[Secure-testing-commits] r23559 - data/CVE

Salvatore Bonaccorso carnil at alioth.debian.org
Thu Sep 5 19:07:20 UTC 2013


Author: carnil
Date: 2013-09-05 19:07:20 +0000 (Thu, 05 Sep 2013)
New Revision: 23559

Modified:
   data/CVE/list
Log:
Add couple of NFU from TODO list

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-09-05 17:33:18 UTC (rev 23558)
+++ data/CVE/list	2013-09-05 19:07:20 UTC (rev 23559)
@@ -209,9 +209,9 @@
 CVE-2012-6584 (Multiple SQL injection vulnerabilities in MYRE Realty Manager allow ...)
 	NOT-FOR-US: MYRE Realty Manager
 CVE-2012-6583 (Cross-site scripting (XSS) vulnerability in the Imagemenu module ...)
-	TODO: check
+	NOT-FOR-US: Imagemenu Drupal contributed module
 CVE-2010-5289 (Buffer overflow in the Authenticate method in the ...)
-	TODO: check
+	NOT-FOR-US: IncrediMail
 CVE-2013-5589 (SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and ...)
 	{DSA-2747-1}
 	- cacti 0.8.8b+dfsg-3
@@ -732,19 +732,19 @@
 CVE-2013-5322 (SQL injection vulnerability in the CoolURI extension before 1.0.30 for ...)
 	NOT-FOR-US: TYPO3 extension (CoolURI)
 CVE-2013-5321 (Multiple SQL injection vulnerabilities in AlienVault Open Source ...)
-	TODO: check
+	NOT-FOR-US: AlienVault Open Source Security Information Management
 CVE-2013-5320 (Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in ...)
-	TODO: check
+	NOT-FOR-US: mojoPortal
 CVE-2013-5319 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Atlassian JIRA
 CVE-2013-5318 (SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Ginkgo CMS
 CVE-2013-5317 (Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows ...)
 	NOT-FOR-US: RiteCMS
 CVE-2013-5316 (Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 ...)
 	NOT-FOR-US: RiteCMS
 CVE-2012-6582 (Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x ...)
-	TODO: check
+	NOT-FOR-US: Spambot Drupal contributed module
 CVE-2013-5313 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: BigTree CMS
 CVE-2013-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech ...)
@@ -756,15 +756,15 @@
 CVE-2013-5314 (Cross-site scripting (XSS) vulnerability in ...)
 	- serendipity <removed>
 CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe) extension ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: FUDforum
 CVE-2013-5308 (Cross-site scripting (XSS) vulnerability in the RealURL Management ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2013-5307 (Cross-site scripting (XSS) vulnerability in the Faceted Search ...)
 	NOT-FOR-US: Faceted Search Typo3 extension
 CVE-2013-5306 (SQL injection vulnerability in the Browser - TYPO3 without PHP ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 Extension
 CVE-2013-5305 (Cross-site scripting (XSS) vulnerability in the Store Locator ...)
 	NOT-FOR-US: typo3 third party component (locator)
 CVE-2013-5304 (SQL injection vulnerability in the Store Locator (locator) extension ...)
@@ -774,7 +774,7 @@
 CVE-2013-5302 (SQL injection vulnerability in the Faceted Search (ke_search) ...)
 	NOT-FOR-US: Faceted Search Typo3 extension
 CVE-2013-5301 (Directory traversal vulnerability in help.php in Trustport Webfilter ...)
-	TODO: check
+	NOT-FOR-US: Trustport Webfilter
 CVE-2013-5300 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...)
 	NOT-FOR-US: AlienVault OSSIM
 CVE-2013-5299
@@ -4769,9 +4769,9 @@
 CVE-2013-3599
 	RESERVED
 CVE-2013-3598 (Directory traversal vulnerability in servlet/CreateTemplateServlet in ...)
-	TODO: check
+	NOT-FOR-US: SearchBlox
 CVE-2013-3597 (servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows ...)
-	TODO: check
+	NOT-FOR-US: SearchBlox
 CVE-2013-3596
 	RESERVED
 CVE-2013-3595
@@ -4785,7 +4785,7 @@
 CVE-2013-3591
 	RESERVED
 CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in ...)
-	TODO: check
+	NOT-FOR-US: SearchBlox
 CVE-2013-3589
 	RESERVED
 CVE-2013-3588
@@ -4799,9 +4799,9 @@
 CVE-2013-3585 (Samsung Web Viewer for Samsung DVR devices stores credentials in ...)
 	NOT-FOR-US: Samsung DVR devices
 CVE-2013-3584 (Cross-site scripting (XSS) vulnerability in Corporater EPM Suite ...)
