Author: jmm Date: 2011-01-25 22:06:53 +0000 (Tue, 25 Jan 2011) New Revision: 15968 Modified: data/CVE/list Log: fixup proftpd entry new glassfish issue loads of NFUs, mostly Oracle Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-01-25 21:49:15 UTC (rev 15967) +++ data/CVE/list 2011-01-25 22:06:53 UTC (rev 15968) @@ -1,5 +1,5 @@ CVE-2011-0640 (The default configuration of udev on Linux does not warn the user ...) - TODO: check + NOTE: Not much that could sensibly be fixed here CVE-2011-0639 (Apple Mac OS X does not properly warn the user before enabling ...) NOT-FOR-US: Mac OS X CVE-2011-0638 (Microsoft Windows does not properly warn the user before enabling ...) @@ -324,11 +324,11 @@ CVE-2011-0496 (Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ...) NOT-FOR-US: Sybase EAServer CVE-2010-4703 (SQL injection vulnerability in default.asp in HotWebScripts HotWeb ...) - TODO: check + NOT-FOR-US: HotWebScripts HotWeb Rentals CVE-2010-4702 (SQL injection vulnerability in JRadio (com_jradio) component before ...) - TODO: check + NOT-FOR-US: Joomla component CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function in ...) - TODO: check + NOT-FOR-US: Microsoft Windows Fax Services Cover Page Editor CVE-2011-0495 (Stack-based buffer overflow in the ast_uri_encode function in ...) - asterisk <unfixed> (bug #610487) CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...) @@ -562,7 +562,7 @@ CVE-2011-0411 RESERVED CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for ...) - TODO: check + NOT-FOR-US: CollabNet ScrumWorks Basic CVE-2011-0409 RESERVED CVE-2011-0408 (pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to ...) @@ -681,7 +681,7 @@ CVE-2011-0353 RESERVED CVE-2011-0352 (Buffer overflow in the web-based management interface on the Cisco ...) - TODO: check + NOT-FOR-US: Linksys router CVE-2011-0351 RESERVED CVE-2011-0350 @@ -952,8 +952,7 @@ TODO: check CVE-2010-4652 [buffer overflow when preparing SQL queries] RESERVED - - proftpd <unfixed> - TODO: check + - proftpd-dfsg <unfixed> CVE-2010-4651 [patch directory traversal] RESERVED - patch <unfixed> (unimportant) @@ -1085,9 +1084,9 @@ CVE-2011-0275 RESERVED CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...) - TODO: check + NOT-FOR-US: HP Business Availability CVE-2011-0273 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.11 ...) - TODO: check + NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-0272 (Unspecified vulnerability in HP LoadRunner 9.52 allows remote ...) NOT-FOR-US: HP LoadRunner CVE-2011-0271 (The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and ...) @@ -2066,7 +2065,7 @@ CVE-2010-4457 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote ...) NOT-FOR-US: Solaris CVE-2010-4456 (Unspecified vulnerability in Oracle Sun Java System Communications ...) - TODO: check + NOT-FOR-US: Oracle Sun Java System Communications Express CVE-2010-4455 (Unspecified vulnerability in the Oracle HTTP Server component in ...) NOT-FOR-US: Oracle Fusion CVE-2010-4454 @@ -2088,71 +2087,71 @@ CVE-2010-4446 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...) NOT-FOR-US: Solaris CVE-2010-4445 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2010-4444 (Unspecified vulnerability in Oracle Sun Java System Access Manager and ...) - TODO: check + NOT-FOR-US: OpenSSO CVE-2010-4443 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...) NOT-FOR-US: Solaris CVE-2010-4442 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...) NOT-FOR-US: Solaris CVE-2010-4441 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2010-4440 (Unspecified vulnerability in Oracle 10 and 11 Express allows local ...) - TODO: check + NOT-FOR-US: Oracle Express CVE-2010-4439 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2010-4438 (Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, ...) - TODO: check + - glassfish <unfixed> CVE-2010-4437 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) - TODO: check + NOT-FOR-US: WebLogic CVE-2010-4436 (Unspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0 ...) - TODO: check + NOT-FOR-US: SunMC CVE-2010-4435 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...) NOT-FOR-US: Solaris CVE-2010-4434 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2010-4433 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...) NOT-FOR-US: Solaris CVE-2010-4432 (Unspecified vulnerability in the Oracle Transportation Manager ...) - TODO: check + NOT-FOR-US: Oracle Supply Chain CVE-2010-4431 (Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 ...) - TODO: check + NOT-FOR-US: Oracle Sun Java System Portal Server CVE-2010-4430 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2010-4429 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...) - TODO: check + NOT-FOR-US: Oracle Supply Chain CVE-2010-4428 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2010-4427 (Unspecified vulnerability in the Oracle BI Publisher component in ...) - TODO: check + NOT-FOR-US: Oracle BI Publisher CVE-2010-4426 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2010-4425 (Unspecified vulnerability in the Oracle BI Publisher component in ...) - TODO: check + NOT-FOR-US: Oracle BI Publisher CVE-2010-4424 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2010-4423 (Unspecified vulnerability in the Cluster Verify Utility component in ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-4422 RESERVED CVE-2010-4421 (Unspecified vulnerability in the Database Vault component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-4420 (Unspecified vulnerability in the Database Vault component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-4419 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2010-4418 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2010-4417 (Unspecified vulnerability in the Services for Beehive component in ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2010-4416 (Unspecified vulnerability in the Oracle GoldenGate Veridata component ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2010-4415 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) - TODO: check + NOT-FOR-US: Solaris CVE-2010-4414 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local ...) TODO: check CVE-2010-4413 (Unspecified vulnerability in the Scheduler Agent component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta ...) NOT-FOR-US: pfSense CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote ...)