From 8003f5feea42653e0ae931ab4a2570c8d83fd21d Mon Sep 17 00:00:00 2001 From: Stefan Behte Date: Fri, 21 Jan 2011 11:17:36 +0000 Subject: nfu, bug nrs svn path=/; revision=2220 --- data/CVE/list | 587 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 294 insertions(+), 293 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index ffe43d8..28ea497 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -89394,11 +89394,11 @@ CVE-2010-1801 (Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5 CVE-2010-1802 (libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1803 (Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify ...) - TODO: check + NOT-FOR-US: apple mac_os_x_server CVE-2010-1804 (Unspecified vulnerability in the network bridge functionality on the ...) - TODO: check + NOT-FOR-US: apple time_capsule CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 ...) - TODO: check + NOT-FOR-US: apple safari CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...) TODO: check CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2, and ...) @@ -89406,11 +89406,11 @@ CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2, and CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1809 (The Accessibility component in Apple iOS before 4.1 on the iPhone and ...) - TODO: check + NOT-FOR-US: apple iphone_os CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...) - TODO: check + NOT-FOR-US: apple iphone_os CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) - TODO: check + NOT-FOR-US: apple iphone_os CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...) TODO: check CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) @@ -89422,7 +89422,7 @@ CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on CVE-2010-1816 RESERVED CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and ...) - TODO: check + NOT-FOR-US: apple iphone_os CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple ...) NOT-FOR-US: apple quicktime CVE-2010-1819 @@ -90930,7 +90930,7 @@ CVE-2010-2567 (The RPC client implementation in Microsoft Windows XP SP2 and SP3 CVE-2010-2568 (Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2569 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher ...) - TODO: check + NOT-FOR-US: microsoft publisher CVE-2010-2570 (Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter ...) NOT-FOR-US: microsoft publisher CVE-2010-2571 (Array index error in pubconv.dll (aka the Publisher Converter DLL) in ...) @@ -91276,9 +91276,9 @@ CVE-2010-2740 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2742 (The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and ...) - TODO: check -CVE-2010-2743 - RESERVED + NOT-FOR-US: microsoft windows_server_2008 +CVE-2010-2743 (The kernel-mode drivers in Microsoft Windows XP SP3 do not properly ...) + NOT-FOR-US: wild in July CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2745 (Microsoft Windows Media Player (WMP) 9 through 12 does not properly ...) @@ -91787,11 +91787,11 @@ CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wire CVE-2010-2996 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 on ...) NOT-FOR-US: realnetworks realplayer CVE-2010-2997 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-2998 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 and ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-2999 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-3000 (Multiple integer overflows in the ParseKnownType function in ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-3001 (Unspecified vulnerability in an ActiveX control in the Internet ...) @@ -91866,7 +91866,7 @@ CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or . CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not ...) NOT-FOR-US: cisco ios_xr CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in the ...) - TODO: check + NOT-FOR-US: cisco unified_service_monitor CVE-2010-3037 (goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing ...) NOT-FOR-US: cisco unified_videoconferencing_system_5230 CVE-2010-3038 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the ...) @@ -91946,7 +91946,7 @@ CVE-2010-3074 (SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination CVE-2010-3075 (EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher ...) TODO: check CVE-2010-3076 (The filter function in php/src/include.php in Simple Management for ...) - TODO: check + NOT-FOR-US: blentz smbind CVE-2010-3077 (Cross-site scripting (XSS) vulnerability in util/icon_browser.php in ...) TODO: check CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...) @@ -92196,7 +92196,7 @@ CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote ...) NOT-FOR-US: microsoft word CVE-2010-3201 (Cross-site scripting (XSS) vulnerability in NetWin Surgemail before ...) - TODO: check + NOT-FOR-US: netwin surgemail CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 ...) NOT-FOR-US: flock CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) ...) @@ -92471,27 +92471,27 @@ CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and ...) NOT-FOR-US: microsoft office CVE-2010-3338 (The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, ...) - TODO: check + NOT-FOR-US: microsoft windows_vista CVE-2010-3339 RESERVED CVE-2010-3340 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...) - TODO: check + NOT-FOR-US: microsoft ie CVE-2010-3341 RESERVED CVE-2010-3342 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...) - TODO: check + NOT-FOR-US: microsoft ie CVE-2010-3343 (Microsoft Internet Explorer 6 does not properly handle objects in ...) - TODO: check + NOT-FOR-US: microsoft ie CVE-2010-3344 RESERVED CVE-2010-3345 (Microsoft Internet Explorer 8 does not properly handle objects in ...) - TODO: check + NOT-FOR-US: microsoft ie CVE-2010-3346 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...) - TODO: check + NOT-FOR-US: microsoft ie CVE-2010-3347 RESERVED CVE-2010-3348 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...) - TODO: check + NOT-FOR-US: