Author: geissert Date: 2012-08-21 14:59:11 +0000 (Tue, 21 Aug 2012) New Revision: 19999 Modified: data/CVE/list Log: some NFUs, one ruby-sqlite3 issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-08-21 13:18:05 UTC (rev 19998) +++ data/CVE/list 2012-08-21 14:59:11 UTC (rev 19999) @@ -1,17 +1,17 @@ CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA ...) - TODO: check + NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA ...) - TODO: check + NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4357 (Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 ...) - TODO: check + NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4356 (Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog ...) - TODO: check + NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4355 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and ...) - TODO: check + NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4354 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and ...) - TODO: check + NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4353 (Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog ...) - TODO: check + NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4352 RESERVED CVE-2012-XXXX [geshi XSS in contrib/langwiz.php] @@ -770,9 +770,9 @@ CVE-2012-4008 RESERVED CVE-2012-4007 (The mixi application before 4.3.0 for Android allows remote attackers ...) - TODO: check + NOT-FOR-US: mixi application for Android CVE-2012-4006 (The GREE application before 1.4.0, GREE Tanken Dorirando application ...) - TODO: check + NOT-FOR-US: GREE application for Android CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android does not ...) NOT-FOR-US: NHN Japan NAVER LINE CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile ...) @@ -3001,9 +3001,9 @@ CVE-2012-3026 RESERVED CVE-2012-3025 (The default configuration of Tridium Niagara AX Framework through 3.6 ...) - TODO: check + NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-3024 (Tridium Niagara AX Framework through 3.6 uses predictable values for ...) - TODO: check + NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-3023 RESERVED CVE-2012-3022 @@ -5046,7 +5046,7 @@ CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition ...) NOT-FOR-US: IBM WebSphere MQ File Transfer Edition CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...) - TODO: check + NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2204 RESERVED CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM ...) @@ -5120,15 +5120,15 @@ CVE-2012-2169 (Cross-site scripting (XSS) vulnerability in the file-upload ...) TODO: check CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 ...) - TODO: check + NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2167 RESERVED CVE-2012-2166 RESERVED CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, ...) - TODO: check + NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x ...) - TODO: check + NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2163 (IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 ...) NOT-FOR-US: IBM Scale Out Network Attached Storage CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 ...) @@ -8666,7 +8666,7 @@ CVE-2012-0745 (The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 ...) NOT-FOR-US: IBM AIX CVE-2012-0744 (IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 ...) - TODO: check + NOT-FOR-US: IBM Rational ClearQuest CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...) @@ -22701,6 +22701,7 @@ - dhcpcd <not-affected> (old shell quoting code is not vulnerable) NOTE: Debian''s dhcpcd.sh is not vulnerable. CVE-2011-0995 (The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 ...) + - ruby-sqlite3 <unfixed> TODO: check CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter ...) NOT-FOR-US: Novell File Reporter