[Secure-testing-commits] r31361 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 15 16:29:33 UTC 2015
Author: carnil
Date: 2015-01-15 16:29:33 +0000 (Thu, 15 Jan 2015)
New Revision: 31361
Modified:
data/CVE/list
Log:
Add NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-15 16:14:08 UTC (rev 31360)
+++ data/CVE/list 2015-01-15 16:29:33 UTC (rev 31361)
@@ -292,157 +292,157 @@
CVE-2014-10040
RESERVED
CVE-2014-10038 (SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and ...)
- TODO: check
+ NOT-FOR-US: DomPHP
CVE-2014-10037 (Directory traversal vulnerability in DomPHP 0.83 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: DomPHP
CVE-2014-10036 (Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2014-10035 (Multiple cross-site scripting (XSS) vulnerabilities in the admin area ...)
- TODO: check
+ NOT-FOR-US: couponPHP
CVE-2014-10034 (Multiple SQL injection vulnerabilities in the admin area in couponPHP ...)
- TODO: check
+ NOT-FOR-US: couponPHP
CVE-2014-10033 (SQL injection vulnerability in the update_zone function in ...)
- TODO: check
+ NOT-FOR-US: osCommerce Online Merchant
CVE-2014-10032 (SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 ...)
- TODO: check
+ NOT-FOR-US: Taboada MacroNews
CVE-2014-10031 (Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail ...)
- TODO: check
+ NOT-FOR-US: Qualcomm Eudora WorldMail
CVE-2014-10030 (Open redirect vulnerability in forums/login.php in FluxBB before ...)
- TODO: check
+ NOT-FOR-US: FluxBB
CVE-2014-10029 (SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and ...)
- TODO: check
+ NOT-FOR-US: FluxBB
CVE-2014-10028 (Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router ...)
- TODO: check
+ NOT-FOR-US: D-Link DAP-1360 router
CVE-2014-10027 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link DAP-1360
CVE-2014-10026 (index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: D-Link DAP-1360
CVE-2014-10025 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link DAP-1360
CVE-2014-10024 (Multiple integer signedness errors in DirectShowDemuxFilter, as used ...)
- TODO: check
+ NOT-FOR-US: Divx Web Player, Divx Player and Divx plugins
CVE-2014-10023 (Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 ...)
- TODO: check
+ NOT-FOR-US: TopicsViewer
CVE-2014-10021 (Unrestricted file upload vulnerability in UploadHandler.php in the WP ...)
- TODO: check
+ NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2014-10020 (SQL injection vulnerability in login.php in Simple e-document 1.31 ...)
- TODO: check
+ NOT-FOR-US: Simple e-document
CVE-2014-10019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Teracom T2-B-Gawv1.4U10Y-BI modem
CVE-2014-10018 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Teracom T2-B-Gawv1.4U10Y-BI modem
CVE-2014-10017 (Multiple SQL injection vulnerabilities in the Welcart e-Commerce ...)
- TODO: check
+ NOT-FOR-US: Welcart e-Commerce plugin for WordPress
CVE-2014-10016 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart ...)
- TODO: check
+ NOT-FOR-US: Welcart e-Commerce plugin for WordPress
CVE-2014-10015 (SQL injection vulnerability in load-calendar.php in PHPJabbers Event ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2014-10014 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2014-10013 (SQL injection vulnerability in the Another WordPress Classifieds ...)
- TODO: check
+ NOT-FOR-US: Another WordPress Classifieds Plugin plugin for WordPress
CVE-2014-10012 (Cross-site scripting (XSS) vulnerability in the Another WordPress ...)
- TODO: check
+ NOT-FOR-US: Another WordPress Classifieds Plugin plugin for WordPress
CVE-2014-10011 (Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX ...)
- TODO: check
+ NOT-FOR-US: TRENDnet SecurView camera TV-IP422WN
CVE-2014-10010 (Directory traversal vulnerability in PHPJabbers Appointment Scheduler ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2014-10009 (Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 ...)
- TODO: check
+ NOT-FOR-US: Stark CRM
CVE-2014-10008 (Multiple cross-site request forgery (CSRF) vulnerabilities in Stark ...)
