[Secure-testing-commits] r30534 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 4 12:20:33 UTC 2014
Author: carnil
Date: 2014-12-04 12:20:33 +0000 (Thu, 04 Dec 2014)
New Revision: 30534
Modified:
data/CVE/list
Log:
Process couple of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-04 11:18:40 UTC (rev 30533)
+++ data/CVE/list 2014-12-04 12:20:33 UTC (rev 30534)
@@ -180,17 +180,17 @@
CVE-2014-9158
RESERVED
CVE-2014-9155 (Directory traversal vulnerability in the Avatar Uploader module ...)
- TODO: check
+ NOT-FOR-US: Avatar Uploader module for Drupal
CVE-2014-9154 (The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly ...)
- TODO: check
+ NOT-FOR-US: Notify module for Drupal
CVE-2014-9153 (Cross-site scripting (XSS) vulnerability in the Services module ...)
- TODO: check
+ NOT-FOR-US: Services module for Drupal
CVE-2014-9152 (The _user_resource_create function in the Services module 7.x-3.x ...)
- TODO: check
+ NOT-FOR-US: Services module for Drupal
CVE-2014-9151 (The Services module 7.x-3.x before 7.x-3.10 for Drupal does not ...)
- TODO: check
+ NOT-FOR-US: Services module for Drupal
CVE-2014-9150 (Race condition in the MoveFileEx call hook feature in Adobe Reader and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2014-9149
RESERVED
CVE-2014-9148
@@ -271,13 +271,13 @@
CVE-2014-9105
RESERVED
CVE-2014-9104 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Desktop Client in OpenVPN Access Server
CVE-2014-9103 (Multiple cross-site scripting (XSS) vulnerabilities in the Kunena ...)
- TODO: check
+ NOT-FOR-US: Kunena component for Joomla!
CVE-2014-9102 (Multiple SQL injection vulnerabilities in the Kunena component before ...)
- TODO: check
+ NOT-FOR-US: Kunena component for Joomla!
CVE-2014-9101 (Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 ...)
- TODO: check
+ NOT-FOR-US: Oxwall and SkaDate Lite
CVE-2014-9100 (Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense ...)
NOT-FOR-US: WhyDoWork AdSense plugin for WordPress
CVE-2014-9099 (Cross-site request forgery (CSRF) vulnerability in the WhyDoWork ...)
@@ -287,9 +287,9 @@
CVE-2014-9097 (Multiple SQL injection vulnerabilities in the Apptha WordPress Video ...)
TODO: check
CVE-2014-9096 (Multiple SQL injection vulnerabilities in recover.php in Pligg CMS ...)
- TODO: check
+ NOT-FOR-US: Pligg
CVE-2014-9095 (Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and ...)
- TODO: check
+ NOT-FOR-US: Raritan Power IQ
CVE-2014-9094 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Digital Zoom Studio (DZS) Video Gallery plugin for WordPress
CVE-2014-9088
@@ -387,23 +387,23 @@
CVE-2014-9029
RESERVED
CVE-2014-9027 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ...)
- TODO: check
+ NOT-FOR-US: ZTE ZXDSL 831CII
CVE-2014-9026 (The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not ...)
- TODO: check
+ NOT-FOR-US: Ubercart module for Drupal
CVE-2014-9025 (The default checkout completion rule in the commerce_order module in ...)
- TODO: check
+ NOT-FOR-US: Drupal Commerce module for Drupal
CVE-2014-9024 (The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows ...)
- TODO: check
+ NOT-FOR-US: Protected Pages module for Drupal
CVE-2014-9023 (The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly ...)
- TODO: check
+ NOT-FOR-US: Twilio module for Drupal
CVE-2014-9022 (The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x ...)
- TODO: check
+ NOT-FOR-US: Webform Component Roles module for Drupal
CVE-2014-9021 (Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 ...)
