[Secure-testing-commits] r30788 - data/CVE
Michael Gilbert
mgilbert at moszumanska.debian.org
Wed Dec 17 02:37:27 UTC 2014
Author: mgilbert
Date: 2014-12-17 02:37:27 +0000 (Wed, 17 Dec 2014)
New Revision: 30788
Modified:
data/CVE/list
Log:
nfus
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-16 21:10:16 UTC (rev 30787)
+++ data/CVE/list 2014-12-17 02:37:27 UTC (rev 30788)
@@ -17,15 +17,15 @@
[wheezy] - freetype <not-affected> (introduced in freetype 2.5)
[squeeze] - freetype <not-affected> (introduced in freetype 2.5)
CVE-2014-9364 (Cross-site scripting (XSS) vulnerability in the Unified Login form in ...)
- TODO: check
+ NOT-FOR-US: LoginToboggan Drupal Module
CVE-2014-9363 (Open redirect vulnerability in the path-based meta tag editing form in ...)
- TODO: check
+ NOT-FOR-US: Meta tags quick Drupal Module
CVE-2014-9362 (Cross-site scripting (XSS) vulnerability in the path-based meta tag ...)
- TODO: check
+ NOT-FOR-US: Meta tags quick Drupal module
CVE-2014-9361 (The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not ...)
- TODO: check
+ NOT-FOR-US: LoginToboggan Drupal Module
CVE-2014-9360 (XML external entity (XXE) vulnerability in Scalix Web Access ...)
- TODO: check
+ NOT-FOR-US: Scalix Web Access
CVE-2014-9359
RESERVED
CVE-2014-9358 [Path traversal and spoofing opportunities presented through image identifiers]
@@ -44,25 +44,25 @@
CVE-2014-9353
RESERVED
CVE-2014-9352 (Cross-site scripting (XSS) vulnerability in the mail administration ...)
- TODO: check
+ NOT-FOR-US: Scalix Web Access
CVE-2014-9350 (TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build ...)
- TODO: check
+ NOT-FOR-US: TP-Link Router
CVE-2014-9349 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: RobotStats
CVE-2014-9348 (SQL injection vulnerability in the formulaireRobot function in ...)
- TODO: check
+ NOT-FOR-US: RobotStats
CVE-2014-9347 (SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 ...)
- TODO: check
+ NOT-FOR-US: phpMyRecipes
CVE-2014-9346 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Hierarchical Select Drupal Module
CVE-2014-9345 (SQL injection vulnerability in Guruperl.net Advertise With Pleasure! ...)
- TODO: check
+ NOT-FOR-US: AWP PRO
CVE-2014-9344 (Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before ...)
- TODO: check
+ NOT-FOR-US: Snowfox CMS
CVE-2014-9343 (Open redirect vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Snowfox CMS
CVE-2014-9342 (Cross-site scripting (XSS) vulnerability in the tree view ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2014-9341
RESERVED
CVE-2014-9340
@@ -151,17 +151,17 @@
CVE-2014-9306
RESERVED
CVE-2014-9305 (SQL injection vulnerability in the shortcodeProductsTable function in ...)
- TODO: check
+ NOT-FOR-US: shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin for WordPress
CVE-2014-9304 (Plex Media Server before 0.9.9.3 allows remote attackers to bypass the ...)
TODO: check
CVE-2014-9303 (EntryPass N5200 Active Network Control Panel allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: EntryPass
CVE-2014-9302 (Server-side request forgery (SSRF) vulnerability in the cmisbrowser ...)
- TODO: check
+ NOT-FOR-US: Alfresco Community Edition
CVE-2014-9301 (Server-side request forgery (SSRF) vulnerability in the proxy servlet ...)
- TODO: check
+ NOT-FOR-US: Alfreso Community Edition
CVE-2014-9300 (Cross-site request forgery (CSRF) vulnerability in the cmisbrowser ...)
