[Secure-testing-commits] r18721 - data/CVE

James Strandboge jamie-guest at alioth.debian.org
Tue Mar 20 16:58:53 UTC 2012


Author: jamie-guest
Date: 2012-03-20 16:58:53 +0000 (Tue, 20 Mar 2012)
New Revision: 18721

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-03-19 23:50:30 UTC (rev 18720)
+++ data/CVE/list	2012-03-20 16:58:53 UTC (rev 18721)
@@ -1,5 +1,41 @@
+CVE-2012-1790
+	NOT-FOR-US: Webgrind
+CVE-2012-1789
+	NOT-FOR-US: Kongreg8
+CVE-2012-1788
+	NOT-FOR-US: WonderDesk SQL
+CVE-2012-1787
+	NOT-FOR-US: Webglimpse
+CVE-2012-1786
+	NOT-FOR-US: Media Upload form in the Video Embed & Thumbnail Generator plugin for WordPress
+CVE-2012-1785
+	NOT-FOR-US: Video Embed & Thumbnail Generator plugin for WordPress
+CVE-2012-1784
+	NOT-FOR-US: MyJobList
+CVE-2012-1783
+	NOT-FOR-US: Tiny Server
+CVE-2012-1782
+	NOT-FOR-US: OSQA
+CVE-2012-1781
+	NOT-FOR-US: SocialCMS
+CVE-2012-1780
+	NOT-FOR-US: SocialCMS
+CVE-2012-1779
+	NOT-FOR-US: IDevSpot idev-BusinessDirectory
+CVE-2012-1778
+	NOT-FOR-US: CreateVision CMS
+CVE-2011-5082
+	NOT-FOR-US: s2Member Pro plugin for WordPress
+CVE-2010-5086
+	NOT-FOR-US: Bitweaver
+CVE-2009-5114
+	NOT-FOR-US: WebGlimpse
+CVE-2009-5113
+	NOT-FOR-US: WebGlimpse
+CVE-2009-5112
+	NOT-FOR-US: WebGlimpse
 CVE-2012-1774 (Unspecified vulnerability in the Open URL feature in Gretech GOM Media ...)
-	TODO: check
+	NOT-FOR-US: Gretech GOM Media Player
 CVE-2012-1773
 	RESERVED
 CVE-2012-1772
@@ -419,19 +455,19 @@
 CVE-2012-1568
 	RESERVED
 CVE-2012-1567
-	RESERVED
+	NOT-FOR-US: LinuxMint
 CVE-2012-1566
-	RESERVED
+	NOT-FOR-US: LinuxMint
 CVE-2012-1565
-	RESERVED
+	NOT-FOR-US: eZ Publish
 CVE-2012-1564
 	RESERVED
 CVE-2012-1563
-	RESERVED
+	NOT-FOR-US: Joomla!
 CVE-2012-1562
-	RESERVED
+	NOT-FOR-US: Joomla!
 CVE-2012-1561
-	RESERVED
+	NOT-FOR-US: Drupal Finder
 CVE-2012-1560
 	RESERVED
 CVE-2012-1559
@@ -439,7 +475,7 @@
 CVE-2012-1558 (yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of ...)
 	TODO: check
 CVE-2012-1557 (SQL injection vulnerability in admin/plib/api-rpc/Agent.php in ...)
-	TODO: check
+	NOT-FOR-US: Parallels Plesk Panel
 CVE-2012-1556
 	RESERVED
 CVE-2012-1555
@@ -525,11 +561,11 @@
 CVE-2012-1515
 	RESERVED
 CVE-2012-1514 (Cross-site request forgery (CSRF) vulnerability in VMware vShield ...)
-	TODO: check
+	NOT-FOR-US: VMware vShield Manager
 CVE-2012-1513 (The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 ...)
-	TODO: check
+	NOT-FOR-US: VMware vCenter Orchestrator
 CVE-2012-1512 (Cross-site scripting (XSS) vulnerability in the internal browser in ...)
-	TODO: check
+	NOT-FOR-US: VMware vSphere
 CVE-2012-1511 (Cross-site scripting (XSS) vulnerability in View Manager Portal in ...)
 	TODO: check
 CVE-2012-1510 (Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, ...)
@@ -537,7 +573,7 @@
 CVE-2012-1509 (Buffer overflow in the XPDM display driver in VMware View before 4.6.1 ...)
 	TODO: check
 CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX ...)