microsoft ie CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the ...) TODO: check CVE-2010-3350 (bareFTP 0.3.4 places a zero-length directory name in the ...) @@ -92503,7 +92503,7 @@ CVE-2010-3352 CVE-2010-3353 (Cowbell 0.2.7.1 places a zero-length directory name in the ...) TODO: check CVE-2010-3354 (dropboxd in Dropbox 0.7.110 places a zero-length directory name in the ...) - TODO: check + NOT-FOR-US: dropbox CVE-2010-3355 (Ember 0.5.7 places a zero-length directory name in the ...) NOT-FOR-US: ember CVE-2010-3356 @@ -92686,7 +92686,7 @@ CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in ...) CVE-2010-3443 RESERVED CVE-2010-3444 (Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU ...) - TODO: check + NOT-FOR-US: kobi_zamir pyfribidi CVE-2010-3445 (Stack consumption vulnerability in the dissect_ber_unknown function in ...) TODO: check CVE-2010-3446 @@ -92786,7 +92786,7 @@ CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly handle CVE-2010-3493 (Multiple race conditions in smtpd.py in the smtpd module in Python ...) TODO: check CVE-2010-3494 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...) - TODO: check + NOT-FOR-US: g rodola pyftpdlib CVE-2010-3495 (Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) ...) TODO: check CVE-2010-3496 @@ -92808,7 +92808,7 @@ CVE-2010-3503 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris al CVE-2010-3504 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: oracle e business_suite CVE-2010-3505 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...) - TODO: check + NOT-FOR-US: oracle supply_chain_products_suite CVE-2010-3506 (Unspecified vulnerability in the Oracle Explorer (Sun Explorer) ...) NOT-FOR-US: oracle sun_products_suite CVE-2010-3507 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) @@ -92818,7 +92818,7 @@ CVE-2010-3508 (Unspecified vulnerability in Oracle Solaris 10 allows local users CVE-2010-3509 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...) NOT-FOR-US: oracle solaris CVE-2010-3510 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-3511 (Unspecified vulnerability in Oracle OpenSolaris allows local users to ...) NOT-FOR-US: oracle opensolaris CVE-2010-3512 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...) @@ -92972,33 +92972,33 @@ CVE-2010-3585 (Unspecified vulnerability in the OracleVM component in Oracle VM CVE-2010-3586 (Unspecified vulnerability in Oracle Solaris 9 allows local users to ...) TODO: check CVE-2010-3587 (Unspecified vulnerability in the Oracle Common Applications component ...) - TODO: check + NOT-FOR-US: oracle e business_suite CVE-2010-3588 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-3589 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: oracle e business_suite CVE-2010-3590 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) - TODO: check + NOT-FOR-US: oracle database_server CVE-2010-3591 (Unspecified vulnerability in the Oracle Document Capture component in ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-3592 (Unspecified vulnerability in the Oracle Document Capture component in ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-3593 (Unspecified vulnerability in the Health Sciences - Oracle Argus Safety ...) - TODO: check + NOT-FOR-US: oracle industry_applications CVE-2010-3594 (Unspecified vulnerability in the Real User Experience Insight ...) - TODO: check + NOT-FOR-US: oracle enterprise_manager_grid_control CVE-2010-3595 (Unspecified vulnerability in the Oracle Document Capture component in ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-3596 (Unspecified vulnerability in the mod_ssl component in Oracle Secure ...) - TODO: check + NOT-FOR-US: oracle secure_backup CVE-2010-3597 (Unspecified vulnerability in the Oracle Outside In Technology ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-3598 (Unspecified vulnerability in the Oracle Document Capture component in ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-3599 (Unspecified vulnerability in the Oracle Document Capture component in ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-3600 (Unspecified vulnerability in the Client System Analyzer component in ...) - TODO: check + NOT-FOR-US: oracle enterprise_manager_grid_control CVE-2010-3601 (SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows ...) NOT-FOR-US: invisionpower ibphotohost CVE-2010-3602 (Cross-site scripting (XSS) vulnerability in ProfileView.aspx in ...) @@ -93104,7 +93104,7 @@ CVE-2010-3651 CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before ...) - TODO: check + NOT-FOR-US: adobe shockwave_player CVE-2010-3654 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...) TODO: check CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player ...) @@ -93452,17 +93452,17 @@ CVE-2010-3825 CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before ...) - TODO: check + NOT-FOR-US: apple iphone_os CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle ...) - TODO: check + NOT-FOR-US: apple iphone_os CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the ...) TODO: check CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer during ...) - TODO: check + NOT-FOR-US: apple iphone_os CVE-2010-3831 (Photos in Apple iOS before 4.2 enables support for HTTP Basic ...) - TODO: check + NOT-FOR-US: apple iphone_os CVE-2010-3832 (Heap-based buffer overflow in the GSM mobility management ...) - TODO: check + NOT-FOR-US: apple iphone_os CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does ...) TODO: check CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before ...) @@ -93542,7 +93542,7 @@ CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly ha CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: mahara CVE-2010-3872 (The apr_status_t fcgid_header_bucket_read function in fcgid_bucket.c ...) - TODO: check + BUG: 344685 CVE-2010-3873 (The X.25 implementation in the Linux kernel before 2.6.36.2 does not ...) TODO: check CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in ...) @@ -93569,7 +93569,7 @@ CVE-2010-3884 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simpl NOT-FOR-US: cmsmadesimple cms_made_simple CVE-2010-3885 REJECTED - TODO: check + NOT-FOR-US: this CVE-2010-3886 (The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft ...) NOT-FOR-US: microsoft ie CVE-2010-3887 (The Limit Mail feature in the Parental Controls functionality in Mail ...) @@ -93609,7 +93609,7 @@ CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows remot CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable ...) TODO: check CVE-2010-3905 (The password reset feature in the administrator interface for ...) - TODO: check + NOT-FOR-US: eucalyptus CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier ...) TODO: check CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin in ...) @@ -93645,25 +93645,26 @@ CVE-2010-3921 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x befo CVE-2010-3922 (SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x ...) NOT-FOR-US: sixapart movabletype CVE-2010-3923 (Untrusted search path vulnerability in AttacheCase before 2.70 allows ...) - TODO: check + NOT-FOR-US: mitsu_hiro_hi_rose attachecase CVE-2010-3924 (SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows ...) - TODO: check + NOT-FOR-US: aimluck aipo CVE-2010-3925 (Contents-Mall before 15 does not properly handle passwords, which ...) - TODO: check + NOT-FOR-US: wb i contents mall CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in ...) - TODO: check + NOT-FOR-US: wb i sgx sp_final_ne CVE-2010-3927 RESERVED CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to a ...) - TODO: check + NOT-FOR-US: Ruby CVE-2010-3929 RESERVED CVE-2010-3930 RESERVED CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion ...) - TODO: check + NOT-FOR-US: multiple Rocomotion products including P board CVE-2010-3932 RESERVED + REJECTED CVE-2010-3933 (Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested ...) TODO: check CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Software ...) @@ -93673,79 +93674,79 @@ CVE-2010-3935 CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft ...) NOT-FOR-US: microsoft forefront_unified_access_gateway CVE-2010-3937 (Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote ...) - TODO: check + NOT-FOR-US: microsoft exchange_server CVE-2010-3938 RESERVED CVE-2010-3939 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-3940 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-3941 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-3942 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-3943 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-3944 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 ...) - TODO: check + NOT-FOR-US: microsoft windows_server_2008 CVE-2010-3945 (Buffer overflow in the CGM image converter in the graphics filters in ...) - TODO: check + NOT-FOR-US: microsoft office_converter_pack CVE-2010-3946 (Integer overflow in the PICT image converter in the graphics filters ...) - TODO: check + NOT-FOR-US: microsoft office_converter_pack CVE-2010-3947 (Heap-based buffer overflow in the TIFF image converter in the graphics ...) - TODO: check + NOT-FOR-US: microsoft works CVE-2010-3948 RESERVED CVE-2010-3949 (Buffer overflow in the TIFF image converter in the graphics filters in ...) - TODO: check + NOT-FOR-US: microsoft office_converter_pack CVE-2010-3950 (The TIFF image converter in the graphics filters in Microsoft Office ...) - TODO: check + NOT-FOR-US: microsoft works CVE-2010-3951 (Buffer overflow in the FlashPix image converter in the graphics ...) - TODO: check + NOT-FOR-US: microsoft office_converter_pack CVE-2010-3952 (The FlashPix image converter in the graphics filters in Microsoft ...) - TODO: check + NOT-FOR-US: microsoft office_converter_pack CVE-2010-3953 RESERVED CVE-2010-3954 (Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote ...) - TODO: check + NOT-FOR-US: microsoft publisher CVE-2010-3955 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher ...) - TODO: check + NOT-FOR-US: microsoft publisher CVE-2010-3956 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-3957 (Double free vulnerability in the OpenType Font (OTF) driver in ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-3958 RESERVED CVE-2010-3959 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-3960 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows ...) - TODO: check + NOT-FOR-US: microsoft windows_server_2008 CVE-2010-3961 (The Consent User Interface (UI) in Microsoft Windows Vista SP1 and ...) - TODO: check + NOT-FOR-US: microsoft windows_vista CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and ...) NOT-FOR-US: microsoft ie CVE-2010-3963 (Buffer overflow in the Routing and Remote Access NDProxy component in ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-3964 (Unrestricted file upload vulnerability in the Document Conversions ...) - TODO: check + NOT-FOR-US: microsoft sharepoint_server CVE-2010-3965 (Untrusted search path vulnerability in Windows Media Encoder 9 on ...) - TODO: check + NOT-FOR-US: microsoft windows_media_encoder CVE-2010-3966 (Untrusted search path vulnerability in Microsoft Windows Server 2008 ...) - TODO: check + NOT-FOR-US: microsoft windows_server_2008 CVE-2010-3967 (Untrusted search path vulnerability in Microsoft Windows Movie Maker ...) - TODO: check + NOT-FOR-US: microsoft windows_movie_maker CVE-2010-3968 RESERVED CVE-2010-3969 RESERVED CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify function ...) - TODO: check + NOT-FOR-US: microsoft ie CVE-2010-3972 (The TELNET_STREAM_CONTEXT::OnSendData function in the FTP protocol ...) - TODO: check + NOT-FOR-US: microsoft iis CVE-2010-3973 (The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI ...) - TODO: check + NOT-FOR-US: microsoft wmi_administrative_tools CVE-2010-3974 RESERVED CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9 allows ...) @@ -93823,9 +93824,9 @@ CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple