[Secure-testing-commits] r20214 - data/CVE

Federico Ceratto federico-guest at alioth.debian.org
Sat Sep 22 12:21:06 UTC 2012


Author: federico-guest
Date: 2012-09-22 12:21:06 +0000 (Sat, 22 Sep 2012)
New Revision: 20214

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-09-22 11:51:38 UTC (rev 20213)
+++ data/CVE/list	2012-09-22 12:21:06 UTC (rev 20214)
@@ -1,35 +1,35 @@
 CVE-2012-5007 (The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote ...)
 	TODO: check
 CVE-2012-5006 (Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser ...)
-	TODO: check
+	NOT-FOR-US: Caminova DjVu Browser
 CVE-2012-5005 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: VR GPub
 CVE-2012-5004 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Parallels H-Sphere
 CVE-2012-5003 (nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not ...)
 	TODO: check
 CVE-2012-5002 (Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in ...)
 	TODO: check
 CVE-2012-5001 (Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node ...)
-	TODO: check
+	NOT-FOR-US: Hitachi JP1/Cm2/Network Node Manager
 CVE-2012-5000 (SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 ...)
-	TODO: check
+	NOT-FOR-US: deV!L'z Clanportal
 CVE-2012-4999 (Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote ...)
-	TODO: check
+	NOT-FOR-US: Mercury MR804 Router
 CVE-2012-4998 (Cross-site scripting (XSS) vulnerability in index.php in starCMS ...)
-	TODO: check
+	NOT-FOR-US: starCMS
 CVE-2012-4997 (Directory traversal vulnerability in acp/index.php in AneCMS allows ...)
-	TODO: check
+	NOT-FOR-US: AneCMS
 CVE-2012-4996 (Multiple SQL injection vulnerabilities in RivetTracker 1.03 and ...)
-	TODO: check
+	NOT-FOR-US: RivetTracker
 CVE-2012-4995 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: LimeSurvey
 CVE-2012-4994 (SQL injection vulnerability in admin/admin.php in LimeSurvey before ...)
-	TODO: check
+	NOT-FOR-US: LimeSurvey
 CVE-2012-4993 (torrent_functions.php in RivetTracker 1.03 and earlier does not ...)
-	TODO: check
+	NOT-FOR-US: RivetTracker
 CVE-2012-4992 (Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote ...)
-	TODO: check
+	NOT-FOR-US: FlashFXP
 CVE-2012-4991
 	RESERVED
 CVE-2012-4990
@@ -75,7 +75,7 @@
 CVE-2012-4970
 	RESERVED
 CVE-2011-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Social Book ...)
-	TODO: check
+	NOT-FOR-US: Social Book Facebook Clone 2010
 CVE-2011-5189 (Cross-site scripting (XSS) vulnerability in the Webform Validation ...)
 	TODO: check
 CVE-2011-5187 (Cross-site scripting (XSS) vulnerability in the Support Ticketing ...)
@@ -83,9 +83,9 @@
 CVE-2011-5186 (Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop ...)
 	TODO: check
 CVE-2011-5185 (Cross-site scripting (XSS) vulnerability in video_comments.php in ...)
-	TODO: check
+	NOT-FOR-US: Online Subtitles Workshop
 CVE-2011-5184 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...)
-	TODO: check
+	NOT-FOR-US: HP Network Node Manager
 CVE-2011-5182 (** DISPUTED ** ...)
 	TODO: check
 CVE-2011-5181 (Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk ...)
@@ -93,9 +93,9 @@
 CVE-2011-5180 (Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in ...)
 	TODO: check
 CVE-2011-5179 (Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php ...)
-	TODO: check
+	NOT-FOR-US: Skysa App Bar
 CVE-2011-5177 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: eSyndiCat Pro
 CVE-2012-4969 (Use-after-free vulnerability in the CMshtmlEd::Exec function in ...)
 	NOT-FOR-US: Internet Explorer
 CVE-2012-4968 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
@@ -3266,65 +3266,65 @@
 CVE-2012-3746 (UIWebView in UIKit in Apple iOS before 6 does not properly use the ...)
 	TODO: check
 CVE-2012-3745 (Off-by-one error in Telephony in Apple iOS before 6 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Telephony in Apple iOS
 CVE-2012-3744 (Telephony in Apple iOS before 6 uses an SMS message's return address ...)
-	TODO: check
+	NOT-FOR-US: Telephony in Apple iOS
 CVE-2012-3743 (The System Logs implementation in Apple iOS before 6 does not restrict ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3742 (Safari in Apple iOS before 6 does not properly restrict use of an ...)
 	TODO: check
 CVE-2012-3741 (The Restrictions (aka Parental Controls) implementation in Apple iOS ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3740 (The Passcode Lock implementation in Apple iOS before 6 does not ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3739 (The Passcode Lock implementation in Apple iOS before 6 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3738 (The Emergency Dialer screen in the Passcode Lock implementation in ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3737 (The Passcode Lock implementation in Apple iOS before 6 does not ...)
 	TODO: check
