[Secure-testing-commits] r28061 - data/CVE

Michael Gilbert mgilbert at moszumanska.debian.org
Fri Aug 1 23:03:37 UTC 2014


Author: mgilbert
Date: 2014-08-01 23:03:37 +0000 (Fri, 01 Aug 2014)
New Revision: 28061

Modified:
   data/CVE/list
Log:
new issue triage

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-08-01 21:14:12 UTC (rev 28060)
+++ data/CVE/list	2014-08-01 23:03:37 UTC (rev 28061)
@@ -124,11 +124,11 @@
 CVE-2014-5119
 	RESERVED
 CVE-2014-5115 (Absolute path traversal vulnerability in DirPHP 1.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: DirPHP
 CVE-2014-5114 (WeBid 1.1.1 allows remote attackers to conduct an LDAP injection ...)
 	TODO: check
 CVE-2014-5113 (Multiple cross-site scripting (XSS) vulnerabilities in test.php in ...)
-	TODO: check
+	NOT-FOR-US: Visualwave MyConnection Server
 CVE-2014-5112 (maint/modules/home/index.php in Fonality trixbox allows remote ...)
 	NOT-FOR-US: Fonality trixbox
 CVE-2014-5111 (Multiple directory traversal vulnerabilities in Fonality trixbox allow ...)
@@ -136,25 +136,25 @@
 CVE-2014-5110 (Cross-site scripting (XSS) vulnerability in user/help/html/index.php ...)
 	NOT-FOR-US: Fonality trixbox
 CVE-2014-5109 (SQL injection vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Fonality trixbox
 CVE-2014-5108 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: concrete5
 CVE-2014-5107 (concrete5 before 5.6.3 allows remote attackers to obtain the ...)
-	TODO: check
+	NOT-FOR-US: concrete5
 CVE-2014-5106 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board ...)
-	TODO: check
+	NOT-FOR-US: Invision Power IP.Board
 CVE-2014-5105 (Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce ...)
-	TODO: check
+	NOT-FOR-US: ol-commerce
 CVE-2014-5104 (Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow ...)
-	TODO: check
+	NOT-FOR-US: ol-commerce
 CVE-2014-5103 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog ...)
-	TODO: check
+	NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
 CVE-2014-5102 (SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 ...)
 	TODO: check
 CVE-2014-5101 (Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 ...)
 	TODO: check
 CVE-2014-5100 (Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka ...)
-	TODO: check
+	NOT-FOR-US: Omeka
 CVE-2014-5099
 	RESERVED
 CVE-2014-5098
@@ -484,7 +484,7 @@
 CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for ...)
 	TODO: check
 CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2014-4977 (Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer ...)
 	NOT-FOR-US: SonicWall
 CVE-2014-4976 (Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to ...)
@@ -524,7 +524,7 @@
 CVE-2014-4972
 	RESERVED
 CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain IRP ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows XP
 CVE-2014-4970
 	RESERVED
 CVE-2014-4969
@@ -629,7 +629,7 @@
 CVE-2014-4928
 	RESERVED
 CVE-2014-4927 (Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and ...)
-	TODO: check
+	NOT-FOR-US: ACME micro_httpd
 CVE-2014-4926
 	RESERVED
 CVE-2014-4925
@@ -753,9 +753,9 @@
 CVE-2014-4859
 	RESERVED
 CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre ...)
-	TODO: check
+	NOT-FOR-US: Sabre AirCenter Crew
 CVE-2014-4857 (Cross-site scripting (XSS) vulnerability in Gurock TestRail before ...)
-	TODO: check
+	NOT-FOR-US: Gurock TestRail
 CVE-2014-4856 (Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2014-4855 (Cross-site scripting (XSS) vulnerability in the Polylang plugin before ...)
@@ -973,9 +973,9 @@
 CVE-2014-4749
 	RESERVED
 CVE-2014-4748 (Cross-site scripting (XSS) vulnerability in the Classic Meeting Server ...)
-	TODO: check
+	NOT-FOR-US: IBM Sametime
 CVE-2014-4747 (The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows ...)
-	TODO: check
+	NOT-FOR-US: IBM Sametime
 CVE-2014-4746
 	RESERVED
 CVE-2014-4745
@@ -997,7 +997,7 @@
 CVE-2014-4737
 	RESERVED
 CVE-2014-4736 (SQL injection vulnerability in E2 before 2.4 (2845) allows remote ...)
