[Secure-testing-commits] r27408 - data/CVE

Raphael Geissert geissert at moszumanska.debian.org
Mon Jun 23 17:52:50 UTC 2014 

Author: geissert
Date: 2014-06-23 17:52:50 +0000 (Mon, 23 Jun 2014)
New Revision: 27408

Modified:
   data/CVE/list
Log:
NFUs, ntopng, old kfreebsd issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-06-23 17:51:25 UTC (rev 27407)
+++ data/CVE/list	2014-06-23 17:52:50 UTC (rev 27408)
@@ -345,11 +345,11 @@
 CVE-2014-4339
 	RESERVED
 CVE-2014-4335 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)
-	TODO: check
+	NOT-FOR-US: BarracudaDrive
 CVE-2014-4334 (Stack-based buffer overflow in Ubisoft Rayman Legends before ...)
-	TODO: check
+	NOT-FOR-US: Ubisoft Rayman Legends
 CVE-2014-4333 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Dolphin (php thing)
 CVE-2014-4332
 	RESERVED
 CVE-2014-4331
@@ -357,7 +357,7 @@
 CVE-2014-4330
 	RESERVED
 CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ...)
-	TODO: check
+	- ntopng <itp> (bug #714820)
 CVE-2014-4328
 	RESERVED
 CVE-2014-4327
@@ -397,23 +397,23 @@
 CVE-2014-4310
 	RESERVED
 CVE-2014-4309 (Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 ...)
-	TODO: check
+	NOT-FOR-US: Openfiler
 CVE-2014-4308 (Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording ...)
-	TODO: check
+	NOT-FOR-US: NICE Recording eXpress
 CVE-2014-4307 (SQL injection vulnerability in categories-x.php in WebTitan before ...)
 	NOT-FOR-US: WebTitan
 CVE-2014-4306 (Directory traversal vulnerability in logs-x.php in WebTitan before ...)
 	NOT-FOR-US: WebTitan
 CVE-2014-4305 (Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka ...)
-	TODO: check
+	NOT-FOR-US: NICE Recording eXpress
 CVE-2014-4304 (Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy ...)
 	NOT-FOR-US: SQL Buddy
 CVE-2014-4303 (Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme ...)
 	NOT-FOR-US: Drupal Touch theme
 CVE-2014-4302 (Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D ...)
-	TODO: check
+	NOT-FOR-US: HAM3D Shop Engine
 CVE-2014-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Ajenti
 CVE-2014-4300
 	RESERVED
 CVE-2014-4299
@@ -633,11 +633,11 @@
 CVE-2014-XXXX [docker VMM breakout]
 	- docker.io 1.0.0~dfsg1-1
 CVE-2014-4193 (The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
 CVE-2014-4192 (The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
 CVE-2014-4191 (The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
 CVE-2014-4190 (Multiple heap-based buffer overflows in Huawei Campus Series Switches ...)
 	NOT-FOR-US: Huawei Campus Series Switches
 CVE-2014-4189 (Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager ...)
@@ -687,7 +687,7 @@
 CVE-2014-4169
 	RESERVED
 CVE-2014-4166 (Cross-site scripting (XSS) vulnerability in the song history in ...)
-	TODO: check
+	NOT-FOR-US: SHOUTcast DNAS
 CVE-2014-4165 (Cross-site scripting (XSS) vulnerability in ntop allows remote ...)
 	- ntop <unfixed> (bug #751946)
 CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 ...)
@@ -703,7 +703,7 @@
 CVE-2014-4159 (Open redirect vulnerability in SAP Supplier Relationship Management ...)
 	NOT-FOR-US: SAP Supplier Relationship Management
 CVE-2014-4158 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Kolibri
 CVE-2014-4156
 	RESERVED
 CVE-2014-4155 (Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 ...)
@@ -927,7 +927,7 @@
 CVE-2014-4037 (Cross-site scripting (XSS) vulnerability in ...)
 	TODO: check
 CVE-2014-4036 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php ...)
-	TODO: check
+	NOT-FOR-US: ImpressCMS
 CVE-2014-4035 (Cross-site scripting (XSS) vulnerability in booking_details.php in ...)
 	NOT-FOR-US: Advance Hotel Booking System
 CVE-2014-4034 (SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 ...)
@@ -1249,7 +1249,7 @@
 	- ruby1.8 <unfixed> (unimportant)
 	NOTE: Only exploitable on Windows
 CVE-2014-3915 (The userRequest servlet in the Admin Center for Tivoli Storage Manager ...)
-	TODO: check
+	NOT-FOR-US: Rocket Servergraph
 CVE-2014-3914
 	RESERVED
 CVE-2014-3913 (Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow ...)
@@ -1320,6 +1320,9 @@
 	RESERVED
 CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 ...)
 	{DSA-2952-1}
+	- kfreebsd-8 <removed>
+	- kfreebsd-9 <unfixed>
+	- kfreebsd-10 10.0-6
 	TODO: check
 CVE-2014-3879
 	RESERVED
@@ -1519,7 +1522,7 @@
 CVE-2014-3811
 	RESERVED
 CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in BoonEx ...)
-	TODO: check
+	NOT-FOR-US: Dolphin (php thingy)
 CVE-2014-3809
 	RESERVED
 CVE-2014-3808 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)

More information about the Secure-testing-commits mailing list