 NOT-FOR-US: Winamp -CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX ...) +CVE-2010-2585 NOT-FOR-US: RealPage Module ActiveX Controls -CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in ...) +CVE-2010-2584 NOT-FOR-US: RealPage Module ActiveX Controls -CVE-2010-2583 (Stack-based buffer overflow in SonicWALL SSL-VPN End-Point ...) +CVE-2010-2583 NOT-FOR-US: SonicWALL -CVE-2010-2582 (An unspecified function in TextXtra.x32 in Adobe Shockwave Player ...) +CVE-2010-2582 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote ...) +CVE-2010-2581 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not ...) +CVE-2010-2580 NOT-FOR-US: MailEnable -CVE-2010-2579 (The cook codec in RealNetworks RealPlayer 11.0 through 11.1, ...) +CVE-2010-2579 NOT-FOR-US: RealPlayer -CVE-2010-2578 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-2578 NOT-FOR-US: RealNetworks RealPlayer -CVE-2010-2577 (Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow ...) +CVE-2010-2577 NOT-FOR-US: Pligg -CVE-2010-2576 (Opera before 10.61 does not properly suppress clicks on download ...) +CVE-2010-2576 NOT-FOR-US: Opera -CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality in ...) +CVE-2010-2575 - okular 4:4.4.5-2 [lenny] - okular 0.7-2+lenny1 - kdegraphics 4:4.4.5-2 @@ -7071,18 +7071,18 @@ CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt NOTE: Okular was initially a single source package (lenny days), then it was merged into NOTE: kdegraphics (squeeze days) and later split off again (wheezy) -CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...) +CVE-2010-2574 - mantis 1.1.8+dfsg-6 (low; bug #595510) [lenny] - mantis 1.1.6+dfsg-2lenny2 -CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as ...) +CVE-2010-2598 - tiff 3.9.4-1 - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...) +CVE-2010-2597 {DSA-2552-1} - tiff 3.9.6-1 - tiff3 3.9.6-1 NOTE: may have been fixed earlier -CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...) +CVE-2010-2596 {DLA-610-1} - tiff 4.0.6-1 (unimportant) - tiff3 <removed> (unimportant) @@ -7092,201 +7092,201 @@ CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and NOTE: that the reproducer does not trigger the crash anymore. NOTE: Tom Lane's patch should be applied for tiff in Wheezy too. NOTE: Not confirmed which exact version should fix the issue. -CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...) +CVE-2010-2595 {DSA-2552-1} - tiff 3.9.6-1 - tiff3 3.9.6-1 NOTE: may have been fixed earlier -CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, ...) +CVE-2010-2573 NOT-FOR-US: Microsoft PowerPoint -CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows ...) +CVE-2010-2572 NOT-FOR-US: Microsoft PowerPoint -CVE-2010-2571 (Array index error in pubconv.dll (aka the Publisher Converter DLL) in ...) +CVE-2010-2571 NOT-FOR-US: Microsoft Publisher -CVE-2010-2570 (Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter ...) +CVE-2010-2570 NOT-FOR-US: Microsoft Publisher -CVE-2010-2569 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher ...) +CVE-2010-2569 NOT-FOR-US: Microsoft Publisher -CVE-2010-2568 (Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 ...) +CVE-2010-2568 NOT-FOR-US: Microsoft -CVE-2010-2567 (The RPC client implementation in Microsoft Windows XP SP2 and SP3 and ...) +CVE-2010-2567 NOT-FOR-US: Microsoft Windows -CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft ...) +CVE-2010-2566 NOT-FOR-US: Microsoft CVE-2010-2565 REJECTED -CVE-2010-2564 (Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and ...) +CVE-2010-2564 NOT-FOR-US: Microsoft -CVE-2010-2563 (The Word 97 text converter in the WordPad Text Converters in Microsoft ...) +CVE-2010-2563 NOT-FOR-US: Microsoft Windows -CVE-2010-2562 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...) +CVE-2010-2562 NOT-FOR-US: Microsoft -CVE-2010-2561 (Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle ...) +CVE-2010-2561 NOT-FOR-US: Microsoft -CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...) +CVE-2010-2560 NOT-FOR-US: Microsoft -CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in ...) +CVE-2010-2559 NOT-FOR-US: Microsoft -CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows ...) +CVE-2010-2558 NOT-FOR-US: Microsoft -CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in ...) +CVE-2010-2557 NOT-FOR-US: Microsoft -CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...) +CVE-2010-2556 NOT-FOR-US: Microsoft -CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and ...) +CVE-2010-2555 NOT-FOR-US: Microsoft -CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and ...) +CVE-2010-2554 NOT-FOR-US: Microsoft -CVE-2010-2553 (The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista ...) +CVE-2010-2553 NOT-FOR-US: Microsoft -CVE-2010-2552 (Stack consumption vulnerability in the SMB Server in Microsoft Windows ...) +CVE-2010-2552 NOT-FOR-US: Microsoft -CVE-2010-2551 (The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server ...) +CVE-2010-2551 NOT-FOR-US: Microsoft -CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server ...) +CVE-2010-2550 NOT-FOR-US: Microsoft -CVE-2010-2549 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...) +CVE-2010-2549 NOT-FOR-US: Microsoft CVE-2010-2548 RESERVED - openjdk-6 6b18-1.8.1-1 -CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG ...) +CVE-2010-2547 {DSA-2076-1} - gnupg2 2.0.14-2 -CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in ...) +CVE-2010-2546 {DSA-2081-1} - libmikmod 3.1.11-6.3 -CVE-2010-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before ...) +CVE-2010-2545 {DSA-2384-1} - cacti 0.8.7g-1 -CVE-2010-2544 (Cross-site scripting (XSS) vulnerability in utilities.php in Cacti ...) +CVE-2010-2544 - cacti 0.8.7g-1 -CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-2543 {DSA-2384-1} - cacti 0.8.7g-1 -CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in ...) +CVE-2010-2542 {DSA-2114-1} - git-core 1:1.7.1-1.1 (low; bug #590026) -CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType ...) +CVE-2010-2541 {DSA-2105-1} - freetype 2.4.2-1 (low) -CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 ...) +CVE-2010-2540 {DSA-2079-1} - mapserver 5.6.4-1 -CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in mapserv in ...) +CVE-2010-2539 {DSA-2079-1} - mapserver 5.6.4-1 -CVE-2010-2538 (Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c ...) +CVE-2010-2538 - linux-2.6 2.6.32-19 [lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.29) -CVE-2010-2537 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel ...) +CVE-2010-2537 - linux-2.6 2.6.32-19 [lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.29) -CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and ...) +CVE-2010-2536 - rekonq 0.5.0-2 (bug #593300) -CVE-2010-2535 (Multiple cross-site scripting (XSS) vulnerabilities in the Back End in ...) +CVE-2010-2535 NOT-FOR-US: Joomla! -CVE-2010-2534 (The NetworkSyncCommandQueue function in network/network_command.cpp in ...) +CVE-2010-2534 - openttd 1.0.3-1 [lenny] - openttd <not-affected> (Introduced in 1.0.1) NOTE: http://bugs.openttd.org/task/3909 CVE-2010-2533 REJECTED -CVE-2010-2532 (** DISPUTED ** ...) +CVE-2010-2532 - lxsession 0.4.4-3 (bug #591409) -CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 ...) +CVE-2010-2531 {DSA-2266-1} - php5 5.3.3-2 (low) -CVE-2010-2530 (Multiple integer signedness errors in smb_subr.c in the netsmb module ...) +CVE-2010-2530 NOT-FOR-US: NetBSD -CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927, 20070202, ...) +CVE-2010-2529 {DSA-2645-1} - iputils 3:20100418-2 - inetutils 2:1.9-2 [lenny] - iputils 3:20071127-1+lenny1 -CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar protocol ...) +CVE-2010-2528 - pidgin 2.7.2-1 [lenny] - pidgin <not-affected> (Vulnerable code not present, support for X-Status was added later) -CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4.0 ...) +CVE-2010-2527 {DSA-2070-1} - freetype 2.4.0-1 -CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in lvm2-cluster in ...) +CVE-2010-2526 {DSA-2095-1} - lvm2 2.02.66-3 (bug #591204) CVE-2010-2525 RESERVED -CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the ...) +CVE-2010-2524 {DSA-2264-1} - linux-2.6 2.6.32-19 -CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 ...) +CVE-2010-2523 NOT-FOR-US: UMIP -CVE-2010-2522 (The mipv6 daemon in UMIP 0.4 does not verify that netlink messages ...) +CVE-2010-2522 NOT-FOR-US: UMIP -CVE-2010-2521 (Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR ...) +CVE-2010-2521 {DSA-2094-1} - linux-2.6 2.6.32-13 -CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in ...) +CVE-2010-2520 {DSA-2070-1} - freetype 2.4.0-1 -CVE-2010-2519 (Heap-based buffer overflow in the Mac_Read_POST_Resource function in ...) +CVE-2010-2519 {DSA-2070-1} - freetype 2.4.0-1 -CVE-2010-2518 (Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before ...) +CVE-2010-2518 NOT-FOR-US: P8 Content Search Engine -CVE-2010-2517 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest before ...) +CVE-2010-2517 NOT-FOR-US: ClearQuest -CVE-2010-2516 (Multiple SQL injection vulnerabilities in 2daybiz Multi Level ...) +CVE-2010-2516 NOT-FOR-US: 2daybiz Multi Level Marketing -CVE-2010-2515 (Multiple SQL injection vulnerabilities in index.php in the JFaq ...) +CVE-2010-2515 NOT-FOR-US: component for Joomla! -CVE-2010-2514 (Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) ...) +CVE-2010-2514 NOT-FOR-US: component for Joomla! -CVE-2010-2513 (SQL injection vulnerability in the JE Ajax Event Calendar ...) +CVE-2010-2513 NOT-FOR-US: component for Joomla! -CVE-2010-2512 (SQL injection vulnerability in customprofile.php in 2daybiz ...) +CVE-2010-2512 NOT-FOR-US: 2daybiz Matrimonial Script -CVE-2010-2511 (SQL injection vulnerability in viewnews.php in 2daybiz Multi Level ...) +CVE-2010-2511 NOT-FOR-US: 2daybiz Multi Level Marketing -CVE-2010-2510 (SQL injection vulnerability in customize.php in 2daybiz Web Template ...) +CVE-2010-2510 NOT-FOR-US: 2daybiz Web Template -CVE-2010-2509 (Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web ...) +CVE-2010-2509 NOT-FOR-US: 2daybiz Web Template -CVE-2010-2508 (SQL injection vulnerability in user-profile.php in 2daybiz Video ...) +CVE-2010-2508 NOT-FOR-US: 2daybiz Video -CVE-2010-2507 (Directory traversal vulnerability in the Picasa2Gallery ...) +CVE-2010-2507 NOT-FOR-US: component for Joomla! -CVE-2010-2506 (Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys ...) +CVE-2010-2506 NOT-FOR-US: Linksys -CVE-2010-2505 (Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows ...) +CVE-2010-2505 NOT-FOR-US: Soft SaschArt SasCAM Webcam Server -CVE-2010-2504 (Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote ...) +CVE-2010-2504 NOT-FOR-US: Splunk -CVE-2010-2503 (Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 ...) +CVE-2010-2503 NOT-FOR-US: Splunk -CVE-2010-2502 (Multiple directory traversal vulnerabilities in Splunk 4.0 through ...) +CVE-2010-2502 NOT-FOR-US: Splunk CVE-2010-2501 RESERVED -CVE-2010-2500 (Integer overflow in the gray_render_span function in smooth/ftgrays.c ...) +CVE-2010-2500 {DSA-2070-1} - freetype 2.4.0-1 -CVE-2010-2499 (Buffer overflow in the Mac_Read_POST_Resource function in ...) +CVE-2010-2499 {DSA-2070-1} - freetype 2.4.0-1 -CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c in ...) +CVE-2010-2498 {DSA-2070-1} - freetype 2.4.0-1 -CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows ...) +CVE-2010-2497 {DSA-2070-1} - freetype 2.4.0-1 CVE-2010-2496 RESERVED -CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) ...) +CVE-2010-2493 - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) -CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in ...) +CVE-2010-2492 {DSA-2110-1} - linux-2.6 2.6.32-19 -CVE-2010-2491 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup ...) +CVE-2010-2491 - roundup 1.4.13-3.1 (bug #590769) NOTE: http://bugs.gentoo.org/show_bug.cgi?id=326395 NOTE: http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486 @@ -7295,153 +7295,153 @@ CVE-2010-2490 [murmur DoS via malformed client query] - mumble 1.2.2-4 (bug #587713) [lenny] - mumble <no-dsa> (Minor issue) - qt4-x11 <not-affected> (low; bug #587713) -CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...) +CVE-2010-2489 - ruby1.8 <not-affected> (Windows-specific) - ruby1.9.1 <not-affected> (Windows-specific) CVE-2010-2488 [znc null pointer deref] RESERVED {DSA-2069-1} - znc 0.090-2 (bug #584929) -CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...) +CVE-2010-2487 {DSA-2083-1} - moin 1.9.3-1 (bug #584809) CVE-2010-2486 RESERVED CVE-2010-2485 RESERVED -CVE-2010-2484 (The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...) +CVE-2010-2484 - php5 5.3.3-1 (unimportant) -CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...) +CVE-2010-2483 - tiff 3.9.4-4 (unimportant) - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid ...) +CVE-2010-2482 {DSA-2552-1} - tiff 3.9.4-1 (unimportant) - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly ...) +CVE-2010-2481 - tiff 3.9.4-1 (unimportant) - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2010-2480 (Mako before 0.3.4 relies on the cgi.escape function in the Python ...) +CVE-2010-2480 - mako 0.3.4-1 (low) [lenny] - mako <no-dsa> (Minor issue) -CVE-2010-2478 (Integer overflow in the ethtool_get_rxnfc function in ...) +CVE-2010-2478 - linux-2.6 2.6.32-19 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=608950 NOTE: http://thread.gmane.org/gmane.linux.network/164869 -CVE-2010-2477 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2010-2477 - paste 1.7.4-1 (low) [lenny] - paste 1.7.1-1+lenny1 NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56 CVE-2010-2475 RESERVED -CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise ...) +CVE-2010-2474 - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) -CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...) +CVE-2010-2470 - bugzilla <not-affected> (Only affects 3.5 to 3.7) CVE-2010-2476 [syscp open_basedir bypassing] RESERVED - syscp <removed> (bug #587481) -CVE-2010-2469 (The Linear eMerge 50 and 5000 uses a default password of eMerge for ...) +CVE-2010-2469 NOT-FOR-US: Linear eMerge -CVE-2010-2468 (The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 ...) +CVE-2010-2468 NOT-FOR-US: S2 Security NetBox -CVE-2010-2467 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear ...) +CVE-2010-2467 NOT-FOR-US: S2 Security NetBox -CVE-2010-2466 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear ...) +CVE-2010-2466 NOT-FOR-US: S2 Security NetBox -CVE-2010-2465 (The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge ...) +CVE-2010-2465 NOT-FOR-US: S2 Security NetBox -CVE-2010-2464 (Multiple cross-site scripting (XSS) vulnerabilities in the RSComments ...) +CVE-2010-2464 NOT-FOR-US: component for Joomla! -CVE-2010-2463 (Cross-site scripting (XSS) vulnerability in forum.php in Jamroom ...) +CVE-2010-2463 NOT-FOR-US: Jamroom -CVE-2010-2462 (SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP ...) +CVE-2010-2462 NOT-FOR-US: Toma Cero OroHYIP -CVE-2010-2461 (SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 ...) +CVE-2010-2461 NOT-FOR-US: JCE-Tech Overstock -CVE-2010-2460 (SQL injection vulnerability in merchant_product_list.php in JCE-Tech ...) +CVE-2010-2460 NOT-FOR-US: JCE-Tech Shareasale Script -CVE-2010-2459 (SQL injection vulnerability in video.php in 2daybiz Video Community ...) +CVE-2010-2459 NOT-FOR-US: 2daybiz Video Community Portal Script -CVE-2010-2458 (Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video ...) +CVE-2010-2458 NOT-FOR-US: 2daybiz Video Community Portal Script -CVE-2010-2457 (Cross-site scripting (XSS) vulnerability in index.php in K-Search ...) +CVE-2010-2457 NOT-FOR-US: K-Search -CVE-2010-2456 (Multiple directory traversal vulnerabilities in index.php in Linker ...) +CVE-2010-2456 NOT-FOR-US: Linker IMG -CVE-2010-2455 (Opera does not properly manage the address bar between the request to ...) +CVE-2010-2455 NOT-FOR-US: Opera -CVE-2010-2454 (Apple Safari does not properly manage the address bar between the ...) +CVE-2010-2454 - webkit <not-affected> (iceweasel/safari-specific issues) - chromium-browser <not-affected> (iceweasel/safari-specific issues) NOTE: i tested both firefox and safari poc's, and neither of them caused the NOTE: address bar to be spoofed in either webkit or chrome NOTE: this will be address in iceweasel in cve-2010-1206 -CVE-2010-2453 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk ...) +CVE-2010-2453 NOT-FOR-US: Synology Disk Station -CVE-2010-2452 (Directory traversal vulnerability in the DCC functionality in KVIrc ...) +CVE-2010-2452 {DSA-2065-1} - kvirc 4:4.0.0~svn4340+rc3-1 -CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in ...) +CVE-2010-2451 {DSA-2065-1} - kvirc 4:4.0.0~svn4340+rc3-1 -CVE-2010-2443 (The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before ...) +CVE-2010-2443 - tiff 3.9.4-1 (unimportant) - tiff3 <not-affected> (fixed prior to initial upload) NOTE: Triggers a NULL pointer deref, crasher only -CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...) +CVE-2010-2442 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...) +CVE-2010-2441 - webkit 1.2.1-3 (low) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/58829 -CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation ...) +CVE-2010-2440 NOT-FOR-US: Subtitle Translation Wizard -CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to ...) +CVE-2010-2439 NOT-FOR-US: MoreAmp -CVE-2010-2438 (SQL injection vulnerability in G.CMS generator allows remote attackers ...) +CVE-2010-2438 NOT-FOR-US: G.CMS -CVE-2010-2437 (Cross-site scripting (XSS) vulnerability in class/tools.class.php in ...) +CVE-2010-2437 NOT-FOR-US: AneCMS BLog -CVE-2010-2436 (SQL injection vulnerability in modules/blog/index.php in AneCMS Blog ...) +CVE-2010-2436 NOT-FOR-US: AneCMS Blog -CVE-2010-2435 (Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause ...) +CVE-2010-2435 - weborf 0.12.2-1 -CVE-2010-2434 (Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software ...) +CVE-2010-2434 NOT-FOR-US: Explzh -CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-2433 NOT-FOR-US: IBM WebSphere -CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS ...) +CVE-2010-2432 {DSA-2176-1} - cups 1.4.4-1 -CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local users, ...) +CVE-2010-2431 {DSA-2176-1} - cups 1.4.4-1 CVE-2010-2430 RESERVED -CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, ...) +CVE-2010-2429 NOT-FOR-US: Splunk -CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the ...) +CVE-2010-2428 NOT-FOR-US: Wing FTP Server -CVE-2010-2427 (VMware Studio 2.0 does not properly write to temporary files, which ...) +CVE-2010-2427 NOT-FOR-US: VMware Studio -CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River ...) +CVE-2010-2426 NOT-FOR-US: Titan FTP Server -CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River ...) +CVE-2010-2425 NOT-FOR-US: Titan FTP Server CVE-2010-2424 RESERVED CVE-2010-2423 RESERVED -CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone ...) +CVE-2010-2422 - plone3 <removed> -CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have ...) +CVE-2010-2421 NOT-FOR-US: Opera -CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...) +CVE-2010-2420 NOT-FOR-US: Sleipnir -CVE-2010-2479 (Cross-site scripting (XSS) vulnerability in HTML Purifier before ...) +CVE-2010-2479 {DSA-2067-1} - php-htmlpurifier 4.1.1+dfsg1-1 - mahara 1.2.5-1 @@ -7449,274 +7449,274 @@ CVE-2010-2479 (Cross-site scripting (XSS) vulnerability in HTML Purifier before [lenny] - moodle <not-affected> (doesn't ship/use htmlpurifier) - knowledgeroot 0.9.9.5-5 [lenny] - knowledgeroot <no-dsa> (low) -CVE-2010-2419 (Unspecified vulnerability in the Java Virtual Machine component in ...) +CVE-2010-2419 NOT-FOR-US: Oracle Database Server -CVE-2010-2418 (Unspecified vulnerability in the Oracle Territory Management component ...) +CVE-2010-2418 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-2417 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...) +CVE-2010-2417 NOT-FOR-US: Oracle Supply Chain Products Suite -CVE-2010-2416 (Unspecified vulnerability in the Oracle E-Business Intelligence ...) +CVE-2010-2416 NOT-FOR-US: Oracle E-Business Intelligence -CVE-2010-2415 (Unspecified vulnerability in the Change Data Capture component in ...) +CVE-2010-2415 NOT-FOR-US: Oracle Database Server -CVE-2010-2414 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun ...) +CVE-2010-2414 NOT-FOR-US: Oracle Sun Products Suite -CVE-2010-2413 (Unspecified vulnerability in the BI Publisher component in Oracle ...) +CVE-2010-2413 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-2412 (Unspecified vulnerability in the OLAP component in Oracle Database ...) +CVE-2010-2412 NOT-FOR-US: Oracle Database Server -CVE-2010-2411 (Unspecified vulnerability in the Job Queue component in Oracle ...) +CVE-2010-2411 NOT-FOR-US: Oracle Database Server -CVE-2010-2410 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion ...) +CVE-2010-2410 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-2409 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion ...) +CVE-2010-2409 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-2408 (Unspecified vulnerability in the Oracle iRecruitment component in ...) +CVE-2010-2408 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-2407 (Unspecified vulnerability in the XDK component in Oracle Database ...) +CVE-2010-2407 NOT-FOR-US: Oracle Database Server -CVE-2010-2406 (Unspecified vulnerability in the Siebel Core - Highly Interactive ...) +CVE-2010-2406 NOT-FOR-US: Oracle Siebel Suite -CVE-2010-2405 (Unspecified vulnerability in the Siebel Core - Highly Interactive ...) +CVE-2010-2405 NOT-FOR-US: Oracle Siebel Suite -CVE-2010-2404 (Unspecified vulnerability in the Oracle iRecruitment component in ...) +CVE-2010-2404 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-2403 (Unspecified vulnerability in the PeopleSoft Enterprise Campus ...) +CVE-2010-2403 NOT-FOR-US: PeopleSoft -CVE-2010-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2010-2402 NOT-FOR-US: PeopleSoft -CVE-2010-2401 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile ...) +CVE-2010-2401 NOT-FOR-US: PeopleSoft -CVE-2010-2400 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...) +CVE-2010-2400 NOT-FOR-US: Solaris -CVE-2010-2399 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) +CVE-2010-2399 NOT-FOR-US: Solaris -CVE-2010-2398 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...) +CVE-2010-2398 NOT-FOR-US: PeopleSoft -CVE-2010-2397 (Unspecified vulnerability in Oracle Sun Java System Application Server ...) +CVE-2010-2397 NOT-FOR-US: Oracle Sun Java System Application Serve -CVE-2010-2396 (Unspecified vulnerability in the Forms component in Oracle Fusion ...) +CVE-2010-2396 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-2395 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion ...) +CVE-2010-2395 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-2394 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...) +CVE-2010-2394 NOT-FOR-US: Solaris -CVE-2010-2393 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) +CVE-2010-2393 NOT-FOR-US: Solaris -CVE-2010-2392 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) +CVE-2010-2392 NOT-FOR-US: Solaris -CVE-2010-2391 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) +CVE-2010-2391 NOT-FOR-US: Oracle Database Server -CVE-2010-2390 (Unspecified vulnerability in the Database Control component in EM ...) +CVE-2010-2390 NOT-FOR-US: Oracle Database Server -CVE-2010-2389 (Unspecified vulnerability in the Perl component in Oracle Database ...) +CVE-2010-2389 NOT-FOR-US: Oracle Database Server -CVE-2010-2388 (Unspecified vulnerability in the Oracle Applications Manager component ...) +CVE-2010-2388 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-2387 (vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x ...) +CVE-2010-2387 - gdm 2.20.11-1 -CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) +CVE-2010-2386 NOT-FOR-US: Solaris -CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy Server ...) +CVE-2010-2385 NOT-FOR-US: Oracle Sun Java System Web Proxy Server -CVE-2010-2384 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local ...) +CVE-2010-2384 NOT-FOR-US: Solaris -CVE-2010-2383 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) +CVE-2010-2383 NOT-FOR-US: Solaris -CVE-2010-2382 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) +CVE-2010-2382 NOT-FOR-US: Solaris -CVE-2010-2381 (Unspecified vulnerability in the Application Server Control component ...) +CVE-2010-2381 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-2380 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component ...) +CVE-2010-2380 NOT-FOR-US: PeopleSoft -CVE-2010-2379 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - Time & ...) +CVE-2010-2379 NOT-FOR-US: PeopleSoft -CVE-2010-2378 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...) +CVE-2010-2378 NOT-FOR-US: PeopleSoft -CVE-2010-2377 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2010-2377 NOT-FOR-US: PeopleSoft -CVE-2010-2376 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) +CVE-2010-2376 NOT-FOR-US: Solaris -CVE-2010-2375 (Package/Privilege: Plugins for Apache, Sun and IIS web servers ...) +CVE-2010-2375 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-2374 (Unspecified vulnerability in Solaris Studio 12 update 1 allows local ...) +CVE-2010-2374 NOT-FOR-US: Solaris -CVE-2010-2373 (Unspecified vulnerability in the Console component in Oracle ...) +CVE-2010-2373 NOT-FOR-US: Oracle Enterprise Manager Grid Control -CVE-2010-2372 (Unspecified vulnerability in the Oracle Transportation Management ...) +CVE-2010-2372 NOT-FOR-US: Oracle Supply Chain Products Suite -CVE-2010-2371 (Unspecified vulnerability in the Oracle Transportation Management ...) +CVE-2010-2371 NOT-FOR-US: Oracle Supply Chain Products Suite -CVE-2010-2370 (Unspecified vulnerability in the Oracle Business Process Management ...) +CVE-2010-2370 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-2369 (Untrusted search path vulnerability in Lhasa 0.19 and earlier allows ...) +CVE-2010-2369 NOT-FOR-US: Lhasa -CVE-2010-2368 (Untrusted search path vulnerability in Lhaplus before 1.58 allows ...) +CVE-2010-2368 NOT-FOR-US: Lhaplus -CVE-2010-2367 (Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 ...) +CVE-2010-2367 NOT-FOR-US: AD-EDIT2 -CVE-2010-2366 (Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access ...) +CVE-2010-2366 NOT-FOR-US: CGI Cafe Access Analyzer -CVE-2010-2365 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 ...) +CVE-2010-2365 NOT-FOR-US: Free CGI Moo moobbs2 -CVE-2010-2364 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before ...) +CVE-2010-2364 NOT-FOR-US: Free CGI Moo moobbs2 -CVE-2010-2363 (The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the ...) +CVE-2010-2363 NOT-FOR-US: SEIL/X1, SEIL/X2, and SEIL/B1 routers -CVE-2010-2362 (Winny 2.0b7.1 and earlier does not properly process node information, ...) +CVE-2010-2362 NOT-FOR-US: Winny -CVE-2010-2361 (Winny 2.0b7.1 and earlier does not properly process BBS information, ...) +CVE-2010-2361 NOT-FOR-US: Winny -CVE-2010-2360 (Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow ...) +CVE-2010-2360 NOT-FOR-US: Winny -CVE-2010-2359 (SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com ...) +CVE-2010-2359 NOT-FOR-US: eWebquiz -CVE-2010-2358 (PHP remote file inclusion vulnerability in ...) +CVE-2010-2358 NOT-FOR-US: Nakid CMS -CVE-2010-2357 (SQL injection vulnerability in index.php in Eicra Realestate Script ...) +CVE-2010-2357 NOT-FOR-US: Eicra Realestate Script -CVE-2010-2356 (Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot ...) +CVE-2010-2356 NOT-FOR-US: Pilot Group eLMS Pro -CVE-2010-2355 (Cross-site scripting (XSS) vulnerability in error.php in Pilot Group ...) +CVE-2010-2355 NOT-FOR-US: Pilot Group eLMS Pro -CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS ...) +CVE-2010-2354 NOT-FOR-US: Pilot Group eLMS Pro -CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK) module 6.x ...) +CVE-2010-2353 - drupal6-mod-cck <not-affected> (Fixed before initial upload) -CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK) module 5.x ...) +CVE-2010-2352 - drupal6-mod-cck <not-affected> (Fixed before initial upload) -CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...) +CVE-2010-2351 NOT-FOR-US: Novell Netware -CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...) +CVE-2010-2350 - ziproxy 3.1.1-1 (bug #587039) [lenny] - ziproxy <not-affected> (Introduced in 3.1.0) -CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of service ...) +CVE-2010-2349 NOT-FOR-US: H264WebCam -CVE-2010-2348 (Stack-based buffer overflow in Batch Audio Converter Lite Edition ...) +CVE-2010-2348 NOT-FOR-US: Batch Audio Converter -CVE-2010-2347 (The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 ...) +CVE-2010-2347 NOT-FOR-US: SAP J2EE Telnet Interface CVE-2010-2346 RESERVED -CVE-2010-2345 (Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and ...) +CVE-2010-2345 NOT-FOR-US: odCMS -CVE-2010-2344 (Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and ...) +CVE-2010-2344 NOT-FOR-US: odCMS -CVE-2010-2343 (Stack-based buffer overflow in D.R. Software Audio Converter 8.1, ...) +CVE-2010-2343 NOT-FOR-US: D.R. Software Audio Converter -CVE-2010-2342 (SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady ...) +CVE-2010-2342 NOT-FOR-US: DMXReady Online Notebook Manager -CVE-2010-2341 (PHP remote file inclusion vulnerability in ...) +CVE-2010-2341 NOT-FOR-US: EZPX Photoblog -CVE-2010-2340 (SQL injection vulnerability in members.php in Arab Portal 2.2, when ...) +CVE-2010-2340 NOT-FOR-US: Arab Portal -CVE-2010-2339 (SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x ...) +CVE-2010-2339 NOT-FOR-US: Subdreamer CMS -CVE-2010-2338 (Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor ...) +CVE-2010-2338 NOT-FOR-US: VU Web Visitor Analyst -CVE-2010-2337 (Open redirect vulnerability in RSA Federated Identity Manager 4.0 ...) +CVE-2010-2337 NOT-FOR-US: RSA Federated Identity Manager -CVE-2010-2336 (index.php in Yamamah Photo Gallery 1.00 allows remote attackers to ...) +CVE-2010-2336 NOT-FOR-US: Yamamah Photo Gallery -CVE-2010-2335 (SQL injection vulnerability in index.php in Yamamah Photo Gallery ...) +CVE-2010-2335 NOT-FOR-US: Yamamah Photo Gallery -CVE-2010-2334 (Directory traversal vulnerability in themes/default/download.php in ...) +CVE-2010-2334 NOT-FOR-US: Yamamah Phote Gallery -CVE-2010-2333 (LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows ...) +CVE-2010-2333 NOT-FOR-US: LiteSpeed Web Server -CVE-2010-2332 (Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions ...) +CVE-2010-2332 NOT-FOR-US: Impact PDF Reader -CVE-2010-2331 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 ...) +CVE-2010-2331 NOT-FOR-US: iSharer File Sharing Wizard -CVE-2010-2330 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 ...) +CVE-2010-2330 NOT-FOR-US: iSharer File Sharing Wizard -CVE-2010-2329 (Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote ...) +CVE-2010-2329 NOT-FOR-US: Rosoft Audio Converter -CVE-2010-2328 (The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before ...) +CVE-2010-2328 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-2327 (mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before ...) +CVE-2010-2327 NOT-FOR-US: IBM HTTP Server -CVE-2010-2326 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when ...) +CVE-2010-2326 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-2325 (Cross-site scripting (XSS) vulnerability in the administrative console ...) +CVE-2010-2325 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-2324 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS ...) +CVE-2010-2324 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-2323 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS ...) +CVE-2010-2323 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-2322 (Absolute path traversal vulnerability in the extract_jar function in ...) +CVE-2010-2322 - fastjar 2:0.98-3 (low) [lenny] - fastjar <no-dsa> (Minor issue) -CVE-2010-2321 (Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote ...) +CVE-2010-2321 NOT-FOR-US: Adobe InDesign -CVE-2010-2320 (bozotic HTTP server (aka bozohttpd) before 20100621 allows remote ...) +CVE-2010-2320 - bozohttpd 20100621-1 (low; bug #590298) [lenny] - bozohttpd <no-dsa> (Minor information leak) -CVE-2010-2319 (SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 ...) +CVE-2010-2319 NOT-FOR-US: IDevSpot TextAds -CVE-2010-2318 (Cross-site scripting (XSS) vulnerability in cms_data.php in ...) +CVE-2010-2318 NOT-FOR-US: PHPCityPortal -CVE-2010-2317 (Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow ...) +CVE-2010-2317 NOT-FOR-US: WmsCms -CVE-2010-2316 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) +CVE-2010-2316 NOT-FOR-US: WmsCms -CVE-2010-2315 (PHP remote file inclusion vulnerability in picturelib.php in ...) +CVE-2010-2315 NOT-FOR-US: SmartISoft phpBazar -CVE-2010-2314 (PHP remote file inclusion vulnerability in ...) +CVE-2010-2314 NOT-FOR-US: NP_Twitter Plugin -CVE-2010-2313 (Directory traversal vulnerability in index.php in Anodyne Productions ...) +CVE-2010-2313 NOT-FOR-US: SIMM Management System -CVE-2010-2312 (SQL injection vulnerability in index.php in HauntmAx Haunted House ...) +CVE-2010-2312 NOT-FOR-US: HauntmAx Haunted House Directory Listing CMS -CVE-2010-2311 (Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows ...) +CVE-2010-2311 NOT-FOR-US: Power Tab Editor -CVE-2010-2310 (SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a ...) +CVE-2010-2310 NOT-FOR-US: SolarWinds TFTP Server -CVE-2010-2309 (Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and ...) +CVE-2010-2309 NOT-FOR-US: EvoLogical EvoCam -CVE-2010-2308 (Unspecified vulnerability in the filter driver (savonaccessfilter.sys) ...) +CVE-2010-2308 NOT-FOR-US: Sophos Anti-Virus -CVE-2010-2307 (Multiple directory traversal vulnerabilities in the web server for ...) +CVE-2010-2307 NOT-FOR-US: Motorola firmware -CVE-2010-2306 (The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; ...) +CVE-2010-2306 NOT-FOR-US: Sourcefire 3D Sensor -CVE-2010-2305 (Buffer overflow in an ActiveX control in SSHelper.dll for Symantec ...) +CVE-2010-2305 NOT-FOR-US: Symantec Sygate Personal Firewall CVE-2010-2304 REJECTED CVE-2010-2303 REJECTED -CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...) +CVE-2010-2302 - webkit 1.2.1-3 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59876 NOTE: duplicate of cve-2010-1771 -CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in ...) +CVE-2010-2301 - webkit 1.2.1-3 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59241 NOTE: http://trac.webkit.org/changeset/59242 NOTE: duplicate of cve-2010-1762 -CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes ...) +CVE-2010-2300 - webkit 1.2.1-3 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59109 NOTE: duplicate of cve-2010-1759 -CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc ...) +CVE-2010-2299 - webkit <not-affected> (chromium-specific) - chromium-browser 5.0.375.70~r48679-1 -CVE-2010-2298 (browser/renderer_host/database_dispatcher_host.cc in Google Chrome ...) +CVE-2010-2298 - webkit <not-affected> (chromium-specific) - chromium-browser 5.0.375.70~r48679-1 -CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome ...) +CVE-2010-2297 - webkit 1.2.1-3 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/59495 -CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...) +CVE-2010-2296 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 @@ -7726,487 +7726,487 @@ CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome be NOTE: http://trac.webkit.org/changeset/57658 NOTE: http://trac.webkit.org/changeset/59769 NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159 -CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...) +CVE-2010-2295 - webkit 1.2.1-3 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/58829 -CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and ...) +CVE-2010-2294 NOT-FOR-US: Plume CMS -CVE-2010-2293 (The Ping tools web interface in Dlink Di-604 router allows remote ...) +CVE-2010-2293 NOT-FOR-US: Dlink Di-604 -CVE-2010-2292 (Cross-site scripting (XSS) vulnerability in the Ping tools web ...) +CVE-2010-2292 NOT-FOR-US: Dlink Di-604 Router -CVE-2010-2291 (Unspecified vulnerability in the web interface in snom VoIP Phone ...) +CVE-2010-2291 NOT-FOR-US: snom VoIP Phone -CVE-2010-2290 (Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in ...) +CVE-2010-2290 NOT-FOR-US: McAfee -CVE-2010-2289 (Open redirect vulnerability in dana/home/homepage.cgi in Juniper ...) +CVE-2010-2289 NOT-FOR-US: Juniper Networks -CVE-2010-2288 (Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in ...) +CVE-2010-2288 NOT-FOR-US: Juniper Networks -CVE-2010-2282 (Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 ...) +CVE-2010-2282 NOT-FOR-US: TomatoCMS -CVE-2010-2281 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2010-2281 NOT-FOR-US: TomatoCMS -CVE-2010-2280 (Open redirect vulnerability in the Mobile component in IBM Lotus ...) +CVE-2010-2280 NOT-FOR-US: IBM Lotus Connections -CVE-2010-2279 (The Top Updates implementation in the Homepage component in IBM Lotus ...) +CVE-2010-2279 NOT-FOR-US: IBM Lotus Connections -CVE-2010-2278 (The bookmarklet pop-up in the Bookmarks component in IBM Lotus ...) +CVE-2010-2278 NOT-FOR-US: IBM Lotus Connections -CVE-2010-2277 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) +CVE-2010-2277 NOT-FOR-US: IBM Lotus Connections -CVE-2010-2276 (The default configuration of the build process in Dojo 0.4.x before ...) +CVE-2010-2276 - dojo <not-affected> (Doesn't affect the Debian packaging) -CVE-2010-2275 (Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js ...) +CVE-2010-2275 - dojo 1.4.2+dfsg-1 -CVE-2010-2274 (Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, ...) +CVE-2010-2274 - dojo 1.4.2+dfsg-1 -CVE-2010-2273 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x ...) +CVE-2010-2273 - dojo 1.4.2+dfsg-1 -CVE-2010-2272 (Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before ...) +CVE-2010-2272 - dojo <not-affected> (only affects 0.4 branch) -CVE-2010-2271 (Format string vulnerability in authcfg.cgi in Accoria Web Server (aka ...) +CVE-2010-2271 NOT-FOR-US: Accoria Web Server -CVE-2010-2270 (Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable ...) +CVE-2010-2270 NOT-FOR-US: Accoria Web Server -CVE-2010-2269 (Directory traversal vulnerability in loadstatic.cgi in Accoria Web ...) +CVE-2010-2269 NOT-FOR-US: Accoria Web Server -CVE-2010-2268 (Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in ...) +CVE-2010-2268 NOT-FOR-US: Accoria Web Server -CVE-2010-2267 (Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web ...) +CVE-2010-2267 NOT-FOR-US: Accoria Web Server -CVE-2010-2266 (nginx 0.8.36 allows remote attackers to cause a denial of service ...) +CVE-2010-2266 - nginx <not-affected> (Confirmed Windows only, see bug #590768) -CVE-2010-2265 (Cross-site scripting (XSS) vulnerability in the GetServerName function ...) +CVE-2010-2265 NOT-FOR-US: Microsoft Windows -CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) +CVE-2010-2264 - chromium-browser 6.0.466.0~r52279-1 NOTE: This is a large series of risky behaviour-changing changesets. NOTE: upstream changelog says this is fixed in 1.2.3, but i'm doubtful of that -CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...) +CVE-2010-2263 - nginx <not-affected> (Windows-specific vulnerability when running on NTFS) -CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 ...) +CVE-2010-2283 {DSA-2066-1} - wireshark 1.2.9-1 -CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 ...) +CVE-2010-2285 {DSA-2066-1} - wireshark 1.2.9-1 -CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 ...) +CVE-2010-2284 {DSA-2066-1} - wireshark 1.2.9-1 -CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine ...) +CVE-2010-2287 {DSA-2066-1} - wireshark 1.2.9-1 -CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in ...) +CVE-2010-2286 {DSA-2066-1} - wireshark 1.2.9-1 -CVE-2010-2262 (Galileo Students Team Weborf before 0.12.1 allows remote attackers to ...) +CVE-2010-2262 - weborf 0.12.1-1 -CVE-2010-2261 (Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers ...) +CVE-2010-2261 NOT-FOR-US: Linksys WAP54Gv3 -CVE-2010-2260 (Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design ...) +CVE-2010-2260 NOT-FOR-US: Gabmbit Design Bandwidth Meter -CVE-2010-2259 (Directory traversal vulnerability in the BF Survey (com_bfsurvey) ...) +CVE-2010-2259 NOT-FOR-US: com_bfsurvey component for joomla! -CVE-2010-2258 (Cross-site scripting (XSS) vulnerability in signupconfirm.php in ...) +CVE-2010-2258 NOT-FOR-US: phpBannerExchange -CVE-2010-2257 (SQL injection vulnerability in index_ie.php in Pay Per Minute Video ...) +CVE-2010-2257 NOT-FOR-US: Pay Per Minute Video Chat Script -CVE-2010-2256 (Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute ...) +CVE-2010-2256 NOT-FOR-US: Pay Per Minute Video Chat Script -CVE-2010-2255 (SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) ...) +CVE-2010-2255 NOT-FOR-US: com_bfsurvey component for joomla! -CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope template for ...) +CVE-2010-2254 NOT-FOR-US: joomla! -CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject downloads to ...) +CVE-2010-2253 - libwww-perl 5.835-1 (low) [lenny] - libwww-perl 5.813-1+lenny2 -CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename instead of ...) +CVE-2010-2252 {DSA-2088-1} - wget 1.12-2.1 (low; bug #590296) -CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does not ...) +CVE-2010-2251 {DSA-2085-1} - lftp 4.0.6-1 (low) [lenny] - lftp <no-dsa> (Minor issue) NOTE: http://www.ocert.org/advisories/ocert-2010-001.html -CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before ...) +CVE-2010-2249 {DSA-2072-1} - libpng 1.2.44-1 (low; bug #587670) - tuxonice-userui 1.0-1 (unimportant) NOTE: tuxonice-userui 1.0-1 was binNMUed -CVE-2010-2248 (fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel ...) +CVE-2010-2248 {DSA-2094-1} - linux-2.6 2.6.32-12 (low) CVE-2010-2247 [makepasswd: insecure passwords generated with default settings] RESERVED - makepasswd 1.10-5 (low; bug #564559) [lenny] - makepasswd 1.10-3+lenny1 -CVE-2010-2246 (feh before 1.8, when the --wget-timestamp option is enabled, might ...) +CVE-2010-2246 - feh 1.8-1 (low; bug #587205) [lenny] - feh <no-dsa> (Minor issue) -CVE-2010-2245 (XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and ...) +CVE-2010-2245 NOT-FOR-US: Apache Wink -CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in ...) +CVE-2010-2244 {DSA-2086-1} - avahi 0.6.26-1 CVE-2010-2243 [timekeeping oops] RESERVED - linux-2.6 2.6.32-11 [lenny] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with ...) +CVE-2010-2242 - libvirt 0.8.3-1 (low) [lenny] - libvirt 0.4.6-10+lenny1 -CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red ...) +CVE-2010-2241 NOT-FOR-US: Red Hat Directory Server -CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel ...) +CVE-2010-2240 {DSA-2094-1} - linux-2.6 2.6.32-21 -CVE-2010-2239 (Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images ...) +CVE-2010-2239 - libvirt 0.8.3-1 (low) [lenny] - libvirt <not-affected> (only affects >= 0.6.0) -CVE-2010-2238 (Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into ...) +CVE-2010-2238 - libvirt 0.8.3-1 [lenny] - libvirt <not-affected> (only affects >= 0.7.2) -CVE-2010-2237 (Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing ...) +CVE-2010-2237 - libvirt 0.8.3-1 [lenny] - libvirt <not-affected> (only affects >= 0.6.1) -CVE-2010-2236 (The monitoring probe display in spacewalk-java before 2.1.148-1 and ...) +CVE-2010-2236 NOT-FOR-US: Red Hat Satellite -CVE-2010-2235 (template_api.py in Cobbler before 2.0.7, as used in Red Hat Network ...) +CVE-2010-2235 - cobbler <not-affected> (Fixed before initial upload) -CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used ...) +CVE-2010-2233 - tiff 3.9.4-2 - tiff3 <not-affected> (fixed prior to initial upload) [lenny] - tiff <not-affected> (Only affects 3.9.x) -CVE-2010-2232 (In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export ...) +CVE-2010-2232 - derby <not-affected> (Fixed before initial upload to Debian) NOTE: https://issues.apache.org/jira/browse/DERBY-2925 -CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2010-2231 {DSA-2115-1} - moodle 1.9.9-1 (bug #586280) -CVE-2010-2230 (The KSES text cleaning filter in lib/weblib.php in Moodle before ...) +CVE-2010-2230 {DSA-2115-1} - moodle 1.9.9-1 (bug #586280) - wordpress 3.0.4+dfsg-1 [lenny] - wordpress <not-affected> (2.x version is not affected) - egroupware <not-affected> (Only forks a minor subset of KSES) -CVE-2010-2229 (Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php ...) +CVE-2010-2229 {DSA-2115-1} - moodle 1.9.9-1 (bug #586280) -CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET access-control ...) +CVE-2010-2228 {DSA-2115-1} - moodle 1.9.9-1 (bug #586280) -CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...) +CVE-2010-2227 {DSA-2207-1} - tomcat5.5 <removed> - tomcat6 6.0.28-1 (bug #588813) [lenny] - tomcat6 <not-affected> (Only ships the servlet package) -CVE-2010-2226 (The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel ...) +CVE-2010-2226 {DSA-2094-1} - linux-2.6 2.6.32-19 -CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...) +CVE-2010-2225 {DSA-2089-1} - php5 5.3.3-1 -CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...) +CVE-2010-2224 NOT-FOR-US: Red Hat Enterprise Virtualization Manager (RHEV-M) -CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...) +CVE-2010-2223 - vdsm <itp> (bug #668538) CVE-2010-2222 RESERVED NOT-FOR-US: Red Hat Directory Server -CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1) ...) +CVE-2010-2221 - iscsitarget 1.4.20.1-1 -CVE-2010-2220 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...) +CVE-2010-2220 NOT-FOR-US: Adobe Flash Media Server -CVE-2010-2219 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...) +CVE-2010-2219 NOT-FOR-US: Adobe Flash Media Server -CVE-2010-2218 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...) +CVE-2010-2218 NOT-FOR-US: Adobe Flash Media Server -CVE-2010-2217 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...) +CVE-2010-2217 NOT-FOR-US: Adobe Flash Media Server -CVE-2010-2216 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) +CVE-2010-2216 NOT-FOR-US: Adobe Flash Plugin -CVE-2010-2215 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) +CVE-2010-2215 NOT-FOR-US: Adobe Flash Plugin -CVE-2010-2214 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) +CVE-2010-2214 NOT-FOR-US: Adobe Flash Plugin -CVE-2010-2213 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) +CVE-2010-2213 NOT-FOR-US: Adobe Flash Plugin -CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x ...) +CVE-2010-2212 NOT-FOR-US: Adobe Reader -CVE-2010-2211 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-2211 NOT-FOR-US: Adobe Reader -CVE-2010-2210 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-2210 NOT-FOR-US: Adobe Reader -CVE-2010-2209 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-2209 NOT-FOR-US: Adobe Reader -CVE-2010-2208 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-2208 NOT-FOR-US: Adobe Reader -CVE-2010-2207 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-2207 NOT-FOR-US: Adobe Reader -CVE-2010-2206 (Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x ...) +CVE-2010-2206 NOT-FOR-US: Adobe Reader -CVE-2010-2205 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-2205 NOT-FOR-US: Adobe Reader -CVE-2010-2204 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) +CVE-2010-2204 NOT-FOR-US: Adobe Reader -CVE-2010-2203 (Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to ...) +CVE-2010-2203 NOT-FOR-US: Adobe Reader -CVE-2010-2202 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-2202 NOT-FOR-US: Adobe Reader -CVE-2010-2201 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-2201 NOT-FOR-US: Adobe Reader CVE-2010-2200 RESERVED -CVE-2010-2199 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...) +CVE-2010-2199 - rpm <unfixed> (bug #584257; unimportant) NOTE: Marking as unimportant since rpm isn't used as a package manager -CVE-2010-2198 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...) +CVE-2010-2198 - rpm <unfixed> (bug #584257; unimportant) NOTE: Marking as unimportant since rpm isn't used as a package manager -CVE-2010-2197 (rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax ...) +CVE-2010-2197 - rpm 4.8.1-1 (low; bug #584257) [lenny] - rpm <no-dsa> (Minor issue) CVE-2010-2196 RESERVED -CVE-2010-2195 (bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows ...) +CVE-2010-2195 - bozohttpd 20100621-1 (low; bug #590298) [lenny] - bozohttpd <not-affected> (Only affects 20090522 to 20100512) CVE-2010-2194 RESERVED -CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) ...) +CVE-2010-2193 NOT-FOR-US: CA Global Advisor -CVE-2010-2192 (The make_lockdir_name function in policy.c in pmount 0.9.18 allow ...) +CVE-2010-2192 {DSA-2063-1} - pmount 0.9.23-1 -CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...) +CVE-2010-2191 - php5 5.3.3-1 (unimportant) NOTE: Only triggerable through malicious script -CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...) +CVE-2010-2190 - php5 <removed> (unimportant) NOTE: Only triggerable through malicious script -CVE-2010-2189 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2189 NOT-FOR-US: Adobe Flash Player -CVE-2010-2188 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2188 NOT-FOR-US: Adobe Flash Player -CVE-2010-2187 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2187 NOT-FOR-US: Adobe Flash Player -CVE-2010-2186 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and ...) +CVE-2010-2186 NOT-FOR-US: Adobe Flash Player -CVE-2010-2185 (Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before ...) +CVE-2010-2185 NOT-FOR-US: Adobe Flash Player -CVE-2010-2184 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2184 NOT-FOR-US: Adobe Flash Player -CVE-2010-2183 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x ...) +CVE-2010-2183 NOT-FOR-US: Adobe Flash Player -CVE-2010-2182 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2182 NOT-FOR-US: Adobe Flash Player -CVE-2010-2181 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x ...) +CVE-2010-2181 NOT-FOR-US: Adobe Flash Player -CVE-2010-2180 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2180 NOT-FOR-US: Adobe Flash Player -CVE-2010-2179 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) +CVE-2010-2179 NOT-FOR-US: Adobe Flash Player -CVE-2010-2178 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2178 NOT-FOR-US: Adobe Flash Player -CVE-2010-2177 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2177 NOT-FOR-US: Adobe Flash Player -CVE-2010-2176 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2176 NOT-FOR-US: Adobe Flash Player -CVE-2010-2175 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2175 NOT-FOR-US: Adobe Flash Player -CVE-2010-2174 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2174 NOT-FOR-US: Adobe Flash Player -CVE-2010-2173 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2173 NOT-FOR-US: Adobe Flash Player -CVE-2010-2172 (Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms ...) +CVE-2010-2172 NOT-FOR-US: Adobe Flash Player -CVE-2010-2171 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2171 NOT-FOR-US: Adobe Flash Player -CVE-2010-2170 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x ...) +CVE-2010-2170 NOT-FOR-US: Adobe Flash Player -CVE-2010-2169 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2169 NOT-FOR-US: Adobe Flash Player -CVE-2010-2168 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-2168 NOT-FOR-US: Adobe Reader -CVE-2010-2167 (Multiple heap-based buffer overflows in Adobe Flash Player before ...) +CVE-2010-2167 NOT-FOR-US: Adobe Flash Player -CVE-2010-2166 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2166 NOT-FOR-US: Adobe Flash Player -CVE-2010-2165 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2165 NOT-FOR-US: Adobe Flash Player -CVE-2010-2164 (Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 ...) +CVE-2010-2164 NOT-FOR-US: Adobe Flash Player -CVE-2010-2163 (Multiple unspecified vulnerabilities in Adobe Flash Player before ...) +CVE-2010-2163 NOT-FOR-US: Adobe Flash Player -CVE-2010-2162 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2162 NOT-FOR-US: Adobe Flash Player -CVE-2010-2161 (Array index error in Adobe Flash Player before 9.0.277.0 and 10.x ...) +CVE-2010-2161 NOT-FOR-US: Adobe Flash Player -CVE-2010-2160 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) +CVE-2010-2160 NOT-FOR-US: Adobe Flash Player -CVE-2010-2159 (Dameng DM Database Server allows remote authenticated users to cause a ...) +CVE-2010-2159 NOT-FOR-US: Dameng DM Database -CVE-2010-2158 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm ...) +CVE-2010-2158 NOT-FOR-US: Storm module for Drupal -CVE-2010-2157 (Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, ...) +CVE-2010-2157 NOT-FOR-US: CA ARCserve -CVE-2010-2156 (ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote ...) +CVE-2010-2156 - isc-dhcp 4.1.1-P1-1 - dhcp3 <not-affected> (Only affects DHCP 4.x) - dhcp <not-affected> (Only affects DHCP 4.x) NOTE: http://www.isc.org/software/dhcp/advisories/cve-2010-2156 -CVE-2010-2155 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-2155 {DSA-2056-1} - zonecheck 2.1.1-1 (bug #583290) -CVE-2010-2154 (Cross-site scripting (XSS) vulnerability in the Search Site in CMScout ...) +CVE-2010-2154 NOT-FOR-US: CMScout -CVE-2010-2153 (Unrestricted file upload vulnerability in ...) +CVE-2010-2153 NOT-FOR-US: TCExam -CVE-2010-2152 (Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, ...) +CVE-2010-2152 NOT-FOR-US: JustSystems Ichitaro -CVE-2010-2151 (Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 ...) +CVE-2010-2151 NOT-FOR-US: Fujitsu e-Pares -CVE-2010-2150 (Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 ...) +CVE-2010-2150 NOT-FOR-US: Fujitsu e-Pares -CVE-2010-2149 (Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, ...) +CVE-2010-2149 NOT-FOR-US: Fujitsu e-Pares -CVE-2010-2148 (SQL injection vulnerability in the My Car (com_mycar) component 1.0 ...) +CVE-2010-2148 NOT-FOR-US: My Car for Joomla -CVE-2010-2147 (Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) ...) +CVE-2010-2147 NOT-FOR-US: My Car for Joomla -CVE-2010-2146 (PHP remote file inclusion vulnerability in banned.php in Visitor ...) +CVE-2010-2146 NOT-FOR-US: Visitor Logger -CVE-2010-2145 (Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta ...) +CVE-2010-2145 NOT-FOR-US: ClearSite -CVE-2010-2144 (Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways ...) +CVE-2010-2144 NOT-FOR-US: Zeeways eBay Clone auction script -CVE-2010-2143 (Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 ...) +CVE-2010-2143 NOT-FOR-US: Symphony CMS -CVE-2010-2142 (SQL injection vulnerability in default.asp in Cyberhost allows remote ...) +CVE-2010-2142 NOT-FOR-US: Cyberhost -CVE-2010-2141 (SQL injection vulnerability in index.php in NITRO Web Gallery allows ...) +CVE-2010-2141 NOT-FOR-US: NITRO Web Gallery -CVE-2010-2140 (SQL injection vulnerability in itemdetail.php in Multishop CMS allows ...) +CVE-2010-2140 NOT-FOR-US: Multishop CMS -CVE-2010-2139 (SQL injection vulnerability in pages.php in Multishop CMS allows ...) +CVE-2010-2139 NOT-FOR-US: Multishop CMS -CVE-2010-2138 (Multiple directory traversal vulnerabilities in ProMan 0.1.1 and ...) +CVE-2010-2138 NOT-FOR-US: ProMan -CVE-2010-2137 (PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 ...) +CVE-2010-2137 NOT-FOR-US: ProMan -CVE-2010-2136 (Directory traversal vulnerability in admin/index.php in Article ...) +CVE-2010-2136 NOT-FOR-US: Article Friendly -CVE-2010-2135 (Multiple SQL injection vulnerabilities in login.php in HazelPress Lite ...) +CVE-2010-2135 NOT-FOR-US: HazelPress Lite -CVE-2010-2134 (Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 ...) +CVE-2010-2134 NOT-FOR-US: Project Man -CVE-2010-2133 (SQL injection vulnerability in contact.php in My Little Forum allows ...) +CVE-2010-2133 NOT-FOR-US: My Little Forum -CVE-2010-2132 (Multiple PHP remote file inclusion vulnerabilities in Open Education ...) +CVE-2010-2132 NOT-FOR-US: Open Education System -CVE-2010-2131 (SQL injection vulnerability in the Calendar Base (cal) extension ...) +CVE-2010-2131 NOT-FOR-US: Typo3 extenson Calendar Base -CVE-2010-2130 (Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ...) +CVE-2010-2130 NOT-FOR-US: Aris Global ARISg -CVE-2010-2129 (Directory traversal vulnerability in the JE Ajax Event Calendar ...) +CVE-2010-2129 NOT-FOR-US: JE Ajax Event Calenda -CVE-2010-2128 (Directory traversal vulnerability in the JE Quotation Form ...) +CVE-2010-2128 NOT-FOR-US: JE Quotation Form for Joomla -CVE-2010-2127 (PHP remote file inclusion vulnerability in gallery.php in JV2 Folder ...) +CVE-2010-2127 NOT-FOR-US: JV2 Folder Gallery -CVE-2010-2126 (Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery ...) +CVE-2010-2126 NOT-FOR-US: Snipe Gallery -CVE-2010-2125 (Multiple cross-site scripting (XSS) vulnerabilities in the Rotor ...) +CVE-2010-2125 NOT-FOR-US: Rotor Banner module for Drupal -CVE-2010-2124 (SQL injection vulnerability in firma.php in Bartels Schone ConPresso ...) +CVE-2010-2124 NOT-FOR-US: Bartels Schone ConPresso -CVE-2010-2123 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm ...) +CVE-2010-2123 NOT-FOR-US: Storm module for Drupal -CVE-2010-2122 (Directory traversal vulnerability in the SimpleDownload ...) +CVE-2010-2122 NOT-FOR-US: SimpleDownload for Joomla -CVE-2010-2121 (Opera 9.52 allows remote attackers to cause a denial of service ...) +CVE-2010-2121 NOT-FOR-US: Opera -CVE-2010-2120 (Google Chrome 1.0.154.48 allows remote attackers to cause a denial of ...) +CVE-2010-2120 NOT-FOR-US: Unclear, historic Chrome issue -CVE-2010-2119 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...) +CVE-2010-2119 NOT-FOR-US: MS IE -CVE-2010-2118 (Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows ...) +CVE-2010-2118 NOT-FOR-US: MS IE -CVE-2010-2117 (Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to ...) +CVE-2010-2117 - xulrunner <unfixed> (unimportant) -CVE-2010-2116 (The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 ...) +CVE-2010-2116 NOT-FOR-US: McAfee Email Gateway -CVE-2010-2115 (SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a ...) +CVE-2010-2115 NOT-FOR-US: SolarWinds TFTP Server -CVE-2010-2114 (Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke ...) +CVE-2010-2114 NOT-FOR-US: Brekeke PBX -CVE-2010-2113 (Multiple cross-site request forgery (CSRF) vulnerabilities in The ...) +CVE-2010-2113 NOT-FOR-US: The Uniform Server -CVE-2010-2112 (Directory traversal vulnerability in the FTP service in FileCOPA ...) +CVE-2010-2112 NOT-FOR-US: FileCOPA -CVE-2010-2111 (Cross-site request forgery (CSRF) vulnerability in user/user-set.do in ...) +CVE-2010-2111 NOT-FOR-US: Pacific Timesheet -CVE-2010-2110 (Google Chrome before 5.0.375.55 does not properly execute JavaScript ...) +CVE-2010-2110 - chromium-browser 5.0.375.55~r47796-1 - webkit <not-affected> (issue in chrome's libv8 bindings) NOTE: http://trac.webkit.org/changeset/58229 -CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...) +CVE-2010-2109 - chromium-browser 5.0.375.55~r47796-1 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/58441 -CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...) +CVE-2010-2108 - chromium-browser 5.0.375.55~r47796-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-2107 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...) +CVE-2010-2107 - chromium-browser 5.0.375.55~r47796-1 - webkit <not-affected> (doesn't have safebrowsing feature) -CVE-2010-2106 (Unspecified vulnerability in Google Chrome before 5.0.375.55 might ...) +CVE-2010-2106 - chromium-browser 5.0.375.55~r47796-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-2105 (Google Chrome before 5.0.375.55 does not properly follow the Safe ...) +CVE-2010-2105 - chromium-browser 5.0.375.55~r47796-1 - webkit <not-affected> (doesn't have safebrowsing feature) -CVE-2010-2104 (Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and ...) +CVE-2010-2104 NOT-FOR-US: Orbit Downloader -CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-2103 - axis <not-affected> (axis != axis2, vulnerable code not present) -CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to ...) +CVE-2010-2102 NOT-FOR-US: Webby Webserver -CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...) +CVE-2010-2101 - php5 <removed> (unimportant) NOTE: Only triggerable through malicious script -CVE-2010-2100 (The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...) +CVE-2010-2100 - php5 <removed> (unimportant) NOTE: Only triggerable through malicious script -CVE-2010-2099 (bbcode/php.bb in e107 0.7.20 and earlier does not perform access ...) +CVE-2010-2099 NOT-FOR-US: e107 -CVE-2010-2098 (Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 ...) +CVE-2010-2098 NOT-FOR-US: e107 -CVE-2010-2097 (The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...) +CVE-2010-2097 - php5 <removed> (unimportant) NOTE: Only triggerable through malicious script -CVE-2010-2096 (Directory traversal vulnerability in index.php in CMSQlite 1.2 and ...) +CVE-2010-2096 NOT-FOR-US: CMSQlite -CVE-2010-2095 (SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier ...) +CVE-2010-2095 NOT-FOR-US: CMSQlite -CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP ...) +CVE-2010-2094 - php5 5.3.3-1 (low) [lenny] - php5 <not-affected> (Vulnerable code not present) -CVE-2010-2093 (Use-after-free vulnerability in the request shutdown functionality in ...) +CVE-2010-2093 - php5 5.3.3-1 (unimportant) NOTE: Only triggerable through malicious script -CVE-2010-2092 (SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier ...) +CVE-2010-2092 {DSA-2060-1} - cacti 0.8.7e-4 (bug #582691) -CVE-2010-2091 (Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 ...) +CVE-2010-2091 NOT-FOR-US: Microsoft OWA -CVE-2010-2090 (The npb_protocol_error function in sna V5router64 in IBM ...) +CVE-2010-2090 NOT-FOR-US: IBM Communications Server -CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the ...) +CVE-2010-2089 - python3.1 3.1.2+20100706-1 (low) - python2.7 2.7-1 (low) - python2.6 2.6.5+20100706-1 (low) @@ -8214,63 +8214,63 @@ CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the ...) [lenny] - python2.5 <no-dsa> (Minor issue) - python2.4 <removed> (low) [lenny] - python2.4 <no-dsa> (Minor issue) -CVE-2010-2088 (ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted ...) +CVE-2010-2088 NOT-FOR-US: Microsoft .NET -CVE-2010-2087 (Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...) +CVE-2010-2087 - mojarra <unfixed> (unimportant; bug #611130) NOTE: Affected feature is fundamentally insecure -CVE-2010-2086 (Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application ...) +CVE-2010-2086 NOT-FOR-US: Apache MyFaces -CVE-2010-2085 (The default configuration of ASP.NET in Microsoft .NET before 1.1 has ...) +CVE-2010-2085 NOT-FOR-US: Microsoft .NET -CVE-2010-2084 (Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property ...) +CVE-2010-2084 NOT-FOR-US: Microsoft .NET -CVE-2010-2083 (Microsoft Dynamics GP has a default value of ACCESS for the system ...) +CVE-2010-2083 NOT-FOR-US: Microsoft Dynamics GP -CVE-2010-2082 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ...) +CVE-2010-2082 NOT-FOR-US: Cisco CVE-2010-2081 RESERVED -CVE-2010-2080 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...) +CVE-2010-2080 - otrs2 2.4.8+dfsg1-1 [lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4) -CVE-2010-2079 (DataTrack System 3.5 allows remote attackers to bypass intended ...) +CVE-2010-2079 NOT-FOR-US: DataTrack System -CVE-2010-2078 (DataTrack System 3.5 allows remote attackers to list the root ...) +CVE-2010-2078 NOT-FOR-US: DataTrack System CVE-2010-2077 REJECTED -CVE-2010-2076 (Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before ...) +CVE-2010-2076 NOT-FOR-US: Apache CXF -CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from ...) +CVE-2010-2075 - unrealircd <itp> (bug #515130) -CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...) +CVE-2010-2074 - w3m 0.5.2-5 (low; bug #587445) [lenny] - w3m 0.5.2-2+lenny1 -CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and ...) +CVE-2010-2073 - pyftpd 0.8.5 (low; bug #585776) [lenny] - pyftpd 0.8.4.6+lenny1 -CVE-2010-2072 (Pyftpd 0.8.4 creates log files with predictable names in a temporary ...) +CVE-2010-2072 - pyftpd 0.8.5 (low; bug #585773) [lenny] - pyftpd 0.8.4.6+lenny1 -CVE-2010-2071 (The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the ...) +CVE-2010-2071 - linux-2.6 2.6.32-16 [lenny] - linux-2.6 <not-affected> (btrfs introduced in 2.6.29) -CVE-2010-2070 (arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and ...) +CVE-2010-2070 - xen-3 3.2.1-2 NOTE: The respective patch is present in Lenny's version of xen-3, might be fixed even earlier CVE-2010-2069 REJECTED -CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...) +CVE-2010-2068 - apache2 <not-affected> (does not affect UNIX, only Windows, etc.) -CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function ...) +CVE-2010-2067 - tiff 3.9.4-1 - tiff3 <not-affected> (fixed prior to initial upload) [lenny] - tiff <not-affected> (Only affects 3.9.x) -CVE-2010-2066 (The mext_check_arguments function in fs/ext4/move_extent.c in the ...) +CVE-2010-2066 - linux-2.6 2.6.32-21 [lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.31) -CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 ...) +CVE-2010-2065 - tiff 3.9.4-1 - tiff3 <not-affected> (fixed prior to initial upload) [lenny] - tiff <not-affected> (Only affects 3.9.x) @@ -8280,11 +8280,11 @@ CVE-2010-2064 RESERVED - rpcbind 0.2.0-4.1 NOTE: This version changed the state directory to /var/run/rpcbind, which is only writable by root -CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the ...) +CVE-2010-2063 {DSA-2061-1} - samba 2:3.4.0~pre1-1 (high) NOTE: the affected code has been completely rewritten since 3.4.x -CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, as ...) +CVE-2010-2062 {DSA-2044-1 DSA-2043-1} - vlc 1.0.1-1 [lenny] - vlc 0.8.6.h-4+lenny2.3 @@ -8297,583 +8297,583 @@ CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, a CVE-2010-2061 RESERVED - rpcbind 0.2.0-4.1 -CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows ...) +CVE-2010-2060 - beanstalkd 1.4.6-1 (unimportant; bug #585162) NOTE: Package description reads: "Beanstalkd is meant to be ran in a trusted network, NOTE: "as it has no authorisation/authentication mechanisms". So this is likely a non-issue -CVE-2010-2059 (lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and ...) +CVE-2010-2059 - rpm 4.8.1-1 (bug #584257; unimportant) NOTE: Marking as unimportant since rpm isn't used as a package manager -CVE-2010-2058 (setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable ...) +CVE-2010-2058 - prewikka 1.0.0-1.1 (low; bug #584469) [lenny] - prewikka <no-dsa> (The insecure permissions only apply for a very short timeframe during pkg update) NOTE: FEDORA-2009-3761 http://lwn.net/Articles/330642 -CVE-2010-2057 (shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, ...) +CVE-2010-2057 NOT-FOR-US: Apache MyFaces -CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary files ...) +CVE-2010-2056 - gv 1:3.7.1-1 (low) [lenny] - gv <no-dsa> (Minor issue) -CVE-2010-2055 (Ghostscript 8.71 and earlier reads initialization files from the ...) +CVE-2010-2055 - ghostscript 8.71~dfsg2-6.1 (bug #584653; bug #592569; bug #584663) [lenny] - ghostscript <no-dsa> (too risky for regressions) -CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 ...) +CVE-2010-2054 NOT-FOR-US: SBLIM SFCB -CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local ...) +CVE-2010-2053 - emesene 1.6.2-1 (low) [lenny] - emesene <not-affected> (Introduced in 1.6.1) CVE-2010-2052 REJECTED -CVE-2010-2051 (SQL injection vulnerability in article.php in Debliteck DBCart allows ...) +CVE-2010-2051 NOT-FOR-US: Debliteck DBCart -CVE-2010-2050 (Directory traversal vulnerability in the Moron Solutions MS Comment ...) +CVE-2010-2050 NOT-FOR-US: Moron Solutions MS Comment -CVE-2010-2049 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-2049 NOT-FOR-US: ManageEngine ADAudit Plus -CVE-2010-2048 (Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat ...) +CVE-2010-2048 NOT-FOR-US: Heartbeat module for Drupal -CVE-2010-2047 (SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 ...) +CVE-2010-2047 NOT-FOR-US: JE CMS -CVE-2010-2046 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2010-2046 NOT-FOR-US: ActiveHelper LiveHelp for Joomla -CVE-2010-2045 (Directory traversal vulnerability in the Dione Form Wizard (aka FDione ...) +CVE-2010-2045 NOT-FOR-US: Dione Form Wizard -CVE-2010-2044 (SQL injection vulnerability in the Konsultasi (com_konsultasi) ...) +CVE-2010-2044 NOT-FOR-US: Konsultasi for Joomla -CVE-2010-2043 (Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack ...) +CVE-2010-2043 NOT-FOR-US: DataTrack System -CVE-2010-2042 (SQL injection vulnerability in search.php in ECShop 2.7.2 allows ...) +CVE-2010-2042 NOT-FOR-US: ECShop -CVE-2010-2041 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2010-2041 NOT-FOR-US: PHP-Calendar -CVE-2010-2040 (Cross-site scripting (XSS) vulnerability in search.php in V-EVA ...) +CVE-2010-2040 NOT-FOR-US: V-EVA Shopzilla script -CVE-2010-2039 (Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, ...) +CVE-2010-2039 NOT-FOR-US: gpEasy CMS -CVE-2010-2038 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-2038 NOT-FOR-US: gpEasy CMS -CVE-2010-2037 (Directory traversal vulnerability in the Percha Downloads Attach ...) +CVE-2010-2037 NOT-FOR-US: Percha -CVE-2010-2036 (Directory traversal vulnerability in the Percha Fields Attach ...) +CVE-2010-2036 NOT-FOR-US: Percha -CVE-2010-2035 (Directory traversal vulnerability in the Percha Gallery ...) +CVE-2010-2035 NOT-FOR-US: Percha -CVE-2010-2034 (Directory traversal vulnerability in the Percha Image Attach ...) +CVE-2010-2034 NOT-FOR-US: Percha -CVE-2010-2033 (Directory traversal vulnerability in the Percha Multicategory Article ...) +CVE-2010-2033 NOT-FOR-US: Percha -CVE-2010-2032 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-2032 NOT-FOR-US: Caucho Technology Resin Professional -CVE-2010-2031 (KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield ...) +CVE-2010-2031 NOT-FOR-US: Kingsoft Webshield -CVE-2010-2030 (Cross-site scripting (XSS) vulnerability in the External Link Page ...) +CVE-2010-2030 NOT-FOR-US: External Link Page module for Drupal -CVE-2010-2029 (Cybozu Office 7 Ktai and Dotsales do not properly restrict access to ...) +CVE-2010-2029 NOT-FOR-US: Cybozu Office and Dotsales -CVE-2010-2028 (Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 ...) +CVE-2010-2028 NOT-FOR-US: k23productions TFTPGUI -CVE-2010-2027 (Mathematica 7, when running on Linux, allows local users to overwrite ...) +CVE-2010-2027 NOT-FOR-US: Mathematica -CVE-2010-2026 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ...) +CVE-2010-2026 NOT-FOR-US: Cisco -CVE-2010-2025 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) +CVE-2010-2025 NOT-FOR-US: Cisco -CVE-2010-2024 (transports/appendfile.c in Exim before 4.72, when MBX locking is ...) +CVE-2010-2024 - exim4 4.72-1 (low) [lenny] - exim4 <no-dsa> (Minor issue) -CVE-2010-2023 (transports/appendfile.c in Exim before 4.72, when a world-writable ...) +CVE-2010-2023 - exim4 4.72-1 (low) [lenny] - exim4 <no-dsa> (Minor issue) -CVE-2010-2022 (jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U ...) +CVE-2010-2022 - kfreebsd-6 <not-affected> (jail binary not yet provided, see bug #584930) - kfreebsd-7 <not-affected> (jail binary not yet provided, see bug #584930) - kfreebsd-8 <not-affected> (jail binary not yet provided, see bug #584930) -CVE-2010-2021 (Open redirect vulnerability in the Global Redirect module 6.x-1.x ...) +CVE-2010-2021 NOT-FOR-US: Global Redirect module for Drupal is not in Debian -CVE-2010-2020 (sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD ...) +CVE-2010-2020 - kfreebsd-6 <removed> [lenny] - kfreebsd-6 <no-dsa> (Minor issue, not enabled by default) - kfreebsd-7 7.3-2 [lenny] - kfreebsd-7 <no-dsa> (Minor issue, not enabled by default) - kfreebsd-8 8.0-6 (bug #584930) -CVE-2010-2019 (SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, ...) +CVE-2010-2019 NOT-FOR-US: Lokomedia CMS -CVE-2010-2018 (Directory traversal vulnerability in downlot.php in Lokomedia CMS ...) +CVE-2010-2018 NOT-FOR-US: Lokomedia CMS -CVE-2010-2017 (Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in ...) +CVE-2010-2017 NOT-FOR-US: Lokomedia CMS -CVE-2010-2016 (SQL injection vulnerability in details.php in Iceberg CMS allows ...) +CVE-2010-2016 NOT-FOR-US: Iceberg CMS -CVE-2010-2015 (Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote ...) +CVE-2010-2015 NOT-FOR-US: LiSK CMS -CVE-2010-2014 (Cross-site scripting (XSS) vulnerability in cp/list_content.php in ...) +CVE-2010-2014 NOT-FOR-US: LiSK CMS -CVE-2010-2013 (Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK ...) +CVE-2010-2013 NOT-FOR-US: LiSK CMS -CVE-2010-2012 (SQL injection vulnerability in function.php in MigasCMS 1.1, when ...) +CVE-2010-2012 NOT-FOR-US: MigasCMS -CVE-2010-2011 (Microsoft Dynamics GP uses a substitution cipher to encrypt the system ...) +CVE-2010-2011 NOT-FOR-US: Microsoft Dynamics GP -CVE-2010-2010 (Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool ...) +CVE-2010-2010 NOT-FOR-US: CTools module for Drupal -CVE-2010-2009 (Stack-based buffer overflow in the media library in BS.Global ...) +CVE-2010-2009 NOT-FOR-US: BS.Global BS.Player -CVE-2010-2008 (MySQL before 5.1.48 allows remote authenticated users with alter ...) +CVE-2010-2008 - mysql-5.1 5.1.48-1 - mysql-dfsg-5.0 <not-affected> (Only affects MySQL 5.1 onwards) -CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...) +CVE-2010-2007 - mydms <removed> (bug #590904; low) [lenny] - mydms <no-dsa> (Minor issue) NOTE: seems to have changed name to letoDMS -CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS ...) +CVE-2010-2006 {DSA-2146-1} - mydms 1.7.2+1.7.3-1.1 (bug #582587; medium) NOTE: seems to have changed name to letoDMS -CVE-2010-2005 (Multiple PHP remote file inclusion vulnerabilities in DataLife Engine ...) +CVE-2010-2005 NOT-FOR-US: Datalife Engine -CVE-2010-2004 (Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 ...) +CVE-2010-2004 NOT-FOR-US: BS.Player -CVE-2010-2003 (Cross-site scripting (XSS) vulnerability in misc/get_admin.php in ...) +CVE-2010-2003 NOT-FOR-US: Advanced Poll -CVE-2010-2002 (Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x ...) +CVE-2010-2002 NOT-FOR-US: Wordfilter module for Drupal -CVE-2010-2001 (Cross-site scripting (XSS) vulnerability in the CiviRegister module ...) +CVE-2010-2001 NOT-FOR-US: CiviRegister module for Drupal -CVE-2010-2000 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...) +CVE-2010-2000 NOT-FOR-US: Biblio module for Drupal -CVE-2010-1999 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ...) +CVE-2010-1999 NOT-FOR-US: OpenMairie -CVE-2010-1998 (Cross-site scripting (XSS) vulnerability in the CCK TableField module ...) +CVE-2010-1998 NOT-FOR-US: CCK TableField module for Drupal -CVE-2010-1997 (Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus ...) +CVE-2010-1997 NOT-FOR-US: Saurus CMS -CVE-2010-1996 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2010-1996 NOT-FOR-US: Tomato CMS -CVE-2010-1995 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2010-1995 NOT-FOR-US: Tomato CMS -CVE-2010-1994 (SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 ...) +CVE-2010-1994 NOT-FOR-US: Tomato CMS -CVE-2010-1993 (Opera 9.52 does not properly handle an IFRAME element with a mailto: ...) +CVE-2010-1993 NOT-FOR-US: Opera -CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations ...) +CVE-2010-1992 - chromium-browser <unfixed> (unimportant) NOTE: http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en NOTE: poc is just one window, but can be changed to open many NOTE: this is a dos-only attack, so its considered unimportant -CVE-2010-1991 (Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 ...) +CVE-2010-1991 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-1990 (Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, ...) +CVE-2010-1990 - xulrunner <unfixed> (unimportant; bug #582590) - iceape <removed> (unimportant) NOTE: browser dos attacks are not considered security-relevant -CVE-2010-1989 (Opera 9.52 executes a mail application in situations where an IMG ...) +CVE-2010-1989 NOT-FOR-US: Opera -CVE-2010-1988 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...) +CVE-2010-1988 - xulrunner <unfixed> (unimportant) - iceape <removed> (unimportant) NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom) -CVE-2010-1987 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...) +CVE-2010-1987 - xulrunner <unfixed> (unimportant) - iceape <removed> (unimportant) NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom) -CVE-2010-1986 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...) +CVE-2010-1986 - xulrunner <unfixed> (unimportant) - iceape <removed> (unimportant) NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom) -CVE-2010-1985 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2010-1985 NOT-FOR-US: Six Apart Movable type -CVE-2010-1984 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb ...) +CVE-2010-1984 NOT-FOR-US: Taxonomy Breadcrumb module for Drupal -CVE-2010-1983 (Directory traversal vulnerability in the redTWITTER (com_redtwitter) ...) +CVE-2010-1983 NOT-FOR-US: com_redtwitter component for joomla! -CVE-2010-1982 (Directory traversal vulnerability in the JA Voice (com_javoice) ...) +CVE-2010-1982 NOT-FOR-US: com_javoice component for joomla! -CVE-2010-1981 (Directory traversal vulnerability in the Fabrik (com_fabrik) component ...) +CVE-2010-1981 NOT-FOR-US: com_fabrik component for joomla! -CVE-2010-1980 (Directory traversal vulnerability in joomlaflickr.php in the Joomla ...) +CVE-2010-1980 NOT-FOR-US: com_joomlaflickr component for joomla! -CVE-2010-1979 (Directory traversal vulnerability in the Affiliate Datafeeds ...) +CVE-2010-1979 NOT-FOR-US: com_datafeeds component for joomla! -CVE-2010-1978 (PHP remote file inclusion vulnerability in default_theme.php in ...) +CVE-2010-1978 NOT-FOR-US: FreePHPBlogSoftware -CVE-2010-1977 (Directory traversal vulnerability in the J!WHMCS Integrator ...) +CVE-2010-1977 NOT-FOR-US: com_jwhmcs component for joomla! -CVE-2010-1976 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb ...) +CVE-2010-1976 NOT-FOR-US: Taxonomy Breadcrumb module for Drupal -CVE-2010-1975 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, ...) +CVE-2010-1975 {DSA-2051-1} - postgresql-8.4 8.4.4-1 (low) - postgresql-8.3 <removed> (low) CVE-2010-1974 REJECTED -CVE-2010-1973 (Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, ...) +CVE-2010-1973 NOT-FOR-US: OpenVMS -CVE-2010-1972 (The default configuration of HP Client Automation (HPCA) Enterprise ...) +CVE-2010-1972 NOT-FOR-US: HP Client Automation -CVE-2010-1971 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...) +CVE-2010-1971 NOT-FOR-US: HP Insight -CVE-2010-1970 (Unspecified vulnerability in HP Insight Software Installer for Windows ...) +CVE-2010-1970 NOT-FOR-US: HP Insight -CVE-2010-1969 (Cross-site scripting (XSS) vulnerability in HP Virtual Connect ...) +CVE-2010-1969 NOT-FOR-US: HP Virtual Connect Enterprise Manager -CVE-2010-1968 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...) +CVE-2010-1968 NOT-FOR-US: HP Insight -CVE-2010-1967 (Unspecified vulnerability in HP Insight Software Installer for Windows ...) +CVE-2010-1967 NOT-FOR-US: HP Insight -CVE-2010-1966 (Unspecified vulnerability in HP Insight Control power management for ...) +CVE-2010-1966 NOT-FOR-US: HP Insight -CVE-2010-1965 (Unspecified vulnerability in HP Insight Orchestration for Windows ...) +CVE-2010-1965 NOT-FOR-US: HP Insight -CVE-2010-1964 (Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node ...) +CVE-2010-1964 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows ...) +CVE-2010-1963 NOT-FOR-US: HP ServiceCenter -CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...) +CVE-2010-1962 NOT-FOR-US: HP StorageWorks -CVE-2010-1961 (Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView ...) +CVE-2010-1961 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2010-1960 (Buffer overflow in the error handling functionality in ...) +CVE-2010-1960 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2010-1959 (Unspecified vulnerability in HP TestDirector for Quality Center 9.2 ...) +CVE-2010-1959 NOT-FOR-US: HP TestDirector for Quality Center -CVE-2010-1958 (Cross-site scripting (XSS) vulnerability in the FileField module 5.x ...) +CVE-2010-1958 NOT-FOR-US: Drupal addon -CVE-2010-1957 (Directory traversal vulnerability in the Love Factory ...) +CVE-2010-1957 NOT-FOR-US: com_lovefactory component for joomla! -CVE-2010-1956 (Directory traversal vulnerability in the Gadget Factory ...) +CVE-2010-1956 NOT-FOR-US: com_gadgetfactory component for joomla! -CVE-2010-1955 (Directory traversal vulnerability in the Deluxe Blog Factory ...) +CVE-2010-1955 NOT-FOR-US: com_blogfactory component for joomla! -CVE-2010-1954 (Directory traversal vulnerability in the iNetLanka Multiple root ...) +CVE-2010-1954 NOT-FOR-US: com_multiroot component for joomla! -CVE-2010-1953 (Directory traversal vulnerability in the iNetLanka Multiple Map ...) +CVE-2010-1953 NOT-FOR-US: com_multimap component for joomla! -CVE-2010-1952 (Directory traversal vulnerability in the BeeHeard (com_beeheard) and ...) +CVE-2010-1952 NOT-FOR-US: com_beeheard component for joomla! -CVE-2010-1951 (Multiple directory traversal vulnerabilities in 60cycleCMS allow ...) +CVE-2010-1951 NOT-FOR-US: 60cycleCMS -CVE-2010-1950 (SQL injection vulnerability in the Online News Paper Manager ...) +CVE-2010-1950 NOT-FOR-US: Online News Paper Manager -CVE-2010-1949 (SQL injection vulnerability in the Online News Paper Manager ...) +CVE-2010-1949 NOT-FOR-US: Online News Paper Manager -CVE-2010-1948 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) +CVE-2010-1948 NOT-FOR-US: openMairie -CVE-2010-1947 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) +CVE-2010-1947 NOT-FOR-US: openMairie -CVE-2010-1946 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) +CVE-2010-1946 NOT-FOR-US: openMairie -CVE-2010-1945 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) +CVE-2010-1945 NOT-FOR-US: openMairie -CVE-2010-1944 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) +CVE-2010-1944 NOT-FOR-US: openMairie -CVE-2010-1943 (Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister ...) +CVE-2010-1943 NOT-FOR-US: NEC CapsSuite Small Edition -CVE-2010-1942 (Unspecified vulnerability in the Servlet service in Fujitsu Limited ...) +CVE-2010-1942 NOT-FOR-US: Fujitsu Limited Interstage Application Server -CVE-2010-1941 (Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and ...) +CVE-2010-1941 NOT-FOR-US: NEC WebSAM DeploymentManager -CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header ...) +CVE-2010-1940 - chromium-browser <not-affected> - webkit <not-affected> NOTE: Safari-specific. Chromium and Safari have totally separate HTTP stacks. -CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows ...) +CVE-2010-1939 - chromium-browser <not-affected> - webkit <not-affected> NOTE: poc seems to cause a dos in both chromium and webkit; not sure if code execution is possible NOTE: This is Safari only -CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie ...) +CVE-2010-1938 - opie 2.32.dfsg.1-0.2 (low; bug #584932) [lenny] - opie 2.32-10.2+lenny2 -CVE-2010-1937 (Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM ...) +CVE-2010-1937 NOT-FOR-US: SBLIM SFCB -CVE-2010-1936 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) +CVE-2010-1936 NOT-FOR-US: openMairie openComInterne -CVE-2010-1935 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) +CVE-2010-1935 NOT-FOR-US: openMairie Openpresse -CVE-2010-1934 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) +CVE-2010-1934 NOT-FOR-US: openMairie openPlanning -CVE-2010-1928 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) +CVE-2010-1928 NOT-FOR-US: openMairie openPlanning -CVE-2010-1927 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) +CVE-2010-1927 NOT-FOR-US: openMairie openCourrier -CVE-2010-1926 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) +CVE-2010-1926 NOT-FOR-US: openMairie openCourrier -CVE-2010-1925 (SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows ...) +CVE-2010-1925 NOT-FOR-US: tekno.Portal -CVE-2010-1924 (SQL injection vulnerability in index.php in Hi Web Wiesbaden Live ...) +CVE-2010-1924 NOT-FOR-US: Hi Web Wiesbaden Live Shopping multi Portal System -CVE-2010-1923 (SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 ...) +CVE-2010-1923 NOT-FOR-US: Hi Web Wiesbaden Web Social Network Community System -CVE-2010-1922 (Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 ...) +CVE-2010-1922 NOT-FOR-US: 29o3 CMS -CVE-2010-1921 (Multiple PHP remote file inclusion vulnerabilities in OpenMairie ...) +CVE-2010-1921 NOT-FOR-US: OpenMairie openAnnuaire -CVE-2010-1920 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ...) +CVE-2010-1920 NOT-FOR-US: OpenMairie openAnnuaire CVE-2010-1933 RESERVED -CVE-2010-1932 (Heap-based buffer overflow in XnView 1.97.4 and possibly earlier ...) +CVE-2010-1932 NOT-FOR-US: XnView -CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in ...) +CVE-2010-1931 NOT-FOR-US: CubeCart PHP Shopping Cart -CVE-2010-1930 (Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows ...) +CVE-2010-1930 NOT-FOR-US: Novell iManager -CVE-2010-1929 (Multiple stack-based buffer overflows in the ...) +CVE-2010-1929 NOT-FOR-US: Novell iImanager -CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 ...) +CVE-2010-1919 NOT-FOR-US: EMC -CVE-2010-1913 (The default configuration of pluginlicense.ini for the ...) +CVE-2010-1913 NOT-FOR-US: Consona -CVE-2010-1912 (The SdcWebSecureBase interface in tgctlcm.dll in Consona Live ...) +CVE-2010-1912 NOT-FOR-US: Consona -CVE-2010-1911 (The site-locking implementation in the SdcWebSecureBase interface in ...) +CVE-2010-1911 NOT-FOR-US: Consona -CVE-2010-1910 (The Forgot Password implementation in Consona Live Assistance, Dynamic ...) +CVE-2010-1910 NOT-FOR-US: Consona -CVE-2010-1909 (Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX ...) +CVE-2010-1909 NOT-FOR-US: Consona -CVE-2010-1908 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live ...) +CVE-2010-1908 NOT-FOR-US: Consona -CVE-2010-1907 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live ...) +CVE-2010-1907 NOT-FOR-US: ConsonA -CVE-2010-1906 (tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair ...) +CVE-2010-1906 NOT-FOR-US: Consona -CVE-2010-1905 (Multiple cross-site scripting (XSS) vulnerabilities in Consona Live ...) +CVE-2010-1905 NOT-FOR-US: Consona -CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client ...) +CVE-2010-1904 NOT-FOR-US: EMC RSA key manager -CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, ...) +CVE-2010-1903 NOT-FOR-US: Microsoft Word -CVE-2010-1902 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 ...) +CVE-2010-1902 NOT-FOR-US: Microsoft Word -CVE-2010-1901 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft ...) +CVE-2010-1901 NOT-FOR-US: Microsoft Word -CVE-2010-1900 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft ...) +CVE-2010-1900 NOT-FOR-US: Microsoft Office Word -CVE-2010-1899 (Stack consumption vulnerability in the ASP implementation in Microsoft ...) +CVE-2010-1899 