Author: helmut-guest Date: 2011-07-20 08:46:08 +0000 (Wed, 20 Jul 2011) New Revision: 16959 Modified: data/CVE/list Log: NFUs, tomcat Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-07-20 08:19:23 UTC (rev 16958) +++ data/CVE/list 2011-07-20 08:46:08 UTC (rev 16959) @@ -1,27 +1,27 @@ CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a page ...) TODO: check CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass ACL rules ...) - TODO: check + NOT-FOR-US: Brocade BigIron RX CVE-2011-2759 (The login page of IDSWebApp in the Web Administration Tool in IBM ...) - TODO: check + NOT-FOR-US: IBM Tivoli Directory Server CVE-2011-2758 (IDSWebApp in the Web Administration Tool in IBM Tivoli Directory ...) - TODO: check + NOT-FOR-US: IBM Tivoli Directory Server CVE-2011-2757 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine ...) - TODO: check + NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2011-2756 (FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build ...) - TODO: check + NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2011-2755 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine ...) - TODO: check + NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2011-2754 (Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page ...) - TODO: check + NOT-FOR-US: IBM WebSphere Portal CVE-2011-2753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) TODO: check CVE-2011-2752 (CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows ...) TODO: check CVE-2011-2751 (SQL injection vulnerability in Parodia before 6.809 allows remote ...) - TODO: check + NOT-FOR-US: Parodia CVE-2011-2750 (NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Novell File Reporter CVE-2011-2749 RESERVED CVE-2011-2748 @@ -552,7 +552,11 @@ - qemu-kvm 0.14.1+dfsg-3 (bug #633669) - kvm <not-affected> (Vulnerable code not present) CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before ...) - TODO: check + - tomcat6 <undetermined> + - tomcat7 <undetermined> + NOTE: tomcat6 likely affected. sid: 6.0.32-5, fixed-upstream: 6.0.33 + NOTE: tomcat7 likely affected. sid: 7.0.16-3, fixed-upstream: 7.0.19 + TODO: check further packages CVE-2011-2525 RESERVED - linux-2.6 2.6.35-1 @@ -1268,7 +1272,7 @@ CVE-2011-2221 RESERVED CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File Reporter ...) - TODO: check + NOT-FOR-US: Novell File Reporter CVE-2011-2219 RESERVED CVE-2011-2218 @@ -3809,7 +3813,7 @@ CVE-2011-1339 RESERVED CVE-2011-1338 (Untrusted search path vulnerability in XnView before 1.98.1 allows ...) - TODO: check + NOT-FOR-US: XnView CVE-2011-1337 (Opera before 11.50 allows remote attackers to cause a denial of ...) NOT-FOR-US: Opera CVE-2011-1336 (Buffer overflow in ALZip 8.21 and earlier allows remote attackers to ...) @@ -4078,9 +4082,9 @@ CVE-2011-1224 (IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not ...) NOT-FOR-US: IBM WebSphere MQ CVE-2011-1223 (Buffer overflow in the Alternate Data Stream (aka ADS or named stream) ...) - TODO: check + NOT-FOR-US: IBM Tivoli Storage Manager CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in the ...) - TODO: check + NOT-FOR-US: IBM Tivoli Storage Manager CVE-2011-1221 RESERVED CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM ...) @@ -6151,7 +6155,7 @@ CVE-2011-0550 RESERVED CVE-2011-0549 (SQL injection vulnerability in forget.php in the management GUI in ...) - TODO: check + NOT-FOR-US: Symantec Web Gateway CVE-2011-0548 (Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in ...) TODO: check CVE-2011-0547 @@ -6825,7 +6829,7 @@ CVE-2011-0288 RESERVED CVE-2011-0287 (Unspecified vulnerability in the BlackBerry Administration API in ...) - TODO: check + NOT-FOR-US: BlackBerry products CVE-2011-0286 (Cross-site scripting (XSS) vulnerability in webdesktop/app in the ...) NOT-FOR-US: BlackBerry Enterprise Server CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)