Author: carnil
Date: 2014-09-08 18:38:43 +0000 (Mon, 08 Sep 2014)
New Revision: 28644
Modified:
data/CVE/list
Log:
Update couple of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-08 16:59:15 UTC (rev 28643)
+++ data/CVE/list 2014-09-08 18:38:43 UTC (rev 28644)
@@ -391,7 +391,7 @@
CVE-2014-6065
RESERVED
CVE-2014-6064 (The Accounts tab in the administrative user interface in McAfee
Web ...)
- TODO: check
+ NOT-FOR-US: McAfee Web Gateway
CVE-2014-6063
RESERVED
CVE-2014-6062
@@ -435,7 +435,7 @@
CVE-2014-6042
RESERVED
CVE-2014-6041 (The Android Browser application 4.2.1 on Android allows remote
...)
- TODO: check
+ NOT-FOR-US: Android Browser application
CVE-2014-6039
RESERVED
CVE-2014-6038
@@ -1489,9 +1489,9 @@
CVE-2014-5507
RESERVED
CVE-2014-5506 (Double free vulnerability in SAP Crystal Reports allows remote
...)
- TODO: check
+ NOT-FOR-US: SAP Crystal Reports
CVE-2014-5505 (Stack-based buffer overflow in SAP Crystal Reports allows
remote ...)
- TODO: check
+ NOT-FOR-US: SAP Crystal Reports
CVE-2014-5504 (SolarWinds Log and Event Manager before 6.0 uses
"static" credentials, ...)
TODO: check
CVE-2014-5503
@@ -1726,11 +1726,11 @@
CVE-2014-5400
RESERVED
CVE-2014-5399 (SQL injection vulnerability in Schneider Electric Wonderware
...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-5398 (Schneider Electric Wonderware Information Server (WIS) Portal
4.0 SP1 ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-5397 (Cross-site scripting (XSS) vulnerability in Schneider Electric
...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-5396 (The web interface in Schrack Technik microControl with firmware
before ...)
NOT-FOR-US: Schrack Technik microControl
CVE-2014-5395
@@ -1978,7 +1978,7 @@
CVE-2014-5308
RESERVED
CVE-2014-5307 (Heap-based buffer overflow in the PavTPK.sys kernel mode driver
of ...)
- TODO: check
+ NOT-FOR-US: Panda Security
CVE-2014-5306
RESERVED
CVE-2014-5305
@@ -2511,7 +2511,7 @@
CVE-2014-5128 (Innovative Interfaces Encore Discovery Solution 4.3 places a
session ...)
TODO: check
CVE-2014-5127 (Open redirect vulnerability in Innovative Interfaces Encore
Discovery ...)
- TODO: check
+ NOT-FOR-US: Innovative Interfaces Encore Discovery Solution
CVE-2014-5126
RESERVED
CVE-2014-5125
@@ -2607,14 +2607,14 @@
CVE-2014-5078
RESERVED
CVE-2014-5076 (The La Banque Postale application before 3.2.6 for Android does
not ...)
- TODO: check
+ NOT-FOR-US: La Banque Postale application
CVE-2014-5075 [MitM vulnerability]
RESERVED
- libsmack-java <itp> (bug #640873)
CVE-2014-5074 (Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6
allow ...)
NOT-FOR-US: Siemens SIMATIC S7-1500 CPU devices
CVE-2014-5073 (vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build
28657 ...)
- TODO: check
+ NOT-FOR-US: VMTurbo Operations Manager
CVE-2014-5072
RESERVED
CVE-2014-5071
@@ -3258,7 +3258,7 @@
CVE-2014-4807
RESERVED
CVE-2014-4806 (The installation process in IBM Security AppScan Enterprise 8.x
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4805 (IBM DB2 10.5 before FP4 on Linux and AIX creates temporary
files ...)
TODO: check
CVE-2014-4804
@@ -3352,9 +3352,9 @@
CVE-2014-4760 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0
through ...)
NOT-FOR-US: IBM WebSphere
CVE-2014-4759 (An unspecified Ajax service in the Content Management toolkit
in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4758 (IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and
WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4757 (The Outlook Extension in IBM Content Collector 4.0.0.x before
...)
NOT-FOR-US: IBM Content Collector
CVE-2014-4756
@@ -3761,7 +3761,7 @@
CVE-2014-4620
RESERVED
CVE-2014-4619 (EMC RSA Identity Management and Governance (IMG) 6.5.x before
6.5.1 ...)
