[Secure-testing-commits] r33367 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Apr 3 17:32:23 UTC 2015
Author: carnil
Date: 2015-04-03 17:32:23 +0000 (Fri, 03 Apr 2015)
New Revision: 33367
Modified:
data/CVE/list
Log:
Process couple of NFUs from the TODO list
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-03 17:23:25 UTC (rev 33366)
+++ data/CVE/list 2015-04-03 17:32:23 UTC (rev 33367)
@@ -29,27 +29,27 @@
CVE-2015-2822
RESERVED
CVE-2015-2821 (TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote ...)
- TODO: check
+ NOT-FOR-US: TYPO3 Neos
CVE-2015-2820 (Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: SAP Afaria
CVE-2015-2819 (SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: SAP Sybase SQL Anywhere
CVE-2015-2818 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 ...)
- TODO: check
+ NOT-FOR-US: SAP Mobile Platform
CVE-2015-2817 (The SAP Management Console in SAP NetWeaver 7.40 allows remote ...)
- TODO: check
+ NOT-FOR-US: SAP NetWeaver
CVE-2015-2816 (The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict ...)
- TODO: check
+ NOT-FOR-US: SAP Afaria
CVE-2015-2815 (Buffer overflow in the C_SAPGPARAM function in the NetWeaver ...)
- TODO: check
+ NOT-FOR-US: NetWeaver Dispatcher in SAP KERNEL
CVE-2015-2814 (SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task ...)
- TODO: check
+ NOT-FOR-US: SAP EMR Unwired and Clinical Task Tracker
CVE-2015-2813 (XML external entity (XXE) vulnerability in SAP Mobile Platform allows ...)
- TODO: check
+ NOT-FOR-US: SAP Mobile Platform
CVE-2015-2812 (XML external entity (XXE) vulnerability in XMLValidationComponent in ...)
- TODO: check
+ NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP ...)
- TODO: check
+ NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-2830 [Linux mishandles int80 fork from 64-bit tasks]
- linux <unfixed>
- linux-2.6 <removed>
@@ -64,7 +64,7 @@
CVE-2015-2810
RESERVED
CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation Manager ...)
- TODO: check
+ NOT-FOR-US: Synology DiskStation Manager
CVE-2015-2808 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, does ...)
NOTE: This CVE is specific to the design of the RC4 protocol and not to its
NOTE: implementations.
@@ -103,9 +103,9 @@
CVE-2015-2791 (The "menu sync" function in the WPML plugin before 3.1.9 for WordPress ...)
NOT-FOR-US: WPML plugin for WordPress
CVE-2015-2790 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader, Enterprise Reader, and PhantomPDF
CVE-2015-2789 (Unquoted Windows search path vulnerability in the Foxit Cloud Safe ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader
CVE-2015-XXXX [xdeb: disables apt's signature checks]
- xdeb <unfixed> (bug #781595)
[wheezy] - xdeb <no-dsa> (Minor issue)
@@ -114,7 +114,7 @@
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2015-2784
RESERVED
CVE-2015-2783
@@ -131,39 +131,39 @@
NOTE: https://bugs.launchpad.net/mailman/+bug/1437145
NOTE: https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html
CVE-2015-2773 (SVM in Websense TRITON V-Series appliances before 8.0.0 allows ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2015-2772 (SVM in Websense TRITON V-Series appliances before 8.0.0 allows ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2015-2771 (The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-EMAIL and V-Series appliances
CVE-2015-2770 (Cross-site request forgery (CSRF) vulnerability in the command line ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2015-2769 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2768 (Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2767 (Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2766 (The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2765 (The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2764 (Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-DATA
CVE-2015-2763 (Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2762 (Websense TRITON AP-WEB before 8.0.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-WEB
CVE-2015-2761 (Cross-site scripting (XSS) vulnerability in the Exceptions and ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-WEB
CVE-2015-2760 (Cross-site scripting (XSS) vulnerability in the ePO extension in ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2015-2759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2015-2758 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2015-2757 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2014-9712 (Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 ...)
TODO: check
CVE-2013-7438 (Multiple buffer overflows in pbm212030 allow remote attackers to cause ...)
@@ -207,11 +207,11 @@
[wheezy] - xen <not-affected> (Affected functionality introduced in 4.2)
NOTE: http://xenbits.xen.org/xsa/advisory-127.html
CVE-2015-2748 (Websense TRITON AP-WEB before 8.0.0 does not properly restrict access ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON AP-WEB
CVE-2015-2747 (Multiple cross-site scripting (XSS) vulnerabilities in the data loss ...)
- TODO: check
+ NOT-FOR-US: Websense Triton
CVE-2015-2746 (The network diagnostics tool (CommandLineServlet) in the Appliance ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON
CVE-2010-5323
RESERVED
CVE-2015-2774 [Erlang POODLE TLS vulnerability]
@@ -361,17 +361,17 @@
CVE-2015-2685
RESERVED
CVE-2015-2683 (Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 ...)
- TODO: check
+ NOT-FOR-US: Citrix Command Center
CVE-2015-2682 (Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 ...)
- TODO: check
+ NOT-FOR-US: Citrix Command Center
CVE-2015-2681 (Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 ...)
NOT-FOR-US: Asus
CVE-2015-2680 (Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS ...)
- TODO: check
+ NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-2679 (Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before ...)
- TODO: check
+ NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-2678 (Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix ...)
- TODO: check
+ NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-2677 (Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before ...)
- ocportal <itp> (bug #625865)
CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 ...)
More information about the Secure-testing-commits
mailing list