[Secure-testing-commits] r26126 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Mar 15 10:01:55 UTC 2014
Author: carnil
Date: 2014-03-15 10:01:55 +0000 (Sat, 15 Mar 2014)
New Revision: 26126
Modified:
data/CVE/list
Log:
First round of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-15 09:27:51 UTC (rev 26125)
+++ data/CVE/list 2014-03-15 10:01:55 UTC (rev 26126)
@@ -342,19 +342,19 @@
CVE-2014-2326
RESERVED
CVE-2014-2318 (SQL injection vulnerability in ATCOM Netvolution 3 allows remote ...)
- TODO: check
+ NOT-FOR-US: ATCOM Netvolution
CVE-2014-2317 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
- TODO: check
+ NOT-FOR-US: OpenDocMan
CVE-2014-2316 (SQL injection vulnerability in se_search_default in the Search ...)
TODO: check
CVE-2014-2315 (Multiple cross-site scripting (XSS) vulnerabilities in the Thank You ...)
TODO: check
CVE-2014-2314 (Directory traversal vulnerability in the Issue Collector plugin in ...)
- TODO: check
+ NOT-FOR-US: Atlassian JIRA
CVE-2014-2313 (Directory traversal vulnerability in the Importers plugin in Atlassian ...)
- TODO: check
+ NOT-FOR-US: Atlassian JIRA
CVE-2013-7335 (Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2013-7334 (Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 ...)
TODO: check
CVE-2014-XXXX [claws-mail vcalendar plugin stores user/password in cleartext]
@@ -384,10 +384,9 @@
RESERVED
NOT-FOR-US: Ruby Gem Arabic Prawn
CVE-2014-2321 (web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote ...)
- TODO: check
+ NOT-FOR-US: ZTE F460 and F660 cable modems
CVE-2014-2320
RESERVED
- TODO: check
CVE-2014-2319 (The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 ...)
NOTE: Non issue
NOTE: http://seclists.org/oss-sec/2014/q1/550
@@ -514,7 +513,7 @@
CVE-2014-2266
RESERVED
CVE-2014-2265 (Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Rock Lobster Contact Form
CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
@@ -1230,7 +1229,7 @@
CVE-2014-1946
RESERVED
CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
- TODO: check
+ NOT-FOR-US: OpenDocMan
CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier ...)
NOT-FOR-US: Ilch CMS
CVE-2014-1942
@@ -2228,7 +2227,7 @@
CVE-2014-1600
RESERVED
CVE-2014-1599 (Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box ...)
- TODO: check
+ NOT-FOR-US: SFR Box router
CVE-2014-1598
RESERVED
CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in synetics ...)
@@ -2986,53 +2985,53 @@
CVE-2014-1295
RESERVED
CVE-2014-1294 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1293 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1292 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1291 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1290 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1289 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1288
RESERVED
CVE-2014-1287 (USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-1286 (SpringBoard Lock Screen in Apple iOS before 7.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: SpringBoard Lock Screen in Apple iOS
CVE-2014-1285 (Springboard in Apple iOS before 7.1 allows physically proximate ...)
- TODO: check
+ NOT-FOR-US: Springboard in Apple iOS
CVE-2014-1284
REJECTED
CVE-2014-1283
RESERVED
CVE-2014-1282 (The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-1281 (Photos Backend in Apple iOS before 7.1 does not properly manage the ...)
- TODO: check
+ NOT-FOR-US: Photos Backend in Apple iOS
CVE-2014-1280 (Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-1279 (Apple TV before 6.1 does not properly restrict logging, which allows ...)
NOT-FOR-US: Apple TV
CVE-2014-1278 (The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-1277
REJECTED
CVE-2014-1276 (IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct ...)
- TODO: check
+ NOT-FOR-US: IOKit HID Event in Apple iOS
CVE-2014-1275 (Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-1274 (FaceTime in Apple iOS before 7.1 allows physically proximate attackers ...)
- TODO: check
+ NOT-FOR-US: FaceTime in Apple iOS
CVE-2014-1273 (dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-1272 (CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-1271 (CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-1270 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1269 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
@@ -3040,7 +3039,7 @@
CVE-2014-1268 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1267 (The Configuration Profiles component in Apple iOS before 7.1 and Apple ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-1266 (The SSLVerifySignedServerKeyExchange function in ...)
NOT-FOR-US: Apple
CVE-2014-1265 (The systemsetup program in the Date and Time subsystem in Apple OS X ...)
@@ -3469,7 +3468,7 @@
CVE-2014-0900
RESERVED
CVE-2014-0899 (ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2014-0898
RESERVED
CVE-2014-0897
@@ -3944,7 +3943,7 @@
CVE-2014-0695
RESERVED
CVE-2014-0694 (Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-0693
RESERVED
CVE-2014-0692
@@ -4484,7 +4483,7 @@
CVE-2014-0506
RESERVED
CVE-2014-0505 (Adobe Shockwave Player before 12.1.0.150 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2014-0504 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x ...)
NOT-FOR-US: Flash plugin
CVE-2014-0503 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x ...)
