thr3ads.net - Secure testing commits - [Secure-testing-commits] r19627

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2012-Jun-29 16:28 UTC
[Secure-testing-commits] r19627 - data/CVE

Author: jmm
Date: 2012-06-29 16:28:14 +0000 (Fri, 29 Jun 2012)
New Revision: 19627

Modified:
   data/CVE/list
Log:
new packagekit issue
NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-06-29 16:27:30 UTC (rev 19626)
+++ data/CVE/list	2012-06-29 16:28:14 UTC (rev 19627)
@@ -1,9 +1,11 @@
+CVE-2012-XXXX [packagekit insecure temp file]
+	- packagekit <unfixed> (bug #678189)
 CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial
of ...)
-	TODO: check
+	NOT-FOR-US: WinRadius
 CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog 2.07.14
and ...)
-	TODO: check
+	NOT-FOR-US: Sielco Sistemi Winlog
 CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the
Font ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2012-3813
 	RESERVED
 CVE-2012-3812
@@ -27,16 +29,15 @@
 CVE-2012-3803
 	RESERVED
 CVE-2012-3802 (Unspecified vulnerability in the Post Affiliate Pro (PAP) module
for ...)
-	TODO: check
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/27/10
+	NOT-FOR-US: Drupal module
 CVE-2012-3801 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does
not ...)
-	TODO: check
+	NOT-FOR-US: Drupal module
 CVE-2012-3800 (Cross-site scripting (XSS) vulnerability in og.js in the Organic
...)
-	TODO: check
+	NOT-FOR-US: Drupal module
 CVE-2012-3799 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
-	TODO: check
+	NOT-FOR-US: Drupal module
 CVE-2012-3798 (The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when
...)
-	TODO: check
+	NOT-FOR-US: Drupal module
 CVE-2012-3797 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe
in ...)
 	NOT-FOR-US: Pro-face WinGP PC Runtime
 CVE-2012-3796 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe
in ...)
@@ -1207,7 +1208,7 @@
 CVE-2012-3232
 	RESERVED
 CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in
web at all ...)
-	TODO: check
+	NOT-FOR-US: web at all
 CVE-2012-3230
 	RESERVED
 CVE-2012-3229
@@ -2293,7 +2294,7 @@
 CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal
allows ...)
 	NOT-FOR-US: Drupal module
 CVE-2012-2717 (Multiple cross-site scripting (XSS) vulnerabilities in the
Mobile ...)
-	TODO: check
+	NOT-FOR-US: Drupal module
 CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment
...)
 	NOT-FOR-US: Drupal module
 CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links
function ...)
@@ -2574,11 +2575,11 @@
 CVE-2012-2607
 	RESERVED
 CVE-2012-2606 (The agent in Bradford Network Sentry before 5.3.3 does not
require ...)
-	TODO: check
+	NOT-FOR-US: Bradford Network Sentry
 CVE-2012-2605 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
-	TODO: check
+	NOT-FOR-US: Bradford Network Sentry
 CVE-2012-2604 (Multiple cross-site scripting (XSS) vulnerabilities in
GuestAccess.jsp ...)
-	TODO: check
+	NOT-FOR-US: Bradford Network Sentry
 CVE-2012-2603 (The server in CollabNet ScrumWorks Pro before 6.0 allows remote
...)
 	NOT-FOR-US: CollabNet ScrumWorks Pro
 CVE-2012-2602
@@ -2590,13 +2591,13 @@
 CVE-2012-2599
 	RESERVED
 CVE-2012-2598 (Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0
SP3 ...)
-	TODO: check
+	NOT-FOR-US: Siemens WinCC
 CVE-2012-2597 (Multiple directory traversal vulnerabilities in Siemens WinCC
7.0 SP3 ...)
-	TODO: check
+	NOT-FOR-US: Siemens WinCC
 CVE-2012-2596 (The XPath functionality in unspecified web applications in
Siemens ...)
-	TODO: check
+	NOT-FOR-US: Siemens WinCC
 CVE-2012-2595 (Multiple cross-site scripting (XSS) vulnerabilities in
unspecified web ...)
-	TODO: check
+	NOT-FOR-US: Siemens WinCC
 CVE-2012-2594
 	RESERVED
 CVE-2012-2593
@@ -2654,13 +2655,13 @@
 CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android
uses ...)
 	NOT-FOR-US: Xelex MobileTrack application
 CVE-2012-2566 (Bloxx Web Filtering before 5.0.14 does not properly interpret
...)
-	TODO: check
+	NOT-FOR-US: Bloxx Web Filtering
 CVE-2012-2565 (Bloxx Web Filtering before 5.0.14 does not use a salt during
...)
-	TODO: check
+	NOT-FOR-US: Bloxx Web Filtering
 CVE-2012-2564 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
-	TODO: check
+	NOT-FOR-US: Bloxx Web Filtering
 CVE-2012-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web
...)
-	TODO: check
+	NOT-FOR-US: Bloxx Web Filtering
 CVE-2012-2562 (The Xelex MobileTrack application 2.3.7 and earlier for Android
does ...)
 	NOT-FOR-US: Xelex MobileTrack application
 CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly
restrict ...)
@@ -2794,13 +2795,13 @@
 CVE-2012-2497
 	RESERVED
 CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in
the ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-2495 (The HostScan downloader implementation in Cisco AnyConnect
Secure ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-2494 (The VPN downloader implementation in the WebLaunch feature in
Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-2493 (The VPN downloader implementation in the WebLaunch feature in
Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-2492
 	RESERVED
 CVE-2012-2491
@@ -3683,7 +3684,7 @@
 CVE-2012-2201
 	RESERVED
 CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1,
and VIOS ...)
-	TODO: check
+	NOT-FOR-US: sendmail configuration in AIX 
 CVE-2012-2199
 	RESERVED
 CVE-2012-2198
@@ -3699,7 +3700,7 @@
 CVE-2012-2193
 	RESERVED
 CVE-2012-2192 (The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS
...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2012-2191
 	RESERVED
 CVE-2012-2190
@@ -3725,7 +3726,7 @@
 CVE-2012-2180 (The chaining functionality in the Distributed Relational
Database ...)
 	TODO: check
 CVE-2012-2179 (libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to
overwrite ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2012-2178
 	RESERVED
 CVE-2012-2177
@@ -3735,15 +3736,15 @@
 CVE-2012-2175 (Buffer overflow in the Attachment_Times method in a certain
ActiveX ...)
 	TODO: check
 CVE-2012-2174 (The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Notes
 CVE-2012-2173 (The ODBC driver in IBM Security AppScan Source 7.x and 8.x
before 8.6 ...)
-	TODO: check
+	NOT-FOR-US: AppScan
 CVE-2012-2172 (Cross-site scripting (XSS) vulnerability in
SoftwareRegistration.do in ...)
 	TODO: check
 CVE-2012-2171 (SQL injection vulnerability in ModuleServlet.do in the Storage
Manager ...)
-	TODO: check
+	NOT-FOR-US: IBM System Storage DS Storage Manager
 CVE-2012-2170 (The Application Snoop Servlet in IBM WebSphere Application
Server 7.0 ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2012-2169
 	RESERVED
 CVE-2012-2168
Secure testing commits - Jun 2012 - r19627 - data/CVE

[Secure-testing-commits] r19627 - data/CVE
