[Secure-testing-commits] r28272 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Aug 14 07:12:18 UTC 2014
Author: carnil
Date: 2014-08-14 07:12:18 +0000 (Thu, 14 Aug 2014)
New Revision: 28272
Modified:
data/CVE/list
Log:
Update NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-14 07:06:20 UTC (rev 28271)
+++ data/CVE/list 2014-08-14 07:12:18 UTC (rev 28272)
@@ -99,27 +99,27 @@
CVE-2014-5178 (Multiple cross-site scripting (XSS) vulnerabilities in Easy File ...)
NOT-FOR-US: Easy File Sharing
CVE-2014-5176 (SAP FI Manager Self-Service has a hard-coded user name, which makes it ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-5175 (The License Measurement servlet in SAP Solution Manager 7.1 allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-5174 (The SAP Netweaver Business Warehouse component does not properly ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-5173 (SAP HANA Extend Application Services (XS) allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-5172 (Multiple cross-site scripting (XSS) vulnerabilities in the XS ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-5171 (SAP HANA Extend Application Services (XS) does not encrypt ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2013-7396
RESERVED
CVE-2013-7395 (ZOLL Defibrillator / Monitor X Series has a default (1) supervisor ...)
- TODO: check
+ NOT-FOR-US: ZOLL Defibrillator / Monitor X Series
CVE-2013-7394 (The "runshellscript echo.sh" script in Splunk before 5.0.5 allows ...)
NOT-FOR-US: Splunk
CVE-2012-6653 (Unspecified vulnerability in the All Video Gallery (all-video-gallery) ...)
NOT-FOR-US: WordPress plugin all-video-gallery
CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a ...)
- TODO: check
+ NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series
CVE-2014-5207 [ro bind mount bypass using user namespaces]
RESERVED
- linux <unfixed>
@@ -247,7 +247,7 @@
- wireshark <unfixed>
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html
CVE-2014-5160 (** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe ...)
- TODO: check
+ NOT-FOR-US: HP Data Protector
CVE-2014-5159
RESERVED
CVE-2014-5158
@@ -390,11 +390,11 @@
CVE-2014-5091
RESERVED
CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Status2k
CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in Status2k ...)
- TODO: check
+ NOT-FOR-US: Status2k
CVE-2014-5088 (Cross-site scripting (XSS) vulnerability in Status2k allows remote ...)
- TODO: check
+ NOT-FOR-US: Status2k
CVE-2014-5087
RESERVED
CVE-2014-5086
@@ -1436,7 +1436,7 @@
CVE-2014-4651
RESERVED
CVE-2014-4647 (Stack-based buffer overflow in the loadExtensionFactory method in the ...)
- TODO: check
+ NOT-FOR-US: Embarcadero ER/Studio Data Architect
CVE-2014-4646 (Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK ...)
NOT-FOR-US: Foxit PDF SDK
CVE-2014-4645 (Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link ...)
@@ -3184,7 +3184,7 @@
CVE-2014-3915 (The userRequest servlet in the Admin Center for Tivoli Storage Manager ...)
NOT-FOR-US: Rocket Servergraph
CVE-2014-3914 (Directory traversal vulnerability in the Admin Center for Tivoli ...)
- TODO: check
+ NOT-FOR-US: Rocket ServerGraph
CVE-2014-3913 (Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow ...)
NOT-FOR-US: Ericom AccessNow Server
CVE-2014-3912 (Stack-based buffer overflow in the FindConfigChildeKeyList method in ...)
@@ -3210,11 +3210,11 @@
CVE-2014-3902
RESERVED
CVE-2014-3901 (Raritan Japan Dominion KX2-101 switches before 2 allow remote ...)
- TODO: check
+ NOT-FOR-US: Raritan Japan Dominion KX2-101 switches
CVE-2014-3900
RESERVED
CVE-2014-3899 (Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Gretech GOM Player
CVE-2014-3898
RESERVED
CVE-2014-3897 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...)
@@ -4388,7 +4388,7 @@
CVE-2014-3460 (Directory traversal vulnerability in the DumpToFile method in the ...)
