thr3ads.net - Secure testing commits - [Secure-testing-commits] r5783

If this information is useful, please help other people find it:
Share via:
Florian Weimer
2007-May-04 18:17 UTC
[Secure-testing-commits] r5783 - data/CVE

Author: fw
Date: 2007-05-04 18:17:26 +0000 (Fri, 04 May 2007)
New Revision: 5783

Modified:
   data/CVE/list
Log:
Normalize NFUs for Cisco products

The previous attempt at separating things was rather inconsistent,
which is no surprise given Cisco''s product portfolio.  Some of the CVE
split decisions do not obey product boundaries, either
(e.g. CVE-2004-1775).


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-05-04 18:06:41 UTC (rev 5782)
+++ data/CVE/list	2007-05-04 18:17:26 UTC (rev 5783)
@@ -32,11 +32,11 @@
 CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris
Auditing ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and
PIX 7.1 ...)
-	NOT-FOR-US: CIsco
+	NOT-FOR-US: Cisco
 CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance
(ASA) ...)
-	NOT-FOR-US: CIsco
+	NOT-FOR-US: Cisco
 CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance
(ASA) ...)
-	NOT-FOR-US: CIsco
+	NOT-FOR-US: Cisco
 CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA)
and ...)
 	NOT-FOR-US: Cisco
 CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
@@ -1398,9 +1398,9 @@
 	- php5 <unfixed> (unimportant)
 	NOTE: open_basedir bypasses not supported
 CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco
...)
-	NOT-FOR-US: Cisco Unified Presence Server
+	NOT-FOR-US: Cisco
 CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco
...)
-	NOT-FOR-US: Cisco Unified CallManager
+	NOT-FOR-US: Cisco
 CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated
users to ...)
 	NOT-FOR-US: WebAPP
 CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated
users to ...)
@@ -1414,7 +1414,7 @@
 CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in
...)
 	NOT-FOR-US: WebAPP
 CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco
...)
-	NOT-FOR-US: Cisco Unified CallManager
+	NOT-FOR-US: Cisco
 CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5
before ...)
 	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
 CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP
5 ...)
@@ -1467,7 +1467,7 @@
 CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3
Beta ...)
 	NOT-FOR-US: sBLOG
 CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco
Trust ...)
-	NOT-FOR-US: Cisco Secure ACS
+	NOT-FOR-US: Cisco
 CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent
before ...)
 	- ktorrent <unfixed> (medium)
 CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3
allows ...)
@@ -2260,7 +2260,7 @@
 CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational
ClearQuest ...)
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
-	NOT-FOR-US: Cisco Secure Access Control Server
+	NOT-FOR-US: Cisco
 CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents
...)
 	- libwpd 0.8.9-1 (medium)
 	[etch] - libwpd 0.8.7-6
@@ -2873,9 +2873,9 @@
 CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6
have ...)
 	NOT-FOR-US: WebAPP
 CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and
SXF; and ...)
-	NOT-FOR-US: Cisco IOS
+	NOT-FOR-US: Cisco
 CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000,
6500, ...)
-	NOT-FOR-US: Cisco Catalyst
+	NOT-FOR-US: Cisco
 CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the
address ...)
 	- iceweasel <unfixed> (medium)
 CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in
...)
@@ -3314,25 +3314,25 @@
 CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer
allows ...)
 	NOT-FOR-US: mcRefer
 CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone
7906G, ...)
-	NOT-FOR-US: Cisco Unified IP Phone
+	NOT-FOR-US: Cisco
 CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in
Apple ...)
 	NOT-FOR-US: Apple ImageIO
 CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows
...)
 	TODO: check
 CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS
PAP, ...)
-	NOT-FOR-US: Cisco Secure Services Client
+	NOT-FOR-US: Cisco
 CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and
2.x, ...)
-	NOT-FOR-US: Cisco Secure Services Client
+	NOT-FOR-US: Cisco
 CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and
2.x, ...)
-	NOT-FOR-US: Cisco Secure Services Client
+	NOT-FOR-US: Cisco
 CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and
2.x, ...)
-	NOT-FOR-US: Cisco Secure Services Client
+	NOT-FOR-US: Cisco
 CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and
2.x, ...)
