[Secure-testing-commits] r34874 - data/CVE
Helmut Grohne
helmutg at moszumanska.debian.org
Thu Jun 11 13:31:11 UTC 2015
Author: helmutg
Date: 2015-06-11 13:31:11 +0000 (Thu, 11 Jun 2015)
New Revision: 34874
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-11 12:41:12 UTC (rev 34873)
+++ data/CVE/list 2015-06-11 13:31:11 UTC (rev 34874)
@@ -59,7 +59,7 @@
CVE-2015-4428
RESERVED
CVE-2015-4427 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Ektron CMS
CVE-2015-4426
RESERVED
CVE-2015-4425
@@ -77,7 +77,7 @@
CVE-2015-4419
RESERVED
CVE-2015-4418 (Zoho NetFlow Analyzer build 10250 and earlier does not have an off ...)
- TODO: check
+ NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-4417
RESERVED
CVE-2015-4416
@@ -552,7 +552,7 @@
CVE-2015-4173
RESERVED
CVE-2010-5324 (Directory traversal vulnerability in UploadServlet in the Remote ...)
- TODO: check
+ NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-XXXX [kvm: x86: NULL pointer dereference in kvm_apic_has_events function]
- linux <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -981,7 +981,7 @@
CVE-2015-4052
RESERVED
CVE-2015-4051 (Beckhoff IPC Diagnostics before 1.8 does not properly restrict access ...)
- TODO: check
+ NOT-FOR-US: Beckhoff IPC Diagnostics
CVE-2015-4050 (FragmentListener in the HttpKernel component in Symfony 2.3.19 through ...)
{DSA-3276-1}
- symfony 2.7.0~beta2+dfsg-2
@@ -1314,7 +1314,7 @@
CVE-2015-3951
RESERVED
CVE-2015-3950 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
- TODO: check
+ NOT-FOR-US: XZERES 442SR (wind turbine)
CVE-2015-3949
RESERVED
CVE-2015-3948
@@ -3872,23 +3872,23 @@
CVE-2015-3002 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, ...)
NOT-FOR-US: Juniper
CVE-2015-3001 (SysAid Help Desk before 15.2 uses a hardcoded password of Password1 ...)
- TODO: check
+ NOT-FOR-US: SysAid Help Desk
CVE-2015-3000 (SysAid Help Desk before 15.2 allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: SysAid Help Desk
CVE-2015-2999 (Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 ...)
- TODO: check
+ NOT-FOR-US: SysAid Help Desk
CVE-2015-2998 (SysAid Help Desk before 15.2 uses a hardcoded encryption key, which ...)
- TODO: check
+ NOT-FOR-US: SysAid Help Desk
CVE-2015-2997 (SysAid Help Desk before 15.2 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: SysAid Help Desk
CVE-2015-2996 (Multiple directory traversal vulnerabilities in SysAid Help Desk ...)
- TODO: check
+ NOT-FOR-US: SysAid Help Desk
CVE-2015-2995 (SysAid Help Desk before 15.2 does not properly check file extensions, ...)
- TODO: check
+ NOT-FOR-US: SysAid Help Desk
CVE-2015-2994 (Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid ...)
- TODO: check
+ NOT-FOR-US: SysAid Help Desk
CVE-2015-2993 (SysAid Help Desk before 15.2 does not properly restrict access to ...)
- TODO: check
+ NOT-FOR-US: SysAid Help Desk
CVE-2015-2992
RESERVED
CVE-2015-2991
@@ -3952,11 +3952,11 @@
CVE-2015-2962
RESERVED
CVE-2015-2961 (Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow ...)
- TODO: check
+ NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2960 (Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer ...)
- TODO: check
+ NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2959 (Zoho NetFlow Analyzer build 10250 and earlier does not check for ...)
- TODO: check
+ NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2958
RESERVED
CVE-2015-2957
@@ -3972,9 +3972,9 @@
CVE-2015-2952
RESERVED
CVE-2015-2951 (JWT.php in F21 JWT before 2.0 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: PHP JWT aibrary
CVE-2015-2950 (Directory traversal vulnerability in the Brandon Bowles Open Explorer ...)
- TODO: check
+ NOT-FOR-US: Brandon Bowles Open Explorer application for Android
CVE-2015-2949 (Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and ...)
NOT-FOR-US: ZenPhoto20
CVE-2015-2948 (Cross-site scripting (XSS) vulnerability in the image processor in ...)
