Author: carnil
Date: 2013-09-05 19:07:20 +0000 (Thu, 05 Sep 2013)
New Revision: 23559
Modified:
data/CVE/list
Log:
Add couple of NFU from TODO list
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-05 17:33:18 UTC (rev 23558)
+++ data/CVE/list 2013-09-05 19:07:20 UTC (rev 23559)
@@ -209,9 +209,9 @@
CVE-2012-6584 (Multiple SQL injection vulnerabilities in MYRE Realty Manager
allow ...)
NOT-FOR-US: MYRE Realty Manager
CVE-2012-6583 (Cross-site scripting (XSS) vulnerability in the Imagemenu
module ...)
- TODO: check
+ NOT-FOR-US: Imagemenu Drupal contributed module
CVE-2010-5289 (Buffer overflow in the Authenticate method in the ...)
- TODO: check
+ NOT-FOR-US: IncrediMail
CVE-2013-5589 (SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b
and ...)
{DSA-2747-1}
- cacti 0.8.8b+dfsg-3
@@ -732,19 +732,19 @@
CVE-2013-5322 (SQL injection vulnerability in the CoolURI extension before
1.0.30 for ...)
NOT-FOR-US: TYPO3 extension (CoolURI)
CVE-2013-5321 (Multiple SQL injection vulnerabilities in AlienVault Open
Source ...)
- TODO: check
+ NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2013-5320 (Cross-site scripting (XSS) vulnerability in
Forums/EditPost.aspx in ...)
- TODO: check
+ NOT-FOR-US: mojoPortal
CVE-2013-5319 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Atlassian JIRA
CVE-2013-5318 (SQL injection vulnerability in Ginkgo CMS 5.0 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Ginkgo CMS
CVE-2013-5317 (Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0
allows ...)
NOT-FOR-US: RiteCMS
CVE-2013-5316 (Cross-site request forgery (CSRF) vulnerability in RiteCMS
1.0.0 ...)
NOT-FOR-US: RiteCMS
CVE-2012-6582 (Cross-site scripting (XSS) vulnerability in the Spambot module
6.x-3.x ...)
- TODO: check
+ NOT-FOR-US: Spambot Drupal contributed module
CVE-2013-5313 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: BigTree CMS
CVE-2013-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Vastal
I-Tech ...)
@@ -756,15 +756,15 @@
CVE-2013-5314 (Cross-site scripting (XSS) vulnerability in ...)
- serendipity <removed>
CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe)
extension ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: FUDforum
CVE-2013-5308 (Cross-site scripting (XSS) vulnerability in the RealURL
Management ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2013-5307 (Cross-site scripting (XSS) vulnerability in the Faceted Search
...)
NOT-FOR-US: Faceted Search Typo3 extension
CVE-2013-5306 (SQL injection vulnerability in the Browser - TYPO3 without PHP
...)
- TODO: check
+ NOT-FOR-US: TYPO3 Extension
CVE-2013-5305 (Cross-site scripting (XSS) vulnerability in the Store Locator
...)
NOT-FOR-US: typo3 third party component (locator)
CVE-2013-5304 (SQL injection vulnerability in the Store Locator (locator)
extension ...)
@@ -774,7 +774,7 @@
CVE-2013-5302 (SQL injection vulnerability in the Faceted Search (ke_search)
...)
NOT-FOR-US: Faceted Search Typo3 extension
CVE-2013-5301 (Directory traversal vulnerability in help.php in Trustport
Webfilter ...)
- TODO: check
+ NOT-FOR-US: Trustport Webfilter
CVE-2013-5300 (Multiple cross-site scripting (XSS) vulnerabilities in
AlienVault Open ...)
NOT-FOR-US: AlienVault OSSIM
CVE-2013-5299
@@ -4769,9 +4769,9 @@
CVE-2013-3599
RESERVED
CVE-2013-3598 (Directory traversal vulnerability in
servlet/CreateTemplateServlet in ...)
- TODO: check
+ NOT-FOR-US: SearchBlox
CVE-2013-3597 (servlet/CollectionListServlet in SearchBlox before 7.5 build 1
allows ...)
- TODO: check
+ NOT-FOR-US: SearchBlox
CVE-2013-3596
RESERVED
CVE-2013-3595
@@ -4785,7 +4785,7 @@
CVE-2013-3591
RESERVED
CVE-2013-3590 (Unrestricted file upload vulnerability in
admin/uploadImage.html in ...)
- TODO: check
+ NOT-FOR-US: SearchBlox
CVE-2013-3589
RESERVED
CVE-2013-3588
@@ -4799,9 +4799,9 @@
CVE-2013-3585 (Samsung Web Viewer for Samsung DVR devices stores credentials
in ...)
