[Secure-testing-commits] r29039 - data/CVE

Thu Sep 25 09:50:27 UTC 2014

Author: helmutg
Date: 2014-09-25 09:50:27 +0000 (Thu, 25 Sep 2014)
New Revision: 29039

Modified:
   data/CVE/list
Log:
misc NFUs

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-09-25 09:50:19 UTC (rev 29038)
+++ data/CVE/list	2014-09-25 09:50:27 UTC (rev 29039)
@@ -23,7 +23,7 @@
 CVE-2014-7157
 	RESERVED
 CVE-2014-7153 (SQL injection vulnerability in the editgallery function in ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin Huge-IT Image Gallery
 CVE-2014-XXXX [cyassl: RSA Padding check vulnerability]
 	- cyassl <unfixed>
 	NOTE: http://www.yassl.com/yaSSL/Blog/Entries/2014/9/12_CyaSSL_3.2.0_Released.html
@@ -1132,7 +1132,7 @@
 CVE-2014-6603
 	RESERVED
 CVE-2014-6602 (Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Asha OS
 CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)
 	TODO: check
 CVE-2014-XXXX [Remote crash based on malformed SIP subscription]
@@ -1558,7 +1558,7 @@
 CVE-2013-7401
 	RESERVED
 CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks ...)
-	TODO: check
+	NOT-FOR-US: SpiceWorks
 CVE-2014-7145 [null ptr deref in SMB2_tcon]
 	RESERVED
 	- linux <unfixed>
@@ -3939,9 +3939,9 @@
 CVE-2014-5323 (The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) ...)
 	TODO: check
 CVE-2014-5322 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish ...)
-	TODO: check
+	NOT-FOR-US: FileMaker Pro
 CVE-2014-5321 (FileMaker Pro before 13 and Pro Advanced before 13 does not verify ...)
-	TODO: check
+	NOT-FOR-US: FileMaker Pro
 CVE-2014-5320 (The Bump application for Android does not properly handle implicit ...)
 	NOT-FOR-US: Bump application for Android
 CVE-2014-5319
@@ -3951,7 +3951,7 @@
 CVE-2014-5317 (Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 ...)
 	TODO: check
 CVE-2014-5316 (Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 ...)
-	TODO: check
+	NOT-FOR-US: DotClear
 CVE-2014-5315
 	RESERVED
 CVE-2014-5314
@@ -11967,7 +11967,7 @@
 CVE-2014-2224
 	RESERVED
 CVE-2014-2223 (Unrestricted file upload vulnerability in plog-admin/plog-upload.php ...)
-	TODO: check
+	NOT-FOR-US: Plogger
 CVE-2014-2222
 	RESERVED
 CVE-2014-2221
@@ -15012,7 +15012,7 @@
 CVE-2014-0994
 	RESERVED
 CVE-2014-0993 (Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in ...)
-	TODO: check
+	NOT-FOR-US: Embarcadero
 CVE-2014-0992 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2014-0991 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
@@ -46771,7 +46771,7 @@
 CVE-2012-2957 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...)
 	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-2956 (SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote ...)
-	TODO: check
+	NOT-FOR-US: SpiceWorks
 CVE-2012-2955 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security
 CVE-2012-2954
@@ -47782,7 +47782,7 @@
 CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon ...)
 	NOT-FOR-US: Alt-N MDaemon Free
 CVE-2012-2583 (Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin Mini Mail Dashboard Widget
 CVE-2012-2582 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
 	{DSA-2536-1}
 	- otrs2 3.1.7+dfsg1-4
@@ -50449,7 +50449,7 @@
 CVE-2012-1557 (SQL injection vulnerability in admin/plib/api-rpc/Agent.php in ...)
 	NOT-FOR-US: Parallels Plesk Panel
 CVE-2012-1556 (Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 ...)
-	TODO: check
+	NOT-FOR-US: Synology DiskStation Manager extension
 CVE-2012-1555
 	RESERVED
 CVE-2012-1554
@@ -50554,9 +50554,9 @@
 CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX ...)
 	NOT-FOR-US: VMware ESXi
 CVE-2012-1507 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM ...)
-	TODO: check
+	NOT-FOR-US: OrangeHRM
 CVE-2012-1506 (SQL injection vulnerability in the updateStatus function in ...)
-	TODO: check
+	NOT-FOR-US: OrangeHRM
 CVE-2012-1505
 	RESERVED
 CVE-2012-1504
@@ -50747,7 +50747,7 @@
 CVE-2012-1418 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	NOT-FOR-US: Chrome books
 CVE-2012-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Local Phone ...)
-	TODO: check
+	NOT-FOR-US: Yealink VoIP Phone
 CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: SocialCMS
 CVE-2012-1415
@@ -51684,7 +51684,7 @@
 	- bind9 1:9.8.1.dfsg.P1-4.1 (low)
 	[squeeze] - bind9 <no-dsa> (low-severity dns protocol design flaw)
 CVE-2012-1032 (Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker ...)
-	TODO: check
+	NOT-FOR-US: EPiServer CMS module Euroling SiteSeeker
 CVE-2012-1031 (Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in ...)
 	NOT-FOR-US: EPiServer CMS
 CVE-2012-1030 (Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through ...)
@@ -54323,7 +54323,7 @@
 CVE-2011-4888
 	RESERVED
 CVE-2011-4887 (Cross-site scripting (XSS) vulnerability in the Violations Table in ...)
-	TODO: check
+	NOT-FOR-US: Imperva SecureSphere Web Application Firewall
 CVE-2011-4886
 	RESERVED
 CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters without ...)