- TODO: check
+ NOT-FOR-US: Alfreso Community Edition
CVE-2014-9299
RESERVED
CVE-2014-9374
@@ -190,7 +190,7 @@
CVE-2014-9293
RESERVED
CVE-2014-9292 (Server-side request forgery (SSRF) vulnerability in proxy.php in the ...)
- TODO: check
+ NOT-FOR-US: jRSS WordPress Plugin
CVE-2014-9291
RESERVED
CVE-2014-9290
@@ -212,17 +212,17 @@
CVE-2014-9282
RESERVED
CVE-2014-9268 (The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) ...)
- TODO: check
+ NOT-FOR-US: Autodesk Design Review
CVE-2014-9267 (Heap-based buffer overflow in the PTC IsoView ActiveX control allows ...)
- TODO: check
+ NOT-FOR-US: PTC IsoView
CVE-2014-9266 (The STWConfig ActiveX control in Samsung SmartViewer does not properly ...)
- TODO: check
+ NOT-FOR-US: Samsung SmartViewer
CVE-2014-9265 (Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ...)
- TODO: check
+ NOT-FOR-US: Samsung SmartViewer
CVE-2014-9264
RESERVED
CVE-2014-9263 (Multiple buffer overflows in the ...)
- TODO: check
+ NOT-FOR-US: 3S Pocketnet Tech VMS
CVE-2014-9262
RESERVED
CVE-2014-9261
@@ -265,25 +265,25 @@
CVE-2014-9244
RESERVED
CVE-2014-9243 (Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker ...)
- TODO: check
+ NOT-FOR-US: WebsiteBaker
CVE-2014-9242 (SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker ...)
- TODO: check
+ NOT-FOR-US: WebsiteBaker
CVE-2014-9241 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2014-9240 (SQL injection vulnerability in member.php in MyBB (aka ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2014-9239 (SQL injection vulnerability in the IPS Connect service ...)
- TODO: check
+ NOT-FOR-US: Invision Power Board
CVE-2014-9238 (D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: D-link DCS-2103
CVE-2014-9237 (SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Proticaret E-Commerce
CVE-2014-9236 (Cross-site scripting (XSS) vulnerability in php/edit_photos.php in ...)
- TODO: check
+ NOT-FOR-US: Zoph Organizes Photos
CVE-2014-9235 (Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes ...)
- TODO: check
+ NOT-FOR-US: Zoph Organizes Photos
CVE-2014-9234 (Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link ...)
- TODO: check
+ NOT-FOR-US: D-link DCS-2103
CVE-2014-9233
RESERVED
CVE-2014-9232
@@ -315,13 +315,13 @@
CVE-2014-9216
RESERVED
CVE-2014-9215 (SQL injection vulnerability in the CheckEmail function in ...)
- TODO: check
+ NOT-FOR-US: PBBoard
CVE-2014-9214
RESERVED
CVE-2014-9213
RESERVED
CVE-2014-9212 (Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent ...)
- TODO: check
+ NOT-FOR-US: Altitude uAgent
CVE-2014-9211
RESERVED
CVE-2014-9210
@@ -377,29 +377,29 @@
CVE-2014-9185
RESERVED
CVE-2014-9184 (ZTE ZXDSL 831CII allows remote attackers to bypass authentication via ...)
- TODO: check
+ NOT-FOR-US: ZTE ZXDSL Modem
CVE-2014-9183 (ZTE ZXDSL 831CII has a default password of admin for the admin ...)
- TODO: check
+ NOT-FOR-US: ZTE ZDSL Modem
CVE-2014-9182 (models/comment.php in Anchor CMS 0.9.2 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Anchor CMS
CVE-2014-9181 (Multiple directory traversal vulnerabilities in Plex Media Server ...)
TODO: check
CVE-2014-9180 (Open redirect vulnerability in go.php in Eleanor CMS allows remote ...)
