Author: helmut-guest
Date: 2011-12-09 20:41:00 +0000 (Fri, 09 Dec 2011)
New Revision: 17767
Modified:
data/CVE/list
Log:
NFUs, <undetermined>, <removed>
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-12-09 09:14:21 UTC (rev 17766)
+++ data/CVE/list 2011-12-09 20:41:00 UTC (rev 17767)
@@ -2157,7 +2157,7 @@
CVE-2010-4873 (Cross-site scripting (XSS) vulnerability in confirm.php in WeBid
0.8.5 ...)
NOT-FOR-US: WeBid
CVE-2010-4872 (SQL injection vulnerability in newsroom.asp in ASPilot Pilot
Cart 7.3 ...)
- NOT-FOR-US: SmartFTP
+ NOT-FOR-US: ASPilot Pilot Cart
CVE-2010-4871 (Unspecified vulnerability in SmartFTP before 4.0 Build 1142
allows ...)
NOT-FOR-US: SmartFTP
CVE-2010-4870 (SQL injection vulnerability in index.php in BloofoxCMS 0.3.5
allows ...)
@@ -3318,6 +3318,7 @@
CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server
before ...)
NOT-FOR-US: IceWarp Mail Server
CVE-2011-3578 (Cross-site scripting (XSS) vulnerability in ...)
+ - mantis <undetermined>
TODO: check, whether this was fixed in the DSA for CVE-2011-3357
CVE-2004-2770
REJECTED
@@ -3860,7 +3861,7 @@
TODO: file bug for kolab-cyrus-imapd
NOTE: medium because it allows to exploit CVE-2011-3208 unauthenticated
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOTE: PunBB
+ NOT-FOR-US: PunBB
CVE-2011-3370
RESERVED
CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe
before ...)
@@ -4778,7 +4779,7 @@
CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki
before ...)
NOT-FOR-US: Twiki
CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon
forking, ...)
- TODO: check
+ - ruby1.8 <undetermined>
CVE-2011-3008 (The default configuration of Avaya Secure Access Link (SAL)
Gateway ...)
NOT-FOR-US: Avaya Secure Access Link Gateway
CVE-2008-7298 (The Android browser in Android cannot properly restrict
modifications ...)
@@ -7143,7 +7144,7 @@
{DSA-2271-1}
- curl 7.21.6-2 (high; bug #631615)
CVE-2011-2191 (Cross-site request forgery (CSRF) vulnerability in
Cherokee-admin in ...)
- TODO: check
+ - cherokee <undetermined>
CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier
does ...)
- linux-2.6 2.6.35-1 (low)
[lenny] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN
privileges to abuse this)
@@ -9641,7 +9642,7 @@
CVE-2011-1341 (Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo
before ...)
NOT-FOR-US: Aimluck Aipo
CVE-2011-1340 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ - plone3 <removed>
CVE-2011-1339 (Cross-site scripting (XSS) vulnerability in Google Search
Appliance ...)
NOT-FOR-US: Google Search Appliance
CVE-2011-1338 (Untrusted search path vulnerability in XnView before 1.98.1
allows ...)