Author: federico-guest
Date: 2011-10-16 19:58:56 +0000 (Sun, 16 Oct 2011)
New Revision: 17439
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-10-16 19:11:45 UTC (rev 17438)
+++ data/CVE/list 2011-10-16 19:58:56 UTC (rev 17439)
@@ -172,23 +172,23 @@
CVE-2010-4921 (SQL injection vulnerability in inc_pollingboothmanager.asp in
DMXReady ...)
TODO: check
CVE-2010-4920 (SQL injection vulnerability in detail.asp in Micronetsoft
Rental ...)
- TODO: check
+ NOT-FOR-US: Micronetsoft
CVE-2010-4919 (SQL injection vulnerability in detail.asp in Micronetsoft RV
Dealer ...)
- TODO: check
+ NOT-FOR-US: Micronetsoft
CVE-2010-4918 (PHP remote file inclusion vulnerability in iJoomla Magazine ...)
TODO: check
CVE-2010-4917 (SQL injection vulnerability in sources/search.php in A-Blog 2.0
allows ...)
TODO: check
CVE-2010-4916 (Multiple SQL injection vulnerabilities in index.cfm in ColdGen
...)
- TODO: check
+ NOT-FOR-US: ColdGen ColdUserGroup
CVE-2010-4915 (SQL injection vulnerability in index.cfm in ColdGen
ColdBookmarks 1.22 ...)
- TODO: check
+ NOT-FOR-US: ColdGen ColdBookmarks
CVE-2010-4914 (PHP remote file inclusion vulnerability in ...)
TODO: check
CVE-2010-4913 (Cross-site scripting (XSS) vulnerability in the search feature
in ...)
- TODO: check
+ NOT-FOR-US: ColdGen ColdUserGroup
CVE-2010-4912 (SQL injection vulnerability in shop.php in UCenter Home 2.0
allows ...)
- TODO: check
+ NOT-FOR-US: UCenter
CVE-2010-4911 (SQL injection vulnerability in classi/detail.php in PHP
Classifieds ...)
TODO: check
CVE-2010-4910 (SQL injection vulnerability in index.cfm in ColdGen
ColdCalendar 2.06 ...)
@@ -5611,21 +5611,21 @@
CVE-2011-2001 (Microsoft Internet Explorer 6 through 9 does not properly
handle ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-2000 (Microsoft Internet Explorer 6 through 9 does not properly
handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1999 (Microsoft Internet Explorer 8 does not properly allocate and
access ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1998 (Microsoft Internet Explorer 9 does not properly handle objects
in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1997 (Microsoft Internet Explorer 6 does not properly handle objects
in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1996 (Microsoft Internet Explorer 6 through 8 does not properly
handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1995 (Microsoft Internet Explorer 6 through 9 does not properly
handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1994
RESERVED
CVE-2011-1993 (Microsoft Internet Explorer 6 through 9 does not properly
handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1992
RESERVED
CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft
Windows XP ...)
@@ -5641,7 +5641,7 @@
CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows
remote ...)
NOT-FOR-US: Microsoft Excel
CVE-2011-1985 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2,
R2, and ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1983
@@ -5655,9 +5655,9 @@
CVE-2011-1979 (Microsoft Visio 2003 SP3 and 2007 SP2 does not properly
validate ...)
NOT-FOR-US: Microsoft Visio
CVE-2011-1978 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not
properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET
CVE-2011-1977 (The ASP.NET Chart controls in Microsoft .NET Framework 4, and
Chart ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET
CVE-2011-1976 (Cross-site scripting (XSS) vulnerability in the Report Viewer
Control ...)
NOT-FOR-US: Microsoft Visual Studio
CVE-2011-1975 (Untrusted search path vulnerability in the Data Access Tracing
...)
@@ -5673,7 +5673,7 @@
CVE-2011-1970 (The DNS server in Microsoft Windows Server 2003 SP2 and Windows
Server ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1969 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold,
Update 1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Forefront
CVE-2011-1968 (The Remote Desktop Protocol (RDP) implementation in Microsoft
Windows ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1967 (Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS)
in the ...)
@@ -5845,7 +5845,7 @@
CVE-2011-1914
RESERVED
CVE-2011-1913 (SQL injection vulnerability in the login form in the web
interface in ...)
- TODO: check
+ NOT-FOR-US: Mercator SENTINEL
CVE-2011-1912
RESERVED
CVE-2011-1911 (JasperServer in JasperReports Server Community Project 3.7.0
and 3.7.1 ...)
@@ -5877,11 +5877,11 @@
CVE-2011-1898 (Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI
passthrough ...)
TODO: check
CVE-2011-1897 (Cross-site scripting (XSS) vulnerability in Microsoft Forefront
...)
- TODO: check
+ NOT-FOR-US: Microsoft Forefront
CVE-2011-1896 (Cross-site scripting (XSS) vulnerability in Microsoft Forefront
...)
- TODO: check
+ NOT-FOR-US: Microsoft Forefront
CVE-2011-1895 (CRLF injection vulnerability in Microsoft Forefront Unified
Access ...)