Ma CVE-2010-4011 (Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-4012 (Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later ...) - TODO: check + NOT-FOR-US: apple iphone_os CVE-2010-4013 (Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x ...) - TODO: check + NOT-FOR-US: apple mac_os_x_server CVE-2010-4014 RESERVED CVE-2010-4015 @@ -93989,7 +93990,7 @@ CVE-2010-4093 CVE-2010-4094 (The Tomcat server in IBM Rational Quality Manager and Rational Test ...) NOT-FOR-US: ibm rational_test_lab_manager CVE-2010-4095 (Directory traversal vulnerability in the FTP client in Serengeti ...) - TODO: check + NOT-FOR-US: robo ftp CVE-2010-4096 (share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local ...) NOT-FOR-US: monkeysphere_project monkeysphere CVE-2010-4097 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) @@ -94019,19 +94020,19 @@ CVE-2010-4108 (HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support CVE-2010-4109 (Cross-site scripting (XSS) vulnerability in the Contacts Application ...) NOT-FOR-US: hp palm_webos CVE-2010-4110 (Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the ...) - TODO: check + NOT-FOR-US: hp openvms CVE-2010-4111 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics ...) - TODO: check + NOT-FOR-US: hp insight_diagnostics CVE-2010-4112 (HP Insight Management Agents before 8.6 allows remote attackers to ...) - TODO: check + NOT-FOR-US: hp insight_management_agents CVE-2010-4113 (Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 ...) - TODO: check + NOT-FOR-US: hp power_manager CVE-2010-4114 (Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency ...) - TODO: check + NOT-FOR-US: hp discovery dependency_mapping_inventory CVE-2010-4115 (HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, ...) - TODO: check + NOT-FOR-US: hp storageworks_modular_smart_array_p2000_g3_firmware CVE-2010-4116 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x ...) - TODO: check + NOT-FOR-US: hp storageworks_storage_mirroring CVE-2010-4117 RESERVED CVE-2010-4118 @@ -94143,7 +94144,7 @@ CVE-2010-4170 (The staprun runtime tool in SystemTap 1.3 does not properly clear CVE-2010-4171 (The staprun runtime tool in SystemTap 1.3 does not verify that a ...) TODO: check CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager ...) - TODO: check + BUG: 329937 CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...) NOT-FOR-US: openfabrics libsdp CVE-2010-4174 @@ -94151,13 +94152,13 @@ CVE-2010-4174 CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) ...) TODO: check CVE-2010-4176 (plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 ...) - TODO: check + NOT-FOR-US: Fedora only CVE-2010-4177 RESERVED CVE-2010-4178 RESERVED CVE-2010-4179 (The installation documentation for Red Hat Enterprise Messaging, ...) - TODO: check + NOT-FOR-US: redhat enterprise_mrg CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when ...) TODO: check CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...) @@ -94200,7 +94201,7 @@ CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast TODO: check CVE-2010-4200 REJECTED - TODO: check + NOT-FOR-US: this CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...) TODO: check CVE-2010-4202 (Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux ...) @@ -94324,7 +94325,7 @@ CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in Cla CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...) TODO: check CVE-2010-4262 (Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote ...) - TODO: check + BUG: 348344 CVE-2010-4263 (The igb_receive_skb function in drivers/net/igb/igb_main.c in the ...) TODO: check CVE-2010-4264 @@ -94334,7 +94335,7 @@ CVE-2010-4265 (The ...) CVE-2010-4266 RESERVED CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in ...) - TODO: check + BUG: 352085 CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall ...) NOT-FOR-US: pulseinfotech com_flipwall CVE-2010-4269 (SQL injection vulnerability in managechat.php in Collabtive 0.65 ...) @@ -94350,11 +94351,11 @@ CVE-2010-4273 (SQL injection vulnerability in imoveis.php in DescargarVista ACC CVE-2010-4274 (reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 ...) NOT-FOR-US: ibm director_agent CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager ...) - TODO: check + NOT-FOR-US: dmasoftlab radius_manager CVE-2010-4276 (Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid ...) - TODO: check + NOT-FOR-US: livezilla CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...) - TODO: check + NOT-FOR-US: jovelstefan embedded video CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows ...) NOT-FOR-US: pandora CVE-2010-4279 (The default configuration of Pandora FMS 3.1 and earlier specifies an ...) @@ -94442,13 +94443,13 @@ CVE-2010-4319 CVE-2010-4320 RESERVED CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx in ...) - TODO: check + NOT-FOR-US: novell iprint_client CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell ...) - TODO: check + NOT-FOR-US: novell vibe_onprem CVE-2010-4323 RESERVED CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the ...) - TODO: check + NOT-FOR-US: novell identity_manager_roles_based_provisioning_module CVE-2010-4325 RESERVED CVE-2010-4326 @@ -94462,11 +94463,11 @@ CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse ...) NOT-FOR-US: pulsecms pulse_cms CVE-2010-4331 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 ...) - TODO: check + NOT-FOR-US: Seo Panel CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: pangramsoft pointter_php_content_management_system CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers ...) - TODO: check + NOT-FOR-US: pangramsoft pointter_php_micro blogging_social_network CVE-2010-4334 (IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, ...) TODO: check CVE-2010-4335 (The _validatePost function in libs/controller/components/security.php ...) @@ -94474,11 +94475,11 @@ CVE-2010-4335 (The _validatePost function in