- TODO: check
+ NOT-FOR-US: EMC RSA Identity Management and Governance
CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before
7.1 ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4612
@@ -5394,9 +5394,9 @@
CVE-2014-3909
RESERVED
CVE-2014-3908 (The Amazon.com Kindle application before 4.5.0 for Android does
not ...)
- TODO: check
+ NOT-FOR-US: Amazon.com Kindle application
CVE-2014-3907 (Cross-site request forgery (CSRF) vulnerability in the MailPoet
...)
- TODO: check
+ NOT-FOR-US: MailPoet Newsletters (wysija-newsletters) plugin for
WordPress
CVE-2014-3906 (SQL injection vulnerability in OSK Advance-Flow 4.41 and
earlier and ...)
NOT-FOR-US: OSK Advance-Flow
CVE-2014-3905 (Cross-site scripting (XSS) vulnerability in tenfourzero Shutter
0.1.4 ...)
@@ -6846,25 +6846,25 @@
CVE-2014-3354
RESERVED
CVE-2014-3353 (Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier
Routing ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3352 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal)
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3351 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal)
does ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3350 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal)
does ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3349 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal)
does ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3348
RESERVED
CVE-2014-3347 (Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN
Basic ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3346 (The web framework in Cisco Transport Gateway for Smart Call
Home (aka ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3345 (The web framework in Cisco Transport Gateway for Smart Call
Home (aka ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3344 (Multiple cross-site scripting (XSS) vulnerabilities in the web
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-3343
RESERVED
CVE-2014-3342
@@ -7518,7 +7518,7 @@
CVE-2014-3094 (Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8
through ...)
TODO: check
CVE-2014-3093 (IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses
cleartext ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3092
RESERVED
CVE-2014-3091
@@ -7536,7 +7536,7 @@
CVE-2014-3085 (systest.php on IBM GCM16 and GCM32 Global Console Manager
switches ...)
NOT-FOR-US: IBM
CVE-2014-3084 (IBM Maximo Asset Management 6.1 through 6.5, 7.1 through
7.1.1.13, and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3083 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35,
8.0.x ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-3082
@@ -7554,7 +7554,7 @@
CVE-2014-3076 (IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows
remote ...)
NOT-FOR-US: IBM
CVE-2014-3075 (Cross-site scripting (XSS) vulnerability in IBM Business
Process ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3074 (The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows
local ...)
NOT-FOR-US: IBM AIX
CVE-2014-3073 (Unspecified vulnerability in IBM Security Access Manager (ISAM)
for ...)
@@ -7582,7 +7582,7 @@
CVE-2014-3062
RESERVED
CVE-2014-3061 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris
Spend ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3060
RESERVED
CVE-2014-3059
@@ -7622,7 +7622,7 @@
CVE-2014-3042 (IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS
does ...)
NOT-FOR-US: IBM CICS Transaction Serve
CVE-2014-3041 (SQL injection vulnerability in IBM Emptoris Contract Management
9.5.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3040 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris
...)
NOT-FOR-US: IBM
CVE-2014-3039
@@ -7634,9 +7634,9 @@
CVE-2014-3036 (Unspecified vulnerability in IBM API Management 3.0.0.0, when
basic ...)
NOT-FOR-US: IBM API Management
CVE-2014-3035 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3034 (Cross-site scripting (XSS) vulnerability in IBM Emptoris
Contract ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3033 (Cross-site scripting (XSS) vulnerability in IBM Emptoris
Sourcing ...)
NOT-FOR-US: IBM Emptoris Sourcing Portfolio
CVE-2014-3032
@@ -7656,7 +7656,7 @@
CVE-2014-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Maximo ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-3024 (Cross-site request forgery (CSRF) vulnerability in IBM Maximo
Asset ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-3023
RESERVED
CVE-2014-3022 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33,
8.0.x ...)
@@ -8826,7 +8826,7 @@
CVE-2014-2594
RESERVED
CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy
Manager ...)
- TODO: check
+ NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2014-2592
RESERVED
CVE-2014-2591 (Untrusted search path vulnerability in BMC Patrol for AIX
3.9.00 ...)
@@ -9419,7 +9419,7 @@
CVE-2014-2391 (The password recovery service in Open-Xchange AppSuite before
...)
- open-xchange <itp> (bug #269329)
CVE-2014-2390 (Cross-site request forgery (CSRF) vulnerability in the User
Management ...)
