[Secure-testing-commits] r27942 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jul 24 16:14:09 UTC 2014 

Author: carnil
Date: 2014-07-24 16:14:06 +0000 (Thu, 24 Jul 2014)
New Revision: 27942

Modified:
   data/CVE/list
Log:
Add NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-07-24 16:12:32 UTC (rev 27941)
+++ data/CVE/list	2014-07-24 16:14:06 UTC (rev 27942)
@@ -283,9 +283,9 @@
 CVE-2014-4949
 	RESERVED
 CVE-2014-4948 (Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and ...)
-	TODO: check
+	NOT-FOR-US: Citrix XenServer
 CVE-2014-4947 (Buffer overflow in the HVM graphics console support in Citrix ...)
-	TODO: check
+	NOT-FOR-US: Citrix XenServer
 CVE-2014-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...)
 	TODO: check
 CVE-2014-4945 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...)
@@ -461,9 +461,9 @@
 CVE-2014-4854 (Cross-site scripting (XSS) vulnerability in the WP Construction Mode ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2014-4853 (Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan ...)
-	TODO: check
+	NOT-FOR-US: OpenDocMan
 CVE-2014-4852 (SQL injection vulnerability in admin/uploads.php in The Digital Craft ...)
-	TODO: check
+	NOT-FOR-US: AtomCMS
 CVE-2014-4851 (Open redirect vulnerability in msg.php in FoeCMS allows remote ...)
 	NOT-FOR-US: FoeCMS
 CVE-2014-4850 (SQL injection vulnerability in index.php in FoeCMS allows remote ...)
@@ -685,7 +685,7 @@
 CVE-2014-4742 (Cross-site scripting (XSS) vulnerability in system/class_link.php in ...)
 	NOT-FOR-US: Kajona module
 CVE-2014-4741 (SQL injection vulnerability in demo/ads.php in Artifectx xClassified ...)
-	TODO: check
+	NOT-FOR-US: Artifectx xClassified
 CVE-2014-4740
 	REJECTED
 CVE-2014-4739
@@ -1628,9 +1628,9 @@
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2014-4347 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
-	TODO: check
+	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
 CVE-2014-4346 (Cross-site scripting (XSS) vulnerability in administration user ...)
-	TODO: check
+	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
 CVE-2014-4345
 	RESERVED
 CVE-2014-4344 [NULL dereference in GSSAPI servers]
@@ -1660,7 +1660,7 @@
 CVE-2014-4332
 	RESERVED
 CVE-2014-4331 (Cross-site scripting (XSS) vulnerability in admin/viewer.php in ...)
-	TODO: check
+	NOT-FOR-US: OctavoCMS
 CVE-2014-4330
 	RESERVED
 CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ...)
@@ -1780,17 +1780,17 @@
 CVE-2014-4272
 	RESERVED
 CVE-2014-4271 (Unspecified vulnerability in the Hyperion Essbase component in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4270 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4269 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4268 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
 	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4267 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle WebLogic Server
 CVE-2014-4266 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
 	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
@@ -1831,34 +1831,34 @@
 	- mariadb-5.5 5.5.38-1 (bug #754940)
 	- percona-xtradb-cluster-5.5 <unfixed>
 CVE-2014-4257 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle WebCenter Portal
 CVE-2014-4256 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle WebLogic Server
 CVE-2014-4255 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle WebLogic Server
 CVE-2014-4254 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle WebLogic Server
 CVE-2014-4253 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle WebLogic Server
 CVE-2014-4252 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
 	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4251 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2014-4250 (Unspecified vulnerability in the Siebel Core - Server OM Frwks ...)
-	TODO: check
+	NOT-FOR-US: Oracle Siebel CRM
 CVE-2014-4249 (Unspecified vulnerability in the BI Publisher component in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2014-4248 (Unspecified vulnerability in the Oracle Application Object Library ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4247 (Unspecified vulnerability in Oracle Java SE 8u5 allows remote ...)
 	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
 	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
 CVE-2014-4246 (Unspecified vulnerability in the Hyperion Analytic Provider Services ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4245 (Unspecified vulnerability in the RDBMS Core component in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle Database Server
 CVE-2014-4244 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
 	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
@@ -1871,42 +1871,42 @@
 	- percona-xtradb-cluster-5.5 <unfixed>
 	NOTE: Unspecified, but according to Oracle only for 5.5.35 and earlier
 CVE-2014-4242 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle WebLogic Server
 CVE-2014-4241 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle WebLogic Server
 CVE-2014-4240 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	- mysql-5.5 <not-affected> (Only affects 5.6)
 	- mysql-5.1 <not-affected> (Only affects 5.6)
 	- mariadb-5.5 <not-affected> (Only affects 5.6)
 	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
 CVE-2014-4239 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 ...)
-	TODO: check
