[Secure-testing-commits] r25352 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Jan 24 12:10:47 UTC 2014 

Author: carnil
Date: 2014-01-24 12:10:46 +0000 (Fri, 24 Jan 2014)
New Revision: 25352

Modified:
   data/CVE/list
Log:
First round of NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-24 11:54:46 UTC (rev 25351)
+++ data/CVE/list	2014-01-24 12:10:46 UTC (rev 25352)
@@ -1,9 +1,9 @@
 CVE-2014-1641
 	RESERVED
 CVE-2014-1637 (Command School Student Management System 1.06.01 does not properly ...)
-	TODO: check
+	NOT-FOR-US: Command School Student Management System
 CVE-2014-1636 (Multiple SQL injection vulnerabilities in Command School Student ...)
-	TODO: check
+	NOT-FOR-US: Command School Student Management System
 CVE-2014-1635
 	RESERVED
 CVE-2014-1634
@@ -33,7 +33,7 @@
 CVE-2014-1620 (Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX ...)
 	TODO: check
 CVE-2014-1619 (Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and ...)
-	TODO: check
+	NOT-FOR-US: Cubic CMS
 CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script ...)
 	TODO: check
 CVE-2014-1617
@@ -333,7 +333,7 @@
 CVE-2012-6633 (Cross-site scripting (XSS) vulnerability in ...)
 	TODO: check
 CVE-2012-6621 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
-	TODO: check
+	NOT-FOR-US: GetSimple CMS
 CVE-2012-6620 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks ...)
 	- php-horde-kronolith 4.0.2-1
 	- kronolith2 <removed>
@@ -1444,9 +1444,9 @@
 CVE-2014-0809
 	RESERVED
 CVE-2014-0808 (The lfCheckError function in ...)
-	TODO: check
+	NOT-FOR-US: LOCKON EC-CUBE
 CVE-2014-0807 (data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE ...)
-	TODO: check
+	NOT-FOR-US: LOCKON EC-CUBE
 CVE-2014-0806 (The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile ...)
 	TODO: check
 CVE-2014-0805 (Directory traversal vulnerability in the NeoFiler application 5.4.3 ...)
@@ -1770,23 +1770,23 @@
 CVE-2014-0678
 	RESERVED
 CVE-2014-0677 (The Label Distribution Protocol (LDP) functionality in Cisco NX-OS ...)
-	TODO: check
+	NOT-FOR-US: Cisco NX-OS
 CVE-2014-0676 (Cisco NX-OS allows local users to bypass intended TACACS+ command ...)
-	TODO: check
+	NOT-FOR-US: Cisco NX-OS
 CVE-2014-0675 (The Expressway component in Cisco TelePresence Video Communication ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2014-0674
 	RESERVED
 CVE-2014-0673
 	RESERVED
 CVE-2014-0672 (The Search and Play interface in Cisco MediaSense does not properly ...)
-	TODO: check
+	NOT-FOR-US: Cisco MediaSense
 CVE-2014-0671 (Open redirect vulnerability in Cisco MediaSense allows remote ...)
-	TODO: check
+	NOT-FOR-US: Cisco MediaSense
 CVE-2014-0670 (Cross-site scripting (XSS) vulnerability in the Search and Play ...)
-	TODO: check
+	NOT-FOR-US: Cisco MediaSense
 CVE-2014-0669 (The Wireless Session Protocol (WSP) feature in the Gateway GPRS ...)
-	TODO: check
+	NOT-FOR-US: Cisco ASR 5000
 CVE-2014-0668 (Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure ...)
 	NOT-FOR-US: Cisco Secure Access Control System
 CVE-2014-0667 (The RMI interface in Cisco Secure Access Control System (ACS) does not ...)
@@ -2053,7 +2053,7 @@
 CVE-2013-7206
 	RESERVED
 CVE-2013-7204 (Cross-site request forgery (CSRF) vulnerability in set_users.cgi in ...)
-	TODO: check
+	NOT-FOR-US: Conceptronic CIPCAMPTIWL Camera
 CVE-2013-7202
 	RESERVED
 CVE-2013-7201
@@ -3466,7 +3466,7 @@
 CVE-2013-6923 (Multiple cross-site scripting (XSS) vulnerabilities in Seagate ...)
