Author: helmutg
Date: 2014-09-12 08:19:31 +0000 (Fri, 12 Sep 2014)
New Revision: 28736
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-12 08:17:55 UTC (rev 28735)
+++ data/CVE/list 2014-09-12 08:19:31 UTC (rev 28736)
@@ -1,3 +1,5 @@
+CVE-2014-6252 (Buffer overflow in disp+work.exe 7000.52.12.34966 and
7200.117.19.50294 ...)
+ NOT-FOR-US: SAP NetWeaver
CVE-2014-6311 [/tmp file vulnerability in generate_doxygen.pl]
- ace <unfixed> (unimportant; bug #760709)
NOTE: Not installed into the binary packages
@@ -1487,7 +1489,7 @@
CVE-2014-5522
RESERVED
CVE-2014-5521 (plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2,
allows ...)
- TODO: check
+ NOT-FOR-US: XRMS CRM
CVE-2014-5520
RESERVED
CVE-2014-5518
@@ -1518,8 +1520,8 @@
NOTE: Fixed upstream in 1.2.1
CVE-2014-5510
RESERVED
-CVE-2014-5508
- RESERVED
+CVE-2014-5508 (Multiple integer overflows in the HelpServ module
(mod-helpserv.c) in srvx ...)
+ NOT-FOR-US: srvx (irc services)
CVE-2014-5507
RESERVED
CVE-2014-5506 (Double free vulnerability in SAP Crystal Reports allows remote
...)
@@ -1527,7 +1529,7 @@
CVE-2014-5505 (Stack-based buffer overflow in SAP Crystal Reports allows
remote ...)
NOT-FOR-US: SAP Crystal Reports
CVE-2014-5504 (SolarWinds Log and Event Manager before 6.0 uses
"static" credentials, ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2014-5503
RESERVED
CVE-2014-5502
@@ -1601,7 +1603,7 @@
CVE-2014-5466
RESERVED
CVE-2014-5465 (Directory traversal vulnerability in force-download.php in the
...)
- TODO: check
+ NOT-FOR-US: WordPress plugin Download Shortcode
CVE-2014-5463
RESERVED
CVE-2014-5462
@@ -1663,7 +1665,7 @@
CVE-2014-5453 (Ubisoft Uplay PC before 4.6.1.3217 use weak permissions
(Everyone: ...)
NOT-FOR-US: Ubisoft Uplay PC
CVE-2014-5452 (CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the
...)
- TODO: check
+ NOT-FOR-US: HL7 C-CDA
CVE-2014-5451
RESERVED
CVE-2014-5446
@@ -1852,7 +1854,7 @@
CVE-2014-5378
RESERVED
CVE-2014-5377 (ReadUsersFromMasterServlet in ManageEngine DeviceExpert before
5.9 ...)
- TODO: check
+ NOT-FOR-US: ManageEngine DeviceExpert
CVE-2014-5376
RESERVED
CVE-2014-5375
@@ -1940,7 +1942,7 @@
- check-mk <not-affected> (Vulnerable code not present)
NOTE:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4b71709456bfc2ffc27a3583f13cc2ac0e726709
CVE-2014-5337 (The WordPress Mobile Pack plugin before 2.0.2 for WordPress
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin Mobile Pack
CVE-2014-5335 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
NOT-FOR-US: innovaphone PBX
CVE-2014-5334
@@ -2059,7 +2061,7 @@
CVE-2014-5286
RESERVED
CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO
...)
- TODO: check
+ NOT-FOR-US: TIBCO Spotfire Server
CVE-2014-5284
RESERVED
CVE-2014-5283
@@ -2549,7 +2551,7 @@
RESERVED
NOT-FOR-US: ProjectDox
CVE-2014-5128 (Innovative Interfaces Encore Discovery Solution 4.3 places a
session ...)
- TODO: check
+ NOT-FOR-US: Innovative Interfaces Encore Discovery Solution
CVE-2014-5127 (Open redirect vulnerability in Innovative Interfaces Encore
Discovery ...)