-	TODO: check
+	NOT-FOR-US: E2
 CVE-2014-4735
 	RESERVED
 CVE-2014-4734 (Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 ...)
@@ -1086,7 +1086,7 @@
 CVE-2014-4711
 	RESERVED
 CVE-2014-4710 (Cross-site scripting (XSS) vulnerability in zero_user_account.php in ...)
-	TODO: check
+	NOT-FOR-US: ZeroCMS
 CVE-2014-4709
 	RESERVED
 CVE-2014-4708
@@ -1162,15 +1162,15 @@
 CVE-2014-4687 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense before ...)
 	NOT-FOR-US: pfSense
 CVE-2014-4686 (The Project administration application in Siemens SIMATIC WinCC before ...)
-	TODO: check
+	NOT-FOR-US: Siemens SIMATIC WinCC
 CVE-2014-4685 (Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, ...)
-	TODO: check
+	NOT-FOR-US: Siemens SIMATIC WinCC
 CVE-2014-4684 (The database server in Siemens SIMATIC WinCC before 7.3, as used in ...)
-	TODO: check
+	NOT-FOR-US: Siemens SIMATIC WinCC
 CVE-2014-4683 (The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used ...)
-	TODO: check
+	NOT-FOR-US: Siemens SIMATIC WinCC
 CVE-2014-4682 (The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used ...)
-	TODO: check
+	NOT-FOR-US: Siemens SIMATIC WinCC
 CVE-2014-4681
 	RESERVED
 CVE-2014-4680
@@ -1619,11 +1619,11 @@
 CVE-2014-4504
 	RESERVED
 CVE-2014-4503 (The parse_notify function in util.c in sgminer before 4.2.2 and ...)
-	TODO: check
+	- cgminer 4.2.3-1
 CVE-2014-4502 (Multiple heap-based buffer overflows in the parse_notify function in ...)
-	TODO: check
+	- cgminer 4.4.2-1
 CVE-2014-4501 (Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer ...)
-	TODO: check
+	- cgminer 4.4.2-1
 CVE-2014-4500
 	RESERVED
 CVE-2014-4499
@@ -2876,9 +2876,9 @@
 CVE-2014-3947
 	RESERVED
 CVE-2014-3939 (Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 ...)
-	TODO: check
+	NOT-FOR-US: Autodesk SketchBook Pro
 CVE-2014-3938 (Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Autodesk Sketchbook Pro
 CVE-2014-3937 (SQL injection vulnerability in the Contextual Related Posts plugin ...)
 	NOT-FOR-US: WordPress plugin contextual-related-posts
 CVE-2014-3936 (Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi ...)
@@ -2996,11 +2996,11 @@
 CVE-2014-3898
 	RESERVED
 CVE-2014-3897 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...)
-	TODO: check
+	NOT-FOR-US: Homepage Decorator PerlMailer
 CVE-2014-3896 (Multiple cross-site request forgery (CSRF) vulnerabilities in CGI ...)
-	TODO: check
+	NOT-FOR-US: Seeds acmailer
 CVE-2014-3895 (The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, ...)
-	TODO: check
+	NOT-FOR-US: I-O DATA camera firmware
 CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional ...)
 	NOT-FOR-US: PHP Kobo Multifunctional MailForm
 CVE-2014-3893
@@ -4412,21 +4412,21 @@
 CVE-2014-3330
 	RESERVED
 CVE-2014-3329 (Cross-site scripting (XSS) vulnerability in the web-server component ...)
-	TODO: check
+	NOT-FOR-US: Cisco Prime Data Center Network Manager
 CVE-2014-3328 (The Intercluster Sync Agent Service in Cisco Unified Presence Server ...)
-	TODO: check
+	NOT-FOR-US: Cisco Unified Presence Server
 CVE-2014-3327
 	RESERVED
 CVE-2014-3326 (SQL injection vulnerability in the web framework in Cisco Security ...)
-	TODO: check
+	NOT-FOR-US: Cisco Security Manager
 CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2014-3324 (Multiple cross-site scripting (XSS) vulnerabilities in the login page ...)
-	TODO: check
+	NOT-FOR-US: Cisco TelePrecence Server
 CVE-2014-3323 (Directory traversal vulnerability in Cisco Unified Contact Center ...)