- TODO: check
+ NOT-FOR-US: Eleanor CMS
CVE-2014-9179 (Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket ...)
- TODO: check
+ NOT-FOR-US: SupportEzzy Ticket System plugin for WordPress
CVE-2014-9178 (Multiple SQL injection vulnerabilities in classes/ajax.php in the ...)
- TODO: check
+ NOT-FOR-US: Smarty Pants Plugin
CVE-2014-9177 (The HTML5 MP3 Player with Playlist Free plugin before 2.7 for ...)
- TODO: check
+ NOT-FOR-US: Playlist Free WordPress Plugin
CVE-2014-9176 (Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy ...)
- TODO: check
+ NOT-FOR-US: InstaSqueeze Sexy Squeeze Pages plugin for WordPress
CVE-2014-9175 (SQL injection vulnerability in wpdatatables.php in the wpDataTables ...)
- TODO: check
+ NOT-FOR-US: wpDataTables WordPress Plugin
CVE-2014-9174 (Cross-site scripting (XSS) vulnerability in the Google Analytics by ...)
- TODO: check
+ NOT-FOR-US: Google Analytics by Yoast (google-analytics-for-wordpress) plugin for WordPress
CVE-2014-9173 (SQL injection vulnerability in view.php in the Google Doc Embedder ...)
- TODO: check
+ NOT-FOR-US: Google Doc Embedder plugin for WordPress
CVE-2014-XXXX [buffer overflow in mpfr_strtofr]
- mpfr4 3.1.2-2 (bug #772008)
NOTE: https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9243
@@ -620,7 +620,7 @@
CVE-2014-9142 (Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 ...)
NOT-FOR-US: Technicolor routers
CVE-2014-9141 (The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier ...)
- TODO: check
+ NOT-FOR-US: Thomson Reuters Fixed Assets
CVE-2014-9139
RESERVED
CVE-2014-9138
@@ -632,7 +632,7 @@
CVE-2014-9135
RESERVED
CVE-2014-9134 (Unrestricted file upload vulnerability in Huawei Honor Cube Wireless ...)
- TODO: check
+ NOT-FOR-US: Huawei Wireless Router
CVE-2014-9133
RESERVED
CVE-2014-9132
@@ -664,7 +664,7 @@
CVE-2014-9115
RESERVED
CVE-2014-9113 (CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 ...)
- TODO: check
+ NOT-FOR-US: PFX Engagement
CVE-2014-9111
RESERVED
CVE-2014-9110
@@ -692,9 +692,9 @@
CVE-2014-9099 (Cross-site request forgery (CSRF) vulnerability in the WhyDoWork ...)
NOT-FOR-US: WhyDoWork AdSense plugin for WordPress
CVE-2014-9098 (Multiple cross-site scripting (XSS) vulnerabilities in the Apptha ...)
- TODO: check
+ NOT-FOR-US: Apptha WordPress Plugin
CVE-2014-9097 (Multiple SQL injection vulnerabilities in the Apptha WordPress Video ...)
- TODO: check
+ NOT-FOR-US: Apptha WordPress Plugin
CVE-2014-9096 (Multiple SQL injection vulnerabilities in recover.php in Pligg CMS ...)
NOT-FOR-US: Pligg
CVE-2014-9095 (Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and ...)
@@ -1102,7 +1102,7 @@
CVE-2014-8997 (Unrestricted file upload vulnerability in the Photo functionality in ...)
NOT-FOR-US: DigitalVidhya Digi Online Examination System
CVE-2014-8996 (Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog ...)
- TODO: check
+ NOT-FOR-US: Nibbleblog
CVE-2014-8995 (SQL injection vulnerability in Maarch LetterBox 2.8 allows remote ...)
NOT-FOR-US: Maarch LetterBox
CVE-2014-8993
@@ -1980,7 +1980,7 @@
CVE-2014-8878
RESERVED
CVE-2014-8877 (The alterSearchQuery function in ...)
