[Secure-testing-commits] r24361 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Nov 20 23:02:34 UTC 2013
Author: carnil
Date: 2013-11-20 23:02:34 +0000 (Wed, 20 Nov 2013)
New Revision: 24361
Modified:
data/CVE/list
Log:
Add a first round of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-11-20 22:55:28 UTC (rev 24360)
+++ data/CVE/list 2013-11-20 23:02:34 UTC (rev 24361)
@@ -11,13 +11,13 @@
CVE-2013-6802 (Google Chrome before 31.0.1650.57 allows remote attackers to bypass ...)
TODO: check
CVE-2013-6801 (Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-6800 (An unspecified third-party database module for the Key Distribution ...)
TODO: check
CVE-2013-6799 (Apple Mac OS X 10.9 allows local users to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2013-6798 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 ...)
- TODO: check
+ NOT-FOR-US: BlackBerry Link
CVE-2013-6797 (Cross-site request forgery (CSRF) vulnerability in ...)
TODO: check
CVE-2013-6796
@@ -25,9 +25,9 @@
CVE-2013-6795
RESERVED
CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module in ...)
- TODO: check
+ NOT-FOR-US: Olat
CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar ...)
- TODO: check
+ NOT-FOR-US: Olat
CVE-2013-6792
RESERVED
CVE-2013-6791
@@ -35,7 +35,7 @@
CVE-2013-6790
RESERVED
CVE-2013-6789 (security/MemberLoginForm.php in SilverStripe 3.0.3 supports ...)
- TODO: check
+ - silverstripe <itp> (bug #528461)
CVE-2013-6788
RESERVED
CVE-2013-6787
@@ -231,21 +231,21 @@
CVE-2013-6690
RESERVED
CVE-2013-6689 (Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-6688 (Directory traversal vulnerability in the license-upload interface in ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-6687
RESERVED
CVE-2013-6686 (The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2013-6685 (The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified IP phones
CVE-2013-6684 (The web framework on Cisco Wireless LAN Controller (WLC) devices does ...)
- TODO: check
+ NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Cisco NX-OS
CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-6681
RESERVED
CVE-2013-6680
@@ -349,7 +349,7 @@
CVE-2013-6619
RESERVED
CVE-2013-6618 (jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 ...)
- TODO: check
+ NOT-FOR-US: Juniper Junos
CVE-2013-6617 (The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not ...)
TODO: check
CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -1536,7 +1536,7 @@
CVE-2013-6078
RESERVED
CVE-2013-6077 (Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not ...)
- TODO: check
+ NOT-FOR-US: Citrix XenDesktop
CVE-2013-6076 (strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a ...)
- strongswan 5.1.0-3
[squeeze] - strongswan <not-affected> (Vulnerable Code not present, introduced by upstream commit 30216000d3752026127c2f91470ce165ab3d3926)
@@ -2854,39 +2854,39 @@
REJECTED
NOTE: Non-issue, to be rejected
CVE-2013-5568 (The auto-update implementation in Cisco Adaptive Security Appliance ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5567
RESERVED
CVE-2013-5566 (Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote ...)
- TODO: check
+ NOT-FOR-US: Cisco NX-OS
CVE-2013-5565 (The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5564 (The Java process in the Impact server in Cisco Prime Central for ...)
NOT-FOR-US: Cisco Prime Central for Hosted Collaboration Solution
CVE-2013-5563 (Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp ...)
NOT-FOR-US: Cisco CS-MARS
CVE-2013-5562 (The ITM web server in Cisco Prime Central for Hosted Collaboration ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5561 (The Safe Search enforcement feature in Cisco Adaptive Security ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5560 (The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5559 (Buffer overflow in the Active Template Library (ATL) framework in the ...)
NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2013-5558 (The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5557
RESERVED
CVE-2013-5556 (The license-installation module on the Cisco Nexus 1000V switch ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5555 (Cisco Unified Communications Manager (aka CUCM or Unified CM) allows ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-5554 (Directory traversal vulnerability in the web-management interface in ...)
NOT-FOR-US: Cisco Wide Area Application Services
CVE-2013-5553 (Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2013-5552 (Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5551 (Cisco Adaptive Security Appliance (ASA) Software, when certain ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5550 (The fabric-interconnect component in Cisco Unified Computing System ...)
@@ -3085,15 +3085,15 @@
CVE-2013-5455
RESERVED
CVE-2013-5454 (IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2013-5453 (IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-5452
RESERVED
CVE-2013-5451
RESERVED
CVE-2013-5450 (IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-5449
RESERVED
CVE-2013-5448
@@ -3109,7 +3109,7 @@
CVE-2013-5443
RESERVED
CVE-2013-5442 (Cross-site scripting (XSS) vulnerability in the Local Management ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-5441
RESERVED
CVE-2013-5440
@@ -3143,7 +3143,7 @@
CVE-2013-5426
RESERVED
CVE-2013-5425 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2013-5424 (IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass ...)
NOT-FOR-US: IBM Flex System Manager
CVE-2013-5423
@@ -3157,15 +3157,15 @@
CVE-2013-5419 (Multiple buffer overflows in (1) mkque and (2) mkquedev in ...)
NOT-FOR-US: IBM AIX
CVE-2013-5418 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2013-5417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-5416
RESERVED
CVE-2013-5415
RESERVED
CVE-2013-5414 (The migration functionality in IBM WebSphere Application Server (WAS) ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-5413
RESERVED
CVE-2013-5412
@@ -3235,9 +3235,9 @@
CVE-2013-5380 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5379 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Portal
CVE-2013-5378 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Portal
CVE-2013-5377
RESERVED
CVE-2013-5376 (Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified ...)
@@ -3338,11 +3338,11 @@
CVE-2013-5329 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before ...)
NOT-FOR-US: Adobe Flash
CVE-2013-5328 (Adobe ColdFusion 10 before Update 12 allows remote attackers to read ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2013-5327 (MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary ...)
NOT-FOR-US: Adobe RoboHelp
CVE-2013-5326 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2013-5325 (Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote ...)
NOT-FOR-US: Adobe
CVE-2013-5324 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...)
@@ -3614,7 +3614,7 @@
CVE-2013-5194
RESERVED
CVE-2013-5193 (The App Store component in Apple iOS before 7.0.4 does not properly ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2013-5192 (The USB hub controller in Apple Mac OS X before 10.9 allows local ...)
NOT-FOR-US: Apple Mac OS X
CVE-2013-5191 (The syslog implementation in Apple Mac OS X before 10.9 allows local ...)
More information about the Secure-testing-commits
mailing list