thr3ads.net - Secure testing commits - [Secure-testing-commits] r19952

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2012-Aug-15 07:17 UTC
[Secure-testing-commits] r19952 - data/CVE

Author: jmm
Date: 2012-08-15 07:17:08 +0000 (Wed, 15 Aug 2012)
New Revision: 19952

Modified:
   data/CVE/list
Log:
NFUs
drop some historic TODOs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-08-14 21:14:19 UTC (rev 19951)
+++ data/CVE/list	2012-08-15 07:17:08 UTC (rev 19952)
@@ -71,13 +71,13 @@
 CVE-2012-XXXX
 	- libapache2-mod-rpaf 0.6-1 (bug #683984)
 CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on
the ...)
-	TODO: check
+	NOT-FOR-US: Kindle Touch
 CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict
access ...)
-	TODO: check
+	NOT-FOR-US: Kindle Touch
 CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: phplist
 CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: phplist
 CVE-2012-4245
 	RESERVED
 CVE-2012-4244
@@ -456,9 +456,9 @@
 CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module
in the ...)
 	NOT-FOR-US: Joomla addon
 CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in
Dir2web ...)
-	TODO: check
+	NOT-FOR-US: Dir2Web
 CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with
...)
-	TODO: check
+	NOT-FOR-US: Dir2Web
 CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix
...)
 	NOT-FOR-US: Citrix
 CVE-2012-4067
@@ -527,9 +527,9 @@
 CVE-2012-4036
 	RESERVED
 CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: PBBoard
 CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: PBBoard
 CVE-2012-4050 (Multiple unspecified vulnerabilities in Google Chrome OS before
...)
 	NOT-FOR-US: Google Chrome OS
 CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark
1.4.x ...)
@@ -718,9 +718,9 @@
 	- isc-dhcp <unfixed>
 	NOTE: https://kb.isc.org/article/AA-00737
 CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before
...)
-	TODO: check
+	NOT-FOR-US: phplist
 CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in
phpList ...)
-	TODO: check
+	NOT-FOR-US: phplist
 CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL
...)
 	NOT-FOR-US: Plixer Scrutinizer
 CVE-2012-3950
@@ -1712,23 +1712,23 @@
 CVE-2012-3477
 	RESERVED
 CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
-	TODO: check
+	NOT-FOR-US: Ushahidi
 CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain
calls ...)
-	TODO: check
+	NOT-FOR-US: Ushahidi
 CVE-2012-3474 (The comments API in ...)
-	TODO: check
+	NOT-FOR-US: Ushahidi
 CVE-2012-3473 (The (1) reports API and (2) administration feature in the
comments API ...)
-	TODO: check
+	NOT-FOR-US: Ushahidi
 CVE-2012-3472 (The email API in
application/libraries/api/MY_Email_Api_Object.php in ...)
-	TODO: check
+	NOT-FOR-US: Ushahidi
 CVE-2012-3471 (Multiple SQL injection vulnerabilities in the edit functions in
(1) ...)
-	TODO: check
+	NOT-FOR-US: Ushahidi
 CVE-2012-3470 (Multiple SQL injection vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Ushahidi
 CVE-2012-3469 (Multiple SQL injection vulnerabilities in the Ushahidi Platform
before ...)
-	TODO: check
+	NOT-FOR-US: Ushahidi
 CVE-2012-3468 (Multiple SQL injection vulnerabilities in the Ushahidi Platform
before ...)
-	TODO: check
+	NOT-FOR-US: Ushahidi
 CVE-2012-3467
 	RESERVED
 	- qpid-cpp 0.16-7 (bug #684456)
@@ -2584,7 +2584,7 @@
 CVE-2012-3133
 	RESERVED
 CVE-2012-3132 (SQL injection vulnerability in Oracle Database Server 10.2.0.3,
...)
-	TODO: check
+	NOT-FOR-US: Oracle Database
 CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11
allows ...)
 	NOT-FOR-US: Oracle Sun Solaris
 CVE-2012-3130 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote
...)
@@ -2916,19 +2916,19 @@
 CVE-2012-2970 (The Synel SY-780/A Time &amp; Attendance terminal allows
remote attackers ...)
 	NOT-FOR-US: Synel terminal
 CVE-2012-2969 (Caucho Quercus, as distributed in Resin before 4.0.29, allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Caucho Quercus
 CVE-2012-2968 (Directory traversal vulnerability in Caucho Quercus, as