 	NOT-FOR-US: Cisco
 CVE-2014-3322 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2014-3321 (Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group ...)
 	NOT-FOR-US: Cisco
 CVE-2014-3320 (Multiple open redirect vulnerabilities in the admin web interface in ...)
@@ -4460,15 +4460,15 @@
 CVE-2014-3306 (The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, ...)
 	NOT-FOR-US: Cisco
 CVE-2014-3305 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
-	TODO: check
+	NOT-FOR-US: Cisco WebEx Meetings Server
 CVE-2014-3304 (The OutlookAction Class in Cisco WebEx Meetings Server allows remote ...)
-	TODO: check
+	NOT-FOR-US: Cisco WebEx Meetings Server
 CVE-2014-3303 (The web framework in Cisco WebEx Meetings Server does not properly ...)
-	TODO: check
+	NOT-FOR-US: Cisco WebEx Meetings Server
 CVE-2014-3302
 	RESERVED
 CVE-2014-3301 (The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) ...)
-	TODO: check
+	NOT-FOR-US: Cisco WebEx Meetings Server
 CVE-2014-3300 (The BVSMWeb portal in the web framework in Cisco Unified ...)
 	NOT-FOR-US: Cisco Unified Communications Domain Manager
 CVE-2014-3299 (Cisco IOS allows remote authenticated users to cause a denial of ...)
@@ -4980,7 +4980,7 @@
 CVE-2014-3112
 	RESERVED
 CVE-2014-3110 (Multiple cross-site scripting (XSS) vulnerabilities on Honeywell ...)
-	TODO: check
+	NOT-FOR-US: Honeywell FALCON XLWeb controllor
 CVE-2014-3109
 	RESERVED
 CVE-2014-3108
@@ -5058,7 +5058,7 @@
 CVE-2014-3072
 	RESERVED
 CVE-2014-3071 (Cross-site scripting (XSS) vulnerability in the Data Quality Console ...)
-	TODO: check
+	NOT-FOR-US: IBM InfoSphere
 CVE-2014-3070
 	RESERVED
 CVE-2014-3069
@@ -5086,13 +5086,13 @@
 CVE-2014-3058
 	RESERVED
 CVE-2014-3057 (Cross-site scripting (XSS) vulnerability in the Unified Task List ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Portal
 CVE-2014-3056 (The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Portal
 CVE-2014-3055 (SQL injection vulnerability in the Unified Task List (UTL) Portlet for ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Portal
 CVE-2014-3054 (Multiple open redirect vulnerabilities in the Unified Task List (UTL) ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Portal
 CVE-2014-3053 (The Local Management Interface (LMI) in IBM Security Access Manager ...)
 	NOT-FOR-US: IBM ISAM
 CVE-2014-3052 (The reverse-proxy feature in IBM Security Access Manager (ISAM) for ...)
@@ -5100,7 +5100,7 @@
 CVE-2014-3051
 	RESERVED
 CVE-2014-3050 (IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Team Concert
 CVE-2014-3049
 	RESERVED
 CVE-2014-3048 (Unspecified vulnerability on the IBM System Storage Virtualization ...)
@@ -5148,9 +5148,9 @@
 CVE-2014-3027
 	RESERVED
 CVE-2014-3026 (CRLF injection vulnerability in IBM Maximo Asset Management 7.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2014-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...)
-	TODO: check
+	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2014-3024
 	RESERVED
 CVE-2014-3023
@@ -5160,7 +5160,7 @@
 CVE-2014-3021
 	RESERVED
 CVE-2014-3020 (install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Integrated Portal
 CVE-2014-3019
 	RESERVED
 CVE-2014-3018
@@ -5292,9 +5292,9 @@
 CVE-2014-2976 (Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 ...)
 	NOT-FOR-US: Sixnet SixView
 CVE-2014-2975 (Cross-site scripting (XSS) vulnerability in php/user_account.php in ...)
-	TODO: check
+	NOT-FOR-US: Silver Peak VX
 CVE-2014-2974 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Silver Peak VX
 CVE-2014-2973
 	RESERVED
 CVE-2014-2972
@@ -5303,17 +5303,17 @@
 	[squeeze] - exim4 <no-dsa> (Minor issue)
 	[wheezy] - exim4 <no-dsa> (Minor issue)
 CVE-2014-2971 (Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in ...)