- TODO: check
+ NOT-FOR-US: Stark CRM
CVE-2014-10007 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog ...)
- TODO: check
+ NOT-FOR-US: Maian Weblog
CVE-2014-10006 (Multiple cross-site request forgery (CSRF) vulnerabilities in Maian ...)
- TODO: check
+ NOT-FOR-US: Maian Uploader
CVE-2014-10005 (Maian Uploader 4.0 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Maian Uploader
CVE-2014-100040
RESERVED
CVE-2014-10004 (SQL injection vulnerability in admin/data_files/move.php in Maian ...)
- TODO: check
+ NOT-FOR-US: Maian Uploader
CVE-2014-100039 (mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes Anti-Exploit
CVE-2014-100038 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and ...)
- TODO: check
+ NOT-FOR-US: Storytlr
CVE-2014-100037 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and ...)
- TODO: check
+ NOT-FOR-US: Storytlr
CVE-2014-100036 (Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows ...)
- TODO: check
+ NOT-FOR-US: FlatPress
CVE-2014-100035 (SQL injection vulnerability in the ticket grid in the admin interface ...)
- TODO: check
+ NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100034 (Cross-site scripting (XSS) vulnerability in the frontend interface in ...)
- TODO: check
+ NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100033 (Directory traversal vulnerability in LicensePal ArcticDesk before ...)
- TODO: check
+ NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100032 (Cross-site scripting (XSS) vulnerability in top.html in the Airties ...)
- TODO: check
+ NOT-FOR-US: Airties Air 6372 modem
CVE-2014-100031 (Multiple SQL injection vulnerabilities in Ganesha Digital Library ...)
- TODO: check
+ NOT-FOR-US: Ganesha Digital Library
CVE-2014-100030 (Cross-site scripting (XSS) vulnerability in module/search/function.php ...)
- TODO: check
+ NOT-FOR-US: Ganesha Digital Library
CVE-2014-10003 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader ...)
- TODO: check
+ NOT-FOR-US: Maian Uploader
CVE-2014-100029 (Multiple directory traversal vulnerabilities in class/session.php in ...)
- TODO: check
+ NOT-FOR-US: Ganesha Digital Library
CVE-2014-100028 (Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted ...)
- TODO: check
+ NOT-FOR-US: WEBCrafted
CVE-2014-100027 (Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin ...)
- TODO: check
+ NOT-FOR-US: WP SlimStat plugin for WordPress
CVE-2014-100026 (Cross-site scripting (XSS) vulnerability in readme.php in the April's ...)
- TODO: check
+ NOT-FOR-US: April's Super Functions Pack plugin for WordPress
CVE-2014-100025 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Savsoft Quiz
CVE-2014-100024 (Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 ...)
- TODO: check
+ NOT-FOR-US: Seo Panel
CVE-2014-100023 (Multiple cross-site scripting (XSS) vulnerabilities in question.php in ...)
- TODO: check
+ NOT-FOR-US: mTouch Quiz
CVE-2014-100022 (SQL injection vulnerability in question.php in the mTouch Quiz before ...)
- TODO: check
+ NOT-FOR-US: mTouch Quiz
CVE-2014-100021 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OrangeHRM
CVE-2014-100020 (SQL injection vulnerability in ChangeEmail.php in iTechClassifieds ...)
- TODO: check
+ NOT-FOR-US: iTechClassifieds
CVE-2014-10002 (Unspecified vulnerability in JetBrains TeamCity before 8.1 allows ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2014-100019 (SQL injection vulnerability in the LTree converter in Pomm before ...)
- TODO: check
+ NOT-FOR-US: LTree converter in Pomm
CVE-2014-100018 (Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin ...)
- TODO: check
+ NOT-FOR-US: Unconfirmed plugin for WordPress
CVE-2014-100017 (Cross-site scripting (XSS) vulnerability in canned_opr.php in ...)
- TODO: check
+ NOT-FOR-US: PhpOnlineChat
CVE-2014-100016 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Photocrati theme for WordPress
CVE-2014-100015 (Directory traversal vulnerability in pdmwService.exe in SolidWorks ...)
- TODO: check
+ NOT-FOR-US: SolidWorks Workgroup PDM
CVE-2014-100014 (Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks ...)