distributed in ...)
-	TODO: check
+	NOT-FOR-US: Caucho Quercus
 CVE-2012-2967 (Caucho Quercus, as distributed in Resin before 4.0.29, does not
...)
-	TODO: check
+	NOT-FOR-US: Caucho Quercus
 CVE-2012-2966 (Caucho Quercus, as distributed in Resin before 4.0.29,
overwrites ...)
-	TODO: check
+	NOT-FOR-US: Caucho Quercus
 CVE-2012-2965 (Caucho Quercus, as distributed in Resin before 4.0.29, does not
...)
-	TODO: check
+	NOT-FOR-US: Caucho Quercus
 CVE-2012-2964 (The BreakingPoint Storm appliance before 3.0 requires cleartext
...)
-	TODO: check
+	NOT-FOR-US: BreakingPoint Storm appliance
 CVE-2012-2963 (The administrative interface in the embedded web server on the
...)
-	TODO: check
+	NOT-FOR-US: BreakingPoint Storm appliance
 CVE-2012-2962 (SQL injection vulnerability in d4d/statusFilter.php in Plixer
...)
 	NOT-FOR-US: Dell SonicWALL Scrutinizer
 CVE-2012-2961 (SQL injection vulnerability in the management console in
Symantec Web ...)
@@ -3805,7 +3805,7 @@
 CVE-2012-2603 (The server in CollabNet ScrumWorks Pro before 6.0 allows remote
...)
 	NOT-FOR-US: CollabNet ScrumWorks Pro
 CVE-2012-2602 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
 CVE-2012-2601
 	RESERVED
 CVE-2012-2600
@@ -3829,19 +3829,19 @@
 CVE-2012-2591
 	RESERVED
 CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON
...)
-	TODO: check
+	NOT-FOR-US: ESCON SupportPortal Professional Edition
 CVE-2012-2589
 	RESERVED
 CVE-2012-2588
 	RESERVED
 CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in
AfterLogic ...)
-	TODO: check
+	NOT-FOR-US: AfterLogic MailSuite Pro 
 CVE-2012-2586
 	RESERVED
 CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in
ManageEngine ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N
MDaemon ...)
-	TODO: check
+	NOT-FOR-US: Alt-N MDaemon Free 
 CVE-2012-2583
 	RESERVED
 CVE-2012-2582
@@ -3855,7 +3855,7 @@
 CVE-2012-2578
 	RESERVED
 CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in
SolarWinds ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds Orion Network Performance Monitor 
 CVE-2012-2576
 	RESERVED
 CVE-2012-2575
@@ -3867,7 +3867,7 @@
 CVE-2012-2572
 	RESERVED
 CVE-2012-2571 (Multiple cross-site scripting (XSS) vulnerabilities in
WinWebMail ...)
-	TODO: check
+	NOT-FOR-US: WinWebMail
 CVE-2012-2570
 	RESERVED
 CVE-2012-2569
@@ -32468,7 +32468,6 @@
 	NOT-FOR-US: Orbit Downloader
 CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in ...)
 	- axis <not-affected> (axis != axis2, vulnerable code not present)
-	TODO: find out if the axis2 c implementation (axis2c) is affected by this
 CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers
to ...)
 	NOT-FOR-US: Webby Webserver
 CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5)
...)
@@ -35821,8 +35820,6 @@
 	NOT-FOR-US: Pulse CMS Basic
 CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow ...)
 	- imlib2 <not-affected> (vulnerable code introduced in 1.4.3)
-	NOTE: http://seclists.org/bugtraq/2010/Apr/196
-	TODO: recheck when 1.4.3 gets uploaded to unstable
 CVE-2010-0990 (Stack-based buffer overflow in Creative Software AutoUpdate
Engine ...)
 	NOT-FOR-US: Creative Software AutoUpdate
 CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS
before ...)
@@ -37518,7 +37515,6 @@
 CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red
Hat ...)
 	- qemu-kvm <not-affected> (QXL support not yet present in Debian
packages)
 	- kvm <not-affected> (QXL support not yet present in Debian packages)
-	TODO: recheck newer uploads
 CVE-2010-0430
 	RESERVED
 	- spice <not-affected> (Fixed before initial upload to archive)
@@ -37978,7 +37974,6 @@
 CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the
-d ...)
 	{DSA-1981-1}
 	- maildrop 2.2.0-3.1 (low; bug #564601)
-	TODO: check courier (embeds maildrop)
 CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to
cause a ...)
 	{DSA-1980-1}
 	- ircd-ratbox 3.0.6.dfsg-1 (low; bug #567191)
Secure testing commits - Aug 2012 - r19952 - data/CVE

[Secure-testing-commits] r19952 - data/CVE
