path: root/data/CVE/2010.list

CVE-2010-5340 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5339 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5338 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5337 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5336 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admi ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5335 (IceWarp Webclient before 10.2.1 has a directory traversal vulnerabilit ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5334 (IceWarp Webclient before 10.2.1 has a directory traversal vulnerabilit ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x be ...)
	NOT-FOR-US: Integard
CVE-2010-5332 (In the Linux kernel before 2.6.37, an out of bounds array access happe ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://git.kernel.org/linus/0926f91083f34d047abc74f1ca4fa6a9c161f7db
CVE-2010-5331 (** DISPUTED ** In the Linux kernel before 2.6.34, a range check issue  ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://git.kernel.org/linus/0031c41be5c529f8329e327b63cde92ba1284842
CVE-2010-5330 (On certain Ubiquiti devices, Command Injection exists via a GET reques ...)
	NOT-FOR-US: Ubiquiti
CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2)
CVE-2010-5328 (include/linux/init_task.h in the Linux kernel before 2.6.35 does not p ...)
	- linux <not-affected> (Fixed before the src:linux-2.6 -> src:linux rename)
	- linux-2.6 2.6.37-1
CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users to exe ...)
	NOT-FOR-US: Liferay Portal
CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java platforms ...)
	NOT-FOR-US: SAP
CVE-2010-5325 (Heap-based buffer overflow in the unhtmlify function in foomatic-rip i ...)
	- foomatic-filters 4.0.5-6
	- cups-filters <not-affected> (Vulnerable code not present)
	NOTE: cups-filters 1.0.42 introduced foomatic-rip filter which already was fixed.
	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=515
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1218297
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic/foomatic-filters/revision/239 (HEAD)
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/revision/225 (4.0.x branch)
CVE-2010-5324 (Directory traversal vulnerability in UploadServlet in the Remote Manag ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2010-5323 (Directory traversal vulnerability in UploadServlet in the Remote Manag ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier a ...)
	NOT-FOR-US: ZeusCart
CVE-2010-XXXX [crash when parsing overly long links]
	- lynx-cur 2.8.8dev.4-1
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/07/2
CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the videobuf sub ...)
	- linux <unfixed> (unimportant; bug #827340)
	- linux-2.6 <removed> (unimportant)
	NOTE: Unclear, old report for Linux
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=620629#c0
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120571
CVE-2010-5320 (Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Po ...)
	NOT-FOR-US: MemHT Portal
CVE-2010-5319 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat ...)
	NOT-FOR-US: Kandidat CMS
CVE-2010-5318 (The password-reset feature in as/index.php in SweetRice CMS before 0.6 ...)
	NOT-FOR-US: SweetRice CMS
CVE-2010-5317 (Multiple SQL injection vulnerabilities in index.php in SweetRice CMS b ...)
	NOT-FOR-US: SweetRice CMS
CVE-2010-5316 (Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice  ...)
	NOT-FOR-US: SweetRice CMS
CVE-2010-5315 (Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita b ...)
	NOT-FOR-US: BEdita
CVE-2010-5314 (Cross-site scripting (XSS) vulnerability in controllers/home_controlle ...)
	NOT-FOR-US: BEdita
CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 ...)
	- linux 2.6.38-1
	- linux-2.6 2.6.38-1
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314 (v2.6.38-rc1)
CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...)
	{DSA-3249-1 DLA-258-1}
	- jqueryui 1.10.1+dfsg-1
	- owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed)
	NOTE: http://bugs.jqueryui.com/ticket/6016
	NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
CVE-2010-5311
	RESERVED
CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst]
	- riece 8.0.0-1.3 (unimportant; bug #601325)
	[squeeze] - riece <no-dsa> (Minor issue)
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2010-5310 (The Acquisition Workstation for the GE Healthcare Revolution XQ/i has  ...)
	NOT-FOR-US: GE Healthcare Revolution XQ/i
CVE-2010-5309 (GE Healthcare CADStream Server has a default password of confirma for  ...)
	NOT-FOR-US: GE Healthcare CADStream Server
CVE-2010-5308 (GE Healthcare Optima MR360 does not require authentication for the HIP ...)
	NOT-FOR-US: GE Healthcare Optima MR360
CVE-2010-5307 (The HIPAA configuration interface in GE Healthcare Optima MR360 has a  ...)
	NOT-FOR-US: GE Healthcare Optima MR360
CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default pass ...)
	NOT-FOR-US: GE Healthcare Optima
CVE-2010-5305 (The potential exists for exposure of the product's password used to re ...)
	NOT-FOR-US: Rockwell
CVE-2010-5304 (A NULL pointer dereference flaw was found in the way LibVNCServer befo ...)
	NOT-FOR-US: RealVNC
CVE-2010-5303 (Cross-site scripting (XSS) vulnerability in the displayError function  ...)
	NOT-FOR-US: TimThumb
CVE-2010-5302 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb b ...)
	NOT-FOR-US: TimThumb
CVE-2010-5301 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to  ...)
	NOT-FOR-US: Kolibri
CVE-2010-5300 (Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows re ...)
	NOT-FOR-US: www.jzip.com
	NOTE: This is the jzip Z-code interpreter in Debian.
CVE-2010-5299 (Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attacke ...)
	NOT-FOR-US: MicroP
CVE-2010-5298 (Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL  ...)
	{DSA-2908-1}
	- openssl 1.0.1g-3 (unimportant)
	[squeeze] - openssl <not-affected> (Introduced in 1.0.0)
	NOTE: Only exploitable with OPENSSL_NO_BUF_FREELIST enabled
CVE-2010-5297 (WordPress before 3.0.1, when a Multisite installation is used, permane ...)
	- wordpress 3.0.1-1
CVE-2010-5296 (wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisi ...)
	- wordpress 3.0.2-1
CVE-2010-5295 (Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in Wo ...)
	- wordpress 3.0.2-1
CVE-2010-5294 (Multiple cross-site scripting (XSS) vulnerabilities in the request_fil ...)
	- wordpress 3.0.2-1
CVE-2010-5293 (wp-includes/comment.php in WordPress before 3.0.2 does not properly wh ...)
	- wordpress 3.0.2-1
CVE-2010-5292 (Amberdms Billing System (ABS) before 1.4.1, when a multi-instance inst ...)
	NOT-FOR-US: Amberdms Billing System
CVE-2010-5291 (Amberdms Billing System (ABS) before 1.4.1 does not properly implement ...)
	NOT-FOR-US: Amberdms Billing System
CVE-2010-5289 (Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Po ...)
	NOT-FOR-US: IncrediMail
CVE-2010-5288 (Buffer overflow in the lsConnectionCached function in editcp in EDItra ...)
	NOT-FOR-US: EDItran Communications Platform
CVE-2010-5290 (The authentication process in Adobe ColdFusion before 10 does not requ ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-5287 (SQL injection vulnerability in default.php in Cornerstone Technologies ...)
	NOT-FOR-US: Cornerstone Technologies webConductor
CVE-2010-5286 (Directory traversal vulnerability in Jstore (com_jstore) component for ...)
	NOT-FOR-US: Joomla jstore
CVE-2010-5285 (Cross-site request forgery (CSRF) vulnerability in admin.php in Collab ...)
	NOTE: Old report against collabtive, Poc has vanished and likely fixed in current release, see #695348
CVE-2010-5284 (Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6. ...)
	- collabtive 0.7.6-1 (bug #695348)
	NOTE: Might be fixed earlier, but 0.7.6 was tested
CVE-2010-5283 (Cross-site request forgery (CSRF) vulnerability in OpenText ECM (forme ...)
	NOT-FOR-US: OpenText ECM
CVE-2010-5282 (Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (f ...)
	NOT-FOR-US: OpenText ECM
CVE-2010-5281 (Directory traversal vulnerability in ibrowser.php in the CMScout 2.09  ...)
	NOT-FOR-US: CMScout IBrowser TinyMCE Plugin
CVE-2010-5280 (Directory traversal vulnerability in the Community Builder Enhanced (C ...)
	NOT-FOR-US: CBE for Joomla
CVE-2010-5279 (article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...)
	NOT-FOR-US: VWar
CVE-2010-5278 (Directory traversal vulnerability in manager/controllers/default/resou ...)
	NOT-FOR-US: MODx Revolution
CVE-2010-5277 (Unspecified vulnerability in the Views Bulk Operations module 6 before ...)
	NOT-FOR-US: Drupal Views Bulk Operations
CVE-2010-5276 (The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Dru ...)
	NOT-FOR-US: Drupal Memcache
CVE-2010-5275 (Cross-site scripting (XSS) vulnerability in memcache_admin in the Memc ...)
	NOT-FOR-US: Drupal Memcache
CVE-2010-5274 (Untrusted search path vulnerability in PKZIP before 12.50.0014 allows  ...)
	NOT-FOR-US: PKZIP
CVE-2010-5273 (Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise  ...)
	NOT-FOR-US: Altova DiffDog 2011 Enterprise
CVE-2010-5272 (Untrusted search path vulnerability in Altova DatabaseSpy 2011 Enterpr ...)
	NOT-FOR-US: Altova DatabaseSpy 2011
CVE-2010-5271 (Untrusted search path vulnerability in Altova MapForce 2011 Enterprise ...)
	NOT-FOR-US: Altova MapForce 2011
CVE-2010-5270 (Multiple untrusted search path vulnerabilities in Adobe Device Central ...)
	NOT-FOR-US: Adobe Device Central
CVE-2010-5269 (Untrusted search path vulnerability in tbb.dll in Intel Threading Buil ...)
	NOT-FOR-US: Intel Threading Building Blocks
CVE-2010-5268 (Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 3088 ...)
	NOT-FOR-US: Amazon Kindle for PC
CVE-2010-5267 (Untrusted search path vulnerability in MunSoft Easy Office Recovery 1. ...)
	NOT-FOR-US: MunSoft Easy Office Recovery
CVE-2010-5266 (Untrusted search path vulnerability in VideoCharge Studio 2.9.0.632 al ...)
	NOT-FOR-US: VideoCharge Studio
CVE-2010-5265 (Untrusted search path vulnerability in SmartSniff 1.71 allows local us ...)
	NOT-FOR-US: SmartSniff
CVE-2010-5264 (Untrusted search path vulnerability in the CExtDWM::CExtDWM method in  ...)
	NOT-FOR-US: Prof-UIS
CVE-2010-5263 (Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 Buil ...)
	NOT-FOR-US: Sothink SWF Decompiler
CVE-2010-5262 (Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in  ...)
	NOT-FOR-US: Gromada Multimedia Conversion Library
CVE-2010-5261 (Untrusted search path vulnerability in SnowFox Total Video Converter 2 ...)
	NOT-FOR-US: SnowFox Total Video Converter
CVE-2010-5260 (Untrusted search path vulnerability in Agrin All DVD Ripper 4.0 allows ...)
	NOT-FOR-US: Agrin All DVD Ripper
CVE-2010-5259 (Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow  ...)
	NOT-FOR-US: IsoBuster
CVE-2010-5258 (Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 ...)
	NOT-FOR-US: Adobe Audition
CVE-2010-5257 (Multiple untrusted search path vulnerabilities in ArchiCAD 13 and 14 a ...)
	NOT-FOR-US: ArchiCAD
CVE-2010-5256 (Untrusted search path vulnerability in CDisplay 1.8.1 allows local use ...)
	NOT-FOR-US: CDisplay
CVE-2010-5255 (Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows loca ...)
	NOT-FOR-US: UltraISO
CVE-2010-5254 (Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2 ...)
	NOT-FOR-US: GFI Backup
CVE-2010-5253 (Untrusted search path vulnerability in WinImage 8.50 allows local user ...)
	NOT-FOR-US: WinImage
CVE-2010-5252 (Untrusted search path vulnerability in HTTrack 3.43-9 allows local use ...)
	- httrack <not-affected> (Only affects Windows)
CVE-2010-5251 (Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5  ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2010-5250 (Untrusted search path vulnerability in the pthread_win32_process_attac ...)
	NOT-FOR-US: Pthreads-win32
CVE-2010-5249 (Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 ...)
	NOT-FOR-US: Sophos Free Encryption
CVE-2010-5248 (Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local u ...)
	NOT-FOR-US: UltraVNC
CVE-2010-5247 (Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 all ...)
	NOT-FOR-US: QtWeb Browser
CVE-2010-5246 (Multiple untrusted search path vulnerabilities in Maxthon Browser 1.6. ...)
	NOT-FOR-US: Maxthon Browser
CVE-2010-5245 (Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54 ...)
	NOT-FOR-US: PDF-XChange Viewer
CVE-2010-5244 (Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite 201 ...)
	NOT-FOR-US: SiSoftware Sandra
CVE-2010-5243 (Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7 ...)
	NOT-FOR-US: Cyberlink Power2Go
CVE-2010-5242 (Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 ...)
	NOT-FOR-US: Sound Forge Pro
CVE-2010-5241 (Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 201 ...)
	NOT-FOR-US: Autodesk AutoCAD
CVE-2010-5240 (Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT an ...)
	NOT-FOR-US: Corel PHOTO-PAINT and CorelDRAW
CVE-2010-5239 (Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 a ...)
	NOT-FOR-US: DAEMON Tools Lite and Pro Standard
CVE-2010-5238 (Untrusted search path vulnerability in CyberLink PowerDirector 8.00.30 ...)
	NOT-FOR-US: CyberLink PowerDirector
CVE-2010-5237 (Untrusted search path vulnerability in CyberLink PowerDirector 7 allow ...)
	NOT-FOR-US: CyberLink PowerDirector
CVE-2010-5236 (Untrusted search path vulnerability in Roxio Easy Media Creator Home 9 ...)
	NOT-FOR-US: Roxio Easy Media Creator Home
CVE-2010-5235 (Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows loc ...)
	NOT-FOR-US: IZArc Archiver
CVE-2010-5234 (Multiple untrusted search path vulnerabilities in Camtasia Studio 7.0. ...)
	NOT-FOR-US: Camtasia Studio
CVE-2010-5233 (Untrusted search path vulnerability in Virtual DJ 6.1.2 Trial b301 all ...)
	NOT-FOR-US: Virtual DJ
CVE-2010-5232 (Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows l ...)
	NOT-FOR-US: DivX Plus Player
CVE-2010-5231 (Untrusted search path vulnerability in DivX Player 7.2.019 allows loca ...)
	NOT-FOR-US: DivX Player
CVE-2010-5230 (Multiple untrusted search path vulnerabilities in MicroStation 7.1 all ...)
	NOT-FOR-US: MicroStation
CVE-2010-5229 (Untrusted search path vulnerability in 010 Editor before 3.1.3 allows  ...)
	NOT-FOR-US: 010 Editor
CVE-2010-5228 (Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879  ...)
	NOT-FOR-US: RealPlayer SP
CVE-2010-5227 (Untrusted search path vulnerability in Opera before 10.62 allows local ...)
	NOT-FOR-US: Opera
CVE-2010-5226 (Multiple untrusted search path vulnerabilities in Autodesk Design Revi ...)
	NOT-FOR-US: Autodesk Design Review
CVE-2010-5225 (Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local  ...)
	NOT-FOR-US: Babylon 8.1.0
CVE-2010-5224 (Untrusted search path vulnerability in Cool iPhone Ringtone Maker 2.2. ...)
	NOT-FOR-US: Cool iPhone Ringtone Maker
CVE-2010-5223 (Multiple untrusted search path vulnerabilities in Phoenix Project Mana ...)
	NOT-FOR-US: Phoenix Project Manager
CVE-2010-5222 (Untrusted search path vulnerability in Ease Jukebox 1.40 allows local  ...)
	NOT-FOR-US: Ease Jukebox
CVE-2010-5221 (Untrusted search path vulnerability in STDU Explorer 1.0.201 allows lo ...)
	NOT-FOR-US: STDU Explorer
CVE-2010-5220 (Untrusted search path vulnerability in MEO Encryption Software 2.02 al ...)
	NOT-FOR-US: MEO Encryption Software
CVE-2010-5219 (Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows loca ...)
	NOT-FOR-US: SmartFTP
CVE-2010-5218 (Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows lo ...)
	NOT-FOR-US: Dupehunter
CVE-2010-5217 (Multiple untrusted search path vulnerabilities in TuneUp Utilities 200 ...)
	NOT-FOR-US: TuneUp Utilities
CVE-2010-5216 (Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 al ...)
	NOT-FOR-US: LINGO
CVE-2010-5215 (Multiple untrusted search path vulnerabilities in SWiSH Max3 3.0 2009. ...)
	NOT-FOR-US: SWiSH Max3
CVE-2010-5214 (Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 all ...)
	NOT-FOR-US: Fotobook Editor
CVE-2010-5213 (Untrusted search path vulnerability in Adobe LiveCycle Designer 8.2.1. ...)
	NOT-FOR-US: Adobe LiveCycle Designer
CVE-2010-5212 (Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 9. ...)
	NOT-FOR-US: Adobe LiveCycle Designer ES2
CVE-2010-5211 (Untrusted search path vulnerability in ALSee 6.20.0.1 allows local use ...)
	NOT-FOR-US: ALSee
CVE-2010-5210 (Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows ...)
	NOT-FOR-US: Sorax Reader
CVE-2010-5209 (Multiple untrusted search path vulnerabilities in Nuance PDF Reader 6. ...)
	NOT-FOR-US: Nuance PDF Reader
CVE-2010-5208 (Multiple untrusted search path vulnerabilities in the (1) Presentation ...)
	NOT-FOR-US: Kingsoft Office
CVE-2010-5207 (Multiple untrusted search path vulnerabilities in CelFrame Office 2008 ...)
	NOT-FOR-US: CelFrame Office
CVE-2010-5206 (Multiple untrusted search path vulnerabilities in e-press ONE Office E ...)
	NOT-FOR-US: ONE Office
CVE-2010-5205 (Multiple untrusted search path vulnerabilities in e-press ONE Office A ...)
	NOT-FOR-US: ONE Office
CVE-2010-5204 (Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1 ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2010-5203 (Multiple untrusted search path vulnerabilities in NCP Secure Enterpris ...)
	NOT-FOR-US: NCP Secure Enterprise
CVE-2010-5202 (Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allow ...)
	NOT-FOR-US: JetAudio
CVE-2010-5201 (Untrusted search path vulnerability in MAGIX Samplitude Producer 11 al ...)
	NOT-FOR-US: MAGIX Samplitude Producer
CVE-2010-5200 (Untrusted search path vulnerability in KeePass Password Safe before 1. ...)
	NOT-FOR-US: KeePass 1 (a Windows only program) is not in Debian, only KeePass 2 (multi-OS version of KeePass) and KeePassX (port/rewrite of KeePass)
CVE-2010-5199 (Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 all ...)
	NOT-FOR-US: PhotoImpact
CVE-2010-5198 (Multiple untrusted search path vulnerabilities in Intuit QuickBooks 20 ...)
	NOT-FOR-US: Intuit QuickBooks
CVE-2010-5197 (Untrusted search path vulnerability in Pixia 4.70j allows local users  ...)
	NOT-FOR-US: Pixia 4.70j
CVE-2010-5196 (Untrusted search path vulnerability in KeePass Password Safe before 2. ...)
	- keepass2 <not-affected> (only affects Windows)
CVE-2010-5195 (Untrusted search path vulnerability in Roxio MyDVD 9 allows local user ...)
	NOT-FOR-US: Roxio MyDVD 9
CVE-2010-5194 (Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE. ...)
	NOT-FOR-US: Viscom Image Viewer CP Pro
CVE-2010-5193 (Stack-based buffer overflow in the TIFMergeMultiFiles function in the  ...)
	NOT-FOR-US: Viscom Image Viewer CP Pro
CVE-2010-5192 (Cross-site scripting (XSS) vulnerability in the Java Management Consol ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5191 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5190 (The Active Content Transformation functionality in Blue Coat ProxySG b ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5189 (Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 be ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5188 (SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sens ...)
	- silverstripe <itp> (bug #528461)
CVE-2010-5187 (SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running o ...)
	- silverstripe <itp> (bug #528461)
CVE-2010-5186 (The Antivirus component in Comodo Internet Security before 4.1.150349. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5185 (The Antivirus component in Comodo Internet Security before 5.3.174622. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5184 (** DISPUTED ** Race condition in ZoneAlarm Extreme Security 9.1.507.00 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5183 (** DISPUTED ** Race condition in Webroot Internet Security Essentials  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5182 (** DISPUTED ** Race condition in VirusBuster Internet Security Suite 3 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5181 (** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on W ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5180 (** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows X ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5179 (** DISPUTED ** Race condition in Trend Micro Internet Security Pro 201 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5178 (** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP all ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5177 (** DISPUTED ** Race condition in Sophos Endpoint Security and Control  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5176 (** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on W ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5175 (** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on Windows  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5174 (** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5173 (** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on Wi ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5172 (** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5171 (** DISPUTED ** Race condition in Outpost Security Suite Pro 6.7.3.3063 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5170 (** DISPUTED ** Race condition in Online Solutions Security Suite 1.5.1 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5169 (** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35 on Wind ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5168 (** DISPUTED ** Race condition in Symantec Norton Internet Security 201 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5167 (** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on Wind ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5166 (** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5165 (** DISPUTED ** Race condition in Malware Defender 2.6.0 on Windows XP  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5164 (** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus 200 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5163 (** DISPUTED ** Race condition in Kaspersky Internet Security 2010 9.0. ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5162 (** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP a ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5161 (** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5160 (** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on Windo ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5159 (** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5158 (** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5157 (Race condition in Comodo Internet Security before 4.1.149672.916 on Wi ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5156 (** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5155 (** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows X ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5154 (** DISPUTED ** Race condition in BitDefender Total Security 2010 13.0. ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5153 (** DISPUTED ** Race condition in Avira Premium Security Suite 10.0.0.5 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5152 (** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on Wind ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5151 (** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on W ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5150 (** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5149 (Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x be ...)
	NOT-FOR-US: Websense
CVE-2010-5148 (Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set t ...)
	NOT-FOR-US: Websense
CVE-2010-5147 (The Remote Filtering component in Websense Web Security and Web Filter ...)
	NOT-FOR-US: Websense
CVE-2010-5146 (The Remote Filtering component in Websense Web Security and Web Filter ...)
	NOT-FOR-US: Websense
CVE-2010-5145 (The Filtering Service in Websense Web Security and Web Filter before 6 ...)
	NOT-FOR-US: Websense
CVE-2010-5144 (The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security ...)
	NOT-FOR-US: Websense
CVE-2010-5143 (McAfee VirusScan Enterprise before 8.8 allows local users to disable t ...)
	NOT-FOR-US: McAfee
CVE-2010-5142 (chef-server-api/app/controllers/users.rb in the API in Chef before 0.9 ...)
	- chef 0.10.10-1
CVE-2010-5141 (wxBitcoin and bitcoind before 0.3.5 do not properly handle script opco ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2010-5140 (wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins a ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2010-5139 (Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2010-5138 (wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial  ...)
	- bitcoin 0.4.0-1
CVE-2010-5137 (wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a  ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2010-5136
	REJECTED
CVE-2010-5135
	REJECTED
CVE-2010-5134
	REJECTED
CVE-2010-5133
	REJECTED
CVE-2010-5132
	REJECTED
CVE-2010-5131
	REJECTED
CVE-2010-5130
	REJECTED
CVE-2010-5129
	REJECTED
CVE-2010-5128
	REJECTED
CVE-2010-5127
	REJECTED
CVE-2010-5126
	REJECTED
CVE-2010-5125
	REJECTED
CVE-2010-5124
	REJECTED
CVE-2010-5123
	REJECTED
CVE-2010-5122
	REJECTED
CVE-2010-5121
	REJECTED
CVE-2010-5120
	REJECTED
CVE-2010-5119
	REJECTED
CVE-2010-5118
	REJECTED
CVE-2010-5117
	REJECTED
CVE-2010-5116
	REJECTED
CVE-2010-5115
	REJECTED
CVE-2010-5114
	REJECTED
CVE-2010-5113
	REJECTED
CVE-2010-5112
	REJECTED
CVE-2010-5111 (Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote ...)
	- echoping 6.0.2-4 (low; bug #606808)
	[squeeze] - echoping <no-dsa> (Minor issue)
	NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=349569
	NOTE: http://xforce.iss.net/xforce/xfdb/64141
	NOTE: http://secunia.com/advisories/42619/
CVE-2010-5110 (DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause ...)
	{DLA-24-1}
	- poppler 0.16.3-1 (bug #722705)
	[squeeze] - poppler 0.12.4-1.2+squeeze4
CVE-2010-5109 (Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's  ...)
	- libytnef 1.5-5 (low; bug #705468)
	[squeeze] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	- claws-mail-extra-plugins <unfixed> (low)
	[squeeze] - claws-mail-extra-plugins <no-dsa> (Minor issue)
	[wheezy] - claws-mail-extra-plugins <no-dsa> (Minor issue)
	- claws-mail 3.11.1-2 (bug #771360)
	[squeeze] - claws-mail <not-affected> (In Squeeze, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins)
	[wheezy] - claws-mail <not-affected> (In Wheezy, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins)
CVE-2010-5108 (Trac 0.11.6 does not properly check workflow permissions before modify ...)
	- trac 0.11.7-1 (bug #573260)
CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time ...)
	- openssh 1:6.0p1-4 (low; bug #700102)
	[squeeze] - openssh 1:5.5p1-6+squeeze3
CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress bef ...)
	- wordpress 3.0.3-1
CVE-2010-5105 (The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ea ...)
	- blender <unfixed> (unimportant; bug #584621)
	[squeeze] - blender <no-dsa> (Minor issue)
	[wheezy] - blender <no-dsa> (Minor issue)
	NOTE: Neutralised by kernel temp hardening
CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5103 (SQL injection vulnerability in the list module in TYPO3 4.2.x before 4 ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5102 (Directory traversal vulnerability in mod/tools/em/class.em_unzip.php i ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5101 (Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2 ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5100 (Multiple cross-site scripting (XSS) vulnerabilities in the Install Too ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5099 (The fileDenyPattern functionality in the PHP file inclusion protection ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5098 (Cross-site scripting (XSS) vulnerability in the FORM content object in ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5097 (Cross-site scripting (XSS) vulnerability in the click enlarge function ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5096
	NOT-FOR-US: MyBB
CVE-2010-5095 (Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before  ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5094 (The deleteinstallfiles function in control/ContentController.php in Si ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5093 (Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5092 (The Add Member dialog in the Security admin page in SilverStripe 2.4.0 ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5091 (The setName function in filesystem/File.php in SilverStripe 2.3.x befo ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5090 (SilverStripe before 2.4.2 allows remote authenticated users to change  ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5089 (SilverStripe before 2.4.2 does not properly restrict access to pages i ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5088 (Multiple cross-site request forgery (CSRF) vulnerabilities in SilverSt ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5087 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote  ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5086 (Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2. ...)
	NOT-FOR-US: Bitweaver
CVE-2010-5085 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin/up ...)
	NOT-FOR-US: Hulihan Amethyst
CVE-2010-5084 (The cross-site request forgery (CSRF) protection mechanism in e107 bef ...)
	NOT-FOR-US: e107
CVE-2010-5083 (SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 a ...)
	NOT-FOR-US: PHP-Nuke
CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in  ...)
	NOT-FOR-US: Windows Server
CVE-2010-5081 (Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 al ...)
	NOT-FOR-US: Mini-Stream RM-MP3 Converter
CVE-2010-5080 (The Security/changepassword URL action in SilverStripe 2.3.x before 2. ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5079 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entr ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5078 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensiti ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5077 (server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, Op ...)
	{DSA-2442-1}
	- openarena 0.8.5-6 (medium; bug #665656)
	- ioquake3 <not-affected> (fixed before upload)
	- tremulous 1.1.0-8 (bug #665842)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2010-5076 (QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in  ...)
	- qt4-x11 4:4.6.3-1
	NOTE: Might be fixed earlier, but Squeeze version has been validated to be fixed
CVE-2010-5075 (Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5. ...)
	NOT-FOR-US: Avast! Internet Security
CVE-2010-5074 (The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3. ...)
	- iceweasel 4.0-1 (unimportant)
CVE-2010-5073 (The JavaScript implementation in Google Chrome 4 does not properly res ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2010-5072 (The JavaScript implementation in Opera 10.5 does not properly restrict ...)
	NOT-FOR-US: Opera
CVE-2010-5071 (The JavaScript implementation in Microsoft Internet Explorer 8.0 and e ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-5070 (The JavaScript implementation in Apple Safari 4 does not properly rest ...)
	NOT-FOR-US: Safari
CVE-2010-5069 (The Cascading Style Sheets (CSS) implementation in Google Chrome 4 doe ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2010-5068 (The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not ...)
	NOT-FOR-US: Opera
CVE-2010-5067 (Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depen ...)
	NOT-FOR-US: Virtual War
CVE-2010-5066 (The createRandomPassword function in includes/functions_common.php in  ...)
	NOT-FOR-US: Virtual War
CVE-2010-5065 (popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers t ...)
	NOT-FOR-US: Virtual War
CVE-2010-5064 (Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (ak ...)
	NOT-FOR-US: Virtual War
CVE-2010-5063 (SQL injection vulnerability in article.php in Virtual War (aka VWar) 1 ...)
	NOT-FOR-US: Virtual War
CVE-2010-5062 (SQL injection vulnerability in search.php in MH Products kleinanzeigen ...)
	NOT-FOR-US: MH Products kleinanzeigenmarkt
CVE-2010-5061 (SQL injection vulnerability in index.php in RSStatic allows remote att ...)
	NOT-FOR-US: RSStatic
CVE-2010-5060 (SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows r ...)
	NOT-FOR-US: NUs Newssystem
CVE-2010-5059 (SQL injection vulnerability in index.php in CMScout 2.0.8 allows remot ...)
	NOT-FOR-US: CMScout
CVE-2010-5058 (SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 al ...)
	NOT-FOR-US: CMS Ariadna
CVE-2010-5057 (SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 al ...)
	NOT-FOR-US: CMS Ariadna
CVE-2010-5056 (SQL injection vulnerability in the GBU Facebook (com_gbufacebook) comp ...)
	NOT-FOR-US: GBU Facebook
CVE-2010-5055 (SQL injection vulnerability in index.php in Almnzm 2.1 allows remote a ...)
	NOT-FOR-US: Almnzm
CVE-2010-5054 (Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki b ...)
	NOT-FOR-US: JAMWiki
CVE-2010-5053 (SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5052 (Cross-site scripting (XSS) vulnerability in admin/components.php in Ge ...)
	NOT-FOR-US: GetSimple CMS
CVE-2010-5051 (Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php  ...)
	NOT-FOR-US: razorCMS
CVE-2010-5050 (Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_sha ...)
	NOT-FOR-US: ManageEngine ADManager Plus
CVE-2010-5049 (SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier  ...)
	- zabbix 1:1.8.2-1
CVE-2010-5048 (Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5047 (SQL injection vulnerability in page.php in V-EVA Press Release Script  ...)
	NOT-FOR-US: V-EVA Press Release Script
CVE-2010-5046 (Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows ...)
	NOT-FOR-US: ecoCMS
CVE-2010-5045 (Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart  ...)
	NOT-FOR-US: Smart ASP Survey
CVE-2010-5044 (SQL injection vulnerability in models/log.php in the Search Log (com_s ...)
	NOT-FOR-US: Search log Joomla addon
CVE-2010-5043 (SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) co ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5042 (Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_dja ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5041 (SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 ...)
	NOT-FOR-US: Nucleus CMS extension
CVE-2010-5040 (PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery. ...)
	NOT-FOR-US: Nucleus CMS extension
CVE-2010-5039 (SQL injection vulnerability in control/admin_login.php in ScriptsFeed  ...)
	NOT-FOR-US: ScriptsFeed Recipes Listing Portal
CVE-2010-5038 (PHP remote file inclusion vulnerability in contact/contact.php in Groo ...)
	NOT-FOR-US: Groone's Simple Contact Form
CVE-2010-5037 (SQL injection vulnerability in article.php in SenseSites CommonSense C ...)
	NOT-FOR-US: SenseSites CommonSense CMS
CVE-2010-5036 (SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allow ...)
	NOT-FOR-US: iScripts eSwap
CVE-2010-5035 (Cross-site scripting (XSS) vulnerability in search.php in iScripts eSw ...)
	NOT-FOR-US: iScripts eSwap
CVE-2010-5034 (SQL injection vulnerability in viewhistorydetail.php in iScripts EasyB ...)
	NOT-FOR-US: iScripts EasyBiller
CVE-2010-5033 (SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows ...)
	NOT-FOR-US: Fusebox
CVE-2010-5032 (SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5031 (Cross-site scripting (XSS) vulnerability in index.php in fileNice 1.1  ...)
	NOT-FOR-US: fileNice
CVE-2010-5030 (Cross-site scripting (XSS) vulnerability in index.php in Ecomat CMS 5. ...)
	NOT-FOR-US: Ecomat CMS
CVE-2010-5029 (SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remo ...)
	NOT-FOR-US: Ecomat CMS
CVE-2010-5028 (SQL injection vulnerability in the JExtensions JE Job (com_jejob) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5027 (Cross-site scripting (XSS) vulnerability in winners.php in Science Fai ...)
	NOT-FOR-US: Science Fair In A Box (SFIAB)
CVE-2010-5026 (SQL injection vulnerability in winners.php in Science Fair In A Box (S ...)
	NOT-FOR-US: Science Fair In A Box (SFIAB)
CVE-2010-5025 (Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSIT ...)
	NOT-FOR-US: CuteSITE CMS
CVE-2010-5024 (SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2 ...)
	NOT-FOR-US: CuteSITE CMS
CVE-2010-5023 (SQL injection vulnerability in index.asp in Digital Interchange Calend ...)
	NOT-FOR-US: Digital Interchange Calendar
CVE-2010-5022 (SQL injection vulnerability in the JExtensions JE Story Submit (com_je ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5021 (SQL injection vulnerability in view_group.asp in Digital Interchange D ...)
	NOT-FOR-US: Digital Interchange Calendar
CVE-2010-5020 (SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 ...)
	NOT-FOR-US: NetArt Media iBoutique
CVE-2010-5019 (SQL injection vulnerability in view_photo.php in 2daybiz Online Classi ...)
	NOT-FOR-US: 2daybiz Online Classified Script
CVE-2010-5018 (Cross-site scripting (XSS) vulnerability in products/classified/header ...)
	NOT-FOR-US: 2daybiz Online Classified Script
CVE-2010-5017 (SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 a ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2010-5016 (SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2010-5015 (SQL injection vulnerability in view_photo.php in 2daybiz Network Commu ...)
	NOT-FOR-US: 2daybiz Network Community Script
CVE-2010-5014 (SQL injection vulnerability in standings.php in Elite Gaming Ladders 3 ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2010-5013 (SQL injection vulnerability in listing_detail.asp in Mckenzie Creation ...)
	NOT-FOR-US: Mckenzie Creations Virtual Real Estate Manager
CVE-2010-5012 (SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows ...)
	NOT-FOR-US: DaLogin
CVE-2010-5011 (SQL injection vulnerability in schoolmv2/html/studentmain.php in Schoo ...)
	NOT-FOR-US: SchoolMation
CVE-2010-5010 (Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain ...)
	NOT-FOR-US: SchoolMation
CVE-2010-5009 (SQL injection vulnerability in index.php in UTStats Beta 4 and earlier ...)
	NOT-FOR-US: UTStats
CVE-2010-5008 (SQL injection vulnerability in pages/contact_list_mail_form.asp in Bri ...)
	NOT-FOR-US: BrightSuite Groupware
CVE-2010-5007 (Cross-site scripting (XSS) vulnerability in pages/match_report.php in  ...)
	NOT-FOR-US: UTStats
CVE-2010-5006 (SQL injection vulnerability in googlemap/index.php in EMO Realty Manag ...)
	NOT-FOR-US: EMO Realty Manager
CVE-2010-5005 (Cross-site scripting (XSS) vulnerability in members/profileCommentsRes ...)
	NOT-FOR-US: Rayzz Photoz
CVE-2010-5004 (SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Ad ...)
	NOT-FOR-US: 2daybiz Polls
CVE-2010-5000 (SQL injection vulnerability in login/login_index.php in MCLogin System ...)
	NOT-FOR-US: MCLogin System
CVE-2010-4998 (PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaIni ...)
	NOT-FOR-US: ardeaCore PHP Framework
CVE-2010-4997 (SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 a ...)
	NOT-FOR-US: OlyKit Swoopo Clone 2010
CVE-2010-4971 (Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Vid ...)
	NOT-FOR-US: VideoWhisper PHP 2 Way Video Chat
CVE-2010-5003 (SQL injection vulnerability in the AutarTimonial (com_autartimonial) c ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5002 (Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/sl ...)
	NOT-FOR-US: Exponent CMS
CVE-2010-5001 (SQL injection vulnerability in view.php in esoftpro Online Contact Man ...)
	NOT-FOR-US: esoftpro Online Contact Manager
CVE-2010-4999 (SQL injection vulnerability in index.php in esoftpro Online Photo Pro  ...)
	NOT-FOR-US: esoftpro Online Photo Pro
CVE-2010-4996 (SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbo ...)
	NOT-FOR-US: esoftpro Online Guestbook Pro
CVE-2010-4995 (SQL injection vulnerability in the NeoRecruit (com_neorecruit) compone ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4994 (SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4993 (SQL injection vulnerability in the eventcal (com_eventcal) component 1 ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4992 (SQL injection vulnerability in the Payments Plus component 2.1.5 for J ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4991 (SQL injection vulnerability in the NinjaMonials (com_ninjamonials) com ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4990 (SQL injection vulnerability in the Front-edit Address Book (com_addres ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4989 (SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows r ...)
	NOT-FOR-US: Ziggurat Farsi CMS
CVE-2010-4988 (PHP remote file inclusion vulnerability in mod_chatting/themes/default ...)
	NOT-FOR-US: Family Connections Who is Chatting
CVE-2010-4987 (SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GB ...)
	NOT-FOR-US: KMSoft Guestbook (aka GBook)
CVE-2010-4986 (SQL injection vulnerability in detail.php in Simple Document Managemen ...)
	NOT-FOR-US: Simple Document Management System (SDMS)
CVE-2010-4985 (Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam Not ...)
	NOT-FOR-US: My Kazaam Notes Management System
CVE-2010-4984 (SQL injection vulnerability in notes.php in My Kazaam Notes Management ...)
	NOT-FOR-US: My Kazaam Notes Management System
CVE-2010-4983 (SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0  ...)
	NOT-FOR-US: iScripts CyberMatch
CVE-2010-4982 (SQL injection vulnerability in address_book/contacts.php in My Kazaam  ...)
	NOT-FOR-US: My Kazaam Address & Contact Organizer
CVE-2010-4981 (SQL injection vulnerability in trackads.php in YourFreeWorld Banner Ma ...)
	NOT-FOR-US: YourFreeWorld Banner Management
CVE-2010-4980 (SQL injection vulnerability in packagedetails.php in iScripts ReserveL ...)
	NOT-FOR-US: iScripts ReserveLogic
CVE-2010-4979 (SQL injection vulnerability in image/view.php in CANDID allows remote  ...)
	NOT-FOR-US: CANDID
CVE-2010-4978 (Cross-site scripting (XSS) vulnerability in image/view.php in CANDID a ...)
	NOT-FOR-US: CANDID
CVE-2010-4977 (SQL injection vulnerability in menu.php in the Canteen (com_canteen) c ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4976 (Cross-site scripting (XSS) vulnerability in search/search.php in MetIn ...)
	NOT-FOR-US: MetInfo
CVE-2010-4975 (SQL injection vulnerability in the Techjoomla SocialAds For JomSocial  ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4974 (SQL injection vulnerability in info.php in BrotherScripts (BS) and Scr ...)
	NOT-FOR-US: BrotherScripts (BS) and ScriptsFeed Auto Dealer
CVE-2010-4973 (Cross-site scripting (XSS) vulnerability in the search feature in Camp ...)
	NOT-FOR-US: Campsite
CVE-2010-4972 (SQL injection vulnerability in index.php in YPNinc JokeScript allows r ...)
	NOT-FOR-US: YPNinc JokeScript
CVE-2010-4970 (SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0 ...)
	NOT-FOR-US: Wiki Web Help
CVE-2010-4969 (SQL injection vulnerability in articlesdetails.php in BrotherScripts ( ...)
	NOT-FOR-US: BrotherScripts (BS) Business Directory
CVE-2010-4968 (SQL injection vulnerability in the webmaster-tips.net Flash Gallery (c ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4967 (SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6  ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2010-4966 (Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvo ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2010-4965 (/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 co ...)
	NOT-FOR-US: D-Link DCS-2121
CVE-2010-4964 (recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 all ...)
	NOT-FOR-US: D-Link DCS-2121
CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows ...)
	NOT-FOR-US: Hulihan BXR
CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension bef ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4961 (SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension b ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4960 (Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yell ...)
	NOT-FOR-US: Branchenbuch
CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects Pre P ...)
	NOT-FOR-US: Pre Projects Pre Podcast Portal
CVE-2010-4958 (SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows  ...)
	NOT-FOR-US: Prado Portal
CVE-2010-4957 (SQL injection vulnerability in the Questionnaire (ke_questionnaire) ex ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4956 (Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_ques ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4955 (SQL injection vulnerability in board/board.php in APBoard Developers A ...)
	NOT-FOR-US: APBoard Developers APBoard
CVE-2010-4954 (SQL injection vulnerability in product_reviews_info.php in xt:Commerce ...)
	NOT-FOR-US: xt:Commerce Gambio
CVE-2010-4953 (Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1 ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4952 (SQL injection vulnerability in the FE user statistic (festat) extensio ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4951 (Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xaj ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4950 (SQL injection vulnerability in the Event (event) extension before 0.3. ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4949 (Cross-site scripting (XSS) vulnerability in the (1) FreiChat component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4948 (PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in ...)
	NOT-FOR-US: PHP Free Photo Gallery
CVE-2010-4947 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
	NOT-FOR-US: ALLPC
CVE-2010-4946 (SQL injection vulnerability in product_info.php in ALLPC 2.5 allows re ...)
	NOT-FOR-US: ALLPC
CVE-2010-4945 (SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) comp ...)
	NOT-FOR-US: CamelcityDB
CVE-2010-4944 (SQL injection vulnerability in the Elite Experts (com_elite_experts) c ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4943 (Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 ...)
	NOT-FOR-US: Saurus CMS
CVE-2010-4942 (SQL injection vulnerability in location.php in the eCal module in E-Xo ...)
	NOT-FOR-US: E-Xoopport Samsara
CVE-2010-4941 (SQL injection vulnerability in the Teams (com_teams) component 1_1028_ ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4940 (SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows  ...)
	NOT-FOR-US: WAnewsletter
CVE-2010-4939 (PHP remote file inclusion vulnerability in index.php in MailForm 1.2 a ...)
	NOT-FOR-US: MailForm
CVE-2010-4938 (SQL injection vulnerability in the Weblinks (com_weblinks) component i ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4937 (Multiple SQL injection vulnerabilities in the Amblog (com_amblog) comp ...)
	NOT-FOR-US: Amblog
CVE-2010-4936 (SQL injection vulnerability in the Slide Show (com_slideshow) componen ...)
	NOT-FOR-US: Slide Show extension for Joomla
CVE-2010-4935 (SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier a ...)
	NOT-FOR-US: Entrans
CVE-2010-4934 (SQL injection vulnerability in video.php in Get Tube 4.51 and earlier  ...)
	NOT-FOR-US: Get Tube
CVE-2010-4933 (SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3. ...)
	NOT-FOR-US: Geeklog
CVE-2010-4932 (Cross-site scripting (XSS) vulnerability in search.php in Entrans befo ...)
	NOT-FOR-US: Entrans
CVE-2010-4931 (** DISPUTED ** Directory traversal vulnerability in maincore.php in PH ...)
	NOT-FOR-US: PHP-Fusion
CVE-2010-4930 (Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail ...)
	NOT-FOR-US: @mail Webmail
CVE-2010-4929 (SQL injection vulnerability in the Joostina (com_ezautos) component fo ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4928 (Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_ ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4927 (SQL injection vulnerability in the Restaurant Guide (com_restaurantgui ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4926 (SQL injection vulnerability in the TimeTrack (com_timetrack) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4925 (SQL injection vulnerability in clic.php in the Partenaires module 1.5  ...)
	NOT-FOR-US: Nuked Klan
CVE-2010-4924 (** DISPUTED ** PHP remote file inclusion vulnerability in logic/contro ...)
	NOT-FOR-US: clearBudget
CVE-2010-4923 (SQL injection vulnerability in book/detail.php in Virtue Netz Virtue B ...)
	NOT-FOR-US: Virtue Netz Virtue
CVE-2010-4922 (Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow ...)
	NOT-FOR-US: Allinta CMS
CVE-2010-4921 (SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady ...)
	NOT-FOR-US: DMXReady Polling Booth Manager
CVE-2010-4920 (SQL injection vulnerability in detail.asp in Micronetsoft Rental Prope ...)
	NOT-FOR-US: Micronetsoft
CVE-2010-4919 (SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer We ...)
	NOT-FOR-US: Micronetsoft
CVE-2010-4918 (PHP remote file inclusion vulnerability in iJoomla Magazine (com_magaz ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4917 (SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows ...)
	NOT-FOR-US: A-Blog
CVE-2010-4916 (Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUse ...)
	NOT-FOR-US: ColdGen ColdUserGroup
CVE-2010-4915 (SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 ...)
	NOT-FOR-US: ColdGen ColdBookmarks
CVE-2010-4914 (PHP remote file inclusion vulnerability in tools/phpmailer/class.phpma ...)
	NOT-FOR-US: PHP Classifieds
CVE-2010-4913 (Cross-site scripting (XSS) vulnerability in the search feature in Cold ...)
	NOT-FOR-US: ColdGen ColdUserGroup
CVE-2010-4912 (SQL injection vulnerability in shop.php in UCenter Home 2.0 allows rem ...)
	NOT-FOR-US: UCenter
CVE-2010-4911 (SQL injection vulnerability in classi/detail.php in PHP Classifieds Ad ...)
	NOT-FOR-US: PHP Classifieds
CVE-2010-4910 (SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06  ...)
	NOT-FOR-US: ColdGen ColdCalendar
CVE-2010-4909 (Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCM ...)
	NOT-FOR-US: PaysiteReviewCMS
CVE-2010-4908 (SQL injection vulnerability in detail.php in Virtue Shopping Mall allo ...)
	NOT-FOR-US: Virtue Shopping Mall
CVE-2010-4907 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenph ...)
	NOT-FOR-US: Zenphoto
CVE-2010-4906 (SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3  ...)
	NOT-FOR-US: Zenphoto
CVE-2010-4905 (SQL injection vulnerability in article_details.php in Softbiz Article  ...)
	NOT-FOR-US: Softbiz
CVE-2010-4904 (SQL injection vulnerability in the Aardvertiser (com_aardvertiser) com ...)
	NOT-FOR-US: Aardvertiser
CVE-2010-4903 (SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remo ...)
	NOT-FOR-US: CubeCart
CVE-2010-4902 (Multiple SQL injection vulnerabilities in the Clantools (com_clantools ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4901 (Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in ...)
	NOT-FOR-US: MySource Matrix
CVE-2010-4900 (Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and ear ...)
	NOT-FOR-US: CMS WebManager-Pro
CVE-2010-4899 (SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1  ...)
	NOT-FOR-US: CMS WebManager-Pro
CVE-2010-4898 (SQL injection vulnerability in the Gantry (com_gantry) component 3.0.1 ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4897 (SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remot ...)
	NOT-FOR-US: BlueCMS
CVE-2010-4896 (Cross-site scripting (XSS) vulnerability in admin/index.asp in Member  ...)
	NOT-FOR-US: Member Management System
CVE-2010-4895 (Cross-site scripting (XSS) vulnerability in core/showsite.php in chill ...)
	NOT-FOR-US: chillyCMS
CVE-2010-4894 (SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 al ...)
	NOT-FOR-US: chillyCMS
CVE-2010-4893 (Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS  ...)
	NOT-FOR-US: FestOS
CVE-2010-4892 (Cross-site scripting (XSS) vulnerability in the powermail extension be ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4891 (SQL injection vulnerability in the Yet Another Calendar (ke_yac) exten ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4890 (Cross-site scripting (XSS) vulnerability in the Yet Another Calendar ( ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4889 (Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4888 (SQL injection vulnerability in the Tiny Market (hm_tinymarket) extensi ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4887 (SQL injection vulnerability in the Commenting system Backend Module (c ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4886 (Cross-site scripting (XSS) vulnerability in the "official twitter twee ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4885 (Cross-site scripting (XSS) vulnerability in the XING Button (xing) ext ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4884 (PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaes ...)
	NOT-FOR-US: Gaestebuch
CVE-2010-4883 (Cross-site scripting (XSS) vulnerability in manager/index.php in MODx  ...)
	NOT-FOR-US: MODx Revolution
CVE-2010-4882 (Cross-site scripting (XSS) vulnerability in autocms.php in Auto CMS 1. ...)
	NOT-FOR-US: Auto CMS
CVE-2010-4881 (Multiple cross-site request forgery (CSRF) vulnerabilities in calendar ...)
	NOT-FOR-US: ApPHP Calendar
CVE-2010-4880 (Multiple cross-site scripting (XSS) vulnerabilities in calendar.class. ...)
	NOT-FOR-US: ApPHP Calendar
CVE-2010-4879 (PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0  ...)
	- php-dompdf 0.6.1+dfsg-1
CVE-2010-4878 (PHP remote file inclusion vulnerability in formmailer.php in Kontakt F ...)
	NOT-FOR-US: Kontakt Formular
CVE-2010-4877 (Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1  ...)
	NOT-FOR-US: OneCMS
CVE-2010-4876 (SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows  ...)
	NOT-FOR-US: mBlogger
CVE-2010-4875 (Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpo ...)
	NOT-FOR-US: Wordpress plugin
CVE-2010-4874 (Multiple cross-site scripting (XSS) vulnerabilities in users.php in Ni ...)
	NOT-FOR-US: NinkoBB
CVE-2010-4873 (Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 ...)
	NOT-FOR-US: WeBid
CVE-2010-4872 (SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3  ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2010-4871 (Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows att ...)
	NOT-FOR-US: SmartFTP
CVE-2010-4870 (SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows re ...)
	NOT-FOR-US: BloofoxCMS
CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote ...)
	NOT-FOR-US: DBHcms
CVE-2010-4868 (Cross-site scripting (XSS) vulnerability in search.php3 (aka search.ph ...)
	NOT-FOR-US: W-Agora
CVE-2010-4867 (Directory traversal vulnerability in search.php3 (aka search.php) in W ...)
	NOT-FOR-US: W-Agora
CVE-2010-4866 (SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows  ...)
	NOT-FOR-US: Chipmunk Board
CVE-2010-4865 (SQL injection vulnerability in the JE Guestbook (com_jeguestbook) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4864 (SQL injection vulnerability in the Club Manager (com_clubmanager) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4863 (Cross-site scripting (XSS) vulnerability in admin/changedata.php in Ge ...)
	NOT-FOR-US: GetSimple CMS
CVE-2010-4862 (SQL injection vulnerability in the JExtensions JE Directory (com_jedir ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4861 (SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows re ...)
	NOT-FOR-US: webSPELL
CVE-2010-4860 (SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 a ...)
	NOT-FOR-US: MyPhpAuction
CVE-2010-4859 (SQL injection vulnerability in index.php in WebAsyst Shop-Script allow ...)
	NOT-FOR-US: WebAsyst Shop-Script
CVE-2010-4858 (Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stat ...)
	NOT-FOR-US: DNET Live-Stats
CVE-2010-4857 (SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows re ...)
	NOT-FOR-US: CAG CMS
CVE-2010-4856 (SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote  ...)
	NOT-FOR-US: xWeblog
CVE-2010-4855 (SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote at ...)
	NOT-FOR-US: xWebLog
CVE-2010-4854 (SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magi ...)
	NOT-FOR-US: Zuitu
CVE-2010-4853 (SQL injection vulnerability in the ccInvoices (com_ccinvoices) compone ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4852 (Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b ...)
	NOT-FOR-US: Eclime
CVE-2010-4851 (Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote a ...)
	NOT-FOR-US: Eclime
CVE-2010-4850 (Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 a ...)
	NOT-FOR-US: Diferior
CVE-2010-4849 (SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B ...)
	NOT-FOR-US: Alibaba Clone B2B
CVE-2010-4848 (Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in  ...)
	NOT-FOR-US: AXScripts AxsLinks
CVE-2010-4847 (SQL injection vulnerability in view_item.php in MH Products MHP Downlo ...)
	NOT-FOR-US: MH Products MHP Downloadshop
CVE-2010-4846 (SQL injection vulnerability in view_item.php in MH Products Pay Pal Sh ...)
	NOT-FOR-US: MH Products Pay Pal Shop Digital
CVE-2010-4845 (Multiple SQL injection vulnerabilities in MH Products Projekt Shop all ...)
	NOT-FOR-US: MH Products Projekt Shop
CVE-2010-4844 (SQL injection vulnerability in content.php in MH Products Easy Online  ...)
	NOT-FOR-US: MH Products Easy Online Shop
CVE-2010-4843 (SQL injection vulnerability in website-page.php in PHP Web Scripts Ad  ...)
	NOT-FOR-US: PHP Web Scripts Ad Manager Pro
CVE-2010-4842 (SQL injection vulnerability in admin/login.php in MHP DownloadScript ( ...)
	NOT-FOR-US: MH Products Download Center
CVE-2010-4841 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ev ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2010-4840 (Multiple buffer overflows in the Syslog server in ManageEngine EventLo ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and  ...)
	NOT-FOR-US: Wordpress plugin Event Registration
CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component 1 ...)
	NOT-FOR-US: Joomla!
CVE-2010-4837 (Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport ...)
	NOT-FOR-US: Joomla!
CVE-2010-4836 (Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2 ...)
	NOT-FOR-US: PHPShop
CVE-2010-4835 (Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 ...)
	NOT-FOR-US: OneOrZero AIMS
CVE-2010-4834 (Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS  ...)
	NOT-FOR-US: OneOrZero AIMS
CVE-2010-4833 (Untrusted search path vulnerability in modules/engines/ms-windows/xp_t ...)
	- gtk+2.0 <not-affected> (win32 specific)
CVE-2010-4832 (Android OS before 2.2 does not display the correct SSL certificate in  ...)
	NOT-FOR-US: Android
CVE-2010-4831 (Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in G ...)
	- gtk+2.0 <not-affected> (Win32-specific)
CVE-2010-4830 (SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno ...)
	NOT-FOR-US: Techno Dreams (T-Dreams) Job Career Package
CVE-2010-4829 (SQL injection vulnerability in processview.asp in Techno Dreams (T-Dre ...)
	NOT-FOR-US: Techno Dreams
CVE-2010-4828 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orio ...)
	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2010-4827 (Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forum ...)
	NOT-FOR-US: Snitz Forums
CVE-2010-4826 (SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 ...)
	NOT-FOR-US: Snitz Forums
CVE-2010-4825 (Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Tw ...)
	NOT-FOR-US: Wordpress plugin
CVE-2010-4824 (SQL injection vulnerability in the augmentSQL method in core/model/Tra ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4823 (Cross-site scripting (XSS) vulnerability in the httpError method in sa ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4822 (core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when  ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4821 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allo ...)
	NOT-FOR-US: phpMyFAQ
CVE-2010-4820 (Untrusted search path vulnerability in Ghostscript 8.62 allows local u ...)
	- ghostscript 8.71~dfsg2-6.1
	[lenny] - ghostscript <no-dsa> (too risky for regressions)
CVE-2010-4819 (The ProcRenderAddGlyphs function in the Render extension (render/rende ...)
	- xorg-server 2:1.9.0.901-1
	[squeeze] - xorg-server 2:1.7.7-14
	[lenny] - xorg-server <no-dsa> (Minor issue)
CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authenticated u ...)
	- xorg-server 2:1.9.99.902-1
	[squeeze] - xorg-server 2:1.7.7-4
	[lenny] - xorg-server <no-dsa> (Minor issue)
	NOTE: As per https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4818 three commits with theoretical sec impact:
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=3f0d3f4d97bce75c1828635c322b6560a45a037f
CVE-2010-4817 (pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. ...)
	- pithos 0.3.5-1
CVE-2010-4816
	RESERVED
CVE-2010-4815 (Coppermine gallery before 1.4.26 has an input validation vulnerability ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Adva ...)
	NOT-FOR-US: Best Soft Inc.
CVE-2010-4813 (Cross-site scripting (XSS) vulnerability in the Category Tokens module ...)
	NOT-FOR-US: Drupal 6.x Category Tokens module
CVE-2010-4812 (Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 all ...)
	NOT-FOR-US: 6kbbs
CVE-2010-4811 (Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php  ...)
	NOT-FOR-US: 6kbbs
CVE-2010-4810 (Multiple PHP remote file inclusion vulnerabilities in AR Web Content M ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2010-4809 (SQL injection vulnerability in index.php in DBSite 1.0 allows remote a ...)
	NOT-FOR-US: DBSite
CVE-2010-4808 (SQL injection vulnerability in index.php in Webmatic allows remote att ...)
	NOT-FOR-US: Webmatic
CVE-2010-4805 (The socket implementation in net/core/sock.c in the Linux kernel befor ...)
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-48
CVE-2010-4807 (Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 a ...)
	NOT-FOR-US: IBM Web Content Manager
CVE-2010-4806 (The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 ...)
	NOT-FOR-US: IBM Web Content Manager
CVE-2010-4804 (The Android browser in Android before 2.3.4 allows remote attackers to ...)
	NOT-FOR-US: Android Browser
CVE-2010-4803 (Mojolicious before 0.999927 does not properly implement HMAC-MD5 check ...)
	{DSA-2239-1}
	- libmojolicious-perl 0.999929-1
CVE-2010-4802 (Commands.pm in Mojolicious before 0.999928 does not properly perform C ...)
	{DSA-2239-1}
	- libmojolicious-perl 0.999929-1
CVE-2010-4801 (Directory traversal vulnerability in admin/updatelist.php in BaconMap  ...)
	NOT-FOR-US: BaconMap
CVE-2010-4800 (SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote ...)
	NOT-FOR-US: BaconMap
CVE-2010-4799 (Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when m ...)
	NOT-FOR-US: Chipmunk Pwngame
CVE-2010-4798 (Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 al ...)
	NOT-FOR-US: OrangeHRM
CVE-2010-4797 (Multiple SQL injection vulnerabilities in the log-in form in Truworth  ...)
	NOT-FOR-US: Truworth Flex Timesheet
CVE-2010-4796 (Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote at ...)
	NOT-FOR-US: PHPYun
CVE-2010-4795 (SQL injection vulnerability in the JS Calendar (com_jscalendar) compon ...)
	NOT-FOR-US: JS Calendar component for Joomla!
CVE-2010-4794 (Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSelle ...)
	NOT-FOR-US: JoomlaSeller JS Calendar component for Joomla!
CVE-2010-4793 (SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager  ...)
	NOT-FOR-US: Site2Nite Auto e-Manager
CVE-2010-4792 (Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverL ...)
	NOT-FOR-US: OPEN IT OverLook
CVE-2010-4791 (SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_us ...)
	NOT-FOR-US: MG User-Fotoalbum module for PHP-Fusion
CVE-2010-4790 (Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and proba ...)
	NOT-FOR-US: FilterFTP
CVE-2010-4789 (Use-after-free vulnerability in the proxy-server implementation in IBM ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-4788 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV ...)
	NOT-FOR-US: Tivoli
CVE-2010-4787 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV ...)
	NOT-FOR-US: Tivoli
CVE-2010-4786 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV ...)
	NOT-FOR-US: Tivoli
CVE-2010-4785 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server  ...)
	NOT-FOR-US: Tivoli
CVE-2010-4784 (Multiple SQL injection vulnerabilities in member.php in PHP Web Script ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2010-4783 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in PH ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2010-4782 (Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal ( ...)
	NOT-FOR-US: Softwebs Nepal Ananda Real Estate
CVE-2010-4781 (index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1. ...)
	NOT-FOR-US: Enano CMS
CVE-2010-4780 (SQL injection vulnerability in the check_banlist function in includes/ ...)
	NOT-FOR-US: Enano CMS
CVE-2010-4779 (Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php  ...)
	NOT-FOR-US: WPtouch plugin for WordPress
CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs. ...)
	- imp4 4.3.10+debian0-1
	[squeeze] - imp4 <no-dsa> (Minor issue)
CVE-2010-4777 (The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14 ...)
	- perl 5.20.1-1 (unimportant; bug #628836)
	NOTE: Only affects Perl builds with enabled assertions, i.e. the debugperl binary from perl-debug
	NOTE: likely fixed sometime around 5.18, but 5.20 was the version checked
CVE-2010-4776 (SQL injection vulnerability in takefreestart.php in PreProjects Pre On ...)
	NOT-FOR-US: PreProjects Pre Online Tests Generator Pro
CVE-2010-4775 (The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5  ...)
	NOT-FOR-US: Relevant Content addon for Drupal
CVE-2010-4774 (SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote a ...)
