Author: carnil
Date: 2013-10-11 16:00:07 +0000 (Fri, 11 Oct 2013)
New Revision: 23970
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-11 15:59:51 UTC (rev 23969)
+++ data/CVE/list 2013-10-11 16:00:07 UTC (rev 23970)
@@ -104,7 +104,7 @@
CVE-2013-6012
RESERVED
CVE-2013-6011 (Citrix NetScaler Application Delivery Controller (ADC) 10.0
before ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6010 (Cross-site scripting (XSS) vulnerability in the Comment
Attachment ...)
TODO: check
CVE-2013-6009 (CRLF injection vulnerability in Open-Xchange AppSuite before
7.2.2, ...)
@@ -192,7 +192,7 @@
CVE-2013-5968
RESERVED
CVE-2013-5967 (Multiple SQL injection vulnerabilities in AlienVault Open
Source ...)
- TODO: check
+ NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2013-5966
RESERVED
CVE-2013-5965 (The Node View Permissions module 7.x-1.x before 7.x-1.2 for
Drupal ...)
@@ -1206,15 +1206,15 @@
CVE-2013-5528
RESERVED
CVE-2013-5527 (The OSPF functionality in Cisco IOS and IOS XE allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5526 (Cisco 9900 fourth-generation IP phones do not properly perform
SDP ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5525 (SQL injection vulnerability in the web framework in Cisco
Identity ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5524 (Cross-site scripting (XSS) vulnerability in the troubleshooting
page ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5523 (The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2
and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5522
RESERVED
CVE-2013-5521
@@ -1262,7 +1262,7 @@
CVE-2013-5500 (Multiple cross-site scripting (XSS) vulnerabilities in the
oraadmin ...)
NOT-FOR-US: Cisco MediaSense
CVE-2013-5499 (The remember feature in the DHCP server in Cisco IOS allows
remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-5498 (The PPTP-ALG component in CRS Carrier Grade Services Engine
(CGSE) and ...)
NOT-FOR-US: Cisco IOS XR
CVE-2013-5497 (The authentication manager process in the web framework in
Cisco ...)
@@ -1422,7 +1422,7 @@
CVE-2013-5420
RESERVED
CVE-2013-5419 (Multiple buffer overflows in (1) mkque and (2) mkquedev in ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2013-5418
RESERVED
CVE-2013-5417
@@ -1606,11 +1606,11 @@
CVE-2013-5328
RESERVED
CVE-2013-5327 (MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Adobe RoboHelp
CVE-2013-5326
RESERVED
CVE-2013-5325 (Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow
remote ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2013-5324 (Adobe Flash Player before 11.7.700.242 and 11.8.x before
11.8.800.168 ...)
NOT-FOR-US: Adobe Flash
CVE-2013-5323 (Cross-site scripting (XSS) vulnerability in the Static Info
Tables ...)
@@ -2091,7 +2091,7 @@
CVE-2013-5092
RESERVED
CVE-2013-5091 (SQL injection vulnerability in CalendarCommon.php in vTiger CRM
5.4.0 ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2013-5090
RESERVED
CVE-2013-5089
@@ -2263,7 +2263,7 @@
CVE-2013-5009
RESERVED
CVE-2013-5008 (The agent and task-agent components in Symantec Management
Platform ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2013-5007
RESERVED
CVE-2013-5006 (main_internet.php on the Western Digital My Net N600 and N750
with ...)
@@ -5122,43 +5122,43 @@
CVE-2013-3898
RESERVED
CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in
...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3896 (Microsoft Silverlight 5 before 5.1.20913.0 does not properly
validate ...)
