Author: carnil
Date: 2015-02-07 12:10:45 +0000 (Sat, 07 Feb 2015)
New Revision: 32058
Modified:
data/CVE/list
Log:
More NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-07 12:10:35 UTC (rev 32057)
+++ data/CVE/list 2015-02-07 12:10:45 UTC (rev 32058)
@@ -6062,13 +6062,13 @@
CVE-2014-8921
RESERVED
CVE-2014-8920 (Buffer overflow in the Data Transfer Program in IBM i Access
5770-XE1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8919
RESERVED
CVE-2014-8918 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1
does not ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8917 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8916
RESERVED
CVE-2014-8915
@@ -6112,11 +6112,11 @@
CVE-2014-8896 (The Collaboration Server in IBM InfoSphere Master Data
Management ...)
NOT-FOR-US: IBM
CVE-2014-8895 (IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3,
and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8894 (Open redirect vulnerability in IBM TRIRIGA Application Platform
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8893 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8892
RESERVED
NOT-FOR-US: IBM Java
@@ -6226,55 +6226,55 @@
CVE-2014-8841
RESERVED
CVE-2014-8840 (The iTunes Store component in Apple iOS before 8.1.3 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8839 (Spotlight in Apple OS X before 10.10.2 does not enforce the
Mail "Load ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8838 (The Security component in Apple OS X before 10.10.2 does not
properly ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8837 (Multiple unspecified vulnerabilities in the Bluetooth driver in
Apple ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8836 (The Bluetooth driver in Apple OS X before 10.10.2 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8835 (The xpc_data_get_bytes function in libxpc in Apple OS X before
10.10.2 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8834 (UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a
PDF ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8833 (SpotlightIndex in Apple OS X before 10.10.2 does not properly
perform ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8832 (The indexing functionality in Spotlight in Apple OS X before
10.10.2 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8831 (security_taskgate in Apple OS X before 10.10.2 allows attackers
to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8830 (Heap-based buffer overflow in SceneKit in Apple OS X before
10.10.2 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8829 (SceneKit in Apple OS X before 10.10.2 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8828 (Sandbox in Apple OS X before 10.10 allows attackers to write to
the ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8827 (LoginWindow in Apple OS X before 10.10.2 does not transition to
the ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8826 (LaunchServices in Apple OS X before 10.10.2 does not properly
handle ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8825 (The kernel in Apple OS X before 10.10.2 does not properly
perform ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8824 (The kernel in Apple OS X before 10.10.2 does not properly
validate ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8823 (The IOUSBControllerUserClient::ReadRegister function in the
IOUSB ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8822 (IOHIDFamily in Apple OS X before 10.10.2 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8821 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows
local ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8820 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows
local ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8819 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows
local ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8818
RESERVED
CVE-2014-8817 (coresymbolicationd in CoreSymbolication in Apple OS X before
10.10.2 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8816 (CoreGraphics in Apple OS X before 10.10 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-8815
RESERVED
CVE-2014-8814
@@ -6348,7 +6348,7 @@
CVE-2014-8780
RESERVED
CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across
different ...)
- TODO: check
+ NOT-FOR-US: Pexip Infinity
CVE-2014-8778
RESERVED
CVE-2014-8777
@@ -7495,7 +7495,7 @@
CVE-2014-8371 (VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1
before ...)
NOT-FOR-US: VMware vSphere
CVE-2014-8370 (VMware Workstation 10.x before 10.0.5, VMware Player 6.x before
6.0.5, ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the
Linux ...)
{DSA-3093-1}
- linux 3.16.7-ckt2-1
@@ -7810,11 +7810,11 @@
CVE-2014-8269 (Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx
and (2) ...)
NOT-FOR-US: Honeywell OPOS Suite
CVE-2014-8268 (QPR Portal before 2012.2.1 allows remote attackers to modify or
delete ...)
- TODO: check
+ NOT-FOR-US: QPR Portal
CVE-2014-8267 (Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1
and ...)
- TODO: check
+ NOT-FOR-US: QPR Portal
CVE-2014-8266 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: QPR Portal
CVE-2014-8265
RESERVED
CVE-2014-8264
@@ -8497,7 +8497,7 @@
CVE-2014-8022 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco
Identity ...)
NOT-FOR-US: Cisco Identity Services Engine
CVE-2014-8021 (Cross-site scripting (XSS) vulnerability in Cisco AnyConnect
Secure ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8020 (Cisco Unified Communication Domain Manager Platform Software
allows ...)
NOT-FOR-US: Cisco
CVE-2014-8019 (Directory traversal vulnerability in Cisco Enterprise Content
Delivery ...)
@@ -8513,7 +8513,7 @@
CVE-2014-8014 (Cisco IOS XR allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: Cisco
CVE-2014-8013 (The TACACS+ command-authorization implementation in Cisco NX-OS
allows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8012 (Cross-site scripting (XSS) vulnerability in the WebVPN Portal
Login ...)
NOT-FOR-US: Cisco
CVE-2014-8011
@@ -8872,7 +8872,7 @@
CVE-2014-7883
RESERVED
CVE-2014-7882 (Unspecified vulnerability in HP SiteScope 11.1x and 11.2x
allows ...)
- TODO: check
+ NOT-FOR-US: HP SiteScope
CVE-2014-7881 (Cross-site scripting (XSS) vulnerability in the server in HP
Insight ...)
NOT-FOR-US: HP Insight Control
CVE-2014-7880 (Multiple unspecified vulnerabilities in the POP implementation
in HP ...)
