Author: helmut-guest
Date: 2012-03-01 20:58:50 +0000 (Thu, 01 Mar 2012)
New Revision: 18567
Modified:
data/CVE/list
Log:
CVE/list update (undetermined, NFUs, changed NFU)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-02-29 22:10:10 UTC (rev 18566)
+++ data/CVE/list 2012-03-01 20:58:50 UTC (rev 18567)
@@ -2422,9 +2422,9 @@
CVE-2012-0365 (Directory traversal vulnerability in the Local TFTP file-upload
...)
TODO: check
CVE-2012-0364 (Cisco SRP 520 series devices with firmware before 1.1.26 and SRP
...)
- TODO: check
+ NOT-FOR-US: Cisco SRP devices
CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware
before ...)
- TODO: check
+ NOT-FOR-US: Cisco SRP devices
CVE-2012-0362
RESERVED
CVE-2012-0361
@@ -2470,7 +2470,7 @@
CVE-2012-0341
RESERVED
CVE-2012-0340 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
- NOT-FOR-US: Advantech Studio
+ NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2012-0339
RESERVED
CVE-2012-0338
@@ -5235,7 +5235,9 @@
[lenny] - nginx <no-dsa> (Minor issue)
NOTE: http://trac.nginx.org/nginx/changeset/4268/nginx
CVE-2011-4314 (message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as
used ...)
- TODO: check
+ - openid4java <undetermined>
+ - jbossas4 <undetermined>
+ NOTE: jbossas4 may contain an embedded copy as it does not depend on
openid4java
CVE-2011-4313 (query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through
9.4-ESV-R5, ...)
{DSA-2347-1}
- bind9 1:9.8.1.dfsg.P1-1 (high; bug #649099)
@@ -7677,7 +7679,7 @@
CVE-2011-3565 (Unspecified vulnerability in Oracle Communications Unified 7.0
allows ...)
NOT-FOR-US: Oracle Communications Unified
CVE-2011-3564 (Unspecified vulnerability in Oracle GlassFish Enterprise Server
2.1.1 ...)
- TODO: check
+ - glassfish <undetermined>
CVE-2011-3563 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
{DSA-2420-1}
- openjdk-6 6b24-1.11.1-1
@@ -9158,7 +9160,8 @@
{DSA-2410-1}
- libpng 1.2.46-5 (high; bug #660026)
CVE-2011-3025 (Google Chrome before 17.0.963.56 does not properly parse H.264
data, ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2011-3024 (Google Chrome before 17.0.963.56 allows remote attackers to
cause a ...)
- chromium-browser 17.0.963.56~r121963-1
- webkit <undetermined>
@@ -11090,7 +11093,11 @@
CVE-2011-2394
RESERVED
CVE-2011-2393 (The Neighbor Discovery (ND) protocol implementation in the IPv6
stack ...)
- TODO: check
+ - kfreebsd-7 <undetermined>
+ - kfreebsd-8 <undetermined>
+ - kfreebsd-9 <undetermined>
+ - kfreebsd-10 <undetermined>
+ NOTE: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
CVE-2011-2392
RESERVED
CVE-2011-2391
@@ -13379,7 +13386,7 @@
{DSA-2226-1}
- libmodplug 1:0.8.8.2-1 (low; bug #622091)
CVE-2011-1573 (net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when
...)
- TODO: check
+ - linux-2.6 <undetermined>
CVE-2011-1572 (Directory traversal vulnerability in the Admin Defined Commands
(ADC) ...)
{DSA-2215-1}
- gitolite 1.5.7-2
@@ -18288,7 +18295,7 @@
CVE-2010-4564
RESERVED
CVE-2010-4563 (The Linux kernel, when using IPv6, allows remote attackers to
...)
- TODO: check
+ - linux-2.6 <undetermined>
CVE-2010-4562 (Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using
IPv6, ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-4561