[Secure-testing-commits] r26635 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Apr 21 08:36:38 UTC 2014
Author: carnil
Date: 2014-04-21 08:36:38 +0000 (Mon, 21 Apr 2014)
New Revision: 26635
Modified:
data/CVE/list
Log:
Mark another round of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-21 08:22:19 UTC (rev 26634)
+++ data/CVE/list 2014-04-21 08:36:38 UTC (rev 26635)
@@ -93,7 +93,7 @@
CVE-2014-2848 (A race condition in the wmi_malware_scan.nbin plugin before ...)
NOT-FOR-US: Nessus
CVE-2014-2847 (SQL injection vulnerability in default.asp in CIS Manager CMS allows ...)
- TODO: check
+ NOT-FOR-US: CIS Manager CMS
CVE-2014-2846
RESERVED
CVE-2014-2845
@@ -2344,7 +2344,7 @@
CVE-2014-1970 (Directory traversal vulnerability in the ES File Explorer File Manager ...)
NOT-FOR-US: ES File Explorer File Manager for Android
CVE-2014-1969 (Directory traversal vulnerability in the apps4u at android SD Card ...)
- TODO: check
+ NOT-FOR-US: apps4u at android SD Card Manager application
CVE-2014-1968 (Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 ...)
NOT-FOR-US: XooNIps module for XOOPS
CVE-2014-1967 (The Denny's application before 2.0.1 for Android does not verify X.509 ...)
@@ -3895,7 +3895,7 @@
CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in Open Web ...)
NOT-FOR-US: Open Web Analytics
CVE-2014-1455 (SQL injection vulnerability in the password reset functionality in ...)
- TODO: check
+ NOT-FOR-US: Pearson eSIS Enterprise Student Information System
CVE-2014-1454
RESERVED
CVE-2014-1453 [nfsserver denial of service]
@@ -4697,15 +4697,15 @@
CVE-2014-0925
RESERVED
CVE-2014-0924 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify ...)
- TODO: check
+ NOT-FOR-US: IBM MessageSight
CVE-2014-0923 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM MessageSight
CVE-2014-0922 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM MessageSight
CVE-2014-0921 (The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 ...)
- TODO: check
+ NOT-FOR-US: IBM MessageSight
CVE-2014-0920 (IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs ...)
- TODO: check
+ NOT-FOR-US: IBM SPSS Analytic Server
CVE-2014-0919
RESERVED
CVE-2014-0918
@@ -4729,7 +4729,7 @@
CVE-2014-0909
RESERVED
CVE-2014-0908 (The User Attribute implementation in IBM Business Process Manager ...)
- TODO: check
+ NOT-FOR-US: IBM Business Process Manager
CVE-2014-0907
RESERVED
CVE-2014-0906
@@ -5037,7 +5037,7 @@
CVE-2014-0788
RESERVED
CVE-2014-0787 (Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 ...)
- TODO: check
+ NOT-FOR-US: WellinTech KingSCADA
CVE-2014-0786
RESERVED
CVE-2014-0785
@@ -5065,27 +5065,27 @@
CVE-2014-0774 (Stack-based buffer overflow in the C++ sample client in Schneider ...)
NOT-FOR-US: Schneider Electric OPC Factory Server
CVE-2014-0773 (The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-0772 (The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-0771 (The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-0770 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-0769
RESERVED
CVE-2014-0768 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-0767 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-0766 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-0765 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-0764 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-0763 (Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-0762
RESERVED
CVE-2014-0761
@@ -5330,7 +5330,7 @@
CVE-2014-0643
RESERVED
CVE-2014-0642 (EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, ...)
- TODO: check
+ NOT-FOR-US: EMC Documentum Content Server
CVE-2014-0641
RESERVED
CVE-2014-0640
@@ -5342,7 +5342,7 @@
CVE-2014-0637 (Cross-site scripting (XSS) vulnerability in the back-office ...)
