thr3ads.net - Secure testing commits - [Secure-testing-commits] r16427

If this information is useful, please help other people find it:
Share via:
Federico Ceratto
2011-Mar-24 08:58 UTC
[Secure-testing-commits] r16427 - data/CVE

Author: federico-guest
Date: 2011-03-24 08:58:00 +0000 (Thu, 24 Mar 2011)
New Revision: 16427

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-03-24 07:48:54 UTC (rev 16426)
+++ data/CVE/list	2011-03-24 08:58:00 UTC (rev 16427)
@@ -1,7 +1,7 @@
 CVE-2011-1506 (The STARTTLS implementation in Kerio Connect 7.1.4 build 2985
and ...)
-	TODO: check
+	NOT-FOR-US: Kerio
 CVE-2011-1505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before
8.1.0.27 ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Quickr
 CVE-2011-1504
 	RESERVED
 CVE-2011-1503
@@ -69,21 +69,21 @@
 CVE-2011-1472
 	RESERVED
 CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino
on AIX ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Quickr
 CVE-2009-5061 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before
8.1.0.14 ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Quickr
 CVE-2009-5060 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before
8.1.0.11 ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Quickr
 CVE-2009-5059 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before
8.1.0.10 ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Quickr
 CVE-2009-5058 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5
...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Quickr
 CVE-2008-7286 (IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino
does not ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Quickr
 CVE-2008-7285 (Unspecified vulnerability in the docnote string handling ...)
 	TODO: check
 CVE-2008-7284 (IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino
allows ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Quickr
 CVE-2011-1471 (Integer signedness error in zip_stream.c in the Zip extension in
PHP ...)
 	- php5 5.3.6-1
 CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent
...)
@@ -245,17 +245,17 @@
 CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security
...)
 	TODO: check
 CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC)
functionality in ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2011-1417 (QuickLook, as used in Apple Mac OS X before 10.6.7 and
MobileSafari in ...)
-	TODO: check
+	NOT-FOR-US: QuickLook,
 CVE-2011-1416 (The Research In Motion (RIM) BlackBerry Torch 9800 with firmware
...)
-	TODO: check
+	NOT-FOR-US: BlackBerry
 CVE-2011-1415
 	REJECTED
 CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in
e107 ...)
 	TODO: check
 CVE-2011-1414 (Cross-site scripting (XSS) vulnerability in the tibbr web
server, as ...)
-	TODO: check
+	NOT-FOR-US: TIBCO tibbr
 CVE-2011-1413 (Google Chrome before 10.0.648.127 on Linux does not properly
mitigate ...)
 	- chromium-browser 10.0.648.127~r76697-1
 	[squeeze] - chromium-browser <not-affected>
@@ -2351,7 +2351,7 @@
 CVE-2011-0649 (Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1
through ...)
 	NOT-FOR-US: TIBCO Rendezvous
 CVE-2011-0648 (Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: EMC Avamar
 CVE-2011-0647 (The irccd.exe service in EMC Replication Manager Client before
5.3 and ...)
 	NOT-FOR-US: EMC
 CVE-2011-0646 (SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS
allows ...)
@@ -2460,7 +2460,7 @@
 CVE-2011-0610
 	RESERVED
 CVE-2011-0609 (Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and
...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2011-0608 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
@@ -2891,7 +2891,7 @@
 CVE-2011-0443 (SQL injection vulnerability in inc/tinybb-settings.php in tinyBB
1.2, ...)
 	NOT-FOR-US: tinyBB
 CVE-2011-0442 (The service utility in EMC Avamar 5.x before 5.0.4 uses
cleartext to ...)
-	TODO: check
+	NOT-FOR-US: EMC Avamar
 CVE-2011-0441 [arbitrary files removal via cronjob]
 	RESERVED
 	{DSA-2195-1}
@@ -3122,7 +3122,7 @@
 CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in
...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-0345 (Directory traversal vulnerability in the NMS server in
Alcatel-Lucent ...)
-	TODO: check
+	NOT-FOR-US: Alcatel-Lucent OmniVista
 CVE-2011-0344 (Multiple stack-based buffer overflows in unspecified CGI
programs in ...)
 	NOT-FOR-US: Unified Maintenance Tool
 CVE-2011-0342
@@ -3148,7 +3148,7 @@
 CVE-2011-0332 (Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit
Phantom ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2011-0331 (Use-after-free vulnerability in the addOSPLext method in the
Honeywell ...)
-	TODO: check
+	NOT-FOR-US: Honeywell ScanServer
 CVE-2011-0330 (The Dell DellSystemLite.Scanner ActiveX control in
DellSystemLite.ocx ...)
 	NOT-FOR-US: Dell System Lite
 CVE-2011-0329 (Directory traversal vulnerability in the GetData method in the
Dell ...)
@@ -3166,7 +3166,7 @@