-	NOT-FOR-US: Cisco Secure Services Client
+	NOT-FOR-US: Cisco
 CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G,
7961G, ...)
-	NOT-FOR-US: Cisco Unified IP Phone
+	NOT-FOR-US: Cisco
 CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and
earlier, and ...)
-	NOT-FOR-US: Cisco Unified IP Conference Station
+	NOT-FOR-US: Cisco
 CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi
PHP-Nuke ...)
 	NOT-FOR-US: PHP-Nuke
 CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire
...)
@@ -3722,25 +3722,25 @@
 CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester
...)
 	NOT-FOR-US: WebTester
 CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module
(FWSM) ...)
-	NOT-FOR-US: Cisco FWSM
+	NOT-FOR-US: Cisco
 CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows
...)
-	NOT-FOR-US: Cisco FWSM
+	NOT-FOR-US: Cisco
 CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when
the ...)
-	NOT-FOR-US: Cisco FWSM
+	NOT-FOR-US: Cisco
 CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is
configured to ...)
-	NOT-FOR-US: Cisco FWSM
+	NOT-FOR-US: Cisco
 CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is
configured to ...)
-	NOT-FOR-US: Cisco FWSM
+	NOT-FOR-US: Cisco
 CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module
(FWSM) 3.x ...)
-	NOT-FOR-US: Cisco FWSM
+	NOT-FOR-US: Cisco
 CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before
...)
-	NOT-FOR-US: Cisco PIX
+	NOT-FOR-US: Cisco
 CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before
...)
-	NOT-FOR-US: Cisco PIX
+	NOT-FOR-US: Cisco
 CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series
...)
-	NOT-FOR-US: Cisco PIX
+	NOT-FOR-US: Cisco
 CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2,
when ...)
-	NOT-FOR-US: Cisco PIX
+	NOT-FOR-US: Cisco
 CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read
unreadable ...)
 	{DSA-1286-1}
 	- linux-2.6 2.6.20-1 (unimportant)
@@ -3825,9 +3825,9 @@
 CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini
Web ...)
 	NOT-FOR-US: MiniWebsvr
 CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention
System ...)
-	NOT-FOR-US: Cisco IOS
+	NOT-FOR-US: Cisco
 CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS
12.4XE to ...)
-	NOT-FOR-US: Cisco IOS
+	NOT-FOR-US: Cisco
 CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter
Area ...)
 	NOT-FOR-US: HP-UX
 CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote
attackers ...)
@@ -9243,7 +9243,7 @@
 CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5
allows ...)
 	NOT-FOR-US: Imageview
 CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and
5.0 ...)
-	NOT-FOR-US: Cisco Security Agent
+	NOT-FOR-US: Cisco
 CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21
and ...)
 	NOT-FOR-US: RevilloC MailServer
 CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might
allow ...)
@@ -13419,11 +13419,11 @@
 CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum
...)
 	NOT-FOR-US: Mail2Forum
 CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line
Interface ...)
-	NOT-FOR-US: CS-MARS
+	NOT-FOR-US: Cisco
 CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...)
-	NOT-FOR-US: Cisco / JBoss
+	NOT-FOR-US: Cisco
 CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System
(CS-MARS) ...)
-	NOT-FOR-US: CS-MARS
+	NOT-FOR-US: Cisco
 CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted
...)
 	- firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
 	[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
@@ -14522,7 +14522,7 @@
 CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web
...)
 	NOT-FOR-US: Internet Explorer
 CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses
the ...)
-	NOT-FOR-US: Cisco Secure Access Control Server
+	NOT-FOR-US: Cisco
 CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application
Server ...)
 	NOT-FOR-US: Sun ONE Application Server
 CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote
...)
@@ -14775,7 +14775,7 @@
 CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in
Chipmailer ...)
 	NOT-FOR-US: Chipmailer
 CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager
3.3 ...)
-	NOT-FOR-US: Cisco CallManager
+	NOT-FOR-US: Cisco
 CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email
...)
 	NOT-FOR-US: EmailArchitect
 CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo
3.0.3 and ...)
@@ -14791,7 +14791,7 @@
 CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when
run ...)
 	NOT-FOR-US: Bitweaver
 CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in
Cisco ...)
