[Secure-testing-commits] r27948 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jul 24 17:08:36 UTC 2014
Author: carnil
Date: 2014-07-24 17:08:36 +0000 (Thu, 24 Jul 2014)
New Revision: 27948
Modified:
data/CVE/list
Log:
Add another round of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-24 17:08:29 UTC (rev 27947)
+++ data/CVE/list 2014-07-24 17:08:36 UTC (rev 27948)
@@ -49,7 +49,7 @@
CVE-2013-7392 (Gitlist allows remote attackers to execute arbitrary commands via ...)
- gitlist <itp> (bug #750368)
CVE-2013-7391 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using ...)
- TODO: check
+ NOT-FOR-US: Drupal contributed module Entity API
CVE-2013-7390
RESERVED
CVE-2011-5281
@@ -2686,13 +2686,13 @@
CVE-2014-3895
RESERVED
CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional ...)
- TODO: check
+ NOT-FOR-US: PHP Kobo Multifunctional MailForm
CVE-2014-3893
RESERVED
CVE-2014-3892 (Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 ...)
- TODO: check
+ NOT-FOR-US: Nexa Meridian
CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows ...)
- TODO: check
+ NOT-FOR-US: RimArts Becky! Internet Mail
CVE-2014-3890 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...)
NOT-FOR-US: silex device
CVE-2014-3889 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...)
@@ -3916,13 +3916,13 @@
CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with ...)
NOT-FOR-US: Yealink VoIP Phones
CVE-2014-3427 (CRLF injection vulnerability in Yealink VoIP Phones with firmware ...)
- TODO: check
+ NOT-FOR-US: Yealink VoIP Phones
CVE-2014-3420
RESERVED
CVE-2014-3419 (Infoblox NetMRI before 6.8.5 has a default password of admin for the ...)
- TODO: check
+ NOT-FOR-US: Infoblox NetMRI
CVE-2014-3418 (config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows ...)
- TODO: check
+ NOT-FOR-US: Infoblox NetMRI
CVE-2014-3417 (uPortal before 4.0.13.1 does not properly check the CONFIG permission, ...)
NOT-FOR-US: uPortal
CVE-2014-3416 (uPortal before 4.0.13.1 does not properly check the MANAGE ...)
@@ -4108,17 +4108,17 @@
CVE-2014-3326
RESERVED
CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3324
RESERVED
CVE-2014-3323 (Directory traversal vulnerability in Cisco Unified Contact Center ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3322
RESERVED
CVE-2014-3321 (Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3320 (Multiple open redirect vulnerabilities in the admin web interface in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3319 (Directory traversal vulnerability in the Real-Time Monitoring Tool ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3318 (Directory traversal vulnerability in dna/viewfilecontents.do in the ...)
@@ -4146,7 +4146,7 @@
CVE-2014-3307 (The DHCP client implementation in Universal Small Cell firmware on ...)
NOT-FOR-US: Cisco Small Cell
CVE-2014-3306 (The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3305
RESERVED
CVE-2014-3304
@@ -4759,7 +4759,7 @@
CVE-2014-3065
RESERVED
CVE-2014-3064 (The GDS component in IBM InfoSphere Master Data Management - ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3063
RESERVED
CVE-2014-3062
@@ -4797,11 +4797,11 @@
CVE-2014-3046
RESERVED
CVE-2014-3045 (IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3044
RESERVED
CVE-2014-3043 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3042 (IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does ...)
NOT-FOR-US: IBM CICS Transaction Serve
CVE-2014-3041
@@ -5006,7 +5006,7 @@
CVE-2014-2964
RESERVED
CVE-2014-2963 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2014-2962 (Absolute path traversal vulnerability in the webproc cgi module on the ...)
NOT-FOR-US: Belkin router
CVE-2014-2961
@@ -5025,9 +5025,9 @@
NOTE: https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html
NOTE: EXPERIMENTAL_DMARC not enabled
CVE-2014-2956 (ScriptHelperApi in the AVG ScriptHelper ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: AVG Secure Search toolbar and AVG Safeguard
CVE-2014-2955 (Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Raritan PX
CVE-2014-2954
RESERVED
CVE-2014-2953
@@ -5035,9 +5035,9 @@
CVE-2014-2952
RESERVED
CVE-2014-2951 (Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded ...)
- TODO: check
+ NOT-FOR-US: Datum Systems SnIP
CVE-2014-2950 (Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require ...)
- TODO: check
+ NOT-FOR-US: Datum Systems SnIP
CVE-2014-2949 (SQL injection vulnerability in the web service in F5 ARX Data Manager ...)
NOT-FOR-US: F5 ARX Data Manager
CVE-2014-2948 (SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM ...)
@@ -5085,7 +5085,7 @@
CVE-2014-2927
RESERVED
CVE-2014-2926 (kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before ...)
