Author: federico-guest Date: 2012-03-14 22:45:00 +0000 (Wed, 14 Mar 2012) New Revision: 18677 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-03-14 22:02:13 UTC (rev 18676) +++ data/CVE/list 2012-03-14 22:45:00 UTC (rev 18677) @@ -548,7 +548,7 @@ CVE-2012-1392 (Unspecified vulnerability in the Dolphin Browser HD ...) NOT-FOR-US: Dolphin Browser HD CVE-2012-1391 (Unspecified vulnerability in the mOffice - Outlook sync ...) - TODO: check + NOT-FOR-US: mOffice - Outlook sync CVE-2012-1390 (Unspecified vulnerability in the Miso (com.bazaarlabs.miso) ...) NOT-FOR-US: Miso CVE-2012-1389 (Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) ...) @@ -556,7 +556,7 @@ CVE-2012-1388 (Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) ...) NOT-FOR-US: XiXunTianTian CVE-2012-1387 (Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) ...) - TODO: check + NOT-FOR-US: RealTalk CVE-2012-1386 (Unspecified vulnerability in the YouMail Visual Voicemail Plus ...) NOT-FOR-US: YouMail Visual Voicemail Plus CVE-2012-1385 (Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) ...) @@ -2349,15 +2349,15 @@ CVE-2012-0646 (Format string vulnerability in VPN in Apple iOS before 5.1 allows ...) TODO: check CVE-2012-0645 (Siri in Apple iOS before 5.1 does not properly restrict the ability of ...) - TODO: check + NOT-FOR-US: Siri CVE-2012-0644 (Race condition in the Passcode Lock feature in Apple iOS before 5.1 ...) - TODO: check + NOT-FOR-US: Passcode Lock in Apple iOS CVE-2012-0643 (The kernel in Apple iOS before 5.1 does not properly handle debug ...) - TODO: check + NOT-FOR-US: kernel in Apple iOS CVE-2012-0642 (Integer underflow in Apple iOS before 5.1 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Apple iOS CVE-2012-0641 (CFNetwork in Apple iOS before 5.1 does not properly construct request ...) - TODO: check + NOT-FOR-US: Apple iOS CVE-2012-0640 (WebKit in Apple Safari before 5.1.4 does not properly implement "From ...) TODO: check CVE-2012-0639 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) @@ -2990,7 +2990,7 @@ CVE-2012-0398 RESERVED CVE-2012-0397 (Buffer overflow in EMC RSA SecurID Software Token Converter before ...) - TODO: check + NOT-FOR-US: EMC RSA SecurID Software Token Converter CVE-2012-0396 (EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly ...) NOT-FOR-US: EMC CVE-2012-0395 (Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before ...) @@ -3055,17 +3055,17 @@ CVE-2012-0372 RESERVED CVE-2012-0371 (Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, ...) - TODO: check + NOT-FOR-US: Cisco Wireless LAN Controller CVE-2012-0370 (Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, ...) - TODO: check + NOT-FOR-US: Cisco Wireless LAN Controller CVE-2012-0369 (Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 ...) - TODO: check + NOT-FOR-US: Cisco Wireless LAN Controller CVE-2012-0368 (The administrative management interface on Cisco Wireless LAN ...) - TODO: check + NOT-FOR-US: Cisco Wireless LAN Controller CVE-2012-0367 (Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before ...) - TODO: check + NOT-FOR-US: Cisco Unity Connection CVE-2012-0366 (Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated ...) - TODO: check + NOT-FOR-US: Cisco Unity Connection CVE-2012-0365 (Directory traversal vulnerability in the Local TFTP file-upload ...) TODO: check CVE-2012-0364 (Cisco SRP 520 series devices with firmware before 1.1.26 and SRP ...) @@ -3079,7 +3079,7 @@ CVE-2012-0360 RESERVED CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote attackers ...) - TODO: check + NOT-FOR-US: Cisco Cius CVE-2012-0358 RESERVED CVE-2012-0357 @@ -3135,9 +3135,9 @@ CVE-2012-0332 RESERVED CVE-2012-0331 (Cisco TelePresence Video Communication Server with software before ...) - TODO: check + NOT-FOR-US: Cisco TelePresence Video Communication Server CVE-2012-0330 (Cisco TelePresence Video Communication Server with software before ...) - TODO: check + NOT-FOR-US: Cisco TelePresence Video Communication Server CVE-2012-0329 (Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows ...) NOT-FOR-US: Cisco Digital Media Manager CVE-2012-0328 @@ -3153,9 +3153,9 @@ CVE-2012-0323 (Cross-site scripting (XSS) vulnerability in the Autocomplete plugin ...) TODO: check CVE-2012-0322 (The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for ...) - TODO: check + NOT-FOR-US: EStrongs ES File Explorer CVE-2012-0321 (Unspecified vulnerability in the device driver in Kingsoft Internet ...) - TODO: check + NOT-FOR-US: Kingsoft Internet Security 2011 CVE-2012-0320 (Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 ...) TODO: check CVE-2012-0319 (The file-management system in Movable Type before 4.38, 5.0x before ...) @@ -3165,7 +3165,7 @@ CVE-2012-0317 (Multiple cross-site request forgery (CSRF) vulnerabilities in Movable ...) TODO: check CVE-2012-0316 (The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier ...) - TODO: check + NOT-FOR-US: Cookpad CVE-2012-0315 (Untrusted search path vulnerability in ALFTP before 5.31 allows local ...) NOT-FOR-US: ALFTP CVE-2012-0314 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) @@ -4072,15 +4072,15 @@ CVE-2012-0200 (The server in IBM solidDB 6.5 before Interim Fix 6 does not properly ...) NOT-FOR-US: IBM solidDB CVE-2012-0199 (Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning ...) - TODO: check + NOT-FOR-US: IBM Tivoli Provisioning Manager Express CVE-2012-0198 (Stack-based buffer overflow in the RunAndUploadFile method