[Secure-testing-commits] r35714 - data/CVE
Michael Gilbert
mgilbert at moszumanska.debian.org
Sat Jul 25 22:36:15 UTC 2015
Author: mgilbert
Date: 2015-07-25 22:36:14 +0000 (Sat, 25 Jul 2015)
New Revision: 35714
Modified:
data/CVE/list
Log:
more nfus
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-25 21:37:10 UTC (rev 35713)
+++ data/CVE/list 2015-07-25 22:36:14 UTC (rev 35714)
@@ -466,19 +466,19 @@
CVE-2015-5458 (Session fixation vulnerability in fileupload.php in PivotX before ...)
NOT-FOR-US: PivotX
CVE-2015-5457 (PivotX before 2.3.11 does not validate the new file extension when ...)
- TODO: check
+ NOT-FOR-US: PivotX
CVE-2015-5456 (Cross-site scripting (XSS) vulnerability in the form method in ...)
- TODO: check
+ NOT-FOR-US: PivotX
CVE-2015-5455 (Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: X-cart
CVE-2015-5454 (Cross-site scripting (XSS) vulnerability in Nucleus CMS 3.65 allows ...)
- TODO: check
+ NOT-FOR-US: Nucleus CMS
CVE-2015-5453 (Watchguard XCS 9.2 and 10.0 before build 150522 allow remote ...)
- TODO: check
+ NOT-FOR-US: Watchguard XCS
CVE-2015-5452 (SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before ...)
- TODO: check
+ NOT-FOR-US: Watchguard XCS
CVE-2014-9741 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
- TODO: check
+ NOT-FOR-US: ArcGIS
CVE-2015-5451
RESERVED
CVE-2015-5450
@@ -606,7 +606,7 @@
CVE-2015-5387
RESERVED
CVE-2015-5386 (Siemens SICAM MIC devices with firmware before 2404 allow remote ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2015-5385
RESERVED
CVE-2015-5384
@@ -626,13 +626,13 @@
CVE-2015-5375
RESERVED
CVE-2015-5374 (The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2015-5373
RESERVED
CVE-2015-5372
RESERVED
CVE-2015-5371 (The AuthenticationFilter class in SolarWinds Storage Manager allows ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2015-5370
RESERVED
CVE-2015-5369
@@ -642,13 +642,13 @@
CVE-2015-5367
RESERVED
CVE-2014-9740 (Cross-site scripting (XSS) vulnerability in the Rules Link module ...)
- TODO: check
+ NOT-FOR-US: Rules Link module for Drupal
CVE-2014-9739 (Cross-site scripting (XSS) vulnerability in the Node Field module ...)
- TODO: check
+ NOT-FOR-US: Node Field module for Drupal
CVE-2014-9738 (Multiple cross-site scripting (XSS) vulnerabilities in the Tournament ...)
- TODO: check
+ NOT-FOR-US: Tournament module for Drupal
CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown module ...)
- TODO: check
+ NOT-FOR-US: Language Switcher Dropdown module for Drupal
CVE-2014-9736
RESERVED
CVE-2013-7442
@@ -731,19 +731,19 @@
CVE-2015-5365 (Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows ...)
NOT-FOR-US: Zurmo CRM
CVE-2015-5363 (The SRX Network Security Daemon (nsd) in Juniper SRX Series services ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-5362 (The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-5361
RESERVED
CVE-2015-5360 (IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-5359 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-5358 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-5357 (The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-5356 (Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in ...)
NOT-FOR-US: GetSimple CMS
CVE-2015-5355 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
@@ -1232,9 +1232,9 @@
CVE-2015-5122 (Use-after-free vulnerability in the DisplayObject class in the ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-5121 (Adobe Shockwave Player before 12.1.9.159 allows attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Shockwave
CVE-2015-5120 (Adobe Shockwave Player before 12.1.9.159 allows attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Shockwave
CVE-2015-5119 (Use-after-free vulnerability in the ByteArray class in the ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-5118 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and ...)
@@ -1312,7 +1312,7 @@
CVE-2015-5082
RESERVED
CVE-2015-5080 (The Management Interface in Citrix NetScaler Application Delivery ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2015-5079
RESERVED
CVE-2015-5078 (SQL injection vulnerability in the insert function in ...)
