[Secure-testing-commits] r30961 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 24 08:11:12 UTC 2014
Author: carnil
Date: 2014-12-24 08:11:12 +0000 (Wed, 24 Dec 2014)
New Revision: 30961
Modified:
data/CVE/list
Log:
Process some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-24 08:10:43 UTC (rev 30960)
+++ data/CVE/list 2014-12-24 08:11:12 UTC (rev 30961)
@@ -385,7 +385,7 @@
CVE-2015-0361
RESERVED
CVE-2014-9412 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access ...)
- TODO: check
+ NOT-FOR-US: NetIQ Access Manager
CVE-2014-9411
RESERVED
CVE-2014-9410
@@ -393,11 +393,11 @@
CVE-2014-9409
RESERVED
CVE-2014-9408 (Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location ...)
- TODO: check
+ NOT-FOR-US: Ekahau Real-Time Location Tracking System
CVE-2014-9407 (Multiple cross-site request forgery (CSRF) vulnerabilities in Revive ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2014-9406 (ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT ...)
- TODO: check
+ NOT-FOR-US: ARRIS Touchstone TG862G/CT Telephony Gateway
CVE-2014-9405
RESERVED
CVE-2014-9404
@@ -430,7 +430,7 @@
- mantis <removed>
NOTE: https://www.mantisbt.org/bugs/view.php?id=17878
CVE-2014-9387 (SAP BussinessObjects Edge 4.1 allows remote attackers to obtain the ...)
- TODO: check
+ NOT-FOR-US: SAP BussinessObjects Edge
CVE-2014-9386 (Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the ...)
- zenoss <itp> (bug #361253)
CVE-2014-9385 (Cross-site request forgery (CSRF) vulnerability in Zenoss Core through ...)
@@ -446,9 +446,9 @@
CVE-2014-9373 (Directory traversal vulnerability in the CollectorConfInfoServlet ...)
TODO: check
CVE-2014-9372 (Directory traversal vulnerability in the UploadAccountActivities ...)
- TODO: check
+ NOT-FOR-US: ManageEngine Password Manager Pro
CVE-2014-9371 (The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 ...)
- TODO: check
+ NOT-FOR-US: ManageEngine Desktop Central MSP
CVE-2014-9370
RESERVED
CVE-2014-9369
@@ -768,7 +768,7 @@
CVE-2014-9265 (Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ...)
NOT-FOR-US: Samsung SmartViewer
CVE-2014-9264 (Stack-based buffer overflow in the .NET Data Provider in SAP SQL ...)
- TODO: check
+ NOT-FOR-US: SAP SQL Anywhere
CVE-2014-9263 (Multiple buffer overflows in the ...)
NOT-FOR-US: 3S Pocketnet Tech VMS
CVE-2014-9262
@@ -917,9 +917,9 @@
CVE-2014-9194
RESERVED
CVE-2014-9193 (Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 ...)
- TODO: check
+ NOT-FOR-US: Innominate mGuard
CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 ...)
- TODO: check
+ NOT-FOR-US: Trihedral Engineering VTScada
CVE-2014-9191
RESERVED
CVE-2014-9190
@@ -933,7 +933,7 @@
CVE-2014-9186
RESERVED
CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 1.05 ...)
- TODO: check
+ NOT-FOR-US: Morfy CMS
CVE-2014-9184 (ZTE ZXDSL 831CII allows remote attackers to bypass authentication via ...)
NOT-FOR-US: ZTE ZXDSL Modem
CVE-2014-9183 (ZTE ZXDSL 831CII has a default password of admin for the admin ...)
@@ -1191,7 +1191,7 @@
CVE-2014-9136
RESERVED
CVE-2014-9135 (The PackageInstaller module in Huawei P7-L10 smartphones before ...)
- TODO: check
+ NOT-FOR-US: PackageInstaller module in Huawei P7-L10
CVE-2014-9134 (Unrestricted file upload vulnerability in Huawei Honor Cube Wireless ...)
NOT-FOR-US: Huawei Wireless Router
CVE-2014-9133
@@ -1676,7 +1676,7 @@
CVE-2014-8993
RESERVED
CVE-2014-8992 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MODX Revolution
CVE-2014-9030 (The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x ...)