	NOT-FOR-US: AuraCMS
CVE-2010-4773 (Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D  ...)
	NOT-FOR-US: Hitachi EUR Form, uCosminexus EUR Form Service
CVE-2010-4772 (Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2 ...)
	NOT-FOR-US: S-CMS
CVE-2010-4771 (SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remot ...)
	NOT-FOR-US: S-CMS
CVE-2010-4770 (SQL injection vulnerability in index.php in CommodityRentals DVD Renta ...)
	NOT-FOR-US: CommodityRentals DVD Rentals Script
CVE-2010-4769 (Directory traversal vulnerability in the Jimtawl (com_jimtawl) compone ...)
	NOT-FOR-US: Jimtawl
CVE-2010-4768 (Open Ticket Request System (OTRS) before 2.3.5 does not properly disab ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2010-4767 (Open Ticket Request System (OTRS) before 2.3.6 does not properly handl ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2010-4766 (The AgentTicketForward feature in Open Ticket Request System (OTRS) be ...)
	- otrs2 2.4.7+dfsg1-1 (unimportant)
	NOTE: Marginal security impact, standard bug
CVE-2010-4765 (Race condition in the Kernel::System::Main::FileWrite method in Open T ...)
	- otrs2 2.4.8+dfsg1-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2010-4764 (Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, ...)
	- otrs2 2.4.10+dfsg1-1 (unimportant)
	NOTE: Marginal security impact, standard bug
CVE-2010-4763 (The ACL-customer-status Ticket Type setting in Open Ticket Request Sys ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligible security impact
CVE-2010-4762 (Cross-site scripting (XSS) vulnerability in the rich-text-editor compo ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligible security impact
CVE-2010-4761 (The customer-interface ticket-print dialog in Open Ticket Request Syst ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Marginal security impact, standard bug
CVE-2010-4760 (Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notifi ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: No security impact, feature enhancement
CVE-2010-4759 (Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: No security impact, feature enhancement
CVE-2010-4758 (installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an  ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligible security enhancement
CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 bef ...)
	NOT-FOR-US: e107
CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) allo ...)
	- glibc <removed> (unimportant)
	- eglibc <unfixed> (unimportant)
	NOTE: That's standard POSIX behaviour implemented by (e)glibc. Applications using
	NOTE: glob need to impose limits for themselves
CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put fu ...)
	NOTE: That's essentially shooting yourself in your own foot:
	NOTE: http://lists.mindrot.org/pipermail/openssh-unix-dev/2011-March/029433.html
CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2,  ...)
	NOT-FOR-US: FreeBSD/NetBSD libc
CVE-2010-4753 (Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEa ...)
	NOT-FOR-US: LightNEasy
CVE-2010-4752 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, whe ...)
	NOT-FOR-US: LightNEasy
CVE-2010-4751 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, whe ...)
	NOT-FOR-US: LightNEasy
CVE-2010-4750 (Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.ph ...)
	NOT-FOR-US: BLOG:CMS
CVE-2010-4749 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1. ...)
	NOT-FOR-US: BLOG:CMS
CVE-2010-4748 (Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.2 ...)
	NOT-FOR-US: pmwiki
CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in wordpress-processing-embed ...)
	NOT-FOR-US: Wordpress plugin
CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 Direct ...)
	NOT-FOR-US: 389 LDAP server
CVE-2010-4745 (Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before ...)
	NOT-FOR-US: PHPXref
CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unk ...)
	- abcm2ps 5.9.22-1 (low)
	[squeeze] - abcm2ps <no-dsa> (Minor issue)
	[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-4743 (Heap-based buffer overflow in the getarena function in abc2ps.c in abc ...)
	- abcm2ps 5.9.22-1 (low)
	[squeeze] - abcm2ps <no-dsa> (Minor issue)
	[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in MediaDBPla ...)
	NOT-FOR-US: MediaDBPlayback.DLL
CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool  ...)
	NOT-FOR-US: Moxa Device Manager
CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...)
	NOT-FOR-US: SCADA Engine BACnet
CVE-2010-4739 (SQL injection vulnerability in the Maian Media Silver (com_maianmedia) ...)
	NOT-FOR-US: Maian Media Silver
CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Si ...)
	NOT-FOR-US: Rae Media INC Real Estate Single and Multi Agent System
CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Ren ...)
	NOT-FOR-US: HotWebScripts HotWeb Rentals
CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and  ...)
	NOT-FOR-US: GateSoft DocuSafe
CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax Soluti ...)
	NOT-FOR-US: Ecommercemax Solutions Digital-goods seller
CVE-2010-4734 (Multiple cross-site scripting (XSS) vulnerabilities in the comment fea ...)
	NOT-FOR-US: Skeletonz CMS
CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway ...)
	NOT-FOR-US: WebSCADA
CVE-2010-4732 (cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modb ...)
	NOT-FOR-US: WebSCADA
CVE-2010-4731 (Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA  ...)
	NOT-FOR-US: WebSCADA
CVE-2010-4730 (Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS10 ...)
	NOT-FOR-US: WebSCADA
CVE-2010-4729 (Zikula before 1.2.3 does not use the authid protection mechanism for ( ...)
	NOT-FOR-US: zikula
CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for random n ...)
	NOT-FOR-US: zikula
CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the &lt;?php and ? ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4726 (Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4725 (Smarty before 3.0.0 RC3 does not properly handle an on value of the as ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4724 (Multiple unspecified vulnerabilities in the parser implementation in S ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4723 (Smarty before 3.0.0, when security is enabled, does not prevent access ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4722 (Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 h ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4721 (SQL injection vulnerability in news.php in Immo Makler allows remote a ...)
	NOT-FOR-US: Immo Makler
CVE-2010-4720 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) co ...)
	NOT-FOR-US: Joomla JEAuto addon
CVE-2010-4719 (Directory traversal vulnerability in JRadio (com_jradio) component bef ...)
	NOT-FOR-US: Joomla JRadio addon
CVE-2010-4718 (Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenblogg ...)
	NOT-FOR-US: Joomla Lyftenbloggie addon
CVE-2010-4717 (Multiple stack-based buffer overflows in the IMAP server component in  ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4716 (Cross-site scripting (XSS) vulnerability in the WebPublisher component ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4715 (Multiple directory traversal vulnerabilities in the (1) WebAccess Agen ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4714 (Multiple stack-based buffer overflows in Novell GroupWise before 8.02H ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4713 (Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4712 (Multiple stack-based buffer overflows in gwia.exe in GroupWise Interne ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4711 (Double free vulnerability in the IMAP server component in GroupWise In ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4710 (Cross-site scripting (XSS) vulnerability in the addItem method in the  ...)
	- yui <removed> (unimportant)
	NOTE: Mostly a case of mis-documentation
CVE-2010-4709 (Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OP ...)
	NOT-FOR-US: Automated Solutions Modbus/TCP Master
CVE-2010-4708 (The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the  ...)
	- pam 1.1.3-7.1 (low; bug #611136)
	[lenny] - pam <no-dsa> (Minor issue, too invasive for a stable release)
	[squeeze] - pam <no-dsa> (Minor issue, too invasive for a stable release)
CVE-2010-4707 (The check_acl function in pam_xauth.c in the pam_xauth module in Linux ...)
	- pam 1.1.3-1 (low)
	[lenny] - pam <no-dsa> (Minor issue)
	[squeeze] - pam <no-dsa> (Minor issue)
CVE-2010-4706 (The pam_sm_close_session function in pam_xauth.c in the pam_xauth modu ...)
	- pam 1.1.3-1 (low)
	[lenny] - pam <no-dsa> (Minor issue)
	[squeeze] - pam <no-dsa> (Minor issue)
CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function in lib ...)
	{DSA-2165-1}
	- ffmpeg <not-affected> (issue introduced in 0.6.x series; bug #611495)
	- ffmpeg-debian <removed>
	NOTE: recheck when 0.6.x gets uploaded
CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earl ...)
	{DSA-2306-1 DSA-2165-1}
	- libav 4:0.6.2-1 (low; bug #611495)
	- ffmpeg 7:2.4.1-1 (low; bug #611495)
	- ffmpeg-debian <removed>
	NOTE: this is a crash found by fuzzing and not clearly exploitable (can be combined with other fixes so low urgency)
CVE-2010-4703 (SQL injection vulnerability in default.asp in HotWebScripts HotWeb Ren ...)
	NOT-FOR-US: HotWebScripts HotWeb Rentals
CVE-2010-4702 (SQL injection vulnerability in JRadio (com_jradio) component before 1. ...)
	NOT-FOR-US: Joomla component
CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function in fxs ...)
	NOT-FOR-US: Microsoft Windows Fax Services Cover Page Editor
CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...)
	- php5 <not-affected> (vuln code in mysqlnd, we use libmysqlclient)
CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP b ...)
	- php5 5.3.5-1 (unimportant)
CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 a ...)
	- php5 5.3.3-7 (unimportant)
	NOTE: Only exloitable with malicious script
CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 a ...)
	{DSA-2408-1}
	- php5 5.3.5-1 (unimportant)
	NOTE: requires attacker to be able to execute code already
CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22  ...)
	NOT-FOR-US: Joomla!
CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as di ...)
	- gif2png 2.5.4-2 (low; bug #610479)
	[lenny] - gif2png <no-dsa> (Minor issue)
	[squeeze] - gif2png <no-dsa> (Minor issue)
CVE-2010-4694 (Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow  ...)
	- gif2png 2.5.4-2 (low; bug #610479)
	[lenny] - gif2png <no-dsa> (Minor issue)
	[squeeze] - gif2png <no-dsa> (Minor issue)
CVE-2010-4693 (Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Phot ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4691 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4690 (The Mobile User Security (MUS) service on Cisco Adaptive Security Appl ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4689 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4688 (Unspecified vulnerability in the SIP inspection feature on Cisco Adapt ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4687 (STCAPP (aka the SCCP telephony control application) on Cisco IOS befor ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4686 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not prop ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4685 (Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4684 (Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, a ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4683 (Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attacker ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4682 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series de ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4681 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4680 (The WebVPN implementation on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4679 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4678 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4677 (emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4676 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4675 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4674 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4673 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4672 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4671 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4670 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4669 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...)
	- php5 5.3.3-7 (high)
	[lenny] - php5 <not-affected>
	NOTE: lenny10 includes a test for the bug. With lenny's toolchain
	NOTE: and settings, the bug can't be reproduced.
CVE-2010-XXXX [XSS in ftpls]
	- ftpcopy 0.6.7-3 (bug #607494)
	[squeeze] - ftpcopy <no-dsa> (Minor issue)
	[lenny] - ftpcopy <no-dsa> (Minor issue)
	NOTE: CVE ID requested
CVE-2010-4668 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4667 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ( ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2010-4666 (Buffer overflow in libarchive 3.0 pre-release code allows remote attac ...)
	- libarchive 3.0.4-2 (bug #669197)
	[squeeze] - libarchive <not-affected> (no cab support prior to 3.0)
	NOTE: http://code.google.com/p/libarchive/source/detail?r=488ef3fb28c416285ebe4c00266268db7330466b
	NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version
CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in tiffdu ...)
	{DSA-2552-1}
	- tiff <not-affected> (vulnerable code not present)
	- tiff3 3.9.5
CVE-2010-4664 (In ConsoleKit before 0.4.2, an intended security policy restriction by ...)
	- consolekit 0.4.2-1 (low)
	[squeeze] - consolekit <no-dsa> (Minor issue)
CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple (CMSMS ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-4662 (PmWiki before 2.2.21 has XSS. ...)
	NOT-FOR-US: pmwiki
CVE-2010-4661 (udisks before 1.0.3 allows a local user to load arbitrary Linux kernel ...)
	- udisks 1.0.3-1
	[squeeze] - udisks <no-dsa> (Minor issue)
	NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232
	NOTE: fixed by http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037
CVE-2010-4660 (Unspecified vulnerability in statusnet through 2010 due to the way add ...)
	- statusnet <itp> (bug #491723)
CVE-2010-4659 (Cross-site scripting (XSS) vulnerability in statusnet through 2010 in  ...)
	- statusnet <itp> (bug #491723)
CVE-2010-4658 (statusnet through 2010 allows attackers to spoof syslog messages via n ...)
	- statusnet <itp> (bug #491723)
CVE-2010-4657 (PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ...)
	- php5 5.4.4-1 (low)
	[squeeze] - php5 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551
	NOTE: Not sure when this was initially fixed, tested with the initial Wheezy version 5.4.4
	NOTE: and the reproducer from https://bugs.launchpad.net/php/%2Bbug/655442
CVE-2010-4656 (The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Li ...)
	{DSA-2153-1}
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4655 (net/core/ethtool.c in the Linux kernel before 2.6.36 does not initiali ...)
	{DSA-2264-1}
	- linux-2.6 2.6.32-27
CVE-2010-4654 (poppler before 0.16.3 has malformed commands that may cause corruption ...)
	- kdegraphics <not-affected> (no stackheight)
	- xpdf <not-affected> (no stackheight)
	- poppler 0.16.3-1
	[lenny] - poppler <not-affected> (stackheights introduced after 0.12)
	[squeeze] - poppler <not-affected> (stackheights introduced after 0.12)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
CVE-2010-4653 (An integer overflow condition in poppler before 0.16.3 can occur when  ...)
	- kdegraphics 4:4.0.0-1
	- xpdf 3.02-9
	- poppler 0.16.3-1 (low)
	[lenny] - poppler <no-dsa> (minor issue)
	[squeeze] - poppler 0.12.4-1.2+squeeze1
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
CVE-2010-4652 (Heap-based buffer overflow in the sql_prepare_where function (contrib/ ...)
	{DSA-2191-1}
	- proftpd-dfsg 1.3.3a-6
CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ear ...)
	- patch <unfixed> (unimportant)
	NOTE: Applying a patch blindly opens more severe security issues than only directory traversal...
	NOTE: openwall ships a fix
	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=667529 for details
CVE-2010-4650 (Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29)
CVE-2010-4649 (Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniba ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4648 (The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/we ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help Conten ...)
	- eclipse 3.5.2-9 (low; bug #611849)
	[squeeze] - eclipse 3.5.2-6squeeze2
CVE-2010-4646 (Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 all ...)
	- hastymail <removed>
CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...)
	- subversion 1.6.12dfsg-3 (low; bug #608989)
	[lenny] - subversion <no-dsa> (Minor issue)
CVE-2010-4643 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and  ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2. ...)
	NOT-FOR-US: XWiki
CVE-2010-4641 (SQL injection vulnerability in XWiki Enterprise before 2.5 allows remo ...)
	NOT-FOR-US: XWiki
CVE-2010-4640 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 ...)
	NOT-FOR-US: XWiki
CVE-2010-4639 (SQL injection vulnerability in index.php in MySource Matrix allows rem ...)
	NOT-FOR-US: MySource Matrix
CVE-2010-4638 (SQL injection vulnerability in the submitSurvey function in controller ...)
	NOT-FOR-US: Joomla! JQuarks4s component
CVE-2010-4637 (Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php ...)
	NOT-FOR-US: FeedList
CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business e-List ...)
	NOT-FOR-US: Site2Nite
CVE-2010-4635 (SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental ...)
	NOT-FOR-US: Site2Nite
CVE-2010-4634
	NOT-FOR-US: osTicket
CVE-2010-4633 (SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remot ...)
	NOT-FOR-US: digiSHOP
CVE-2010-4632 (Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2010-4631 (Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot C ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2010-4630 (Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create ...)
	NOT-FOR-US: WordPress Survey and Quiz Tool plugin
CVE-2010-4629 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict ui ...)
	NOT-FOR-US: MyBB
CVE-2010-4628 (member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain ...)
	NOT-FOR-US: MyBB
CVE-2010-4627 (Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2010-4626 (The my_rand function in functions.php in MyBB (aka MyBulletinBoard) be ...)
	NOT-FOR-US: MyBB
CVE-2010-4625 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a co ...)
	NOT-FOR-US: MyBB
CVE-2010-4624 (MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated u ...)
	NOT-FOR-US: MyBB
CVE-2010-4623 (WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1 ...)
	NOT-FOR-US: IBM Tivoli Access Manager
CVE-2010-4622 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Mana ...)
	NOT-FOR-US: IBM Tivoli Access Manager
CVE-2010-4621
	RESERVED
CVE-2010-4620
	RESERVED
CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in file-p ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4542 (Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb functi ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4541 (Stack-based buffer overflow in the loadit function in plug-ins/common/ ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4540 (Stack-based buffer overflow in the load_preset_response function in pl ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4619 (SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Ma ...)
	NOT-FOR-US: Mafya Oyun Scrpti
CVE-2010-4618 (Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSa ...)
	NOT-FOR-US: Algis Info for Joomla!
CVE-2010-4617 (Directory traversal vulnerability in the JotLoader (com_jotloader) com ...)
	NOT-FOR-US: JotLoader for Joomla!
CVE-2010-4616 (Cross-site scripting (XSS) vulnerability in modules/content/admin/cont ...)
	NOT-FOR-US: ImpressCMS
CVE-2010-4615 (Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow ...)
	NOT-FOR-US: Oto Galeri Sistemi
CVE-2010-4614 (SQL injection vulnerability in item.php in Ero Auktion 2010 allows rem ...)
	NOT-FOR-US: Ero Auktion
CVE-2010-4613 (Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow  ...)
	NOT-FOR-US: Hycus CMS
CVE-2010-4612 (Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3 ...)
	NOT-FOR-US: Hycus CMS
CVE-2010-4611 (Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Html-edit CMS
CVE-2010-4610 (Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS ...)
	NOT-FOR-US: Html-edit CMS
CVE-2010-4609 (SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows ...)
	NOT-FOR-US: Html-edit CMS
CVE-2010-4608 (Habari 0.6.5 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Habari
CVE-2010-4607 (Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, w ...)
	NOT-FOR-US: Habari
CVE-2010-4606 (Unspecified vulnerability in the Space Management client in the Hierar ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-4605 (Unspecified vulnerability in the backup-archive client in IBM Tivoli S ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-4604 (Stack-based buffer overflow in the GeneratePassword function in dsmtca ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-4603 (IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4602 (The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7 ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4601 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x  ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4600 (Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1 ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4599 (Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 all ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2010-4598 (Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and e ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2010-4597 (Stack-based buffer overflow in the save method in the IntegraXor.Proje ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2010-4596 (Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, a ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2010-4595 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disabl ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4594 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when  ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4593 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does n ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4592 (The Mobile Network Connections functionality in the Connection Manager ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4591 (The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4590 (Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4589 (Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote ...)
	NOT-FOR-US: IBM ENOVIA 6
CVE-2010-4588 (The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Ad ...)
	NOT-FOR-US: Microsoft
CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do n ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-4
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/73432
CVE-2010-4577 (The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp  ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-4
	- webkit 1.2.7-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=49883
	NOTE: http://code.google.com/p/chromium/issues/detail?id=63866
	NOTE: http://trac.webkit.org/changeset/72685
CVE-2010-4576 (browser/worker_host/message_port_dispatcher.cc in Google Chrome before ...)
	- chromium-browser 6.0.472.63~r59945-4 (bug #607843; low)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=63529
CVE-2010-4575 (The ThemeInstalledInfoBarDelegate::Observe function in browser/extensi ...)
	- chromium-browser 6.0.472.63~r59945-4 (bug #607846; low)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=60761
	NOTE: http://codereview.chromium.org/5326011/
CVE-2010-4574 (The Pickle::Pickle function in base/pickle.cc in Google Chrome before  ...)
	- chromium-browser 6.0.472.63~r59945-4 (bug #607848; low)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=56449
	NOTE: http://codereview.chromium.org/4716006
CVE-2010-4573 (The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is p ...)
	NOT-FOR-US: VMware ESXi
CVE-2010-4572 (CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3 ...)
	{DSA-2322-1}
	- bugzilla <removed>
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
	NOTE: perl and associate packages are CVE-2010-2761 and CVE-2010-4411 (see above reference)
CVE-2010-4571
	RESERVED
CVE-2010-4570 (Cross-site scripting (XSS) vulnerability in the duplicate-detection fu ...)
	- bugzilla <not-affected> (vulnerable code introduced in 3.7)
CVE-2010-4569 (Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7 ...)
	- bugzilla <not-affected> (vulnerable code introduced in 3.7)
CVE-2010-4568 (Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3 ...)
	{DSA-2322-1}
	- bugzilla <removed> (bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4 ...)
	{DSA-2322-1}
	- bugzilla <removed> (high; bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4566 (The web authentication form in the NT4 authentication component in Cit ...)
	NOT-FOR-US: Citrix Acces Gateway
CVE-2010-4565 (The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager)  ...)
	{DSA-2153-1}
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4564
	RESERVED
CVE-2010-4563 (The Linux kernel, when using IPv6, allows remote attackers to determin ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2011/Apr/254
CVE-2010-4562 (Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4561
	RESERVED
CVE-2010-4560
	REJECTED
CVE-2010-4559
	REJECTED
CVE-2010-4587 (Opera before 11.00 on Windows does not properly implement the Insecure ...)
	NOT-FOR-US: Opera
CVE-2010-4586 (The default configuration of Opera before 11.00 enables WebSockets fun ...)
	NOT-FOR-US: Opera
CVE-2010-4585 (Unspecified vulnerability in the auto-update functionality in Opera be ...)
	NOT-FOR-US: Opera
CVE-2010-4584 (Opera before 11.00, when Opera Turbo is used, does not properly presen ...)
	NOT-FOR-US: Opera
CVE-2010-4583 (Opera before 11.00, when Opera Turbo is enabled, does not display a pa ...)
	NOT-FOR-US: Opera
CVE-2010-4582 (Opera before 11.00 does not properly handle security policies during u ...)
	NOT-FOR-US: Opera
CVE-2010-4581 (Unspecified vulnerability in Opera before 11.00 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2010-4580 (Opera before 11.00 does not clear WAP WML form fields after manual nav ...)
	NOT-FOR-US: Opera
CVE-2010-4579 (Opera before 11.00 does not properly constrain dialogs to appear on to ...)
	NOT-FOR-US: Opera
CVE-2010-XXXX [calibre XSS]
	- calibre 0.7.38+dfsg-1 (bug #608822)
	[squeeze] - calibre <not-affected> (Vulnerable code not present, see #608822)
	NOTE: http://www.waraxe.us/advisory-77.html
	NOTE: CVE ID requested
CVE-2010-XXXX [calibre file disclosure]
	- calibre 0.7.38+dfsg-1 (bug #608822)
	[squeeze] - calibre <not-affected> (Vulnerable code not present, see #608822)
	NOTE: http://www.waraxe.us/advisory-77.html
	NOTE: CVE ID requested
CVE-2010-XXXX [webkit info leak]
	- chromium-browser 26.0.1410.43-1 (low)
	[squeeze] - chromium-browser <end-of-life>
	NOTE: this was fixed much earlier (webkit 1.2), but this was the version checked
	NOTE: http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html
CVE-2010-4558 (phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and De ...)
	NOT-FOR-US: phpMyFAQ
CVE-2010-4557 (Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8 ...)
	NOT-FOR-US: Invensys Wonderware InBatch
CVE-2010-4556 (Stack-based buffer overflow in the SapThemeRepository ActiveX control  ...)
	NOT-FOR-US: SAP NetWeaver Business Client
CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 a ...)
	- opensc 0.11.13-1.1 (low; bug #607427)
	[lenny] - opensc 0.11.4-5+lenny1.1
CVE-2010-4555 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1 (low)
	NOTE: difficult to exploit
CVE-2010-4554 (functions/page_header.php in SquirrelMail 1.4.21 and earlier does not  ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1
CVE-2010-4553 (An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 d ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4552 (Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote a ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4551 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated us ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4550 (IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cau ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4549 (IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device succes ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4548 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated us ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4547 (IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environmen ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4546 (IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment  ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4545 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated us ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4544 (Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus N ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-XXXX [ircd-ratbox password disclosure during TLS handshake]
	- ircd-ratbox 3.0.6.dfsg-2
	[lenny] - ircd-ratbox <not-affected> (TLS support not yet activated)
CVE-2010-4539 (The walk function in repos.c in the mod_dav_svn module for the Apache  ...)
	- subversion 1.6.12dfsg-4 (low; bug #608989)
	[lenny] - subversion <no-dsa> (Minor issue)
CVE-2010-4538 (Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/ ...)
	{DSA-2144-1}
	- wireshark 1.2.11-6 (bug #608990)
CVE-2010-4537 (Unspecified vulnerability in CrawlTrack before 3.2.7, when a public st ...)
	NOT-FOR-US: CrawlTrack
CVE-2010-4536 (Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used i ...)
	- wordpress 3.0.4+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
	- moodle <not-affected> (Moodle's version of KSES is not affected)
	- egroupware <not-affected> (Only uses a minor subset of KSES)
CVE-2010-4535 (The password reset functionality in django.contrib.auth in Django befo ...)
	- python-django 1.2.4-1
	[squeeze] - python-django 1.2.3-3
	NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
CVE-2010-4534 (The administrative interface in django.contrib.admin in Django before  ...)
	- python-django 1.2.4-1
	[squeeze] - python-django 1.2.3-3
	NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
CVE-2010-4533 (offlineimap before 6.3.4 added support for SSL server certificate vali ...)
	- offlineimap 6.3.4-1 (low; bug #606962)
	NOTE: offlineimap uses the "ssl" standard lib in Python, marking the version of offlineimap in wheezy as fixed
	[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
	[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
CVE-2010-4532 (offlineimap before 6.3.2 does not check for SSL server certificate val ...)
	- offlineimap 6.3.2~rc3-2 (low; bug #603450)
	[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
	[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the Answer ...)
	{DSA-2156-1}
	- pcsc-lite 1.5.5-4 (low; bug #607781)
CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Car ...)
	- ccid 1.3.11-2 (unimportant; bug #607780)
	NOTE: Theoretical attack
CVE-2010-4529 (Integer underflow in the irda_getsockopt function in net/irda/af_irda. ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7 ...)
	- pidgin 2.7.9-1 (bug #608331; medium)
	[squeeze] - pidgin <not-affected> (Vulnerable code not present)
	[lenny] - pidgin <not-affected> (Vulnerable code not present)
CVE-2010-4527 (The load_mixer_volumes function in sound/oss/soundcard.c in the OSS so ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4526 (Race condition in the sctp_icmp_proto_unreachable function in net/sctp ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4525 (Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_even ...)
	- linux-2.6 2.6.35-1
	[squeeze] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
	[lenny] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
	[wheezy] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonAr ...)
	- mhonarc 2.6.18-1 (low; bug #607693)
	[squeeze] - mhonarc <no-dsa> (Minor issue)
CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBul ...)
	NOT-FOR-US: MyBB
CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x befor ...)
	- drupal6-mod-views 2.12-1
CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views modul ...)
	- drupal6-mod-views 2.11-1
CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the View ...)
	- drupal6-mod-views 2.11-1
CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-sea ...)
	NOT-FOR-US: Safe Search plugin for WordPress
CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) co ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4516 (Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Co ...)
	NOT-FOR-US: Joomla!
CVE-2010-4515 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0,  ...)
	NOT-FOR-US: Citrix Web Interface
CVE-2010-4514 (Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx ...)
	NOT-FOR-US: DotNetNuke
CVE-2010-4513 (Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0 ...)
	NOT-FOR-US: Zimplit CMS
CVE-2010-4512 (Cobbler before 2.0.4 uses an incorrect umask value, which allows local ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2010-4511 (Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x befo ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2
CVE-2010-4509 (Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 a ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2
CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7  ...)
	- xulrunner <not-affected> (Only affects Firefox 4.x)
CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpo ...)
	NOT-FOR-US: iSpot/ClearSpot hardware devices
CVE-2010-4506 (Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A  ...)
	NOT-FOR-US: Passlogix
CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4,  ...)
	NOT-FOR-US: Injader
CVE-2010-4504 (Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Direc ...)
	NOT-FOR-US: eSyndiCat
CVE-2010-4503 (SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows  ...)
	NOT-FOR-US: Aigaion
CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite  ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2010-4501
	REJECTED
CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG ...)
	NOT-FOR-US: MRCGIGUY FreeTicket
CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager se ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager server, ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4497 (Cross-site scripting (XSS) vulnerability in Collaborative Information  ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4496 (Multiple SQL injection vulnerabilities in Collaborative Information Ma ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4495 (Unspecified vulnerability in the ActiveMatrix Runtime component in TIB ...)
	NOT-FOR-US: TIBCO ActiveMatrix
CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used ...)
	{DSA-2137-1}
	- libxml2 2.7.8.dfsg-2 (bug #607922)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (never embedded libxml2's xpath.c)
CVE-2010-4493 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 allow ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-3
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/72013
CVE-2010-4492 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 allow ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-3
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/71686
CVE-2010-4491 (Google Chrome before 8.0.552.215 does not properly restrict privileged ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in chromium-specific webkit code)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=62168
	NOTE: http://trac.webkit.org/changeset/71533
CVE-2010-4490 (Google Chrome before 8.0.552.215 allows remote attackers to cause a de ...)
	- chromium-browser 6.0.472.63~r59945-3
	- webkit <not-affected> (chromium specific issue)
CVE-2010-4489 (libvpx, as used in Google Chrome before 8.0.552.215 and possibly other ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	- libvpx 0.9.5-1 (bug #610510)
	[squeeze] - libvpx <not-affected> (regression in later version)
CVE-2010-4488 (Google Chrome before 8.0.552.215 does not properly handle HTTP proxy a ...)
	- chromium-browser 9.0.597.83~r72435-1 (unimportant)
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium issue)
	NOTE: only a browser crash
CVE-2010-4487 (Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 ...)
	- chromium-browser 6.0.472.63~r59945-3
	- webkit <not-affected> (chromium issue)
CVE-2010-4486 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 allow ...)
	- chromium-browser 6.0.472.63~r59945-3
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/71170
CVE-2010-4485 (Google Chrome before 8.0.552.215 does not properly restrict the genera ...)
	- chromium-browser 9.0.597.83~r72435-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/69914
	NOTE: only a browser crash due to opening too many dialogs (i.e. a dos)
CVE-2010-4484 (Google Chrome before 8.0.552.215 does not properly handle HTML5 databa ...)
	- chromium-browser 9.0.597.83~r72435-1 (unimportant)
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
	NOTE: only a browser crash
CVE-2010-4483 (Google Chrome before 8.0.552.215 does not properly restrict read acces ...)
	- chromium-browser 6.0.472.63~r59945-3
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=46678
CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215 allows r ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: unimportant, bypass the pop-up blocker
	NOTE: http://trac.webkit.org/changeset/69990
CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authen ...)
	{DSA-2139-1}
	- phpmyadmin 4:3.3.7-3 (bug #608290)
	NOTE: enables phpinfo output; this is disabled by default and phpinfo on Debian
	NOTE: systems is by and large full of otherwise predictable information.
CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1 ...)
	{DSA-2139-1}
	- phpmyadmin 4:3.3.7-3 (bug #608290)
CVE-2010-4510
	REJECTED
CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96. ...)
	- clamav 0.96.5+dfsg-1
	[lenny] - clamav <not-affected> (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e)
	NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b
CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly val ...)
	- openssh <not-affected> (J-PAKE not activated, see bug #606922)
CVE-2010-4477
	REJECTED
CVE-2010-4476 (The Double.parseDouble method in Java Runtime Environment (JRE) in Ora ...)
	{DSA-2161-2 DSA-2161-1}
	- openjdk-6 6b18-1.8.7-1 (bug #612660)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
	- sun-java6 6.24-1
	NOTE: Patch http://mail.openjdk.java.net/pipermail/core-libs-dev/2011-February/005795.html
	NOTE: Oracle http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
	NOTE: Original report http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
CVE-2010-4475 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4474 (Unspecified vulnerability in the Java DB component in Oracle Java SE a ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4473 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4472 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4471 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4470 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4469 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4468 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4467 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4466 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4465 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4464 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote  ...)
	NOT-FOR-US: Oracle Convergence
CVE-2010-4463 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4462 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4461 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4460 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Solaris
CVE-2010-4459 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Solaris
CVE-2010-4458 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Solaris
CVE-2010-4457 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote a ...)
	NOT-FOR-US: Solaris
CVE-2010-4456 (Unspecified vulnerability in Oracle Sun Java System Communications Exp ...)
	NOT-FOR-US: Oracle Sun Java System Communications Express
CVE-2010-4455 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle Fusion
CVE-2010-4454 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4453 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic
CVE-2010-4452 (Unspecified vulnerability in the Deployment component in Java Runtime  ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4451 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4450 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4449 (Unspecified vulnerability in the Audit Vault component in Oracle Audit ...)
	NOT-FOR-US: Oracle Audit
CVE-2010-4448 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4447 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4446 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Solaris
CVE-2010-4445 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4444 (Unspecified vulnerability in Oracle Sun Java System Access Manager and ...)
	NOT-FOR-US: OpenSSO
CVE-2010-4443 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Solaris
CVE-2010-4442 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Solaris
CVE-2010-4441 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4440 (Unspecified vulnerability in Oracle 10 and 11 Express allows local use ...)
	NOT-FOR-US: Oracle Express
CVE-2010-4439 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4438 (Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, a ...)
	- glassfish <not-affected> (Only builds a few class libs)
CVE-2010-4437 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: WebLogic
CVE-2010-4436 (Unspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0  ...)
	NOT-FOR-US: SunMC
CVE-2010-4435 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2010-4434 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4433 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2010-4432 (Unspecified vulnerability in the Oracle Transportation Manager compone ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2010-4431 (Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1  ...)
	NOT-FOR-US: Oracle Sun Java System Portal Server
CVE-2010-4430 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4429 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2010-4428 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4427 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle BI Publisher
CVE-2010-4426 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4425 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle BI Publisher
CVE-2010-4424 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4423 (Unspecified vulnerability in the Cluster Verify Utility component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4422 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4421 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4420 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4419 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4418 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4417 (Unspecified vulnerability in the Services for Beehive component in Ora ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-4416 (Unspecified vulnerability in the Oracle GoldenGate Veridata component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-4415 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2010-4414 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local use ...)
	- virtualbox-ose <not-affected> (Support for extensions was added in 4.x, see #611925)
CVE-2010-4413 (Unspecified vulnerability in the Scheduler Agent component in Oracle D ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta  ...)
	NOT-FOR-US: pfSense
CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote att ...)
	- perl 5.10.1-17 (bug #606995)
	[lenny] - perl 5.10.0-19lenny3
	- libcgi-simple-perl 1.111-2 (bug #606379)
	[lenny] - libcgi-simple-perl 1.105-1lenny1
	- libcgi-pm-perl 3.51-1 (bug #606370)
	[lenny] - libcgi-pm-perl 3.38-2lenny2
	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm befo ...)
	- perl 5.10.1-17 (bug #606995)
	[lenny] - perl 5.10.0-19lenny3
	- libcgi-pm-perl 3.50-1 (bug #606370)
	[lenny] - libcgi-pm-perl 3.38-2lenny2
	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
	- libcgi-simple-perl 1.111-2 (bug #606379)
	[lenny] - libcgi-simple-perl 1.105-1lenny1
CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2 ...)
	NOT-FOR-US: Apache archiva
CVE-2010-4334 (The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERI ...)
	- libio-socket-ssl-perl 1.35-1 (bug #606058)
	[squeeze] - libio-socket-ssl-perl 1.33-1+squeeze1
	[lenny] - libio-socket-ssl-perl <not-affected> (Vulnerable code not present)
CVE-2010-4335 (The _validatePost function in libs/controller/components/security.php  ...)
	- cakephp 1.3.2-1.1 (bug #606386)
	[lenny] - cakephp <not-affected>
	NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
CVE-2010-4336 (The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4. ...)
	{DSA-2133-1}
	- collectd 4.10.1-2.1 (bug #605092; low)
	[squeeze] - collectd 4.10.1-1+squeeze2
CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to overwrite ar ...)
	{DSA-2435-1}
	- gnash 0.8.8-8 (unimportant; bug #605419)
CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_sym ...)
	- php5 5.3.3-6
	[lenny] - php5 <not-affected> (intl extension included since 5.3)
	NOTE: http://www.kb.cert.org/vuls/id/479900
CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Al ...)
	NOT-FOR-US: AlGuest
CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton LittlePh ...)
	NOT-FOR-US: LittlePhpGallery
CVE-2010-4405 (Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404 ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4404 (SQL injection vulnerability in the Yannick Gaultier sh404SEF component ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4403 (The Register Plus plugin 3.5.1 and earlier for WordPress allows remote ...)
	NOT-FOR-US: The Register Plus plugin for WordPress
CVE-2010-4402 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...)
	NOT-FOR-US: The Register Plus plugin for WordPress
CVE-2010-4401 (languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain ...)
	NOT-FOR-US: DynPG
CVE-2010-4400 (SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows r ...)
	NOT-FOR-US: DynPG
CVE-2010-4399 (Directory traversal vulnerability in languages.inc.php in DynPG CMS 4. ...)
	NOT-FOR-US: DynPG
CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4397 (Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4396 (Cross-zone scripting vulnerability in the HandleAction method in a cer ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4395 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4394 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4393 (Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4392 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4391 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4390 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 t ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4389 (Heap-based buffer overflow in the cook codec in RealNetworks RealPlaye ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4388 (The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4387 (The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, Real ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4386 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4385 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPla ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4384 (Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPl ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4383 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4382 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 t ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4381 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4380 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4379 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4378 (The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlaye ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4377 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4376 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4375 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4374 (The in_mkv plugin in Winamp before 5.6 allows remote attackers to caus ...)
	NOT-FOR-US: Winamp
CVE-2010-4373 (The in_mp4 plugin in Winamp before 5.6 allows remote attackers to caus ...)
	NOT-FOR-US: Winamp
CVE-2010-4372 (Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remo ...)
	NOT-FOR-US: Winamp
CVE-2010-4371 (Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remot ...)
	NOT-FOR-US: Winamp
CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6  ...)
	NOT-FOR-US: Winamp
CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote  ...)
	- awstats 6.9.5~dfsg-5 (low; bug #606263)
	[lenny] - awstats 6.7.dfsg-5.1+lenny1
CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir param ...)
	- awstats <not-affected> (Windows-specific issue)
	NOTE: looks like it's the same as CVE-2010-4367
CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...)
	- awstats 6.9.5~dfsg-5 (low; bug #606263)
	[lenny] - awstats 6.7.dfsg-5.1+lenny1
CVE-2010-4338 (ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbi ...)
	- ocrodjvu 0.4.6-2 (low; bug #598134)
CVE-2010-4339 (Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows rem ...)
	- hypermail <removed> (low; bug #598743)
	[lenny] - hypermail <no-dsa> (Minor issue)
CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic ...)
	NOT-FOR-US: Chameleon Social Networking
CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxevent ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4364 (DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does  ...)
	NOT-FOR-US: DaDaBIK
CVE-2010-4363 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG ...)
	NOT-FOR-US: FreeTicket
CVE-2010-4362 (Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Websi ...)
	NOT-FOR-US: MicroNetsoft RV Dealer
CVE-2010-4361 (Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopa ...)
	NOT-FOR-US: Jurpopage
CVE-2010-4360 (Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 ...)
	NOT-FOR-US: Jurpopage
CVE-2010-4359 (SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows rem ...)
	NOT-FOR-US: Jurpopage
CVE-2010-4358 (Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGI ...)
	NOT-FOR-US: MRCGIGUY (MCG) Guestbook
CVE-2010-4357 (SQL injection vulnerability in comments.php in SiteEngine 7.1 allows r ...)
	NOT-FOR-US: SiteEngine
CVE-2010-4356 (SQL injection vulnerability in news_default.asp in Site2Nite Big Truck ...)
	NOT-FOR-US: Site2Nite Big Truck
CVE-2010-4355 (Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2,  ...)
	NOT-FOR-US: DaDaBIK
CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes]
	- elfsign <removed> (low; bug #555668)
	[lenny] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
CVE-2010-4354 (The remote-access IPSec VPN implementation on Cisco Adaptive Security  ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-4353 (Unrestricted file upload vulnerability in modules/gallery/models/item. ...)
	- gallery3 <itp> (bug #511715)
CVE-2010-4352 (Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allow ...)
	{DSA-2149-1}
	- dbus 1.2.24-4
CVE-2010-4351 (The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 ...)
	{DSA-2224-1}
	- openjdk-6 6b18-1.8.4-1
	[squeeze] - openjdk-6 <no-dsa> (bug #614151)
	[lenny] - openjdk-6 <no-dsa> (bug #614151)
CVE-2010-4350 (Directory traversal vulnerability in admin/upgrade_unattended.php in M ...)
	- mantis <not-affected> (admin dir procected in Apache config, see #607159)
CVE-2010-4349 (admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote at ...)
	- mantis <not-affected> (admin dir procected in Apache config, see #607159)
CVE-2010-4348 (Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.p ...)
	- mantis <not-affected> (admin dir procected in Apache config, see #607159)
CVE-2010-4347 (The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permi ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.33 and fixed in 2.6.36.2, we never released an affected kernel)
CVE-2010-4346 (The install_special_mapping function in mm/mmap.c in the Linux kernel  ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4345 (Exim 4.72 and earlier allows local users to gain privileges by leverag ...)
	{DSA-2154-1}
	- exim4 4.72-3 (bug #606527)
CVE-2010-4344 (Heap-based buffer overflow in the string_vformat function in string.c  ...)
	{DSA-2131-1}
	- exim4 4.70-1 (bug #606612)
CVE-2010-4343 (drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux kerne ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4341 (The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in ...)
	- sssd 1.2.1-4.1 (bug #610032)
	[squeeze] - sssd 1.2.1-4+squeeze1
	[wheezy] - sssd 1.2.1-4+squeeze1
CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers ...)
	NOT-FOR-US: Pointter PHP Micro-Blogging Social Network
CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to  ...)
	NOT-FOR-US: Pointter PHP Content Management System
CVE-2010-4331 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 ...)
	NOT-FOR-US: Seo Panel
CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse  ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton funct ...)
	{DSA-2139-1}
	- phpmyadmin 4:3.3.7-2
CVE-2010-4328 (Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd i ...)
	NOT-FOR-US: Novell iPrint LPD
CVE-2010-4327 (Unspecified vulnerability in the NCP service in Novell eDirectory 8.8. ...)
	NOT-FOR-US: Novell eDirectory
CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (G ...)
	NOT-FOR-US: Groupwise
CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in No ...)
	NOT-FOR-US: Groupwise
CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the U ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2010-4323 (Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Confi ...)
	NOT-FOR-US: Novell ZENworks
CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell V ...)
	NOT-FOR-US: Novell Vibe
CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Nov ...)
	NOT-FOR-US: Novell iPrint client
CVE-2010-4320
	RESERVED
CVE-2010-4319
	RESERVED
CVE-2010-4318
	RESERVED
CVE-2010-4317
	RESERVED
CVE-2010-4316
	RESERVED
CVE-2010-4315
	RESERVED
CVE-2010-4314 (Remote attackers can use the iPrint web-browser ActiveX plugin in Nove ...)
	NOT-FOR-US: iPrint web-browser ActiveX plugin in Novell iPrint Client
CVE-2010-4313 (Unrestricted file upload vulnerability in fileman_file_upload.php in O ...)
	NOT-FOR-US: Orbis CMS
CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include the HT ...)
	- tomcat6 6.0.35-5 (unimportant; bug #608286)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which allows c ...)
	NOT-FOR-US: Free Simple Software
CVE-2010-4310
	RESERVED
CVE-2010-4309 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4308 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4307 (Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows att ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4305 (Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 523 ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4304 (The web interface in Cisco Unified Videoconferencing (UVC) System 3545 ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4303 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the L ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4302 (/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Vi ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4299 (Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handhe ...)
	NOT-FOR-US: Novell Zenworks
CVE-2010-4298 (SQL injection vulnerability in the download module in Free Simple Soft ...)
	NOT-FOR-US: Free Simple Software
CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation 6.5.x befo ...)
	NOT-FOR-US: VMware
CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Li ...)
	NOT-FOR-US: VMware
CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware Works ...)
	NOT-FOR-US: VMware
CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in VMwar ...)
	NOT-FOR-US: VMware
CVE-2010-XXXX [directory traversal]
	- openacs 5.5.1+dfsg-2
	- dotlrn 2.5.0+dfsg-2
CVE-2010-XXXX [insecure python path handling]
	- pymca 4.4.1p1-1 (low; bug #605160)
	- opendnssec 1.1.3-2 (low; bug #605161)
	- pybliographer 1.2.14-3 (low; bug #605153)
	[squeeze] - pybliographer 1.2.12-4squeeze1
	- calendarserver 2.4.dfsg-2.1 (low; bug #605157)
	[lenny] - calendarserver <no-dsa> (Minor issue)
	- gquilt 0.22-1.1 (low; bug #605152)
	[lenny] - gquilt 0.20-2+lenny1
	- snappea 3.0d3-20 (low; bug #605151)
	[lenny] - snappea <no-dsa> (Minor issue)
	- dlr-languages 20090805+git.e6b28d27+dfsg-3 (low; bug #605158)
	[lenny] - ironpython <no-dsa> (Minor issue)
	- gnome-schedule 2.1.1-3.1 (low; bug #605169)
	[lenny] - gnome-schedule <no-dsa> (Minor issue)
	- gnumed-client 0.8.5-1 (low; bug #605159)
	[squeeze] - gnumed-client 0.7.10-1
	[lenny] - gnumed-client <no-dsa> (Minor issue)
	- distcc 3.1-3.2 (low; bug #605168)
	[lenny] - distcc <not-affected> (Vulnerable code not present)
	- mmass 3.8.0-2 (low; bug #605150)
	[squeeze] - mmass <not-affected> (Doesn't set PYTHONPATH)
	- guake 0.4.2-3 (low; bug #605163)
CVE-2010-4301 (epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wires ...)
	- wireshark <not-affected> (Only affects >= 1.4)
CVE-2010-4300 (Heap-based buffer overflow in the dissect_ldss_transfer function (epan ...)
	- wireshark 1.2.11-4
	[lenny] - wireshark <not-affected> (Only affects >= 1.2)
CVE-2010-4293
	REJECTED
CVE-2010-4292
	REJECTED
CVE-2010-4291
	REJECTED
CVE-2010-4290
	REJECTED
CVE-2010-4289
	REJECTED
CVE-2010-4288
	REJECTED
CVE-2010-4287
	REJECTED
CVE-2010-4286
	REJECTED
CVE-2010-4285
	REJECTED
CVE-2010-4284 (SQL injection vulnerability in the authentication form in the integrat ...)
	NOT-FOR-US: Samsung Integrated Management System
CVE-2010-4283 (PHP remote file inclusion vulnerability in extras/pandora_diag.php in  ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4282 (Multiple directory traversal vulnerabilities in Pandora FMS before 3.1 ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4281 (Incomplete blacklist vulnerability in the safe_url_extraclean function ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4280 (Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 all ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4279 (The default configuration of Pandora FMS 3.1 and earlier specifies an  ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows re ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...)
	NOT-FOR-US: Embedded Video plugin 4.1 for WordPress
CVE-2010-4276 (Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid ...)
	NOT-FOR-US: LiveZilla
CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager  ...)
	NOT-FOR-US: Radius Manager
CVE-2010-4274 (reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0  ...)
	NOT-FOR-US: IBM Systems Director
CVE-2010-4273 (SQL injection vulnerability in imoveis.php in DescargarVista ACC IMove ...)
	NOT-FOR-US: DescargarVista ACC
CVE-2010-4272 (SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sp ...)
	NOT-FOR-US: Pulse Infotech Sponsor Wall
CVE-2010-4271 (SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remo ...)
	NOT-FOR-US: ImpressCMS
CVE-2010-4270 (Directory traversal vulnerability in the nBill (com_netinvoice) compon ...)
	NOT-FOR-US: Joomla addon
CVE-2010-4269 (SQL injection vulnerability in managechat.php in Collabtive 0.65 allow ...)
	NOT-FOR-US: Collabtive
CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipw ...)
	NOT-FOR-US: Pulse Infotech
CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/ ...)
	{DSA-2152-1}
	- hplip 3.10.6-2 (bug #610960)
CVE-2010-4266
	RESERVED
CVE-2010-4265 (The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$Second ...)
	- jbossas4 <not-affected> (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update)
CVE-2010-4264
	RESERVED
CVE-2010-4263 (The igb_receive_skb function in drivers/net/igb/igb_main.c in the Inte ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4262 (Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote atta ...)
	- xfig 1:3.2.5.b-1.1 (bug #606257)
	NOTE: details and patch at https://bugzilla.redhat.com/659676
CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...)
	- clamav 0.96.5+dfsg-1
	[lenny] - clamav <not-affected> (icon extractor not yet present)
	NOTE: Fixed in 1f3db7f074995bd4e1d0183b2db8b1c472d2f41b
CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV b ...)
	- clamav 0.96.5+dfsg-1
	[lenny] - clamav <not-affected> (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e)
	NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b
CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote attack ...)
	{DSA-2253-1}
	- fontforge 0.0.20100501-4 (bug #605537)
CVE-2010-4258 (The do_exit function in kernel/exit.c in the Linux kernel before 2.6.3 ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in wp-includ ...)
	{DSA-2138-1}
	NOTE: http://core.trac.wordpress.org/changeset/16625
	- wordpress 3.0.2-1 (bug #605603)
CVE-2010-4256 (The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 ...)
	- linux-2.6 <not-affected> (introduced in 2.6.35; fixed in 2.6.37)
CVE-2010-4255 (The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and ear ...)
	- xen 4.0.1-2 (bug #609531)
CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used ...)
	- moon <not-affected> (Debian's version of Moonlight is not affected, see #608288)
CVE-2010-4253 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and  ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly valid ...)
	- openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug #606902)
	NOTE: http://www.openssl.org/news/secadv/20101202.txt
CVE-2010-4251 (The socket implementation in net/core/sock.c in the Linux kernel befor ...)
	- linux-2.6 2.6.32-22
CVE-2010-4250 (Memory leak in the inotify_init1 function in fs/notify/inotify/inotify ...)
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 <not-affected> (Introduced after 2.6.32)
	[lenny] - linux-2.6 <not-affected> (Introduced after 2.6.32)
	[wheezy] - linux-2.6 <not-affected> (Introduced after 2.6.32)
CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux kerne ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the L ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and ( ...)
	- linux-2.6 <not-affected> (changes included since introduction of dom0 support)
CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pf ...)
	NOT-FOR-US: pfSense
CVE-2010-4245 (pootle 2.0.5 has XSS via 'match_names' parameter ...)
	- pootle 2.0.5-0.3 (low; bug #604060)
	[lenny] - pootle <not-affected> (Vulnerable code not present)
CVE-2010-4244
	REJECTED
CVE-2010-4243 (fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Ki ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver (drivers/bluetoo ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-28
CVE-2010-4241 (Tiki Wiki CMS Groupware 5.2 has CSRF ...)
	- tikiwiki <removed>
CVE-2010-4240 (Tiki Wiki CMS Groupware 5.2 has XSS ...)
	- tikiwiki <removed>
CVE-2010-4239 (Tiki Wiki CMS Groupware 5.2 has Local File Inclusion ...)
	- tikiwiki <removed>
CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on  ...)
	- linux-2.6 <not-affected> (RedHat-specific issue, does not affect Xen-upstream/Debian)
CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind E ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-4235 (Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, a ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2010-4234 (The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CM ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4233 (The Linux installation on the Camtron CMNC-200 Full HD IP Camera and T ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4232 (The web-based administration interface on the Camtron CMNC-200 Full HD ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4231 (Directory traversal vulnerability in the web-based administration inte ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4230 (Stack-based buffer overflow in a certain ActiveX control for the Camtr ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4229 (Directory traversal vulnerability in an unspecified servlet in the Inv ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP se ...)
	NOT-FOR-US: Novell NetWare
CVE-2010-4227 (The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before  ...)
	NOT-FOR-US: Novell Netware
CVE-2010-4226 (cpio, as used in build 2007.05.10, 2010.07.28, and possibly other vers ...)
	NOT-FOR-US: OpenSuSE build services
	NOTE: This might qualify as a cpio hardening issue, but this CVE-ID is not about cpio itself.
CVE-2010-4225 (Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x ...)
	- mono 2.6.7-5 (bug #608288)
CVE-2010-4224
	RESERVED
CVE-2010-4223
	RESERVED
CVE-2010-4222
	RESERVED
CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets func ...)
	- proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279)
	[lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3)
CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution Co ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in I ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-4218 (Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown  ...)
	NOT-FOR-US: IBM ENOVIA 6
CVE-2010-4217 (Use-after-free vulnerability in the proxy server in IBM Tivoli Directo ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-4216 (IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF00 ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-4215 (UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated us ...)
	- foswiki <itp> (bug #509864)
CVE-2010-4214 (The Wells Fargo Mobile application 1.1 for Android stores a username a ...)
	NOT-FOR-US: Wells Fargo Mobile for Android
CVE-2010-4213 (The Bank of America application 2.12 for Android stores a security que ...)
	NOT-FOR-US: Bank of America application for Android
CVE-2010-4212 (The USAA application 3.0 for Android stores a mirror image of each vis ...)
	NOT-FOR-US: USAA application for Android
CVE-2010-4211 (The PayPal app before 3.0.1 for iOS does not verify that the server ho ...)
	NOT-FOR-US: PayPal app for iOS
CVE-2010-4210 (The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x  ...)
	- kfreebsd-7 <unfixed>
	[lenny] - kfreebsd-7 <no-dsa> (Not covered by security support in Lenny)
	- kfreebsd-8 8.1-1
	- kfreebsd-9 <not-affected> (fixed prior to first upload)
	- kfreebsd-10 <not-affected> (fixed prior to first upload)
CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...)
	- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...)
	- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...)
	- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4206 (Array index error in the FEBlend::apply function in WebCore/platform/g ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/70652
CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data type ...)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=48159
	NOTE: http://trac.webkit.org/changeset/70550
CVE-2010-4204 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1 ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=48281
	NOTE: http://trac.webkit.org/changeset/70517
CVE-2010-4202 (Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux ...)
	- webkit <not-affected> (skia issue)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://code.google.com/p/skia/source/detail?r=606
	NOTE: http://code.google.com/p/skia/source/detail?r=607
CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=47522
CVE-2010-4200
	REJECTED
CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast of an ...)
	{DSA-2188-1}
	- webkit 1.2.7-1
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/69936
CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1 ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/69735
	NOTE: style fix change set: http://trac.webkit.org/changeset/69801
CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google Chrome befor ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/70594
CVE-2010-4196 (The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9. ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4195 (The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does n ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4194 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4193 (Adobe Shockwave Player before 11.5.9.620 does not properly validate un ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4192 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4191 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4190 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4189 (The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows at ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4188 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allo ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4187 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools Online W ...)
	NOT-FOR-US: OnlineTechTools
CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly 2.3.8 a ...)
	NOT-FOR-US: Energine
CVE-2010-4184 (NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cle ...)
	NOT-FOR-US: NetSupport Manager
CVE-2010-4183 (Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier b ...)
	- php-htmlpurifier 4.1.1+dfsg1-1
CVE-2010-4182 (Untrusted search path vulnerability in the Data Access Objects (DAO) l ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...)
	- yaws <not-affected> (Only affects Windows)
CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_R ...)
	{DSA-2141-1}
	- openssl 0.9.8o-4
	NOTE: http://www.openssl.org/news/secadv/20101202.txt
CVE-2010-4179 (The installation documentation for Red Hat Enterprise Messaging, Realt ...)
	NOT-FOR-US: RedHat documentation of MRG
CVE-2010-4178 (MySQL-GUI-tools (mysql-administrator) leaks passwords into process lis ...)
	- mysql-gui-tools <unfixed> (low; bug #605542)
	[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
	[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
CVE-2010-4177 (mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+op ...)
	- mysql-gui-tools <unfixed> (low; bug #605542)
	[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
	[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
CVE-2010-4176 (plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 a ...)
	- dracut <not-affected> (vulnerable script not shipped)
	- udev <not-affected> (vulnerable script not shipped; fedora-specific issue)
CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) i ...)
	- linux-2.6 2.6.32-28
	[lenny] - linux-2.6 <not-affected> (RDS introduced in 2.6.30)
CVE-2010-4174
	REJECTED
CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...)
	- libsdp 1.1.99-2.1 (bug #603841)
CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager app ...)
	- tomcat6 6.0.28-9 (bug #606388)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-4171 (The staprun runtime tool in SystemTap 1.3 does not verify that a modul ...)
	{DSA-2348-1}
	- systemtap 1.2-3 (bug #603946)
CVE-2010-4170 (The staprun runtime tool in SystemTap 1.3 does not properly clear the  ...)
	{DSA-2348-1}
	- systemtap 1.2-3 (bug #603946)
CVE-2010-4169 (Use-after-free vulnerability in mm/mprotect.c in the Linux kernel befo ...)
	- linux-2.6 2.6.32-29
	[lenny] - linux-2.6 <not-affected> (perf counters not yet present)
CVE-2010-4168 (Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5  ...)
	- openttd 1.0.4-3 (bug #603752)
	[lenny] - openttd <not-affected> (Introduced in 1.0)
CVE-2010-4167 (Untrusted search path vulnerability in configure.c in ImageMagick befo ...)
	- imagemagick 8:6.6.0.4-3 (low; bug #601824)
	[lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22  ...)
	NOT-FOR-US: Joomla!
CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel b ...)
	- linux-2.6 2.6.32-28
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
CVE-2010-4164 (Multiple integer underflows in the x25_parse_facilities function in ne ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-4163 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4162 (Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6. ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4161 (The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat  ...)
	- linux-2.6 2.6.28-1
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 a ...)
	- mono 2.6.7-4 (bug #605097)
	[lenny] - mono <no-dsa> (Minor issue)
CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through  ...)
	- php5 5.3.3-4 (bug #603751)
	[lenny] - php5 <not-affected> (Only affects 5.3.x)
CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 a ...)
	NOT-FOR-US: eXV2 CMS
CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager  ...)
	NOT-FOR-US: Rhino Software, Inc. FTP Voyager
CVE-2010-4153 (Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably  ...)
	NOT-FOR-US: CrossFTP
CVE-2010-4152 (SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, a ...)
	NOT-FOR-US: 4site CMS
CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly  ...)
	NOT-FOR-US: DeluxeBB
CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP ext ...)
	{DSA-2195-1}
	- php5 5.3.3-7
CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Ch ...)
	- libvpx 0.9.1-2 (bug #602693)
CVE-2010-4160 (Multiple integer overflows in the (1) pppol2tp_sendmsg function in net ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27 (low)
CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux kernel be ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4157 (Integer overflow in the ioc_general function in drivers/scsi/gdth.c in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28 (low)
CVE-2010-4149 (Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5. ...)
	NOT-FOR-US: FreshWebMaster Fresh FTP
CVE-2010-4148 (Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly  ...)
	NOT-FOR-US: AnyConnect
CVE-2010-4147 (Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping C ...)
	NOT-FOR-US: Pentasoft Avactis Shopping Cart
CVE-2010-4146 (Cross-site scripting (XSS) vulnerability in Attachmate Reflection for  ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2010-4145 (Kisisel Radyo Script stores sensitive information under the web root w ...)
	NOT-FOR-US: Kisisel Radyo Script
CVE-2010-4144 (SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allow ...)
	NOT-FOR-US: Kisisel Radyo Script
CVE-2010-4143 (SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magi ...)
	NOT-FOR-US: phpCheckZ
CVE-2010-4142 (Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8 ...)
	NOT-FOR-US: DATAC RealWin
CVE-2010-4141
	REJECTED
CVE-2010-4140
	REJECTED
CVE-2010-4139
	REJECTED
CVE-2010-4138
	REJECTED
CVE-2010-4137
	REJECTED
CVE-2010-4136
	REJECTED
CVE-2010-4135
	REJECTED
CVE-2010-4134
	REJECTED
CVE-2010-4133
	REJECTED
CVE-2010-4132
	REJECTED
CVE-2010-4131
	REJECTED
CVE-2010-4130
	REJECTED
CVE-2010-4129
	REJECTED
CVE-2010-4128
	REJECTED
CVE-2010-4127
	REJECTED
CVE-2010-4126
	REJECTED
CVE-2010-4125
	REJECTED
CVE-2010-4124
	REJECTED
CVE-2010-4123
	REJECTED
CVE-2010-4122
	REJECTED
CVE-2010-4121 (** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Mana ...)
	NOT-FOR-US: IBM Tivoli
CVE-2010-XXXX
	- weborf 0.12.4-1 (bug #601585)
CVE-2010-4120 (Multiple cross-site scripting (XSS) vulnerabilities in the TAM console ...)
	NOT-FOR-US: IBM Tivoli
CVE-2010-4119
	REJECTED
CVE-2010-4118
	REJECTED
CVE-2010-4117
	REJECTED
CVE-2010-4116 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x bef ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2010-4115 (HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100 ...)
	NOT-FOR-US: HP StorageWorks
CVE-2010-4114 (Cross-site scripting (XSS) vulnerability in HP Discovery &amp; Depende ...)
	NOT-FOR-US: HP DDMI
CVE-2010-4113 (Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 al ...)
