[Secure-testing-commits] r28508 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Aug 29 17:10:44 UTC 2014


Author: carnil
Date: 2014-08-29 17:10:44 +0000 (Fri, 29 Aug 2014)
New Revision: 28508

Modified:
   data/CVE/list
Log:
Add couple of NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-08-29 10:33:37 UTC (rev 28507)
+++ data/CVE/list	2014-08-29 17:10:44 UTC (rev 28508)
@@ -1,17 +1,17 @@
 CVE-2014-5519 [Command Injection]
 	- phpwiki <removed>
 CVE-2014-5458 (SQL injection vulnerability in sqrl_verify.php in php-sqrl allows ...)
-	TODO: check
+	NOT-FOR-US: php-sqrl
 CVE-2014-5457 (QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2014-5456 (Cross-site scripting (XSS) vulnerability in the Social Stats module ...)
 	TODO: check
 CVE-2014-5455 (Unquoted Windows search path vulnerability in the ptservice service in ...)
-	TODO: check
+	NOT-FOR-US: PrivateTunnel as bundled in OpenVPN
 CVE-2014-5454 (Unrestricted file upload vulnerability in the image upload module in ...)
-	TODO: check
+	NOT-FOR-US: SAS Visual Analytics
 CVE-2014-5453 (Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: ...)
-	TODO: check
+	NOT-FOR-US: Ubisoft Uplay PC
 CVE-2014-5452
 	RESERVED
 CVE-2014-5451
@@ -115,7 +115,7 @@
 CVE-2014-5397
 	RESERVED
 CVE-2014-5396 (The web interface in Schrack Technik microControl with firmware before ...)
-	TODO: check
+	NOT-FOR-US: Schrack Technik microControl
 CVE-2014-5395
 	RESERVED
 CVE-2014-5394
@@ -139,7 +139,7 @@
 CVE-2014-5384 (The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 ...)
 	TODO: check
 CVE-2014-5383 (SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows ...)
-	TODO: check
+	NOT-FOR-US: AlienVault OSSIM
 CVE-2010-5303 (Cross-site scripting (XSS) vulnerability in the displayError function ...)
 	TODO: check
 CVE-2010-5302 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...)
@@ -288,7 +288,7 @@
 CVE-2014-5337
 	RESERVED
 CVE-2014-5335 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: innovaphone PBX
 CVE-2014-5334
 	RESERVED
 CVE-2014-5332
@@ -440,7 +440,7 @@
 CVE-2014-5248 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows ...)
 	NOT-FOR-US: MyBB
 CVE-2014-5246 (The Shenzhen Tenda Technology Tenda A5s router with firmware ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Tenda Technology Tenda A5s router
 CVE-2014-5245
 	RESERVED
 CVE-2014-5244
@@ -638,7 +638,7 @@
 CVE-2014-5211
 	RESERVED
 CVE-2014-5210 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows ...)
-	TODO: check
+	NOT-FOR-US: AlienVault OSSIM
 CVE-2014-5209
 	RESERVED
 CVE-2014-5208
@@ -811,9 +811,9 @@
 CVE-2014-5160 (** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe ...)
 	NOT-FOR-US: HP Data Protector
 CVE-2014-5159 (SQL injection vulnerability in the ossim-framework service in ...)
-	TODO: check
+	NOT-FOR-US: AlienVault OSSIM
 CVE-2014-5158 (The (1) av-centerd SOAP service and (2) backup command in the ...)
-	TODO: check
+	NOT-FOR-US: AlienVault OSSIM
 CVE-2014-5157
 	REJECTED
 CVE-2014-5156
@@ -946,7 +946,7 @@
 CVE-2014-5098
 	RESERVED
 CVE-2014-5097 (Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR ...)
-	TODO: check
+	NOT-FOR-US: ArticleFR
 CVE-2014-5096
 	RESERVED
 CVE-2014-5095
@@ -3107,7 +3107,7 @@
 CVE-2014-4198
 	RESERVED
 CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS ...)
-	TODO: check
+	NOT-FOR-US: Bank Soft Systems
 CVE-2014-4196
 	RESERVED
 CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in zero_view_article.php in ...)
@@ -5061,7 +5061,7 @@
 CVE-2014-3437
 	RESERVED
 CVE-2014-3436 (Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2014-3435
 	RESERVED
 CVE-2014-3434 (Buffer overflow in the sysplant driver in Symantec Endpoint Protection ...)
@@ -5252,7 +5252,7 @@
 CVE-2014-3336 (SQL injection vulnerability in the web framework in Cisco Unity ...)
 	NOT-FOR-US: Cisco
 CVE-2014-3335 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2014-3334
 	RESERVED
 CVE-2014-3333 (The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote ...)
@@ -5919,7 +5919,7 @@
 CVE-2014-3071 (Cross-site scripting (XSS) vulnerability in the Data Quality Console ...)
 	NOT-FOR-US: IBM InfoSphere
 CVE-2014-3070 (The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2014-3069 (Multiple CRLF injection vulnerabilities in the Universal Access ...)
 	NOT-FOR-US: IBM Curam Social Program Management
 CVE-2014-3068
@@ -5979,7 +5979,7 @@
 CVE-2014-3041
 	RESERVED
 CVE-2014-3040 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2014-3039
 	RESERVED
 CVE-2014-3038 (IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop ...)
@@ -8187,7 +8187,7 @@
 CVE-2014-2217
 	RESERVED
 CVE-2014-2216 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiOS
 CVE-2014-2215
 	RESERVED
 CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal ...)
@@ -13055,7 +13055,7 @@
 CVE-2013-7145
 	RESERVED
 CVE-2013-7144 (LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X ...)
-	TODO: check
+	NOT-FOR-US: LINE
 CVE-2013-7143 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
 	- open-xchange <itp> (bug #269329)
 CVE-2013-7142 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)




More information about the Secure-testing-commits mailing list