[Secure-testing-commits] r26016 - data/CVE
Raphael Geissert
geissert at moszumanska.debian.org
Sat Mar 8 16:01:38 UTC 2014
Author: geissert
Date: 2014-03-08 16:01:38 +0000 (Sat, 08 Mar 2014)
New Revision: 26016
Modified:
data/CVE/list
Log:
unchecked ffmpeg/libav issues, NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-08 15:40:31 UTC (rev 26015)
+++ data/CVE/list 2014-03-08 16:01:38 UTC (rev 26016)
@@ -108,11 +108,13 @@
CVE-2014-2265
RESERVED
CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 ...)
- TODO: check
+ NOT-FOR-US: Synology DiskStation Manager
CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
+ - ffmpeg <removed>
+ - libav <unfixed>
TODO: check
CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS ...)
- TODO: check
+ NOT-FOR-US: Base SAS
CVE-2014-2261
RESERVED
CVE-2014-2260
@@ -158,7 +160,7 @@
CVE-2014-2232
RESERVED
CVE-2014-2231 (Cross-site scripting (XSS) vulnerability in the API in synetics i-doit ...)
- TODO: check
+ NOT-FOR-US: synetics i-doit pro
CVE-2014-2230
RESERVED
CVE-2014-2229
@@ -200,7 +202,7 @@
CVE-2014-2207
RESERVED
CVE-2014-2205 (The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) ...)
- TODO: check
+ NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2014-2204
RESERVED
CVE-2014-2203
@@ -402,25 +404,31 @@
CVE-2014-2105
RESERVED
CVE-2014-2104 (Multiple cross-site scripting (XSS) vulnerabilities in the Business ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-2103 (Cisco Intrusion Prevention System (IPS) Software allows remote ...)
- TODO: check
+ NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2014-2102 (Cisco Unified Contact Center Express (Unified CCX) does not properly ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2014-2101
RESERVED
CVE-2014-2100
RESERVED
CVE-2014-2099 (The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before ...)
+ - ffmpeg <removed>
+ - libav <unfixed>
TODO: check
CVE-2014-2098 (libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect ...)
+ - ffmpeg <removed>
+ - libav <unfixed>
TODO: check
CVE-2014-2097 (The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before ...)
+ - ffmpeg <removed>
+ - libav <unfixed>
TODO: check
CVE-2014-2092 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2014-2091 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2014-2090 (Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ...)
NOT-FOR-US: ILIAS
CVE-2014-2089 (ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via ...)
@@ -545,7 +553,7 @@
CVE-2014-2076
RESERVED
CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK ...)
- TODO: check
+ NOT-FOR-US: TIBCO Enterprise Administrator
CVE-2014-2074
RESERVED
CVE-2014-2073
@@ -652,7 +660,7 @@
CVE-2014-2034
RESERVED
CVE-2014-2033 (The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, ...)
- TODO: check
+ NOT-FOR-US: Blue Coat ProxySG
CVE-2014-2028
RESERVED
CVE-2014-2026
@@ -769,11 +777,11 @@
CVE-2014-1969
RESERVED
CVE-2014-1968 (Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 ...)
- TODO: check
+ NOT-FOR-US: XooNIps module for XOOPS
CVE-2014-1967 (The Denny's application before 2.0.1 for Android does not verify X.509 ...)
- TODO: check
+ NOT-FOR-US: Denny's application for Android
CVE-2014-1966 (The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 ...)
- TODO: check
+ NOT-FOR-US: Siemens RuggedCom ROS
CVE-2014-1965 (Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the ...)
NOT-FOR-US: SAP Exchange Infrastructure
CVE-2014-1964 (Cross-site scripting (XSS) vulnerability in the Integration Repository ...)
@@ -932,15 +940,15 @@
CVE-2014-1913
RESERVED
CVE-2014-1911 (The Foscam FI8910W camera with firmware before 11.37.2.55 allows ...)
- TODO: check
+ NOT-FOR-US: Foscam camera
CVE-2014-1910 (Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 ...)
- TODO: check
+ NOT-FOR-US: Citrix ShareFile Mobile
CVE-2014-1908
RESERVED
CVE-2014-1907 (Multiple directory traversal vulnerabilities in the VideoWhisper Live ...)
- TODO: check
+ NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1905
RESERVED
CVE-2014-1904
@@ -964,7 +972,7 @@
CVE-2014-1889
RESERVED
CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress plugin ...)
