Author: carnil
Date: 2013-10-07 14:52:40 +0000 (Mon, 07 Oct 2013)
New Revision: 23904
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-07 14:26:15 UTC (rev 23903)
+++ data/CVE/list 2013-10-07 14:52:40 UTC (rev 23904)
@@ -15,15 +15,15 @@
CVE-2013-5980
RESERVED
CVE-2013-5979 (Directory traversal vulnerability in Spring Signage Xibo 1.2.x
before ...)
- TODO: check
+ NOT-FOR-US: Xibo
CVE-2013-5978
RESERVED
CVE-2013-5977
RESERVED
CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy
logout ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP APM
CVE-2013-5975 (The access policy logon page (logon.inc) in F5 BIG-IP APM
11.1.0 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP APM
CVE-2013-5974
RESERVED
CVE-2013-5973
@@ -49,7 +49,7 @@
CVE-2013-5963 (Unrestricted file upload vulnerability in multi.php in Simple
Dropbox ...)
TODO: check
CVE-2013-5962 (Unrestricted file upload vulnerability in
frames/upload-images.php in ...)
- TODO: check
+ NOT-FOR-US: Complete Gallery Manager plugin for Wordpress
CVE-2013-5961 (Unrestricted file upload vulnerability in lazyseo.php in the
Lazy SEO ...)
TODO: check
CVE-2013-5960 (The authenticated-encryption feature in the
symmetric-encryption ...)
@@ -83,7 +83,7 @@
CVE-2013-5945
RESERVED
CVE-2013-5944 (The integrated web server on Siemens SCALANCE X-200 switches
with ...)
- TODO: check
+ NOT-FOR-US: web server on Siemens switches
CVE-2013-5959 (Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before
6.5.2 ...)
NOT-FOR-US: Blue Coat ProxySG
CVE-2013-5943 (Multiple cross-site scripting (XSS) vulnerabilities in Graphite
before ...)
@@ -1070,13 +1070,13 @@
CVE-2013-5520
RESERVED
CVE-2013-5519 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5518
RESERVED
CVE-2013-5517 (SQL injection vulnerability in the web framework in Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5516 (The Media Snapshot implementation on Cisco TelePresence
Multipoint ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5515
RESERVED
CVE-2013-5514
@@ -1098,11 +1098,11 @@
CVE-2013-5506
RESERVED
CVE-2013-5505 (Cross-site scripting (XSS) vulnerability in an administration
page in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5504 (Cross-site scripting (XSS) vulnerability in the Mobile Device
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5503 (The UDP process in Cisco IOS XR 4.3.1 does not free packet
memory upon ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5502 (The web interface in Cisco MediaSense does not properly protect
the ...)
NOT-FOR-US: Cisco MediaSense
CVE-2013-5501 (Cross-site scripting (XSS) vulnerability in the oraservice page
in ...)
@@ -1318,7 +1318,7 @@
CVE-2013-5396
RESERVED
CVE-2013-5395 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before
7.1.1.12, ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5394
RESERVED
CVE-2013-5393
@@ -1368,7 +1368,7 @@
CVE-2013-5371
RESERVED
CVE-2013-5370 (Unspecified vulnerability in IBM SPSS Collaboration and
Deployment ...)
- TODO: check
+ NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-5369 (IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2
before ...)
NOT-FOR-US: IBM SPSS Analytical Decision Management
CVE-2013-5368
@@ -2831,7 +2831,7 @@
CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the
SEIL/x86 ...)
NOT-FOR-US: PPP Access Concentrator
CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative
Japan Inc. ...)
- TODO: check
+ NOT-FOR-US: Internet Initiative Japan Inc
CVE-2013-4707 (The SSH implementation on D-Link Japan DES-3810 devices with
firmware ...)
NOT-FOR-US: D-Link
CVE-2013-4706 (The SSH implementation on the D-Link Japan DWL-2100AP with
firmware ...)
@@ -4609,9 +4609,9 @@
CVE-2013-4068 (Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1
and 9.0 ...)
NOT-FOR-US: IBM
CVE-2013-4067 (IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3,
8.7, and ...)
- TODO: check
+ NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-4066 (IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3,
8.7, and ...)