@@ -1976,7 +1976,7 @@
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4768 (Unspecified vulnerability in the Oracle Transportation Management ...)
- TODO: check
+ NOT-FOR-US: Oracal Supply Chain
CVE-2015-4767 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
- mysql-5.6 5.6.25-2
- mysql-5.5 <not-affected> (Only 5.6 series)
@@ -1985,11 +1985,11 @@
CVE-2015-4766
RESERVED
CVE-2015-4765 (Unspecified vulnerability in the Oracle Applications Manager component ...)
- TODO: check
+ NOT-FOR-US: Oracle Applications Manager
CVE-2015-4764 (Unspecified vulnerability in the Data Store component in Oracle ...)
TODO: check
CVE-2015-4763 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Supply Chain
CVE-2015-4762
RESERVED
CVE-2015-4761 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
@@ -2006,9 +2006,9 @@
NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3f9845510b47
NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4759 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-4758 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-4757 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier ...)
- mysql-5.6 5.6.25-2
- mysql-5.5 5.5.43-0+deb8u1
@@ -2023,11 +2023,11 @@
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4755 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2015-4754 (Unspecified vulnerability in the Data Store component in Oracle ...)
TODO: check
CVE-2015-4753 (Unspecified vulnerability in the RDBMS Support Tools component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2015-4752 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
{DSA-3308-1}
- mysql-5.6 5.6.25-2
@@ -2035,9 +2035,9 @@
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4751 (Unspecified vulnerability in the Oracle Access Manager component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-4750 (Unspecified vulnerability in the Oracle VM Server for SPARC component ...)
- TODO: check
+ NOT-FOR-US: Oracle VM Server
CVE-2015-4749 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
{DSA-3316-1}
- openjdk-6 <unfixed>
@@ -2053,25 +2053,25 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client and server deployment of Java."
CVE-2015-4747 (Unspecified vulnerability in the Oracle Event Processing component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-4746 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
- TODO: check
+ NOT-FOR-US: Oracle Supply Chain
CVE-2015-4745 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-4744 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
TODO: check
CVE-2015-4743 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business
CVE-2015-4742 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-4741 (Unspecified vulnerability in the Oracle Applications Framework ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business
CVE-2015-4740 (Unspecified vulnerability in the RDBMS Partitioning component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2015-4739 (Unspecified vulnerability in the Oracle Application Object Library ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business
CVE-2015-4738 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Candidate ...)
- TODO: check
+ NOT-FOR-US: Oracle PeopleSoft
CVE-2015-4737 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, ...)
{DSA-3308-1}
- mysql-5.6 5.6.25-2
@@ -2082,7 +2082,7 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-4735 (Unspecified vulnerability in the Enterprise Manager for Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2015-4734
RESERVED
CVE-2015-4733 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
@@ -2112,9 +2112,9 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-4728 (Unspecified vulnerability in the Oracle Sourcing component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business
CVE-2015-4727 (Unspecified vulnerability in Oracle Virtualization Sun Ray Software ...)
- TODO: check
+ NOT-FOR-US: Oracle Virtulization
CVE-2015-4726 (PHP remote file inclusion vulnerability in ajax/myajaxphp.php in ...)
NOT-FOR-US: AudioShare
CVE-2015-4725 (Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare ...)
@@ -2320,9 +2320,9 @@
CVE-2015-4649
RESERVED
CVE-2015-4648 (Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX ...)
- TODO: check
+ NOT-FOR-US: Pansonic Security API
CVE-2015-4647 (Multiple stack-based buffer overflows in Ipropsapi in Panasonic ...)
- TODO: check
+ NOT-FOR-US: Pansonic Security API
CVE-2015-4641 (Directory traversal vulnerability in the SwiftKey language-pack update ...)
NOT-FOR-US: SwiftKey language-pack update implementation on Samsung devices
CVE-2015-4640 (The SwiftKey language-pack update implementation on Samsung Galaxy S4, ...)
@@ -2378,7 +2378,7 @@
CVE-2015-4638
RESERVED
CVE-2015-4637 (The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 ...)
