Author: federico-guest Date: 2012-07-03 21:19:23 +0000 (Tue, 03 Jul 2012) New Revision: 19652 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-07-03 21:15:41 UTC (rev 19651) +++ data/CVE/list 2012-07-03 21:19:23 UTC (rev 19652) @@ -3766,13 +3766,13 @@ CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX control in ...) NOT-FOR-US: IBM Lotus Quickr CVE-2012-2175 (Buffer overflow in the Attachment_Times method in a certain ActiveX ...) - TODO: check + NOT-FOR-US: IBM Lotus iNotes CVE-2012-2174 (The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote ...) NOT-FOR-US: Notes CVE-2012-2173 (The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 ...) NOT-FOR-US: AppScan CVE-2012-2172 (Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in ...) - TODO: check + NOT-FOR-US: IBM System Storage DS Storage Manager CVE-2012-2171 (SQL injection vulnerability in ModuleServlet.do in the Storage Manager ...) NOT-FOR-US: IBM System Storage DS Storage Manager CVE-2012-2170 (The Application Snoop Servlet in IBM WebSphere Application Server 7.0 ...) @@ -3794,11 +3794,11 @@ CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 ...) NOT-FOR-US: WebSphere CVE-2012-2161 (Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM ...) - TODO: check + NOT-FOR-US: IBM Security AppScan Source CVE-2012-2160 RESERVED CVE-2012-2159 (Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used ...) - TODO: check + NOT-FOR-US: IBM Eclipse Help System CVE-2012-2158 RESERVED CVE-2012-2157 @@ -4222,17 +4222,17 @@ CVE-2012-2018 RESERVED CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, ...) - TODO: check + NOT-FOR-US: HP Photosmart Wireless e-All-in-One CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) - TODO: check + NOT-FOR-US: HP System Management Homepage CVE-2012-2015 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) - TODO: check + NOT-FOR-US: HP System Management Homepage CVE-2012-2014 (HP System Management Homepage (SMH) before 7.1.1 does not properly ...) - TODO: check + NOT-FOR-US: HP System Management Homepage CVE-2012-2013 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) - TODO: check + NOT-FOR-US: HP System Management Homepage CVE-2012-2012 (HP System Management Homepage (SMH) before 7.1.1 does not have an off ...) - TODO: check + NOT-FOR-US: HP System Management Homepage CVE-2012-2011 (Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin ...) NOT-FOR-US: HP Web Jetadmin CVE-2012-2010 (The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha ...) @@ -4513,7 +4513,7 @@ CVE-2012-1890 RESERVED CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses ...) - TODO: check + NOT-FOR-US: Microsoft XML Core Services CVE-2012-1888 RESERVED CVE-2012-1887 @@ -4555,15 +4555,15 @@ CVE-2012-1869 RESERVED CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in ...) - TODO: check + NOT-FOR-US: Microsoft Windows XP CVE-2012-1867 (Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) - TODO: check + NOT-FOR-US: Windows Windows CVE-2012-1866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-1865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-1863 RESERVED CVE-2012-1862 @@ -4575,13 +4575,13 @@ CVE-2012-1859 RESERVED CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft ...) - TODO: check + NOT-FOR-US: MicrosoftInternet Explorer, Communicator, Lync CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise Portal ...) - TODO: check + NOT-FOR-US: Microsoft Dynamics AX CVE-2012-1856 RESERVED CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not ...) - TODO: check + NOT-FOR-US: Microsoft .NET Framework CVE-2012-1854 RESERVED CVE-2012-1853 @@ -4593,7 +4593,7 @@ CVE-2012-1850 RESERVED CVE-2012-1849 (Untrusted search path vulnerability in Microsoft Lync 2010, 2010 ...) - TODO: check + NOT-FOR-US: Microsoft Lync, Attendee,, Attendant CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1847 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; ...) @@ -4642,7 +4642,7 @@ CVE-2012-1826 (dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute ...) TODO: check CVE-2012-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the status ...) - TODO: check + NOT-FOR-US: ForeScout CounterACT CVE-2012-1824 (Untrusted search path vulnerability in Measuresoft ScadaPro Client ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...) @@ -5375,7 +5375,7 @@ CVE-2012-1524 RESERVED CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1522 RESERVED CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...) @@ -7342,15 +7342,15 @@ CVE-2012-0721 RESERVED CVE-2012-0720 (Cross-site scripting (XSS) vulnerability in the Integration Solution ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2012-0718 RESERVED CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2012-0715 (Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in ...) NOT-FOR-US: IBM Tivoli Change and Configuration Management Database CVE-2012-0714 @@ -7460,7 +7460,7 @@ CVE-2012-0678 RESERVED CVE-2012-0677 (Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote ...) - TODO: check + NOT-FOR-US: Apple iTunes CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state ...) - webkit <unfixed> NOTE: http://packetstormsecurity.sebug.net/files/download/112596/APPLE-SA-2012-05-09-2.txt @@ -8444,7 +8444,7 @@ CVE-2012-0305 RESERVED CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions ...) - TODO: check + NOT-FOR-US: Symantec LiveUpdate Administrator CVE-2012-0303 RESERVED CVE-2012-0302 @@ -9411,7 +9411,7 @@ CVE-2012-0192 (Multiple integer overflows in vclmi.dll in the visual class library ...) NOT-FOR-US: IBM Lotus Symphony CVE-2012-0191 (The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 ...) - TODO: check + NOT-FOR-US: IBM Lotus Expeditor CVE-2012-0190 (Unspecified vulnerability in the Render method in the ExportHTML.ocx ...) NOT-FOR-US: IBM SPSS Dimensions CVE-2012-0189 (Multiple unspecified vulnerabilities in the (1) PrintFile and (2) ...) @@ -9419,9 +9419,9 @@ CVE-2012-0188 (Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX ...) NOT-FOR-US: IBM SPSS Dimensions CVE-2012-0187 (Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and ...) - TODO: check + NOT-FOR-US: IBM Lotus Expeditor CVE-2012-0186 (Directory traversal vulnerability in the Eclipse Help component in IBM ...) - TODO: check + NOT-FOR-US: IBM Lotus Expeditor CVE-2011-4837 (Cross-site request forgery (CSRF) vulnerability in /ctrl in the web ...) NOT-FOR-US: HomeSeer CVE-2011-4836 (Cross-site scripting (XSS) vulnerability in the web interface in ...) @@ -9496,7 +9496,7 @@ CVE-2012-0174 (Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-0173 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-0172 (Microsoft Internet Explorer 6 through 8 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-0171 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) @@ -16813,7 +16813,7 @@ CVE-2011-2546 (SQL injection vulnerability in the web-based management interface on ...) NOT-FOR-US: Cisco SA 500 series appliances management interface CVE-2011-2545 (Cross-site scripting (XSS) vulnerability in the SIP implementation on ...) - TODO: check + NOT-FOR-US: Cisco SPA CVE-2011-2544 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...) NOT-FOR-US: Cisco CVE-2011-2543 (Buffer overflow in the cuil component in Cisco Telepresence System ...)