- TODO: check
+ NOT-FOR-US: ZTE ZXDSL 831
CVE-2014-9020 (Cross-site scripting (XSS) vulnerability in the Quick Stats page ...)
- TODO: check
+ NOT-FOR-US: ZTE ZXDSL 831 and 831CII
CVE-2014-9019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ...)
- TODO: check
+ NOT-FOR-US: ZTE ZXDSL 831CII
CVE-2014-9017
RESERVED
CVE-2012-6683
@@ -1705,11 +1705,11 @@
CVE-2014-8802
RESERVED
CVE-2014-8801 (Directory traversal vulnerability in services/getfile.php in the Paid ...)
- TODO: check
+ NOT-FOR-US: Paid Memberships Pro plugin for WordPress
CVE-2014-8800
RESERVED
CVE-2014-8799 (Directory traversal vulnerability in the dp_img_resize function in ...)
- TODO: check
+ NOT-FOR-US: dp_img_resize function in php/dp-functions.php in the DukaPress plugin for WordPress
CVE-2014-8798
RESERVED
CVE-2014-8797
@@ -1918,7 +1918,7 @@
CVE-2014-8682 (Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) ...)
NOT-FOR-US: Go Git Service
CVE-2014-8681 (SQL injection vulnerability in the GetIssues function in ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2014-8680
RESERVED
CVE-2014-8679
@@ -2269,9 +2269,9 @@
CVE-2014-8553
RESERVED
CVE-2014-8552 (The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-8551 (The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-8550
RESERVED
CVE-2014-8549 (libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the ...)
@@ -2684,19 +2684,19 @@
CVE-2014-8426
RESERVED
CVE-2014-8425 (The management portal in ARRIS VAP2500 before FW08.41 allows remote ...)
- TODO: check
+ NOT-FOR-US: Management portal in ARRIS VAP2500
CVE-2014-8424 (ARRIS VAP2500 before FW08.41 does not properly validate passwords, ...)
- TODO: check
+ NOT-FOR-US: ARRIS VAP2500
CVE-2014-8423 (Unspecified vulnerability in the management portal in ARRIS VAP2500 ...)
- TODO: check
+ NOT-FOR-US: ARRIS VAP2500
CVE-2014-8422
RESERVED
CVE-2014-8421
RESERVED
CVE-2014-8420 (The ViewPoint web application in Dell SonicWALL Global Management ...)
- TODO: check
+ NOT-FOR-US: Dell SonicWALL
CVE-2014-8419 (Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read ...)
- TODO: check
+ NOT-FOR-US: Wibu-Systems CodeMeter Runtime
CVE-2014-8418 (The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, ...)
- asterisk <unfixed> (bug #771463)
[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
@@ -2827,9 +2827,9 @@
NOTE: Introduced by http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
NOTE: Fixed by: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
CVE-2014-8368 (The web interface in Aruba Networks AirWave before 7.7.14 and 8.x ...)
- TODO: check
+ NOT-FOR-US: Aruba Networks AirWave
CVE-2014-8367 (SQL injection vulnerability in Aruba Networks ClearPass Policy Manager ...)
- TODO: check
+ NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2014-8366 (SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote ...)
NOT-FOR-US: openSIS
CVE-2014-8365 (Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact ...)
@@ -3677,17 +3677,17 @@
CVE-2014-8006
RESERVED
CVE-2014-8005 (Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8004 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8003
RESERVED
CVE-2014-8002 (Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8001 (Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8000 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-7999
RESERVED
CVE-2014-7998 (Cisco IOS on Aironet access points, when "dot11 aaa authenticator" ...)
@@ -3695,7 +3695,7 @@
CVE-2014-7997 (The DHCP implementation in Cisco IOS on Aironet access points does not ...)
NOT-FOR-US: Cisco IOS
CVE-2014-7996 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-7995
RESERVED
CVE-2014-7994
More information about the Secure-testing-commits
mailing list