[Secure-testing-commits] r18721 - data/CVE
James Strandboge
jamie-guest at alioth.debian.org
Tue Mar 20 16:58:53 UTC 2012
Author: jamie-guest
Date: 2012-03-20 16:58:53 +0000 (Tue, 20 Mar 2012)
New Revision: 18721
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-03-19 23:50:30 UTC (rev 18720)
+++ data/CVE/list 2012-03-20 16:58:53 UTC (rev 18721)
@@ -1,5 +1,41 @@
+CVE-2012-1790
+ NOT-FOR-US: Webgrind
+CVE-2012-1789
+ NOT-FOR-US: Kongreg8
+CVE-2012-1788
+ NOT-FOR-US: WonderDesk SQL
+CVE-2012-1787
+ NOT-FOR-US: Webglimpse
+CVE-2012-1786
+ NOT-FOR-US: Media Upload form in the Video Embed & Thumbnail Generator plugin for WordPress
+CVE-2012-1785
+ NOT-FOR-US: Video Embed & Thumbnail Generator plugin for WordPress
+CVE-2012-1784
+ NOT-FOR-US: MyJobList
+CVE-2012-1783
+ NOT-FOR-US: Tiny Server
+CVE-2012-1782
+ NOT-FOR-US: OSQA
+CVE-2012-1781
+ NOT-FOR-US: SocialCMS
+CVE-2012-1780
+ NOT-FOR-US: SocialCMS
+CVE-2012-1779
+ NOT-FOR-US: IDevSpot idev-BusinessDirectory
+CVE-2012-1778
+ NOT-FOR-US: CreateVision CMS
+CVE-2011-5082
+ NOT-FOR-US: s2Member Pro plugin for WordPress
+CVE-2010-5086
+ NOT-FOR-US: Bitweaver
+CVE-2009-5114
+ NOT-FOR-US: WebGlimpse
+CVE-2009-5113
+ NOT-FOR-US: WebGlimpse
+CVE-2009-5112
+ NOT-FOR-US: WebGlimpse
CVE-2012-1774 (Unspecified vulnerability in the Open URL feature in Gretech GOM Media ...)
- TODO: check
+ NOT-FOR-US: Gretech GOM Media Player
CVE-2012-1773
RESERVED
CVE-2012-1772
@@ -419,19 +455,19 @@
CVE-2012-1568
RESERVED
CVE-2012-1567
- RESERVED
+ NOT-FOR-US: LinuxMint
CVE-2012-1566
- RESERVED
+ NOT-FOR-US: LinuxMint
CVE-2012-1565
- RESERVED
+ NOT-FOR-US: eZ Publish
CVE-2012-1564
RESERVED
CVE-2012-1563
- RESERVED
+ NOT-FOR-US: Joomla!
CVE-2012-1562
- RESERVED
+ NOT-FOR-US: Joomla!
CVE-2012-1561
- RESERVED
+ NOT-FOR-US: Drupal Finder
CVE-2012-1560
RESERVED
CVE-2012-1559
@@ -439,7 +475,7 @@
CVE-2012-1558 (yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of ...)
TODO: check
CVE-2012-1557 (SQL injection vulnerability in admin/plib/api-rpc/Agent.php in ...)
- TODO: check
+ NOT-FOR-US: Parallels Plesk Panel
CVE-2012-1556
RESERVED
CVE-2012-1555
@@ -525,11 +561,11 @@
CVE-2012-1515
RESERVED
CVE-2012-1514 (Cross-site request forgery (CSRF) vulnerability in VMware vShield ...)
- TODO: check
+ NOT-FOR-US: VMware vShield Manager
CVE-2012-1513 (The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 ...)
- TODO: check
+ NOT-FOR-US: VMware vCenter Orchestrator
CVE-2012-1512 (Cross-site scripting (XSS) vulnerability in the internal browser in ...)
- TODO: check
+ NOT-FOR-US: VMware vSphere
CVE-2012-1511 (Cross-site scripting (XSS) vulnerability in View Manager Portal in ...)
