[Secure-testing-commits] r29646 - data/CVE
Helmut Grohne
helmutg at moszumanska.debian.org
Sat Oct 25 18:03:42 UTC 2014
Author: helmutg
Date: 2014-10-25 18:03:42 +0000 (Sat, 25 Oct 2014)
New Revision: 29646
Modified:
data/CVE/list
Log:
misc NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-25 18:03:33 UTC (rev 29645)
+++ data/CVE/list 2014-10-25 18:03:42 UTC (rev 29646)
@@ -362,13 +362,13 @@
CVE-2014-8308 (Cross-site scripting (XSS) vulnerability in the Send to Inbox ...)
NOT-FOR-US: SAP BusinessObjects BI EDGE
CVE-2014-8307 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: C97net Cart Engine
CVE-2014-8306 (SQL injection vulnerability in the sql_query function in cart.php in ...)
- TODO: check
+ NOT-FOR-US: C97net Cart Engine
CVE-2014-8305 (Open redirect vulnerability in the redir function in ...)
- TODO: check
+ NOT-FOR-US: C97net Cart Engine
CVE-2014-8304 (Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and ...)
- TODO: check
+ NOT-FOR-US: In-Portal
CVE-2014-8303 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
NOT-FOR-US: Splunk Web
CVE-2014-8302 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
@@ -384,11 +384,12 @@
CVE-2014-8297
RESERVED
CVE-2014-8296 (Cross-site scripting (XSS) vulnerability in the Modal Frame API module ...)
- TODO: check
+ NOT-FOR-US: Drupal module Modal Frame API
CVE-2014-XXXX [freecad downloads and executes code]
- freecad <unfixed> (bug #764814)
CVE-2014-8295 (SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows ...)
- TODO: check
+ NOT-FOR-US: Bacula-Web
+ NOTE: Bacula-Web is not part of bacula itself and not ITP #656891
CVE-2014-8294 (Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests ...)
NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2014-8293 (Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests ...)
@@ -898,7 +899,7 @@
- zendframework 1.12.9+dfsg-1
NOTE: http://framework.zend.com/security/advisory/ZF2014-05
CVE-2014-8074 (Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF SDK
CVE-2014-8073
RESERVED
CVE-2014-8072
@@ -2732,7 +2733,7 @@
NOTE: https://launchpad.net/bugs/1343604
CVE-2014-7205 (Eval injection vulnerability in the internals.batch function in ...)
NOTE: https://nodesecurity.io/advisories/bassmaster_js_injection
- TODO: check
+ NOT-FOR-US: node.js package bassmaster
CVE-2014-7201 (Multiple SQL injection vulnerabilities in the search function in ...)
NOT-FOR-US: JobControl extension for TYPO3
CVE-2014-7200 (Cross-site scripting (XSS) vulnerability in ...)
@@ -4824,7 +4825,7 @@
CVE-2014-6284
RESERVED
CVE-2014-6283 (SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 ...)
- TODO: check
+ NOT-FOR-US: SAP Adaptive Server Enterprise
CVE-2014-6282
RESERVED
CVE-2014-6281
@@ -5235,7 +5236,7 @@
CVE-2014-6117
RESERVED
CVE-2014-6116 (The Telemetry Component in WebSphere MQ 8.0.0.1 before ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2014-6115
RESERVED
CVE-2014-6114
@@ -6658,17 +6659,17 @@
CVE-2014-5426
RESERVED
CVE-2014-5425 (IOServer before Beta2112.exe allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: IOServer
CVE-2014-5424
RESERVED
CVE-2014-5423 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
- TODO: check
+ NOT-FOR-US: CareFusion
CVE-2014-5422 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
- TODO: check
+ NOT-FOR-US: CareFusion
CVE-2014-5421 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and ...)
- TODO: check
+ NOT-FOR-US: CareFusion
CVE-2014-5420 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
- TODO: check
+ NOT-FOR-US: CareFusion
CVE-2014-5419
RESERVED
CVE-2014-5418
@@ -6898,9 +6899,9 @@
CVE-2014-5332
RESERVED
CVE-2014-5331 (Cross-site scripting (XSS) vulnerability in Aflax allows remote ...)
- TODO: check
+ NOT-FOR-US: Aflax
CVE-2014-5330 (Cross-site scripting (XSS) vulnerability in BirdBlog allows remote ...)
- TODO: check
+ NOT-FOR-US: BirdBlog
CVE-2014-5329
RESERVED
CVE-2014-5328 (Buffer overflow in the Webserver component on the Huawei E5332 router ...)
@@ -8146,7 +8147,7 @@
CVE-2014-4868 (The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), ...)
NOT-FOR-US: Brocade Vyatta
CVE-2014-4867 (Cryoserver Security Appliance 7.3.x uses weak permissions for ...)
- TODO: check
+ NOT-FOR-US: Cryoserver
CVE-2014-4866
RESERVED
CVE-2014-4865 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -9454,7 +9455,7 @@
CVE-2014-4314
RESERVED
CVE-2014-4313 (SQL injection vulnerability in Epicor Procurement before 7.4 SP2 ...)
