Author: geissert
Date: 2012-04-19 02:27:39 +0000 (Thu, 19 Apr 2012)
New Revision: 19008
Modified:
data/CVE/list
Log:
NFUs, dotclear and vlc issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-04-19 02:15:28 UTC (rev 19007)
+++ data/CVE/list 2012-04-19 02:27:39 UTC (rev 19008)
@@ -1,7 +1,7 @@
CVE-2012-2268 (master.exe in the SNMP Master Agent in RealNetworks Helix Server
and ...)
- TODO: check
+ NOT-FOR-US: RealNetworks Helix
CVE-2012-2267 (master.exe in the SNMP Master Agent in RealNetworks Helix Server
and ...)
- TODO: check
+ NOT-FOR-US: RealNetworks Helix
CVE-2012-2266
RESERVED
CVE-2012-2265
@@ -79,7 +79,7 @@
CVE-2012-2231
RESERVED
CVE-2012-2230 (Cloudera Manager 3.7.x before 3.7.5 and Service and
Configuration ...)
- TODO: check
+ NOT-FOR-US: Cloudera Manager
CVE-2012-2229
RESERVED
CVE-2012-2228
@@ -658,9 +658,9 @@
{DSA-2423-1}
- movabletype-opensource 5.1.2+dfsg-1
CVE-2012-1985 (Cross-site request forgery (CSRF) vulnerability in RealNetworks
Helix ...)
- TODO: check
+ NOT-FOR-US: RealNetworks Helix
CVE-2012-1984 (Multiple cross-site scripting (XSS) vulnerabilities in
RealNetworks ...)
- TODO: check
+ NOT-FOR-US: RealNetworks Helix
CVE-2012-1983
RESERVED
CVE-2012-1982 (Cross-site scripting (XSS) vulnerability in ...)
@@ -786,7 +786,7 @@
CVE-2012-1924 (Opera before 11.62 allows user-assisted remote attackers to
trick ...)
NOT-FOR-US: Opera
CVE-2012-1923 (RealNetworks Helix Server and Helix Mobile Server 14.x before
14.3.x ...)
- TODO: check
+ NOT-FOR-US: RealNetworks Helix
CVE-2012-1922
RESERVED
CVE-2012-1921
@@ -1025,15 +1025,15 @@
CVE-2012-1810
RESERVED
CVE-2012-1809 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...)
- TODO: check
+ NOT-FOR-US: Koyo ECOM
CVE-2012-1808 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...)
- TODO: check
+ NOT-FOR-US: Koyo ECOM
CVE-2012-1807 (Cross-site scripting (XSS) vulnerability in the web server in
the ECOM ...)
- TODO: check
+ NOT-FOR-US: Koyo ECOM
CVE-2012-1806 (The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM,
...)
- TODO: check
+ NOT-FOR-US: Koyo ECOM
CVE-2012-1805 (Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM,
...)
- TODO: check
+ NOT-FOR-US: Koyo ECOM
CVE-2012-1804
RESERVED
CVE-2012-1803
@@ -1066,10 +1066,13 @@
CVE-2012-1777 (SQL injection vulnerability in my.activation.php3 in F5 FirePass
6.0.0 ...)
NOT-FOR-US: F5 Firepass
CVE-2012-1776 (Multiple heap-based buffer overflows in VideoLAN VLC media
player ...)
+ - vlc <unfixed>
TODO: check
CVE-2012-1775 (Stack-based buffer overflow in VideoLAN VLC media player before
2.0.1 ...)
+ - vlc <unfixed>
TODO: check
CVE-2011-5083 (Unrestricted file upload vulnerability in inc/swf/swfupload.swf
in ...)
+ - dotclear <unfixed>
TODO: check
CVE-2012-1790 (Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2
allows ...)
NOT-FOR-US: Webgrind
@@ -1310,9 +1313,9 @@
CVE-2012-1674
RESERVED
CVE-2012-1673 (SQL injection vulnerability in loginscript.php in e-ticketing
allows ...)
- TODO: check
+ NOT-FOR-US: e-ticketing
CVE-2012-1672 (SQL injection vulnerability in getcity.php in Hotel Booking
Portal 0.1 ...)
- TODO: check
+ NOT-FOR-US: Hotel Booking Portal
CVE-2012-1671
RESERVED
CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows
remote ...)
@@ -2288,13 +2291,13 @@
CVE-2012-1241 (GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before
1.8.7 ...)
TODO: check
CVE-2012-1240 (Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo
...)
- TODO: check
+ NOT-FOR-US: RECRUIT Dokodemo
CVE-2012-1239 (The TopAccess web-based management interface on TOSHIBA TEC
e-Studio ...)
- TODO: check
+ NOT-FOR-US: TOSHIBA TEC e-Studio
CVE-2012-1238 (Session fixation vulnerability in SENCHA SNS before 1.0.2 allows
...)
- TODO: check
+ NOT-FOR-US: SENCHA SNS
CVE-2012-1237 (Cross-site request forgery (CSRF) vulnerability in SENCHA SNS
before ...)
- TODO: check
+ NOT-FOR-US: SENCHA SNS
CVE-2012-1236 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Janetter ...)
NOT-FOR-US: Janetter
CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in
Advantech/BroadWin ...)
@@ -2887,6 +2890,7 @@
CVE-2012-1040
RESERVED
CVE-2012-1039 (Multiple cross-site scripting (XSS) vulnerabilities in Dotclear
before ...)
+ - dotclear <unfixed>
TODO: check
CVE-2012-1038
RESERVED
@@ -2896,7 +2900,7 @@
[squeeze] - glpi <not-affected> (Introduced in 0.78)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2012-1036 (Cross-site scripting (XSS) vulnerability in the telerik HTML
editor in ...)
- TODO: check
+ NOT-FOR-US: telerik
CVE-2012-1035 (AdaCore Ada Web Services (AWS) before 2.10.2 computes hash
values for ...)
NOT-FOR-US: AdaCore Ada Web Services
CVE-2011-5078 (The web administration interface in the server in Sybase
M-Business ...)
@@ -2910,7 +2914,7 @@
CVE-2012-1031 (Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2,
in ...)
NOT-FOR-US: EPiServer CMS
CVE-2012-1030 (Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x
through ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2012-1029 (SQL injection vulnerability in mobile/search/index.php in Tube
Ace ...)
NOT-FOR-US: Tube Ace
CVE-2012-1028 (Cross-site scripting (XSS) vulnerability in bin/index.php in
...)
@@ -3103,7 +3107,7 @@
RESERVED
- lightdm <not-affected> (Ubuntu-specific script)
CVE-2012-0942 (Buffer overflow in rn5auth.dll in RealNetworks Helix Server and
Helix ...)
- TODO: check
+ NOT-FOR-US: RealNetworks Helix
CVE-2012-0941
RESERVED
CVE-2012-0940
@@ -45793,7 +45797,8 @@
[lenny] - linux-2.6 <not-affected> (Vulnerability was introduced in
2.6.27-rc9)
- linux-2.6.24 <not-affected> (Vulnerability was introduced in
2.6.27-rc9)
CVE-2009-0933 (Cross-site scripting (XSS) vulnerability in the administrative
...)
- NOT-FOR-US: Dotclear
+ - dotclear <unfixed>
+ TODO: check
CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php
in ...)
{DSA-1765-1}
- horde3 3.2.2+debian0-2 (bug #513265; medium)