TODO: check
CVE-2012-1510 (Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, ...)
@@ -537,7 +573,7 @@
CVE-2012-1509 (Buffer overflow in the XPDM display driver in VMware View before 4.6.1 ...)
TODO: check
CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX ...)
- TODO: check
+ NOT-FOR-US: VMware ESXi
CVE-2012-1507
RESERVED
CVE-2012-1506
@@ -558,7 +594,7 @@
CVE-2012-1499
RESERVED
CVE-2012-1498
- RESERVED
+ NOT-FOR-US: Webfolio CMS
CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before ...)
TODO: check
CVE-2012-1496
@@ -588,15 +624,15 @@
CVE-2012-1486
RESERVED
CVE-2012-1485 (Unspecified vulnerability in the NetFront Life Browser ...)
- TODO: check
+ NOT-FOR-US: NetFront Life Browser for Android
CVE-2012-1484 (Unspecified vulnerability in the WaliSMS CN (cn.com.wali.walisms) ...)
- TODO: check
+ NOT-FOR-US: WaliSMS CN (cn.com.wali.walisms) application
CVE-2012-1483 (Unspecified vulnerability in the Message Forwarder ...)
- TODO: check
+ NOT-FOR-US: Message Forwarder for Android
CVE-2012-1482 (Unspecified vulnerability in the TouchPal Contacts ...)
- TODO: check
+ NOT-FOR-US: TouchPal Contacts for Android
CVE-2012-1481 (Unspecified vulnerability in the Textdroid (com.app.android.textdroid) ...)
- TODO: check
+ NOT-FOR-US: Textdroid for Android
CVE-2012-1480 (Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application ...)
NOT-FOR-US: Pansi SMS
CVE-2012-1479 (Unspecified vulnerability in the AContact (com.movester.quickcontact) ...)
@@ -626,11 +662,11 @@
CVE-2012-1467
RESERVED
CVE-2012-1466
- RESERVED
+ NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1465
- RESERVED
+ NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1464
- RESERVED
+ NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1463
RESERVED
CVE-2012-1462
@@ -964,7 +1000,7 @@
CVE-2012-1298
RESERVED
CVE-2012-1297
- RESERVED
+ NOT-FOR-US: Contao
CVE-2012-XXXX [CDF crasher bugs in file, found by CERT/CC BFF tool]
- file <unfixed> (low)
[squeeze] - file 5.04-5+squeeze1
@@ -1037,7 +1073,7 @@
CVE-2012-1265
RESERVED
CVE-2012-1264 (Unspecified vulnerability in Gretech GOM Media Player before ...)
- TODO: check
+ NOT-FOR-US: Gretech GOM Media Player
CVE-2012-1263
RESERVED
CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi ...)
@@ -1093,7 +1129,7 @@
CVE-2012-1237
RESERVED
CVE-2012-1236
- RESERVED
+ NOT-FOR-US: Janetter
CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin ...)
NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows ...)
@@ -1206,7 +1242,7 @@
CVE-2012-1188
RESERVED
CVE-2012-1187
- RESERVED
+ NOT-FOR-US: bitlebee
CVE-2012-1186
RESERVED
CVE-2012-1185
@@ -2025,7 +2061,7 @@
CVE-2012-0873 (Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin ...)
NOT-FOR-US: Boonex Dolphin
CVE-2012-0872
- RESERVED
+ NOT-FOR-US: OxWall
CVE-2012-0871
RESERVED
CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used ...)
@@ -2124,11 +2160,11 @@
CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL ...)
TODO: check
CVE-2012-0837
- RESERVED
+ NOT-FOR-US: Joomla!
CVE-2012-0836
- RESERVED
+ NOT-FOR-US: Joomla!
CVE-2012-0835
- RESERVED
+ NOT-FOR-US: Joomla!
CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in ...)
- phpldapadmin 1.2.2-1 (bug #658907)
CVE-2012-0833
@@ -2723,7 +2759,7 @@
CVE-2012-0585 (The Private Browsing feature in Safari in Apple iOS before 5.1 allows ...)