NOT-FOR-US: Microsoft IIS -CVE-2010-1898 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, ...) +CVE-2010-1898 NOT-FOR-US: Microsoft .NET Framework -CVE-2010-1897 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) +CVE-2010-1897 NOT-FOR-US: Microsoft Windows -CVE-2010-1896 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) +CVE-2010-1896 NOT-FOR-US: Microsoft Windows -CVE-2010-1895 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) +CVE-2010-1895 NOT-FOR-US: Microsoft Windows -CVE-2010-1894 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) +CVE-2010-1894 NOT-FOR-US: Microsoft Windows -CVE-2010-1893 (Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, ...) +CVE-2010-1893 NOT-FOR-US: Microsoft Windows -CVE-2010-1892 (The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows ...) +CVE-2010-1892 NOT-FOR-US: Microsoft Windows -CVE-2010-1891 (The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem ...) +CVE-2010-1891 NOT-FOR-US: Microsoft Windows -CVE-2010-1890 (The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 ...) +CVE-2010-1890 NOT-FOR-US: Microsoft Windows -CVE-2010-1889 (Double free vulnerability in the kernel in Microsoft Windows Vista SP1 ...) +CVE-2010-1889 NOT-FOR-US: Microsoft Windows -CVE-2010-1888 (Race condition in the kernel in Microsoft Windows XP SP3 allows local ...) +CVE-2010-1888 NOT-FOR-US: Microsoft Windows -CVE-2010-1887 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) +CVE-2010-1887 NOT-FOR-US: Microsoft Windows -CVE-2010-1886 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...) +CVE-2010-1886 NOT-FOR-US: Microsoft Windows -CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help ...) +CVE-2010-1885 NOT-FOR-US: Microsoft Windows CVE-2010-1884 REJECTED -CVE-2010-1883 (Integer overflow in the Embedded OpenType (EOT) Font Engine in ...) +CVE-2010-1883 NOT-FOR-US: Microsoft Windows -CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for ...) +CVE-2010-1882 NOT-FOR-US: MPEG Layer-3 Audio Codec for -CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls ...) +CVE-2010-1881 NOT-FOR-US: Microsoft -CVE-2010-1880 (Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft ...) +CVE-2010-1880 NOT-FOR-US: Microsoft -CVE-2010-1879 (Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media ...) +CVE-2010-1879 NOT-FOR-US: Microsoft -CVE-2010-1878 (Directory traversal vulnerability in the OrgChart (com_orgchart) ...) +CVE-2010-1878 NOT-FOR-US: com_orgchart component for joomla! -CVE-2010-1877 (SQL injection vulnerability in the JTM Reseller (com_jtm) component ...) +CVE-2010-1877 NOT-FOR-US: com_jtm component for joomla! -CVE-2010-1876 (SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 ...) +CVE-2010-1876 NOT-FOR-US: AJ Shopping Cart -CVE-2010-1875 (Directory traversal vulnerability in the Real Estate Property ...) +CVE-2010-1875 NOT-FOR-US: com_properties component for joomla! -CVE-2010-1874 (SQL injection vulnerability in the Real Estate Property ...) +CVE-2010-1874 NOT-FOR-US: com_properties component for joomla! -CVE-2010-1873 (SQL injection vulnerability in the Jvehicles (com_jvehicles) component ...) +CVE-2010-1873 NOT-FOR-US: com_jvehicles component for joomla! -CVE-2010-1872 (Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard ...) +CVE-2010-1872 NOT-FOR-US: FlashCard -CVE-2010-1918 (SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and ...) +CVE-2010-1918 NOT-FOR-US: EFront ask_chat -CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 ...) +CVE-2010-1917 {DSA-2089-1} - php5 5.3.3-1 (low) [lenny] - php5 <no-dsa> (Minor issue) -CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 ...) +CVE-2010-1916 - serendipity 1.5.3-1 [lenny] - serendipity <not-affected> (Only affects >= 1.4) - horde3 <not-affected> (Vulnerable code not included, see bug #585165) - openacs <not-affected> (Doesn't use the PHP interface, see bug #585163) - dotlrn <not-affected> (Doesn't use the PHP interface, see bug #585164) -CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...) +CVE-2010-1915 - php5 <removed> (unimportant) -CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...) +CVE-2010-1914 - php5 <removed> (unimportant) -CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application ...) +CVE-2010-1871 - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) -CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...) +CVE-2010-1870 - libstruts1.2-java <not-affected> (issue involves a problem in xwork, which was introduced in struts2) - libspring-2.5-java <not-affected> (Vulnerable code not present) -CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...) +CVE-2010-1869 {DSA-2080-1} - ghostscript 8.71~dfsg-4 NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3 -CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...) +CVE-2010-1868 - php5 <removed> (unimportant) -CVE-2010-1867 (SQL injection vulnerability in the ...) +CVE-2010-1867 NOT-FOR-US: Campsite -CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...) +CVE-2010-1866 - php5 5.3.3-1 (low) [lenny] - php5 <not-affected> (dechunk filter introduced in 5.3) -CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and ...) +CVE-2010-1865 NOT-FOR-US: ClanSphere -CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...) +CVE-2010-1864 - php5 5.3.3-1 (unimportant) -CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...) +CVE-2010-1863 NOT-FOR-US: ClanTiger -CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...) +CVE-2010-1862 - php5 <removed> (unimportant) -CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...) +CVE-2010-1861 - php5 <removed> (unimportant) -CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...) +CVE-2010-1860 - php5 5.3.3-1 (unimportant) -CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and ...) +CVE-2010-1859 NOT-FOR-US: DeluxeBB -CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage (com_smestorage) ...) +CVE-2010-1858 NOT-FOR-US: com_smestorage component for joomla! -CVE-2010-1857 (SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, ...) +CVE-2010-1857 NOT-FOR-US: RepairShop2 -CVE-2010-1856 (Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 ...) +CVE-2010-1856 NOT-FOR-US: RepairShop2 -CVE-2010-1855 (SQL injection vulnerability in auktion.php in Pay Per Watch & Bid ...) +CVE-2010-1855 NOT-FOR-US: Pay Per Watch & Bid Auktions System -CVE-2010-1854 (Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per ...) +CVE-2010-1854 NOT-FOR-US: Pay Per Watch & Bid Auktions System -CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse function ...) +CVE-2010-1853 - transmission 1.92-1 [lenny] - transmission <not-affected> (Support for Magnet links not yet available) -CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension is ...) +CVE-2010-1852 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled, uses ...) +CVE-2010-1851 NOT-FOR-US: Invisible Hand extension for chromium -CVE-2010-1850 (Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 ...) +CVE-2010-1850 {DSA-2057-1} - mysql-5.1 5.1.47-1 (bug #582526) - mysql-dfsg-5.0 <removed> CVE-2010-XXXX [wicd changes permissions of resolv.conf] - wicd 1.7.0+ds1-3 (low; bug #582798) -CVE-2010-1849 (The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through ...) +CVE-2010-1849 {DSA-2057-1} - mysql-5.1 5.1.47-1 (bug #582526) - mysql-dfsg-5.0 <removed> -CVE-2010-1848 (Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 ...) +CVE-2010-1848 {DSA-2057-1} - mysql-5.1 5.1.47-1 (bug #582526) - mysql-dfsg-5.0 <removed> -CVE-2010-1847 (The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly ...) +CVE-2010-1847 NOT-FOR-US: Apple Mac OS X -CVE-2010-1846 (Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and ...) +CVE-2010-1846 NOT-FOR-US: Apple Mac OS X -CVE-2010-1845 (ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows ...) +CVE-2010-1845 NOT-FOR-US: Apple Mac OS X -CVE-2010-1844 (Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x ...) +CVE-2010-1844 NOT-FOR-US: Apple Mac OS X -CVE-2010-1843 (Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote ...) +CVE-2010-1843 NOT-FOR-US: Apple Mac OS X -CVE-2010-1842 (Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 ...) +CVE-2010-1842 NOT-FOR-US: Apple Mac OS X -CVE-2010-1841 (Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows ...) +CVE-2010-1841 NOT-FOR-US: Apple Mac OS X -CVE-2010-1840 (Stack-based buffer overflow in the password-validation functionality ...) +CVE-2010-1840 NOT-FOR-US: Apple Mac OS X CVE-2010-1839 RESERVED -CVE-2010-1838 (Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 ...) +CVE-2010-1838 NOT-FOR-US: Apple Mac OS X -CVE-2010-1837 (CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows ...) +CVE-2010-1837 NOT-FOR-US: Apple Mac OS X -CVE-2010-1836 (Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 ...) +CVE-2010-1836 NOT-FOR-US: Apple Mac OS X CVE-2010-1835 RESERVED -CVE-2010-1834 (CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly ...) +CVE-2010-1834 NOT-FOR-US: Apple Mac OS X -CVE-2010-1833 (Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 ...) +CVE-2010-1833 NOT-FOR-US: Apple Mac OS X -CVE-2010-1832 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) +CVE-2010-1832 NOT-FOR-US: Apple Mac OS X -CVE-2010-1831 (Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 ...) +CVE-2010-1831 NOT-FOR-US: Apple Mac OS X -CVE-2010-1830 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates ...) +CVE-2010-1830 NOT-FOR-US: Apple Mac OS X -CVE-2010-1829 (Directory traversal vulnerability in AFP Server in Apple Mac OS X ...) +CVE-2010-1829 NOT-FOR-US: Apple Mac OS X -CVE-2010-1828 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows ...) +CVE-2010-1828 NOT-FOR-US: Apple Mac OS X CVE-2010-1827 RESERVED CVE-2010-1826 RESERVED -CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...) +CVE-2010-1825 - chromium-browser 6.0.472.59~r59126-1 NOTE: http://trac.webkit.org/changeset/66847 -CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Apple iTunes before ...) +CVE-2010-1824 - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.59~r59126-1 NOTE: http://trac.webkit.org/changeset/66795 -CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in ...) +CVE-2010-1823 - webkit <not-affected> (vulnerable code not present in 1.2.x series) - chromium-browser 6.0.472.59~r59126-1 NOTE: http://trac.webkit.org/changeset/65958 -CVE-2010-1822 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 ...) +CVE-2010-1822 - webkit <not-affected> (rendererIsNeeded function not present in 1.2.x series) - chromium-browser 6.0.472.62~r59676-1 -CVE-2010-1821 (Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through ...) +CVE-2010-1821 NOT-FOR-US: Apple Mac OS X -CVE-2010-1820 (Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through ...) +CVE-2010-1820 NOT-FOR-US: Apple Filing Protocol Server -CVE-2010-1819 (Untrusted search path vulnerability in the Picture Viewer in Apple ...) +CVE-2010-1819 NOT-FOR-US: Apple QuickTime -CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple ...) +CVE-2010-1818 NOT-FOR-US: QuickTime -CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and ...) +CVE-2010-1817 NOT-FOR-US: Apple iOS -CVE-2010-1816 (Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and ...) +CVE-2010-1816 NOT-FOR-US: Apple Mac OS X -CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...) +CVE-2010-1815 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) -CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and ...) +CVE-2010-1814 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) +CVE-2010-1813 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser <not-affected> NOTE: http://trac.webkit.org/changeset/63048 -CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...) +CVE-2010-1812 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) +CVE-2010-1811 NOT-FOR-US: Apple iOS -CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...) +CVE-2010-1810 NOT-FOR-US: Apple iOS -CVE-2010-1809 (The Accessibility component in Apple iOS before 4.1 on the iPhone and ...) +CVE-2010-1809 NOT-FOR-US: Apple iOS -CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) +CVE-2010-1808 NOT-FOR-US: Apple Mac OS X -CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android ...) +CVE-2010-1807 - webkit 1.2.5-1 (bug #599830) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser <not-affected> @@ -8884,109 +8884,109 @@ CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; And NOTE: scheme used by webkit (and mozilla). The fix is not to accept "NAN(payload)". NOTE: test-case: -parseFloat("NAN(ffffeeeeeff0f)") NOTE: reproduced with epiphany -CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...) +CVE-2010-1806 - chromium-browser 5.0.375.127~r55887-1 NOTE: http://trac.webkit.org/changeset/63772 -CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 ...) +CVE-2010-1805 - webkit <not-affected> (windows-specific issue) - chromium-browser <not-affected> (windows-specific issue) NOTE: This is the windows DLL planting attack -CVE-2010-1804 (Unspecified vulnerability in the network bridge functionality on the ...) +CVE-2010-1804 NOT-FOR-US: Apple -CVE-2010-1803 (Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify ...) +CVE-2010-1803 NOT-FOR-US: Apple Mac OS X -CVE-2010-1802 (libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly ...) +CVE-2010-1802 NOT-FOR-US: Apple Mac OS X -CVE-2010-1801 (Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 ...) +CVE-2010-1801 NOT-FOR-US: CoreGraphics -CVE-2010-1800 (CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL ...) +CVE-2010-1800 NOT-FOR-US: CFNetwork -CVE-2010-1799 (Stack-based buffer overflow in the error-logging functionality in ...) +CVE-2010-1799 NOT-FOR-US: Apple QuickTime on Windows CVE-2010-1798 RESERVED -CVE-2010-1797 (Multiple stack-based buffer overflows in the ...) +CVE-2010-1797 {DSA-2105-1} - freetype 2.4.2-1 -CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 ...) +CVE-2010-1796 - webkit <not-affected> - chromium-browser <not-affected> NOTE: Very Safari specific -CVE-2010-1795 (Untrusted search path vulnerability in Apple iTunes before 9.1, when ...) +CVE-2010-1795 NOT-FOR-US: Apple iTunes on Windows -CVE-2010-1794 (The webdav_mount function in webdav_vfsops.c in the WebDAV kernel ...) +CVE-2010-1794 NOT-FOR-US: Apple -CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple Safari ...) +CVE-2010-1793 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: http://trac.webkit.org/changeset/62482 NOTE: http://trac.webkit.org/changeset/62662 NOTE: duplicated as cve-2010-2902 -CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1792 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser <not-affected> NOTE: http://trac.webkit.org/changeset/62386 NOTE: Chromium uses a totally different regexp implementation. -CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac ...) +CVE-2010-1791 - webkit 1.2.6-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser <not-affected> NOTE: this is specific to Safari's JavaScript engine -CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1790 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser <not-affected> NOTE: http://trac.webkit.org/changeset/62301 NOTE: this is specific to Safari's JavaScript engine -CVE-2010-1789 (Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on ...) +CVE-2010-1789 - webkit <not-affected> - chromium-browser <not-affected> NOTE: this is specific to Safari's JavaScript engine -CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1788 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=40994 NOTE: http://trac.webkit.org/changeset/62482 -CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1787 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: http://trac.webkit.org/changeset/61044 -CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...) +CVE-2010-1786 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: http://trac.webkit.org/changeset/61667 NOTE: duplicated as cve-2010-2647 -CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1785 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-1 NOTE: http://trac.webkit.org/changeset/61050 NOTE: http://trac.webkit.org/changeset/61051 -CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS) ...) +CVE-2010-1784 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 NOTE: http://trac.webkit.org/changeset/62271 -CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1783 {DSA-2188-1} - webkit 1.2.7-1 - chromium-browser 5.0.375.127~r55887-1 NOTE: (Chromium Sec) This seems a duplicate of CVE-2010-2899 NOTE: http://trac.webkit.org/changeset/62134 -CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1782 - webkit 1.2.4-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375 NOTE: http://trac.webkit.org/changeset/61921 -CVE-2010-1781 (Double free vulnerability in WebKit in Apple iOS before 4.1 on the ...) +CVE-2010-1781 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...) +CVE-2010-1780 - webkit 1.2.5-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.125~r53311-1 @@ -8994,60 +8994,60 @@ CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 NOTE: http://trac.webkit.org/changeset/60984 CVE-2010-1779 RESERVED -CVE-2010-1778 (Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 ...) +CVE-2010-1778 - webkit <not-affected> - chromium-browser <not-affected> NOTE: Safari only (chromium security team) -CVE-2010-1777 (Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers ...) +CVE-2010-1777 NOT-FOR-US: Apple iTunes -CVE-2010-1776 (Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and ...) +CVE-2010-1776 NOT-FOR-US: Apple iOS -CVE-2010-1775 (Race condition in Passcode Lock in Apple iOS before 4 on the iPhone ...) +CVE-2010-1775 NOT-FOR-US: Apple iPhone Passcode Lock -CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1774 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261 NOTE: http://trac.webkit.org/changeset/59495 -CVE-2010-1773 (Off-by-one error in the toAlphabetic function in ...) +CVE-2010-1773 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508 NOTE: http://trac.webkit.org/changeset/59950 -CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore in ...) +CVE-2010-1772 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388 NOTE: http://trac.webkit.org/changeset/59859 -CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1771 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39453 NOTE: http://trac.webkit.org/changeset/59876 -CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1770 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626 NOTE: http://trac.webkit.org/changeset/59795 -CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 ...) +CVE-2010-1769 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: dupe of CVE-2010-1774 -CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows local ...) +CVE-2010-1768 NOT-FOR-US: Apple iTunes -CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2010-1767 - webkit 1.2.1-3 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843 NOTE: http://trac.webkit.org/changeset/57041 -CVE-2010-1766 (Off-by-one error in the WebSocketHandshake::readServerHandshake ...) +CVE-2010-1766 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 @@ -9059,174 +9059,174 @@ CVE-2010-1765 - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37933 NOTE: http://trac.webkit.org/changeset/57995 -CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1764 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=31410 NOTE: http://trac.webkit.org/changeset/55157 -CVE-2010-1763 (Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on ...) +CVE-2010-1763 - webkit <not-affected> (vulnerable code introduced in svn58950, which isn't included in 1.2.1 yet) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39008 NOTE: http://trac.webkit.org/changeset/59486 -CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2010-1762 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38922 NOTE: http://trac.webkit.org/changeset/59241 NOTE: http://trac.webkit.org/changeset/59242 -CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1761 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760 NOTE: http://trac.webkit.org/changeset/59263 -CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest ...) +CVE-2010-1760 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.99~r51029-2 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37781 NOTE: http://trac.webkit.org/changeset/58409 -CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1759 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38583 NOTE: http://trac.webkit.org/changeset/59109 -CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1758 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697 NOTE: http://trac.webkit.org/changeset/59098 -CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...) +CVE-2010-1757 NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...) +CVE-2010-1756 NOT-FOR-US: Apple iPhone -CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not ...) +CVE-2010-1755 NOT-FOR-US: Apple Safari -CVE-2010-1754 (Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does ...) +CVE-2010-1754 NOT-FOR-US: Apple Passcode Lock -CVE-2010-1753 (ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows ...) +CVE-2010-1753 NOT-FOR-US: iOS -CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the ...) +CVE-2010-1752 NOT-FOR-US: Apple CFNetwork -CVE-2010-1751 (Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch ...) +CVE-2010-1751 NOT-FOR-US: Apple Application Sandbox -CVE-2010-1750 (Use-after-free vulnerability in Apple Safari before 5.0 on Windows ...) +CVE-2010-1750 NOT-FOR-US: Apple Safari -CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1749 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=27193 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625 NOTE: http://trac.webkit.org/changeset/45941 -CVE-2010-1748 (The cgi_initialize_string function in cgi-bin/var.c in the web ...) +CVE-2010-1748 {DSA-2176-1} - cups 1.4.4-1 CVE-2010-1747 RESERVED -CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table JX ...) +CVE-2010-1746 NOT-FOR-US: com_grid component for joomla! CVE-2010-1745 REJECTED -CVE-2010-1744 (SQL injection vulnerability in product.html in B2B Gold Script allows ...) +CVE-2010-1744 NOT-FOR-US: B2B Gold Script -CVE-2010-1743 (SQL injection vulnerability in projects.php in Scratcher allows remote ...) +CVE-2010-1743 NOT-FOR-US: Scratcher -CVE-2010-1742 (Cross-site scripting (XSS) vulnerability in projects.php in Scratcher ...) +CVE-2010-1742 NOT-FOR-US: Scratcher -CVE-2010-1741 (SQL injection vulnerability in request_account.php in Billwerx RC ...) +CVE-2010-1741 NOT-FOR-US: Billwerx -CVE-2010-1740 (SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows ...) +CVE-2010-1740 NOT-FOR-US: GuppY -CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component ...) +CVE-2010-1739 NOT-FOR-US: com_newsfeeds component for joomla! CVE-2010-1738 REJECTED -CVE-2010-1737 (PHP remote file inclusion vulnerability in ...) +CVE-2010-1737 NOT-FOR-US: Gallo -CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ...) +CVE-2010-1736 NOT-FOR-US: KrM Haber -CVE-2010-1735 (The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft ...) +CVE-2010-1735 NOT-FOR-US: Microsoft Windows -CVE-2010-1734 (The SfnINSTRING function in win32k.sys in the kernel in Microsoft ...) +CVE-2010-1734 NOT-FOR-US: Microsoft Windows -CVE-2010-1733 (Multiple SQL injection vulnerabilities in OCS Inventory NG before ...) +CVE-2010-1733 - ocsinventory-server <unfixed> (unimportant) NOTE: Authentication is needed, only supported in trusted environments, see debtags -CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users module in ...) +CVE-2010-1732 NOT-FOR-US: Zikula Application Framework -CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a ...) +CVE-2010-1731 - chromium-browser 5.0.375.55~r47796-1 NOTE: various crashes on window close after opening the file on chromium (including sometimes segfaults) NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects NOTE: not reproducible with chromium-browser 5.0.375.55~r47796-1 -CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause ...) +CVE-2010-1730 NOT-FOR-US: Dolphin browser, Konqueror not covered by security support NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects -CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...) +CVE-2010-1729 - webkit <unfixed> (unimportant) NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects NOTE: dos-only on webkit -CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly handle a ...) +CVE-2010-1728 NOT-FOR-US: Opera -CVE-2010-1727 (SQL injection vulnerability in type.asp in JobPost 1.0 allows remote ...) +CVE-2010-1727 NOT-FOR-US: JobPost -CVE-2010-1726 (SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows ...) +CVE-2010-1726 NOT-FOR-US: EC21 -CVE-2010-1725 (SQL injection vulnerability in offers_buy.php in Alibaba Clone ...) +CVE-2010-1725 NOT-FOR-US: Alibaba Clone Platinum -CVE-2010-1724 (Multiple cross-site scripting (XSS) vulnerabilities in Zikula ...) +CVE-2010-1724 NOT-FOR-US: Zikula Application Framework -CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw ...) +CVE-2010-1723 NOT-FOR-US: com_drawroot component for joomla! -CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) ...) +CVE-2010-1722 NOT-FOR-US: com_market component for joomla! -CVE-2010-1721 (SQL injection vulnerability in the Intellectual Property (aka ...) +CVE-2010-1721 NOT-FOR-US: com_iproperty component for joomla! -CVE-2010-1720 (SQL injection vulnerability in the Q-Personel (com_qpersonel) ...) +CVE-2010-1720 NOT-FOR-US: com_qpersonel component for joomla! -CVE-2010-1719 (Directory traversal vulnerability in the MT Fire Eagle ...) +CVE-2010-1719 NOT-FOR-US: com_mtfireeagle component for joomla! -CVE-2010-1718 (Directory traversal vulnerability in archeryscores.php in the Archery ...) +CVE-2010-1718 NOT-FOR-US: com_archeryscores component for joomla! -CVE-2010-1717 (Directory traversal vulnerability in the iF surfALERT ...) +CVE-2010-1717 NOT-FOR-US: com_if_surfalert component for joomla! -CVE-2010-1716 (SQL injection vulnerability in the Agenda Address Book (com_agenda) ...) +CVE-2010-1716 NOT-FOR-US: com_agenda component for joomla! -CVE-2010-1715 (Directory traversal vulnerability in the Online Examination (aka ...) +CVE-2010-1715 NOT-FOR-US: com_onlineexam component for joomla! -CVE-2010-1714 (Directory traversal vulnerability in the Arcade Games ...) +CVE-2010-1714 NOT-FOR-US: com_arcadegames component for joomla! -CVE-2010-1713 (SQL injection vulnerability in modules.php in PostNuke 0.764 allows ...) +CVE-2010-1713 NOT-FOR-US: PostNuke -CVE-2010-1712 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-1712 NOT-FOR-US: Webmobo WB News -CVE-2010-1711 (Cross-site scripting (XSS) vulnerability in carga_foto_al.php in ...) +CVE-2010-1711 NOT-FOR-US: Siestta -CVE-2010-1710 (Directory traversal vulnerability in login.php in Siestta 2.0, when ...) +CVE-2010-1710 NOT-FOR-US: Siestta -CVE-2010-1709 (Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in ...) +CVE-2010-1709 NOT-FOR-US: G5-Scripts -CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free ...) +CVE-2010-1708 NOT-FOR-US: Free Realty -CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) +CVE-2010-1707 - piwigo 2.0.10-1 -CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...) +CVE-2010-1706 NOT-FOR-US: 2daybiz Auction Script -CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows ...) +CVE-2010-1705 NOT-FOR-US: Modelbook -CVE-2010-1704 (Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced ...) +CVE-2010-1704 NOT-FOR-US: 2daybiz Polls Script -CVE-2010-1703 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-1703 NOT-FOR-US: 2daybiz Polls Script -CVE-2010-1702 (SQL injection vulnerability in submitticket.php in WHMCompleteSolution ...) +CVE-2010-1702 NOT-FOR-US: WHMCompleteSolution -CVE-2010-1701 (SQL injection vulnerability in browse.html in PHP Video Battle Script ...) +CVE-2010-1701 NOT-FOR-US: PHP Video Battle Script CVE-2010-1700 REJECTED @@ -9242,7 +9242,7 @@ CVE-2010-1695 REJECTED CVE-2010-1694 REJECTED -CVE-2010-1693 (openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows ...) +CVE-2010-1693 NOT-FOR-US: OpenFabrics Enterprise Distribution (OFED) NOTE: openibd is part of ofa-kernel (ofa_1_5_kernel-20101028-0200/ofed_scripts/openibd), fixed in 2010-10-28 build NOTE: http://www.openfabrics.org/downloads/ofa_1_5_kernel/ @@ -9251,17 +9251,17 @@ CVE-2010-1692 REJECTED CVE-2010-1691 REJECTED -CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...) +CVE-2010-1690 NOT-FOR-US: Microsoft Windows -CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...) +CVE-2010-1689 NOT-FOR-US: Microsoft Windows -CVE-2010-1688 (Stack-based buffer overflow in 2BrightSparks SyncBack Freeware ...) +CVE-2010-1688 NOT-FOR-US: 2BrightSparks SyncBack Freeware -CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows ...) +CVE-2010-1687 NOT-FOR-US: Mocha W32 LPD -CVE-2010-1686 (Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC ...) +CVE-2010-1686 NOT-FOR-US: Urgent Backup -CVE-2010-1685 (Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows ...) +CVE-2010-1685 NOT-FOR-US: CursorArts ZipWrangler CVE-2010-1684 RESERVED @@ -9269,27 +9269,27 @@ CVE-2010-1683 RESERVED CVE-2010-1682 RESERVED -CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office ...) +CVE-2010-1681 NOT-FOR-US: Microsoft Office Visio CVE-2010-1680 REJECTED -CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before ...) +CVE-2010-1679 {DSA-2142-1} - dpkg 1.15.8.8 CVE-2010-1678 RESERVED - mapserver 5.6.5-2 NOTE: http://trac.osgeo.org/mapserver/ticket/3641 -CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service ...) +CVE-2010-1677 - mhonarc 2.6.18-1 (low) [squeeze] - mhonarc <no-dsa> (Minor issue) -CVE-2010-1676 (Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before ...) +CVE-2010-1676 {DSA-2136-1} - tor 0.2.1.26-6 -CVE-2010-1675 (bgpd in Quagga before 0.99.18 allows remote attackers to cause a ...) +CVE-2010-1675 {DSA-2197-1} - quagga 0.99.18-1 -CVE-2010-1674 (The extended-community parser in bgpd in Quagga before 0.99.18 allows ...) +CVE-2010-1674 {DSA-2197-1} - quagga 0.99.18-1 CVE-2010-1673 [ikiwiki xss due to insufficient html scrubbing] @@ -9299,109 +9299,109 @@ CVE-2010-1673 [ikiwiki xss due to insufficient html scrubbing] [lenny] - ikiwiki <not-affected> CVE-2010-1672 RESERVED -CVE-2010-1671 (hsolinkcontrol in hsolink 1.0.118 allows local users to gain ...) +CVE-2010-1671 - hsolink <removed> (bug #590670) -CVE-2010-1670 (Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has ...) +CVE-2010-1670 {DSA-2067-1} - mahara 1.2.5-1 -CVE-2010-1669 (SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x ...) +CVE-2010-1669 - mahara 1.2.5-1 [lenny] - mahara <not-affected> -CVE-2010-1668 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara ...) +CVE-2010-1668 {DSA-2067-1} - mahara 1.2.5-1 -CVE-2010-1667 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before ...) +CVE-2010-1667 {DSA-2067-1} - mahara 1.2.5-1 -CVE-2010-1666 (Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding ...) +CVE-2010-1666 {DSA-2068-1} - python-cjson 1.0.5-3 (bug #587700) NOTE: https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274 -CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, ...) +CVE-2010-1665 - chromium-browser 5.0.375.29~r46008-1 - webkit 1.2.1-3 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/58201 -CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 ...) +CVE-2010-1664 - chromium-browser 5.0.375.29~r46008-1 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/57922 -CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google ...) +CVE-2010-1663 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (issue is in google url; i.e. chromium-specific) -CVE-2010-1662 (Cross-site scripting (XSS) vulnerability in acpmoderate.php in ...) +CVE-2010-1662 NOT-FOR-US: PHP-Quick-Arcade -CVE-2010-1661 (Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) ...) +CVE-2010-1661 NOT-FOR-US: PHP-Quick-Arcade -CVE-2010-1660 (SQL injection vulnerability in help-details.php in CLScript ...) +CVE-2010-1660 NOT-FOR-US: CLScript Classifieds Script -CVE-2010-1659 (Directory traversal vulnerability in the Ultimate Portfolio ...) +CVE-2010-1659 NOT-FOR-US: component for Joomla! -CVE-2010-1658 (Directory traversal vulnerability in the Code-Garage NoticeBoard ...) +CVE-2010-1658 NOT-FOR-US: component for Joomla! -CVE-2010-1657 (Directory traversal vulnerability in the SmartSite (com_smartsite) ...) +CVE-2010-1657 NOT-FOR-US: component for Joomla! -CVE-2010-1656 (SQL injection vulnerability in the Airiny ABC (com_abc) component ...) +CVE-2010-1656 NOT-FOR-US: component for Joomla! -CVE-2010-1655 (Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in ...) +CVE-2010-1655 NOT-FOR-US: PowerEasy -CVE-2010-1654 (Multiple SQL injection vulnerabilities in system_member_login.php in ...) +CVE-2010-1654 NOT-FOR-US: Infocus Real Estate Enterprise Edition -CVE-2010-1653 (Directory traversal vulnerability in graphics.php in the Graphics ...) +CVE-2010-1653 NOT-FOR-US: Graphics component for Joomla! -CVE-2010-1652 (Directory traversal vulnerability in the HelpCenter module in Help ...) +CVE-2010-1652 NOT-FOR-US: Help Center Live -CVE-2010-1651 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x ...) +CVE-2010-1651 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x ...) +CVE-2010-1650 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back end in ...) +CVE-2010-1649 NOT-FOR-US: Joomla! -CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...) +CVE-2010-1648 - mediawiki 1:1.15.4-1 (bug #585918; low) [lenny] - mediawiki 1:1.12.0-2lenny6 NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html -CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before ...) +CVE-2010-1647 - mediawiki 1:1.15.4-1 (bug #585918; low) [lenny] - mediawiki 1:1.12.0-2lenny6 NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html -CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and ...) +CVE-2010-1646 {DSA-2062-1} - sudo 1.7.2p7-1 (bug #585394) -CVE-2010-1645 (Cacti before 0.8.7f, as used in Red Hat High Performance Computing ...) +CVE-2010-1645 {DSA-2384-1} - cacti 0.8.7g-1 -CVE-2010-1644 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before ...) +CVE-2010-1644 {DSA-2384-1} - cacti 0.8.7g-1 -CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict ...) +CVE-2010-1643 - linux-2.6 2.6.28-1 [lenny] - linux-2.6 2.6.26-23 -CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in ...) +CVE-2010-1642 - samba 2:3.5.4~dfsg-2 (unimportant) NOTE: Only crashes a single connection, not the entire smbd -CVE-2010-1641 (The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel ...) +CVE-2010-1641 - linux-2.6 2.6.32-16 [lenny] - linux-2.6 2.6.26-23 -CVE-2010-1640 (Off-by-one error in the parseicon function in libclamav/pe_icons.c in ...) +CVE-2010-1640 - clamav 0.96.1+dfsg-1 (bug #584183) [lenny] - clamav <end-of-life> -CVE-2010-1639 (The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows ...) +CVE-2010-1639 - clamav 0.96.1+dfsg-1 (bug #584183) [lenny] - clamav <end-of-life> -CVE-2010-1638 (The IMP plugin in Horde allows remote attackers to bypass firewall ...) +CVE-2010-1638 - horde3 <unfixed> (unimportant) -CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...) +CVE-2010-1637 - squirrelmail 2:1.4.21-1 (unimportant) -CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs ...) +CVE-2010-1636 - linux-2.6 2.6.32-14 [lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.32) -CVE-2010-1635 (The chain_reply function in process.c in smbd in Samba before 3.4.8 ...) +CVE-2010-1635 - samba 2:3.6.1-2 (unimportant) NOTE: http://git.samba.org/?p=samba.git;a=commitdiff;h=25452a2268ac7013da28125f3df22085139af12d NOTE: Only crashes a single connection, not the entire smbd -CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in ...) +CVE-2010-1634 - python3.1 3.1.2+20100822-1 (low) - python2.7 2.7-1 (low) - python2.6 2.6.6-1 (low) @@ -9409,140 +9409,140 @@ CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in [lenny] - python2.5 <no-dsa> (Minor issue) - python2.4 <removed> (low) [lenny] - python2.4 <no-dsa> (Minor issue) -CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover function in ...) +CVE-2010-1633 - openssl <not-affected> (This bug is only present in OpenSSL 1.0.0, first version of 1.0.0 ever uploaded was 1.0.0c) -CVE-2010-1632 (Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server ...) +CVE-2010-1632 - axis2c 1.6.0-1 CVE-2010-1631 REJECTED -CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5 has ...) +CVE-2010-1630 - phpbb3 3.0.7-PL1-1 (low) [lenny] - phpbb3 <no-dsa> (Minor issue) -CVE-2010-1629 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 ...) +CVE-2010-1629 NOT-FOR-US: Phorum -CVE-2010-1628 (Ghostscript 8.64, 8.70, and possibly other versions allows ...) +CVE-2010-1628 {DSA-2093-1} - ghostscript 8.71~dfsg2-4 (medium; bug #584516) NOTE: no upstream fix available, see issue #1 in ubuntu bug report: NOTE: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009 NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=691295 -CVE-2010-1627 (feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check ...) +CVE-2010-1627 - phpbb3 3.0.7-PL1-1 (low) [lenny] - phpbb3 <no-dsa> (Minor issue) -CVE-2010-1626 (MySQL before 5.1.46 allows local users to delete the data and index ...) +CVE-2010-1626 {DSA-2057-1} - mysql-5.1 5.1.46-1 (bug #582526) - mysql-dfsg-5.0 <removed> (low; bug #584400) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648 -CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...) +CVE-2010-1625 {DSA-2092-1} - lxr <removed> (low; bug #588138) [lenny] - lxr <no-dsa> (Minor issue) - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137) -CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...) +CVE-2010-1624 - pidgin 2.7.0-1 (low) [lenny] - pidgin 2.4.3-4lenny6 NOTE: MSN support was disabled in 2.4.3-4lenny6 -CVE-2010-1623 (Memory leak in the apr_brigade_split_line function in ...) +CVE-2010-1623 {DSA-2117-1} - apr-util 1.3.9+dfsg-4 (medium) - apache2 2.2.16-3 [lenny] - apache2 <not-affected> (vulnerable code introduced in 2.2.15-2 or -3) -CVE-2010-1622 (SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before ...) +CVE-2010-1622 - libspring-2.5-java 2.5.6.SEC02-1 (medium) -CVE-2010-1621 (The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 ...) +CVE-2010-1621 - mysql-5.1 5.1.46-1 - mysql-dfsg-5.0 <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=590190 -CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c in ...) +CVE-2010-1620 - gnustep-base 1.19.3-2 (bug #584401) [lenny] - gnustep-base <no-dsa> (Minor issue) -CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency ...) +CVE-2010-1612 NOT-FOR-US: IBM WebSphere DataPower XML Accelerator -CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 ...) +CVE-2010-1611 NOT-FOR-US: AlegroCart -CVE-2010-1610 (Cross-site request forgery (CSRF) vulnerability in index.php in ...) +CVE-2010-1610 NOT-FOR-US: OpenCart -CVE-2010-1609 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before ...) +CVE-2010-1609 NOT-FOR-US: SAP NetWeaver -CVE-2010-1608 (Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and ...) +CVE-2010-1608 NOT-FOR-US: IBM Lotus Notes -CVE-2010-1607 (Directory traversal vulnerability in wmi.php in the Webmoney Web ...) +CVE-2010-1607 NOT-FOR-US: Webmoney Web Merchant Interface component for Joomla! -CVE-2010-1606 (Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal ...) +CVE-2010-1606 NOT-FOR-US: NCT Jobs Portal Script -CVE-2010-1605 (Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs ...) +CVE-2010-1605 NOT-FOR-US: NCT Jobs Portal Script -CVE-2010-1604 (Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs ...) +CVE-2010-1604 NOT-FOR-US: NCT Jobs Portal Script -CVE-2010-1603 (Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or ...) +CVE-2010-1603 NOT-FOR-US: ZiMB Core component for Joomla! -CVE-2010-1602 (Directory traversal vulnerability in the ZiMB Comment ...) +CVE-2010-1602 NOT-FOR-US: ZiMB Comment component for Joomla! -CVE-2010-1601 (Directory traversal vulnerability in the JA Comment (com_jacomment) ...) +CVE-2010-1601 NOT-FOR-US: JA Comment component for Joomla! -CVE-2010-1600 (SQL injection vulnerability in the Media Mall Factory (com_mediamall) ...) +CVE-2010-1600 NOT-FOR-US: Media Mall Factory component for Joomla! -CVE-2010-1599 (SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and ...) +CVE-2010-1599 NOT-FOR-US: NKInFoWeb -CVE-2010-1598 (phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ...) +CVE-2010-1598 NOT-FOR-US: phpThumb() -CVE-2010-1597 (Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 ...) +CVE-2010-1597 NOT-FOR-US: ZipGenius -CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...) +CVE-2010-1619 {DSA-2115-1} - moodle 1.9.8-1 (low; bug #585425) - wordpress <not-affected> (Vulnerable code not present) - egroupware <not-affected> (Vulneable code not present) -CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library ...) +CVE-2010-1618 {DSA-2115-1} - libphp-cas <itp> (bug #495542) - moodle 1.9.8-1 (low; bug #574757) - glpi <removed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone -CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ...) +CVE-2010-1617 {DSA-2115-1} - moodle 1.9.8-1 (unimportant; bug #585427) NOTE: i have a hard time seeing the security impact, moodle is a course management NOTE: system and the real names of your colleagues are probably not a secret, since NOTE: a patch exists I filed a bug anyway -CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when ...) +CVE-2010-1616 {DSA-2115-1} - moodle 1.9.8-1 -CVE-2010-1615 (Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 ...) +CVE-2010-1615 {DSA-2115-1} - moodle 1.9.8-1 -CVE-2010-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x ...) +CVE-2010-1614 {DSA-2115-1} - moodle 1.9.8-1 -CVE-2010-1613 (Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate ...) +CVE-2010-1613 {DSA-2115-1} - moodle 1.9.8-1 -CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication ...) +CVE-2010-1596 NOT-FOR-US: Support Incident Tracker -CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS ...) +CVE-2010-1595 - ocsinventory-server 1.02.1-1 (unimportant) NOTE: Authentication is needed, only supported in trusted environments, see debtags -CVE-2010-1594 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-1594 - ocsinventory-server 1.02.1-1 (unimportant) NOTE: Authentication is needed, only supported in trusted environments, see debtags -CVE-2010-1593 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...) +CVE-2010-1593 - silverstripe <itp> (bug #528461) -CVE-2010-1592 (sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in ...) +CVE-2010-1592 NOT-FOR-US: SiSoftware Sandra -CVE-2010-1591 (Beijing Rising International Rising Antivirus 2008 through 2010 does ...) +CVE-2010-1591 NOT-FOR-US: Beijing Rising International Rising Antivirus -CVE-2010-1590 (Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in ...) +CVE-2010-1590 NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart -CVE-2010-1589 (Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt ...) +CVE-2010-1589 NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart -CVE-2010-1588 (SQL injection vulnerability in the Getwebsess function in ...) +CVE-2010-1588 NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart -CVE-2010-1587 (The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and ...) +CVE-2010-1587 NOT-FOR-US: Apache ActiveMQ -CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management ...) +CVE-2010-1586 NOT-FOR-US: HP System Management Homepage -CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ...) +CVE-2010-1585 {DSA-2187-1 DSA-2186-1 DSA-2180-1} - icedove 3.0.11-2 [lenny] - icedove <end-of-life> @@ -9553,235 +9553,235 @@ CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ...) - iceape 2.0.12-1 [lenny] - iceape <not-affected> (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support -CVE-2010-1584 (Cross-site scripting (XSS) vulnerability in the Context module before ...) +CVE-2010-1584 NOT-FOR-US: Context module for drupal -CVE-2010-1583 (SQL injection vulnerability in the loadByKey function in the ...) +CVE-2010-1583 NOT-FOR-US: Tirzen Framework CVE-2010-1582 RESERVED -CVE-2010-1581 (Unspecified vulnerability in the Transport Layer Security (TLS) ...) +CVE-2010-1581 NOT-FOR-US: Cisco ASA -CVE-2010-1580 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...) +CVE-2010-1580 NOT-FOR-US: Cisco ASA -CVE-2010-1579 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...) +CVE-2010-1579 NOT-FOR-US: Cisco ASA -CVE-2010-1578 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...) +CVE-2010-1578 NOT-FOR-US: Cisco ASA -CVE-2010-1577 (Directory traversal vulnerability in Cisco Internet Streamer, as used ...) +CVE-2010-1577 NOT-FOR-US: Cisco -CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software before ...) +CVE-2010-1576 NOT-FOR-US: Cisco -CVE-2010-1575 (The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 ...) +CVE-2010-1575 NOT-FOR-US: Cisco -CVE-2010-1574 (IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 ...) +CVE-2010-1574 NOT-FOR-US: Cisco -CVE-2010-1573 (Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded ...) +CVE-2010-1573 NOT-FOR-US: Linksys firmware -CVE-2010-1572 (Unspecified vulnerability in the tech support diagnostic shell in ...) +CVE-2010-1572 NOT-FOR-US: Cisco -CVE-2010-1571 (Directory traversal vulnerability in the bootstrap service in Cisco ...) +CVE-2010-1571 NOT-FOR-US: Cisco -CVE-2010-1570 (The computer telephony integration (CTI) server component in Cisco ...) +CVE-2010-1570 NOT-FOR-US: Cisco CVE-2010-1569 RESERVED -CVE-2010-1568 (The Send Secure functionality in the Cisco IronPort Desktop Flag ...) +CVE-2010-1568 NOT-FOR-US: Cisco IronPort Desktop Flag Plug-in for Microsoft Outlook -CVE-2010-1567 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) +CVE-2010-1567 NOT-FOR-US: Cisco PGW CVE-2010-1566 RESERVED -CVE-2010-1565 (Unspecified vulnerability in the SIP implementation on the Cisco PGW ...) +CVE-2010-1565 NOT-FOR-US: Cisco PGW -CVE-2010-1563 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) +CVE-2010-1563 NOT-FOR-US: Cisco PGW -CVE-2010-1562 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) +CVE-2010-1562 NOT-FOR-US: Cisco PGW -CVE-2010-1561 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) +CVE-2010-1561 NOT-FOR-US: Cisco PGW -CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 ...) +CVE-2010-1560 NOT-FOR-US: IBM DB2 -CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) ...) +CVE-2010-1559 NOT-FOR-US: com_sermonspeaker component for joomla! CVE-2010-2447 [gitolite "not filtering src/ or hooks/ from pathnames"] RESERVED - gitolite 1.4.2-1 (low) NOTE: http://secunia.com/advisories/39587/ -CVE-2010-2448 (znc.cpp in ZNC before 0.092 allows remote authenticated users to cause ...) +CVE-2010-2448 - gitolite 1.4.2-1 (medium) NOTE: http://secunia.com/advisories/39587/ -CVE-2010-1558 (Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital ...) +CVE-2010-1558 NOT-FOR-US: HP MFP Digital Sending Software -CVE-2010-1557 (Multiple cross-site scripting (XSS) vulnerabilities in HP Insight ...) +CVE-2010-1557 NOT-FOR-US: HP Insight Control Server Migration -CVE-2010-1556 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 ...) +CVE-2010-1556 NOT-FOR-US: HP Systems Insight Manager -CVE-2010-1555 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network ...) +CVE-2010-1555 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2010-1554 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network ...) +CVE-2010-1554 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2010-1553 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network ...) +CVE-2010-1553 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2010-1552 (Stack-based buffer overflow in the doLoad function in snmpviewer.exe ...) +CVE-2010-1552 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2010-1551 (Stack-based buffer overflow in the _OVParseLLA function in ov.dll in ...) +CVE-2010-1551 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2010-1550 (Format string vulnerability in ovet_demandpoll.exe in HP OpenView ...) +CVE-2010-1550 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 ...) +CVE-2010-1549 NOT-FOR-US: HP LoadRunner -CVE-2010-1548 (The auto-complete functionality in the Chaos Tool Suite (aka CTools) ...) +CVE-2010-1548 NOT-FOR-US: CTools module for Drupal -CVE-2010-1547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) +CVE-2010-1547 NOT-FOR-US: CTools module for Drupal -CVE-2010-1546 (Multiple eval injection vulnerabilities in the import functionality in ...) +CVE-2010-1546 NOT-FOR-US: CTools module for Drupal CVE-2010-1545 RESERVED -CVE-2010-1544 (micro_httpd on the RCA DCM425 cable modem allows remote attackers to ...) +CVE-2010-1544 NOT-FOR-US: RCA DCM425 Cable Modem -CVE-2010-1543 (Cross-site scripting (XSS) vulnerability in the eTracker module before ...) +CVE-2010-1543 NOT-FOR-US: eTracker module for drupal -CVE-2010-1542 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2010-1542 NOT-FOR-US: DFD Cart -CVE-2010-1541 (Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, ...) +CVE-2010-1541 NOT-FOR-US: DFD Cart -CVE-2010-1540 (Directory traversal vulnerability in index.php in the MyBlog ...) +CVE-2010-1540 NOT-FOR-US: com_myblog component for joomla! -CVE-2010-1539 (Cross-site scripting (XSS) vulnerability in the Workflow module ...) +CVE-2010-1539 NOT-FOR-US: workflow module for drupal -CVE-2010-1538 (SQL injection vulnerability in print_raincheck.php in phpRAINCHECK ...) +CVE-2010-1538 NOT-FOR-US: phpRAINCHECK -CVE-2010-1537 (Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier ...) +CVE-2010-1537 NOT-FOR-US: phpCDB -CVE-2010-1536 (Cross-site scripting (XSS) vulnerability in the AddThis Button module ...) +CVE-2010-1536 NOT-FOR-US: AddThis Button module for drupal -CVE-2010-1535 (Directory traversal vulnerability in the TRAVELbook (com_travelbook) ...) +CVE-2010-1535 NOT-FOR-US: com_travelbook component for joomla! -CVE-2010-1534 (Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) ...) +CVE-2010-1534 NOT-FOR-US: com_shoutbox component for joomla! -CVE-2010-1533 (Directory traversal vulnerability in the TweetLA (com_tweetla) ...) +CVE-2010-1533 NOT-FOR-US: com_tweetla component for joomla! -CVE-2010-1532 (Directory traversal vulnerability in the givesight PowerMail Pro ...) +CVE-2010-1532 NOT-FOR-US: com_powermail component for joomla! -CVE-2010-1531 (Directory traversal vulnerability in the redSHOP (com_redshop) ...) +CVE-2010-1531 NOT-FOR-US: com_redshop component for joomla! -CVE-2010-1530 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2010-1530 NOT-FOR-US: Internationalization module for drupal -CVE-2010-1529 (SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) ...) +CVE-2010-1529 NOT-FOR-US: com_fsf component for joomla! -CVE-2010-1528 (PHP remote file inclusion vulnerability in include/template.php in ...) +CVE-2010-1528 NOT-FOR-US: Uiga Proxy -CVE-2010-1527 (Stack-based buffer overflow in Novell iPrint Client before 5.44 allows ...) +CVE-2010-1527 NOT-FOR-US: Novell iPrint Client -CVE-2010-1526 (Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow ...) +CVE-2010-1526 - libgdiplus 2.6.7-2 (low; bug #594155) [lenny] - libgdiplus 1.9-1+lenny1 -CVE-2010-1525 (Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in ...) +CVE-2010-1525 NOT-FOR-US: SpreadSheet Lotus 123 reader -CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 ...) +CVE-2010-1524 NOT-FOR-US: SpreadSheet Lotus 123 reader -CVE-2010-1523 (Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in ...) +CVE-2010-1523 NOT-FOR-US: Winamp -CVE-2010-1522 (Multiple SQL injection vulnerabilities in the BookLibrary Basic ...) +CVE-2010-1522 NOT-FOR-US: com_booklibrary component for joomla! -CVE-2010-1521 (SQL injection vulnerability in include/classes/tzn_user.php in ...) +CVE-2010-1521 NOT-FOR-US: TaskFreak! Original multi user -CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! ...) +CVE-2010-1520 NOT-FOR-US: TaskFreak! Original multi user -CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow ...) +CVE-2010-1519 - libglpng <removed> (low; bug #595171) [lenny] - libglpng <no-dsa> (Minor issue) -CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ...) +CVE-2010-1518 NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control -CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers ...) +CVE-2010-1517 NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control -CVE-2010-1516 (Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to ...) +CVE-2010-1516 NOT-FOR-US: SWFtools (were once packaged) -CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2010-1515 NOT-FOR-US: TomatoCMS -CVE-2010-1514 (Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier ...) +CVE-2010-1514 NOT-FOR-US: TomatoCMS -CVE-2010-1513 (Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 ...) +CVE-2010-1513 - ziproxy 3.1.0-1 (bug #584933) [lenny] - ziproxy <no-dsa> (Minor issue, obscure attack vector) -CVE-2010-1512 (Directory traversal vulnerability in aria2 before 1.9.3 allows remote ...) +CVE-2010-1512 {DSA-2047-1} - aria2 1.9.3-1 NOTE: http://seclists.org/fulldisclosure/2010/May/168 -CVE-2010-1511 (KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request ...) +CVE-2010-1511 - kdenetwork 4:4.4.4-1 (low) [lenny] - kdenetwork <not-affected> (Metalink plugin not yet present) NOTE: http://seclists.org/fulldisclosure/2010/May/164 -CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows remote ...) +CVE-2010-1510 NOT-FOR-US: IrfanView -CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified integer ...) +CVE-2010-1509 NOT-FOR-US: IrfanView -CVE-2010-1508 (Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows ...) +CVE-2010-1508 NOT-FOR-US: Apple QuickTime -CVE-2010-1507 (WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the ...) +CVE-2010-1507 NOT-FOR-US: YAST -CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow ...) +CVE-2010-1506 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (doesn't use v8 bindings yet) NOTE: http://trac.webkit.org/changeset/45826 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37210 NOTE: http://trac.webkit.org/changeset/57224 -CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...) +CVE-2010-1505 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chromium-specific issue) -CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) +CVE-2010-1504 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chromium-specific issue) -CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) +CVE-2010-1503 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chromium-specific issue) -CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows ...) +CVE-2010-1502 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chromium-specific directory traversal) CVE-2010-1501 REJECTED -CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, ...) +CVE-2010-1500 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (proof-of-concept not effective; chromium-specific issue) -CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 ...) +CVE-2010-1499 NOT-FOR-US: MusicBox -CVE-2010-1498 (Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow ...) +CVE-2010-1498 NOT-FOR-US: dl_stats -CVE-2010-1497 (Cross-site scripting (XSS) vulnerability in download_proc.php in ...) +CVE-2010-1497 NOT-FOR-US: dl_stats -CVE-2010-1496 (SQL injection vulnerability in the JoltCard (com_joltcard) component ...) +CVE-2010-1496 NOT-FOR-US: com_joltcard component for joomla! -CVE-2010-1495 (Directory traversal vulnerability in the Matamko (com_matamko) ...) +CVE-2010-1495 NOT-FOR-US: com_matamko component for joomla! -CVE-2010-1494 (Directory traversal vulnerability in the AWDwall (com_awdwall) ...) +CVE-2010-1494 NOT-FOR-US: com_awdwall component for joomla! -CVE-2010-1493 (SQL injection vulnerability in the AWDwall (com_awdwall) component ...) +CVE-2010-1493 NOT-FOR-US: com_awdwall component for joomla! -CVE-2010-1492 (Directory traversal vulnerability in help/frameRight.php in Elastix ...) +CVE-2010-1492 NOT-FOR-US: Elastix -CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog) ...) +CVE-2010-1491 NOT-FOR-US: com_mmsblog component for joomla! -CVE-2010-1490 (Unspecified vulnerability in IBM Cognos 8 Business Intelligence before ...) +CVE-2010-1490 NOT-FOR-US: IBM Cognos CVE-2010-XXXX [prosody password world-readable] - prosody 0.7.0-1 (low; bug #579087) CVE-2010-XXXX [gnome-orca: shell access without logon] - gnome-orca 2.30.0-2 (bug #578928) [lenny] - gnome-orca <not-affected> (Doesn't affect Lenny's version) -CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e ...) +CVE-2010-1431 {DSA-2039-1} - cacti 0.8.7e-3 (bug #578909) NOTE: http://seclists.org/fulldisclosure/2010/Apr/272 NOTE: http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch -CVE-2010-1489 (The XSS Filter in Microsoft Internet Explorer 8 does not properly ...) +CVE-2010-1489 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-1488 (The proc_oom_score function in fs/proc/base.c in the Linux kernel ...) +CVE-2010-1488 - linux-2.6 2.6.32-12 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32) -CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...) +CVE-2010-1487 NOT-FOR-US: IBM Lotus Notes -CVE-2010-1486 (Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in ...) +CVE-2010-1486 NOT-FOR-US: CactuShop CVE-2010-1485 RESERVED @@ -9789,81 +9789,81 @@ CVE-2010-1484 RESERVED CVE-2010-1483 RESERVED -CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the ...) +CVE-2010-1482 NOT-FOR-US: CMS Made Simple -CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in ...) +CVE-2010-1481 NOT-FOR-US: PmWiki -CVE-2010-1480 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...) +CVE-2010-1480 NOT-FOR-US: component for Joomla! -CVE-2010-1479 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...) +CVE-2010-1479 NOT-FOR-US: component for Joomla! -CVE-2010-1478 (Directory traversal vulnerability in the Ternaria Informatica ...) +CVE-2010-1478 NOT-FOR-US: component for Joomla! -CVE-2010-1477 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) ...) +CVE-2010-1477 NOT-FOR-US: component for Joomla! -CVE-2010-1476 (Directory traversal vulnerability in the AlphaUserPoints ...) +CVE-2010-1476 NOT-FOR-US: component for Joomla! -CVE-2010-1475 (Directory traversal vulnerability in the Preventive & Reservation ...) +CVE-2010-1475 NOT-FOR-US: component for Joomla! -CVE-2010-1474 (Directory traversal vulnerability in the Sweety Keeper ...) +CVE-2010-1474 NOT-FOR-US: component for Joomla! -CVE-2010-1473 (Directory traversal vulnerability in the Advertising (com_advertising) ...) +CVE-2010-1473 NOT-FOR-US: component for Joomla! -CVE-2010-1472 (Directory traversal vulnerability in the Daily Horoscope ...) +CVE-2010-1472 NOT-FOR-US: component for Joomla! -CVE-2010-1471 (Directory traversal vulnerability in the AddressBook (com_addressbook) ...) +CVE-2010-1471 NOT-FOR-US: component for Joomla! -CVE-2010-1470 (Directory traversal vulnerability in the Web TV (com_webtv) component ...) +CVE-2010-1470 NOT-FOR-US: component for Joomla! -CVE-2010-1469 (Directory traversal vulnerability in the Ternaria Informatica JProject ...) +CVE-2010-1469 NOT-FOR-US: component for Joomla! -CVE-2010-1468 (SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager ...) +CVE-2010-1468 NOT-FOR-US: component for Joomla! -CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...) +CVE-2010-1467 NOT-FOR-US: openUrgence -CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...) +CVE-2010-1466 NOT-FOR-US: openUrgence -CVE-2010-1465 (Stack-based buffer overflow in Trellian FTP client 3.01, including ...) +CVE-2010-1465 NOT-FOR-US: Trellian FTP -CVE-2010-1464 (Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst ...) +CVE-2010-1464 NOT-FOR-US: WebAsyst Shop-Script FREE -CVE-2010-1463 (Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE ...) +CVE-2010-1463 NOT-FOR-US: WebAsyst Shop-Script FREE -CVE-2010-1462 (Directory traversal vulnerability in WebAsyst Shop-Script FREE has ...) +CVE-2010-1462 NOT-FOR-US: WebAsyst Shop-Script FREE -CVE-2010-1461 (Directory traversal vulnerability in the Photo Battle ...) +CVE-2010-1461 NOT-FOR-US: Photo Battle Component for Joomla! -CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...) +CVE-2010-1460 NOT-FOR-US: IBM BladeCenter Management Module -CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a value ...) +CVE-2010-1459 - mono 2.4.4~svn151842-3 (bug #585440) -CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip ...) +CVE-2010-1458 NOT-FOR-US: TweakFS -CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not ...) +CVE-2010-1167 - fetchmail 6.3.16-2 (low) [lenny] - fetchmail <no-dsa> (only vulnerable when run under debug verbosity level) NOTE: http://www.fetchmail.info/fetchmail-SA-2010-02.txt NOTE: http://gitorious.org/fetchmail/fetchmail/commit/ec06293 -CVE-2010-1457 (Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local ...) +CVE-2010-1457 - gnustep-base 1.19.3-2 (bug #584402) [lenny] - gnustep-base <not-affected> (Not installed setuid root) NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336 CVE-2010-1456 REJECTED -CVE-2010-1455 (The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 ...) +CVE-2010-1455 - wireshark 1.2.8-1 (unimportant) NOTE: Not triggerable remotely -CVE-2010-1454 (com.springsource.tcserver.serviceability.rmi.JmxSocketListener in ...) +CVE-2010-1454 NOT-FOR-US: VMware -CVE-2010-1453 (Cross-site scripting (XSS) vulnerability in the Login form in Piwik ...) +CVE-2010-1453 - piwik <itp> (bug #506933) -CVE-2010-1452 (The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server ...) +CVE-2010-1452 - apache2 2.2.16-1 (low) [lenny] - apache2 2.2.9-10+lenny10 -CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the ...) +CVE-2010-1451 {DSA-2053-1} - linux-2.6 2.6.32-10 -CVE-2010-1450 (Multiple buffer overflows in the RLE decoder in the rgbimg module in ...) +CVE-2010-1450 - python3.1 <not-affected> (rgbimgmodule no longer included in source) - python2.7 <not-affected> (rgbimgmodule no longer included in source) - python2.6 <not-affected> (rgbimgmodule no longer included in source) @@ -9871,7 +9871,7 @@ CVE-2010-1450 (Multiple buffer overflows in the RLE decoder in the rgbimg module [lenny] - python2.5 <no-dsa> (Minor issue) - python2.4 <removed> (low) [lenny] - python2.4 <no-dsa> (Minor issue) -CVE-2010-1449 (Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 ...) +CVE-2010-1449 - python3.1 <not-affected> (rgbimgmodule no longer included in source) - python2.7 <not-affected> (rgbimgmodule no longer included in source) - python2.6 <not-affected> (rgbimgmodule no longer included in source) @@ -9879,52 +9879,52 @@ CVE-2010-1449 (Integer overflow in rgbimgmodule.c in the rgbimg module in Python [lenny] - python2.5 <no-dsa> (Minor issue) - python2.4 <removed> (low) [lenny] - python2.4 <no-dsa> (Minor issue) -CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...) +CVE-2010-1448 {DSA-2092-1} - lxr <removed> (low; bug #585411) [lenny] - lxr <no-dsa> (Minor issue) - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036) NOTE: seems to be a dupe of CVE-2010-1738 -CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for ...) +CVE-2010-1447 {DSA-2267-1 DSA-2051-1} - postgresql-8.4 8.4.4-1 - postgresql-8.3 <removed> - perl 5.12.3-1 NOTE: Originally attributed to Postgres, but also affects standard Perl -CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and ...) +CVE-2010-1446 {DSA-2053-1} - linux-2.6 2.6.32-12 (unimportant) NOTE: KGDB is not currently enabled in debian builds -CVE-2010-1445 (Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 ...) +CVE-2010-1445 - vlc 1.0.6-1 [lenny] - vlc <not-affected> (Vulnerable code not present) NOTE: http://www.videolan.org/security/sa1003.html -CVE-2010-1444 (The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 ...) +CVE-2010-1444 - vlc 1.0.6-1 [lenny] - vlc <not-affected> (Vulnerable code not present) NOTE: http://www.videolan.org/security/sa1003.html -CVE-2010-1443 (The parse_track_node function in modules/demux/playlist/xspf.c in the ...) +CVE-2010-1443 - vlc 1.0.6-1 (unimportant) NOTE: http://www.videolan.org/security/sa1003.html -CVE-2010-1442 (VideoLAN VLC media player before 1.0.6 allows remote attackers to ...) +CVE-2010-1442 - vlc 1.0.6-1 [lenny] - vlc 0.8.6.h-4+lenny3 NOTE: http://www.videolan.org/security/sa1003.html -CVE-2010-1441 (Multiple heap-based buffer overflows in VideoLAN VLC media player ...) +CVE-2010-1441 - vlc 1.0.6-1 [lenny] - vlc 0.8.6.h-4+lenny3 NOTE: http://www.videolan.org/security/sa1003.html -CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live ...) +CVE-2010-1440 - texlive-bin 2009-6 (low; bug #580668) [lenny] - texlive-bin 2007.dfsg.2-4+lenny3 -CVE-2010-1439 (yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) ...) +CVE-2010-1439 NOT-FOR-US: Red Hat Network Client Tools -CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames ...) +CVE-2010-1438 - wafp <itp> (bug #562949) -CVE-2010-1437 (Race condition in the find_keyring_by_name function in ...) +CVE-2010-1437 {DSA-2053-1} - linux-2.6 2.6.32-13 -CVE-2010-1436 (gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not ...) +CVE-2010-1436 - linux-2.6 2.6.32-25 [lenny] - linux-2.6 2.6.26-23 CVE-2010-1435 @@ -9937,39 +9937,39 @@ CVE-2010-1432 RESERVED CVE-2010-1430 REJECTED -CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) ...) +CVE-2010-1429 - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) -CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss ...) +CVE-2010-1428 - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) -CVE-2010-1427 (Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin ...) +CVE-2010-1427 NOT-FOR-US: MODx Evolution -CVE-2010-1426 (SQL injection vulnerability in MODx Evolution before 1.0.3 allows ...) +CVE-2010-1426 NOT-FOR-US: MODx Evolution -CVE-2010-1425 (F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft ...) +CVE-2010-1425 NOT-FOR-US: F-Secure Internet Security -CVE-2010-1424 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...) +CVE-2010-1424 NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government -CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1422 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=26824 NOTE: http://trac.webkit.org/changeset/58829 -CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before ...) +CVE-2010-1421 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751 NOTE: http://trac.webkit.org/changeset/58703 -CVE-2010-1420 (Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari ...) +CVE-2010-1420 NOT-FOR-US: Apple Safari -CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1419 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37618 NOTE: http://trac.webkit.org/changeset/58616 -CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2010-1418 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 @@ -9979,60 +9979,60 @@ CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safar NOTE: http://trac.webkit.org/changeset/58844 NOTE: http://trac.webkit.org/changeset/56651 NOTE: http://trac.webkit.org/changeset/57627 -CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) +CVE-2010-1417 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001 NOTE: http://trac.webkit.org/changeset/58201 NOTE: if this commit is correct, this is a dup of cve-2010-1665 -CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1416 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36838 NOTE: http://trac.webkit.org/changeset/56810 -CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1415 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36000 NOTE: http://trac.webkit.org/changeset/56420 -CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1414 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35818 NOTE: http://trac.webkit.org/changeset/55783 -CVE-2010-1413 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1413 - webkit <not-affected> (affected cf/iss code is not present) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37230 NOTE: http://trac.webkit.org/changeset/57232 -CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1412 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635 NOTE: http://trac.webkit.org/changeset/57759 NOTE: http://trac.webkit.org/changeset/57817 -CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in ...) +CVE-2010-1411 {DSA-2084-1} - tiff 3.9.4-1 - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1410 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35603 NOTE: http://trac.webkit.org/changeset/55511 -CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...) +CVE-2010-1409 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34451 NOTE: http://trac.webkit.org/changeset/54193 -CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1408 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 @@ -10040,116 +10040,116 @@ CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 a NOTE: http://trac.webkit.org/changeset/56489 NOTE: http://trac.webkit.org/changeset/56492 NOTE: http://trac.webkit.org/changeset/56879 -CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...) +CVE-2010-1407 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36435 NOTE: http://trac.webkit.org/changeset/56365 -CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1406 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=30841 NOTE: http://trac.webkit.org/changeset/50226 NOTE: http://trac.webkit.org/changeset/50240 -CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1405 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36198 NOTE: http://trac.webkit.org/changeset/56186 -CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1404 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35709 NOTE: http://trac.webkit.org/changeset/53446 -CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1403 - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35708 NOTE: http://trac.webkit.org/changeset/53446 -CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac ...) +CVE-2010-1402 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35598 NOTE: http://trac.webkit.org/changeset/55182 -CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...) +CVE-2010-1401 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35353 NOTE: http://trac.webkit.org/changeset/55196 -CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1400 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34734 NOTE: http://trac.webkit.org/changeset/54521 -CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1399 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35599 NOTE: http://trac.webkit.org/changeset/46437 -CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) +CVE-2010-1398 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35305 NOTE: http://trac.webkit.org/changeset/55167 -CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1397 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=32842 NOTE: http://trac.webkit.org/changeset/52034 NOTE: http://trac.webkit.org/changeset/55114 -CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1396 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35621 NOTE: http://trac.webkit.org/changeset/55462 NOTE: http://trac.webkit.org/changeset/55465 -CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2010-1395 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=26868 NOTE: http://trac.webkit.org/changeset/46068 -CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2010-1394 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: http://trac.webkit.org/changeset/55203 NOTE: http://trac.webkit.org/changeset/55212 -CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) +CVE-2010-1393 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=33683 NOTE: http://trac.webkit.org/changeset/53607 -CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1392 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34641 NOTE: http://trac.webkit.org/changeset/56297 -CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local Storage ...) +CVE-2010-1391 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36243 NOTE: http://trac.webkit.org/changeset/56139 -CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2010-1390 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=29078 NOTE: http://trac.webkit.org/changeset/49487 -CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2010-1389 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 @@ -10159,12 +10159,12 @@ CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safar NOTE: http://trac.webkit.org/changeset/53442 NOTE: http://trac.webkit.org/changeset/53835 NOTE: http://trac.webkit.org/changeset/53659 -CVE-2010-1388 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and ...) +CVE-2010-1388 - webkit <not-affected> (issue in mac-specific code) - chromium-browser <not-affected> (issue in mac-specific code) NOTE: https://bugs.webkit.org/show_bug.cgi?id=28755 NOTE: http://trac.webkit.org/changeset/47829 -CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple ...) +CVE-2010-1387 - webkit 1.2.1-2 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 @@ -10172,43 +10172,43 @@ CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple NOTE: http://trac.webkit.org/changeset/54129 NOTE: http://trac.webkit.org/changeset/54141 NOTE: http://trac.webkit.org/changeset/54265 -CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 and before ...) +CVE-2010-1386 - webkit 1.2.2-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255 NOTE: http://trac.webkit.org/changeset/56188 -CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X ...) +CVE-2010-1385 - webkit <not-affected> (this is a bug in Apple's PDFKit) - chromium-browser <not-affected> (this is a bug in Apple's PDFKit) -CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...) +CVE-2010-1384 - chromium-browser <unfixed> (unimportant) NOTE: This is based on various misconceptions surrounding "phishing" The only supported browser security model NOTE: surrounding URLs is the accurate post-link-click indication of the final target URL in the URL bar. -CVE-2010-1383 (CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web ...) +CVE-2010-1383 NOT-FOR-US: Apple Safari -CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...) +CVE-2010-1382 NOT-FOR-US: Apple Mac OS X -CVE-2010-1381 (The default configuration of SMB File Server in Apple Mac OS X 10.5.8, ...) +CVE-2010-1381 NOT-FOR-US: Apple Mac OS X -CVE-2010-1380 (Integer overflow in the cgtexttops CUPS filter in Printing in Apple ...) +CVE-2010-1380 NOT-FOR-US: Apple-specific CUPS filter "cgtexttops" -CVE-2010-1379 (Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly ...) +CVE-2010-1379 NOT-FOR-US: Apple Mac OS X -CVE-2010-1378 (OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly ...) +CVE-2010-1378 - openssl <not-affected> (fix for an apple-specific flaw) NOTE: sounds like a duplicate of CVE-2009-2409 -CVE-2010-1377 (Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an ...) +CVE-2010-1377 NOT-FOR-US: Apple Mac OS X -CVE-2010-1376 (Multiple format string vulnerabilities in Network Authorization in ...) +CVE-2010-1376 NOT-FOR-US: Apple Mac OS X -CVE-2010-1375 (NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does ...) +CVE-2010-1375 NOT-FOR-US: Apple Mac OS X -CVE-2010-1374 (Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, ...) +CVE-2010-1374 NOT-FOR-US: iChat -CVE-2010-1373 (Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac ...) +CVE-2010-1373 NOT-FOR-US: Apple Mac OS X -CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI ...) +CVE-2010-1423 - sun-java6 6.20-1 (high) [lenny] - sun-java6 6-20-0lenny1 CVE-2010-2449 [gource: predictable log file located in /tmp] @@ -10216,280 +10216,280 @@ CVE-2010-2449 [gource: predictable log file located in /tmp] - gource 0.26-2 (low; bug #577958) CVE-2010-1564 REJECTED -CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) ...) +CVE-2010-1372 NOT-FOR-US: Joomla! -CVE-2010-1371 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre ...) +CVE-2010-1371 NOT-FOR-US: Pre Classified Listings ASP -CVE-2010-1370 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...) +CVE-2010-1370 NOT-FOR-US: Pre Classified Listings ASP -CVE-2010-1369 (SQL injection vulnerability in signup.asp in Pre Classified Listings ...) +CVE-2010-1369 NOT-FOR-US: Pre Classified Listings ASP -CVE-2010-1368 (SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows ...) +CVE-2010-1368 NOT-FOR-US: GameScript -CVE-2010-1367 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2010-1367 NOT-FOR-US: Uiga Fan Club -CVE-2010-1366 (Multiple SQL injection vulnerabilities in admin/admin_login.php in ...) +CVE-2010-1366 NOT-FOR-US: Uiga Fan Club -CVE-2010-1365 (SQL injection vulnerability in index.php in Uiga Fan Club, as ...) +CVE-2010-1365 NOT-FOR-US: Uiga Fan Club -CVE-2010-1364 (SQL injection vulnerability in index.php in Uiga Personal Portal, as ...) +CVE-2010-1364 NOT-FOR-US: Uiga Fan Club -CVE-2010-1363 (SQL injection vulnerability in the JProjects (com_j-projects) ...) +CVE-2010-1363 NOT-FOR-US: Joomla! -CVE-2010-1362 (Cross-site scripting (XSS) vulnerability in the Own Term module ...) +CVE-2010-1362 NOT-FOR-US: Own Term module for Drupal -CVE-2010-1361 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-1361 NOT-FOR-US: PHPepperShop -CVE-2010-1360 (Multiple PHP remote file inclusion vulnerabilities in FAQEngine ...) +CVE-2010-1360 NOT-FOR-US: FAQEngine -CVE-2010-1359 (SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL ...) +CVE-2010-1359 NOT-FOR-US: xt:Commerce -CVE-2010-1358 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...) +CVE-2010-1358 NOT-FOR-US: Biblio module for Drupal -CVE-2010-1357 (Cross-site scripting (XSS) vulnerability in editors/logindialogue.php ...) +CVE-2010-1357 NOT-FOR-US: SBD Directory Software -CVE-2010-1356 (Unspecified vulnerability on the TANDBERG Video Communication Server ...) +CVE-2010-1356 NOT-FOR-US: TANDBERG Video Communication Server -CVE-2010-1355 (Cross-site scripting (XSS) vulnerability on the TANDBERG Video ...) +CVE-2010-1355 NOT-FOR-US: TANDBERG Video Communication Server -CVE-2010-1354 (Directory traversal vulnerability in the VJDEO (com_vjdeo) component ...) +CVE-2010-1354 NOT-FOR-US: Joomla! -CVE-2010-1353 (Directory traversal vulnerability in the LoginBox Pro (com_loginbox) ...) +CVE-2010-1353 NOT-FOR-US: Joomla! -CVE-2010-1352 (Directory traversal vulnerability in the JOOFORGE Jutebox ...) +CVE-2010-1352 NOT-FOR-US: Joomla! -CVE-2010-1351 (Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 ...) +CVE-2010-1351 NOT-FOR-US: Nodesforum -CVE-2010-1350 (SQL injection vulnerability in the JP Jobs (com_jp_jobs) component ...) +CVE-2010-1350 NOT-FOR-US: Joomla! -CVE-2010-1349 (Integer overflow in Opera 10.10 through 10.50 allows remote attackers ...) +CVE-2010-1349 NOT-FOR-US: Opera -CVE-2010-1348 (Unspecified vulnerability in the login process in IBM WebSphere Portal ...) +CVE-2010-1348 NOT-FOR-US: IBM WebSphere -CVE-2010-1347 (Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and ...) +CVE-2010-1347 NOT-FOR-US: IBM AIX -CVE-2010-1346 (SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, ...) +CVE-2010-1346 NOT-FOR-US: Mini CMS RibaFS -CVE-2010-1345 (Directory traversal vulnerability in the Cookex Agency CKForms ...) +CVE-2010-1345 NOT-FOR-US: Joomla! -CVE-2010-1344 (SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) ...) +CVE-2010-1344 NOT-FOR-US: Joomla! -CVE-2010-1343 (SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows ...) +CVE-2010-1343 NOT-FOR-US: SiteX -CVE-2010-1342 (Multiple PHP remote file inclusion vulnerabilities in Direct News ...) +CVE-2010-1342 NOT-FOR-US: Direct News -CVE-2010-1341 (SQL injection vulnerability in index.php in Systemsoftware Community ...) +CVE-2010-1341 NOT-FOR-US: Systemsoftware Community Black Forum -CVE-2010-1340 (Directory traversal vulnerability in jresearch.php in the J!Research ...) +CVE-2010-1340 NOT-FOR-US: Joomla! -CVE-2010-1339 (Cross-site scripting (XSS) vulnerability in ts_other.php in the ...) +CVE-2010-1339 NOT-FOR-US: Teamsite Hack plugin -CVE-2010-1338 (SQL injection vulnerability in ts_other.php in the Teamsite Hack ...) +CVE-2010-1338 NOT-FOR-US: Teamsite Hack plugin -CVE-2010-1337 (Multiple PHP remote file inclusion vulnerabilities in definitions.php ...) +CVE-2010-1337 NOT-FOR-US: Lussumo Vanilla -CVE-2010-1336 (Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote ...) +CVE-2010-1336 NOT-FOR-US: INVOhost -CVE-2010-1335 (Multiple PHP remote file inclusion vulnerabilities in Insky CMS ...) +CVE-2010-1335 NOT-FOR-US: Insky CMS -CVE-2010-1334 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows ...) +CVE-2010-1334 NOT-FOR-US: Pulse CMS Basic -CVE-2010-1333 (Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. ...) +CVE-2010-1333 NOT-FOR-US: Almas Inc. Compiere J300_A02 -CVE-2010-1332 (Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail ...) +CVE-2010-1332 NOT-FOR-US: PrettyBook PrettyFormMail -CVE-2010-1331 (SQL injection vulnerability in Heartlogic HL-SiteManager allows remote ...) +CVE-2010-1331 NOT-FOR-US: Heartlogic HL-SiteManager -CVE-2010-1330 (The regular expression engine in JRuby before 1.4.1, when $KCODE is ...) +CVE-2010-1330 - jruby 1.5.0~rc1-1 -CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall ...) +CVE-2010-1329 NOT-FOR-US: Imperva SecureSphere Web Application Firewall and Database Firewall -CVE-2010-1328 (Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore ...) +CVE-2010-1328 NOT-FOR-US: TornadoStore -CVE-2010-1327 (Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and ...) +CVE-2010-1327 NOT-FOR-US: TornadoStore -CVE-2010-1326 (perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 ...) +CVE-2010-1326 {DSA-2108-1} - cvsnt 2.5.04.3236-1.2 (medium; bug #593884) NOTE: http://march-hare.com/cvspro/vuln.htm -CVE-2010-1325 (Cross-site request forgery (CSRF) vulnerability in the apache2-slms ...) +CVE-2010-1325 NOT-FOR-US: SUSE Lifecycle Management Server -CVE-2010-1324 (MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not ...) +CVE-2010-1324 - krb5 1.8.3+dfsg-3 (bug #605553) [lenny] - krb5 <not-affected> (Only affects krb5 >= 1.7) -CVE-2010-1323 (MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x ...) +CVE-2010-1323 {DSA-2129-1} - krb5 1.8.3+dfsg-3 (bug #605553) -CVE-2010-1322 (The merge_authdata function in kdc_authdata.c in the Key Distribution ...) +CVE-2010-1322 - krb5 1.8.3+dfsg-2 (bug #599237) [lenny] - krb5 <not-affected> (Only affects 1.8) [etch] - krb5 <not-affected> (Only affects 1.8) NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt -CVE-2010-1321 (The kg_accept_krb5 function in krb5/accept_sec_context.c in the ...) +CVE-2010-1321 {DSA-2052-1} - krb5 1.8.1+dfsg-3 (low; bug #582261) - heimdal 1.4.0~git20100605.dfsg.1-1 - sun-java6 6.22-1 [lenny] - sun-java6 6-22-0lenny -CVE-2010-1320 (Double free vulnerability in do_tgs_req.c in the Key Distribution ...) +CVE-2010-1320 - krb5 1.8.1+dfsg-2 (bug #577490) [lenny] - krb5 <not-affected> (Only affects 1.7/1.8) NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt -CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ ...) +CVE-2010-1319 NOT-FOR-US: Real Helix Server -CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in ...) +CVE-2010-1318 NOT-FOR-US: Real Helix Server -CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in ...) +CVE-2010-1317 NOT-FOR-US: Real Helix Server -CVE-2010-1316 (Multiple stack-based buffer overflows in Tembria Server Monitor before ...) +CVE-2010-1316 NOT-FOR-US: Tembria Server Monitor -CVE-2010-1315 (Directory traversal vulnerability in weberpcustomer.php in the ...) +CVE-2010-1315 NOT-FOR-US: Joomla! -CVE-2010-1314 (Directory traversal vulnerability in the Highslide JS (com_hsconfig) ...) +CVE-2010-1314 NOT-FOR-US: Joomla! -CVE-2010-1313 (Directory traversal vulnerability in the Seber Cart (com_sebercart) ...) +CVE-2010-1313 NOT-FOR-US: Joomla! -CVE-2010-1312 (Directory traversal vulnerability in the iJoomla News Portal ...) +CVE-2010-1312 NOT-FOR-US: Joomla! -CVE-2010-1311 (The qtm_decompress function in libclamav/mspack.c in ClamAV before ...) +CVE-2010-1311 - clamav 0.96+dfsg-2 (bug #577462; low) [lenny] - clamav <end-of-life> (bug #577462; low) NOTE: Lenny version achieved end of life! see NOTE: http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/ -CVE-2010-1310 (Opera 10.50 allows remote attackers to obtain sensitive information ...) +CVE-2010-1310 NOT-FOR-US: Opera -CVE-2010-1309 (Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) ...) +CVE-2010-1309 NOT-FOR-US: Pepsi CMS -CVE-2010-1308 (Directory traversal vulnerability in the SVMap (com_svmap) component ...) +CVE-2010-1308 NOT-FOR-US: Joomla! -CVE-2010-1307 (Directory traversal vulnerability in the Magic Updater ...) +CVE-2010-1307 NOT-FOR-US: Joomla! -CVE-2010-1306 (Directory traversal vulnerability in the Picasa (com_joomlapicasa2) ...) +CVE-2010-1306 NOT-FOR-US: Joomla! -CVE-2010-1305 (Directory traversal vulnerability in jinventory.php in the JInventory ...) +CVE-2010-1305 NOT-FOR-US: Joomla! -CVE-2010-1304 (Directory traversal vulnerability in userstatus.php in the User Status ...) +CVE-2010-1304 NOT-FOR-US: Joomla! -CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy ...) +CVE-2010-1303 NOT-FOR-US: Drupal module -CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW ...) +CVE-2010-1302 NOT-FOR-US: Joomla! -CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5 allows ...) +CVE-2010-1301 NOT-FOR-US: Centreon -CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove Photo ...) +CVE-2010-1300 NOT-FOR-US: Yamamah -CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, ...) +CVE-2010-1299 NOT-FOR-US: DynPG CMS -CVE-2010-1298 (Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 ...) +CVE-2010-1298 NOT-FOR-US: Pulse CMS -CVE-2010-1297 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe ...) +CVE-2010-1297 NOT-FOR-US: Adobe Flash Player -CVE-2010-1296 (Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow ...) +CVE-2010-1296 NOT-FOR-US: Adobe Photoshop CS4 -CVE-2010-1295 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-1295 NOT-FOR-US: Adobe Reader -CVE-2010-1294 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 ...) +CVE-2010-1294 NOT-FOR-US: Adobe ColdFusion -CVE-2010-1293 (Cross-site scripting (XSS) vulnerability in the Administrator page in ...) +CVE-2010-1293 NOT-FOR-US: Adobe ColdFusion -CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave ...) +CVE-2010-1292 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) +CVE-2010-1291 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) +CVE-2010-1290 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) +CVE-2010-1289 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might ...) +CVE-2010-1288 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) +CVE-2010-1287 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) +CVE-2010-1286 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1285 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-1285 NOT-FOR-US: Adobe Reader -CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) +CVE-2010-1284 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D ...) +CVE-2010-1283 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ...) +CVE-2010-1282 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not ...) +CVE-2010-1281 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ...) +CVE-2010-1280 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-1279 (Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x ...) +CVE-2010-1279 NOT-FOR-US: Adobe Photoshop -CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in ...) +CVE-2010-1278 NOT-FOR-US: Adobe Download Manager -CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...) +CVE-2010-1277 - zabbix 1:1.8.2-1 (bug #577058) [lenny] - zabbix <not-affected> (vulnerable code not present) [etch] - zabbix <not-affected> (vulnerable code not present) NOTE: This is a bug that was introduced with the Zabbix 1.8 API -CVE-2010-1276 (Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 ...) +CVE-2010-1276 