- TODO: check
+ NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-4065
RESERVED
CVE-2013-4064
@@ -4659,7 +4659,7 @@
CVE-2013-4043
RESERVED
CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and
Deployment ...)
- TODO: check
+ NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4041
RESERVED
CVE-2013-4040
@@ -4679,7 +4679,7 @@
CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1
through ...)
NOT-FOR-US: IBM DB2
CVE-2013-4032 (The Fast Communications Manager (FCM) in IBM DB2 Enterprise
Server ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-4031 (The Intelligent Platform Management Interface (IPMI)
implementation in ...)
NOT-FOR-US: IBM BladeCenter
CVE-2013-4030
@@ -4689,7 +4689,7 @@
CVE-2013-4028
RESERVED
CVE-2013-4027 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through
7.1.1.12, ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4026
RESERVED
CVE-2013-4025 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance
Manager ...)
@@ -4701,23 +4701,23 @@
CVE-2013-4022 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance
Manager ...)
NOT-FOR-US: IBM
CVE-2013-4021 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before
7.1.1.12, ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4020 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through
7.1.1.12, ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4019 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4018 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before
7.1.1.12, ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4017 (SQL injection vulnerability in IBM Maximo Asset Management 7.1
before ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4016
RESERVED
CVE-2013-4015 (Microsoft Internet Explorer 6 through 10 allows local users to
bypass ...)
NOT-FOR-US: MS IE
CVE-2013-4014 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4013 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through
7.1.1.12, ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4012
RESERVED
CVE-2013-4011 (Multiple unspecified vulnerabilities in the InfiniBand
subsystem in ...)
@@ -4797,11 +4797,11 @@
CVE-2013-3974
RESERVED
CVE-2013-3973 (SQL injection vulnerability in IBM Maximo Asset Management 7.1
before ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3972 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before
7.5.0.5 ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3971 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before
...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with
IVE OS ...)
NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2013-3969 (The find prototype in scripting/engine_v8.h in MongoDB 2.4.0
through ...)
@@ -4818,11 +4818,11 @@
CVE-2013-3965
RESERVED
CVE-2013-3964 (Cross-site scripting (XSS) vulnerability in Samsung SHR-5162,
...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2013-3963 (Cross-site request forgery (CSRF) vulnerability in
goform/usermanage ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream
GXV3501, ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2013-3961
RESERVED
CVE-2013-3960
@@ -5425,11 +5425,11 @@
CVE-2013-3691
RESERVED
CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in
cgi-bin/users.cgi ...)
- TODO: check
+ NOT-FOR-US: Brickcom
CVE-2013-3689
RESERVED
CVE-2013-3688 (The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G,
TL-SC3171G, ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2013-3687
RESERVED
CVE-2013-3686
@@ -5584,9 +5584,9 @@
CVE-2013-3626
RESERVED
CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5
through 8.9 ...)
- TODO: check
+ NOT-FOR-US: Baramundi Management Suite
CVE-2013-3624 (The OS deployment feature in Baramundi Management Suite 7.5
through ...)
- TODO: check
+ NOT-FOR-US: Baramundi Management Suite
CVE-2013-3623
RESERVED
CVE-2013-3622
@@ -5648,7 +5648,7 @@
CVE-2013-3594
RESERVED
CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for
(1) ...)
- TODO: check
+ NOT-FOR-US: Baramundi Management Suite
CVE-2013-3592
RESERVED
CVE-2013-3591
@@ -5789,7 +5789,7 @@
CVE-2013-3540
RESERVED
CVE-2013-3539 (Cross-site request forgery (CSRF) vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Sony
CVE-2013-3538 (Multiple cross-site scripting (XSS) vulnerabilities in
todooforum.php ...)
NOT-FOR-US: Todoo Forum
CVE-2013-3537 (Multiple SQL injection vulnerabilities in todooforum.php in
Todoo ...)
@@ -6037,7 +6037,7 @@
CVE-2013-3418 (Cisco Unified Communications Domain Manager does not properly
allocate ...)
NOT-FOR-US: Cisco
CVE-2013-3417 (The administrative web interface in Cisco Video Surveillance
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3416 (Cross-site scripting (XSS) vulnerability in the web framework
in the ...)