- TODO: check
+ NOT-FOR-US: BIG-IQ
CVE-2015-4636
RESERVED
CVE-2015-4635
@@ -2531,7 +2531,7 @@
CVE-2015-4555
RESERVED
CVE-2015-4554 (Multiple unspecified vulnerabilities in TIBCO Spotfire Client and ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2015-4553
RESERVED
CVE-2015-4552
@@ -2707,11 +2707,11 @@
CVE-2015-4461
RESERVED
CVE-2015-4460 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: C2Box
CVE-2015-4459
RESERVED
CVE-2015-4458 (The TLS implementation in the Cavium cryptographic-module firmware, as ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-9733
RESERVED
CVE-2015-4603 [exception::getTraceAsString issue]
@@ -3111,74 +3111,74 @@
CVE-2015-4286
RESERVED
CVE-2015-4285 (The Local Packet Transport Services (LPTS) implementation in Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4284 (The Concurrent Data Management Replication process in Cisco IOS XR ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4283 (Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4282
RESERVED
CVE-2015-4281 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4280 (Cisco Prime Collaboration Assurance 10.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4279 (The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4278 (Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4277
RESERVED
CVE-2015-4276 (Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4275 (The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4274 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4273 (The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4271 (Cisco TelePresence TC before 7.3.4 on Integrator C devices allows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4270 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4269 (The Tomcat throttling feature in Cisco Unified Communications Manager ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4268 (Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4267 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4266 (The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4265
RESERVED
CVE-2015-4264
RESERVED
CVE-2015-4263 (The Control and Provisioning functionality in Cisco Mobility Services ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4262
RESERVED
NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-4261
RESERVED
CVE-2015-4260 (Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4259 (The Integrated Management Controller on Cisco Unified Computing System ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4258 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4257 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4256 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4255 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4254 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4253 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4252 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4251
RESERVED
CVE-2015-4250
@@ -3190,19 +3190,19 @@
CVE-2015-4247
REJECTED
CVE-2015-4246 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4245
REJECTED
CVE-2015-4244 (The boot implementation on Cisco ASR 5000 and 5500 devices with ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4243 (The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4242 (Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4241 (Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4240 (Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4239 (Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-4238 (The SNMP implementation in Cisco Adaptive Security Appliance (ASA) ...)
@@ -3210,7 +3210,7 @@
CVE-2015-4237 (The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), ...)
NOT-FOR-US: Cisco NX-OS
CVE-2015-4236 (Cisco AsyncOS on Email Security Appliance (ESA) devices with software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4235
RESERVED
NOT-FOR-US: Cisco Application Policy Infrastructure Controller
@@ -3223,7 +3223,7 @@
CVE-2015-4231 (The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices ...)
NOT-FOR-US: Cisco NX-OS
CVE-2015-4230 (Memory leak in Cisco Headend System Release allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4229 (The web framework in Cisco Unified Communications Domain Manager ...)
NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-4228 (Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad ...)
@@ -3636,7 +3636,7 @@
CVE-2015-4112
RESERVED
CVE-2015-4111 (mc_demux_mp4_ds.ax in an unspecified third-party codec demux in ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2015-4110
RESERVED
CVE-2015-4109 (Multiple SQL injection vulnerabilities in the ratings module in the ...)
@@ -3873,9 +3873,9 @@
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=8b8f1c7e9ddb2e88a144638f6527bf70e32343e3
CVE-2015-4034 (The createFromParcel method in the ...)
- TODO: check
+ NOT-FOR-US: Samsung Galaxy S5
CVE-2015-4033 (Samsung SBeam allows remote attackers to read arbitrary images by ...)
- TODO: check
+ NOT-FOR-US: Samsung SBeam
CVE-2015-4032 (projectContents.jsp in the Developer tools in Visual Mining NetCharts ...)
NOT-FOR-US: Visual Mining NetCharts Server
CVE-2015-4031 (Directory traversal vulnerability in saveFile.jsp in the development ...)
@@ -4145,13 +4145,13 @@
CVE-2015-3959
RESERVED
CVE-2015-3958 (Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly ...)
- TODO: check
+ NOT-FOR-US: Hospira LifeCare
CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private keys ...)
- TODO: check
+ NOT-FOR-US: Hospira LifeCare
CVE-2015-3956
RESERVED
CVE-2015-3955 (Stack-based buffer overflow in Hospira LifeCare PCA Infusion System ...)