TODO: check
CVE-2012-0584 (The Internationalized Domain Name (IDN) feature in Apple Safari before ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2012-0583
RESERVED
CVE-2012-0582
@@ -3226,19 +3262,19 @@
CVE-2012-0405
RESERVED
CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom ...)
- TODO: check
+ NOT-FOR-US: EMC Documentum eRoom
CVE-2012-0403
- RESERVED
+ NOT-FOR-US: EMC RSA enVision
CVE-2012-0402
- RESERVED
+ NOT-FOR-US: EMC RSA enVision
CVE-2012-0401
- RESERVED
+ NOT-FOR-US: EMC RSA enVision
CVE-2012-0400
- RESERVED
+ NOT-FOR-US: EMC RSA enVision
CVE-2012-0399
- RESERVED
+ NOT-FOR-US: EMC RSA enVision
CVE-2012-0398 (EMC Documentum eRoom before 7.4.4 does not properly validate session ...)
- TODO: check
+ NOT-FOR-US: EMC Documentum eRoom
CVE-2012-0397 (Buffer overflow in EMC RSA SecurID Software Token Converter before ...)
NOT-FOR-US: EMC RSA SecurID Software Token Converter
CVE-2012-0396 (EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly ...)
@@ -3317,7 +3353,7 @@
CVE-2012-0366 (Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated ...)
NOT-FOR-US: Cisco Unity Connection
CVE-2012-0365 (Directory traversal vulnerability in the Local TFTP file-upload ...)
- TODO: check
+ NOT-FOR-US: Cisco SRP 520 series devices
CVE-2012-0364 (Cisco SRP 520 series devices with firmware before 1.1.26 and SRP ...)
NOT-FOR-US: Cisco SRP devices
CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware before ...)
@@ -3331,17 +3367,17 @@
CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote attackers ...)
NOT-FOR-US: Cisco Cius
CVE-2012-0358 (Buffer overflow in the Cisco Port Forwarder ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0357
RESERVED
CVE-2012-0356 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0355 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0354 (The Threat Detection feature on Cisco Adaptive Security Appliances ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0353 (The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-0352 (Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series ...)
NOT-FOR-US: Cisco NX-OS
CVE-2012-0351
@@ -3391,17 +3427,17 @@
CVE-2012-0329 (Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows ...)
NOT-FOR-US: Cisco Digital Media Manager
CVE-2012-0328
- RESERVED
+ NOT-FOR-US: Janetter
CVE-2012-0327
RESERVED
CVE-2012-0326 (The twicca application 0.7.0 through 0.9.30 for Android does not ...)
- TODO: check
+ NOT-FOR-US: twicca application for Android
CVE-2012-0325 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
TODO: check
CVE-2012-0324 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
TODO: check
CVE-2012-0323 (Cross-site scripting (XSS) vulnerability in the Autocomplete plugin ...)
- TODO: check
+ NOT-FOR-US: Autocomplete plugin for SquirrelMail
CVE-2012-0322 (The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for ...)
NOT-FOR-US: EStrongs ES File Explorer
CVE-2012-0321 (Unspecified vulnerability in the device driver in Kingsoft Internet ...)
@@ -3461,9 +3497,9 @@
CVE-2012-0294
RESERVED
CVE-2012-0293 (Multiple SQL injection vulnerabilities in Symantec Altiris WISE ...)
- TODO: check
+ NOT-FOR-US: Symantec Altiris WISE Package Studio
CVE-2012-0292 (The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT ...)
- TODO: check
+ NOT-FOR-US: Symantec pcAnywhere
CVE-2012-0291 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...)
NOT-FOR-US: pcAnywhere
CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...)
@@ -3819,7 +3855,7 @@
CVE-2011-4942
RESERVED
CVE-2011-4941
- RESERVED
+ NOT-FOR-US: piwik
CVE-2011-4940 [python: potential XSS in SimpleHTTPServer's list_directory()]
RESERVED
- python2.7 2.7.2-8
@@ -3834,7 +3870,7 @@
RESERVED
NOT-FOR-US: Ariadne CMS not in Debian
CVE-2011-4937
- RESERVED
+ NOT-FOR-US: Joomla
CVE-2011-4936
RESERVED
- joomla <itp> (bug #571794)
@@ -4032,7 +4068,7 @@
CVE-2012-0246
RESERVED
CVE-2012-0245 (Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB ...)