@@ -8908,7 +8908,7 @@
CVE-2014-7865
REJECTED
CVE-2014-7864 (Multiple SQL injection vulnerabilities in the
FailOverHelperServlet ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2014-7863
RESERVED
CVE-2014-7862
@@ -10182,7 +10182,7 @@
CVE-2014-7288 (Symantec PGP Universal Server and Encryption Management Server
before ...)
NOT-FOR-US: Symantec Encryption Management Server
CVE-2014-7287 (The key-management component in Symantec PGP Universal Server
and ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2014-7286 (Buffer overflow in AClient in Symantec Deployment Solution 6.9
and ...)
NOT-FOR-US: Symantec Deployment Solution
CVE-2014-7285 (The management console on the Symantec Web Gateway (SWG)
appliance ...)
@@ -10239,15 +10239,15 @@
- sddm <itp> (bug #703519)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
CVE-2014-7270 (Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN
RT-AC87U ...)
- TODO: check
+ NOT-FOR-US: ASUS routers
CVE-2014-7269 (ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and
...)
- TODO: check
+ NOT-FOR-US: ASUS routers
CVE-2014-7268 (Cross-site scripting (XSS) vulnerability in the data-export
feature in ...)
NOT-FOR-US: Ricksoft WBS Gantt-Chart add-on for JIRA
CVE-2014-7267 (Cross-site scripting (XSS) vulnerability in the output-page
generator ...)
NOT-FOR-US: Ricksoft WBS Gantt-Chart add-on for JIRA
CVE-2014-7266 (Algorithmic complexity vulnerability in Cybozu Remote Service
Manager ...)
- TODO: check
+ NOT-FOR-US: Cybozu Remote Service Manager
CVE-2014-7265 (Cross-site scripting (XSS) vulnerability in LinPHA allows
remote ...)
NOT-FOR-US: LinPHA
CVE-2014-7264 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -12901,7 +12901,7 @@
CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Portal 6.1.0 ...)
NOT-FOR-US: IBM
CVE-2014-6170 (The HTTPInput node in IBM WebSphere Message Broker 7.0 before
7.0.0.8 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6169
RESERVED
CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security
...)
@@ -12959,7 +12959,7 @@
CVE-2014-6142
RESERVED
CVE-2014-6141 (IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through
FP04, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6140 (IBM Tivoli Endpoint Manager Mobile Device Management (MDM)
before ...)
NOT-FOR-US: IBM Endpoint Manager Mobile Device Management Components
CVE-2014-6139
@@ -12969,7 +12969,7 @@
CVE-2014-6137
RESERVED
CVE-2014-6136 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1
supports ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6135 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6
before ...)
NOT-FOR-US: IBM
CVE-2014-6134
@@ -14621,7 +14621,7 @@
CVE-2014-5361
RESERVED
CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface
in ...)
- TODO: check
+ NOT-FOR-US: LANDESK Management Suite
CVE-2014-5359 (Directory traversal vulnerability in SafeNet Authentication
Service ...)
NOT-FOR-US: SafeNet Authentication Service
CVE-2014-5358
@@ -15059,7 +15059,7 @@
CVE-2014-5212 (Cross-site scripting (XSS) vulnerability in nds/search/data in
...)
NOT-FOR-US: Novell eDirectory
CVE-2014-5211 (Stack-based buffer overflow in the Attachmate Reflection FTP
Client ...)
- TODO: check
+ NOT-FOR-US: Attachmate Reflection FTP Client
CVE-2014-5210 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0
allows ...)
NOT-FOR-US: AlienVault OSSIM
CVE-2014-5209
@@ -16882,53 +16882,53 @@
CVE-2014-4500
RESERVED
CVE-2014-4499 (The App Store process in CommerceKit Framework in Apple OS X
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4498 (The CPU Software in Apple OS X before 10.10.2 allows physically
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4497 (Integer signedness error in IOBluetoothFamily in the Bluetooth
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4496 (The mach_port_kobject interface in the kernel in Apple iOS
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4495 (The kernel in Apple iOS before 8.1.3, Apple OS X before
10.10.2, and ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4494 (Springboard in Apple iOS before 8.1.3 does not properly
validate ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4493 (The app-installation functionality in MobileInstallation in
Apple iOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4492 (libnetcore in Apple iOS before 8.1.3, Apple OS X before
10.10.2, and ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4491 (The extension APIs in the kernel in Apple iOS before 8.1.3,
Apple OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4490
RESERVED
CVE-2014-4489 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before
10.10.2, and ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4488 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before
10.10.2, and ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4487 (Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple
OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4486 (IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4485 (Buffer overflow in the XML parser in Foundation in Apple iOS
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4484 (FontParser in Apple iOS before 8.1.3, Apple OS X before
10.10.2, and ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4483 (Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple
OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4482
RESERVED
CVE-2014-4481 (Integer overflow in CoreGraphics in Apple iOS before 8.1.3,
Apple OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4480 (Directory traversal vulnerability in afc in AppleFileConduit in
Apple ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4479 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before
6.2.3, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4478
RESERVED
CVE-2014-4477 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before
6.2.3, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4476 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before
6.2.3, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4475 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1,
and ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2014-4474 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1,
and ...)
@@ -16946,7 +16946,7 @@
CVE-2014-4468 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1,
and ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2014-4467 (WebKit, as used in Apple iOS before 8.1.3, does not properly
determine ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2014-4466 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1,
and ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2014-4465 (WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x
before ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
