[Secure-testing-commits] r30162 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Nov 19 21:09:51 UTC 2014
Author: carnil
Date: 2014-11-19 21:09:51 +0000 (Wed, 19 Nov 2014)
New Revision: 30162
Modified:
data/CVE/list
Log:
Process some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-19 19:53:24 UTC (rev 30161)
+++ data/CVE/list 2014-11-19 21:09:51 UTC (rev 30162)
@@ -442,7 +442,7 @@
CVE-2014-8728
RESERVED
CVE-2014-8727 (Multiple directory traversal vulnerabilities in F5 BIG-IP before ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2014-8726
RESERVED
CVE-2014-8725
@@ -546,39 +546,39 @@
CVE-2014-8670 (Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote ...)
TODO: check
CVE-2014-8669 (The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8668 (SQL injection vulnerability in SAP Contract Accounting allows remote ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8667 (Cross-site scripting (XSS) vulnerability in SAP HANA Web-based ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8666 (The User & Server configuration, InfoView refresh, user rights ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8665 (The SAP Business Intelligence Development Workbench allows remote ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8664 (SQL injection vulnerability in Product Safety (EHS-SAF) component in ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8663 (SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8662 (Unspecified vulnerability in SAP Payroll Process allows remote ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8661 (The SAP CRM Internet Sales module allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8660 (SAP Document Management Services allows local users to execute ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8659 (Directory traversal vulnerability in SAP Environment, Health, and ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2014-8658 (Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme ...)
TODO: check
CVE-2014-8657 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless ...)
- TODO: check
+ NOT-FOR-US: Compal Gateways
CVE-2014-8656 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless ...)
- TODO: check
+ NOT-FOR-US: Compal Gateways
CVE-2014-8655 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless ...)
- TODO: check
+ NOT-FOR-US: Compal Gateways
CVE-2014-8654 (Multiple cross-site request forgery (CSRF) vulnerabilities in Compal ...)
- TODO: check
+ NOT-FOR-US: Compal Gateways
CVE-2014-8653 (Cross-site scripting (XSS) vulnerability in Compal Broadband Networks ...)
- TODO: check
+ NOT-FOR-US: Compal Gateways
CVE-2014-8652 (Elipse E3 3.x and earlier allows remote attackers to cause a denial of ...)
TODO: check
CVE-2014-8649
@@ -982,7 +982,7 @@
CVE-2014-8511
RESERVED
CVE-2014-8510 (The AdminUI in Trend Micro InterScan Web Security Virtual Appliance ...)
- TODO: check
+ NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance
CVE-2014-8509 (The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) ...)
NOT-FOR-US: BitTorrent bootstrap-dht (aka Bootstrap)
CVE-2014-8508 (Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon ...)
@@ -1398,7 +1398,7 @@
NOTE: appears to be a generic autoloading abuse; possibly with
NOTE: some use of simplepie being the attack vector
CVE-2014-8359 (Untrusted search path vulnerability in Huawei Mobile Partner for ...)
- TODO: check
+ NOT-FOR-US: Huawei Mobile Partner for Windows
CVE-2014-8358
RESERVED
CVE-2014-8357
@@ -2239,9 +2239,9 @@
CVE-2014-7999
RESERVED
CVE-2014-7998 (Cisco IOS on Aironet access points, when "dot11 aaa authenticator" ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2014-7997 (The DHCP implementation in Cisco IOS on Aironet access points does not ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2014-7996
RESERVED
CVE-2014-7995
@@ -2251,15 +2251,15 @@
CVE-2014-7993
RESERVED
CVE-2014-7992 (The DLSw implementation in Cisco IOS does not initialize packet ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2014-7991 (The Remote Mobile Access Subsystem in Cisco Unified Communications ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-7990 (Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-7989 (Cisco Unified Computing System on B-Series blade servers allows local ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-7988 (The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-7987 (Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 ...)
NOT-FOR-US: EspoCRM
CVE-2014-7986 (install/index.php in EspoCRM before 2.6.0 allows remote attackers to ...)
@@ -6019,17 +6019,17 @@
CVE-2014-6354
RESERVED
CVE-2014-6353 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6352 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
NOT-FOR-US: Microsoft
CVE-2014-6351 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6350 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6349 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6348 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6347 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
TODO: check
CVE-2014-6346 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
@@ -6057,13 +6057,13 @@
CVE-2014-6335 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
TODO: check
CVE-2014-6334 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6333 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6332 (OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6331 (Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6330
RESERVED
CVE-2014-6329
@@ -6081,17 +6081,17 @@
CVE-2014-6323 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
TODO: check
CVE-2014-6322 (The Windows Audio service in Microsoft Windows Vista SP2, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6321 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6320
RESERVED
CVE-2014-6319
RESERVED
CVE-2014-6318 (The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-6316
RESERVED
CVE-2014-6315 (Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado ...)
@@ -6479,11 +6479,11 @@
CVE-2014-6162
RESERVED
CVE-2014-6161 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6160
RESERVED
CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6158
RESERVED
CVE-2014-6157
@@ -6509,7 +6509,7 @@
CVE-2014-6147
RESERVED
CVE-2014-6146 (IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6145
RESERVED
CVE-2014-6144
@@ -6581,17 +6581,17 @@
CVE-2014-6111
RESERVED
CVE-2014-6110 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6109
RESERVED
CVE-2014-6108
RESERVED
CVE-2014-6107 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6106
RESERVED
CVE-2014-6105 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6104
RESERVED
CVE-2014-6103
@@ -6605,13 +6605,13 @@
CVE-2014-6099 (The Change Password feature in IBM Sterling B2B Integrator 5.2.x ...)
