[Secure-testing-commits] r27579 - data/CVE
Helmut Grohne
helmutg at moszumanska.debian.org
Thu Jul 3 06:23:18 UTC 2014
Author: helmutg
Date: 2014-07-03 06:23:18 +0000 (Thu, 03 Jul 2014)
New Revision: 27579
Modified:
data/CVE/list
Log:
NFUs and affects for cacti, foreman
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-03 06:18:50 UTC (rev 27578)
+++ data/CVE/list 2014-07-03 06:23:18 UTC (rev 27579)
@@ -86,11 +86,12 @@
CVE-2014-4646
RESERVED
CVE-2014-4645 (Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link ...)
- TODO: check
+ NOT-FOR-US: D-Link hardware
CVE-2014-4644 (SQL injection vulnerability in superlinks.php in the superlinks plugin ...)
+ - cacti <undetermined>
TODO: check
CVE-2014-4643 (Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 ...)
- TODO: check
+ NOT-FOR-US: Core FTP client
CVE-2012-6649
RESERVED
CVE-2014-XXXX [Type Confusion Information Leak]
@@ -437,9 +438,9 @@
CVE-2014-4511
RESERVED
CVE-2014-4509 (The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out ...)
- TODO: check
+ NOT-FOR-US: Novell Identity Manager
CVE-2014-4507 (Directory traversal vulnerability in Smart-Proxy in Foreman before ...)
- TODO: check
+ - foreman <itp> (bug #663101)
CVE-2014-4506 (Cross-site scripting (XSS) vulnerability in the Custom Meta module ...)
NOT-FOR-US: Drupal module Custom Meta
CVE-2014-4505 (Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module ...)
@@ -1420,7 +1421,7 @@
CVE-2014-4031
RESERVED
CVE-2014-4030 (Cross-site request forgery (CSRF) vulnerability in the JW Player ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin JW Player
CVE-2014-4029
RESERVED
CVE-2014-4028
@@ -1803,7 +1804,7 @@
CVE-2014-3882 (Cross-site request forgery (CSRF) vulnerability in the Login rebuilder ...)
NOT-FOR-US: WordPress plugin login-rebuilder
CVE-2014-3881 (Cross-site request forgery (CSRF) vulnerability in Intercom Web ...)
- TODO: check
+ NOT-FOR-US: Intercom Web Kyukincho
CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 ...)
{DSA-2952-1}
- kfreebsd-8 <removed>
@@ -2935,9 +2936,9 @@
CVE-2014-3434
RESERVED
CVE-2014-3433 (Cross-site scripting (XSS) vulnerability in the management console in ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2014-3432 (Cross-site scripting (XSS) vulnerability in the management console in ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2014-3431 (Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x ...)
NOT-FOR-US: Symantec PGP Desktop
CVE-2014-3429
@@ -3764,7 +3765,7 @@
CVE-2014-3074
RESERVED
CVE-2014-3073 (Unspecified vulnerability in IBM Security Access Manager (ISAM) for ...)
- TODO: check
+ NOT-FOR-US: Novell Identity Manager
CVE-2014-3072
RESERVED
CVE-2014-3071
@@ -3888,7 +3889,7 @@
CVE-2014-3012 (Multiple CRLF injection vulnerabilities in IBM Curam Social Program ...)
NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-3011 (IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: IBM OpenPages GRC Platform
CVE-2014-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
NOT-FOR-US: IBM WebSphere
CVE-2014-3009
@@ -6534,7 +6535,7 @@
CVE-2014-2007
RESERVED
CVE-2014-2006 (Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x ...)
- TODO: check
+ NOT-FOR-US: Intercom Web Kyukincho
CVE-2014-2005 (Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) ...)
NOT-FOR-US: Sophos Enterprise Console
CVE-2014-2004 (The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 ...)
@@ -12501,7 +12502,7 @@
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
CVE-2014-0007 (The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows ...)
- NOT-FOR-US: Foreman Proxy
+ - foreman <itp> (bug #663101)
CVE-2014-0006 (The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 ...)
- swift 1.11.0-2 (low; bug #735582)
[wheezy] - swift <no-dsa> (Minor issue)
@@ -12945,7 +12946,7 @@
CVE-2013-6738 (Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics ...)
NOT-FOR-US: IBM
CVE-2013-6737 (IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before ...)
- TODO: check
+ NOT-FOR-US: IBM Storwize V7000 Unified
CVE-2013-6736
RESERVED
CVE-2013-6735 (IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, ...)
@@ -41492,7 +41493,7 @@
CVE-2012-2592 (Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 ...)
NOT-FOR-US: AXIGEN Mail Server
CVE-2012-2591 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...)
- TODO: check
+ NOT-FOR-US: EmailArchitect
CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON ...)
NOT-FOR-US: ESCON SupportPortal Professional Edition
CVE-2012-2589
@@ -41515,9 +41516,9 @@
CVE-2012-2581
RESERVED
CVE-2012-2580 (Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin Postie
CVE-2012-2579 (Multiple cross-site scripting (XSS) vulnerabilities in the WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin SimpleMail
CVE-2012-2578 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 ...)
NOT-FOR-US: SmarterMail
CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...)
@@ -47473,7 +47474,7 @@
CVE-2012-0274
RESERVED
CVE-2012-0273 (Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote ...)
- TODO: check
+ NOT-FOR-US: MinaliC (Webserver)
CVE-2012-0272 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
NOT-FOR-US: Novell GroupWise
CVE-2012-0271 (Integer overflow in the WebConsole component in gwia.exe in GroupWise ...)
@@ -48346,7 +48347,7 @@
CVE-2011-4822 (Multiple cross-site scripting (XSS) vulnerabilities in the user ...)
NOT-FOR-US: Atlassian FishEye
CVE-2011-4821 (Directory traversal vulnerability in the TFTP server in D-Link DIR-601 ...)
- TODO: check
+ NOT-FOR-US: D-Link router
CVE-2011-4820
RESERVED
CVE-2011-4819 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...)
More information about the Secure-testing-commits
mailing list