@@ -4601,7 +4601,7 @@
CVE-2015-2746 (The network diagnostics tool (CommandLineServlet) in the Appliance ...)
NOT-FOR-US: Websense TRITON
CVE-2010-5323 (Directory traversal vulnerability in UploadServlet in the Remote ...)
- TODO: check
+ NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-2774 [Erlang POODLE TLS vulnerability]
RESERVED
- erlang 1:17.3-dfsg-4 (low; bug #781839)
@@ -9987,7 +9987,7 @@
CVE-2015-1001
RESERVED
CVE-2015-1000 (Stack-based buffer overflow in the OpenForIPCamTest method in the ...)
- TODO: check
+ NOT-FOR-US: SStreamVideo ActiveX control
CVE-2015-0999 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0998 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
@@ -10844,7 +10844,7 @@
CVE-2015-0780
RESERVED
CVE-2015-0779 (Directory traversal vulnerability in UploadServlet in Novell ZENworks ...)
- TODO: check
+ NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0778 (osc before 0.151.0 allows remote attackers to execute arbitrary ...)
- osc 0.149.0-2 (low; bug #780410)
[wheezy] - osc <no-dsa> (Minor issue)
@@ -10867,13 +10867,13 @@
CVE-2015-0771
RESERVED
CVE-2015-0770 (CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 ...)
- TODO: check
+ NOT-FOR-US: Cisco TelePresence TC Software
CVE-2015-0769
RESERVED
CVE-2015-0768
RESERVED
CVE-2015-0767 (Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0766 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Cisco
CVE-2015-0765 (Cisco ONS 15454 System Software 10.30 and 10.301 allows remote ...)
@@ -12917,7 +12917,7 @@
CVE-2014-9285
RESERVED
CVE-2014-9284 (The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, ...)
- TODO: check
+ NOT-FOR-US: Buffalo routers
CVE-2014-9283 (The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows ...)
NOT-FOR-US: BestWebSoft plugin for WordPress
CVE-2014-9282 (Directory traversal vulnerability in the Speed Root Explorer ...)
@@ -13067,7 +13067,7 @@
CVE-2014-9202
RESERVED
CVE-2014-9201 (Beckwith Electric M-6200 Digital Voltage Regulator Control with ...)
- TODO: check
+ NOT-FOR-US: Beckwith Electric digital voltage regulators
CVE-2014-9200 (Stack-based buffer overflow in an unspecified DLL file in a DTM ...)
NOT-FOR-US: Schneider Electric
CVE-2014-9199 (The Clorius Controls Java web client before 01.00.0009g allows remote ...)
@@ -14451,7 +14451,7 @@
CVE-2015-0113 (The Jazz help system in IBM Rational Collaborative Lifecycle ...)
NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
CVE-2015-0112 (Jazz Team Server in Jazz Foundation in IBM Rational Collaborative ...)
- TODO: check
+ NOT-FOR-US: IBM Rational
CVE-2015-0111
RESERVED
CVE-2015-0110
@@ -14904,7 +14904,7 @@
CVE-2014-8888
RESERVED
CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...)
- TODO: check
+ NOT-FOR-US: IBM Marketing Operations
CVE-2014-8886
RESERVED
CVE-2014-8885
@@ -21474,7 +21474,7 @@
CVE-2014-6285
RESERVED
CVE-2014-6284 (SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before ...)
- TODO: check
+ NOT-FOR-US: SAP Adaptive Server Enterprise
CVE-2014-6283 (SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 ...)
NOT-FOR-US: SAP Adaptive Server Enterprise
CVE-2014-6282
@@ -21674,7 +21674,7 @@
CVE-2014-6223
RESERVED
CVE-2014-6222 (Directory traversal vulnerability in IBM Marketing Operations 7.x and ...)
- TODO: check
+ NOT-FOR-US: IBM Marketing Operations
CVE-2014-6221 (The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ...)
NOT-FOR-US: IBM Rational ClearCase
CVE-2014-6220
@@ -21769,7 +21769,7 @@
CVE-2014-6176 (IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus ...)
NOT-FOR-US: IBM
CVE-2014-6175 (Cross-site scripting (XSS) vulnerability in IBM Marketing Operations ...)
- TODO: check
+ NOT-FOR-US: IBM Marketing Operations
CVE-2014-6174 (IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before ...)
NOT-FOR-US: IBM
CVE-2014-6173 (Cross-site scripting (XSS) vulnerability in the Process Inspector in ...)
More information about the Secure-testing-commits
mailing list