Author: helmut-guest Date: 2012-05-12 09:43:14 +0000 (Sat, 12 May 2012) New Revision: 19230 Modified: data/CVE/list Log: lots of NFUs (Cisco, Oracle), undetermined glassfish Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-05-12 09:14:54 UTC (rev 19229) +++ data/CVE/list 2012-05-12 09:43:14 UTC (rev 19230) @@ -3271,7 +3271,7 @@ CVE-2012-1243 (The TwitRocker2 application before 1.0.23 for Android does not ...) NOT-FOR-US: Android app CVE-2012-1242 (Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, ...) - TODO: check + NOT-FOR-US: various Ichitaro products CVE-2012-1241 (GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 ...) NOT-FOR-US: ActiveScriptRuby CVE-2012-1240 (Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo ...) @@ -4628,23 +4628,23 @@ CVE-2012-0738 RESERVED CVE-2012-0737 (Cross-site scripting (XSS) vulnerability in IBM Rational AppScan ...) - TODO: check + NOT-FOR-US: IBM Rational AppScan CVE-2012-0736 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...) - TODO: check + NOT-FOR-US: IBM Rational AppScan CVE-2012-0735 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...) - TODO: check + NOT-FOR-US: IBM Rational AppScan CVE-2012-0734 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...) - TODO: check + NOT-FOR-US: IBM Rational AppScan CVE-2012-0733 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when ...) - TODO: check + NOT-FOR-US: IBM Rational AppScan CVE-2012-0732 (The Enterprise Console client in IBM Rational AppScan Enterprise 5.x ...) - TODO: check + NOT-FOR-US: IBM Rational AppScan CVE-2012-0731 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...) - TODO: check + NOT-FOR-US: IBM Rational AppScan CVE-2012-0730 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...) - TODO: check + NOT-FOR-US: IBM Rational AppScan CVE-2012-0729 (Unrestricted file upload vulnerability in IBM Rational AppScan ...) - TODO: check + NOT-FOR-US: IBM Rational AppScan CVE-2012-0728 RESERVED CVE-2012-0727 @@ -5011,113 +5011,113 @@ CVE-2012-0562 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) TODO: check CVE-2012-0561 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0560 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0559 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0558 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...) - TODO: check + NOT-FOR-US: Oracle Primavera Products Suite CVE-2012-0557 (Unspecified vulnerability in the Oracle Outside In Technology ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0556 (Unspecified vulnerability in the Oracle Outside In Technology ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0555 (Unspecified vulnerability in the Oracle Outside In Technology ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0554 (Unspecified vulnerability in the Oracle Outside In Technology ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0553 RESERVED CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0551 (Unspecified vulnerability in the GlassFish Enterprise Server component ...) - TODO: check + - glassfish <undetermined> CVE-2012-0550 (Unspecified vulnerability in the GlassFish Enterprise Server component ...) - TODO: check + - glassfish <undetermined> CVE-2012-0549 (Unspecified vulnerability in the Oracle AutoVue Office component in ...) - TODO: check + NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0548 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers ...) - TODO: check + NOT-FOR-US: Oracle SPARC Enterprise M Series Servers XCP 1110 CVE-2012-0547 RESERVED CVE-2012-0546 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) - TODO: check + NOT-FOR-US: Oracle Financial Services Software CVE-2012-0545 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) - TODO: check + NOT-FOR-US: Oracle Financial Services Software CVE-2012-0544 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) - TODO: check + NOT-FOR-US: Oracle Financial Services Software CVE-2012-0543 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0542 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2012-0541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) - TODO: check + NOT-FOR-US: Oracle Financial Services Software CVE-2012-0540 RESERVED CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...) - TODO: check + NOT-FOR-US: Oracle Sun Solaris CVE-2012-0538 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0537 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2012-0536 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0535 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2012-0534 (Unspecified vulnerability in the RDBMS Core component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0533 (Unspecified vulnerability in the PeopleSoft Enterprise FCSM component ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0532 (Unspecified vulnerability in the Identity Manager component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0531 (Unspecified vulnerability in the PeopleSoft Enterprise Portal ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0530 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0529 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0528 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0527 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0526 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0525 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0524 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0523 (Unspecified vulnerability in the Oracle Grid Engine component in ...) - gridengine <unfixed> NOTE: http://www.securityfocus.com/bid/53132 NOTE: http://gridscheduler.sourceforge.net/security.html CVE-2012-0522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0520 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0519 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0518 RESERVED CVE-2012-0517 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0516 (Unspecified vulnerability