-	TODO: check
+	NOT-FOR-US: VMware ESXi
 CVE-2012-1507
 	RESERVED
 CVE-2012-1506
@@ -558,7 +594,7 @@
 CVE-2012-1499
 	RESERVED
 CVE-2012-1498
-	RESERVED
+	NOT-FOR-US: Webfolio CMS
 CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before ...)
 	TODO: check
 CVE-2012-1496
@@ -588,15 +624,15 @@
 CVE-2012-1486
 	RESERVED
 CVE-2012-1485 (Unspecified vulnerability in the NetFront Life Browser ...)
-	TODO: check
+	NOT-FOR-US: NetFront Life Browser for Android
 CVE-2012-1484 (Unspecified vulnerability in the WaliSMS CN (cn.com.wali.walisms) ...)
-	TODO: check
+	NOT-FOR-US: WaliSMS CN (cn.com.wali.walisms) application
 CVE-2012-1483 (Unspecified vulnerability in the Message Forwarder ...)
-	TODO: check
+	NOT-FOR-US: Message Forwarder for Android
 CVE-2012-1482 (Unspecified vulnerability in the TouchPal Contacts ...)
-	TODO: check
+	NOT-FOR-US: TouchPal Contacts for Android
 CVE-2012-1481 (Unspecified vulnerability in the Textdroid (com.app.android.textdroid) ...)
-	TODO: check
+	NOT-FOR-US: Textdroid for Android
 CVE-2012-1480 (Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application ...)
 	NOT-FOR-US: Pansi SMS
 CVE-2012-1479 (Unspecified vulnerability in the AContact (com.movester.quickcontact) ...)
@@ -626,11 +662,11 @@
 CVE-2012-1467
 	RESERVED
 CVE-2012-1466
-	RESERVED
+	NOT-FOR-US: NetMechanica NetDecision
 CVE-2012-1465
-	RESERVED
+	NOT-FOR-US: NetMechanica NetDecision
 CVE-2012-1464
-	RESERVED
+	NOT-FOR-US: NetMechanica NetDecision
 CVE-2012-1463
 	RESERVED
 CVE-2012-1462
@@ -964,7 +1000,7 @@
 CVE-2012-1298
 	RESERVED
 CVE-2012-1297
-	RESERVED
+	NOT-FOR-US: Contao
 CVE-2012-XXXX [CDF crasher bugs in file, found by CERT/CC BFF tool]
 	- file <unfixed> (low)
 	[squeeze] - file 5.04-5+squeeze1
@@ -1037,7 +1073,7 @@
 CVE-2012-1265
 	RESERVED
 CVE-2012-1264 (Unspecified vulnerability in Gretech GOM Media Player before ...)
-	TODO: check
+	NOT-FOR-US: Gretech GOM Media Player
 CVE-2012-1263
 	RESERVED
 CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi ...)
@@ -1093,7 +1129,7 @@
 CVE-2012-1237
 	RESERVED
 CVE-2012-1236
-	RESERVED
+	NOT-FOR-US: Janetter
 CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin ...)
 	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows ...)
@@ -1206,7 +1242,7 @@
 CVE-2012-1188
 	RESERVED
 CVE-2012-1187
-	RESERVED
+	NOT-FOR-US: bitlebee
 CVE-2012-1186
 	RESERVED
 CVE-2012-1185
@@ -2025,7 +2061,7 @@
 CVE-2012-0873 (Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin ...)
 	NOT-FOR-US: Boonex Dolphin
 CVE-2012-0872
-	RESERVED
+	NOT-FOR-US: OxWall
 CVE-2012-0871
 	RESERVED
 CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used ...)
@@ -2124,11 +2160,11 @@
 CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL ...)
 	TODO: check
 CVE-2012-0837
-	RESERVED
+	NOT-FOR-US: Joomla!
 CVE-2012-0836
-	RESERVED
+	NOT-FOR-US: Joomla!
 CVE-2012-0835
-	RESERVED
+	NOT-FOR-US: Joomla!
 CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in ...)
 	- phpldapadmin 1.2.2-1 (bug #658907)
 CVE-2012-0833
@@ -2723,7 +2759,7 @@
 CVE-2012-0585 (The Private Browsing feature in Safari in Apple iOS before 5.1 allows ...)
 	TODO: check
 CVE-2012-0584 (The Internationalized Domain Name (IDN) feature in Apple Safari before ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2012-0583
 	RESERVED
 CVE-2012-0582
@@ -3226,19 +3262,19 @@
 CVE-2012-0405
 	RESERVED
 CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom ...)