	NOT-FOR-US: HP HPPM
CVE-2010-4112 (HP Insight Management Agents before 8.6 allows remote attackers to obt ...)
	NOT-FOR-US: HP Insight Management Agents
CVE-2010-4111 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Onl ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2010-4110 (Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the I ...)
	NOT-FOR-US: HP OpenVMS
CVE-2010-4109 (Cross-site scripting (XSS) vulnerability in the Contacts Application i ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4108 (HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threa ...)
	NOT-FOR-US: HP-UX
CVE-2010-4107 (The default configuration of the PJL Access value in the File System E ...)
	NOT-FOR-US: HP LaserJet
CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight Orchestration
CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2 allow ...)
	NOT-FOR-US: HP Insight Orchestration
CVE-2010-4104 (Unspecified vulnerability in HP Insight Orchestration before 6.2 allow ...)
	NOT-FOR-US: HP Insight Orchestration
CVE-2010-4103 (Unspecified vulnerability in HP Insight Managed System Setup Wizard be ...)
	NOT-FOR-US: HP Insight Managed System Setup Wizard
CVE-2010-4102 (Unspecified vulnerability in HP Insight Recovery before 6.2 allows rem ...)
	NOT-FOR-US: HP Insight Recovery
CVE-2010-4101 (Cross-site scripting (XSS) vulnerability in HP Insight Recovery before ...)
	NOT-FOR-US: HP Insight Recovery
CVE-2010-4100 (Unspecified vulnerability in HP Insight Control Performance Management ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4099 (ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabl ...)
	NOT-FOR-US: NitroSecurity NitroView
CVE-2010-4098 (monotone before 0.48.1, when configured to allow remote commands, allo ...)
	- monotone 0.48-3
	[lenny] - monotone <not-affected> (Vulnerable feature introduced in 0.46)
CVE-2010-4097 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aa ...)
	NOT-FOR-US: Aardvark Topsites PHP
CVE-2010-4095 (Directory traversal vulnerability in the FTP client in Serengeti Syste ...)
	NOT-FOR-US: Serengeti Systems Incorporated Robo-FTP 3.7.3
CVE-2010-4094 (The Tomcat server in IBM Rational Quality Manager and Rational Test La ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2010-4093 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility component ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4091 (The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4085 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4084 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4083 (The copy_semid_to_user function in ipc/sem.c in the Linux kernel befor ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4082 (The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c i ...)
	- linux-2.6 2.6.32-24 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4081 (The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27 (low)
CVE-2010-4080 (The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the L ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27 (low)
CVE-2010-4079 (The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the  ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4078 (The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux  ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24 (low)
CVE-2010-4077 (The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Li ...)
	- linux-2.6 2.6.37-1 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4076 (The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel  ...)
	- linux-2.6 2.6.37-1 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4075 (The uart_get_count function in drivers/serial/serial_core.c in the Lin ...)
	{DSA-2264-1}
	- linux-2.6 2.6.37-1 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4074 (The USB subsystem in the Linux kernel before 2.6.36-rc5 does not prope ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24 (low)
CVE-2010-4073 (The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initi ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4072 (The copy_shmid_to_user function in ipc/shm.c in the Linux kernel befor ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4071 (Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2. ...)
	- otrs2 2.4.9+dfsg1-1
	[lenny] - otrs2 <not-affected> (Only affects OTRS 2.4)
CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper  ...)
	NOT-FOR-US: portmap.exe
CVE-2010-4069 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x t ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2010-4068 (Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x befo ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-4096 (share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local user ...)
	- monkeysphere 0.31-3 (bug #600304)
	NOTE: micah requested this CVE from mitre, issue has been fixed in debian already
CVE-2010-4067
	RESERVED
CVE-2010-4066
	RESERVED
CVE-2010-4065
	RESERVED
CVE-2010-4064
	RESERVED
CVE-2010-4063
	RESERVED
CVE-2010-4062
	RESERVED
CVE-2010-4061
	RESERVED
CVE-2010-4060
	RESERVED
CVE-2010-4059
	RESERVED
CVE-2010-4058
	RESERVED
CVE-2010-4057 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...)
	NOT-FOR-US: IBM solidDB
CVE-2010-4056 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...)
	NOT-FOR-US: IBM solidDB
CVE-2010-4055 (Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 an ...)
	NOT-FOR-US: IBM solidDB
CVE-2010-4054 (The gs_type2_interpret function in Ghostscript allows remote attackers ...)
	- ghostscript 8.71~dfsg-1 (unimportant)
	NOTE: Crash-only
CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function in onin ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2010-4052 (Stack consumption vulnerability in the regcomp implementation in the G ...)
	- glibc <removed> (unimportant)
	- eglibc <unfixed> (unimportant)
	NOTE: Deficiency in the regexp engine of glibc, while there implementations which
	NOTE: process such expressions more efficiently, imposing a limit lies within
	NOTE: the application accepting it from user input
CVE-2010-4051 (The regcomp implementation in the GNU C Library (aka glibc or libc6) t ...)
	- glibc <removed> (unimportant)
	- eglibc <unfixed> (unimportant)
	NOTE: Deficiency in the regexp engine of glibc, while there implementations which
	NOTE: process such expressions more efficiently, imposing a limit lies within
	NOTE: the application accepting it from user input
CVE-2010-XXXX [XSS vulnerability discovered -plugin-globalsearch]
	- fusionforge 5.0.2-3
CVE-2010-XXXX [insecure usage of temporary files in flash-kernel]
	- flash-kernel 2.33 (low)
	[lenny] - flash-kernel <no-dsa> (Minor issue)
CVE-2010-4050 (Opera before 10.63 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2010-4049 (Opera before 10.63 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2010-4048 (Opera before 10.63 allows user-assisted remote web servers to cause a  ...)
	NOT-FOR-US: Opera
CVE-2010-4047 (Opera before 10.63 does not properly select the security context of Ja ...)
	NOT-FOR-US: Opera
CVE-2010-4046 (Opera before 10.63 does not properly verify the origin of video conten ...)
	NOT-FOR-US: Opera
CVE-2010-4045 (Opera before 10.63 does not properly restrict web script in unspecifie ...)
	NOT-FOR-US: Opera
CVE-2010-4044 (Opera before 10.63 does not ensure that the portion of a URL shown in  ...)
	NOT-FOR-US: Opera
CVE-2010-4043 (Opera before 10.63 does not prevent interpretation of a cross-origin d ...)
	NOT-FOR-US: Opera
CVE-2010-4042 (Google Chrome before 7.0.517.41 does not properly handle element maps, ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-1
	NOTE: http://trac.webkit.org/changeset/68096
CVE-2010-4041 (The sandbox implementation in Google Chrome before 7.0.517.41 on Linux ...)
	- webkit <not-affected> (issue with chromium sandbox)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle animated GIF  ...)
	{DSA-2188-1}
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-1
	NOTE: http://trac.webkit.org/changeset/68446
CVE-2010-4039 (Google Chrome before 7.0.517.41 on Linux does not properly set the PAT ...)
	- webkit <not-affected> (chromium-specifc LD_LIBRARY_PATH issue)
	- chromium-browser <not-affected> (package uses its own startup script)
CVE-2010-4038 (The Web Sockets implementation in Google Chrome before 7.0.517.41 does ...)
	- webkit <not-affected> (issue in chromium code base)
	- chromium-browser 9.0.570
	[squeeze] - chromium-browser <not-affected> (websocket_experiment not enabled in v6)
	[wheezy] - chromium-browser <not-affected>
CVE-2010-4037 (Unspecified vulnerability in Google Chrome before 7.0.517.41 allows re ...)
	- webkit <not-affected> (affected gesture code not present in 1.2.x)
	- chromium-browser <unfixed> (unimportant)
	NOTE: http://trac.webkit.org/changeset/67716
CVE-2010-4036 (Google Chrome before 7.0.517.41 does not properly handle the unloading ...)
	- webkit <not-affected> (chromium-specifc issue)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4035 (Google Chrome before 7.0.517.41 does not properly perform autofill ope ...)
	- webkit <not-affected> (issue in chromium code base)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4034 (Google Chrome before 7.0.517.41 does not properly handle forms, which  ...)
	- webkit <not-affected> (issue in chromium code base)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4033 (Google Chrome before 7.0.517.41 does not properly implement the autofi ...)
	- webkit <not-affected> (issue in gestures, which resides in the webkit codebase, but is only used by chromium right now)
	- chromium-browser 6.0.472.63~r59945-1
	NOTE: http://trac.webkit.org/changeset/63786
	NOTE: http://trac.webkit.org/changeset/67240
CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4031 (Unspecified vulnerability in HP Insight Control Performance Management ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4030 (Cross-site scripting (XSS) vulnerability in HP Insight Control Perform ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4029 (Unspecified vulnerability in HP Storage Essentials before 6.3.0, when  ...)
	NOT-FOR-US: HP Storage Essentials
CVE-2010-4028 (Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunne ...)
	NOT-FOR-US: HP LoadRunner
CVE-2010-4027 (Unspecified vulnerability in the camera application in HP Palm webOS 1 ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4026 (Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 al ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4025 (Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows  ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4024 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight Control Power Management
CVE-2010-4023 (Cross-site scripting (XSS) vulnerability in HP Insight Control Power M ...)
	NOT-FOR-US: HP Insight Control Power Management
CVE-2010-4022 (The do_standalone function in the MIT krb5 KDC database propagation da ...)
	- krb5 1.8.3+dfsg-5 (low)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <not-affected> (Only affects 1.7.x onwards)
	[etch] - krb5 <not-affected> (Only affects 1.7.x onwards)
CVE-2010-4021 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 doe ...)
	- krb5 1.8+dfsg~alpha1-1
	[lenny] - krb5 <not-affected> (Only affects 1.7.x)
CVE-2010-4020 (MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key- ...)
	- krb5 1.8.3+dfsg-3 (bug #605553)
	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.8)
CVE-2010-4019
	RESERVED
CVE-2010-4018
	RESERVED
CVE-2010-4017
	RESERVED
CVE-2010-4016
	RESERVED
CVE-2010-4015 (Buffer overflow in the gettoken function in contrib/intarray/_int_bool ...)
	{DSA-2157-1}
	- postgresql-9.0 9.0.3-1
	- postgresql-8.4 8.4.7-1
	- postgresql-8.3 <removed>
CVE-2010-4014
	RESERVED
CVE-2010-4013 (Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x bef ...)
	NOT-FOR-US: This is not the PackageKit distributed by Debian, but a different code base
CVE-2010-4012 (Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later al ...)
	NOT-FOR-US: Apple iOS
CVE-2010-4011 (Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memor ...)
	- dovecot <not-affected> (HT4452 claims it is Apple-specific and doesn't affect the OSS version)
CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS  ...)
	NOT-FOR-US: Apple Type Services
CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Appl ...)
	{DSA-2128-1}
	- libxml2 2.7.8.dfsg-1 (bug #602609)
CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message Authenti ...)
	- mojarra <not-affected> (Fixed before initial upload, in 2.0.1)
CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0. ...)
	NOT-FOR-US: WSN Links
CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and  ...)
	- tomboy 1.2.2-2 (low; bug #605096)
	[lenny] - tomboy <no-dsa> (Minor issue)
CVE-2010-4004
	RESERVED
CVE-2010-4003
	RESERVED
CVE-2010-4002
	RESERVED
CVE-2010-4001 (** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-l ...)
	NOTE: Not a security issue
CVE-2010-4000 (gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name  ...)
	- gnome-shell 2.91.3-1 (bug #605098)
	[lenny] - gnome-shell <no-dsa> (Minor issue)
CVE-2010-3999 (gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length direct ...)
	- gnucash 2.2.9-10 (low; bug #603329)
	[lenny] - gnucash <no-dsa> (Minor issue)
CVE-2010-3998 (The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlie ...)
	- banshee 1.6.1-1.1 (bug #605095)
	[lenny] - banshee <no-dsa> (Minor issue)
CVE-2010-3997
	RESERVED
CVE-2010-3996 (festival_server in Centre for Speech Technology Research (CSTR) Festiv ...)
	- festival <not-affected> (From Lenny onwards we don't include the server component)
CVE-2010-3995
	RESERVED
CVE-2010-3994 (Cross-site scripting (XSS) vulnerability in HP Version Control Reposit ...)
	NOT-FOR-US: HP VCRM
CVE-2010-3993 (Unspecified vulnerability in HP Insight Control Server Migration befor ...)
	NOT-FOR-US: HP Insight
CVE-2010-3992 (Unspecified vulnerability in HP Insight Control Server Migration befor ...)
	NOT-FOR-US: HP Insight
CVE-2010-3991 (Cross-site scripting (XSS) vulnerability in HP Insight Control Server  ...)
	NOT-FOR-US: HP Insight
CVE-2010-3990 (Unspecified vulnerability in HP Virtual Server Environment before 6.2  ...)
	NOT-FOR-US: HP Virtual Server Environment
CVE-2010-3989 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight
CVE-2010-3988 (Unspecified vulnerability in HP Insight Control Virtual Machine Manage ...)
	NOT-FOR-US: HP Insight
CVE-2010-3987 (Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual ...)
	NOT-FOR-US: HP Insight
CVE-2010-3986 (Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VC ...)
	NOT-FOR-US: HP VCEM
CVE-2010-3985 (Cross-site scripting (XSS) vulnerability in HP Operations Orchestratio ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2010-3984 (Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-3983 (CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenti ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3982 (SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigg ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3981 (Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterp ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3980 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the  ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3979 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3978 (Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data usi ...)
	NOT-FOR-US: Spree
CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plug ...)
	NOT-FOR-US: cForm wordpress plugin
CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before 9.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9 allows loc ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3974 (fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3973 (The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Micr ...)
	NOT-FOR-US: Microsoft
CVE-2010-3972 (Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData fu ...)
	NOT-FOR-US: Microsoft Internet Information Services
CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify function ...)
	NOT-FOR-US: Microsoft Internet Explorer 7 and 8
CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in s ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3969
	REJECTED
CVE-2010-3968
	REJECTED
CVE-2010-3967 (Untrusted search path vulnerability in Microsoft Windows Movie Maker ( ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3966 (Untrusted search path vulnerability in Microsoft Windows Server 2008 R ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3965 (Untrusted search path vulnerability in Windows Media Encoder 9 on Micr ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3964 (Unrestricted file upload vulnerability in the Document Conversions Lau ...)
	NOT-FOR-US: Microsoft Office SharePoint Server
CVE-2010-3963 (Buffer overflow in the Routing and Remote Access NDProxy component in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3961 (The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3960 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows gues ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3959 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3958 (The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3957 (Double free vulnerability in the OpenType Font (OTF) driver in Microso ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3956 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3955 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2 ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-3954 (Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attacke ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-3953
	REJECTED
CVE-2010-3952 (The FlashPix image converter in the graphics filters in Microsoft Offi ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3951 (Buffer overflow in the FlashPix image converter in the graphics filter ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3950 (The TIFF image converter in the graphics filters in Microsoft Office X ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3949 (Buffer overflow in the TIFF image converter in the graphics filters in ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3948
	REJECTED
CVE-2010-3947 (Heap-based buffer overflow in the TIFF image converter in the graphics ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3946 (Integer overflow in the PICT image converter in the graphics filters i ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3945 (Buffer overflow in the CGM image converter in the graphics filters in  ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3944 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3943 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3942 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3941 (Double free vulnerability in win32k.sys in the kernel-mode drivers in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3940 (Double free vulnerability in win32k.sys in the kernel-mode drivers in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3939 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3938
	REJECTED
CVE-2010-3937 (Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote a ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft F ...)
	NOT-FOR-US: Forefront Unified Access Gateway
CVE-2010-3935
	REJECTED
CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Software 5.0 ...)
	NOT-FOR-US: BlackBerry Device Software
CVE-2010-3933 (Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attribut ...)
	- rails <not-affected> (Only affects >= 2.3.9, which is not yet in the archive)
CVE-2010-3932
	REJECTED
CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion produc ...)
	NOT-FOR-US: Rocomotion
CVE-2010-3930 (Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier  ...)
	NOT-FOR-US: MODx
CVE-2010-3929 (SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows ...)
	NOT-FOR-US: MODx
CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to a term ...)
	NOT-FOR-US: Ruby Version Manager
CVE-2010-3927 (Untrusted search path vulnerability in Lunascape before 6.4.0 allows l ...)
	NOT-FOR-US: Lunascape
CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX ...)
	NOT-FOR-US: SGX-SP Final
CVE-2010-3925 (Contents-Mall before 15 does not properly handle passwords, which allo ...)
	NOT-FOR-US: Contents-Mall
CVE-2010-3924 (SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remo ...)
	NOT-FOR-US: Aimluck Aipo
CVE-2010-3923 (Untrusted search path vulnerability in AttacheCase before 2.70 allows  ...)
	NOT-FOR-US: AttacheCase
CVE-2010-3922 (SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x be ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2 (bug #606311)
CVE-2010-3921 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4. ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2 (bug #606311)
CVE-2010-3920 (The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 a ...)
	NOT-FOR-US: Seiko Epson printer driver
CVE-2010-3919 (Fenrir Grani 4.5 and earlier does not prevent interaction between web  ...)
	NOT-FOR-US: Fenrir Grani
CVE-2010-3918 (Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between ...)
	NOT-FOR-US: Fenrir Sleipnir
CVE-2010-3917 (Google Chrome before 3.0 does not properly handle XML documents, which ...)
	- chromium-browser <not-affected> (Fixed before initial upload to Debian)
CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Governm ...)
	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Governm ...)
	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-3914 (Untrusted search path vulnerability in VIM Development Group GVim befo ...)
	- vim <not-affected> (Windows-specific)
CVE-2010-3913 (CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.01 ...)
	NOT-FOR-US: TransWARE Active! mail
CVE-2010-3912 (The supportconfig script in supportutils in SUSE Linux Enterprise 11 S ...)
	NOT-FOR-US: SLES support scripts
CVE-2010-3911 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM befo ...)
	NOT-FOR-US: vTiger CRM
CVE-2010-3910 (Multiple directory traversal vulnerabilities in the return_application ...)
	NOT-FOR-US: vTiger CRM
CVE-2010-3909 (Incomplete blacklist vulnerability in config.template.php in vtiger CR ...)
	NOT-FOR-US: vtiger CRM
CVE-2010-3908 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows rem ...)
	{DSA-2306-1}
	- libav 4:0.6-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin in Vid ...)
	- vlc 1.1.3-1squeeze1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier ...)
	- git-core <removed>
	[lenny] - git-core 1.5.6.5-3+lenny3.3
	- git 1:1.7.2.3-2.2
CVE-2010-3905 (The password reset feature in the administrator interface for Eucalypt ...)
	- eucalyptus <not-affected> (bug #608289) (It was once removed from archive, then re-added as 3.1.0)
CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable Data ...)
	- linux-2.6 2.6.32-26
	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.30)
CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows remote Any ...)
	- openconnect 2.25-0.1
CVE-2010-3902 (OpenConnect before 2.26 places the webvpn cookie value in the debuggin ...)
	- openconnect 3.02-1 (unimportant)
	NOTE: This is an additional safety net for careless users, not a vulnerability
CVE-2010-3901 (OpenConnect before 2.25 does not properly validate X.509 certificates, ...)
	- openconnect 2.25-0.1 (bug #590873)
CVE-2010-3900 (Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2 ...)
	- midori 0.2.7-1.1 (unimportant; bug #607497)
	NOTE: Current Midori SSL support is very limited
	NOTE: Midori should not be used if SSL support is important to you
CVE-2010-3899 (IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with a ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3898 (IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3897 (ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x  ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3896 (The ESSearchApplication directory tree in IBM OmniFind Enterprise Edit ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3895 (esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows loca ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3894 (Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3893 (The administrator interface in IBM OmniFind Enterprise Edition 8.x and ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3892 (Session fixation vulnerability in the login form in the administrator  ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3891 (Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3890 (Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Ed ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3889 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms all ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3888 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms all ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3887 (The Limit Mail feature in the Parental Controls functionality in Mail  ...)
	NOT-FOR-US: Apple Mail
CVE-2010-3886 (The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft msh ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3885
	REJECTED
CVE-2010-3884 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8 ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-3883 (Cross-site request forgery (CSRF) vulnerability in the Change Group Pe ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-3882 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-3881 (arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initia ...)
	- linux-2.6 2.6.32-29 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-3880 (net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not pr ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3879 (FUSE, possibly 2.8.5 and earlier, allows local users to create mtab en ...)
	- fuse 2.8.5-1 (bug #602333)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3879
CVE-2010-3878 (Cross-site request forgery (CSRF) vulnerability in the JMX Console in  ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3877 (The get_name function in net/tipc/socket.c in the Linux kernel before  ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3876 (net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not  ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3875 (The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel be ...)
	{DSA-2264-1 DSA-2240-1 DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in net/can/bcm. ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-3873 (The X.25 implementation in the Linux kernel before 2.6.36.2 does not p ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28 (low)
CVE-2010-3872 (The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcg ...)
	{DSA-2140-1}
	- libapache2-mod-fcgid 1:2.3.6-1 (bug #605484)
CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme ...)
	- mahara <not-affected> (Vulnerable feature introduced in 1.3)
CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle  ...)
	{DSA-2195-1}
	- php5 5.3.3-4 (bug #603751)
CVE-2010-3869 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate Sys ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2010-3868 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate Sys ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc modu ...)
	{DSA-2191-1}
	- proftpd-dfsg 1.3.3a-4
CVE-2010-3866
	REJECTED
CVE-2010-3865 (Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in t ...)
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9 ...)
	{DSA-2125-1}
	- openssl 0.9.8o-3
CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize  ...)
	- shiro <not-affected> (Fixed before the initial release in Debian)
CVE-2010-3862 (The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$Second ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kern ...)
	- linux-2.6 2.6.32-29
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
CVE-2010-3860 (IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2 ...)
	- openjdk-6 6b18-1.8.3-1
CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in the L ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27
CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before 2 ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27
CVE-2010-3857 (JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID paramet ...)
	- jbossas4 <not-affected> (Vulnerable code not present)
	NOTE: JBoss 5 only; fixed in 5.1.0
CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.1 ...)
	{DSA-2122-2 DSA-2122-1}
	- glibc 2.11.2-8
	- eglibc 2.11.2-8 (bug #600667)
CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in truetype/tt ...)
	{DSA-2155-1}
	- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3854 (Multiple cross-site scripting (XSS) vulnerabilities in the web adminis ...)
	- couchdb 1.1.0-1
	[squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) bef ...)
	- pam 1.1.3-1 (low; bug #608273)
	[squeeze] - pam <no-dsa> (Minor issue)
	[lenny] - pam <no-dsa> (Minor issue)
CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga  ...)
	NOT-FOR-US: Red Hat Conga
CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 an ...)
	NOT-FOR-US: libguestfs
CVE-2010-3850 (The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kerne ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-3849 (The econet_sendmsg function in net/econet/af_econet.c in the Linux ker ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-3848 (Stack-based buffer overflow in the econet_sendmsg function in net/econ ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) throu ...)
	{DSA-2122-2 DSA-2122-1}
	- eglibc 2.11.2-8 (bug #600667)
	- glibc 2.11.2-8
CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS 1.1 ...)
	- cvs <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852
CVE-2010-3844 (An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure ...)
	- ettercap 1:0.7.4-1 (unimportant; bug #600130)
	NOTE: Very far-fetched attack vector
CVE-2010-3843
	RESERVED
	- ettercap 1:0.7.4-1 (unimportant; bug #600130)
	NOTE: Very far-fetched attack vector
CVE-2010-3842 (Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, w ...)
	- curl <not-affected> (Doesn't affect POSIX systems)
CVE-2010-3841 (Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in ...)
	NOT-FOR-US: TWiki
CVE-2010-3845 (libapache-authenhook-perl 2.00-04 stores usernames and passwords in pl ...)
	- libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712)
	[lenny] - libapache-authenhook-perl 2.00-04+pristine-1+lenny1
CVE-2010-4237 (Mercurial before 1.6.4 fails to verify the Common Name field of SSL ce ...)
	- mercurial 1.6.4-1 (low; bug #598841)
	[lenny] - mercurial <no-dsa> (Minor issue)
CVE-2010-3840 (The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3839 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticat ...)
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allow ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allow ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allow ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticat ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.5 ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does  ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3832 (Heap-based buffer overflow in the GSM mobility management implementati ...)
	NOT-FOR-US: Apple iOS Telophony
CVE-2010-3831 (Photos in Apple iOS before 4.2 enables support for HTTP Basic Authenti ...)
	NOT-FOR-US: Apple iOS Photos
CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer during  ...)
	NOT-FOR-US: Apple iOS Networking
CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle a ...)
	NOT-FOR-US: Apple iOS iAd
CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before disp ...)
	NOT-FOR-US: Apple iOS configuration installation utility
CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3825
	RESERVED
CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3815
	RESERVED
CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in Fr ...)
	{DSA-2155-1}
	- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3813 (The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLin ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: fixed much earlier in chromium, but this was the version checked
CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp in WebK ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: fixed much earlier in chromium, but this was the version checked
	NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3807
	RESERVED
CVE-2010-3806
	RESERVED
CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 1 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before 5.0.3 o ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3800 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3799
	RESERVED
CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6 ...)
	- xar <removed>
	[lenny] - xar <no-dsa> (Minor issue)
CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac O ...)
	NOT-FOR-US: Apple Wiki Server
CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not  ...)
	NOT-FOR-US: Apple Safari RSS
CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialize ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialize ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 al ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialize ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x befor ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3786 (QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...)
	NOT-FOR-US: Apple QuickLook
CVE-2010-3785 (Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x befor ...)
	NOT-FOR-US: Apple QuickLook
CVE-2010-3784 (The PMPageFormatCreateWithDataRepresentation API in Printing in Apple  ...)
	NOT-FOR-US: Apple Printing
CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does ...)
	NOT-FOR-US: Apple Password Server
CVE-2010-3782 (obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to ...)
	- open-build-service <not-affected> (Fixed before initial upload to archive)
CVE-2010-3781 (The PL/php add-on 1.4 and earlier for PostgreSQL does not properly pro ...)
	- postgresql-9.0 9.0.1-1
CVE-2010-3780 (Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...)
	- dovecot 1:1.2.15-1 (bug #599521)
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3779 (Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admi ...)
	- dovecot 1:1.2.15-1 (bug #599521)
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3778 (Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thun ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.11-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and T ...)
	- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental)
CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	- icedove 3.0.11-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3775 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3774 (The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h ...)
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (Doesn't affect 1.9.0)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3773 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3772 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3771 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3770 (Multiple cross-site scripting (XSS) vulnerabilities in the rendering e ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3769 (The line-breaking implementation in Mozilla Firefox before 3.5.16 and  ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.11-1
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (font-face support introduced in 1.9.1)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3768 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird bef ...)
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <not-affected> (Vulnerable code not present)
	- icedove 3.0.11-1
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3767 (Integer overflow in the NewIdArray function in Mozilla Firefox before  ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3766 (Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6. ...)
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunder ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.15-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.10-1
	- icedove 3.0.10-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (bug in optimization added later)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3 ...)
	- bugzilla 3.6.3.0-1 (bug #602420; low)
	[squeeze] - bugzilla 3.6.2.0-4.2
CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in Ma ...)
	- mantis 1.1.8+dfsg-9 (bug #601618)
	[lenny] - mantis 1.1.6+dfsg-2lenny4
CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not  ...)
	{DSA-2130-1}
	- bind9 1:9.7.2.dfsg.P2-1 (bug #599515)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
	NOTE: ACL bypass claimed to only affect >=9.7.2: https://kb.isc.org/article/AA-00935/0/CVE-2010-3762%3A-failure-to-handle-bad-signatures-if-multiple-trust-anchors-configured.html
	NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in 9.6-ESV-R2.
CVE-2010-3761 (Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3760 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ( ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3759 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ( ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3758 (Multiple stack-based buffer overflows in FastBackServer.exe in the Ser ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3757 (Format string vulnerability in the _Eventlog function in FastBackServe ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3756 (The _CalcHashValueWithLength function in FastBackServer.exe in the Ser ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3755 (The _DAS_ReadBlockReply function in FastBackServer.exe in the Server i ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3754 (The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Ser ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3753 (programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.26)
CVE-2010-3752 (programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3751 (Multiple heap-based buffer overflows in an ActiveX control in RealNetw ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3750 (rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer  ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3749 (The browser-plugin implementation in RealNetworks RealPlayer 11.0 thro ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3748 (Stack-based buffer overflow in the RichFX component in RealNetworks Re ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3747 (An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealP ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3746
	RESERVED
CVE-2010-3745
	RESERVED
CVE-2010-3744
	RESERVED
CVE-2010-3743 (Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC ...)
	NOT-FOR-US: Visual Synapse HTTP Server
CVE-2010-3742 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...)
	NOT-FOR-US: Free Simple CMS 1.0
CVE-2010-3741 (The offline backup mechanism in Research In Motion (RIM) BlackBerry De ...)
	NOT-FOR-US: BlackBerry Desktop Software
CVE-2010-3740 (The Net Search Extender (NSE) implementation in the Text Search compon ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3739 (The audit facility in the Security component in IBM DB2 UDB 9.5 before ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3738 (The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT event ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3737 (Memory leak in the Relational Data Services component in IBM DB2 UDB 9 ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3736 (Memory leak in the Relational Data Services component in IBM DB2 UDB 9 ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3735 (The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5  ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3734 (The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, a ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3733 (The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses wor ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3732 (The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remo ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3731 (Stack-based buffer overflow in the validateUser implementation in the  ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use information abou ...)
	- webkit <not-affected> (issue in libv8)
	- chromium-browser 6.0.472.62~r59676-1
	- libv8 <not-affected>
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=45700
	NOTE: http://trac.webkit.org/changeset/67509
CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before 6.0.472.62 do ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.62~r59676-1
CVE-2010-3728
	REJECTED
CVE-2010-3727
	REJECTED
CVE-2010-3726
	REJECTED
CVE-2010-3725
	REJECTED
CVE-2010-3724
	REJECTED
CVE-2010-3723
	REJECTED
CVE-2010-3722
	REJECTED
CVE-2010-3721
	REJECTED
CVE-2010-3720
	REJECTED
CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the administra ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ...)
	{DSA-2160-1}
	- tomcat5.5 <removed> (low)
	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
	- tomcat6 6.0.28-10 (bug #612257)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-3717 (The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3716 (The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x befor ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3715 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x bef ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3714 (The jumpUrl (aka access tracking) implementation in tslib/class.tslib_ ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3713 (rss.php in UseBB before 1.0.11 does not properly handle forum configur ...)
	NOT-FOR-US: UseBB
CVE-2010-3712 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.2 ...)
	NOT-FOR-US: Joomla!
CVE-2010-3711 (libpurple in Pidgin before 2.7.4 does not properly validate the return ...)
	- pidgin 2.7.4-1
	[squeeze] - pidgin 2.7.3-1+squeeze1
CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP 5.2. ...)
	{DSA-2195-1}
	- php5 5.3.3-3 (bug #601619)
CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...)
	{DSA-2195-1}
	- php5 5.3.3-4 (bug #603751)
CVE-2010-3708 (The serialization implementation in JBoss Drools in Red Hat JBoss Ente ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0 ...)
	- dovecot 1:1.2.15-1
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0 ...)
	- dovecot 1:1.2.15-1
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3705 (The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux k ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser i ...)
	{DSA-2135-1 DSA-2119-1}
	- kdegraphics 4:4.0.0-1
	- xpdf 3.02-9
	- poppler 0.12.4-1.2 (bug #599165)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in poppler/Functio ...)
	- kdegraphics 4:4.0.0-1
	[lenny] - kdegraphics <not-affected> (Vulnerable code not present)
	- xpdf 3.02-9
	[lenny] - xpdf <not-affected> (Vulnerable code not present)
	- poppler 0.12.4-1.2 (bug #599165)
	[lenny] - poppler <not-affected> (Vulnerable code not present)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, pop ...)
	{DSA-2135-1 DSA-2119-1}
	- kdegraphics 4:4.0.0-1
	- xpdf 3.02-9
	- poppler 0.12.4-1.2 (bug #599165)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows ...)
	NOT-FOR-US: Red Hat Enterprise MRG
CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3. ...)
	NOT-FOR-US: VMware SpringSource Spring Security
CVE-2010-3699 (The backend driver in Xen 3.x allows guest OS users to cause a denial  ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-31
CVE-2010-3698 (The KVM implementation in the Linux kernel before 2.6.36 does not prop ...)
	- linux-2.6 2.6.32-28
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-3697 (The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x ...)
	- freeradius 2.1.10+dfsg-1 (bug #600176; unimportant)
	NOTE: requires server to be down already
CVE-2010-3696 (The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in cert ...)
	- freeradius 2.1.10+dfsg-1 (bug #600176)
	[lenny] - freeradius <not-affected> (Vulnerable code not present)
CVE-2010-3695 (Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Hord ...)
	{DSA-2204-1}
	- imp4 4.3.7+debian0-2.1 (bug #598584; low)
	NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde Applicati ...)
	{DSA-2278-1}
	- horde3 3.3.8+debian0-2 (bug #598582)
	NOTE: http://lists.horde.org/archives/announce/2010/000568.html
CVE-2010-3693 (Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) b ...)
	- dimp1 1.1.4+debian2-1.1 (bug #598583)
	NOTE: http://lists.horde.org/archives/announce/2010/000561.html
CVE-2010-3692 (Directory traversal vulnerability in the callback function in client.p ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-3691 (PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ena ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-3690 (Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1 ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-3689 (soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length di ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...)
	NOT-FOR-US: powermail extension 1.5.3 for typo3
CVE-2010-3686 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-4340 (libcloud before 0.4.1 does not verify SSL certificates for HTTPS conne ...)
	- libcloud 0.5.0-1 (low; bug #598463)
CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA We ...)
	NOT-FOR-US: NetArtMEDIA WebSiteAdmin
CVE-2010-3684 (The FTP authentication module in Synology Disk Station 2.x logs passwo ...)
	NOT-FOR-US: Synology Disk Station
CVE-2010-3683 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote aut ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3681 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote auth ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3680 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ca ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3679 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ca ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3678 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ca ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote aut ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3676 (storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3675
	RESERVED
CVE-2010-3658 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3657 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3656 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player be ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-3654 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5 ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3651
	REJECTED
CVE-2010-3650 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3649 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3648 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3647 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3646 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3645 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3644 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3643 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3642 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3641 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3640 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3639 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3638 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3635 (Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-3634 (Unspecified vulnerability in the edge process in Adobe Flash Media Ser ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-3633 (Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5. ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-3632 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3631 (Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3630 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3629 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3628 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3626 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3625 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3624 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3623 (Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3622 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3621 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3620 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3619 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3618 (PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does ...)
	NOT-FOR-US: PGP Desktop
CVE-2010-3617
	RESERVED
CVE-2010-3616 (ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover p ...)
	- isc-dhcp <not-affected> (Only affects 4.2.x)
	- dhcp3 <not-affected> (Only affects 4.2.x)
	- dhcp <not-affected> (Only affects 4.2.x)
CVE-2010-3615 (named in ISC BIND 9.7.2-P2 does not check all intended locations for a ...)
	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
	[lenny] - bind9 <not-affected> (Doesn't affect 9.6 ESV)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV  ...)
	{DSA-2130-1}
	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, an ...)
	{DSA-2130-1}
	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
CVE-2010-3612
	RESERVED
CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2 ...)
	- isc-dhcp 4.1.1-P1-14
	- dhcp3 <not-affected> (Only affects DHCP 4.x)
	- dhcp <not-affected> (Only affects DHCP 4.x)
CVE-2010-3610
	RESERVED
CVE-2010-3609 (The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other ve ...)
	{DLA-304-1}
	- openslp-dfsg 1.2.1-8 (low; bug #623551)
	[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
	[lenny] - openslp-dfsg <no-dsa> (Minor issue)
CVE-2010-3659 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3660 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3661 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3662 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3663 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3664 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3665 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3666 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3667 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3668 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3669 (TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows  ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3670 (TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3671 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3672 (TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea v ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3673 (TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows  ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3674 (TYPO3 before 4.4.1 allows XSS in the frontend search box. ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-XXXX [piwigo]
	- piwigo 2.1.2-2
	NOTE: http://www.exploit-db.com/exploits/14973/
	NOTE: First unfilled CVE-request https://www.openwall.com/lists/oss-security/2010/12/07/1
	NOTE: Second CVE-request https://www.openwall.com/lists/oss-security/2012/10/06/3
CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote atta ...)
	NOT-FOR-US: wpQuiz
CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt ...)
	NOT-FOR-US: NetArt MEDIA Real Estate Portal
CVE-2010-3606 (Multiple directory traversal vulnerabilities in AGENTS/index.php in Ne ...)
	NOT-FOR-US: NetArt MEDIA Real Estate Portal
CVE-2010-3605 (Cross-site scripting (XSS) vulnerability in the powermail extension 1. ...)
	NOT-FOR-US: powermail extension 1.5.3 for typo3
CVE-2010-3604 (SQL injection vulnerability in the powermail extension 1.5.3 and earli ...)
	NOT-FOR-US: powermail extension 1.5.3 for typo3
CVE-2010-3603 (Cross-site request forgery (CSRF) vulnerability in the file manager se ...)
	NOT-FOR-US: mojoPortal
CVE-2010-3602 (Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPo ...)
	NOT-FOR-US: mojoPortal
CVE-2010-3601 (SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows r ...)
	NOT-FOR-US: ibPhotohost
CVE-2010-3499 (F-Secure Anti-Virus does not properly interact with the processing of  ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2010-3498 (AVG Anti-Virus does not properly interact with the processing of hcp:/ ...)
	NOT-FOR-US: AVG Anti-Virus
CVE-2010-3497 (Symantec Norton AntiVirus 2011 does not properly interact with the pro ...)
	NOT-FOR-US: Symantec Norton AntiVirus
CVE-2010-3496 (McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact w ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2010-3495 (Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB)  ...)
	- zodb 1:3.9.4-1.1 (bug #599711)
CVE-2010-3494 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib be ...)
	- python-pyftpdlib 0.5.2-1 (low)
	NOTE: http://code.google.com/p/pyftpdlib/issues/detail?id=104
CVE-2010-3493 (Multiple race conditions in smtpd.py in the smtpd module in Python 2.6 ...)
	- python3.1 3.1.2+20100829-1
	- python2.6 2.6.6-1 (low; bug #601690)
	- python2.5 <unfixed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	[lenny] - python2.5 <no-dsa> (Minor issue)
CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly handle unsu ...)
	- python2.7 2.7.8-11 (unimportant)
	- python3.1 <removed> (unimportant)
	- python3.2 3.4.2-1 (unimportant)
	NOTE: likely fixed much earlier, but these were the versions checked
CVE-2010-3491 (The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator compon ...)
	NOT-FOR-US: TIBCO ActiveMatrix Service Grid
CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...)
	NOT-FOR-US: FreePBX
CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login ...)
	NOT-FOR-US: CMS Digital Workroom
CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote atta ...)
	NOT-FOR-US: QuickShare
CVE-2010-3487 (Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows a ...)
	NOT-FOR-US: YelloSoft Pinky
CVE-2010-3486 (Directory traversal vulnerability in FileStorageUpload.ashx in Smarter ...)
	NOT-FOR-US: SmarterMail
CVE-2010-3483 (cms_write.php in Primitive CMS 1.0.9 does not properly restrict access ...)
	NOT-FOR-US: Primitive CMS
CVE-2010-3482 (Multiple SQL injection vulnerabilities in cms_write.php in Primitive C ...)
	NOT-FOR-US: Primitive CMS
CVE-2010-3481 (Multiple SQL injection vulnerabilities in login.php in ApPHP PHP Micro ...)
	NOT-FOR-US: MicroCMS
CVE-2010-3480 (Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1 ...)
	NOT-FOR-US: MicroCMS
CVE-2010-3479 (SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote ...)
	NOT-FOR-US: BoutikOne
CVE-2010-3478
	RESERVED
CVE-2010-3477 (The tcf_act_police_dump function in net/sched/act_police.c in the acti ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3600 (Unspecified vulnerability in the Client System Analyzer component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2010-3599 (Unspecified vulnerability in the Oracle Document Capture component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3598 (Unspecified vulnerability in the Oracle Document Capture component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3597 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3596 (Unspecified vulnerability in the mod_ssl component in Oracle Secure Ba ...)
	NOT-FOR-US: Dupe of CVE-2009-3555, will be rejected
CVE-2010-3595 (Unspecified vulnerability in the Oracle Document Capture component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3594 (Unspecified vulnerability in the Real User Experience Insight componen ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2010-3593 (Unspecified vulnerability in the Health Sciences - Oracle Argus Safety ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2010-3592 (Unspecified vulnerability in the Oracle Document Capture component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3591 (Unspecified vulnerability in the Oracle Document Capture component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3590 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2010-3589 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle Application Object Library component
CVE-2010-3588 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3587 (Unspecified vulnerability in the Oracle Common Applications component  ...)
	NOT-FOR-US: Oracle Applications
CVE-2010-3586 (Unspecified vulnerability in Oracle Solaris 9 allows local users to af ...)
	- xscreensaver <not-affected> (Solaris-specific patch)
CVE-2010-3585 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...)
	NOT-FOR-US: OracleVM
CVE-2010-3584 (Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2. ...)
	NOT-FOR-US: OracleVM
CVE-2010-3583 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...)
	NOT-FOR-US: OracleVM
CVE-2010-3582 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...)
	NOT-FOR-US: OracleVM
CVE-2010-3581 (Unspecified vulnerability in the BPEL Console component in Oracle Fusi ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3580 (Unspecified vulnerability in Oracle OpenSolaris allows local users to  ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3579 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Jav ...)
	NOT-FOR-US: Java Communications Suite
CVE-2010-3578 (Unspecified vulnerability in Oracle OpenSolaris allows remote attacker ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3577 (Unspecified vulnerability in Oracle OpenSolaris allows remote attacker ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3576 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3575 (Unspecified vulnerability in the Oracle Communications Messaging Serve ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3574 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3573 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3572 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3571 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3570 (Unspecified vulnerability in the Deployment Toolkit component in Oracl ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3569 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3568 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3567 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3566 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3565 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3564 (Unspecified vulnerability in the Oracle Communications Messaging Serve ...)
	- openjdk-6 6b18-1.8.2-1
CVE-2010-3563 (Unspecified vulnerability in the Deployment component in Oracle Java S ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3562 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3561 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3560 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3559 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3558 (Unspecified vulnerability in the Java Web Start component in Oracle Ja ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3557 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3556 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3555 (Unspecified vulnerability in the Deployment component in Oracle Java S ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3554 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3553 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3552 (Unspecified vulnerability in the New Java Plug-in component in Oracle  ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3551 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3550 (Unspecified vulnerability in the Java Web Start component in Oracle Ja ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3549 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3548 (Unspecified vulnerability in the Java Naming and Directory Interface ( ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3547 (Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-3546 (Unspecified vulnerability in the Sun Java System Identity Manager comp ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3545 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...)
	NOT-FOR-US: Oracle iPlanet Web Server
CVE-2010-3544 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...)
	NOT-FOR-US: Oracle iPlanet Web Server
CVE-2010-3543
	REJECTED
CVE-2010-3542 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3541 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3540 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3539 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL compon ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3538 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL compon ...)
	NOT-FOR-US: PeopleSoft Enterprise FMS
CVE-2010-3537 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM compon ...)
	NOT-FOR-US: PeopleSoft Enterprise FMS
CVE-2010-3536 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...)
	NOT-FOR-US: PeopleSoft Enterprise SCM
CVE-2010-3535 (Unspecified vulnerability in the Directory Server Enterprise Edition c ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3534 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle Primavera Products Suite
CVE-2010-3533 (Unspecified vulnerability in the PeopleSoft Enterprise SCM OM and CRM  ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3532 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order Cap ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3531 (Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM co ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR compon ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3529 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - Cash Mana ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3528 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Common Co ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3527 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM compon ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3526 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO compon ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3525 (Unspecified vulnerability in the (1) PeopleSoft Enterprise FMS, (2) SC ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3524 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - Strategic ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3523 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3522 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay compon ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3520 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3519 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3518 (Unspecified vulnerability in the PeopleSoft Enterprise HCM GP - Japan  ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3517 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3516 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3515 (Unspecified vulnerability in the Solaris component in Oracle Solaris 9 ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3514 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3513 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...)
	NOT-FOR-US: Oracle Solaris and OpenSolaris
CVE-2010-3512 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...)
	NOT-FOR-US: Oracle iPlanet Web Server
CVE-2010-3511 (Unspecified vulnerability in Oracle OpenSolaris allows local users to  ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3510 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic
CVE-2010-3509 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3508 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3507 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3506 (Unspecified vulnerability in the Oracle Explorer (Sun Explorer) compon ...)
	NOT-FOR-US: Oracle Explorer
CVE-2010-3505 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain Products
CVE-2010-3504 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-3503 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3502 (Unspecified vulnerability in the Siebel Core component in Oracle Siebe ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-3501 (Unspecified vulnerability in the OID component in Oracle Fusion Middle ...)
	NOT-FOR-US: Oracle Fusion
CVE-2010-3500 (Unspecified vulnerability in the Siebel Core - Highly Interactive Clie ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-3476 (Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before  ...)
	- otrs2 2.4.8+dfsg1-1
	[lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4)
CVE-2010-3475 (IBM DB2 9.7 before FP3 does not properly enforce privilege requirement ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3474 (IBM DB2 9.7 before FP3 does not perform the expected drops or invalida ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3473 (Open redirect vulnerability in the Workplace (aka WP) component in IBM ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3472 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ( ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3471 (Session fixation vulnerability in the Workplace (aka WP) component in  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3470 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ( ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3469
	RESERVED
CVE-2010-3468 (Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 b ...)
	NOT-FOR-US: Mura CMS
CVE-2010-3467 (SQL injection vulnerability in modules/sections/index.php in E-Xooppor ...)
	NOT-FOR-US: E-Xoopport Samsara
CVE-2010-3466 (Cross-site scripting (XSS) vulnerability in index.php in the hosted_si ...)
	NOT-FOR-US: NetArt Media iBoutique.MALL
CVE-2010-3465 (Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Ca ...)
	NOT-FOR-US: XSE Shopping Cart
CVE-2010-3464 (Cross-site request forgery (CSRF) vulnerability in admin/manager_users ...)
	NOT-FOR-US: SantaFox
CVE-2010-3463 (Cross-site scripting (XSS) vulnerability in modules/search/search.clas ...)
	NOT-FOR-US: SantaFox
CVE-2010-3462 (Cross-site scripting (XSS) vulnerability in backend/plugin/Registratio ...)
	NOT-FOR-US: Mollify
CVE-2010-3461 (SQL injection vulnerability in the Publisher module in eNdonesia 8.4 a ...)
	NOT-FOR-US: eNdonesia
CVE-2010-3460 (Directory traversal vulnerability in the HTTP interface in AXIGEN Mail ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2010-3459 (Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2010-3458 (SQL injection vulnerability in lib/toolkit/events/event.section.php in ...)
	NOT-FOR-US: Symphony CMS
CVE-2010-3457 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2. ...)
	NOT-FOR-US: Symphony CMS
CVE-2010-3456 (Directory traversal vulnerability in download.php in EnergyScripts (ES ...)
	NOT-FOR-US: EnergyScripts Simple Download
CVE-2010-3455 (Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0  ...)
	NOT-FOR-US: AChecker
CVE-2010-3454 (Multiple off-by-one errors in the WW8DopTypography::ReadFromMem functi ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3453 (The WW8ListManager::WW8ListManager function in oowriter in OpenOffice. ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3452 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x a ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3451 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x a ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3450 (Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2 ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback before 1.2. ...)
	NOT-FOR-US: Redback
CVE-2010-3448 (drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-12 (bug #565790; unimportant)
	NOTE: this is more of a hardware bug rather than a security issue
CVE-2010-3447 (Cross-site scripting (XSS) vulnerability in view.php in the file viewe ...)
	- gollem 1.1.1+debian0-1.1 (bug #598585)
	[lenny] - gollem <not-affected> ($filename not printed directly and passed through htmlspecialchars())
	NOTE: http://bugs.horde.org/ticket/9191
CVE-2010-3446
	RESERVED
CVE-2010-3445 (Stack consumption vulnerability in the dissect_ber_unknown function in ...)
	{DSA-2127-1}
	- wireshark 1.2.11-3 (low)
	NOTE: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
CVE-2010-3444 (Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU Fri ...)
	- pyfribidi 0.10.0-2 (bug #570068)
	[lenny] - pyfribidi <not-affected> (fribidi 0.19.1 or higher needs to be installed to trigger this)
CVE-2010-3443 (ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows  ...)
	- quassel 0.7.1-1 (bug #597853)
	[squeeze] - quassel 0.6.3-1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774
CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in sound/core/c ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
	NOTE: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote  ...)
	- abcm2ps 5.9.13-0.1 (low; bug #577014)
	[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-3440 (babiloo 2.0.9 before 2.0.11 creates temporary files with predictable n ...)
	- babiloo 2.0.11-1 (low; bug #591995)
CVE-2010-3439 (It is possible to cause a DoS condition by causing the server to crash ...)
	- alien-arena 7.33-5 (low; bug #575621)
	[lenny] - alien-arena 7.0-1+lenny2
CVE-2010-3438 (libpoe-component-irc-perl before v6.32 does not remove carriage return ...)
	- libpoe-component-irc-perl 6.32+dfsg-1
	[lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194)
CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in dr ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attacke ...)
	- php5 5.3.3-4 (unimportant)
	NOTE: http://svn.php.net/viewvc?view=revision&revision=303824
CVE-2010-3435 (The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before ...)
	- pam 1.1.3-1 (low; bug #599832)
	[squeeze] - pam <no-dsa> (Minor issue)
	[lenny] - pam <no-dsa> (Minor issue)
	NOTE: Fix from 1.1.2 is not fully complete
CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in libclam ...)
	- clamav 0.96.3+dfsg-1
	[lenny] - clamav <end-of-life>
	NOTE: libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226)
CVE-2010-3433 (The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30 ...)
	{DSA-2120-1}
	- postgresql-9.0 9.0.1-1
	- postgresql-8.4 8.4.5-1
	[squeeze] - postgresql-8.4 8.4.5-0squeeze1
	- postgresql-8.3 <removed>
CVE-2010-3432 (The sctp_packet_config function in net/sctp/output.c in the Linux kern ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3431 (The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...)
	- pam 1.1.3-1 (low; bug #599832)
	[squeeze] - pam <no-dsa> (Minor issue)
	NOTE: 20100924164823.GA21584@openwall.com
CVE-2010-3430 (The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...)
	- pam 1.1.3-1 (bug #599832)
	[squeeze] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
	[lenny] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
	NOTE: 20100924164823.GA21584@openwall.com
CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlaye ...)
	{DSA-2165-1}
	- ffmpeg 4:0.5.2-6 (bug #598590)
	- ffmpeg-debian <removed>
	NOTE: http://www.ocert.org/advisories/ocert-2010-004.html
CVE-2010-XXXX [mingetty directory traversal]
	- mingetty 1.07-2 (low; bug #597382)
	[lenny] - mingetty <no-dsa> (Minor issue)
CVE-2010-XXXX [config file world readable]
	- sabnzbdplus 0.5.4-1 (low; bug #593829)
CVE-2010-XXXX [signature verification issue]
	- dpkg 1.15.1 (unimportant; bug #592115)
CVE-2010-XXXX [numpy memory corruption]
	- python-numpy 1:1.4.1-5 (low; bug #581058)
	[lenny] - python-numpy <no-dsa> (Minor issue)
	NOTE: http://projects.scipy.org/numpy/changeset/8364
CVE-2010-XXXX [mediatomb directory traversal]
	- mediatomb 0.12.1-47-g7ab7616-1 (low; bug #580120; bug #778669)
	[wheezy] - mediatomb 0.12.1-4+deb7u1
	[squeeze] - mediatomb 0.12.0~svn2018-6.1
	NOTE: was previously fixed in 580120 but patch was not applied to later maintainer uploads
CVE-2010-3428 (SQL injection vulnerability in modules/notes/json.php in Intermesh Gro ...)
	NOT-FOR-US: Intermesh Group-Office
CVE-2010-3427 (Multiple cross-site scripting (XSS) vulnerabilities in Open Classified ...)
	NOT-FOR-US: Open Classifieds
CVE-2010-3426 (Directory traversal vulnerability in jphone.php in the JPhone (com_jph ...)
	NOT-FOR-US: JPhone for Joomla
CVE-2010-3425 (Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHel ...)
	NOT-FOR-US: SmarterStats
CVE-2010-3424 (Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbco ...)
	NOT-FOR-US: Invision Power Board
CVE-2010-3423 (SQL injection vulnerability in the Yr Weatherdata module for Drupal 6. ...)
	NOT-FOR-US: Yr Weatherdata module for Drupal
CVE-2010-3422 (SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 fo ...)
	NOT-FOR-US: JGen for Joomla
CVE-2010-3421 (Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in Prod ...)
	NOT-FOR-US: ProductCart
CVE-2010-3420 (Cross-site scripting (XSS) vulnerability in Products_Results.php in Po ...)
	NOT-FOR-US: PowerStore
CVE-2010-3419 (Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Fam ...)
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2010-3418 (Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Ca ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2010-3417 (Google Chrome before 6.0.472.59 does not prompt the user before granti ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3416 (Google Chrome before 6.0.472.59 on Linux does not properly implement t ...)
	- webkit <not-affected> (issue in chromium-specific code)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44960
	NOTE: http://trac.webkit.org/changeset/66689
CVE-2010-3415 (Google Chrome before 6.0.472.59 does not properly implement Geolocatio ...)
	- webkit <not-affected> (issue in chromium-specific code)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=45112
	NOTE: http://trac.webkit.org/changeset/66837
	NOTE: depends on http://trac.webkit.org/changeset/66837
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=45257
CVE-2010-3414 (Google Chrome before 6.0.472.59 on Mac OS X does not properly implemen ...)
	- webkit <not-affected> (Does not affect linux)
	- chromium-browser <not-affected> (Does not affect linux)
CVE-2010-3413 (Unspecified vulnerability in the pop-up blocking functionality in Goog ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3412 (Race condition in the console implementation in Google Chrome before 6 ...)
	- libv8 2.2.24-6 (bug #597856)
CVE-2010-3411 (Google Chrome before 6.0.472.59 on Linux does not properly handle curs ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3410
	REJECTED
CVE-2010-3409
	REJECTED
CVE-2010-3408
	REJECTED
CVE-2010-3407 (Stack-based buffer overflow in the MailCheck821Address function in nno ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2010-3406 (Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM ...)
	NOT-FOR-US: AIX 5.3
CVE-2010-3405 (Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1,  ...)
	NOT-FOR-US: AIX 6.1, VIOS
CVE-2010-3404 (Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com ...)
	NOT-FOR-US: eshtery CMS
CVE-2010-3403 (Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic  ...)
	NOT-FOR-US: Qualcomm eXtensible Diagnostic Monitor
CVE-2010-3402 (Untrusted search path vulnerability in IDM Computer Solutions UltraEdi ...)
	NOT-FOR-US: UltraEdit
CVE-2010-3401
	RESERVED
CVE-2010-3400 (The js_InitRandom function in the JavaScript implementation in Mozilla ...)
	NOTE: These will likely be rejected, Mozilla people will clarify with MITRE
CVE-2010-3399 (The js_InitRandom function in the JavaScript implementation in Mozilla ...)
	NOTE: These will likely be rejected, Mozilla people will clarify with MITRE
CVE-2010-3398 (Unspecified vulnerability in the webcontainer implementation in IBM Lo ...)
	NOT-FOR-US: IBM Lotus Sametime Connect
CVE-2010-3397 (Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9. ...)
	NOT-FOR-US: PGP Desktop
CVE-2010-3396 (Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and  ...)
	NOT-FOR-US: Kingsoft Antivirus
CVE-2010-3395
	RESERVED
CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place ...)
	- texmacs 1:1.0.7.7-1.1 (bug #598424)
	[squeeze] - texmacs 1:1.0.7.4-3.1
	[lenny] - texmacs <no-dsa> (minor issue)
CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory name i ...)
	- magics++ 2.10.0.dfsg-5.1 (bug #598418)
CVE-2010-3392
	RESERVED
CVE-2010-3391
	RESERVED
CVE-2010-3390
	RESERVED
CVE-2010-3389 (The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents ...)
	- cluster-agents 1:1.0.3-3.1 (bug #598549)
CVE-2010-3388
	RESERVED
CVE-2010-3387
	- vdr 1.6.0-19.1 (unimportant; bug #598308)
	NOTE: Only affects a debugging tool, see bug #598308
CVE-2010-3386 (usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length  ...)
	- ust 0.7-2.1 (bug #598309)
	[squeeze] - ust 0.5-1+squeeze1
	[wheezy] - ust 0.5-1+squeeze1
CVE-2010-3385 (TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PA ...)
	- tuxguitar 1.2-7 (bug #598307)
	[lenny] - tuxguitar <no-dsa> (Minor issue)
CVE-2010-3384 (The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and ...)
	- torcs 1.3.1-5 (bug #598306)
	[lenny] - torcs <no-dsa> (Minor issue)
CVE-2010-3383 (The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 ...)
	- teamspeak-client 2.0.32-3.1 (low; bug #598304)
	[lenny] - teamspeak-client <no-dsa> (Non-free not supported)
	- teamspeak-server 2.0.24.1+debian-1.1 (low; bug #598305)
	[lenny] - teamspeak-server <no-dsa> (Non-free not supported)
CVE-2010-3382 (tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-leng ...)
	- tau 2.16.4-1.4 (bug #598303)
CVE-2010-3381 (The (1) tangerine and (2) tangerine-properties scripts in Tangerine 0. ...)
	- tangerine 0.3.2.2-6 (bug #598302)
	[lenny] - tangerine <no-dsa> (minor issue)
CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2 ...)
	- slurm-llnl 2.1.15-2 (bug #602340)
	[wheezy] - slurm-llnl 2.1.11-1squeeze1 (bug #602340)
	[squeeze] - slurm-llnl 2.1.11-1squeeze1 (bug #602340)
	[lenny] - slurm-llnl <no-dsa> (Minor issue)
	NOTE: Debian package ships its own, also vulnerable, init script. NOT fixed in 2.1.14-1
CVE-2010-3379
	RESERVED
CVE-2010-3378 (The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scil ...)
	- scilab 5.2.2-8 (bug #598423; bug #598422)
	[lenny] - scilab <no-dsa> (Non-free not supported)
CVE-2010-3377 (The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hx ...)
	- salome 5.1.3-11 (bug #598421)
CVE-2010-3376 (The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in  ...)
	- root-system 5.34.00-1 (bug #598420; bug #598419)
	[lenny] - root-system <no-dsa> (minor issue)
CVE-2010-3375 (qtparted has insecure library loading which may allow arbitrary code e ...)
	- qtparted 0.4.5-8 (low; bug #598301)
	[lenny] - qtparted <no-dsa> (Minor issue)
CVE-2010-3374 (Qt Creator before 2.0.1 places a zero-length directory name in the LD_ ...)
	- qtcreator 1.3.1-3 (bug #598300)
CVE-2010-3373 (paxtest handles temporary files insecurely ...)
	- paxtest 1:0.9.9-1 (unimportant; bug #598413)
CVE-2010-3372 (Untrusted search path vulnerability in NorduGrid Advanced Resource Con ...)
	- nordugrid-arc-nox 1.1.0~rc6-2.1 (bug #606151)
CVE-2010-3371
	RESERVED
CVE-2010-3370
	RESERVED
CVE-2010-3369 (The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, a ...)
	- mono-debugger 2.6.3-2.1 (low; bug #598299)
	[lenny] - mono-debugger <no-dsa> (Minor issue)
CVE-2010-3368
	RESERVED
CVE-2010-3367
	RESERVED
CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the LD_LIBRARY_PATH ...)
	- mn-fit <removed> (bug #598298)
	[lenny] - mn-fit <no-dsa> (Minor issue)
CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PA ...)
	- mistelix 0.31-2 (low; bug #598297)
CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length directory nam ...)
	- vips 7.14.5-2 (unimportant; bug #598296)
	NOTE: Scripts are not used for any real world scenarios
CVE-2010-3363 (roarify in roaraudio 0.3 places a zero-length directory name in the LD ...)
	- roaraudio 0.3-2 (low; bug #598295)
	[lenny] - roaraudio <no-dsa> (Minor issue)
CVE-2010-3362 (lastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PAT ...)
	- lastfm 1:1.5.4.26862+dfsg-5 (low; bug #598294)
	[lenny] - lastfm 1:1.5.1.31879.dfsg-1+lenny1
CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 p ...)
	- ike 2.1.5+dfsg-2 (low; bug #598292)
	[lenny] - ike <no-dsa> (Minor issue)
CVE-2010-3360 (Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, ...)
	- hipo <removed> (bug #598291)
	[lenny] - hipo <no-dsa> (Minor issue)
CVE-2010-3359 (If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, th ...)
	- gargoyle-free 2009-08-25-2
	NOTE: http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6
CVE-2010-3358 (HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in th ...)