- TODO: check
+ NOT-FOR-US: BuddyPress plugin for WordPress
CVE-2014-1880
RESERVED
CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin ...)
@@ -1136,7 +1144,7 @@
CVE-2014-1855
RESERVED
CVE-2014-1854 (SQL injection vulnerability in library/clicktracker.php in the ...)
- TODO: check
+ NOT-FOR-US: AdRotate plugin for WordPress
CVE-2014-1853
RESERVED
CVE-2014-1852
@@ -3042,7 +3050,7 @@
CVE-2014-0891
RESERVED
CVE-2014-0890 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, ...)
- TODO: check
+ NOT-FOR-US: IBM Sametime
CVE-2014-0889
RESERVED
CVE-2014-0888
@@ -3180,17 +3188,17 @@
CVE-2014-0822 (The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x ...)
NOT-FOR-US: IBM Domino
CVE-2014-0821 (SQL injection vulnerability in the download feature in Cybozu Garoon ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2014-0820 (Directory traversal vulnerability in the download feature in Cybozu ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2014-0819 (Untrusted search path vulnerability in Autodesk AutoCAD before 2014 ...)
- TODO: check
+ NOT-FOR-US: Autodesk AutoCAD
CVE-2014-0818 (Untrusted search path vulnerability in Autodesk AutoCAD before 2014 ...)
- TODO: check
+ NOT-FOR-US: Autodesk AutoCAD
CVE-2014-0817 (Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2014-0816 (Unspecified vulnerability in Norman Security Suite 10.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: Norman Security Suite
CVE-2014-0815 (The intent: URL implementation in Opera before 18 on Android allows ...)
NOT-FOR-US: Opera
CVE-2014-0814 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 ...)
@@ -3200,7 +3208,7 @@
CVE-2014-0812 (Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 ...)
NOT-FOR-US: KENT-WEB Joyful Note
CVE-2014-0811 (Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 ...)
- TODO: check
+ NOT-FOR-US: Blackboard Vista
CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before update ...)
NOT-FOR-US: JustSystems Sanshiro 2007
CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip (aka ...)
@@ -3338,7 +3346,7 @@
CVE-2014-0775
RESERVED
CVE-2014-0774 (Stack-based buffer overflow in the C++ sample client in Schneider ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric OPC Factory Server
CVE-2014-0773
RESERVED
CVE-2014-0772
@@ -4936,9 +4944,9 @@
CVE-2014-0337
RESERVED
CVE-2014-0336 (Cross-site request forgery (CSRF) vulnerability in the web client in ...)
- TODO: check
+ NOT-FOR-US: Serena Dimensions CM
CVE-2014-0335 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
- TODO: check
+ NOT-FOR-US: Serena Dimensions CM
CVE-2014-0334 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
NOT-FOR-US: CMS Made Simple
CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the progressive ...)
@@ -6503,9 +6511,9 @@
CVE-2013-6721 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Service ...)
NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2013-6720 (Directory traversal vulnerability in the Passive Capture Application ...)
- TODO: check
+ NOT-FOR-US: IBM Tealeaf
CVE-2013-6719 (The Passive Capture Application (PCA) web console in IBM Tealeaf CX ...)
- TODO: check
+ NOT-FOR-US: IBM Tealeaf CX
CVE-2013-6718 (The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and ...)
NOT-FOR-US: IBM firmware
CVE-2013-6717 (The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 ...)
@@ -7677,9 +7685,9 @@
CVE-2013-6316 (IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6315 (IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and ...)
- TODO: check
+ NOT-FOR-US: IBM InfoSphere Enterprise Records
CVE-2013-6314 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise ...)
- TODO: check
+ NOT-FOR-US: IBM InfoSphere Enterprise Records
CVE-2013-6313
RESERVED
CVE-2013-6312 (Unspecified vulnerability in IBM Rational Service Tester 8.3.x and ...)
@@ -7699,7 +7707,7 @@
CVE-2013-6305 (IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build ...)
NOT-FOR-US: IBM Platform Symphony
CVE-2013-6304 (Multiple directory traversal vulnerabilities in Algo Risk Application ...)
- TODO: check
+ NOT-FOR-US: IBM Algo One
CVE-2013-6303 (Directory traversal vulnerability in IBM Algo One, as used in MetaData ...)
NOT-FOR-US: IBM Algo One
CVE-2013-6302 (SQL injection vulnerability in IBM Algo One, as used in MetaData ...)
