[Secure-testing-commits] r32663 - data/CVE
Michael Gilbert
mgilbert at moszumanska.debian.org
Fri Mar 6 01:49:32 UTC 2015
Author: mgilbert
Date: 2015-03-06 01:49:32 +0000 (Fri, 06 Mar 2015)
New Revision: 32663
Modified:
data/CVE/list
Log:
process some nfus
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-05 21:14:55 UTC (rev 32662)
+++ data/CVE/list 2015-03-06 01:49:32 UTC (rev 32663)
@@ -16,17 +16,17 @@
CVE-2015-2200
RESERVED
CVE-2015-2199 (Multiple SQL injection vulnerabilities in the WonderPlugin Audio ...)
- TODO: check
+ NOT-FOR-US: WonderPlugin Audio Player plugin for WordPress
CVE-2015-2198 (Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php ...)
- TODO: check
+ NOT-FOR-US: Beehive Forum
CVE-2015-2197 (Cross-site scripting (XSS) vulnerability in the Entity API module ...)
- TODO: check
+ NOT-FOR-US: Entity module for Drupal
CVE-2015-2196 (SQL injection vulnerability in Spider Event Calendar 1.4.9 for ...)
- TODO: check
+ NOT-FOR-US: Spider Event Calender
CVE-2015-2195 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Media ...)
- TODO: check
+ NOT-FOR-US: WP Media Cleaner plugin for WordPress
CVE-2015-2194 (Unrestricted file upload vulnerability in the fusion_options function ...)
- TODO: check
+ NOT-FOR-US: fusion_options function in functions.php in the Fusion theme for WordPress
CVE-2015-2193
RESERVED
CVE-2014-XXXX [Invalid pointer dereference in the GNOME librest library]
@@ -222,7 +222,7 @@
CVE-2015-2102 (SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 ...)
NOT-FOR-US: ClipBucket
CVE-2015-2101 (Cross-site scripting (XSS) vulnerability in the Navigate bar in the ...)
- TODO: check
+ NOT-FOR-US: Navigate module for Drupal
CVE-2013-7434
RESERVED
CVE-2015-XXXX [heap buffer overflow]
@@ -284,11 +284,11 @@
CVE-2015-2089 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin for WordPress
CVE-2015-2088 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
- TODO: check
+ NOT-FOR-US: Term Queue model for Drupal
CVE-2015-2087 (Unrestricted file upload vulnerability in the Avatar Uploader module ...)
- TODO: check
+ NOT-FOR-US: Avatar Uploader module for Drupal
CVE-2015-2086 (Cross-site scripting (XSS) vulnerability in the live preview in the ...)
- TODO: check
+ NOT-FOR-US: Panopoly Magic module for Drupal
CVE-2014-9687 [eCryptfs key wrapping help to crack user password]
RESERVED
- ecryptfs-utils <unfixed>
@@ -315,7 +315,7 @@
CVE-2015-2083 (Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows ...)
NOT-FOR-US: Ilch CMS
CVE-2015-2082 (Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 ...)
- TODO: check
+ NOT-FOR-US: UNIT4 Prosoft HRMS
CVE-2015-2081
RESERVED
CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums ...)
@@ -357,9 +357,9 @@
CVE-2015-2069 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin ...)
NOT-FOR-US: WooCommerce plugin for WordPress
CVE-2015-2068 (Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka ...)
- TODO: check
+ NOT-FOR-US: Magento Server
CVE-2015-2067 (Directory traversal vulnerability in web/ajax_pluginconf.php in the ...)
- TODO: check
+ NOT-FOR-US: Magento Server
CVE-2015-2066 (SQL injection vulnerability in DLGuard 4.5 allows remote attackers to ...)
NOT-FOR-US: DLGuard
CVE-2015-2065 (SQL injection vulnerability in videogalleryrss.php in the Apptha ...)
@@ -408,7 +408,7 @@
NOTE: http://xenbits.xen.org/xsa/advisory-121.html
TODO: check
CVE-2015-2043 (Multiple cross-site scripting (XSS) vulnerabilities in Visualware ...)
- TODO: check
+ NOT-FOR-US: Visualware
CVE-2015-2040 (Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka ...)
NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
CVE-2015-2039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -441,7 +441,7 @@
CVE-2015-2036
RESERVED
CVE-2015-2033 (Anyterm Daemon in Infoblox Network Automation NetMRI before ...)
- TODO: check
+ NOT-FOR-US: Anyterm Daemon
CVE-2015-2032
RESERVED
CVE-2015-2031
@@ -1283,7 +1283,7 @@
CVE-2015-1622
RESERVED
CVE-2015-1621 (Cross-site scripting (XSS) vulnerability in the Webform prepopulate ...)
- TODO: check
+ NOT-FOR-US: Webform module for Drupal
CVE-2015-1620
RESERVED
CVE-2015-1619 (Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client ...)