@@ -5653,19 +5652,19 @@
CVE-2013-6945 (The M2M Broker in OSEHRA VistA, as distributed before September 30, ...)
- vista <itp> (bug #541242)
CVE-2013-6944 (Cross-site scripting (XSS) vulnerability in the user interface in the ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6943 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6942 (Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6941 (Unspecified vulnerability in Citrix NetScaler Application Delivery ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6940 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6939 (Unspecified vulnerability in Citrix NetScaler Application Delivery ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6938 (Unspecified vulnerability in the Service VM in Citrix NetScaler SDX ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler SDX
CVE-2013-6937 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
NOT-FOR-US: VideoCharge
CVE-2013-6936 (Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum ...)
@@ -5715,61 +5714,61 @@
CVE-2014-0325
RESERVED
CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0323 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
NOT-FOR-US: Microsoft Internet Explorer 10
CVE-2014-0321 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0320
RESERVED
CVE-2014-0319 (Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-0318
RESERVED
CVE-2014-0317 (The Security Account Manager Remote (SAMR) protocol implementation in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-0316
RESERVED
CVE-2014-0315
RESERVED
CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0313 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0312 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0311 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0310
RESERVED
CVE-2014-0309 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0308 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0307 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0306 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0305 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0304 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0303 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0302 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0301 (Double free vulnerability in qedit.dll in DirectShow in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-0300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-0299 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0298 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0297 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0296
RESERVED
CVE-2014-0295 (VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not ...)
@@ -8394,15 +8393,15 @@
RESERVED
NOT-FOR-US: HP Unified Functional Testing
CVE-2013-6209 (Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP ...)
- TODO: check
+ NOT-FOR-US: NFS subsystem in HP HP-UX
CVE-2013-6208
RESERVED
CVE-2013-6207 (Unspecified vulnerability in the loadFileContents function in the SOAP ...)
- TODO: check
+ NOT-FOR-US: HP SiteScope
CVE-2013-6206 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2013-6205 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2013-6204 (The Web Console in HP Application Information Optimizer (formerly HP ...)
NOT-FOR-US: HP Application Information Optimizer
CVE-2013-6203 (The Web Console in HP Application Information Optimizer (formerly HP ...)
@@ -8436,7 +8435,7 @@
CVE-2013-6189 (Unspecified vulnerability in the Archive Query Server in HP ...)
NOT-FOR-US: HP Application Information Optimizer
CVE-2013-6188 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
- TODO: check
+ NOT-FOR-US: HP System Management Homepage
CVE-2013-6187
REJECTED
CVE-2013-6186
@@ -8773,7 +8772,7 @@
CVE-2013-6038 (Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 ...)
NOT-FOR-US: Trimble SketchUp Viewer
CVE-2013-6037 (Cross-site scripting (XSS) vulnerability in index.php in Aker Secure ...)
- TODO: check
+ NOT-FOR-US: Aker Secure Mail Gateway
CVE-2013-6036
RESERVED
CVE-2013-6035 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...)
@@ -8785,7 +8784,7 @@
CVE-2013-6032 (cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x ...)
NOT-FOR-US: Lexmark
CVE-2013-6031 (The Huawei E355 adapter with firmware 21.157.37.01.910 does not ...)
- TODO: check
+ NOT-FOR-US: Huawei E355 adapter
CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...)
NOT-FOR-US: Emerson Network Power
CVE-2013-6029 (Stack-based buffer overflow in the AT&T Connect Participant ...)
@@ -10975,7 +10974,7 @@
CVE-2013-5134
REJECTED
CVE-2013-5133 (Backup in Apple iOS before 7.1 does not properly restrict symlinks, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2013-5132 (Apple AirPort Base Station Firmware before 7.6.4 does not properly ...)
NOT-FOR-US: Apple AirPort
CVE-2013-5131 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...)
@@ -11012,7 +11011,7 @@
CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterprise ...)
NOT-FOR-US: Good for Enterprise app for iOS
CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2013-5116
RESERVED
CVE-2013-5115
@@ -11621,7 +11620,7 @@
CVE-2013-4847
RESERVED
CVE-2013-4846 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
- TODO: check
+ NOT-FOR-US: HP System Management Homepage
CVE-2013-4845 (Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka ...)
NOT-FOR-US: HP Officejet Pro
CVE-2013-4844 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, ...)
@@ -12071,7 +12070,7 @@
[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
[wheezy] - mongodb <not-affected> (Only affects 2.4.x)
CVE-2013-4649 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2013-4648
RESERVED
CVE-2013-4647
@@ -14290,7 +14289,7 @@
CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, ...)
NOT-FOR-US: Grandstream
CVE-2013-3961 (SQL injection vulnerability in edit_event.php in Simple PHP Agenda ...)
- TODO: check
+ NOT-FOR-US: Simple PHP Agenda
CVE-2013-3960
RESERVED
CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in ...)
@@ -14326,7 +14325,7 @@
CVE-2013-3944
RESERVED
CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
- TODO: check
+ NOT-FOR-US: DotNetNukeDot
CVE-2013-3942
RESERVED
CVE-2013-3941
More information about the Secure-testing-commits
mailing list