[Secure-testing-commits] r35179 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jun 27 05:07:12 UTC 2015
Author: carnil
Date: 2015-06-27 05:07:12 +0000 (Sat, 27 Jun 2015)
New Revision: 35179
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-27 04:56:54 UTC (rev 35178)
+++ data/CVE/list 2015-06-27 05:07:12 UTC (rev 35179)
@@ -6,13 +6,13 @@
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1571
NOTE: http://www.openwall.com/lists/oss-security/2015/06/26/1
CVE-2015-5068 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-5067 (The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-5066 (Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix ...)
TODO: check
CVE-2015-5065 (Absolute path traversal vulnerability in proxy.php in the google ...)
- TODO: check
+ NOT-FOR-US: Paypal Currency Converter Basic For WooCommerce plugin for WordPress
CVE-2015-5064 (Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite ...)
TODO: check
CVE-2015-5063 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
@@ -20,7 +20,7 @@
CVE-2015-5062 (Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 ...)
- silverstripe <itp> (bug #528461)
CVE-2015-5061 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2015-5060
RESERVED
CVE-2015-5058
@@ -710,9 +710,9 @@
CVE-2015-4715
RESERVED
CVE-2015-4714 (Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S ...)
- TODO: check
+ NOT-FOR-US: DreamBox DM500-S
CVE-2015-4713 (SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote ...)
- TODO: check
+ NOT-FOR-US: ApPHP Hotel Site
CVE-2015-4712
RESERVED
CVE-2015-4711
@@ -762,15 +762,15 @@
CVE-2015-4681
RESERVED
CVE-2015-4679 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
- TODO: check
+ NOT-FOR-US: Airties RT-210
CVE-2015-4678 (SQL injection vulnerability in Persian Car CMS 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Persian Car CMS
CVE-2015-4677 (Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka ...)
- TODO: check
+ NOT-FOR-US: FiverrScript
CVE-2015-4676 (SQL injection vulnerability in ticket.php in TickFa 1.x allows remote ...)
- TODO: check
+ NOT-FOR-US: TickFa
CVE-2015-4675 (Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote ...)
- TODO: check
+ NOT-FOR-US: Tiny SRP
CVE-2015-5070
- wesnoth-1.13 <unfixed>
- wesnoth-1.12 <unfixed>
@@ -861,19 +861,19 @@
CVE-2015-4661 (Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows ...)
NOT-FOR-US: Symphony CMS
CVE-2015-4660 (Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal ...)
- TODO: check
+ NOT-FOR-US: Enhanced SQL Portal
CVE-2015-4659 (Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and ...)
- TODO: check
+ NOT-FOR-US: ClickHeat
CVE-2015-4658 (Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm ...)
- TODO: check
+ NOT-FOR-US: Milw0rm Clone Script
CVE-2015-4657 (Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and ...)
NOT-FOR-US: Mailbird
CVE-2015-4656 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo ...)
- TODO: check
+ NOT-FOR-US: Synology Photo Station
CVE-2015-4655 (Cross-site scripting (XSS) vulnerability in Synology DiskStation ...)
- TODO: check
+ NOT-FOR-US: Synology DiskStation Manager
CVE-2015-4654 (SQL injection vulnerability in the EQ Event Calendar component for ...)
- TODO: check
+ NOT-FOR-US: EQ Event Calendar component for Joomla!
CVE-2015-4653
RESERVED
CVE-2015-4650
@@ -885,9 +885,9 @@
CVE-2015-4647
RESERVED
CVE-2015-4641 (Directory traversal vulnerability in the SwiftKey language-pack update ...)
- TODO: check
+ NOT-FOR-US: SwiftKey language-pack update implementation on Samsung devices
CVE-2015-4640 (The SwiftKey language-pack update implementation on Samsung Galaxy S4, ...)
- TODO: check
+ NOT-FOR-US: SwiftKey language-pack update implementation on Samsung devices
CVE-2012-6692 (Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in ...)
NOT-FOR-US: WordPress plugin wordpress-seo
CVE-2015-4652 [GSM DTAP dissector could crash]
More information about the Secure-testing-commits
mailing list