- TODO: check
+ NOT-FOR-US: CreativeMinds CM Downloads Manager plugin for WordPress
CVE-2014-8876
RESERVED
CVE-2014-8875
@@ -2136,7 +2136,7 @@
CVE-2014-8801 (Directory traversal vulnerability in services/getfile.php in the Paid ...)
NOT-FOR-US: Paid Memberships Pro plugin for WordPress
CVE-2014-8800 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Nextend Facebook Connect plugin for WordPress
CVE-2014-8799 (Directory traversal vulnerability in the dp_img_resize function in ...)
NOT-FOR-US: dp_img_resize function in php/dp-functions.php in the DukaPress plugin for WordPress
CVE-2014-8798
@@ -2158,9 +2158,9 @@
CVE-2014-8790
RESERVED
CVE-2014-8789 (GleamTech FileVista before 6.1 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: GleamTech FileVista
CVE-2014-8788 (GleamTech FileVista before 6.1 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: GleamTech FileVista
CVE-2014-8787
RESERVED
CVE-2014-8786
@@ -2192,9 +2192,9 @@
CVE-2014-8773 (MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass ...)
NOT-FOR-US: MODx Revolution
CVE-2014-8772 (Cross-site scripting (XSS) vulnerability in the search_controller in ...)
- TODO: check
+ NOT-FOR-US: X3 CMS
CVE-2014-8771 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: X3 CMS
CVE-2014-8770 (Unrestricted file upload vulnerability in magmi/web/magmi.php in the ...)
NOT-FOR-US: Magento
CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 ...)
@@ -2269,7 +2269,7 @@
CVE-2014-8729
RESERVED
CVE-2014-8728 (SQL injection vulnerability in the login page (login/login) in Subex ...)
- TODO: check
+ NOT-FOR-US: Subex
CVE-2014-8727 (Multiple directory traversal vulnerabilities in F5 BIG-IP before ...)
NOT-FOR-US: F5 BIG-IP
CVE-2014-8726
@@ -2356,7 +2356,7 @@
CVE-2014-8679
RESERVED
CVE-2014-8678 (The ConfigSaveServlet servlet in ManageEngine OpUtils before build ...)
- TODO: check
+ NOT-FOR-US: ManageEngine OpUtils
CVE-2014-8677
RESERVED
CVE-2014-8676
@@ -2761,7 +2761,7 @@
- libav <unfixed>
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 ...)
- TODO: check
+ NOT-FOR-US: Simple Email
CVE-2013-7409 (Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote ...)
NOT-FOR-US: ALLPlayer
CVE-2014-8651 (The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and ...)
@@ -2887,7 +2887,7 @@
CVE-2014-8497
RESERVED
CVE-2014-8496 (Digicom DG-5514T ADSL router with firmware 3.2 generates predictable ...)
- TODO: check
+ NOT-FOR-US: Digicom Router
CVE-2014-8495 (Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 ...)
NOT-FOR-US: Citrix XenMobile MDX Toolkit
CVE-2014-8494 (ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) ...)
@@ -3114,7 +3114,7 @@
CVE-2014-8430
RESERVED
CVE-2014-8429 (Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats ...)
- TODO: check
+ NOT-FOR-US: xEpan CMS
CVE-2014-8428
RESERVED
CVE-2014-8427
@@ -4164,9 +4164,9 @@
CVE-2014-8011
RESERVED
CVE-2014-8010 (The web framework in Cisco Unified Communications Domain Manager 8 ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-8009 (The Management subsystem in Cisco Unified Computing System 2.1(3f) and ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Computing System
CVE-2014-8008
RESERVED
CVE-2014-8007
@@ -4178,7 +4178,7 @@
CVE-2014-8004 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Cisco
CVE-2014-8003 (Cisco Integrated Management Controller in Cisco Unified Computing ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Computing System
CVE-2014-8002 (Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 ...)