NOT-FOR-US: BBSXP -CVE-2010-1275 (Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 ...) +CVE-2010-1275 NOT-FOR-US: BBSXP -CVE-2010-1274 (Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 ...) +CVE-2010-1274 NOT-FOR-US: Emweb Wt -CVE-2010-1273 (Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form ...) +CVE-2010-1273 NOT-FOR-US: Emweb Wt -CVE-2010-1272 (PHP remote file inclusion vulnerability in includes/tgpinc.php in ...) +CVE-2010-1272 NOT-FOR-US: Gnat-TGP -CVE-2010-1271 (SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows ...) +CVE-2010-1271 NOT-FOR-US: smartplugs -CVE-2010-1270 (SQL injection vulnerability in auktion.php in Multi Auktions Komplett ...) +CVE-2010-1270 NOT-FOR-US: Multi Auktions Komplett System -CVE-2010-1269 (SQL injection vulnerability in auktion.php in phpscripte24 Niedrig ...) +CVE-2010-1269 NOT-FOR-US: Gebote Pro Auktions System -CVE-2010-1268 (Directory traversal vulnerability in index.php in justVisual CMS 2.0, ...) +CVE-2010-1268 NOT-FOR-US: justVisual CMS -CVE-2010-1267 (Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta ...) +CVE-2010-1267 NOT-FOR-US: WebMaid CMS -CVE-2010-1266 (Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS ...) +CVE-2010-1266 NOT-FOR-US: WebMaid CMS -CVE-2010-1265 (SQL injection vulnerability in Adam Corley dcsFlashGames ...) +CVE-2010-1265 NOT-FOR-US: dcsFlashGames -CVE-2010-1264 (Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 ...) +CVE-2010-1264 NOT-FOR-US: Microsoft -CVE-2010-1263 (Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows ...) +CVE-2010-1263 NOT-FOR-US: Microsoft -CVE-2010-1262 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote ...) +CVE-2010-1262 NOT-FOR-US: Microsoft -CVE-2010-1261 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, ...) +CVE-2010-1261 NOT-FOR-US: Microsoft -CVE-2010-1260 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, ...) +CVE-2010-1260 NOT-FOR-US: Microsoft -CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote ...) +CVE-2010-1259 NOT-FOR-US: Microsoft -CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine ...) +CVE-2010-1258 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as ...) +CVE-2010-1257 NOT-FOR-US: Microsoft -CVE-2010-1256 (Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when ...) +CVE-2010-1256 NOT-FOR-US: Microsoft -CVE-2010-1255 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows ...) +CVE-2010-1255 NOT-FOR-US: Microsoft -CVE-2010-1254 (The installation for Microsoft Open XML File Format Converter for Mac ...) +CVE-2010-1254 NOT-FOR-US: Microsoft -CVE-2010-1253 (Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for ...) +CVE-2010-1253 NOT-FOR-US: Microsoft -CVE-2010-1252 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and ...) +CVE-2010-1252 NOT-FOR-US: Microsoft -CVE-2010-1251 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and ...) +CVE-2010-1251 NOT-FOR-US: Microsoft -CVE-2010-1250 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...) +CVE-2010-1250 NOT-FOR-US: Microsoft -CVE-2010-1249 (Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for ...) +CVE-2010-1249 NOT-FOR-US: Microsoft -CVE-2010-1248 (Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for ...) +CVE-2010-1248 NOT-FOR-US: Microsoft -CVE-2010-1247 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows ...) +CVE-2010-1247 NOT-FOR-US: Microsoft -CVE-2010-1246 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows ...) +CVE-2010-1246 NOT-FOR-US: Microsoft -CVE-2010-1245 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office ...) +CVE-2010-1245 NOT-FOR-US: Microsoft CVE-2010-XXXX [tcpdf code execution via tcpdf tag] - moodle <not-affected> (Vulnerable code not present) @@ -10502,102 +10502,102 @@ CVE-2010-XXXX [xmail insecure temp files handling] - xmail 1.27-1 (low) [lenny] - xmail <no-dsa> (Minor issue) NOTE: http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27 -CVE-2010-1159 (Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow ...) +CVE-2010-1159 - aircrack-ng 1:1.1-1 (low; bug #577758) [lenny] - aircrack-ng <no-dsa> (low) [etch] - aircrack-ng <no-dsa> (low) NOTE: http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py -CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in ...) +CVE-2010-1244 NOT-FOR-US: Apache ActiveMQ -CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 ...) +CVE-2010-1243 NOT-FOR-US: IBM Web Interface for Content Management -CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web ...) +CVE-2010-1242 NOT-FOR-US: IBM Web Interface for Content Management -CVE-2010-1241 (Heap-based buffer overflow in the custom heap management system in ...) +CVE-2010-1241 NOT-FOR-US: Acrobat Reader -CVE-2010-1240 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) +CVE-2010-1240 NOT-FOR-US: Adobe Reader -CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute ...) +CVE-2010-1239 NOT-FOR-US: Foxit Reader -CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha ...) +CVE-2010-1238 - moin 1.9.2-3 (bug #575995; medium) [lenny] - moin 1.7.1-3+lenny4 (bug #575995; medium) NOTE: see http://www.debian.org/security/2010/dsa-2024 -CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...) +CVE-2010-1237 - webkit 1.1.90-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: http://trac.webkit.org/changeset/55511 NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061 -CVE-2010-1236 (The protocolIs function in platform/KURLGoogle.cpp in WebCore in ...) +CVE-2010-1236 - webkit <not-affected> (bug #577457; proof-of-concepts are not effective against webkit) - chromium-browser 5.0.375.29~r46008-1 NOTE: http://trac.webkit.org/changeset/55822 -CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...) +CVE-2010-1235 - chromium-browser 5.0.375.29~r46008-1 NOTE: issue in chrome-specific download dialog -CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...) +CVE-2010-1234 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow ...) +CVE-2010-1233 - webkit <not-affected> (v8 and webgl not yet included) - chromium-browser 5.0.375.29~r46008-1 NOTE: http://trac.webkit.org/changeset/55376 -CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a ...) +CVE-2010-1232 - webkit 1.1.90-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 NOTE: http://code.google.com/p/chromium/issues/detail?id=34978 -CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before ...) +CVE-2010-1231 - webkit <not-affected> (does not yet have a "safe browsing" feature; i.e. chromium-specific issue) - chromium-browser 5.0.375.29~r46008-1 -CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior ...) +CVE-2010-1230 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does ...) +CVE-2010-1229 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google ...) +CVE-2010-1228 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...) +CVE-2010-1227 NOT-FOR-US: Sun Java System Communication Express -CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G ...) +CVE-2010-1226 NOT-FOR-US: Apple iPhone -CVE-2010-1225 (The memory-management implementation in the Virtual Machine Monitor ...) +CVE-2010-1225 NOT-FOR-US: Microsoft Virtual PC -CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x ...) +CVE-2010-1224 - asterisk 1:1.6.2.6-1 (low; bug #576560) [lenny] - asterisk <not-affected> (Vulnerable code not present) -CVE-2010-1223 (Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote ...) +CVE-2010-1223 NOT-FOR-US: CA XOsoft -CVE-2010-1222 (CA XOsoft r12.5 does not properly perform authentication, which allows ...) +CVE-2010-1222 NOT-FOR-US: CA XOsoft -CVE-2010-1221 (CA XOsoft r12.0 and r12.5 does not properly perform authentication, ...) +CVE-2010-1221 NOT-FOR-US: CA XOsoft CVE-2010-1220 RESERVED CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability] - interchange 5.7.6-1 -CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews) ...) +CVE-2010-1219 NOT-FOR-US: com_janews component for Joomla! -CVE-2010-1218 (Cross-site scripting (XSS) vulnerability in the mm_forum extension ...) +CVE-2010-1218 NOT-FOR-US: mm_forum extension for TYPO3 -CVE-2010-1217 (Directory traversal vulnerability in the JE Form Creator ...) +CVE-2010-1217 NOT-FOR-US: com_jeformcr component for Joomla! -CVE-2010-1216 (PHP remote file inclusion vulnerability in templates/template.php in ...) +CVE-2010-1216 NOT-FOR-US: notsoPureEdit -CVE-2010-1215 (Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 ...) +CVE-2010-1215 - xulrunner <not-affected> (Only affects Firefox 3.6.x and above) - iceweasel <not-affected> (Only affects Firefox 3.6.x and above) -CVE-2010-1214 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x ...) +CVE-2010-1214 {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.6-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1213 (The importScripts Web Worker method in Mozilla Firefox 3.5.x before ...) +CVE-2010-1213 - xulrunner 1.9.1.11-1 [lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above) - iceweasel 3.5.11-2 @@ -10606,12 +10606,12 @@ CVE-2010-1213 (The importScripts Web Worker method in Mozilla Firefox 3.5.x befo [lenny] - icedove <end-of-life> [lenny] - iceape <not-affected> (Only a stub package) - icedove 3.0.6-1 -CVE-2010-1212 (js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x ...) +CVE-2010-1212 - xulrunner <not-affected> (Only affects Firefox 3.6.x and above) - iceweasel <not-affected> (Only affects Firefox 3.6.x and above) - icedove 3.0.6-1 [lenny] - icedove <end-of-life> -CVE-2010-1211 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2010-1211 {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceweasel 3.5.11-2 @@ -10620,63 +10620,63 @@ CVE-2010-1211 (Multiple unspecified vulnerabilities in the browser engine in Moz [lenny] - icedove <end-of-life> - icedove 3.0.6-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1210 (intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before ...) +CVE-2010-1210 - xulrunner <not-affected> (Only affects 1.9.2 and above) - iceweasel <not-affected> (Only affects 1.9.2 and above) -CVE-2010-1209 (Use-after-free vulnerability in the NodeIterator implementation in ...) +CVE-2010-1209 - xulrunner 1.9.1.11-1 [lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above) - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.6-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1208 (Use-after-free vulnerability in the attribute-cloning functionality in ...) +CVE-2010-1208 {DSA-2075-1} - xulrunner 1.9.1.11-1 - iceape 2.0.6-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1207 (Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not ...) +CVE-2010-1207 - xulrunner <not-affected> (Only affects 1.9.2 and above) - iceweasel <not-affected> (Only affects 1.9.2 and above) -CVE-2010-1206 (The startDocumentLoad function in browser/base/content/browser.js in ...) +CVE-2010-1206 - iceweasel 3.5.11-1 [lenny] - iceweasel <not-affected> (Vulnerable code not present) NOTE: Introduced by https://bugzilla.mozilla.org/show_bug.cgi?id=254714 -CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before ...) +CVE-2010-1205 {DSA-2075-1 DSA-2072-1} - libpng 1.2.44-1 (bug #587670) - icedove 3.0.6-1 [lenny] - icedove <end-of-life> - tuxonice-userui 1.0-1 (unimportant) NOTE: tuxonice-userui 1.0-1 was binNMUed -CVE-2010-1204 (Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 ...) +CVE-2010-1204 - bugzilla 3.4.7.0-1 (low; bug #587663) [lenny] - bugzilla <no-dsa> (Minor issue) -CVE-2010-1203 (The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow ...) +CVE-2010-1203 - xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2) - iceweasel <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2) -CVE-2010-1202 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) +CVE-2010-1202 {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1201 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) +CVE-2010-1201 {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1200 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2010-1200 {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in Mozilla ...) +CVE-2010-1199 {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 @@ -10685,21 +10685,21 @@ CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in Mozil [lenny] - icedove <end-of-life> - icedove 3.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1198 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 ...) +CVE-2010-1198 {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1197 (Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and ...) +CVE-2010-1197 {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal function ...) +CVE-2010-1196 {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 @@ -10708,168 +10708,168 @@ CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal fun - iceape 2.0.5-1 - icedove 3.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and ...) +CVE-2010-1194 - libesmtp 1.0.4-2 (bug #311191) -CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other ...) +CVE-2010-1191 - sahana <itp> (bug #497414) -CVE-2010-1186 (Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the ...) +CVE-2010-1186 NOT-FOR-US: NextGEN Gallery plugin for WordPress -CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux ...) +CVE-2010-1188 - linux-2.6 2.6.20-1 -CVE-2010-1187 (The Transparent Inter-Process Communication (TIPC) functionality in ...) +CVE-2010-1187 {DSA-2053-1} - linux-2.6 2.6.32-12 -CVE-2010-1185 (Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and ...) +CVE-2010-1185 NOT-FOR-US: SAP MaxDB -CVE-2010-1184 (The Microsoft wireless keyboard uses XOR encryption with a key derived ...) +CVE-2010-1184 NOT-FOR-US: Microsoft Wireless Keyboard -CVE-2010-1183 (Certain patch-installation scripts in Oracle Solaris allow local users ...) +CVE-2010-1183 NOT-FOR-US: Oracle Solaris -CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative console in ...) +CVE-2010-1182 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) +CVE-2010-1181 NOTE: proof of concept maximum impact against webkit is dos-only -CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) +CVE-2010-1180 NOTE: proof of concept maximum impact against webkit is dos-only -CVE-2010-1179 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) +CVE-2010-1179 - webkit <not-affected> -CVE-2010-1178 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) +CVE-2010-1178 - webkit <not-affected> -CVE-2010-1177 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) +CVE-2010-1177 - webkit <not-affected> -CVE-2010-1176 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) +CVE-2010-1176 - webkit <not-affected> -CVE-2010-1175 (Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 ...) +CVE-2010-1175 NOT-FOR-US: Microsoft Internet Explorer 7.0 -CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial of ...) +CVE-2010-1174 NOT-FOR-US: Cisco TFTP Server -CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the ...) +CVE-2010-1173 {DSA-2053-1} - linux-2.6 2.6.32-12 -CVE-2010-1172 (DBus-GLib 0.73 disregards the access flag of exported GObject ...) +CVE-2010-1172 - dbus-glib 0.88-1 (low; bug #592753) [lenny] - dbus-glib <no-dsa> (Minor issue) -CVE-2010-1171 (Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, ...) +CVE-2010-1171 NOT-FOR-US: Red Hat Network Satellite Server -CVE-2010-1170 (The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before ...) +CVE-2010-1170 {DSA-2051-1} - postgresql-8.4 8.4.4-1 (low) - postgresql-8.3 <removed> -CVE-2010-1169 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, ...) +CVE-2010-1169 {DSA-2051-1} - postgresql-8.4 8.4.4-1 (low) - postgresql-8.3 <removed> -CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows ...) +CVE-2010-1168 - perl 5.10.1-13 (bug #582978) [lenny] - perl 5.10.0-19lenny3 -CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X ...) +CVE-2010-1166 - xorg-server <not-affected> (Xorg in Lenny onwards uses Pixman, which isn't affected) NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html -CVE-2010-1165 (Atlassian JIRA 3.12 through 4.1 allows remote authenticated ...) +CVE-2010-1165 NOT-FOR-US: Atlassian JIRA -CVE-2010-1164 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...) +CVE-2010-1164 NOT-FOR-US: Atlassian JIRA -CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...) +CVE-2010-1163 - sudo 1.7.2p6-1 (bug #578275) [lenny] - sudo <not-affected> (ignore_dot default value is off and can't be changed in runtime) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=580441#c3 -CVE-2010-1162 (The release_one_tty function in drivers/char/tty_io.c in the Linux ...) +CVE-2010-1162 {DSA-2053-1} - linux-2.6 2.6.32-12 -CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a ...) +CVE-2010-1161 - nano 2.2.4-1 (low; bug #577817) [lenny] - nano 2.0.7-5 -CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed ...) +CVE-2010-1160 - nano 2.2.4-1 (low; bug #577817) [lenny] - nano 2.0.7-5 -CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...) +CVE-2010-1158 - perl <not-affected> (re engine rewritten for 5.10 to address issues such as this; and proof-of-concept not effective) -CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might ...) +CVE-2010-1157 {DSA-2207-1} - tomcat6 6.0.26-5 (bug #587447; unimportant) - tomcat5.5 <removed> (unimportant) NOTE: Negligible information disclosure -CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to ...) +CVE-2010-1156 - irssi 0.8.15-1 (low) [lenny] - irssi <no-dsa> (Minor issue) -CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server ...) +CVE-2010-1155 - irssi 0.8.15-1 (low) [lenny] - irssi <no-dsa> (Minor issue) CVE-2010-1154 REJECTED -CVE-2010-1153 (PHP remote file inclusion vulnerability in the autoloader in TYPO3 ...) +CVE-2010-1153 - typo3-src 4.3.3-1 (bug #577993) [lenny] - typo3-src <not-affected> (Only affects 4.3.x) -CVE-2010-1152 (memcached.c in memcached before 1.4.3 allows remote attackers to cause ...) +CVE-2010-1152 - memcached 1.4.5-1 (low; bug #579913) [lenny] - memcached <no-dsa> (Minor issue) -CVE-2010-1151 (Race condition in the mod_auth_shadow module for the Apache HTTP ...) +CVE-2010-1151 - libapache2-mod-auth-shadow <itp> (bug #503184) -CVE-2010-1150 (MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not ...) +CVE-2010-1150 {DSA-2041-1} - mediawiki 1:1.15.3-1 (low) -CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports ...) +CVE-2010-1149 - udisks 1.0.1-1 (medium; bug #576687) -CVE-2010-1148 (The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 ...) +CVE-2010-1148 - linux-2.6 2.6.32-12 [lenny] - linux-2.6 <not-affected> (vulnerable code not yet present) -CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC ...) +CVE-2010-1147 - opendchub 0.8.2-1 (bug #576308) [lenny] - opendchub <not-affected> (Vulnerable code not present) -CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem ...) +CVE-2010-1146 - linux-2.6 2.6.32-12 [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30) CVE-2010-1145 REJECTED -CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as used in ...) +CVE-2010-0751 - libnids 1.23-1.2 (low; bug #576281) [lenny] - libnids <no-dsa> (Minor issue) NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor -CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View (formerly ...) +CVE-2010-1143 NOT-FOR-US: VMware -CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...) +CVE-2010-1142 NOT-FOR-US: VMware products -CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...) +CVE-2010-1141 NOT-FOR-US: VMware products -CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 ...) +CVE-2010-1140 NOT-FOR-US: VMware products -CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware ...) +CVE-2010-1139 NOT-FOR-US: VMware products -CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 ...) +CVE-2010-1138 NOT-FOR-US: VMware products -CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...) +CVE-2010-1137 NOT-FOR-US: VMware Server -CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 ...) +CVE-2010-1136 - tikiwiki <removed> -CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does ...) +CVE-2010-1135 - tikiwiki <removed> -CVE-2010-1134 (SQL injection vulnerability in the _find function in searchlib.php in ...) +CVE-2010-1134 - tikiwiki <removed> -CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x ...) +CVE-2010-1133 - tikiwiki <removed> -CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, ...) +CVE-2010-1131 NOTE: browser crashes are not considered security-relevant -CVE-2010-1130 (session.c in the session extension in PHP before 5.2.13, and 5.3.1, ...) +CVE-2010-1130 - php5 5.3.2-1 (unimportant) NOTE: open_basedir not supported -CVE-2010-1129 (The safe_mode implementation in PHP before 5.2.13 does not properly ...) +CVE-2010-1129 - php5 5.3.2-1 (unimportant) NOTE: safe_mode not supported -CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...) +CVE-2010-1128 {DSA-2195-1} - php5 5.3.2-1 (low) -CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data ...) +CVE-2010-1127 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...) +CVE-2010-1126 - webkit <not-affected> (proof-of-concept not effective; windows-only?) -CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and ...) +CVE-2010-1125 - xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2) NOTE: Description is wrong, only affects Firefox 3.6 per https://bugzilla.mozilla.org/show_bug.cgi?id=552255 -CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...) +CVE-2010-1124 NOT-FOR-US: IBM AIX -CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile with ...) +CVE-2010-1123 - deliver <removed> -CVE-2010-2445 (freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read ...) +CVE-2010-2445 - freeciv 2.2.1-1 (low; bug #584589) [lenny] - freeciv <no-dsa> (Minor issue) NOTE: http://gna.org/bugs/?15624 @@ -10878,259 +10878,259 @@ CVE-2010-2446 [Rbot Owner Reaction Command Execution] - rbot 0.9.14-2 (bug #575286) [lenny] - rbot <not-affected> ("reaction" plugin not present in 0.9.10) [etch] - rbot <not-affected> ("reaction" plugin not present in 0.9.10) -CVE-2010-1122 (Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 ...) +CVE-2010-1122 - xulrunner <not-affected> (Only affects the Firefox 3.6 branch) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=552216 -CVE-2010-1121 (Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes ...) +CVE-2010-1121 - xulrunner <not-affected> (vulnerable code introduced in firefox 3.6) - iceape <not-affected> (vulnerable code introduced in firefox 3.6) -CVE-2010-1120 (Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows ...) +CVE-2010-1120 NOT-FOR-US: Apple Type Services -CVE-2010-1119 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) +CVE-2010-1119 - webkit 1.2.1-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: https://bugs.webkit.org/show_bug.cgi?id=33850 NOTE: http://trac.webkit.org/changeset/53501 NOTE: http://trac.webkit.org/changeset/53504 -CVE-2010-1118 (Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows ...) +CVE-2010-1118 NOT-FOR-US: Internet Explorer -CVE-2010-1117 (Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows ...) +CVE-2010-1117 NOT-FOR-US: Internet Explorer -CVE-2010-1116 (LookMer Music Portal stores sensitive information under the web root ...) +CVE-2010-1116 NOT-FOR-US: LookMer Music Portal -CVE-2010-1115 (Directory traversal vulnerability in news/include/customize.php in Web ...) +CVE-2010-1115 NOT-FOR-US: Web Server Creator - Web Portal -CVE-2010-1114 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...) +CVE-2010-1114 NOT-FOR-US: Web Server Creator - Web Portal -CVE-2010-1113 (Cross-site scripting (XSS) vulnerability in the forum page in Web ...) +CVE-2010-1113 NOT-FOR-US: Web Server Creator - Web Portal -CVE-2010-1112 (Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 ...) +CVE-2010-1112 NOT-FOR-US: KloNews -CVE-2010-1111 (Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete ...) +CVE-2010-1111 NOT-FOR-US: Jokes Complete Website -CVE-2010-1110 (Directory traversal vulnerability in index.php in phpMySport 1.4 ...) +CVE-2010-1110 NOT-FOR-US: phpMySport -CVE-2010-1109 (Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, ...) +CVE-2010-1109 NOT-FOR-US: phpMySport -CVE-2010-1108 (Cross-site scripting (XSS) vulnerability in the Control Panel module ...) +CVE-2010-1108 NOT-FOR-US: third-party Drupal module -CVE-2010-1107 (Cross-site scripting (XSS) vulnerability in the Recent Comments module ...) +CVE-2010-1107 NOT-FOR-US: third-party Drupal module -CVE-2010-1106 (PHP remote file inclusion vulnerability in cgi/index.php in ...) +CVE-2010-1106 NOT-FOR-US: AdvertisementManager -CVE-2010-1105 (Cross-site scripting (XSS) vulnerability in cgi/index.php in ...) +CVE-2010-1105 NOT-FOR-US: AdvertisementManager -CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass ...) +CVE-2010-1103 NOT-FOR-US: Stainless -CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass intended ...) +CVE-2010-1102 NOT-FOR-US: OmniWeb -CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote attackers to ...) +CVE-2010-1101 NOT-FOR-US: Alexander Clauss iCab -CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended ...) +CVE-2010-1100 - arora <not-affected> (Advisory is wrong, URL range is protected by QUrl) -CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass ...) +CVE-2010-1099 NOT-FOR-US: Apple Safari -CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as ...) +CVE-2010-1098 NOT-FOR-US: Microsoft Windows -CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when ...) +CVE-2010-1097 NOT-FOR-US: DeDeCMS -CVE-2010-1096 (Multiple SQL injection vulnerabilities in searchmatch.php in ...) +CVE-2010-1096 NOT-FOR-US: ScriptsFeed Dating Software -CVE-2010-1095 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-1095 NOT-FOR-US: Tracking Requirements & Use Cases -CVE-2010-1094 (SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus ...) +CVE-2010-1094 NOT-FOR-US: Auktionshaus V4rgo -CVE-2010-1093 (SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when ...) +CVE-2010-1093 NOT-FOR-US: 1024 CMS -CVE-2010-1092 (Multiple SQL injection vulnerabilities in login.php in ScriptsFeed ...) +CVE-2010-1092 NOT-FOR-US: ScriptsFeed Business Directory -CVE-2010-1091 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...) +CVE-2010-1091 NOT-FOR-US: phpMySite -CVE-2010-1090 (SQL injection vulnerability in index.php in phpMySite allows remote ...) +CVE-2010-1090 NOT-FOR-US: phpMySite -CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 ...) +CVE-2010-1089 NOT-FOR-US: PHP Trouble Ticket -CVE-2010-1088 (fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always ...) +CVE-2010-1088 {DSA-2053-1} - linux-2.6 2.6.32-10 -CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel ...) +CVE-2010-1087 {DSA-2053-1} - linux-2.6 2.6.32-9 (low) -CVE-2010-1086 (The ULE decapsulation functionality in ...) +CVE-2010-1086 {DSA-2053-1} - linux-2.6 2.6.32-10 (low) -CVE-2010-1085 (The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 ...) +CVE-2010-1085 - linux-2.6 2.6.32-9 [lenny] - linux-2.6 <not-affected> (affected call not present) -CVE-2010-1084 (Linux kernel 2.6.18 through 2.6.33, and possibly other versions, ...) +CVE-2010-1084 {DSA-2053-1} - linux-2.6 2.6.32-11 -CVE-2010-1083 (The processcompl_compat function in drivers/usb/core/devio.c in Linux ...) +CVE-2010-1083 {DSA-2053-1} - linux-2.6 2.6.32-9 -CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when ...) +CVE-2010-1082 NOT-FOR-US: OI.Blogs -CVE-2010-1081 (Directory traversal vulnerability in the Community Polls ...) +CVE-2010-1081 NOT-FOR-US: com_communitypolls component for Joomla! -CVE-2010-1080 (Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS ...) +CVE-2010-1080 NOT-FOR-US: Pulse CMS -CVE-2010-1079 (Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 ...) +CVE-2010-1079 NOT-FOR-US: Sawmill -CVE-2010-1078 (SQL injection vulnerability in archive.php in XlentProjects SphereCMS ...) +CVE-2010-1078 NOT-FOR-US: Xlent Projects SphereCMS -CVE-2010-1077 (Directory traversal vulnerability in vbseo.php in Crawlability vBSEO ...) +CVE-2010-1077 NOT-FOR-US: Crawlability vBSEO plugin for vBulletin -CVE-2010-1076 (Cross-site scripting (XSS) vulnerability in index.php in Entry Level ...) +CVE-2010-1076 NOT-FOR-US: Entry Level CMS -CVE-2010-1075 (SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) ...) +CVE-2010-1075 NOT-FOR-US: Entry Level CMS -CVE-2010-1074 (Cross-site scripting (XSS) vulnerability in the Currency Exchange ...) +CVE-2010-1074 NOT-FOR-US: Currency Exchange module for Drupal -CVE-2010-1073 (SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) ...) +CVE-2010-1073 NOT-FOR-US: com_jembed component for Joomla! -CVE-2010-1072 (Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS ...) +CVE-2010-1072 NOT-FOR-US: Sniggabo CMS -CVE-2010-1071 (SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows ...) +CVE-2010-1071 NOT-FOR-US: phpMDJ -CVE-2010-1070 (SQL injection vulnerability in index.php in ImagoScripts Deviant Art ...) +CVE-2010-1070 NOT-FOR-US: ImagoScripts -CVE-2010-1069 (SQL injection vulnerability in games/game.php in ProArcadeScript ...) +CVE-2010-1069 NOT-FOR-US: ProArcadeScript -CVE-2010-1068 (Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi ...) +CVE-2010-1068 NOT-FOR-US: NetWin SurgeFTP -CVE-2010-1067 (E-membres 1.0 stores sensitive information under the web root with ...) +CVE-2010-1067 NOT-FOR-US: E-membres -CVE-2010-1066 (AR Web Content Manager (AWCM) 2.1 stores sensitive information under ...) +CVE-2010-1066 NOT-FOR-US: AR Web Content Manager -CVE-2010-1065 (Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information ...) +CVE-2010-1065 NOT-FOR-US: Lebisoft Ziparetci Defteri -CVE-2010-1064 (Erolife AjxGaleri VT stores sensitive information under the web root ...) +CVE-2010-1064 NOT-FOR-US: Erolife AjxGaleri VT -CVE-2010-1063 (Multiple directory traversal vulnerabilities in Phpkobo Free Real ...) +CVE-2010-1063 NOT-FOR-US: Phpkobo Free Real Estate Contact Form -CVE-2010-1062 (Directory traversal vulnerability in codelib/sys/common.inc.php in ...) +CVE-2010-1062 NOT-FOR-US: Phpkobo Free Real Estate Contact Form -CVE-2010-1061 (Multiple directory traversal vulnerabilities in Phpkobo Short URL ...) +CVE-2010-1061 NOT-FOR-US: Phpkbo Short URL -CVE-2010-1060 (Directory traversal vulnerability in staff/app/common.inc.php in ...) +CVE-2010-1060 NOT-FOR-US: Phpkobo Short URL -CVE-2010-1059 (Directory traversal vulnerability in staff/app/common.inc.php in ...) +CVE-2010-1059 NOT-FOR-US: Phpkobo Address Book Script -CVE-2010-1058 (Directory traversal vulnerability in codelib/cfg/common.inc.php in ...) +CVE-2010-1058 NOT-FOR-US: Phpkobo Adress Book Script -CVE-2010-1057 (Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka ...) +CVE-2010-1057 NOT-FOR-US: Phpkobo AdFreely -CVE-2010-1056 (Directory traversal vulnerability in the RokDownloads ...) +CVE-2010-1056 NOT-FOR-US: com_rokdownloads component for Joomla! -CVE-2010-1055 (Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and ...) +CVE-2010-1055 NOT-FOR-US: osDate -CVE-2010-1054 (Multiple SQL injection vulnerabilities in ParsCMS allow remote ...) +CVE-2010-1054 NOT-FOR-US: ParsCMS -CVE-2010-1053 (Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and ...) +CVE-2010-1053 NOT-FOR-US: Zen Time Tracking -CVE-2010-1052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2010-1052 NOT-FOR-US: AudiStat -CVE-2010-1051 (Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 ...) +CVE-2010-1051 NOT-FOR-US: AudiStat -CVE-2010-1050 (SQL injection vulnerability in index.php in AudiStat 1.3 allows remote ...) +CVE-2010-1050 NOT-FOR-US: AudiStat -CVE-2010-1049 (Multiple SQL injection vulnerabilities in Uiga Business Portal allow ...) +CVE-2010-1049 NOT-FOR-US: Uiga Business Portal -CVE-2010-1048 (Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga ...) +CVE-2010-1048 NOT-FOR-US: Uiga Business Portal -CVE-2010-1047 (SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and ...) +CVE-2010-1047 NOT-FOR-US: MASA2EL Music City -CVE-2010-1046 (Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 ...) +CVE-2010-1046 NOT-FOR-US: Rostermain -CVE-2010-1045 (SQL injection vulnerability in the Productbook (com_productbook) ...) +CVE-2010-1045 NOT-FOR-US: com_productbook component for Joomla! -CVE-2010-1044 (SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 ...) +CVE-2010-1044 NOT-FOR-US: ManageEngine OpUtils -CVE-2010-1043 (Directory traversal vulnerability in index.php in jaxCMS 1.0 allows ...) +CVE-2010-1043 NOT-FOR-US: jaxCMS -CVE-2010-1042 (Microsoft Windows Media Player 11 does not properly perform colorspace ...) +CVE-2010-1042 NOT-FOR-US: Microsoft Windows Media Player -CVE-2010-1041 (Unspecified vulnerability in the single sign-on functionality in the ...) +CVE-2010-1041 NOT-FOR-US: IBM DB2 Content Manager Toolkit -CVE-2010-1040 (The "IP address range limitation" function in OpenPNE 1.6 through 1.8, ...) +CVE-2010-1040 NOT-FOR-US: OpenPNE -CVE-2010-1039 (Format string vulnerability in the _msgout function in rpc.pcnfsd in ...) +CVE-2010-1039 NOT-FOR-US: HP-UX -CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before 6.0 ...) +CVE-2010-1038 NOT-FOR-US: HP System Insight Manager -CVE-2010-1037 (Cross-site request forgery (CSRF) vulnerability in HP System Insight ...) +CVE-2010-1037 NOT-FOR-US: HP System Insight Manager -CVE-2010-1036 (Cross-site scripting (XSS) vulnerability in HP System Insight Manager ...) +CVE-2010-1036 NOT-FOR-US: hP System Insight Manager -CVE-2010-1035 (Multiple unspecified vulnerabilities in HP Virtual Machine Manager ...) +CVE-2010-1035 NOT-FOR-US: HP Virtual Machine Manager -CVE-2010-1034 (Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 ...) +CVE-2010-1034 NOT-FOR-US: HP System Management Homepage -CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne ActiveX ...) +CVE-2010-1033 NOT-FOR-US: HP Operations Manager -CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local users to ...) +CVE-2010-1032 NOT-FOR-US: HP-UX -CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka ...) +CVE-2010-1031 NOT-FOR-US: HP Insight Control -CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules ...) +CVE-2010-1030 NOT-FOR-US: HP-UX -CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function ...) +CVE-2010-1029 - webkit <not-affected> (proof-of-concept not effective) - chromium-browser 5.0.375.29~r46008-1 -CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate) ...) +CVE-2010-1027 NOT-FOR-US: travelmate extension for typo3 -CVE-2010-1026 (SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) ...) +CVE-2010-1026 NOT-FOR-US: tmsw_cleandb extension for typo3 -CVE-2010-1025 (Cross-site scripting (XSS) vulnerability in the TGM-Newsletter ...) +CVE-2010-1025 NOT-FOR-US: tgm_newsletter extension for typo3 -CVE-2010-1024 (SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) ...) +CVE-2010-1024 NOT-FOR-US: tgm_newsletter extension for typo3 -CVE-2010-1023 (Cross-site scripting (XSS) vulnerability in the UserTask Center, ...) +CVE-2010-1023 NOT-FOR-US: taskcenter_recent extension for typo3 -CVE-2010-1022 (The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) ...) +CVE-2010-1022 NOT-FOR-US: t3sec_saltedpw extension for typo3 -CVE-2010-1021 (Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer ...) +CVE-2010-1021 NOT-FOR-US: t3quixplorer extension for typo3 -CVE-2010-1020 (Cross-site scripting (XSS) vulnerability in the Simple Gallery ...) +CVE-2010-1020 NOT-FOR-US: sk_simplegallery extension for typo3 -CVE-2010-1019 (SQL injection vulnerability in the Simple Gallery (sk_simplegallery) ...) +CVE-2010-1019 NOT-FOR-US: sk_simplegallery extension for typo3 -CVE-2010-1018 (SQL injection vulnerability in the Book Reviews (sk_bookreview) ...) +CVE-2010-1018 NOT-FOR-US: sk_bookreview extension for typo3 -CVE-2010-1017 (SQL injection vulnerability in the SAV Filter Months ...) +CVE-2010-1017 NOT-FOR-US: sav_filter_months extension for typo3 -CVE-2010-1016 (SQL injection vulnerability in the SAV Filter Selectors ...) +CVE-2010-1016 NOT-FOR-US: sav_filter_selectors extension for typo3 -CVE-2010-1015 (SQL injection vulnerability in the SAV Filter Alphabetic ...) +CVE-2010-1015 NOT-FOR-US: sav_filter_abc extension for typo3 -CVE-2010-1014 (Cross-site scripting (XSS) vulnerability in the Reports Logfile View ...) +CVE-2010-1014 NOT-FOR-US: reports_logview extension for typo3 -CVE-2010-1013 (SQL injection vulnerability in the Diocese of Portsmouth Database ...) +CVE-2010-1013 NOT-FOR-US: pd_diocesedatabase extension for typo3 -CVE-2010-1012 (SQL injection vulnerability in the CleanDB (nf_cleandb) extension ...) +CVE-2010-1012 NOT-FOR-US: nf_cleandb extension for typo3 -CVE-2010-1011 (Cross-site scripting (XSS) vulnerability in the myDashboard ...) +CVE-2010-1011 NOT-FOR-US: mydashboard extension for typo3 -CVE-2010-1010 (SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) ...) +CVE-2010-1010 NOT-FOR-US: mk_wastebasket extension for typo3 -CVE-2010-1009 (SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 ...) +CVE-2010-1009 NOT-FOR-US: educator extension for typo3 -CVE-2010-1008 (Cross-site scripting (XSS) vulnerability in the Sellector.com Widget ...) +CVE-2010-1008 NOT-FOR-US: chsellector extension for typo3 -CVE-2010-1007 (Unspecified vulnerability in the Power Extension Manager (ch_lightem) ...) +CVE-2010-1007 NOT-FOR-US: ch_lightem extension for typo3 -CVE-2010-1006 (SQL injection vulnerability in the Brainstorming extension 0.1.8 and ...) +CVE-2010-1006 NOT-FOR-US: brainstorming extension for typo3 -CVE-2010-1005 (Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 ...) +CVE-2010-1005 NOT-FOR-US: yatse extension for typo3 -CVE-2010-1004 (SQL injection vulnerability in the Yet another TYPO3 search engine ...) +CVE-2010-1004 NOT-FOR-US: yatse extension for typo3 CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52] - libphp-cas <itp> (bug #495542) - glpi 0.72.4-2 (bug #574760; unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52 -CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Open ...) +CVE-2010-1028 - xulrunner <not-affected> (vulnerability introduced in firefox 3.6) - iceape <not-affected> (Vulnerable code not present) - calibre 2.38.0+dfsg-1 (bug #787085) @@ -11141,93 +11141,93 @@ CVE-2010-XXXX [Escape href attribute in auto links] - redmine 0.9.3-3 CVE-2010-XXXX [Fixes permission check in QueriesController] - redmine 0.9.3-3 -CVE-2010-1003 (Directory traversal vulnerability in ...) +CVE-2010-1003 NOT-FOR-US: eFront-learning CVE-2010-1002 RESERVED CVE-2010-1001 RESERVED -CVE-2010-1000 (Directory traversal vulnerability in KGet in KDE SC 4.0.0 through ...) +CVE-2010-1000 - kdenetwork 4:4.4.3-2 [lenny] - kdenetwork <not-affected> (Metalink plugin not yet present) NOTE: http://seclists.org/fulldisclosure/2010/May/165 -CVE-2010-0999 (Directory traversal vulnerability in Free Download Manager (FDM) ...) +CVE-2010-0999 NOT-FOR-US: Free Download Manager -CVE-2010-0998 (Multiple stack-based buffer overflows in Free Download Manager (FDM) ...) +CVE-2010-0998 NOT-FOR-US: Free Download Manager -CVE-2010-0997 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-0997 NOT-FOR-US: e107 -CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows ...) +CVE-2010-0996 NOT-FOR-US: e107 -CVE-2010-0995 (Stack-based buffer overflow in Internet Download Manager (IDM) before ...) +CVE-2010-0995 NOT-FOR-US: Internet Download Manager -CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library ...) +CVE-2010-0994 NOT-FOR-US: Visualization Library -CVE-2010-0993 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and ...) +CVE-2010-0993 NOT-FOR-US: Pulse CMS Basic -CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse ...) +CVE-2010-0992 NOT-FOR-US: Pulse CMS Basic -CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow ...) +CVE-2010-0991 - imlib2 <not-affected> (vulnerable code introduced in 1.4.3) -CVE-2010-0990 (Stack-based buffer overflow in Creative Software AutoUpdate Engine ...) +CVE-2010-0990 NOT-FOR-US: Creative Software AutoUpdate -CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before ...) +CVE-2010-0989 NOT-FOR-US: Pulse CMS -CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ...) +CVE-2010-0988 NOT-FOR-US: Pulse CMS -CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 ...) +CVE-2010-0987 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly process ...) +CVE-2010-0986 NOT-FOR-US: Adobe Shockwave Player CVE-2010-XXXX [dojo can be used as a redirector] - dojo 1.4.2+dfsg-1 (low) NOTE: http://web.archive.org/web/20101029020014/http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ NOTE: http://bugs.dojotoolkit.org/ticket/10773 -CVE-2010-0985 (Directory traversal vulnerability in the Abbreviations Manager ...) +CVE-2010-0985 NOT-FOR-US: com_abbrev component for Joomla! -CVE-2010-0984 (Acidcat CMS 3.5.3 and earlier stores sensitive information under the ...) +CVE-2010-0984 NOT-FOR-US: Acidcat CMS -CVE-2010-0983 (PHP remote file inclusion vulnerability in include/mail.inc.php in ...) +CVE-2010-0983 NOT-FOR-US: Rezervi -CVE-2010-0982 (Directory traversal vulnerability in the CARTwebERP (com_cartweberp) ...) +CVE-2010-0982 NOT-FOR-US: com_cartweberp component for Joomla! -CVE-2010-0981 (SQL injection vulnerability in the TPJobs (com_tpjobs) component for ...) +CVE-2010-0981 NOT-FOR-US: com_tpjobs component for Joomla! -CVE-2010-0980 (SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats ...) +CVE-2010-0980 NOT-FOR-US: Left 4 Dead Stats -CVE-2010-0979 (Cross-site scripting (XSS) vulnerability in display.php in ...) +CVE-2010-0979 NOT-FOR-US: Obsession-Design Image-Gallery -CVE-2010-0978 (KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under ...) +CVE-2010-0978 NOT-FOR-US: KMSoft Guestbook -CVE-2010-0977 (PD PORTAL 4.0 stores sensitive information under the web root with ...) +CVE-2010-0977 NOT-FOR-US: PD PORTAL -CVE-2010-0976 (Acidcat CMS 3.5.x does not prevent access to install.asp after ...) +CVE-2010-0976 NOT-FOR-US: Acidcat CMS -CVE-2010-0975 (PHP remote file inclusion vulnerability in external.php in ...) +CVE-2010-0975 NOT-FOR-US: PHPCityPortal -CVE-2010-0974 (Multiple SQL injection vulnerabilities in PHPCityPortal allow remote ...) +CVE-2010-0974 NOT-FOR-US: PHPCityPortal -CVE-2010-0973 (SQL injection vulnerability in index.php in phppool media Domain ...) +CVE-2010-0973 NOT-FOR-US: phppool Media Domain Verkaus and Auktions Portal -CVE-2010-0972 (Directory traversal vulnerability in the GCalendar (com_gcalendar) ...) +CVE-2010-0972 NOT-FOR-US: com_gcalendar component for Joomla! -CVE-2010-0971 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 ...) +CVE-2010-0971 NOT-FOR-US: ATutor CMS -CVE-2010-0970 (SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows ...) +CVE-2010-0970 NOT-FOR-US: PhpMyLogon -CVE-2010-0968 (SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 ...) +CVE-2010-0968 NOT-FOR-US: Geekhelps ADMP -CVE-2010-0967 (Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, ...) +CVE-2010-0967 NOT-FOR-US: Geekhelps ADMP -CVE-2010-0966 (PHP remote file inclusion vulnerability in inc/config.php in deV!L`z ...) +CVE-2010-0966 NOT-FOR-US: deV!L`z Clanportal -CVE-2010-0965 (Jevci Siparis Formu Scripti stores sensitive information under the web ...) +CVE-2010-0965 NOT-FOR-US: Jevci Siparis Formu Scripti -CVE-2010-0964 (SQL injection vulnerability in start.php in Eros Webkatalog allows ...) +CVE-2010-0964 NOT-FOR-US: Eros Webkatalog -CVE-2010-0963 (Cross-site scripting (XSS) vulnerability in index.php in dl Download ...) +CVE-2010-0963 NOT-FOR-US: dl Download Ticket Service -CVE-2010-1195 (Cross-site scripting (XSS) vulnerability in the htmlscrubber component ...) +CVE-2010-1195 {DSA-2020-1} - ikiwiki 3.20100312 (low) CVE-2010-0747 [linux-2.6 drbd connector issue] @@ -11236,353 +11236,353 @@ CVE-2010-0747 [linux-2.6 drbd connector issue] - linux-2.6 <not-affected> (drbd introduced for the first time in 2.6.32-12, which included the fix for this issue, so no supported debian kernel was ever affected) - drbd8 2:8.3.7-1 [lenny] - drbd8 2:8.0.14-2+lenny1 -CVE-2010-0969 (Unbound before 1.4.3 does not properly align structures on 64-bit ...) +CVE-2010-0969 - unbound 1.4.3-1 [lenny] - unbound <not-affected> (Vulnerable code not