	- henplus <removed> (bug #598290)
CVE-2010-3357 (gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBR ...)
	- gnome-subtitles 1.0-2 (low; bug #598289)
	[lenny] - gnome-subtitles <no-dsa> (Minor issue)
CVE-2010-3356
	RESERVED
CVE-2010-3355 (Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH ...)
	- ember 0.5.7-1.1 (low; bug #598288)
CVE-2010-3354 (dropboxd in Dropbox 0.7.110 places a zero-length directory name in the ...)
	- dropbox 0.8.107-1 (low; bug #598287)
	[lenny] - dropbox <no-dsa> (Non-free not supported)
CVE-2010-3353 (Cowbell 0.2.7.1 places a zero-length directory name in the LD_LIBRARY_ ...)
	- cowbell <not-affected> (See bug #598286)
CVE-2010-3352
	RESERVED
CVE-2010-3351 (startBristol in Bristol 0.60.5 places a zero-length directory name in  ...)
	- bristol 0.60.5-2 (bug #598285)
CVE-2010-3350 (bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PA ...)
	- bareftp 0.3.4-1.1 (bug #598284)
CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PA ...)
	- ardour 1:2.8.11-2 (low; bug #598282)
CVE-2010-3348 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3347
	REJECTED
CVE-2010-3346 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3345 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3344
	REJECTED
CVE-2010-3343 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3342 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3341
	REJECTED
CVE-2010-3340 (Microsoft Internet Explorer 6 and 7 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3339
	REJECTED
CVE-2010-3338 (The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2 ...)
	NOT-FOR-US: Microsoft Office 2007 SP2
CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac  ...)
	NOT-FOR-US: Microsoft Office XP SP3
CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010 ...)
	NOT-FOR-US: Microsoft Office XP SP3
CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010 ...)
	NOT-FOR-US: Microsoft Office XP SP3
CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3332 (Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3330 (Microsoft Internet Explorer 6 through 8 does not properly restrict scr ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3329 (mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote atta ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3328 (Use-after-free vulnerability in the CAttrArray::PrivateFind function i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3327 (The implementation of HTML content creation in Microsoft Internet Expl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3326 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3325 (Microsoft Internet Explorer 6 through 8 does not properly handle unspe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8, and the Sa ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session  ...)
	NOT-FOR-US: Splunk
CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticat ...)
	NOT-FOR-US: Splunk
CVE-2010-3321 (RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not  ...)
	NOT-FOR-US: RSA Authentication Client
CVE-2010-3320 (Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4 ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3319 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a sessi ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3318 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits pass ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3317 (Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4 ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3316 (The run_coprocess function in pam_xauth.c in the pam_xauth module in L ...)
	- pam 1.1.2-1 (unimportant; bug #599832)
	NOTE: partial fix http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
	NOTE: Not exploitable with current kernels
CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as distr ...)
	{DSA-2118-1}
	- subversion 1.6.12dfsg-2 (low)
CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1. ...)
	{DSA-2013-1}
	- egroupware <removed> (high; bug #573279)
	[lenny] - egroupware 1.4.004-2.dfsg-4.2
CVE-2010-3313 (phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serv ...)
	{DSA-2013-1}
	- egroupware <removed> (high; bug #573279)
	[lenny] - egroupware 1.4.004-2.dfsg-4.2
CVE-2010-3312 (Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditiona ...)
	- epiphany-browser 2.29.91-1 (bug #564690)
	[lenny] - epiphany-browser <not-affected> (Introduced with the switch to webkit after Lenny release)
CVE-2010-3311 (Integer overflow in base/ftstream.c in libXft (aka the X FreeType libr ...)
	{DSA-2116-1}
	- freetype 2.4.0-1
	NOTE: Only the 2.3.x series is affected
CVE-2010-3310 (Multiple integer signedness errors in net/rose/af_rose.c in the Linux  ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3309
	REJECTED
CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2. ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3307 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...)
	NOT-FOR-US: Free Simple CMS 1.0
CVE-2010-3305 (Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 cou ...)
	- pixelpost <removed> (bug #597224)
CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...)
	- dovecot 1.2.13-1
	[lenny] - dovecot <not-affected> (only affects 1.2.x)
CVE-2010-3303 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...)
	- mantis 1.1.8+dfsg-8 (bug #599710)
	[lenny] - mantis 1.1.6+dfsg-2lenny3
CVE-2010-3302 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2. ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia32entr ...)
	- linux-2.6 2.6.32-23
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.27)
CVE-2010-3300
	RESERVED
CVE-2010-3299 (The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...)
	- rails <unfixed> (unimportant)
	NOTE: http://seclists.org/oss-sec/2010/q3/415
	NOTE: http://seclists.org/oss-sec/2010/q3/413
	NOTE: http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf
CVE-2010-3298 (The hso_get_count function in drivers/net/usb/hso.c in the Linux kerne ...)
	- linux-2.6 2.6.32-24
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
CVE-2010-3297 (The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3296 (The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3295
	REJECTED
CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x throug ...)
	NOT-FOR-US: HP AssetCenter
CVE-2010-3290 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 6 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3289 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3288 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight  ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3287 (Unspecified vulnerability on HP ProCurve Access Points, Access Control ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-3286 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and  ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3285 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) bef ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3282 (389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucen ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server (aka T ...)
	NOT-FOR-US: Alcatel-Lucent OmniTouch Contact Center
CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4 in the  ...)
	NOT-FOR-US: Alcatel-Lucent OmniTouch Contact Center
CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Alternative ...)
	- php-apc <unfixed> (unimportant)
	NOTE: vulnerable script is, mainly, for debugging purposes
	NOTE: and is distributed gzip-compressed
CVE-2010-3293 (mailscanner can allow local users to prevent virus signatures from bei ...)
	- mailscanner <removed> (bug #596397; unimportant)
	NOTE: or even unimportant, the script is not used by default
CVE-2010-3292 (The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 down ...)
	- mailscanner <removed> (bug #596396; low)
	[squeeze] - mailscanner <no-dsa> (Minor issue)
CVE-2010-3278
	REJECTED
CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build 301548 and  ...)
	NOT-FOR-US: VMware Workstation
CVE-2010-3276 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...)
	{DSA-2211-1}
	- vlc 1.1.8-1
	NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
CVE-2010-3275 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...)
	{DSA-2211-1}
	- vlc 1.1.8-1
	NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch. ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remo ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2010-3272 (accounts/ValidateAnswers in the security-questions implementation in Z ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2010-3271 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Inte ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before ...)
	NOT-FOR-US: Cisco WebEx Meeting Center
CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx Recording For ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3268 (The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in th ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5  ...)
	NOT-FOR-US: BugTracker.NET
CVE-2010-3266 (Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET  ...)
	NOT-FOR-US: BugTracker.NET
CVE-2010-3265
	RESERVED
CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2010-3263 (Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php ...)
	- phpmyadmin 4:3.3.7-1 (low)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2010-3262 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3 ...)
	NOT-FOR-US: flock
CVE-2010-3261 (Directory traversal vulnerability in RSA Authentication Agent 7.0 befo ...)
	NOT-FOR-US: RSA Authentication Agent 7.0 for Web
CVE-2010-3260 (oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server co ...)
	NOT-FOR-US: Orbeon Forms
CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, G ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44399
	NOTE: http://trac.webkit.org/changeset/65826
CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53 does not ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3257 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/65748
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44226
CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the number of  ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3255 (Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not prop ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812
	NOTE: http://trac.webkit.org/changeset/66052
CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53 does  ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/65135
CVE-2010-3253 (The implementation of notification permissions in Google Chrome before ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected> (notifications not yet used in webkit)
	NOTE: http://trac.webkit.org/changeset/64647
	NOTE: http://trac.webkit.org/changeset/64651
CVE-2010-3252 (Use-after-free vulnerability in the Notifications presenter in Google  ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected> (notifications not yet used in webkit)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43645
	NOTE: http://trac.webkit.org/changeset/65742
CVE-2010-3251 (The WebSockets implementation in Google Chrome before 6.0.472.53 allow ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3250 (Unspecified vulnerability in Google Chrome before 6.0.472.53 allows re ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG filter ...)
	- chromium-browser 6.0.472.53~r57914-1
	NOTE: http://trac.webkit.org/changeset/60541
CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict copying to  ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/58703
CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the charact ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the _blank va ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected> (vulnerable code not present in 1.2.x series)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34541
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44969
	NOTE: http://trac.webkit.org/changeset/66742
CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite (forme ...)
	NOT-FOR-US: Blackboard Transact Suite
CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackbo ...)
	NOT-FOR-US: Blackboard Transact Suite
CVE-2010-3306 (Directory traversal vulnerability in the modURL function in instance.c ...)
	- weborf 0.12.3-1 (bug #596112)
CVE-2010-3243 (Cross-site scripting (XSS) vulnerability in the toStaticHTML function  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3242 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3241 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3240 (Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Co ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3239 (Microsoft Excel 2002 SP3 does not properly validate record information ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3238 (Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does n ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3237 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly valid ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3236 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3235 (Microsoft Excel 2002 SP3 does not properly validate formula informatio ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3234 (Microsoft Excel 2002 SP3 does not properly validate formula informatio ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3233 (Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate recor ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3232 (Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; O ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3231 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3230 (Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers t ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3229 (The Secure Channel (aka SChannel) security package in Microsoft Window ...)
	NOT-FOR-US: Microsoft OSes
CVE-2010-3228 (The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms d ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3227 (Stack-based buffer overflow in the UpdateFrameTitleForDocument method  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3226
	REJECTED
CVE-2010-3225 (Use-after-free vulnerability in the Media Player Network Sharing Servi ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2010-3224
	REJECTED
CVE-2010-3223 (The user interface in Microsoft Cluster Service (MSCS) in Microsoft Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3222 (Stack-based buffer overflow in the Remote Procedure Call Subsystem (RP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3221 (Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Vi ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3220 (Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 f ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3219 (Array index vulnerability in Microsoft Word 2002 SP3 allows remote att ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3218 (Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote at ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3217 (Double free vulnerability in Microsoft Word 2002 SP3 allows remote att ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3215 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3214 (Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3213 (Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook W ...)
	NOT-FOR-US: Microsoft Outlook Web Access
CVE-2010-3212 (SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier  ...)
	NOT-FOR-US: Seagull
CVE-2010-3211 (Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro ...)
	NOT-FOR-US: Joomla addon
CVE-2010-3210 (Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E- ...)
	NOT-FOR-US: Multi-lingual E-Commerce System
CVE-2010-3209 (Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 al ...)
	NOT-FOR-US: Seagull
CVE-2010-3208 (Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web Bui ...)
	NOT-FOR-US: Wiccle Web Builder
CVE-2010-3207 (SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when mag ...)
	NOT-FOR-US: GaleriaSHQIP
CVE-2010-3206 (Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allo ...)
	NOT-FOR-US: DiY-CMS
CVE-2010-3205 (PHP remote file inclusion vulnerability in index.php in Textpattern CM ...)
	- textpattern <removed>
	[squeeze] - textpattern <no-dsa> (Minor issue)
CVE-2010-3204 (Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5  ...)
	NOT-FOR-US: Pecio CMS
CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) compone ...)
	NOT-FOR-US: PicSell
CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 a ...)
	NOT-FOR-US: flock
CVE-2010-3201 (Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4. ...)
	NOT-FOR-US: NetWin Surgemail
CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attac ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...)
	NOT-FOR-US: TortoiseSVN
CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows  ...)
	- zope2.10 <removed>
	- zope2.11 <removed>
CVE-2010-3197 (IBM DB2 9.7 before FP2 does not perform the expected access control on ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3196 (IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote au ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3195 (Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, a ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3194 (The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3193 (Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3192 (Certain run-time memory protection mechanisms in the GNU C Library (ak ...)
	- eglibc <unfixed> (unimportant)
	NOTE: Minor information leak
CVE-2010-3191 (Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and  ...)
	NOT-FOR-US: Adobe Captivate
CVE-2010-3190 (Untrusted search path vulnerability in the Microsoft Foundation Class  ...)
	NOT-FOR-US: ATL MFC Trace Tool
CVE-2010-3189 (The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (Uf ...)
	NOT-FOR-US: Trend Micro Internet Security Pro
CVE-2010-3188 (SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and ...)
	NOT-FOR-US: BugTracker.NET
CVE-2010-3187 (Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attac ...)
	NOT-FOR-US: IBM AIX
CVE-2010-3186 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSph ...)
	NOT-FOR-US: WebSphere
CVE-2010-3185
	RESERVED
CVE-2010-3184
	RESERVED
CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox bef ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (bug in optimization added later)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3182 (A certain application-launch script in Mozilla Firefox before 3.5.14 a ...)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel <not-affected> (run-mozilla.sh not used)
CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 a ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in Mozilla Fire ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality in Moz ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird bef ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the Gopher pars ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3175 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental)
CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x befo ...)
	{DSA-2123-1}
	- nss 3.12.8-1
CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3. ...)
	- bugzilla 3.6.3.0-1 (bug #602420; low)
	[squeeze] - bugzilla 3.6.2.0-4.2
CVE-2010-3171 (The Math.random function in the JavaScript implementation in Mozilla F ...)
	NOTE: Will likely be rejected by MITRE
CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird bef ...)
	{DSA-2123-1}
	- nss 3.12.8-1
	- kde4libs 4:4.4.5-4 (low)
	- qt4-x11 4:4.7.2-4 (low)
	[squeeze] - qt4-x11 4:4.6.3-4+squeeze1
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	[squeeze] - kde4libs 4:4.4.5-2+squeeze2
	[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3168 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3167 (The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3. ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3166 (Heap-based buffer overflow in the nsTextFrameUtils::TransformText func ...)
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	[lenny] - xulrunner <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- icedove 3.0.7-1
	[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3165 (Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and ear ...)
	NOT-FOR-US: Yokka NoEditor and others
CVE-2010-3164 (Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earli ...)
	NOT-FOR-US: Fenrir Sleipnir, Grani
CVE-2010-3163 (Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 an ...)
	NOT-FOR-US: Fenrir Sleipnir, Grani
CVE-2010-3162 (Untrusted search path vulnerability in Apsaly before 3.74 allows local ...)
	NOT-FOR-US: Apsaly
CVE-2010-3161 (Untrusted search path vulnerability in TeraPad before 1.00 allows loca ...)
	NOT-FOR-US: TeraPad
CVE-2010-3160 (Untrusted search path vulnerability in Archive Decoder 1.23 and earlie ...)
	NOT-FOR-US: Archive Decoder
CVE-2010-3159 (Untrusted search path vulnerability in Explzh 5.67 and earlier allows  ...)
	NOT-FOR-US: Explzh
CVE-2010-3158 (Untrusted search path vulnerability in Lhaplus before 1.58 allows loca ...)
	NOT-FOR-US: Lhaplus
CVE-2010-3157 (Untrusted search path vulnerability in XacRett before 50 allows attack ...)
	NOT-FOR-US: XacRett
CVE-2010-3156 (Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows ...)
	NOT-FOR-US: K2Editor
CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15  ...)
	- wireshark <not-affected> (Only affects Windows port)
CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 a ...)
	- xulrunner <not-affected> (Only affects Windows port)
	- iceweasel <not-affected> (Only affects Windows port)
CVE-2010-3123
	RESERVED
CVE-2010-3155 (Untrusted search path vulnerability in Adobe ExtendScript Toolkit (EST ...)
	NOT-FOR-US: Adobe ExtendedScript Toolkit
CVE-2010-3154 (Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0 ...)
	NOT-FOR-US: Adobe Extension Manager
CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesig ...)
	NOT-FOR-US: Adobe InDesign
CVE-2010-3152 (Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, C ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2010-3151 (Untrusted search path vulnerability in Adobe On Location CS4 Build 315 ...)
	NOT-FOR-US: Adobe On Location
CVE-2010-3150 (Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 (31 ...)
	NOT-FOR-US: Adobe Premier Pro
CVE-2010-3149 (Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0( ...)
	NOT-FOR-US: Adobe Device Central
CVE-2010-3148 (Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows ...)
	NOT-FOR-US: Microsoft Visio
CVE-2010-3147 (Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windo ...)
	NOT-FOR-US: Microsoft Address Book
CVE-2010-3146 (Multiple untrusted search path vulnerabilities in Microsoft Groove 200 ...)
	NOT-FOR-US: Microsoft Office Groove
CVE-2010-3145 (Untrusted search path vulnerability in the BitLocker Drive Encryption  ...)
	NOT-FOR-US: Microsoft Vista BitLocker
CVE-2010-3144 (Untrusted search path vulnerability in the Internet Connection Signup  ...)
	NOT-FOR-US: Microsoft Internet Connection Signup Wizard
CVE-2010-3143 (Untrusted search path vulnerability in Microsoft Windows Contacts allo ...)
	NOT-FOR-US: Microsoft Windows Contacts
CVE-2010-3142 (Untrusted search path vulnerability in Microsoft Office PowerPoint 200 ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-3141 (Untrusted search path vulnerability in Microsoft PowerPoint 2010 allow ...)
	NOT-FOR-US: Microsoft Power Point
CVE-2010-3140 (Untrusted search path vulnerability in Microsoft Windows Internet Comm ...)
	NOT-FOR-US: Microsoft Windows Internet Communication Settings
CVE-2010-3139 (Untrusted search path vulnerability in Microsoft Windows Progman Group ...)
	NOT-FOR-US: Microsoft Windows Progman Group Converter
CVE-2010-3138 (Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax  ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2010-3137 (Untrusted search path vulnerability in Nullsoft Winamp 5.581, and prob ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2010-3136 (Untrusted search path vulnerability in Skype 4.2.0.169 and earlier all ...)
	NOT-FOR-US: Skype
CVE-2010-3135 (Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows  ...)
	NOT-FOR-US: Cisco Packet Tracer
CVE-2010-3134 (Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allo ...)
	NOT-FOR-US: Google Earth
CVE-2010-3132 (Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 buil ...)
	NOT-FOR-US: Adobe Dreamweaver
CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit all versions 1 ...)
	NOT-FOR-US: TechSmith Snagit
CVE-2010-3129 (Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allo ...)
	NOT-FOR-US: uTorrent
CVE-2010-3128 (Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier ...)
	NOT-FOR-US: TeamViewer
CVE-2010-3127 (Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 ...)
	NOT-FOR-US: Adobe PhotoShop
CVE-2010-3126 (Untrusted search path vulnerability in avast! Free Antivirus version 5 ...)
	NOT-FOR-US: avast! Free Antivirus version
CVE-2010-3125 (Untrusted search path vulnerability in TeamMate Audit Management Softw ...)
	NOT-FOR-US: TeamMate Audit Management Software Suite
CVE-2010-3122 (The DevonIT thin-client management tool relies on a shared secret for  ...)
	NOT-FOR-US: DevonIT thin-client management tool
CVE-2010-3121 (Buffer overflow in tm-console-bin in the DevonIT thin-client managemen ...)
	NOT-FOR-US: DevonIT thin-client management tool
CVE-2010-3124 (Untrusted search path vulnerability in bin/winvlc.c in VLC Media Playe ...)
	- vlc <not-affected> (Windows specific vulnerability)
CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the Geolo ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43776
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39879
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096
	NOTE: http://trac.webkit.org/changeset/65329
	NOTE: http://trac.webkit.org/changeset/65325
CVE-2010-3119 (Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not pro ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795
	NOTE: http://trac.webkit.org/changeset/65090
CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google Chrome ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit <not-affected> (chromium specific)
CVE-2010-3117 (Google Chrome before 5.0.375.127 does not properly implement the notif ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit <not-affected> (chromium specific)
CVE-2010-3116 (Multiple use-after-free vulnerabilities in WebKit, as used in Apple Sa ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/64293
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888
	NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series
CVE-2010-3115 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/63925
	NOTE: http://trac.webkit.org/changeset/64077
	NOTE: only partially fixed: only 64077 applied in 1.2.4-1
CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127, a ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655
	NOTE: http://trac.webkit.org/changeset/63773
CVE-2010-3113 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659
	NOTE: http://trac.webkit.org/changeset/63865
CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement file dial ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 5.0.375.127~r55887-1
CVE-2010-3111 (Google Chrome before 6.0.472.53 does not properly mitigate an unspecif ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit <not-affected> (chromium specific)
CVE-2010-3110 (Multiple buffer overflows in the Novell Client novfs module for the Li ...)
	NOT-FOR-US: novfs kernel module (only included in SUSE it seems)
CVE-2010-2948 (Stack-based buffer overflow in the bgp_route_refresh_receive function  ...)
	{DSA-2104-1}
	- quagga 0.99.17-1 (bug #594262)
CVE-2010-2949 (bgpd in Quagga before 0.99.17 does not properly parse AS paths, which  ...)
	{DSA-2104-1}
	- quagga 0.99.17-1 (bug #594262)
CVE-2010-3109 (Stack-based buffer overflow in the browser plugin in Novell iPrint Cli ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3108 (Buffer overflow in the browser plugin in Novell iPrint Client before 5 ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3107 (A certain ActiveX control in ienipp.ocx in the browser plugin in Novel ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3106 (The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint  ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3105 (The PluginGetDriverFile function in Novell iPrint Client before 5.44 i ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3104 (Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, a ...)
	NOT-FOR-US: DeskShare AutoFTP Manager
CVE-2010-3103 (Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.0 ...)
	NOT-FOR-US: FTPGetter
CVE-2010-3102 (Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3 ...)
	NOT-FOR-US: SiteDesigner Technologies
CVE-2010-3101 (Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1  ...)
	NOT-FOR-US: FTPx Corp FTP Explorer
CVE-2010-3100 (Directory traversal vulnerability in Porta+ FTP Client 4.1, and possib ...)
	NOT-FOR-US: Porta+ FTP Client
CVE-2010-3099 (Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0 ...)
	NOT-FOR-US: SmartSoft Ltd SmartFTP
CVE-2010-3098 (Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 an ...)
	NOT-FOR-US: IoRush Software FTP Rush
CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3 ...)
	NOT-FOR-US: WinFrigate Frigate 3 FTP
CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...)
	NOT-FOR-US: SoftX FTP Client 3.3
CVE-2010-3095 (mailscanner before 4.79.11-2.1 might allow local users to overwrite ar ...)
	- mailscanner 4.79.11-2.1 (bug #596403)
CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3093 (The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allow ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3092 (The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does n ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3090
	REJECTED
CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman bef ...)
	{DSA-2170-1}
	- mailman 1:2.1.13-4.1 (bug #599833)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id={631881,631859}
CVE-2010-3088 (The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0 ...)
	NOT-FOR-US: Knotify plugin for Pidgin
CVE-2010-3087 (LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attacke ...)
	- tiff 3.9.4-5 (bug #600188)
	- tiff3 <not-affected> (fixed before initial upload)
	[lenny] - tiff <not-affected> (Vulnerable code not present)
CVE-2010-3086 (include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not pro ...)
	- linux-2.6 2.6.25-1
CVE-2010-3085 (The network-play implementation in Mednafen before 0.8.D might allow r ...)
	- mednafen 0.8.D-1 (unimportant)
	NOTE: Extremely obscure attack vector, marking as unimportant
CVE-2010-3084 (Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/ne ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.30)
CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Ente ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2  ...)
	- python-django 1.2.3-1 (low; bug #596205)
	NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-23 (high)
CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in sound/co ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-24
CVE-2010-3079 (kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugf ...)
	- linux-2.6 2.6.32-24
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-24
CVE-2010-3077 (Cross-site scripting (XSS) vulnerability in util/icon_browser.php in t ...)
	{DSA-2278-1}
	- horde3 3.3.8+debian0-2 (bug #598582)
	NOTE: http://seclists.org/fulldisclosure/2010/Sep/82
CVE-2010-3076 (The filter function in php/src/include.php in Simple Management for BI ...)
	{DSA-2103-1}
	- smbind 0.4.7-5 (high)
	NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
CVE-2010-3075 (EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher ...)
	- encfs 1.7.2-1 (bug #595998)
	[lenny] - encfs <no-dsa> (Not backportable, breaks backwards-compatibility)
CVE-2010-3074 (SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of a ...)
	- encfs 1.7.2-1 (bug #595998)
	[lenny] - encfs <no-dsa> (Minor issue)
CVE-2010-3073 (SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer  ...)
	- encfs 1.7.2-1 (bug #595998)
	[lenny] - encfs <no-dsa> (Minor issue)
CVE-2010-3072 (The string-comparison functions in String.cci in Squid 3.x before 3.1. ...)
	{DSA-2111-1}
	- squid3 3.1.6-1.1 (bug #596086; low)
	- squid <not-affected> (Only affects 3.x)
CVE-2010-3071 (bip before 0.8.6 allows remote attackers to cause a denial of service  ...)
	- bip 0.8.6-1 (low; bug #595409)
	[lenny] - bip <not-affected> (vulnerable code ('LINK(lc)->name') not in 0.7.4-2)
	[squeeze] - bip 0.8.2-1squeeze2
CVE-2010-3070 (Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in M ...)
	- nusoap 0.7.3-4 (low; bug #595248)
CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse ...)
	{DSA-2109-1}
	- samba 2:3.5.5~dfsg-1 (bug #596891)
CVE-2010-3068
	REJECTED
CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the Linux ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel before 2.6. ...)
	- linux-2.6 2.6.23-1
CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in  ...)
	- php5 <removed> (unimportant)
	NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3063 (The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...)
	- php5 <removed> (unimportant)
	NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3062 (mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3 ...)
	- php5 <removed> (unimportant)
	NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3061 (Unspecified vulnerability in the message-protocol implementation in th ...)
	NOT-FOR-US: Tivoli
CVE-2010-3060 (Unspecified vulnerability in the message-protocol implementation in th ...)
	NOT-FOR-US: Tivoli
CVE-2010-3059 (Buffer overflow in the message-protocol implementation in the Server i ...)
	NOT-FOR-US: Tivoli
CVE-2010-3058 (The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x b ...)
	NOT-FOR-US: Tivoli
CVE-2010-3065 (The default session serializer in PHP 5.2 through 5.2.13 and 5.3 throu ...)
	{DSA-2089-1}
	- php5 5.3.3-1
CVE-2010-3057
	RESERVED
CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions before ...)
	- freetype 2.4.2-1 (unimportant)
CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11 ...)
	{DSA-2097-2 DSA-2097-1}
	- phpmyadmin 4:3.3.5.1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2010-5/
CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2 ...)
	{DSA-2097-2 DSA-2097-1}
	- phpmyadmin 4:3.0.0
	NOTE: Affects only 2.x branch
CVE-2010-3052
	RESERVED
CVE-2010-3051
	RESERVED
CVE-2010-3050 (Cisco IOS before 12.2(33)SXI allows remote authenticated users to caus ...)
	NOT-FOR-US: Cisco
CVE-2010-3049 (Cisco IOS before 12.2(33)SXI allows local users to cause a denial of s ...)
	NOT-FOR-US: Cisco
CVE-2010-3048 (Cisco Unified Personal Communicator 7.0 (1.13056) does not free alloca ...)
	NOT-FOR-US: Cisco
CVE-2010-3047
	RESERVED
CVE-2010-3046
	RESERVED
CVE-2010-3045
	RESERVED
CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...)
	NOT-FOR-US: Cisco Intelligent Contact Manager
CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-3038 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the L ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-3037 (goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing ( ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in the w ...)
	NOT-FOR-US: Cisco
CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not proper ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possib ...)
	NOT-FOR-US: Cisco
CVE-2010-3033 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0 ...)
	NOT-FOR-US: Cisco
CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in  ...)
	NOT-FOR-US: SAP Crystal Reports 2008
CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other version ...)
	NOT-FOR-US: Wyse ThinOS
CVE-2010-3030 (Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open B ...)
	NOT-FOR-US: Tomaz Muraus Open Blog
CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows re ...)
	NOT-FOR-US: PHPKick
CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses insecure perm ...)
	NOT-FOR-US: Joomla!
CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0 ...)
	NOT-FOR-US: Tycoon Baseball Script
CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in application/modules ...)
	NOT-FOR-US: Tomaz Muraus Open Blog
CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Op ...)
	NOT-FOR-US: Tomaz Muraus Open Blog
CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in user/mai ...)
	NOT-FOR-US: DiamondList
CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1 ...)
	NOT-FOR-US: DiamondList
CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance logging mo ...)
	NOT-FOR-US: Drupal Addon
CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2010-3020 (The news-feed preview feature in Opera before 10.61 does not properly  ...)
	NOT-FOR-US: Opera
CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote attacke ...)
	NOT-FOR-US: Opera
CVE-2010-3018 (RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.5 ...)
	NOT-FOR-US: RSA Access Manager
CVE-2010-3017 (Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7 ...)
	NOT-FOR-US: RSA Access Manager
CVE-2010-3016
	REJECTED
CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 al ...)
	NOT-FOR-US: Pligg
CVE-2010-3012 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3011 (CRLF injection vulnerability in HP System Management Homepage (SMH) be ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect  ...)
	NOT-FOR-US: HP 3Com OfficeConnect
CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for L ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data Prote ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data Prote ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2010-3006 (Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote  ...)
	NOT-FOR-US: HP ProLiant G6 Lights-Out
CVE-2010-3005 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windo ...)
	NOT-FOR-US: HP Operations Agents
CVE-2010-3004 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windo ...)
	NOT-FOR-US: HP Operations Agents
CVE-2010-3003 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Onl ...)
	NOT-FOR-US: HP Insight Diagnostics Online Edition
CVE-2010-3002 (Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-3001 (Unspecified vulnerability in an ActiveX control in the Internet Explor ...)
	NOT-FOR-US: Internet Explorer
CVE-2010-3000 (Multiple integer overflows in the ParseKnownType function in RealNetwo ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2999 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPla ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2998 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 and Rea ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-2997 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2996 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Wind ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2991 (The IICAClient interface in the ICAClient library in the ICA Client Ac ...)
	NOT-FOR-US: Citrix ICA Client
CVE-2010-2990 (Citrix Online Plug-in for Windows for XenApp &amp; XenDesktop before 1 ...)
	NOT-FOR-US: Citrix ICA Client
CVE-2010-2989 (nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Ness ...)
	NOT-FOR-US: Nessus
CVE-2010-2988 (Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Net ...)
	NOT-FOR-US: Cisco
CVE-2010-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless  ...)
	NOT-FOR-US: Cisco
CVE-2010-2986 (Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.d ...)
	NOT-FOR-US: Cisco
CVE-2010-2985 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere S ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-2984 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4 ...)
	NOT-FOR-US: Cisco
CVE-2010-2983 (The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless ...)
	NOT-FOR-US: Cisco
CVE-2010-2982 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allo ...)
	NOT-FOR-US: Cisco
CVE-2010-2981 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allo ...)
	NOT-FOR-US: Cisco
CVE-2010-2980 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5 ...)
	NOT-FOR-US: Cisco
CVE-2010-2979 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5 ...)
	NOT-FOR-US: Cisco
CVE-2010-2978 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...)
	NOT-FOR-US: Cisco
CVE-2010-2977 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...)
	NOT-FOR-US: Cisco
CVE-2010-2976 (The controller in Cisco Unified Wireless Network (UWN) Solution 7.x th ...)
	NOT-FOR-US: Cisco
CVE-2010-2975 (Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 doe ...)
	NOT-FOR-US: Cisco
CVE-2010-2974 (Stack-based buffer overflow in the IConfigurationAccess interface in t ...)
	NOT-FOR-US: Wonderware Application Server
CVE-2010-2973 (Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone  ...)
	NOT-FOR-US: Apple
CVE-2010-2972
	REJECTED
CVE-2010-3014 (The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when ...)
	- kfreebsd-7 <unfixed>
	- kfreebsd-8 8.1-5
	- kfreebsd-9 <not-affected> (fixed prior to first upload)
	- kfreebsd-10 <not-affected> (fixed prior to first upload)
CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extent ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-22
CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark ...)
	{DSA-2101-1}
	- wireshark 1.2.10-1
CVE-2010-2992 (packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through ...)
	- wireshark 1.2.10-1
	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0. ...)
	{DSA-2101-1}
	- wireshark 1.2.10-1
CVE-2010-2993 (The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote atta ...)
	- wireshark 1.2.10-1
	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly acc ...)
	{DSA-2081-1}
	- libmikmod 3.1.11-6.3
CVE-2010-2970 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x  ...)
	- moin 1.9.3-1 (low)
CVE-2010-2969 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3  ...)
	- moin 1.9.3-1
CVE-2010-2968 (The FTP daemon in Wind River VxWorks does not close the TCP connection ...)
	NOT-FOR-US: vxworks
CVE-2010-2967 (The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks be ...)
	NOT-FOR-US: vxworks
CVE-2010-2966 (The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and ...)
	NOT-FOR-US: vxworks
CVE-2010-2965 (The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and ...)
	NOT-FOR-US: vxworks
CVE-2010-2964
	RESERVED
CVE-2010-2963 (drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) imp ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-26
CVE-2010-2962 (drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the roo ...)
	NOT-FOR-US: mountall
CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...)
	- linux-2.6 2.6.32-23
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-20
CVE-2010-2958 (Cross-site scripting (XSS) vulnerability in libraries/Error.class.php  ...)
	- phpmyadmin 4:3.3.6-1
	[lenny] - phpmyadmin <not-affected> (only affects 3.x)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2010-6/
CVE-2010-2957 (Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4,  ...)
	- serendipity 1.5.3-2 (bug #594905)
CVE-2010-2956 (Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not ...)
	- sudo 1.7.4p4-1 (bug #595935)
	[lenny] - sudo <not-affected> (Only affects 1.7.x)
	NOTE: http://www.sudo.ws/sudo/alerts/runas_group.html
CVE-2010-2955 (The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in t ...)
	- linux-2.6 2.6.32-23
CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel befor ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-22
CVE-2010-2953 (Untrusted search path vulnerability in a certain Debian GNU/Linux patc ...)
	{DSA-2107-1}
	- couchdb 0.11.0-1 (low; bug #594412)
CVE-2010-2952 (Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, d ...)
	- trafficserver <not-affected> (Fixed before initial release)
CVE-2010-2951 (dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enable ...)
	- squid3 3.1.6-1.2 (bug #599709)
	[lenny] - squid3 <not-affected> (vulnerable code introduced in 3.1.6)
	NOTE: http://marc.info/?l=squid-users&m=128263555724981&w=2
CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP 5 ...)
	- php5 5.3.3-2 (low)
	[lenny] - php5 <not-affected> (phar extension introduced in 5.3)
CVE-2010-2947 (Heap-based buffer overflow in the HX_split function in string.c in lib ...)
	- libhx 3.5-2 (low; bug #594393)
	[lenny] - libhx <no-dsa> (Minor issue, asked maintainer to fix through spu)
CVE-2010-2946 (fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly h ...)
	- linux-2.6 2.6.32-21
	[lenny] - linux-2.6 2.6.26-25
CVE-2010-2945 (The default configuration of SLiM before 1.3.2 places ./ (dot slash) a ...)
	- slim 1.3.1-7 (low; bug #594414)
	[lenny] - slim 1.3.0-1+lenny3
CVE-2010-2944 (The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope- ...)
	{DSA-2096-1}
	- zope-ldapuserfolder <removed> (high; bug #593466)
CVE-2010-2943 (The xfs implementation in the Linux kernel before 2.6.35 does not look ...)
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
	[lenny] - linux-2.6 <not-affected> (test case fails on 2.6.26)
CVE-2010-2942 (The actions implementation in the network queueing functionality in th ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 2.6.26-25
CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate me ...)
	{DSA-2176-1}
	- cups 1.4.4-7 (bug #603344)
CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System Securit ...)
	- sssd 1.2.1-4 (bug #594413)
CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function in the ...)
	{DSA-2100-1}
	- openssl 0.9.8o-2 (low; bug #594415)
CVE-2010-2938 (arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS ...)
	- linux-2.6 <not-affected> (affected code not present in any of the released kernels; only affects xen package itself)
	- xen 4.0.1-1
	NOTE: probably fixed well before this version, but this is the one i checked and its fixed
CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in V ...)
	- vlc 1.1.3-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in OpenOffice.o ...)
	{DSA-2099-1}
	- openoffice.org 1:3.2.1-6
CVE-2010-2935 (simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x ...)
	{DSA-2099-1}
	- openoffice.org 1:3.2.1-6
CVE-2010-2934 (Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attacke ...)
	- znc 0.092-2 (unimportant; bug #599708)
CVE-2010-2933 (SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote at ...)
	NOT-FOR-US: AV Arcade
CVE-2010-2932 (Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz ...)
	NOT-FOR-US: BarCodeWiz BarCode
CVE-2010-2931 (Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows ...)
	NOT-FOR-US: SigPlus Pro activex control
CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in hsolink 1.0 ...)
	- hsolink <removed>
CVE-2010-2929 (Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.1 ...)
	- hsolink <removed>
CVE-2010-2928 (The vCenter Tomcat Management Application in VMware vCenter Server 4.1 ...)
	NOT-FOR-US: VMware vCenter Server
CVE-2010-2927 (The slapi_printmessage function in IBM Tivoli Directory Server (ITDS)  ...)
	NOT-FOR-US: Tivoli
CVE-2010-2926 (SQL injection vulnerability in index.php in sNews 1.7 allows remote at ...)
	NOT-FOR-US: sNews CMS
CVE-2010-2925 (SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allo ...)
	NOT-FOR-US: OpenFreeway
CVE-2010-2924 (SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugi ...)
	NOT-FOR-US: myLinksDump WordPress plugin
CVE-2010-2923 (SQL injection vulnerability in the YouTube (com_youtube) component 1.5 ...)
	NOT-FOR-US: com_youtube Joomla extension
CVE-2010-2922 (SQL injection vulnerability in default.asp in AKY Blog allows remote a ...)
	NOT-FOR-US: Aspindir AKY Blog
CVE-2010-2921 (SQL injection vulnerability in the Golf Course Guide (com_golfcoursegu ...)
	NOT-FOR-US: Joomla Component com_golfcourseguide
CVE-2010-2920 (Directory traversal vulnerability in the Foobla Suggestions (com_foobl ...)
	NOT-FOR-US: Joomla Component Foobla Suggestions
CVE-2010-2919 (SQL injection vulnerability in the StaticXT (com_staticxt) component f ...)
	NOT-FOR-US: Joomla Component StaticXT
CVE-2010-2918 (PHP remote file inclusion vulnerability in core/include/myMailer.class ...)
	NOT-FOR-US: Joomla Component Visites
CVE-2010-2917 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ ...)
	NOT-FOR-US: AJ square
CVE-2010-2916 (SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN  ...)
	NOT-FOR-US: AJ square
CVE-2010-2915 (SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME  ...)
	NOT-FOR-US: AJ square
CVE-2010-2914 (Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in ...)
	NOT-FOR-US: Nessus plugin
CVE-2010-2913 (The Citibank Citi Mobile app before 2.0.3 for iOS stores account data  ...)
	NOT-FOR-US: Citibank Citi Mobile app
CVE-2010-2912 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 al ...)
	NOT-FOR-US: Kayako eSupport
CVE-2010-2911 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 al ...)
	NOT-FOR-US: Kayako eSupport
CVE-2010-2910 (SQL injection vulnerability in the Ozio Gallery (com_oziogallery) comp ...)
	NOT-FOR-US: Ozio Gallery
CVE-2010-2909 (SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2908 (SQL injection vulnerability in the Joomdle (com_joomdle) component 0.2 ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2907 (SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) co ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2906 (SQL injection vulnerability in articlesdetails.php in ScriptsFeed and  ...)
	NOT-FOR-US: ScriptsFeed / BrotherScripts
CVE-2010-2905 (SQL injection vulnerability in info.php in ScriptsFeed and BrotherScri ...)
	NOT-FOR-US: ScriptsFeed / BrotherScripts
CVE-2010-2904 (Multiple cross-site scripting (XSS) vulnerabilities in the System Land ...)
	NOT-FOR-US: System Landscape Directory
CVE-2010-2903 (Google Chrome before 5.0.375.125 performs unexpected truncation and im ...)
	- webkit <not-affected> (Chromium specific issue)
	- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2902 (The SVG implementation in Google Chrome before 5.0.375.125 allows remo ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41621
	NOTE: http://trac.webkit.org/changeset/62662
	NOTE: duplicate of cve-2010-1793
CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125 allow ...)
	{DSA-2188-1}
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41373
	NOTE: http://trac.webkit.org/changeset/63048
CVE-2010-2900 (Google Chrome before 5.0.375.125 does not properly handle a large canv ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41962
	NOTE: http://trac.webkit.org/changeset/63219
CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google Chrom ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977
	NOTE: http://trac.webkit.org/changeset/62134
CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an unspeci ...)
	- webkit <not-affected> (chromium specific issue)
	- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2897 (Google Chrome before 5.0.375.125 does not properly mitigate an unspeci ...)
	- webkit <not-affected> (chromium specific issue)
	- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2896 (IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before ...)
	NOT-FOR-US: IBM FileNet Content Manager
CVE-2010-XXXX [flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it.]
	- openjdk-6 6b18-1.8.1-1
CVE-2010-XXXX [flaw in NetX that allows arbitrary unsigned apps to set any java property]
	- openjdk-6 6b18-1.8.1-1
CVE-2010-2895
	RESERVED
CVE-2010-2894
	RESERVED
CVE-2010-2893
	RESERVED
CVE-2010-2892 (gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and ...)
	NOT-FOR-US: LANDesk Management Gateway
CVE-2010-2891 (Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4. ...)
	{DSA-2145-1}
	- libsmi 0.4.8+dfsg2-3
CVE-2010-2890 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2889 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2888 (Multiple unspecified vulnerabilities in an ActiveX control in Adobe Re ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2887 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x b ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2886 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp  ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2010-2885 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, an ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2010-2884 (Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2883 (Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acroba ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2882 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not proper ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2881 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2880 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not proper ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2879 (Multiple integer overflows in the allocator in the TextXtra.x32 module ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2878 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not prope ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2877 (Adobe Shockwave Player before 11.5.8.612 does not properly validate a  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2876 (Adobe Shockwave Player before 11.5.8.612 does not properly validate va ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2875 (Integer signedness error in Adobe Shockwave Player before 11.5.8.612 a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2874 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2873 (Adobe Shockwave Player before 11.5.8.612 does not properly validate of ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2872 (Adobe Shockwave Player before 11.5.8.612 does not properly validate an ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2871 (Integer overflow in the 3D object functionality in Adobe Shockwave Pla ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2870 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not prope ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2869 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2868 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2867 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not prope ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2866 (Integer signedness error in the DIRAPI module in Adobe Shockwave Playe ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2865 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2864 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2863 (Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2861 (Multiple directory traversal vulnerabilities in the administrator cons ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts exter ...)
	NOT-FOR-US: EMC
CVE-2010-2859 (news.php in SimpNews 2.47.3 and earlier allows remote attackers to obt ...)
	NOT-FOR-US: SimpNews
CVE-2010-2858 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in Sim ...)
	NOT-FOR-US: SimpNews
CVE-2010-2857 (Directory traversal vulnerability in the Music Manager component for J ...)
	NOT-FOR-US: Joomla! Music Manager
CVE-2010-2856 (Cross-site scripting (XSS) vulnerability in admin/currencies.php in os ...)
	NOT-FOR-US: osCSS
CVE-2010-2855 (Multiple SQL injection vulnerabilities in modfile.php in Event Horizon ...)
	NOT-FOR-US: Event Horizon
CVE-2010-2854 (Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in  ...)
	NOT-FOR-US: Event Horizon
CVE-2010-2853 (SQL injection vulnerability in flashPlayer/playVideo.php in iScripts V ...)
	NOT-FOR-US: iScripts VisualCaster
CVE-2010-2852 (Cross-site scripting (XSS) vulnerability in modules/headlines/magpiers ...)
	NOT-FOR-US: RunCMS
CVE-2010-2851 (SQL injection vulnerability in the BookLibrary From Same Author (com_b ...)
	NOT-FOR-US: Joomla! BookLibrary From Same Author
CVE-2010-2850 (Directory traversal vulnerability in productionnu2/fileuploader.php in ...)
	NOT-FOR-US: nuBuilder
CVE-2010-2849 (Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php i ...)
	NOT-FOR-US: nuBuilder
CVE-2010-2848 (Directory traversal vulnerability in assets/captcha/includes/alikon/pl ...)
	NOT-FOR-US: Joomla! ArtForms
CVE-2010-2847 (Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (co ...)
	NOT-FOR-US: Joomla! ArtForms
CVE-2010-2846 (Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms ( ...)
	NOT-FOR-US: Joomla! ArtForms
CVE-2010-2845 (SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1 ...)
	NOT-FOR-US: Joomla! QuickFAQ
CVE-2010-2844 (Cross-site scripting (XSS) vulnerability in news_show.php in Newanz Ne ...)
	NOT-FOR-US: Newanz NewsOffice
CVE-2010-2843 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0 ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-2842 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0 ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-2841 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) softw ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-2840 (The Presence Engine (PE) service in Cisco Unified Presence 6.x before  ...)
	NOT-FOR-US: Cisco
CVE-2010-2839 (SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) ...)
	NOT-FOR-US: Cisco
CVE-2010-2838 (The SendCombinedStatusInfo implementation in Cisco Unified Communicati ...)
	NOT-FOR-US: Cisco
CVE-2010-2837 (The SIPStationInit implementation in Cisco Unified Communications Mana ...)
	NOT-FOR-US: Cisco
CVE-2010-2836 (Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1,  ...)
	NOT-FOR-US: Cisco
CVE-2010-2835 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x  ...)
	NOT-FOR-US: Cisco
CVE-2010-2834 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x  ...)
	NOT-FOR-US: Cisco
CVE-2010-2833 (Unspecified vulnerability in the NAT for H.225.0 implementation in Cis ...)
	NOT-FOR-US: Cisco
CVE-2010-2832 (Unspecified vulnerability in the NAT for H.323 implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-2831 (Unspecified vulnerability in the NAT for SIP implementation in Cisco I ...)
	NOT-FOR-US: Cisco
CVE-2010-2830 (The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and  ...)
	NOT-FOR-US: Cisco
CVE-2010-2829 (Unspecified vulnerability in the H.323 implementation in Cisco IOS 12. ...)
	NOT-FOR-US: Cisco
CVE-2010-2828 (Unspecified vulnerability in the H.323 implementation in Cisco IOS 12. ...)
	NOT-FOR-US: Cisco
CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Cisco
CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0 ...)
	NOT-FOR-US: Cisco
CVE-2010-2825 (Unspecified vulnerability in the SIP inspection feature on the Cisco A ...)
	NOT-FOR-US: Cisco
CVE-2010-2824 (Unspecified vulnerability on the Cisco Application Control Engine (ACE ...)
	NOT-FOR-US: Cisco
CVE-2010-2823 (Unspecified vulnerability in the deep packet inspection feature on the ...)
	NOT-FOR-US: Cisco
CVE-2010-2822 (Unspecified vulnerability in the RTSP inspection feature on the Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2010-2821 (Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) ...)
	NOT-FOR-US: Cisco
CVE-2010-2820 (Unspecified vulnerability in the SunRPC inspection feature on the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2010-2819 (Unspecified vulnerability in the SunRPC inspection feature on the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2010-2818 (Unspecified vulnerability in the SunRPC inspection feature on the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2010-2817 (Unspecified vulnerability in the IKE implementation on Cisco Adaptive  ...)
	NOT-FOR-US: Cisco
CVE-2010-2816 (Unspecified vulnerability in the SIP inspection feature on Cisco Adapt ...)
	NOT-FOR-US: Cisco
CVE-2010-2815 (Unspecified vulnerability in the Transport Layer Security (TLS) implem ...)
	NOT-FOR-US: Cisco
CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) implem ...)
	NOT-FOR-US: Cisco
CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not prop ...)
	{DSA-2091-1}
	- squirrelmail 2:1.4.21-1 (low)
	[lenny] - squirrelmail <no-dsa> (low-risk issue)
CVE-2010-2812 (Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of s ...)
	- znc 0.092-2 (unimportant; bug #599708)
CVE-2010-2811 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualiza ...)
	- vdsm <itp> (bug #668538)
CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in WWW/Libr ...)
	- lynx-cur 2.8.8dev.5-1 (bug #594300)
	[lenny] - lynx-cur <no-dsa> (Minor issue, exploit scenario really obscure)
CVE-2010-2809 (The default configuration of the &lt;Button2&gt; binding in Uzbl befor ...)
	- uzbl 0.0.0~git.20100403-3 (bug #594301)
CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs. ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during bounds  ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2806 (Array index error in the t42_parse_sfnts function in type42/t42parse.c ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType befor ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2804
	RESERVED
CVE-2010-2803 (The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rend ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-22
CVE-2010-2802 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allo ...)
	- mantis <not-affected> (vulnerable code introduced in 1.2.x)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract bef ...)
	{DSA-2087-1}
	- cabextract 1.3-1 (bug #591552)
CVE-2010-2800 (The MS-ZIP decompressor in cabextract before 1.3 allows remote attacke ...)
	- cabextract 1.3-1 (bug #591552; unimportant)
CVE-2010-2799 (Stack-based buffer overflow in the nestlex function in nestlex.c in So ...)
	{DSA-2090-1}
	- socat 1.7.1.3-1 (bug #591443; medium)
CVE-2010-2798 (The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kern ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-20
CVE-2010-2797 (Directory traversal vulnerability in lib/translation.functions.php in  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when  ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack sessio ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users t ...)
	- spice-xpi <removed>
	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for Internet E ...)
	NOT-FOR-US: SPICE plugin for Internet Explorer
CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox al ...)
	- spice-xpi <removed>
	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix,  ...)
	- apache2 2.2.9-10 (low)
CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...)
	- zabbix 1:1.8.3-1 (bug #594304)
	[squeeze] - zabbix 1:1.8.2-1squeeze1
	[lenny] - zabbix <no-dsa> (Minor issue)
CVE-2010-2789 (PHP remote file inclusion vulnerability in MediaWikiParserTest.php in  ...)
	- mediawiki <not-affected> (Affects mediawiki 1:1.16.0beta* - was not and will not be in Debian)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2788 (Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWi ...)
	- mediawiki 1:1.15.5-1 (bug #590669; low)
	[lenny] - mediawiki 1:1.12.0-2lenny6
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2787 (api.php in MediaWiki before 1.15.5 does not prevent use of public cach ...)
	- mediawiki 1:1.15.5-1 (bug #590660; low)
	[lenny] - mediawiki <no-dsa> (Minor issue)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows re ...)
	- piwik <itp> (bug #506933)
CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not  ...)
	{DSA-2078-1}
	- kvirc 4:4.0.0-3
CVE-2010-2784 (The subpage MMIO initialization functionality in the subpage_register  ...)
	- qemu-kvm 0.12.5+dfsg-3 (bug #594478)
	- kvm <removed>
	[lenny] - kvm 72+dfsg-5~lenny6
CVE-2010-2783 (IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary  ...)
	- openjdk-6 6b18-1.8.1-1
CVE-2010-2782
	RESERVED
CVE-2010-2781
	RESERVED
CVE-2010-2780
	RESERVED
CVE-2010-2779 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupW ...)
	NOT-FOR-US: GroupWise
CVE-2010-2778 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupW ...)
	NOT-FOR-US: GroupWise
CVE-2010-2777 (Stack-based buffer overflow in the IMAP server component in GroupWise  ...)
	NOT-FOR-US: GroupWise
CVE-2010-2776
	RESERVED
CVE-2010-2775
	RESERVED
CVE-2010-2774
	RESERVED
CVE-2010-2773
	RESERVED
CVE-2010-2772 (Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded passwor ...)
	NOT-FOR-US: SCADA
CVE-2010-2771 (solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to exe ...)
	NOT-FOR-US: IBM solidDB
CVE-2010-3484 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows r ...)
	- mapserver 5.6.4-1 (low)
	[lenny] - mapserver <no-dsa> (Minor issue)
CVE-2010-3485 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows r ...)
	- mapserver 5.6.4-1 (low)
	[lenny] - mapserver <no-dsa> (Minor issue)
CVE-2010-2770 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...)
	- xulrunner <not-affected> (The vulnerability is MacOS-specific)
	- iceweasel <not-affected> (The vulnerability is MacOS-specific)
	- iceape <not-affected> (The vulnerability is MacOS-specific)
CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5 ...)
	{DSA-2124-1 DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2768 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2767 (The navigator.plugins implementation in Mozilla Firefox before 3.5.12  ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2766 (The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3. ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2765 (Integer overflow in the FRAMESET element implementation in Mozilla Fir ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2764 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...)
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	[lenny] - xulrunner <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- icedove 3.0.7-1
	[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2763 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
	- xulrunner <not-affected> (Only affects 3.6, only in experimental)
	- iceweasel <not-affected> (Only affects 3.6, only in experimental)
CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.p ...)
	- perl 5.10.1-17 (bug #606995)
	- libcgi-pm-perl 3.50-1 (bug #606370)
	[lenny] - libcgi-pm-perl 3.38-2lenny2
	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
	- libcgi-simple-perl 1.111-2 (bug #606379)
	[lenny] - libcgi-simple-perl 1.105-1lenny1
	[lenny] - perl 5.10.0-19lenny3 (bug #606995)
CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in Mozill ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6. ...)
	- bugzilla 3.6.2.0-1 (bug #595015; medium)
CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6. ...)
	- bugzilla 3.6.2.0-1 (bug #595015; low)
CVE-2010-2757 (The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4. ...)
	- bugzilla 3.6.2.0-1 (bug #595015; low)
CVE-2010-2756 (Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 ...)
	- bugzilla 3.6.2.0-1 (bug #595015; low)
CVE-2010-2755 (layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not pro ...)
	- xulrunner <not-affected> (Only exploitable in Firefox 3.6.x and above)
	- iceweasel <not-affected> (Only exploitable in Firefox 3.6.x and above)
CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 an ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2753 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x befo ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
CVE-2010-2752 (Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5 ...)
	- xulrunner 1.9.1.11-1
	[lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
CVE-2010-2751 (The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocS ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2750 (Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac a ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-2749
	REJECTED
CVE-2010-2748 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check  ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-2747 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-2746 (Heap-based buffer overflow in Comctl32.dll (aka the common control lib ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2745 (Microsoft Windows Media Player (WMP) 9 through 12 does not properly de ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2743 (The kernel-mode drivers in Microsoft Windows XP SP3 do not properly pe ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2742 (The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2740 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2739 (Buffer overflow in the CreateDIBPalette function in win32k.sys in Micr ...)
	NOT-FOR-US: Windows
CVE-2010-2738 (The Uniscribe (aka new Unicode Script Processor) implementation in USP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2737
	REJECTED
CVE-2010-2736
	REJECTED
CVE-2010-2735
	REJECTED
CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in Micro ...)
	NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in Microso ...)
	NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft Forefron ...)
	NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services ( ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5,  ...)
	NOT-FOR-US: Microsoft IIS
CVE-2010-2729 (The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2728 (Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, an ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2010-2727
	REJECTED
CVE-2010-2726
	REJECTED
CVE-2010-2725 (BarnOwl before 1.6.2 does not check the return code of calls to the (1 ...)
	{DSA-2102-1}
	- barnowl 1.6.2-1 (bug #593299)
CVE-2010-2724 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select mo ...)
	NOT-FOR-US: Drupal addon module
CVE-2010-2723 (Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows  ...)
	NOT-FOR-US: LISTSERV
CVE-2010-2722 (Cross-site scripting (XSS) vulnerability in index.php in RightInPoint  ...)
	NOT-FOR-US: RightInPoint Lyrics Script
CVE-2010-2721 (SQL injection vulnerability in index.php in RightInPoint Lyrics Script ...)
	NOT-FOR-US: RightInPoint Lyrics Script
CVE-2010-2720 (SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and p ...)
	NOT-FOR-US: phpaaCms
CVE-2010-2719 (SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and p ...)
	NOT-FOR-US: phpaaCms
CVE-2010-2718 (Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware Cr ...)
	NOT-FOR-US: CruxSoftware
CVE-2010-2717 (Cross-site scripting (XSS) vulnerability in manager/login.php in CruxS ...)
	NOT-FOR-US: CruxSoftware
CVE-2010-2716 (Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote atta ...)
	NOT-FOR-US: PsNews
CVE-2010-2715 (Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PH ...)
	NOT-FOR-US: TCW PHP Album
CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 a ...)
	NOT-FOR-US: TCW PHP Album
CVE-2010-2713 (The vte_sequence_handler_window_manipulation function in vteseq.c in l ...)
	[lenny] - vte <not-affected> (Uses a hardcoded string in the terminal icon/window title)
	- vte 1:0.24.3-1
	NOTE: http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74
	NOTE: http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
CVE-2010-2712 (Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.1 ...)
	NOT-FOR-US: Software Distributor in HP HP-UX
CVE-2010-2711 (Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the  ...)
	NOT-FOR-US: HP MagCloud app
CVE-2010-2710 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView Network No ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.2 ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches be ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2706 (Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch with soft ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and  ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the ov.dll mo ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2702 (Buffer overflow in the UGameEngine::UpdateConnectingMessage function i ...)
	NOT-FOR-US: Unreal engine
CVE-2010-2701 (Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow rem ...)
	NOT-FOR-US: FathFTP ActiveX control
CVE-2010-2700 (Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clic ...)
	NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script
CVE-2010-2699 (SQL injection vulnerability in index.php in Edge PHP Clickbank Affilia ...)
	NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script
CVE-2010-2698 (Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community ...)
	NOT-FOR-US: Sijio Community Software
CVE-2010-2697 (Cross-site scripting (XSS) vulnerability in Sijio Community Software a ...)
	NOT-FOR-US: Sijio Community Software
CVE-2010-2696 (SQL injection vulnerability in gallery/index.php in Sijio Community So ...)
	NOT-FOR-US: Sijio Community Software
CVE-2010-2695 (Directory traversal vulnerability in the SFTP/SSH2 virtual server in X ...)
	NOT-FOR-US: Xlight FTP Server
CVE-2010-2694 (SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2693 (FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag wh ...)
	- kfreebsd-7 7.3-5
	[lenny] - kfreebsd-7 <no-dsa> (Not covered by security support in Lenny)
	- kfreebsd-8 8.0-10
CVE-2010-2692 (Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Des ...)
	NOT-FOR-US: 2daybiz Custom T-Shirt Design Script
CVE-2010-2691 (Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Desig ...)
	NOT-FOR-US: 2daybiz Custom T-Shirt Design Script
CVE-2010-2690 (SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) co ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2689 (SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS  ...)
	NOT-FOR-US: Internet DM WebDM CMS
CVE-2010-2688 (SQL injection vulnerability in detail.asp in Site2Nite Boat Classified ...)
	NOT-FOR-US: Site2Nite Boat Classifieds
CVE-2010-2687 (SQL injection vulnerability in printdetail.asp in Site2Nite Boat Class ...)
	NOT-FOR-US: Site2Nite Boat Classifieds
CVE-2010-2686 (Multiple SQL injection vulnerabilities in clientes.asp in the TopManag ...)
	NOT-FOR-US: SAP module
CVE-2010-2685 (siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not p ...)
	NOT-FOR-US: Customer Paradigm PageDirector CMS
CVE-2010-2684 (SQL injection vulnerability in index.php in Customer Paradigm PageDire ...)
	NOT-FOR-US: Customer Paradigm PageDirector CMS
CVE-2010-2683 (SQL injection vulnerability in result.php in Customer Paradigm PageDir ...)
	NOT-FOR-US: Customer Paradigm PageDirector CMS
CVE-2010-2682 (Directory traversal vulnerability in the Realtyna Translator (com_real ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2681 (PHP remote file inclusion vulnerability in the SEF404x (com_sef) compo ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2680 (Directory traversal vulnerability in the JExtensions JE Section/Proper ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2679 (SQL injection vulnerability in the Weblinks (com_weblinks) component i ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2678 (SQL injection vulnerability in xmap (com_xmap) component for Joomla! a ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2677 (PHP remote file inclusion vulnerability in mw_plugin.php in Open Web A ...)
	NOT-FOR-US: Open Web Analytics
CVE-2010-2676 (Multiple directory traversal vulnerabilities in index.php in Open Web  ...)
	NOT-FOR-US: Open Web Analytics
CVE-2010-2675 (Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1 ...)
	NOT-FOR-US: TSOKA:CMS
CVE-2010-2674 (SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2. ...)
	NOT-FOR-US: TSOKA:CMS
CVE-2010-2673 (SQL injection vulnerability in profile_view.php in Devana 1.6.6 and ea ...)
	NOT-FOR-US: Devana
CVE-2010-2672 (Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2 ...)
	- ezpublish <removed>
CVE-2010-2671 (Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ P ...)
	- ezpublish <removed>
CVE-2010-2670 (SQL injection vulnerability in recipedetail.php in BrotherScripts Reci ...)
	NOT-FOR-US: BrotherScripts Recipe Website
CVE-2010-2669 (Cross-site scripting (XSS) vulnerability in admin/editors/text/editor- ...)
	NOT-FOR-US: Orbis CMS
CVE-2010-2668 (Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Ada ...)