-	NOT-FOR-US: Cisco Secure ACS
+	NOT-FOR-US: Cisco
 CVE-2006-3099
 	RESERVED
 CVE-2006-3098
@@ -14855,7 +14855,7 @@
 CVE-2006-3074 (klif.sys in Kaspersky Anti-Virus 6.0.0.300 and earlier, Internet
...)
 	NOT-FOR-US: Several Kaspersky products
 CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the
WebVPN ...)
-	NOT-FOR-US: Cisco VPN products
+	NOT-FOR-US: Cisco
 CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before
...)
 	NOT-FOR-US: Symantec Security Information Manager
 CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3
...)
@@ -15794,7 +15794,7 @@
 CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ
Photo ...)
 	NOT-FOR-US: AZ Photo Album
 CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows
Graphical User ...)
-	NOT-FOR-US: Cisco VPN Client
+	NOT-FOR-US: Cisco
 CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News
...)
 	NOT-FOR-US: Pre News Manager
 CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...)
@@ -18261,11 +18261,11 @@
 CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in
Dark_Wizard ...)
 	NOT-FOR-US: Dark_Wizard vBug Tracker
 CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco
Optical ...)
-	NOT-FOR-US: Cisco Optical Networking
+	NOT-FOR-US: Cisco
 CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000
series ...)
-	NOT-FOR-US: Cisco Optical Networking
+	NOT-FOR-US: Cisco
 CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000
series ...)
-	NOT-FOR-US: Cisco Optical Networking
+	NOT-FOR-US: Cisco
 CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven
Team ...)
 	NOT-FOR-US: PHPMyChat
 CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG)
(aka ...)
@@ -21119,7 +21119,7 @@
 CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE
...)
 	NOT-FOR-US: FACE CONTROL product
 CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0
through ...)
-	NOT-FOR-US: Cisco VPN 3000
+	NOT-FOR-US: Cisco
 CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
 	{DSA-1017-1}
 	- linux-2.6 2.6.15-4
@@ -21472,9 +21472,9 @@
 	- mysql-dfsg-4.1 <unfixed> (unimportant)
 	NOTE: This isn''t a security hole, it''s expected behaviour
 CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0
before ...)
-	NOT-FOR-US: Cisco CallManager
+	NOT-FOR-US: Cisco
 CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier,
3.3 ...)
-	NOT-FOR-US: Cisco CallManager
+	NOT-FOR-US: Cisco
 CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka
PCW) ...)
 	NOT-FOR-US: Phpclanwebsite
 CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme
message ...)
@@ -21500,7 +21500,7 @@
 CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote
attackers ...)
 	NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
 CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points
(WAP) ...)
-	NOT-FOR-US: Cisco IOS
+	NOT-FOR-US: Cisco
 CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...)
 	NOT-FOR-US: Fluffington FLog
 CVE-2006-0351 (Unspecified &quot;critical denial-of-service
vulnerability&quot; in MyDNS before ...)
@@ -21530,7 +21530,7 @@
 CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in
Rockliffe ...)
 	NOT-FOR-US: RockLiffe MailSite
 CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP)
...)
-	NOT-FOR-US: Cisco IOS
+	NOT-FOR-US: Cisco
 CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers
to ...)
 	NOT-FOR-US: BitComet
 CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows
and ...)
@@ -21966,11 +21966,11 @@
 CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers
to ...)
 	NOT-FOR-US: ACal Calendar Project
 CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System
(CS-MARS) ...)
-	NOT-FOR-US: Cisco CS-MARS
+	NOT-FOR-US: Cisco
 CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars
1.2.2 ...)
 	NOT-FOR-US: CaLogic Calendars
 CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a
denial of ...)
-	NOT-FOR-US: Cisco IP Phone
+	NOT-FOR-US: Cisco
 CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows
local ...)
 	NOT-FOR-US: Cray UNICOS
 CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow
local ...)
@@ -23187,7 +23187,7 @@
 CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote
...)
 	NOT-FOR-US: ASPBB
 CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to
cause a ...)
-	NOT-FOR-US: Cisco hardware
+	NOT-FOR-US: Cisco
 CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a
denial ...)
 	NOT-FOR-US: Linksys hardware
 CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV
XM ...)