- TODO: check
+ NOT-FOR-US: Hospira LifeCare
CVE-2015-3954
RESERVED
CVE-2015-3953
@@ -5048,13 +5048,16 @@
CVE-2015-3626
RESERVED
CVE-2015-3625 (The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before ...)
+ - nvidia-graphics-driver <undetermined>
+ NOTE: the text seems to indicate that this is freebsd-specific (possibly kfreebsd is affected)
+ NOTE: non-free packages don't get security support
TODO: check
CVE-2015-3624 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Ektron Content Management System
CVE-2015-3623
RESERVED
CVE-2015-3621 (Untrusted search path vulnerability in SAP Enterprise Central ...)
- TODO: check
+ NOT-FOR-US: SAP ECC
CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced dataset ...)
NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2015-3619
@@ -5477,7 +5480,7 @@
CVE-2015-3450
RESERVED
CVE-2015-3449 (The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions ...)
- TODO: check
+ NOT-FOR-US: SAP Afaria
CVE-2015-3448 (REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and ...)
- ruby-rest-client 1.8.0-1
[jessie] - ruby-rest-client <no-dsa> (Minor issue, logging not enabled by default)
@@ -6949,7 +6952,7 @@
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24847
NOTE: Patch: https://issues.asterisk.org/jira/secure/attachment/52082/asterisk-null-in-cn.patch
CVE-2015-3007 (The Juniper SRX Series services gateways with Junos OS 12.1X46 before ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-3006
RESERVED
CVE-2015-3005 (Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper ...)
@@ -7019,13 +7022,13 @@
CVE-2015-2973
RESERVED
CVE-2015-2972 (Multiple SQL injection vulnerabilities in Sysphonic Thetis before ...)
- TODO: check
+ NOT-FOR-US: Syshonic Thetis
CVE-2015-2971 (Directory traversal vulnerability in Seeds acmailer before 3.8.18 and ...)
- TODO: check
+ NOT-FOR-US: Seeds acmailer
CVE-2015-2970 (index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote ...)
- TODO: check
+ NOT-FOR-US: Oekaki BBS
CVE-2015-2969 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP ...)
- TODO: check
+ NOT-FOR-US: Oekaki BBS
CVE-2015-2968
RESERVED
CVE-2015-2966 (Directory traversal vulnerability in the Droidware UK Explorer+ File ...)
@@ -7035,7 +7038,7 @@
CVE-2015-2964 (NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass ...)
NOT-FOR-US: NAMSHI | JOSE
CVE-2015-2963 (The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider ...)
- TODO: check
+ NOT-FOR-US: thoughtbot paperclip gem for ruby
CVE-2015-2962 (CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to ...)
NOT-FOR-US: CGI RESCUE BloBee
CVE-2015-2961 (Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow ...)
@@ -7256,21 +7259,21 @@
CVE-2015-2870
RESERVED
CVE-2015-2869 (The FileInfo plugin before 2.22 for Ghisler Total Commander allows ...)
- TODO: check
+ NOT-FOR-US: Ghisler Total Commander
CVE-2015-2868
RESERVED
CVE-2015-2867
RESERVED
CVE-2015-2866 (SQL injection vulnerability on the Grandstream GXV3611_HD camera with ...)
- TODO: check
+ NOT-FOR-US: Grandstream camera
CVE-2015-2865
REJECTED
CVE-2015-2864
RESERVED
CVE-2015-2863 (Open redirect vulnerability in Kaseya Virtual System Administrator ...)
- TODO: check
+ NOT-FOR-US: Kaseya VSA
CVE-2015-2862 (Directory traversal vulnerability in Kaseya Virtual System ...)
- TODO: check
+ NOT-FOR-US: Kaseya VSA
CVE-2015-2861 (Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel ...)
NOT-FOR-US: Vesta Control Panel
CVE-2015-2860 (Directory traversal vulnerability in Avigilon Control Center (ACC) 4 ...)
@@ -7294,9 +7297,9 @@
CVE-2015-2851 (client_chown in the sync client in Synology Cloud Station 1.1-2291 ...)
NOT-FOR-US: Synology Cloud Station
CVE-2015-2850 (Cross-site scripting (XSS) vulnerability in index-login.ant in the ...)
- TODO: check
+ NOT-FOR-US: ANTlabs
CVE-2015-2849 (SQL injection vulnerability in main.ant in the ANTlabs InnGate ...)
