[Secure-testing-commits] r34461 - data/CVE
Helmut Grohne
helmutg at moszumanska.debian.org
Sat May 23 19:05:41 UTC 2015
Author: helmutg
Date: 2015-05-23 19:05:41 +0000 (Sat, 23 May 2015)
New Revision: 34461
Modified:
data/CVE/list
Log:
misc NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-23 19:05:31 UTC (rev 34460)
+++ data/CVE/list 2015-05-23 19:05:41 UTC (rev 34461)
@@ -221,13 +221,13 @@
- python-django <not-affected> (Only affects 1.8 and development branch)
NOTE: https://www.djangoproject.com/weblog/2015/may/20/security-release/
CVE-2015-3981 (SAP NetWeaver RFC SDK allows attackers to obtain sensitive information ...)
- TODO: check
+ NOT-FOR-US: SAP NetWeaver
CVE-2015-3980 (SQL injection vulnerability in the Business Rules Framework ...)
- TODO: check
+ NOT-FOR-US: SAP CRM
CVE-2015-3979 (Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) ...)
- TODO: check
+ NOT-FOR-US: SAP CRM
CVE-2015-3978 (SAP Sybase Unwired Platform Online Data Proxy allows local users to ...)
- TODO: check
+ NOT-FOR-US: SAP Sybase Unwired Platform Online Data Proxy
CVE-2015-3977
RESERVED
CVE-2015-3976
@@ -1064,9 +1064,9 @@
CVE-2015-3634
RESERVED
CVE-2015-3633 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader, Enterprise Reader, PhantomPDF
CVE-2015-3632 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader, Enterprise Reader, PhantomPDF
CVE-2015-3631 (Docker Engine before 1.6.1 allows local users to set arbitrary Linux ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
@@ -1092,7 +1092,7 @@
CVE-2015-3621
RESERVED
CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced dataset ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2015-3619
RESERVED
CVE-2015-3618
@@ -1112,7 +1112,7 @@
CVE-2015-3611
RESERVED
CVE-2015-3610 (The Siemens HomeControl for Room Automation application before 2.0.1 ...)
- TODO: check
+ NOT-FOR-US: Siemens HomeControl for Room Automation application for Android
CVE-2015-3609
RESERVED
CVE-2015-3608
@@ -1475,11 +1475,11 @@
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326 (v4.1-rc2)
NOTE: https://lkml.org/lkml/2011/5/13/382
CVE-2015-3459 (Hospira Lifecare PCA infusion pump running "SW ver 412" does not ...)
- TODO: check
+ NOT-FOR-US: Hospira Lifecare PCA
CVE-2015-3458 (The fetchView function in the Mage_Core_Block_Template_Zend class in ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2015-3457 (Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and ...)
{DSA-3262-1 DSA-3259-1}
- qemu 1:2.3+dfsg-3
@@ -1512,7 +1512,7 @@
CVE-2015-3448 (REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and ...)
TODO: check
CVE-2015-3447 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Dell SonicWALL SonicOS
CVE-2015-3622 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
{DSA-3256-1}
- libtasn1-6 4.4-3
@@ -1527,7 +1527,7 @@
NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian)
CVE-2015-3446 (The Framework Daemon in AlienVault Unified Security Management before ...)
- TODO: check
+ NOT-FOR-US: AlienVault Unified Security Management
CVE-2015-3445
RESERVED
CVE-2015-3444
@@ -1763,15 +1763,15 @@
CVE-2015-3355 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: Batch Jobs module for Drupal
CVE-2015-3354 (Cross-site request forgery (CSRF) vulnerability in the Wishlist module ...)
- TODO: check
+ NOT-FOR-US: Drupal module Wishlist
CVE-2015-3353 (Cross-site scripting (XSS) vulnerability in the Field Display Label ...)
NOT-FOR-US: Field Display Label module for Drupal
CVE-2015-3352 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Drupal module Jammer
CVE-2015-3351 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Log ...)
NOT-FOR-US: Log Watcher module for Drupal
CVE-2015-3350 (Cross-site request forgery (CSRF) vulnerability in the Todo Filter ...)
- TODO: check
+ NOT-FOR-US: Drupal module Todo Filter
CVE-2015-3349 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: Htaccess module for Drupal
CVE-2015-3348 (Cross-site scripting (XSS) vulnerability in the Cloudwords for ...)
@@ -1781,9 +1781,9 @@
CVE-2015-3346 (SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for ...)
NOT-FOR-US: WikiWiki module for Drupal
CVE-2015-3345 (SQL injection vulnerability in the PHPlist Integration Module before ...)