libs/controller/components/security CVE-2010-4336 (The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd ...) TODO: check CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to overwrite ...) - TODO: check + BUG: 351724 CVE-2010-4338 (ocrodjvu 0.4.6-1 on Debian GNU/Linux, when using Cuneiform as the OCR ...) - TODO: check + NOT-FOR-US: ocrodjvu CVE-2010-4339 (Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows ...) - TODO: check + NOT-FOR-US: hypermail project hypermail CVE-2010-4340 TODO: check CVE-2010-4341 @@ -94502,7 +94503,7 @@ CVE-2010-4349 (admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remo CVE-2010-4350 (Directory traversal vulnerability in admin/upgrade_unattended.php in ...) TODO: check CVE-2010-4351 (The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 ...) - TODO: check + BUG: 352035 CVE-2010-4352 (Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 ...) TODO: check CVE-2010-4353 @@ -94550,51 +94551,51 @@ CVE-2010-4373 (The in_mp4 plugin in Winamp before 5.6 allows remote attackers to CVE-2010-4374 (The in_mkv plugin in Winamp before 5.6 allows remote attackers to ...) NOT-FOR-US: nullsoft winamp CVE-2010-4375 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer CVE-2010-4376 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4377 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4378 (The drv2.dll (aka RV20 decompression) module in RealNetworks ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4379 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4380 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4381 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4382 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4383 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4384 (Array index error in RealNetworks RealPlayer 11.0 through 11.1, ...) - TODO: check + NOT-FOR-US: realnetworks realplayer CVE-2010-4385 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4386 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4387 (The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4388 (The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4389 (Heap-based buffer overflow in the cook codec in RealNetworks ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4390 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4391 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4392 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4393 RESERVED CVE-2010-4394 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4395 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4396 (Cross-zone scripting vulnerability in the HandleAction method in a ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4397 (Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer ...) - TODO: check + NOT-FOR-US: realnetworks realplayer_sp CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in ...) NOT-FOR-US: microsoft windows_xp CVE-2010-4399 (Directory traversal vulnerability in languages.inc.php in DynPG CMS ...) @@ -94626,79 +94627,79 @@ CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remot CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta ...) NOT-FOR-US: bsdperimeter pfsense CVE-2010-4413 (Unspecified vulnerability in the Scheduler Agent component in Oracle ...) - TODO: check + NOT-FOR-US: oracle database_server CVE-2010-4414 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local ...) TODO: check CVE-2010-4415 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4416 (Unspecified vulnerability in the Oracle GoldenGate Veridata component ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-4417 (Unspecified vulnerability in the Services for Beehive component in ...) - TODO: check + NOT-FOR-US: oracle beehive CVE-2010-4418 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_enterprise CVE-2010-4419 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-4420 (Unspecified vulnerability in the Database Vault component in Oracle ...) - TODO: check + NOT-FOR-US: oracle database_server CVE-2010-4421 (Unspecified vulnerability in the Database Vault component in Oracle ...) - TODO: check + NOT-FOR-US: oracle database_server CVE-2010-4422 RESERVED CVE-2010-4423 (Unspecified vulnerability in the Cluster Verify Utility component in ...) - TODO: check + NOT-FOR-US: oracle database_server CVE-2010-4424 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_enterprise CVE-2010-4425 (Unspecified vulnerability in the Oracle BI Publisher component in ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-4426 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_enterprise CVE-2010-4427 (Unspecified vulnerability in the Oracle BI Publisher component in ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-4428 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-4429 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...) - TODO: check + NOT-FOR-US: oracle supply_chain_products_suite CVE-2010-4430 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-4431 (Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 ...) - TODO: check + NOT-FOR-US: sun java_system_portal_server CVE-2010-4432 (Unspecified vulnerability in the Oracle Transportation Manager ...) - TODO: check + NOT-FOR-US: oracle supply_chain_products_suite CVE-2010-4433 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4434 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_enterprise CVE-2010-4435 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4436 (Unspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0 ...) - TODO: check + NOT-FOR-US: oracle sunmc CVE-2010-4437 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-4438 (Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, ...) - TODO: check + NOT-FOR-US: oracle sun_glassfish_enterprise_server CVE-2010-4439 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-4440 (Unspecified vulnerability in Oracle 10 and 11 Express allows local ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4441 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-4442 