Author: federico-guest Date: 2011-09-17 16:34:40 +0000 (Sat, 17 Sep 2011) New Revision: 17255 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-09-17 11:26:50 UTC (rev 17254) +++ data/CVE/list 2011-09-17 16:34:40 UTC (rev 17255) @@ -172,7 +172,7 @@ [lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1) NOTE: http://www.wireshark.org/security/wnpa-sec-2011-12.html CVE-2011-3422 (The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2011-3421 (Multiple unspecified vulnerabilities in Google Chrome before ...) - chromium-browser <unfixed> - webkit <undetermined> @@ -230,9 +230,9 @@ CVE-2011-3395 RESERVED CVE-2011-3394 (SQL injection vulnerability in findagent.php in MYRE Real Estate ...) - TODO: check + NOT-FOR-US: MYRE Real Estate CVE-2011-3393 (Multiple cross-site scripting (XSS) vulnerabilities in findagent.php ...) - TODO: check + NOT-FOR-US: MYRE Real Estate CVE-2009-5095 (PHP remote file inclusion vulnerability in index_inc.php in ea gBook ...) TODO: check CVE-2009-5094 (SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate ...) @@ -246,11 +246,11 @@ CVE-2009-5090 (SQL injection vulnerability in editcomments.php in Bloggeruniverse ...) TODO: check CVE-2009-5089 (Directory traversal vulnerability in index.php in IdeaCart 0.02 and ...) - TODO: check + NOT-FOR-US: IdeaCart CVE-2009-5088 (SQL injection vulnerability in secure/index.php in IdeaCart 0.02 ...) - TODO: check + NOT-FOR-US: IdeaCart CVE-2009-5087 (Directory traversal vulnerability in geohttpserver in Geovision ...) - TODO: check + NOT-FOR-US: Geovision Digital Video Surveillance System CVE-2011-3392 (Cross-site scripting (XSS) vulnerability in control.php in the ...) NOT-FOR-US: Phorum CVE-2011-3391 (IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code ...) @@ -402,7 +402,7 @@ CVE-2010-4831 (Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in ...) TODO: check CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance Configuration ...) - TODO: check + NOT-FOR-US: Juniper IDP CVE-2011-XXXX [vsftpd namespace DoS] - vsftpd 2.3.4-1 (bug #629373) [squeeze] - vsftpd 2.3.2-3+squeeze3 @@ -445,9 +445,9 @@ CVE-2011-3323 RESERVED CVE-2011-3322 (Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon ...) - TODO: check + NOT-FOR-US: Scadatec Limited Procyon SCADA CVE-2011-3321 (Heap-based buffer overflow in the Siemens WinCC Runtime Advanced ...) - TODO: check + NOT-FOR-US: SIMATIC WinCC CVE-2011-3320 RESERVED CVE-2011-3319 @@ -909,11 +909,11 @@ CVE-2011-XXXX [Fix decode_xs n-byte heap-overflow security bug in Unicode.xs] - perl 5.12.4-4 CVE-2011-3134 (Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, ...) - TODO: check + NOT-FOR-US: TIBCO Spotfire Server CVE-2011-3133 (Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before ...) TODO: check CVE-2011-3132 (Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server ...) - TODO: check + NOT-FOR-US: TIBCO Spotfire Server CVE-2011-3131 RESERVED CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ...) @@ -1957,11 +1957,11 @@ CVE-2011-2738 RESERVED CVE-2011-2737 (RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: RSA enVision CVE-2011-2736 (RSA enVision 4.x before 4 SP4 P3 places cleartext administrative ...) - TODO: check + NOT-FOR-US: RSA enVision CVE-2011-2735 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before ...) - TODO: check + NOT-FOR-US: EMC AutoStart CVE-2011-2734 RESERVED CVE-2011-2733 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...) @@ -2156,7 +2156,7 @@ CVE-2011-2672 RESERVED CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th ...) - TODO: check + NOT-FOR-US: Megalith CVE-2011-2670 RESERVED CVE-2011-2669 @@ -2343,7 +2343,7 @@ CVE-2011-2596 RESERVED CVE-2011-2595 (Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build ...) - TODO: check + NOT-FOR-US: ACDSee FotoSlate CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other ...) TODO: check CVE-2011-2593 @@ -2371,7 +2371,7 @@ CVE-2011-2582 RESERVED CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before ...) - TODO: check + NOT-FOR-US: Cisco NX-OS CVE-2011-2580 RESERVED CVE-2011-2579 @@ -2405,15 +2405,15 @@ CVE-2011-2565 RESERVED CVE-2011-2564 (Unspecified vulnerability in the Service Advertisement Framework (SAF) ...) - TODO: check + NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-2563 (Unspecified vulnerability in the Service Advertisement Framework (SAF) ...) - TODO: check + NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-2562 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...) - TODO: check + NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-2561 (The SIP process in Cisco Unified Communications Manager (aka CUCM, ...) - TODO: check + NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-2560 (The Packet Capture Service in Cisco Unified Communications Manager ...) - TODO: check + NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-2559 RESERVED CVE-2011-2558 @@ -2423,7 +2423,7 @@ CVE-2011-2556 RESERVED CVE-2011-2555 (Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a ...) - TODO: check + NOT-FOR-US: Cisco TelePresence Recording Server CVE-2011-2554 RESERVED CVE-2011-2553 @@ -3893,29 +3893,29 @@ CVE-2011-1992 RESERVED CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; ...) - TODO: check + NOT-FOR-US: Microsoft Excel CVE-2011-1989 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel ...) - TODO: check + NOT-FOR-US: Microsoft Excel CVE-2011-1988 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; ...) - TODO: check + NOT-FOR-US: Microsoft Excel CVE-2011-1987 (Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in ...) - TODO: check + NOT-FOR-US: Microsoft Excel CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft Excel CVE-2011-1985 RESERVED CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2011-1983 RESERVED CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2011-1981 RESERVED CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2011-1979 (Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate ...) NOT-FOR-US: Microsoft Visio CVE-2011-1978 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly ...) @@ -4151,13 +4151,13 @@ CVE-2011-1894 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...) - TODO: check + NOT-FOR-US: Microsoft SharePoint CVE-2011-1892 (Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2011-1891 (Cross-site scripting (XSS) vulnerability in Microsoft Windows ...) - TODO: check + NOT-FOR-US: Microsoft SharePoint CVE-2011-1890 (Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft SharePoint CVE-2011-1889 (The NSPLookupServiceNext function in the client in Microsoft Forefront ...) NOT-FOR-US: Microsoft Forefront Threat Management Gateway CVE-2011-1888 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 ...) @@ -4888,7 +4888,7 @@ CVE-2011-1644 RESERVED CVE-2011-1643 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) - TODO: check + NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-1642 RESERVED CVE-2011-1641 @@ -5768,7 +5768,7 @@ CVE-2011-1360 RESERVED CVE-2011-1359 (Directory traversal vulnerability in the administration console in IBM ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2011-1358 RESERVED CVE-2011-1357 (Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web ...) @@ -5803,9 +5803,9 @@ CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli ...) NOT-FOR-US: Tivoli CVE-2011-1342 (SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ...) - TODO: check + NOT-FOR-US: Aimluck Aipo CVE-2011-1341 (Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before ...) - TODO: check + NOT-FOR-US: Aimluck Aipo CVE-2011-1340 (Cross-site scripting (XSS) vulnerability in ...) TODO: check CVE-2011-1339 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...) @@ -7912,7 +7912,7 @@ CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in the ...) NOT-FOR-US: Windows 2003 CVE-2011-0653 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...) - TODO: check + NOT-FOR-US: Microsoft SharePoint CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look ''n'' Stop Firewall 2.06p4 and 2.07 ...) NOT-FOR-US: Look ''n'' Stop Firewall CVE-2011-0651 (Buffer overflow in the key exchange functionality in Icon Labs ...) @@ -8161,7 +8161,7 @@ CVE-2011-0548 (Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in ...) NOT-FOR-US: Lotus Freelance Graphics CVE-2011-0547 (Multiple integer overflows in vxsvc.exe in the Veritas Enterprise ...) - TODO: check + NOT-FOR-US: Veritas CVE-2011-0546 (Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not ...) NOT-FOR-US: Symantec Backup Exec CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in ...) @@ -9165,7 +9165,7 @@ CVE-2011-0259 RESERVED CVE-2011-0258 (Apple QuickTime before 7.7 on Windows allows remote attackers to ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2011-0257 (Integer signedness error in Apple QuickTime before 7.7 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2011-0256 (Integer overflow in Apple QuickTime before 7.7 allows remote attackers ...) @@ -9237,7 +9237,7 @@ CVE-2011-0229 RESERVED CVE-2011-0228 (The Data Security component in Apple iOS before 4.2.10 and 4.3.x ...) - TODO: check + NOT-FOR-US: Apple iOS CVE-2011-0227 (The queueing primitives in IOMobileFrameBuffer in Apple iOS before ...) NOT-FOR-US: Apple iOS CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, ...) @@ -9273,9 +9273,9 @@ - webkit <undetermined> TODO: recheck, title says it affects some libxml CVE-2011-0215 (ImageIO in Apple Safari before 5.0.6 on Windows does not properly ...) - TODO: check + NOT-FOR-US: ImageIO in Apple Safari CVE-2011-0214 (CFNetwork in Apple Safari before 5.0.6 on Windows does not properly ...) - TODO: check + NOT-FOR-US: CFNetwork in Apple Safari CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows ...) NOT-FOR-US: QuickTime in Apple Mac OS CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to ...)