	NOT-FOR-US: Adaptive Micro Systems ALPHA Ethernet Adapter
CVE-2010-2667 (Multiple unspecified vulnerabilities in the Virtual Appliance Manageme ...)
	NOT-FOR-US: VMware Studio
CVE-2010-2666 (Opera before 10.54 on Windows and Mac OS X does not properly enforce p ...)
	NOT-FOR-US: Opera
CVE-2010-2665 (Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Wind ...)
	NOT-FOR-US: Opera
CVE-2010-2664 (Opera before 10.60 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2010-2663 (Opera before 10.60 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2010-2662 (Opera before 10.60 allows remote attackers to bypass the popup blocker ...)
	NOT-FOR-US: Opera
CVE-2010-2661 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX p ...)
	NOT-FOR-US: Opera
CVE-2010-2660 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX p ...)
	NOT-FOR-US: Opera
CVE-2010-2659 (Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10 ...)
	NOT-FOR-US: Opera
CVE-2010-2658 (Opera before 10.60 does not properly restrict certain interaction betw ...)
	NOT-FOR-US: Opera
CVE-2010-2657 (Opera before 10.60 on Windows and Mac OS X does not properly prevent c ...)
	NOT-FOR-US: Opera
CVE-2010-2656 (The IBM BladeCenter with Advanced Management Module (AMM) firmware bui ...)
	NOT-FOR-US: BladeCenter software
CVE-2010-2655 (Directory traversal vulnerability in private/file_management.php on th ...)
	NOT-FOR-US: BladeCenter software
CVE-2010-2654 (Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCe ...)
	NOT-FOR-US: BladeCenter software
CVE-2010-2653 (Race condition in the hvc_close function in drivers/char/hvc_console.c ...)
	- linux-2.6 2.6.32-25
CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement modal dial ...)
	- webkit <not-affected> (chromium specific issue)
	- chromium-browser 5.0.375.99~r51029-1
CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome befor ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014
	NOTE: http://trac.webkit.org/changeset/59247
CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99 has unkno ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 5.0.375.99~r51029-1
CVE-2010-2649 (Unspecified vulnerability in Google Chrome before 5.0.375.99 allows re ...)
	- webkit <not-affected> (issue in chromium-specific code)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39797
	NOTE: http://trac.webkit.org/changeset/60973
	NOTE: http://trac.webkit.org/changeset/60977
CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka Bidi al ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39305
	NOTE: http://trac.webkit.org/projects/webkit/changeset/61921
CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a den ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38627
	NOTE: http://trac.webkit.org/changeset/61667
	NOTE: http://trac.webkit.org/changeset/61669 mac fixes
	NOTE: http://trac.webkit.org/changeset/61676 chromium fixes
	NOTE: http://trac.webkit.org/changeset/61679 additional layout test
	NOTE: duplicate of cve-2010-1786
CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed IF ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151
	NOTE: http://trac.webkit.org/changeset/58873
	NOTE: http://trac.webkit.org/changeset/59870 chromium updates
CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99, when Web ...)
	- webkit <not-affected> (doesn't include webgl code yet)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38039
	NOTE: http://trac.webkit.org/changeset/58957
CVE-2010-2644 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1  ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2010-2643 (Integer overflow in the TFM font parser in the dvi-backend component i ...)
	{DSA-2357-1}
	- evince 2.30.3-2 (bug #609534)
CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend c ...)
	{DSA-2388-1 DSA-2357-1}
	- evince 3.0.2-1 (bug #609534)
	[squeeze] - evince 2.30.3-2+squeeze1
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend component i ...)
	{DSA-2357-1}
	- evince 2.30.3-2 (bug #609534)
CVE-2010-2640 (Array index error in the PK font parser in the dvi-backend component i ...)
	{DSA-2357-1}
	- evince 2.30.3-2 (bug #609534)
CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote att ...)
	NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0
CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allow ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not en ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample store pa ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0 ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...)
	NOT-FOR-US: RSA enVision
CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3. ...)
	NOT-FOR-US: EMC
CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10 ...)
	NOT-FOR-US: Solaris FTP server
CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first stag ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed before initial upload)
CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly vali ...)
	{DSA-2552-1}
	- tiff 3.9.6-1
	- tiff3 3.9.6-1
	NOTE: may have been fixed earlier
CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02  ...)
	NOT-FOR-US: Cisco
CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 ...)
	- strongswan 4.4.1-1
	[lenny] - strongswan <not-affected> (Vulnerability introduced in 4.3.3)
	[squeeze] - strongswan <not-affected> (Vulnerability introduced in 4.3.3)
CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 engine ...)
	NOT-FOR-US: Refractor 2
CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...)
	NOT-FOR-US: Miyabi CGI Tools SEO Links
CVE-2010-2625 (Unspecified vulnerability in the Client Service for DPM in Hitachi Ser ...)
	NOT-FOR-US: Hitachi ServerConductor
CVE-2010-2624 (Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow ...)
	NOT-FOR-US: iScripts EasySnaps
CVE-2010-2623 (SQL injection vulnerability in pages.php in Internet DM Specialist Bed ...)
	NOT-FOR-US: Internet DM Specialist Bed and Breakfast
CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly 1.1. ...)
	NOT-FOR-US: Joomanager
CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in src_network_ssl_qss ...)
	- qt4-x11 4:4.6.3-2 (low; bug #587711)
	[lenny] - qt4-x11 <no-dsa> (Harmless impact)
	NOTE: Fixed by commit c25c7c9bdfade6b906f37ac8bad44f6f0de57597
CVE-2010-2620 (Open&amp;Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote  ...)
	NOT-FOR-US: Open&Compact FTP Server
CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlie ...)
	NOT-FOR-US: Citrix XenServer (it's based on Xen, likely a duplicate of an existing Xen issue)
CVE-2010-2494 (Multiple buffer underflows in the base64 decoder in base64.c in (1) bo ...)
	- bogofilter 1.2.1-3 (low; bug #588090)
	[lenny] - bogofilter 1.1.7-1+lenny1
	NOTE: this is "only" null write to an invalid pointer, no arbitrary location
CVE-2010-2495 (The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP imple ...)
	- linux-2.6 2.6.32-16
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.29)
CVE-2010-2618 (PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in ...)
	NOT-FOR-US: AdaptCMS
CVE-2010-2617 (Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Sea ...)
	NOT-FOR-US: PHP Bible Search
CVE-2010-2616 (SQL injection vulnerability in bible.php in PHP Bible Search, probably ...)
	NOT-FOR-US: PHP Bible Search
CVE-2010-2615 (Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php ...)
	NOT-FOR-US: Grafik CMS
CVE-2010-2614 (SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, an ...)
	NOT-FOR-US: Grafik CMS
CVE-2010-2613 (Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Son ...)
	NOT-FOR-US: com_awd_song component for joomla!
CVE-2010-2612 (Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVM ...)
	NOT-FOR-US: HP OpenVMS
CVE-2010-2611 (SQL injection vulnerability in show_search_result.php in i-netsolution ...)
	NOT-FOR-US: i-netsolution Job Search Engine
CVE-2010-2610 (Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allo ...)
	NOT-FOR-US: 2daybiz Job Site Script
CVE-2010-2609 (SQL injection vulnerability in show_search_result.php in 2daybiz Job S ...)
	NOT-FOR-US: 2daybiz Job Search Engine Script
CVE-2010-2608
	RESERVED
CVE-2010-2607
	RESERVED
CVE-2010-2606
	RESERVED
CVE-2010-2605
	RESERVED
CVE-2010-2604 (Multiple buffer overflows in the PDF Distiller in the BlackBerry Attac ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2010-2603 (RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Ma ...)
	NOT-FOR-US: RIM BlackBerry Desktop Software
CVE-2010-2602 (Multiple buffer overflows in the PDF distiller component in the BlackB ...)
	NOT-FOR-US: BlackBerry Enterprise Serve
CVE-2010-2601 (Multiple buffer overflows in the PDF distiller in the Attachment Servi ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2010-2600 (Untrusted search path vulnerability in BlackBerry Desktop Software bef ...)
	NOT-FOR-US: BlackBerry Desktop Software
CVE-2010-2599 (Unspecified vulnerability in Research In Motion (RIM) BlackBerry Devic ...)
	NOT-FOR-US: BlackBerry Device Software
CVE-2010-2594 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: InterSect Allience Snare Agent
CVE-2010-2593
	RESERVED
CVE-2010-2592
	RESERVED
CVE-2010-2591
	RESERVED
CVE-2010-2590 (Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl ...)
	NOT-FOR-US: ActiveX
CVE-2010-2589 (Integer overflow in the dirapi.dll module in Adobe Shockwave Player be ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2588 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allo ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2587 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allo ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2586 (Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winam ...)
	NOT-FOR-US: Winamp
CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX contro ...)
	NOT-FOR-US: RealPage Module ActiveX Controls
CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in Rea ...)
	NOT-FOR-US: RealPage Module ActiveX Controls
CVE-2010-2583 (Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogato ...)
	NOT-FOR-US: SonicWALL
CVE-2010-2582 (An unspecified function in TextXtra.x32 in Adobe Shockwave Player befo ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not pro ...)
	NOT-FOR-US: MailEnable
CVE-2010-2579 (The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlaye ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2578 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-2577 (Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow rem ...)
	NOT-FOR-US: Pligg
CVE-2010-2576 (Opera before 10.61 does not properly suppress clicks on download dialo ...)
	NOT-FOR-US: Opera
CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality in t ...)
	- okular 4:4.4.5-2
	[lenny] - okular 0.7-2+lenny1
	- kdegraphics 4:4.4.5-2
	[lenny] - kdegraphics <not-affected> (Lenny's kdegraphics doesn't yet contain Okular)
	NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt
	NOTE: Okular was initially a single source package (lenny days), then it was merged into
	NOTE: kdegraphics (squeeze days) and later split off again (wheezy)
CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...)
	- mantis 1.1.8+dfsg-6 (low; bug #595510)
	[lenny] - mantis 1.1.6+dfsg-2lenny2
CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as u ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2  ...)
	{DSA-2552-1}
	- tiff 3.9.6-1
	- tiff3 3.9.6-1
	NOTE: may have been fixed earlier
CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2 ...)
	{DLA-610-1}
	- tiff 4.0.6-1 (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2209
	NOTE: according to upstream http://bugzilla.maptools.org/show_bug.cgi?id=2209#c6
	NOTE: unreproducible in VCS. Confirmed for version 4.0.6 in Stretch by verifying
	NOTE: that the reproducer does not trigger the crash anymore.
	NOTE: Tom Lane's patch should be applied for tiff in Wheezy too.
	NOTE: Not confirmed which exact version should fix the issue.
CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in Ima ...)
	{DSA-2552-1}
	- tiff 3.9.6-1
	- tiff3 3.9.6-1
	NOTE: may have been fixed earlier
CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, Power ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows r ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2010-2571 (Array index error in pubconv.dll (aka the Publisher Converter DLL) in  ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-2570 (Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-2569 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2 ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-2568 (Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1  ...)
	NOT-FOR-US: Microsoft
CVE-2010-2567 (The RPC client implementation in Microsoft Windows XP SP2 and SP3 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2010-2565
	REJECTED
CVE-2010-2564 (Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6 ...)
	NOT-FOR-US: Microsoft
CVE-2010-2563 (The Word 97 text converter in the WordPad Text Converters in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2562 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...)
	NOT-FOR-US: Microsoft
CVE-2010-2561 (Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle H ...)
	NOT-FOR-US: Microsoft
CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft
CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft
CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remot ...)
	NOT-FOR-US: Microsoft
CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft
CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft
CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2010-2553 (The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista S ...)
	NOT-FOR-US: Microsoft
CVE-2010-2552 (Stack consumption vulnerability in the SMB Server in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2010-2551 (The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2010-2549 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2010-2548 (IcedTea6 before 1.7.4 does not properly check property access, which a ...)
	- openjdk-6 6b18-1.8.1-1
CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2. ...)
	{DSA-2076-1}
	- gnupg2 2.0.14-2
CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod ...)
	{DSA-2081-1}
	- libmikmod 3.1.11-6.3
CVE-2010-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0. ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-2544 (Cross-site scripting (XSS) vulnerability in utilities.php in Cacti bef ...)
	- cacti 0.8.7g-1
CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in include/top_graph_header.p ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in setup. ...)
	{DSA-2114-1}
	- git-core 1:1.7.1-1.1 (low; bug #590026)
CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType b ...)
	{DSA-2105-1}
	- freetype 2.4.2-1 (low)
CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 d ...)
	{DSA-2079-1}
	- mapserver 5.6.4-1
CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in mapserv in M ...)
	{DSA-2079-1}
	- mapserver 5.6.4-1
CVE-2010-2538 (Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c ...)
	- linux-2.6 2.6.32-19
	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.29)
CVE-2010-2537 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel ...)
	- linux-2.6 2.6.32-19
	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.29)
CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and  ...)
	- rekonq 0.5.0-2 (bug #593300)
CVE-2010-2535 (Multiple cross-site scripting (XSS) vulnerabilities in the Back End in ...)
	NOT-FOR-US: Joomla!
CVE-2010-2534 (The NetworkSyncCommandQueue function in network/network_command.cpp in ...)
	- openttd 1.0.3-1
	[lenny] - openttd <not-affected> (Introduced in 1.0.1)
	NOTE: http://bugs.openttd.org/task/3909
CVE-2010-2533
	REJECTED
CVE-2010-2532
	- lxsession 0.4.4-3 (bug #591409)
CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3  ...)
	{DSA-2266-1}
	- php5 5.3.3-2 (low)
CVE-2010-2530 (Multiple integer signedness errors in smb_subr.c in the netsmb module  ...)
	NOT-FOR-US: NetBSD
CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 200 ...)
	{DSA-2645-1}
	- iputils 3:20100418-2
	- inetutils 2:1.9-2
	[lenny] - iputils 3:20071127-1+lenny1
CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar protocol plu ...)
	- pidgin 2.7.2-1
	[lenny] - pidgin <not-affected> (Vulnerable code not present, support for X-Status was added later)
CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4.0 al ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in lvm2-cluster in L ...)
	{DSA-2095-1}
	- lvm2 2.02.66-3 (bug #591204)
CVE-2010-2525
	RESERVED
CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the Lin ...)
	{DSA-2264-1}
	- linux-2.6 2.6.32-19
CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allo ...)
	NOT-FOR-US: UMIP
CVE-2010-2522 (The mipv6 daemon in UMIP 0.4 does not verify that netlink messages ori ...)
	NOT-FOR-US: UMIP
CVE-2010-2521 (Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementati ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-13
CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in truetype/ttinter ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2519 (Heap-based buffer overflow in the Mac_Read_POST_Resource function in b ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2518 (Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before ...)
	NOT-FOR-US: P8 Content Search Engine
CVE-2010-2517 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest before ...)
	NOT-FOR-US: ClearQuest
CVE-2010-2516 (Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketin ...)
	NOT-FOR-US: 2daybiz Multi Level Marketing
CVE-2010-2515 (Multiple SQL injection vulnerabilities in index.php in the JFaq (com_j ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2514 (Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) compon ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2513 (SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxe ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2512 (SQL injection vulnerability in customprofile.php in 2daybiz Matrimonia ...)
	NOT-FOR-US: 2daybiz Matrimonial Script
CVE-2010-2511 (SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Mar ...)
	NOT-FOR-US: 2daybiz Multi Level Marketing
CVE-2010-2510 (SQL injection vulnerability in customize.php in 2daybiz Web Template S ...)
	NOT-FOR-US: 2daybiz Web Template
CVE-2010-2509 (Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Tem ...)
	NOT-FOR-US: 2daybiz Web Template
CVE-2010-2508 (SQL injection vulnerability in user-profile.php in 2daybiz Video Commu ...)
	NOT-FOR-US: 2daybiz Video
CVE-2010-2507 (Directory traversal vulnerability in the Picasa2Gallery (com_picasa2ga ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2506 (Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54 ...)
	NOT-FOR-US: Linksys
CVE-2010-2505 (Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remo ...)
	NOT-FOR-US: Soft SaschArt SasCAM Webcam Server
CVE-2010-2504 (Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenti ...)
	NOT-FOR-US: Splunk
CVE-2010-2503 (Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 thro ...)
	NOT-FOR-US: Splunk
CVE-2010-2502 (Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0 ...)
	NOT-FOR-US: Splunk
CVE-2010-2501
	RESERVED
CVE-2010-2500 (Integer overflow in the gray_render_span function in smooth/ftgrays.c  ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2499 (Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs. ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c in Fre ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows re ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2496
	RESERVED
CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) i ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messagin ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-19
CVE-2010-2491 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup b ...)
	- roundup 1.4.13-3.1 (bug #590769)
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=326395
	NOTE: http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
CVE-2010-2490 (Mumble: murmur-server has DoS due to malformed client query ...)
	- mumble 1.2.2-4 (bug #587713)
	[lenny] - mumble <no-dsa> (Minor issue)
	- qt4-x11 <not-affected> (low; bug #587713)
CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...)
	- ruby1.8 <not-affected> (Windows-specific)
	- ruby1.9.1 <not-affected> (Windows-specific)
CVE-2010-2488 (NULL pointer dereference vulnerability in ZNC before 0.092 caused by t ...)
	{DSA-2069-1}
	- znc 0.090-2 (bug #584929)
CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3  ...)
	{DSA-2083-1}
	- moin 1.9.3-1 (bug #584809)
CVE-2010-2486
	RESERVED
CVE-2010-2485
	RESERVED
CVE-2010-2484 (The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...)
	- php5 5.3.3-1 (unimportant)
CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...)
	- tiff 3.9.4-4 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid td_strip ...)
	{DSA-2552-1}
	- tiff 3.9.4-1 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly ha ...)
	- tiff 3.9.4-1 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2480 (Mako before 0.3.4 relies on the cgi.escape function in the Python stan ...)
	- mako 0.3.4-1 (low)
	[lenny] - mako <no-dsa> (Minor issue)
CVE-2010-2478 (Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool ...)
	- linux-2.6 2.6.32-19
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=608950
	NOTE: http://thread.gmane.org/gmane.linux.network/164869
CVE-2010-2477 (Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpe ...)
	- paste 1.7.4-1 (low)
	[lenny] - paste 1.7.1-1+lenny1
	NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
CVE-2010-2475
	RESERVED
CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through  ...)
	- bugzilla <not-affected> (Only affects 3.5 to 3.7)
CVE-2010-2476 (syscp 1.4.2.1 allows attackers to add arbitrary paths via the document ...)
	- syscp <removed> (bug #587481)
CVE-2010-2469 (The Linear eMerge 50 and 5000 uses a default password of eMerge for th ...)
	NOT-FOR-US: Linear eMerge
CVE-2010-2468 (The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 an ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2467 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eM ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2466 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eM ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2465 (The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2464 (Multiple cross-site scripting (XSS) vulnerabilities in the RSComments  ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2463 (Cross-site scripting (XSS) vulnerability in forum.php in Jamroom befor ...)
	NOT-FOR-US: Jamroom
CVE-2010-2462 (SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP ...)
	NOT-FOR-US: Toma Cero OroHYIP
CVE-2010-2461 (SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 al ...)
	NOT-FOR-US: JCE-Tech Overstock
CVE-2010-2460 (SQL injection vulnerability in merchant_product_list.php in JCE-Tech S ...)
	NOT-FOR-US: JCE-Tech Shareasale Script
CVE-2010-2459 (SQL injection vulnerability in video.php in 2daybiz Video Community Po ...)
	NOT-FOR-US: 2daybiz Video Community Portal Script
CVE-2010-2458 (Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video ...)
	NOT-FOR-US: 2daybiz Video Community Portal Script
CVE-2010-2457 (Cross-site scripting (XSS) vulnerability in index.php in K-Search allo ...)
	NOT-FOR-US: K-Search
CVE-2010-2456 (Multiple directory traversal vulnerabilities in index.php in Linker IM ...)
	NOT-FOR-US: Linker IMG
CVE-2010-2455 (Opera does not properly manage the address bar between the request to  ...)
	NOT-FOR-US: Opera
CVE-2010-2454 (Apple Safari does not properly manage the address bar between the requ ...)
	- webkit <not-affected> (iceweasel/safari-specific issues)
	- chromium-browser <not-affected> (iceweasel/safari-specific issues)
	NOTE: i tested both firefox and safari poc's, and neither of them caused the
	NOTE: address bar to be spoofed in either webkit or chrome
	NOTE: this will be address in iceweasel in cve-2010-1206
CVE-2010-2453 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk S ...)
	NOT-FOR-US: Synology Disk Station
CVE-2010-2452 (Directory traversal vulnerability in the DCC functionality in KVIrc 3. ...)
	{DSA-2065-1}
	- kvirc 4:4.0.0~svn4340+rc3-1
CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in KVI ...)
	{DSA-2065-1}
	- kvirc 4:4.0.0~svn4340+rc3-1
CVE-2010-2443 (The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9. ...)
	- tiff 3.9.4-1 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
	NOTE: Triggers a NULL pointer deref, crasher only
CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict fo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote a ...)
	- webkit 1.2.1-3 (low)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: http://trac.webkit.org/changeset/58829
CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation W ...)
	NOT-FOR-US: Subtitle Translation Wizard
CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to exec ...)
	NOT-FOR-US: MoreAmp
CVE-2010-2438 (SQL injection vulnerability in G.CMS generator allows remote attackers ...)
	NOT-FOR-US: G.CMS
CVE-2010-2437 (Cross-site scripting (XSS) vulnerability in class/tools.class.php in A ...)
	NOT-FOR-US: AneCMS BLog
CVE-2010-2436 (SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1 ...)
	NOT-FOR-US: AneCMS Blog
CVE-2010-2435 (Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause ...)
	- weborf 0.12.2-1
CVE-2010-2434 (Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explz ...)
	NOT-FOR-US: Explzh
CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in content/interna ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS befo ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local users, wit ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-2430
	RESERVED
CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2,  ...)
	NOT-FOR-US: Splunk
CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the  ...)
	NOT-FOR-US: Wing FTP Server
CVE-2010-2427 (VMware Studio 2.0 does not properly write to temporary files, which al ...)
	NOT-FOR-US: VMware Studio
CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River Technolo ...)
	NOT-FOR-US: Titan FTP Server
CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River Technolo ...)
	NOT-FOR-US: Titan FTP Server
CVE-2010-2424
	RESERVED
CVE-2010-2423
	RESERVED
CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone  ...)
	- plone3 <removed>
CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have unknow ...)
	NOT-FOR-US: Opera
CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...)
	NOT-FOR-US: Sleipnir
CVE-2010-2479 (Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1 ...)
	{DSA-2067-1}
	- php-htmlpurifier 4.1.1+dfsg1-1
	- mahara 1.2.5-1
	- moodle 1.9.9.dfsg2-1 (low; bug #593301)
	[lenny] - moodle <not-affected> (doesn't ship/use htmlpurifier)
	- knowledgeroot 0.9.9.5-5
	[lenny] - knowledgeroot <no-dsa> (low)
CVE-2010-2419 (Unspecified vulnerability in the Java Virtual Machine component in Ora ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2418 (Unspecified vulnerability in the Oracle Territory Management component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2417 (Unspecified vulnerability in the Agile PLM component in Oracle Supply  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2010-2416 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle E-Business Intelligence
CVE-2010-2415 (Unspecified vulnerability in the Change Data Capture component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2414 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Jav ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-2413 (Unspecified vulnerability in the BI Publisher component in Oracle Fusi ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2412 (Unspecified vulnerability in the OLAP component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2411 (Unspecified vulnerability in the Job Queue component in Oracle Databas ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2410 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion M ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2409 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion M ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2408 (Unspecified vulnerability in the Oracle iRecruitment component in Orac ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2407 (Unspecified vulnerability in the XDK component in Oracle Database Serv ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2406 (Unspecified vulnerability in the Siebel Core - Highly Interactive Clie ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-2405 (Unspecified vulnerability in the Siebel Core - Highly Interactive Clie ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-2404 (Unspecified vulnerability in the Oracle iRecruitment component in Orac ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2403 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solution ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2401 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2400 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...)
	NOT-FOR-US: Solaris
CVE-2010-2399 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Solaris
CVE-2010-2398 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2397 (Unspecified vulnerability in Oracle Sun Java System Application Server ...)
	NOT-FOR-US: Oracle Sun Java System Application Serve
CVE-2010-2396 (Unspecified vulnerability in the Forms component in Oracle Fusion Midd ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2395 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion M ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2394 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Solaris
CVE-2010-2393 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Solaris
CVE-2010-2392 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Solaris
CVE-2010-2391 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2390 (Unspecified vulnerability in the Database Control component in EM Cons ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2389 (Unspecified vulnerability in the Perl component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2388 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2387 (vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x bef ...)
	- gdm 2.20.11-1
CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...)
	NOT-FOR-US: Solaris
CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy Server 4 ...)
	NOT-FOR-US: Oracle Sun Java System Web Proxy Server
CVE-2010-2384 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2010-2383 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...)
	NOT-FOR-US: Solaris
CVE-2010-2382 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2010-2381 (Unspecified vulnerability in the Application Server Control component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2380 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2379 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - Time &amp ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2378 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2377 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2376 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2010-2375 (Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspeci ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2374 (Unspecified vulnerability in Solaris Studio 12 update 1 allows local u ...)
	NOT-FOR-US: Solaris
CVE-2010-2373 (Unspecified vulnerability in the Console component in Oracle Enterpris ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2010-2372 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2010-2371 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2010-2370 (Unspecified vulnerability in the Oracle Business Process Management co ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2369 (Untrusted search path vulnerability in Lhasa 0.19 and earlier allows l ...)
	NOT-FOR-US: Lhasa
CVE-2010-2368 (Untrusted search path vulnerability in Lhaplus before 1.58 allows loca ...)
	NOT-FOR-US: Lhaplus
CVE-2010-2367 (Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 bef ...)
	NOT-FOR-US: AD-EDIT2
CVE-2010-2366 (Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Ana ...)
	NOT-FOR-US: CGI Cafe Access Analyzer
CVE-2010-2365 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 befor ...)
	NOT-FOR-US: Free CGI Moo moobbs2
CVE-2010-2364 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before ...)
	NOT-FOR-US: Free CGI Moo moobbs2
CVE-2010-2363 (The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the S ...)
	NOT-FOR-US: SEIL/X1, SEIL/X2, and SEIL/B1 routers
CVE-2010-2362 (Winny 2.0b7.1 and earlier does not properly process node information,  ...)
	NOT-FOR-US: Winny
CVE-2010-2361 (Winny 2.0b7.1 and earlier does not properly process BBS information, w ...)
	NOT-FOR-US: Winny
CVE-2010-2360 (Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow rem ...)
	NOT-FOR-US: Winny
CVE-2010-2359 (SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com  ...)
	NOT-FOR-US: eWebquiz
CVE-2010-2358 (PHP remote file inclusion vulnerability in modules/catalog/upload_phot ...)
	NOT-FOR-US: Nakid CMS
CVE-2010-2357 (SQL injection vulnerability in index.php in Eicra Realestate Script 1. ...)
	NOT-FOR-US: Eicra Realestate Script
CVE-2010-2356 (Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Gro ...)
	NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2355 (Cross-site scripting (XSS) vulnerability in error.php in Pilot Group ( ...)
	NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS  ...)
	NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK) module 6.x ...)
	- drupal6-mod-cck <not-affected> (Fixed before initial upload)
CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK) module 5.x ...)
	- drupal6-mod-cck <not-affected> (Fixed before initial upload)
CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0  ...)
	NOT-FOR-US: Novell Netware
CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows  ...)
	- ziproxy 3.1.1-1 (bug #587039)
	[lenny] - ziproxy <not-affected> (Introduced in 3.1.0)
CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: H264WebCam
CVE-2010-2348 (Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0. ...)
	NOT-FOR-US: Batch Audio Converter
CVE-2010-2347 (The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 thr ...)
	NOT-FOR-US: SAP J2EE Telnet Interface
CVE-2010-2346
	RESERVED
CVE-2010-2345 (Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and pos ...)
	NOT-FOR-US: odCMS
CVE-2010-2344 (Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and ...)
	NOT-FOR-US: odCMS
CVE-2010-2343 (Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007 ...)
	NOT-FOR-US: D.R. Software Audio Converter
CVE-2010-2342 (SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady O ...)
	NOT-FOR-US: DMXReady Online Notebook Manager
CVE-2010-2341 (PHP remote file inclusion vulnerability in system/application/views/pu ...)
	NOT-FOR-US: EZPX Photoblog
CVE-2010-2340 (SQL injection vulnerability in members.php in Arab Portal 2.2, when ma ...)
	NOT-FOR-US: Arab Portal
CVE-2010-2339 (SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x ...)
	NOT-FOR-US: Subdreamer CMS
CVE-2010-2338 (Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor  ...)
	NOT-FOR-US: VU Web Visitor Analyst
CVE-2010-2337 (Open redirect vulnerability in RSA Federated Identity Manager 4.0 befo ...)
	NOT-FOR-US: RSA Federated Identity Manager
CVE-2010-2336 (index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obt ...)
	NOT-FOR-US: Yamamah Photo Gallery
CVE-2010-2335 (SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00 ...)
	NOT-FOR-US: Yamamah Photo Gallery
CVE-2010-2334 (Directory traversal vulnerability in themes/default/download.php in Ya ...)
	NOT-FOR-US: Yamamah Phote Gallery
CVE-2010-2333 (LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows ...)
	NOT-FOR-US: LiteSpeed Web Server
CVE-2010-2332 (Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions ...)
	NOT-FOR-US: Impact PDF Reader
CVE-2010-2331 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allow ...)
	NOT-FOR-US: iSharer File Sharing Wizard
CVE-2010-2330 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allow ...)
	NOT-FOR-US: iSharer File Sharing Wizard
CVE-2010-2329 (Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attacker ...)
	NOT-FOR-US: Rosoft Audio Converter
CVE-2010-2328 (The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2327 (mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.3 ...)
	NOT-FOR-US: IBM HTTP Server
CVE-2010-2326 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNo ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2325 (Cross-site scripting (XSS) vulnerability in the administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2324 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS all ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2323 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS mig ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2322 (Absolute path traversal vulnerability in the extract_jar function in j ...)
	- fastjar 2:0.98-3 (low)
	[lenny] - fastjar <no-dsa> (Minor issue)
CVE-2010-2321 (Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote ...)
	NOT-FOR-US: Adobe InDesign
CVE-2010-2320 (bozotic HTTP server (aka bozohttpd) before 20100621 allows remote atta ...)
	- bozohttpd 20100621-1 (low; bug #590298)
	[lenny] - bozohttpd <no-dsa> (Minor information leak)
CVE-2010-2319 (SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allo ...)
	NOT-FOR-US: IDevSpot TextAds
CVE-2010-2318 (Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPor ...)
	NOT-FOR-US: PHPCityPortal
CVE-2010-2317 (Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow ...)
	NOT-FOR-US: WmsCms
CVE-2010-2316 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in  ...)
	NOT-FOR-US: WmsCms
CVE-2010-2315 (PHP remote file inclusion vulnerability in picturelib.php in SmartISof ...)
	NOT-FOR-US: SmartISoft phpBazar
CVE-2010-2314 (PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter. ...)
	NOT-FOR-US: NP_Twitter Plugin
CVE-2010-2313 (Directory traversal vulnerability in index.php in Anodyne Productions  ...)
	NOT-FOR-US: SIMM Management System
CVE-2010-2312 (SQL injection vulnerability in index.php in HauntmAx Haunted House Dir ...)
	NOT-FOR-US: HauntmAx Haunted House Directory Listing CMS
CVE-2010-2311 (Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows us ...)
	NOT-FOR-US: Power Tab Editor
CVE-2010-2310 (SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a de ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2010-2309 (Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6. ...)
	NOT-FOR-US: EvoLogical EvoCam
CVE-2010-2308 (Unspecified vulnerability in the filter driver (savonaccessfilter.sys) ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2010-2307 (Multiple directory traversal vulnerabilities in the web server for Mot ...)
	NOT-FOR-US: Motorola firmware
CVE-2010-2306 (The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; ...)
	NOT-FOR-US: Sourcefire 3D Sensor
CVE-2010-2305 (Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Syg ...)
	NOT-FOR-US: Symantec Sygate Personal Firewall
CVE-2010-2304
	REJECTED
CVE-2010-2303
	REJECTED
CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome bef ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: http://trac.webkit.org/changeset/59876
	NOTE: duplicate of cve-2010-1771
CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebC ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: http://trac.webkit.org/changeset/59241
	NOTE: http://trac.webkit.org/changeset/59242
	NOTE: duplicate of cve-2010-1762
CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes funct ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: http://trac.webkit.org/changeset/59109
	NOTE: duplicate of cve-2010-1759
CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc i ...)
	- webkit <not-affected> (chromium-specific)
	- chromium-browser 5.0.375.70~r48679-1
CVE-2010-2298 (browser/renderer_host/database_dispatcher_host.cc in Google Chrome bef ...)
	- webkit <not-affected> (chromium-specific)
	- chromium-browser 5.0.375.70~r48679-1
CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome b ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before  ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
	NOTE: http://trac.webkit.org/changeset/57627
	NOTE: http://trac.webkit.org/changeset/57658
	NOTE: http://trac.webkit.org/changeset/57658
	NOTE: http://trac.webkit.org/changeset/59769
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159
CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0 ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: http://trac.webkit.org/changeset/58829
CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and ...)
	NOT-FOR-US: Plume CMS
CVE-2010-2293 (The Ping tools web interface in Dlink Di-604 router allows remote auth ...)
	NOT-FOR-US: Dlink Di-604
CVE-2010-2292 (Cross-site scripting (XSS) vulnerability in the Ping tools web interfa ...)
	NOT-FOR-US: Dlink Di-604 Router
CVE-2010-2291 (Unspecified vulnerability in the web interface in snom VoIP Phone firm ...)
	NOT-FOR-US: snom VoIP Phone
CVE-2010-2290 (Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfe ...)
	NOT-FOR-US: McAfee
CVE-2010-2289 (Open redirect vulnerability in dana/home/homepage.cgi in Juniper Netwo ...)
	NOT-FOR-US: Juniper Networks
CVE-2010-2288 (Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Junip ...)
	NOT-FOR-US: Juniper Networks
CVE-2010-2282 (Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 all ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-2281 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-2280 (Open redirect vulnerability in the Mobile component in IBM Lotus Conne ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2279 (The Top Updates implementation in the Homepage component in IBM Lotus  ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2278 (The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connect ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2277 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Conne ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2276 (The default configuration of the build process in Dojo 0.4.x before 0. ...)
	- dojo <not-affected> (Doesn't affect the Debian packaging)
CVE-2010-2275 (Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js ...)
	- dojo 1.4.2+dfsg-1
CVE-2010-2274 (Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1 ...)
	- dojo 1.4.2+dfsg-1
CVE-2010-2273 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x befo ...)
	- dojo 1.4.2+dfsg-1
CVE-2010-2272 (Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before  ...)
	- dojo <not-affected> (only affects 0.4 branch)
CVE-2010-2271 (Format string vulnerability in authcfg.cgi in Accoria Web Server (aka  ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2270 (Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable http ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2269 (Directory traversal vulnerability in loadstatic.cgi in Accoria Web Ser ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2268 (Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Acco ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2267 (Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Ser ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2266 (nginx 0.8.36 allows remote attackers to cause a denial of service (cra ...)
	- nginx <not-affected> (Confirmed Windows only, see bug #590768)
CVE-2010-2265 (Cross-site scripting (XSS) vulnerability in the GetServerName function ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...)
	- chromium-browser 6.0.466.0~r52279-1
	NOTE: This is a large series of risky behaviour-changing changesets.
	NOTE: upstream changelog says this is fixed in 1.2.3, but i'm doubtful of that
CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows ...)
	- nginx <not-affected> (Windows-specific vulnerability when running on NTFS)
CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 throug ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 th ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 throug ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine  ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in Wiresh ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2262 (Galileo Students Team Weborf before 0.12.1 allows remote attackers to  ...)
	- weborf 0.12.1-1
CVE-2010-2261 (Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers  ...)
	NOT-FOR-US: Linksys WAP54Gv3
CVE-2010-2260 (Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design B ...)
	NOT-FOR-US: Gabmbit Design Bandwidth Meter
CVE-2010-2259 (Directory traversal vulnerability in the BF Survey (com_bfsurvey) comp ...)
	NOT-FOR-US: com_bfsurvey component for joomla!
CVE-2010-2258 (Cross-site scripting (XSS) vulnerability in signupconfirm.php in phpBa ...)
	NOT-FOR-US: phpBannerExchange
CVE-2010-2257 (SQL injection vulnerability in index_ie.php in Pay Per Minute Video Ch ...)
	NOT-FOR-US: Pay Per Minute Video Chat Script
CVE-2010-2256 (Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute  ...)
	NOT-FOR-US: Pay Per Minute Video Chat Script
CVE-2010-2255 (SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) co ...)
	NOT-FOR-US: com_bfsurvey component for joomla!
CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope template for  ...)
	NOT-FOR-US: joomla!
CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject downloads to  ...)
	- libwww-perl 5.835-1 (low)
	[lenny] - libwww-perl 5.813-1+lenny2
CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename instead of t ...)
	{DSA-2088-1}
	- wget 1.12-2.1 (low; bug #590296)
CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does not pr ...)
	{DSA-2085-1}
	- lftp 4.0.6-1 (low)
	[lenny] - lftp <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1. ...)
	{DSA-2072-1}
	- libpng 1.2.44-1 (low; bug #587670)
	- tuxonice-userui 1.0-1 (unimportant)
	NOTE: tuxonice-userui 1.0-1 was binNMUed
CVE-2010-2248 (fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel befor ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-12 (low)
CVE-2010-2247 (makepasswd 1.10 default settings generate insecure passwords ...)
	- makepasswd 1.10-5 (low; bug #564559)
	[lenny] - makepasswd 1.10-3+lenny1
CVE-2010-2246 (feh before 1.8, when the --wget-timestamp option is enabled, might all ...)
	- feh 1.8-1 (low; bug #587205)
	[lenny] - feh <no-dsa> (Minor issue)
CVE-2010-2245 (XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earli ...)
	NOT-FOR-US: Apache Wink
CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in  ...)
	{DSA-2086-1}
	- avahi 0.6.26-1
CVE-2010-2243 (A vulnerability exists in kernel/time/clocksource.c in the Linux kerne ...)
	- linux-2.6 2.6.32-11
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improp ...)
	- libvirt 0.8.3-1 (low)
	[lenny] - libvirt 0.4.6-10+lenny1
CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Ha ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel befo ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-21
CVE-2010-2239 (Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images with ...)
	- libvirt 0.8.3-1 (low)
	[lenny] - libvirt <not-affected> (only affects >= 0.6.0)
CVE-2010-2238 (Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-imag ...)
	- libvirt 0.8.3-1
	[lenny] - libvirt <not-affected> (only affects >= 0.7.2)
CVE-2010-2237 (Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing s ...)
	- libvirt 0.8.3-1
	[lenny] - libvirt <not-affected> (only affects >= 0.6.1)
CVE-2010-2236 (The monitoring probe display in spacewalk-java before 2.1.148-1 and Re ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2010-2235 (template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Sa ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used ...)
	- tiff 3.9.4-2
	- tiff3 <not-affected> (fixed prior to initial upload)
	[lenny] - tiff <not-affected> (Only affects 3.9.x)
CVE-2010-2232 (In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export pro ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://issues.apache.org/jira/browse/DERBY-2925
CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in report/overview/rep ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
CVE-2010-2230 (The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.1 ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
	- wordpress 3.0.4+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
	- egroupware <not-affected> (Only forks a minor subset of KSES)
CVE-2010-2229 (Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php  ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET access-control in ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 be ...)
	{DSA-2207-1}
	- tomcat5.5 <removed>
	- tomcat6 6.0.28-1 (bug #588813)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-2226 (The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel bef ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-19
CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in P ...)
	{DSA-2089-1}
	- php5 5.3.3-1
CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise Virtualizatio ...)
	NOT-FOR-US: Red Hat Enterprise Virtualization Manager (RHEV-M)
CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualiza ...)
	- vdsm <itp> (bug #668538)
CVE-2010-2222 (The _ger_parse_control function in Red Hat Directory Server 8 and the  ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1)  ...)
	- iscsitarget 1.4.20.1-1
CVE-2010-2220 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, a ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2219 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0 ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2218 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, a ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2217 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, a ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2216 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2215 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2214 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2213 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2211 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2210 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2209 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2208 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2207 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2206 (Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x befo ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2205 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2204 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2203 (Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to e ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2202 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2201 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2200
	RESERVED
CVE-2010-2199 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...)
	- rpm <unfixed> (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2010-2198 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...)
	- rpm <unfixed> (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2010-2197 (rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax o ...)
	- rpm 4.8.1-1 (low; bug #584257)
	[lenny] - rpm <no-dsa> (Minor issue)
CVE-2010-2196
	RESERVED
CVE-2010-2195 (bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows a ...)
	- bozohttpd 20100621-1 (low; bug #590298)
	[lenny] - bozohttpd <not-affected> (Only affects 20090522 to 20100512)
CVE-2010-2194
	RESERVED
CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) Web ...)
	NOT-FOR-US: CA Global Advisor
CVE-2010-2192 (The make_lockdir_name function in policy.c in pmount 0.9.18 allow loca ...)
	{DSA-2063-1}
	- pmount 0.9.23-1
CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...)
	- php5 5.3.3-1 (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions i ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2189 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2188 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2187 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2186 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2185 (Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2184 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2183 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2182 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2181 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2180 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2179 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2178 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2177 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2176 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2175 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2174 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2173 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2172 (Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms al ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2171 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2170 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2169 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2168 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2167 (Multiple heap-based buffer overflows in Adobe Flash Player before 9.0. ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2166 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2165 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2164 (Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 an ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2163 (Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0. ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2162 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2161 (Array index error in Adobe Flash Player before 9.0.277.0 and 10.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2160 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2159 (Dameng DM Database Server allows remote authenticated users to cause a ...)
	NOT-FOR-US: Dameng DM Database
CVE-2010-2158 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm modul ...)
	NOT-FOR-US: Storm module for Drupal
CVE-2010-2157 (Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2,  ...)
	NOT-FOR-US: CA ARCserve
CVE-2010-2156 (ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote att ...)
	- isc-dhcp 4.1.1-P1-1
	- dhcp3 <not-affected> (Only affects DHCP 4.x)
	- dhcp <not-affected> (Only affects DHCP 4.x)
	NOTE: http://www.isc.org/software/dhcp/advisories/cve-2010-2156
CVE-2010-2155 (Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/ht ...)
	{DSA-2056-1}
	- zonecheck 2.1.1-1 (bug #583290)
CVE-2010-2154 (Cross-site scripting (XSS) vulnerability in the Search Site in CMScout ...)
	NOT-FOR-US: CMScout
CVE-2010-2153 (Unrestricted file upload vulnerability in admin/code/tce_functions_tce ...)
	NOT-FOR-US: TCExam
CVE-2010-2152 (Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, I ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2010-2151 (Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 ...)
	NOT-FOR-US: Fujitsu e-Pares
CVE-2010-2150 (Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allow ...)
	NOT-FOR-US: Fujitsu e-Pares
CVE-2010-2149 (Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L ...)
	NOT-FOR-US: Fujitsu e-Pares
CVE-2010-2148 (SQL injection vulnerability in the My Car (com_mycar) component 1.0 fo ...)
	NOT-FOR-US: My Car for Joomla
CVE-2010-2147 (Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) com ...)
	NOT-FOR-US: My Car for Joomla
CVE-2010-2146 (PHP remote file inclusion vulnerability in banned.php in Visitor Logge ...)
	NOT-FOR-US: Visitor Logger
CVE-2010-2145 (Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4 ...)
	NOT-FOR-US: ClearSite
CVE-2010-2144 (Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways  ...)
	NOT-FOR-US: Zeeways eBay Clone auction script
CVE-2010-2143 (Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 a ...)
	NOT-FOR-US: Symphony CMS
CVE-2010-2142 (SQL injection vulnerability in default.asp in Cyberhost allows remote  ...)
	NOT-FOR-US: Cyberhost
CVE-2010-2141 (SQL injection vulnerability in index.php in NITRO Web Gallery allows r ...)
	NOT-FOR-US: NITRO Web Gallery
CVE-2010-2140 (SQL injection vulnerability in itemdetail.php in Multishop CMS allows  ...)
	NOT-FOR-US: Multishop CMS
CVE-2010-2139 (SQL injection vulnerability in pages.php in Multishop CMS allows remot ...)
	NOT-FOR-US: Multishop CMS
CVE-2010-2138 (Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earli ...)
	NOT-FOR-US: ProMan
CVE-2010-2137 (PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 ...)
	NOT-FOR-US: ProMan
CVE-2010-2136 (Directory traversal vulnerability in admin/index.php in Article Friend ...)
	NOT-FOR-US: Article Friendly
CVE-2010-2135 (Multiple SQL injection vulnerabilities in login.php in HazelPress Lite ...)
	NOT-FOR-US: HazelPress Lite
CVE-2010-2134 (Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 ...)
	NOT-FOR-US: Project Man
CVE-2010-2133 (SQL injection vulnerability in contact.php in My Little Forum allows r ...)
	NOT-FOR-US: My Little Forum
CVE-2010-2132 (Multiple PHP remote file inclusion vulnerabilities in Open Education S ...)
	NOT-FOR-US: Open Education System
CVE-2010-2131 (SQL injection vulnerability in the Calendar Base (cal) extension befor ...)
	NOT-FOR-US: TYPO3 extenson Calendar Base
CVE-2010-2130 (Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ...)
	NOT-FOR-US: Aris Global ARISg
CVE-2010-2129 (Directory traversal vulnerability in the JE Ajax Event Calendar (com_j ...)
	NOT-FOR-US: JE Ajax Event Calenda
CVE-2010-2128 (Directory traversal vulnerability in the JE Quotation Form (com_jequot ...)
	NOT-FOR-US: JE Quotation Form for Joomla
CVE-2010-2127 (PHP remote file inclusion vulnerability in gallery.php in JV2 Folder G ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2010-2126 (Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3. ...)
	NOT-FOR-US: Snipe Gallery
CVE-2010-2125 (Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banne ...)
	NOT-FOR-US: Rotor Banner module for Drupal
CVE-2010-2124 (SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4 ...)
	NOT-FOR-US: Bartels Schone ConPresso
CVE-2010-2123 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm modul ...)
	NOT-FOR-US: Storm module for Drupal
CVE-2010-2122 (Directory traversal vulnerability in the SimpleDownload (com_simpledow ...)
	NOT-FOR-US: SimpleDownload for Joomla
CVE-2010-2121 (Opera 9.52 allows remote attackers to cause a denial of service (resou ...)
	NOT-FOR-US: Opera
CVE-2010-2120 (Google Chrome 1.0.154.48 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Unclear, historic Chrome issue
CVE-2010-2119 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to c ...)
	NOT-FOR-US: MS IE
CVE-2010-2118 (Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows re ...)
	NOT-FOR-US: MS IE
CVE-2010-2117 (Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to ca ...)
	- xulrunner <unfixed> (unimportant)
CVE-2010-2116 (The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 al ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2010-2115 (SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a de ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2010-2114 (Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke ...)
	NOT-FOR-US: Brekeke PBX
CVE-2010-2113 (Multiple cross-site request forgery (CSRF) vulnerabilities in The Unif ...)
	NOT-FOR-US: The Uniform Server
CVE-2010-2112 (Directory traversal vulnerability in the FTP service in FileCOPA befor ...)
	NOT-FOR-US: FileCOPA
CVE-2010-2111 (Cross-site request forgery (CSRF) vulnerability in user/user-set.do in ...)
	NOT-FOR-US: Pacific Timesheet
CVE-2010-2110 (Google Chrome before 5.0.375.55 does not properly execute JavaScript c ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (issue in chrome's libv8 bindings)
	NOTE: http://trac.webkit.org/changeset/58229
CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows us ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/58441
CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows re ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-2107 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows at ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (doesn't have safebrowsing feature)
CVE-2010-2106 (Unspecified vulnerability in Google Chrome before 5.0.375.55 might all ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-2105 (Google Chrome before 5.0.375.55 does not properly follow the Safe Brow ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (doesn't have safebrowsing feature)
CVE-2010-2104 (Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0. ...)
	NOT-FOR-US: Orbit Downloader
CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/en ...)
	- axis <not-affected> (axis != axis2, vulnerable code not present)
CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to exe ...)
	NOT-FOR-US: Webby Webserver
CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_w ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2100 (The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_b ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2099 (bbcode/php.bb in e107 0.7.20 and earlier does not perform access contr ...)
	NOT-FOR-US: e107
CVE-2010-2098 (Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20  ...)
	NOT-FOR-US: e107
CVE-2010-2097 (The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2096 (Directory traversal vulnerability in index.php in CMSQlite 1.2 and ear ...)
	NOT-FOR-US: CMSQlite
CVE-2010-2095 (SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier a ...)
	NOT-FOR-US: CMSQlite
CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP 5. ...)
	- php5 5.3.3-1 (low)
	[lenny] - php5 <not-affected> (Vulnerable code not present)
CVE-2010-2093 (Use-after-free vulnerability in the request shutdown functionality in  ...)
	- php5 5.3.3-1 (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2092 (SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier a ...)
	{DSA-2060-1}
	- cacti 0.8.7e-4 (bug #582691)
CVE-2010-2091 (Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 ...)
	NOT-FOR-US: Microsoft OWA
CVE-2010-2090 (The npb_protocol_error function in sna V5router64 in IBM Communication ...)
	NOT-FOR-US: IBM Communications Server
CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the relations ...)
	- python3.1 3.1.2+20100706-1 (low)
	- python2.7 2.7-1 (low)
	- python2.6 2.6.5+20100706-1 (low)
	- python2.5 2.5.5-10 (low; bug #599739)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-2088 (ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted  ...)
	NOT-FOR-US: Microsoft .NET
CVE-2010-2087 (Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application  ...)
	- mojarra <unfixed> (unimportant; bug #611130)
	NOTE: Affected feature is fundamentally insecure
CVE-2010-2086 (Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application S ...)
	NOT-FOR-US: Apache MyFaces
CVE-2010-2085 (The default configuration of ASP.NET in Microsoft .NET before 1.1 has  ...)
	NOT-FOR-US: Microsoft .NET
CVE-2010-2084 (Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property  ...)
	NOT-FOR-US: Microsoft .NET
CVE-2010-2083 (Microsoft Dynamics GP has a default value of ACCESS for the system pas ...)
	NOT-FOR-US: Microsoft Dynamics GP
CVE-2010-2082 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ca ...)
	NOT-FOR-US: Cisco
CVE-2010-2081
	RESERVED
CVE-2010-2080 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...)
	- otrs2 2.4.8+dfsg1-1
	[lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4)
CVE-2010-2079 (DataTrack System 3.5 allows remote attackers to bypass intended restri ...)
	NOT-FOR-US: DataTrack System
CVE-2010-2078 (DataTrack System 3.5 allows remote attackers to list the root director ...)
	NOT-FOR-US: DataTrack System
CVE-2010-2077
	REJECTED
CVE-2010-2076 (Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before  ...)
	NOT-FOR-US: Apache CXF
CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from Novemb ...)
	- unrealircd <itp> (bug #515130)
CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_se ...)
	- w3m 0.5.2-5 (low; bug #587445)
	[lenny] - w3m 0.5.2-2+lenny1
CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and pa ...)
	- pyftpd 0.8.5 (low; bug #585776)
	[lenny] - pyftpd 0.8.4.6+lenny1
CVE-2010-2072 (Pyftpd 0.8.4 creates log files with predictable names in a temporary d ...)
	- pyftpd 0.8.5 (low; bug #585773)
	[lenny] - pyftpd 0.8.4.6+lenny1
CVE-2010-2071 (The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Lin ...)
	- linux-2.6 2.6.32-16
	[lenny] - linux-2.6 <not-affected> (btrfs introduced in 2.6.29)
CVE-2010-2070 (arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and  ...)
	- xen-3 3.2.1-2
	NOTE: The respective patch is present in Lenny's version of xen-3, might be fixed even earlier
CVE-2010-2069
	REJECTED
CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 thr ...)
	- apache2 <not-affected> (does not affect UNIX, only Windows, etc.)
CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function i ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
	[lenny] - tiff <not-affected> (Only affects 3.9.x)
CVE-2010-2066 (The mext_check_arguments function in fs/ext4/move_extent.c in the Linu ...)
	- linux-2.6 2.6.32-21
	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.31)
CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allo ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
	[lenny] - tiff <not-affected> (Only affects 3.9.x)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145
	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565
CVE-2010-2064 (rpcbind 0.2.0 allows local users to write to arbitrary files or gain p ...)
	- rpcbind 0.2.0-4.1
	NOTE: This version changed the state directory to /var/run/rpcbind, which is only writable by root
CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the chai ...)
	{DSA-2061-1}
	- samba 2:3.4.0~pre1-1 (high)
	NOTE: the affected code has been completely rewritten since 3.4.x
CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, as use ...)
	{DSA-2044-1 DSA-2043-1}
	- vlc 1.0.1-1
	[lenny] - vlc 0.8.6.h-4+lenny2.3
	- mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245)
	[lenny] - mplayer 1.0~rc2-17+lenny3.2
	- xine-lib <not-affected> (immune due to additional check in xio_rw_abbort())
	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
	NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
	NOTE: DSA-2043 and DSA-2044
CVE-2010-2061 (rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2)  ...)
	- rpcbind 0.2.0-4.1
CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows r ...)
	- beanstalkd 1.4.6-1 (unimportant; bug #585162)
	NOTE: Package description reads: "Beanstalkd is meant to be ran in a trusted network,
	NOTE: "as it has no authorisation/authentication mechanisms". So this is likely a non-issue
CVE-2010-2059 (lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and R ...)
	- rpm 4.8.1-1 (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2010-2058 (setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable ...)
	- prewikka 1.0.0-1.1 (low; bug #584469)
	[lenny] - prewikka <no-dsa> (The insecure permissions only apply for a very short timeframe during pkg update)
	NOTE: FEDORA-2009-3761 http://lwn.net/Articles/330642
CVE-2010-2057 (shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2. ...)
	NOT-FOR-US: Apache MyFaces
CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary files vi ...)
	- gv 1:3.7.1-1 (low)
	[lenny] - gv <no-dsa> (Minor issue)
CVE-2010-2055 (Ghostscript 8.71 and earlier reads initialization files from the curre ...)
	- ghostscript 8.71~dfsg2-6.1 (bug #584653; bug #592569; bug #584663)
	[lenny] - ghostscript <no-dsa> (too risky for regressions)
CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 t ...)
	NOT-FOR-US: SBLIM SFCB
CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local user ...)
	- emesene 1.6.2-1 (low)
	[lenny] - emesene <not-affected> (Introduced in 1.6.1)
CVE-2010-2052
	REJECTED
CVE-2010-2051 (SQL injection vulnerability in article.php in Debliteck DBCart allows  ...)
	NOT-FOR-US: Debliteck DBCart
CVE-2010-2050 (Directory traversal vulnerability in the Moron Solutions MS Comment (c ...)
	NOT-FOR-US: Moron Solutions MS Comment
CVE-2010-2049 (Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportRe ...)
	NOT-FOR-US: ManageEngine ADAudit Plus
CVE-2010-2048 (Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat m ...)
	NOT-FOR-US: Heartbeat module for Drupal
CVE-2010-2047 (SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allow ...)
	NOT-FOR-US: JE CMS
CVE-2010-2046 (Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelpe ...)
	NOT-FOR-US: ActiveHelper LiveHelp for Joomla
CVE-2010-2045 (Directory traversal vulnerability in the Dione Form Wizard (aka FDione ...)
	NOT-FOR-US: Dione Form Wizard
CVE-2010-2044 (SQL injection vulnerability in the Konsultasi (com_konsultasi) compone ...)
	NOT-FOR-US: Konsultasi for Joomla
CVE-2010-2043 (Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack Sys ...)
	NOT-FOR-US: DataTrack System
CVE-2010-2042 (SQL injection vulnerability in search.php in ECShop 2.7.2 allows remot ...)
	NOT-FOR-US: ECShop
CVE-2010-2041 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in PH ...)
	NOT-FOR-US: PHP-Calendar
CVE-2010-2040 (Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzi ...)
	NOT-FOR-US: V-EVA Shopzilla script
CVE-2010-2039 (Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1 ...)
	NOT-FOR-US: gpEasy CMS
CVE-2010-2038 (Cross-site scripting (XSS) vulnerability in include/tool/editing_files ...)
	NOT-FOR-US: gpEasy CMS
CVE-2010-2037 (Directory traversal vulnerability in the Percha Downloads Attach (com_ ...)
	NOT-FOR-US: Percha
CVE-2010-2036 (Directory traversal vulnerability in the Percha Fields Attach (com_per ...)
	NOT-FOR-US: Percha
CVE-2010-2035 (Directory traversal vulnerability in the Percha Gallery (com_perchagal ...)
	NOT-FOR-US: Percha
CVE-2010-2034 (Directory traversal vulnerability in the Percha Image Attach (com_perc ...)
	NOT-FOR-US: Percha
CVE-2010-2033 (Directory traversal vulnerability in the Percha Multicategory Article  ...)
	NOT-FOR-US: Percha
CVE-2010-2032 (Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/dig ...)
	NOT-FOR-US: Caucho Technology Resin Professional
CVE-2010-2031 (KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3 ...)
	NOT-FOR-US: Kingsoft Webshield
CVE-2010-2030 (Cross-site scripting (XSS) vulnerability in the External Link Page mod ...)
	NOT-FOR-US: External Link Page module for Drupal
CVE-2010-2029 (Cybozu Office 7 Ktai and Dotsales do not properly restrict access to t ...)
	NOT-FOR-US: Cybozu Office and Dotsales
CVE-2010-2028 (Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 all ...)
	NOT-FOR-US: k23productions TFTPGUI
CVE-2010-2027 (Mathematica 7, when running on Linux, allows local users to overwrite  ...)
	NOT-FOR-US: Mathematica
CVE-2010-2026 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ca ...)
	NOT-FOR-US: Cisco
CVE-2010-2025 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: Cisco
CVE-2010-2024 (transports/appendfile.c in Exim before 4.72, when MBX locking is enabl ...)
	- exim4 4.72-1 (low)
	[lenny] - exim4 <no-dsa> (Minor issue)
CVE-2010-2023 (transports/appendfile.c in Exim before 4.72, when a world-writable sti ...)
	- exim4 4.72-1 (low)
	[lenny] - exim4 <no-dsa> (Minor issue)
CVE-2010-2022 (jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root ...)
	- kfreebsd-6 <not-affected> (jail binary not yet provided, see bug #584930)
	- kfreebsd-7 <not-affected> (jail binary not yet provided, see bug #584930)
	- kfreebsd-8 <not-affected> (jail binary not yet provided, see bug #584930)
CVE-2010-2021 (Open redirect vulnerability in the Global Redirect module 6.x-1.x befo ...)
	NOT-FOR-US: Global Redirect module for Drupal is not in Debian
CVE-2010-2020 (sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD  ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (Minor issue, not enabled by default)
	- kfreebsd-7 7.3-2
	[lenny] - kfreebsd-7 <no-dsa> (Minor issue, not enabled by default)
	- kfreebsd-8 8.0-6 (bug #584930)
CVE-2010-2019 (SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, whe ...)
	NOT-FOR-US: Lokomedia CMS
CVE-2010-2018 (Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4. ...)
	NOT-FOR-US: Lokomedia CMS
CVE-2010-2017 (Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lo ...)
	NOT-FOR-US: Lokomedia CMS
CVE-2010-2016 (SQL injection vulnerability in details.php in Iceberg CMS allows remot ...)
	NOT-FOR-US: Iceberg CMS
CVE-2010-2015 (Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote at ...)
	NOT-FOR-US: LiSK CMS
CVE-2010-2014 (Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiS ...)
	NOT-FOR-US: LiSK CMS
CVE-2010-2013 (Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK  ...)
	NOT-FOR-US: LiSK CMS
CVE-2010-2012 (SQL injection vulnerability in function.php in MigasCMS 1.1, when magi ...)
	NOT-FOR-US: MigasCMS
CVE-2010-2011 (Microsoft Dynamics GP uses a substitution cipher to encrypt the system ...)
	NOT-FOR-US: Microsoft Dynamics GP
CVE-2010-2010 (Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool  ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-2009 (Stack-based buffer overflow in the media library in BS.Global BS.Playe ...)
	NOT-FOR-US: BS.Global BS.Player
CVE-2010-2008 (MySQL before 5.1.48 allows remote authenticated users with alter datab ...)
	- mysql-5.1 5.1.48-1
	- mysql-dfsg-5.0 <not-affected> (Only affects MySQL 5.1 onwards)
CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS  ...)
	- mydms <removed> (bug #590904; low)
	[lenny] - mydms <no-dsa> (Minor issue)
	NOTE: seems to have changed name to letoDMS
CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS (forme ...)
	{DSA-2146-1}
	- mydms 1.7.2+1.7.3-1.1 (bug #582587; medium)
	NOTE: seems to have changed name to letoDMS
CVE-2010-2005 (Multiple PHP remote file inclusion vulnerabilities in DataLife Engine  ...)