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4443 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4444 (Unspecified vulnerability in Oracle Sun Java System Access Manager and ...) - TODO: check + NOT-FOR-US: sun java_system_access_manager CVE-2010-4445 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-4446 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4447 RESERVED CVE-2010-4448 RESERVED CVE-2010-4449 (Unspecified vulnerability in the Audit Vault component in Oracle Audit ...) - TODO: check + NOT-FOR-US: oracle audit_vault CVE-2010-4450 RESERVED CVE-2010-4451 @@ -94706,29 +94707,29 @@ CVE-2010-4451 CVE-2010-4452 RESERVED CVE-2010-4453 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) - TODO: check + NOT-FOR-US: oracle weblogic_server CVE-2010-4454 RESERVED CVE-2010-4455 (Unspecified vulnerability in the Oracle HTTP Server component in ...) - TODO: check + NOT-FOR-US: oracle fusion_middleware CVE-2010-4456 (Unspecified vulnerability in Oracle Sun Java System Communications ...) TODO: check CVE-2010-4457 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4458 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4459 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4460 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...) - TODO: check + NOT-FOR-US: sunos CVE-2010-4461 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-4462 RESERVED CVE-2010-4463 RESERVED CVE-2010-4464 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote ...) - TODO: check + NOT-FOR-US: oracle sun_convergence CVE-2010-4465 RESERVED CVE-2010-4466 @@ -94792,18 +94793,18 @@ CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as CVE-2010-4495 (Unspecified vulnerability in the ActiveMatrix Runtime component in ...) TODO: check CVE-2010-4496 (Multiple SQL injection vulnerabilities in Collaborative Information ...) - TODO: check + NOT-FOR-US: tibco collaborative_information_manager CVE-2010-4497 (Cross-site scripting (XSS) vulnerability in Collaborative Information ...) - TODO: check + NOT-FOR-US: tibco collaborative_information_manager CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager server, ...) - TODO: check + NOT-FOR-US: tibco collaborative_information_manager CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager ...) - TODO: check + NOT-FOR-US: tibco collaborative_information_manager CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...) NOT-FOR-US: mrcgiguy freeticket CVE-2010-4501 REJECTED - TODO: check + NOT-FOR-US: this CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite ...) NOT-FOR-US: ca internet_security_suite_plus_2010 CVE-2010-4503 (SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows ...) @@ -94815,14 +94816,14 @@ CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader 2. CVE-2010-4506 RESERVED CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) - TODO: check + NOT-FOR-US: clear ispot CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 ...) TODO: check CVE-2010-4509 (Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 ...) NOT-FOR-US: sixapart movabletype CVE-2010-4510 REJECTED - TODO: check + NOT-FOR-US: this CVE-2010-4511 (Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x ...) NOT-FOR-US: sixapart movabletype CVE-2010-4512 (Cobbler before 2.0.4 uses an incorrect umask value, which allows local ...) @@ -94840,17 +94841,17 @@ CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeaut CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: wobeo wp safe search CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: earl_miles views CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...) - TODO: check + NOT-FOR-US: earl_miles views CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...) - TODO: check + NOT-FOR-US: earl_miles views CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...) - TODO: check + NOT-FOR-US: mybb CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 ...) - TODO: check + BUG: 349567 CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in ...) - TODO: check + BUG: 349563 CVE-2010-4525 (Linux kernel 2.6.33 and 2.6.34.y does not initialize the ...) TODO: check CVE-2010-4526 (Race condition in the sctp_icmp_proto_unreachable function in ...) @@ -94862,9 +94863,9 @@ CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 throug CVE-2010-4529 (Integer underflow in the irda_getsockopt function in ...) TODO: check CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart ...) - TODO: check + BUG: 349559 CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the ...) - TODO: check + BUG: 349561 CVE-2010-4532 RESERVED CVE-2010-4533 @@ -94876,7 +94877,7 @@ CVE-2010-4535 (The password reset functionality in django.contrib.auth in Django CVE-2010-4536 (Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used ...) TODO: check CVE-2010-4537 (Unspecified vulnerability in CrawlTrack before 3.2.7, when a public ...) - TODO: check + NOT-FOR-US: crawltrack CVE-2010-4538 (Buffer overflow in the sect_enttec_dmx_da function in ...) TODO: check CVE-2010-4539 (The walk function in repos.c in the mod_dav_svn module for the Apache ...) @@ -94890,35 +94891,35 @@ CVE-2010-4542 (Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb . CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in ...) TODO: check CVE-2010-4544 (Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus ...) - TODO: check + NOT-FOR-US: ibm lotus_notes_traveler CVE-2010-4545 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated ...) - TODO: check + NOT-FOR-US: ibm lotus_notes_traveler CVE-2010-4546 (IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment ...) - TODO: check + NOT-FOR-US: ibm lotus_notes_traveler CVE-2010-4547 (IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain ...) - TODO: check + NOT-FOR-US: ibm lotus_notes_traveler CVE-2010-4548 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated ...) - TODO: check + NOT-FOR-US: ibm lotus_notes_traveler CVE-2010-4549 (IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device ...) - TODO: check + NOT-FOR-US: ibm lotus_notes_traveler CVE-2010-4550 (IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: ibm lotus_notes_traveler CVE-2010-4551 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated ...) - TODO: check + NOT-FOR-US: ibm lotus_notes_traveler CVE-2010-4552 (Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote ...) - TODO: check + NOT-FOR-US: ibm lotus_notes_traveler CVE-2010-4553 (An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 ...) - TODO: check + NOT-FOR-US: ibm lotus_notes_traveler CVE-2010-4554 RESERVED CVE-2010-4555 RESERVED CVE-2010-4556 (Stack-based buffer overflow in the SapThemeRepository ActiveX control ...) - TODO: check + NOT-FOR-US: sap netweaver_business_client CVE-2010-4557 (Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch ...) - TODO: check + NOT-FOR-US: invensys wonderware_inbatch CVE-2010-4558 (phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2010-4559 RESERVED CVE-2010-4560 @@ -94934,7 +94935,7 @@ CVE-2010-4564 CVE-2010-4565 (The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) ...) TODO: check CVE-2010-4566 (Unspecified vulnerability in the NT4 authentication component in ...) - TODO: check + NOT-FOR-US: citrix access_gateway CVE-2010-4567 RESERVED CVE-2010-4568 @@ -94948,7 +94949,7 @@ CVE-2010-4571 CVE-2010-4572 RESERVED CVE-2010-4573 (The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is ...) - TODO: check + NOT-FOR-US: vmware esxi CVE-2010-4574 (The Pickle::Pickle function in base/pickle.cc in Google Chrome before ...) TODO: check CVE-2010-4575 (The ThemeInstalledInfoBarDelegate::Observe function in ...) @@ -94978,115 +94979,115 @@ CVE-2010-4586 (The default configuration of Opera before 11.00 enables WebSocket CVE-2010-4587 (Opera before 11.00 on Windows does not properly implement the Insecure ...) TODO: check CVE-2010-4588 (The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI ...) - TODO: check + NOT-FOR-US: microsoft wmi_administrative_tools CVE-2010-4589 (Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote ...) - TODO: check + NOT-FOR-US: ibm enovia CVE-2010-4590 (Cross-site scripting (XSS) vulnerability in HTTP Access Services ...) - TODO: check + NOT-FOR-US: ibm lotus_mobile_connect CVE-2010-4591 (The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, ...) - TODO: check + NOT-FOR-US: ibm lotus_mobile_connect CVE-2010-4592 (The Mobile Network Connections functionality in the Connection Manager ...) - TODO: check + NOT-FOR-US: ibm lotus_mobile_connect CVE-2010-4593 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does ...) - TODO: check + NOT-FOR-US: ibm lotus_mobile_connect CVE-2010-4594 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when ...) - TODO: check + NOT-FOR-US: ibm lotus_mobile_connect CVE-2010-4595 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 ...) - TODO: check + NOT-FOR-US: ibm lotus_mobile_connect CVE-2010-4596 RESERVED CVE-2010-4597 (Stack-based buffer overflow in the save method in the ...) - TODO: check + NOT-FOR-US: ecava integraxor CVE-2010-4598 (Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and ...) - TODO: check + NOT-FOR-US: ecava integraxor CVE-2010-4599 (Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 ...) - TODO: check + NOT-FOR-US: ecava integraxor CVE-2010-4600 (Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest ...) - TODO: check + NOT-FOR-US: ibm rational_clearquest CVE-2010-4601 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x ...) - TODO: check + NOT-FOR-US: ibm rational_clearquest CVE-2010-4602 (The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and ...) - TODO: check + NOT-FOR-US: ibm rational_clearquest CVE-2010-4603 (IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, ...) - TODO: check + NOT-FOR-US: ibm rational_clearquest CVE-2010-4604 (Stack-based buffer overflow in the GeneratePassword function in dsmtca ...) - TODO: check + NOT-FOR-US: ibm tivoli_storage_manager CVE-2010-4605 (Unspecified vulnerability in the backup-archive client in IBM Tivoli ...) - TODO: check + NOT-FOR-US: ibm tivoli_storage_manager CVE-2010-4606 (Unspecified vulnerability in the Space Management client in the ...) - TODO: check + NOT-FOR-US: ibm tivoli_storage_manager CVE-2010-4607 (Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, ...) - TODO: check + NOT-FOR-US: habariproject habari CVE-2010-4608 (Habari 0.6.5 allows remote attackers to obtain sensitive information ...) - TODO: check + NOT-FOR-US: habariproject habari CVE-2010-4609 (SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows ...) - TODO: check + NOT-FOR-US: html edit_cms CVE-2010-4610 (Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS ...) - TODO: check + NOT-FOR-US: html edit_cms CVE-2010-4611 (Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: html edit_cms CVE-2010-4612 (Multiple SQL injection vulnerabilities in index.php in Hycus CMS ...) - TODO: check + NOT-FOR-US: hycus_cms CVE-2010-4613 (Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow ...) - TODO: check + NOT-FOR-US: hycus_cms CVE-2010-4614 (SQL injection vulnerability in item.php in Ero Auktion 2010 allows ...) - TODO: check + NOT-FOR-US: mhproducts ero_auktion CVE-2010-4615 (Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow ...) - TODO: check + NOT-FOR-US: iskenderaltuntas oto_galeri_sistemi CVE-2010-4616 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: impresscms CVE-2010-4617 (Directory traversal vulnerability in the JotLoader (com_jotloader) ...) - TODO: check + NOT-FOR-US: kanich com_jotloader CVE-2010-4618 (Cross-site scripting (XSS) vulnerability in the Algis Info ...) - TODO: check + NOT-FOR-US: algisinfo aicontactsafe CVE-2010-4619 (SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka ...) - TODO: check + NOT-FOR-US: webscripti mafya_oyun_scrpti CVE-2010-4620 RESERVED CVE-2010-4621 RESERVED CVE-2010-4622 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...) - TODO: check + NOT-FOR-US: ibm tivoli_access_manager_for_e