@@ -7921,7 +7929,7 @@
CVE-2013-6202 (Multiple cross-site request forgery (CSRF) vulnerabilities in HP ...)
NOT-FOR-US: HP Service Manager
CVE-2013-6201 (Unspecified vulnerability in HP Security Management System 3.3.0, ...)
- TODO: check
+ NOT-FOR-US: HP Security Management System
CVE-2013-6200
RESERVED
NOT-FOR-US: HP-UX
@@ -10795,7 +10803,7 @@
CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in ...)
NOT-FOR-US: Aloaha PDF Suite
CVE-2013-4977 (Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E ...)
- TODO: check
+ NOT-FOR-US: Hikvision IP camera
CVE-2013-4976
RESERVED
CVE-2013-4975
@@ -14373,7 +14381,7 @@
CVE-2013-3713 (The image creation configuration in aaa_base before 16.26.1 for ...)
NOT-FOR-US: openSUSE live installer
CVE-2013-3712 (SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for ...)
- TODO: check
+ NOT-FOR-US: SUSE Studio Onsite
CVE-2013-3711
RESERVED
CVE-2013-3710 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate ...)
@@ -14385,7 +14393,7 @@
CVE-2013-3707 (The HTTPSTK service in the novell-nrm package before ...)
NOT-FOR-US: Novell Open Enterprise Server 2
CVE-2013-3706 (Directory traversal vulnerability in the PreBoot service in Novell ...)
- TODO: check
+ NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-3705 (The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on ...)
NOT-FOR-US: Novell Client
CVE-2013-3704 (The RPM GPG key import and handling feature in libzypp 12.15.0 and ...)
@@ -14897,7 +14905,7 @@
CVE-2013-3488
RESERVED
CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security ...)
- TODO: check
+ NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2013-3486
RESERVED
CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF ...)
@@ -14915,7 +14923,7 @@
CVE-2013-3479 (Cross-site request forgery (CSRF) vulnerability in the ShareThis ...)
NOT-FOR-US: WordPress plugin ShareThis
CVE-2013-3478 (SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, ...)
- TODO: check
+ NOT-FOR-US: Apptha WordPress Video Gallery
CVE-2013-3477
RESERVED
CVE-2013-3476
@@ -15378,9 +15386,9 @@
CVE-2013-3261 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...)
NOT-FOR-US: WordPress plugin flash-album-gallery
CVE-2013-3260 (Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 ...)
- TODO: check
+ NOT-FOR-US: INMATRIX Zoom Player
CVE-2013-3259 (Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 ...)
- TODO: check
+ NOT-FOR-US: INMATRIX Zoom Player
CVE-2013-3258
RESERVED
CVE-2013-3257
@@ -16492,7 +16500,7 @@
CVE-2013-2825 (The DNP3 service in the Outstation component on Elecsys Director ...)
NOT-FOR-US: Elecsys Director Gateway
CVE-2013-2824 (Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric StruxureWare SCADA Expert Vijeo Citect
CVE-2013-2823 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE ...)
NOT-FOR-US: Catapult DNP3 I/O driver
CVE-2013-2822 (NovaTech Orion Substation Automation Platform OrionLX DNP Master ...)
@@ -16506,7 +16514,7 @@
CVE-2013-2818 (The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 ...)
NOT-FOR-US: e-terracontrol
CVE-2013-2817 (An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi Electric Automation MC-WorX Suite
CVE-2013-2816 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 ...)
NOT-FOR-US: Cooper Power Systems
CVE-2013-2815
@@ -17269,7 +17277,7 @@
CVE-2013-2499
RESERVED
CVE-2013-2498 (SQL injection vulnerability in the login page in ...)
- TODO: check
+ NOT-FOR-US: SimpleHRM
CVE-2013-2497
RESERVED
CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in ...)
@@ -20990,7 +20998,7 @@
CVE-2012-6502 (Microsoft Internet Explorer before 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1413 (Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit ...)
- TODO: check
+ NOT-FOR-US: synetics i-doit
CVE-2013-1412
RESERVED
CVE-2013-1411
@@ -20998,7 +21006,7 @@
CVE-2013-1410
RESERVED
CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin ...)
- TODO: check
+ NOT-FOR-US: CommentLuv plugin for Wordpress
CVE-2013-1408
RESERVED
CVE-2013-1407
More information about the Secure-testing-commits
mailing list