	NOT-FOR-US: Datalife Engine
CVE-2010-2004 (Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Fre ...)
	NOT-FOR-US: BS.Player
CVE-2010-2003 (Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Adva ...)
	NOT-FOR-US: Advanced Poll
CVE-2010-2002 (Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x  ...)
	NOT-FOR-US: Wordfilter module for Drupal
CVE-2010-2001 (Cross-site scripting (XSS) vulnerability in the CiviRegister module be ...)
	NOT-FOR-US: CiviRegister module for Drupal
CVE-2010-2000 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio)  ...)
	NOT-FOR-US: Biblio module for Drupal
CVE-2010-1999 (Directory traversal vulnerability in scr/soustab.php in OpenMairie Ope ...)
	NOT-FOR-US: OpenMairie
CVE-2010-1998 (Cross-site scripting (XSS) vulnerability in the CCK TableField module  ...)
	NOT-FOR-US: CCK TableField module for Drupal
CVE-2010-1997 (Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus C ...)
	NOT-FOR-US: Saurus CMS
CVE-2010-1996 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...)
	NOT-FOR-US: Tomato CMS
CVE-2010-1995 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...)
	NOT-FOR-US: Tomato CMS
CVE-2010-1994 (SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 all ...)
	NOT-FOR-US: Tomato CMS
CVE-2010-1993 (Opera 9.52 does not properly handle an IFRAME element with a mailto: U ...)
	NOT-FOR-US: Opera
CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations whe ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en
	NOTE: poc is just one window, but can be changed to open many
	NOTE: this is a dos-only attack, so its considered unimportant
CVE-2010-1991 (Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1990 (Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, exec ...)
	- xulrunner <unfixed> (unimportant; bug #582590)
	- iceape <removed> (unimportant)
	NOTE: browser dos attacks are not considered security-relevant
CVE-2010-1989 (Opera 9.52 executes a mail application in situations where an IMG elem ...)
	NOT-FOR-US: Opera
CVE-2010-1988 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cau ...)
	- xulrunner <unfixed> (unimportant)
	- iceape <removed> (unimportant)
	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
CVE-2010-1987 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cau ...)
	- xulrunner <unfixed> (unimportant)
	- iceape <removed> (unimportant)
	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
CVE-2010-1986 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cau ...)
	- xulrunner <unfixed> (unimportant)
	- iceape <removed> (unimportant)
	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
CVE-2010-1985 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Six Apart Movable type
CVE-2010-1984 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb mo ...)
	NOT-FOR-US: Taxonomy Breadcrumb module for Drupal
CVE-2010-1983 (Directory traversal vulnerability in the redTWITTER (com_redtwitter) c ...)
	NOT-FOR-US: com_redtwitter component for joomla!
CVE-2010-1982 (Directory traversal vulnerability in the JA Voice (com_javoice) compon ...)
	NOT-FOR-US: com_javoice component for joomla!
CVE-2010-1981 (Directory traversal vulnerability in the Fabrik (com_fabrik) component ...)
	NOT-FOR-US: com_fabrik component for joomla!
CVE-2010-1980 (Directory traversal vulnerability in joomlaflickr.php in the Joomla Fl ...)
	NOT-FOR-US: com_joomlaflickr component for joomla!
CVE-2010-1979 (Directory traversal vulnerability in the Affiliate Datafeeds (com_data ...)
	NOT-FOR-US: com_datafeeds component for joomla!
CVE-2010-1978 (PHP remote file inclusion vulnerability in default_theme.php in FreePH ...)
	NOT-FOR-US: FreePHPBlogSoftware
CVE-2010-1977 (Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmc ...)
	NOT-FOR-US: com_jwhmcs component for joomla!
CVE-2010-1976 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb mo ...)
	NOT-FOR-US: Taxonomy Breadcrumb module for Drupal
CVE-2010-1975 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8. ...)
	{DSA-2051-1}
	- postgresql-8.4 8.4.4-1 (low)
	- postgresql-8.3 <removed> (low)
CVE-2010-1974
	REJECTED
CVE-2010-1973 (Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, ...)
	NOT-FOR-US: OpenVMS
CVE-2010-1972 (The default configuration of HP Client Automation (HPCA) Enterprise In ...)
	NOT-FOR-US: HP Client Automation
CVE-2010-1971 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...)
	NOT-FOR-US: HP Insight
CVE-2010-1970 (Unspecified vulnerability in HP Insight Software Installer for Windows ...)
	NOT-FOR-US: HP Insight
CVE-2010-1969 (Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterpr ...)
	NOT-FOR-US: HP Virtual Connect Enterprise Manager
CVE-2010-1968 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...)
	NOT-FOR-US: HP Insight
CVE-2010-1967 (Unspecified vulnerability in HP Insight Software Installer for Windows ...)
	NOT-FOR-US: HP Insight
CVE-2010-1966 (Unspecified vulnerability in HP Insight Control power management for W ...)
	NOT-FOR-US: HP Insight
CVE-2010-1965 (Unspecified vulnerability in HP Insight Orchestration for Windows befo ...)
	NOT-FOR-US: HP Insight
CVE-2010-1964 (Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manage ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows re ...)
	NOT-FOR-US: HP ServiceCenter
CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 befor ...)
	NOT-FOR-US: HP StorageWorks
CVE-2010-1961 (Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Netwo ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1960 (Buffer overflow in the error handling functionality in ovwebsnmpsrv.ex ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1959 (Unspecified vulnerability in HP TestDirector for Quality Center 9.2 be ...)
	NOT-FOR-US: HP TestDirector for Quality Center
CVE-2010-1958 (Cross-site scripting (XSS) vulnerability in the FileField module 5.x b ...)
	NOT-FOR-US: Drupal addon
CVE-2010-1957 (Directory traversal vulnerability in the Love Factory (com_lovefactory ...)
	NOT-FOR-US: com_lovefactory component for joomla!
CVE-2010-1956 (Directory traversal vulnerability in the Gadget Factory (com_gadgetfac ...)
	NOT-FOR-US: com_gadgetfactory component for joomla!
CVE-2010-1955 (Directory traversal vulnerability in the Deluxe Blog Factory (com_blog ...)
	NOT-FOR-US: com_blogfactory component for joomla!
CVE-2010-1954 (Directory traversal vulnerability in the iNetLanka Multiple root (com_ ...)
	NOT-FOR-US: com_multiroot component for joomla!
CVE-2010-1953 (Directory traversal vulnerability in the iNetLanka Multiple Map (com_m ...)
	NOT-FOR-US: com_multimap component for joomla!
CVE-2010-1952 (Directory traversal vulnerability in the BeeHeard (com_beeheard) and B ...)
	NOT-FOR-US: com_beeheard component for joomla!
CVE-2010-1951 (Multiple directory traversal vulnerabilities in 60cycleCMS allow remot ...)
	NOT-FOR-US: 60cycleCMS
CVE-2010-1950 (SQL injection vulnerability in the Online News Paper Manager (com_jnew ...)
	NOT-FOR-US: Online News Paper Manager
CVE-2010-1949 (SQL injection vulnerability in the Online News Paper Manager (com_jnew ...)
	NOT-FOR-US: Online News Paper Manager
CVE-2010-1948 (Directory traversal vulnerability in scr/soustab.php in openMairie Ope ...)
	NOT-FOR-US: openMairie
CVE-2010-1947 (Directory traversal vulnerability in scr/soustab.php in openMairie Ope ...)
	NOT-FOR-US: openMairie
CVE-2010-1946 (Multiple PHP remote file inclusion vulnerabilities in openMairie Openr ...)
	NOT-FOR-US: openMairie
CVE-2010-1945 (Multiple PHP remote file inclusion vulnerabilities in openMairie Openf ...)
	NOT-FOR-US: openMairie
CVE-2010-1944 (Multiple PHP remote file inclusion vulnerabilities in openMairie openC ...)
	NOT-FOR-US: openMairie
CVE-2010-1943 (Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister  ...)
	NOT-FOR-US: NEC CapsSuite Small Edition
CVE-2010-1942 (Unspecified vulnerability in the Servlet service in Fujitsu Limited In ...)
	NOT-FOR-US: Fujitsu Limited Interstage Application Server
CVE-2010-1941 (Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and ear ...)
	NOT-FOR-US: NEC WebSAM DeploymentManager
CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header  ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: Safari-specific. Chromium and Safari have totally separate HTTP stacks.
CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows r ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: poc seems to cause a dos in both chromium and webkit; not sure if code execution is possible
	NOTE: This is Safari only
CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie ...)
	- opie 2.32.dfsg.1-0.2 (low; bug #584932)
	[lenny] - opie 2.32-10.2+lenny2
CVE-2010-1937 (Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SF ...)
	NOT-FOR-US: SBLIM SFCB
CVE-2010-1936 (Directory traversal vulnerability in scr/soustab.php in openMairie ope ...)
	NOT-FOR-US: openMairie openComInterne
CVE-2010-1935 (Directory traversal vulnerability in scr/soustab.php in openMairie Ope ...)
	NOT-FOR-US: openMairie Openpresse
CVE-2010-1934 (Multiple PHP remote file inclusion vulnerabilities in openMairie openP ...)
	NOT-FOR-US: openMairie openPlanning
CVE-2010-1928 (Directory traversal vulnerability in scr/soustab.php in openMairie ope ...)
	NOT-FOR-US: openMairie openPlanning
CVE-2010-1927 (Multiple PHP remote file inclusion vulnerabilities in openMairie openC ...)
	NOT-FOR-US: openMairie openCourrier
CVE-2010-1926 (Directory traversal vulnerability in scr/soustab.php in openMairie ope ...)
	NOT-FOR-US: openMairie openCourrier
CVE-2010-1925 (SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows  ...)
	NOT-FOR-US: tekno.Portal
CVE-2010-1924 (SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shop ...)
	NOT-FOR-US: Hi Web Wiesbaden Live Shopping multi Portal System
CVE-2010-1923 (SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 So ...)
	NOT-FOR-US: Hi Web Wiesbaden Web Social Network Community System
CVE-2010-1922 (Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 all ...)
	NOT-FOR-US: 29o3 CMS
CVE-2010-1921 (Multiple PHP remote file inclusion vulnerabilities in OpenMairie openA ...)
	NOT-FOR-US: OpenMairie openAnnuaire
CVE-2010-1920 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ope ...)
	NOT-FOR-US: OpenMairie openAnnuaire
CVE-2010-1933
	RESERVED
CVE-2010-1932 (Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allow ...)
	NOT-FOR-US: XnView
CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in CubeCa ...)
	NOT-FOR-US: CubeCart PHP Shopping Cart
CVE-2010-1930 (Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows  ...)
	NOT-FOR-US: Novell iManager
CVE-2010-1929 (Multiple stack-based buffer overflows in the jclient._Java_novell_jcli ...)
	NOT-FOR-US: Novell iImanager
CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allow ...)
	NOT-FOR-US: EMC
CVE-2010-1913 (The default configuration of pluginlicense.ini for the SdcWebSecureBas ...)
	NOT-FOR-US: Consona
CVE-2010-1912 (The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistan ...)
	NOT-FOR-US: Consona
CVE-2010-1911 (The site-locking implementation in the SdcWebSecureBase interface in t ...)
	NOT-FOR-US: Consona
CVE-2010-1910 (The Forgot Password implementation in Consona Live Assistance, Dynamic ...)
	NOT-FOR-US: Consona
CVE-2010-1909 (Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX c ...)
	NOT-FOR-US: Consona
CVE-2010-1908 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live As ...)
	NOT-FOR-US: Consona
CVE-2010-1907 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live As ...)
	NOT-FOR-US: ConsonA
CVE-2010-1906 (tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manag ...)
	NOT-FOR-US: Consona
CVE-2010-1905 (Multiple cross-site scripting (XSS) vulnerabilities in Consona Live As ...)
	NOT-FOR-US: Consona
CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5. ...)
	NOT-FOR-US: EMC RSA key manager
CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, a ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-1902 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007  ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-1901 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Offi ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-1900 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Offi ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2010-1899 (Stack consumption vulnerability in the ASP implementation in Microsoft ...)
	NOT-FOR-US: Microsoft IIS
CVE-2010-1898 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-1897 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1896 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1895 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1894 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1893 (Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1892 (The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Serve ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1891 (The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1890 (The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1889 (Double free vulnerability in the kernel in Microsoft Windows Vista SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1888 (Race condition in the kernel in Microsoft Windows XP SP3 allows local  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1887 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1886 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1884
	REJECTED
CVE-2010-1883 (Integer overflow in the Embedded OpenType (EOT) Font Engine in Microso ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsof ...)
	NOT-FOR-US: MPEG Layer-3 Audio Codec for
CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls  ...)
	NOT-FOR-US: Microsoft
CVE-2010-1880 (Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Wi ...)
	NOT-FOR-US: Microsoft
CVE-2010-1879 (Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media  ...)
	NOT-FOR-US: Microsoft
CVE-2010-1878 (Directory traversal vulnerability in the OrgChart (com_orgchart) compo ...)
	NOT-FOR-US: com_orgchart component for joomla!
CVE-2010-1877 (SQL injection vulnerability in the JTM Reseller (com_jtm) component 1. ...)
	NOT-FOR-US: com_jtm component for joomla!
CVE-2010-1876 (SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allow ...)
	NOT-FOR-US: AJ Shopping Cart
CVE-2010-1875 (Directory traversal vulnerability in the Real Estate Property (com_pro ...)
	NOT-FOR-US: com_properties component for joomla!
CVE-2010-1874 (SQL injection vulnerability in the Real Estate Property (com_propertie ...)
	NOT-FOR-US: com_properties component for joomla!
CVE-2010-1873 (SQL injection vulnerability in the Jvehicles (com_jvehicles) component ...)
	NOT-FOR-US: com_jvehicles component for joomla!
CVE-2010-1872 (Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2 ...)
	NOT-FOR-US: FlashCard
CVE-2010-1918 (SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlie ...)
	NOT-FOR-US: EFront ask_chat
CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 thro ...)
	{DSA-2089-1}
	- php5 5.3.3-1 (low)
	[lenny] - php5 <no-dsa> (Minor issue)
CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2  ...)
	- serendipity 1.5.3-1
	[lenny] - serendipity <not-affected> (Only affects >= 1.4)
	- horde3 <not-affected> (Vulnerable code not included, see bug #585165)
	- openacs <not-affected> (Doesn't use the PHP interface, see bug #585163)
	- dotlrn <not-affected> (Doesn't use the PHP interface, see bug #585164)
CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3. ...)
	- php5 <removed> (unimportant)
CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...)
	- php5 <removed> (unimportant)
CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Pl ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...)
	- libstruts1.2-java <not-affected> (issue involves a problem in xwork, which was introduced in struts2)
	- libspring-2.5-java <not-affected> (Vulnerable code not present)
CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...)
	{DSA-2080-1}
	- ghostscript 8.71~dfsg-4
	NOTE: https://www.openwall.com/lists/oss-security/2010/05/11/3
CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ex ...)
	- php5 <removed> (unimportant)
CVE-2010-1867 (SQL injection vulnerability in the ArticleAttachment::GetAttachmentsBy ...)
	NOT-FOR-US: Campsite
CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chu ...)
	- php5 5.3.3-1 (low)
	[lenny] - php5 <not-affected> (dechunk filter introduced in 5.3)
CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earl ...)
	NOT-FOR-US: ClanSphere
CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3 ...)
	- php5 5.3.3-1 (unimportant)
CVE-2010-1863 (SQL injection vulnerability in the shoutbox module (modules/shoutbox.p ...)
	NOT-FOR-US: ClanTiger
CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3 ...)
	- php5 <removed> (unimportant)
CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...)
	- php5 <removed> (unimportant)
CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 thro ...)
	- php5 5.3.3-1 (unimportant)
CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier ...)
	NOT-FOR-US: DeluxeBB
CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage (com_smestorage) c ...)
	NOT-FOR-US: com_smestorage component for joomla!
CVE-2010-1857 (SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, ...)
	NOT-FOR-US: RepairShop2
CVE-2010-1856 (Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1 ...)
	NOT-FOR-US: RepairShop2
CVE-2010-1855 (SQL injection vulnerability in auktion.php in Pay Per Watch &amp; Bid  ...)
	NOT-FOR-US: Pay Per Watch & Bid Auktions System
CVE-2010-1854 (Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Wat ...)
	NOT-FOR-US: Pay Per Watch & Bid Auktions System
CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse function i ...)
	- transmission 1.92-1
	[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension is enab ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled, uses cook ...)
	NOT-FOR-US: Invisible Hand extension for chromium
CVE-2010-1850 (Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allo ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.47-1 (bug #582526)
	- mysql-dfsg-5.0 <removed>
CVE-2010-XXXX [wicd changes permissions of resolv.conf]
	- wicd 1.7.0+ds1-3 (low; bug #582798)
CVE-2010-1849 (The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through  ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.47-1 (bug #582526)
	- mysql-dfsg-5.0 <removed>
CVE-2010-1848 (Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1  ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.47-1 (bug #582526)
	- mysql-dfsg-5.0 <removed>
CVE-2010-1847 (The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly pe ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1846 (Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1845 (ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remot ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1844 (Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x be ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1843 (Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1842 (Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1841 (Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1840 (Stack-based buffer overflow in the password-validation functionality i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1839
	RESERVED
CVE-2010-1838 (Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 d ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1837 (CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1836 (Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1835
	RESERVED
CVE-2010-1834 (CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly val ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1833 (Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1832 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1831 (Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1830 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1829 (Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1828 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows re ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1827
	RESERVED
CVE-2010-1826
	RESERVED
CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome befor ...)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: http://trac.webkit.org/changeset/66847
CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Apple iTunes before ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: http://trac.webkit.org/changeset/66795
CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in Googl ...)
	- webkit <not-affected> (vulnerable code not present in 1.2.x series)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: http://trac.webkit.org/changeset/65958
CVE-2010-1822 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 an ...)
	- webkit <not-affected> (rendererIsNeeded function not present in 1.2.x series)
	- chromium-browser 6.0.472.62~r59676-1
CVE-2010-1821 (Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1820 (Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10 ...)
	NOT-FOR-US: Apple Filing Protocol Server
CVE-2010-1819 (Untrusted search path vulnerability in the Picture Viewer in Apple Qui ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple Quick ...)
	NOT-FOR-US: QuickTime
CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and i ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1816 (Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and M ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the  ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webki ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows rem ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/63048
CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows re ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1809 (The Accessibility component in Apple iOS before 4.1 on the iPhone and  ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android  ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/64706
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43461
	NOTE: the problem is that the standard-library strtod()
	NOTE: parses "NAN(payload)" as a NaN with a user-defined payload, which is bad for the nan-boxing
	NOTE: scheme used by webkit (and mozilla). The fix is not to accept "NAN(payload)".
	NOTE: test-case: -parseFloat("NAN(ffffeeeeeff0f)")
	NOTE: reproduced with epiphany
CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x  ...)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/63772
CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 a ...)
	- webkit <not-affected> (windows-specific issue)
	- chromium-browser <not-affected> (windows-specific issue)
	NOTE: This is the windows DLL planting attack
CVE-2010-1804 (Unspecified vulnerability in the network bridge functionality on the A ...)
	NOT-FOR-US: Apple
CVE-2010-1803 (Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify th ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1802 (libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perf ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1801 (Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 an ...)
	NOT-FOR-US: CoreGraphics
CVE-2010-1800 (CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL a ...)
	NOT-FOR-US: CFNetwork
CVE-2010-1799 (Stack-based buffer overflow in the error-logging functionality in Appl ...)
	NOT-FOR-US: Apple QuickTime on Windows
CVE-2010-1798
	RESERVED
CVE-2010-1797 (Multiple stack-based buffer overflows in the cff_decoder_parse_charstr ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 thr ...)
	- webkit <not-affected>
	- chromium-browser <not-affected>
	NOTE: Very Safari specific
CVE-2010-1795 (Untrusted search path vulnerability in Apple iTunes before 9.1, when r ...)
	NOT-FOR-US: Apple iTunes on Windows
CVE-2010-1794 (The webdav_mount function in webdav_vfsops.c in the WebDAV kernel exte ...)
	NOT-FOR-US: Apple
CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple Safari befo ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: http://trac.webkit.org/changeset/62482
	NOTE: http://trac.webkit.org/changeset/62662
	NOTE: duplicated as cve-2010-2902
CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/62386
	NOTE: Chromium uses a totally different regexp implementation.
CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/62301
	NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1789 (Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on M ...)
	- webkit <not-affected>
	- chromium-browser <not-affected>
	NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=40994
	NOTE: http://trac.webkit.org/changeset/62482
CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/61044
CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: http://trac.webkit.org/changeset/61667
	NOTE: duplicated as cve-2010-2647
CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: http://trac.webkit.org/changeset/61050
	NOTE: http://trac.webkit.org/changeset/61051
CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS) impleme ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: http://trac.webkit.org/changeset/62271
CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	{DSA-2188-1}
	- webkit 1.2.7-1
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: (Chromium Sec) This seems a duplicate of CVE-2010-2899
	NOTE: http://trac.webkit.org/changeset/62134
CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375
	NOTE: http://trac.webkit.org/changeset/61921
CVE-2010-1781 (Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPh ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=40407
	NOTE: http://trac.webkit.org/changeset/60984
CVE-2010-1779
	RESERVED
CVE-2010-1778 (Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1  ...)
	- webkit <not-affected>
	- chromium-browser <not-affected>
	NOTE: Safari only (chromium security team)
CVE-2010-1777 (Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes
CVE-2010-1776 (Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iO ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1775 (Race condition in Passcode Lock in Apple iOS before 4 on the iPhone an ...)
	NOT-FOR-US: Apple iPhone Passcode Lock
CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261
	NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-1773 (Off-by-one error in the toAlphabetic function in rendering/RenderListM ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508
	NOTE: http://trac.webkit.org/changeset/59950
CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore in Web ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388
	NOTE: http://trac.webkit.org/changeset/59859
CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39453
	NOTE: http://trac.webkit.org/changeset/59876
CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626
	NOTE: http://trac.webkit.org/changeset/59795
CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 o ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: dupe of CVE-2010-1774
CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows local user ...)
	NOT-FOR-US: Apple iTunes
CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in loader/DocumentThre ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843
	NOTE: http://trac.webkit.org/changeset/57041
CVE-2010-1766 (Off-by-one error in the WebSocketHandshake::readServerHandshake functi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36339
	NOTE: http://trac.webkit.org/changeset/56380
CVE-2010-1765
	RESERVED
	- webkit <not-affected> (doesn't include cf code)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37933
	NOTE: http://trac.webkit.org/changeset/57995
CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=31410
	NOTE: http://trac.webkit.org/changeset/55157
CVE-2010-1763 (Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Wind ...)
	- webkit <not-affected> (vulnerable code introduced in svn58950, which isn't included in 1.2.1 yet)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39008
	NOTE: http://trac.webkit.org/changeset/59486
CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38922
	NOTE: http://trac.webkit.org/changeset/59241
	NOTE: http://trac.webkit.org/changeset/59242
CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760
	NOTE: http://trac.webkit.org/changeset/59263
CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementati ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37781
	NOTE: http://trac.webkit.org/changeset/58409
CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38583
	NOTE: http://trac.webkit.org/changeset/59109
CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
	NOTE: http://trac.webkit.org/changeset/59098
CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enf ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod  ...)
	NOT-FOR-US: Apple iPhone
CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not pro ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1754 (Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does  ...)
	NOT-FOR-US: Apple Passcode Lock
CVE-2010-1753 (ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remo ...)
	NOT-FOR-US: iOS
CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the  ...)
	NOT-FOR-US: Apple CFNetwork
CVE-2010-1751 (Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch ...)
	NOT-FOR-US: Apple Application Sandbox
CVE-2010-1750 (Use-after-free vulnerability in Apple Safari before 5.0 on Windows all ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=27193
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625
	NOTE: http://trac.webkit.org/changeset/45941
CVE-2010-1748 (The cgi_initialize_string function in cgi-bin/var.c in the web interfa ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-1747
	RESERVED
CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (c ...)
	NOT-FOR-US: com_grid component for joomla!
CVE-2010-1745
	REJECTED
CVE-2010-1744 (SQL injection vulnerability in product.html in B2B Gold Script allows  ...)
	NOT-FOR-US: B2B Gold Script
CVE-2010-1743 (SQL injection vulnerability in projects.php in Scratcher allows remote ...)
	NOT-FOR-US: Scratcher
CVE-2010-1742 (Cross-site scripting (XSS) vulnerability in projects.php in Scratcher  ...)
	NOT-FOR-US: Scratcher
CVE-2010-1741 (SQL injection vulnerability in request_account.php in Billwerx RC 5.2. ...)
	NOT-FOR-US: Billwerx
CVE-2010-1740 (SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows r ...)
	NOT-FOR-US: GuppY
CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component ...)
	NOT-FOR-US: com_newsfeeds component for joomla!
CVE-2010-1738
	REJECTED
CVE-2010-1737 (PHP remote file inclusion vulnerability in core/includes/gfw_smarty.ph ...)
	NOT-FOR-US: Gallo
CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: KrM Haber
CVE-2010-1735 (The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1734 (The SfnINSTRING function in win32k.sys in the kernel in Microsoft Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1733 (Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02 ...)
	- ocsinventory-server <unfixed> (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users module in ...)
	NOT-FOR-US: Zikula Application Framework
CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a denia ...)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: various crashes on window close after opening the file on chromium (including sometimes segfaults)
	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
	NOTE: not reproducible with chromium-browser 5.0.375.55~r47796-1
CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause ...)
	NOT-FOR-US: Dolphin browser, Konqueror not covered by security support
	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...)
	- webkit <unfixed> (unimportant)
	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
	NOTE: dos-only on webkit
CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly handle a  ...)
	NOT-FOR-US: Opera
CVE-2010-1727 (SQL injection vulnerability in type.asp in JobPost 1.0 allows remote a ...)
	NOT-FOR-US: JobPost
CVE-2010-1726 (SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows ...)
	NOT-FOR-US: EC21
CVE-2010-1725 (SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinu ...)
	NOT-FOR-US: Alibaba Clone Platinum
CVE-2010-1724 (Multiple cross-site scripting (XSS) vulnerabilities in Zikula Applicat ...)
	NOT-FOR-US: Zikula Application Framework
CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw Roo ...)
	NOT-FOR-US: com_drawroot component for joomla!
CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) co ...)
	NOT-FOR-US: com_market component for joomla!
CVE-2010-1721 (SQL injection vulnerability in the Intellectual Property (aka IPropert ...)
	NOT-FOR-US: com_iproperty component for joomla!
CVE-2010-1720 (SQL injection vulnerability in the Q-Personel (com_qpersonel) componen ...)
	NOT-FOR-US: com_qpersonel component for joomla!
CVE-2010-1719 (Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagl ...)
	NOT-FOR-US: com_mtfireeagle component for joomla!
CVE-2010-1718 (Directory traversal vulnerability in archeryscores.php in the Archery  ...)
	NOT-FOR-US: com_archeryscores component for joomla!
CVE-2010-1717 (Directory traversal vulnerability in the iF surfALERT (com_if_surfaler ...)
	NOT-FOR-US: com_if_surfalert component for joomla!
CVE-2010-1716 (SQL injection vulnerability in the Agenda Address Book (com_agenda) co ...)
	NOT-FOR-US: com_agenda component for joomla!
CVE-2010-1715 (Directory traversal vulnerability in the Online Examination (aka Onlin ...)
	NOT-FOR-US: com_onlineexam component for joomla!
CVE-2010-1714 (Directory traversal vulnerability in the Arcade Games (com_arcadegames ...)
	NOT-FOR-US: com_arcadegames component for joomla!
CVE-2010-1713 (SQL injection vulnerability in modules.php in PostNuke 0.764 allows re ...)
	NOT-FOR-US: PostNuke
CVE-2010-1712 (Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.p ...)
	NOT-FOR-US: Webmobo WB News
CVE-2010-1711 (Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siest ...)
	NOT-FOR-US: Siestta
CVE-2010-1710 (Directory traversal vulnerability in login.php in Siestta 2.0, when re ...)
	NOT-FOR-US: Siestta
CVE-2010-1709 (Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G ...)
	NOT-FOR-US: G5-Scripts
CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free Realt ...)
	NOT-FOR-US: Free Realty
CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	- piwigo 2.0.10-1
CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...)
	NOT-FOR-US: 2daybiz Auction Script
CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows re ...)
	NOT-FOR-US: Modelbook
CVE-2010-1704 (Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced  ...)
	NOT-FOR-US: 2daybiz Polls Script
CVE-2010-1703 (Multiple cross-site scripting (XSS) vulnerabilities in index_search.ph ...)
	NOT-FOR-US: 2daybiz Polls Script
CVE-2010-1702 (SQL injection vulnerability in submitticket.php in WHMCompleteSolution ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2010-1701 (SQL injection vulnerability in browse.html in PHP Video Battle Script  ...)
	NOT-FOR-US: PHP Video Battle Script
CVE-2010-1700
	REJECTED
CVE-2010-1699
	REJECTED
CVE-2010-1698
	REJECTED
CVE-2010-1697
	REJECTED
CVE-2010-1696
	REJECTED
CVE-2010-1695
	REJECTED
CVE-2010-1694
	REJECTED
CVE-2010-1693 (openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows loc ...)
	NOT-FOR-US: OpenFabrics Enterprise Distribution (OFED)
	NOTE: openibd is part of ofa-kernel (ofa_1_5_kernel-20101028-0200/ofed_scripts/openibd), fixed in 2010-10-28 build
	NOTE: http://www.openfabrics.org/downloads/ofa_1_5_kernel/
	NOTE: ITP for ofa-kernel is bug #541849
CVE-2010-1692
	REJECTED
CVE-2010-1691
	REJECTED
CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1688 (Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20. ...)
	NOT-FOR-US: 2BrightSparks SyncBack Freeware
CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows rem ...)
	NOT-FOR-US: Mocha W32 LPD
CVE-2010-1686 (Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Bac ...)
	NOT-FOR-US: Urgent Backup
CVE-2010-1685 (Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user ...)
	NOT-FOR-US: CursorArts ZipWrangler
CVE-2010-1684
	RESERVED
CVE-2010-1683
	RESERVED
CVE-2010-1682
	RESERVED
CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office Visio
CVE-2010-1680
	REJECTED
CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before 1.14.3 ...)
	{DSA-2142-1}
	- dpkg 1.15.8.8
CVE-2010-1678 (Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol  ...)
	- mapserver 5.6.5-2
	NOTE: http://trac.osgeo.org/mapserver/ticket/3641
CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service (C ...)
	- mhonarc 2.6.18-1 (low)
	[squeeze] - mhonarc <no-dsa> (Minor issue)
CVE-2010-1676 (Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0 ...)
	{DSA-2136-1}
	- tor 0.2.1.26-6
CVE-2010-1675 (bgpd in Quagga before 0.99.18 allows remote attackers to cause a denia ...)
	{DSA-2197-1}
	- quagga 0.99.18-1
CVE-2010-1674 (The extended-community parser in bgpd in Quagga before 0.99.18 allows  ...)
	{DSA-2197-1}
	- quagga 0.99.18-1
CVE-2010-1673 (A cross-site scripting (XSS) vulnerability in ikiwiki before 3.2010111 ...)
	- ikiwiki 3.20101112
	[squeeze] - ikiwiki 3.20100815.2
	[lenny] - ikiwiki <not-affected>
CVE-2010-1672
	RESERVED
CVE-2010-1671 (hsolinkcontrol in hsolink 1.0.118 allows local users to gain privilege ...)
	- hsolink <removed> (bug #590670)
CVE-2010-1670 (Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has i ...)
	{DSA-2067-1}
	- mahara 1.2.5-1
CVE-2010-1669 (SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x bef ...)
	- mahara 1.2.5-1
	[lenny] - mahara <not-affected>
CVE-2010-1668 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara b ...)
	{DSA-2067-1}
	- mahara 1.2.5-1
CVE-2010-1667 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1 ...)
	{DSA-2067-1}
	- mahara 1.2.5-1
CVE-2010-1666 (Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding i ...)
	{DSA-2068-1}
	- python-cjson 1.0.5-3 (bug #587700)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274
CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, whic ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/58201
CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 media ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/57922
CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google Chro ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (issue is in google url; i.e. chromium-specific)
CVE-2010-1662 (Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Qui ...)
	NOT-FOR-US: PHP-Quick-Arcade
CVE-2010-1661 (Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0 ...)
	NOT-FOR-US: PHP-Quick-Arcade
CVE-2010-1660 (SQL injection vulnerability in help-details.php in CLScript Classified ...)
	NOT-FOR-US: CLScript Classifieds Script
CVE-2010-1659 (Directory traversal vulnerability in the Ultimate Portfolio (com_ultim ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1658 (Directory traversal vulnerability in the Code-Garage NoticeBoard (com_ ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1657 (Directory traversal vulnerability in the SmartSite (com_smartsite) com ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1656 (SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1. ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1655 (Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in  ...)
	NOT-FOR-US: PowerEasy
CVE-2010-1654 (Multiple SQL injection vulnerabilities in system_member_login.php in I ...)
	NOT-FOR-US: Infocus Real Estate Enterprise Edition
CVE-2010-1653 (Directory traversal vulnerability in graphics.php in the Graphics (com ...)
	NOT-FOR-US: Graphics component for Joomla!
CVE-2010-1652 (Directory traversal vulnerability in the HelpCenter module in Help Cen ...)
	NOT-FOR-US: Help Center Live
CVE-2010-1651 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back end in ...)
	NOT-FOR-US: Joomla!
CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
	- mediawiki 1:1.15.4-1 (bug #585918; low)
	[lenny] - mediawiki 1:1.12.0-2lenny6
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15 ...)
	- mediawiki 1:1.15.4-1 (bug #585918; low)
	[lenny] - mediawiki 1:1.12.0-2lenny6
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1. ...)
	{DSA-2062-1}
	- sudo 1.7.2p7-1 (bug #585394)
CVE-2010-1645 (Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HP ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-1644 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0. ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcomm ...)
	- linux-2.6 2.6.28-1
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Sa ...)
	- samba 2:3.5.4~dfsg-2 (unimportant)
	NOTE: Only crashes a single connection, not the entire smbd
CVE-2010-1641 (The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel b ...)
	- linux-2.6 2.6.32-16
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-1640 (Off-by-one error in the parseicon function in libclamav/pe_icons.c in  ...)
	- clamav 0.96.1+dfsg-1 (bug #584183)
	[lenny] - clamav <end-of-life>
CVE-2010-1639 (The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows ...)
	- clamav 0.96.1+dfsg-1 (bug #584183)
	[lenny] - clamav <end-of-life>
CVE-2010-1638 (The IMP plugin in Horde allows remote attackers to bypass firewall res ...)
	- horde3 <unfixed> (unimportant)
CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...)
	- squirrelmail 2:1.4.21-1 (unimportant)
CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functi ...)
	- linux-2.6 2.6.32-14
	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.32)
CVE-2010-1635 (The chain_reply function in process.c in smbd in Samba before 3.4.8 an ...)
	- samba 2:3.6.1-2 (unimportant)
	NOTE: http://git.samba.org/?p=samba.git;a=commitdiff;h=25452a2268ac7013da28125f3df22085139af12d
	NOTE: Only crashes a single connection, not the entire smbd
CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in Pytho ...)
	- python3.1 3.1.2+20100822-1 (low)
	- python2.7 2.7-1 (low)
	- python2.6 2.6.6-1 (low)
	- python2.5 2.5.5-10 (low; bug #599739)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover function in O ...)
	- openssl <not-affected> (This bug is only present in OpenSSL 1.0.0, first version of 1.0.0 ever uploaded was 1.0.0c)
CVE-2010-1632 (Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server ...)
	- axis2c 1.6.0-1
CVE-2010-1631
	REJECTED
CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unk ...)
	- phpbb3 3.0.7-PL1-1 (low)
	[lenny] - phpbb3 <no-dsa> (Minor issue)
CVE-2010-1629 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allow ...)
	NOT-FOR-US: Phorum
CVE-2010-1628 (Ghostscript 8.64, 8.70, and possibly other versions allows context-dep ...)
	{DSA-2093-1}
	- ghostscript 8.71~dfsg2-4 (medium; bug #584516)
	NOTE: no upstream fix available, see issue #1 in ubuntu bug report:
	NOTE: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=691295
CVE-2010-1627 (feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permi ...)
	- phpbb3 3.0.7-PL1-1 (low)
	[lenny] - phpbb3 <no-dsa> (Minor issue)
CVE-2010-1626 (MySQL before 5.1.46 allows local users to delete the data and index fi ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.46-1 (bug #582526)
	- mysql-dfsg-5.0 <removed> (low; bug #584400)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer befor ...)
	{DSA-2092-1}
	- lxr <removed> (low; bug #588138)
	[lenny] - lxr <no-dsa> (Minor issue)
	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137)
CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in l ...)
	- pidgin 2.7.0-1 (low)
	[lenny] - pidgin 2.4.3-4lenny6
	NOTE: MSN support was disabled in 2.4.3-4lenny6
CVE-2010-1623 (Memory leak in the apr_brigade_split_line function in buckets/apr_brig ...)
	{DSA-2117-1}
	- apr-util 1.3.9+dfsg-4 (medium)
	- apache2 2.2.16-3
	[lenny] - apache2 <not-affected> (vulnerable code introduced in 2.2.15-2 or -3)
CVE-2010-1622 (SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2 ...)
	- libspring-2.5-java 2.5.6.SEC02-1 (medium)
CVE-2010-1621 (The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1  ...)
	- mysql-5.1 5.1.46-1
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=590190
CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c in gdoma ...)
	- gnustep-base 1.19.3-2 (bug #584401)
	[lenny] - gnustep-base <no-dsa> (Minor issue)
CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Applianc ...)
	NOT-FOR-US: IBM WebSphere DataPower XML Accelerator
CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allo ...)
	NOT-FOR-US: AlegroCart
CVE-2010-1610 (Cross-site request forgery (CSRF) vulnerability in index.php in OpenCa ...)
	NOT-FOR-US: OpenCart
CVE-2010-1609 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before  ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2010-1608 (Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and pos ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2010-1607 (Directory traversal vulnerability in wmi.php in the Webmoney Web Merch ...)
	NOT-FOR-US: Webmoney Web Merchant Interface component for Joomla!
CVE-2010-1606 (Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal ...)
	NOT-FOR-US: NCT Jobs Portal Script
CVE-2010-1605 (Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Port ...)
	NOT-FOR-US: NCT Jobs Portal Script
CVE-2010-1604 (Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs  ...)
	NOT-FOR-US: NCT Jobs Portal Script
CVE-2010-1603 (Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or co ...)
	NOT-FOR-US: ZiMB Core component for Joomla!
CVE-2010-1602 (Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment ...)
	NOT-FOR-US: ZiMB Comment component for Joomla!
CVE-2010-1601 (Directory traversal vulnerability in the JA Comment (com_jacomment) co ...)
	NOT-FOR-US: JA Comment component for Joomla!
CVE-2010-1600 (SQL injection vulnerability in the Media Mall Factory (com_mediamall)  ...)
	NOT-FOR-US: Media Mall Factory component for Joomla!
CVE-2010-1599 (SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2. ...)
	NOT-FOR-US: NKInFoWeb
CVE-2010-1598 (phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when Ima ...)
	NOT-FOR-US: phpThumb()
CVE-2010-1597 (Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 allo ...)
	NOT-FOR-US: ZipGenius
CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the fix_non_standard_entit ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (low; bug #585425)
	- wordpress <not-affected> (Vulnerable code not present)
	- egroupware <not-affected> (Vulneable code not present)
CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library  ...)
	{DSA-2115-1}
	- libphp-cas <itp> (bug #495542)
	- moodle 1.9.8-1 (low; bug #574757)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 doe ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (unimportant; bug #585427)
	NOTE: i have a hard time seeing the security impact, moodle is a course management
	NOTE: system and the real names of your colleagues are probably not a secret, since
	NOTE: a patch exists I filed a bug anyway
CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restorin ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1615 (Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 a ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x be ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1613 (Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate se ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication w ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS  ...)
	- ocsinventory-server 1.02.1-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2010-1594 (Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/inde ...)
	- ocsinventory-server 1.02.1-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2010-1593 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe be ...)
	- silverstripe <itp> (bug #528461)
CVE-2010-1592 (sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in SiSoft ...)
	NOT-FOR-US: SiSoftware Sandra
CVE-2010-1591 (Beijing Rising International Rising Antivirus 2008 through 2010 does n ...)
	NOT-FOR-US: Beijing Rising International Rising Antivirus
CVE-2010-1590 (Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Roc ...)
	NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1589 (Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt I ...)
	NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1588 (SQL injection vulnerability in the Getwebsess function in shopsessions ...)
	NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1587 (The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4. ...)
	NOT-FOR-US: Apache ActiveMQ
CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management Ho ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFrag ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-1584 (Cross-site scripting (XSS) vulnerability in the Context module before  ...)
	NOT-FOR-US: Context module for drupal
CVE-2010-1583 (SQL injection vulnerability in the loadByKey function in the TznDbConn ...)
	NOT-FOR-US: Tirzen Framework
CVE-2010-1582
	RESERVED
CVE-2010-1581 (Unspecified vulnerability in the Transport Layer Security (TLS) implem ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1580 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Ad ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1579 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Ad ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1578 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Ad ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1577 (Directory traversal vulnerability in Cisco Internet Streamer, as used  ...)
	NOT-FOR-US: Cisco
CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software before 8.2 ...)
	NOT-FOR-US: Cisco
CVE-2010-1575 (The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 ...)
	NOT-FOR-US: Cisco
CVE-2010-1574 (IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000  ...)
	NOT-FOR-US: Cisco
CVE-2010-1573 (Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded userna ...)
	NOT-FOR-US: Linksys firmware
CVE-2010-1572 (Unspecified vulnerability in the tech support diagnostic shell in Cisc ...)
	NOT-FOR-US: Cisco
CVE-2010-1571 (Directory traversal vulnerability in the bootstrap service in Cisco Un ...)
	NOT-FOR-US: Cisco
CVE-2010-1570 (The computer telephony integration (CTI) server component in Cisco Uni ...)
	NOT-FOR-US: Cisco
CVE-2010-1569
	RESERVED
CVE-2010-1568 (The Send Secure functionality in the Cisco IronPort Desktop Flag Plug- ...)
	NOT-FOR-US: Cisco IronPort Desktop Flag Plug-in for Microsoft Outlook
CVE-2010-1567 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1566
	RESERVED
CVE-2010-1565 (Unspecified vulnerability in the SIP implementation on the Cisco PGW 2 ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1563 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1562 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1561 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allow ...)
	NOT-FOR-US: IBM DB2
CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) c ...)
	NOT-FOR-US: com_sermonspeaker component for joomla!
CVE-2010-2447 (gitolite before 1.4.1 does not filter src/ or hooks/ from path names. ...)
	- gitolite 1.4.2-1 (low)
	NOTE: http://secunia.com/advisories/39587/
CVE-2010-2448 (znc.cpp in ZNC before 0.092 allows remote authenticated users to cause ...)
	- gitolite 1.4.2-1 (medium)
	NOTE: http://secunia.com/advisories/39587/
CVE-2010-1558 (Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital ...)
	NOT-FOR-US: HP MFP Digital Sending Software
CVE-2010-1557 (Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Cont ...)
	NOT-FOR-US: HP Insight Control Server Migration
CVE-2010-1556 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-1555 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network N ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1554 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network N ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1553 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network N ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1552 (Stack-based buffer overflow in the doLoad function in snmpviewer.exe i ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1551 (Stack-based buffer overflow in the _OVParseLLA function in ov.dll in n ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1550 (Format string vulnerability in ovet_demandpoll.exe in HP OpenView Netw ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 an ...)
	NOT-FOR-US: HP LoadRunner
CVE-2010-1548 (The auto-complete functionality in the Chaos Tool Suite (aka CTools) m ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-1547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Chao ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-1546 (Multiple eval injection vulnerabilities in the import functionality in ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-1545
	RESERVED
CVE-2010-1544 (micro_httpd on the RCA DCM425 cable modem allows remote attackers to c ...)
	NOT-FOR-US: RCA DCM425 Cable Modem
CVE-2010-1543 (Cross-site scripting (XSS) vulnerability in the eTracker module before ...)
	NOT-FOR-US: eTracker module for drupal
CVE-2010-1542 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin/co ...)
	NOT-FOR-US: DFD Cart
CVE-2010-1541 (Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, ...)
	NOT-FOR-US: DFD Cart
CVE-2010-1540 (Directory traversal vulnerability in index.php in the MyBlog (com_mybl ...)
	NOT-FOR-US: com_myblog component for joomla!
CVE-2010-1539 (Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2. ...)
	NOT-FOR-US: workflow module for drupal
CVE-2010-1538 (SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0 ...)
	NOT-FOR-US: phpRAINCHECK
CVE-2010-1537 (Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier ...)
	NOT-FOR-US: phpCDB
CVE-2010-1536 (Cross-site scripting (XSS) vulnerability in the AddThis Button module  ...)
	NOT-FOR-US: AddThis Button module for drupal
CVE-2010-1535 (Directory traversal vulnerability in the TRAVELbook (com_travelbook) c ...)
	NOT-FOR-US: com_travelbook component for joomla!
CVE-2010-1534 (Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) c ...)
	NOT-FOR-US: com_shoutbox component for joomla!
CVE-2010-1533 (Directory traversal vulnerability in the TweetLA (com_tweetla) compone ...)
	NOT-FOR-US: com_tweetla component for joomla!
CVE-2010-1532 (Directory traversal vulnerability in the givesight PowerMail Pro (com_ ...)
	NOT-FOR-US: com_powermail component for joomla!
CVE-2010-1531 (Directory traversal vulnerability in the redSHOP (com_redshop) compone ...)
	NOT-FOR-US: com_redshop component for joomla!
CVE-2010-1530 (Multiple cross-site scripting (XSS) vulnerabilities in the Internation ...)
	NOT-FOR-US: Internationalization module for drupal
CVE-2010-1529 (SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) compo ...)
	NOT-FOR-US: com_fsf component for joomla!
CVE-2010-1528 (PHP remote file inclusion vulnerability in include/template.php in Uig ...)
	NOT-FOR-US: Uiga Proxy
CVE-2010-1527 (Stack-based buffer overflow in Novell iPrint Client before 5.44 allows ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2010-1526 (Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow ...)
	- libgdiplus 2.6.7-2 (low; bug #594155)
	[lenny] - libgdiplus 1.9-1+lenny1
CVE-2010-1525 (Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in A ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4  ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-1523 (Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in ...)
	NOT-FOR-US: Winamp
CVE-2010-1522 (Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_b ...)
	NOT-FOR-US: com_booklibrary component for joomla!
CVE-2010-1521 (SQL injection vulnerability in include/classes/tzn_user.php in TaskFre ...)
	NOT-FOR-US: TaskFreak! Original multi user
CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! O ...)
	NOT-FOR-US: TaskFreak! Original multi user
CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow context-depe ...)
	- libglpng <removed> (low; bug #595171)
	[lenny] - libglpng <no-dsa> (Minor issue)
CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 Activ ...)
	NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers ...)
	NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
CVE-2010-1516 (Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to ...)
	NOT-FOR-US: SWFtools (were once packaged)
CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-1514 (Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier  ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-1513 (Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allo ...)
	- ziproxy 3.1.0-1 (bug #584933)
	[lenny] - ziproxy <no-dsa> (Minor issue, obscure attack vector)
CVE-2010-1512 (Directory traversal vulnerability in aria2 before 1.9.3 allows remote  ...)
	{DSA-2047-1}
	- aria2 1.9.3-1
	NOTE: http://seclists.org/fulldisclosure/2010/May/168
CVE-2010-1511 (KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request dow ...)
	- kdenetwork 4:4.4.4-1 (low)
	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
	NOTE: http://seclists.org/fulldisclosure/2010/May/164
CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows remote atta ...)
	NOT-FOR-US: IrfanView
CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified integer  ...)
	NOT-FOR-US: IrfanView
CVE-2010-1508 (Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-1507 (WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the We ...)
	NOT-FOR-US: YAST
CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow atta ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (doesn't use v8 bindings yet)
	NOTE: http://trac.webkit.org/changeset/45826
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37210
	NOTE: http://trac.webkit.org/changeset/57224
CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading  ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific issue)
CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.2 ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific issue)
CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.2 ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific issue)
CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows  ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific directory traversal)
CVE-2010-1501
	REJECTED
CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, whi ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (proof-of-concept not effective; chromium-specific issue)
CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allow ...)
	NOT-FOR-US: MusicBox
CVE-2010-1498 (Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow re ...)
	NOT-FOR-US: dl_stats
CVE-2010-1497 (Cross-site scripting (XSS) vulnerability in download_proc.php in dl_st ...)
	NOT-FOR-US: dl_stats
CVE-2010-1496 (SQL injection vulnerability in the JoltCard (com_joltcard) component 1 ...)
	NOT-FOR-US: com_joltcard component for joomla!
CVE-2010-1495 (Directory traversal vulnerability in the Matamko (com_matamko) compone ...)
	NOT-FOR-US: com_matamko component for joomla!
CVE-2010-1494 (Directory traversal vulnerability in the AWDwall (com_awdwall) compone ...)
	NOT-FOR-US: com_awdwall component for joomla!
CVE-2010-1493 (SQL injection vulnerability in the AWDwall (com_awdwall) component bef ...)
	NOT-FOR-US: com_awdwall component for joomla!
CVE-2010-1492 (Directory traversal vulnerability in help/frameRight.php in Elastix 1. ...)
	NOT-FOR-US: Elastix
CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog) compon ...)
	NOT-FOR-US: com_mmsblog component for joomla!
CVE-2010-1490 (Unspecified vulnerability in IBM Cognos 8 Business Intelligence before ...)
	NOT-FOR-US: IBM Cognos
CVE-2010-XXXX [prosody password world-readable]
	- prosody 0.7.0-1 (low; bug #579087)
CVE-2010-XXXX [gnome-orca: shell access without logon]
	- gnome-orca 2.30.0-2 (bug #578928)
	[lenny] - gnome-orca <not-affected> (Doesn't affect Lenny's version)
CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e an ...)
	{DSA-2039-1}
	- cacti 0.8.7e-3 (bug #578909)
	NOTE: http://seclists.org/fulldisclosure/2010/Apr/272
	NOTE: http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
CVE-2010-1489 (The XSS Filter in Microsoft Internet Explorer 8 does not properly perf ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1488 (The proc_oom_score function in fs/proc/base.c in the Linux kernel befo ...)
	- linux-2.6 2.6.32-12
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2010-1486 (Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in ...)
	NOT-FOR-US: CactuShop
CVE-2010-1485
	RESERVED
CVE-2010-1484
	RESERVED
CVE-2010-1483
	RESERVED
CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in PmWik ...)
	NOT-FOR-US: PmWiki
CVE-2010-1480 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1479 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1478 (Directory traversal vulnerability in the Ternaria Informatica Jfeedbac ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1477 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) c ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1476 (Directory traversal vulnerability in the AlphaUserPoints (com_alphause ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1475 (Directory traversal vulnerability in the Preventive &amp; Reservation  ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1474 (Directory traversal vulnerability in the Sweety Keeper (com_sweetykeep ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1473 (Directory traversal vulnerability in the Advertising (com_advertising) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1472 (Directory traversal vulnerability in the Daily Horoscope (com_horoscop ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1471 (Directory traversal vulnerability in the AddressBook (com_addressbook) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1470 (Directory traversal vulnerability in the Web TV (com_webtv) component  ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1469 (Directory traversal vulnerability in the Ternaria Informatica JProject ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1468 (SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence Vacc ...)
	NOT-FOR-US: openUrgence
CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence Va ...)
	NOT-FOR-US: openUrgence
CVE-2010-1465 (Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1 ...)
	NOT-FOR-US: Trellian FTP
CVE-2010-1464 (Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-S ...)
	NOT-FOR-US: WebAsyst Shop-Script FREE
CVE-2010-1463 (Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE al ...)
	NOT-FOR-US: WebAsyst Shop-Script FREE
CVE-2010-1462 (Directory traversal vulnerability in WebAsyst Shop-Script FREE has unk ...)
	NOT-FOR-US: WebAsyst Shop-Script FREE
CVE-2010-1461 (Directory traversal vulnerability in the Photo Battle (com_photobattle ...)
	NOT-FOR-US: Photo Battle Component for Joomla!
CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware bef ...)
	NOT-FOR-US: IBM BladeCenter Management Module
CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a value  ...)
	- mono 2.4.4~svn151842-3 (bug #585440)
CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Uti ...)
	NOT-FOR-US: TweakFS
CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not p ...)
	- fetchmail 6.3.16-2 (low)
	[lenny] - fetchmail <no-dsa> (only vulnerable when run under debug verbosity level)
	NOTE: http://www.fetchmail.info/fetchmail-SA-2010-02.txt
	NOTE: http://gitorious.org/fetchmail/fetchmail/commit/ec06293
CVE-2010-1457 (Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local us ...)
	- gnustep-base 1.19.3-2 (bug #584402)
	[lenny] - gnustep-base <not-affected> (Not installed setuid root)
	NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
CVE-2010-1456
	REJECTED
CVE-2010-1455 (The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 throu ...)
	- wireshark 1.2.8-1 (unimportant)
	NOTE: Not triggerable remotely
CVE-2010-1454 (com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMwa ...)
	NOT-FOR-US: VMware
CVE-2010-1453 (Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0. ...)
	- piwik <itp> (bug #506933)
CVE-2010-1452 (The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2. ...)
	- apache2 2.2.16-1 (low)
	[lenny] - apache2 2.2.9-10+lenny10
CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Li ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-10
CVE-2010-1450 (Multiple buffer overflows in the RLE decoder in the rgbimg module in P ...)
	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
	- python2.5 2.5.5-11 (low; bug #603162)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1449 (Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5  ...)
	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
	- python2.5 2.5.5-11 (low; bug #603162)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR C ...)
	{DSA-2092-1}
	- lxr <removed> (low; bug #585411)
	[lenny] - lxr <no-dsa> (Minor issue)
	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036)
	NOTE: seems to be a dupe of CVE-2010-1738
CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for  ...)
	{DSA-2267-1 DSA-2051-1}
	- postgresql-8.4 8.4.4-1
	- postgresql-8.3 <removed>
	- perl 5.12.3-1
	NOTE: Originally attributed to Postgres, but also affects standard Perl
CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12 (unimportant)
	NOTE: KGDB is not currently enabled in debian builds
CVE-2010-1445 (Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 a ...)
	- vlc 1.0.6-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1444 (The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 ...)
	- vlc 1.0.6-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1443 (The parse_track_node function in modules/demux/playlist/xspf.c in the  ...)
	- vlc 1.0.6-1 (unimportant)
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1442 (VideoLAN VLC media player before 1.0.6 allows remote attackers to caus ...)
	- vlc 1.0.6-1
	[lenny] - vlc 0.8.6.h-4+lenny3
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1441 (Multiple heap-based buffer overflows in VideoLAN VLC media player befo ...)
	- vlc 1.0.6-1
	[lenny] - vlc 0.8.6.h-4+lenny3
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live  ...)
	- texlive-bin 2009-6 (low; bug #580668)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
CVE-2010-1439 (yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools)  ...)
	NOT-FOR-US: Red Hat Network Client Tools
CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames u ...)
	- wafp <itp> (bug #562949)
CVE-2010-1437 (Race condition in the find_keyring_by_name function in security/keys/k ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-13
CVE-2010-1436 (gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-1435
	RESERVED
CVE-2010-1434
	RESERVED
CVE-2010-1433
	RESERVED
CVE-2010-1432
	RESERVED
CVE-2010-1430
	REJECTED
CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterpri ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-1427 (Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin ...)
	NOT-FOR-US: MODx Evolution
CVE-2010-1426 (SQL injection vulnerability in MODx Evolution before 1.0.3 allows remo ...)
	NOT-FOR-US: MODx Evolution
CVE-2010-1425 (F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft  ...)
	NOT-FOR-US: F-Secure Internet Security
CVE-2010-1424 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Governm ...)
	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=26824
	NOTE: http://trac.webkit.org/changeset/58829
CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before 5 ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751
	NOTE: http://trac.webkit.org/changeset/58703
CVE-2010-1420 (Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37618
	NOTE: http://trac.webkit.org/changeset/58616
CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38260
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36502
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
	NOTE: http://trac.webkit.org/changeset/58844
	NOTE: http://trac.webkit.org/changeset/56651
	NOTE: http://trac.webkit.org/changeset/57627
CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001
	NOTE: http://trac.webkit.org/changeset/58201
	NOTE: if this commit is correct, this is a dup of cve-2010-1665
CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36838
	NOTE: http://trac.webkit.org/changeset/56810
CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36000
	NOTE: http://trac.webkit.org/changeset/56420
CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35818
	NOTE: http://trac.webkit.org/changeset/55783
CVE-2010-1413 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit <not-affected> (affected cf/iss code is not present)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37230
	NOTE: http://trac.webkit.org/changeset/57232
CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635
	NOTE: http://trac.webkit.org/changeset/57759
	NOTE: http://trac.webkit.org/changeset/57817
CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in tif_fax3. ...)
	{DSA-2084-1}
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35603
	NOTE: http://trac.webkit.org/changeset/55511
CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before 5. ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34451
	NOTE: http://trac.webkit.org/changeset/54193
CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36571
	NOTE: http://trac.webkit.org/changeset/56489
	NOTE: http://trac.webkit.org/changeset/56492
	NOTE: http://trac.webkit.org/changeset/56879
CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not pro ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36435
	NOTE: http://trac.webkit.org/changeset/56365
CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=30841
	NOTE: http://trac.webkit.org/changeset/50226
	NOTE: http://trac.webkit.org/changeset/50240
CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36198
	NOTE: http://trac.webkit.org/changeset/56186
CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35709
	NOTE: http://trac.webkit.org/changeset/53446
CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35708
	NOTE: http://trac.webkit.org/changeset/53446
CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac  ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35598
	NOTE: http://trac.webkit.org/changeset/55182
CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35353
	NOTE: http://trac.webkit.org/changeset/55196
CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34734
	NOTE: http://trac.webkit.org/changeset/54521
CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35599
	NOTE: http://trac.webkit.org/changeset/46437
CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35305
	NOTE: http://trac.webkit.org/changeset/55167
CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=32842
	NOTE: http://trac.webkit.org/changeset/52034
	NOTE: http://trac.webkit.org/changeset/55114
CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35621
	NOTE: http://trac.webkit.org/changeset/55462
	NOTE: http://trac.webkit.org/changeset/55465
CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=26868
	NOTE: http://trac.webkit.org/changeset/46068
CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: http://trac.webkit.org/changeset/55203
	NOTE: http://trac.webkit.org/changeset/55212
CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33683
	NOTE: http://trac.webkit.org/changeset/53607
CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34641
	NOTE: http://trac.webkit.org/changeset/56297
CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local Storage  ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36243
	NOTE: http://trac.webkit.org/changeset/56139
CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=29078
	NOTE: http://trac.webkit.org/changeset/49487
CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=30019
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34148
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33970
	NOTE: http://trac.webkit.org/changeset/53442
	NOTE: http://trac.webkit.org/changeset/53835
	NOTE: http://trac.webkit.org/changeset/53659
CVE-2010-1388 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and b ...)
	- webkit <not-affected> (issue in mac-specific code)
	- chromium-browser <not-affected> (issue in mac-specific code)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=28755
	NOTE: http://trac.webkit.org/changeset/47829
CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTun ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34321
	NOTE: http://trac.webkit.org/changeset/54129
	NOTE: http://trac.webkit.org/changeset/54141
	NOTE: http://trac.webkit.org/changeset/54265
CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2 ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255
	NOTE: http://trac.webkit.org/changeset/56188
CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10 ...)
	- webkit <not-affected> (this is a bug in Apple's PDFKit)
	- chromium-browser <not-affected> (this is a bug in Apple's PDFKit)
CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: This is based on various misconceptions surrounding "phishing" The only supported browser security model
	NOTE: surrounding URLs is the accurate post-link-click indication of the final target URL in the URL bar.
CVE-2010-1383 (CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web se ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1381 (The default configuration of SMB File Server in Apple Mac OS X 10.5.8, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1380 (Integer overflow in the cgtexttops CUPS filter in Printing in Apple Ma ...)
	NOT-FOR-US: Apple-specific CUPS filter "cgtexttops"
CVE-2010-1379 (Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1378 (OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perfo ...)
	- openssl <not-affected> (fix for an apple-specific flaw)
	NOTE: sounds like a duplicate of CVE-2009-2409
CVE-2010-1377 (Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencry ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1376 (Multiple format string vulnerabilities in Network Authorization in App ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1375 (NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1374 (Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, a ...)
	NOT-FOR-US: iChat
CVE-2010-1373 (Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI  ...)
	- sun-java6 6.20-1 (high)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-2449 (Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID. ...)
	- gource 0.26-2 (low; bug #577958)
CVE-2010-1564
	REJECTED
CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) com ...)
	NOT-FOR-US: Joomla!