@@ -1413,7 +1413,7 @@
CVE-2015-1588
RESERVED
CVE-2015-1587 (Unrestricted file upload vulnerability in file_to_index.php in Maarch ...)
- TODO: check
+ NOT-FOR-US: Maarch LetterBox
CVE-2015-1586
RESERVED
CVE-2015-1585 (Fat Free CRM before 0.13.6 allows remote attackers to conduct ...)
@@ -1621,7 +1621,7 @@
CVE-2015-1516
RESERVED
CVE-2015-1515 (The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 ...)
- TODO: check
+ NOT-FOR-US: SoftSphere
CVE-2015-1514 (Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 ...)
NOT-FOR-US: FancyFon FAMOC
CVE-2015-1513 (SQL injection vulnerability in SIPhone Enterprise PBX allows remote ...)
@@ -1649,11 +1649,11 @@
CVE-2015-1502
RESERVED
CVE-2015-1501 (The factory.loadExtensionFactory function in ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2015-1500 (Multiple stack-based buffer overflows in the ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2015-1499 (The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 ...)
- TODO: check
+ NOT-FOR-US: Samsung Security Manager
CVE-2015-1498 (Persistent Systems Radia Client Automation does not properly restrict ...)
NOT-FOR-US: Persistent Systems Radia Client Automation
CVE-2015-1497 (radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, ...)
@@ -1663,7 +1663,7 @@
CVE-2015-1495 (Multiple stack-based buffer overflows in Motorola Scanner SDK allow ...)
NOT-FOR-US: Motorola Scanner SDK
CVE-2015-1494 (The FancyBox for WordPress plugin before 3.0.3 for WordPress does not ...)
- TODO: check
+ NOT-FOR-US: FancyBox plugin for WordPress
CVE-2015-1492
RESERVED
CVE-2015-1491
@@ -2015,9 +2015,9 @@
CVE-2015-1436 (Cross-site scripting (XSS) vulnerability in the Easing Slider plugin ...)
NOT-FOR-US: Easing Slider plugin for WordPress
CVE-2015-1435 (Cross-site scripting (XSS) vulnerability in my little forum before ...)
- TODO: check
+ NOT-FOR-US: Little forum
CVE-2015-1434 (Multiple SQL injection vulnerabilities in my little forum before 2.3.4 ...)
- TODO: check
+ NOT-FOR-US: Little forum
CVE-2015-1429
RESERVED
CVE-2015-1428 (Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow ...)
@@ -2262,13 +2262,13 @@
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-1358 (The remote-management module in the (1) Multi Panels, (2) Comfort ...)
- TODO: check
+ NOT-FOR-US: Siemens SIMATIC
CVE-2015-1357 (Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, ...)
NOT-FOR-US: Siemens Ruggedcom
CVE-2015-1356 (Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's ...)
- TODO: check
+ NOT-FOR-US: Siemens SIMATIC
CVE-2015-1355 (Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak ...)
- TODO: check
+ NOT-FOR-US: Siemens SIMATIC
CVE-2014-9648 (components/navigation_interception/intercept_navigation_resource_throttle.cc ...)
- chromium-browser <not-affected> (Chrome on Android)
CVE-2014-9647 (Use-after-free vulnerability in PDFium, as used in Google Chrome ...)
@@ -3517,7 +3517,7 @@
CVE-2015-0978
RESERVED
CVE-2015-0977 (Network Vision IntraVue before 2.3.0a14 on Windows allows remote ...)
- TODO: check
+ NOT-FOR-US: IntraVue
CVE-2015-0976
RESERVED
CVE-2015-0975
@@ -3601,13 +3601,13 @@
CVE-2015-0935
RESERVED
CVE-2015-0934 (Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ...)
- TODO: check
+ NOT-FOR-US: ShareLaTeX
CVE-2015-0933 (Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, ...)
- TODO: check
+ NOT-FOR-US: ShareLaTeX
CVE-2015-0932
RESERVED
CVE-2015-0931 (Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and ...)
- TODO: check
+ NOT-FOR-US: Ektron CMS
CVE-2015-0930 (The web interface on SerVision HVG Video Gateway devices with firmware ...)
NOT-FOR-US: SerVision HVG Video Gateway
CVE-2015-0929 (time.htm in the web interface on SerVision HVG Video Gateway devices ...)
@@ -3627,7 +3627,7 @@
CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the root ...)
NOT-FOR-US: Ceragon FiberAir IP-10 bridges
CVE-2015-0923 (The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron ...)
- TODO: check
+ NOT-FOR-US: Ektron CMS
CVE-2014-999999
REJECTED
CVE-2014-99999
@@ -3964,11 +3964,11 @@
CVE-2015-0891
RESERVED
CVE-2015-0890 (The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for ...)
- TODO: check
+ NOT-FOR-US: BestWebSoft plugin for WordPress
CVE-2015-0889 (KENT-WEB Joyful Note before 5.3 allows remote attackers to delete ...)