NOT-FOR-US: Samsung DVR devices
CVE-2013-3584 (Cross-site scripting (XSS) vulnerability in Corporater EPM
Suite ...)
- TODO: check
+ NOT-FOR-US: Corporater EPM Suite
CVE-2013-3583 (Cross-site request forgery (CSRF) vulnerability in
saveProperties.html ...)
- TODO: check
+ NOT-FOR-US: Corporater EPM Suite
CVE-2013-3582 (Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2,
and ...)
NOT-FOR-US: Dell
CVE-2013-3581 (ajax.cgi in the web interface on the Choice Wireless Green
Packet ...)
@@ -6152,7 +6152,7 @@
CVE-2013-2968 (An unspecified buffer-read method in IBM Sterling Control
Center (SCC) ...)
NOT-FOR-US: IBM Sterling Control Center
CVE-2013-2967 (Cross-site scripting (XSS) vulnerability in the Administrative
console ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-2966
RESERVED
CVE-2013-2965
@@ -6617,15 +6617,15 @@
CVE-2013-2805
RESERVED
CVE-2013-2804 (The DNP Master Driver in Software Toolbox TOP Server before
5.12.140.0 ...)
- TODO: check
+ NOT-FOR-US: TOP Server OPC Server
CVE-2013-2803
RESERVED
CVE-2013-2802 (The universal protocol implementation in Sixnet UDR before 2.0
and RTU ...)
- TODO: check
+ NOT-FOR-US: Sixnet
CVE-2013-2801 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158
allows ...)
- TODO: check
+ NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2800 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158
allows ...)
- TODO: check
+ NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2799
RESERVED
CVE-2013-2798 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505,
and ...)
@@ -6647,7 +6647,7 @@
CVE-2013-2790 (The master-station DNP3 driver before driver19.exe, and
Beta2041.exe, ...)
NOT-FOR-US: IOServer
CVE-2013-2789 (The Kepware DNP Master Driver for the KEPServerEX
Communications ...)
- TODO: check
+ NOT-FOR-US: Kepware
CVE-2013-2788
RESERVED
CVE-2013-2787
@@ -6661,7 +6661,7 @@
CVE-2013-2783 (The DNP3 driver in IOServer drivers 1.0.19.0 allows remote
attackers ...)
NOT-FOR-US: IOServer DNP3 drivers
CVE-2013-2782 (Schneider Electric Trio J-Series License Free Ethernet Radio
with ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2013-2781 (Use-after-free vulnerability in the server application in 3S
CODESYS ...)
NOT-FOR-US: 3S CODESYS Gateway
CVE-2013-2780 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers
to ...)
@@ -7936,7 +7936,7 @@
CVE-2013-2300 (The FlickWnn (aka OpenWnn/Flick support) application 2.02 and
earlier ...)
NOT-FOR-US: FlickWnn Android App
CVE-2013-2299 (Cross-site scripting (XSS) vulnerability in Advantech WebAccess
...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2013-2298
RESERVED
- boinc 7.0.65+dfsg-1 (low)
@@ -10148,7 +10148,7 @@
CVE-2013-1663
RESERVED
CVE-2013-1662 (vmware-mount in VMware Workstation 8.x and 9.x and VMware
Player 4.x ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2013-1661
RESERVED
NOT-FOR-US: VMware ESXi
@@ -13201,7 +13201,7 @@
CVE-2013-0567 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File
Gateway 2.1 ...)
NOT-FOR-US: IBM
CVE-2013-0566 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Commerce
CVE-2013-0565 (Cross-site scripting (XSS) vulnerability in the RPC adapter for
the ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0564
@@ -14565,7 +14565,7 @@
CVE-2013-0151 (The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x
on the ...)
- xen <not-affected> (Only applies to Xen 4.2, which is only available
in experimental)
CVE-2013-0150 (Directory traversal vulnerability in an unspecified signed Java
applet ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP APM, FirePass and other F5 products
CVE-2013-0149 (The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0
...)
- quagga <not-affected>
NOTE: OSPF protocol vulnerability, quagga implementation not affected
@@ -16386,7 +16386,7 @@
CVE-2012-5745
RESERVED
CVE-2012-5744 (Multiple cross-site scripting (XSS) vulnerabilities in the
guest ...)
- TODO: check
+ NOT-FOR-US: Cisco Identity Services Engine
CVE-2012-5743
RESERVED
CVE-2012-5742
@@ -23682,7 +23682,7 @@
CVE-2012-3040 (Cross-site scripting (XSS) vulnerability in the web server on
Siemens ...)
NOT-FOR-US: Siemens
CVE-2012-3039 (Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with
...)
- TODO: check
+ NOT-FOR-US: Moxa OnCell Gateway
CVE-2012-3038
RESERVED
CVE-2012-3037 (The Siemens SIMATIC S7-1200 2.x PLC does not properly protect
the ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