present) CVE-2010-XXXX [moin: hierarchical ACLs security issue] - moin 1.8.4-1 (low) [lenny] - moin 1.7.1-3+lenny3 NOTE: http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2 -CVE-2010-0962 (The FTP proxy server in Apple AirPort Express, AirPort Extreme, and ...) +CVE-2010-0962 NOT-FOR-US: Apple -CVE-2010-0961 (Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and ...) +CVE-2010-0961 NOT-FOR-US: IBM AIX and VIOS -CVE-2010-0960 (Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and ...) +CVE-2010-0960 NOT-FOR-US: IBM AIX and VIOS -CVE-2010-0959 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-0959 NOT-FOR-US: IBM ENOVIA SmarTeam -CVE-2010-0958 (Directory traversal vulnerability in modules/hayoo/index.php in ...) +CVE-2010-0958 NOT-FOR-US: Tribisur -CVE-2010-0957 (Directory traversal vulnerability in content.php in Saskia's ...) +CVE-2010-0957 NOT-FOR-US: Saskia's Shopsystem -CVE-2010-0956 (SQL injection vulnerability in index.php in OpenCart 1.3.2 allows ...) +CVE-2010-0956 NOT-FOR-US: OpenCart -CVE-2010-0955 (SQL injection vulnerability in index.php in Bild Flirt Community 2.0 ...) +CVE-2010-0955 NOT-FOR-US: Bild Flirt Community -CVE-2010-0954 (SQL injection vulnerability in search_result.asp in Pre Projects Pre ...) +CVE-2010-0954 NOT-FOR-US: Pre Projects Pre E-Learning Portal -CVE-2010-0953 (Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows ...) +CVE-2010-0953 NOT-FOR-US: phpCOIN -CVE-2010-0952 (SQL injection vulnerability in index.php in OneCMS 2.5, when ...) +CVE-2010-0952 NOT-FOR-US: OneCMS -CVE-2010-0951 (SQL injection vulnerability in go_target.php in dev4u CMS allows ...) +CVE-2010-0951 NOT-FOR-US: dev4u CMS -CVE-2010-0950 (Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote ...) +CVE-2010-0950 NOT-FOR-US: Natychmiast CMS -CVE-2010-0949 (Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS ...) +CVE-2010-0949 NOT-FOR-US: Natychmiast CMS -CVE-2010-0948 (SQL injection vulnerability in profil.php in Bigforum 4.5, when ...) +CVE-2010-0948 NOT-FOR-US: Bigforum -CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max Network ...) +CVE-2010-0947 NOT-FOR-US: BBSMAX -CVE-2010-1132 (The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter ...) +CVE-2010-1132 {DSA-2021-2 DSA-2021-1} - spamass-milter 0.3.1-9 (bug #573228) [lenny] - spamass-milter 0.3.1-8+lenny1 -CVE-2010-1189 (MediaWiki before 1.15.2 does not prevent wiki editors from linking to ...) +CVE-2010-1189 {DSA-2022-1} - mediawiki 1:1.15.2-1 (low) NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html [lenny] - mediawiki 1:1.12.0-2lenny4 -CVE-2010-1190 (thumb.php in MediaWiki before 1.15.2, when used with ...) +CVE-2010-1190 {DSA-2022-1} - mediawiki 1:1.15.2-1 (low) [lenny] - mediawiki 1:1.12.0-2lenny4 NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html -CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS) ...) +CVE-2010-0946 NOT-FOR-US: com_ksadvertiser component for Joomla! -CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament Brackets ...) +CVE-2010-0945 NOT-FOR-US: com_hotbrackets component for Joomla! -CVE-2010-0944 (Directory traversal vulnerability in the JCollection (com_jcollection) ...) +CVE-2010-0944 NOT-FOR-US: com_jcollection component for Joomla! -CVE-2010-0943 (Directory traversal vulnerability in the JA Showcase (com_jashowcase) ...) +CVE-2010-0943 NOT-FOR-US: com_jashowcase component for Joomla! -CVE-2010-0942 (Directory traversal vulnerability in the jVideoDirect ...) +CVE-2010-0942 NOT-FOR-US: com_jvideodirect component for Joomla! -CVE-2010-0941 (Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems ...) +CVE-2010-0941 NOT-FOR-US: eTek Systems Hit Counter -CVE-2010-0940 (Cross-site scripting (XSS) vulnerability in guestbook.php in Simple ...) +CVE-2010-0940 NOT-FOR-US: Simple PHP Guestbook -CVE-2010-0939 (Visialis ABB Forum 1.1 stores sensitive information under the web root ...) +CVE-2010-0939 NOT-FOR-US: Visialis ABB Forum -CVE-2010-0938 (Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo ...) +CVE-2010-0938 NOT-FOR-US: Todoo Forum -CVE-2010-0937 (Multiple unspecified vulnerabilities in Visualization Library before ...) +CVE-2010-0937 NOT-FOR-US: Visualization Library -CVE-2010-0936 (Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK ...) +CVE-2010-0936 NOT-FOR-US: D-LINK firmware CVE-2010-XXXX [phpbb 3.0.7 permissions bypass] - phpbb3 3.0.7-PL1 [lenny] - phpbb3 <not-affected> (older version is in the archive) [squeeze] - phpbb3 <not-affected> (older version is in the archive) NOTE: http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195 -CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx ...) +CVE-2010-0928 - openssl <unfixed> (unimportant) NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf NOTE: somewhat impractical right now, but the openssl developers are working NOTE: on a fix just in case -CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...) +CVE-2010-0926 - samba 2:3.4.6~dfsg-1 (low; bug #568493; bug #572953) [lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications) -CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is ...) +CVE-2010-0935 NOT-FOR-US: Perforce Server -CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows remote ...) +CVE-2010-0934 NOT-FOR-US: Perforce Server -CVE-2010-0933 (Directory traversal vulnerability in Perforce Server 2008.1 allows ...) +CVE-2010-0933 NOT-FOR-US: Perforce Server -CVE-2010-0932 (The FTP server in Perforce Server 2008.1 allows remote attackers to ...) +CVE-2010-0932 NOT-FOR-US: Perforce Server -CVE-2010-0931 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...) +CVE-2010-0931 NOT-FOR-US: Perforce Server -CVE-2010-0930 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...) +CVE-2010-0930 NOT-FOR-US: Perforce Server -CVE-2010-0929 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...) +CVE-2010-0929 NOT-FOR-US: Perforce Server -CVE-2010-0927 (Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in ...) +CVE-2010-0927 NOT-FOR-US: IBM Lotus Domino -CVE-2010-0925 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 ...) +CVE-2010-0925 NOT-FOR-US: Apple Safari -CVE-2010-0924 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 ...) +CVE-2010-0924 NOT-FOR-US: Apple Safari -CVE-2010-0923 (Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner ...) +CVE-2010-0923 - kdebase 4:4.4.2-1 [lenny] - kdebase <not-affected> (Only affected version 4.4.0) - kdebase-workspace 4:4.4.2-1 -CVE-2010-0922 (Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP ...) +CVE-2010-0922 NOT-FOR-US: IBM AIX -CVE-2010-0921 (Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes ...) +CVE-2010-0921 NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access -CVE-2010-0920 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka ...) +CVE-2010-0920 NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access -CVE-2010-0919 (Stack-based buffer overflow in the Lotus Domino Web Access ActiveX ...) +CVE-2010-0919 NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access -CVE-2010-0918 (Multiple unspecified vulnerabilities in the UltraLite functionality in ...) +CVE-2010-0918 NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access -CVE-2010-0917 (Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, ...) +CVE-2010-0917 NOT-FOR-US: Microsoft Windows -CVE-2010-0916 (Unspecified vulnerability in Oracle OpenSolaris 10 allows local users ...) +CVE-2010-0916 NOT-FOR-US: Solaris -CVE-2010-0915 (Unspecified vulnerability in the Oracle Advanced Product Catalog ...) +CVE-2010-0915 NOT-FOR-US: Oracle -CVE-2010-0914 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote ...) +CVE-2010-0914 NOT-FOR-US: Oracle -CVE-2010-0913 (Unspecified vulnerability in the Oracle Applications Manager component ...) +CVE-2010-0913 NOT-FOR-US: Oracle -CVE-2010-0912 (Unspecified vulnerability in the Oracle Applications Framework ...) +CVE-2010-0912 NOT-FOR-US: Oracle -CVE-2010-0911 (Unspecified vulnerability in the Listener component in Oracle Database ...) +CVE-2010-0911 NOT-FOR-US: Oracle -CVE-2010-0910 (Unspecified vulnerability in the Data Server component in Oracle ...) +CVE-2010-0910 NOT-FOR-US: Oracle -CVE-2010-0909 (Unspecified vulnerability in the Oracle Applications Framework ...) +CVE-2010-0909 NOT-FOR-US: Oracle -CVE-2010-0908 (Unspecified vulnerability in the Oracle Applications Framework ...) +CVE-2010-0908 NOT-FOR-US: Oracle -CVE-2010-0907 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...) +CVE-2010-0907 NOT-FOR-US: Oracle -CVE-2010-0906 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...) +CVE-2010-0906 NOT-FOR-US: Oracle -CVE-2010-0905 (Unspecified vulnerability in the Oracle Applications Manager component ...) +CVE-2010-0905 NOT-FOR-US: Oracle -CVE-2010-0904 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...) +CVE-2010-0904 NOT-FOR-US: Oracle -CVE-2010-0903 (Unspecified vulnerability in the Net Foundation Layer component in ...) +CVE-2010-0903 NOT-FOR-US: Oracle -CVE-2010-0902 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) +CVE-2010-0902 NOT-FOR-US: Oracle -CVE-2010-0901 (Unspecified vulnerability in the Export component in Oracle Database ...) +CVE-2010-0901 NOT-FOR-US: Oracle -CVE-2010-0900 (Unspecified vulnerability in the Network Layer component in Oracle ...) +CVE-2010-0900 NOT-FOR-US: Oracle -CVE-2010-0899 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...) +CVE-2010-0899 NOT-FOR-US: Oracle -CVE-2010-0898 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...) +CVE-2010-0898 NOT-FOR-US: Oracle -CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory Server ...) +CVE-2010-0897 NOT-FOR-US: Sun Java System Directory Server -CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in Oracle ...) +CVE-2010-0896 NOT-FOR-US: Oracle Sun Product Suite -CVE-2010-0895 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) +CVE-2010-0895 NOT-FOR-US: OpenSolaris -CVE-2010-0894 (Unspecified vulnerability in the Sun Java System Access Manager ...) +CVE-2010-0894 NOT-FOR-US: Oracle Sun Product Suite -CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in Oracle ...) +CVE-2010-0893 NOT-FOR-US: Oracle sun Product Suite -CVE-2010-0892 (Unspecified vulnerability in the Application Express component in ...) +CVE-2010-0892 NOT-FOR-US: Oracle -CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center component in ...) +CVE-2010-0891 NOT-FOR-US: Oracle Sun Product Suite -CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) +CVE-2010-0890 NOT-FOR-US: OpenSolaris -CVE-2010-0889 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) +CVE-2010-0889 NOT-FOR-US: OpenSolaris -CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software component in ...) +CVE-2010-0888 NOT-FOR-US: Oracle Sun Product Suite -CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...) +CVE-2010-0887 - sun-java6 6.20-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0886 (Unspecified vulnerability in the Java Deployment Toolkit component in ...) +CVE-2010-0886 - sun-java6 6.20-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications ...) +CVE-2010-0885 NOT-FOR-US: Oracle Sun Product Suite -CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...) +CVE-2010-0884 NOT-FOR-US: Oracle Sun Product Suite -CVE-2010-0883 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...) +CVE-2010-0883 NOT-FOR-US: Oracle Sun Product Suite -CVE-2010-0882 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) +CVE-2010-0882 NOT-FOR-US: Oracle Sun Product Suite -CVE-2010-0881 (Unspecified vulnerability in the User Interface Components in Oracle ...) +CVE-2010-0881 NOT-FOR-US: Oracle Collaboration Suite -CVE-2010-0880 (Unspecified vulnerability in the PeopleTools component in Oracle ...) +CVE-2010-0880 NOT-FOR-US: Oracle PeopleSoft -CVE-2010-0879 (Unspecified vulnerability in the PeopleTools component in Oracle ...) +CVE-2010-0879 NOT-FOR-US: Oracle PeopleSoft -CVE-2010-0878 (Unspecified vulnerability in the PeopleTools component in Oracle ...) +CVE-2010-0878 NOT-FOR-US: Oracle PeopleSoft -CVE-2010-0877 (Unspecified vulnerability in the PeopleTools component in Oracle ...) +CVE-2010-0877 NOT-FOR-US: Oracle PeopleSoft -CVE-2010-0876 (Unspecified vulnerability in the Life Sciences - Oracle Clinical ...) +CVE-2010-0876 NOT-FOR-US: Oracle Industry Product Suite -CVE-2010-0875 (Unspecified vulnerability in the Life Sciences - Oracle Thesaurus ...) +CVE-2010-0875 NOT-FOR-US: Oracle Industry Product Suite -CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle ...) +CVE-2010-0874 NOT-FOR-US: Oracle Industry Product Suite -CVE-2010-0873 (Unspecified vulnerability in the Data Server component in Oracle ...) +CVE-2010-0873 NOT-FOR-US: Oracle -CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory component ...) +CVE-2010-0872 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2010-0871 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-0870 (Unspecified vulnerability in the Change Data Capture component in ...) +CVE-2010-0870 NOT-FOR-US: Oracle Database -CVE-2010-0869 (Unspecified vulnerability in the Oracle Transportation Management ...) +CVE-2010-0869 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-0868 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) +CVE-2010-0868 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-0867 (Unspecified vulnerability in the JavaVM component in Oracle Database ...) +CVE-2010-0867 NOT-FOR-US: Oracle Database -CVE-2010-0866 (Unspecified vulnerability in the JavaVM component in Oracle Database ...) +CVE-2010-0866 NOT-FOR-US: Oracle Database -CVE-2010-0865 (Unspecified vulnerability in the Oracle Agile Engineering Data ...) +CVE-2010-0865 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-0864 (Unspecified vulnerability in the Retail - Oracle Retail Place ...) +CVE-2010-0864 NOT-FOR-US: Oracle Industry Product Suite -CVE-2010-0863 (Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season ...) +CVE-2010-0863 NOT-FOR-US: Oracle Industry Product Suite -CVE-2010-0862 (Unspecified vulnerability in the Retail - Oracle Retail Markdown ...) +CVE-2010-0862 NOT-FOR-US: Oracle Industry Product Suite -CVE-2010-0861 (Unspecified vulnerability in the Oracle HRMS (Self Service) component ...) +CVE-2010-0861 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-0860 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) +CVE-2010-0860 NOT-FOR-US: Oracle Database -CVE-2010-0859 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2010-0859 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-0858 (Unspecified vulnerability in the E-Business Intelligence component in ...) +CVE-2010-0858 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-0857 (Unspecified vulnerability in the Oracle Workflow Cartridge component ...) +CVE-2010-0857 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-0856 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) +CVE-2010-0856 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-0855 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) +CVE-2010-0855 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-0854 (Unspecified vulnerability in the Audit component in Oracle Database ...) +CVE-2010-0854 NOT-FOR-US: Oracle Database -CVE-2010-0853 (Unspecified vulnerability in the Oracle Internet Directory component ...) +CVE-2010-0853 NOT-FOR-US: Oracle Database -CVE-2010-0852 (Unspecified vulnerability in the XML DB component in Oracle Database ...) +CVE-2010-0852 NOT-FOR-US: Oracle Database -CVE-2010-0851 (Unspecified vulnerability in the XML DB component in Oracle Database ...) +CVE-2010-0851 NOT-FOR-US: Oracle Database -CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) +CVE-2010-0850 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0849 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) +CVE-2010-0849 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) +CVE-2010-0848 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) +CVE-2010-0847 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0846 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...) +CVE-2010-0846 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle ...) +CVE-2010-0845 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) +CVE-2010-0844 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0843 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) +CVE-2010-0843 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) +CVE-2010-0842 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...) +CVE-2010-0841 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-0840 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0839 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) +CVE-2010-0839 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) +CVE-2010-0838 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE ...) +CVE-2010-0837 - openjdk-6 6b20~pre1-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0836 (Unspecified vulnerability in the Oracle Knowledge Management component ...) +CVE-2010-0836 NOT-FOR-US: Oracle -CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle Fusion ...) +CVE-2010-0835 NOT-FOR-US: Oracle -CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before ...) +CVE-2010-0834 - base-files <not-affected> (ubuntu-specific fix for their default OEM configuration on the Dell Latitude 2110, which permitted installation of unsigned packages) -CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build ...) +CVE-2010-0833 NOT-FOR-US: Likewise -CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before ...) +CVE-2010-0832 - pam <not-affected> (flaw in ubuntu-specific changes to the package) -CVE-2010-0831 (Directory traversal vulnerability in the extract_jar function in ...) +CVE-2010-0831 - fastjar 2:0.98-3 (low) [lenny] - fastjar <no-dsa> (Minor issue) -CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function in ...) +CVE-2010-0830 {DSA-2058-1} - glibc 2.11-1 - eglibc 2.11-1 NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5 -CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and ...) +CVE-2010-0829 {DSA-2048-1} - dvipng 1.13-1 (low; bug #580628) - texlive-bin <not-affected> (dvipng is not shipped in texlive-bin Debian packages) -CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the ...) +CVE-2010-0828 {DSA-2024-1} - moin 1.9.2-3 (low; bug #575995) -CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, ...) +CVE-2010-0827 - texlive-bin 2009-6 (low; bug #580669) [lenny] - texlive-bin 2007.dfsg.2-4+lenny3 -CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka ...) +CVE-2010-0826 - libnss-db 2.2.3pre1-3.2 (low; bug #577057) [squeeze] - libnss-db <no-dsa> (Minor issue) [lenny] - libnss-db <no-dsa> (Minor issue) -CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users ...) +CVE-2010-0825 - emacs21 <removed> (low) [lenny] - emacs21 <no-dsa> (Minor issue) NOTE: Only exploitable when configured as setgid mail, which isn't set by default @@ -11602,11 +11602,11 @@ CVE-2010-2450 [shibboleth-sp2: world-readable key] - shibboleth-sp2 2.3.1+dfsg-2 (low; bug #571631) [lenny] - shibboleth-sp2 <no-dsa> (Minor issue) - shibboleth-sp <not-affected> (Vulnerable code not present) -CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' ...) +CVE-2010-1192 - libesmtp 1.0.4-5 (bug #572960) [lenny] - libesmtp <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6 -CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...) +CVE-2010-1193 NOT-FOR-US: VMware Server CVE-2010-XXXX [argyll unsafe udev rules] - argyll <not-affected> (issue with redhat-specific changes to the package) @@ -11629,166 +11629,166 @@ CVE-2010-2250 [Installation cross site scripting] - drupal6 6.18-1 (bug #592716) CVE-2010-XXXX [linux-ftpd: null ptr dereference] - linux-ftpd <not-affected> (Performs proper length checks, see #572813) -CVE-2010-0824 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and ...) +CVE-2010-0824 NOT-FOR-US: Microsoft -CVE-2010-0823 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 ...) +CVE-2010-0823 NOT-FOR-US: Microsoft -CVE-2010-0822 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...) +CVE-2010-0822 NOT-FOR-US: Microsoft -CVE-2010-0821 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 ...) +CVE-2010-0821 NOT-FOR-US: Microsoft -CVE-2010-0820 (Heap-based buffer overflow in the Local Security Authority Subsystem ...) +CVE-2010-0820 NOT-FOR-US: Microsoft Windows -CVE-2010-0819 (Unspecified vulnerability in the Windows OpenType Compact Font Format ...) +CVE-2010-0819 NOT-FOR-US: Microsoft -CVE-2010-0818 (The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP ...) +CVE-2010-0818 NOT-FOR-US: Microsoft Windows -CVE-2010-0817 (Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in ...) +CVE-2010-0817 NOT-FOR-US: Microsoft SharePoint Server -CVE-2010-0816 (Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, ...) +CVE-2010-0816 NOT-FOR-US: Microsoft Outlook Express, Windows Live Mail, and Windows Mail -CVE-2010-0815 (VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft ...) +CVE-2010-0815 NOT-FOR-US: Microsoft Office -CVE-2010-0814 (The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office ...) +CVE-2010-0814 NOT-FOR-US: Microsoft CVE-2010-0813 REJECTED -CVE-2010-0812 (Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, ...) +CVE-2010-0812 NOT-FOR-US: Microsoft Windows -CVE-2010-0811 (Multiple unspecified vulnerabilities in the Microsoft Internet ...) +CVE-2010-0811 NOT-FOR-US: Microsoft -CVE-2010-0810 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows ...) +CVE-2010-0810 NOT-FOR-US: Microsoft Windows CVE-2010-0809 REJECTED -CVE-2010-0808 (Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not ...) +CVE-2010-0808 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in ...) +CVE-2010-0807 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka ...) +CVE-2010-0806 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft Internet ...) +CVE-2010-0805 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 ...) +CVE-2010-0804 NOT-FOR-US: iBoutique -CVE-2010-0803 (SQL injection vulnerability in the jVideoDirect (com_jvideodirect) ...) +CVE-2010-0803 NOT-FOR-US: jVideoDirect -CVE-2010-0802 (SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a ...) +CVE-2010-0802 NOT-FOR-US: Invision Power Board -CVE-2010-0801 (Directory traversal vulnerability in the AutartiTarot ...) +CVE-2010-0801 NOT-FOR-US: Joomla! -CVE-2010-0800 (SQL injection vulnerability in the Ossolution Team Documents Seller ...) +CVE-2010-0800 NOT-FOR-US: Joomla! -CVE-2010-0799 (Directory traversal vulnerability in misc/tell_a_friend/tell.php in ...) +CVE-2010-0799 NOT-FOR-US: phpunity.newsmanager -CVE-2010-0798 (SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier ...) +CVE-2010-0798 NOT-FOR-US: T3BLOG extension for TYPO3 -CVE-2010-0797 (Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 ...) +CVE-2010-0797 NOT-FOR-US: T3BLOG extension for TYPO3 -CVE-2010-0796 (SQL injection vulnerability in the JE Quiz (com_jequizmanagement) ...) +CVE-2010-0796 NOT-FOR-US: Joomla! -CVE-2010-0795 (SQL injection vulnerability in the JE Event Calendars ...) +CVE-2010-0795 NOT-FOR-US: Joomla! CVE-2010-0794 RESERVED -CVE-2010-0793 (Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to ...) +CVE-2010-0793 {DSA-2049-1} - barnowl 1.5.1-1 (bug #574418) -CVE-2010-0792 (fcrontab in fcron before 3.0.5 allows local users to read arbitrary ...) +CVE-2010-0792 - fcron <removed> (unimportant; bug #572587) NOTE: On Debian runs suid/sgid fcron and the issue is limited to the exposure NOTE: of the content of crontabs -CVE-2010-0791 (The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs ...) +CVE-2010-0791 - ncpfs 2.2.6-7 (bug #572937) [lenny] - ncpfs <no-dsa> (Minor issue) -CVE-2010-0790 (sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain ...) +CVE-2010-0790 - ncpfs 2.2.6-7 (bug #572937) [lenny] - ncpfs <no-dsa> (Minor issue) -CVE-2010-0789 (fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local ...) +CVE-2010-0789 {DSA-1989-1} - fuse 2.8.1-1.2 (bug #567633) NOTE: Initial DSA released as CVE-2009-3297 -CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain ...) +CVE-2010-0788 - ncpfs 2.2.6-7 (bug #572937) [lenny] - ncpfs <no-dsa> (Minor issue) -CVE-2010-0787 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, ...) +CVE-2010-0787 {DSA-2004-1} - samba 2:3.4.5~dfsg-2 (bug #567554) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853 NOTE: Initial DSA released as CVE-2009-3297 -CVE-2010-0786 (The Web Services Security component in IBM WebSphere Application ...) +CVE-2010-0786 NOT-FOR-US: IBM WebSphere Application -CVE-2010-0785 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...) +CVE-2010-0785 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-0784 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) +CVE-2010-0784 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-0783 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) +CVE-2010-0783 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows ...) +CVE-2010-0782 NOT-FOR-US: IBM WebSphere -CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM ...) +CVE-2010-0781 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-0780 (IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a ...) +CVE-2010-0780 NOT-FOR-US: IBM WebSphere -CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) +CVE-2010-0779 NOT-FOR-US: IBM WebSphere -CVE-2010-0778 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) +CVE-2010-0778 NOT-FOR-US: IBM WebSphere -CVE-2010-0777 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...) +CVE-2010-0777 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-0776 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...) +CVE-2010-0776 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-0775 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) +CVE-2010-0775 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-0774 (The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations ...) +CVE-2010-0774 NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0773 RESERVED -CVE-2010-0772 (Unspecified vulnerability in the channel process in IBM WebSphere MQ ...) +CVE-2010-0772 NOT-FOR-US: IMB WebSphere MQ CVE-2010-0771 REJECTED -CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...) +CVE-2010-0770 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...) +CVE-2010-0769 NOT-FOR-US: IBM WebSphere Application Server -CVE-2010-0768 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) +CVE-2010-0768 NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0767 RESERVED -CVE-2010-0766 (Integer overflow in the Swap4 function in valet4.dll in Luxology Modo ...) +CVE-2010-0766 NOT-FOR-US: Luxology Modo -CVE-2010-0765 (fipsForum 2.6 stores sensitive information under the web root with ...) +CVE-2010-0765 NOT-FOR-US: fipsForum -CVE-2010-0764 (SQL injection vulnerability in index.php in KuwaitPHP eSmile allows ...) +CVE-2010-0764 NOT-FOR-US: KuwaitPHP eSmile -CVE-2010-0763 (SQL injection vulnerability in index.php in CommodityRentals Vacation ...) +CVE-2010-0763 NOT-FOR-US: ComodityRentals Vacation Rental Software -CVE-2010-0762 (SQL injection vulnerability in index.php in CommodityRentals CD Rental ...) +CVE-2010-0762 NOT-FOR-US: CommodityRentals CD Rental Software -CVE-2010-0761 (SQL injection vulnerability in index.php in CommodityRentals ...) +CVE-2010-0761 NOT-FOR-US: CommodityRentals Books/eBooks Rentals Script -CVE-2010-0760 (Multiple directory traversal vulnerabilities in the Core Design ...) +CVE-2010-0760 NOT-FOR-US: Joomla! -CVE-2010-0759 (Directory traversal vulnerability in ...) +CVE-2010-0759 NOT-FOR-US: Joomla! -CVE-2010-0758 (SQL injection vulnerability in news_desc.php in Softbiz Jobs allows ...) +CVE-2010-0758 NOT-FOR-US: Softbiz Jobs -CVE-2010-0757 (Unrestricted file upload vulnerability in index.php/Attach in WikyBlog ...) +CVE-2010-0757 NOT-FOR-US: WikyBlog -CVE-2010-0756 (Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote ...) +CVE-2010-0756 NOT-FOR-US: WikyBlog -CVE-2010-0755 (PHP remote file inclusion vulnerability in include/WBmap.php in ...) +CVE-2010-0755 NOT-FOR-US: WikyBlog -CVE-2010-0754 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-0754 NOT-FOR-US: WikyBlog -CVE-2010-0753 (SQL injection vulnerability in the SQL Reports (com_sqlreport) ...) +CVE-2010-0753 NOT-FOR-US: Joomla! -CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type module ...) +CVE-2010-0752 NOT-FOR-US: Weekly Archive by Node Type (Drupal module) CVE-2010-1144 REJECTED -CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users ...) +CVE-2010-0750 - policykit-1 <not-affected> (pkexec introduced in 0.92) [lenny] - policykit-1 <not-affected> (pkexec introduced in 0.92) CVE-2010-0749 @@ -11798,248 +11798,248 @@ CVE-2010-0748 [transmission magnet links parser buffer overflow] RESERVED - transmission 1.92-1 (medium; bug #574507) [lenny] - transmission <not-affected> (Support for Magnet links not yet available) -CVE-2010-0746 (Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as ...) +CVE-2010-0746 - udisks 1.0.0~git20100212.aae17d9-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178 NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2 NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235 -CVE-2010-0745 (Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote ...) +CVE-2010-0745 - dovecot 1:1.2.11-1 (low) [lenny] - dovecot <not-affected> (this problem exists only with v1.2.x, not with v1.0 or v1.1) NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html [etch] - dovecot <not-affected> (Vulnerable code not present) -CVE-2010-0744 (aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, ...) +CVE-2010-0744 - amsn 0.98.3-1 (low; bug #572818) [lenny] - amsn <no-dsa> (Minor issue) -CVE-2010-0743 (Multiple format string vulnerabilities in isns.c in (1) Linux SCSI ...) +CVE-2010-0743 {DSA-2042-1} - iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935) - tgt 1:1.0.3-2 (medium; bug #576086) -CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in ...) +CVE-2010-0742 - openssl 1.0.0e-1 (unimportant; bug #584592) [lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h and later) NOTE: unimportant since cms is disabled by default -CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the ...) +CVE-2010-0741 - linux-2.6 2.6.26-1 -CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...) +CVE-2010-0740 - openssl 0.9.8n-1 (medium; bug #575607) [lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts) NOTE: http://www.openssl.org/news/secadv/20100324.txt -CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips ...) +CVE-2010-0739 - texlive-bin 2009-6 (low; bug #560668) [lenny] - texlive-bin 2007.dfsg.2-4+lenny3 -CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...) +CVE-2010-0738 - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2010-0737 RESERVED NOT-FOR-US: JBoss Operations Network -CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform ...) +CVE-2010-0736 - viewvc 1.1.5-1 (bug #575787) CVE-2010-0735 REJECTED -CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is ...) +CVE-2010-0734 {DSA-2023-1} - curl 7.20.0-1 (low) NOTE: http://www.openwall.com/lists/oss-security/2010/03/16/11 NOTE: depends on the application that uses libcurl -CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL ...) +CVE-2010-0733 - postgresql-8.4 8.4.2-1 -CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver ...) +CVE-2010-0732 - gtk+2.0 2.18.5-1 [lenny] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28) [etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28) NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/1 -CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library before ...) +CVE-2010-0731 - gnutls26 <not-affected> (Fixed before initial release) - gnutls13 1.2.1-1 -CVE-2010-0730 (The MMIO instruction decoder in the Xen hypervisor in the Linux kernel ...) +CVE-2010-0730 - linux-2.6 <not-affected> (redhat-specific issue in the 2.6.18 xen kernel) -CVE-2010-0729 (A certain Red Hat patch for the Linux kernel in Red Hat Enterprise ...) +CVE-2010-0729 - linux-2.6 <not-affected> (vulnerability in redhat-specific patch) -CVE-2010-0728 (smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is ...) +CVE-2010-0728 - samba 2:3.4.7~dfsg-1 (high; bug #573223) [lenny] - samba <not-affected> (Only affects 3.3.11, 3.4.6 and 3.5.0) -CVE-2010-0727 (The gfs2_lock function in the Linux kernel before ...) +CVE-2010-0727 {DSA-2053-1} - linux-2.6 2.6.32-11 -CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack ...) +CVE-2010-0726 {DSA-2009-1} - tdiary 2.2.1-1.1 (low; bug #572417) -CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in ...) +CVE-2010-0717 {DSA-2014-1} - moin 1.9.0~rc2-1 -CVE-2010-0725 (Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart ...) +CVE-2010-0725 NOT-FOR-US: Arab Cart -CVE-2010-0724 (SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows ...) +CVE-2010-0724 NOT-FOR-US: Arab Cart -CVE-2010-0723 (SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 ...) +CVE-2010-0723 NOT-FOR-US: Ero Auktion -CVE-2010-0722 (SQL injection vulnerability in news.php in Php Auktion Pro allows ...) +CVE-2010-0722 NOT-FOR-US: Php Auktion Pro -CVE-2010-0721 (SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 ...) +CVE-2010-0721 NOT-FOR-US: Auktionshaus Gelb -CVE-2010-0720 (SQL injection vulnerability in news.php in Erotik Auktionshaus allows ...) +CVE-2010-0720 NOT-FOR-US: Erotik Auktionshaus -CVE-2010-0719 (An unspecified API in Microsoft Windows 2000, Windows XP, Windows ...) +CVE-2010-0719 NOT-FOR-US: Microsoft -CVE-2010-0718 (Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 ...) +CVE-2010-0718 NOT-FOR-US: Microsoft -CVE-2010-0716 (_layouts/Upload.aspx in the Documents module in Microsoft SharePoint ...) +CVE-2010-0716 NOT-FOR-US: Microsoft -CVE-2010-0715 (Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM ...) +CVE-2010-0715 NOT-FOR-US: IBM WebSphere Portal -CVE-2010-0714 (Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere ...) +CVE-2010-0714 NOT-FOR-US: IBM WebSphere Portal -CVE-2010-0713 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss ...) +CVE-2010-0713 - zenoss <itp> (bug #361253) NOTE: http://seclists.org/fulldisclosure/2010/Jan/296 -CVE-2010-0712 (Multiple SQL injection vulnerabilities in ...) +CVE-2010-0712 - zenoss <itp> (bug #361253) NOTE: http://seclists.org/fulldisclosure/2010/Jan/241 -CVE-2010-0711 (Cross-site request forgery (CSRF) vulnerability in default.asp in ...) +CVE-2010-0711 NOT-FOR-US: ASPCode CMS -CVE-2010-0710 (SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 ...) +CVE-2010-0710 NOT-FOR-US: ASPCode CMS -CVE-2010-0709 (Multiple cross-site request forgery (CSRF) vulnerabilities in Limny ...) +CVE-2010-0709 NOT-FOR-US: Limny -CVE-2010-0708 (Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe ...) +CVE-2010-0708 NOT-FOR-US: Sun Directory Server Enterprise Edition -CVE-2010-0707 (Cross-site request forgery (CSRF) vulnerability in add_user.php in ...) +CVE-2010-0707 NOT-FOR-US: Employee Timeclock Software -CVE-2010-0706 (Cross-site scripting (XSS) vulnerability in the login/prompt component ...) +CVE-2010-0706 NOT-FOR-US: Subex Nikira Fraud Management System -CVE-2010-0705 (Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 ...) +CVE-2010-0705 NOT-FOR-US: Windows 2000 -CVE-2010-0704 (Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM ...) +CVE-2010-0704 NOT-FOR-US: IBM WebSphere Portal -CVE-2010-0703 (Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL ...) +CVE-2010-0703 NOT-FOR-US: PortWise SSL VPN -CVE-2010-0702 (SQL injection vulnerability in cisco/services/PhonecDirectory.php in ...) +CVE-2010-0702 NOT-FOR-US: Fonality Trixbox -CVE-2010-0701 (SQL injection vulnerability in ForceChangePassword.jsp in Newgen ...) +CVE-2010-0701 NOT-FOR-US: Newgen Software OmniDocs -CVE-2010-0700 (Cross-site scripting (XSS) vulnerability in index.php in WampServer ...) +CVE-2010-0700 NOT-FOR-US: WampServer -CVE-2010-0699 (Cross-site scripting (XSS) vulnerability in index.php in ...) +CVE-2010-0699 NOT-FOR-US: VideoSearchScript Pro -CVE-2010-0698 (SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC ...) +CVE-2010-0698 NOT-FOR-US: Dynamicsoft WSC CMS -CVE-2010-0697 (Cross-site scripting (XSS) vulnerability in the iTweak Upload module ...) +CVE-2010-0697 NOT-FOR-US: iTweak Upload module for Drupal -CVE-2010-0696 (Directory traversal vulnerability in includes/download.php in the ...) +CVE-2010-0696 NOT-FOR-US: Joomla! -CVE-2010-0695 (Cross-site scripting (XSS) vulnerability in pages/index.php in ...) +CVE-2010-0695 NOT-FOR-US: BASIC-CMS -CVE-2010-0694 (SQL injection vulnerability in the PerchaGallery (com_perchagallery) ...) +CVE-2010-0694 NOT-FOR-US: Joomla! -CVE-2010-0693 (SQL injection vulnerability in products.php in CommodityRentals Trade ...) +CVE-2010-0693 NOT-FOR-US: CommodityRentals Trade Manager Script -CVE-2010-0692 (SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) ...) +CVE-2010-0692 NOT-FOR-US: Joomla! -CVE-2010-0691 (SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows ...) +CVE-2010-0691 NOT-FOR-US: JTL-Shop -CVE-2010-0690 (SQL injection vulnerability in index.php in CommodityRentals Video ...) +CVE-2010-0690 NOT-FOR-US: CommodityRentals Video Games Rentals -CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control ...) +CVE-2010-0689 NOT-FOR-US: ActiveX -CVE-2010-0688 (Stack-based buffer overflow in Orbital Viewer 1.04 allows ...) +CVE-2010-0688 NOT-FOR-US: Orbital Viewer CVE-2010-0687 RESERVED -CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, ...) +CVE-2010-0686 NOT-FOR-US: VMware Server -CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source ...) +CVE-2010-0685 - asterisk 1:1.6.2.6-1 NOTE: Design limitation documented in that version [lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed) [squeeze] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed) -CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action ...) +CVE-2010-0684 NOT-FOR-US: Apache ActiveMQ -CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...) +CVE-2010-0683 NOT-FOR-US: TIBCO Administrator -CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...) +CVE-2010-0682 - wordpress 2.9.2-1 (low) [lenny] - wordpress <not-affected> (Only affects Wordpress >= 2.9) CVE-2010-XXXX [multiple typo issues] - typo3-src 4.3.2-1 (bug #571151) [lenny] - typo3-src 4.2.5-1+lenny3 NOTE: DSA-2008 -CVE-2010-0681 (ZeusCMS 0.2 stores sensitive information under the web root with ...) +CVE-2010-0681 NOT-FOR-US: ZeusCMS -CVE-2010-0680 (Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows ...) +CVE-2010-0680 NOT-FOR-US: ZeusCMS -CVE-2010-0679 (Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ...) +CVE-2010-0679 NOT-FOR-US: ActiveX -CVE-2010-0678 (PHP remote file inclusion vulnerability in includes/moderation.php in ...) +CVE-2010-0678 NOT-FOR-US: Katalog Stron Hurricane -CVE-2010-0677 (SQL injection vulnerability in index.php in Katalog Stron Hurricane ...) +CVE-2010-0677 NOT-FOR-US: Katalog Stron Hurricane -CVE-2010-0676 (Directory traversal vulnerability in index.php in the RWCards ...) +CVE-2010-0676 NOT-FOR-US: RWCards component for Joomla! -CVE-2010-0675 (Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik ...) +CVE-2010-0675 NOT-FOR-US: BGSvetionik BGS CMS -CVE-2010-0674 (StatCounteX 3.1 stores sensitive information under the web root with ...) +CVE-2010-0674 NOT-FOR-US: StatCounteX -CVE-2010-0673 (SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog ...) +CVE-2010-0673 NOT-FOR-US: Copperleaf Photolog plugin for WordPress -CVE-2010-0672 (SQL injection vulnerability in index.php in WSN Guest 1.02 allows ...) +CVE-2010-0672 NOT-FOR-US: WSN Guest -CVE-2010-0671 (SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS ...) +CVE-2010-0671 NOT-FOR-US: KR MEDIA Pogodny CMS -CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) ...) +CVE-2010-0670 NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component -CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly ...) +CVE-2010-0669 {DSA-2014-1} - moin 1.9.2-1 (bug #569975) -CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x ...) +CVE-2010-0668 {DSA-2014-1} - moin 1.9.2-1 (bug #569975) -CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of ...) +CVE-2010-0667 - moin 1.9.1-1 [lenny] - moin <not-affected> (versions before 1.9 are not affected) [etch] - moin <not-affected> (versions before 1.9 are not affected) NOTE: http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2 NOTE: http://hg.moinmo.in/moin/1.9/rev/04afdde50094 NOTE: http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18 -CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch ...) +CVE-2010-0666 NOT-FOR-US: Novell eDirectory -CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information under ...) +CVE-2010-0665 NOT-FOR-US: JAG -CVE-2010-0664 (Stack consumption vulnerability in the ...) +CVE-2010-0664 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-0663 (The ParamTraits<SkBitmap>::Read function in ...) +CVE-2010-0663 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-0662 (The ParamTraits<SkBitmap>::Read function in ...) +CVE-2010-0662 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before ...) +CVE-2010-0661 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (libv8 issue) NOTE: http://trac.webkit.org/changeset/52401 -CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer ...) +CVE-2010-0660 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...) +CVE-2010-0659 - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) -CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before ...) +CVE-2010-0658 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the ...) +CVE-2010-0657 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) NOTE: claimed to be a windows-only issue -CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, ...) +CVE-2010-0656 - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) -CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...) +CVE-2010-0655 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-0654 (Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, ...) +CVE-2010-0654 {DSA-2124-1 DSA-2075-1} - xulrunner 1.9.1.11-1 (bug #570743) - iceweasel 3.5.11-2 @@ -12048,417 +12048,417 @@ CVE-2010-0654 (Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, ...) [lenny] - icedove <end-of-life> - iceape 2.0.6-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0653 (Opera before 10.10 permits cross-origin loading of CSS stylesheets ...) +CVE-2010-0653 NOT-FOR-US: Opera -CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...) +CVE-2010-0652 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...) +CVE-2010-0651 - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) NOTE: http://trac.webkit.org/changeset/52784 -CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, ...) +CVE-2010-0650 - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (unimportant) NOTE: http://code.google.com/p/chromium/issues/detail?id=3275 NOTE: unimportant because this is just a popup blocker bypass -CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function ...) +CVE-2010-0649 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to ...) +CVE-2010-0648 - xulrunner <undetermined> (bug #570743) [wheezy] - xulrunner <end-of-life> (no detailed information available) -CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, ...) +CVE-2010-0647 - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (medium) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) -CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before ...) +CVE-2010-0646 - chromium-browser 5.0.375.29~r46008-1 - libv8 2.1.6-1 - webkit <not-affected> (libv8 issue) -CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...) +CVE-2010-0645 - chromium-browser 5.0.375.29~r46008-1 - libv8 2.1.6-1 - webkit <not-affected> (libv8 issue) -CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is ...) +CVE-2010-0644 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct connections to ...) +CVE-2010-0643 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...) +CVE-2010-0642 NOT-FOR-US: Cisco Collaboration Server -CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2010-0641 