- TODO: check
+ NOT-FOR-US: Microsoft Silverlight
CVE-2013-3895 (Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-3894 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2013-3893 (Use-after-free vulnerability in the SetMouseCapture
implementation in ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3892 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2013-3891 (Microsoft Word 2003 SP3 allows remote attackers to execute
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2013-3890 (Microsoft Excel 2007 SP3, Excel Viewer, and Office
Compatibility Pack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3889 (Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT;
Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3888 (dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows
Vista SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2013-3887
RESERVED
CVE-2013-3886 (Microsoft Internet Explorer 9 and 10 allows remote attackers to
...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3885 (Microsoft Internet Explorer 10 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3884
RESERVED
CVE-2013-3883
RESERVED
CVE-2013-3882 (Microsoft Internet Explorer 10 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3881 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7
SP1 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2013-3880 (The App Container feature in the kernel-mode drivers in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2013-3879 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2013-3878
RESERVED
CVE-2013-3877
@@ -5166,15 +5166,15 @@
CVE-2013-3876
RESERVED
CVE-2013-3875 (Microsoft Internet Explorer 8 and 9 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3874 (Microsoft Internet Explorer 9 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3873 (Microsoft Internet Explorer 10 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3872 (Microsoft Internet Explorer 10 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3871 (Microsoft Internet Explorer 6 through 10 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3870 (Double free vulnerability in Microsoft Outlook 2007 SP3 and
2010 SP1 ...)
NOT-FOR-US: Microsoft Outlook
CVE-2013-3869
@@ -5194,9 +5194,9 @@
CVE-2013-3862 (Double free vulnerability in Microsoft Windows 7 and Server
2008 R2 ...)
NOT-FOR-US: Microsoft
CVE-2013-3861 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and
4.5 ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3860 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and
4.5 does ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3859 (Microsoft Pinyin IME 2010, when used in conjunction with
Microsoft ...)
NOT-FOR-US: Microsoft Pinyin IME
CVE-2013-3858 (Microsoft Word Automation Services in SharePoint Server 2010
SP1, Word ...)
@@ -5599,7 +5599,7 @@
CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in
cgi-bin/users.cgi ...)
NOT-FOR-US: Brickcom
CVE-2013-3689 (Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae,
OSD-040E, ...)
- TODO: check
+ NOT-FOR-US: Brickcom
CVE-2013-3688 (The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G,
TL-SC3171G, ...)
NOT-FOR-US: TP-Link
CVE-2013-3687
@@ -5752,7 +5752,7 @@
CVE-2013-3628
RESERVED
CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee
Managed ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2013-3626
RESERVED
CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5
through 8.9 ...)
@@ -5787,7 +5787,7 @@
REJECTED
NOT-FOR-US: NETELLER Direct Payment API
CVE-2013-3610 (qis/QIS_finish.htm on the ASUS RT-N10E router with firmware
before ...)
- TODO: check
+ NOT-FOR-US: ASUS router
CVE-2013-3609 (The web interface in the Intelligent Platform Management
Interface ...)
NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3608 (The web interface in the Intelligent Platform Management
Interface ...)
@@ -5954,13 +5954,13 @@
CVE-2013-3544
REJECTED
CVE-2013-3543 (The AXIS Media Control (AMC) ActiveX control
(AxisMediaControlEmb.dll) ...)
- TODO: check
+ NOT-FOR-US: AXIS Media Control
CVE-2013-3542
RESERVED
CVE-2013-3541 (Directory traversal vulnerability in cgi-bin/admin/fileread in
AirLive ...)
- TODO: check
+ NOT-FOR-US: AirLive
CVE-2013-3540 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: AirLive
CVE-2013-3539 (Cross-site request forgery (CSRF) vulnerability in the ...)
NOT-FOR-US: Sony
CVE-2013-3538 (Multiple cross-site scripting (XSS) vulnerabilities in
todooforum.php ...)
@@ -6226,7 +6226,7 @@
CVE-2013-3410 (Cisco Intrusion Prevention System (IPS) Software on IPS NME
devices ...)
NOT-FOR-US: Cisco
CVE-2013-3409 (The portal in Cisco Prime Central for Hosted Collaboration
Solution ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3408 (The firmware on Cisco Virtualization Experience Client 6000
devices ...)
NOT-FOR-US: Cisco
CVE-2013-3407
@@ -6581,7 +6581,7 @@
CVE-2013-3249
RESERVED
CVE-2013-3248 (Untrusted search path vulnerability in Corel PDF Fusion 1.11
allows ...)
- TODO: check
+ NOT-FOR-US: Corel PDF Fusion
CVE-2013-3247
RESERVED
CVE-2013-3246
@@ -6725,7 +6725,7 @@
CVE-2013-3201 (Microsoft Internet Explorer 9 and 10 allows remote attackers to
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3200 (The USB drivers in the kernel-mode drivers in Microsoft Windows
XP SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2013-3199 (Microsoft Internet Explorer 6 through 10 allows remote
attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3198 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in
...)