NOT-FOR-US: IBM Sterling
CVE-2014-6098 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6097 (IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6096 (Cross-site scripting (XSS) vulnerability in IBM Security Identity ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6095 (Directory traversal vulnerability in IBM Security Identity Manager 6.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6094
RESERVED
CVE-2014-6093
@@ -6755,7 +6755,7 @@
CVE-2014-6031
RESERVED
CVE-2014-6030 (Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET ...)
- TODO: check
+ NOT-FOR-US: ClassApps SelectSurvey.NET
CVE-2014-6026
RESERVED
CVE-2014-6025 (The Chartboost library before 2.0.2 for Android does not verify X.509 ...)
@@ -7989,7 +7989,7 @@
CVE-2014-5431
RESERVED
CVE-2014-5430 (Untrusted search path vulnerability in ABB RobotStudio 5.6x before ...)
- TODO: check
+ NOT-FOR-US: ABB RobotStudio
CVE-2014-5429
RESERVED
CVE-2014-5428
@@ -8001,7 +8001,7 @@
CVE-2014-5425 (IOServer before Beta2112.exe allows remote attackers to cause a denial ...)
NOT-FOR-US: IOServer
CVE-2014-5424 (Rockwell Automation Connected Components Workbench (CCW) before ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation Connected Components Workbench
CVE-2014-5423 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
NOT-FOR-US: CareFusion
CVE-2014-5422 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
@@ -8015,7 +8015,7 @@
CVE-2014-5418
RESERVED
CVE-2014-5417 (Cross-site scripting (XSS) vulnerability in Meinberg NTP Server ...)
- TODO: check
+ NOT-FOR-US: Meinberg NTP Server firmware on LANTIME M-Series devices
CVE-2014-5416
RESERVED
CVE-2014-5415
@@ -9559,7 +9559,7 @@
CVE-2014-4835
RESERVED
CVE-2014-4834 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4833 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4832
@@ -9607,7 +9607,7 @@
CVE-2014-4811 (IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume ...)
NOT-FOR-US: IBM
CVE-2014-4810 (IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4809 (The WebSEAL component in IBM Security Access Manager for Web 7.x ...)
NOT-FOR-US: IBM Security Access Manager
CVE-2014-4808 (Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through ...)
@@ -9689,7 +9689,7 @@
CVE-2014-4770 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4769 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4768
RESERVED
CVE-2014-4767 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before ...)
@@ -10105,7 +10105,7 @@
CVE-2014-4628
RESERVED
CVE-2014-4627 (SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before ...)
- TODO: check
+ NOT-FOR-US: EMC RSA Web Threat Detection
CVE-2014-4626
RESERVED
CVE-2014-4625
@@ -10481,31 +10481,31 @@
CVE-2014-4464
RESERVED
CVE-2014-4463 (Apple iOS before 8.1.1 allows physically proximate attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4462 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, ...)
TODO: check
CVE-2014-4461 (The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4460 (CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4459 (Use-after-free vulnerability in WebKit, as used in Apple OS X before ...)
TODO: check
CVE-2014-4458 (The "System Profiler About This Mac" component in Apple OS X before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4457 (The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4456
RESERVED
CVE-2014-4455 (dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4454
RESERVED
CVE-2014-4453 (Apple iOS before 8.1.1 and OS X before 10.10.1 include location data ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4452 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, ...)
TODO: check
CVE-2014-4451 (Apple iOS before 8.1.1 does not properly enforce the failed-passcode ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4450 (The QuickType feature in the Keyboards subsystem in Apple iOS before ...)
NOT-FOR-US: Apple iOS
CVE-2014-4449 (iCloud Data Access in Apple iOS before 8.1 does not verify X.509 ...)
@@ -11214,7 +11214,7 @@
CVE-2014-4151 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...)
NOT-FOR-US: AlienVault OSSIM
CVE-2014-4149 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-4148 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
NOT-FOR-US: Microsoft
CVE-2014-4147
@@ -11276,11 +11276,11 @@
CVE-2014-4119
RESERVED
CVE-2014-4118 (XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-4117 (Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, ...)
NOT-FOR-US: Microsoft
CVE-2014-4116 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-4115 (fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in ...)
NOT-FOR-US: Microsoft
CVE-2014-4114 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
@@ -11356,11 +11356,11 @@
CVE-2014-4079 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4078 (The IP Security feature in Microsoft Internet Information Services ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-4077 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-4076 (Microsoft Windows Server 2003 SP2 allows local users to gain ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-4075 (Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in ...)
NOT-FOR-US: Microsoft
CVE-2014-4074 (The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server ...)
@@ -31937,7 +31937,7 @@
CVE-2013-3679
RESERVED
CVE-2013-3678 (Multiple unspecified vulnerabilities in SAP Governance, Risk, and ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2013-3677
RESERVED
CVE-2013-3676
More information about the Secure-testing-commits
mailing list