in the ...) - TODO: check + NOT-FOR-US: IBM Tivoli Provisioning Manager Express CVE-2012-0197 RESERVED CVE-2012-0196 RESERVED CVE-2012-0195 (Cross-site scripting (XSS) vulnerability in the Start Center Layout ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management and others CVE-2012-0194 (The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large ...) NOT-FOR-US: AIX CVE-2012-0193 (IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 ...) @@ -4139,11 +4139,11 @@ CVE-2011-4819 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...) TODO: check CVE-2011-4818 (Open redirect vulnerability in IBM Maximo Asset Management and Asset ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2011-4817 (The About option on the Help menu in IBM Maximo Asset Management and ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2011-4816 (SQL injection vulnerability in the KPI component in IBM Maximo Asset ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2011-4815 (Ruby (aka CRuby) before 1.8.7-p357 computes hash values without ...) - ruby1.8 <unfixed> - ruby1.9 <not-affected> (Includes randomisation of the hash function) @@ -4205,9 +4205,9 @@ CVE-2012-0158 RESERVED CVE-2012-0157 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-0156 (DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-0155 (Microsoft Internet Explorer 9 does not properly handle objects in ...) NOT-FOR-US: Microsoft CVE-2012-0154 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) @@ -4215,7 +4215,7 @@ CVE-2012-0153 RESERVED CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows Server ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-0151 RESERVED CVE-2012-0150 (Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows ...) @@ -4271,13 +4271,13 @@ CVE-2012-0125 RESERVED CVE-2012-0124 (Unspecified vulnerability in HP Data Protector Express (aka DPX) ...) - TODO: check + NOT-FOR-US: HP Data Protector Express CVE-2012-0123 (Unspecified vulnerability in HP Data Protector Express (aka DPX) ...) - TODO: check + NOT-FOR-US: HP Data Protector Express CVE-2012-0122 (Unspecified vulnerability in HP Data Protector Express (aka DPX) ...) - TODO: check + NOT-FOR-US: HP Data Protector Express CVE-2012-0121 (Unspecified vulnerability in HP Data Protector Express (aka DPX) ...) - TODO: check + NOT-FOR-US: HP Data Protector Express CVE-2011-4814 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 ...) - dolibarr <itp> (bug #634783) CVE-2011-4813 (Directory traversal vulnerability in clientarea.php in ...) @@ -5428,9 +5428,9 @@ CVE-2011-4488 RESERVED CVE-2011-4487 (SQL injection vulnerability in Cisco Unified Communications Manager ...) - TODO: check + NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-4486 (Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x ...) - TODO: check + NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-4485 RESERVED CVE-2011-4484 @@ -5540,7 +5540,7 @@ CVE-2012-0017 (Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft ...) NOT-FOR-US: Microsoft CVE-2012-0016 (Untrusted search path vulnerability in Microsoft Expression Design; ...) - TODO: check + NOT-FOR-US: Microsoft Expression Design CVE-2012-0015 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate ...) NOT-FOR-US: Microsoft CVE-2012-0014 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 ...) @@ -5556,11 +5556,11 @@ CVE-2012-0009 (Untrusted search path vulnerability in the Windows Object Packager ...) NOT-FOR-US: Microsoft Windows CVE-2012-0008 (Untrusted search path vulnerability in Microsoft Visual Studio 2008 ...) - TODO: check + NOT-FOR-US: Microsoft Visual Studio 2008 CVE-2012-0007 (The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 ...) NOT-FOR-US: Microsoft Anti-Cross Site Scripting Library CVE-2012-0006 (The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-0005 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 ...) NOT-FOR-US: Microsoft Windows CVE-2012-0004 (Unspecified vulnerability in DirectShow in DirectX in Microsoft ...) @@ -5568,7 +5568,7 @@ CVE-2012-0003 (Unspecified vulnerability in winmm.dll in Windows Multimedia Library ...) NOT-FOR-US: Microsoft Windows CVE-2012-0002 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-0001 (The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, ...) NOT-FOR-US: Microsoft Windows CVE-2011-4436 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) @@ -6371,7 +6371,7 @@ CVE-2011-4190 RESERVED CVE-2011-4189 (The client in Novell GroupWise 8.0x through 8.02HP3 allows remote ...) - TODO: check + NOT-FOR-US: Novell GroupWise CVE-2011-4188 RESERVED CVE-2011-4187 (Buffer overflow in the GetDriverSettings function in nipplib.dll in ...) @@ -14726,11 +14726,11 @@ CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...) TODO: check CVE-2011-1396 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2011-1395 (Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2011-1394 (IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2011-1393 (Unspecified vulnerability in the authentication functionality in the ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-1392 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll ...) @@ -14748,7 +14748,7 @@ CVE-2011-1386 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated ...) NOT-FOR-US: IBM Tivoli Federated Identity Manager CVE-2011-1385 (IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2011-1384 (The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd ...) NOT-FOR-US: IBM AIX CVE-2011-1383