[Secure-testing-commits] r28508 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Aug 29 17:10:44 UTC 2014
Author: carnil
Date: 2014-08-29 17:10:44 +0000 (Fri, 29 Aug 2014)
New Revision: 28508
Modified:
data/CVE/list
Log:
Add couple of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-29 10:33:37 UTC (rev 28507)
+++ data/CVE/list 2014-08-29 17:10:44 UTC (rev 28508)
@@ -1,17 +1,17 @@
CVE-2014-5519 [Command Injection]
- phpwiki <removed>
CVE-2014-5458 (SQL injection vulnerability in sqrl_verify.php in php-sqrl allows ...)
- TODO: check
+ NOT-FOR-US: php-sqrl
CVE-2014-5457 (QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2014-5456 (Cross-site scripting (XSS) vulnerability in the Social Stats module ...)
TODO: check
CVE-2014-5455 (Unquoted Windows search path vulnerability in the ptservice service in ...)
- TODO: check
+ NOT-FOR-US: PrivateTunnel as bundled in OpenVPN
CVE-2014-5454 (Unrestricted file upload vulnerability in the image upload module in ...)
- TODO: check
+ NOT-FOR-US: SAS Visual Analytics
CVE-2014-5453 (Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: ...)
- TODO: check
+ NOT-FOR-US: Ubisoft Uplay PC
CVE-2014-5452
RESERVED
CVE-2014-5451
@@ -115,7 +115,7 @@
CVE-2014-5397
RESERVED
CVE-2014-5396 (The web interface in Schrack Technik microControl with firmware before ...)
- TODO: check
+ NOT-FOR-US: Schrack Technik microControl
CVE-2014-5395
RESERVED
CVE-2014-5394
@@ -139,7 +139,7 @@
CVE-2014-5384 (The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 ...)
TODO: check
CVE-2014-5383 (SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows ...)
- TODO: check
+ NOT-FOR-US: AlienVault OSSIM
CVE-2010-5303 (Cross-site scripting (XSS) vulnerability in the displayError function ...)
TODO: check
CVE-2010-5302 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...)
@@ -288,7 +288,7 @@
CVE-2014-5337
RESERVED
CVE-2014-5335 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: innovaphone PBX
CVE-2014-5334
RESERVED
CVE-2014-5332
@@ -440,7 +440,7 @@
CVE-2014-5248 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows ...)
NOT-FOR-US: MyBB
CVE-2014-5246 (The Shenzhen Tenda Technology Tenda A5s router with firmware ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Tenda Technology Tenda A5s router
CVE-2014-5245
RESERVED
CVE-2014-5244
@@ -638,7 +638,7 @@
CVE-2014-5211
RESERVED
CVE-2014-5210 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows ...)
- TODO: check
+ NOT-FOR-US: AlienVault OSSIM
CVE-2014-5209
RESERVED
CVE-2014-5208
@@ -811,9 +811,9 @@
CVE-2014-5160 (** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe ...)
NOT-FOR-US: HP Data Protector
CVE-2014-5159 (SQL injection vulnerability in the ossim-framework service in ...)
- TODO: check
+ NOT-FOR-US: AlienVault OSSIM
CVE-2014-5158 (The (1) av-centerd SOAP service and (2) backup command in the ...)
- TODO: check
+ NOT-FOR-US: AlienVault OSSIM
CVE-2014-5157
REJECTED
CVE-2014-5156
@@ -946,7 +946,7 @@
CVE-2014-5098
RESERVED
CVE-2014-5097 (Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR ...)
- TODO: check
+ NOT-FOR-US: ArticleFR
CVE-2014-5096
RESERVED
CVE-2014-5095
@@ -3107,7 +3107,7 @@
CVE-2014-4198
RESERVED
CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS ...)
- TODO: check
+ NOT-FOR-US: Bank Soft Systems
CVE-2014-4196
RESERVED
CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in zero_view_article.php in ...)
@@ -5061,7 +5061,7 @@
CVE-2014-3437
RESERVED
CVE-2014-3436 (Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2014-3435
RESERVED
CVE-2014-3434 (Buffer overflow in the sysplant driver in Symantec Endpoint Protection ...)
@@ -5252,7 +5252,7 @@
CVE-2014-3336 (SQL injection vulnerability in the web framework in Cisco Unity ...)
NOT-FOR-US: Cisco
CVE-2014-3335 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3334
RESERVED
CVE-2014-3333 (The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote ...)
@@ -5919,7 +5919,7 @@
CVE-2014-3071 (Cross-site scripting (XSS) vulnerability in the Data Quality Console ...)
NOT-FOR-US: IBM InfoSphere
CVE-2014-3070 (The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-3069 (Multiple CRLF injection vulnerabilities in the Universal Access ...)
NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-3068
@@ -5979,7 +5979,7 @@
CVE-2014-3041
RESERVED
CVE-2014-3040 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3039
RESERVED
CVE-2014-3038 (IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop ...)
@@ -8187,7 +8187,7 @@
CVE-2014-2217
RESERVED
CVE-2014-2216 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2014-2215
RESERVED
CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal ...)
@@ -13055,7 +13055,7 @@
CVE-2013-7145
RESERVED
CVE-2013-7144 (LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X ...)
- TODO: check
+ NOT-FOR-US: LINE
CVE-2013-7143 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
- open-xchange <itp> (bug #269329)
CVE-2013-7142 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
More information about the Secure-testing-commits
mailing list