Author: jmm Date: 2012-02-14 17:02:26 +0000 (Tue, 14 Feb 2012) New Revision: 18434 Modified: data/CVE/list Log: new smokeping issue glib hash CVEfied NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-02-13 21:14:29 UTC (rev 18433) +++ data/CVE/list 2012-02-14 17:02:26 UTC (rev 18434) @@ -1,9 +1,9 @@ CVE-2012-1048 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: eFront Community++ CVE-2012-1047 (Directory traversal vulnerability in the WWWHELP Service ...) - TODO: check + NOT-FOR-US: Cyberoam Central Console CVE-2012-1046 (Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 ...) - TODO: check + NOT-FOR-US: IBM Cognos CVE-2012-1045 RESERVED CVE-2012-1044 @@ -597,7 +597,7 @@ - horde3 <unfixed> - imp4 <unfixed> (bug #659392) CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping ...) - TODO: check + - smokeping <unfixed> (bug filed) CVE-2012-0789 RESERVED CVE-2012-0788 @@ -1502,8 +1502,6 @@ NOTE: Not exploitable without OpenPAM CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the "external ...) NOT-FOR-US: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755. All products listed there are not part of Debian. -CVE-2011-XXXX [glib hashtable dos issues: ocert-2011-003] - - glib2.0 <unfixed> (low; bug #655044) CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain ...) - gnutls28 3.0.11-1 - gnutls26 <not-affected> (lacks DTLS support and is not affected) @@ -1658,7 +1656,7 @@ CVE-2012-0315 RESERVED CVE-2012-0314 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) - TODO: check + NOT-FOR-US: eAccess Pocket WiFi CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 ...) NOT-FOR-US: glucose CVE-2012-0312 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...) @@ -1706,7 +1704,7 @@ CVE-2012-0291 RESERVED CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...) - TODO: check + NOT-FOR-US: Symantec pcAnywhere CVE-2012-0289 RESERVED CVE-2011-5052 (Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote ...) @@ -2332,21 +2330,21 @@ CVE-2011-4880 RESERVED CVE-2011-4879 (miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4878 (Directory traversal vulnerability in miniweb.exe in the HMI web server ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4877 (HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4876 (Directory traversal vulnerability in HmiLoad in the runtime loader in ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4875 (Stack-based buffer overflow in HmiLoad in the runtime loader in ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4874 RESERVED CVE-2011-4873 (Unspecified vulnerability in the server in Certec EDV atvise before ...) NOT-FOR-US: Certec EDV atvise CVE-2011-4872 (Multiple HTC Android devices including Desire HD FRG83D and GRI40, ...) - TODO: check + NOT-FOR-US: Android devices CVE-2011-4871 RESERVED CVE-2011-4870 (Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and ...) @@ -2545,7 +2543,7 @@ CVE-2012-0195 RESERVED CVE-2012-0194 (The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large ...) - TODO: check + NOT-FOR-US: AIX CVE-2012-0193 (IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-0192 (Multiple integer overflows in vclmi.dll in the visual class library ...) @@ -2788,9 +2786,9 @@ CVE-2011-4792 RESERVED CVE-2011-4791 (DBServer.exe in HP Data Protector Media Operations 6.11 and earlier ...) - TODO: check + NOT-FOR-US: HP Data Protector CVE-2011-4790 (Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, ...) - TODO: check + NOT-FOR-US: HP Network Automation CVE-2011-4789 (Stack-based buffer overflow in magentservice.exe in the server in HP ...) NOT-FOR-US: HP Diagnostics CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP ...) @@ -2872,13 +2870,13 @@ CVE-2012-0101 (Unspecified vulnerability in the MySQL Server component in Oracle ...) - mysql-5.1 <unfixed> (bug #659687) CVE-2012-0100 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express ...) - TODO: check + NOT-FOR-US: Oracle Solaris CVE-2012-0099 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express ...) - TODO: check + NOT-FOR-US: Oracle Solaris CVE-2012-0098 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...) NOT-FOR-US: Oracle Solaris CVE-2012-0097 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...) - TODO: check + NOT-FOR-US: Oracle Solaris CVE-2012-0096 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...) NOT-FOR-US: Oracle Solaris CVE-2012-0095 @@ -3219,7 +3217,7 @@ - simplesamlphp 1.8.2-1 NOTE: http://groups.google.com/group/simplesamlphp-announce/browse_thread/thread/cb96723ee3c6751e CVE-2012-0039 (** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function ...) - TODO: check + - glib2.0 <unfixed> (unimportant; bug #655044) CVE-2012-0038 RESERVED - linux-2.6 <unfixed> @@ -3730,9 +3728,9 @@ CVE-2011-4535 RESERVED CVE-2011-4534 (ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows ...) - TODO: check + NOT-FOR-US: COPA-DATA CVE-2011-4533 (zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows ...) - TODO: check + NOT-FOR-US: COPA-DATA CVE-2011-4532 (Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ...) NOT-FOR-US: Siemens Automation License Manager CVE-2011-4531 (Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 ...) @@ -3777,19 +3775,19 @@ CVE-2011-4515 RESERVED CVE-2011-4514 (The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4513 (Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4512 (CRLF injection vulnerability in the HMI web server in Siemens WinCC ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4511 (Cross-site scripting (XSS) vulnerability in the HMI web server in ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4510 (Cross-site scripting (XSS) vulnerability in the HMI web server in ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4509 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2011-4508 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2010-5062 (SQL injection vulnerability in search.php in MH Products ...) NOT-FOR-US: MH Products kleinanzeigenmarkt CVE-2010-5061 (SQL injection vulnerability in index.php in RSStatic allows remote ...) @@ -4459,7 +4457,7 @@ CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum ...) NOT-FOR-US: CourseForum CVE-2011-4276 (The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) ...) - TODO: check + NOT-FOR-US: Android CVE-2011-4275 (Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT ...) NOT-FOR-US: IT Operations Portal CVE-2011-4274 (Cross-site scripting (XSS) vulnerability in the A-Form PC and ...) @@ -4789,7 +4787,7 @@ CVE-2011-4195 RESERVED CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open Enterprise ...) - TODO: check + NOT-FOR-US: Novell iPrint CVE-2011-4193 RESERVED CVE-2011-4192 @@ -4900,9 +4898,9 @@ CVE-2011-4145 RESERVED CVE-2011-4144 (Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 ...) - TODO: check + NOT-FOR-US: EMC CVE-2011-4143 (EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote ...) - TODO: check + NOT-FOR-US: EMC CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before ...) NOT-FOR-US: EMC SourceOne Email Management CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software Token ...)