[Secure-testing-commits] r26256 - data/CVE
Thijs Kinkhorst
thijs at moszumanska.debian.org
Wed Mar 26 14:21:32 UTC 2014
Author: thijs
Date: 2014-03-26 14:21:32 +0000 (Wed, 26 Mar 2014)
New Revision: 26256
Modified:
data/CVE/list
Log:
dtc old issues, experimental only
nfu's
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-26 13:53:58 UTC (rev 26255)
+++ data/CVE/list 2014-03-26 14:21:32 UTC (rev 26256)
@@ -128,13 +128,13 @@
CVE-2014-2590
RESERVED
CVE-2014-2589 (Cross-site scripting (XSS) vulnerability in the Dashboard Backend ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2014-2588 (Directory traversal vulnerability in servlet/downloadReport in McAfee ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2014-2587 (SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2014-2586 (Cross-site scripting (XSS) vulnerability in the login audit form in ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2014-2584
RESERVED
CVE-2014-2583
@@ -212,15 +212,15 @@
CVE-2014-2539
RESERVED
CVE-2014-2537 (Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 ...)
- TODO: check
+ NOT-FOR-US: Sophos UTM
CVE-2014-2536 (Directory traversal vulnerability in McAfee Cloud Identity Manager ...)
- TODO: check
+ NOT-FOR-US: McAfee Cloud Identity Manager
CVE-2014-2535 (Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x ...)
- TODO: check
+ NOT-FOR-US: McAfee Web Gateway
CVE-2014-2534 (/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2014-2533 (/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2014-2531
RESERVED
CVE-2014-2530
@@ -293,15 +293,15 @@
CVE-2013-7337
RESERVED
CVE-2011-5276 (SQL injection vulnerability in the drawAdminTools_PackageInstaller ...)
- TODO: check
+ - dtc 0.34.1-1
CVE-2011-5275 (The install script in Domain Technologie Control (DTC) before 0.34.1 ...)
- TODO: check
+ - dtc 0.34.1-1
CVE-2011-5274 (The drawAdminTools_PackageInstaller function in ...)
- TODO: check
+ - dtc 0.34.1-1
CVE-2011-5273 (Directory traversal vulnerability in shared/package-installer in ...)
- TODO: check
+ - dtc 0.34.1-1
CVE-2011-5272 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
- TODO: check
+ - dtc 0.34.1-1
CVE-2009-5140
RESERVED
CVE-2009-5139
@@ -703,7 +703,7 @@
CVE-2014-2340
RESERVED
CVE-2014-2339 (Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in ...)
- TODO: check
+ NOT-FOR-US: GnuBoard
CVE-2014-2338
RESERVED
CVE-2014-2337
@@ -743,9 +743,9 @@
CVE-2014-2317 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
NOT-FOR-US: OpenDocMan
CVE-2014-2316 (SQL injection vulnerability in se_search_default in the Search ...)
- TODO: check
+ NOT-FOR-US: WP plugin search-everything
CVE-2014-2315 (Multiple cross-site scripting (XSS) vulnerabilities in the Thank You ...)
- TODO: check
+ NOT-FOR-US: WP plugin thankyoubutton
CVE-2014-2314 (Directory traversal vulnerability in the Issue Collector plugin in ...)
NOT-FOR-US: Atlassian JIRA
CVE-2014-2313 (Directory traversal vulnerability in the Importers plugin in Atlassian ...)
@@ -761,7 +761,7 @@
CVE-2013-7335 (Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x ...)
NOT-FOR-US: DotNetNuke
CVE-2013-7334 (Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 ...)
- TODO: check
+ NOT-FOR-US: ImageCMS
CVE-2014-2387 [pen: insecure temporary filename]
RESERVED
- pen <unfixed> (low; bug #741370)
@@ -831,7 +831,7 @@
CVE-2014-2292 (Unspecified vulnerability in the Linux Network Connect client in ...)
NOT-FOR-US: Junos Pulse Secure Access Service
CVE-2014-2291 (Cross-site scripting (XSS) vulnerability in the Pulse Collaboration ...)
- TODO: check
+ NOT-FOR-US: Junos
CVE-2014-2290
RESERVED
CVE-2014-2289
@@ -882,7 +882,7 @@
- cloud-init 0.7.1-1
NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12299
CVE-2014-2280 (Cross-site scripting (XSS) vulnerability in the search feature in ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2014-2279
RESERVED
CVE-2014-2278
@@ -926,33 +926,33 @@
CVE-2014-2260
RESERVED
CVE-2014-2259 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2258 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2257 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2256 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2255 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2254 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2253 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2252 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2251 (The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2250 (The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2249 (Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2248 (Open redirect vulnerability in the integrated web server on Siemens ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2247 (The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2246 (Cross-site scripting (XSS) vulnerability in the integrated web server ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2014-2241 (The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer ...)
- freetype <unfixed> (bug #741299)
[wheezy] - freetype <not-affected> (vuln. code introduced around 2.5)
@@ -998,7 +998,7 @@
CVE-2014-2220
RESERVED
CVE-2014-2219 (Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2014-2218
RESERVED
CVE-2014-2217
@@ -1178,13 +1178,13 @@
CVE-2014-2125
RESERVED
CVE-2014-2124 (Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-2123
RESERVED
CVE-2014-2122 (Memory leak in the GUI in the Impact server in Cisco Hosted ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-2121 (The Java-based software in Cisco Hosted Collaboration Solution (HCS) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-2120 (Cross-site scripting (XSS) vulnerability in the WebVPN login page in ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2119 (The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS ...)
@@ -25769,7 +25769,7 @@
CVE-2012-6291
RESERVED
CVE-2012-6290 (SQL injection vulnerability in ImageCMS before 4.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: ImageCMS
CVE-2012-6289
RESERVED
CVE-2012-6288
@@ -29678,7 +29678,7 @@
CVE-2012-4887
RESERVED
CVE-2012-4886 (Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 ...)
- TODO: check
+ NOT-FOR-US: WPS Office
CVE-2012-4885 (The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...)
- mediawiki 1:1.19.0-1 (low)
CVE-2012-4884 (Argument injection vulnerability in Request Tracker (RT) 3.8.x before ...)
More information about the Secure-testing-commits
mailing list