business CVE-2010-4623 (WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before ...) - TODO: check + NOT-FOR-US: ibm tivoli_access_manager_for_e business CVE-2010-4624 (MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated ...) - TODO: check + NOT-FOR-US: mybb CVE-2010-4625 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a ...) - TODO: check + NOT-FOR-US: mybb CVE-2010-4626 (The my_rand function in functions.php in MyBB (aka MyBulletinBoard) ...) - TODO: check + NOT-FOR-US: mybb CVE-2010-4627 (Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB ...) - TODO: check + NOT-FOR-US: mybb CVE-2010-4628 (member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain ...) - TODO: check + NOT-FOR-US: mybb CVE-2010-4629 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict ...) - TODO: check + NOT-FOR-US: mybb CVE-2010-4630 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: fubra wp survey and quiz tool CVE-2010-4631 (Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot ...) - TODO: check + NOT-FOR-US: pilotcart pilot_cart CVE-2010-4632 (Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow ...) - TODO: check + NOT-FOR-US: pilotcart pilot_cart CVE-2010-4633 (SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows ...) - TODO: check + NOT-FOR-US: sumeffect digishop CVE-2010-4634 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: osticket CVE-2010-4635 (SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental ...) - TODO: check + NOT-FOR-US: site2nite vacation_rental_listings CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business ...) - TODO: check + NOT-FOR-US: site2nite business_e listings CVE-2010-4637 (Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php ...) - TODO: check + NOT-FOR-US: finalcut feedlist CVE-2010-4638 (SQL injection vulnerability in the submitSurvey function in ...) - TODO: check + NOT-FOR-US: iptechinside com_jquarks4s CVE-2010-4639 (SQL injection vulnerability in index.php in MySource Matrix allows ...) - TODO: check + NOT-FOR-US: intendance mysource_matrix CVE-2010-4640 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 ...) - TODO: check + NOT-FOR-US: xwiki_watch CVE-2010-4641 (SQL injection vulnerability in XWiki Enterprise before 2.5 allows ...) - TODO: check + NOT-FOR-US: xwiki CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise before ...) - TODO: check + NOT-FOR-US: xwiki CVE-2010-4643 RESERVED CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...) @@ -95094,7 +95095,7 @@ CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1 CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...) TODO: check CVE-2010-4646 (Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 ...) - TODO: check + NOT-FOR-US: hastymail2 CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...) TODO: check CVE-2010-4648 @@ -95140,59 +95141,59 @@ CVE-2010-4667 CVE-2010-4668 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux ...) TODO: check CVE-2010-4669 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) - TODO: check + NOT-FOR-US: microsoft windows_xp CVE-2010-4670 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) - TODO: check + NOT-FOR-US: cisco pix_security_appliance CVE-2010-4671 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) - TODO: check + NOT-FOR-US: cisco ios CVE-2010-4672 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4673 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4674 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4675 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4676 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4677 (emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4678 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4679 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4680 (The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4681 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4682 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4683 (Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote ...) - TODO: check + NOT-FOR-US: cisco ios CVE-2010-4684 (Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, ...) - TODO: check + NOT-FOR-US: cisco ios CVE-2010-4685 (Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a ...) - TODO: check + NOT-FOR-US: cisco ios CVE-2010-4686 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not ...) - TODO: check + NOT-FOR-US: cisco ios CVE-2010-4687 (STCAPP (aka the SCCP telephony control application) on Cisco IOS ...) - TODO: check + NOT-FOR-US: cisco ios CVE-2010-4688 (Unspecified vulnerability in the SIP inspection feature on Cisco ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4689 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4690 (The Mobile User Security (MUS) service on Cisco Adaptive Security ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4691 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) - TODO: check + NOT-FOR-US: cisco asa_5500 CVE-2010-4693 (Multiple cross-site scripting (XSS) vulnerabilities in Coppermine ...) - TODO: check + NOT-FOR-US: coppermine gallery coppermine_photo_gallery CVE-2010-4694 (Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow ...) - TODO: check + BUG: 351698 CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as ...) - TODO: check + BUG: 351698 CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...) TODO: check CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...) @@ -95204,11 +95205,11 @@ CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...) TODO: check CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function in ...) - TODO: check + NOT-FOR-US: Microsoft Windows Fax Services Cover Page Editor CVE-2010-4702 (SQL injection vulnerability in JRadio (com_jradio) component before ...) - TODO: check + NOT-FOR-US: JRadio com_jradio component CVE-2010-4703 (SQL injection vulnerability in default.asp in HotWebScripts HotWeb ...) - TODO: check + NOT-FOR-US: HotWebScripts CVE-2011-0001 RESERVED CVE-2011-0002 -- cgit v1.2.3-65-gdbad