@@ -24104,7 +24104,7 @@
 CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in
...)
 	NOT-FOR-US: Gadu-Gadu
 CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0
and ...)
-	NOT-FOR-US: Cisco Security Agent
+	NOT-FOR-US: Cisco
 CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape
before ...)
 	{DSA-916-1}
 	- inkscape 0.42-1 (bug #321501; low)
@@ -24266,9 +24266,9 @@
 CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in
Linux ...)
 	- linux-2.6 2.6.14-1 (medium)
 CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to
support ...)
-	NOT-FOR-US: Cisco hardware
+	NOT-FOR-US: Cisco
 CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded
...)
-	NOT-FOR-US: Cisco hardware
+	NOT-FOR-US: Cisco
 CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware
4.03.03 ...)
 	NOT-FOR-US: Belkin hardware
 CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test
...)
@@ -24300,7 +24300,7 @@
 CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5
allow ...)
 	NOT-FOR-US: phpwcms
 CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA)
7.0(0), ...)
-	NOT-FOR-US: Cisco appliance
+	NOT-FOR-US: Cisco
 CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
 	{DSA-880-1}
 	- phpmyadmin 4:2.6.4-pl4-1 (bug #360726)
@@ -24421,7 +24421,7 @@
 CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in
PollVote ...)
 	NOT-FOR-US: PollVote
 CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial
of ...)
-	NOT-FOR-US: Cisco hardware
+	NOT-FOR-US: Cisco
 CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown
impact ...)
 	NOT-FOR-US: Joomla
 CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4
allow ...)
@@ -24656,7 +24656,7 @@
 CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key
Exchange ...)
 	NOT-FOR-US: HP-UX''s IKE implementation
 CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key
Exchange ...)
-	NOT-FOR-US: Cisco''s IKE implementation
+	NOT-FOR-US: Cisco
 CVE-2005-3668 (Multiple buffer overflows in multiple unspecified
implementations of ...)
 	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly
be rejected
 CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified
...)
@@ -25523,7 +25523,7 @@
 	{DSA-887-1 DTSA-21-1}
 	- clamav 0.87.1-1 (medium)
 CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating
in ...)
-	NOT-FOR-US: Cisco hardware
+	NOT-FOR-US: Cisco
 CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute
...)
 	NOT-FOR-US: IOS
 CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error
messages ...)
@@ -25635,7 +25635,7 @@
 CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1
can omit ...)
 	NOT-FOR-US: IPS Sensors
 CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL
termination ...)
-	NOT-FOR-US: Cisco hardware
+	NOT-FOR-US: Cisco
 CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6
...)
 	{DSA-877-1}
 	- gnump3d 2.9.6-1
@@ -29882,13 +29882,13 @@
 CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows
attackers ...)
 	NOT-FOR-US: BIG-IP
 CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2
and ...)
-	NOT-FOR-US: Cisco CallManager
+	NOT-FOR-US: Cisco
 CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and
...)
-	NOT-FOR-US: Cisco CallManager
+	NOT-FOR-US: Cisco
 CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0
before ...)
-	NOT-FOR-US: Cisco CallManager
+	NOT-FOR-US: Cisco
 CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0
before ...)
-	NOT-FOR-US: Cisco CallManager
+	NOT-FOR-US: Cisco
 CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary
files ...)
 	{DSA-1003-1}
 	- xpvm 1.2.5-8 (bug #318285; medium)
@@ -31475,7 +31475,7 @@
 CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager
2.0 ...)
 	NOT-FOR-US: Loki download manager
 CVE-2005-1942 (Cisco switches that support 802.1x security allow remote
attackers to ...)
-	NOT-FOR-US: Cisco hardware issue
+	NOT-FOR-US: Cisco
 CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2)
...)
 	NOT-FOR-US: SilverCity
 CVE-2005-1940
@@ -34221,7 +34221,7 @@
 CVE-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to
execute ...)
 	NOT-FOR-US: AIX
 CVE-1999-1582 (By design, the &quot;established&quot; command on the
Cisco PIX firewall allows ...)
-	NOT-FOR-US: Cisco PIX
+	NOT-FOR-US: Cisco
 CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent
...)
 	NOT-FOR-US: Windows
 CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a
forwarding ...)
