thr3ads.net - Secure testing commits - [Secure-testing-commits] r17095

If this information is useful, please help other people find it:
Share via:
Federico Ceratto
2011-Aug-18 12:51 UTC
[Secure-testing-commits] r17095 - data/CVE

Author: federico-guest
Date: 2011-08-18 12:51:15 +0000 (Thu, 18 Aug 2011)
New Revision: 17095

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-08-17 21:14:18 UTC (rev 17094)
+++ data/CVE/list	2011-08-18 12:51:15 UTC (rev 17095)
@@ -49,15 +49,15 @@
 CVE-2011-3145
 	RESERVED
 CVE-2011-3144 (Cross-site scripting (XSS) vulnerability in Control Microsystems
...)
-	TODO: check
+	NOT-FOR-US: Control Microsystems ClearSCADA
 CVE-2011-3143 (Use-after-free vulnerability in Control Microsystems ClearSCADA
2005, ...)
-	TODO: check
+	NOT-FOR-US: Control Microsystems ClearSCADA
 CVE-2011-3142 (Stack-based buffer overflow in an ActiveX control in
KVWebSvr.dll in ...)
-	TODO: check
+	NOT-FOR-US: WellinTech KingView
 CVE-2011-3141 (Buffer overflow in the InBatch BatchField ActiveX control for
Invensys ...)
-	TODO: check
+	NOT-FOR-US: Wonderware InBatch
 CVE-2011-3140 (IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1
and ...)
-	TODO: check
+	NOT-FOR-US: IBM Web Application Firewall
 CVE-2011-3139
 	RESERVED
 CVE-2011-3138 (The LTPA STS module support implementation in IBM Tivoli
Federated ...)
@@ -328,7 +328,7 @@
 	[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point
update)
 	- ioquake3 1.36+svn1946-4
 CVE-2011-3011 (BaseServiceImpl.class in CA ARCserve D2D r15 does not properly
handle ...)
-	TODO: check
+	NOT-FOR-US: CA ARCserve D2D
 CVE-2011-3010
 	RESERVED
 CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon
forking, ...)
@@ -1818,21 +1818,21 @@
 CVE-2011-2425 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X,
Linux, and ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-2424 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X,
Linux, and ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2011-2423 (msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-2422 (Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-2421 (Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows
...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-2420 (Adobe Shockwave Player before 11.6.1.629 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-2419 (IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-2418
 	RESERVED
 CVE-2011-2417 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X,
Linux, and ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2011-2416 (Integer overflow in Adobe Flash Player before 10.3.183.5 on
Windows, ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-2415 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on
Windows, ...)
@@ -1848,27 +1848,27 @@
 CVE-2011-2410
 	RESERVED
 CVE-2011-2409 (Cross-site scripting (XSS) vulnerability in the Calendar
application ...)
-	TODO: check
+	NOT-FOR-US: HP Palm webOS 3.x
 CVE-2011-2408 (Cross-site scripting (XSS) vulnerability in the Contacts
application ...)
-	TODO: check
+	NOT-FOR-US: HP Palm webOS 3.x
 CVE-2011-2407 (Unspecified vulnerability in HP OpenView Performance Insight
5.3, ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView Performance Insight
 CVE-2011-2406 (Cross-site scripting (XSS) vulnerability in HP OpenView
Performance ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView Performance Insight
 CVE-2011-2405 (The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware
...)
-	TODO: check
+	NOT-FOR-US: HP ProLiant SL Advanced Power Manager
 CVE-2011-2404 (The HPTicketMgr.dll ActiveX control in HP Easy Printer Care
Software ...)
-	TODO: check
+	NOT-FOR-US: HP Easy Printer Care Software
 CVE-2011-2403 (SQL injection vulnerability in HP Network Automation 7.2x, 7.5x,
7.6x, ...)
-	TODO: check
+	NOT-FOR-US: HP Network Automation
 CVE-2011-2402 (Cross-site scripting (XSS) vulnerability in HP Network
Automation ...)
-	TODO: check
+	NOT-FOR-US: HP Network Automation
 CVE-2011-2401 (Session fixation vulnerability in HP SiteScope 9.x, 10.x, and
11.x ...)
 	NOT-FOR-US: HP SiteScope
 CVE-2011-2400 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x,
10.x, ...)
 	NOT-FOR-US: HP SiteScope
 CVE-2011-2399 (Unspecified vulnerability in the Media Management Daemon (mmd)
in HP ...)
-	TODO: check
+	NOT-FOR-US: HP Data Protector
 CVE-2011-2398 (Unspecified vulnerability in the dynamic loader in HP HP-UX
B.11.11, ...)
 	NOT-FOR-US: HP-UX
 CVE-2011-2397
@@ -2663,11 +2663,11 @@
 CVE-2011-2134 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on
Windows, ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-2133 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and
9 ...)
-	TODO: check
+	NOT-FOR-US: Adobe RoboHelp
 CVE-2011-2132 (Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before
4.0.3, ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Media Server
 CVE-2011-2131 (Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in
Creative ...)
-	TODO: check
+	NOT-FOR-US: Adobe Photoshop
 CVE-2011-2130 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on
Windows, ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-2129
@@ -2974,45 +2974,45 @@