 CVE-2011-0323 (Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly
other ...)
 	NOT-FOR-US: Topaz Systems SigPlus
 CVE-2011-0322 (Unspecified vulnerability in EMC RSA Access Manager Server
5.5.x, ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Access Manager Server
 CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x
before ...)
 	NOT-FOR-US: EMC NetWorker
 CVE-2011-0320
@@ -3519,7 +3519,7 @@
 CVE-2010-4600 (Dojo Toolkit, as used in the Web client in IBM Rational
ClearQuest ...)
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2011-0280 (Multiple cross-site scripting (XSS) vulnerabilities in HP Power
...)
-	TODO: check
+	NOT-FOR-US: HP Power Manager
 CVE-2011-0279 (HP Multifunction Peripheral (MFP) Digital Sending Software (DSS)
...)
 	NOT-FOR-US: HP Multifunction Peripheral
 CVE-2011-0278 (Unspecified vulnerability in HP Web Jetadmin 10.2 Service
Release 3 ...)
@@ -3691,52 +3691,52 @@
 CVE-2011-0195
 	RESERVED
 CVE-2011-0194 (Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0193 (Multiple buffer overflows in Image RAW in Apple Mac OS X before
10.6.7 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0192 (Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly
other ...)
 	- tiff 3.9.4-7
 CVE-2011-0191 (Buffer overflow in LibTIFF in ImageIO in Apple iTunes before
10.2 on ...)
 	- tiff 3.9.4-1
 	NOTE: This might''ve been fixed earlier even
 CVE-2011-0190 (Install Helper in Installer in Apple Mac OS X before 10.6.7 does
not ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0189 (The default configuration of Terminal in Apple Mac OS X 10.6
before ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0188 (The VpMemAlloc function in bigdecimal.c in the BigDecimal class
in ...)
 	TODO: check
 CVE-2011-0187 (The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0186 (QuickTime in Apple Mac OS X before 10.6.7 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0185
 	RESERVED
 CVE-2011-0184 (QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0183 (Libinfo in Apple Mac OS X before 10.6.7 does not properly handle
an ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0182 (The i386_set_ldt system call in the kernel in Apple Mac OS X
before ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0181 (Integer overflow in ImageIO in Apple Mac OS X before 10.6.7
allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0180 (Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows
local ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0179 (CoreText in Apple Mac OS X before 10.6.7 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0178 (The FSFindFolder API in CarbonCore in Apple Mac OS X before
10.6.7 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0177 (Multiple buffer overflows in Apple Type Services (ATS) in Apple
Mac OS ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0176 (Multiple buffer overflows in Apple Type Services (ATS) in Apple
Mac OS ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0175 (Multiple buffer overflows in Apple Type Services (ATS) in Apple
Mac OS ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0174 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple
Mac ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0173 (Multiple format string vulnerabilities in AppleScript in Apple
Mac OS ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0172 (AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2011-0171
 	RESERVED
 CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple
iTunes ...)
@@ -3759,7 +3759,7 @@
 CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3,
does ...)
 	TODO: check
 CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not
...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3,
does ...)
 	TODO: check
 CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3,
does ...)
@@ -3767,9 +3767,9 @@
 CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before
4.3 does ...)
 	TODO: check
 CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement
...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
@@ -3843,7 +3843,7 @@
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 CVE-2011-0132 (Use-after-free vulnerability in the Runin box functionality in
the ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2011-0131 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
@@ -5282,7 +5282,7 @@
 CVE-2010-4229
 	RESERVED
 CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the
FTP ...)
-	TODO: check
+	NOT-FOR-US: Novell NetWare
 CVE-2010-4227 (The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5
before ...)
 	NOT-FOR-US: Novell Netware
 CVE-2010-4226
@@ -6939,7 +6939,7 @@
 CVE-2010-3610
 	RESERVED
 CVE-2010-3609 (Unspecified vulnerability in the Service Location Protocol
daemon ...)
-	TODO: check
+	NOT-FOR-US: VMware ESX
 CVE-2010-3659 [Multiple security issues]
 	RESERVED
 	{DSA-2098-1}
Secure testing commits - Mar 2011 - r16427 - data/CVE

[Secure-testing-commits] r16427 - data/CVE
