[Secure-testing-commits] r26717 - data/CVE

Helmut Grohne helmutg at moszumanska.debian.org
Sun Apr 27 05:54:58 UTC 2014 

Author: helmutg
Date: 2014-04-27 05:54:57 +0000 (Sun, 27 Apr 2014)
New Revision: 26717

Modified:
   data/CVE/list
Log:
NFUs, lighttpd?

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-04-26 13:56:02 UTC (rev 26716)
+++ data/CVE/list	2014-04-27 05:54:57 UTC (rev 26717)
@@ -176,9 +176,9 @@
 CVE-2014-2881
 	RESERVED
 CVE-2014-2880 (Open redirect vulnerability in Oracle Identity Manager 11g R2 SP1 ...)
-	TODO: check
+	NOT-FOR-US: Oracle Identity Manager
 CVE-2014-2879 (Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL ...)
-	TODO: check
+	NOT-FOR-US: SonicWALL
 CVE-2014-2878
 	RESERVED
 CVE-2014-2877
@@ -188,9 +188,9 @@
 CVE-2014-2875
 	RESERVED
 CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom ...)
-	TODO: check
+	NOT-FOR-US: F-Secure Anti-Virus
 CVE-2012-6646 (F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts]
 	- virtualenvwrapper <unfixed> (bug #745580)
 	TODO: verify
@@ -336,7 +336,7 @@
 CVE-2014-2845
 	RESERVED
 CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure ...)
-	TODO: check
+	NOT-FOR-US: F-Secure Messaging Secure Gateway
 CVE-2014-2843
 	RESERVED
 CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a ...)
@@ -1013,7 +1013,7 @@
 CVE-2014-2598
 	RESERVED
 CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a ...)
-	TODO: check
+	NOT-FOR-US: PCNetSoftware RAC Server
 CVE-2014-2596
 	RESERVED
 CVE-2014-2595
@@ -1367,7 +1367,8 @@
 CVE-2014-2470 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2014-2469 (Unspecified vulnerability in Lighthttpd in Oracle Solaris 11.1 allows ...)
-	TODO: check
+	- lighttpd <undetermined>
+	TODO: check, no patch published yet, maybe never published (BSD license)
 CVE-2014-2468 (Unspecified vulnerability in the Siebel UI Framework component in ...)
 	NOT-FOR-US: Oracle Siebel CRM
 CVE-2014-2467 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
@@ -4729,7 +4730,7 @@
 CVE-2014-0985
 	RESERVED
 CVE-2014-0984 (The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, ...)
-	TODO: check
+	NOT-FOR-US: SAP Router
 CVE-2014-0983 (Multiple array index errors in programs that are automatically ...)
 	{DSA-2904-1}
 	- virtualbox 4.3.10-dfsg-1 (bug #741602)
@@ -6104,9 +6105,9 @@
 	{DSA-2892-1}
 	- a2ps 1:4.14-1.3 (bug #742902)
 CVE-2013-7196 (static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote ...)
-	TODO: check
+	NOT-FOR-US: PHPFox
 CVE-2013-7195 (PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass ...)
-	TODO: check
+	NOT-FOR-US: PHPFox
 CVE-2013-7194 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: eFront
 CVE-2013-7193 (Multiple SQL injection vulnerabilities in C2C Forward Auction Creator ...)
@@ -6916,9 +6917,9 @@
 CVE-2014-0360
 	RESERVED
 CVE-2014-0359 (Xangati XSR before 11 and XNR before 7 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Xangati
 CVE-2014-0358 (Multiple directory traversal vulnerabilities in Xangati XSR before 11 ...)
-	TODO: check
+	NOT-FOR-US: Xangati
 CVE-2014-0357 (Amtelco miSecureMessages allows remote attackers to read the messages ...)
 	NOT-FOR-US: Amtelco miSecureMessages
 CVE-2014-0356 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...)
@@ -6950,9 +6951,9 @@
 CVE-2014-0343 (The web interface on Virtual Access GW6110A routers with software 9.00 ...)
 	NOT-FOR-US: GW6110A routers
 CVE-2014-0342 (Multiple unrestricted file upload vulnerabilities in fileupload.php in ...)
-	TODO: check
+	NOT-FOR-US: PivotX
 CVE-2014-0341 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX before ...)
-	TODO: check
+	NOT-FOR-US: PivotX
 CVE-2014-0340
 	RESERVED
 CVE-2014-0339 (Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before ...)
@@ -10086,9 +10087,9 @@
 CVE-2013-6215 (Unspecified vulnerability in the Integration Service in HP Universal ...)
 	TODO: check
 CVE-2013-6214 (Unspecified vulnerability in the Integration Service in HP Universal ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2013-6213 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2013-6212 (Unspecified vulnerability in HP Database and Middleware Automation ...)
 	TODO: check
 CVE-2013-6211 (Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance ...)
@@ -13686,7 +13687,7 @@
 CVE-2013-4695
 	RESERVED
 CVE-2013-4694 (Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 ...)
-	TODO: check
+	NOT-FOR-US: Winamp
 CVE-2013-4693
 	RESERVED
 CVE-2013-4692
@@ -55791,7 +55792,7 @@
 CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter ...)
 	NOT-FOR-US: Novell File Reporter
 CVE-2011-0993 (SUSE Lifecycle Management Server before 1.1 uses world readable ...)
-	TODO: check
+	NOT-FOR-US: SUSE Lifecycle Management Server
 CVE-2011-0992 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...)
 	- mono <not-affected> (Moonlight no longer present in Debian)
 CVE-2011-0991 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...)

More information about the Secure-testing-commits mailing list