[Secure-testing-commits] r35180 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jun 27 05:44:59 UTC 2015 

Author: carnil
Date: 2015-06-27 05:44:57 +0000 (Sat, 27 Jun 2015)
New Revision: 35180

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-06-27 05:07:12 UTC (rev 35179)
+++ data/CVE/list	2015-06-27 05:44:57 UTC (rev 35180)
@@ -10,11 +10,11 @@
 CVE-2015-5067 (The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP ...)
 	NOT-FOR-US: SAP
 CVE-2015-5066 (Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix ...)
-	TODO: check
+	NOT-FOR-US: MetalGenix GeniXCMS
 CVE-2015-5065 (Absolute path traversal vulnerability in proxy.php in the google ...)
 	NOT-FOR-US: Paypal Currency Converter Basic For WooCommerce plugin for WordPress
 CVE-2015-5064 (Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite ...)
-	TODO: check
+	NOT-FOR-US: MySql Lite Administrator
 CVE-2015-5063 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
 	- silverstripe <itp> (bug #528461)
 CVE-2015-5062 (Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 ...)
@@ -686,9 +686,9 @@
 CVE-2015-4727
 	RESERVED
 CVE-2015-4726 (PHP remote file inclusion vulnerability in ajax/myajaxphp.php in ...)
-	TODO: check
+	NOT-FOR-US: AudioShare
 CVE-2015-4725 (Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare ...)
-	TODO: check
+	NOT-FOR-US: AudioShare
 CVE-2015-4724
 	RESERVED
 CVE-2015-4723
@@ -1031,9 +1031,9 @@
 CVE-2015-4589
 	RESERVED
 CVE-2015-4587 (Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent ...)
-	TODO: check
+	NOT-FOR-US: Alcatel-Lucent CellPipe 7130 router
 CVE-2015-4586 (Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent ...)
-	TODO: check
+	NOT-FOR-US: Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL
 CVE-2015-4585
 	RESERVED
 CVE-2015-4584
@@ -1087,7 +1087,7 @@
 CVE-2015-4560
 	RESERVED
 CVE-2015-4559 (Cross-site scripting (XSS) vulnerability in the product deployment ...)
-	TODO: check
+	NOT-FOR-US: Intel McAfee ePolicy Orchestrator
 CVE-2015-4558
 	RESERVED
 CVE-2015-4557
@@ -1104,7 +1104,7 @@
 CVE-2015-4551
 	RESERVED
 CVE-2015-4550 (The Cavium cryptographic-module firmware on Cisco Adaptive Security ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4549
 	RESERVED
 CVE-2015-4548
@@ -1416,7 +1416,7 @@
 CVE-2015-4421
 	RESERVED
 CVE-2015-4420 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 ...)
-	TODO: check
+	NOT-FOR-US: Opsview
 CVE-2015-4419
 	RESERVED
 CVE-2015-4418 (Zoho NetFlow Analyzer build 10250 and earlier does not have an off ...)
@@ -2161,9 +2161,9 @@
 CVE-2015-4120
 	RESERVED
 CVE-2015-4119 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: ISPConfig
 CVE-2015-4118 (SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig ...)
-	TODO: check
+	NOT-FOR-US: ISPConfig
 CVE-2015-4117
 	RESERVED
 CVE-2015-4116
@@ -2801,7 +2801,7 @@
 CVE-2015-3898
 	RESERVED
 CVE-2015-3897 (Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 ...)
-	TODO: check
+	NOT-FOR-US: Bonita BPM Portal
 CVE-2015-3896
 	RESERVED
 CVE-2015-3895
@@ -4043,7 +4043,7 @@
 CVE-2015-3423
 	RESERVED
 CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 ...)
-	TODO: check
+	NOT-FOR-US: SearchBlox
 CVE-2015-3421
 	RESERVED
 CVE-2015-3419
@@ -4393,11 +4393,11 @@
 CVE-2015-3319 (Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly ...)
 	NOT-FOR-US: Hotspot Express hotEx Billing Manager
 CVE-2015-3318 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
-	TODO: check
+	NOT-FOR-US: CA Common Services in ca.com products
 CVE-2015-3317 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
-	TODO: check
+	NOT-FOR-US: CA Common Services in ca.com products
 CVE-2015-3316 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
-	TODO: check
+	NOT-FOR-US: CA Common Services in ca.com products
 CVE-2015-3314
 	RESERVED
 CVE-2015-3313
@@ -5045,13 +5045,13 @@
 	NOT-FOR-US: Adobe Flash Player
 	NOTE: https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
