[Secure-testing-commits] r33153 - data/CVE
Helmut Grohne
helmutg at moszumanska.debian.org
Thu Mar 26 07:35:05 UTC 2015
Author: helmutg
Date: 2015-03-26 07:35:05 +0000 (Thu, 26 Mar 2015)
New Revision: 33153
Modified:
data/CVE/list
Log:
misc NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-26 06:45:30 UTC (rev 33152)
+++ data/CVE/list 2015-03-26 07:35:05 UTC (rev 33153)
@@ -1017,7 +1017,7 @@
CVE-2015-2284
RESERVED
CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: ZeusCart
CVE-2015-2674 [Doesn't Validate TLS]
RESERVED
- python-restkit <unfixed>
@@ -1214,11 +1214,11 @@
CVE-2015-2218 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin for WordPress
CVE-2015-2217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP ...)
- TODO: check
+ NOT-FOR-US: myUPB
CVE-2015-2216 (SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme ...)
NOT-FOR-US: Photocrati theme for WordPress
CVE-2015-2215 (Open redirect vulnerability in the Services single sign-on server ...)
- TODO: check
+ NOT-FOR-US: Drupal module Services single sign-on server helper
CVE-2015-2214 (NetCat 5.01 and earlier allows remote attackers to obtain the ...)
NOT-FOR-US: NetCat CMS
CVE-2015-2213
@@ -1327,11 +1327,11 @@
CVE-2015-2185
RESERVED
CVE-2015-2184 (ZeusCart 4 allows remote attackers to obtain configuration information ...)
- TODO: check
+ NOT-FOR-US: ZeusCart
CVE-2015-2183 (Multiple SQL injection vulnerabilities in the administrative backend ...)
- TODO: check
+ NOT-FOR-US: ZeusCart
CVE-2015-2182 (Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 ...)
- TODO: check
+ NOT-FOR-US: ZeusCart
CVE-2015-2181
RESERVED
CVE-2015-2180
@@ -2072,7 +2072,7 @@
CVE-2015-1876
RESERVED
CVE-2015-1875 (SQL injection vulnerability in a2billing/customer/iridium_threed.php ...)
- TODO: check
+ NOT-FOR-US: Elastix
CVE-2015-1874 (Cross-site request forgery (CSRF) vulnerability in the Contact Form DB ...)
NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
CVE-2015-1873
@@ -2617,15 +2617,15 @@
CVE-2015-1633 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
NOT-FOR-US: Microsoft SharePoint
CVE-2015-1632 (Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2015-1631 (Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2015-1630 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2015-1629 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2015-1628 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2015-1627 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1626 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
@@ -4198,7 +4198,7 @@
CVE-2015-1171
RESERVED
CVE-2015-1170 (The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2015-1169 (Apereo Central Authentication Service (CAS) Server before 3.5.3 allows ...)
NOT-FOR-US: Apereo Central Authentication Service
CVE-2015-1168
@@ -4514,7 +4514,7 @@
CVE-2015-1068 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 ...)
TODO: check
CVE-2015-1065 (Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 ...)
@@ -4797,7 +4797,7 @@
NOTE: Automatic version check is disabled and inherently insecure (CVE-2014-2029)
NOTE: Patch applied to OpenSUSE 13.1: https://build.opensuse.org/package/view_file/openSUSE:13.1:Update/xtrabackup/percona-xtrabackup-CVE-2015-1027.patch?expand=1
CVE-2015-1026 (Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine
CVE-2015-1025
RESERVED
CVE-2015-1024
@@ -6128,7 +6128,7 @@
CVE-2014-9567 (Unrestricted file upload vulnerability in process-upload.php in ...)
NOT-FOR-US: ProjectSend
CVE-2014-9566 (Multiple SQL injection vulnerabilities in the Manage Accounts page in ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2014-9565
RESERVED
CVE-2014-9564
@@ -8290,7 +8290,7 @@
CVE-2014-9019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ...)
NOT-FOR-US: ZTE ZXDSL 831CII
CVE-2014-9017 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 ...)
{DSA-3168-1 DLA-167-1}
- ruby-redcloth 4.2.9-4 (bug #774748)
@@ -9335,7 +9335,7 @@
CVE-2015-0033
RESERVED
CVE-2015-0032 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2015-0031 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0030 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
More information about the Secure-testing-commits
mailing list