[Secure-testing-commits] r25468 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Feb 2 14:49:34 UTC 2014 

Author: carnil
Date: 2014-02-02 14:49:34 +0000 (Sun, 02 Feb 2014)
New Revision: 25468

Modified:
   data/CVE/list
Log:
Add couple of NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-02-02 14:48:00 UTC (rev 25467)
+++ data/CVE/list	2014-02-02 14:49:34 UTC (rev 25468)
@@ -801,7 +801,7 @@
 	- libemail-address-list-perl 0.03-1
 	NOTE: http://lists.bestpractical.com/pipermail/rt-announce/2014-January/000245.html
 CVE-2013-7305 (fpw.php in e107 through 1.0.4 does not check the user_ban field, which ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2013-7304 (Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does ...)
 	NOT-FOR-US: Check Point Endpoint Security MI Server
 CVE-2013-7297
@@ -909,7 +909,7 @@
 CVE-2014-1453
 	RESERVED
 CVE-2014-1452 (Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in ...)
-	TODO: check
+	NOT-FOR-US: bsnmpd
 CVE-2014-1451
 	RESERVED
 CVE-2014-1450
@@ -2828,7 +2828,7 @@
 CVE-2013-7185
 	RESERVED
 CVE-2013-7184 (Gretech GOM Media Player 2.2.56.5158 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Gretech GOM Media Player
 CVE-2013-7183
 	RESERVED
 CVE-2013-7182
@@ -4753,7 +4753,7 @@
 CVE-2013-6854
 	RESERVED
 CVE-2013-6853 (Cross-site scripting (XSS) vulnerability in clickstream.js in Y! ...)
-	TODO: check
+	NOT-FOR-US: Y! Toolbar plugin
 CVE-2013-6852 (Cross-site request forgery (CSRF) vulnerability in html/json.html on ...)
 	NOT-FOR-US: Hewlett-Packard network equipment
 CVE-2013-6851
@@ -6552,7 +6552,7 @@
 CVE-2013-6142 (DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA ...)
 	NOT-FOR-US: Schneider Electric ClearSCADA
 CVE-2013-6141 (Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: op5
 CVE-2013-6140
 	RESERVED
 CVE-2013-6139
@@ -7696,7 +7696,7 @@
 CVE-2012-6632 (Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill ...)
 	NOT-FOR-US: Vessio NetBill
 CVE-2012-6631 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Vessio NetBill
 CVE-2012-6630 (Multiple cross-site scripting (XSS) vulnerabilities in the Media ...)
 	NOT-FOR-US: WordPress plugin Media Library Categories
 CVE-2012-6629 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -9262,7 +9262,7 @@
 CVE-2013-5006 (main_internet.php on the Western Digital My Net N600 and N750 with ...)
 	NOT-FOR-US: Western Digital Router
 CVE-2013-5005 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Tripwire Enterprise
 CVE-2013-5004
 	RESERVED
 CVE-2013-4994
@@ -9525,7 +9525,7 @@
 CVE-2013-4899 (Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and ...)
 	NOT-FOR-US: Twilight CMS
 CVE-2013-4898 (Unrestricted file upload vulnerability in the user profile page ...)
-	TODO: check
+	NOT-FOR-US: Timeline Plugin for SocialEngine
 CVE-2013-4897
 	REJECTED
 CVE-2013-4896
@@ -9541,11 +9541,11 @@
 CVE-2013-4891
 	RESERVED
 CVE-2013-4889 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Digital Signage Xibo
 CVE-2013-4888 (Cross-site scripting (XSS) vulnerability in index.php in Digital ...)
-	TODO: check
+	NOT-FOR-US: Digital Signage Xibo
 CVE-2013-4887 (SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 ...)
-	TODO: check
+	NOT-FOR-US: Digital Signage Xibo
 CVE-2013-4886
 	RESERVED
 CVE-2013-4885 (The http-domino-enum-passwords.nse script in NMap before 6.40, when ...)
@@ -10066,9 +10066,9 @@
 CVE-2013-4663
 	RESERVED
 CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through ...)
-	TODO: check
+	NOT-FOR-US: CiviCRM
 CVE-2013-4661 (CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly ...)
-	TODO: check
+	NOT-FOR-US: CiviCRM
 CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without ...)
 	NOT-FOR-US: js-yaml
 CVE-2013-4659
@@ -13045,7 +13045,7 @@
 CVE-2013-3607 (Multiple stack-based buffer overflows in the web interface in the ...)
 	NOT-FOR-US: Intelligent Platform Management Interface
 CVE-2013-3606 (The login page in the GoAhead web server on Dell PowerConnect 3348 ...)
-	TODO: check
+	NOT-FOR-US: GoAhead web server on Dell PowerConnect
 CVE-2013-3605 (Cross-site request forgery (CSRF) vulnerability in Coursemill Learning ...)
 	NOT-FOR-US: Coursemill Learning Management System
 CVE-2013-3604 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
@@ -14423,7 +14423,7 @@
 CVE-2013-2975
 	RESERVED
 CVE-2013-2974 (The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager
 CVE-2013-2973
 	RESERVED
 CVE-2013-2972
@@ -15068,13 +15068,13 @@
 CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the ...)
 	NOT-FOR-US: NETGEAR ReadyNAS RAIDiator
 CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2013-2749
 	REJECTED
 CVE-2013-2748
 	RESERVED
 CVE-2013-2747 (The password reset feature in Courion Access Risk Management Suite ...)
-	TODO: check
+	NOT-FOR-US: Courion Access Risk Management Suite
 CVE-2013-2746
 	RESERVED
 CVE-2013-2745 [SQL Injection]
@@ -15416,7 +15416,7 @@
 	RESERVED
 	NOT-FOR-US: Qualcomm MSM Camera driver
 CVE-2013-2594 (SQL injection vulnerability in reports/calldiary.php in Hornbill ...)
-	TODO: check
+	NOT-FOR-US: Supportworks ITSM
 CVE-2013-2593
 	RESERVED
 CVE-2013-2592
@@ -19528,7 +19528,7 @@
 	- nagios-nrpe 2.13-3 (low; bug #701227)
 	[squeeze] - nagios-nrpe <no-dsa> (Minor issue)
 CVE-2013-1361 (Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with ...)
-	TODO: check
+	NOT-FOR-US: Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software
 CVE-2013-1360
 	RESERVED
 CVE-2013-1359
@@ -21384,7 +21384,7 @@
 CVE-2012-6448
 	RESERVED
 CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2012-6446
 	RESERVED
 CVE-2012-6445
@@ -26372,7 +26372,7 @@
 CVE-2012-5193
 	RESERVED
 CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2012-5191
 	RESERVED
 CVE-2012-5190

More information about the Secure-testing-commits mailing list