[Secure-testing-commits] r34805 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Jun 8 18:56:09 UTC 2015 

Author: carnil
Date: 2015-06-08 18:56:09 +0000 (Mon, 08 Jun 2015)
New Revision: 34805

Modified:
   data/CVE/list
Log:
Process some NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-06-08 17:45:52 UTC (rev 34804)
+++ data/CVE/list	2015-06-08 18:56:09 UTC (rev 34805)
@@ -111,7 +111,7 @@
 CVE-2015-4136
 	RESERVED
 CVE-2014-9727 (AVM Fritz!Box allows remote attackers to execute arbitrary commands ...)
-	TODO: check
+	NOT-FOR-US: AVM Fritz!Box
 CVE-2014-9731 [udf: information leakage when reading symlink]
 	- linux 4.0.2-1
 	- linux-2.6 <removed>
@@ -292,13 +292,13 @@
 CVE-2015-4095
 	RESERVED
 CVE-2015-4094 (The Thycotic Password Manager Secret Server application through 2.3 ...)
-	TODO: check
+	NOT-FOR-US: Thycotic Password Manager Secret Server application for iOS
 CVE-2015-4093
 	RESERVED
 CVE-2015-4092 (Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 ...)
-	TODO: check
+	NOT-FOR-US: SAP Afaria
 CVE-2015-4091 (XML external entity (XXE) vulnerability in SAP NetWeaver AS Java ...)
-	TODO: check
+	NOT-FOR-US: SAP NetWeaver AS Java
 CVE-2015-4090
 	RESERVED
 CVE-2015-4089
@@ -340,9 +340,9 @@
 CVE-2015-4070
 	RESERVED
 CVE-2015-4069 (The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 ...)
-	TODO: check
+	NOT-FOR-US: EdgeServiceImpl web service in Arcserve UDP
 CVE-2015-4068 (Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 ...)
-	TODO: check
+	NOT-FOR-US: Arcserve UDP
 CVE-2015-4067 (Integer overflow in the libnv6 module in Dell NetVault Backup before ...)
 	NOT-FOR-US: Dell NetVault Backup
 CVE-2015-4066 (Multiple SQL injection vulnerabilities in admin/handlers.php in the ...)
@@ -350,9 +350,9 @@
 CVE-2015-4061
 	RESERVED
 CVE-2015-4060 (Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) ...)
-	TODO: check
+	NOT-FOR-US: Wavelink ConnectPro
 CVE-2015-4059 (Heap-based buffer overflow in the License Server (LicenseServer.exe) ...)
-	TODO: check
+	NOT-FOR-US: Wavelink Terminal Emulation
 CVE-2015-4058
 	RESERVED
 CVE-2015-4057
@@ -468,9 +468,9 @@
 CVE-2015-4033
 	RESERVED
 CVE-2015-4032 (projectContents.jsp in the Developer tools in Visual Mining NetCharts ...)
-	TODO: check
+	NOT-FOR-US: Visual Mining NetCharts Server
 CVE-2015-4031 (Directory traversal vulnerability in saveFile.jsp in the development ...)
-	TODO: check
+	NOT-FOR-US: Visual Mining NetChart
 CVE-2015-4030
 	RESERVED
 CVE-2015-4029
@@ -597,9 +597,9 @@
 CVE-2015-3996
 	RESERVED
 CVE-2015-3995 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA DB
 CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS Engine ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA DB
 CVE-2015-3993
 	RESERVED
 CVE-2015-3992
@@ -757,7 +757,7 @@
 CVE-2015-3940
 	RESERVED
 CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 modules for ...)
-	TODO: check
+	NOT-FOR-US: IDS RTU 850C devices
 CVE-2015-3938
 	RESERVED
 CVE-2015-3937
@@ -2494,7 +2494,7 @@
 CVE-2015-3293 (FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain ...)
 	NOT-FOR-US: FortiMail
 CVE-2015-3292 (The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 ...)
-	TODO: check
+	NOT-FOR-US: NetApp OnCommand Workflow Automation
 CVE-2015-3291
 	RESERVED
 CVE-2015-3290
@@ -3393,7 +3393,7 @@
 CVE-2015-2945 (mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does ...)
 	NOT-FOR-US: Hajime Fujimoto mt-phpincgi
 CVE-2015-2944 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling ...)
-	TODO: check
+	NOT-FOR-US: Apache Sling
 CVE-2015-2943
 	RESERVED
 CVE-2015-3026 (Icecast before 2.4.2, when a stream_auth handler is defined for URL ...)
@@ -3612,7 +3612,7 @@
 CVE-2015-2852 (Cross-site request forgery (CSRF) vulnerability in the WebUI component ...)
 	NOT-FOR-US: Blue Coat SSL Visibility Appliance
 CVE-2015-2851 (client_chown in the sync client in Synology Cloud Station 1.1-2291 ...)
-	TODO: check
+	NOT-FOR-US: Synology Cloud Station
 CVE-2015-2850
 	RESERVED
 CVE-2015-2849
@@ -9366,13 +9366,13 @@
 CVE-2015-1014
 	RESERVED
 CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI AF and OSIsoft PI SQL for AF
 CVE-2015-1012
 	RESERVED
 CVE-2015-1011
 	RESERVED
 CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation RSView32
 CVE-2015-1009
 	RESERVED
 CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before 13 ...)
@@ -9420,7 +9420,7 @@
 CVE-2015-0987
 	RESERVED
 CVE-2015-0986 (Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus ...)
-	TODO: check
+	NOT-FOR-US: Moxa VPort ActiveX SDK Plus
 CVE-2015-0985 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
 	NOT-FOR-US: XZERES 442SR (wind turbine)
 CVE-2015-0984 (Directory traversal vulnerability in the FTP server on Honeywell Excel ...)
@@ -10344,7 +10344,7 @@
 CVE-2015-0734 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0733 (CRLF injection vulnerability in the HTTP Header Handler in Digital ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0732
 	RESERVED
 CVE-2015-0731 (The ISDN implementation in Cisco IOS 15.3S allows remote attackers to ...)

More information about the Secure-testing-commits mailing list