Author: carnil
Date: 2014-08-22 12:44:03 +0000 (Fri, 22 Aug 2014)
New Revision: 28429
Modified:
data/CVE/list
Log:
Add NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-22 12:35:28 UTC (rev 28428)
+++ data/CVE/list 2014-08-22 12:44:03 UTC (rev 28429)
@@ -1,5 +1,5 @@
CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web
...)
- TODO: check
+ NOT-FOR-US: Schrack Technik microControl
CVE-2014-5381
RESERVED
CVE-2014-5380
@@ -62,11 +62,11 @@
CVE-2014-5351
RESERVED
CVE-2014-5350 (Multiple directory traversal vulnerabilities in Bitdefender ...)
- TODO: check
+ NOT-FOR-US: Bitdefender GravityZone
CVE-2014-5349 (Stack-based buffer overflow in Baidu Spark Browser
26.5.9999.3511 ...)
TODO: check
CVE-2014-5348 (Cross-site scripting (XSS) vulnerability in
apps/zxtm/locallog.cgi in ...)
- TODO: check
+ NOT-FOR-US: Riverbed Stingray Traffic Manager Virtual Appliance
CVE-2014-5347 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
TODO: check
CVE-2014-5346 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
@@ -76,7 +76,7 @@
CVE-2014-5344 (Multiple cross-site scripting (XSS) vulnerabilities in the
Mobiloud ...)
TODO: check
CVE-2014-5343 (Cross-site scripting (XSS) vulnerability in Feng Office allows
remote ...)
- TODO: check
+ NOT-FOR-US: Feng Office
CVE-2014-5342
RESERVED
CVE-2014-5341
@@ -798,7 +798,7 @@
RESERVED
- libsmack-java <itp> (bug #640873)
CVE-2014-5074 (Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6
allow ...)
- TODO: check
+ NOT-FOR-US: Siemens SIMATIC S7-1500 CPU devices
CVE-2014-5073
RESERVED
CVE-2014-5072
@@ -1507,7 +1507,7 @@
CVE-2014-4776
RESERVED
CVE-2014-4775 (IBM InfoSphere Master Data Management - Collaborative Edition
10.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4774
RESERVED
CVE-2014-4773
@@ -1557,9 +1557,9 @@
CVE-2014-4751 (Cross-site scripting (XSS) vulnerability in IBM Security Access
...)
NOT-FOR-US: IBM Security Access Manager
CVE-2014-4750 (IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes
an FTP ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4749 (IBM PowerVC 1.2.0 before FixPack3 does not properly use the ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4748 (Cross-site scripting (XSS) vulnerability in the Classic Meeting
Server ...)
NOT-FOR-US: IBM Sametime
CVE-2014-4747 (The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1
allows ...)
@@ -3577,15 +3577,15 @@
CVE-2014-3907
RESERVED
CVE-2014-3906 (SQL injection vulnerability in OSK Advance-Flow 4.41 and
earlier and ...)
- TODO: check
+ NOT-FOR-US: OSK Advance-Flow
CVE-2014-3905 (Cross-site scripting (XSS) vulnerability in tenfourzero Shutter
0.1.4 ...)
- TODO: check
+ NOT-FOR-US: tenfourzero Shutter
CVE-2014-3904 (SQL injection vulnerability in lib/admin.php in tenfourzero
Shutter ...)
- TODO: check
+ NOT-FOR-US: tenfourzero Shutter
CVE-2014-3903 (Cross-site scripting (XSS) vulnerability in the Cakifo theme
1.x ...)
TODO: check
CVE-2014-3902 (The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for
Android ...)
- TODO: check
+ NOT-FOR-US: CyberAgent Ameba application
CVE-2014-3901 (Raritan Japan Dominion KX2-101 switches before 2 allow remote
...)
NOT-FOR-US: Raritan Japan Dominion KX2-101 switches
CVE-2014-3900 (Cross-site scripting (XSS) vulnerability in
admin/picture_modify.php ...)
@@ -3593,7 +3593,7 @@
CVE-2014-3899 (Gretech GOM Player 2.2.51.5149 and earlier allows remote
attackers to ...)
NOT-FOR-US: Gretech GOM Player
CVE-2014-3898 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView
...)
- TODO: check
+ NOT-FOR-US: Fujitsu ServerView Operations Manager
CVE-2014-3897 (Cross-site scripting (XSS) vulnerability in Homepage Decorator
...)
NOT-FOR-US: Homepage Decorator PerlMailer
CVE-2014-3896 (Multiple cross-site request forgery (CSRF) vulnerabilities in
CGI ...)
@@ -5045,7 +5045,7 @@
CVE-2014-3341 (The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus
5000 ...)
NOT-FOR-US: Cisco NX-OS
CVE-2014-3340 (Directory traversal vulnerability in an unspecified PHP script
in the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3339 (Multiple SQL injection vulnerabilities in the administrative
web ...)
NOT-FOR-US: Cisco
CVE-2014-3338 (The CTIManager module in Cisco Unified Communications Manager
(CM) ...)