 CVE-2012-3736 (The Passcode Lock implementation in Apple iOS before 6 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3735 (The Passcode Lock implementation in Apple iOS before 6 does not ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3734 (Office Viewer in Apple iOS before 6 writes cleartext document data to ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3733 (Messages in Apple iOS before 6, when multiple iMessage e-mail ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3732 (Mail in Apple iOS before 6 uses an S/MIME message's From address as ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3731 (Mail in Apple iOS before 6 does not properly implement the Data ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3730 (Mail in Apple iOS before 6 does not properly handle reuse of ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3729 (The Berkeley Packet Filter (BPF) interpreter implementation in the ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3728 (The kernel in Apple iOS before 6 dereferences invalid pointers during ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3727 (Buffer overflow in the IPsec component in Apple iOS before 6 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3726 (Double free vulnerability in ImageIO in Apple iOS before 6 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3725 (The DNAv4 protocol implementation in the DHCP component in Apple iOS ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3724 (CFNetwork in Apple iOS before 6 does not properly identify the host ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2012-3723 (Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2012-3722 (The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and ...)
-	TODO: check
+	NOT-FOR-US: QuickTime in Apple Mac OS X
 CVE-2012-3721 (Profile Manager in Apple Mac OS X before 10.7.5 does not properly ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2012-3720 (Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2012-3719 (Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2012-3718 (Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2012-3717
 	RESERVED
 CVE-2012-3716 (CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2012-3715 (Apple Safari before 6.0.1 makes http requests for https URIs in ...)
 	TODO: check
 CVE-2012-3714 (The Form Autofill feature in Apple Safari before 6.0.1 does not ...)
@@ -4521,7 +4521,7 @@
 CVE-2012-3259
 	RESERVED
 CVE-2012-3258 (Unspecified vulnerability in HP Operations Orchestration 9.0 before ...)
-	TODO: check
+	NOT-FOR-US: HP Operations Orchestration
 CVE-2012-3257 (HP Business Availability Center (BAC) 8.07 allows remote authenticated ...)
 	NOT-FOR-US: HP Business Availability Center
 CVE-2012-3256 (Cross-site request forgery (CSRF) vulnerability in HP Business ...)
@@ -5061,7 +5061,7 @@
 CVE-2012-2992
 	RESERVED
 CVE-2012-2991 (The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in ...)
-	TODO: check
+	NOT-FOR-US: PayPal module in osCommerce Online Merchant
 CVE-2012-2990 (The MASetupCaller ActiveX control before 1.4.2012.508 in ...)
 	NOT-FOR-US: MarkAny ContentSAFER
 CVE-2012-2989
@@ -6028,7 +6028,7 @@
 CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic ...)
 	NOT-FOR-US: AfterLogic MailSuite Pro 
 CVE-2012-2586 (Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq ...)
-	TODO: check
+	NOT-FOR-US: Mailtraq
 CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
 	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon ...)
@@ -6045,13 +6045,13 @@
 CVE-2012-2579
 	RESERVED
 CVE-2012-2578 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 ...)
-	TODO: check
+	NOT-FOR-US: SmarterMail
 CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...)
 	NOT-FOR-US: SolarWinds Orion Network Performance Monitor 
 CVE-2012-2576
 	RESERVED
 CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 ...)
-	TODO: check
+	NOT-FOR-US: NetWin SurgeMail
 CVE-2012-2574 (SQL injection vulnerability in the management console in Symantec Web ...)
 	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-2573 (Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail ...)
@@ -6872,7 +6872,7 @@
 CVE-2012-2276 (The IRM Server in EMC Documentum Information Rights Management 4.x ...)
 	NOT-FOR-US: EMC Documentum Information Rights Management
 CVE-2012-2275 (Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2012-2274 (Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in ...)
 	NOT-FOR-US: PivotX
 CVE-2012-2273 (Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 ...)
@@ -7818,7 +7818,7 @@
 CVE-2012-1900
 	RESERVED
 CVE-2012-1899 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Webfolio CMS
 CVE-2012-1898
 	RESERVED
 CVE-2012-1897
@@ -9934,7 +9934,7 @@
 CVE-2012-0989
 	RESERVED
 CVE-2012-0988 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: KnowledgeTree
 CVE-2012-0987
 	RESERVED
 CVE-2012-0986
@@ -10779,7 +10779,7 @@
 CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X 10.6.8 ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2012-0650 (Buffer overflow in the DirectoryService Proxy in DirectoryService in ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2012-0649 (Race condition in the initialization routine in blued in Bluetooth in ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
@@ -11868,9 +11868,9 @@
 CVE-2012-0273
 	RESERVED
 CVE-2012-0272 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
-	TODO: check
+	NOT-FOR-US: Novell GroupWise
 CVE-2012-0271 (Integer overflow in the WebConsole component in gwia.exe in GroupWise ...)
-	TODO: check
+	NOT-FOR-US: Novell GroupWise
 CVE-2012-0270 [csound buffer overflows]
 	RESERVED
 	- csound 1:5.16.6~dfsg-1 (low; bug #661197)
@@ -16180,7 +16180,7 @@
 CVE-2011-3828 (DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote ...)
 	NOT-FOR-US: DVR Remote
 CVE-2011-3827 (The iCalendar component in gwwww1.dll in GroupWise Internet Agent ...)
-	TODO: check
+	NOT-FOR-US: Novell GroupWise
 CVE-2010-4852 (Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b ...)
 	NOT-FOR-US: Eclime
 CVE-2010-4851 (Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote ...)




More information about the Secure-testing-commits mailing list