NOT-FOR-US: RSA Adaptive Authentication
CVE-2014-0636 (EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x ...)
- TODO: check
+ NOT-FOR-US: EMC RSA BSAFE Micro Edition Suite
CVE-2014-0635 (Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x ...)
NOT-FOR-US: EMC VPLEX
CVE-2014-0634 (EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the ...)
@@ -5386,11 +5386,11 @@
CVE-2014-0615 (Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before ...)
NOT-FOR-US: JunOS CLI
CVE-2014-0614 (Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is ...)
- TODO: check
+ NOT-FOR-US: Juniper Junos
CVE-2014-0613 (The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 ...)
NOT-FOR-US: JunOS
CVE-2014-0612 (Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before ...)
- TODO: check
+ NOT-FOR-US: Juniper Junos
CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux ...)
- linux-2.6 <removed> (low)
- linux 3.12.6-1 (low)
@@ -5752,7 +5752,7 @@
CVE-2014-0515
RESERVED
CVE-2014-0514 (The Adobe Reader Mobile application before 11.2 for Android does not ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader Mobile application
CVE-2014-0513
RESERVED
CVE-2014-0512 (Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox ...)
@@ -5949,7 +5949,7 @@
CVE-2013-7150
RESERVED
CVE-2014-0465 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0464 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...)
- openjdk-7 <not-affected> (Only affects Java 8)
- openjdk-6 <not-affected> (Only affects Java 8)
@@ -5991,7 +5991,7 @@
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0450 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0449 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -6051,7 +6051,7 @@
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0426 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0425 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Services ...)
NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0424 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
@@ -6086,9 +6086,9 @@
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0414 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0413 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0412 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2848-1 DSA-2845-1}
- mariadb-5.5 5.5.35-1
@@ -6652,15 +6652,15 @@
CVE-2014-0358 (Multiple directory traversal vulnerabilities in Xangati XSR before 11 ...)
TODO: check
CVE-2014-0357 (Amtelco miSecureMessages allows remote attackers to read the messages ...)
- TODO: check
+ NOT-FOR-US: Amtelco miSecureMessages
CVE-2014-0356 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...)
- TODO: check
+ NOT-FOR-US: ZyXEL
CVE-2014-0355 (Multiple stack-based buffer overflows on the ZyXEL Wireless N300 ...)
- TODO: check
+ NOT-FOR-US: ZyXEL
CVE-2014-0354 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...)
- TODO: check
+ NOT-FOR-US: ZyXEL
CVE-2014-0353 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...)
- TODO: check
+ NOT-FOR-US: ZyXEL
CVE-2014-0352
RESERVED
CVE-2014-0351
@@ -6670,9 +6670,9 @@
CVE-2014-0349 (Multiple unspecified vulnerabilities in J2k-Codec allow remote ...)
TODO: check
CVE-2014-0348 (The Artiva Agency Single Sign-On (SSO) implementation in Artiva ...)
- TODO: check
+ NOT-FOR-US: Artiva
CVE-2014-0347 (The Settings module in Websense Triton Unified Security Center 7.7.3 ...)
- TODO: check
+ NOT-FOR-US: Websense Triton Unified Security Center
CVE-2014-0346
REJECTED
CVE-2014-0345
@@ -7044,7 +7044,7 @@
CVE-2014-0316
RESERVED
CVE-2014-0315 (Untrusted search path vulnerability in Microsoft Windows XP SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0313 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
@@ -7204,7 +7204,7 @@
CVE-2014-0236
RESERVED
CVE-2014-0235 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0234
RESERVED
CVE-2014-0233
@@ -24722,7 +24722,7 @@
CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in ...)
NOT-FOR-US: Percipient Studios ImageGen
CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server Administrator ...)
- TODO: check
+ NOT-FOR-US: Dell OpenManage Server Administrator
CVE-2013-0739
RESERVED
CVE-2013-0738
More information about the Secure-testing-commits
mailing list