NOT-FOR-US: Cisco
CVE-2014-8001 (Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier ...)
@@ -4459,11 +4459,11 @@
CVE-2014-7869 (Cross-site scripting (XSS) vulnerability in the configuration UI in ...)
NOT-FOR-US: Drupal module Context Form Alteration
CVE-2014-7868 (Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager ...)
- TODO: check
+ NOT-FOR-US: ZOHO
CVE-2014-7867 (SQL injection vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: ZOHO
CVE-2014-7866 (Multiple directory traversal vulnerabilities in ZOHO ManageEngine ...)
- TODO: check
+ NOT-FOR-US: ZOHO
CVE-2014-7865
RESERVED
CVE-2014-7864
@@ -5732,7 +5732,7 @@
CVE-2014-7291 (Multiple cross-site scripting (XSS) vulnerabilities in api_events.php ...)
TODO: check
CVE-2014-7290 (Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems ...)
- TODO: check
+ NOT-FOR-US: Atlas Systems Aeon
CVE-2014-7289
RESERVED
CVE-2014-7288
@@ -5817,21 +5817,21 @@
CVE-2014-7260
RESERVED
CVE-2014-7259 (SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for ...)
- TODO: check
+ NOT-FOR-US: SQUARE ENIX
CVE-2014-7258 (Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 ...)
- TODO: check
+ NOT-FOR-US: KENT-WEB CLip Board
CVE-2014-7257
RESERVED
CVE-2014-7256 (The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking ...)
- TODO: check
+ NOT-FOR-US: SEIL Routers
CVE-2014-7255 (Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 ...)
- TODO: check
+ NOT-FOR-US: SEIL Routers
CVE-2014-7254 (Unspecified vulnerability in ARROWS Me F-11D allows physically ...)
- TODO: check
+ NOT-FOR-US: Arrows Me
CVE-2014-7253 (FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA ...)
- TODO: check
+ NOT-FOR-US: ARROWS
CVE-2014-7252 (Multiple unspecified vulnerabilities in the Syslink driver for Texas ...)
- TODO: check
+ NOT-FOR-US: ARROWS
CVE-2014-7251 (XML external entity (XXE) vulnerability in the WebHMI server in ...)
NOT-FOR-US: Yokogawa
CVE-2014-7250
@@ -5841,7 +5841,7 @@
CVE-2014-7248 (Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows ...)
NOT-FOR-US: IPA iLogScanner
CVE-2014-7247 (Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; ...)
- TODO: check
+ NOT-FOR-US: JustSystems Ichitaro
CVE-2014-7246 (The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, ...)
NOT-FOR-US: OpenAM (SSO Server)
NOTE: This is not the openam answering machine.
@@ -5850,7 +5850,7 @@
CVE-2014-7244
RESERVED
CVE-2014-7243 (LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not ...)
- TODO: check
+ NOT-FOR-US: LG Routers
CVE-2014-7242
RESERVED
CVE-2014-7241
@@ -6014,9 +6014,9 @@
CVE-2014-7196
RESERVED
CVE-2014-7195 (Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before ...)
- TODO: check
+ NOT-FOR-US: Spotfire Web Player
CVE-2014-7194 (TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2014-7193 [Crumb CORS Token Disclosure]
RESERVED
NOT-FOR-US: Crumb
@@ -7923,13 +7923,13 @@
CVE-2014-6377 (Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before ...)
