[Secure-testing-commits] r33594 - data/CVE
Helmut Grohne
helmutg at moszumanska.debian.org
Wed Apr 15 06:16:15 UTC 2015
Author: helmutg
Date: 2015-04-15 06:16:15 +0000 (Wed, 15 Apr 2015)
New Revision: 33594
Modified:
data/CVE/list
Log:
NFUs, extplorer?
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-15 06:15:24 UTC (rev 33593)
+++ data/CVE/list 2015-04-15 06:16:15 UTC (rev 33594)
@@ -721,9 +721,10 @@
CVE-2015-2757 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
NOT-FOR-US: McAfee
CVE-2014-9712 (Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 ...)
- TODO: check
+ NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2013-7438 (Multiple buffer overflows in pbm212030 allow remote attackers to cause ...)
- TODO: check
+ NOT-FOR-US: pbm2l2030
+ NOTE: http://www.openprinting.org/driver/pbm2l2030/ (typo in the official CVE description)
CVE-2015-XXXX [crashes found with afl]
- hp2xx 3.4.4-10 (low)
[wheezy] - hp2xx <no-dsa> (Minor issue)
@@ -2168,7 +2169,7 @@
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
CVE-2015-2237 (Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) ...)
- TODO: check
+ NOT-FOR-US: Betster
CVE-2015-2236
RESERVED
CVE-2015-2235
@@ -2346,7 +2347,7 @@
RESERVED
- zope2.12 2.12.10-1
CVE-2015-2171 (Middleware/SessionCookie.php in Slim before 2.6.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Slim PHP Framework
CVE-2015-2170
RESERVED
CVE-2015-2169
@@ -5942,7 +5943,7 @@
CVE-2015-0991 (Inductive Automation Ignition 7.7.2 allows remote attackers to obtain ...)
NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0990 (Untrusted search path vulnerability in Ecava IntegraXor SCADA Server ...)
- TODO: check
+ NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2015-0989
RESERVED
CVE-2015-0988
@@ -5952,25 +5953,25 @@
CVE-2015-0986
RESERVED
CVE-2015-0985 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
- TODO: check
+ NOT-FOR-US: XZERES 442SR (wind turbine)
CVE-2015-0984 (Directory traversal vulnerability in the FTP server on Honeywell Excel ...)
- TODO: check
+ NOT-FOR-US: Honeywell Excel Web
CVE-2015-0983
RESERVED
CVE-2015-0982 (Buffer overflow in an unspecified DLL in Schneider Electric Pelco ...)
NOT-FOR-US: Schneider Electric
CVE-2015-0981 (The SOAP web interface in SCADA Engine BACnet OPC Server before ...)
- TODO: check
+ NOT-FOR-US: SCADA Engine BACnet
CVE-2015-0980 (Format string vulnerability in BACnOPCServer.exe in the SOAP web ...)
- TODO: check
+ NOT-FOR-US: SCADA Engine BACnet
CVE-2015-0979 (Heap-based buffer overflow in the SOAP web interface in SCADA Engine ...)
- TODO: check
+ NOT-FOR-US: SCADA Engine BACnet
CVE-2015-0978 (Multiple untrusted search path vulnerabilities in (1) ...)
- TODO: check
+ NOT-FOR-US: Elipse E3
CVE-2015-0977 (Network Vision IntraVue before 2.3.0a14 on Windows allows remote ...)
NOT-FOR-US: IntraVue
CVE-2015-0976 (Cross-site scripting (XSS) vulnerability in Inductive Automation ...)
- TODO: check
+ NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0975
RESERVED
CVE-2015-0974
@@ -6038,7 +6039,7 @@
CVE-2015-0942
RESERVED
CVE-2015-0941 (The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as ...)
- TODO: check
+ NOT-FOR-US: Nullsoft Scriptable Install System plugin Inetc
CVE-2015-0940
RESERVED
CVE-2015-0939
@@ -6397,11 +6398,11 @@
- libstruts1.2-java <unfixed>
TODO: check
CVE-2015-0898 (futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows ...)
- TODO: check
+ NOT-FOR-US: futomi CGI Cafe MP Form Mail CGI eCommerce
CVE-2015-0897
RESERVED
CVE-2015-0896 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer ...)
- TODO: check
+ - extplorer <undetermined>
CVE-2015-0895 (Cross-site request forgery (CSRF) vulnerability in the All In One WP ...)
NOT-FOR-US: All In One WP Security & Firewall plugin for WordPress
CVE-2015-0894 (SQL injection vulnerability in the All In One WP Security & Firewall ...)
@@ -8940,7 +8941,7 @@
CVE-2014-9210
RESERVED
CVE-2014-9209 (Untrusted search path vulnerability in the Clean Utility application ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2014-9208
RESERVED
CVE-2014-9207 (Untrusted search path vulnerability in CmnView.exe in CIMON CmnView ...)
@@ -8948,7 +8949,7 @@
CVE-2014-9206 (Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and ...)
NOT-FOR-US: Schneider Electric Invensys
CVE-2014-9205 (Stack-based buffer overflow in the PmBase64Decode function in an ...)
- TODO: check
+ NOT-FOR-US: MICROSYS PROMOTIC
CVE-2014-9204
RESERVED
CVE-2014-9203 (Buffer overflow in the Field Device Tool (FDT) Frame application in ...)
@@ -19160,9 +19161,9 @@
CVE-2014-5429 (DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and ...)
NOT-FOR-US: Elipse SCADA
CVE-2014-5428 (Unrestricted file upload vulnerability in unspecified web services in ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls Metasys
CVE-2014-5427 (Johnson Controls Metasys 4.1 through 6.5, as used in Application and ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls Metasys
CVE-2014-5426 (MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote ...)
NOT-FOR-US: MatrikonOPC
CVE-2014-5425 (IOServer before Beta2112.exe allows remote attackers to cause a denial ...)
@@ -19198,7 +19199,7 @@
CVE-2014-5410 (The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 ...)
NOT-FOR-US: MicroLogix controller
CVE-2014-5409 (The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE ...)
- TODO: check
+ NOT-FOR-US: GE Digital Energy Hydran
CVE-2014-5408 (Cross-site scripting (XSS) vulnerability in the login script in the ...)
NOT-FOR-US: Nordex Control 2
CVE-2014-5407 (Multiple stack-based buffer overflows in Schneider Electric VAMPSET ...)
More information about the Secure-testing-commits
mailing list