- TODO: check
+ NOT-FOR-US: KENT-WEB Joyful Note
CVE-2015-0888 (KENT-WEB Clip Board before 4.1 allows remote attackers to delete ...)
- TODO: check
+ NOT-FOR-US: KENT-WEB Clip Board
CVE-2015-0887 (npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji ...)
TODO: check
CVE-2015-0886 (Integer overflow in the crypt_raw method in the key-stretching ...)
@@ -3976,21 +3976,21 @@
CVE-2015-0885 (checkpw 1.02 and earlier allows remote attackers to cause a denial of ...)
TODO: check
CVE-2015-0884 (Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack ...)
- TODO: check
+ NOT-FOR-US: Toshiba Bluetooth Stack
CVE-2015-0883 (SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth ...)
- TODO: check
+ NOT-FOR-US: Mailform Pro
CVE-2015-0882 (Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2015-0881 (CRLF injection vulnerability in Squid before 3.1.1 allows remote ...)
- squid <unfixed>
- squid3 3.1.1-1
NOTE: http://www.openwall.com/lists/oss-security/2015/03/01/2
CVE-2015-0880 (Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote ...)
- TODO: check
+ NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0879 (CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0878 (Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d ...)
- TODO: check
+ NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0877
RESERVED
CVE-2015-0876
@@ -4000,7 +4000,7 @@
CVE-2015-0874
RESERVED
CVE-2015-0873 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...)
- TODO: check
+ NOT-FOR-US: PerlTreeBBS
CVE-2015-0872
RESERVED
CVE-2015-0871 (Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI ...)
@@ -4475,9 +4475,9 @@
CVE-2015-0657
RESERVED
CVE-2015-0656 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco NAM
CVE-2015-0655 (Cross-site scripting (XSS) vulnerability in Unified Web Interaction ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Web
CVE-2015-0654
RESERVED
CVE-2015-0653
@@ -4485,7 +4485,7 @@
CVE-2015-0652
RESERVED
CVE-2015-0651 (Cross-site request forgery (CSRF) vulnerability in the web GUI in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0650
RESERVED
CVE-2015-0649
@@ -4521,39 +4521,39 @@
CVE-2015-0634
RESERVED
CVE-2015-0633 (The Integrated Management Controller (IMC) in Cisco Unified Computing ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0632 (Race condition in the Neighbor Discovery (ND) protocol implementation ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2015-0631 (Race condition in the SSL implementation on Cisco Intrusion Prevention ...)
- TODO: check
+ NOT-FOR-US: Cisco IPS
CVE-2015-0630
RESERVED
CVE-2015-0629
RESERVED
CVE-2015-0628 (The proxy engine on Cisco Web Security Appliance (WSA) devices allows ...)
- TODO: check
+ NOT-FOR-US: Cisco WSA
CVE-2015-0627
RESERVED
CVE-2015-0626 (The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows ...)
- TODO: check
+ NOT-FOR-US: Cisco HCS
CVE-2015-0625
RESERVED
CVE-2015-0624 (The web framework in Cisco AsyncOS on Email Security Appliance (ESA), ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0623 (Cross-site scripting (XSS) vulnerability in the Administrator report ...)
- TODO: check
+ NOT-FOR-US: Cisco WSA
CVE-2015-0622 (The Wireless Intrusion Detection (aka WIDS) functionality on Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco WLC
CVE-2015-0621 (Cisco TelePresence MCU devices with software 4.5(1.45) allow remote ...)
- TODO: check
+ NOT-FOR-US: Cisco TelePresence
CVE-2015-0620 (The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) ...)
- TODO: check
+ NOT-FOR-US: Cisco TelePresence
CVE-2015-0619 (Memory leak in the embedded web server in the WebVPN subsystem in ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-0618 (Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2015-0617 (Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0616
RESERVED
CVE-2015-0615
@@ -4599,7 +4599,7 @@
CVE-2015-0595 (The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier ...)
NOT-FOR-US: Cisco
CVE-2015-0594 (Multiple cross-site scripting (XSS) vulnerabilities in the help pages ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0593 (The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and ...)
NOT-FOR-US: Cisco
CVE-2015-0592 (The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and ...)
@@ -4619,7 +4619,7 @@
CVE-2015-0585
RESERVED
CVE-2015-0584 (The image-upgrade implementation on Cisco Desktop Collaboration ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0583 (Cisco WebEx Meeting Center does not properly restrict the content of ...)
NOT-FOR-US: Cisco WebEx Meeting Center
CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 ...)
@@ -4892,7 +4892,7 @@
CVE-2015-0558
RESERVED
CVE-2015-0555 (Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2015-0554 (The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with ...)
NOT-FOR-US: ADB router
CVE-2015-0553 (Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in ...)
More information about the Secure-testing-commits
mailing list