[Secure-testing-commits] r31085 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jan 2 06:27:56 UTC 2015
Author: carnil
Date: 2015-01-02 06:27:56 +0000 (Fri, 02 Jan 2015)
New Revision: 31085
Modified:
data/CVE/list
Log:
Process list of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-02 05:24:32 UTC (rev 31084)
+++ data/CVE/list 2015-01-02 06:27:56 UTC (rev 31085)
@@ -17,17 +17,17 @@
CVE-2014-9421
RESERVED
CVE-2014-9418 (The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2014-9417 (The Meeting component in Huawei eSpace Desktop before V100R001C03 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2014-9416 (Multiple untrusted search path vulnerabilities in Huawei eSpace ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2014-9415 (Huawei eSpace Desktop before V100R001C03 allows local users to ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2014-9414 (The W3 Total Cache plugin before 0.9.4.1 for WordPress does not ...)
TODO: check
CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the IP ...)
- TODO: check
+ NOT-FOR-US: IP Ban (simple-ip-ban) plugin for WordPress
CVE-2014-XXXX [dwarfdump use after free]
- dwarfutils <unfixed>
NOTE: CVE request http://www.openwall.com/lists/oss-security/2014/12/31/3
@@ -698,7 +698,7 @@
CVE-2014-9335 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: WordPress plugin DandyID Services
CVE-2014-9334 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird ...)
- TODO: check
+ NOT-FOR-US: Bird Feeder plugin for WordPress
CVE-2014-9333
RESERVED
CVE-2014-9332
@@ -1016,7 +1016,7 @@
CVE-2014-9189
RESERVED
CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric ProClima
CVE-2014-9187
RESERVED
CVE-2014-9186
@@ -2775,9 +2775,9 @@
CVE-2014-8811
RESERVED
CVE-2014-8810 (SQL injection vulnerability in ajax/mail_functions.php in the WP ...)
- TODO: check
+ NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2014-8809 (Multiple cross-site scripting (XSS) vulnerabilities in the WP ...)
- TODO: check
+ NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2014-8808
RESERVED
CVE-2014-8807
@@ -3506,13 +3506,13 @@
CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to execute ...)
NOT-FOR-US: uTorrent
CVE-2014-8514 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8513 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8512 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8511 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8510 (The AdminUI in Trend Micro InterScan Web Security Virtual Appliance ...)
NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance
CVE-2014-8509 (The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) ...)
@@ -4874,7 +4874,7 @@
CVE-2014-8000 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) ...)
NOT-FOR-US: Cisco
CVE-2014-7999 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
- TODO: check
+ NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7998 (Cisco IOS on Aironet access points, when "dot11 aaa authenticator" ...)
NOT-FOR-US: Cisco IOS
CVE-2014-7997 (The DHCP implementation in Cisco IOS on Aironet access points does not ...)
@@ -4882,11 +4882,11 @@
CVE-2014-7996 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
NOT-FOR-US: Cisco
CVE-2014-7995 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
- TODO: check
+ NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7994 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
- TODO: check
+ NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7993 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
- TODO: check
+ NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7992 (The DLSw implementation in Cisco IOS does not initialize packet ...)
NOT-FOR-US: Cisco IOS
CVE-2014-7991 (The Remote Mobile Access Subsystem in Cisco Unified Communications ...)
@@ -8958,7 +8958,7 @@
CVE-2014-6229 (The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook ...)
TODO: check
CVE-2014-6228 (Integer overflow in the string_chunk_split function in ...)
- TODO: check
+ NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2010-5305
RESERVED
CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3.22 ...)
@@ -9067,11 +9067,11 @@
CVE-2014-6189
RESERVED
CVE-2014-6188 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6187 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6186 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6185
RESERVED
CVE-2014-6184
@@ -9081,15 +9081,15 @@
CVE-2014-6182 (Directory traversal vulnerability in an export function in the Process ...)
NOT-FOR-US: IBM
CVE-2014-6181 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6180 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6179 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6178 (Cross-site scripting (XSS) vulnerability in the widgets in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6177 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6176 (IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus ...)
