[Secure-testing-commits] r18434 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Feb 14 17:02:26 UTC 2012
Author: jmm
Date: 2012-02-14 17:02:26 +0000 (Tue, 14 Feb 2012)
New Revision: 18434
Modified:
data/CVE/list
Log:
new smokeping issue
glib hash CVEfied
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-02-13 21:14:29 UTC (rev 18433)
+++ data/CVE/list 2012-02-14 17:02:26 UTC (rev 18434)
@@ -1,9 +1,9 @@
CVE-2012-1048 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: eFront Community++
CVE-2012-1047 (Directory traversal vulnerability in the WWWHELP Service ...)
- TODO: check
+ NOT-FOR-US: Cyberoam Central Console
CVE-2012-1046 (Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 ...)
- TODO: check
+ NOT-FOR-US: IBM Cognos
CVE-2012-1045
RESERVED
CVE-2012-1044
@@ -597,7 +597,7 @@
- horde3 <unfixed>
- imp4 <unfixed> (bug #659392)
CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping ...)
- TODO: check
+ - smokeping <unfixed> (bug filed)
CVE-2012-0789
RESERVED
CVE-2012-0788
@@ -1502,8 +1502,6 @@
NOTE: Not exploitable without OpenPAM
CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the "external ...)
NOT-FOR-US: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755. All products listed there are not part of Debian.
-CVE-2011-XXXX [glib hashtable dos issues: ocert-2011-003]
- - glib2.0 <unfixed> (low; bug #655044)
CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain ...)
- gnutls28 3.0.11-1
- gnutls26 <not-affected> (lacks DTLS support and is not affected)
@@ -1658,7 +1656,7 @@
CVE-2012-0315
RESERVED
CVE-2012-0314 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
- TODO: check
+ NOT-FOR-US: eAccess Pocket WiFi
CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 ...)
NOT-FOR-US: glucose
CVE-2012-0312 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...)
@@ -1706,7 +1704,7 @@
CVE-2012-0291
RESERVED
CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...)
- TODO: check
+ NOT-FOR-US: Symantec pcAnywhere
CVE-2012-0289
RESERVED
CVE-2011-5052 (Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote ...)
@@ -2332,21 +2330,21 @@
CVE-2011-4880
RESERVED
CVE-2011-4879 (miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4878 (Directory traversal vulnerability in miniweb.exe in the HMI web server ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4877 (HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4876 (Directory traversal vulnerability in HmiLoad in the runtime loader in ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4875 (Stack-based buffer overflow in HmiLoad in the runtime loader in ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4874
RESERVED
CVE-2011-4873 (Unspecified vulnerability in the server in Certec EDV atvise before ...)
NOT-FOR-US: Certec EDV atvise
CVE-2011-4872 (Multiple HTC Android devices including Desire HD FRG83D and GRI40, ...)
- TODO: check
+ NOT-FOR-US: Android devices
CVE-2011-4871
RESERVED
CVE-2011-4870 (Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and ...)
@@ -2545,7 +2543,7 @@
CVE-2012-0195
RESERVED
CVE-2012-0194 (The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2012-0193 (IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0192 (Multiple integer overflows in vclmi.dll in the visual class library ...)
@@ -2788,9 +2786,9 @@
CVE-2011-4792
RESERVED
CVE-2011-4791 (DBServer.exe in HP Data Protector Media Operations 6.11 and earlier ...)
- TODO: check
+ NOT-FOR-US: HP Data Protector
CVE-2011-4790 (Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, ...)
- TODO: check
+ NOT-FOR-US: HP Network Automation
CVE-2011-4789 (Stack-based buffer overflow in magentservice.exe in the server in HP ...)
NOT-FOR-US: HP Diagnostics
CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP ...)
@@ -2872,13 +2870,13 @@
CVE-2012-0101 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.1 <unfixed> (bug #659687)
CVE-2012-0100 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express ...)
- TODO: check
+ NOT-FOR-US: Oracle Solaris
CVE-2012-0099 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express ...)
- TODO: check
+ NOT-FOR-US: Oracle Solaris
CVE-2012-0098 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
NOT-FOR-US: Oracle Solaris
CVE-2012-0097 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
- TODO: check
+ NOT-FOR-US: Oracle Solaris
CVE-2012-0096 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
NOT-FOR-US: Oracle Solaris
CVE-2012-0095
@@ -3219,7 +3217,7 @@
- simplesamlphp 1.8.2-1
NOTE: http://groups.google.com/group/simplesamlphp-announce/browse_thread/thread/cb96723ee3c6751e
CVE-2012-0039 (** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function ...)
- TODO: check
+ - glib2.0 <unfixed> (unimportant; bug #655044)
CVE-2012-0038
RESERVED
- linux-2.6 <unfixed>
@@ -3730,9 +3728,9 @@
CVE-2011-4535
RESERVED
CVE-2011-4534 (ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows ...)
- TODO: check
+ NOT-FOR-US: COPA-DATA
CVE-2011-4533 (zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows ...)
- TODO: check
+ NOT-FOR-US: COPA-DATA
CVE-2011-4532 (Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ...)
NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4531 (Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 ...)
@@ -3777,19 +3775,19 @@
CVE-2011-4515
RESERVED
CVE-2011-4514 (The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4513 (Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4512 (CRLF injection vulnerability in the HMI web server in Siemens WinCC ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4511 (Cross-site scripting (XSS) vulnerability in the HMI web server in ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4510 (Cross-site scripting (XSS) vulnerability in the HMI web server in ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4509 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2011-4508 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2010-5062 (SQL injection vulnerability in search.php in MH Products ...)
NOT-FOR-US: MH Products kleinanzeigenmarkt
CVE-2010-5061 (SQL injection vulnerability in index.php in RSStatic allows remote ...)
@@ -4459,7 +4457,7 @@
CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum ...)
NOT-FOR-US: CourseForum
CVE-2011-4276 (The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2011-4275 (Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT ...)
NOT-FOR-US: IT Operations Portal
CVE-2011-4274 (Cross-site scripting (XSS) vulnerability in the A-Form PC and ...)
@@ -4789,7 +4787,7 @@
CVE-2011-4195
RESERVED
CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open Enterprise ...)
- TODO: check
+ NOT-FOR-US: Novell iPrint
CVE-2011-4193
RESERVED
CVE-2011-4192
@@ -4900,9 +4898,9 @@
CVE-2011-4145
RESERVED
CVE-2011-4144 (Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2011-4143 (EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before ...)
NOT-FOR-US: EMC SourceOne Email Management
CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software Token ...)
More information about the Secure-testing-commits
mailing list