NOT-FOR-US: NetIQ Sentinel
CVE-2014-3459 (Heap-based buffer overflow in SolarWinds Network Configuration Manager ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Network Configuration Manager
CVE-2014-3458
RESERVED
CVE-2014-3457
@@ -4456,7 +4456,7 @@
CVE-2014-3435
RESERVED
CVE-2014-3434 (Buffer overflow in the sysplant driver in Symantec Endpoint Protection ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2014-3433 (Cross-site scripting (XSS) vulnerability in the management console in ...)
NOT-FOR-US: Symantec
CVE-2014-3432 (Cross-site scripting (XSS) vulnerability in the management console in ...)
@@ -4635,31 +4635,31 @@
CVE-2014-3340
RESERVED
CVE-2014-3339 (Multiple SQL injection vulnerabilities in the administrative web ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3338 (The CTIManager module in Cisco Unified Communications Manager (CM) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3337 (The SIP implementation in Cisco Unified Communications Manager (CM) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3336 (SQL injection vulnerability in the web framework in Cisco Unity ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3335
RESERVED
CVE-2014-3334
RESERVED
CVE-2014-3333 (The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3332 (Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3331
RESERVED
CVE-2014-3330 (Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3329 (Cross-site scripting (XSS) vulnerability in the web-server component ...)
NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2014-3328 (The Intercluster Sync Agent Service in Cisco Unified Presence Server ...)
NOT-FOR-US: Cisco Unified Presence Server
CVE-2014-3327 (The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3326 (SQL injection vulnerability in the web framework in Cisco Security ...)
NOT-FOR-US: Cisco Security Manager
CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
@@ -4709,7 +4709,7 @@
CVE-2014-3303 (The web framework in Cisco WebEx Meetings Server does not properly ...)
NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3302 (user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3301 (The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) ...)
NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3300 (The BVSMWeb portal in the web framework in Cisco Unified ...)
@@ -5294,7 +5294,7 @@
CVE-2014-3077
RESERVED
CVE-2014-3076 (IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3075
RESERVED
CVE-2014-3074 (The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local ...)
@@ -7219,7 +7219,7 @@
CVE-2014-2358
RESERVED
CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application in ...)
- TODO: check
+ NOT-FOR-US: SUBNET SubSTATION Server 2
CVE-2014-2356 (Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require ...)
NOT-FOR-US: Innominate mGuard
CVE-2014-2355
@@ -10726,7 +10726,7 @@
CVE-2014-0954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0953 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0952 (Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0951 (Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM ...)
@@ -11778,23 +11778,23 @@
CVE-2014-0547
RESERVED
CVE-2014-0546 (Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2014-0545 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2014-0544 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2014-0543 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2014-0542 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2014-0541 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2014-0540 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2014-0539 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
NOT-FOR-US: Adobe Flash
CVE-2014-0538 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2014-0537 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
NOT-FOR-US: Adobe Flash
CVE-2014-0536 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
@@ -18121,7 +18121,7 @@
CVE-2013-5434
RESERVED
CVE-2013-5433 (The Data Growth Solution for JD Edwards EnterpriseOne in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-5432
RESERVED
CVE-2013-5431 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ...)
@@ -56177,7 +56177,7 @@
CVE-2011-2945 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2944 (SQL injection vulnerability in login.php in MegaLab The Uploader ...)
- TODO: check
+ NOT-FOR-US: MegaLab The Uploader
CVE-2011-2943 (The irc_msg_who function in msgs.c in the IRC protocol plugin in ...)
- pidgin 2.10.0-1 (bug #638709)
[squeeze] - pidgin <not-affected> (Only affects 2.8 to 2.10)
@@ -57261,7 +57261,7 @@
NOT-FOR-US: KMPlayer
NOTE: This is http://www.kmplayer.com and not our kmplayer package.
CVE-2011-2593 (Integer overflow in the StartEpa method in the nsepacom ActiveX ...)
- TODO: check
+ NOT-FOR-US: Citrix Access Gateway Enterprise Edition Plug-in
CVE-2011-2592 (Heap-based buffer overflow in the StartEpa method in the nsepacom ...)
NOT-FOR-US: ActiveX control for Citrix Access Gateway
CVE-2011-2591 (Multiple buffer overflows in the Provideo ActiveX controls allow ...)
More information about the Secure-testing-commits
mailing list