NOT-FOR-US: Cisco
CVE-2013-3415
@@ -6859,11 +6859,11 @@
CVE-2013-3050 (SQL injection vulnerability in ZAPms 1.41 and earlier allows
remote ...)
NOT-FOR-US: ZAPms
CVE-2013-3049 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before
...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3048 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3047 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before
7.5.0.5 ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3046
RESERVED
CVE-2013-3045
@@ -6875,7 +6875,7 @@
CVE-2013-3042
RESERVED
CVE-2013-3041 (The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12,
8.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3040 (IBM InfoSphere Information Server through 8.5 FP3, 8.7 through
FP2, ...)
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-3039 (IBM Rational Requirements Composer before 4.0.4 does not
properly ...)
@@ -8874,7 +8874,7 @@
CVE-2013-2270
RESERVED
CVE-2013-2269 (The Sponsorship Confirmation functionality in Aruba Networks
ClearPass ...)
- TODO: check
+ NOT-FOR-US: Aruba Networks ClearPass
CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in
WebKit in ...)
- chromium-browser 25.0.1364.97-1
[squeeze] - chromium-browser <not-affected> (Vulnerable code not
present)
@@ -13885,17 +13885,17 @@
CVE-2013-0695
RESERVED
CVE-2013-0694 (The Emerson Process Management ROC800 RTU with software 3.50
and ...)
- TODO: check
+ NOT-FOR-US: Emerson Process Management
CVE-2013-0693 (The kernel in ENEA OSE on the Emerson Process Management ROC800
RTU ...)
- TODO: check
+ NOT-FOR-US: Emerson Process Management
CVE-2013-0692 (The kernel in ENEA OSE on the Emerson Process Management ROC800
RTU ...)
- TODO: check
+ NOT-FOR-US: Emerson Process Management
CVE-2013-0691
RESERVED
CVE-2013-0690
RESERVED
CVE-2013-0689 (The TFTP server on the Emerson Process Management ROC800 RTU
with ...)
- TODO: check
+ NOT-FOR-US: Emerson Process Management
CVE-2013-0688 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware
...)
NOT-FOR-US: Invensys Wonderware Information Server
CVE-2013-0687 (The installer routine in Schneider Electric MiCOM S1 Studio
uses ...)
@@ -14389,7 +14389,7 @@
CVE-2013-0452 (Cross-site request forgery (CSRF) vulnerability in the Software
Use ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2013-0451 (SQL injection vulnerability in IBM Maximo Asset Management 6.2
through ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-6425
RESERVED
CVE-2012-6424
@@ -21939,7 +21939,7 @@
CVE-2012-4137
RESERVED
CVE-2012-4136 (The high-availability service in the Fabric Interconnect
component in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4135
RESERVED
CVE-2012-4134
@@ -21989,11 +21989,11 @@
CVE-2012-4112
RESERVED
CVE-2012-4111 (The create certreq command in the fabric-interconnect component
in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4110 (run-script in the fabric-interconnect component in Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4109 (The clear sshkey command in the fabric-interconnect component
in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4108
RESERVED
CVE-2012-4107
@@ -22003,11 +22003,11 @@
CVE-2012-4105
RESERVED
CVE-2012-4104 (Absolute path traversal vulnerability in the image-download
process in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4103 (ethanalyzer in the fabric-interconnect component in Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4102 (The activate firmware command in the fabric-interconnect
component in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4101
RESERVED
CVE-2012-4100
@@ -22021,7 +22021,7 @@
CVE-2012-4096 (The local file editor in the Baseboard Management Controller
(BMC) in ...)
TODO: check
CVE-2012-4095 (The local file editor in the fabric-interconnect component in
Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4094 (Buffer overflow in the Smart Call Home feature in the fabric
...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4093 (The Manager component in Cisco Unified Computing System (UCS)
allows ...)
@@ -24031,7 +24031,7 @@
CVE-2012-3324 (Directory traversal vulnerability in the UTL_FILE module in IBM
DB2 ...)
NOT-FOR-US: IBM DB2
CVE-2012-3323 (IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before
7.1.1.12, and ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3322 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
NOT-FOR-US: IBM
CVE-2012-3321 (IBM SmartCloud Control Desk 7.5 allows remote authenticated
users to ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