CVE-2010-1371 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classifi ...)
	NOT-FOR-US: Pre Classified Listings ASP
CVE-2010-1370 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...)
	NOT-FOR-US: Pre Classified Listings ASP
CVE-2010-1369 (SQL injection vulnerability in signup.asp in Pre Classified Listings A ...)
	NOT-FOR-US: Pre Classified Listings ASP
CVE-2010-1368 (SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows ...)
	NOT-FOR-US: GameScript
CVE-2010-1367 (Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_log ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1366 (Multiple SQL injection vulnerabilities in admin/admin_login.php in Uig ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1365 (SQL injection vulnerability in index.php in Uiga Fan Club, as download ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1364 (SQL injection vulnerability in index.php in Uiga Personal Portal, as d ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1363 (SQL injection vulnerability in the JProjects (com_j-projects) componen ...)
	NOT-FOR-US: Joomla!
CVE-2010-1362 (Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1. ...)
	NOT-FOR-US: Own Term module for Drupal
CVE-2010-1361 (Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING ...)
	NOT-FOR-US: PHPepperShop
CVE-2010-1360 (Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.0 ...)
	NOT-FOR-US: FAQEngine
CVE-2010-1359 (SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL  ...)
	NOT-FOR-US: xt:Commerce
CVE-2010-1358 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio)  ...)
	NOT-FOR-US: Biblio module for Drupal
CVE-2010-1357 (Cross-site scripting (XSS) vulnerability in editors/logindialogue.php  ...)
	NOT-FOR-US: SBD Directory Software
CVE-2010-1356 (Unspecified vulnerability on the TANDBERG Video Communication Server ( ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2010-1355 (Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communi ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2010-1354 (Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1 ...)
	NOT-FOR-US: Joomla!
CVE-2010-1353 (Directory traversal vulnerability in the LoginBox Pro (com_loginbox) c ...)
	NOT-FOR-US: Joomla!
CVE-2010-1352 (Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox ...)
	NOT-FOR-US: Joomla!
CVE-2010-1351 (Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 ...)
	NOT-FOR-US: Nodesforum
CVE-2010-1350 (SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4 ...)
	NOT-FOR-US: Joomla!
CVE-2010-1349 (Integer overflow in Opera 10.10 through 10.50 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2010-1348 (Unspecified vulnerability in the login process in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-1347 (Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and L ...)
	NOT-FOR-US: IBM AIX
CVE-2010-1346 (SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, ...)
	NOT-FOR-US: Mini CMS RibaFS
CVE-2010-1345 (Directory traversal vulnerability in the Cookex Agency CKForms (com_ck ...)
	NOT-FOR-US: Joomla!
CVE-2010-1344 (SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) ...)
	NOT-FOR-US: Joomla!
CVE-2010-1343 (SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows re ...)
	NOT-FOR-US: SiteX
CVE-2010-1342 (Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10 ...)
	NOT-FOR-US: Direct News
CVE-2010-1341 (SQL injection vulnerability in index.php in Systemsoftware Community B ...)
	NOT-FOR-US: Systemsoftware Community Black Forum
CVE-2010-1340 (Directory traversal vulnerability in jresearch.php in the J!Research ( ...)
	NOT-FOR-US: Joomla!
CVE-2010-1339 (Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsi ...)
	NOT-FOR-US: Teamsite Hack plugin
CVE-2010-1338 (SQL injection vulnerability in ts_other.php in the Teamsite Hack plugi ...)
	NOT-FOR-US: Teamsite Hack plugin
CVE-2010-1337 (Multiple PHP remote file inclusion vulnerabilities in definitions.php  ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2010-1336 (Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote at ...)
	NOT-FOR-US: INVOhost
CVE-2010-1335 (Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-01 ...)
	NOT-FOR-US: Insky CMS
CVE-2010-1334 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-1333 (Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Comp ...)
	NOT-FOR-US: Almas Inc. Compiere J300_A02
CVE-2010-1332 (Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail  ...)
	NOT-FOR-US: PrettyBook PrettyFormMail
CVE-2010-1331 (SQL injection vulnerability in Heartlogic HL-SiteManager allows remote ...)
	NOT-FOR-US: Heartlogic HL-SiteManager
CVE-2010-1330 (The regular expression engine in JRuby before 1.4.1, when $KCODE is se ...)
	- jruby 1.5.0~rc1-1
CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall 5. ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall and Database Firewall
CVE-2010-1328 (Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1. ...)
	NOT-FOR-US: TornadoStore
CVE-2010-1327 (Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earli ...)
	NOT-FOR-US: TornadoStore
CVE-2010-1326 (perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03  ...)
	{DSA-2108-1}
	- cvsnt 2.5.04.3236-1.2 (medium; bug #593884)
	NOTE: http://march-hare.com/cvspro/vuln.htm
CVE-2010-1325 (Cross-site request forgery (CSRF) vulnerability in the apache2-slms pa ...)
	NOT-FOR-US: SUSE Lifecycle Management Server
CVE-2010-1324 (MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not prope ...)
	- krb5 1.8.3+dfsg-3 (bug #605553)
	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.7)
CVE-2010-1323 (MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x ...)
	{DSA-2129-1}
	- krb5 1.8.3+dfsg-3 (bug #605553)
CVE-2010-1322 (The merge_authdata function in kdc_authdata.c in the Key Distribution  ...)
	- krb5 1.8.3+dfsg-2 (bug #599237)
	[lenny] - krb5 <not-affected> (Only affects 1.8)
	[etch] - krb5 <not-affected> (Only affects 1.8)
	NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt
CVE-2010-1321 (The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-AP ...)
	{DSA-2052-1}
	- krb5 1.8.1+dfsg-3 (low; bug #582261)
	- heimdal 1.4.0~git20100605.dfsg.1-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-1320 (Double free vulnerability in do_tgs_req.c in the Key Distribution Cent ...)
	- krb5 1.8.1+dfsg-2 (bug #577490)
	[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
	NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt
CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ 1. ...)
	NOT-FOR-US: Real Helix Server
CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in  ...)
	NOT-FOR-US: Real Helix Server
CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in ...)
	NOT-FOR-US: Real Helix Server
CVE-2010-1316 (Multiple stack-based buffer overflows in Tembria Server Monitor before ...)
	NOT-FOR-US: Tembria Server Monitor
CVE-2010-1315 (Directory traversal vulnerability in weberpcustomer.php in the webERPc ...)
	NOT-FOR-US: Joomla!
CVE-2010-1314 (Directory traversal vulnerability in the Highslide JS (com_hsconfig) c ...)
	NOT-FOR-US: Joomla!
CVE-2010-1313 (Directory traversal vulnerability in the Seber Cart (com_sebercart) co ...)
	NOT-FOR-US: Joomla!
CVE-2010-1312 (Directory traversal vulnerability in the iJoomla News Portal (com_news ...)
	NOT-FOR-US: Joomla!
CVE-2010-1311 (The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.9 ...)
	- clamav 0.96+dfsg-2 (bug #577462; low)
	[lenny] - clamav <end-of-life> (bug #577462; low)
	NOTE: Lenny version achieved end of life! see
	NOTE: http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/
CVE-2010-1310 (Opera 10.50 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Opera
CVE-2010-1309 (Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0. ...)
	NOT-FOR-US: Pepsi CMS
CVE-2010-1308 (Directory traversal vulnerability in the SVMap (com_svmap) component 1 ...)
	NOT-FOR-US: Joomla!
CVE-2010-1307 (Directory traversal vulnerability in the Magic Updater (com_joomlaupda ...)
	NOT-FOR-US: Joomla!
CVE-2010-1306 (Directory traversal vulnerability in the Picasa (com_joomlapicasa2) co ...)
	NOT-FOR-US: Joomla!
CVE-2010-1305 (Directory traversal vulnerability in jinventory.php in the JInventory  ...)
	NOT-FOR-US: Joomla!
CVE-2010-1304 (Directory traversal vulnerability in userstatus.php in the User Status ...)
	NOT-FOR-US: Joomla!
CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Fi ...)
	NOT-FOR-US: Drupal module
CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW ...)
	NOT-FOR-US: Joomla!
CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5 allows remot ...)
	- centreon-web <itp> (bug #913903)
CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Al ...)
	NOT-FOR-US: Yamamah
CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, ...)
	NOT-FOR-US: DynPG CMS
CVE-2010-1298 (Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allow ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-1297 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-1296 (Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow u ...)
	NOT-FOR-US: Adobe Photoshop CS4
CVE-2010-1295 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-1294 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allo ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-1293 (Cross-site scripting (XSS) vulnerability in the Administrator page in  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave Playe ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allo ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1285 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D ob ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ca ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validat ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1279 (Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x befor ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in  ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...)
	- zabbix 1:1.8.2-1 (bug #577058)
	[lenny] - zabbix <not-affected> (vulnerable code not present)
	[etch] - zabbix <not-affected> (vulnerable code not present)
	NOTE: This is a bug that was introduced with the Zabbix 1.8 API
CVE-2010-1276 (Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2  ...)
	NOT-FOR-US: BBSXP
CVE-2010-1275 (Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 ...)
	NOT-FOR-US: BBSXP
CVE-2010-1274 (Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allo ...)
	NOT-FOR-US: Emweb Wt
CVE-2010-1273 (Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form ...)
	NOT-FOR-US: Emweb Wt
CVE-2010-1272 (PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat ...)
	NOT-FOR-US: Gnat-TGP
CVE-2010-1271 (SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows  ...)
	NOT-FOR-US: smartplugs
CVE-2010-1270 (SQL injection vulnerability in auktion.php in Multi Auktions Komplett  ...)
	NOT-FOR-US: Multi Auktions Komplett System
CVE-2010-1269 (SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Geb ...)
	NOT-FOR-US: Gebote Pro Auktions System
CVE-2010-1268 (Directory traversal vulnerability in index.php in justVisual CMS 2.0,  ...)
	NOT-FOR-US: justVisual CMS
CVE-2010-1267 (Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta ...)
	NOT-FOR-US: WebMaid CMS
CVE-2010-1266 (Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2- ...)
	NOT-FOR-US: WebMaid CMS
CVE-2010-1265 (SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flas ...)
	NOT-FOR-US: dcsFlashGames
CVE-2010-1264 (Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 ...)
	NOT-FOR-US: Microsoft
CVE-2010-1263 (Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2010-1262 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2010-1261 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, a ...)
	NOT-FOR-US: Microsoft
CVE-2010-1260 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, a ...)
	NOT-FOR-US: Microsoft
CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine th ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as u ...)
	NOT-FOR-US: Microsoft
CVE-2010-1256 (Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Ext ...)
	NOT-FOR-US: Microsoft
CVE-2010-1255 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2010-1254 (The installation for Microsoft Open XML File Format Converter for Mac  ...)
	NOT-FOR-US: Microsoft
CVE-2010-1253 (Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for ma ...)
	NOT-FOR-US: Microsoft
CVE-2010-1252 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Offic ...)
	NOT-FOR-US: Microsoft
CVE-2010-1251 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Offic ...)
	NOT-FOR-US: Microsoft
CVE-2010-1250 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office  ...)
	NOT-FOR-US: Microsoft
CVE-2010-1249 (Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Ma ...)
	NOT-FOR-US: Microsoft
CVE-2010-1248 (Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for ...)
	NOT-FOR-US: Microsoft
CVE-2010-1247 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2010-1246 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows  ...)
	NOT-FOR-US: Microsoft
CVE-2010-1245 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2 ...)
	NOT-FOR-US: Microsoft
CVE-2010-XXXX [tcpdf code execution via tcpdf tag]
	- moodle <not-affected> (Vulnerable code not present)
	- phpmyadmin <not-affected> (Vulnerable code not present)
	- tcpdf 6.0.010+dfsg-1
	NOTE: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view
	NOTE: http://seclists.org/fulldisclosure/2010/Apr/104
	NOTE: setting K_TCPDF_CALLS_IN_HTML to false mitigates the problem
CVE-2010-XXXX [xmail insecure temp files handling]
	- xmail 1.27-1 (low)
	[lenny] - xmail <no-dsa> (Minor issue)
	NOTE: http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27
CVE-2010-1159 (Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow r ...)
	- aircrack-ng 1:1.1-1 (low; bug #577758)
	[lenny] - aircrack-ng <no-dsa> (low)
	[etch] - aircrack-ng <no-dsa> (low)
	NOTE: http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py
CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in createDestination.a ...)
	NOT-FOR-US: Apache ActiveMQ
CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 c ...)
	NOT-FOR-US: IBM Web Interface for Content Management
CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Int ...)
	NOT-FOR-US: IBM Web Interface for Content Management
CVE-2010-1241 (Heap-based buffer overflow in the custom heap management system in Ado ...)
	NOT-FOR-US: Acrobat Reader
CVE-2010-1240 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute  ...)
	NOT-FOR-US: Foxit Reader
CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha protectio ...)
	- moin 1.9.2-3 (bug #575995; medium)
	[lenny] - moin 1.7.1-3+lenny4 (bug #575995; medium)
	NOTE: see http://www.debian.org/security/2010/dsa-2024
CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to  ...)
	- webkit 1.1.90-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://trac.webkit.org/changeset/55511
	NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061
CVE-2010-1236 (The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKi ...)
	- webkit <not-affected> (bug #577457; proof-of-concepts are not effective against webkit)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://trac.webkit.org/changeset/55822
CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows  ...)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: issue in chrome-specific download dialog
CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows  ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow  ...)
	- webkit <not-affected> (v8 and webgl not yet included)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://trac.webkit.org/changeset/55376
CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a d ...)
	- webkit 1.1.90-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before invoki ...)
	- webkit <not-affected> (does not yet have a "safe browsing" feature; i.e. chromium-specific issue)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior  ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does n ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google Chrom ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System Communicat ...)
	NOT-FOR-US: Sun Java System Communication Express
CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G  ...)
	NOT-FOR-US: Apple iPhone
CVE-2010-1225 (The memory-management implementation in the Virtual Machine Monitor (a ...)
	NOT-FOR-US: Microsoft Virtual PC
CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x be ...)
	- asterisk 1:1.6.2.6-1 (low; bug #576560)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2010-1223 (Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote at ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-1222 (CA XOsoft r12.5 does not properly perform authentication, which allows ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-1221 (CA XOsoft r12.0 and r12.5 does not properly perform authentication, wh ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-1220
	RESERVED
CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability]
	- interchange 5.7.6-1
CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews) componen ...)
	NOT-FOR-US: com_janews component for Joomla!
CVE-2010-1218 (Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8 ...)
	NOT-FOR-US: mm_forum extension for TYPO3
CVE-2010-1217 (Directory traversal vulnerability in the JE Form Creator (com_jeformcr ...)
	NOT-FOR-US: com_jeformcr component for Joomla!
CVE-2010-1216 (PHP remote file inclusion vulnerability in templates/template.php in n ...)
	NOT-FOR-US: notsoPureEdit
CVE-2010-1215 (Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1  ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6.x and above)
	- iceweasel <not-affected> (Only affects Firefox 3.6.x and above)
CVE-2010-1214 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x befo ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1213 (The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3. ...)
	- xulrunner 1.9.1.11-1
	[lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.0.6-1
CVE-2010-1212 (js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x bef ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6.x and above)
	- iceweasel <not-affected> (Only affects Firefox 3.6.x and above)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
CVE-2010-1211 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - icedove <end-of-life>
	- icedove 3.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1210 (intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3. ...)
	- xulrunner <not-affected> (Only affects 1.9.2 and above)
	- iceweasel <not-affected> (Only affects 1.9.2 and above)
CVE-2010-1209 (Use-after-free vulnerability in the NodeIterator implementation in Moz ...)
	- xulrunner 1.9.1.11-1
	[lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1208 (Use-after-free vulnerability in the attribute-cloning functionality in ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1207 (Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not prope ...)
	- xulrunner <not-affected> (Only affects 1.9.2 and above)
	- iceweasel <not-affected> (Only affects 1.9.2 and above)
CVE-2010-1206 (The startDocumentLoad function in browser/base/content/browser.js in M ...)
	- iceweasel 3.5.11-1
	[lenny] - iceweasel <not-affected> (Vulnerable code not present)
	NOTE: Introduced by https://bugzilla.mozilla.org/show_bug.cgi?id=254714
CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before ...)
	{DSA-2075-1 DSA-2072-1}
	- libpng 1.2.44-1 (bug #587670)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
	- tuxonice-userui 1.0-1 (unimportant)
	NOTE: tuxonice-userui 1.0-1 was binNMUed
CVE-2010-1204 (Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 ...)
	- bugzilla 3.4.7.0-1 (low; bug #587663)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2010-1203 (The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remo ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
	- iceweasel <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
CVE-2010-1202 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1201 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1200 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in Mozilla Fi ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - icedove <end-of-life>
	- icedove 3.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1198 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 an ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1197 (Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMon ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal function ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[lenny] - icedove <end-of-life>
	- iceape 2.0.5-1
	- icedove 3.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and p ...)
	- libesmtp 1.0.4-2 (bug #311191)
CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other versions ...)
	- sahana <itp> (bug #497414)
CVE-2010-1186 (Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the N ...)
	NOT-FOR-US: NextGEN Gallery plugin for WordPress
CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kern ...)
	- linux-2.6 2.6.20-1
CVE-2010-1187 (The Transparent Inter-Process Communication (TIPC) functionality in Li ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12
CVE-2010-1185 (Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6 ...)
	NOT-FOR-US: SAP MaxDB
CVE-2010-1184 (The Microsoft wireless keyboard uses XOR encryption with a key derived ...)
	NOT-FOR-US: Microsoft Wireless Keyboard
CVE-2010-1183 (Certain patch-installation scripts in Oracle Solaris allow local users ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative console in  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2010-1179 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1178 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1177 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1176 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1175 (Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003  ...)
	NOT-FOR-US: Microsoft Internet Explorer 7.0
CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Cisco TFTP Server
CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12
CVE-2010-1172 (DBus-GLib 0.73 disregards the access flag of exported GObject properti ...)
	- dbus-glib 0.88-1 (low; bug #592753)
	[lenny] - dbus-glib <no-dsa> (Minor issue)
CVE-2010-1171 (Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsol ...)
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2010-1170 (The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before  ...)
	{DSA-2051-1}
	- postgresql-8.4 8.4.4-1 (low)
	- postgresql-8.3 <removed>
CVE-2010-1169 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8. ...)
	{DSA-2051-1}
	- postgresql-8.4 8.4.4-1 (low)
	- postgresql-8.3 <removed>
CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows context-depe ...)
	- perl 5.10.1-13 (bug #582978)
	[lenny] - perl 5.10.0-19lenny3
CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X  ...)
	- xorg-server <not-affected> (Xorg in Lenny onwards uses Pixman, which isn't affected)
	NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html
CVE-2010-1165 (Atlassian JIRA 3.12 through 4.1 allows remote authenticated administra ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2010-1164 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA  ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does  ...)
	- sudo 1.7.2p6-1 (bug #578275)
	[lenny] - sudo <not-affected> (ignore_dot default value is off and can't be changed in runtime)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=580441#c3
CVE-2010-1162 (The release_one_tty function in drivers/char/tty_io.c in the Linux ker ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12
CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a fi ...)
	- nano 2.2.4-1 (low; bug #577817)
	[lenny] - nano 2.0.7-5
CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed  ...)
	- nano 2.2.4-1 (low; bug #577817)
	[lenny] - nano 2.0.7-5
CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...)
	- perl <not-affected> (re engine rewritten for 5.10 to address issues such as this; and proof-of-concept not effective)
CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allo ...)
	{DSA-2207-1}
	- tomcat6 6.0.26-5 (bug #587447; unimportant)
	- tomcat5.5 <removed> (unimportant)
	NOTE: Negligible information disclosure
CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to caus ...)
	- irssi 0.8.15-1 (low)
	[lenny] - irssi <no-dsa> (Minor issue)
CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server ...)
	- irssi 0.8.15-1 (low)
	[lenny] - irssi <no-dsa> (Minor issue)
CVE-2010-1154
	REJECTED
CVE-2010-1153 (PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3 ...)
	- typo3-src 4.3.3-1 (bug #577993)
	[lenny] - typo3-src <not-affected> (Only affects 4.3.x)
CVE-2010-1152 (memcached.c in memcached before 1.4.3 allows remote attackers to cause ...)
	- memcached 1.4.5-1 (low; bug #579913)
	[lenny] - memcached <no-dsa> (Minor issue)
CVE-2010-1151 (Race condition in the mod_auth_shadow module for the Apache HTTP Serve ...)
	- libapache2-mod-auth-shadow <itp> (bug #503184)
CVE-2010-1150 (MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not proper ...)
	{DSA-2041-1}
	- mediawiki 1:1.15.3-1 (low)
CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TA ...)
	- udisks 1.0.1-1 (medium; bug #576687)
CVE-2010-1148 (The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 ...)
	- linux-2.6 2.6.32-12
	[lenny] - linux-2.6 <not-affected> (vulnerable code not yet present)
CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hu ...)
	- opendchub 0.8.2-1 (bug #576308)
	[lenny] - opendchub <not-affected> (Vulnerable code not present)
CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exis ...)
	- linux-2.6 2.6.32-12
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2010-1145
	REJECTED
CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids before 1.24, as us ...)
	- libnids 1.23-1.2 (low; bug #576281)
	[lenny] - libnids <no-dsa> (Minor issue)
	NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor
CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View (formerly Virt ...)
	NOT-FOR-US: VMware
CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VM ...)
	NOT-FOR-US: VMware products
CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VM ...)
	NOT-FOR-US: VMware products
CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 an ...)
	NOT-FOR-US: VMware products
CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware W ...)
	NOT-FOR-US: VMware products
CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 bu ...)
	NOT-FOR-US: VMware products
CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Virtua ...)
	NOT-FOR-US: VMware Server
CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5  ...)
	- tikiwiki <removed>
CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does ...)
	- tikiwiki <removed>
CVE-2010-1134 (SQL injection vulnerability in the _find function in searchlib.php in  ...)
	- tikiwiki <removed>
CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x b ...)
	- tikiwiki <removed>
CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, a ...)
	NOTE: browser crashes are not considered security-relevant
CVE-2010-1130 (session.c in the session extension in PHP before 5.2.13, and 5.3.1, do ...)
	- php5 5.3.2-1 (unimportant)
	NOTE: open_basedir not supported
CVE-2010-1129 (The safe_mode implementation in PHP before 5.2.13 does not properly ha ...)
	- php5 5.3.2-1 (unimportant)
	NOTE: safe_mode not supported
CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not  ...)
	{DSA-2195-1}
	- php5 5.3.2-1 (low)
CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data s ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to sen ...)
	- webkit <not-affected> (proof-of-concept not effective; windows-only?)
CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
	NOTE: Description is wrong, only affects Firefox 3.6 per https://bugzilla.mozilla.org/show_bug.cgi?id=552255
CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading  ...)
	NOT-FOR-US: IBM AIX
CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile with th ...)
	- deliver <removed>
CVE-2010-2445 (freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read ...)
	- freeciv 2.2.1-1 (low; bug #584589)
	[lenny] - freeciv <no-dsa> (Minor issue)
	NOTE: http://gna.org/bugs/?15624
CVE-2010-2446 (Rbot Reaction plugin allows command execution ...)
	- rbot 0.9.14-2 (bug #575286)
	[lenny] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
	[etch] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
CVE-2010-1122 (Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allow ...)
	- xulrunner <not-affected> (Only affects the Firefox 3.6 branch)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=552216
CVE-2010-1121 (Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-1120 (Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows re ...)
	NOT-FOR-US: Apple Type Services
CVE-2010-1119 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33850
	NOTE: http://trac.webkit.org/changeset/53501
	NOTE: http://trac.webkit.org/changeset/53504
CVE-2010-1118 (Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows  ...)
	NOT-FOR-US: Internet Explorer
CVE-2010-1117 (Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows ...)
	NOT-FOR-US: Internet Explorer
CVE-2010-1116 (LookMer Music Portal stores sensitive information under the web root w ...)
	NOT-FOR-US: LookMer Music Portal
CVE-2010-1115 (Directory traversal vulnerability in news/include/customize.php in Web ...)
	NOT-FOR-US: Web Server Creator - Web Portal
CVE-2010-1114 (Multiple PHP remote file inclusion vulnerabilities in Web Server Creat ...)
	NOT-FOR-US: Web Server Creator - Web Portal
CVE-2010-1113 (Cross-site scripting (XSS) vulnerability in the forum page in Web Serv ...)
	NOT-FOR-US: Web Server Creator - Web Portal
CVE-2010-1112 (Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 all ...)
	NOT-FOR-US: KloNews
CVE-2010-1111 (Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete  ...)
	NOT-FOR-US: Jokes Complete Website
CVE-2010-1110 (Directory traversal vulnerability in index.php in phpMySport 1.4 allow ...)
	NOT-FOR-US: phpMySport
CVE-2010-1109 (Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, ...)
	NOT-FOR-US: phpMySport
CVE-2010-1108 (Cross-site scripting (XSS) vulnerability in the Control Panel module 5 ...)
	NOT-FOR-US: third-party Drupal module
CVE-2010-1107 (Cross-site scripting (XSS) vulnerability in the Recent Comments module ...)
	NOT-FOR-US: third-party Drupal module
CVE-2010-1106 (PHP remote file inclusion vulnerability in cgi/index.php in Advertisem ...)
	NOT-FOR-US: AdvertisementManager
CVE-2010-1105 (Cross-site scripting (XSS) vulnerability in cgi/index.php in Advertise ...)
	NOT-FOR-US: AdvertisementManager
CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass intend ...)
	NOT-FOR-US: Stainless
CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass intended ...)
	NOT-FOR-US: OmniWeb
CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote attackers to b ...)
	NOT-FOR-US: Alexander Clauss iCab
CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended p ...)
	- arora <not-affected> (Advisory is wrong, URL range is protected by QUrl)
CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass int ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as u ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_star ...)
	NOT-FOR-US: DeDeCMS
CVE-2010-1096 (Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFe ...)
	NOT-FOR-US: ScriptsFeed Dating Software
CVE-2010-1095 (Cross-site scripting (XSS) vulnerability in login_reset_password_page. ...)
	NOT-FOR-US: Tracking Requirements & Use Cases
CVE-2010-1094 (SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rg ...)
	NOT-FOR-US: Auktionshaus V4rgo
CVE-2010-1093 (SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_q ...)
	NOT-FOR-US: 1024 CMS
CVE-2010-1092 (Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Bus ...)
	NOT-FOR-US: ScriptsFeed Business Directory
CVE-2010-1091 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in  ...)
	NOT-FOR-US: phpMySite
CVE-2010-1090 (SQL injection vulnerability in index.php in phpMySite allows remote at ...)
	NOT-FOR-US: phpMySite
CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2  ...)
	NOT-FOR-US: PHP Trouble Ticket
CVE-2010-1088 (fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follo ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-10
CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel  ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-9 (low)
CVE-2010-1086 (The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_ ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-10 (low)
CVE-2010-1085 (The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 ...)
	- linux-2.6 2.6.32-9
	[lenny] - linux-2.6 <not-affected> (affected call not present)
CVE-2010-1084 (Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allow ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-11
CVE-2010-1083 (The processcompl_compat function in drivers/usb/core/devio.c in Linux  ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-9
CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when m ...)
	NOT-FOR-US: OI.Blogs
CVE-2010-1081 (Directory traversal vulnerability in the Community Polls (com_communit ...)
	NOT-FOR-US: com_communitypolls component for Joomla!
CVE-2010-1080 (Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2. ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-1079 (Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allo ...)
	NOT-FOR-US: Sawmill
CVE-2010-1078 (SQL injection vulnerability in archive.php in XlentProjects SphereCMS  ...)
	NOT-FOR-US: Xlent Projects SphereCMS
CVE-2010-1077 (Directory traversal vulnerability in vbseo.php in Crawlability vBSEO p ...)
	NOT-FOR-US: Crawlability vBSEO plugin for vBulletin
CVE-2010-1076 (Cross-site scripting (XSS) vulnerability in index.php in Entry Level C ...)
	NOT-FOR-US: Entry Level CMS
CVE-2010-1075 (SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) a ...)
	NOT-FOR-US: Entry Level CMS
CVE-2010-1074 (Cross-site scripting (XSS) vulnerability in the Currency Exchange modu ...)
	NOT-FOR-US: Currency Exchange module for Drupal
CVE-2010-1073 (SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed)  ...)
	NOT-FOR-US: com_jembed component for Joomla!
CVE-2010-1072 (Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS ...)
	NOT-FOR-US: Sniggabo CMS
CVE-2010-1071 (SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remot ...)
	NOT-FOR-US: phpMDJ
CVE-2010-1070 (SQL injection vulnerability in index.php in ImagoScripts Deviant Art C ...)
	NOT-FOR-US: ImagoScripts
CVE-2010-1069 (SQL injection vulnerability in games/game.php in ProArcadeScript allow ...)
	NOT-FOR-US: ProArcadeScript
CVE-2010-1068 (Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi ...)
	NOT-FOR-US: NetWin SurgeFTP
CVE-2010-1067 (E-membres 1.0 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: E-membres
CVE-2010-1066 (AR Web Content Manager (AWCM) 2.1 stores sensitive information under t ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2010-1065 (Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information un ...)
	NOT-FOR-US: Lebisoft Ziparetci Defteri
CVE-2010-1064 (Erolife AjxGaleri VT stores sensitive information under the web root w ...)
	NOT-FOR-US: Erolife AjxGaleri VT
CVE-2010-1063 (Multiple directory traversal vulnerabilities in Phpkobo Free Real Esta ...)
	NOT-FOR-US: Phpkobo Free Real Estate Contact Form
CVE-2010-1062 (Directory traversal vulnerability in codelib/sys/common.inc.php in Php ...)
	NOT-FOR-US: Phpkobo Free Real Estate Contact Form
CVE-2010-1061 (Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01 ...)
	NOT-FOR-US: Phpkbo Short URL
CVE-2010-1060 (Directory traversal vulnerability in staff/app/common.inc.php in Phpko ...)
	NOT-FOR-US: Phpkobo Short URL
CVE-2010-1059 (Directory traversal vulnerability in staff/app/common.inc.php in Phpko ...)
	NOT-FOR-US: Phpkobo Address Book Script
CVE-2010-1058 (Directory traversal vulnerability in codelib/cfg/common.inc.php in Php ...)
	NOT-FOR-US: Phpkobo Adress Book Script
CVE-2010-1057 (Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka  ...)
	NOT-FOR-US: Phpkobo AdFreely
CVE-2010-1056 (Directory traversal vulnerability in the RokDownloads (com_rokdownload ...)
	NOT-FOR-US: com_rokdownloads component for Joomla!
CVE-2010-1055 (Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and ...)
	NOT-FOR-US: osDate
CVE-2010-1054 (Multiple SQL injection vulnerabilities in ParsCMS allow remote attacke ...)
	NOT-FOR-US: ParsCMS
CVE-2010-1053 (Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and ea ...)
	NOT-FOR-US: Zen Time Tracking
CVE-2010-1052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Au ...)
	NOT-FOR-US: AudiStat
CVE-2010-1051 (Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 al ...)
	NOT-FOR-US: AudiStat
CVE-2010-1050 (SQL injection vulnerability in index.php in AudiStat 1.3 allows remote ...)
	NOT-FOR-US: AudiStat
CVE-2010-1049 (Multiple SQL injection vulnerabilities in Uiga Business Portal allow r ...)
	NOT-FOR-US: Uiga Business Portal
CVE-2010-1048 (Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Bus ...)
	NOT-FOR-US: Uiga Business Portal
CVE-2010-1047 (SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and ...)
	NOT-FOR-US: MASA2EL Music City
CVE-2010-1046 (Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1  ...)
	NOT-FOR-US: Rostermain
CVE-2010-1045 (SQL injection vulnerability in the Productbook (com_productbook) compo ...)
	NOT-FOR-US: com_productbook component for Joomla!
CVE-2010-1044 (SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 al ...)
	NOT-FOR-US: ManageEngine OpUtils
CVE-2010-1043 (Directory traversal vulnerability in index.php in jaxCMS 1.0 allows re ...)
	NOT-FOR-US: jaxCMS
CVE-2010-1042 (Microsoft Windows Media Player 11 does not properly perform colorspace ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2010-1041 (Unspecified vulnerability in the single sign-on functionality in the W ...)
	NOT-FOR-US: IBM DB2 Content Manager Toolkit
CVE-2010-1040 (The "IP address range limitation" function in OpenPNE 1.6 through 1.8, ...)
	NOT-FOR-US: OpenPNE
CVE-2010-1039 (Format string vulnerability in the _msgout function in rpc.pcnfsd in I ...)
	NOT-FOR-US: HP-UX
CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before 6.0 allo ...)
	NOT-FOR-US: HP System Insight Manager
CVE-2010-1037 (Cross-site request forgery (CSRF) vulnerability in HP System Insight M ...)
	NOT-FOR-US: HP System Insight Manager
CVE-2010-1036 (Cross-site scripting (XSS) vulnerability in HP System Insight Manager  ...)
	NOT-FOR-US: hP System Insight Manager
CVE-2010-1035 (Multiple unspecified vulnerabilities in HP Virtual Machine Manager (VM ...)
	NOT-FOR-US: HP Virtual Machine Manager
CVE-2010-1034 (Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 b ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne ActiveX c ...)
	NOT-FOR-US: HP Operations Manager
CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local users to ca ...)
	NOT-FOR-US: HP-UX
CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linu ...)
	NOT-FOR-US: HP Insight Control
CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabl ...)
	NOT-FOR-US: HP-UX
CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function i ...)
	- webkit <not-affected> (proof-of-concept not effective)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate) exten ...)
	NOT-FOR-US: travelmate extension for typo3
CVE-2010-1026 (SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) exten ...)
	NOT-FOR-US: tmsw_cleandb extension for typo3
CVE-2010-1025 (Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_ne ...)
	NOT-FOR-US: tgm_newsletter extension for typo3
CVE-2010-1024 (SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) ext ...)
	NOT-FOR-US: tgm_newsletter extension for typo3
CVE-2010-1023 (Cross-site scripting (XSS) vulnerability in the UserTask Center, Recen ...)
	NOT-FOR-US: taskcenter_recent extension for typo3
CVE-2010-1022 (The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) exte ...)
	NOT-FOR-US: t3sec_saltedpw extension for typo3
CVE-2010-1021 (Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3qu ...)
	NOT-FOR-US: t3quixplorer extension for typo3
CVE-2010-1020 (Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_sim ...)
	NOT-FOR-US: sk_simplegallery extension for typo3
CVE-2010-1019 (SQL injection vulnerability in the Simple Gallery (sk_simplegallery) e ...)
	NOT-FOR-US: sk_simplegallery extension for typo3
CVE-2010-1018 (SQL injection vulnerability in the Book Reviews (sk_bookreview) extens ...)
	NOT-FOR-US: sk_bookreview extension for typo3
CVE-2010-1017 (SQL injection vulnerability in the SAV Filter Months (sav_filter_month ...)
	NOT-FOR-US: sav_filter_months extension for typo3
CVE-2010-1016 (SQL injection vulnerability in the SAV Filter Selectors (sav_filter_se ...)
	NOT-FOR-US: sav_filter_selectors extension for typo3
CVE-2010-1015 (SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_a ...)
	NOT-FOR-US: sav_filter_abc extension for typo3
CVE-2010-1014 (Cross-site scripting (XSS) vulnerability in the Reports Logfile View ( ...)
	NOT-FOR-US: reports_logview extension for typo3
CVE-2010-1013 (SQL injection vulnerability in the Diocese of Portsmouth Database (pd_ ...)
	NOT-FOR-US: pd_diocesedatabase extension for typo3
CVE-2010-1012 (SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0. ...)
	NOT-FOR-US: nf_cleandb extension for typo3
CVE-2010-1011 (Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboa ...)
	NOT-FOR-US: mydashboard extension for typo3
CVE-2010-1010 (SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) ext ...)
	NOT-FOR-US: mk_wastebasket extension for typo3
CVE-2010-1009 (SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3  ...)
	NOT-FOR-US: educator extension for typo3
CVE-2010-1008 (Cross-site scripting (XSS) vulnerability in the Sellector.com Widget I ...)
	NOT-FOR-US: chsellector extension for typo3
CVE-2010-1007 (Unspecified vulnerability in the Power Extension Manager (ch_lightem)  ...)
	NOT-FOR-US: ch_lightem extension for typo3
CVE-2010-1006 (SQL injection vulnerability in the Brainstorming extension 0.1.8 and e ...)
	NOT-FOR-US: brainstorming extension for typo3
CVE-2010-1005 (Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 sear ...)
	NOT-FOR-US: yatse extension for typo3
CVE-2010-1004 (SQL injection vulnerability in the Yet another TYPO3 search engine (YA ...)
	NOT-FOR-US: yatse extension for typo3
CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52]
	- libphp-cas <itp> (bug #495542)
	- glpi 0.72.4-2 (bug #574760; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52
CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Open Fo ...)
	- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
	- iceape <not-affected> (Vulnerable code not present)
	- calibre 2.38.0+dfsg-1 (bug #787085)
	[jessie] - calibre <no-dsa> (Minor issue)
	[wheezy] - calibre <not-affected> (src/calibre/utils/fonts/woff/ not introduced until version 0.9.33)
	NOTE: 2.38.0+dfsg-1 removed the copy of woff below src/calibre/utils/fonts/woff/
CVE-2010-XXXX [Escape href attribute in auto links]
	- redmine 0.9.3-3
CVE-2010-XXXX [Fixes permission check in QueriesController]
	- redmine 0.9.3-3
CVE-2010-1003 (Directory traversal vulnerability in www/editor/tiny_mce/langs/languag ...)
	NOT-FOR-US: eFront-learning
CVE-2010-1002
	RESERVED
CVE-2010-1001
	RESERVED
CVE-2010-1000 (Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4. ...)
	- kdenetwork 4:4.4.3-2
	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
	NOTE: http://seclists.org/fulldisclosure/2010/May/165
CVE-2010-0999 (Directory traversal vulnerability in Free Download Manager (FDM) befor ...)
	NOT-FOR-US: Free Download Manager
CVE-2010-0998 (Multiple stack-based buffer overflows in Free Download Manager (FDM) b ...)
	NOT-FOR-US: Free Download Manager
CVE-2010-0997 (Cross-site scripting (XSS) vulnerability in 107_plugins/content/conten ...)
	NOT-FOR-US: e107
CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows re ...)
	NOT-FOR-US: e107
CVE-2010-0995 (Stack-based buffer overflow in Internet Download Manager (IDM) before  ...)
	NOT-FOR-US: Internet Download Manager
CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library ...)
	NOT-FOR-US: Visualization Library
CVE-2010-0993 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1. ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CM ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dep ...)
	- imlib2 <not-affected> (vulnerable code introduced in 1.4.3)
CVE-2010-0990 (Stack-based buffer overflow in Creative Software AutoUpdate Engine Act ...)
	NOT-FOR-US: Creative Software AutoUpdate
CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before 1. ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ( ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly process ass ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-XXXX [dojo can be used as a redirector]
	- dojo 1.4.2+dfsg-1 (low)
	NOTE: http://web.archive.org/web/20101029020014/http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
	NOTE: http://bugs.dojotoolkit.org/ticket/10773
CVE-2010-0985 (Directory traversal vulnerability in the Abbreviations Manager (com_ab ...)
	NOT-FOR-US: com_abbrev component for Joomla!
CVE-2010-0984 (Acidcat CMS 3.5.3 and earlier stores sensitive information under the w ...)
	NOT-FOR-US: Acidcat CMS
CVE-2010-0983 (PHP remote file inclusion vulnerability in include/mail.inc.php in Rez ...)
	NOT-FOR-US: Rezervi
CVE-2010-0982 (Directory traversal vulnerability in the CARTwebERP (com_cartweberp) c ...)
	NOT-FOR-US: com_cartweberp component for Joomla!
CVE-2010-0981 (SQL injection vulnerability in the TPJobs (com_tpjobs) component for J ...)
	NOT-FOR-US: com_tpjobs component for Joomla!
CVE-2010-0980 (SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1 ...)
	NOT-FOR-US: Left 4 Dead Stats
CVE-2010-0979 (Cross-site scripting (XSS) vulnerability in display.php in Obsession-D ...)
	NOT-FOR-US: Obsession-Design Image-Gallery
CVE-2010-0978 (KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under th ...)
	NOT-FOR-US: KMSoft Guestbook
CVE-2010-0977 (PD PORTAL 4.0 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: PD PORTAL
CVE-2010-0976 (Acidcat CMS 3.5.x does not prevent access to install.asp after install ...)
	NOT-FOR-US: Acidcat CMS
CVE-2010-0975 (PHP remote file inclusion vulnerability in external.php in PHPCityPort ...)
	NOT-FOR-US: PHPCityPortal
CVE-2010-0974 (Multiple SQL injection vulnerabilities in PHPCityPortal allow remote a ...)
	NOT-FOR-US: PHPCityPortal
CVE-2010-0973 (SQL injection vulnerability in index.php in phppool media Domain Verka ...)
	NOT-FOR-US: phppool Media Domain Verkaus and Auktions Portal
CVE-2010-0972 (Directory traversal vulnerability in the GCalendar (com_gcalendar) com ...)
	NOT-FOR-US: com_gcalendar component for Joomla!
CVE-2010-0971 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 al ...)
	NOT-FOR-US: ATutor CMS
CVE-2010-0970 (SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows r ...)
	NOT-FOR-US: PhpMyLogon
CVE-2010-0968 (SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 a ...)
	NOT-FOR-US: Geekhelps ADMP
CVE-2010-0967 (Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, w ...)
	NOT-FOR-US: Geekhelps ADMP
CVE-2010-0966 (PHP remote file inclusion vulnerability in inc/config.php in deV!L`z C ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2010-0965 (Jevci Siparis Formu Scripti stores sensitive information under the web ...)
	NOT-FOR-US: Jevci Siparis Formu Scripti
CVE-2010-0964 (SQL injection vulnerability in start.php in Eros Webkatalog allows rem ...)
	NOT-FOR-US: Eros Webkatalog
CVE-2010-0963 (Cross-site scripting (XSS) vulnerability in index.php in dl Download T ...)
	NOT-FOR-US: dl Download Ticket Service
CVE-2010-1195 (Cross-site scripting (XSS) vulnerability in the htmlscrubber component ...)
	{DSA-2020-1}
	- ikiwiki 3.20100312 (low)
CVE-2010-0747 (drbd8 allows local users to bypass intended restrictions for certain a ...)
	{DSA-2015-1}
	- linux-2.6 <not-affected> (drbd introduced for the first time in 2.6.32-12, which included the fix for this issue, so no supported debian kernel was ever affected)
	- drbd8 2:8.3.7-1
	[lenny] - drbd8 2:8.0.14-2+lenny1
CVE-2010-0969 (Unbound before 1.4.3 does not properly align structures on 64-bit plat ...)
	- unbound 1.4.3-1
	[lenny] - unbound <not-affected> (Vulnerable code not present)
CVE-2010-XXXX [moin: hierarchical ACLs security issue]
	- moin 1.8.4-1 (low)
	[lenny] - moin 1.7.1-3+lenny3
	NOTE: http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
CVE-2010-0962 (The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Ti ...)
	NOT-FOR-US: Apple
CVE-2010-0961 (Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VI ...)
	NOT-FOR-US: IBM AIX and VIOS
CVE-2010-0960 (Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIO ...)
	NOT-FOR-US: IBM AIX and VIOS
CVE-2010-0959 (Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/L ...)
	NOT-FOR-US: IBM ENOVIA SmarTeam
CVE-2010-0958 (Directory traversal vulnerability in modules/hayoo/index.php in Tribis ...)
	NOT-FOR-US: Tribisur
CVE-2010-0957 (Directory traversal vulnerability in content.php in Saskia's Shopsyste ...)
	NOT-FOR-US: Saskia's Shopsystem
CVE-2010-0956 (SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remo ...)
	NOT-FOR-US: OpenCart
CVE-2010-0955 (SQL injection vulnerability in index.php in Bild Flirt Community 2.0 a ...)
	NOT-FOR-US: Bild Flirt Community
CVE-2010-0954 (SQL injection vulnerability in search_result.asp in Pre Projects Pre E ...)
	NOT-FOR-US: Pre Projects Pre E-Learning Portal
CVE-2010-0953 (Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows r ...)
	NOT-FOR-US: phpCOIN
CVE-2010-0952 (SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quo ...)
	NOT-FOR-US: OneCMS
CVE-2010-0951 (SQL injection vulnerability in go_target.php in dev4u CMS allows remot ...)
	NOT-FOR-US: dev4u CMS
CVE-2010-0950 (Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote ...)
	NOT-FOR-US: Natychmiast CMS
CVE-2010-0949 (Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS ...)
	NOT-FOR-US: Natychmiast CMS
CVE-2010-0948 (SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_ ...)
	NOT-FOR-US: Bigforum
CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max Network T ...)
	NOT-FOR-US: BBSMAX
CVE-2010-1132 (The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter ...)
	{DSA-2021-2 DSA-2021-1}
	- spamass-milter 0.3.1-9 (bug #573228)
	[lenny] - spamass-milter 0.3.1-8+lenny1
CVE-2010-1189 (MediaWiki before 1.15.2 does not prevent wiki editors from linking to  ...)
	{DSA-2022-1}
	- mediawiki 1:1.15.2-1 (low)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
	[lenny] - mediawiki 1:1.12.0-2lenny4
CVE-2010-1190 (thumb.php in MediaWiki before 1.15.2, when used with access-restrictio ...)
	{DSA-2022-1}
	- mediawiki 1:1.15.2-1 (low)
	[lenny] - mediawiki 1:1.12.0-2lenny4
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS) Softwa ...)
	NOT-FOR-US: com_ksadvertiser component for Joomla!
CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament Brackets (co ...)
	NOT-FOR-US: com_hotbrackets component for Joomla!
CVE-2010-0944 (Directory traversal vulnerability in the JCollection (com_jcollection) ...)
	NOT-FOR-US: com_jcollection component for Joomla!
CVE-2010-0943 (Directory traversal vulnerability in the JA Showcase (com_jashowcase)  ...)
	NOT-FOR-US: com_jashowcase component for Joomla!
CVE-2010-0942 (Directory traversal vulnerability in the jVideoDirect (com_jvideodirec ...)
	NOT-FOR-US: com_jvideodirect component for Joomla!
CVE-2010-0941 (Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hi ...)
	NOT-FOR-US: eTek Systems Hit Counter
CVE-2010-0940 (Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PH ...)
	NOT-FOR-US: Simple PHP Guestbook
CVE-2010-0939 (Visialis ABB Forum 1.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Visialis ABB Forum
CVE-2010-0938 (Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Fo ...)
	NOT-FOR-US: Todoo Forum
CVE-2010-0937 (Multiple unspecified vulnerabilities in Visualization Library before 2 ...)
	NOT-FOR-US: Visualization Library
CVE-2010-0936 (Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKV ...)
	NOT-FOR-US: D-LINK firmware
CVE-2010-XXXX [phpbb 3.0.7 permissions bypass]
	- phpbb3 3.0.7-PL1
	[lenny] - phpbb3 <not-affected> (older version is in the archive)
	[squeeze] - phpbb3 <not-affected> (older version is in the archive)
	NOTE: http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195
CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex- ...)
	- openssl <unfixed> (unimportant)
	NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
	NOTE: somewhat impractical right now, but the openssl developers are working
	NOTE: on a fix just in case
CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...)
	- samba 2:3.4.6~dfsg-1 (low; bug #568493; bug #572953)
	[lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications)
CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is empty ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows remote aut ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0933 (Directory traversal vulnerability in Perforce Server 2008.1 allows rem ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0932 (The FTP server in Perforce Server 2008.1 allows remote attackers to ca ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0931 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0930 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0929 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0927 (Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2010-0925 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0924 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0923 (Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner loc ...)
	- kdebase 4:4.4.2-1
	[lenny] - kdebase <not-affected> (Only affected version 4.4.0)
	- kdebase-workspace 4:4.4.2-1
CVE-2010-0922 (Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300- ...)
	NOT-FOR-US: IBM AIX
CVE-2010-0921 (Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (a ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0920 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domi ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0919 (Stack-based buffer overflow in the Lotus Domino Web Access ActiveX con ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0918 (Multiple unspecified vulnerabilities in the UltraLite functionality in ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0917 (Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0916 (Unspecified vulnerability in Oracle OpenSolaris 10 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2010-0915 (Unspecified vulnerability in the Oracle Advanced Product Catalog compo ...)
	NOT-FOR-US: Oracle
CVE-2010-0914 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote  ...)
	NOT-FOR-US: Oracle
CVE-2010-0913 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2010-0912 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2010-0911 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2010-0910 (Unspecified vulnerability in the Data Server component in Oracle Times ...)
	NOT-FOR-US: Oracle
CVE-2010-0909 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2010-0908 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2010-0907 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...)
	NOT-FOR-US: Oracle
CVE-2010-0906 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...)
	NOT-FOR-US: Oracle
CVE-2010-0905 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2010-0904 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...)
	NOT-FOR-US: Oracle
CVE-2010-0903 (Unspecified vulnerability in the Net Foundation Layer component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2010-0902 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2010-0901 (Unspecified vulnerability in the Export component in Oracle Database S ...)
	NOT-FOR-US: Oracle
CVE-2010-0900 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...)
	NOT-FOR-US: Oracle
CVE-2010-0899 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...)
	NOT-FOR-US: Oracle
CVE-2010-0898 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...)
	NOT-FOR-US: Oracle
CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory Server comp ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in Oracle S ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0895 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-0894 (Unspecified vulnerability in the Sun Java System Access Manager compon ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in Oracle S ...)
	NOT-FOR-US: Oracle sun Product Suite
CVE-2010-0892 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center component in Or ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-0889 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software component in  ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle  ...)
	- sun-java6 6.20-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0886 (Unspecified vulnerability in the Java Deployment Toolkit component in  ...)
	- sun-java6 6.20-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications Expres ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun P ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0883 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun P ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0882 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0881 (Unspecified vulnerability in the User Interface Components in Oracle C ...)
	NOT-FOR-US: Oracle Collaboration Suite
CVE-2010-0880 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0879 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0878 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0877 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0876 (Unspecified vulnerability in the Life Sciences - Oracle Clinical Remot ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0875 (Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Mana ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle Communication ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0873 (Unspecified vulnerability in the Data Server component in Oracle Times ...)
	NOT-FOR-US: Oracle
CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0870 (Unspecified vulnerability in the Change Data Capture component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0869 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0868 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0867 (Unspecified vulnerability in the JavaVM component in Oracle Database 1 ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0866 (Unspecified vulnerability in the JavaVM component in Oracle Database 1 ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0865 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0864 (Unspecified vulnerability in the Retail - Oracle Retail Place In-Seaso ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0863 (Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0862 (Unspecified vulnerability in the Retail - Oracle Retail Markdown Optim ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0861 (Unspecified vulnerability in the Oracle HRMS (Self Service) component  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0860 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0859 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0858 (Unspecified vulnerability in the E-Business Intelligence component in  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0857 (Unspecified vulnerability in the Oracle Workflow Cartridge component i ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0856 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0855 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0854 (Unspecified vulnerability in the Audit component in Oracle Database 9. ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0853 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0852 (Unspecified vulnerability in the XML DB component in Oracle Database 9 ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0851 (Unspecified vulnerability in the XML DB component in Oracle Database 9 ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0849 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0846 (Unspecified vulnerability in the ImageIO component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle Ja ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0843 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0839 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0836 (Unspecified vulnerability in the Oracle Knowledge Management component ...)
	NOT-FOR-US: Oracle
CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before ...)
	- base-files <not-affected> (ubuntu-specific fix for their default OEM configuration on the Dell Latitude 2110, which permitted installation of unsigned packages)
CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8 ...)
	NOT-FOR-US: Likewise
CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1 ...)
	- pam <not-affected> (flaw in ubuntu-specific changes to the package)
CVE-2010-0831 (Directory traversal vulnerability in the extract_jar function in jarto ...)
	- fastjar 2:0.98-3 (low)
	[lenny] - fastjar <no-dsa> (Minor issue)
CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function in elf/d ...)
	{DSA-2058-1}
	- glibc 2.11-1
	- eglibc 2.11-1
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTe ...)
	{DSA-2048-1}
	- dvipng 1.13-1 (low; bug #580628)
	- texlive-bin <not-affected> (dvipng is not shipped in texlive-bin Debian packages)
CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the De ...)
	{DSA-2024-1}
	- moin 1.9.2-3 (low; bug #575995)
CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, all ...)
	- texlive-bin 2009-6 (low; bug #580669)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss- ...)
	- libnss-db 2.2.3pre1-3.2 (low; bug #577057)
	[squeeze] - libnss-db <no-dsa> (Minor issue)
	[lenny] - libnss-db <no-dsa> (Minor issue)
CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users t ...)
	- emacs21 <removed> (low)
	[lenny] - emacs21 <no-dsa> (Minor issue)
	NOTE: Only exploitable when configured as setgid mail, which isn't set by default
	- emacs22 <removed> (low; bug #590301)
	[lenny] - emacs22 <no-dsa> (Minor issue)
	- xemacs21 21.4.22-3.1 (low)
	[lenny] - xemacs21 <no-dsa> (Minor issue)
	[lenny] - xmacs21 <no-dsa> (Minor issue)
	- emacs23 23.2+1-1 (low)
CVE-2010-XXXX [esmtp: world-readable config file]
	- esmtp 1.2-3 (unimportant; bug #568925)
	NOTE: Documentation advises against adding password data to the respective config file
CVE-2010-XXXX [irssi emote leak]
	- irssi-plugin-otr 1.0.0~alpha2-1 (unimportant; bug #569506)
CVE-2010-2450 (The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/s ...)
	- shibboleth-sp2 2.3.1+dfsg-2 (low; bug #571631)
	[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
	- shibboleth-sp <not-affected> (Vulnerable code not present)
CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0'  ...)
	- libesmtp 1.0.4-5 (bug #572960)
	[lenny] - libesmtp <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2010/03/03/6
CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...)
	NOT-FOR-US: VMware Server
CVE-2010-XXXX [argyll unsafe udev rules]
	- argyll <not-affected> (issue with redhat-specific changes to the package)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050
CVE-2010-2473 (Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly b ...)
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-2472 (Locale module and dependent contributed modules in Drupal 6.x before 6 ...)
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-2471 (drupal6 version 6.16 has open redirection ...)
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-2250 (Drupal 6.x before 6.16 uses a user-supplied value in output during sit ...)
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-XXXX [linux-ftpd: null ptr dereference]
	- linux-ftpd <not-affected> (Performs proper length checks, see #572813)
CVE-2010-0824 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Offic ...)
	NOT-FOR-US: Microsoft
CVE-2010-0823 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0822 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...)
	NOT-FOR-US: Microsoft
CVE-2010-0821 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0820 (Heap-based buffer overflow in the Local Security Authority Subsystem S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0819 (Unspecified vulnerability in the Windows OpenType Compact Font Format  ...)
	NOT-FOR-US: Microsoft
CVE-2010-0818 (The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0817 (Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Micr ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2010-0816 (Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, ...)
	NOT-FOR-US: Microsoft Outlook Express, Windows Live Mail, and Windows Mail
CVE-2010-0815 (VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft O ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0814 (The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2010-0813
	REJECTED
CVE-2010-0812 (Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0811 (Multiple unspecified vulnerabilities in the Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2010-0810 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0809
	REJECTED
CVE-2010-0808 (Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not p ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka iepeer ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft Internet E ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 ...)
	NOT-FOR-US: iBoutique
CVE-2010-0803 (SQL injection vulnerability in the jVideoDirect (com_jvideodirect) com ...)
	NOT-FOR-US: jVideoDirect
CVE-2010-0802 (SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modi ...)
	NOT-FOR-US: Invision Power Board
CVE-2010-0801 (Directory traversal vulnerability in the AutartiTarot (com_autartitaro ...)
	NOT-FOR-US: Joomla!
CVE-2010-0800 (SQL injection vulnerability in the Ossolution Team Documents Seller (a ...)
	NOT-FOR-US: Joomla!
CVE-2010-0799 (Directory traversal vulnerability in misc/tell_a_friend/tell.php in ph ...)
	NOT-FOR-US: phpunity.newsmanager
CVE-2010-0798 (SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier  ...)
	NOT-FOR-US: T3BLOG extension for TYPO3
CVE-2010-0797 (Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 ...)
	NOT-FOR-US: T3BLOG extension for TYPO3
CVE-2010-0796 (SQL injection vulnerability in the JE Quiz (com_jequizmanagement) comp ...)
	NOT-FOR-US: Joomla!
CVE-2010-0795 (SQL injection vulnerability in the JE Event Calendars (com_jeeventcale ...)
	NOT-FOR-US: Joomla!
CVE-2010-0794
	RESERVED
CVE-2010-0793 (Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cau ...)
	{DSA-2049-1}
	- barnowl 1.5.1-1 (bug #574418)
CVE-2010-0792 (fcrontab in fcron before 3.0.5 allows local users to read arbitrary fi ...)
	- fcron <removed> (unimportant; bug #572587)
	NOTE: On Debian runs suid/sgid fcron and the issue is limited to the exposure
	NOTE: of the content of crontabs
CVE-2010-0791 (The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2. ...)
	- ncpfs 2.2.6-7 (bug #572937)
	[lenny] - ncpfs <no-dsa> (Minor issue)
CVE-2010-0790 (sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detaile ...)
	- ncpfs 2.2.6-7 (bug #572937)
	[lenny] - ncpfs <no-dsa> (Minor issue)
CVE-2010-0789 (fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local  ...)
	{DSA-1989-1}
	- fuse 2.8.1-1.2 (bug #567633)
	NOTE: Initial DSA released as CVE-2009-3297
CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain se ...)
	- ncpfs 2.2.6-7 (bug #572937)
	[lenny] - ncpfs <no-dsa> (Minor issue)
CVE-2010-0787 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3 ...)
	{DSA-2004-1}
	- samba 2:3.4.5~dfsg-2 (bug #567554)
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
	NOTE: Initial DSA released as CVE-2009-3297
CVE-2010-0786 (The Web Services Security component in IBM WebSphere Application Serve ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2010-0785 (Cross-site request forgery (CSRF) vulnerability in the Administrative  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0784 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0783 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows rem ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM WebSphe ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0780 (IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0778 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0777 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0776 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0775 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0774 (The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0773
	RESERVED
CVE-2010-0772 (Unspecified vulnerability in the channel process in IBM WebSphere MQ 7 ...)
	NOT-FOR-US: IMB WebSphere MQ
CVE-2010-0771
	REJECTED
CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0768 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0767
	RESERVED
CVE-2010-0766 (Integer overflow in the Swap4 function in valet4.dll in Luxology Modo  ...)
	NOT-FOR-US: Luxology Modo
CVE-2010-0765 (fipsForum 2.6 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: fipsForum
CVE-2010-0764 (SQL injection vulnerability in index.php in KuwaitPHP eSmile allows re ...)
	NOT-FOR-US: KuwaitPHP eSmile
CVE-2010-0763 (SQL injection vulnerability in index.php in CommodityRentals Vacation  ...)
	NOT-FOR-US: ComodityRentals Vacation Rental Software
CVE-2010-0762 (SQL injection vulnerability in index.php in CommodityRentals CD Rental ...)
	NOT-FOR-US: CommodityRentals CD Rental Software
CVE-2010-0761 (SQL injection vulnerability in index.php in CommodityRentals Books/eBo ...)
	NOT-FOR-US: CommodityRentals Books/eBooks Rentals Script
CVE-2010-0760 (Multiple directory traversal vulnerabilities in the Core Design Script ...)
	NOT-FOR-US: Joomla!
CVE-2010-0759 (Directory traversal vulnerability in plugins/system/cdscriptegrator/li ...)
	NOT-FOR-US: Joomla!
CVE-2010-0758 (SQL injection vulnerability in news_desc.php in Softbiz Jobs allows re ...)
	NOT-FOR-US: Softbiz Jobs
CVE-2010-0757 (Unrestricted file upload vulnerability in index.php/Attach in WikyBlog ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0756 (Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote att ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0755 (PHP remote file inclusion vulnerability in include/WBmap.php in WikyBl ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0754 (Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Tem ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0753 (SQL injection vulnerability in the SQL Reports (com_sqlreport) compone ...)
	NOT-FOR-US: Joomla!
CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type module  ...)
	NOT-FOR-US: Weekly Archive by Node Type (Drupal module)
CVE-2010-1144
	REJECTED
CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users t ...)
	- policykit-1 <not-affected> (pkexec introduced in 0.92)
	[lenny] - policykit-1 <not-affected> (pkexec introduced in 0.92)
CVE-2010-0749 (Transmission before 1.92 allows attackers to prevent download of a fil ...)
	- transmission 1.92-1 (unimportant; bug #574507)
CVE-2010-0748 (Transmission before 1.92 allows an attacker to cause a denial of servi ...)
	- transmission 1.92-1 (medium; bug #574507)
	[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
CVE-2010-0746 (Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as  ...)