- TODO: check
+ NOT-FOR-US: Microsoft Forefront
CVE-2011-1894 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3,
...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office
...)
@@ -6058,7 +6058,7 @@
- spip <unfixed>
[squeeze] - spip 2.1.1-3squeeze1
CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network
...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2010-4801 (Directory traversal vulnerability in admin/updatelist.php in
BaconMap ...)
NOT-FOR-US: BaconMap
CVE-2010-4800 (SQL injection vulnerability in doadd.php in BaconMap 1.0 allows
remote ...)
@@ -6391,7 +6391,7 @@
CVE-2011-1741 (Stack-based buffer overflow in ftserver.exe in the OpenText ...)
NOT-FOR-US: OpenText Hummingbird Client Connector
CVE-2011-1740 (EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote
...)
- TODO: check
+ NOT-FOR-US: EMC Avamar
CVE-2011-1739 (The makemask function in mountd.c in mountd in FreeBSD 7.4
through 8.2 ...)
NOT-FOR-US: FreeBSD mountd
CVE-2011-1738 (HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict
Plug-in ...)
@@ -6484,7 +6484,7 @@
CVE-2011-1697
RESERVED
CVE-2011-1696 (Cross-site scripting (XSS) vulnerability in Novell Identity
Manager ...)
- TODO: check
+ NOT-FOR-US: Novell Identity Manager
CVE-2011-1695
RESERVED
CVE-2011-1694
@@ -7762,7 +7762,7 @@
CVE-2011-1254 (Microsoft Internet Explorer 6 through 8 does not properly
handle ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1253 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and
4, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework, Silverlight
CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML
function in ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1251 (Microsoft Internet Explorer 8 does not properly handle objects
in ...)
@@ -7774,7 +7774,7 @@
CVE-2011-1248 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold,
SP2, ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1247 (Untrusted search path vulnerability in the Microsoft Active ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2011-1246 (Microsoft Internet Explorer 8 does not properly handle content
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1245 (Microsoft Internet Explorer 6 and 7 does not properly restrict
script ...)
@@ -7830,7 +7830,7 @@
CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in
the ...)
NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2011-1221 (Cross-zone scripting vulnerability in the RealPlayer ActiveX
control ...)
- TODO: check
+ NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in
IBM ...)
NOT-FOR-US: IBM Tivoli Management Framework
CVE-2011-1219
@@ -8827,11 +8827,11 @@
CVE-2011-0947
RESERVED
CVE-2011-0946 (The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0
through ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2011-0945 (Memory leak in the Data-link switching (aka DLSw) feature in
Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2011-0944 (Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause
a ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2011-0943 (Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to
cause ...)
NOT-FOR-US: Cisco
CVE-2011-0942
@@ -8841,7 +8841,7 @@
CVE-2011-0940
RESERVED
CVE-2011-0939 (Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1,
and IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2011-0938
RESERVED
CVE-2011-0937
@@ -10896,9 +10896,9 @@
CVE-2011-0261 (Unspecified vulnerability in jovgraph.exe in jovgraph in HP
OpenView ...)
NOT-FOR-US: HP OpenView
CVE-2011-0260 (The CoreProcesses component in Apple Mac OS X 10.7 before
10.7.2 does ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2011-0259 (CoreFoundation, as used in Apple iTunes before 10.5, does not
properly ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes
CVE-2011-0258 (Apple QuickTime before 7.7 on Windows allows remote attackers
to ...)
NOT-FOR-US: Apple QuickTime
CVE-2011-0257 (Integer signedness error in Apple QuickTime before 7.7 allows
remote ...)
@@ -10966,11 +10966,11 @@
- chromium-browser <undetermined>
- webkit <undetermined>
CVE-2011-0231 (CFNetwork in Apple Mac OS X before 10.7.2 does not properly
follow an ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2011-0230 (Buffer overflow in the ATSFontDeactivate API in Apple Type
Services ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2011-0229 (Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does
not ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2011-0228 (The Data Security component in Apple iOS before 4.2.10 and
4.3.x ...)
NOT-FOR-US: Apple iOS
CVE-2011-0227 (The queueing primitives in IOMobileFrameBuffer in Apple iOS
before ...)
@@ -10982,7 +10982,7 @@
- chromium-browser <undetermined>
- webkit <undetermined>
CVE-2011-0224 (CoreMedia in Apple Mac OS X through 10.6.8 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
- chromium-browser <undetermined>
- webkit <undetermined>
@@ -11074,7 +11074,7 @@
CVE-2011-0186 (QuickTime in Apple Mac OS X before 10.6.7 allows remote
attackers to ...)
NOT-FOR-US: Apple Mac OS
CVE-2011-0185 (Format string vulnerability in the debug-logging feature in ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2011-0184 (QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote
attackers ...)
NOT-FOR-US: Apple Mac OS
CVE-2011-0183 (Libinfo in Apple Mac OS X before 10.6.7 does not properly
handle an ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