-	TODO: check
+	NOT-FOR-US: MicroPact iComplaints
 CVE-2014-2970
 	REJECTED
 CVE-2014-2969 (NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a ...)
 	NOT-FOR-US: NETGEAR GS108PE Prosafe Plus switches
 CVE-2014-2968 (Cross-site scripting (XSS) vulnerability in the web interface on the ...)
-	TODO: check
+	NOT-FOR-US: Huawei E355 CH1E355SM firmware
 CVE-2014-2967 (Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers ...)
 	NOT-FOR-US: Autodesk VRED Professional
 CVE-2014-2966 (The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly ...)
-	TODO: check
+	NOT-FOR-US: Resin Pro
 CVE-2014-2965 (Cross-site scripting (XSS) vulnerability in auth-settings-x.php in ...)
 	NOT-FOR-US: SpamTitan
 CVE-2014-2964
@@ -5975,7 +5975,7 @@
 CVE-2014-2718
 	RESERVED
 CVE-2014-2717 (Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Honeywell FALCON XLWeb controller
 CVE-2014-2716
 	RESERVED
 CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -6945,9 +6945,9 @@
 CVE-2014-2371
 	RESERVED
 CVE-2014-2370 (Cross-site scripting (XSS) vulnerability in the web application on ...)
-	TODO: check
+	NOT-FOR-US: Omron
 CVE-2014-2369 (Cross-site request forgery (CSRF) vulnerability in the web application ...)
-	TODO: check
+	NOT-FOR-US: Omron
 CVE-2014-2368 (The BrowseFolder method in the bwocxrun ActiveX control in Advantech ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2014-2367 (The ChkCookie subroutine in an ActiveX control in ...)
@@ -6959,13 +6959,13 @@
 CVE-2014-2364 (Multiple stack-based buffer overflows in Advantech WebAccess before ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2014-2363 (Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which ...)
-	TODO: check
+	NOT-FOR-US: Morpho Itemiser
 CVE-2014-2362 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules ...)
-	TODO: check
+	NOT-FOR-US: OleumTech Wireless Gateway
 CVE-2014-2361 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, ...)
-	TODO: check
+	NOT-FOR-US: OleumTech Wireless Gateway
 CVE-2014-2360 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules ...)
-	TODO: check
+	NOT-FOR-US: OleumTech Wireless Gateway
 CVE-2014-2359
 	RESERVED
 CVE-2014-2358
@@ -6973,7 +6973,7 @@
 CVE-2014-2357
 	RESERVED
 CVE-2014-2356 (Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require ...)
-	TODO: check
+	NOT-FOR-US: Innominate mGuard
 CVE-2014-2355
 	RESERVED
 CVE-2014-2354 (Cogent DataHub before 7.3.5 does not use a salt during password ...)
@@ -10478,9 +10478,9 @@
 CVE-2014-0949 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2014-0948 (Unspecified vulnerability in IBM Rational Software Architect Design ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Software Architect Design
 CVE-2014-0947 (Unspecified vulnerability in the server in IBM Rational Software ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Software Architect Design
 CVE-2014-0946 (The RES Console in Rule Execution Server in IBM Operational Decision ...)
 	NOT-FOR-US: IBM
 CVE-2014-0945 (Cross-site scripting (XSS) vulnerability in the RES Console in Rule ...)
@@ -10544,9 +10544,9 @@
 CVE-2014-0916
 	RESERVED
 CVE-2014-0915 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...)
-	TODO: check
+	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2014-0914 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
-	TODO: check
+	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2014-0913 (Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino ...)
 	NOT-FOR-US: IBM iNotes
 CVE-2014-0912
@@ -10596,7 +10596,7 @@
 CVE-2014-0890 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, ...)
 	NOT-FOR-US: IBM Sametime
 CVE-2014-0889 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite ...)
-	TODO: check
+	NOT-FOR-US: IBM Atlas Suite
 CVE-2014-0888
 	RESERVED
 CVE-2014-0887 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before ...)
@@ -11281,7 +11281,7 @@
 CVE-2014-0608
 	RESERVED
 CVE-2014-0607 (Unrestricted file upload vulnerability in Attachmate Verastream ...)
-	TODO: check
+	NOT-FOR-US: Attachmate Verastream Process Designer
 CVE-2014-0606
 	RESERVED
 CVE-2014-0605




More information about the Secure-testing-commits mailing list