 	NOT-FOR-US: Seagate BlackArmor NAS 220 devices
 CVE-2013-6922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Seagate BlackArmor NAS 220
 CVE-2013-6921
 	RESERVED
 CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in ...)
@@ -5621,7 +5621,7 @@
 CVE-2013-6344 (The ZCC page in Novell ZENworks Configuration Management (ZCM) before ...)
 	NOT-FOR-US: Novell ZENworks Configuration Management
 CVE-2013-6343 (Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and ...)
-	TODO: check
+	NOT-FOR-US: ASUS Router
 CVE-2013-6342 (Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin ...)
 	NOT-FOR-US: Tweet Blender plugin for WP
 CVE-2013-6341 (SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows ...)
@@ -5688,7 +5688,7 @@
 CVE-2013-6326
 	RESERVED
 CVE-2013-6325 (IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2013-6324
 	RESERVED
 CVE-2013-6323
@@ -5728,7 +5728,7 @@
 CVE-2013-6306
 	RESERVED
 CVE-2013-6305 (IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build ...)
-	TODO: check
+	NOT-FOR-US: IBM Platform Symphony
 CVE-2013-6304
 	RESERVED
 CVE-2013-6303
@@ -7910,7 +7910,7 @@
 CVE-2013-5430 (The Jazz Team Server component in IBM Security AppScan Enterprise 8.x ...)
 	NOT-FOR-US: IBM Security AppScan Enterprise
 CVE-2013-5429 (The Risk Based Access functionality in IBM Tivoli Federated Identity ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Federated Identity Manager
 CVE-2013-5428 (IBM WebSphere DataPower XC10 appliances 2.5.0 do not require ...)
 	NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
 CVE-2013-5427
@@ -9075,7 +9075,7 @@
 	[squeeze] - nmap <not-affected> (Vulnerable code not present)
 	[wheezy] - nmap 6.00-0.3+deb7u1
 CVE-2013-4884 (Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 ...)
-	TODO: check
+	NOT-FOR-US: McAfee SuperScan
 CVE-2013-5217
 	REJECTED
 CVE-2013-4890 (The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote ...)
@@ -12591,9 +12591,9 @@
 CVE-2013-3596 (AdvancePro Advanceware allows remote authenticated users to obtain ...)
 	NOT-FOR-US: AdvancePro Advanceware
 CVE-2013-3595 (The OpenManage web application 2.5 build 1.19 on Dell PowerConnect ...)
-	TODO: check
+	NOT-FOR-US: Dell PowerConnect
 CVE-2013-3594 (The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and ...)
-	TODO: check
+	NOT-FOR-US: Dell PowerConnect
 CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) ...)
 	NOT-FOR-US: Baramundi Management Suite
 CVE-2013-3592
@@ -12852,9 +12852,9 @@
 CVE-2013-3484
 	RESERVED
 CVE-2013-3483 (Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER ...)
-	TODO: check
+	NOT-FOR-US: ERADAS ER Viewer
 CVE-2013-3482 (Stack-based buffer overflow in the rf_report_error function in ...)
-	TODO: check
+	NOT-FOR-US: ERADAS ER Viewer
 CVE-2013-3481
 	RESERVED
 CVE-2013-3480 (Integer overflow in Sagelight 4.4 and earlier allows remote attackers ...)
@@ -14451,9 +14451,9 @@
 CVE-2013-2821 (NovaTech Orion Substation Automation Platform OrionLX DNP Master ...)
 	NOT-FOR-US: NovaTech
 CVE-2013-2820 (The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and ...)
-	TODO: check
+	NOT-FOR-US: Sierra Wireless AirLink Raven X EV-DO gateways
 CVE-2013-2819 (The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and ...)
-	TODO: check
+	NOT-FOR-US: Sierra Wireless AirLink Raven X EV-DO gateways
 CVE-2013-2818 (The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 ...)
 	NOT-FOR-US: e-terracontrol
 CVE-2013-2817

More information about the Secure-testing-commits mailing list