[Secure-testing-commits] r23568 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Sat Sep 7 04:16:15 UTC 2013
Author: carnil
Date: 2013-09-07 04:16:14 +0000 (Sat, 07 Sep 2013)
New Revision: 23568
Modified:
data/CVE/list
Log:
Add some new NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-07 03:43:22 UTC (rev 23567)
+++ data/CVE/list 2013-09-07 04:16:14 UTC (rev 23568)
@@ -1,9 +1,9 @@
CVE-2013-5708 (Coursemill Learning Management System (LMS) 6.8 constructs secret ...)
- TODO: check
+ NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5707 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
- TODO: check
+ NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5706 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
- TODO: check
+ NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5705
RESERVED
CVE-2013-5704
@@ -19,7 +19,7 @@
CVE-2013-5699
RESERVED
CVE-2013-5698 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2013-5697
RESERVED
CVE-2013-5696
@@ -73,9 +73,9 @@
CVE-2013-5665
RESERVED
CVE-2013-5664 (Cross-site scripting (XSS) vulnerability in the web-based ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5663 (The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5662
RESERVED
CVE-2013-5661
@@ -91,39 +91,39 @@
CVE-2013-5656
RESERVED
CVE-2012-6606 (Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does ...)
- TODO: check
+ NOT-FOR-US: alo Alto Networks GlobalProtect
CVE-2012-6605 (The device-management command-line interface in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6604 (The device-management command-line interface in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6603 (The web management UI in Palo Alto Networks PAN-OS before 3.1.12, ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6602 (The device-management command-line interface in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6601 (The device-management command-line interface in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6600 (The device-management command-line interface in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6599 (The device-management command-line interface in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6598 (The device-management command-line interface in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6597 (Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6596 (Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6595 (The device-management command-line interface in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6594 (The device-management command-line interface in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6593 (Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6592 (Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6591 (The device-management command-line interface in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6590 (The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5689 [Arbitrary File Upload]
RESERVED
- ajaxplorer <itp> (bug #668381)
@@ -570,11 +570,11 @@
CVE-2013-5472
RESERVED
CVE-2013-5471 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
- TODO: check
+ NOT-FOR-US: Cisco Global Site Selector
CVE-2013-5470 (Cisco Secure Access Control System (ACS) does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-5469 (The TCP implementation in Cisco IOS does not properly implement the ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2013-5468
RESERVED
CVE-2013-5467
@@ -2243,7 +2243,7 @@
CVE-2013-4703
RESERVED
CVE-2013-4702 (Multiple directory traversal vulnerabilities in the doApiAction ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2013-4701 (Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows ...)
- php-openid <unfixed> (bug #721221)
TODO: check, potentially also simplesamlphp, typo3-src and wordpress-openid (including a Auth/Yadis/XML.php in source)
@@ -4894,19 +4894,19 @@
CVE-2013-3606
RESERVED
CVE-2013-3605 (Cross-site request forgery (CSRF) vulnerability in Coursemill Learning ...)
- TODO: check
+ NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3604 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
- TODO: check
+ NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3603 (Cross-site scripting (XSS) vulnerability in Coursemill Learning ...)
- TODO: check
+ NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3602 (SQL injection vulnerability in admindocumentworker.jsp in Coursemill ...)
- TODO: check
+ NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3601 (Coursemill Learning Management System (LMS) 6.6 does not properly ...)
- TODO: check
+ NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3600 (Coursemill Learning Management System (LMS) 6.6 allows remote ...)
- TODO: check
+ NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3599 (userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and ...)
- TODO: check
+ NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3598 (Directory traversal vulnerability in servlet/CreateTemplateServlet in ...)
NOT-FOR-US: SearchBlox
CVE-2013-3597 (servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows ...)
@@ -5169,7 +5169,7 @@
CVE-2013-3486
RESERVED
CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF ...)
- TODO: check
+ NOT-FOR-US: Soda PDF
CVE-2013-3484
RESERVED
CVE-2013-3483
@@ -5191,7 +5191,7 @@
CVE-2013-3475 (Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 ...)
NOT-FOR-US: IBM
CVE-2013-3474 (The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3473
RESERVED
CVE-2013-3472 (Cross-site request forgery (CSRF) vulnerability in the Enterprise ...)
@@ -5201,7 +5201,7 @@
CVE-2013-3470 (The RIP process in Cisco IOS XR allows remote attackers to cause a ...)
NOT-FOR-US: Cisco IOS XR
CVE-2013-3469 (Cisco Mobility Services Engine does not properly set up the Oracle SSL ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3468 (The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote ...)
NOT-FOR-US: Cisco
CVE-2013-3467 (Memory leak in the CLI component on Cisco Unified Computing System ...)
@@ -6007,7 +6007,7 @@
CVE-2013-3107 (VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding ...)
NOT-FOR-US: vCenter
CVE-2013-3106 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2013-3105
RESERVED
CVE-2013-3104
@@ -7242,9 +7242,9 @@
CVE-2013-2584
RESERVED
CVE-2013-2583 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2013-2582 (CRLF injection vulnerability in the redirect servlet in Open-Xchange ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2013-2581
RESERVED
CVE-2013-2580
@@ -10333,19 +10333,19 @@
{DSA-2643-1}
- puppet 2.7.18-3
CVE-2013-1651 (OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2013-1650 (Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2013-1649 (Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2013-1648 (The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2013-1647 (Multiple CRLF injection vulnerabilities in Open-Xchange Server before ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2013-1646 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
NOT-FOR-US: Open-Xchange
CVE-2013-1645 (Directory traversal vulnerability in Open-Xchange Server before 6.20.7 ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2013-1644
RESERVED
CVE-2013-1643 (The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows ...)
@@ -11450,7 +11450,7 @@
CVE-2013-1229 (TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence ...)
NOT-FOR-US: Cisco
CVE-2013-1228 (Cisco Jabber on Windows does not verify X.509 certificates from SSL ...)
- TODO: check
+ NOT-FOR-US: Cisco Jabber
CVE-2013-1227 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2013-1226 (The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus ...)
@@ -15913,7 +15913,7 @@
CVE-2012-5991 (screens/base/web_auth_custom.html on Cisco Wireless LAN Controller ...)
NOT-FOR-US: Cisco
CVE-2012-5990 (Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-5989
RESERVED
CVE-2012-5988
More information about the Secure-testing-commits
mailing list