[Secure-testing-commits] r20163 - data/CVE
Federico Ceratto
federico-guest at alioth.debian.org
Fri Sep 14 20:21:47 UTC 2012
Author: federico-guest
Date: 2012-09-14 20:21:47 +0000 (Fri, 14 Sep 2012)
New Revision: 20163
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-14 08:22:19 UTC (rev 20162)
+++ data/CVE/list 2012-09-14 20:21:47 UTC (rev 20163)
@@ -19,13 +19,13 @@
CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
TODO: check
CVE-2012-4892 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
- TODO: check
+ NOT-FOR-US: FlatnuX CMS
CVE-2012-4891 (Cross-site scripting (XSS) vulnerability in fw/index2.do in ...)
- TODO: check
+ NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2012-4890 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
- TODO: check
+ NOT-FOR-US: FlatnuX CMS
CVE-2012-4889 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
- TODO: check
+ NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2012-4888
RESERVED
CVE-2012-4887
@@ -37,11 +37,11 @@
CVE-2012-4884
RESERVED
CVE-2011-5161 (Unrestricted file upload vulnerability in the patient photograph ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2011-5160 (Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2011-5159 (Cross-site scripting (XSS) vulnerability in admin/configuration.php in ...)
- TODO: check
+ NOT-FOR-US: Geeklog
CVE-2012-4883 (Multiple untrusted search path vulnerabilities in 3DVIA Composer ...)
NOT-FOR-US: 3DVIA Composer V6R2012
CVE-2012-4882 (Multiple untrusted search path vulnerabilities in 3D XML Player ...)
@@ -780,7 +780,7 @@
CVE-2012-4630
RESERVED
CVE-2012-4629 (The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for ...)
- TODO: check
+ NOT-FOR-US: Cisco ASA
CVE-2012-4628
RESERVED
CVE-2012-4627
@@ -2341,9 +2341,9 @@
CVE-2012-4013
RESERVED
CVE-2012-4012 (The WebView class in the Cybozu KUNAI application before 2.0.6 for ...)
- TODO: check
+ NOT-FOR-US: Cybozu KUNAI
CVE-2012-4011 (The Cybozu KUNAI application before 2.0.6 for Android allows remote ...)
- TODO: check
+ NOT-FOR-US: Cybozu KUNAI
CVE-2012-4010 (Opera before 11.60 allows remote attackers to spoof the address bar ...)
NOT-FOR-US: Opera
CVE-2012-4009 (The WebView class in the Cybozu Live application 1.0.4 and earlier for ...)
@@ -2554,7 +2554,7 @@
CVE-2012-3936
RESERVED
CVE-2012-3935 (Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Presence, Jabber Extensible Communications Platform
CVE-2012-3934
RESERVED
CVE-2012-3933
@@ -4073,7 +4073,7 @@
CVE-2012-3327
RESERVED
CVE-2012-3326 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3325 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3324
@@ -4099,7 +4099,7 @@
CVE-2012-3314
RESERVED
CVE-2012-3313 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2 and ...)
NOT-FOR-US: IBM InfoSphere Guardium
CVE-2012-3311
@@ -4213,11 +4213,11 @@
CVE-2012-3258
RESERVED
CVE-2012-3257 (HP Business Availability Center (BAC) 8.07 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: HP Business Availability Center
CVE-2012-3256 (Cross-site request forgery (CSRF) vulnerability in HP Business ...)
- TODO: check
+ NOT-FOR-US: HP Business Availability Center
CVE-2012-3255 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
- TODO: check
+ NOT-FOR-US: HP Business Availability Center
CVE-2012-3254 (Multiple unspecified vulnerabilities in HP iNode Management Center ...)
NOT-FOR-US: HP iNode Management Center
CVE-2012-3253 (Multiple unspecified vulnerabilities in HP Intelligent Management ...)
@@ -4260,7 +4260,7 @@
CVE-2012-3235
RESERVED
CVE-2012-3234 (RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through ...)
- TODO: check
+ NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-3233
RESERVED
CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web at all 2.0, ...)
@@ -4725,7 +4725,7 @@
CVE-2012-3005 (Untrusted search path vulnerability in Invensys Wonderware InTouch ...)
NOT-FOR-US: Wonderwar
CVE-2012-3004 (Multiple untrusted search path vulnerabilities in RealFlex RealWin ...)
- TODO: check
+ NOT-FOR-US: RealFlex RealWin
CVE-2012-3003 (Open redirect vulnerability in an unspecified web application in ...)