NOT-FOR-US: IBM
CVE-2014-6175
@@ -9107,7 +9107,7 @@
CVE-2014-6169
RESERVED
CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting feature ...)
NOT-FOR-US: IBM
CVE-2014-6166 (The Communications Enabled Applications (CEA) service in IBM WebSphere ...)
@@ -9123,7 +9123,7 @@
CVE-2014-6161 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact ...)
NOT-FOR-US: IBM
CVE-2014-6160 (IBM WebSphere Service Registry and Repository (WSRR) 8.5 before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 ...)
NOT-FOR-US: IBM
CVE-2014-6158
@@ -9133,11 +9133,11 @@
CVE-2014-6156
RESERVED
CVE-2014-6155 (Multiple directory traversal vulnerabilities in the ServiceRegistry UI ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6154
RESERVED
CVE-2014-6153 (The Web UI in IBM WebSphere Service Registry and Repository (WSRR) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6152 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
NOT-FOR-US: IBM Tivoli
CVE-2014-6151 (CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) ...)
@@ -9179,7 +9179,7 @@
CVE-2014-6133 (IBM API Management 3.x before 3.0.1.0 allows local users to obtain ...)
NOT-FOR-US: IBM API Management
CVE-2014-6132 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6131
RESERVED
CVE-2014-6130 (The IBM Notes Traveler application before 9.0.1.3 for Android lacks a ...)
@@ -9197,7 +9197,7 @@
CVE-2014-6124
RESERVED
CVE-2014-6123 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
NOT-FOR-US: IBM
CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security AppScan ...)
@@ -10718,7 +10718,7 @@
CVE-2014-5387 (Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine ...)
NOT-FOR-US: EllisLab ExpressionEngine Core
CVE-2014-5386 (The mcrypt_create_iv function in ...)
- TODO: check
+ NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-5385 (com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 ...)
NOT-FOR-US: Shopizer
CVE-2014-5384 (The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 ...)
@@ -19234,7 +19234,7 @@
RESERVED
NOT-FOR-US: Ubiquiti Networks
CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not ...)
- TODO: check
+ NOT-FOR-US: Plogger
CVE-2014-2223 (Unrestricted file upload vulnerability in plog-admin/plog-upload.php ...)
NOT-FOR-US: Plogger
CVE-2014-2222
@@ -19248,7 +19248,7 @@
CVE-2014-2218
RESERVED
CVE-2014-2217 (Absolute path traversal vulnerability in the RadAsyncUpload control in ...)
- TODO: check
+ NOT-FOR-US: Telerik UI for ASP.NET AJAX
CVE-2014-2216 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2014-2215
@@ -19256,9 +19256,9 @@
CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal ...)
NOT-FOR-US: Erwin Web Portal
CVE-2014-2209 (Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop ...)
- TODO: check
+ NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-2208 (CRLF injection vulnerability in the LightProcess protocol ...)
- TODO: check
+ NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-2207
RESERVED
CVE-2014-2205 (The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) ...)
@@ -20048,13 +20048,13 @@
CVE-2014-1910 (Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 ...)
NOT-FOR-US: Citrix ShareFile Mobile
CVE-2014-1908 (The error-handling feature in (1) bp.php, (2) ...)
- TODO: check
+ NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1907 (Multiple directory traversal vulnerabilities in the VideoWhisper Live ...)
NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1905 (Unrestricted file upload vulnerability in ls/vw_snapshots.php in the ...)
- TODO: check
+ NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1904 (Cross-site scripting (XSS) vulnerability in ...)
{DSA-2890-1}
- libspring-java 3.0.6.RELEASE-13 (bug #741604)
@@ -26080,7 +26080,7 @@
CVE-2013-6920 (Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not ...)
NOT-FOR-US: Siemens
CVE-2013-6919 (The default configuration of phpThumb before 1.7.12 has a false value ...)
- TODO: check
+ NOT-FOR-US: phpThumb
CVE-2013-6917
RESERVED
CVE-2013-6916 (Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface ...)