- TODO: check
+ NOT-FOR-US: McAfee Network Security Manager
CVE-2014-2389 (Stack-based buffer overflow in a certain decryption function in
...)
NOT-FOR-US: BlackBerry Z 10
CVE-2014-2388 (The Storage and Access service in BlackBerry OS 10.x before ...)
@@ -9434,9 +9434,9 @@
CVE-2014-2382
RESERVED
CVE-2014-2381 (Schneider Electric Wonderware Information Server (WIS) Portal
4.0 SP1 ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-2380 (Schneider Electric Wonderware Information Server (WIS) Portal
4.0 SP1 ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-2379
RESERVED
CVE-2014-2378
@@ -13146,7 +13146,7 @@
CVE-2014-0898
RESERVED
CVE-2014-0897 (The Configuration Patterns component in IBM Flex System Manager
(FSM) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0896 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x
before ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0895 (Buffer overflow in the vsflex8l ActiveX control in IBM SPSS ...)
@@ -13164,7 +13164,7 @@
CVE-2014-0889 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Atlas Suite ...)
NOT-FOR-US: IBM Atlas Suite
CVE-2014-0888 (IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0887 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x
before ...)
NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0886 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x
before ...)
@@ -13214,7 +13214,7 @@
CVE-2014-0864 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Executer ...)
NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0863 (The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2
before IF1, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0862 (Unspecified vulnerability in Jazz Team Server in IBM Rational
...)
NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
CVE-2014-0861 (Cross-site scripting (XSS) vulnerability in the server in IBM
Cognos ...)
@@ -13486,9 +13486,9 @@
CVE-2014-0763 (Multiple SQL injection vulnerabilities in DBVisitor.dll in
Advantech ...)
NOT-FOR-US: Advantech WebAccess
CVE-2014-0762 (The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway
allows ...)
- TODO: check
+ NOT-FOR-US: CG Automation ePAQ-9410 Substation Gateway
CVE-2014-0761 (The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway
allows ...)
- TODO: check
+ NOT-FOR-US: CG Automation ePAQ-9410 Substation Gateway
CVE-2014-0760 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and
...)
NOT-FOR-US: Festo controller
CVE-2014-0759 (Unquoted Windows search path vulnerability in Schneider
Electric ...)
@@ -13841,7 +13841,7 @@
CVE-2014-0611
RESERVED
CVE-2014-0610 (The client in Novell GroupWise before 8.0.3 HP4, 2012 before
SP3, and ...)
- TODO: check
+ NOT-FOR-US: Novell GroupWise
CVE-2014-0609 (Unspecified vulnerability in Novell Open Enterprise Server
(OES) 11 ...)
NOT-FOR-US: Novell Open Enterprise Server
CVE-2014-0608
@@ -13861,7 +13861,7 @@
CVE-2014-0601
RESERVED
CVE-2014-0600 (FileUploadServlet in the Administration service in Novell
GroupWise ...)
- TODO: check
+ NOT-FOR-US: Novell GroupWise
CVE-2014-0599 (Cross-site scripting (XSS) vulnerability in iPrint in Novell
Open ...)
NOT-FOR-US: Novell Open Enterprise Server
CVE-2014-0598 (Directory traversal vulnerability in iPrint in Novell Open
Enterprise ...)
@@ -39594,7 +39594,7 @@
CVE-2012-4769
RESERVED
CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download
Monitor ...)
- TODO: check
+ NOT-FOR-US: Download Monitor plugin for WordPress
CVE-2012-4767
RESERVED
CVE-2012-4766
@@ -41371,7 +41371,7 @@
CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for
Joomla! ...)
NOT-FOR-US: Joomla addon
CVE-2012-4234 (Cross-site scripting (XSS) vulnerability in the group
moderation ...)
- TODO: check
+ NOT-FOR-US: Phorum
CVE-2012-4233 (LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and
...)
{DSA-2570-1}
- libreoffice 1:3.5.4+dfsg-3 (low)
@@ -48368,7 +48368,7 @@
CVE-2012-1504
RESERVED
CVE-2012-1503 (Cross-site scripting (XSS) vulnerability in Six Apart (formerly
Six ...)
- TODO: check
+ NOT-FOR-US: Six Apart
CVE-2012-1502 (Double free vulnerability in the PyPAM_conv in PAMmodule.c in
PyPam ...)
{DSA-2430-1}
- python-pam 0.4.2-13
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
