[Secure-testing-commits] r28736 - data/CVE

Helmut Grohne helmutg at moszumanska.debian.org
Fri Sep 12 08:19:31 UTC 2014


Author: helmutg
Date: 2014-09-12 08:19:31 +0000 (Fri, 12 Sep 2014)
New Revision: 28736

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-12 08:17:55 UTC (rev 28735)
+++ data/CVE/list	2014-09-12 08:19:31 UTC (rev 28736)
@@ -1,3 +1,5 @@
+CVE-2014-6252 (Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 ...)
+	NOT-FOR-US: SAP NetWeaver
 CVE-2014-6311 [/tmp file vulnerability in generate_doxygen.pl]
 	- ace <unfixed> (unimportant; bug #760709)
 	NOTE: Not installed into the binary packages
@@ -1487,7 +1489,7 @@
 CVE-2014-5522
 	RESERVED
 CVE-2014-5521 (plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows ...)
-	TODO: check
+	NOT-FOR-US: XRMS CRM
 CVE-2014-5520
 	RESERVED
 CVE-2014-5518
@@ -1518,8 +1520,8 @@
 	NOTE: Fixed upstream in 1.2.1
 CVE-2014-5510
 	RESERVED
-CVE-2014-5508
-	RESERVED
+CVE-2014-5508 (Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx ...)
+	NOT-FOR-US: srvx (irc services)
 CVE-2014-5507
 	RESERVED
 CVE-2014-5506 (Double free vulnerability in SAP Crystal Reports allows remote ...)
@@ -1527,7 +1529,7 @@
 CVE-2014-5505 (Stack-based buffer overflow in SAP Crystal Reports allows remote ...)
 	NOT-FOR-US: SAP Crystal Reports
 CVE-2014-5504 (SolarWinds Log and Event Manager before 6.0 uses "static" credentials, ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2014-5503
 	RESERVED
 CVE-2014-5502
@@ -1601,7 +1603,7 @@
 CVE-2014-5466
 	RESERVED
 CVE-2014-5465 (Directory traversal vulnerability in force-download.php in the ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin Download Shortcode
 CVE-2014-5463
 	RESERVED
 CVE-2014-5462
@@ -1663,7 +1665,7 @@
 CVE-2014-5453 (Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: ...)
 	NOT-FOR-US: Ubisoft Uplay PC
 CVE-2014-5452 (CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the ...)
-	TODO: check
+	NOT-FOR-US: HL7 C-CDA
 CVE-2014-5451
 	RESERVED
 CVE-2014-5446
@@ -1852,7 +1854,7 @@
 CVE-2014-5378
 	RESERVED
 CVE-2014-5377 (ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine DeviceExpert
 CVE-2014-5376
 	RESERVED
 CVE-2014-5375
@@ -1940,7 +1942,7 @@
 	- check-mk <not-affected> (Vulnerable code not present)
 	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4b71709456bfc2ffc27a3583f13cc2ac0e726709
 CVE-2014-5337 (The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin Mobile Pack
 CVE-2014-5335 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: innovaphone PBX
 CVE-2014-5334
@@ -2059,7 +2061,7 @@
 CVE-2014-5286
 	RESERVED
 CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO ...)
-	TODO: check
+	NOT-FOR-US: TIBCO Spotfire Server
 CVE-2014-5284
 	RESERVED
 CVE-2014-5283
@@ -2549,7 +2551,7 @@
 	RESERVED
 	NOT-FOR-US: ProjectDox
 CVE-2014-5128 (Innovative Interfaces Encore Discovery Solution 4.3 places a session ...)
-	TODO: check
+	NOT-FOR-US: Innovative Interfaces Encore Discovery Solution
 CVE-2014-5127 (Open redirect vulnerability in Innovative Interfaces Encore Discovery ...)
 	NOT-FOR-US: Innovative Interfaces Encore Discovery Solution
 CVE-2014-5126
@@ -3061,7 +3063,7 @@
 CVE-2014-4931
 	RESERVED
 CVE-2014-4930 (Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine EventLog Analyzer
 CVE-2014-4929 (Directory traversal vulnerability in the routing component in ownCloud ...)
 	- owncloud 6.0.4~beta1+dfsg-1
 	NOTE: https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json
@@ -3301,7 +3303,7 @@
 CVE-2014-4806 (The installation process in IBM Security AppScan Enterprise 8.x before ...)
 	NOT-FOR-US: IBM
 CVE-2014-4805 (IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files ...)
-	TODO: check
+	NOT-FOR-US: IBM DB2
 CVE-2014-4804
 	RESERVED
 CVE-2014-4803
@@ -5535,9 +5537,9 @@
 CVE-2014-3863
 	RESERVED
 CVE-2014-3862 (CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: HL7 C-CDA
 CVE-2014-3861 (Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 ...)
-	TODO: check
+	NOT-FOR-US: HL7 C-CDA
 CVE-2014-3860
 	RESERVED
 CVE-2014-3859 (libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS ...)
@@ -7603,9 +7605,9 @@
 CVE-2014-3096
 	RESERVED
 CVE-2014-3095 (The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 ...)
-	TODO: check
+	NOT-FOR-US: IBM DB2
 CVE-2014-3094 (Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through ...)
-	TODO: check
+	NOT-FOR-US: IBM DB2
 CVE-2014-3093 (IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext ...)
 	NOT-FOR-US: IBM
 CVE-2014-3092
@@ -18737,7 +18739,7 @@
 CVE-2013-6125
 	RESERVED
 CVE-2013-6124 (The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm (Android)
 CVE-2013-6123 (Multiple array index errors in ...)
 	NOT-FOR-US: Android Linux kernel
 CVE-2013-6122 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ...)
@@ -20473,7 +20475,7 @@
 CVE-2013-5468 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 ...)
 	NOT-FOR-US: IBM Algo One
 CVE-2013-5467 (Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Monitoring
 CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the ...)
 	NOT-FOR-US: IBM DB2 and DB2 Connect
 CVE-2013-5465 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, ...)
@@ -27728,12 +27730,12 @@
 	RESERVED
 	- miniupnpd 1.8.20130730-1 (bug #716936)
 CVE-2013-2599 (A certain Qualcomm Innovation Center (QuIC) patch to the ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm (Android)
 CVE-2013-2598 (app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed ...)
-	TODO: check
+	NOT-FOR-US: Little Kernel (bootloader)
 CVE-2013-2597 (Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c ...)
+	NOT-FOR-US: Android Linux kernel (affects {sound/soc/,arch/arm/mach-}msm/qdsp6v2)
 	NOTE: https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597
-	TODO: check if Android specific
 CVE-2013-2596 (Integer overflow in the fb_mmap function in drivers/video/fbmem.c in ...)
 	- linux 3.9-1
 	[wheezy] - linux 3.2.46-1
@@ -41492,7 +41494,7 @@
 CVE-2012-4227
 	RESERVED
 CVE-2012-4226 (Multiple cross-site scripting (XSS) vulnerabilities in Quick Post ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin Quick Post Widget
 CVE-2012-4225 (NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows ...)
 	- nvidia-graphics-drivers 304.37-1 (bug #684781)
 	- nvidia-graphics-drivers-legacy-173xx 173.14.35-3




More information about the Secure-testing-commits mailing list