-	TODO: check
+	NOT-FOR-US: EMC Documentum eRoom
 CVE-2012-0403
-	RESERVED
+	NOT-FOR-US: EMC RSA enVision
 CVE-2012-0402
-	RESERVED
+	NOT-FOR-US: EMC RSA enVision
 CVE-2012-0401
-	RESERVED
+	NOT-FOR-US: EMC RSA enVision
 CVE-2012-0400
-	RESERVED
+	NOT-FOR-US: EMC RSA enVision
 CVE-2012-0399
-	RESERVED
+	NOT-FOR-US: EMC RSA enVision
 CVE-2012-0398 (EMC Documentum eRoom before 7.4.4 does not properly validate session ...)
-	TODO: check
+	NOT-FOR-US: EMC Documentum eRoom
 CVE-2012-0397 (Buffer overflow in EMC RSA SecurID Software Token Converter before ...)
 	NOT-FOR-US: EMC RSA SecurID Software Token Converter
 CVE-2012-0396 (EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly ...)
@@ -3317,7 +3353,7 @@
 CVE-2012-0366 (Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated ...)
 	NOT-FOR-US: Cisco Unity Connection
 CVE-2012-0365 (Directory traversal vulnerability in the Local TFTP file-upload ...)
-	TODO: check
+	NOT-FOR-US: Cisco SRP 520 series devices
 CVE-2012-0364 (Cisco SRP 520 series devices with firmware before 1.1.26 and SRP ...)
 	NOT-FOR-US: Cisco SRP devices
 CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware before ...)
@@ -3331,17 +3367,17 @@
 CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote attackers ...)
 	NOT-FOR-US: Cisco Cius
 CVE-2012-0358 (Buffer overflow in the Cisco Port Forwarder ActiveX control in ...)
-	TODO: check
+	NOT-FOR-US: Cisco Adaptive Security Appliances
 CVE-2012-0357
 	RESERVED
 CVE-2012-0356 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
-	TODO: check
+	NOT-FOR-US: Cisco Adaptive Security Appliances
 CVE-2012-0355 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
-	TODO: check
+	NOT-FOR-US: Cisco Adaptive Security Appliances
 CVE-2012-0354 (The Threat Detection feature on Cisco Adaptive Security Appliances ...)
-	TODO: check
+	NOT-FOR-US: Cisco Adaptive Security Appliances
 CVE-2012-0353 (The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-0352 (Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series ...)
 	NOT-FOR-US: Cisco NX-OS
 CVE-2012-0351
@@ -3391,17 +3427,17 @@
 CVE-2012-0329 (Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows ...)
 	NOT-FOR-US: Cisco Digital Media Manager
 CVE-2012-0328
-	RESERVED
+	NOT-FOR-US: Janetter
 CVE-2012-0327
 	RESERVED
 CVE-2012-0326 (The twicca application 0.7.0 through 0.9.30 for Android does not ...)
-	TODO: check
+	NOT-FOR-US: twicca application for Android
 CVE-2012-0325 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
 	TODO: check
 CVE-2012-0324 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
 	TODO: check
 CVE-2012-0323 (Cross-site scripting (XSS) vulnerability in the Autocomplete plugin ...)
-	TODO: check
+	NOT-FOR-US: Autocomplete plugin for SquirrelMail
 CVE-2012-0322 (The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for ...)
 	NOT-FOR-US: EStrongs ES File Explorer
 CVE-2012-0321 (Unspecified vulnerability in the device driver in Kingsoft Internet ...)
@@ -3461,9 +3497,9 @@
 CVE-2012-0294
 	RESERVED
 CVE-2012-0293 (Multiple SQL injection vulnerabilities in Symantec Altiris WISE ...)
-	TODO: check
+	NOT-FOR-US: Symantec Altiris WISE Package Studio
 CVE-2012-0292 (The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT ...)
-	TODO: check
+	NOT-FOR-US: Symantec pcAnywhere
 CVE-2012-0291 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...)
 	NOT-FOR-US: pcAnywhere
 CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...)
@@ -3819,7 +3855,7 @@
 CVE-2011-4942
 	RESERVED
 CVE-2011-4941
-	RESERVED
+	NOT-FOR-US: piwik
 CVE-2011-4940 [python: potential XSS in SimpleHTTPServer's list_directory()]
 	RESERVED
 	- python2.7 2.7.2-8
@@ -3834,7 +3870,7 @@
 	RESERVED
 	NOT-FOR-US: Ariadne CMS not in Debian
 CVE-2011-4937
-	RESERVED
+	NOT-FOR-US: Joomla
 CVE-2011-4936
 	RESERVED
 	- joomla <itp> (bug #571794)
@@ -4032,7 +4068,7 @@
 CVE-2012-0246
 	RESERVED
 CVE-2012-0245 (Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB ...)