@@ -5063,7 +5063,7 @@
CVE-2014-3332 (Cisco Unified Communications Manager (CM) 8.6(.2) and earlier
has an ...)
NOT-FOR-US: Cisco
CVE-2014-3331 (The Session Manager component in Packet Data Network Gateway
(aka PGW) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3330 (Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not
properly ...)
NOT-FOR-US: Cisco
CVE-2014-3329 (Cross-site scripting (XSS) vulnerability in the web-server
component ...)
@@ -5688,11 +5688,11 @@
CVE-2014-3088 (stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the
client ...)
NOT-FOR-US: IBM Sametime
CVE-2014-3087 (callService.do in IBM Business Process Manager (BPM) 7.5
through 8.5.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3086 (Unspecified vulnerability in the IBM Java Virtual Machine, as
used in ...)
TODO: check
CVE-2014-3085 (systest.php on IBM GCM16 and GCM32 Global Console Manager
switches ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3084
RESERVED
CVE-2014-3083
@@ -5700,9 +5700,9 @@
CVE-2014-3082
RESERVED
CVE-2014-3081 (prodtest.php on IBM GCM16 and GCM32 Global Console Manager
switches ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3080 (Multiple cross-site scripting (XSS) vulnerabilities on IBM
GCM16 and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3079
RESERVED
CVE-2014-3078
@@ -5736,7 +5736,7 @@
CVE-2014-3064 (The GDS component in IBM InfoSphere Master Data Management -
...)
NOT-FOR-US: IBM
CVE-2014-3063 (IBM InfoSphere Master Data Management - Collaborative Edition
10.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3062
RESERVED
CVE-2014-3061
@@ -5979,7 +5979,7 @@
CVE-2014-2965 (Cross-site scripting (XSS) vulnerability in auth-settings-x.php
in ...)
NOT-FOR-US: SpamTitan
CVE-2014-2964 (Cobham Aviator 700D and 700E satellite terminals have hardcoded
...)
- TODO: check
+ NOT-FOR-US: Cobham Aviator 700D and 700E satellite terminals
CVE-2014-2963 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Liferay Portal
CVE-2014-2962 (Absolute path traversal vulnerability in the webproc cgi module
on the ...)
@@ -6026,13 +6026,13 @@
CVE-2014-2944
RESERVED
CVE-2014-2943 (Cobham Aviator 700D and 700E satellite terminals use an
improper ...)
- TODO: check
+ NOT-FOR-US: Cobham Aviator 700D and 700E satellite terminals
CVE-2014-2942
RESERVED
CVE-2014-2941 (** DISPUTED ** Cobham Sailor 6000 satellite terminals have
hardcoded ...)
- TODO: check
+ NOT-FOR-US: Cobham Sailor 6000 satellite terminals
CVE-2014-2940 (Cobham Sailor 900 and 6000 satellite terminals with firmware
1.08 MFHF ...)
- TODO: check
+ NOT-FOR-US: Cobham Sailor 900 and 6000 satellite terminals
CVE-2014-2939 (Multiple cross-site scripting (XSS) vulnerabilities in Alfresco
...)
NOT-FOR-US: Alfresco
CVE-2014-2938 (Hanvon FaceID before 1.007.110 does not require authentication,
which ...)
@@ -7112,7 +7112,7 @@
CVE-2014-2518 (Multiple cross-site request forgery (CSRF) vulnerabilities in
EMC ...)
NOT-FOR-US: EMC Documentum
CVE-2014-2517 (Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x
before ...)
- TODO: check
+ NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-2516
RESERVED
CVE-2014-2515 (EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before
P11, ...)
@@ -7136,7 +7136,7 @@
CVE-2014-2506 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2
before P14, ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2505 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-2504 (EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0
before P10, ...)
NOT-FOR-US: EMC Documentum D2
CVE-2014-2503 (The thumbnail proxy server in EMC Documentum Digital Asset
Manager ...)
@@ -7576,7 +7576,7 @@
CVE-2014-2389 (Stack-based buffer overflow in a certain decryption function in
...)
NOT-FOR-US: BlackBerry Z 10
CVE-2014-2388 (The Storage and Access service in BlackBerry OS 10.x before ...)
- TODO: check
+ NOT-FOR-US: BlackBerry OS
CVE-2014-2385 (Multiple cross-site scripting (XSS) vulnerabilities in the web
UI in ...)
NOT-FOR-US: Sophos Antivirus
CVE-2014-2384 (vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware
Player ...)
@@ -10367,7 +10367,7 @@
CVE-2014-1470
REJECTED
CVE-2014-1469 (BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and
Enterprise ...)
- TODO: check
+ NOT-FOR-US: BlackBerry Enterprise Server
CVE-2014-1468
RESERVED
CVE-2014-1467 (BlackBerry Enterprise Service 10 before 10.2.1, Universal
Device ...)