- TODO: check
+ NOT-FOR-US: ANTlabs
CVE-2015-2848
RESERVED
CVE-2015-2847
@@ -8058,40 +8061,40 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-2663 (Unspecified vulnerability in the Oracle Transportation Management ...)
- TODO: check
+ NOT-FOR-US: Oracle Supply Chain
CVE-2015-2662 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
- TODO: check
+ NOT-FOR-US: Solaris DHCP (dhcpagent)
CVE-2015-2661 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
- mysql-5.6 5.6.25-2
- mysql-5.5 <not-affected> (Only 5.6 series)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2660 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Supply Chain
CVE-2015-2659 (Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded ...)
- openjdk-6 <not-affected> (Only affects Java 8)
- openjdk-7 <not-affected> (Only affects Java 8)
- openjdk-8 <unfixed>
CVE-2015-2658 (Unspecified vulnerability in the Web Cache component in Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2657 (Unspecified vulnerability in the Oracle Transportation Management ...)
- TODO: check
+ NOT-FOR-US: Oracle Supply Chain
CVE-2015-2656 (Unspecified vulnerability in the Data Store component in Oracle ...)
TODO: check
CVE-2015-2655 (Unspecified vulnerability in the Application Express component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2015-2654 (Unspecified vulnerability in the Data Store component in Oracle ...)
TODO: check
CVE-2015-2653 (Unspecified vulnerability in the Oracle Commerce Guided Search / ...)
- TODO: check
+ NOT-FOR-US: Oracle Commerce
CVE-2015-2652 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business
CVE-2015-2651 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
- TODO: check
+ NOT-FOR-US: Solaris Virtualized NIC Driver
CVE-2015-2650 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
- TODO: check
+ NOT-FOR-US: PeopleSoft
CVE-2015-2649 (Unspecified vulnerability in the Siebel UI Framework component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Seibel CRM
CVE-2015-2648 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
{DSA-3308-1}
- mysql-5.6 5.6.25-2
@@ -8099,13 +8102,13 @@
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2647 (Unspecified vulnerability in the Enterprise Manager for Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2015-2646 (Unspecified vulnerability in the Enterprise Manager for Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2015-2645 (Unspecified vulnerability in the Oracle Web Applications Desktop ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business
CVE-2015-2644 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
- TODO: check
+ NOT-FOR-US: Oracle Supply Chain
CVE-2015-2643 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
{DSA-3308-1}
- mysql-5.6 5.6.25-2
@@ -8137,11 +8140,11 @@
- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
CVE-2015-2636 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2635 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2634 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2633
RESERVED
CVE-2015-2632 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
@@ -8152,11 +8155,11 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-2631 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
- TODO: check
+ NOT-FOR-US: Solaris (rmformat)
CVE-2015-2630 (Unspecified vulnerability in the Technology stack component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business
CVE-2015-2629 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2015-2628 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
{DSA-3316-1}
- openjdk-6 <unfixed>
@@ -8182,7 +8185,7 @@
CVE-2015-2623 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
TODO: check
CVE-2015-2622 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
- TODO: check
+ NOT-FOR-US: PeopleSoft
CVE-2015-2621 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
{DSA-3316-1}
- openjdk-6 <unfixed>
@@ -8200,7 +8203,7 @@
- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2015-2618 (Unspecified vulnerability in the Oracle Application Object Library ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business
CVE-2015-2617 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
- mysql-5.6 5.6.25-2
- msyql-5.5 <not-affected> (Only 5.6 series)
@@ -8209,9 +8212,9 @@
CVE-2015-2616 (Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows ...)
TODO: check
CVE-2015-2615 (Unspecified vulnerability in the Oracle Applications Framework ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business
CVE-2015-2614 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
- TODO: check
+ NOT-FOR-US: Solaris (NVM Express Driver)
CVE-2015-2613 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE ...)
{DSA-3316-1}
- openjdk-6 <unfixed>
@@ -8220,30 +8223,30 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client and server deployment of Java."
CVE-2015-2612 (Unspecified vulnerability in the Siebel Core - Server OM Svcs ...)