@@ -27981,7 +27981,7 @@
CVE-2013-6228
RESERVED
CVE-2013-6227 (Unrestricted file upload vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Zoho plugin in Pydio (AjaXplorer)
CVE-2013-6226 (Directory traversal vulnerability in ...)
NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
CVE-2013-6225
@@ -28384,11 +28384,11 @@
{DSA-2740-1}
- python-django 1.5.2-1
CVE-2013-6043 (The login function in Softaculous Webuzo before 2.1.4 provides ...)
- TODO: check
+ NOT-FOR-US: Softaculous Webuzo
CVE-2013-6042 (Cross-site scripting (XSS) vulnerability in filemanager/login.php in ...)
NOT-FOR-US: Softaculous Webuzo
CVE-2013-6041 (index.php in Softaculous Webuzo before 2.1.4 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Softaculous Webuzo
CVE-2013-6040 (Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and ...)
NOT-FOR-US: MW6 Technologies
CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 ...)
@@ -31383,7 +31383,7 @@
CVE-2013-4794
RESERVED
CVE-2013-4793 (The update function in ...)
- TODO: check
+ NOT-FOR-US: Umbraco
CVE-2011-5266
RESERVED
CVE-2013-4792
@@ -31474,9 +31474,9 @@
CVE-2013-4755
RESERVED
CVE-2013-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet ...)
- TODO: check
+ NOT-FOR-US: Owl Intranet Knowledgebase
CVE-2013-4753 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
- TODO: check
+ NOT-FOR-US: Claroline
CVE-2013-4752
RESERVED
NOT-FOR-US: Symfony HttpFoundation component
@@ -35517,7 +35517,7 @@
CVE-2013-3296
RESERVED
CVE-2013-3295 (Directory traversal vulnerability in install/popup.php in Exponent CMS ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2013-3294 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 ...)
NOT-FOR-US: Exponent CMS
CVE-2013-3293
@@ -58266,7 +58266,7 @@
CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: SocialCMS
CVE-2012-1415 (Cross-site request forgery (CSRF) vulnerability in lib/logout.php in ...)
- TODO: check
+ NOT-FOR-US: DFLabs PTK
CVE-2012-1414 (Cross-site request forgery (CSRF) vulnerability in manager/news.php in ...)
NOT-FOR-US: Plume CMS
CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in ...)
@@ -58491,9 +58491,9 @@
CVE-2012-1304
RESERVED
CVE-2012-1303 (Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash ...)
- TODO: check
+ NOT-FOR-US: amCharts Flash
CVE-2012-1302 (Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 ...)
- TODO: check
+ NOT-FOR-US: amMap
CVE-2012-1301
RESERVED
NOT-FOR-US: Umbraco
@@ -58697,7 +58697,7 @@
CVE-2012-1204
RESERVED
CVE-2012-1203 (Cross-site request forgery (CSRF) vulnerability in starnet/index.php ...)
- TODO: check
+ NOT-FOR-US: SyndeoCMS
CVE-2012-1202
RESERVED
CVE-2012-1201
@@ -62606,11 +62606,11 @@
CVE-2011-4723 (The D-Link DIR-300 router stores cleartext passwords, which allows ...)
NOT-FOR-US: D-Link DIR-300 router
CVE-2011-4722 (Directory traversal vulnerability in the TFTP Server 1.0.0.24 in ...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2011-4721
RESERVED
CVE-2011-4720 (Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Hillstone HS TFTP Server
CVE-2011-4719 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <not-affected>
- webkit <not-affected>
@@ -62665,7 +62665,7 @@
CVE-2011-4696 (Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 ...)
NOT-FOR-US: Eye-Fi Helper
CVE-2010-5075 (Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security ...)
- TODO: check
+ NOT-FOR-US: Avast! Internet Security
CVE-2012-0785 [Jenkins and hash collision attack]
RESERVED
- jenkins-winstone 0.9.10-jenkins-31+dfsg-1 (bug #655553)
More information about the Secure-testing-commits
mailing list