Author: jmm Date: 2011-02-02 20:08:36 +0000 (Wed, 02 Feb 2011) New Revision: 16032 Modified: data/CVE/list Log: - mediawiki bug - NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-02-02 07:47:40 UTC (rev 16031) +++ data/CVE/list 2011-02-02 20:08:36 UTC (rev 16032) @@ -1,5 +1,5 @@ CVE-2011-XXXX [mediawiki server-side arbitrary script inclusion vulnerability] - - mediawiki <unfixed> + - mediawiki <unfixed> (bug #611787) CVE-2011-0720 RESERVED CVE-2011-0719 @@ -650,7 +650,7 @@ CVE-2011-0451 RESERVED CVE-2011-0450 (The downloads manager in Opera before 11.01 on Windows does not ...) - TODO: check + NOT-FOR-US: Opera CVE-2011-0449 RESERVED CVE-2011-0448 @@ -1658,7 +1658,7 @@ CVE-2011-0097 RESERVED CVE-2011-0096 (The MHTML implementation in Microsoft Windows XP SP2 and SP3, Windows ...) - TODO: check + NOT-FOR-US: Microsoft mhtml CVE-2011-0095 RESERVED CVE-2011-0094 @@ -1759,7 +1759,7 @@ NOTE: http://www.bugzilla.org/security/3.2.9/ CVE-2011-0047 [mediawiki CSS injection] RESERVED - - mediawiki <unfixed> + - mediawiki <unfixed> (bug #611787) CVE-2011-0046 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla ...) - bugzilla <unfixed> TODO: check @@ -2572,7 +2572,7 @@ CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to ...) NOT-FOR-US: Pointter PHP Content Management System CVE-2010-4331 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 ...) - TODO: check + NOT-FOR-US: Seo Panel CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse ...) NOT-FOR-US: Pulse CMS Basic CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton ...) @@ -2583,9 +2583,9 @@ CVE-2010-4327 RESERVED CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent ...) - TODO: check + NOT-FOR-US: Groupwise CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in ...) - TODO: check + NOT-FOR-US: Groupwise CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the ...) NOT-FOR-US: Novell Identity Manager CVE-2010-4323 @@ -3008,7 +3008,7 @@ - imagemagick 8:6.6.0.4-3 (low; bug #601824) [lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4 CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...) - TODO: check + NOT-FOR-US: Joomla CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel ...) - linux-2.6 2.6.32-28 CVE-2010-4164 (Multiple integer underflows in the x25_parse_facilities function in ...) @@ -3578,7 +3578,7 @@ CVE-2010-3932 REJECTED CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion ...) - TODO: check + NOT-FOR-US: Rocomotion CVE-2010-3930 RESERVED CVE-2010-3929 @@ -3586,7 +3586,7 @@ CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to a ...) NOT-FOR-US: Ruby Version Manager CVE-2010-3927 (Untrusted search path vulnerability in Lunascape before 6.4.0 allows ...) - TODO: check + NOT-FOR-US: Lunascape CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in ...) NOT-FOR-US: SGX-SP Final CVE-2010-3925 (Contents-Mall before 15 does not properly handle passwords, which ...) @@ -4811,7 +4811,7 @@ CVE-2010-3511 (Unspecified vulnerability in Oracle OpenSolaris allows local users to ...) NOT-FOR-US: Oracle OpenSolaris CVE-2010-3510 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) - TODO: check + NOT-FOR-US: Oracle WebLogic CVE-2010-3509 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...) NOT-FOR-US: Oracle Solaris CVE-2010-3508 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...) @@ -4821,7 +4821,7 @@ CVE-2010-3506 (Unspecified vulnerability in the Oracle Explorer (Sun Explorer) ...) NOT-FOR-US: Oracle Explorer CVE-2010-3505 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...) - TODO: check + NOT-FOR-US: Oracle Supply Chain Products CVE-2010-3504 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E-Business Suite CVE-2010-3503 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) @@ -6757,11 +6757,11 @@ CVE-2010-2780 RESERVED CVE-2010-2779 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...) - TODO: check + NOT-FOR-US: GroupWise CVE-2010-2778 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...) - TODO: check + NOT-FOR-US: GroupWise CVE-2010-2777 (Stack-based buffer overflow in the IMAP server component in GroupWise ...) - TODO: check + NOT-FOR-US: GroupWise CVE-2010-2776 RESERVED CVE-2010-2775 @@ -6936,7 +6936,7 @@ CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2010-2743 (The kernel-mode drivers in Microsoft Windows XP SP3 do not properly ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-2742 (The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...) @@ -7217,7 +7217,7 @@ CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, ...) NOT-FOR-US: EMC CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, ...) - TODO: check + NOT-FOR-US: Solaris FTP server CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first ...) - tiff <unfixed> (unimportant) CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly ...) @@ -14752,7 +14752,7 @@ CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager ...) NOT-FOR-US: SQLiteManager CVE-2010-0115 (SQL injection vulnerability in login.php in the GUI management console ...) - TODO: check + NOT-FOR-US: Symantec Web Gateway CVE-2010-0114 (fw_charts.php in the reporting module in the Manager (aka SEPM) ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2010-0113 (The Symantec Norton Mobile Security application 1.0 Beta for Android ...) @@ -14760,9 +14760,9 @@ CVE-2010-0112 (Multiple SQL injection vulnerabilities in the Administrative Interface ...) NOT-FOR-US: Symantec IM Manager CVE-2010-0111 (HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel ...) - TODO: check + NOT-FOR-US: Symantec Intel Alert Handler CVE-2010-0110 (Multiple stack-based buffer overflows in Intel Alert Management System ...) - TODO: check + NOT-FOR-US: Symantec Intel Alert Handler CVE-2010-0109 RESERVED CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the ...)