 CVE-2015-3112 (Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2015-3111 (Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2015-3110 (Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2015-3109 (Adobe Photoshop CC before 16.0 (aka 2015.0.0) allows attackers to ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2015-3108 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2015-3107 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 ...)
@@ -5666,11 +5666,11 @@
 CVE-2015-2862
 	RESERVED
 CVE-2015-2861 (Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel ...)
-	TODO: check
+	NOT-FOR-US: Vesta Control Panel
 CVE-2015-2860 (Directory traversal vulnerability in Avigilon Control Center (ACC) 4 ...)
-	TODO: check
+	NOT-FOR-US: Avigilon Control Center
 CVE-2015-2859 (Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x ...)
-	TODO: check
+	NOT-FOR-US: Intel McAfee ePolicy Orchestrator
 CVE-2015-2858
 	RESERVED
 CVE-2015-2857
@@ -5871,9 +5871,9 @@
 	NOTE: Upstream commit: https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/8
 CVE-2015-2805 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Alcatel-Lucent OmniSwitch
 CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, ...)
-	TODO: check
+	NOT-FOR-US: Alcatel-Lucent OmniSwitch
 CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the Akronymmanager ...)
 	TODO: check
 CVE-2015-2802
@@ -5887,7 +5887,7 @@
 CVE-2015-2798
 	RESERVED
 CVE-2015-2797 (Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, ...)
-	TODO: check
+	NOT-FOR-US: AirTies Air DSL modems
 CVE-2015-2796
 	RESERVED
 CVE-2015-2795
@@ -7731,7 +7731,7 @@
 	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/625f5a9b8f008b8714850e4aa064dee1de06e534
 CVE-2015-2169 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2015-2168
 	REJECTED
 CVE-2015-2167 (Open redirect vulnerability in the 3PI Manager in Ericsson Drutt ...)
@@ -11585,7 +11585,7 @@
 CVE-2015-0974
 	RESERVED
 CVE-2015-0972 (Pearson ProctorCache before 2015.1.17 uses the same hardcoded password ...)
-	TODO: check
+	NOT-FOR-US: Pearson ProctorCache
 CVE-2015-0971 (The DER parser in Suricata before 2.0.8 allows remote attackers to ...)
 	{DSA-3254-1}
 	- suricata 2.0.8-1
@@ -13562,7 +13562,7 @@
 CVE-2015-0527 (EMC Documentum xCelerated Management System (xMS) 1.1 before P14 ...)
 	NOT-FOR-US: EMC
 CVE-2015-0526 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Validation Manager
 CVE-2015-0525 (The Gateway Provisioning service in EMC Secure Remote Services Virtual ...)
 	NOT-FOR-US: EMC
 CVE-2015-0524 (SQL injection vulnerability in the Gateway Provisioning service in EMC ...)
@@ -14716,9 +14716,9 @@
 CVE-2015-0345 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
 	NOT-FOR-US: Adobe ColdFusion
 CVE-2015-0344 (Cross-site scripting (XSS) vulnerability in the web app in Adobe ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2015-0343 (Cross-site scripting (XSS) vulnerability in admin/home/homepage/search ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2015-0342 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 ...)
 	NOT-FOR-US: Adobe Flash
 CVE-2015-0341 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 ...)
@@ -26361,7 +26361,7 @@
 	- xen <not-affected> (LWIP DNS code not present in Xen Debian packages)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1169008
 CVE-2014-4882 (Aptexx Resident Anywhere does not require authentication, which allows ...)
-	TODO: check
+	NOT-FOR-US: Aptexx Resident Anywhere
 CVE-2014-4881 (The PartyTrack library for Android does not verify X.509 certificates ...)
 	NOT-FOR-US: PartyTrack library for Android
 CVE-2014-4880 (Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, ...)
@@ -26377,7 +26377,7 @@
 CVE-2014-4876
 	RESERVED
 CVE-2014-4875 (CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and ...)
-	TODO: check
+	NOT-FOR-US: CreateBossCredentials.jar in Toshiba CHEC
 CVE-2014-4874 (BMC Track-It! 11.3.0.355 allows remote authenticated users to read ...)
 	NOT-FOR-US: BMC Track-It!
 CVE-2014-4873 (SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC ...)

More information about the Secure-testing-commits mailing list