NOT-FOR-US: Cisco Collaboration Server -CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance ...) +CVE-2010-0640 NOT-FOR-US: CA eHealth Performance Manager -CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x before ...) +CVE-2010-0639 - squid 2.7.STABLE8-1 (bug #572553) [lenny] - squid <no-dsa> (Minor issue, only affects non-default setup) - squid3 3.1.0.17-1 (bug #572554) [lenny] - squid3 <no-dsa> (Minor issue, only affects non-default setup) -CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 ...) +CVE-2010-0638 - webcalendar <removed> (bug #572557) CVE-2010-XXXX [phpbb3 weak captcha] - phpbb3 3.0.7-PL1-1 (unimportant; bug #570011) -CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...) +CVE-2010-0634 - flex 2.5.35-1 -CVE-2010-0629 (Use-after-free vulnerability in kadmin/server/server_stubs.c in ...) +CVE-2010-0629 {DSA-2031-1} - krb5 1.7+dfsg-1 (low) NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt -CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...) +CVE-2010-0628 - krb5 1.8+dfsg-1.1 (bug #575740) [lenny] - krb5 <not-affected> (Only affects 1.7/1.8) -CVE-2010-2234 (Cross-site request forgery (CSRF) vulnerability in Apache CouchDB ...) +CVE-2010-2234 - couchdb 0.11.0-2.1 (bug #570013) [lenny] - couchdb <no-dsa> (does not support authentication at all) -CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2010-0637 - webcalendar <removed> (bug #572557) -CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) +CVE-2010-0636 - webcalendar <removed> (bug #572557) -CVE-2010-0635 (SQL injection vulnerability in the plgSearchEventsearch::onSearch ...) +CVE-2010-0635 NOT-FOR-US: JEvents Search plugin for Joomla! -CVE-2010-0633 (Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and ...) +CVE-2010-0633 NOT-FOR-US: Citrix XenServer -CVE-2010-0632 (SQL injection vulnerability in the Parkview Consultants SimpleFAQ ...) +CVE-2010-0632 NOT-FOR-US: Parkview Consultants SimpleFAQ component for Joomla! -CVE-2010-0631 (Multiple SQL injection vulnerabilities in index.php in Eicra Car ...) +CVE-2010-0631 NOT-FOR-US: Eicra Car Rental-Script -CVE-2010-0630 (SQL injection vulnerability in viewjokes.php in Evernew Free Joke ...) +CVE-2010-0630 NOT-FOR-US: Evernew Free Joke Script CVE-2010-0627 RESERVED CVE-2010-0626 RESERVED -CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP ...) +CVE-2010-0625 NOT-FOR-US: Novell NetWare -CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in ...) +CVE-2010-0624 - cpio 2.11-1 (low) - tar 1.23-1 (low) [lenny] - tar 1.20-1+lenny1 [lenny] - cpio 2.9-13lenny1 CVE-2010-0621 RESERVED -CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase ...) +CVE-2010-0620 NOT-FOR-US: EMC HomeBase Server -CVE-2010-0619 (Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode ...) +CVE-2010-0619 NOT-FOR-US: Lexmark laser printers -CVE-2010-0618 (The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode ...) +CVE-2010-0618 NOT-FOR-US: Lexmark laser and injet printers and MarkNet devices -CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI ...) +CVE-2010-0617 NOT-FOR-US: evalSMSI -CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database, which ...) +CVE-2010-0616 NOT-FOR-US: evalSMSI -CVE-2010-0615 (Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI ...) +CVE-2010-0615 NOT-FOR-US: evalSMSI -CVE-2010-0614 (SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows ...) +CVE-2010-0614 NOT-FOR-US: evalSMSI -CVE-2010-0613 (Directory traversal vulnerability in viewfile.php in ARWScripts Fonts ...) +CVE-2010-0613 NOT-FOR-US: ARWScripts Fonts Script -CVE-2010-0612 (Unspecified vulnerability in DocumentManager before 4.0 has unknown ...) +CVE-2010-0612 NOT-FOR-US: DocumentManager -CVE-2010-0611 (Multiple SQL injection vulnerabilities in adminlogin.php in Baal ...) +CVE-2010-0611 NOT-FOR-US: Baal Systems -CVE-2010-0610 (Multiple SQL injection vulnerabilities in the Photoblog ...) +CVE-2010-0610 NOT-FOR-US: Photoblog component for Joomla! -CVE-2010-0609 (SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows ...) +CVE-2010-0609 NOT-FOR-US: NovaBoard -CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows ...) +CVE-2010-0608 NOT-FOR-US: NovaBoard -CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 ...) +CVE-2010-0607 NOT-FOR-US: Sterlite SAM300 AX Router -CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket ...) +CVE-2010-0606 NOT-FOR-US: osTicket -CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 ...) +CVE-2010-0605 NOT-FOR-US: osTicket -CVE-2010-0604 (Unspecified vulnerability in the SIP implementation on the Cisco PGW ...) +CVE-2010-0604 NOT-FOR-US: Cisco PGW -CVE-2010-0603 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) +CVE-2010-0603 NOT-FOR-US: Cisco PWG -CVE-2010-0602 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) +CVE-2010-0602 NOT-FOR-US: Cisco PGW -CVE-2010-0601 (The MGCP implementation on the Cisco PGW 2200 Softswitch with software ...) +CVE-2010-0601 NOT-FOR-US: Cisco PGW -CVE-2010-0600 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...) +CVE-2010-0600 NOT-FOR-US: Cisco Mediator Framework -CVE-2010-0599 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...) +CVE-2010-0599 NOT-FOR-US: Cisco Mediator Framework -CVE-2010-0598 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...) +CVE-2010-0598 NOT-FOR-US: Cisco Mediator Framework -CVE-2010-0597 (Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before ...) +CVE-2010-0597 NOT-FOR-US: Cisco Mediator Framework -CVE-2010-0596 (Unspecified vulnerability in Cisco Mediator Framework 2.2 before ...) +CVE-2010-0596 NOT-FOR-US: Cisco Mediator Framework -CVE-2010-0595 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...) +CVE-2010-0595 NOT-FOR-US: Cisco Mediator Framework -CVE-2010-0594 (Cross-site scripting (XSS) vulnerability in Cisco Router and Security ...) +CVE-2010-0594 NOT-FOR-US: Cisco Router and Security Device Manager -CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, ...) +CVE-2010-0593 NOT-FOR-US: Cisco RVS4000 Router -CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka ...) +CVE-2010-0592 NOT-FOR-US: Cisco Unified Communications Manager -CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) +CVE-2010-0591 NOT-FOR-US: Cisco Unified Communications Manager -CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications Manager ...) +CVE-2010-0590 NOT-FOR-US: Cisco Unified Communications Manager -CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure ...) +CVE-2010-0589 NOT-FOR-US: Cisco Secure Desktop -CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) +CVE-2010-0588 NOT-FOR-US: Cisco Unified Communications Manager -CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) +CVE-2010-0587 NOT-FOR-US: Cisco Unified Communications Manager -CVE-2010-0586 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...) +CVE-2010-0586 NOT-FOR-US: Cisco IOS -CVE-2010-0585 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...) +CVE-2010-0585 NOT-FOR-US: Cisco IOS -CVE-2010-0584 (Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP ...) +CVE-2010-0584 NOT-FOR-US: Cisco IOS -CVE-2010-0583 (Memory leak in the H.323 implementation in Cisco IOS 12.1 through ...) +CVE-2010-0583 NOT-FOR-US: Cisco IOS -CVE-2010-0582 (Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote ...) +CVE-2010-0582 NOT-FOR-US: Cisco IOS -CVE-2010-0581 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 ...) +CVE-2010-0581 NOT-FOR-US: Cisco IOS -CVE-2010-0580 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 ...) +CVE-2010-0580 NOT-FOR-US: CiscoIOS -CVE-2010-0579 (The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote ...) +CVE-2010-0579 NOT-FOR-US: Cisco IOS -CVE-2010-0578 (The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 ...) +CVE-2010-0578 NOT-FOR-US: Cisco IOS -CVE-2010-0577 (Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size ...) +CVE-2010-0577 NOT-FOR-US: Cisco IOS -CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x ...) +CVE-2010-0576 NOT-FOR-US: Cisco IOS -CVE-2010-0575 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...) +CVE-2010-0575 NOT-FOR-US: Cisco WLC -CVE-2010-0574 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...) +CVE-2010-0574 NOT-FOR-US: Cisco WLC -CVE-2010-0573 (Unspecified vulnerability on the Cisco Digital Media Player before 5.2 ...) +CVE-2010-0573 NOT-FOR-US: Cisco Digital Media Player -CVE-2010-0572 (Cisco Digital Media Manager (DMM) before 5.2 allows remote ...) +CVE-2010-0572 NOT-FOR-US: Cisco Digital Media Manager -CVE-2010-0571 (Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x ...) +CVE-2010-0571 NOT-FOR-US: Cisco Digital Media Manager -CVE-2010-0570 (Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default ...) +CVE-2010-0570 NOT-FOR-US: Cisco Digital Media Manager -CVE-2010-0569 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) +CVE-2010-0569 NOT-FOR-US: Cisco -CVE-2010-0568 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) +CVE-2010-0568 NOT-FOR-US: Cisco -CVE-2010-0567 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) +CVE-2010-0567 NOT-FOR-US: Cisco -CVE-2010-0566 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) +CVE-2010-0566 NOT-FOR-US: Cisco -CVE-2010-0565 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) +CVE-2010-0565 NOT-FOR-US: Cisco CVE-2010-XXXX [multiple mod_security issues] - libapache-mod-security 2.5.12-1 (bug #569658) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455 -CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux kernel ...) +CVE-2010-0623 - linux-2.6 2.6.32-9 [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28) -CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel ...) +CVE-2010-0622 {DSA-2012-1 DSA-2005-1 DSA-2003-1} - linux-2.6 2.6.32-9 - linux-2.6.24 <removed> -CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in ...) +CVE-2010-0564 NOT-FOR-US: Trend Micro URL Filtering Engine -CVE-2010-0563 (The Single Sign-on (SSO) functionality in IBM WebSphere Application ...) +CVE-2010-0563 NOT-FOR-US: IBM WebSphere Application -CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, ...) +CVE-2010-0562 - fetchmail 6.3.13-2 (low) [lenny] - fetchmail <not-affected> (This issue was introduced in 6.3.11) [etch] - fetchmail <not-affected> (This issue was introduced in 6.3.11) NOTE: the conditions so that this is exploitable are rather obscure -CVE-2010-0561 (Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before ...) +CVE-2010-0561 NOT-FOR-US: NetBSD -CVE-2010-0560 (Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, ...) +CVE-2010-0560 NOT-FOR-US: Intel Desktop BIOS -CVE-2010-0559 (The default configuration of Oracle OpenSolaris snv_91 through snv_131 ...) +CVE-2010-0559 NOT-FOR-US: Oracle OpenSolaris -CVE-2010-0558 (The default configuration of Oracle OpenSolaris snv_77 through snv_131 ...) +CVE-2010-0558 NOT-FOR-US: Oracle OpenSolaris -CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified access ...) +CVE-2010-0557 NOT-FOR-US: IBM Cognos Express -CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 ...) +CVE-2010-0556 - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (chrome-specific issue) -CVE-2010-0555 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...) +CVE-2010-0555 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0554 (The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and ...) +CVE-2010-0554 NOT-FOR-US: Geo++ GNCASTER -CVE-2010-0553 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users ...) +CVE-2010-0553 NOT-FOR-US: Geo++ GNCASTER -CVE-2010-0552 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a ...) +CVE-2010-0552 NOT-FOR-US: Geo++ GNCASTER -CVE-2010-0551 (HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and ...) +CVE-2010-0551 NOT-FOR-US: Geo++ GNCASTER -CVE-2010-0550 (admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly ...) +CVE-2010-0550 NOT-FOR-US: Geo++ GNCASTER -CVE-2010-0549 (Unspecified vulnerability in the Network Controller in Xerox ...) +CVE-2010-0549 NOT-FOR-US: Xerox WorkCentre -CVE-2010-0548 (Multiple unspecified vulnerabilities in the Network Controller and Web ...) +CVE-2010-0548 NOT-FOR-US: Xerox WorkCentre -CVE-2010-0547 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier ...) +CVE-2010-0547 {DSA-2004-1} - samba 2:3.4.5~dfsg-2 (bug #568942; medium) -CVE-2010-0546 (Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, ...) +CVE-2010-0546 NOT-FOR-US: Apple Mac OS X -CVE-2010-0545 (The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 ...) +CVE-2010-0545 NOT-FOR-US: Apple Mac OS X -CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) +CVE-2010-0544 - webkit 1.2.1-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser <not-affected> (only Safari is affected, they have a different URL parsing implementation) NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662 NOTE: http://trac.webkit.org/changeset/58792 NOTE: http://trac.webkit.org/changeset/58796 -CVE-2010-0543 (ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows ...) +CVE-2010-0543 NOT-FOR-US: Apple Mac OS X -CVE-2010-0542 (The _WriteProlog function in texttops.c in texttops in the Text Filter ...) +CVE-2010-0542 {DSA-2176-1} - cups 1.4.4-1 -CVE-2010-0541 (Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in ...) +CVE-2010-0541 - ruby1.8 1.8.7.302-1 [lenny] - ruby1.8 <no-dsa> (Minor issue) - ruby1.9 <removed> [lenny] - ruby1.9 <no-dsa> (Minor issue) - ruby1.9.1 1.9.2.0-1 (bug #593298) -CVE-2010-0540 (Cross-site request forgery (CSRF) vulnerability in the web interface ...) +CVE-2010-0540 {DSA-2176-1} - cups 1.4.4-1 -CVE-2010-0539 (Integer signedness error in the window drawing implementation in Apple ...) +CVE-2010-0539 NOT-FOR-US: Apple Java -CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X ...) +CVE-2010-0538 NOT-FOR-US: Apple Java -CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly ...) +CVE-2010-0537 NOT-FOR-US: Apple DesktopServices -CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...) +CVE-2010-0536 NOT-FOR-US: Apple QuickTime -CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is ...) +CVE-2010-0535 - dovecot <not-affected> (Apple specific, http://marc.info/?l=oss-security&m=136546217008001&w=2) -CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the ...) +CVE-2010-0534 NOT-FOR-US: Apple Wiki Server -CVE-2010-0533 (Directory traversal vulnerability in AFP Server in Apple Mac OS X ...) +CVE-2010-0533 NOT-FOR-US: Apple AFP Server -CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1 ...) +CVE-2010-0532 NOT-FOR-US: Apple itunes -CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a denial of ...) +CVE-2010-0531 NOT-FOR-US: Apple iTunes -CVE-2010-0530 (Apple QuickTime before 7.6.9 on Windows sets weak permissions for the ...) +CVE-2010-0530 NOT-FOR-US: QuickTime -CVE-2010-0529 (Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before ...) +CVE-2010-0529 NOT-FOR-US: Apple QuickTime -CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...) +CVE-2010-0528 NOT-FOR-US: Apple Quicktime -CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows allows ...) +CVE-2010-0527 NOT-FOR-US: Apple QuickTime -CVE-2010-0526 (Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple ...) +CVE-2010-0526 NOT-FOR-US: Apple QuickTime -CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...) +CVE-2010-0525 NOT-FOR-US: Apple Mail -CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X ...) +CVE-2010-0524 - freeradius <not-affected> (Apple specific configuration issue) -CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types ...) +CVE-2010-0523 NOT-FOR-US: Apple Wiki Server -CVE-2010-0522 (Server Admin in Apple Mac OS X Server 10.5.8 does not properly ...) +CVE-2010-0522 NOT-FOR-US: Apple Server Admin -CVE-2010-0521 (Server Admin in Apple Mac OS X Server before 10.6.3 does not properly ...) +CVE-2010-0521 NOT-FOR-US: Apple Server Admin -CVE-2010-0520 (Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in ...) +CVE-2010-0520 NOT-FOR-US: Apple QuickTime -CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows ...) +CVE-2010-0519 NOT-FOR-US: Apple QuickTime -CVE-2010-0518 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to ...) +CVE-2010-0518 NOT-FOR-US: Apple QuickTime -CVE-2010-0517 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) +CVE-2010-0517 NOT-FOR-US: Apple QuickTime -CVE-2010-0516 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) +CVE-2010-0516 NOT-FOR-US: Apple QuickTime -CVE-2010-0515 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to ...) +CVE-2010-0515 NOT-FOR-US: Apple QuickTime -CVE-2010-0514 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) +CVE-2010-0514 NOT-FOR-US: Apple QuickTime -CVE-2010-0513 (Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before ...) +CVE-2010-0513 NOT-FOR-US: Apple PS Normalizer -CVE-2010-0512 (The Accounts Preferences implementation in Apple Mac OS X 10.6 before ...) +CVE-2010-0512 NOT-FOR-US: Apple Accounts Preferences -CVE-2010-0511 (Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the ...) +CVE-2010-0511 NOT-FOR-US: Apple Podcast Producer -CVE-2010-0510 (Password Server in Apple Mac OS X Server before 10.6.3 does not ...) +CVE-2010-0510 NOT-FOR-US: Apple Password Server -CVE-2010-0509 (SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local ...) +CVE-2010-0509 NOT-FOR-US: Apple SFLServer -CVE-2010-0508 (Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules ...) +CVE-2010-0508 NOT-FOR-US: Apple Mail -CVE-2010-0507 (Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows ...) +CVE-2010-0507 NOT-FOR-US: Apple Image RAW -CVE-2010-0506 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote ...) +CVE-2010-0506 NOT-FOR-US: Apple Image RAW -CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 ...) +CVE-2010-0505 NOT-FOR-US: Apple ImageIO -CVE-2010-0504 (Multiple stack-based buffer overflows in iChat Server in Apple Mac OS ...) +CVE-2010-0504 NOT-FOR-US: Apple iChat -CVE-2010-0503 (Use-after-free vulnerability in iChat Server in Apple Mac OS X Server ...) +CVE-2010-0503 NOT-FOR-US: Apple iChat -CVE-2010-0502 (iChat Server in Apple Mac OS X Server before 10.6.3, when group chat ...) +CVE-2010-0502 NOT-FOR-US: Apple iChat -CVE-2010-0501 (Directory traversal vulnerability in FTP Server in Apple Mac OS X ...) +CVE-2010-0501 NOT-FOR-US: Apple FTP Server -CVE-2010-0500 (Event Monitor in Apple Mac OS X before 10.6.3 does not properly ...) +CVE-2010-0500 NOT-FOR-US: Apple Event Monitor CVE-2010-0499 RESERVED -CVE-2010-0498 (Directory Services in Apple Mac OS X before 10.6.3 does not properly ...) +CVE-2010-0498 NOT-FOR-US: Apple Directory Services -CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the ...) +CVE-2010-0497 NOT-FOR-US: Apple Disk Images -CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for ...) +CVE-2010-0496 NOT-FOR-US: Apple iPhone OS CVE-2010-0495 REJECTED -CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, ...) +CVE-2010-0494 NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0493 REJECTED -CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet ...) +CVE-2010-0492 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...) +CVE-2010-0491 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) +CVE-2010-0490 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and ...) +CVE-2010-0489 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not ...) +CVE-2010-0488 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0487 (The Authenticode Signature verification functionality in cabview.dll ...) +CVE-2010-0487 NOT-FOR-US: Microsoft Windows -CVE-2010-0486 (The WinVerifyTrust function in Authenticode Signature Verification ...) +CVE-2010-0486 NOT-FOR-US: Microsoft Windows -CVE-2010-0485 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows ...) +CVE-2010-0485 NOT-FOR-US: Microsoft -CVE-2010-0484 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows ...) +CVE-2010-0484 NOT-FOR-US: Microsoft -CVE-2010-0483 (vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows ...) +CVE-2010-0483 NOT-FOR-US: Microsoft Windows -CVE-2010-0482 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not ...) +CVE-2010-0482 NOT-FOR-US: Microsoft Windows -CVE-2010-0481 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows ...) +CVE-2010-0481 NOT-FOR-US: Microsoft Windows -CVE-2010-0480 (Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs ...) +CVE-2010-0480 NOT-FOR-US: Microsoft Windows -CVE-2010-0479 (Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and ...) +CVE-2010-0479 NOT-FOR-US: Microsoft Windows -CVE-2010-0478 (Stack-based buffer overflow in nsum.exe in the Windows Media Unicast ...) +CVE-2010-0478 NOT-FOR-US: Microsoft Windows -CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...) +CVE-2010-0477 NOT-FOR-US: Microsoft Windows -CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, ...) +CVE-2010-0476 NOT-FOR-US: Microsoft Windows -CVE-2010-0475 (Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the ...) +CVE-2010-0475 NOT-FOR-US: Palo Alto Networks Firewall CVE-2010-0474 RESERVED @@ -12466,17 +12466,17 @@ CVE-2010-0474 - webkit 1.4.0-1 CVE-2010-0473 RESERVED -CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 ...) +CVE-2010-0472 NOT-FOR-US: IBM DB2 -CVE-2010-0471 (SQL injection vulnerability in the comment submission interface ...) +CVE-2010-0471 NOT-FOR-US: Enano CMS -CVE-2010-0470 (Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend ...) +CVE-2010-0470 NOT-FOR-US: Comtrend -CVE-2010-0469 (SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, ...) +CVE-2010-0469 NOT-FOR-US: Files2Links -CVE-2010-0468 (Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in ...) +CVE-2010-0468 NOT-FOR-US: PaperThin CommonSpot Content Server -CVE-2010-0467 (Directory traversal vulnerability in the ccNewsletter ...) +CVE-2010-0467 NOT-FOR-US: ccNewsletter component for Joomla! CVE-2010-XXXX [nautilus: file preview html script execution] - nautilus <not-affected> (proof-of-concept script is previewed as text, not executed) @@ -12489,191 +12489,191 @@ CVE-2010-XXXX [browser javascript document.write denial-of-service] - kde4libs <unfixed> (unimportant) CVE-2010-0466 RESERVED -CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents ...) +CVE-2010-0465 - sugarcrm-ce-5.0 <itp> (bug #457876) -CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser ...) +CVE-2010-0464 - roundcube 0.3.1-3 (bug #569660) -CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser ...) +CVE-2010-0463 - imp4 4.3.7+debian0-2 (low; bug #569661) [lenny] - imp4 4.2-4lenny2 -CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, ...) +CVE-2010-0462 NOT-FOR-US: IBM DB2 -CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component 1.0 ...) +CVE-2010-0461 NOT-FOR-US: Joomla! -CVE-2010-0460 (Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php ...) +CVE-2010-0460 NOT-FOR-US: Kayako SupportSuite -CVE-2010-0459 (SQL injection vulnerability in the Mochigames (com_mochigames) ...) +CVE-2010-0459 NOT-FOR-US: Joomla! -CVE-2010-0458 (Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 ...) +CVE-2010-0458 NOT-FOR-US: NetArt Media Blog System -CVE-2010-0457 (SQL injection vulnerability in home.php in magic-portal 2.1 allows ...) +CVE-2010-0457 NOT-FOR-US: magic-portal -CVE-2010-0456 (SQL injection vulnerability in the indianpulse Game Server ...) +CVE-2010-0456 NOT-FOR-US: Joomla! -CVE-2010-0455 (Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in ...) +CVE-2010-0455 NOT-FOR-US: PunBB -CVE-2010-0454 (SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in ...) +CVE-2010-0454 NOT-FOR-US: Publique! CMS -CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and ...) +CVE-2010-0453 NOT-FOR-US: Sun Solaris -CVE-2010-0452 (Multiple cross-site scripting (XSS) vulnerabilities in HP Project and ...) +CVE-2010-0452 NOT-FOR-US: HP Project and Portfolio Management Center -CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier on HP ...) +CVE-2010-0451 NOT-FOR-US: HP-UX -CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...) +CVE-2010-0450 NOT-FOR-US: HP SOA Registry Foundation -CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation ...) +CVE-2010-0449 NOT-FOR-US: HP SOA Registry Foundation -CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...) +CVE-2010-0448 NOT-FOR-US: HP SOA Registry Foundation -CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance ...) +CVE-2010-0447 NOT-FOR-US: HP OpenView Performance Insight -CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with ...) +CVE-2010-0446 NOT-FOR-US: HP DreamScreen -CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, ...) +CVE-2010-0445 NOT-FOR-US: HP Network Node Manager -CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a ...) +CVE-2010-0444 NOT-FOR-US: HP Operations Agent -CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS) before ...) +CVE-2010-0443 NOT-FOR-US: HP OpenVMS -CVE-2010-0441 (Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, ...) +CVE-2010-0441 - asterisk 1:1.6.2.2-1 [lenny] - asterisk <not-affected> (Only affects 1.6.x) [etch] - asterisk <not-affected> (Only affects 1.6.x) -CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in ...) +CVE-2010-0440 NOT-FOR-US: Cisco Secure Desktop -CVE-2010-0439 (Chip Salzenberg Deliver allows local users to cause a denial of ...) +CVE-2010-0439 - deliver <removed> -CVE-2010-0438 (Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in ...) +CVE-2010-0438 {DSA-1993-1} - otrs <not-affected> (vulnerable code not present) [etch] - otrs2 <not-affected> (vulnerable code not present) - otrs2 2.4.7-1 (medium) NOTE: http://web.archive.org/web/20111224162621/http://otrs.org/advisory/OSA-2010-01-en/ -CVE-2010-0437 (The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux ...) +CVE-2010-0437 - linux-2.6 2.6.26-9 -CVE-2010-0436 (Race condition in backend/ctrl.c in KDM in KDE Software Compilation ...) +CVE-2010-0436 {DSA-2037-1} - kdebase 4:4.0 - kdebase-workspace 4:4.4.3-1 NOTE: The binary package kdm was built from kdebase in Lenny and from kdebase-workspace NOTE: in KDE 4.x, i.e. Squeeze onwards -CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise ...) +CVE-2010-0435 {DSA-2153-1} - linux-2.6 2.6.32-29 -CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP ...) +CVE-2010-0434 {DSA-2035-1} - apache2 2.2.15-1 -CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before ...) +CVE-2010-0433 - openssl <not-affected> (Kerberos support not enabled) NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5 -CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open ...) +CVE-2010-0432 NOT-FOR-US: Apache Open For Business Project (OFBiz) -CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat ...) +CVE-2010-0431 - qemu-kvm <not-affected> (QXL support not yet present in Debian packages) - kvm <not-affected> (QXL support not yet present in Debian packages) -CVE-2010-0430 (libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization ...) +CVE-2010-0430 - spice <not-affected> (Fixed before initial upload to archive) -CVE-2010-0429 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...) +CVE-2010-0429 - spice <not-affected> (Fixed before initial upload to archive) -CVE-2010-0428 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...) +CVE-2010-0428 - spice <not-affected> (Fixed before initial upload to archive) -CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is used, ...) +CVE-2010-0427 {DSA-2006-1} - sudo 1.7.0-1 NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4 -CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a ...) +CVE-2010-0426 {DSA-2006-1} - sudo 1.7.2p1-1.2 (bug #570737) NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4 -CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server ...) +CVE-2010-0425 - apache2 <not-affected> (Windows only) -CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) ...) +CVE-2010-0424 - cron <not-affected> (vulnerability in redhat-specific changes to their cron forks; cronie and vixie-cron) -CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a ...) +CVE-2010-0423 {DSA-2038-1} - pidgin 2.6.6-1 (low) - gaim <removed> (low) [lenny] - gaim <not-affected> (gaim is a transitional dummy package only) - qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946) -CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize ...) +CVE-2010-0422 - gnome-screensaver 2.28.3-1 [lenny] - gnome-screensaver <not-affected> (Vulnerable code not present) -CVE-2010-0421 (Array index error in the hb_ot_layout_build_glyph_classes function in ...) +CVE-2010-0421 {DSA-2019-1} - pango1.0 1.26.2-1 (bug #574021) -CVE-2010-0420 (libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user ...) +CVE-2010-0420 {DSA-2038-1} - pidgin 2.6.6-1 (low) - gaim <removed> (low) [lenny] - gaim <not-affected> (gaim is a transitional dummy package only) - qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946) -CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for Symmetric ...) +CVE-2010-0419 {DSA-2010-1} - kvm <removed> -CVE-2010-0418 (The web interface in chumby one before 1.0.4 and chumby classic before ...) +CVE-2010-0418 NOT-FOR-US: Chumby device's web interface -CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and ...) +CVE-2010-0417 NOT-FOR-US: RealPlayer/Helix Player -CVE-2010-0416 (Buffer overflow in the Unescape function in common/util/hxurl.cpp and ...) +CVE-2010-0416 NOT-FOR-US: RealPlayer/Helix Player -CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel before ...) +CVE-2010-0415 {DSA-2005-1 DSA-2003-1 DSA-1996-1} - linux-2.6 2.6.32-8 - linux-2.6.24 <removed> -CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers ...) +CVE-2010-0414 - gnome-screensaver 2.28.2-1 (bug #569084) [etch] - gnome-screensaver <not-affected> (Vulnerable code not present) [lenny] - gnome-screensaver <not-affected> (Vulnerable code not present) CVE-2010-0413 RESERVED -CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of ...) +CVE-2010-0412 - systemtap 1.2-1 (bug #572560) [lenny] - systemtap <not-affected> (Server component not yet present) [etch] - systemtap <not-affected> (Server component not yet present) -CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) ...) +CVE-2010-0411 - systemtap 1.2-1 (low; bug #568809) [lenny] - systemtap <not-affected> (Vulnerable code not present) [etch] - systemtap <no-dsa> (Minor issue) NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH -CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before 2.6.32.8 ...) +CVE-2010-0410 {DSA-2005-1 DSA-2003-1 DSA-1996-1} - linux-2.6 2.6.32-8 - linux-2.6.24 <removed> NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7 -CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in ...) +CVE-2010-0409 {DSA-2082-1} - gmime2.2 2.2.25-1.1 (bug #568291) - gmime2.4 2.4.14-1+nmu1 (bug #573877) -CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp ...) +CVE-2010-0408 {DSA-2035-1} - apache2 2.2.15-1 (low) [lenny] - apache2 <no-dsa> (minor issue) NOTE: Will be fixed in s-p-u -CVE-2010-0407 (Multiple buffer overflows in the MSGFunctionDemarshall function in ...) +CVE-2010-0407 {DSA-2059-1} - pcsc-lite 1.5.4-1 -CVE-2010-0406 (OpenTTD before 1.0.1 allows remote attackers to cause a denial of ...) +CVE-2010-0406 - openttd 1.0.1-1 [lenny] - openttd 0.6.2-1+lenny2 -CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in ...) +CVE-2010-0405 {DSA-2112-1} - bzip2 1.0.5-6 - clamav 0.96.3+dfsg-1 [lenny] - clamav <end-of-life> (No longer supported in Lenny) -CVE-2010-0404 (Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before ...) +CVE-2010-0404 {DSA-2046-1} - phpgroupware 1:0.9.16.016+dfsg-1 (bug #584517) -CVE-2010-0403 (Directory traversal vulnerability in about.php in phpGroupWare (phpgw) ...) +CVE-2010-0403 {DSA-2046-1} - phpgroupware 1:0.9.16.016+dfsg-1 (bug #584518) -CVE-2010-0402 (OpenTTD before 1.0.1 does not properly validate index values of ...) +CVE-2010-0402 - openttd 1.0.1-1 [lenny] - openttd 0.6.2-1+lenny2 -CVE-2010-0401 (OpenTTD before 1.0.1 accepts a company password for authentication in ...) +CVE-2010-0401 - openttd 1.0.1-1 [lenny] - openttd 0.6.2-1+lenny2 -CVE-2010-0400 (SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows ...) +CVE-2010-0400 {DSA-2030-1} - mahara 1.2.4-1 (medium) CVE-2010-0399 @@ -12681,65 +12681,65 @@ CVE-2010-0399 CVE-2010-0398 [autokey arbitrary file overwriting via symlinks] RESERVED - autokey 0.61.3-2 -CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing ...) +CVE-2010-0397 {DSA-2018-1} - php5 5.3.2-1 (medium; bug #573573) -CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component in dpkg ...) +CVE-2010-0396 {DSA-2011-1} - dpkg 1.15.6 -CVE-2010-0395 (OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote ...) +CVE-2010-0395 {DSA-2055-1} - openoffice.org 1:3.2.1-1 (low) -CVE-2010-0394 (PyGIT.py in the Trac Git plugin (trac-git) before ...) +CVE-2010-0394 {DSA-1990-2 DSA-1990-1} - trac-git 0.0.20090320-1 (high; bug #567039) -CVE-2010-0393 (The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS ...) +CVE-2010-0393 {DSA-2007-1} - cupsys <removed> - cups 1.4.2-9.1 -CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN ...) +CVE-2010-0392 NOT-FOR-US: TheGreenBow IPSec VPN Client -CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero Technologies ...) +CVE-2010-0391 NOT-FOR-US: InterBase SMP 2009 9.0.3.437 -CVE-2010-0390 (Unrestricted file upload vulnerability in maxImageUpload/index.php in ...) +CVE-2010-0390 NOT-FOR-US: PHP F1 Max's Image Uploader -CVE-2010-0389 (The admin server in Sun Java System Web Server 7.0 Update 6 allows ...) +CVE-2010-0389 NOT-FOR-US: Sun Java System Web Server -CVE-2010-0388 (Format string vulnerability in the WebDAV implementation in webservd ...) +CVE-2010-0388 NOT-FOR-US: Sun Java System Web Server -CVE-2010-0387 (Multiple heap-based buffer overflows in (1) webservd and (2) the admin ...) +CVE-2010-0387 NOT-FOR-US: Sun Java System Web Server -CVE-2010-0386 (The default configuration of Sun Java System Application Server 7 and ...) +CVE-2010-0386 NOT-FOR-US: Sun Java System Application Server -CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when ...) +CVE-2010-0385 - tor 0.2.1.22-1 (low) [lenny] - tor <not-affected> (only affects versions > 0.2.1.6-alpha) NOTE: the CVE entry is wrong, only 0.2.1.6-alpha and up are affected NOTE: confirmed with Tor developers, Lenny is not affected -CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory ...) +CVE-2010-0384 - tor <not-affected> (only affects versions 0.2.2.x) [lenny] - tor <not-affected> (only affects versions 0.2.2.x) NOTE: does not appear to be a real vulnerability? -CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...) +CVE-2010-0383 - tor 0.2.1.22-1 (medium) [lenny] - tor 0.2.0.35-1~lenny2 (medium) -CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...) +CVE-2010-0382 {DSA-2054-1} - bind9 1:9.7.0.dfsg-1 -CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...) +CVE-2010-0381 NOT-FOR-US: PHP MySpace Gold Edition -CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows ...) +CVE-2010-0380 NOT-FOR-US: JCE-Tech PHP Calendars CVE-2010-XXXX [gmetad incorrect file permissions] - ganglia 3.1.2-3 (low; bug #567175) -CVE-2010-0442 (The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL ...) +CVE-2010-0442 {DSA-2051-1} - postgresql-7.4 <removed> - postgresql-8.1 <removed> - postgresql-8.2 <removed> - postgresql-8.3 <removed> (low; bug #567058) - postgresql-8.4 8.4.3-1 -CVE-2010-2444 (parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before ...) +CVE-2010-2444 - maradns 1.4.03-1 (low; bug #584587) [lenny] - maradns <no-dsa> (minor issue) [etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03) @@ -12753,54 +12753,54 @@ CVE-2010-XXXX [backup-manager: make sure password is not written to world-readab NOTE: checked in 0.7.9-1, but may have been fixed sooner CVE-2010-XXXX [sudosh3: many security weaknesses] - sudosh3 <removed> (high; bug #566142) -CVE-2010-0379 (Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX ...) +CVE-2010-0379 NOT-FOR-US: Macromedia Flash ActiveX -CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...) +CVE-2010-0378 NOT-FOR-US: Adobe Flash Player -CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...) +CVE-2010-0377 NOT-FOR-US: PHP MySpace Gold Edition -CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in ...) +CVE-2010-0376 NOT-FOR-US: JCE-Tech PHP Calendars -CVE-2010-0375 (SQL injection vulnerability in product_list.php in JCE-Tech PHP ...) +CVE-2010-0375 NOT-FOR-US: JCE-Tech PHP Calendars -CVE-2010-0374 (Cross-site scripting (XSS) vulnerability in the Marketplace ...) +CVE-2010-0374 NOT-FOR-US: component for Joomla! -CVE-2010-0373 (SQL injection vulnerability in the libros (com_libros) component for ...) +CVE-2010-0373 NOT-FOR-US: component for Joomla! -CVE-2010-0372 (SQL injection vulnerability in the Articlemanager (com_articlemanager) ...) +CVE-2010-0372 NOT-FOR-US: component for Joomla! -CVE-2010-0371 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2010-0371 NOT-FOR-US: Hitmaaan Gallery -CVE-2010-0370 (Cross-site scripting (XSS) vulnerability in the Node Blocks module ...) +CVE-2010-0370 NOT-FOR-US: Node Blocks module for Drupal CVE-2010-0369 RESERVED CVE-2010-0368 RESERVED -CVE-2010-0367 (Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits ...) +CVE-2010-0367 NOT-FOR-US: BitScripts Bits Video Script -CVE-2010-0366 (Multiple unrestricted file upload vulnerabilities in (1) register.php ...) +CVE-2010-0366 NOT-FOR-US: BitScripts Bits Video Script -CVE-2010-0365 (Cross-site scripting (XSS) vulnerability in search.php in BitScripts ...) +CVE-2010-0365 NOT-FOR-US: BitScripts Bits Video Script -CVE-2010-0364 (Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows ...) +CVE-2010-0364 - vlc 0.8.6.c-4.1 (low; bug #458318) NOTE: subset of CVE-2007-6681 -CVE-2010-0363 (Cross-site scripting (XSS) vulnerability in Zeus Web Server before ...) +CVE-2010-0363 NOT-FOR-US: Zeus Web Server -CVE-2010-0362 (Zeus Web Server before 4.3r5 does not use random transaction IDs for ...) +CVE-2010-0362 NOT-FOR-US: Zeus Web Server -CVE-2010-0361 (Stack-based buffer overflow in the WebDAV implementation in webservd ...) +CVE-2010-0361 NOT-FOR-US: Sun Java System Web Server -CVE-2010-0360 (Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote ...) +CVE-2010-0360 NOT-FOR-US: Sun Java System Web Server -CVE-2010-0359 (Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 ...) +CVE-2010-0359 NOT-FOR-US: Zeus Web Server -CVE-2010-0358 (Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 ...) +CVE-2010-0358 NOT-FOR-US: IBM Lotus Domino -CVE-2010-0357 (Cross-site scripting (XSS) vulnerability in the Login page in IBM ...) +CVE-2010-0357 NOT-FOR-US: IBM Lotus Web Content Management -CVE-2010-0356 (Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ...) +CVE-2010-0356 NOT-FOR-US: ActiveX CVE-2010-0355 RESERVED @@ -12812,7 +12812,7 @@ CVE-2010-0352 RESERVED CVE-2010-0351 RESERVED -CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, ...) +CVE-2010-1104 - zope3 <removed> (low) [lenny] - zope3 <no-dsa> (Minor issue) - zope2.11 <removed> @@ -12820,94 +12820,94 @@ CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8 [lenny] - zope2.10 <no-dsa> (Minor issue) - zope2.9 <removed> NOTE: https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html -CVE-2010-0350 (Directory traversal vulnerability in the Photo Book (goof_fotoboek) ...) +CVE-2010-0350 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0349 (Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 ...) +CVE-2010-0349 NOT-FOR-US: WebCalenderC3 -CVE-2010-0348 (Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and ...) +CVE-2010-0348 NOT-FOR-US: WebCalenderC3 -CVE-2010-0347 (Cross-site scripting (XSS) vulnerability in the VD / Geomap ...) +CVE-2010-0347 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0346 (Cross-site scripting (XSS) vulnerability in the Tip many friends ...) +CVE-2010-0346 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0345 (Cross-site scripting (XSS) vulnerability in the Majordomo extension ...) +CVE-2010-0345 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0344 (SQL injection vulnerability in the zak_store_management extension ...) +CVE-2010-0344 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0343 (SQL injection vulnerability in the Clan Users List (pb_clanlist) ...) +CVE-2010-0343 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0342 (SQL injection vulnerability in the Reports for Job (job_reports) ...) +CVE-2010-0342 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0341 (SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) ...) +CVE-2010-0341 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0340 (SQL injection vulnerability in the MJS Event Pro (mjseventpro) ...) +CVE-2010-0340 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0339 (SQL injection vulnerability in the User Links (vm19_userlinks) ...) +CVE-2010-0339 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0338 (SQL injection vulnerability in the TT_Products editor (ttpedit) ...) +CVE-2010-0338 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0337 (SQL injection vulnerability in the tt_news Mail alert ...) +CVE-2010-0337 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0336 (Unspecified vulnerability in the kiddog_mysqldumper ...) +CVE-2010-0336 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0335 (Cross-site scripting (XSS) vulnerability in the Vote rank for news ...) +CVE-2010-0335 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0334 (SQL injection vulnerability in the Vote rank for news ...) +CVE-2010-0334 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0333 (SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 ...) +CVE-2010-0333 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0332 (SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) ...) +CVE-2010-0332 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0331 (Cross-site scripting (XSS) vulnerability in the TV21 Talkshow ...) +CVE-2010-0331 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0330 (SQL injection vulnerability in the Googlemaps for tt_news ...) +CVE-2010-0330 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0329 (SQL injection vulnerability in the powermail extension 1.5.1 and ...) +CVE-2010-0329 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0328 (Cross-site scripting (XSS) vulnerability in the Unit Converter ...) +CVE-2010-0328 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0327 (Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox ...) +CVE-2010-0327 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0326 (Cross-site scripting (XSS) vulnerability in the Developer log (devlog) ...) +CVE-2010-0326 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0325 (Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) ...) +CVE-2010-0325 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0324 (SQL injection vulnerability in the Customer Reference List (ref_list) ...) +CVE-2010-0324 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0323 (Unspecified vulnerability in the Photo Book (goof_fotoboek) extension ...) +CVE-2010-0323 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0322 (SQL injection vulnerability in the init function in MK-AnydropdownMenu ...) +CVE-2010-0322 NOT-FOR-US: TYPO3 third party extensions -CVE-2010-0321 (Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit ...) +CVE-2010-0321 NOT-FOR-US: Jamit Job Board 3.0 -CVE-2010-0320 (Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter ...) +CVE-2010-0320 NOT-FOR-US: Glitter Central Script -CVE-2010-0319 (Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 ...) +CVE-2010-0319 NOT-FOR-US: Docmint -CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, ...) +CVE-2010-0318 - kfreebsd-6 <not-affected> (vulnerable code introduced in freebsd 7) - kfreebsd-7 7.2-10 (medium; bug #566684) [lenny] - kfreebsd-7 <no-dsa> (kfreebsd not support in Lenny) - kfreebsd-8 8.0-2 (medium) -CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial of ...) +CVE-2010-0317 NOT-FOR-US: Novell Netware -CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote ...) +CVE-2010-0316 NOT-FOR-US: Google SketchUp -CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...) +CVE-2010-0315 - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) -CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target ...) +CVE-2010-0314 - webkit 1.1.90-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 5.0.375.29~r46008-1 -CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System ...) +CVE-2010-0313 NOT-FOR-US: Sun Java System Directory Server Enterprise Edition -CVE-2010-0312 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server ...) +CVE-2010-0312 NOT-FOR-US: IBM Tivoli Directory Server -CVE-2010-0311 (Unspecified vulnerability in Sun Java System Identity Manager (aka ...) +CVE-2010-0311 NOT-FOR-US: Sun Java System Identity Manager -CVE-2010-0310 (Trusted Extensions in Sun Solaris 10 allows local users to gain ...) +CVE-2010-0310 NOT-FOR-US: Trusted Extensions in Sun Solaris 10 CVE-2010-XXXX [zend framework multiple issues] - zendframework 1.9.7-1 @@ -12915,123 +12915,123 @@ CVE-2010-XXXX [zend framework multiple issues] CVE-2010-XXXX [ZF2010-07] - zendframework 1.10.3-1 NOTE: http://framework.zend.com/security/advisory/ZF2010-07 -CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT) ...) +CVE-2010-0309 {DSA-2010-1 DSA-1996-1} - linux-2.6 2.6.32-8 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25) - kvm <removed> NOTE: http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commitdiff;h=336f40a728b9a4a5db5e1df5c89852c79ff95604 -CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...) +CVE-2010-0308 {DSA-1991-1} - squid 2.7.STABLE8-1 - squid3 3.1.0.16-1 (bug #575747) -CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel ...) +CVE-2010-0307 {DSA-1996-1} - linux-2.6 2.6.32-8 - linux-2.6.24 <removed> -CVE-2010-0306 (The x86 emulator in KVM 83, when a guest is configured for Symmetric ...) +CVE-2010-0306 {DSA-2010-1 DSA-1996-1} - linux-2.6 2.6.32-8 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25) - kvm <removed> -CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to ...) +CVE-2010-0305 {DSA-2033-1} - ejabberd 2.1.2-2 (medium; bug #568383) NOTE: https://support.process-one.net/browse/EJAB-1173 -CVE-2010-0304 (Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 ...) +CVE-2010-0304 {DSA-1983-1} - wireshark 1.2.6-1 -CVE-2010-0303 (mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 ...) +CVE-2010-0303 {DSA-1982-1} - hybserv 1.9.2-4.1 (low; bug #550389) -CVE-2010-0302 (Use-after-free vulnerability in the abstract file-descriptor handling ...) +CVE-2010-0302 - cups 1.4.2-10 (bug #572940) [lenny] - cups 1.3.8-1+lenny9 - cupsys <not-affected> (vulnerable code introduced in 1.3.x) NOTE: This is for an incomplete fix for CVE-2009-3553 -CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the -d ...) +CVE-2010-0301 {DSA-1981-1} - maildrop 2.2.0-3.1 (low; bug #564601) -CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a ...) +CVE-2010-0300 {DSA-1980-1} - ircd-ratbox 3.0.6.dfsg-1 (low; bug #567191) - ircd-hybrid 1:7.2.2.dfsg.2-6.1 (low) -CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure ...) +CVE-2010-0299 - linux-2.6 2.6.32-6 [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31) -CVE-2010-0298 (The x86 emulator in KVM 83 does not use the Current Privilege Level ...) +CVE-2010-0298 {DSA-2010-1 DSA-1996-1} - linux-2.6 2.6.32-8 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25) - kvm <removed> -CVE-2010-0297 (Buffer overflow in the usb_host_handle_control function in the USB ...) +CVE-2010-0297 - qemu-kvm 0.11.1+dfsg-1 - kvm <removed> (low) [lenny] - kvm <no-dsa> (minor issue) -CVE-2010-0296 (The encode_name macro in misc/mntent_r.c in the GNU C Library (aka ...) +CVE-2010-0296 {DSA-2058-1} - glibc 2.11-1 (bug #583908) - eglibc 2.11-1 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ab00f4eac8f4932211259ff87be83144f5211540 -CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read ...) +CVE-2010-0295 {DSA-1987-1} - lighttpd 1.4.26-1 (medium) -CVE-2010-0294 (chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a ...) +CVE-2010-0294 {DSA-1992-1} - chrony 1.23-7 (low) -CVE-2010-0293 (The client logging functionality in chronyd in Chrony before 1.23.1 ...) +CVE-2010-0293 {DSA-1992-1} - chrony 1.23-7 (low) -CVE-2010-0292 (The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony ...) +CVE-2010-0292 {DSA-1992-1} - chrony 1.23-7 (medium) -CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain privileges ...) +CVE-2010-0291 {DSA-2005-1 DSA-1996-1} - linux-2.6 2.6.32-6 -CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...) +CVE-2010-0290 {DSA-2054-1} - bind9 1:9.7.0.dfsg-1 (medium) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7 -CVE-2010-0289 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL ...) +CVE-2010-0289 {DSA-1976-1} - dokuwiki 0.0.20090214b-3.1 (low) [etch] - dokuwiki <not-affected> (Vulnerable code not present) NOTE: http://secunia.com/advisories/38205/ -CVE-2010-0288 (A typo in the administrator permission check in the ACL Manager plugin ...) +CVE-2010-0288 {DSA-1976-1} - dokuwiki 0.0.20090214b-3.1 (medium; bug #565406) [etch] - dokuwiki <not-affected> (Vulnerable code not present) NOTE: http://bugs.splitbrain.org/index.php?do=details&task_id=1847 NOTE: issue being exploited -CVE-2010-0287 (Directory traversal vulnerability in the ACL Manager plugin ...) +CVE-2010-0287 {DSA-1976-1} - dokuwiki 0.0.20090214b-3.1 (low) [etch] - dokuwiki <not-affected> (Vulnerable code not present) NOTE: http://secunia.com/advisories/38205/ -CVE-2010-0286 (Unspecified vulnerability in the OpenID Identity Authentication ...) +CVE-2010-0286 - typo3-src 4.3.1-1 (bug #567163) [lenny] - typo3-src <not-affected> (Only affects 4.3.x) NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/ -CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the ...) +CVE-2010-0285 - gnome-screensaver 2.28.3-1 (low) [lenny] - gnome-screensaver <no-dsa> (Minor issue) NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=593616 -CVE-2010-0284 (Directory traversal vulnerability in the getEntry method in the ...) +CVE-2010-0284 NOT-FOR-US: Novell Access Manager -CVE-2010-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 ...) +CVE-2010-0283 - krb5 1.8+dfsg~alpha1-7 [lenny] - krb5 <not-affected> (Only affects krb5 >= 1.7) CVE-2010-0282 RESERVED CVE-2010-0281 RESERVED -CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in ...) +CVE-2010-0280 - lib3ds 1.3.0-5 (low; bug #575741) [lenny] - lib3ds <no-dsa> (Minor issue) [etch] - lib3ds <no-dsa> (Minor issue) @@ -13042,157 +13042,157 @@ CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in NOTE: issue was published saying it affects google sketchup, NOTE: but the vulnerable code is in lib3ds NOTE: http://code.google.com/p/lib3ds/issues/detail?id=9 -CVE-2010-0279 (Unrestricted file upload vulnerability in upload.php in BTS-GI Read ...) +CVE-2010-0279 NOT-FOR-US: BTS-GI Read excel -CVE-2010-0278 (A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft ...) +CVE-2010-0278 NOT-FOR-US: ActiveX -CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, ...) +CVE-2010-0277 {DSA-2038-1} - pidgin 2.6.6-1 (low; bug #566775) - gaim <removed> (low) [lenny] - gaim <not-affected> (gaim is a transitional dummy package only) - qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946) -CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for ...) +CVE-2010-0276 NOT-FOR-US: IBM Lotus iNotes -CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) ...) +CVE-2010-0275 NOT-FOR-US: IBM Lotus iNotes -CVE-2010-0274 (Unspecified vulnerability in the Edit Contact scene in Ultra-light ...) +CVE-2010-0274 NOT-FOR-US: IBM Lotus iNotes -CVE-2010-0273 (Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 ...) +CVE-2010-0273 NOT-FOR-US: Sun Java System Web Server -CVE-2010-0272 (Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 ...) +CVE-2010-0272 NOT-FOR-US: Sun Java System Web Server -CVE-2010-0271 (hald in Sun OpenSolaris snv_51 through snv_130 does not have the ...) +CVE-2010-0271 NOT-FOR-US: hald in Sun OpenSolaris -CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...) +CVE-2010-0270 NOT-FOR-US: Microsoft Windows -CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, ...) +CVE-2010-0269 NOT-FOR-US: Microsoft Windows -CVE-2010-0268 (Unspecified vulnerability in the Windows Media Player ActiveX control ...) +CVE-2010-0268 NOT-FOR-US: Microsoft Windows -CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle ...) +CVE-2010-0267 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0266 (Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does ...) +CVE-2010-0266 NOT-FOR-US: Microsoft Office -CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, ...) +CVE-2010-0265 NOT-FOR-US: Microsoft Windows Movie Maker -CVE-2010-0264 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and ...) +CVE-2010-0264 NOT-FOR-US: Microsoft Office -CVE-2010-0263 (Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML ...) +CVE-2010-0263 NOT-FOR-US: Microsoft Office -CVE-2010-0262 (Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not ...) +CVE-2010-0262 NOT-FOR-US: Microsoft Office -CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 ...) +CVE-2010-0261 NOT-FOR-US: Microsoft Office -CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; ...) +CVE-2010-0260 NOT-FOR-US: Microsoft Office CVE-2010-0259 REJECTED -CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) +CVE-2010-0258 NOT-FOR-US: Microsoft Office -CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...) +CVE-2010-0257 NOT-FOR-US: Microsoft Office -CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...) +CVE-2010-0256 NOT-FOR-US: Microsoft Office -CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...) +CVE-2010-0255 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...) +CVE-2010-0254 NOT-FOR-US: Microsoft Office CVE-2010-0253 REJECTED -CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ...) +CVE-2010-0252 NOT-FOR-US: Microsoft Data Analyzer ActiveX control CVE-2010-0251 REJECTED -CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used ...) +CVE-2010-0250 NOT-FOR-US: Microsoft DirectX -CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, ...) +CVE-2010-0249 NOT-FOR-US: Microsoft -CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) +CVE-2010-0248 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly ...) +CVE-2010-0247 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects in ...) +CVE-2010-0246 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in ...) +CVE-2010-0245 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) +CVE-2010-0244 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 ...) +CVE-2010-0243 NOT-FOR-US: Microsoft Office XP -CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) +CVE-2010-0242 NOT-FOR-US: Microsoft Windows Vista Gold -CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) +CVE-2010-0241 NOT-FOR-US: Microsoft Windows Vista Gold -CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) +CVE-2010-0240 NOT-FOR-US: Microsoft Windows Vista Gold -CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) +CVE-2010-0239 NOT-FOR-US: Microsoft Windows Vista Gold -CVE-2010-0238 (Unspecified vulnerability in registry-key validation in the kernel in ...) +CVE-2010-0238 NOT-FOR-US: Microsoft Windows -CVE-2010-0237 (The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows ...) +CVE-2010-0237 NOT-FOR-US: Microsoft Windows -CVE-2010-0236 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) +CVE-2010-0236 NOT-FOR-US: Microsoft Windows -CVE-2010-0235 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) +CVE-2010-0235 NOT-FOR-US: Microsoft Windows -CVE-2010-0234 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) +CVE-2010-0234 NOT-FOR-US: Microsoft Windows -CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) +CVE-2010-0233 NOT-FOR-US: Microsoft Windows -CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including ...) +CVE-2010-0232 NOT-FOR-US: Microsoft Windows -CVE-2010-0231 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) +CVE-2010-0231 NOT-FOR-US: Microsoft Windows -CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures ...) +CVE-2010-0230 - postfix <not-affected> (SUSE-specific packaging issue) -CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...) +CVE-2010-0229 NOT-FOR-US: Verbatim Corporate Secure -CVE-2010-0228 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...) +CVE-2010-0228 NOT-FOR-US: Verbatim Corporate Secure -CVE-2010-0227 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...) +CVE-2010-0227 NOT-FOR-US: Verbatim Corporate Secure -CVE-2010-0226 (SanDisk Cruzer Enterprise USB flash drives do not prevent password ...) +CVE-2010-0226 NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives -CVE-2010-0225 (SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for ...) +CVE-2010-0225 NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives -CVE-2010-0224 (SanDisk Cruzer Enterprise USB flash drives validate passwords with a ...) +CVE-2010-0224 NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives -CVE-2010-0223 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...) +CVE-2010-0223 NOT-FOR-US: Kingston USB flash drives -CVE-2010-0222 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...) +CVE-2010-0222 NOT-FOR-US: Kingston USB flash drives -CVE-2010-0221 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...) +CVE-2010-0221 NOT-FOR-US: Kingston USB flash drives -CVE-2010-0220 (The nsObserverList::FillObserverArray function in ...) +CVE-2010-0220 - xulrunner <unfixed> (unimportant) NOTE: browser DoS not treated as security issue -CVE-2010-0219 (Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects ...) +CVE-2010-0219 NOT-FOR-US: SAP BusinessObjects Enterprise -CVE-2010-0218 (ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ...) +CVE-2010-0218 - bind9 <not-affected> (Only affects 9.7.2, which is not yet in the archive) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html -CVE-2010-0217 (Zeacom Chat Server before 5.1 uses too short a random string for the ...) +CVE-2010-0217 NOT-FOR-US: Zeacom Chat Server -CVE-2010-0216 (authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows ...) +CVE-2010-0216 NOT-FOR-US: MediaCAST -CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to bypass ...) +CVE-2010-0215 NOT-FOR-US: ActiveCollab -CVE-2010-0214 (The administrative interface on the PolyVision RoomWizard with ...) +CVE-2010-0214 NOT-FOR-US: PolyVision RoomWizard -CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a ...) +CVE-2010-0213 - bind9 9.7.1.dfsg.P2 [lenny] - bind9 <not-affected> (vulnerability introduced in 9.7.1) -CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of service ...) +CVE-2010-0212 {DSA-2077-1} - openldap 2.4.23-1 -CVE-2010-0211 (The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not ...) +CVE-2010-0211 {DSA-2077-1} - openldap 2.4.23-1 CVE-2010-0210 RESERVED -CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) +CVE-2010-0209 NOT-FOR-US: Adobe Flash Plugin CVE-2010-0208 RESERVED @@ -13211,60 +13211,60 @@ CVE-2010-0206 [xpdf: Invalid pointer dereference by processing JBIG2 PDF stream - poppler 0.16.3-1 (unimportant) [squeeze] - poppler 0.12.4-1.2+squeeze1 NOTE: Just a crasher, not treated as a security issue -CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before ...) +CVE-2010-0205 {DSA-2032-1} - libpng 1.2.43-1 (low; bug #572308) NOTE: http://www.kb.cert.org/vuls/id/576029 -CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) +CVE-2010-0204 NOT-FOR-US: Adobe Reader -CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) +CVE-2010-0203 NOT-FOR-US: Adobe Reader -CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) +CVE-2010-0202 NOT-FOR-US: Adobe Reader -CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) +CVE-2010-0201 NOT-FOR-US: Adobe Reader CVE-2010-0200 REJECTED -CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) +CVE-2010-0199 NOT-FOR-US: Adobe Reader -CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) +CVE-2010-0198 NOT-FOR-US: Adobe Reader -CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) +CVE-2010-0197 NOT-FOR-US: Adobe Reader -CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) +CVE-2010-0196 NOT-FOR-US: Adobe Reader -CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) +CVE-2010-0195 NOT-FOR-US: Adobe Reader -CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) +CVE-2010-0194 NOT-FOR-US: Adobe Reader -CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) +CVE-2010-0193 NOT-FOR-US: Adobe Reader -CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) +CVE-2010-0192 NOT-FOR-US: Adobe Reader -CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) +CVE-2010-0191 NOT-FOR-US: Adobe Reader -CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat ...) +CVE-2010-0190 NOT-FOR-US: Adobe Reader -CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager ...) +CVE-2010-0189 NOT-FOR-US: Adobe Download Manager -CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...) +CVE-2010-0188 NOT-FOR-US: Adobe Reader -CVE-2010-0187 (Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 ...) +CVE-2010-0187 NOT-FOR-US: Adobe Flash plugin -CVE-2010-0186 (Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, ...) +CVE-2010-0186 NOT-FOR-US: Adobe Flash plugin -CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not restrict ...) +CVE-2010-0185 NOT-FOR-US: Adobe ColdFusion -CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO ...) +CVE-2010-0184 NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent -CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots ...) +CVE-2010-0183 {DSA-2064-1} - xulrunner 1.9.1.10-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.5-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and ...) +CVE-2010-0182 {DSA-2075-1} - xulrunner 1.9.1.9-1 (low) [lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series) @@ -13274,36 +13274,36 @@ CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 an - icedove 3.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) [lenny] - icedove <end-of-life> -CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey ...) +CVE-2010-0181 - xulrunner 1.9.1.9-1 (unimportant) - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0180 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when ...) +CVE-2010-0180 - bugzilla <not-affected> (Only affects 3.5 to 3.7) -CVE-2010-0179 (Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey ...) +CVE-2010-0179 {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0178 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...) +CVE-2010-0178 {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0177 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...) +CVE-2010-0177 {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...) +CVE-2010-0176 {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 @@ -13312,7 +13312,7 @@ CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x befo - icedove 3.0.4-1 [lenny] - icedove <end-of-life> [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in ...) +CVE-2010-0175 {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 @@ -13321,7 +13321,7 @@ CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementatio - icedove 3.0.4-1 [lenny] - icedove <end-of-life> [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2010-0174 {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 @@ -13330,7 +13330,7 @@ CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Moz - icedove 3.0.4-1 [lenny] - icedove <end-of-life> [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2010-0173 - xulrunner 1.9.1.9-1 - iceweasel 3.5.11-2 [lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner) @@ -13339,11 +13339,11 @@ CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Moz [lenny] - icedove <end-of-life> [lenny] - iceape <not-affected> (Only a stub package) [lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.5) -CVE-2010-0172 (toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the ...) +CVE-2010-0172 - xulrunner <not-affected> (vulnerable code introduced in firefox 3.6) - iceape <not-affected> (vulnerable code introduced in firefox 3.6) - iceweasel <not-affected> (vulnerable code introduced in firefox 3.6) -CVE-2010-0171 (Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x ...) +CVE-2010-0171 {DSA-1999-1} - xulrunner 1.9.1.8-1 - iceweasel 3.5.11-2 @@ -13352,11 +13352,11 @@ CVE-2010-0171 (Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6. [lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs) - icedove 3.0.2-1 [lenny] - icedove <end-of-life> -CVE-2010-0170 (Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected ...) +CVE-2010-0170 - xulrunner <not-affected> (vulnerable code introduced in firefox 3.6) - iceape <not-affected> (vulnerable code introduced in firefox 3.6) - iceweasel <not-affected> (vulnerable code introduced in firefox 3.6) -CVE-2010-0169 (The CSSLoaderImpl::DoSheetComplete function in ...) +CVE-2010-0169 {DSA-1999-1} - xulrunner 1.9.1.8-1 - iceape 2.0.3-1 @@ -13365,11 +13365,11 @@ CVE-2010-0169 (The CSSLoaderImpl::DoSheetComplete function in ...) [lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs) - icedove 3.0.2-1 [lenny] - icedove <end-of-life> -CVE-2010-0168 (The nsDocument::MaybePreLoadImage function in ...) +CVE-2010-0168 - xulrunner <not-affected> (vulnerable code introduced in firefox 3.6) - iceape <not-affected> (vulnerable code introduced in firefox 3.6) - iceweasel <not-affected> (vulnerable code introduced in firefox 3.6) -CVE-2010-0167 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x ...) +CVE-2010-0167 {DSA-1999-1} - xulrunner 1.9.1.8-1 - iceweasel 3.5.11-2 @@ -13378,22 +13378,22 @@ CVE-2010-0167 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x [lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs) - icedove 3.0.2-1 [lenny] - icedove <end-of-life> -CVE-2010-0166 (The gfxTextRun::SanitizeGlyphRuns function in ...) +CVE-2010-0166 - xulrunner <not-affected> (vulnerable code introduced in firefox 3.6) - iceape <not-affected> (vulnerable code introduced in firefox 3.6) - iceweasel <not-affected> (vulnerable code introduced in firefox 3.6) -CVE-2010-0165 (The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp ...) +CVE-2010-0165 - xulrunner <not-affected> (vulnerable code introduced in firefox 3.6) - iceape <not-affected> (vulnerable code introduced in firefox 3.6) - iceweasel <not-affected> (vulnerable code introduced in firefox 3.6) -CVE-2010-0164 (Use-after-free vulnerability in the ...) +CVE-2010-0164 - xulrunner <not-affected> (vulnerable code introduced in firefox 3.6) - iceape <not-affected> (vulnerable code introduced in firefox 3.6) - iceweasel <not-affected> (vulnerable code introduced in firefox 3.6) -CVE-2010-0163 (Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 ...) +CVE-2010-0163 {DSA-2025-1} - icedove 3.0.4-1 (medium) -CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and ...) +CVE-2010-0162 {DSA-1999-1} - xulrunner 1.9.1.8-1 - iceweasel 3.5.11-2 @@ -13401,11 +13401,11 @@ CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and . [etch] - xulrunner <end-of-life> - iceape 2.0.3-1 [lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs) -CVE-2010-0161 (The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in ...) +CVE-2010-0161 - xulrunner <not-affected> (Windows-specific) - iceape <not-affected> (Windows-specific) - iceweasel <not-affected> (Windows-specific) -CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 ...) +CVE-2010-0160 - xulrunner 1.9.1.8-1 [etch] - xulrunner <not-affected> (web workers introduced in gecko 1.9.1) [lenny] - xulrunner <not-affected> (web workers introduced in gecko 1.9.1) @@ -13414,7 +13414,7 @@ CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0. - iceape 2.0.3-1 [etch] - iceape <not-affected> (web workers introduced in gecko 1.9.1) [lenny] - iceape <not-affected> (web workers introduced in gecko 1.9.1) -CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x ...) +CVE-2010-0159 {DSA-1999-1} - xulrunner 1.9.1.8-1 [etch] - xulrunner <end-of-life> @@ -13424,402 +13424,402 @@ CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5 [lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs) - icedove 3.0.2-1 [lenny] - icedove <end-of-life> -CVE-2010-0158 (** DISPUTED ** ...) +CVE-2010-0158 NOT-FOR-US: JoomlaBamboo (JB) Simpla Admin template -CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy) ...) +CVE-2010-0157 NOT-FOR-US: component for Joomla! -CVE-2010-0156 (Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local ...) +CVE-2010-0156 - puppet 0.25.4-2 [lenny] - puppet <no-dsa> (Minor issue) -CVE-2010-0155 (CRLF injection vulnerability in load.php in the Local Management ...) +CVE-2010-0155 NOT-FOR-US: IBM Proventia Network Mail Security System -CVE-2010-0154 (Directory traversal vulnerability in sla/index.php in the Local ...) +CVE-2010-0154 NOT-FOR-US: IBM Proventia Network Mail Security System -CVE-2010-0153 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) +CVE-2010-0153 NOT-FOR-US: IBM Proventia Network Mail Security System -CVE-2010-0152 (Multiple cross-site scripting (XSS) vulnerabilities in the Local ...) +CVE-2010-0152 NOT-FOR-US: IBM Proventia Network Mail Security System -CVE-2010-0151 (The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used ...) +CVE-2010-0151 NOT-FOR-US: Cisco -CVE-2010-0150 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) +CVE-2010-0150 NOT-FOR-US: Cisco -CVE-2010-0149 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) +CVE-2010-0149 NOT-FOR-US: Cisco -CVE-2010-0148 (Unspecified vulnerability in Cisco Security Agent 5.2 before ...) +CVE-2010-0148 NOT-FOR-US: Cisco Security Agent -CVE-2010-0147 (SQL injection vulnerability in the Management Center for Cisco ...) +CVE-2010-0147 NOT-FOR-US: Cisco -CVE-2010-0146 (Directory traversal vulnerability in the Management Center for Cisco ...) +CVE-2010-0146 NOT-FOR-US: Cisco -CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco ...) +CVE-2010-0145 NOT-FOR-US: Cisco IronPort Encryption Appliance -CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the ...) +CVE-2010-0144 NOT-FOR-US: Cisco IronPort Encryption Appliance -CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the ...) +CVE-2010-0143 NOT-FOR-US: Cisco IronPort Encryption Appliance -CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...) +CVE-2010-0142 NOT-FOR-US: Cisco Unified MeetingPlace -CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...) +CVE-2010-0141 NOT-FOR-US: Cisco Unified MeetingPlace -CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco ...) +CVE-2010-0140 NOT-FOR-US: Cisco Unified MeetingPlace -CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before ...) +CVE-2010-0139 NOT-FOR-US: Cisco Unified MeetingPlace -CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor ...) +CVE-2010-0138 NOT-FOR-US: Cisco CiscoWorks Internetwork Performance Monitor -CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in the SSH ...) +CVE-2010-0137 NOT-FOR-US: Cisco IOS XR -CVE-2010-0136 (OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce ...) +CVE-2010-0136 {DSA-1995-1} - openoffice.org 1:3.1.1-11 -CVE-2010-0135 (Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), ...) +CVE-2010-0135 NOT-FOR-US: WordPerfect reader on Windows -CVE-2010-0134 (Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and ...) +CVE-2010-0134 NOT-FOR-US: Autonomy KeyView -CVE-2010-0133 (Multiple stack-based buffer overflows in the SpreadSheet Lotus 123 ...) +CVE-2010-0133 NOT-FOR-US: SpreadSheet Lotus 123 reader -CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 ...) +CVE-2010-0132 - viewvc 1.1.5-1 (bug #576307) -CVE-2010-0131 (Stack-based buffer overflow in the SpreadSheet Lotus 123 reader ...) +CVE-2010-0131 NOT-FOR-US: SpreadSheet Lotus 123 reader -CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might ...) +CVE-2010-0130 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 ...) +CVE-2010-0129 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player ...) +CVE-2010-0128 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ...) +CVE-2010-0127 NOT-FOR-US: Adobe Shockwave Player -CVE-2010-0126 (Heap-based buffer overflow in an unspecified library in Autonomy ...) +CVE-2010-0126 NOT-FOR-US: Autonomy KeyView -CVE-2010-0125 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through ...) +CVE-2010-0125 NOT-FOR-US: RealPlayer -CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on the ...) +CVE-2010-0124 NOT-FOR-US: Employee Timeclock Software -CVE-2010-0123 (The database backup implementation in Employee Timeclock Software 0.99 ...) +CVE-2010-0123 NOT-FOR-US: Employee Timeclock Software -CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock Software ...) +CVE-2010-0122 NOT-FOR-US: Employee Timeclock Software -CVE-2010-0121 (The cook codec in RealNetworks RealPlayer 11.0 through 11.1, ...) +CVE-2010-0121 NOT-FOR-US: RealPlayer -CVE-2010-0120 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) +CVE-2010-0120 NOT-FOR-US: RealPlayer -CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, ...) +CVE-2010-0119 NOT-FOR-US: Bournal -CVE-2010-0118 (Bournal before 1.4.1 allows local users to overwrite arbitrary files ...) +CVE-2010-0118 NOT-FOR-US: Bournal -CVE-2010-0117 (RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 ...) +CVE-2010-0117 NOT-FOR-US: RealPlayer -CVE-2010-0116 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and ...) +CVE-2010-0116 NOT-FOR-US: RealPlayer -CVE-2010-0115 (SQL injection vulnerability in login.php in the GUI management console ...) +CVE-2010-0115 NOT-FOR-US: Symantec Web Gateway -CVE-2010-0114 (fw_charts.php in the reporting module in the Manager (aka SEPM) ...) +CVE-2010-0114 NOT-FOR-US: Symantec Endpoint Protection -CVE-2010-0113 (The Symantec Norton Mobile Security application 1.0 Beta for Android ...) +CVE-2010-0113 NOT-FOR-US: Symantec Norton Mobile Security application 1.0 -CVE-2010-0112 (Multiple SQL injection vulnerabilities in the Administrative Interface ...) +CVE-2010-0112 NOT-FOR-US: Symantec IM Manager -CVE-2010-0111 (HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel ...) +CVE-2010-0111 NOT-FOR-US: Symantec Intel Alert Handler -CVE-2010-0110 (Multiple stack-based buffer overflows in Intel Alert Management System ...) +CVE-2010-0110 NOT-FOR-US: Symantec Intel Alert Handler -CVE-2010-0109 (DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 ...) +CVE-2010-0109 NOT-FOR-US: Symantec -CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the ...) +CVE-2010-0108 NOT-FOR-US: Symantec AntiVirus -CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 ...) +CVE-2010-0107 NOT-FOR-US: Symantec -CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before ...) +CVE-2010-0106 NOT-FOR-US: Symantec AntiVirus -CVE-2010-0105 (The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before ...) +CVE-2010-0105 NOT-FOR-US: Apple hfs implementation -CVE-2010-0104 (Unspecified vulnerability in the Broadcom Integrated NIC Management ...) +CVE-2010-0104 NOT-FOR-US: Broadcom Integrated NIC Management Firmware -CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger software ...) +CVE-2010-0103 NOT-FOR-US: Energizer DUO USB Battery Charger Software CVE-2010-0102 RESERVED -CVE-2010-0101 (The embedded HTTP server in multiple Lexmark laser and inkjet printers ...) +CVE-2010-0101 NOT-FOR-US: Lexmark printers and MarkNet devices CVE-2010-0100 RESERVED CVE-2010-0099 REJECTED -CVE-2010-0098 (ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z ...) +CVE-2010-0098 - clamav 0.96+dfsg-1 [lenny] - clamav <end-of-life> (No longer supported in Lenny) -CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...) +CVE-2010-0097 {DSA-2054-1} - bind9 1:9.7.0.dfsg-1 CVE-2010-0096 RESERVED -CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-0095 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-0094 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-0093 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-0092 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-0091 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) +CVE-2010-0090 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) +CVE-2010-0089 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-0088 - openjdk-6 6b18-1.8-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0087 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) +CVE-2010-0087 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) +CVE-2010-0086 NOT-FOR-US: Oracle Fusion Middleware -CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-0085 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in ...) +CVE-2010-0084 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0083 (Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows ...) +CVE-2010-0083 NOT-FOR-US: Solaris -CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle ...) +CVE-2010-0082 - openjdk-6 6b17-1 - sun-java6 6.19-1 [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-0081 (Unspecified vulnerability in the Application Server Control component ...) +CVE-2010-0081 NOT-FOR-US: Oracle Fusion -CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile ...) +CVE-2010-0080 NOT-FOR-US: PeopleSoft Enterprise HCM -CVE-2010-0079 (Multiple vulnerabilities in the JRockit component in BEA Product Suite ...) +CVE-2010-0079 NOT-FOR-US: BEA Product Suite -CVE-2010-0078 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2010-0078 NOT-FOR-US: BEA Product Suite -CVE-2010-0077 (Unspecified vulnerability in the CRM Technical Foundation (mobile) ...) +CVE-2010-0077 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-0076 (Unspecified vulnerability in the Application Express Application ...) +CVE-2010-0076 NOT-FOR-US: Oracle Database -CVE-2010-0075 (Unspecified vulnerability in the Oracle HRMS (Self Service) component ...) +CVE-2010-0075 NOT-FOR-US: Oracle E-Business Suite -CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2010-0074 NOT-FOR-US: BEA Product Suite -CVE-2010-0073 (Unspecified vulnerability in the WebLogic Server in Oracle WebLogic ...) +CVE-2010-0073 NOT-FOR-US: Oracle WebLogic Server -CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component in ...) +CVE-2010-0072 NOT-FOR-US: Oracle Secure Backup -CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle Database ...) +CVE-2010-0071 NOT-FOR-US: Oracle Database -CVE-2010-0070 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) +CVE-2010-0070 NOT-FOR-US: Oracle Application Server -CVE-2010-0069 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2010-0069 NOT-FOR-US: BEA Product Suite -CVE-2010-0068 (Unspecified vulnerability in the WebLogic Server component in BEA ...) +CVE-2010-0068 NOT-FOR-US: BEA Product Suite -CVE-2010-0067 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) +CVE-2010-0067 NOT-FOR-US: Oracle Application Server -CVE-2010-0066 (Unspecified vulnerability in the Access Manager Identity Server ...) +CVE-2010-0066 NOT-FOR-US: Oracle Application Server -CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted ...) +CVE-2010-0065 NOT-FOR-US: Apple Disk Images -CVE-2010-0064 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ...) +CVE-2010-0064 NOT-FOR-US: Apple DesktopServices -CVE-2010-0063 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...) +CVE-2010-0063 NOT-FOR-US: Apple CoreTypes -CVE-2010-0062 (Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime ...) +CVE-2010-0062 NOT-FOR-US: Apple QuickTime CVE-2010-0061 RESERVED -CVE-2010-0060 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...) +CVE-2010-0060 NOT-FOR-US: Apple CoreAudio -CVE-2010-0059 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...) +CVE-2010-0059 NOT-FOR-US: Apple CoreAudio -CVE-2010-0058 (freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update ...) +CVE-2010-0058 - clamav <not-affected> (apple-specific configuration issue) -CVE-2010-0057 (AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use ...) +CVE-2010-0057 NOT-FOR-US: Apple AFP Server -CVE-2010-0056 (Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X ...) +CVE-2010-0056 NOT-FOR-US: Apple AppKit -CVE-2010-0055 (xar in Apple Mac OS X 10.5.8 does not properly validate package ...) +CVE-2010-0055 - xar <removed> (bug #572556) [lenny] - xar <no-dsa> (Minor issue) -CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) +CVE-2010-0054 - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/53812 NOTE: http://trac.webkit.org/changeset/53813 NOTE: http://trac.webkit.org/changeset/54242 -CVE-2010-0053 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) +CVE-2010-0053 - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit <not-affected> (Vulnerable code not present) NOTE: http://trac.webkit.org/changeset/50466 -CVE-2010-0052 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) +CVE-2010-0052 - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit <not-affected> (Vulnerable code not present) NOTE: http://trac.webkit.org/changeset/51877 -CVE-2010-0051 (WebKit in Apple Safari before 4.0.5 does not properly validate the ...) +CVE-2010-0051 NOTE: http://trac.webkit.org/changeset/52784 NOTE: duplicate of CVE-2010-0651 -CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) +CVE-2010-0050 - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/52073 -CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) +CVE-2010-0049 - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/52527 -CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) +CVE-2010-0048 - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/51962 -CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) +CVE-2010-0047 - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/50698 -CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) +CVE-2010-0046 - chromium-browser 6.0.466.0~r52279-1 - webkit 1.1.90-1 (bug #574064) [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) NOTE: http://trac.webkit.org/changeset/51727 -CVE-2010-0045 (Apple Safari before 4.0.5 on Windows does not properly validate ...) +CVE-2010-0045 NOT-FOR-US: Apple Safari -CVE-2010-0044 (PubSub in Apple Safari before 4.0.5 does not properly implement use of ...) +CVE-2010-0044 NOT-FOR-US: Apple PubSub NOTE: apple's pubsub is rss-oriented and all debian packages with pubsub NOTE: components are not; hence this is very likely an issue specifically with NOTE: their own code, or their wrapper code around another PubSub library -CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...) +CVE-2010-0043 NOT-FOR-US: Apple Safari -CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...) +CVE-2010-0042 NOT-FOR-US: Apple Safari -CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...) +CVE-2010-0041 NOT-FOR-US: Apple Safari -CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, ...) +CVE-2010-0040 NOT-FOR-US: Apple Safari -CVE-2010-0039 (The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort ...) +CVE-2010-0039 NOT-FOR-US: Apple -CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for ...) +CVE-2010-0038 NOT-FOR-US: Apple iPhone OS -CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 ...) +CVE-2010-0037 NOT-FOR-US: Apple Mac OS X -CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 ...) +CVE-2010-0036 NOT-FOR-US: Apple Mac OS X -CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft Windows ...) +CVE-2010-0035 NOT-FOR-US: Microsoft Windows -CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 ...) +CVE-2010-0034 NOT-FOR-US: Microsoft Office PowerPoint -CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 ...) +CVE-2010-0033 NOT-FOR-US: Microsoft Office PowerPoint -CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 ...) +CVE-2010-0032 NOT-FOR-US: Microsoft Office PowerPoint -CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 ...) +CVE-2010-0031 NOT-FOR-US: Microsoft Office PowerPoint -CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...) +CVE-2010-0030 NOT-FOR-US: Microsoft Office PowerPoint -CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote ...) +CVE-2010-0029 NOT-FOR-US: Microsoft Office PowerPoint -CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and ...) +CVE-2010-0028 NOT-FOR-US: Microsoft Paint -CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, ...) +CVE-2010-0027 NOT-FOR-US: Microsoft Internet Explorer -CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 ...) +CVE-2010-0026 NOT-FOR-US: Microsoft Windows Server -CVE-2010-0025 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) +CVE-2010-0025 NOT-FOR-US: Microsoft Windows -CVE-2010-0024 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) +CVE-2010-0024 NOT-FOR-US: Microsoft Windows -CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...) +CVE-2010-0023 NOT-FOR-US: Microsoft Windows -CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) +CVE-2010-0022 NOT-FOR-US: Microsoft Windows -CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server ...) +CVE-2010-0021 NOT-FOR-US: Microsoft Windows Vista Gold -CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) +CVE-2010-0020 NOT-FOR-US: Microsoft Windows -CVE-2010-0019 (Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before ...) +CVE-2010-0019 NOT-FOR-US: Microsoft Silverlight on Windows -CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...) +CVE-2010-0018 NOT-FOR-US: Microsoft Windows -CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows ...) +CVE-2010-0017 NOT-FOR-US: Microsoft Windows Server -CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 ...) +CVE-2010-0016 NOT-FOR-US: Microsoft Windows -CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 ...) +CVE-2010-0015 {DSA-1973-1} - eglibc 2.10.2-4 (medium; bug #560333) - glibc 2.10.2-4 (medium) -CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the krb5 ...) +CVE-2010-0014 - sssd 1.0.5-1 -CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol plugin ...) +CVE-2010-0013 - pidgin 2.6.5-1 (medium; bug #563206) [lenny] - pidgin <not-affected> (vulnerable code not present) - gaim <not-affected> (vulnerable code not present) NOTE: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf -CVE-2010-0012 (Directory traversal vulnerability in libtransmission/metainfo.c in ...) +CVE-2010-0012 {DSA-1967-1} - transmission 1.77-1 (low) NOTE: http://trac.transmissionbt.com/changeset/9829/ NOTE: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/500625 -CVE-2010-0011 (The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes ...) +CVE-2010-0011 - uzbl 0.0.0~git.20100105-1 (medium) NOTE: http://www.uzbl.org/news.php?id=22 NOTE: maintainer is aware of it -CVE-2010-0010 (Integer overflow in the ap_proxy_send_fb function in ...) +CVE-2010-0010 - apache <removed> (low) NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server, NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse NOTE: proxy situations, the backend server is usually trusted, anyway. -CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain ...) +CVE-2010-0009 - couchdb 0.11.0-1 (bug #576304) [lenny] - couchdb <no-dsa> (Minor information leak) -CVE-2010-0008 (The sctp_rcv_ootb function in the SCTP implementation in the Linux ...) +CVE-2010-0008 - linux-2.6 2.6.23-1 -CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...) +CVE-2010-0007 {DSA-2005-1 DSA-2003-1 DSA-1996-1} - linux-2.6 2.6.32-6 - linux-2.6.24 <removed> -CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...) +CVE-2010-0006 - linux-2.6 2.6.32-6 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28) -CVE-2010-0005 (query.py in the query interface in ViewVC before 1.1.3 does not reject ...) +CVE-2010-0005 - viewvc 1.1.5-1 (bug #575777) -CVE-2010-0004 (ViewVC before 1.1.3 composes the root listing view without using the ...) +CVE-2010-0004 - viewvc 1.1.5-1 (bug #575777) -CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel ...) +CVE-2010-0003 {DSA-2005-1 DSA-1996-1} - linux-2.6 2.6.32-6 [etch] - linux-2.6 <not-affected> (does not have print-fatal-signals) - linux-2.6.24 <removed> -CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for ...) +CVE-2010-0002 - bash <not-affected> (mandriva-specific packaging issue) -CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 ...) +CVE-2010-0001 {DSA-2074-1 DSA-1974-1} - gzip 1.3.12-9 (medium; bug #566002) - linux-2.6 <not-affected> (does not include unlzw.c in its gzip code copy) |