Author: geissert
Date: 2014-06-23 17:52:50 +0000 (Mon, 23 Jun 2014)
New Revision: 27408
Modified:
data/CVE/list
Log:
NFUs, ntopng, old kfreebsd issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-06-23 17:51:25 UTC (rev 27407)
+++ data/CVE/list 2014-06-23 17:52:50 UTC (rev 27408)
@@ -345,11 +345,11 @@
CVE-2014-4339
RESERVED
CVE-2014-4335 (Multiple cross-site scripting (XSS) vulnerabilities in
BarracudaDrive ...)
- TODO: check
+ NOT-FOR-US: BarracudaDrive
CVE-2014-4334 (Stack-based buffer overflow in Ubisoft Rayman Legends before
...)
- TODO: check
+ NOT-FOR-US: Ubisoft Rayman Legends
CVE-2014-4333 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Dolphin (php thing)
CVE-2014-4332
RESERVED
CVE-2014-4331
@@ -357,7 +357,7 @@
CVE-2014-4330
RESERVED
CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in
lua/host_details.lua in ...)
- TODO: check
+ - ntopng <itp> (bug #714820)
CVE-2014-4328
RESERVED
CVE-2014-4327
@@ -397,23 +397,23 @@
CVE-2014-4310
RESERVED
CVE-2014-4309 (Multiple cross-site scripting (XSS) vulnerabilities in
Openfiler 2.99 ...)
- TODO: check
+ NOT-FOR-US: Openfiler
CVE-2014-4308 (Multiple cross-site scripting (XSS) vulnerabilities in NICE
Recording ...)
- TODO: check
+ NOT-FOR-US: NICE Recording eXpress
CVE-2014-4307 (SQL injection vulnerability in categories-x.php in WebTitan
before ...)
NOT-FOR-US: WebTitan
CVE-2014-4306 (Directory traversal vulnerability in logs-x.php in WebTitan
before ...)
NOT-FOR-US: WebTitan
CVE-2014-4305 (Multiple SQL injection vulnerabilities in NICE Recording
eXpress (aka ...)
- TODO: check
+ NOT-FOR-US: NICE Recording eXpress
CVE-2014-4304 (Cross-site scripting (XSS) vulnerability in browse.php in SQL
Buddy ...)
NOT-FOR-US: SQL Buddy
CVE-2014-4303 (Multiple cross-site scripting (XSS) vulnerabilities in the
Touch theme ...)
NOT-FOR-US: Drupal Touch theme
CVE-2014-4302 (Cross-site scripting (XSS) vulnerability in rating/rating.php
in HAM3D ...)
- TODO: check
+ NOT-FOR-US: HAM3D Shop Engine
CVE-2014-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Ajenti
CVE-2014-4300
RESERVED
CVE-2014-4299
@@ -633,11 +633,11 @@
CVE-2014-XXXX [docker VMM breakout]
- docker.io 1.0.0~dfsg1-1
CVE-2014-4193 (The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka
Share for ...)
- TODO: check
+ NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
CVE-2014-4192 (The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits
(aka Share ...)
- TODO: check
+ NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
CVE-2014-4191 (The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share
for C ...)
- TODO: check
+ NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
CVE-2014-4190 (Multiple heap-based buffer overflows in Huawei Campus Series
Switches ...)
NOT-FOR-US: Huawei Campus Series Switches
CVE-2014-4189 (Cross-site scripting (XSS) vulnerability in Hitachi Tuning
Manager ...)
@@ -687,7 +687,7 @@
CVE-2014-4169
RESERVED
CVE-2014-4166 (Cross-site scripting (XSS) vulnerability in the song history in
...)
- TODO: check
+ NOT-FOR-US: SHOUTcast DNAS
CVE-2014-4165 (Cross-site scripting (XSS) vulnerability in ntop allows remote
...)
- ntop <unfixed> (bug #751946)
CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow
6.3-b230 ...)
@@ -703,7 +703,7 @@
CVE-2014-4159 (Open redirect vulnerability in SAP Supplier Relationship
Management ...)
NOT-FOR-US: SAP Supplier Relationship Management
CVE-2014-4158 (Stack-based buffer overflow in Kolibri 2.0 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Kolibri
CVE-2014-4156
RESERVED
CVE-2014-4155 (Cross-site request forgery (CSRF) vulnerability in the ZTE
ZXV10 W300 ...)
@@ -927,7 +927,7 @@
CVE-2014-4037 (Cross-site scripting (XSS) vulnerability in ...)
TODO: check
CVE-2014-4036 (Cross-site scripting (XSS) vulnerability in
modules/system/admin.php ...)
- TODO: check
+ NOT-FOR-US: ImpressCMS
CVE-2014-4035 (Cross-site scripting (XSS) vulnerability in booking_details.php
in ...)
NOT-FOR-US: Advance Hotel Booking System
CVE-2014-4034 (SQL injection vulnerability in zero_view_article.php in ZeroCMS
1.0 ...)
@@ -1249,7 +1249,7 @@
- ruby1.8 <unfixed> (unimportant)
NOTE: Only exploitable on Windows
CVE-2014-3915 (The userRequest servlet in the Admin Center for Tivoli Storage
Manager ...)
- TODO: check
+ NOT-FOR-US: Rocket Servergraph
CVE-2014-3914
RESERVED
CVE-2014-3913 (Stack-based buffer overflow in AccessServer32.exe in Ericom
AccessNow ...)
@@ -1320,6 +1320,9 @@
RESERVED
CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD
kernel 8.4 ...)
{DSA-2952-1}
+ - kfreebsd-8 <removed>
+ - kfreebsd-9 <unfixed>
+ - kfreebsd-10 10.0-6
TODO: check
CVE-2014-3879
RESERVED
@@ -1519,7 +1522,7 @@
CVE-2014-3811
RESERVED
CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in
BoonEx ...)
- TODO: check
+ NOT-FOR-US: Dolphin (php thingy)
CVE-2014-3809
RESERVED
CVE-2014-3808 (Multiple cross-site scripting (XSS) vulnerabilities in
BarracudaDrive ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