+	NOT-FOR-US: Oracle Sun Solaris
 CVE-2014-4238 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	- mysql-5.5 <not-affected> (Only affects 5.6)
 	- mysql-5.1 <not-affected> (Only affects 5.6)
 	- mariadb-5.5 <not-affected> (Only affects 5.6)
 	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
 CVE-2014-4237 (Unspecified vulnerability in the RDBMS Core component in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4236 (Unspecified vulnerability in the RDBMS Core component in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4235 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4234 (Unspecified vulnerability in the Oracle Transportation Management ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4233 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	- mysql-5.5 <not-affected> (Only affects 5.6)
 	- mysql-5.1 <not-affected> (Only affects 5.6)
 	- mariadb-5.5 <not-affected> (Only affects 5.6)
 	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
 CVE-2014-4232 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4231 (Unspecified vulnerability in the Siebel Travel & Transportation ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4230 (Unspecified vulnerability in the Siebel UI Framework component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4229 (Unspecified vulnerability in the Oracle Transportation Management ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4228 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
 	- virtualbox 4.3.12-dfsg-1 (bug #754939)
 	- virtualbox-ose <not-affected> (Only affects 4.1 and later)
@@ -1914,18 +1914,18 @@
 	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2014-4226 (Unspecified vulnerability in the PeopleSoft Enterprise FIN Install ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4225 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
-	TODO: check
+	NOT-FOR-US: Oracle Sun Solaris
 CVE-2014-4224 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 ...)
-	TODO: check
+	NOT-FOR-US: Oracle Sun Solaris
 CVE-2014-4223 (Unspecified vulnerability in Oracle Java SE 7u60 allows remote ...)
 	{DSA-2987-1}
 	- openjdk-6 <not-affected> (Vulnerable code not present)
 	- openjdk-7 7u65-2.5.1-1
 	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/84bce1b3d28a
 CVE-2014-4222 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4221 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
 	{DSA-2987-1}
 	- openjdk-6 <not-affected> (Vulnerable code not present)
@@ -1943,26 +1943,26 @@
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4217 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4216 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
 	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4215 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
-	TODO: check
+	NOT-FOR-US: Oracle Solaris
 CVE-2014-4214 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	- mysql-5.5 <not-affected> (Only affects 5.6)
 	- mysql-5.1 <not-affected> (Only affects 5.6)
 	- mariadb-5.5 <not-affected> (Only affects 5.6)
 	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
 CVE-2014-4213 (Unspecified vulnerability in the Oracle Applications Manager component ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4212 (Unspecified vulnerability in the Oracle Fusion Middleware component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4211 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4210 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4209 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
 	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
@@ -1977,17 +1977,17 @@
 	- mariadb-5.5 5.5.38-1 (bug #754940)
 	- percona-xtradb-cluster-5.5 <unfixed>
 CVE-2014-4206 (Unspecified vulnerability in the Hyperion Enterprise Performance ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4205 (Unspecified vulnerability in the Siebel UI Framework component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4204 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4203 (Unspecified vulnerability in the Hyperion Enterprise Performance ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4202 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4201 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2014-4200
 	RESERVED
 CVE-2014-4199
@@ -2694,15 +2694,15 @@
 CVE-2014-3889 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...)
 	NOT-FOR-US: silex device
 CVE-2014-3888 (Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS ...)
-	TODO: check
+	NOT-FOR-US: Yokogawa
 CVE-2014-3887
 	RESERVED
 CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when ...)
-	TODO: check
+	NOT-FOR-US: Webmin
 CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows ...)
-	TODO: check
+	NOT-FOR-US: Webmin
 CVE-2014-3884 (Cross-site scripting (XSS) vulnerability in Usermin before 1.600 ...)
-	TODO: check
+	NOT-FOR-US: Usermin
 CVE-2014-3883 (Usermin before 1.600 allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: Usermin
 CVE-2014-3882 (Cross-site request forgery (CSRF) vulnerability in the Login rebuilder ...)
@@ -2993,7 +2993,7 @@
 CVE-2014-3778 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: ARRIS modem
 CVE-2014-3777 (Directory traversal vulnerability in Reportico PHP Report Designer ...)
-	TODO: check
+	NOT-FOR-US: Reportico PHP Report Designer
 CVE-2014-3770
 	RESERVED
 CVE-2014-3769

More information about the Secure-testing-commits mailing list