- TODO: check
+ NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2014-2925 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: ASUS RT series
CVE-2014-2924
@@ -6294,9 +6294,9 @@
[wheezy] - libgd2 <no-dsa> (Minor issue)
NOTE: http://net-ninja-mr.me/2014/03/14/php-gd-v5-4-17-2-color-visual-null-pointer-dereference/
CVE-2014-2496 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2495 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2494 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2985-1}
- mysql-5.5 <unfixed> (bug #754941)
@@ -6304,11 +6304,11 @@
- mariadb-5.5 5.5.38-1 (bug #754940)
- percona-xtradb-cluster-5.5 <unfixed>
CVE-2014-2493 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2492 (Unspecified vulnerability in the Oracle Agile Product Collaboration ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2491 (Unspecified vulnerability in the Siebel UI Framework component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2490 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
{DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
@@ -6328,7 +6328,7 @@
- virtualbox 4.3.12-dfsg-1 (bug #754939)
- virtualbox-ose <removed>
CVE-2014-2485 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2484 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects 5.6)
- mysql-5.1 <not-affected> (Only affects 5.6)
@@ -6340,13 +6340,13 @@
- openjdk-7 7u65-2.5.1-1
NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003
CVE-2014-2482 (Unspecified vulnerability in the Oracle Concurrent Processing ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2481 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2480 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2479 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2478
RESERVED
CVE-2014-2477 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
@@ -6393,7 +6393,7 @@
CVE-2014-2457 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2456 (Unspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-2455 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
NOT-FOR-US: Oracle Hyperion
CVE-2014-2454 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
@@ -6631,15 +6631,15 @@
CVE-2014-2369
RESERVED
CVE-2014-2368 (The BrowseFolder method in the bwocxrun ActiveX control in Advantech ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-2367 (The ChkCookie subroutine in an ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-2366 (upAdminPg.asp in Advantech WebAccess before 7.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-2365 (Unspecified vulnerability in Advantech WebAccess before 7.2 allows ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-2364 (Multiple stack-based buffer overflows in Advantech WebAccess before ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-2363
RESERVED
CVE-2014-2362
@@ -7555,21 +7555,21 @@
CVE-2014-2000 (The NTT 050 plus application before 4.2.1 for Android allows attackers ...)
NOT-FOR-US: NTT application for Android
CVE-2014-1999 (The auto-format feature in the Request_Curl class in FuelPHP 1.1 ...)
- TODO: check
+ NOT-FOR-US: FuelPHP
CVE-2014-1998 (Cross-site scripting (XSS) vulnerability in Nippon Institute of ...)
NOT-FOR-US: SOY CMS
CVE-2014-1997 (The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier ...)
NOT-FOR-US: ATEN IP KVM Switch
CVE-2014-1996 (Cybozu Garoon 3.7 before SP4 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2014-1995 (Cross-site scripting (XSS) vulnerability in the Map search ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2014-1994 (Cross-site scripting (XSS) vulnerability in the Notices portlet in ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2014-1993 (The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2014-1992 (Cross-site scripting (XSS) vulnerability in the Messages functionality ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2014-1991 (Open redirect vulnerability in WebPlatform / AppFramework 6.0 through ...)
NOT-FOR-US: NTT DATA INTRAMART
CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the ...)
@@ -7579,7 +7579,7 @@
CVE-2014-1988 (The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 ...)
NOT-FOR-US: Cybozu Garoon
CVE-2014-1987 (The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and ...)
NOT-FOR-US: KOKUYO CamiApp application
CVE-2014-1984 (Session fixation vulnerability in the management screen in Cybozu ...)
@@ -7605,7 +7605,7 @@
CVE-2014-1974 (Directory traversal vulnerability in the LYSESOFT AndExplorer ...)
NOT-FOR-US: LYSESOFT
CVE-2014-1973 (Directory traversal vulnerability in the NextApp File Explorer ...)
- TODO: check
+ NOT-FOR-US: NextApp File Explorer application for Android
CVE-2014-1972
RESERVED
CVE-2014-1971 (Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows ...)
@@ -11571,7 +11571,7 @@
- mysql-5.1 <removed>
- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0436 (Unspecified vulnerability in the Hyperion BI+ component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-0435 (Unspecified vulnerability in the Oracle Transportation Management ...)
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0434 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
@@ -16616,7 +16616,7 @@
CVE-2013-5756
RESERVED
CVE-2013-5755 (config/.htpasswd in Yealink IP Phone SIP-T38G have a hardcoded ...)
- TODO: check
+ NOT-FOR-US: Yealink IP Phone
CVE-2013-5754 (The authorization implementation on Dahua DVR appliances accepts a ...)
NOT-FOR-US: Dahua DVR
CVE-2013-5753
@@ -36120,7 +36120,7 @@
CVE-2012-4989 (Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in ...)
NOT-FOR-US: OpenX
CVE-2012-4988 (Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2012-4987 (Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 ...)
NOT-FOR-US: RealPlayer
CVE-2012-4986
More information about the Secure-testing-commits
mailing list