- TODO: check
+ NOT-FOR-US: Oracle Seibel CMS
CVE-2015-2611 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
- mysql-5.6 5.6.25-2
- mysql-5.5 <not-affected> (Only 5.6 series)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2610 (Unspecified vulnerability in the Oracle Applications Framework ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business
CVE-2015-2609 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
- TODO: check
+ NOT-FOR-US: Solaris (performance counters)
CVE-2015-2608
RESERVED
CVE-2015-2607 (Unspecified vulnerability in the Oracle Commerce Guided Search / ...)
- TODO: check
+ NOT-FOR-US: Oracle Commerce
CVE-2015-2606 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2605 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2604 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2603 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2602 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2601 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, ...)
{DSA-3316-1}
- openjdk-6 <unfixed>
@@ -8252,11 +8255,11 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client and server deployment of Java."
CVE-2015-2600 (Unspecified vulnerability in the Siebel Core - Server OM Svcs ...)
- TODO: check
+ NOT-FOR-US: Oracle Siebel CMS
CVE-2015-2599 (Unspecified vulnerability in the RDBMS Scheduler component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2015-2598 (Unspecified vulnerability in the mobile app in Oracle Business ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2597 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local ...)
- openjdk-6 <not-affected> (Specific to MacOS X)
- openjdk-7 <not-affected> (Specific to MacOS X)
@@ -8264,18 +8267,18 @@
CVE-2015-2596 (Unspecified vulnerability in Oracle Java SE 7u80 allows remote ...)
- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2015-2595 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2015-2594 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox 4.3.30-dfsg-1 (bug #792446)
- virtualbox-ose <removed>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixOVIR
NOTE: "This issue affects Windows, Linux and Mac OS X hosts only when guests using bridged networking over Wifi."
CVE-2015-2593 (Unspecified vulnerability in the Oracle Access Manager component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-2592 (Unspecified vulnerability in the Hyperion Enterprise Performance ...)
- TODO: check
+ NOT-FOR-US: Oracle Hyperion
CVE-2015-2591 (Unspecified vulnerability in the PeopleSoft Enteprise Portal - ...)
- TODO: check
+ NOT-FOR-US: PeopleSoft
CVE-2015-2590 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
{DSA-3316-1}
- openjdk-6 <unfixed>
@@ -8284,17 +8287,17 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-2589 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2015-2588 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
- TODO: check
+ NOT-FOR-US: PeopleSoft
CVE-2015-2587 (Unspecified vulnerability in the Siebel UI Framework component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Siebel CMS
CVE-2015-2586 (Unspecified vulnerability in the Application Express component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2015-2585 (Unspecified vulnerability in the Application Express component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2015-2584 (Unspecified vulnerability in the Hyperion Enterprise Performance ...)
- TODO: check
+ NOT-FOR-US: Oracle Hyperion
CVE-2015-2583 (Unspecified vulnerability in the Data Store component in Oracle ...)
TODO: check
CVE-2015-2582 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
@@ -8304,7 +8307,7 @@
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2581 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
- TODO: check
+ NOT-FOR-US: Oracle Virtualization
CVE-2015-2580 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
TODO: check
CVE-2015-2579 (Unspecified vulnerability in the Oracle Health Sciences Argus Safety ...)
@@ -9635,7 +9638,7 @@
CVE-2015-2135
RESERVED
CVE-2015-2134 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
- TODO: check
+ NOT-FOR-US: Hewlett-Packard
CVE-2015-2133
RESERVED
CVE-2015-2132
@@ -9651,7 +9654,7 @@
CVE-2015-2127
RESERVED
CVE-2015-2126 (Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows ...)
- TODO: check
+ NOT-FOR-US: HP-UX (pppoec)
CVE-2015-2125 (Unspecified vulnerability in HP WebInspect 7.x through 10.4 before ...)
NOT-FOR-US: HP WebInspect
CVE-2015-2124 (Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 ...)
@@ -10037,17 +10040,17 @@
CVE-2015-1985
RESERVED
CVE-2015-1984 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-1983
RESERVED
CVE-2015-1982 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-1981 (Cross-site scripting (XSS) vulnerability in the web server in IBM ...)
NOT-FOR-US: IBM
CVE-2015-1980 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-1979 (Multiple cross-site scripting (XSS) vulnerabilities in the Error ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-1978 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Security ...)
