[Secure-testing-commits] r29316 - data/CVE

Michael Gilbert mgilbert at moszumanska.debian.org
Wed Oct 8 00:26:54 UTC 2014 

Author: mgilbert
Date: 2014-10-08 00:26:54 +0000 (Wed, 08 Oct 2014)
New Revision: 29316

Modified:
   data/CVE/list
Log:
nfus

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-07 21:14:12 UTC (rev 29315)
+++ data/CVE/list	2014-10-08 00:26:54 UTC (rev 29316)
@@ -3851,7 +3851,7 @@
 CVE-2014-6080
 	RESERVED
 CVE-2014-6079 (Cross-site scripting (XSS) vulnerability in the Local Management ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Access Manager
 CVE-2014-6078
 	RESERVED
 CVE-2014-6077
@@ -5232,7 +5232,7 @@
 CVE-2014-5411 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2014-5410 (The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 ...)
-	TODO: check
+	NOT-FOR-US: MicroLogix controller
 CVE-2014-5409
 	RESERVED
 CVE-2014-5408
@@ -6784,7 +6784,7 @@
 CVE-2014-4824 (SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before ...)
 	NOT-FOR-US: IBM Security QRadar
 CVE-2014-4823 (The administration console in IBM Security Access Manager for Web 7.x ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Access Manager
 CVE-2014-4822
 	RESERVED
 CVE-2014-4821
@@ -6812,7 +6812,7 @@
 CVE-2014-4810
 	RESERVED
 CVE-2014-4809 (The WebSEAL component in IBM Security Access Manager for Web 7.x ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Access Manager
 CVE-2014-4808
 	RESERVED
 CVE-2014-4807
@@ -6844,7 +6844,7 @@
 CVE-2014-4794
 	RESERVED
 CVE-2014-4793 (IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2014-4792 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
 	NOT-FOR-US: IBM
 CVE-2014-4791
@@ -6900,7 +6900,7 @@
 CVE-2014-4766
 	RESERVED
 CVE-2014-4765 (IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through ...)
-	TODO: check
+	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2014-4764 (IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2014-4763 (Cross-site scripting (XSS) vulnerability in Content Navigator in ...)
@@ -8289,9 +8289,9 @@
 CVE-2014-4201 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	NOT-FOR-US: Oracle
 CVE-2014-4200 (vm-support 0.88 in VMware Tools, as distributed with VMware ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2014-4199 (vm-support 0.88 in VMware Tools, as distributed with VMware ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2014-4198
 	RESERVED
 CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS ...)
@@ -11235,7 +11235,7 @@
 CVE-2014-3098
 	RESERVED
 CVE-2014-3097 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli
 CVE-2014-3096
 	RESERVED
 CVE-2014-3095 (The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 ...)
@@ -11309,9 +11309,9 @@
 CVE-2014-3061 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend ...)
 	NOT-FOR-US: IBM
 CVE-2014-3060 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2014-3059 (Unspecified vulnerability in the Administrative Console on the IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2014-3058
 	RESERVED
 CVE-2014-3057 (Cross-site scripting (XSS) vulnerability in the Unified Task List ...)
@@ -16217,7 +16217,7 @@
 CVE-2014-1392
 	RESERVED
 CVE-2014-1391 (QT Media Foundation in Apple OS X before 10.9.5 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Apple Quicktime
 CVE-2014-1390 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2014-1389 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, ...)
@@ -17255,7 +17255,7 @@
 CVE-2014-0755 (Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not ...)
 	NOT-FOR-US: Rockwell Automation RSLogix
 CVE-2014-0754 (Directory traversal vulnerability in SchneiderWEB on Schneider ...)
-	TODO: check
+	NOT-FOR-US: SchneiderWEB
 CVE-2014-0753 (Stack-based buffer overflow in the SCADA server in Ecava IntegraXor ...)
 	NOT-FOR-US: Ecava IntegraXor
 CVE-2014-0752 (The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote ...)
@@ -30195,19 +30195,19 @@
 CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 ...)
 	NOT-FOR-US: Belkin N300 router
 CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...)
-	TODO: check
+	NOT-FOR-US: Belkin N300
 CVE-2013-3088
 	RESERVED
 CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 ...)
 	NOT-FOR-US: Belkin N900 router
 CVE-2013-3086 (Cross-site request forgery (CSRF) vulnerability in util_system.html in ...)
-	TODO: check
+	NOT-FOR-US: Belkin N900
 CVE-2013-3085
 	RESERVED
 CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model ...)
 	NOT-FOR-US: Belkin router
 CVE-2013-3083 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Belkin
 CVE-2013-3082 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Jojo CMS
 CVE-2013-3081 (SQL injection vulnerability in the checkEmailFormat function in ...)
@@ -30244,15 +30244,15 @@
 CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR ...)
 	NOT-FOR-US: NETGEAR devices
 CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2013-3067
 	RESERVED
 CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental Controls ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2013-3064 (Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2013-3063 (SAP BASIS Communication Services 4.6B through 7.30 allows remote ...)
 	NOT-FOR-US: SAP BASIS Communication Services
 CVE-2013-3062 (The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering ...)
@@ -39206,7 +39206,7 @@
 CVE-2012-6317
 	RESERVED
 CVE-2012-6316 (Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK ...)
-	TODO: check
+	NOT-FOR-US: TP-LINK
 CVE-2012-6315
 	REJECTED
 CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, ...)

More information about the Secure-testing-commits mailing list