in the Oracle iPlanet Web Server component ...) - TODO: check + NOT-FOR-US: Oracle Sun Products Suite CVE-2012-0515 (Unspecified vulnerability in the Identity Manager Connector component ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0514 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0513 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2012-0512 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0511 (Unspecified vulnerability in the OCI component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0510 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database Server CVE-2012-0509 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) - TODO: check + NOT-FOR-US: Oracle Financial Services Software CVE-2012-0508 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 <not-affected> (JavaFX not part of OpenJDK) - openjdk-7 <not-affected> (JavaFX not part of OpenJDK) @@ -5633,9 +5633,9 @@ CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware before ...) NOT-FOR-US: Cisco SRP devices CVE-2012-0362 (The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2012-0361 (The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2012-0360 RESERVED CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote attackers ...) @@ -5679,19 +5679,19 @@ CVE-2012-0340 (Cross-site scripting (XSS) vulnerability in the management interface ...) NOT-FOR-US: Cisco IronPort Encryption Appliance CVE-2012-0339 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2012-0338 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2012-0337 (SQL injection vulnerability in the web component in Cisco Unified ...) - TODO: check + NOT-FOR-US: Cisco CVE-2012-0336 RESERVED CVE-2012-0335 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) - TODO: check + NOT-FOR-US: Cisco CVE-2012-0334 RESERVED CVE-2012-0333 (Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and ...) - TODO: check + NOT-FOR-US: Cisco CVE-2012-0332 RESERVED CVE-2012-0331 (Cisco TelePresence Video Communication Server with software before ...) @@ -5882,7 +5882,7 @@ CVE-2012-0280 RESERVED CVE-2012-0279 (Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: ...) - TODO: check + NOT-FOR-US: Quest (quest.com) Toad CVE-2012-0278 (Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for ...) NOT-FOR-US: IrfanView CVE-2012-0277 @@ -5906,7 +5906,7 @@ NOTE: http://secunia.com/secunia_research/2012-3/ NOTE: http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f CVE-2012-0269 (Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 ...) - TODO: check + NOT-FOR-US: various Ichitaro products CVE-2012-0268 (Integer overflow in the CYImage::LoadJPG method in YImage.dll in ...) NOT-FOR-US: Yahoo! Messenger CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows ...) @@ -8847,7 +8847,7 @@ CVE-2011-4238 RESERVED CVE-2011-4237 (CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-4236 RESERVED CVE-2011-4235 @@ -8857,9 +8857,9 @@ CVE-2011-4233 RESERVED CVE-2011-4232 (The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-4231 (Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2011-4230 RESERVED CVE-2011-4229 @@ -9682,25 +9682,25 @@ - ocsinventory-server 2.0.2-1 (unimportant) NOTE: Authentication is needed, only supported in trusted environments, see debtags CVE-2011-4023 (Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-4022 (The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-4021 RESERVED CVE-2011-4020 RESERVED CVE-2011-4019 (Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2011-4018 RESERVED CVE-2011-4017 RESERVED CVE-2011-4016 (The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2011-4015 (Cisco IOS 15.2S allows remote attackers to cause a denial of service ...) NOT-FOR-US: Cisco IOS CVE-2011-4014 (The TAC Case Attachment tool in Cisco Wireless Control System (WCS) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-4013 RESERVED CVE-2011-4012 (Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) ...) @@ -9716,7 +9716,7 @@ CVE-2011-4007 (Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set ...) NOT-FOR-US: Cisco IOS CVE-2011-4006 (The ESMTP inspection feature on Cisco Adaptive Security Appliances ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-4005 (Cross-site request forgery (CSRF) vulnerability in the Services Ready ...) NOT-FOR-US: Cisco SRP CVE-2011-4004 (Buffer overflow in the ATAS32 processing functionality in the Cisco ...) @@ -11766,7 +11766,7 @@ CVE-2011-3318 (Cisco Video Surveillance 2421 and 2500 series cameras with software ...) NOT-FOR-US: Cisco CVE-2011-3317 (Multiple cross-site scripting (XSS) vulnerabilities in the Solution ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-3316 RESERVED CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified Communications ...) @@ -11782,7 +11782,7 @@ CVE-2011-3310 (The Home Page component in Cisco CiscoWorks Common Services before 4.1 ...) NOT-FOR-US: Cisco CiscoWorks CVE-2011-3309 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-3308 RESERVED CVE-2011-3307 @@ -11814,7 +11814,7 @@ CVE-2011-3294 (Cross-site scripting (XSS) vulnerability in the login page in the ...) NOT-FOR-US: Cisco TelePresence CVE-2011-3293 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-3292 RESERVED CVE-2011-3291 @@ -11830,11 +11830,11 @@ CVE-2011-3286 RESERVED CVE-2011-3285 (CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-3284 RESERVED CVE-2011-3283 (Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Cisco CVE-2011-3282 (Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, ...) NOT-FOR-US: Cisco CVE-2011-3281 (Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain ...) @@ -14048,7 +14048,7 @@ CVE-2011-2584 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows ...) NOT-FOR-US: Cisco Show and Share CVE-2011-2583 (Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows ...) - TODO: check + NOT-FOR-US: Cisco CCX CVE-2011-2582 RESERVED CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before ...)