NOT-FOR-US: Innovative Interfaces Encore Discovery Solution
CVE-2014-5126
@@ -3061,7 +3063,7 @@
CVE-2014-4931
RESERVED
CVE-2014-4930 (Multiple cross-site scripting (XSS) vulnerabilities in
event/index2.do ...)
- TODO: check
+ NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2014-4929 (Directory traversal vulnerability in the routing component in
ownCloud ...)
- owncloud 6.0.4~beta1+dfsg-1
NOTE:
https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json
@@ -3301,7 +3303,7 @@
CVE-2014-4806 (The installation process in IBM Security AppScan Enterprise 8.x
before ...)
NOT-FOR-US: IBM
CVE-2014-4805 (IBM DB2 10.5 before FP4 on Linux and AIX creates temporary
files ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2014-4804
RESERVED
CVE-2014-4803
@@ -5535,9 +5537,9 @@
CVE-2014-3863
RESERVED
CVE-2014-3862 (CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to
...)
- TODO: check
+ NOT-FOR-US: HL7 C-CDA
CVE-2014-3861 (Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7
C-CDA 1.1 ...)
- TODO: check
+ NOT-FOR-US: HL7 C-CDA
CVE-2014-3860
RESERVED
CVE-2014-3859 (libdns in ISC BIND 9.10.0 before P2 does not properly handle
EDNS ...)
@@ -7603,9 +7605,9 @@
CVE-2014-3096
RESERVED
CVE-2014-3095 (The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a,
9.8 ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2014-3094 (Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8
through ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2014-3093 (IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses
cleartext ...)
NOT-FOR-US: IBM
CVE-2014-3092
@@ -18737,7 +18739,7 @@
CVE-2013-6125
RESERVED
CVE-2013-6124 (The Qualcomm Innovation Center (QuIC) init scripts in Code
Aurora ...)
- TODO: check
+ NOT-FOR-US: Qualcomm (Android)
CVE-2013-6123 (Multiple array index errors in ...)
NOT-FOR-US: Android Linux kernel
CVE-2013-6122 (goodix_tool.c in the Goodix gt915 touchscreen driver for the
Linux ...)
@@ -20473,7 +20475,7 @@
CVE-2013-5468 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0
...)
NOT-FOR-US: IBM Algo One
CVE-2013-5467 (Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1
through FP04, ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Monitoring
CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5,
and the ...)
NOT-FOR-US: IBM DB2 and DB2 Connect
CVE-2013-5465 (IBM Maximo Asset Management 7.x before 7.1.1.7
LAFIX.20140319-0837, ...)
@@ -27728,12 +27730,12 @@
RESERVED
- miniupnpd 1.8.20130730-1 (bug #716936)
CVE-2013-2599 (A certain Qualcomm Innovation Center (QuIC) patch to the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm (Android)
CVE-2013-2598 (app/aboot/aboot.c in the Little Kernel (LK) bootloader, as
distributed ...)
- TODO: check
+ NOT-FOR-US: Little Kernel (bootloader)
CVE-2013-2597 (Stack-based buffer overflow in the acdb_ioctl function in
audio_acdb.c ...)
+ NOT-FOR-US: Android Linux kernel (affects
{sound/soc/,arch/arm/mach-}msm/qdsp6v2)
NOTE:
https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597
- TODO: check if Android specific
CVE-2013-2596 (Integer overflow in the fb_mmap function in
drivers/video/fbmem.c in ...)
- linux 3.9-1
[wheezy] - linux 3.2.46-1
@@ -41492,7 +41494,7 @@
CVE-2012-4227
RESERVED
CVE-2012-4226 (Multiple cross-site scripting (XSS) vulnerabilities in Quick
Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin Quick Post Widget
CVE-2012-4225 (NVIDIA UNIX graphics driver before 295.71 and before 304.32
allows ...)
- nvidia-graphics-drivers 304.37-1 (bug #684781)
- nvidia-graphics-drivers-legacy-173xx 173.14.35-3
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