-	TODO: check
+	NOT-FOR-US: Corporater EPM Suite
 CVE-2013-3583 (Cross-site request forgery (CSRF) vulnerability in saveProperties.html ...)
-	TODO: check
+	NOT-FOR-US: Corporater EPM Suite
 CVE-2013-3582 (Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and ...)
 	NOT-FOR-US: Dell
 CVE-2013-3581 (ajax.cgi in the web interface on the Choice Wireless Green Packet ...)
@@ -6152,7 +6152,7 @@
 CVE-2013-2968 (An unspecified buffer-read method in IBM Sterling Control Center (SCC) ...)
 	NOT-FOR-US: IBM Sterling Control Center
 CVE-2013-2967 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2013-2966
 	RESERVED
 CVE-2013-2965
@@ -6617,15 +6617,15 @@
 CVE-2013-2805
 	RESERVED
 CVE-2013-2804 (The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 ...)
-	TODO: check
+	NOT-FOR-US: TOP Server OPC Server
 CVE-2013-2803
 	RESERVED
 CVE-2013-2802 (The universal protocol implementation in Sixnet UDR before 2.0 and RTU ...)
-	TODO: check
+	NOT-FOR-US: Sixnet
 CVE-2013-2801 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI Interface
 CVE-2013-2800 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI Interface
 CVE-2013-2799
 	RESERVED
 CVE-2013-2798 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and ...)
@@ -6647,7 +6647,7 @@
 CVE-2013-2790 (The master-station DNP3 driver before driver19.exe, and Beta2041.exe, ...)
 	NOT-FOR-US: IOServer
 CVE-2013-2789 (The Kepware DNP Master Driver for the KEPServerEX Communications ...)
-	TODO: check
+	NOT-FOR-US: Kepware
 CVE-2013-2788
 	RESERVED
 CVE-2013-2787
@@ -6661,7 +6661,7 @@
 CVE-2013-2783 (The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers ...)
 	NOT-FOR-US: IOServer DNP3 drivers
 CVE-2013-2782 (Schneider Electric Trio J-Series License Free Ethernet Radio with ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2013-2781 (Use-after-free vulnerability in the server application in 3S CODESYS ...)
 	NOT-FOR-US: 3S CODESYS Gateway
 CVE-2013-2780 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to ...)
@@ -7936,7 +7936,7 @@
 CVE-2013-2300 (The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier ...)
 	NOT-FOR-US: FlickWnn Android App
 CVE-2013-2299 (Cross-site scripting (XSS) vulnerability in Advantech WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2013-2298
 	RESERVED
 	- boinc 7.0.65+dfsg-1 (low)
@@ -10148,7 +10148,7 @@
 CVE-2013-1663
 	RESERVED
 CVE-2013-1662 (vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2013-1661
 	RESERVED
 	NOT-FOR-US: VMware ESXi
@@ -13201,7 +13201,7 @@
 CVE-2013-0567 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
 	NOT-FOR-US: IBM
 CVE-2013-0566 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Commerce
 CVE-2013-0565 (Cross-site scripting (XSS) vulnerability in the RPC adapter for the ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2013-0564
@@ -14565,7 +14565,7 @@
 CVE-2013-0151 (The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the ...)
 	- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
 CVE-2013-0150 (Directory traversal vulnerability in an unspecified signed Java applet ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP APM, FirePass and other F5 products
 CVE-2013-0149 (The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 ...)
 	- quagga <not-affected>
 	NOTE: OSPF protocol vulnerability, quagga implementation not affected
@@ -16386,7 +16386,7 @@
 CVE-2012-5745
 	RESERVED
 CVE-2012-5744 (Multiple cross-site scripting (XSS) vulnerabilities in the guest ...)
-	TODO: check
+	NOT-FOR-US: Cisco Identity Services Engine
 CVE-2012-5743
 	RESERVED
 CVE-2012-5742
@@ -23682,7 +23682,7 @@
 CVE-2012-3040 (Cross-site scripting (XSS) vulnerability in the web server on Siemens ...)
 	NOT-FOR-US: Siemens
 CVE-2012-3039 (Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with ...)
-	TODO: check
+	NOT-FOR-US: Moxa OnCell Gateway
 CVE-2012-3038
 	RESERVED
 CVE-2012-3037 (The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the ...)




More information about the Secure-testing-commits mailing list