- xen 4.4.1-4 (low; bug #770230)
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
@@ -2344,7 +2344,7 @@
CVE-2014-8968
RESERVED
CVE-2014-8967 (Use-after-free vulnerability in Microsoft Internet Explorer allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-8966 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
NOT-FOR-US: Internet Explorer
CVE-2014-8965
@@ -2498,19 +2498,19 @@
CVE-2014-8903
RESERVED
CVE-2014-8902 (Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Portal
CVE-2014-8901 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8900
RESERVED
CVE-2014-8899 (Cross-site scripting (XSS) vulnerability in the Collaboration Server ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8898 (Cross-site scripting (XSS) vulnerability in the Collaboration Server ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8897 (Cross-site scripting (XSS) vulnerability in the Collaboration Server ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8896 (The Collaboration Server in IBM InfoSphere Master Data Management ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8895
RESERVED
CVE-2014-8894
@@ -2522,7 +2522,7 @@
CVE-2014-8891
RESERVED
CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8889
RESERVED
CVE-2014-8888
@@ -3822,7 +3822,7 @@
CVE-2014-8374
RESERVED
CVE-2014-8373 (The VMware Remote Console (VMRC) function in VMware vCloud Automation ...)
- TODO: check
+ NOT-FOR-US: VMware vCloud Automation Center
CVE-2014-8372 (AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote ...)
NOT-FOR-US: VMware AirWatch
CVE-2014-8371 (VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before ...)
@@ -4169,11 +4169,11 @@
CVE-2014-8249
RESERVED
CVE-2014-8248 (SQL injection vulnerability in CA Release Automation (formerly iTKO ...)
- TODO: check
+ NOT-FOR-US: CA Release Automation
CVE-2014-8247 (Cross-site scripting (XSS) vulnerability in CA Release Automation ...)
- TODO: check
+ NOT-FOR-US: CA Release Automation
CVE-2014-8246 (Cross-site request forgery (CSRF) vulnerability in CA Release ...)
- TODO: check
+ NOT-FOR-US: CA Release Automation
CVE-2014-8245
RESERVED
CVE-2014-8244 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before ...)
@@ -4712,11 +4712,11 @@
CVE-2014-8027
RESERVED
CVE-2014-8026 (Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8025 (The API in the Guest Server in Cisco Jabber, when HTML5 is used, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8024 (The API in the Guest Server in Cisco Jabber, when the HTML5 CORS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8023
RESERVED
CVE-2014-8022
@@ -4726,21 +4726,21 @@
CVE-2014-8020
RESERVED
CVE-2014-8019 (Directory traversal vulnerability in Cisco Enterprise Content Delivery ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8018 (Multiple cross-site scripting (XSS) vulnerabilities in Business Voice ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8017 (The periodic-backup feature in Cisco Identity Services Engine (ISE) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8016 (The Cisco IronPort Email Security Appliance (ESA) allows remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8015 (The Sponsor Portal in Cisco Identity Services Engine (ISE) allows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8014 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8013
RESERVED
CVE-2014-8012 (Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8011
RESERVED
CVE-2014-8010 (The web framework in Cisco Unified Communications Domain Manager 8 ...)
@@ -4750,9 +4750,9 @@
CVE-2014-8008
RESERVED
CVE-2014-8007 (Cisco Prime Infrastructure allows remote authenticated users to read ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8006 (The Disaster Recovery (DRA) feature on the Cisco ISB8320-E ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8005 (Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier ...)
NOT-FOR-US: Cisco
CVE-2014-8004 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
@@ -5015,7 +5015,7 @@
CVE-2014-7881
RESERVED
CVE-2014-7880 (Multiple unspecified vulnerabilities in the POP implementation in HP ...)
- TODO: check
+ NOT-FOR-US: HP OpenVMS TCP/IP
CVE-2014-7879 (HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration ...)
NOT-FOR-US: HP-UX
CVE-2014-7878 (The Application Lifecycle Service (ALS) in HP Helion Cloud Development ...)
@@ -6318,9 +6318,9 @@
CVE-2014-7287
RESERVED
CVE-2014-7286 (Buffer overflow in AClient in Symantec Deployment Solution 6.9 and ...)
- TODO: check
+ NOT-FOR-US: Symantec Deployment Solution
CVE-2014-7285 (The management console on the Symantec Web Gateway (SWG) appliance ...)
- TODO: check
+ NOT-FOR-US: Symantec Web Gateway
CVE-2014-7282
RESERVED
CVE-2014-7281 (Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda ...)
More information about the Secure-testing-commits
mailing list