Author: helmutg
Date: 2014-09-25 09:50:27 +0000 (Thu, 25 Sep 2014)
New Revision: 29039
Modified:
data/CVE/list
Log:
misc NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-25 09:50:19 UTC (rev 29038)
+++ data/CVE/list 2014-09-25 09:50:27 UTC (rev 29039)
@@ -23,7 +23,7 @@
CVE-2014-7157
RESERVED
CVE-2014-7153 (SQL injection vulnerability in the editgallery function in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin Huge-IT Image Gallery
CVE-2014-XXXX [cyassl: RSA Padding check vulnerability]
- cyassl <unfixed>
NOTE:
http://www.yassl.com/yaSSL/Blog/Entries/2014/9/12_CyaSSL_3.2.0_Released.html
@@ -1132,7 +1132,7 @@
CVE-2014-6603
RESERVED
CVE-2014-6602 (Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone
14.0.4 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Asha OS
CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface
in ...)
TODO: check
CVE-2014-XXXX [Remote crash based on malformed SIP subscription]
@@ -1558,7 +1558,7 @@
CVE-2013-7401
RESERVED
CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in
SpiceWorks ...)
- TODO: check
+ NOT-FOR-US: SpiceWorks
CVE-2014-7145 [null ptr deref in SMB2_tcon]
RESERVED
- linux <unfixed>
@@ -3939,9 +3939,9 @@
CVE-2014-5323 (The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) ...)
TODO: check
CVE-2014-5322 (Cross-site scripting (XSS) vulnerability in the Instant Web
Publish ...)
- TODO: check
+ NOT-FOR-US: FileMaker Pro
CVE-2014-5321 (FileMaker Pro before 13 and Pro Advanced before 13 does not
verify ...)
- TODO: check
+ NOT-FOR-US: FileMaker Pro
CVE-2014-5320 (The Bump application for Android does not properly handle
implicit ...)
NOT-FOR-US: Bump application for Android
CVE-2014-5319
@@ -3951,7 +3951,7 @@
CVE-2014-5317 (Cross-site scripting (XSS) vulnerability in php365.com 365
Links 3.11 ...)
TODO: check
CVE-2014-5316 (Cross-site scripting (XSS) vulnerability in Dotclear before
2.6.4 ...)
- TODO: check
+ NOT-FOR-US: DotClear
CVE-2014-5315
RESERVED
CVE-2014-5314
@@ -11967,7 +11967,7 @@
CVE-2014-2224
RESERVED
CVE-2014-2223 (Unrestricted file upload vulnerability in
plog-admin/plog-upload.php ...)
- TODO: check
+ NOT-FOR-US: Plogger
CVE-2014-2222
RESERVED
CVE-2014-2221
@@ -15012,7 +15012,7 @@
CVE-2014-0994
RESERVED
CVE-2014-0993 (Buffer overflow in the Vcl.Graphics.TPicture.Bitmap
implementation in ...)
- TODO: check
+ NOT-FOR-US: Embarcadero
CVE-2014-0992 (Stack-based buffer overflow in Advantech WebAccess (formerly
BroadWin ...)
NOT-FOR-US: Advantech WebAccess
CVE-2014-0991 (Stack-based buffer overflow in Advantech WebAccess (formerly
BroadWin ...)
@@ -46771,7 +46771,7 @@
CVE-2012-2957 (The management console in Symantec Web Gateway 5.0.x before
5.0.3.18 ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2956 (SQL injection vulnerability in SpiceWorks 5.3.75941 allows
remote ...)
- TODO: check
+ NOT-FOR-US: SpiceWorks
CVE-2012-2955 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security
CVE-2012-2954
@@ -47782,7 +47782,7 @@
CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N
MDaemon ...)
NOT-FOR-US: Alt-N MDaemon Free
CVE-2012-2583 (Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard
Widget ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin Mini Mail Dashboard Widget
CVE-2012-2582 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Ticket ...)
{DSA-2536-1}
- otrs2 3.1.7+dfsg1-4
@@ -50449,7 +50449,7 @@
CVE-2012-1557 (SQL injection vulnerability in admin/plib/api-rpc/Agent.php in
...)
NOT-FOR-US: Parallels Plesk Panel
CVE-2012-1556 (Cross-site scripting (XSS) vulnerability in Synology Photo
Station 5 ...)
- TODO: check
+ NOT-FOR-US: Synology DiskStation Manager extension
CVE-2012-1555
RESERVED
CVE-2012-1554
@@ -50554,9 +50554,9 @@
CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0;
VMware ESX ...)
NOT-FOR-US: VMware ESXi
CVE-2012-1507 (Multiple cross-site scripting (XSS) vulnerabilities in
OrangeHRM ...)
- TODO: check
+ NOT-FOR-US: OrangeHRM
CVE-2012-1506 (SQL injection vulnerability in the updateStatus function in ...)
- TODO: check
+ NOT-FOR-US: OrangeHRM
CVE-2012-1505
RESERVED
CVE-2012-1504
@@ -50747,7 +50747,7 @@
CVE-2012-1418 (Multiple unspecified vulnerabilities in Google Chrome before
...)
NOT-FOR-US: Chrome books
CVE-2012-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Local
Phone ...)
- TODO: check
+ NOT-FOR-US: Yealink VoIP Phone
CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
NOT-FOR-US: SocialCMS
CVE-2012-1415
@@ -51684,7 +51684,7 @@
- bind9 1:9.8.1.dfsg.P1-4.1 (low)
[squeeze] - bind9 <no-dsa> (low-severity dns protocol design flaw)
CVE-2012-1032 (Cross-site scripting (XSS) vulnerability in the Euroling
SiteSeeker ...)
- TODO: check
+ NOT-FOR-US: EPiServer CMS module Euroling SiteSeeker
CVE-2012-1031 (Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2,
in ...)
NOT-FOR-US: EPiServer CMS
CVE-2012-1030 (Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x
through ...)
@@ -54323,7 +54323,7 @@
CVE-2011-4888
RESERVED
CVE-2011-4887 (Cross-site scripting (XSS) vulnerability in the Violations
Table in ...)
- TODO: check
+ NOT-FOR-US: Imperva SecureSphere Web Application Firewall
CVE-2011-4886
RESERVED
CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters
without ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