NOT-FOR-US: Juniper Junos
CVE-2014-6376 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6375 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6374 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6373 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6372
RESERVED
CVE-2014-6371
@@ -7937,35 +7937,35 @@
CVE-2014-6370
RESERVED
CVE-2014-6369 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6368 (Microsoft Internet Explorer 11 allows remote attackers to bypass the ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6367
RESERVED
CVE-2014-6366 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6365 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6364 (Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2014-6363 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6362
RESERVED
CVE-2014-6361 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2014-6360 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2014-6359
RESERVED
CVE-2014-6358
RESERVED
CVE-2014-6357 (Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2014-6356 (Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2014-6355 (The Graphics Component in Microsoft Windows Server 2003 SP2, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsft Windows
CVE-2014-6354
RESERVED
CVE-2014-6353 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
@@ -8003,7 +8003,7 @@
CVE-2014-6337 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6336 (Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6335 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
NOT-FOR-US: Microsoft Office
CVE-2014-6334 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
@@ -8015,19 +8015,19 @@
CVE-2014-6331 (Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and ...)
NOT-FOR-US: Microsoft
CVE-2014-6330 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6329 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6328 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6327 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6326 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6325 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6324 (The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2014-6323 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6322 (The Windows Audio service in Microsoft Windows Vista SP2, Windows ...)
@@ -8037,7 +8037,7 @@
CVE-2014-6320
RESERVED
CVE-2014-6319 (Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6318 (The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in ...)
@@ -8528,7 +8528,7 @@
CVE-2014-6115
RESERVED
CVE-2014-6114 (The Hosted Transparent Decision Service in the Rule Execution Server ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2014-6113
RESERVED
CVE-2014-6112
@@ -8702,11 +8702,11 @@
CVE-2014-6037 (Directory traversal vulnerability in the agentUpload servlet in ZOHO ...)
NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
CVE-2014-6036 (Directory traversal vulnerability in the multipartRequest servlet in ...)
- TODO: check
+ NOT-FOR-US: ZOHO
CVE-2014-6035 (Directory traversal vulnerability in the FileCollector servlet in ZOHO ...)
- TODO: check
+ NOT-FOR-US: ZOHO
CVE-2014-6034 (Directory traversal vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: ZOHO
CVE-2014-6033
REJECTED
NOT-FOR-US: F5 Networks Big-IP
@@ -9841,7 +9841,7 @@
CVE-2014-5463
RESERVED
CVE-2014-5462 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2014-5460 (Unrestricted file upload vulnerability in the Tribulant Slideshow ...)
NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2013-7399
@@ -9917,9 +9917,9 @@
CVE-2014-5451 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: MODX Revolution
CVE-2014-5446 (Directory traversal vulnerability in the DisplayChartPDF servlet in ...)
- TODO: check
+ NOT-FOR-US: ZOHO
CVE-2014-5445 (Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine ...)
- TODO: check
+ NOT-FOR-US: ZOHO
CVE-2014-5444 (Geary before 0.6.3 does not present the user with a warning when a TLS ...)
- geary 0.6.3-1
NOTE: Upstream bugreport: https://bugzilla.gnome.org/show_bug.cgi?id=713247
@@ -9959,7 +9959,7 @@
CVE-2014-5427
RESERVED
CVE-2014-5426 (MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: MatrikonOPC
CVE-2014-5425 (IOServer before Beta2112.exe allows remote attackers to cause a denial ...)
NOT-FOR-US: IOServer
CVE-2014-5424 (Rockwell Automation Connected Components Workbench (CCW) before ...)
@@ -10021,7 +10021,7 @@
CVE-2014-5396 (The web interface in Schrack Technik microControl with firmware before ...)
NOT-FOR-US: Schrack Technik microControl
CVE-2014-5395 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei ...)
- TODO: check
+ NOT-FOR-US: Huawei Routers
CVE-2014-5394
RESERVED
CVE-2014-5393 (Directory traversal vulnerability in the JobScheduler Operations ...)
@@ -10186,7 +10186,7 @@
CVE-2014-5343 (Cross-site scripting (XSS) vulnerability in Feng Office allows remote ...)
NOT-FOR-US: Feng Office
CVE-2014-5342 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows ...)
- TODO: check
+ NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-5341
RESERVED
CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 ...)
@@ -10244,7 +10244,7 @@
CVE-2014-5315 (Cross-site scripting (XSS) vulnerability in the Help page in Adobe ...)
