[Secure-testing-commits] r32350 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Feb 19 14:37:09 UTC 2015 

Author: carnil
Date: 2015-02-19 14:37:09 +0000 (Thu, 19 Feb 2015)
New Revision: 32350

Modified:
   data/CVE/list
Log:
Another round of NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-19 13:17:52 UTC (rev 32349)
+++ data/CVE/list	2015-02-19 14:37:09 UTC (rev 32350)
@@ -513,17 +513,17 @@
 CVE-2015-1620
 	RESERVED
 CVE-2015-1619 (Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client ...)
-	TODO: check
+	NOT-FOR-US: McAfee Email Gateway
 CVE-2015-1618 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
-	TODO: check
+	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
 CVE-2015-1617 (Cross-site scripting (XSS) vulnerability in the ePO extension in ...)
-	TODO: check
+	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
 CVE-2015-1616 (SQL injection vulnerability in the ePO extension in McAfee Data Loss ...)
-	TODO: check
+	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
 CVE-2015-1615
 	RESERVED
 CVE-2015-1613 (RhodeCode before 2.2.7 allows remote authenticated users to obtain API ...)
-	TODO: check
+	NOT-FOR-US: RhodeCode
 CVE-2015-1612
 	RESERVED
 CVE-2015-1611
@@ -533,7 +533,7 @@
 CVE-2015-1609
 	RESERVED
 CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not ...)
-	TODO: check
+	NOT-FOR-US: Topline Opportunity Form
 CVE-2015-1605
 	RESERVED
 CVE-2015-1602
@@ -677,11 +677,11 @@
 	[wheezy] - e2fsprogs <no-dsa> (Minor issue)
 	NOTE: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
 CVE-2015-1571 (The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiOS
 CVE-2015-1570 (The Endpoint Control protocol implementation in Fortinet FortiClient ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiClient
 CVE-2015-1569 (Fortinet FortiClient 5.2.028 for iOS does not validate certificates, ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiClient
 CVE-2015-XXXX [Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability]
 	- php5 <unfixed> (low; bug #778389)
 	- olsrd <not-affected> (only when building on Android, see bug #778390)
@@ -732,17 +732,17 @@
 CVE-2015-1566 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
 	TODO: check
 CVE-2015-1565 (Cross-site scripting (XSS) vulnerability in the online help in Hitachi ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2015-1564 (Cross-site scripting (XSS) vulnerability in style-underground/search ...)
 	TODO: check
 CVE-2015-1562 (Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS ...)
-	TODO: check
+	NOT-FOR-US: Saurus CMS
 CVE-2015-1561
 	RESERVED
 CVE-2015-1560
 	RESERVED
 CVE-2015-1559 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Epignosis eFront
 CVE-2015-1557
 	RESERVED
 CVE-2015-1556
@@ -814,7 +814,7 @@
 CVE-2015-1519
 	RESERVED
 CVE-2015-1518 (SQL injection vulnerability in the search_post function in ...)
-	TODO: check
+	NOT-FOR-US: Redaxscript
 CVE-2015-1517
 	RESERVED
 	- piwigo <removed>
@@ -855,13 +855,13 @@
 CVE-2015-1499 (The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 ...)
 	TODO: check
 CVE-2015-1498 (Persistent Systems Radia Client Automation does not properly restrict ...)
-	TODO: check
+	NOT-FOR-US: Persistent Systems Radia Client Automation
 CVE-2015-1497 (radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, ...)
-	TODO: check
+	NOT-FOR-US: Persistent Systems Radia Client Automation
 CVE-2015-1496 (Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, ...)
-	TODO: check
+	NOT-FOR-US: Motorola Scanner SDK
 CVE-2015-1495 (Multiple stack-based buffer overflows in Motorola Scanner SDK allow ...)
-	TODO: check
+	NOT-FOR-US: Motorola Scanner SDK
 CVE-2015-1494 (The FancyBox for WordPress plugin before 3.0.3 for WordPress does not ...)
 	TODO: check
 CVE-2015-1492
@@ -3620,27 +3620,27 @@
 CVE-2015-0611 (The administrative web-management portal in Cisco IX 8 (.0.1) and ...)
 	TODO: check
 CVE-2015-0610 (Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0609 (Race condition in the Common Classification Engine (CCE) in the ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0608 (Race condition in the Measurement, Aggregation, and Correlation Engine ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0607
 	RESERVED
 CVE-2015-0606 (The IOS Shell in Cisco IOS allows local users to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0605 (The uuencode inspection engine in Cisco AsyncOS on Cisco Email ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0604 (The web framework on Cisco Unified IP 9900 phones with firmware ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0603 (Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0602 (The mobility extension on Cisco Unified IP 9900 phones with firmware ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0601 (Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0600 (The mobility extension on Cisco Unified IP 9900 phones with firmware ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0599 (The web interface in Cisco Integrated Management Controller in Cisco ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0598
@@ -3654,15 +3654,15 @@
 CVE-2015-0594
 	RESERVED
 CVE-2015-0593 (The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0592 (The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0591 (Cisco Unified Communications Domain Manager (UCDM) 10 allows remote ...)
 	NOT-FOR-US: Cisco Unified Communications Domain Manager
 CVE-2015-0590 (Cisco WebEx Meeting Center allows remote attackers to activate ...)
 	NOT-FOR-US: Cisco WebEx
 CVE-2015-0589 (The administrative web interface in Cisco WebEx Meetings Server 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0588 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...)
 	NOT-FOR-US: Cisco Unified Communications Domain Manager
 CVE-2015-0587
@@ -6744,9 +6744,9 @@
 CVE-2015-0110
 	RESERVED
 CVE-2015-0109 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-0107
 	RESERVED
 CVE-2015-0106
@@ -6832,23 +6832,23 @@
 CVE-2015-0066 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2015-0065 (Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Word
 CVE-2015-0064 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0063 (Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0062 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0061 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0060 (The font mapper in win32k.sys in the kernel-mode drivers in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0059 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0058 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0057 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0056
 	RESERVED
 CVE-2015-0055 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
@@ -6938,15 +6938,15 @@
 CVE-2015-0013
 	RESERVED
 CVE-2015-0012 (Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0011 (mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2015-0010 (The CryptProtectMemory function in cng.sys (aka the Cryptography Next ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0009 (The Group Policy Security Configuration policy implementation in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0008 (The UNC implementation in Microsoft Windows Server 2003 SP2, Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0007
 	RESERVED
 CVE-2015-0006 (The Network Location Awareness (NLA) service in Microsoft Windows ...)
@@ -6956,7 +6956,7 @@
 CVE-2015-0004 (The User Profile Service (aka ProfSvc) in Microsoft Windows Server ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2015-0003 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0002 (The AhcVerifyAdminContext function in ahcache.sys in the Application ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2015-0001 (The Windows Error Reporting (WER) component in Microsoft Windows 8, ...)

More information about the Secure-testing-commits mailing list