@@ -34809,7 +34809,7 @@
 CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll)
...)
 	NOT-FOR-US: Microsoft
 CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and
...)
-	NOT-FOR-US: Cisco Hardware issue
+	NOT-FOR-US: Cisco
 CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server
Enterprise ...)
 	NOT-FOR-US: Sybase ASE
 CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice
1.1.4 ...)
@@ -37662,7 +37662,7 @@
 CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc
toolbar ...)
 	NOT-FOR-US: AtHoc toolbar
 CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the
IOS ...)
-	NOT-FOR-US: CIsco
+	NOT-FOR-US: Cisco
 CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00
allows ...)
 	NOT-FOR-US: NodeManager Professional
 CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation
plugin ...)
@@ -38301,7 +38301,7 @@
 CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0
allow ...)
 	NOT-FOR-US: Netbsd
 CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft
...)
-	NOT-FOR-US: Microsoft/Cisco
+	NOT-FOR-US: Cisco
 CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06
stores ...)
 	NOT-FOR-US: Asante FM2008
 CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default
username ...)
@@ -40620,7 +40620,7 @@
 CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a
denial of ...)
 	- apache 1.3.31-2
 CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and
Hosting ...)
-	NOT-FOR-US: Cisco Wireless LAN Solution Engine
+	NOT-FOR-US: Cisco
 CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority
style ...)
 	NOT-FOR-US: SCO OpenServer
 CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows
remote ...)
@@ -40897,7 +40897,7 @@
 CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a
denial of ...)
 	NOT-FOR-US: Web Crossing
 CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch
...)
-	NOT-FOR-US: Cisco Systems
+	NOT-FOR-US: Cisco
 CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled,
...)
 	NOT-FOR-US: AIX
 CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive
information via ...)
@@ -41244,7 +41244,7 @@
 	- tcpdump 3.8.3-1
 	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
 CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation
for ...)
-	NOT-FOR-US: Cisco IOS
+	NOT-FOR-US: Cisco
 CVE-2004-0053 (Multiple content security gateway and antivirus products allow
remote ...)
 	NOT-FOR-US: Multiple security gateways MIME parsing stuff
 CVE-2004-0052 (Multiple content security gateway and antivirus products allow
remote ...)
@@ -41468,7 +41468,7 @@
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.24-rc1)
 CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that
...)
-	NOT-FOR-US: Cisco Unity on IBM servers
+	NOT-FOR-US: Cisco
 CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x
before ...)
 	NOT-FOR-US: Cisco
 CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS
name ...)
@@ -42516,7 +42516,7 @@
 CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a &quot;% Login
invalid&quot; message ...)
 	NOT-FOR-US: Cisco
 CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices
...)
-	NOT-FOR-US: Cisco Aironet AP1x00 Series Wireless devices
+	NOT-FOR-US: Cisco
 CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows
remote ...)
 	NOT-FOR-US: ezbounce
 CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier
...)
@@ -44093,7 +44093,7 @@
 CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation
Software 4.2 ...)
 	NOT-FOR-US: Sabre Desktop
 CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts,
which ...)
-	NOT-FOR-US: Cisco IOS
+	NOT-FOR-US: Cisco
 CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: Microsoft IIS
 CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3
in the ...)
@@ -45185,7 +45185,7 @@
 CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear
guestbook ...)
 	NOT-FOR-US: Lycos
 CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the
most ...)
-	NOT-FOR-US: Cisco VPN 5000 Client for MacOS
+	NOT-FOR-US: Cisco
 CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial
of ...)
 	NOT-FOR-US: NetBSD
 CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in
plaintext ...)
@@ -45213,7 +45213,7 @@
 CVE-2002-1448 (An undocumented SNMP read/write community string
(''NoGaH$@!'') in Avaya ...)
 	NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products
 CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client
before ...)
-	NOT-FOR-US: Cisco vpn client for UNIX
+	NOT-FOR-US: Cisco
 CVE-2002-1446 (The error checking routine used for the C_Verify call on a
symmetric ...)
 	NOT-FOR-US: nCipher PKCS#11 library
 CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to
...)
Secure testing commits - May 2007 - r5783 - data/CVE

[Secure-testing-commits] r5783 - data/CVE