- TODO: check
+ NOT-FOR-US: ABB Robot Communications Runtime
CVE-2012-0244 (Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess ...)
NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0243 (Buffer overflow in an ActiveX control in bwocxrun.ocx in ...)
@@ -4058,13 +4094,13 @@
CVE-2012-0233 (Cross-site scripting (XSS) vulnerability in Advantech/BroadWin ...)
NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0232 (Directory traversal vulnerability in rifsrvd.exe in the Remote ...)
- TODO: check
+ NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal
CVE-2012-0231 (PRLicenseMgr.exe in the Proficy Server License Manager in GE ...)
- TODO: check
+ NOT-FOR-US: GE Intelligent Platforms Proficy Plant Applications
CVE-2012-0230 (PRRDS.exe in the Proficy Remote Data Service in GE Intelligent ...)
- TODO: check
+ NOT-FOR-US: GE Intelligent Platforms Proficy Plant Applications
CVE-2012-0229 (The Data Archiver service in GE Intelligent Platforms Proficy ...)
- TODO: check
+ NOT-FOR-US: GE Intelligent Platforms Proficy Historian
CVE-2012-0228
RESERVED
CVE-2012-0227
@@ -4327,7 +4363,7 @@
CVE-2012-0202
RESERVED
CVE-2012-0201 (Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM Personal Communications
CVE-2012-0200 (The server in IBM solidDB 6.5 before Interim Fix 6 does not properly ...)
NOT-FOR-US: IBM solidDB
CVE-2012-0199 (Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning ...)
@@ -4396,7 +4432,7 @@
CVE-2011-4820
RESERVED
CVE-2011-4819 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4818 (Open redirect vulnerability in IBM Maximo Asset Management and Asset ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4817 (The About option on the Help menu in IBM Maximo Asset Management and ...)
@@ -5978,7 +6014,7 @@
CVE-2011-4367
RESERVED
CVE-2011-4366
- RESERVED
+ NOT-FOR-US: ** REJECT ** duplicate of CVE-2011-4090
CVE-2011-4365
RESERVED
NOTE: duplicate of CVE-2011-4090
@@ -6804,7 +6840,7 @@
CVE-2011-4119
RESERVED
CVE-2011-4117
- RESERVED
+ NOT-FOR-US: perl Batch::BatchRun CPAN module
CVE-2011-4116
RESERVED
CVE-2011-4115
@@ -6923,7 +6959,7 @@
REJECTED
NOTE: Will be rejected to avoid confusion
CVE-2011-4083
- RESERVED
+ NOT-FOR-US: RedHat sos
CVE-2011-4082
RESERVED
CVE-2011-4081 [CRYPTO_GHASH issue]
@@ -9739,7 +9775,7 @@
CVE-2010-4822
RESERVED
CVE-2010-4821
- RESERVED
+ NOT-FOR-US: phpMyFAQ
CVE-2010-4820 [ghostscript split from CVE-2010-2055]
RESERVED
- ghostscript 8.71~dfsg2-6.1
@@ -10799,7 +10835,7 @@
- libxml2 2.7.8.dfsg-5 (low; bug #643648)
[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)
CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- TODO: check
+ TODO: check iOS
CVE-2011-2832
RESERVED
CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
@@ -14984,7 +15020,7 @@
CVE-2011-1398
RESERVED
CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli
CVE-2011-1396 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-1395 (Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo ...)
@@ -23566,7 +23602,7 @@
{DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3090 [mailman, will be rejected]
- RESERVED
+ NOT-FOR-US: ** REJECT ** mailman
CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman ...)
{DSA-2170-1}
- mailman 1:2.1.13-4.1 (bug #599833)
More information about the Secure-testing-commits
mailing list