- TODO: check
+ NOT-FOR-US: Epicor
CVE-2014-4312 (Multiple cross-site scripting (XSS) vulnerabilities in Epicor ...)
NOT-FOR-US: Epicor
CVE-2014-4311
@@ -9934,7 +9935,7 @@
CVE-2014-4118
RESERVED
CVE-2014-4117 (Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-4116
RESERVED
CVE-2014-4115 (fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in ...)
@@ -11974,11 +11975,11 @@
CVE-2014-3409
RESERVED
CVE-2014-3408 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco Prime Optical
CVE-2014-3407
RESERVED
CVE-2014-3406 (Race condition in the IP logging feature in Cisco Intrusion Prevention ...)
- TODO: check
+ NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2014-3405 (Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy ...)
NOT-FOR-US: Cisco IOS
CVE-2014-3404 (The Autonomic Networking Infrastructure (ANI) component in Cisco IOS ...)
@@ -11986,7 +11987,7 @@
CVE-2014-3403 (The Autonomic Networking Infrastructure (ANI) component in Cisco IOS ...)
NOT-FOR-US: Cisco IOS
CVE-2014-3402 (The authentication-manager process in the web framework in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2014-3401
RESERVED
CVE-2014-3400 (Cisco WebEx Meetings Server allows remote authenticated users to ...)
@@ -12028,7 +12029,7 @@
CVE-2014-3382 (The SQL*Net inspection engine in Cisco ASA Software 7.2 before ...)
NOT-FOR-US: Cisco ASA
CVE-2014-3381 (The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the ...)
- TODO: check
+ NOT-FOR-US: Cisco AsyncOS
CVE-2014-3380 (Cisco Unified Communications Domain Manager Platform Software 4.4(.3) ...)
NOT-FOR-US: Cisco Unified Communications
CVE-2014-3379 (Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 ...)
@@ -12691,7 +12692,7 @@
CVE-2014-3148
RESERVED
CVE-2014-3147 (Cross-site scripting (XSS) vulnerability in the auto-complete feature ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2014-3146 (Incomplete blacklist vulnerability in the lxml.html.clean module in ...)
{DSA-2941-1 DLA-0009-1}
- lxml 3.3.5-1 (bug #746812)
@@ -13206,7 +13207,7 @@
CVE-2014-2928 (The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and ...)
NOT-FOR-US: F5 BIG-IP
CVE-2014-2927 (The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2014-2926 (kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before ...)
NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2014-2925 (Cross-site scripting (XSS) vulnerability in ...)
@@ -14028,7 +14029,7 @@
CVE-2014-2647 (Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP ...)
NOT-FOR-US: HP Operations Manager
CVE-2014-2646 (Unspecified vulnerability in HP Network Automation 9.10 and 9.20 ...)
- TODO: check
+ NOT-FOR-US: HP Network Automation
CVE-2014-2645 (HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to ...)
NOT-FOR-US: HP Systems Insight Manager
CVE-2014-2644 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
@@ -14188,7 +14189,7 @@
CVE-2014-2560
RESERVED
CVE-2014-2559 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin Twitget
CVE-2014-2558 (The File Gallery plugin before 1.7.9.2 for WordPress does not properly ...)
NOT-FOR-US: WordPress plugin file-gallery
CVE-2014-2557
@@ -14484,21 +14485,21 @@
CVE-2014-2479 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
NOT-FOR-US: Oracle
CVE-2014-2478 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2014-2477 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox 4.3.12-dfsg-1 (bug #754939)
[wheezy] - virtualbox <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
- virtualbox-ose <not-affected> (Only affects 4.0 and later)
CVE-2014-2476 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
- TODO: check
+ NOT-FOR-US: Oracle Virtualization
CVE-2014-2475 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
- TODO: check
+ NOT-FOR-US: Oracle Virtualization
CVE-2014-2474 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
- TODO: check
+ NOT-FOR-US: Oracle Virtualization
CVE-2014-2473 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
- TODO: check
+ NOT-FOR-US: Oracle Virtualization
CVE-2014-2472 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
- TODO: check
+ NOT-FOR-US: Oracle Virtualization
CVE-2014-2471 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
NOT-FOR-US: Oracle iLearning
CVE-2014-2470 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
@@ -14796,7 +14797,7 @@
CVE-2014-2359
RESERVED
CVE-2014-2358 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Fox-IT Fox DataDiode
CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application in ...)
NOT-FOR-US: SUBNET SubSTATION Server 2
CVE-2014-2356 (Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require ...)
@@ -15030,9 +15031,9 @@
CVE-2014-2280 (Cross-site scripting (XSS) vulnerability in the search feature in ...)
NOT-FOR-US: SeedDMS
CVE-2014-2279 (Multiple directory traversal vulnerabilities in SeedDMS (formerly ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2014-2278 (Unrestricted file upload vulnerability in op/op.AddFile2.php in ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2014-2277 [insecure temporary file usage]
RESERVED
- perltidy 20130922-1 (bug #740670)
@@ -19418,11 +19419,11 @@
CVE-2014-0573
RESERVED
CVE-2014-0572 (Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2014-0571 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2014-0570 (Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2014-0569 (Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-0568 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 ...)
More information about the Secure-testing-commits
mailing list