- TODO: check
+ NOT-FOR-US: SolidWorks Workgroup PDM
CVE-2014-100013 (Multiple cross-site scripting (XSS) vulnerabilities in clientResponse ...)
- TODO: check
+ NOT-FOR-US: clientResponse
CVE-2014-100012 (SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote ...)
- TODO: check
+ NOT-FOR-US: Sendy
CVE-2014-100011 (SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Sendy
CVE-2014-100010 (Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows ...)
- TODO: check
+ NOT-FOR-US: ClanSphere
CVE-2014-10001 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2014-100009 (The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) ...)
TODO: check
CVE-2014-100008 (Cross-site scripting (XSS) vulnerability in includes/delete_img.php in ...)
TODO: check
CVE-2014-100007 (Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin ...)
- TODO: check
+ NOT-FOR-US: HK Exif Tags plugin for WordPress
CVE-2014-100006 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
CVE-2014-100005 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link DIR-600 router
CVE-2014-100004 (Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 ...)
- TODO: check
+ NOT-FOR-US: Sitecore CMS
CVE-2014-100003 (SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Code Futures YourMembers plugin for WordPress
CVE-2014-100002 (Directory traversal vulnerability in ManageEngine SupportCenter Plus ...)
- TODO: check
+ NOT-FOR-US: ManageEngine SupportCenter Plus
CVE-2014-100001 (Cross-site request forgery (CSRF) vulnerability in the SEO Plugin ...)
TODO: check
CVE-2014-100000
@@ -450,7 +450,7 @@
CVE-2014-10000
REJECTED
CVE-2013-7420 (Buffer overflow in Hancom Office 2010 SE allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Hancom Office 2010 SE
CVE-2015-XXXX [IP address spoofing in mod_remoteip]
- apache2 2.4.9-1
[wheezy] - apache2 <not-affected> (no mod_remoteip in 2.2)
@@ -1186,7 +1186,7 @@
CVE-2015-0583
RESERVED
CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 ...)
- TODO: check
+ NOT-FOR-US: Cisco NX-OS
CVE-2015-0581
RESERVED
CVE-2015-0580
@@ -2823,9 +2823,9 @@
CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 ...)
NOT-FOR-US: Trihedral Engineering VTScada
CVE-2014-9191 (The CodeWrights HART Device Type Manager (DTM) library in Emerson HART ...)
- TODO: check
+ NOT-FOR-US: Emerson HART DTM
CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware InTouch ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-9189
RESERVED
CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
@@ -10968,7 +10968,7 @@
CVE-2014-6213
RESERVED
CVE-2014-6212 (The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6211
RESERVED
CVE-2014-6210 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 ...)
@@ -10994,7 +10994,7 @@
CVE-2014-6200
RESERVED
CVE-2014-6199 (The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6198
RESERVED
CVE-2014-6197
@@ -11076,7 +11076,7 @@
CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 ...)
NOT-FOR-US: IBM
CVE-2014-6158 (Multiple directory traversal vulnerabilities in the file-upload ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6157
RESERVED
CVE-2014-6156
@@ -19513,9 +19513,9 @@
NOT-FOR-US: TR-069 Auto Configuration Servers
NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-2839 (SQL injection vulnerability in the GD Star Rating plugin 19.22 for ...)
- TODO: check
+ NOT-FOR-US: GD Star Rating plugin for WordPress
CVE-2014-2838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the GD ...)
- TODO: check
+ NOT-FOR-US: GD Star Rating plugin for WordPress
CVE-2014-2837
RESERVED
CVE-2014-2836
@@ -39199,9 +39199,9 @@
CVE-2013-2605
RESERVED
CVE-2013-2604 (RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game ...)
- TODO: check
+ NOT-FOR-US: RealNetworks GameHouse RealArcade Installer
CVE-2013-2603 (The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in ...)
- TODO: check
+ NOT-FOR-US: RealNetworks GameHouse RealArcade Installer
CVE-2013-2602 (Multiple array index errors in the MyHeritage SEQueryObject ActiveX ...)
NOT-FOR-US: MyHeritage SEQueryObject ActiveX control
CVE-2013-2601 (The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 ...)
More information about the Secure-testing-commits
mailing list