@@ -6735,7 +6735,7 @@
CVE-2013-3196 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in
...)
NOT-FOR-US: Microsoft Windows
CVE-2013-3195 (The DSA_InsertItem function in Comctl32.dll in the Windows
common ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2013-3194 (Microsoft Internet Explorer 9 allows remote attackers to
execute ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3193 (Microsoft Internet Explorer 9 and 10 allows remote attackers to
...)
@@ -6869,7 +6869,7 @@
CVE-2013-3129 (Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5;
Silverlight ...)
NOT-FOR-US: Microsoft
CVE-2013-3128 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2013-3127 (The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in
Windows ...)
NOT-FOR-US: Microsoft
CVE-2013-3126 (Microsoft Internet Explorer 9 and 10, when script debugging is
...)
@@ -7202,7 +7202,7 @@
CVE-2013-2965
RESERVED
CVE-2013-2964 (Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM)
through ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2013-2963
RESERVED
CVE-2013-2962
@@ -7649,7 +7649,7 @@
CVE-2013-2809
RESERVED
CVE-2013-2808 (Heap-based buffer overflow in Xper in Philips Xper Information
...)
- TODO: check
+ NOT-FOR-US: Xper
CVE-2013-2807
RESERVED
CVE-2013-2806
@@ -13821,7 +13821,7 @@
NOTE:
http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html
NOTE:
https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
CVE-2013-0742 (Stack-based buffer overflow in Corel PDF Fusion 1.11 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Corel PDF Fusion
CVE-2013-0741
RESERVED
CVE-2013-0740
@@ -14297,13 +14297,13 @@
CVE-2013-0581 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Business ...)
NOT-FOR-US: IBM
CVE-2013-0580 (Cross-site request forgery (CSRF) vulnerability in the Optim
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-0579 (The Optim E-Business Console in IBM Data Growth Solution for
Oracle ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-0578 (The Sterling Order Management APIs in IBM Sterling
Multi-Channel ...)
NOT-FOR-US: IBM
CVE-2013-0577 (The Optim E-Business Console in IBM Data Growth Solution for
Oracle ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-0576 (Cross-site scripting (XSS) vulnerability in the Tivoli
Enterprise ...)
NOT-FOR-US: IBM Tivoli Monitoring
CVE-2013-0575
@@ -22095,7 +22095,7 @@
- munin 2.0.5-1 (bug #682869)
[squeeze] - munin <no-dsa> (Minor issue)
CVE-2012-4141 (Directory traversal vulnerability in the CLI parser in Cisco
NX-OS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4140
RESERVED
CVE-2012-4139
@@ -22133,7 +22133,7 @@
CVE-2012-4123
RESERVED
CVE-2012-4122 (The CLI parser in Cisco NX-OS allows local users to bypass
intended ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4121
RESERVED
CVE-2012-4120
@@ -22181,7 +22181,7 @@
CVE-2012-4099
RESERVED
CVE-2012-4098 (The BGP implementation in Cisco NX-OS does not properly filter
AS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4097
RESERVED
CVE-2012-4096 (The local file editor in the Baseboard Management Controller
(BMC) in ...)
@@ -22195,9 +22195,9 @@
CVE-2012-4092 (The management interface in the Central Software component in
Cisco ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4091 (The RIP service engine in Cisco NX-OS allows remote attackers
to cause ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4090 (The management interface in Cisco NX-OS on Nexus 7000 devices
allows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4089 (MCTOOLS in the fabric interconnect in Cisco Unified Computing
System ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4088 (The FTP server in Cisco Unified Computing System (UCS) has a
hardcoded ...)
@@ -22209,7 +22209,7 @@
CVE-2012-4085 (The Intelligent Platform Management Interface (IPMI)
implementation in ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4084 (Cross-site request forgery (CSRF) vulnerability in the
web-management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4083 (Multiple buffer overflows in the administrative web interface
in Cisco ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4082 (MCTools in the Cisco Management Controller in Cisco Unified
Computing ...)
@@ -22227,7 +22227,7 @@
CVE-2012-4076
RESERVED
CVE-2012-4075 (Cisco NX-OS allows local users to gain privileges and execute
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-4074 (The Board Management Controller (BMC) in the Serial over LAN
(SoL) ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4073 (The KVM subsystem in the client in Cisco Unified Computing
System ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