NOT-FOR-US: WinCC
CVE-2012-3002
@@ -4785,7 +4785,7 @@
CVE-2012-2976 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2975 (Cross-site scripting (XSS) vulnerability in the traffic overview page ...)
- TODO: check
+ NOT-FOR-US: F5 ASM
CVE-2012-2974 (The web interface on the SMC SMC8024L2 switch allows remote attackers ...)
NOT-FOR-US: SMC SMC8024L2 switch
CVE-2012-2973
@@ -5812,7 +5812,7 @@
CVE-2012-2537
RESERVED
CVE-2012-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Systems ...)
- TODO: check
+ NOT-FOR-US: Microsoft Systems Management Server
CVE-2012-2535
RESERVED
CVE-2012-2534
@@ -6064,13 +6064,13 @@
CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and ...)
NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...)
- TODO: check
+ NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2409 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...)
- TODO: check
+ NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2408 (The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP ...)
- TODO: check
+ NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2407 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...)
- TODO: check
+ NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2406 (RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 ...)
NOT-FOR-US: RealPlayer
CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement ...)
@@ -6754,11 +6754,11 @@
CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open ...)
- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
CVE-2012-2185 (IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-2184 (Session fixation vulnerability in IBM Maximo Asset Management 7.1 ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-2183 (Session fixation vulnerability in IBM Maximo Asset Management 6.2 ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-2182
RESERVED
CVE-2012-2181 (Directory traversal vulnerability in the Dojo module in IBM WebSphere ...)
@@ -7120,7 +7120,7 @@
CVE-2012-2049 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
NOT-FOR-US: Adobe Reader
CVE-2012-2048 (Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2012-2047 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2046 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
@@ -7472,9 +7472,9 @@
CVE-2012-1913
REJECTED
CVE-2012-1912 (Cross-site scripting (XSS) vulnerability in preferences.php in PHP ...)
- TODO: check
+ NOT-FOR-US: PHP Address Book
CVE-2012-1911 (Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and ...)
- TODO: check
+ NOT-FOR-US: PHP Address Book
CVE-2012-1910 (Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x ...)
- bitcoin <not-affected> (windows-only, qt gui not built)
CVE-2012-1909 (The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, ...)
@@ -7516,7 +7516,7 @@
CVE-2012-1893 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-1892 (Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio ...)
- TODO: check
+ NOT-FOR-US: Microsoft Visual Studio Team Foundation Server
CVE-2012-1891 (Heap-based buffer overflow in Microsoft Data Access Components (MDAC) ...)
NOT-FOR-US: Microsoft Data Access Components
CVE-2012-1890 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
@@ -8022,7 +8022,7 @@
- isc-dhcp <unfixed>
[squeeze] - isc-dhcp <not-affected> (isc-dhcp started embedding bind with version 4.2.x and later)
CVE-2012-1666 (Untrusted search path vulnerability in VMware Tools in VMware ...)
- TODO: check
+ NOT-FOR-US: VMware Tools
CVE-2012-1665
RESERVED
CVE-2012-1664
@@ -10260,9 +10260,9 @@
CVE-2012-0748
RESERVED
CVE-2012-0747 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0746 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0745 (The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 ...)
NOT-FOR-US: IBM AIX
CVE-2012-0744 (IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 ...)
@@ -10298,9 +10298,9 @@
CVE-2012-0729 (Unrestricted file upload vulnerability in IBM Rational AppScan ...)
NOT-FOR-US: IBM Rational AppScan
CVE-2012-0728 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0727 (SQL injection vulnerability in IBM Maximo Asset Management 7.5, as ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server (TDS) ...)
NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...)
@@ -10326,7 +10326,7 @@
CVE-2012-0715 (Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in ...)
NOT-FOR-US: IBM Tivoli Change and Configuration Management Database
CVE-2012-0714 (Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0713 (Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 ...)
NOT-FOR-US: IBM DB2
CVE-2012-0712 (The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 ...)
@@ -11834,7 +11834,7 @@
CVE-2011-4943
RESERVED
CVE-2011-4942 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Geeklog
CVE-2011-4941
RESERVED
NOT-FOR-US: piwik
@@ -12027,7 +12027,7 @@
{DSA-2459-1}
- quagga 0.99.20.1-1
CVE-2012-0254 (Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2012-0253 (Multiple cross-site scripting (XSS) vulnerabilities in Demand Media ...)
NOT-FOR-US: Demand Media Pluck SiteLife
CVE-2012-0252
More information about the Secure-testing-commits
mailing list