@@ -10574,19 +10574,19 @@
CVE-2014-1391
RESERVED
CVE-2014-1390 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before
7.0.6, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2014-1389 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before
7.0.6, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2014-1388 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before
7.0.6, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2014-1387 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before
7.0.6, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2014-1386 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before
7.0.6, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2014-1385 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before
7.0.6, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2014-1384 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before
7.0.6, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2014-1383 (Apple TV before 6.1.2 allows remote authenticated users to
bypass an ...)
NOT-FOR-US: Apple TV
CVE-2014-1382 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before
6.1.5 ...)
@@ -11110,13 +11110,13 @@
CVE-2014-0970 (The GDS component in IBM InfoSphere Master Data Management -
...)
NOT-FOR-US: IBM InfoSphere
CVE-2014-0969 (Cross-site request forgery (CSRF) vulnerability in the GDS
component ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0968 (Cross-site scripting (XSS) vulnerability in the GDS component
in IBM ...)
NOT-FOR-US: IBM InfoSphere
CVE-2014-0967 (Cross-site scripting (XSS) vulnerability in the GDS component
in IBM ...)
NOT-FOR-US: IBM InfoSphere
CVE-2014-0966 (SQL injection vulnerability in the GDS component in IBM
InfoSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0965
RESERVED
CVE-2014-0964 (IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47
and ...)
@@ -11238,7 +11238,7 @@
CVE-2014-0906 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x
through ...)
NOT-FOR-US: IBM Sametime
CVE-2014-0905 (IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the
secure ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0904 (The update process in IBM Security AppScan Standard 7.9 through
8.8 ...)
NOT-FOR-US: IBM Security AppScan Standard
CVE-2014-0903
@@ -11296,7 +11296,7 @@
CVE-2014-0877
RESERVED
CVE-2014-0876 (Buffer overflow in the Java GUI Configuration Wizard and
Preferences ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0875 (Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0
...)
NOT-FOR-US: IBM Storwize V7000 Unified
CVE-2014-0874 (Cross-site scripting (XSS) vulnerability in IBM Content
Navigator 2.x ...)
@@ -11344,7 +11344,7 @@
CVE-2014-0853 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
...)
NOT-FOR-US: IBM Rational Requirements Composer
CVE-2014-0852 (IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0851
RESERVED
CVE-2014-0850 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere
Master Data ...)
@@ -11838,9 +11838,9 @@
CVE-2014-0642 (EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2
before P13, ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-0641 (Cross-site request forgery (CSRF) vulnerability in EMC RSA
Archer GRC ...)
- TODO: check
+ NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-0640 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote
...)
- TODO: check
+ NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-0639 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA
Archer ...)
NOT-FOR-US: RSA Archer
CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive ...)
@@ -11951,7 +11951,7 @@
CVE-2014-0610
RESERVED
CVE-2014-0609 (Unspecified vulnerability in Novell Open Enterprise Server
(OES) 11 ...)
- TODO: check
+ NOT-FOR-US: Novell Open Enterprise Server
CVE-2014-0608
RESERVED
CVE-2014-0607 (Unrestricted file upload vulnerability in Attachmate Verastream
...)
@@ -12406,7 +12406,7 @@
CVE-2013-7181 (Cross-site scripting (XSS) vulnerability in user/ldap_user/add
in ...)
NOT-FOR-US: FortiWeb
CVE-2013-7180 (Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and
500; ...)
- TODO: check
+ NOT-FOR-US: Cobham
CVE-2013-7179 (The ping functionality in cgi-bin/diagnostic.cgi on Seowon
Intech ...)
NOT-FOR-US: Seowon Intech SWC-9100 routers
CVE-2013-7178
@@ -13261,11 +13261,11 @@
CVE-2014-0329 (The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a
hardcoded ...)
NOT-FOR-US: TELNET service on the ZTE ZXV10 W300 router
CVE-2014-0328 (The thraneLINK protocol implementation on Cobham devices does
not ...)
- TODO: check
+ NOT-FOR-US: Cobham
CVE-2014-0327 (The Terminal Upgrade Tool in the Pilot Below Deck Equipment
(BDE) and ...)
- TODO: check
+ NOT-FOR-US: Pilot Below Deck Equipment and OpenPort implementations on
Iridium satellite terminals
CVE-2014-0326 (The Pilot Below Deck Equipment (BDE) and OpenPort
implementations on ...)
- TODO: check
+ NOT-FOR-US: Pilot Below Deck Equipment and OpenPort implementations on
Iridium satellite terminals
CVE-2013-7041 (The pam_userdb module for Pam uses a case-insensitive method to
...)
- pam <unfixed> (low; bug #731368)
[squeeze] - pam <no-dsa> (Minor issue)
@@ -40598,7 +40598,7 @@
CVE-2012-3821
RESERVED
CVE-2012-3820 (Multiple SQL injection vulnerabilities in Campaign11.exe in
Arial ...)
- TODO: check
+ NOT-FOR-US: Arial Software Campaign Enterprise
CVE-2012-3819 (Stack consumption vulnerability in dartwebserver.dll 1.9 and
earlier, ...)
NOT-FOR-US: dartwebserver.dll
CVE-2012-3818 (The fpm exporter in Revelation 0.4.13-2 and earlier encrypts
the ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