	- udisks 1.0.0~git20100212.aae17d9-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178
	NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
	NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235
CVE-2010-0745 (Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote ...)
	- dovecot 1:1.2.11-1 (low)
	[lenny] - dovecot <not-affected> (this problem exists only with v1.2.x, not with v1.0 or v1.1)
	NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
	[etch] - dovecot <not-affected> (Vulnerable code not present)
CVE-2010-0744 (aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, do ...)
	- amsn 0.98.3-1 (low; bug #572818)
	[lenny] - amsn <no-dsa> (Minor issue)
CVE-2010-0743 (Multiple format string vulnerabilities in isns.c in (1) Linux SCSI tar ...)
	{DSA-2042-1}
	- iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935)
	- tgt 1:1.0.3-2 (medium; bug #576086)
CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cm ...)
	- openssl 1.0.0e-1 (unimportant; bug #584592)
	[lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h and later)
	NOTE: unimportant since cms is disabled by default
CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the virtio- ...)
	- linux-2.6 2.6.26-1
CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...)
	- openssl 0.9.8n-1 (medium; bug #575607)
	[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts)
	NOTE: http://www.openssl.org/news/secadv/20100324.txt
CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips  ...)
	- texlive-bin 2009-6 (low; bug #560668)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-0737 (A missing permission check was found in The CLI in JBoss Operations Ne ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform functio ...)
	- viewvc 1.1.5-1 (bug #575787)
CVE-2010-0735
	REJECTED
CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enab ...)
	{DSA-2023-1}
	- curl 7.20.0-1 (low)
	NOTE: https://www.openwall.com/lists/oss-security/2010/03/16/11
	NOTE: depends on the application that uses libcurl
CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4. ...)
	- postgresql-8.4 8.4.2-1
CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver be ...)
	- gtk+2.0 2.18.5-1
	[lenny] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
	[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
	NOTE: https://www.openwall.com/lists/oss-security/2010/02/12/1
CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library before 1 ...)
	- gnutls26 <not-affected> (Fixed before initial release)
	- gnutls13 1.2.1-1
CVE-2010-0730 (The MMIO instruction decoder in the Xen hypervisor in the Linux kernel ...)
	- linux-2.6 <not-affected> (redhat-specific issue in the 2.6.18 xen kernel)
CVE-2010-0729 (A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Lin ...)
	- linux-2.6 <not-affected> (vulnerability in redhat-specific patch)
CVE-2010-0728 (smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled ...)
	- samba 2:3.4.7~dfsg-1 (high; bug #573223)
	[lenny] - samba <not-affected> (Only affects 3.3.11, 3.4.6 and 3.5.0)
CVE-2010-0727 (The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-2010 ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-11
CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack  ...)
	{DSA-2009-1}
	- tdiary 2.2.1-1.1 (low; bug #572417)
CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in Moin ...)
	{DSA-2014-1}
	- moin 1.9.0~rc2-1
CVE-2010-0725 (Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1 ...)
	NOT-FOR-US: Arab Cart
CVE-2010-0724 (SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows ...)
	NOT-FOR-US: Arab Cart
CVE-2010-0723 (SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 al ...)
	NOT-FOR-US: Ero Auktion
CVE-2010-0722 (SQL injection vulnerability in news.php in Php Auktion Pro allows remo ...)
	NOT-FOR-US: Php Auktion Pro
CVE-2010-0721 (SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allow ...)
	NOT-FOR-US: Auktionshaus Gelb
CVE-2010-0720 (SQL injection vulnerability in news.php in Erotik Auktionshaus allows  ...)
	NOT-FOR-US: Erotik Auktionshaus
CVE-2010-0719 (An unspecified API in Microsoft Windows 2000, Windows XP, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2010-0718 (Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0716 (_layouts/Upload.aspx in the Documents module in Microsoft SharePoint b ...)
	NOT-FOR-US: Microsoft
CVE-2010-0715 (Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM  ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2010-0714 (Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2010-0713 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2 ...)
	- zenoss <itp> (bug #361253)
	NOTE: http://seclists.org/fulldisclosure/2010/Jan/296
CVE-2010-0712 (Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEven ...)
	- zenoss <itp> (bug #361253)
	NOTE: http://seclists.org/fulldisclosure/2010/Jan/241
CVE-2010-0711 (Cross-site request forgery (CSRF) vulnerability in default.asp in ASPC ...)
	NOT-FOR-US: ASPCode CMS
CVE-2010-0710 (SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 ...)
	NOT-FOR-US: ASPCode CMS
CVE-2010-0709 (Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2. ...)
	NOT-FOR-US: Limny
CVE-2010-0708 (Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe ...)
	NOT-FOR-US: Sun Directory Server Enterprise Edition
CVE-2010-0707 (Cross-site request forgery (CSRF) vulnerability in add_user.php in Emp ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0706 (Cross-site scripting (XSS) vulnerability in the login/prompt component ...)
	NOT-FOR-US: Subex Nikira Fraud Management System
CVE-2010-0705 (Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 ...)
	NOT-FOR-US: Windows 2000
CVE-2010-0704 (Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2010-0703 (Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VP ...)
	NOT-FOR-US: PortWise SSL VPN
CVE-2010-0702 (SQL injection vulnerability in cisco/services/PhonecDirectory.php in F ...)
	NOT-FOR-US: Fonality Trixbox
CVE-2010-0701 (SQL injection vulnerability in ForceChangePassword.jsp in Newgen Softw ...)
	NOT-FOR-US: Newgen Software OmniDocs
CVE-2010-0700 (Cross-site scripting (XSS) vulnerability in index.php in WampServer 2. ...)
	NOT-FOR-US: WampServer
CVE-2010-0699 (Cross-site scripting (XSS) vulnerability in index.php in VideoSearchSc ...)
	NOT-FOR-US: VideoSearchScript Pro
CVE-2010-0698 (SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC ...)
	NOT-FOR-US: Dynamicsoft WSC CMS
CVE-2010-0697 (Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6 ...)
	NOT-FOR-US: iTweak Upload module for Drupal
CVE-2010-0696 (Directory traversal vulnerability in includes/download.php in the Joom ...)
	NOT-FOR-US: Joomla!
CVE-2010-0695 (Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-C ...)
	NOT-FOR-US: BASIC-CMS
CVE-2010-0694 (SQL injection vulnerability in the PerchaGallery (com_perchagallery) c ...)
	NOT-FOR-US: Joomla!
CVE-2010-0693 (SQL injection vulnerability in products.php in CommodityRentals Trade  ...)
	NOT-FOR-US: CommodityRentals Trade Manager Script
CVE-2010-0692 (SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Compo ...)
	NOT-FOR-US: Joomla!
CVE-2010-0691 (SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows r ...)
	NOT-FOR-US: JTL-Shop
CVE-2010-0690 (SQL injection vulnerability in index.php in CommodityRentals Video Gam ...)
	NOT-FOR-US: CommodityRentals Video Games Rentals
CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0 ...)
	NOT-FOR-US: ActiveX
CVE-2010-0688 (Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assiste ...)
	NOT-FOR-US: Orbital Viewer
CVE-2010-0687
	RESERVED
CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, an ...)
	NOT-FOR-US: VMware Server
CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source 1.2.x ...)
	- asterisk 1:1.6.2.6-1
	NOTE: Design limitation documented in that version
	[lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
	[squeeze] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action i ...)
	NOT-FOR-US: Apache ActiveMQ
CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...)
	NOT-FOR-US: TIBCO Administrator
CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read t ...)
	- wordpress 2.9.2-1 (low)
	[lenny] - wordpress <not-affected> (Only affects Wordpress >= 2.9)
CVE-2010-XXXX [multiple typo issues]
	- typo3-src 4.3.2-1 (bug #571151)
	[lenny] - typo3-src 4.2.5-1+lenny3
	NOTE: DSA-2008
CVE-2010-0681 (ZeusCMS 0.2 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: ZeusCMS
CVE-2010-0680 (Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows r ...)
	NOT-FOR-US: ZeusCMS
CVE-2010-0679 (Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ...)
	NOT-FOR-US: ActiveX
CVE-2010-0678 (PHP remote file inclusion vulnerability in includes/moderation.php in  ...)
	NOT-FOR-US: Katalog Stron Hurricane
CVE-2010-0677 (SQL injection vulnerability in index.php in Katalog Stron Hurricane 1. ...)
	NOT-FOR-US: Katalog Stron Hurricane
CVE-2010-0676 (Directory traversal vulnerability in index.php in the RWCards (com_rwc ...)
	NOT-FOR-US: RWCards component for Joomla!
CVE-2010-0675 (Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik B ...)
	NOT-FOR-US: BGSvetionik BGS CMS
CVE-2010-0674 (StatCounteX 3.1 stores sensitive information under the web root with i ...)
	NOT-FOR-US: StatCounteX
CVE-2010-0673 (SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog ...)
	NOT-FOR-US: Copperleaf Photolog plugin for WordPress
CVE-2010-0672 (SQL injection vulnerability in index.php in WSN Guest 1.02 allows remo ...)
	NOT-FOR-US: WSN Guest
CVE-2010-0671 (SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allow ...)
	NOT-FOR-US: KR MEDIA Pogodny CMS
CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Compone ...)
	NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component
CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitiz ...)
	{DSA-2014-1}
	- moin 1.9.2-1 (bug #569975)
CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x befor ...)
	{DSA-2014-1}
	- moin 1.9.2-1 (bug #569975)
CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of th ...)
	- moin 1.9.1-1
	[lenny] - moin <not-affected> (versions before 1.9 are not affected)
	[etch] - moin <not-affected> (versions before 1.9 are not affected)
	NOTE: http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
	NOTE: http://hg.moinmo.in/moin/1.9/rev/04afdde50094
	NOTE: http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch  ...)
	NOT-FOR-US: Novell eDirectory
CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information under t ...)
	NOT-FOR-US: JAG
CVE-2010-0664 (Stack consumption vulnerability in the ChildProcessSecurityPolicy::Can ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0663 (The ParamTraits&lt;SkBitmap&gt;::Read function in common/common_param_ ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0662 (The ParamTraits&lt;SkBitmap&gt;::Read function in common/common_param_ ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r524 ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (libv8 issue)
	NOTE: http://trac.webkit.org/changeset/52401
CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer head ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome be ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before 4. ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the expect ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
	NOTE: claimed to be a windows-only issue
CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, pres ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0654 (Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbir ...)
	{DSA-2124-1 DSA-2075-1}
	- xulrunner 1.9.1.11-1 (bug #570743)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0653 (Opera before 10.10 permits cross-origin loading of CSS stylesheets eve ...)
	NOT-FOR-US: Opera
CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS styles ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and A ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
	NOTE: http://trac.webkit.org/changeset/52784
CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, a ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (unimportant)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=3275
	NOTE: unimportant because this is just a popup blocker bypass
CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function i ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to disco ...)
	- xulrunner <undetermined> (bug #570743)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, allo ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (medium)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before r ...)
	- chromium-browser 5.0.375.29~r46008-1
	- libv8 2.1.6-1
	- webkit <not-affected> (libv8 issue)
CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...)
	- chromium-browser 5.0.375.29~r46008-1
	- libv8 2.1.6-1
	- webkit <not-affected> (libv8 issue)
CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is config ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct connections to ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...)
	NOT-FOR-US: Cisco Collaboration Server
CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/Log ...)
	NOT-FOR-US: Cisco Collaboration Server
CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance Man ...)
	NOT-FOR-US: CA eHealth Performance Manager
CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.ST ...)
	- squid 2.7.STABLE8-1 (bug #572553)
	[lenny] - squid <no-dsa> (Minor issue, only affects non-default setup)
	- squid3 3.1.0.17-1 (bug #572554)
	[lenny] - squid3 <no-dsa> (Minor issue, only affects non-default setup)
CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 a ...)
	- webcalendar <removed> (bug #572557)
CVE-2010-XXXX [phpbb3 weak captcha]
	- phpbb3 3.0.7-PL1-1 (unimportant; bug #570011)
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) be ...)
	- flex 2.5.35-1
CVE-2010-0629 (Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmin ...)
	{DSA-2031-1}
	- krb5 1.7+dfsg-1 (low)
	NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt
CVE-2010-0628 (The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego ...)
	- krb5 1.8+dfsg-1.1 (bug #575740)
	[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
CVE-2010-2234 (Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8. ...)
	- couchdb 0.11.0-2.1 (bug #570013)
	[lenny] - couchdb <no-dsa> (does not support authentication at all)
CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalen ...)
	- webcalendar <removed> (bug #572557)
CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2 ...)
	- webcalendar <removed> (bug #572557)
CVE-2010-0635 (SQL injection vulnerability in the plgSearchEventsearch::onSearch meth ...)
	NOT-FOR-US: JEvents Search plugin for Joomla!
CVE-2010-0633 (Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier ...)
	NOT-FOR-US: Citrix XenServer
CVE-2010-0632 (SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com ...)
	NOT-FOR-US: Parkview Consultants SimpleFAQ component for Joomla!
CVE-2010-0631 (Multiple SQL injection vulnerabilities in index.php in Eicra Car Renta ...)
	NOT-FOR-US: Eicra Car Rental-Script
CVE-2010-0630 (SQL injection vulnerability in viewjokes.php in Evernew Free Joke Scri ...)
	NOT-FOR-US: Evernew Free Joke Script
CVE-2010-0627
	RESERVED
CVE-2010-0626
	RESERVED
CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP se ...)
	NOT-FOR-US: Novell NetWare
CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib. ...)
	- cpio 2.11-1 (low)
	- tar 1.23-1 (low)
	[lenny] - tar 1.20-1+lenny1
	[lenny] - cpio 2.9-13lenny1
CVE-2010-0621
	RESERVED
CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase S ...)
	NOT-FOR-US: EMC HomeBase Server
CVE-2010-0619 (Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode  ...)
	NOT-FOR-US: Lexmark laser printers
CVE-2010-0618 (The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode ...)
	NOT-FOR-US: Lexmark laser and injet printers and MarkNet devices
CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.0 ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database, which a ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0615 (Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI 2.1 ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0614 (SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remo ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0613 (Directory traversal vulnerability in viewfile.php in ARWScripts Fonts  ...)
	NOT-FOR-US: ARWScripts Fonts Script
CVE-2010-0612 (Unspecified vulnerability in DocumentManager before 4.0 has unknown im ...)
	NOT-FOR-US: DocumentManager
CVE-2010-0611 (Multiple SQL injection vulnerabilities in adminlogin.php in Baal Syste ...)
	NOT-FOR-US: Baal Systems
CVE-2010-0610 (Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog ...)
	NOT-FOR-US: Photoblog component for Joomla!
CVE-2010-0609 (SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows re ...)
	NOT-FOR-US: NovaBoard
CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows rem ...)
	NOT-FOR-US: NovaBoard
CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1  ...)
	NOT-FOR-US: Sterlite SAM300 AX Router
CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket b ...)
	NOT-FOR-US: osTicket
CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 S ...)
	NOT-FOR-US: osTicket
CVE-2010-0604 (Unspecified vulnerability in the SIP implementation on the Cisco PGW 2 ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-0603 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PWG
CVE-2010-0602 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-0601 (The MGCP implementation on the Cisco PGW 2200 Softswitch with software ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-0600 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0599 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0598 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0597 (Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0596 (Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0595 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0594 (Cross-site scripting (XSS) vulnerability in Cisco Router and Security  ...)
	NOT-FOR-US: Cisco Router and Security Device Manager
CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC23 ...)
	NOT-FOR-US: Cisco RVS4000 Router
CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka C ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications Manager (ak ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desk ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0586 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0585 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0584 (Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentati ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0583 (Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4 ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0582 (Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0581 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3  ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0580 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3  ...)
	NOT-FOR-US: CiscoIOS
CVE-2010-0579 (The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attack ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0578 (The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 an ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0577 (Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size  ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0575 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possib ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-0574 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) softw ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-0573 (Unspecified vulnerability on the Cisco Digital Media Player before 5.2 ...)
	NOT-FOR-US: Cisco Digital Media Player
CVE-2010-0572 (Cisco Digital Media Manager (DMM) before 5.2 allows remote authenticat ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2010-0571 (Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x a ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2010-0570 (Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default passwo ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2010-0569 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0568 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0567 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0566 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0565 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-XXXX [multiple mod_security issues]
	- libapache-mod-security 2.5.12-1 (bug #569658)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455
CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux kernel befor ...)
	- linux-2.6 2.6.32-9
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel befor ...)
	{DSA-2012-1 DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-9
	- linux-2.6.24 <removed>
CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeS ...)
	NOT-FOR-US: Trend Micro URL Filtering Engine
CVE-2010-0563 (The Single Sign-on (SSO) functionality in IBM WebSphere Application Se ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, ...)
	- fetchmail 6.3.13-2 (low)
	[lenny] - fetchmail <not-affected> (This issue was introduced in 6.3.11)
	[etch] - fetchmail <not-affected> (This issue was introduced in 6.3.11)
	NOTE: the conditions so that this is exploitable are rather obscure
CVE-2010-0561 (Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before ...)
	NOT-FOR-US: NetBSD
CVE-2010-0560 (Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, D ...)
	NOT-FOR-US: Intel Desktop BIOS
CVE-2010-0559 (The default configuration of Oracle OpenSolaris snv_91 through snv_131 ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-0558 (The default configuration of Oracle OpenSolaris snv_77 through snv_131 ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified access t ...)
	NOT-FOR-US: IBM Cognos Express
CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 popul ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0555 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prev ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0554 (The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and e ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0553 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users t ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0552 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0551 (HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earli ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0550 (admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enfo ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0549 (Unspecified vulnerability in the Network Controller in Xerox WorkCentr ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2010-0548 (Multiple unspecified vulnerabilities in the Network Controller and Web ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2010-0547 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier  ...)
	{DSA-2004-1}
	- samba 2:3.4.5~dfsg-2 (bug #568942; medium)
CVE-2010-0546 (Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0545 (The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 befor ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.1-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected> (only Safari is affected, they have a different URL parsing implementation)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662
	NOTE: http://trac.webkit.org/changeset/58792
	NOTE: http://trac.webkit.org/changeset/58796
CVE-2010-0543 (ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remot ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0542 (The _WriteProlog function in texttops.c in texttops in the Text Filter ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-0541 (Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in ...)
	- ruby1.8 1.8.7.302-1
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <removed>
	[lenny] - ruby1.9 <no-dsa> (Minor issue)
	- ruby1.9.1 1.9.2.0-1 (bug #593298)
CVE-2010-0540 (Cross-site request forgery (CSRF) vulnerability in the web interface i ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-0539 (Integer signedness error in the window drawing implementation in Apple ...)
	NOT-FOR-US: Apple Java
CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10. ...)
	NOT-FOR-US: Apple Java
CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly ...)
	NOT-FOR-US: Apple DesktopServices
CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to exe ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled ...)
	- dovecot <not-affected> (Apple specific, http://marc.info/?l=oss-security&m=136546217008001&w=2)
CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the  ...)
	NOT-FOR-US: Apple Wiki Server
CVE-2010-0533 (Directory traversal vulnerability in AFP Server in Apple Mac OS X befo ...)
	NOT-FOR-US: Apple AFP Server
CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1  ...)
	NOT-FOR-US: Apple itunes
CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Apple iTunes
CVE-2010-0530 (Apple QuickTime before 7.6.9 on Windows sets weak permissions for the  ...)
	NOT-FOR-US: QuickTime
CVE-2010-0529 (Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to exe ...)
	NOT-FOR-US: Apple Quicktime
CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0526 (Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...)
	NOT-FOR-US: Apple Mail
CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X S ...)
	- freeradius <not-affected> (Apple specific configuration issue)
CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types  ...)
	NOT-FOR-US: Apple Wiki Server
CVE-2010-0522 (Server Admin in Apple Mac OS X Server 10.5.8 does not properly determi ...)
	NOT-FOR-US: Apple Server Admin
CVE-2010-0521 (Server Admin in Apple Mac OS X Server before 10.6.3 does not properly  ...)
	NOT-FOR-US: Apple Server Admin
CVE-2010-0520 (Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in A ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows r ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0518 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0517 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6. ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0516 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6. ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0515 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0514 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6. ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0513 (Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before  ...)
	NOT-FOR-US: Apple PS Normalizer
CVE-2010-0512 (The Accounts Preferences implementation in Apple Mac OS X 10.6 before  ...)
	NOT-FOR-US: Apple Accounts Preferences
CVE-2010-0511 (Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the acce ...)
	NOT-FOR-US: Apple Podcast Producer
CVE-2010-0510 (Password Server in Apple Mac OS X Server before 10.6.3 does not proper ...)
	NOT-FOR-US: Apple Password Server
CVE-2010-0509 (SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local  ...)
	NOT-FOR-US: Apple SFLServer
CVE-2010-0508 (Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules ...)
	NOT-FOR-US: Apple Mail
CVE-2010-0507 (Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows re ...)
	NOT-FOR-US: Apple Image RAW
CVE-2010-0506 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote at ...)
	NOT-FOR-US: Apple Image RAW
CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3  ...)
	NOT-FOR-US: Apple ImageIO
CVE-2010-0504 (Multiple stack-based buffer overflows in iChat Server in Apple Mac OS  ...)
	NOT-FOR-US: Apple iChat
CVE-2010-0503 (Use-after-free vulnerability in iChat Server in Apple Mac OS X Server  ...)
	NOT-FOR-US: Apple iChat
CVE-2010-0502 (iChat Server in Apple Mac OS X Server before 10.6.3, when group chat i ...)
	NOT-FOR-US: Apple iChat
CVE-2010-0501 (Directory traversal vulnerability in FTP Server in Apple Mac OS X Serv ...)
	NOT-FOR-US: Apple FTP Server
CVE-2010-0500 (Event Monitor in Apple Mac OS X before 10.6.3 does not properly valida ...)
	NOT-FOR-US: Apple Event Monitor
CVE-2010-0499
	RESERVED
CVE-2010-0498 (Directory Services in Apple Mac OS X before 10.6.3 does not properly p ...)
	NOT-FOR-US: Apple Directory Services
CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the expec ...)
	NOT-FOR-US: Apple Disk Images
CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for i ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2010-0495
	REJECTED
CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0493
	REJECTED
CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet Explo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0487 (The Authenticode Signature verification functionality in cabview.dll i ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0486 (The WinVerifyTrust function in Authenticode Signature Verification 5.1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0485 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0484 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0483 (vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0482 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0481 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0480 (Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0479 (Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0478 (Stack-based buffer overflow in nsum.exe in the Windows Media Unicast S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1,  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0475 (Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Pa ...)
	NOT-FOR-US: Palo Alto Networks Firewall
CVE-2010-0474
	RESERVED
	{DSA-2188-1}
	- webkit 1.4.0-1
CVE-2010-0473
	RESERVED
CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 ...)
	NOT-FOR-US: IBM DB2
CVE-2010-0471 (SQL injection vulnerability in the comment submission interface (inclu ...)
	NOT-FOR-US: Enano CMS
CVE-2010-0470 (Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend C ...)
	NOT-FOR-US: Comtrend
CVE-2010-0469 (SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, a ...)
	NOT-FOR-US: Files2Links
CVE-2010-0468 (Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in  ...)
	NOT-FOR-US: PaperThin CommonSpot Content Server
CVE-2010-0467 (Directory traversal vulnerability in the ccNewsletter (com_ccnewslette ...)
	NOT-FOR-US: ccNewsletter component for Joomla!
CVE-2010-XXXX [nautilus: file preview html script execution]
	- nautilus <not-affected> (proof-of-concept script is previewed as text, not executed)
	NOTE: http://seclists.org/fulldisclosure/2010/Feb/112
CVE-2010-XXXX [browser javascript document.write denial-of-service]
	- xulrunner <unfixed> (unimportant; bug #568486)
	- webkit <unfixed> (unimportant; bug #568485)
	- qt4-x11 <unfixed> (unimportant)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
CVE-2010-0466
	RESERVED
CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents funct ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser avoi ...)
	- roundcube 0.3.1-3 (bug #569660)
CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser avoi ...)
	- imp4 4.3.7+debian0-2 (low; bug #569661)
	[lenny] - imp4 4.2-4lenny2
CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6,  ...)
	NOT-FOR-US: IBM DB2
CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component 1.0 f ...)
	NOT-FOR-US: Joomla!
CVE-2010-0460 (Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2010-0459 (SQL injection vulnerability in the Mochigames (com_mochigames) compone ...)
	NOT-FOR-US: Joomla!
CVE-2010-0458 (Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 ...)
	NOT-FOR-US: NetArt Media Blog System
CVE-2010-0457 (SQL injection vulnerability in home.php in magic-portal 2.1 allows rem ...)
	NOT-FOR-US: magic-portal
CVE-2010-0456 (SQL injection vulnerability in the indianpulse Game Server (com_gamese ...)
	NOT-FOR-US: Joomla!
CVE-2010-0455 (Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in Pun ...)
	NOT-FOR-US: PunBB
CVE-2010-0454 (SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publiqu ...)
	NOT-FOR-US: Publique! CMS
CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and ...)
	NOT-FOR-US: Sun Solaris
CVE-2010-0452 (Multiple cross-site scripting (XSS) vulnerabilities in HP Project and  ...)
	NOT-FOR-US: HP Project and Portfolio Management Center
CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier on HP  ...)
	NOT-FOR-US: HP-UX
CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64  ...)
	NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation ...)
	NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64  ...)
	NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance I ...)
	NOT-FOR-US: HP OpenView Performance Insight
CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with firmw ...)
	NOT-FOR-US: HP DreamScreen
CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a bl ...)
	NOT-FOR-US: HP Operations Agent
CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS) before V ...)
	NOT-FOR-US: HP OpenVMS
CVE-2010-0441 (Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, ...)
	- asterisk 1:1.6.2.2-1
	[lenny] - asterisk <not-affected> (Only affects 1.6.x)
	[etch] - asterisk <not-affected> (Only affects 1.6.x)
CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cis ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2010-0439 (Chip Salzenberg Deliver allows local users to cause a denial of servic ...)
	- deliver <removed>
CVE-2010-0438 (Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in O ...)
	{DSA-1993-1}
	- otrs <not-affected> (vulnerable code not present)
	[etch] - otrs2 <not-affected> (vulnerable code not present)
	- otrs2 2.4.7-1 (medium)
	NOTE: http://web.archive.org/web/20111224162621/http://otrs.org/advisory/OSA-2010-01-en/
CVE-2010-0437 (The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux ...)
	- linux-2.6 2.6.26-9
CVE-2010-0436 (Race condition in backend/ctrl.c in KDM in KDE Software Compilation (S ...)
	{DSA-2037-1}
	- kdebase 4:4.0
	- kdebase-workspace 4:4.4.3-1
	NOTE: The binary package kdm was built from kdebase in Lenny and from kdebase-workspace
	NOTE: in KDE 4.x, i.e. Squeeze onwards
CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualizat ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP S ...)
	{DSA-2035-1}
	- apache2 2.2.15-1
CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before  ...)
	- openssl <not-affected> (Kerberos support not enabled)
	NOTE: https://www.openwall.com/lists/oss-security/2010/03/03/5
CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open ...)
	NOT-FOR-US: Apache Open For Business Project (OFBiz)
CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat E ...)
	- qemu-kvm <not-affected> (QXL support not yet present in Debian packages)
	- kvm <not-affected> (QXL support not yet present in Debian packages)
CVE-2010-0430 (libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hyp ...)
	- spice <not-affected> (Fixed before initial upload to archive)
CVE-2010-0429 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor)  ...)
	- spice <not-affected> (Fixed before initial upload to archive)
CVE-2010-0428 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor)  ...)
	- spice <not-affected> (Fixed before initial upload to archive)
CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is used, doe ...)
	{DSA-2006-1}
	- sudo 1.7.0-1
	NOTE: https://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-com ...)
	{DSA-2006-1}
	- sudo 1.7.2p1-1.2 (bug #570737)
	NOTE: https://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server  ...)
	- apache2 <not-affected> (Windows only)
CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2)  ...)
	- cron <not-affected> (vulnerability in redhat-specific changes to their cron forks; cronie and vixie-cron)
CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a  ...)
	{DSA-2038-1}
	- pidgin 2.6.6-1 (low)
	- gaim <removed> (low)
	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize t ...)
	- gnome-screensaver 2.28.3-1
	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0421 (Array index error in the hb_ot_layout_build_glyph_classes function in  ...)
	{DSA-2019-1}
	- pango1.0 1.26.2-1 (bug #574021)
CVE-2010-0420 (libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user cha ...)
	{DSA-2038-1}
	- pidgin 2.6.6-1 (low)
	- gaim <removed> (low)
	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for Symmetric M ...)
	{DSA-2010-1}
	- kvm <removed>
CVE-2010-0418 (The web interface in chumby one before 1.0.4 and chumby classic before ...)
	NOT-FOR-US: Chumby device's web interface
CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and R ...)
	NOT-FOR-US: RealPlayer/Helix Player
CVE-2010-0416 (Buffer overflow in the Unescape function in common/util/hxurl.cpp and  ...)
	NOT-FOR-US: RealPlayer/Helix Player
CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel before  ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	- linux-2.6.24 <removed>
CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers  ...)
	- gnome-screensaver 2.28.2-1 (bug #569084)
	[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0413
	RESERVED
CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of t ...)
	- systemtap 1.2-1 (bug #572560)
	[lenny] - systemtap <not-affected> (Server component not yet present)
	[etch] - systemtap <not-affected> (Server component not yet present)
CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) __get ...)
	- systemtap 1.2-1 (low; bug #568809)
	[lenny] - systemtap <not-affected> (Vulnerable code not present)
	[etch] - systemtap <no-dsa> (Minor issue)
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allo ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	- linux-2.6.24 <removed>
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7
CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodin ...)
	{DSA-2082-1}
	- gmime2.2 2.2.25-1.1 (bug #568291)
	- gmime2.4 2.4.14-1+nmu1 (bug #573877)
CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp  ...)
	{DSA-2035-1}
	- apache2 2.2.15-1 (low)
	[lenny] - apache2 <no-dsa> (minor issue)
	NOTE: Will be fixed in s-p-u
CVE-2010-0407 (Multiple buffer overflows in the MSGFunctionDemarshall function in win ...)
	{DSA-2059-1}
	- pcsc-lite 1.5.4-1
CVE-2010-0406 (OpenTTD before 1.0.1 allows remote attackers to cause a denial of serv ...)
	- openttd 1.0.1-1
	[lenny] - openttd 0.6.2-1+lenny2
CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in bzi ...)
	{DSA-2112-1}
	- bzip2 1.0.5-6
	- clamav 0.96.3+dfsg-1
	[lenny] - clamav <end-of-life> (No longer supported in Lenny)
CVE-2010-0404 (Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before  ...)
	{DSA-2046-1}
	- phpgroupware 1:0.9.16.016+dfsg-1 (bug #584517)
CVE-2010-0403 (Directory traversal vulnerability in about.php in phpGroupWare (phpgw) ...)
	{DSA-2046-1}
	- phpgroupware 1:0.9.16.016+dfsg-1 (bug #584518)
CVE-2010-0402 (OpenTTD before 1.0.1 does not properly validate index values of certai ...)
	- openttd 1.0.1-1
	[lenny] - openttd 0.6.2-1+lenny2
CVE-2010-0401 (OpenTTD before 1.0.1 accepts a company password for authentication in  ...)
	- openttd 1.0.1-1
	[lenny] - openttd 0.6.2-1+lenny2
CVE-2010-0400 (SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows rem ...)
	{DSA-2030-1}
	- mahara 1.2.4-1 (medium)
CVE-2010-0399
	RESERVED
CVE-2010-0398 (The init script in autokey before 0.61.3-2 allows local attackers to w ...)
	- autokey 0.61.3-2
CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing m ...)
	{DSA-2018-1}
	- php5 5.3.2-1 (medium; bug #573573)
CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component in dpkg ...)
	{DSA-2011-1}
	- dpkg 1.15.6
CVE-2010-0395 (OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote at ...)
	{DSA-2055-1}
	- openoffice.org 1:3.2.1-1 (low)
CVE-2010-0394 (PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny ...)
	{DSA-1990-2 DSA-1990-1}
	- trac-git 0.0.20090320-1 (high; bug #567039)
CVE-2010-0393 (The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1 ...)
	{DSA-2007-1}
	- cupsys <removed>
	- cups 1.4.2-9.1
CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Cl ...)
	NOT-FOR-US: TheGreenBow IPSec VPN Client
CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero Technologies Inte ...)
	NOT-FOR-US: InterBase SMP 2009 9.0.3.437
CVE-2010-0390 (Unrestricted file upload vulnerability in maxImageUpload/index.php in  ...)
	NOT-FOR-US: PHP F1 Max's Image Uploader
CVE-2010-0389 (The admin server in Sun Java System Web Server 7.0 Update 6 allows rem ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0388 (Format string vulnerability in the WebDAV implementation in webservd i ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0387 (Multiple heap-based buffer overflows in (1) webservd and (2) the admin ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0386 (The default configuration of Sun Java System Application Server 7 and  ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functionin ...)
	- tor 0.2.1.22-1 (low)
	[lenny] - tor <not-affected> (only affects versions > 0.2.1.6-alpha)
	NOTE: the CVE entry is wrong, only 0.2.1.6-alpha and up are affected
	NOTE: confirmed with Tor developers, Lenny is not affected
CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirr ...)
	- tor <not-affected> (only affects versions 0.2.2.x)
	[lenny] - tor <not-affected> (only affects versions 0.2.2.x)
	NOTE: does not appear to be a real vulnerability?
CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...)
	- tor 0.2.1.22-1 (medium)
	[lenny] - tor 0.2.0.35-1~lenny2 (medium)
CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ...)
	{DSA-2054-1}
	- bind9 1:9.7.0.dfsg-1
CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
	NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows rem ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2010-XXXX [gmetad incorrect file permissions]
	- ganglia 3.1.2-3 (low; bug #567175)
CVE-2010-0442 (The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0 ...)
	{DSA-2051-1}
	- postgresql-7.4 <removed>
	- postgresql-8.1 <removed>
	- postgresql-8.2 <removed>
	- postgresql-8.3 <removed> (low; bug #567058)
	- postgresql-8.4 8.4.3-1
CVE-2010-2444 (parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03 ...)
	- maradns 1.4.03-1 (low; bug #584587)
	[lenny] - maradns <no-dsa> (minor issue)
	[etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03)
CVE-2010-XXXX [sqlite: info leak]
	- sqlite3 3.6.21-1 (low; bug #566326)
	[lenny] - sqlite3 <no-dsa> (Minor information leak)
CVE-2010-XXXX [backup-manager: make sure password is not written to world-readable files]
	- backup-manager 0.7.9-1 (low)
	[lenny] - backup-manager 0.7.7-2
	NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html
	NOTE: checked in 0.7.9-1, but may have been fixed sooner
CVE-2010-XXXX [sudosh3: many security weaknesses]
	- sudosh3 <removed> (high; bug #566142)
CVE-2010-0379 (Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX c ...)
	NOT-FOR-US: Macromedia Flash ActiveX
CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distribu ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
	NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Te ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2010-0375 (SQL injection vulnerability in product_list.php in JCE-Tech PHP Calend ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2010-0374 (Cross-site scripting (XSS) vulnerability in the Marketplace (com_marke ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0373 (SQL injection vulnerability in the libros (com_libros) component for J ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0372 (SQL injection vulnerability in the Articlemanager (com_articlemanager) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0371 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hi ...)
	NOT-FOR-US: Hitmaaan Gallery
CVE-2010-0370 (Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x ...)
	NOT-FOR-US: Node Blocks module for Drupal
CVE-2010-0369
	RESERVED
CVE-2010-0368
	RESERVED
CVE-2010-0367 (Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits  ...)
	NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0366 (Multiple unrestricted file upload vulnerabilities in (1) register.php  ...)
	NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0365 (Cross-site scripting (XSS) vulnerability in search.php in BitScripts B ...)
	NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0364 (Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows  ...)
	- vlc 0.8.6.c-4.1 (low; bug #458318)
	NOTE: subset of CVE-2007-6681
CVE-2010-0363 (Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3 ...)
	NOT-FOR-US: Zeus Web Server
CVE-2010-0362 (Zeus Web Server before 4.3r5 does not use random transaction IDs for D ...)
	NOT-FOR-US: Zeus Web Server
CVE-2010-0361 (Stack-based buffer overflow in the WebDAV implementation in webservd i ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0360 (Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attac ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0359 (Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 a ...)
	NOT-FOR-US: Zeus Web Server
CVE-2010-0358 (Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2010-0357 (Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotu ...)
	NOT-FOR-US: IBM Lotus Web Content Management
CVE-2010-0356 (Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 Activ ...)
	NOT-FOR-US: ActiveX
CVE-2010-0355
	RESERVED
CVE-2010-0354
	RESERVED
CVE-2010-0353
	RESERVED
CVE-2010-0352
	RESERVED
CVE-2010-0351
	RESERVED
CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12,  ...)
	- zope3 <removed> (low)
	[lenny] - zope3 <no-dsa> (Minor issue)
	- zope2.11 <removed>
	- zope2.10 <removed> (low)
	[lenny] - zope2.10 <no-dsa> (Minor issue)
	- zope2.9 <removed>
	NOTE: https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
CVE-2010-0350 (Directory traversal vulnerability in the Photo Book (goof_fotoboek) ex ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0349 (Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.3 ...)
	NOT-FOR-US: WebCalenderC3
CVE-2010-0348 (Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and e ...)
	NOT-FOR-US: WebCalenderC3
CVE-2010-0347 (Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0346 (Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0345 (Cross-site scripting (XSS) vulnerability in the Majordomo extension 1. ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0344 (SQL injection vulnerability in the zak_store_management extension 1.0. ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0343 (SQL injection vulnerability in the Clan Users List (pb_clanlist) exten ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0342 (SQL injection vulnerability in the Reports for Job (job_reports) exten ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0341 (SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) exte ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0340 (SQL injection vulnerability in the MJS Event Pro (mjseventpro) extensi ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0339 (SQL injection vulnerability in the User Links (vm19_userlinks) extensi ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0338 (SQL injection vulnerability in the TT_Products editor (ttpedit) extens ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0337 (SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_ale ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0336 (Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumpe ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0335 (Cross-site scripting (XSS) vulnerability in the Vote rank for news (vo ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0334 (SQL injection vulnerability in the Vote rank for news (vote_for_tt_new ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0333 (SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6  ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0332 (SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) exten ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0331 (Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_ta ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0330 (SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0329 (SQL injection vulnerability in the powermail extension 1.5.1 and earli ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0328 (Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_un ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0327 (Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_ ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0326 (Cross-site scripting (XSS) vulnerability in the Developer log (devlog) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0325 (Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0324 (SQL injection vulnerability in the Customer Reference List (ref_list)  ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0323 (Unspecified vulnerability in the Photo Book (goof_fotoboek) extension  ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0322 (SQL injection vulnerability in the init function in MK-AnydropdownMenu ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0321 (Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Jo ...)
	NOT-FOR-US: Jamit Job Board 3.0
CVE-2010-0320 (Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter  ...)
	NOT-FOR-US: Glitter Central Script
CVE-2010-0319 (Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 a ...)
	NOT-FOR-US: Docmint
CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, ...)
	- kfreebsd-6 <not-affected> (vulnerable code introduced in freebsd 7)
	- kfreebsd-7 7.2-10 (medium; bug #566684)
	[lenny] - kfreebsd-7 <no-dsa> (kfreebsd not support in Lenny)
	- kfreebsd-8 8.0-2 (medium)
CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Novell Netware
CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote attack ...)
	NOT-FOR-US: Google SketchUp
CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, allo ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target U ...)
	- webkit 1.1.90-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System Dire ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2010-0312 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server  ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-0311 (Unspecified vulnerability in Sun Java System Identity Manager (aka IdM ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2010-0310 (Trusted Extensions in Sun Solaris 10 allows local users to gain privil ...)
	NOT-FOR-US: Trusted Extensions in Sun Solaris 10
CVE-2010-XXXX [zend framework multiple issues]
	- zendframework 1.9.7-1
	NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06
CVE-2010-XXXX [ZF2010-07]
	- zendframework 1.10.3-1
	NOTE: http://framework.zend.com/security/advisory/ZF2010-07
CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT)  ...)
	{DSA-2010-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed>
	NOTE: http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commitdiff;h=336f40a728b9a4a5db5e1df5c89852c79ff95604
CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through  ...)
	{DSA-1991-1}
	- squid 2.7.STABLE8-1
	- squid3 3.1.0.16-1 (bug #575747)
CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel be ...)
	{DSA-1996-1}
	- linux-2.6 2.6.32-8
	- linux-2.6.24 <removed>
CVE-2010-0306 (The x86 emulator in KVM 83, when a guest is configured for Symmetric M ...)
	{DSA-2010-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed>
CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to c ...)
	{DSA-2033-1}
	- ejabberd 2.1.2-2 (medium; bug #568383)
	NOTE: https://support.process-one.net/browse/EJAB-1173
CVE-2010-0304 (Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 t ...)
	{DSA-1983-1}
	- wireshark 1.2.6-1
CVE-2010-0303 (mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2  ...)
	{DSA-1982-1}
	- hybserv 1.9.2-4.1 (low; bug #550389)
CVE-2010-0302 (Use-after-free vulnerability in the abstract file-descriptor handling  ...)
	- cups 1.4.2-10 (bug #572940)
	[lenny] - cups 1.3.8-1+lenny9
	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
	NOTE: This is for an incomplete fix for CVE-2009-3553
CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the -d opt ...)
	{DSA-1981-1}
	- maildrop 2.2.0-3.1 (low; bug #564601)
CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a ...)
	{DSA-1980-1}
	- ircd-ratbox 3.0.6.dfsg-1 (low; bug #567191)
	- ircd-hybrid 1:7.2.2.dfsg.2-6.1 (low)
CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure permi ...)
	- linux-2.6 2.6.32-6
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2010-0298 (The x86 emulator in KVM 83 does not use the Current Privilege Level (C ...)
	{DSA-2010-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed>
CVE-2010-0297 (Buffer overflow in the usb_host_handle_control function in the USB pas ...)
	- qemu-kvm 0.11.1+dfsg-1
	- kvm <removed> (low)
	[lenny] - kvm <no-dsa> (minor issue)
CVE-2010-0296 (The encode_name macro in misc/mntent_r.c in the GNU C Library (aka gli ...)
	{DSA-2058-1}
	- glibc 2.11-1 (bug #583908)
	- eglibc 2.11-1
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ab00f4eac8f4932211259ff87be83144f5211540
CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read op ...)
	{DSA-1987-1}
	- lighttpd 1.4.26-1 (medium)
CVE-2010-0294 (chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a s ...)
	{DSA-1992-1}
	- chrony 1.23-7 (low)
CVE-2010-0293 (The client logging functionality in chronyd in Chrony before 1.23.1 do ...)
	{DSA-1992-1}
	- chrony 1.23-7 (low)
CVE-2010-0292 (The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony bef ...)
	{DSA-1992-1}
	- chrony 1.23-7 (medium)
CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain privileges ...)
	{DSA-2005-1 DSA-1996-1}
	- linux-2.6 2.6.32-6
CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before  ...)
	{DSA-2054-1}
	- bind9 1:9.7.0.dfsg-1 (medium)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
CVE-2010-0289 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL  ...)
	{DSA-1976-1}
	- dokuwiki 0.0.20090214b-3.1 (low)
	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: http://secunia.com/advisories/38205/
CVE-2010-0288 (A typo in the administrator permission check in the ACL Manager plugin ...)
	{DSA-1976-1}
	- dokuwiki 0.0.20090214b-3.1 (medium; bug #565406)
	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: http://bugs.splitbrain.org/index.php?do=details&task_id=1847
	NOTE: issue being exploited
CVE-2010-0287 (Directory traversal vulnerability in the ACL Manager plugin (plugins/a ...)
	{DSA-1976-1}
	- dokuwiki 0.0.20090214b-3.1 (low)
	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: http://secunia.com/advisories/38205/
CVE-2010-0286 (Unspecified vulnerability in the OpenID Identity Authentication extens ...)
	- typo3-src 4.3.1-1 (bug #567163)
	[lenny] - typo3-src <not-affected> (Only affects 4.3.x)
	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/
CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the ...)
	- gnome-screensaver 2.28.3-1 (low)
	[lenny] - gnome-screensaver <no-dsa> (Minor issue)
	NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=593616
CVE-2010-0284 (Directory traversal vulnerability in the getEntry method in the Portal ...)
	NOT-FOR-US: Novell Access Manager
CVE-2010-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 bef ...)
	- krb5 1.8+dfsg~alpha1-7
	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.7)
CVE-2010-0282
	RESERVED
CVE-2010-0281
	RESERVED
CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Googl ...)
	- lib3ds 1.3.0-5 (low; bug #575741)
	[lenny] - lib3ds <no-dsa> (Minor issue)
	[etch] - lib3ds <no-dsa> (Minor issue)
	- openscenegraph 2.8.0-1
	[lenny] - openscenegraph 2.4.0-1.1+lenny1
	NOTE: openscenegraph embeds acopy of lib3ds
	NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability
	NOTE: issue was published saying it affects google sketchup,
	NOTE: but the vulnerable code is in lib3ds
	NOTE: http://code.google.com/p/lib3ds/issues/detail?id=9
CVE-2010-0279 (Unrestricted file upload vulnerability in upload.php in BTS-GI Read ex ...)
	NOT-FOR-US: BTS-GI Read excel
CVE-2010-0278 (A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Wind ...)
	NOT-FOR-US: ActiveX
CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6,  ...)
	{DSA-2038-1}
	- pidgin 2.6.6-1 (low; bug #566775)
	- gaim <removed> (low)
	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Dom ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) be ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0274 (Unspecified vulnerability in the Edit Contact scene in Ultra-light Mod ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0273 (Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 o ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0272 (Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6  ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0271 (hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_ ...)
	NOT-FOR-US: hald in Sun OpenSolaris
CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3,  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0268 (Unspecified vulnerability in the Windows Media Player ActiveX control  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle o ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0266 (Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, an ...)
	NOT-FOR-US: Microsoft Windows Movie Maker
CVE-2010-0264 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Ope ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0263 (Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0262 (Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2  ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0259
	REJECTED
CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does n ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prev ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does n ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0253
	REJECTED
CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel Acti ...)
	NOT-FOR-US: Microsoft Data Analyzer ActiveX control
CVE-2010-0251
	REJECTED
CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1,  ...)
	NOT-FOR-US: Microsoft
CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly h ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004  ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0238 (Unspecified vulnerability in registry-key validation in the kernel in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0237 (The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows loc ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0236 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0235 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0234 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0231 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures  ...)
	- postfix <not-affected> (SUSE-specific packaging issue)
CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash  ...)
	NOT-FOR-US: Verbatim Corporate Secure
CVE-2010-0228 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash  ...)
	NOT-FOR-US: Verbatim Corporate Secure
CVE-2010-0227 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash  ...)
	NOT-FOR-US: Verbatim Corporate Secure
CVE-2010-0226 (SanDisk Cruzer Enterprise USB flash drives do not prevent password rep ...)
	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
CVE-2010-0225 (SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for ...)
	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
CVE-2010-0224 (SanDisk Cruzer Enterprise USB flash drives validate passwords with a p ...)
	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
CVE-2010-0223 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edi ...)
	NOT-FOR-US: Kingston USB flash drives
CVE-2010-0222 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edi ...)
	NOT-FOR-US: Kingston USB flash drives
CVE-2010-0221 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edi ...)
	NOT-FOR-US: Kingston USB flash drives
CVE-2010-0220 (The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverL ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: browser DoS not treated as security issue
CVE-2010-0219 (Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterpri ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-0218 (ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the  ...)
	- bind9 <not-affected> (Only affects 9.7.2, which is not yet in the archive)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
	NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
CVE-2010-0217 (Zeacom Chat Server before 5.1 uses too short a random string for the J ...)
	NOT-FOR-US: Zeacom Chat Server
CVE-2010-0216 (authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows r ...)
	NOT-FOR-US: MediaCAST
CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to bypass  ...)
	NOT-FOR-US: ActiveCollab
CVE-2010-0214 (The administrative interface on the PolyVision RoomWizard with firmwar ...)
	NOT-FOR-US: PolyVision RoomWizard
CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trus ...)
	- bind9 9.7.1.dfsg.P2
	[lenny] - bind9 <not-affected> (vulnerability introduced in 9.7.1)
CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of service ( ...)
	{DSA-2077-1}
	- openldap 2.4.23-1
CVE-2010-0211 (The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not  ...)
	{DSA-2077-1}
	- openldap 2.4.23-1
CVE-2010-0210
	RESERVED
CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-0208
	RESERVED
CVE-2010-0207 (In xpdf, the xref table contains an infinite loop which allows remote  ...)
	- kdegraphics 4:4.0.0-1 (unimportant)
	- xpdf <unfixed> (unimportant)
	- poppler 0.16.3-1 (unimportant)
	[squeeze] - poppler 0.12.4-1.2+squeeze1
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=28172
	NOTE: Just a crasher, not treated as a security issue
CVE-2010-0206 (xpdf allows remote attackers to cause a denial of service (NULL pointe ...)
	- kdegraphics 4:4.0.0-1 (unimportant)
	- xpdf <unfixed> (unimportant)
	- poppler 0.16.3-1 (unimportant)
	[squeeze] - poppler 0.12.4-1.2+squeeze1
	NOTE: Just a crasher, not treated as a security issue
CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before ...)
	{DSA-2032-1}
	- libpng 1.2.43-1 (low; bug #572308)
	NOTE: http://www.kb.cert.org/vuls/id/576029
CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0200
	REJECTED
CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0187 (Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 al ...)
	NOT-FOR-US: Adobe Flash plugin
CVE-2010-0186 (Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Ado ...)
	NOT-FOR-US: Adobe Flash plugin
CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not restrict ac ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO Dom ...)
	NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent
CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots functi ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6 ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.9-1 (low)
	[lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series)
	- iceape 2.0.4-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- icedove 3.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - icedove <end-of-life>
CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey bef ...)
	- xulrunner 1.9.1.9-1 (unimportant)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0180 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_ ...)
	- bugzilla <not-affected> (Only affects 3.5 to 3.7)
CVE-2010-0179 (Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey be ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0178 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0177 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in  ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.5)
CVE-2010-0172 (toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the as ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0171 (Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x bef ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0170 (Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected w ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0169 (The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoade ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceape 2.0.3-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0168 (The nsDocument::MaybePreLoadImage function in content/base/src/nsDocum ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0167 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x befor ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0166 (The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.c ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0165 (The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp  ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0164 (Use-after-free vulnerability in the imgContainer::InternalAddFrameHelp ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0163 (Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 proces ...)
	{DSA-2025-1}
	- icedove 3.0.4-1 (medium)
CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMon ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[etch] - xulrunner <end-of-life>
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
CVE-2010-0161 (The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in M ...)
	- xulrunner <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
	- iceweasel <not-affected> (Windows-specific)
CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 an ...)
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <not-affected> (web workers introduced in gecko 1.9.1)
	[lenny] - xulrunner <not-affected> (web workers introduced in gecko 1.9.1)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[etch] - iceape <not-affected> (web workers introduced in gecko 1.9.1)
	[lenny] - iceape <not-affected> (web workers introduced in gecko 1.9.1)
CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x be ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <end-of-life>
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0158
	NOT-FOR-US: JoomlaBamboo (JB) Simpla Admin template
CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy)  ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0156 (Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local user ...)
	- puppet 0.25.4-2
	[lenny] - puppet <no-dsa> (Minor issue)
CVE-2010-0155 (CRLF injection vulnerability in load.php in the Local Management Inter ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0154 (Directory traversal vulnerability in sla/index.php in the Local Manage ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0153 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Loca ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0152 (Multiple cross-site scripting (XSS) vulnerabilities in the Local Manag ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0151 (The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used i ...)
	NOT-FOR-US: Cisco
CVE-2010-0150 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0149 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0148 (Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285 ...)
	NOT-FOR-US: Cisco Security Agent
CVE-2010-0147 (SQL injection vulnerability in the Management Center for Cisco Securit ...)
	NOT-FOR-US: Cisco
CVE-2010-0146 (Directory traversal vulnerability in the Management Center for Cisco S ...)
	NOT-FOR-US: Cisco
CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco Ir ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the emb ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the embed ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5 ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5 ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco Unifie ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.6 ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor ( ...)
	NOT-FOR-US: Cisco CiscoWorks Internetwork Performance Monitor
CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in the SSH ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2010-0136 (OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce ...)
	{DSA-1995-1}
	- openoffice.org 1:3.1.1-11
CVE-2010-0135 (Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), a ...)
	NOT-FOR-US: WordPerfect reader on Windows
CVE-2010-0134 (Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and 10. ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2010-0133 (Multiple stack-based buffer overflows in the SpreadSheet Lotus 123 rea ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 an ...)
	- viewvc 1.1.5-1 (bug #576307)
CVE-2010-0131 (Stack-based buffer overflow in the SpreadSheet Lotus 123 reader (wkssr ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might all ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player befor ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0126 (Heap-based buffer overflow in an unspecified library in Autonomy KeyVi ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2010-0125 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on the m ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0123 (The database backup implementation in Employee Timeclock Software 0.99 ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock Software  ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0121 (The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlaye ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0120 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, place ...)
	NOT-FOR-US: Bournal
CVE-2010-0118 (Bournal before 1.4.1 allows local users to overwrite arbitrary files v ...)
	NOT-FOR-US: Bournal
CVE-2010-0117 (RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 throug ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0116 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and Real ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0115 (SQL injection vulnerability in login.php in the GUI management console ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2010-0114 (fw_charts.php in the reporting module in the Manager (aka SEPM) compon ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2010-0113 (The Symantec Norton Mobile Security application 1.0 Beta for Android r ...)
	NOT-FOR-US: Symantec Norton Mobile Security application 1.0
CVE-2010-0112 (Multiple SQL injection vulnerabilities in the Administrative Interface ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2010-0111 (HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Ha ...)
	NOT-FOR-US: Symantec Intel Alert Handler
CVE-2010-0110 (Multiple stack-based buffer overflows in Intel Alert Management System ...)
	NOT-FOR-US: Symantec Intel Alert Handler
CVE-2010-0109 (DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9  ...)
	NOT-FOR-US: Symantec
CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the Syman ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360  ...)
	NOT-FOR-US: Symantec
CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before  ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2010-0105 (The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6 ...)
	NOT-FOR-US: Apple hfs implementation
CVE-2010-0104 (Unspecified vulnerability in the Broadcom Integrated NIC Management Fi ...)
	NOT-FOR-US: Broadcom Integrated NIC Management Firmware
CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger software conta ...)
	NOT-FOR-US: Energizer DUO USB Battery Charger Software
CVE-2010-0102
	RESERVED
CVE-2010-0101 (The embedded HTTP server in multiple Lexmark laser and inkjet printers ...)
	NOT-FOR-US: Lexmark printers and MarkNet devices
CVE-2010-0100
	RESERVED
CVE-2010-0099
	REJECTED
CVE-2010-0098 (ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z fil ...)
	- clamav 0.96+dfsg-1
	[lenny] - clamav <end-of-life> (No longer supported in Lenny)
CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ...)
	{DSA-2054-1}
	- bind9 1:9.7.0.dfsg-1
CVE-2010-0096
	RESERVED
CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in componen ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in componen ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b18-1.8-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0087 (Unspecified vulnerability in the Java Web Start, Java Plug-in componen ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0083 (Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows re ...)
	NOT-FOR-US: Solaris
CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle Ja ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0081 (Unspecified vulnerability in the Application Server Control component  ...)
	NOT-FOR-US: Oracle Fusion
CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile  ...)
	NOT-FOR-US: PeopleSoft Enterprise HCM
CVE-2010-0079 (Multiple vulnerabilities in the JRockit component in BEA Product Suite ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0078 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0077 (Unspecified vulnerability in the CRM Technical Foundation (mobile) com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0076 (Unspecified vulnerability in the Application Express Application Build ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0075 (Unspecified vulnerability in the Oracle HRMS (Self Service) component  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0073 (Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Se ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0070 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Application Server
CVE-2010-0069 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0068 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0067 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Application Server
CVE-2010-0066 (Unspecified vulnerability in the Access Manager Identity Server compon ...)
	NOT-FOR-US: Oracle Application Server
CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remot ...)
	NOT-FOR-US: Apple Disk Images
CVE-2010-0064 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ow ...)
	NOT-FOR-US: Apple DesktopServices
CVE-2010-0063 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X befo ...)
	NOT-FOR-US: Apple CoreTypes
CVE-2010-0062 (Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0061
	RESERVED
CVE-2010-0060 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to e ...)
	NOT-FOR-US: Apple CoreAudio
CVE-2010-0059 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to e ...)
	NOT-FOR-US: Apple CoreAudio
CVE-2010-0058 (freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009 ...)
	- clamav <not-affected> (apple-specific configuration issue)
CVE-2010-0057 (AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use  ...)
	NOT-FOR-US: Apple AFP Server
CVE-2010-0056 (Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10 ...)
	NOT-FOR-US: Apple AppKit
CVE-2010-0055 (xar in Apple Mac OS X 10.5.8 does not properly validate package signat ...)
	- xar <removed> (bug #572556)
	[lenny] - xar <no-dsa> (Minor issue)
CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/53812
	NOTE: http://trac.webkit.org/changeset/53813
	NOTE: http://trac.webkit.org/changeset/54242
CVE-2010-0053 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/50466
CVE-2010-0052 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/51877
CVE-2010-0051 (WebKit in Apple Safari before 4.0.5 does not properly validate the cro ...)
	NOTE: http://trac.webkit.org/changeset/52784
	NOTE: duplicate of CVE-2010-0651
CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/52073
CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/52527
CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/51962
CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/50698
CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/51727
CVE-2010-0045 (Apple Safari before 4.0.5 on Windows does not properly validate extern ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0044 (PubSub in Apple Safari before 4.0.5 does not properly implement use of ...)
	NOT-FOR-US: Apple PubSub
	NOTE: apple's pubsub is rss-oriented and all debian packages with pubsub
	NOTE: components are not; hence this is very likely an issue specifically with
	NOTE: their own code, or their wrapper code around another PubSub library
CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0039 (The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort ...)
	NOT-FOR-US: Apple
CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for  ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 al ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 al ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 a ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote  ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP ...)
	NOT-FOR-US: Microsoft Paint
CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 Gol ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2010-0025 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0024 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server servi ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0019 (Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0. ...)
	NOT-FOR-US: Microsoft Silverlight on Windows
CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.d ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows S ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 an ...)
	{DSA-1973-1}
	- eglibc 2.10.2-4 (medium; bug #560333)
	- glibc 2.10.2-4 (medium)
CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the krb5 aut ...)
	- sssd 1.0.5-1
CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol plugin  ...)
	- pidgin 2.6.5-1 (medium; bug #563206)
	[lenny] - pidgin <not-affected> (vulnerable code not present)
	- gaim <not-affected> (vulnerable code not present)
	NOTE: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
CVE-2010-0012 (Directory traversal vulnerability in libtransmission/metainfo.c in Tra ...)
	{DSA-1967-1}
	- transmission 1.77-1 (low)
	NOTE: http://trac.transmissionbt.com/changeset/9829/
	NOTE: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/500625
CVE-2010-0011 (The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes  ...)
	- uzbl 0.0.0~git.20100105-1 (medium)
	NOTE: http://www.uzbl.org/news.php?id=22
	NOTE: maintainer is aware of it
CVE-2010-0010 (Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util. ...)
	- apache <removed> (low)
	NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server,
	NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse
	NOTE: proxy situations, the backend server is usually trusted, anyway.
CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain  ...)
	- couchdb 0.11.0-1 (bug #576304)
	[lenny] - couchdb <no-dsa> (Minor information leak)
CVE-2010-0008 (The sctp_rcv_ootb function in the SCTP implementation in the Linux ker ...)
	- linux-2.6 2.6.23-1
CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the netfilte ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-6
	- linux-2.6.24 <removed>
CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel  ...)
	- linux-2.6 2.6.32-6
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
CVE-2010-0005 (query.py in the query interface in ViewVC before 1.1.3 does not reject ...)
	- viewvc 1.1.5-1 (bug #575777)
CVE-2010-0004 (ViewVC before 1.1.3 composes the root listing view without using the a ...)
	- viewvc 1.1.5-1 (bug #575777)
CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel ...)
	{DSA-2005-1 DSA-1996-1}
	- linux-2.6 2.6.32-6
	[etch] - linux-2.6 <not-affected> (does not have print-fatal-signals)
	- linux-2.6.24 <removed>
CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for  ...)
	- bash <not-affected> (mandriva-specific packaging issue)
CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4  ...)
	{DSA-2074-1 DSA-1974-1}
	- gzip 1.3.12-9 (medium; bug #566002)
	- linux-2.6 <not-affected> (does not include unlzw.c in its gzip code copy)
	- klibc <not-affected> (does not include unlzw.c in its gzip code copy)
	- busybox <not-affected> (does not include unlzw.c in its gzip code copy)
	- pristine-tar <not-affected> (does not include unlzw.c in its gzip code copy)
	- ncompress 4.2.4.3-1