NOT-FOR-US: IBM
CVE-2015-1977
@@ -10069,7 +10072,7 @@
CVE-2015-1969
RESERVED
CVE-2015-1968 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-1967 (MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the ...)
NOT-FOR-US: IBM
CVE-2015-1966 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
@@ -10083,7 +10086,7 @@
CVE-2015-1962 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
NOT-FOR-US: IBM
CVE-2015-1961 (The REST API in IBM Business Process Manager (BPM) 7.5.x through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-1960
RESERVED
CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...)
@@ -10172,7 +10175,7 @@
CVE-2015-1918
RESERVED
CVE-2015-1917 (Cross-site scripting (XSS) vulnerability in the Active Content ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-1916 (Unspecified vulnerability in IBM Java 8 before SR1 allows remote ...)
NOT-FOR-US: IBM JDK
CVE-2015-1915 (The Endpoint Manager for Remote Control component in IBM Tivoli ...)
@@ -11258,9 +11261,9 @@
CVE-2015-1562 (Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS ...)
NOT-FOR-US: Saurus CMS
CVE-2015-1561 (The escape_command function in ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2015-1560 (SQL injection vulnerability in the isUserAdmin function in ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2015-1559 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: Epignosis eFront
CVE-2015-1557
@@ -13400,7 +13403,7 @@
CVE-2015-1012
RESERVED
CVE-2015-1011 (Hospira LifeCare PCA Infusion System before 7.0 has hardcoded ...)
- TODO: check
+ NOT-FOR-US: Hospira LifeCare
CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does ...)
NOT-FOR-US: Rockwell Automation RSView32
CVE-2015-1009
@@ -14252,7 +14255,7 @@
CVE-2015-0796
RESERVED
CVE-2015-0795 (Multiple stack-based buffer overflows in the SafeShellExecute method ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2015-0794
RESERVED
CVE-2015-0793
@@ -15631,9 +15634,9 @@
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
CVE-2015-0468 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2015-0467 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent ...)
- TODO: check
+ NOT-FOR-US: PeopleSoft
CVE-2015-0466 (Unspecified vulnerability in the Oracle Retail Back Office component ...)
NOT-FOR-US: Oracle
CVE-2015-0465 (Unspecified vulnerability in the Oracle Transportation Management ...)
@@ -15683,13 +15686,13 @@
CVE-2015-0447 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
NOT-FOR-US: Oracle
CVE-2015-0446 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-0445 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-0444 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-0443 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Fusion
CVE-2015-0442
RESERVED
CVE-2015-0441 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...)
@@ -16522,7 +16525,7 @@
CVE-2014-9197 (The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware ...)
NOT-FOR-US: Schneider Electric
CVE-2014-9196 (Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 ...)
- TODO: check
+ NOT-FOR-US: Eaton Cooper Power Systems
CVE-2014-9195 (Phoenix Contact ProConOs and MultiProg do not require authentication, ...)
NOT-FOR-US: Phoenix Contact ProConOs and MultiProg
CVE-2014-9194 (Arbiter 1094B GPS Substation Clock allows remote attackers to cause a ...)
@@ -17857,7 +17860,7 @@
CVE-2015-0131 (Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 ...)
NOT-FOR-US: IBM
CVE-2015-0130 (Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-0129 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
NOT-FOR-US: IBM Rational Quality Manager
CVE-2015-0128 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
@@ -26828,7 +26831,7 @@
CVE-2014-5407 (Multiple stack-based buffer overflows in Schneider Electric VAMPSET ...)
NOT-FOR-US: Schneider Electric
CVE-2014-5406 (The Hospira LifeCare PCA Infusion System before 7.0 does not validate ...)
- TODO: check
+ NOT-FOR-US: Hospira LifeCare
CVE-2014-5405 (Hospira MedNet before 6.1 uses a hardcoded cleartext password to ...)
NOT-FOR-US: Hospira MedNet
CVE-2014-5404
@@ -39600,7 +39603,7 @@
CVE-2009-5137 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows ...)
NOT-FOR-US: CastRipper
CVE-2014-0611 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in ...)
- TODO: check
+ NOT-FOR-US: Novell GroupWise
CVE-2014-0610 (The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and ...)
NOT-FOR-US: Novell GroupWise
CVE-2014-0609 (Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 ...)
More information about the Secure-testing-commits
mailing list