NOT-FOR-US: Adobe
CVE-2014-5314 (Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 ...)
- TODO: check
+ NOT-FOR-US: Cybozu Office
CVE-2014-5313 (Cross-site scripting (XSS) vulnerability in the management page in Six ...)
- movabletype-opensource <undetermined>
CVE-2014-5461 (Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through ...)
@@ -11435,7 +11435,7 @@
CVE-2014-4881 (The PartyTrack library for Android does not verify X.509 certificates ...)
NOT-FOR-US: PartyTrack library for Android
CVE-2014-4880 (Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, ...)
- TODO: check
+ NOT-FOR-US: Hikvision DVR
CVE-2014-4879
RESERVED
CVE-2014-4878
@@ -13551,9 +13551,9 @@
CVE-2014-3998
RESERVED
CVE-2014-3997 (SQL injection vulnerability in the MetadataServlet servlet in ...)
- TODO: check
+ NOT-FOR-US: Password Manager Pro
CVE-2014-3996 (SQL injection vulnerability in the LinkViewFetchServlet servlet in ...)
- TODO: check
+ NOT-FOR-US: Password Manager Pro
CVE-2014-3993
RESERVED
CVE-2014-3992 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow ...)
@@ -13565,7 +13565,7 @@
CVE-2014-3989
RESERVED
CVE-2014-3988 (Cross-site scripting (XSS) vulnerability in index.php in SunHater ...)
- TODO: check
+ NOT-FOR-US: SunHater KCFinder
CVE-2014-3987
RESERVED
CVE-2014-3984 (Multiple unspecified vulnerabilities in Libav before 0.8.12 allow ...)
@@ -15389,7 +15389,7 @@
CVE-2014-3408 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
NOT-FOR-US: Cisco Prime Optical
CVE-2014-3407 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3406 (Race condition in the IP logging feature in Cisco Intrusion Prevention ...)
NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2014-3405 (Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy ...)
@@ -18159,7 +18159,7 @@
- php-dompdf 0.6.1+dfsg-2 (unimportant; bug #745619)
NOTE: requires DOMPDF_ENABLE_REMOTE (disabled by default) to be enabled
CVE-2014-2382 (The DfDiskLo.sys driver in Faronics Deep Freeze Standard and ...)
- TODO: check
+ NOT-FOR-US: Faronics
CVE-2014-2381 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...)
NOT-FOR-US: Schneider Electric
CVE-2014-2380 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...)
@@ -18456,7 +18456,7 @@
CVE-2014-2274
RESERVED
CVE-2014-2273 (The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 ...)
- TODO: check
+ NOT-FOR-US: Huawei Router
CVE-2014-2272
RESERVED
CVE-2014-2271
@@ -18531,9 +18531,9 @@
CVE-2014-2234 (A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier ...)
- openssl <not-affected> (Apple-specific patch)
CVE-2014-2233 (Server-side request forgery (SSRF) vulnerability in the MapAPI in ...)
- TODO: check
+ NOT-FOR-US: Infoware MapSuite
CVE-2014-2232 (Absolute path traversal vulnerability in the MapAPI in Infoware ...)
- TODO: check
+ NOT-FOR-US: Infoware MapSuite
CVE-2014-2231 (Cross-site scripting (XSS) vulnerability in the API in synetics i-doit ...)
NOT-FOR-US: synetics i-doit pro
CVE-2014-2230 (Open redirect vulnerability in the header function in adclick.php in ...)
@@ -36097,7 +36097,7 @@
CVE-2013-2811 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE ...)
NOT-FOR-US: Catapult DNP3 I/O driver
CVE-2013-2810 (Emerson Process Management ROC800 RTU with software 3.50 and earlier, ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2013-2809 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...)
NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2808 (Heap-based buffer overflow in Xper in Philips Xper Information ...)
More information about the Secure-testing-commits
mailing list