[Secure-testing-commits] r33153 - data/CVE

Helmut Grohne helmutg at moszumanska.debian.org
Thu Mar 26 07:35:05 UTC 2015 

Author: helmutg
Date: 2015-03-26 07:35:05 +0000 (Thu, 26 Mar 2015)
New Revision: 33153

Modified:
   data/CVE/list
Log:
misc NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-26 06:45:30 UTC (rev 33152)
+++ data/CVE/list	2015-03-26 07:35:05 UTC (rev 33153)
@@ -1017,7 +1017,7 @@
 CVE-2015-2284
 	RESERVED
 CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier ...)
-	TODO: check
+	NOT-FOR-US: ZeusCart
 CVE-2015-2674 [Doesn't Validate TLS]
 	RESERVED
 	- python-restkit <unfixed>
@@ -1214,11 +1214,11 @@
 CVE-2015-2218 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin for WordPress
 CVE-2015-2217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP ...)
-	TODO: check
+	NOT-FOR-US: myUPB
 CVE-2015-2216 (SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme ...)
 	NOT-FOR-US: Photocrati theme for WordPress
 CVE-2015-2215 (Open redirect vulnerability in the Services single sign-on server ...)
-	TODO: check
+	NOT-FOR-US: Drupal module Services single sign-on server helper
 CVE-2015-2214 (NetCat 5.01 and earlier allows remote attackers to obtain the ...)
 	NOT-FOR-US: NetCat CMS
 CVE-2015-2213
@@ -1327,11 +1327,11 @@
 CVE-2015-2185
 	RESERVED
 CVE-2015-2184 (ZeusCart 4 allows remote attackers to obtain configuration information ...)
-	TODO: check
+	NOT-FOR-US: ZeusCart
 CVE-2015-2183 (Multiple SQL injection vulnerabilities in the administrative backend ...)
-	TODO: check
+	NOT-FOR-US: ZeusCart
 CVE-2015-2182 (Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 ...)
-	TODO: check
+	NOT-FOR-US: ZeusCart
 CVE-2015-2181
 	RESERVED
 CVE-2015-2180
@@ -2072,7 +2072,7 @@
 CVE-2015-1876
 	RESERVED
 CVE-2015-1875 (SQL injection vulnerability in a2billing/customer/iridium_threed.php ...)
-	TODO: check
+	NOT-FOR-US: Elastix
 CVE-2015-1874 (Cross-site request forgery (CSRF) vulnerability in the Contact Form DB ...)
 	NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
 CVE-2015-1873
@@ -2617,15 +2617,15 @@
 CVE-2015-1633 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
 	NOT-FOR-US: Microsoft SharePoint
 CVE-2015-1632 (Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-1631 (Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-1630 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-1629 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-1628 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-1627 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2015-1626 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
@@ -4198,7 +4198,7 @@
 CVE-2015-1171
 	RESERVED
 CVE-2015-1170 (The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows driver
 CVE-2015-1169 (Apereo Central Authentication Service (CAS) Server before 3.5.3 allows ...)
 	NOT-FOR-US: Apereo Central Authentication Service
 CVE-2015-1168
@@ -4514,7 +4514,7 @@
 CVE-2015-1068 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 ...)
 	TODO: check
 CVE-2015-1065 (Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 ...)
@@ -4797,7 +4797,7 @@
 	NOTE: Automatic version check is disabled and inherently insecure (CVE-2014-2029)
 	NOTE: Patch applied to OpenSUSE 13.1: https://build.opensuse.org/package/view_file/openSUSE:13.1:Update/xtrabackup/percona-xtrabackup-CVE-2015-1027.patch?expand=1
 CVE-2015-1026 (Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ...)
-	TODO: check
+	NOT-FOR-US: ZOHO ManageEngine
 CVE-2015-1025
 	RESERVED
 CVE-2015-1024
@@ -6128,7 +6128,7 @@
 CVE-2014-9567 (Unrestricted file upload vulnerability in process-upload.php in ...)
 	NOT-FOR-US: ProjectSend
 CVE-2014-9566 (Multiple SQL injection vulnerabilities in the Manage Accounts page in ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2014-9565
 	RESERVED
 CVE-2014-9564
@@ -8290,7 +8290,7 @@
 CVE-2014-9019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ...)
 	NOT-FOR-US: ZTE ZXDSL 831CII
 CVE-2014-9017 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 ...)
-	TODO: check
+	NOT-FOR-US: OpenKM
 CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 ...)
 	{DSA-3168-1 DLA-167-1}
 	- ruby-redcloth 4.2.9-4 (bug #774748)
@@ -9335,7 +9335,7 @@
 CVE-2015-0033
 	RESERVED
 CVE-2015-0032 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-0031 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2015-0030 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)

More information about the Secure-testing-commits mailing list