Author: federico-guest Date: 2010-11-15 21:16:37 +0000 (Mon, 15 Nov 2010) New Revision: 15586 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-11-15 21:14:37 UTC (rev 15585) +++ data/CVE/list 2010-11-15 21:16:37 UTC (rev 15586) @@ -160,15 +160,15 @@ CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...) TODO: check CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 ...) - TODO: check + NOT-FOR-US: eXV2 CMS CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager ...) TODO: check CVE-2010-4153 (Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably ...) - TODO: check + NOT-FOR-US: CrossFTP CVE-2010-4152 (SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, ...) - TODO: check + NOT-FOR-US: 4site CMS CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly ...) - TODO: check + NOT-FOR-US: DeluxeBB CVE-2010-4150 RESERVED CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 ...) @@ -309,9 +309,9 @@ CVE-2010-4093 RESERVED CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility component ...) - TODO: check + NOT-FOR-US: Adobe Shockwave Player CVE-2010-4091 (The EScript.api plugin in Adobe Acrobat Reader 9.4.0, 8.1.7, and ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...) @@ -523,7 +523,7 @@ CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...) NOT-FOR-US: Oracle Mojarra CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links ...) - TODO: check + NOT-FOR-US: WSN Links CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and ...) TODO: check CVE-2010-4004 @@ -637,7 +637,7 @@ CVE-2010-3963 RESERVED CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3961 RESERVED CVE-2010-3960 @@ -689,7 +689,7 @@ CVE-2010-3937 RESERVED CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft ...) - TODO: check + NOT-FOR-US: Forefront Unified Access Gateway CVE-2010-3935 RESERVED CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Software ...) @@ -729,13 +729,13 @@ CVE-2010-3917 RESERVED CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...) - TODO: check + NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...) - TODO: check + NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government CVE-2010-3914 (Untrusted search path vulnerability in VIM Development Group GVim ...) TODO: check CVE-2010-3913 (CRLF injection vulnerability in TransWARE Active! mail 6 build ...) - TODO: check + NOT-FOR-US: TransWARE Active! mail CVE-2010-3912 RESERVED CVE-2010-3911 @@ -1368,45 +1368,45 @@ CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before ...) NOT-FOR-US: Adobe Shockwave CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3651 RESERVED CVE-2010-3650 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3649 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3648 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3647 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3646 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3645 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3644 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3643 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3642 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3641 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3640 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3639 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3638 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2010-3635 (Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, ...) - TODO: check + NOT-FOR-US: Adobe Flash Media Server CVE-2010-3634 (Unspecified vulnerability in the edge process in Adobe Flash Media ...) - TODO: check + NOT-FOR-US: Adobe Flash Media Server CVE-2010-3633 (Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, ...) - TODO: check + NOT-FOR-US: Adobe Flash Media Server CVE-2010-3632 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2010-3631 (Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x ...) @@ -2211,15 +2211,15 @@ CVE-2010-3338 RESERVED CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft Office 2007 SP2 CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac ...) - TODO: check + NOT-FOR-US: Microsoft Office XP SP3 CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...) - TODO: check + NOT-FOR-US: Microsoft Office XP SP3 CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...) - TODO: check + NOT-FOR-US: Microsoft Office XP SP3 CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2010-3332 (Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, ...) NOT-FOR-US: Microsoft .NET Framework CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle ...) @@ -3054,9 +3054,9 @@ CVE-2010-3041 RESERVED CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...) - TODO: check + NOT-FOR-US: Cisco Intelligent Contact Manager CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications ...) - TODO: check + NOT-FOR-US: Cisco Unified Communications Manager CVE-2010-3038 RESERVED CVE-2010-3037 @@ -3910,11 +3910,11 @@ CVE-2010-2735 RESERVED CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in ...) - TODO: check + NOT-FOR-US: Microsoft Forefront Unified Access Gateway CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in ...) - TODO: check + NOT-FOR-US: Microsoft Forefront Unified Access Gateway CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft Forefront Unified Access Gateway CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services ...) NOT-FOR-US: Microsoft Windows CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, ...) @@ -4161,9 +4161,9 @@ CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not ...) TODO: check CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample store ...) - TODO: check + NOT-FOR-US: IBM WebSphere Commerce CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before ...) - TODO: check + NOT-FOR-US: IBM WebSphere Commerce CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...) NOT-FOR-US: RSA enVision CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, ...) @@ -4306,9 +4306,9 @@ CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...) - tiff <unfixed> (unimportant) CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, ...) - TODO: check + NOT-FOR-US: Microsoft PowerPoint CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows ...) - TODO: check + NOT-FOR-US: Microsoft PowerPoint CVE-2010-2571 RESERVED CVE-2010-2570 @@ -9454,13 +9454,13 @@ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853 NOTE: Initial DSA released as CVE-2009-3297 CVE-2010-0786 (The Web Services Security component in IBM WebSphere Application ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application CVE-2010-0785 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0784 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0783 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows ...) NOT-FOR-US: IBM WebSphere CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM ...)