[Secure-testing-commits] r24395 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 21 18:40:17 UTC 2013
Author: carnil
Date: 2013-11-21 18:40:17 +0000 (Thu, 21 Nov 2013)
New Revision: 24395
Modified:
data/CVE/list
Log:
Add second round of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-11-21 18:18:44 UTC (rev 24394)
+++ data/CVE/list 2013-11-21 18:40:17 UTC (rev 24395)
@@ -3567,7 +3567,7 @@
CVE-2013-5224
RESERVED
CVE-2013-5223 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link DSL-2760U Gateway
CVE-2013-5222
RESERVED
CVE-2013-5221 (The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 ...)
@@ -6767,7 +6767,7 @@
CVE-2013-4056 (Cross-site request forgery (CSRF) vulnerability in the Data Quality ...)
NOT-FOR-US: IBM
CVE-2013-4055 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...)
- TODO: check
+ NOT-FOR-US: IBM Domino
CVE-2013-4054
RESERVED
CVE-2013-4053 (The WS-Security implementation in IBM WebSphere Application Server ...)
@@ -6777,7 +6777,7 @@
CVE-2013-4051 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...)
NOT-FOR-US: IBM Domino
CVE-2013-4050 (Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in ...)
- TODO: check
+ NOT-FOR-US: IBM Domino
CVE-2013-4049 (Unrestricted file upload vulnerability in IBM SPSS Analytical Decision ...)
NOT-FOR-US: IBM SPSS
CVE-2013-4048 (Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical ...)
@@ -6810,7 +6810,7 @@
CVE-2013-4035
RESERVED
CVE-2013-4034 (IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through ...)
NOT-FOR-US: IBM DB2
CVE-2013-4032 (The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server ...)
@@ -6866,7 +6866,7 @@
CVE-2013-4007 (Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced ...)
NOT-FOR-US: IBM
CVE-2013-4006 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-4005 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-4004 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
@@ -6907,9 +6907,9 @@
CVE-2013-3987
RESERVED
CVE-2013-3986 (IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3985 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3984
RESERVED
CVE-2013-3983
@@ -7002,7 +7002,7 @@
CVE-2013-3941
RESERVED
CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3939
RESERVED
CVE-2013-3938
@@ -7044,33 +7044,33 @@
CVE-2013-3920
RESERVED
CVE-2013-3918 (The InformationCardSigninHelper Class ActiveX control in icardie.dll ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3917 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3916 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3915 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3914 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3913
RESERVED
CVE-2013-3912 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3911 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3910 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3909 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3908 (Microsoft Internet Explorer 6 through 10 allows user-assisted remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3907
RESERVED
CVE-2013-3906 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3904
RESERVED
CVE-2013-3903
@@ -7084,7 +7084,7 @@
CVE-2013-3899
RESERVED
CVE-2013-3898 (Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3896 (Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate ...)
@@ -7106,7 +7106,7 @@
CVE-2013-3888 (dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
NOT-FOR-US: Microsoft Windows
CVE-2013-3887 (The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3886 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3885 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
@@ -7128,7 +7128,7 @@
CVE-2013-3877
RESERVED
CVE-2013-3876 (DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3875 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3874 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
@@ -7142,7 +7142,7 @@
CVE-2013-3870 (Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 ...)
NOT-FOR-US: Microsoft Outlook
CVE-2013-3869 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3868 (Microsoft Active Directory Lightweight Directory Service (AD LDS) on ...)
NOT-FOR-US: Microsoft
CVE-2013-3867
@@ -7559,7 +7559,7 @@
CVE-2013-3695
RESERVED
CVE-2013-3694 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 ...)
- TODO: check
+ NOT-FOR-US: BlackBerry Link
CVE-2013-3693 (The BlackBerry Universal Device Service in BlackBerry Enterprise ...)
NOT-FOR-US: BlackBerry
CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses ...)
@@ -8206,9 +8206,9 @@
CVE-2013-3408 (The firmware on Cisco Virtualization Experience Client 6000 devices ...)
NOT-FOR-US: Cisco
CVE-2013-3407 (The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3406 (The "Files Available for Download" implementation in the Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3405 (The web portal in TC software on Cisco TelePresence endpoints does not ...)
NOT-FOR-US: Cisco
CVE-2013-3404 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
@@ -9015,9 +9015,9 @@
CVE-2013-3046
RESERVED
CVE-2013-3045 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3044 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3043
RESERVED
CVE-2013-3042
@@ -9045,7 +9045,7 @@
CVE-2013-3031 (A SQL stored procedure in the Universal Cache component in IBM solidDB ...)
NOT-FOR-US: IBM
CVE-2013-3030 (The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3029 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-3028 (Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x ...)
@@ -11072,7 +11072,7 @@
CVE-2013-2272 (The penny-flooding protection mechanism in the CTxMemPool::accept ...)
- bitcoin 0.8.1-2 (bug #705266)
CVE-2013-2271 (The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active ...)
- TODO: check
+ NOT-FOR-US: D-Link DSL-2740B Gateway
CVE-2013-2270
RESERVED
CVE-2013-2269 (The Sponsorship Confirmation functionality in Aruba Networks ClearPass ...)
@@ -14273,9 +14273,9 @@
CVE-2013-1326
RESERVED
CVE-2013-1325 (Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-1324 (Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-1323 (Microsoft Publisher 2003 SP3 does not properly handle NULL values for ...)
NOT-FOR-US: Microsoft Publisher
CVE-2013-1322 (Microsoft Publisher 2003 SP3 does not properly check table range data, ...)
@@ -16449,7 +16449,7 @@
CVE-2013-0538 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before ...)
NOT-FOR-US: IBM Lotus Notes
CVE-2013-0537 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-0536 (ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes ...)
NOT-FOR-US: IBM Notes
CVE-2013-0535 (Multiple cross-site scripting (XSS) vulnerabilities in the Classic ...)
@@ -18642,7 +18642,7 @@
CVE-2013-0083 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
NOT-FOR-US: Microsoft SharePoint
CVE-2013-0082 (Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-0081 (Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 ...)
NOT-FOR-US: Microsoft
CVE-2013-0080 (Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 ...)
More information about the Secure-testing-commits
mailing list