 CVE-2011-1980
 	RESERVED
 CVE-2011-1979 (Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Visio
 CVE-2011-1978 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly
...)
 	TODO: check
 CVE-2011-1977 (The ASP.NET Chart controls in Microsoft .NET Framework 4, and
Chart ...)
 	TODO: check
 CVE-2011-1976 (Cross-site scripting (XSS) vulnerability in the Report Viewer
Control ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Visual Studio
 CVE-2011-1975 (Untrusted search path vulnerability in the Data Access Tracing
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2011-1974 (NDISTAPI.sys in the NDISTAPI driver in Remote Access Service
(RAS) in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1973
 	RESERVED
 CVE-2011-1972 (Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does
not ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Visio
 CVE-2011-1971 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008
SP2, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1970 (The DNS server in Microsoft Windows Server 2003 SP2 and Windows
Server ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1969
 	RESERVED
 CVE-2011-1968 (The Remote Desktop Protocol (RDP) implementation in Microsoft
Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1967 (Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS)
in the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1966 (The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2
SP1 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1965 (Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and
SP1 and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1964 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1963 (Microsoft Internet Explorer 7 through 9 does not properly handle
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1962 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1961 (The telnet URI handler in Microsoft Internet Explorer 6 through
9 does ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1960 (Microsoft Internet Explorer 6 through 9 does not properly
implement ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1959 (The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x
before ...)
 	{DSA-2274-1}
 	- wireshark 1.6.0-1 (unimportant; bug #630159)
@@ -3248,7 +3248,7 @@
 CVE-2011-1872 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2
SP1 ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-1871 (Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2,
Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Vista
 CVE-2011-1870 (Integer overflow in the Client/Server Run-time Subsystem (aka
CSRSS) ...)
 	NOT-FOR-US: MS Windows
 CVE-2011-1869 (The Distributed File System (DFS) implementation in Microsoft
Windows ...)
@@ -5039,7 +5039,7 @@
 CVE-2011-1264 (Cross-site scripting (XSS) vulnerability in Active Directory
...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-1263 (Cross-site scripting (XSS) vulnerability in the logon page in
Remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1262 (Microsoft Internet Explorer 7 through 9 does not properly handle
...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1261 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
@@ -5051,7 +5051,7 @@
 CVE-2011-1258 (Microsoft Internet Explorer 6 through 8 does not properly
restrict web ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1257 (Race condition in Microsoft Internet Explorer 6 through 8 allows
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1256 (Microsoft Internet Explorer 6 through 8 does not properly handle
...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1255 (The Timed Interactive Multimedia Extensions (aka HTML+TIME) ...)
@@ -8217,21 +8217,21 @@
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
 CVE-2011-0252 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2011-0251 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2011-0250 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2011-0249 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2011-0248 (Stack-based buffer overflow in the QuickTime ActiveX control in
Apple ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2011-0247 (Multiple stack-based buffer overflows in Apple QuickTime before
7.7 on ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2011-0246 (Heap-based buffer overflow in Apple QuickTime before 7.7 on
Windows ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2011-0245 (Buffer overflow in Apple QuickTime before 7.7 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote
...)
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
@@ -9857,9 +9857,9 @@
 CVE-2010-4310
 	RESERVED
 CVE-2010-4309 (Adobe Shockwave Player before 11.6.1.629 allows attackers to
execute ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-4308 (Adobe Shockwave Player before 11.6.1.629 allows attackers to
execute ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-4307 (Buffer overflow in Adobe Shockwave Player before 11.5.9.620
allows ...)
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
Secure testing commits - Aug 2011 - r17095 - data/CVE

[Secure-testing-commits] r17095 - data/CVE