-	TODO: check
+	NOT-FOR-US: ABB Robot Communications Runtime
 CVE-2012-0244 (Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess ...)
 	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0243 (Buffer overflow in an ActiveX control in bwocxrun.ocx in ...)
@@ -4058,13 +4094,13 @@
 CVE-2012-0233 (Cross-site scripting (XSS) vulnerability in Advantech/BroadWin ...)
 	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0232 (Directory traversal vulnerability in rifsrvd.exe in the Remote ...)
-	TODO: check
+	NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal
 CVE-2012-0231 (PRLicenseMgr.exe in the Proficy Server License Manager in GE ...)
-	TODO: check
+	NOT-FOR-US: GE Intelligent Platforms Proficy Plant Applications
 CVE-2012-0230 (PRRDS.exe in the Proficy Remote Data Service in GE Intelligent ...)
-	TODO: check
+	NOT-FOR-US: GE Intelligent Platforms Proficy Plant Applications
 CVE-2012-0229 (The Data Archiver service in GE Intelligent Platforms Proficy ...)
-	TODO: check
+	NOT-FOR-US: GE Intelligent Platforms Proficy Historian
 CVE-2012-0228
 	RESERVED
 CVE-2012-0227
@@ -4327,7 +4363,7 @@
 CVE-2012-0202
 	RESERVED
 CVE-2012-0201 (Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM Personal Communications
 CVE-2012-0200 (The server in IBM solidDB 6.5 before Interim Fix 6 does not properly ...)
 	NOT-FOR-US: IBM solidDB
 CVE-2012-0199 (Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning ...)
@@ -4396,7 +4432,7 @@
 CVE-2011-4820
 	RESERVED
 CVE-2011-4819 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...)
-	TODO: check
+	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2011-4818 (Open redirect vulnerability in IBM Maximo Asset Management and Asset ...)
 	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2011-4817 (The About option on the Help menu in IBM Maximo Asset Management and ...)
@@ -5978,7 +6014,7 @@
 CVE-2011-4367
 	RESERVED
 CVE-2011-4366
-	RESERVED
+	NOT-FOR-US: ** REJECT ** duplicate of CVE-2011-4090
 CVE-2011-4365
 	RESERVED
 	NOTE: duplicate of CVE-2011-4090
@@ -6804,7 +6840,7 @@
 CVE-2011-4119
 	RESERVED
 CVE-2011-4117
-	RESERVED
+	NOT-FOR-US: perl Batch::BatchRun CPAN module
 CVE-2011-4116
 	RESERVED
 CVE-2011-4115
@@ -6923,7 +6959,7 @@
 	REJECTED
 	NOTE: Will be rejected to avoid confusion
 CVE-2011-4083
-	RESERVED
+	NOT-FOR-US: RedHat sos
 CVE-2011-4082
 	RESERVED
 CVE-2011-4081 [CRYPTO_GHASH issue]
@@ -9739,7 +9775,7 @@
 CVE-2010-4822
 	RESERVED
 CVE-2010-4821
-	RESERVED
+	NOT-FOR-US: phpMyFAQ
 CVE-2010-4820 [ghostscript split from CVE-2010-2055]
 	RESERVED
 	- ghostscript 8.71~dfsg2-6.1
@@ -10799,7 +10835,7 @@
 	- libxml2 2.7.8.dfsg-5 (low; bug #643648)
 	[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)
 CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
-	TODO: check
+	TODO: check iOS
 CVE-2011-2832
 	RESERVED
 CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
@@ -14984,7 +15020,7 @@
 CVE-2011-1398
 	RESERVED
 CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli
 CVE-2011-1396 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
 	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2011-1395 (Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo ...)
@@ -23566,7 +23602,7 @@
 	{DSA-2113-1}
 	- drupal6 6.18-1 (low; bug #592716)
 CVE-2010-3090 [mailman, will be rejected]
-	RESERVED
+	NOT-FOR-US: ** REJECT ** mailman
 CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman ...)
 	{DSA-2170-1}
 	- mailman 1:2.1.13-4.1 (bug #599833)




More information about the Secure-testing-commits mailing list