- TODO: check
+ NOT-FOR-US: Drupal module PHPlist
CVE-2015-3344 (Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x ...)
- TODO: check
+ NOT-FOR-US: Drupal module Course
CVE-2015-3343 (Cross-site request forgery (CSRF) vulnerability in the OPAC module ...)
NOT-FOR-US: OPAC module for Drupal
CVE-2015-3342 (Open redirect vulnerability in the Ubercart Currency Conversion module ...)
@@ -1851,7 +1851,7 @@
CVE-2015-3327
RESERVED
CVE-2015-3326 (Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix ...)
- TODO: check
+ NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2015-3325 (SQL injection vulnerability in forum.php in the WP Symposium plugin ...)
NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2015-3324 (The ThinkServer System Manager (TSM) Baseboard Management Controller ...)
@@ -2560,7 +2560,7 @@
CVE-2015-3036 (Stack-based buffer overflow in the run_init_sbus function in the ...)
TODO: check
CVE-2015-3035 (Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with ...)
- TODO: check
+ NOT-FOR-US: TP-LINK Router
CVE-2015-3034
RESERVED
CVE-2015-3033
@@ -3046,13 +3046,13 @@
CVE-2015-2846 (BitTorrent Sync allows remote attackers to execute arbitrary commands ...)
- btsync <itp> (bug #706639)
CVE-2015-2845 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...)
- TODO: check
+ NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2844 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...)
- TODO: check
+ NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2843 (Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before ...)
- TODO: check
+ NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2842 (Unrestricted file upload vulnerability in go_audiostore.php in the ...)
- TODO: check
+ NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2841 (Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote ...)
NOT-FOR-US: Citrix NetScaler
CVE-2015-2840 (Cross-site scripting (XSS) vulnerability in help/rt/large_search.html ...)
@@ -3153,7 +3153,7 @@
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
CVE-2015-2829 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2015-2828 (CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate ...)
NOT-FOR-US: CA Spectrum
CVE-2015-2827 (Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and ...)
@@ -4398,7 +4398,7 @@
- php5 5.6.7+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69207
CVE-2015-2347 (Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before ...)
- TODO: check
+ NOT-FOR-US: Huawei SEQ Analyst
CVE-2015-2346 (XML external entity (XXE) in Huawei SEQ Analyst before ...)
TODO: check
CVE-2015-2345
@@ -4829,7 +4829,7 @@
CVE-2015-2249
RESERVED
CVE-2015-2248 (Cross-site request forgery (CSRF) vulnerability in the user portal in ...)
- TODO: check
+ NOT-FOR-US: Dell SonicWALL
CVE-2015-2247 (Unspecified vulnerability in Boosted Boards skateboards allows ...)
NOT-FOR-US: Boosted Boards skateboards
CVE-2015-2246
@@ -5202,7 +5202,7 @@
CVE-2015-2116 (Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 ...)
NOT-FOR-US: HP
CVE-2015-2115 (Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 ...)
- TODO: check
+ NOT-FOR-US: HP Capture and Route
CVE-2015-2114 (HP Support Solution Framework before 11.51.0049 allows remote ...)
NOT-FOR-US: HP Support Solution Framework
CVE-2015-2113 (Unspecified vulnerability in HP Easy Deploy, as distributed standalone ...)
@@ -5722,7 +5722,7 @@
CVE-2015-1908 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2015-1907 (The Administration and Reporting Tool in IBM Rational License Key ...)
- TODO: check
+ NOT-FOR-US: IBM Rational License Key Server
CVE-2015-1906
RESERVED
CVE-2015-1905
@@ -5774,7 +5774,7 @@
CVE-2015-1882 (Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-1880 (Cross-site scripting (XSS) vulnerability in sslvpn login page in ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...)
NOT-FOR-US: Google Doc Embedder plugin for WordPress
CVE-2015-2042 (net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect ...)
@@ -6896,7 +6896,7 @@
CVE-2015-1485
RESERVED
CVE-2015-1484 (Unquoted Windows search path vulnerability in the agent in Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec Workspace Streaming
CVE-2015-1483 (Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX ...)
NOT-FOR-US: Symantec NetBackup OpsCenter
CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 ...)
@@ -7432,11 +7432,11 @@
CVE-2015-1400 (SQL injection vulnerability in search.php in NPDS Revolution 13 allows ...)
NOT-FOR-US: NPDS Revolution
CVE-2015-1399 (PHP remote file inclusion vulnerability in the fetchView function in ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2015-1398 (Multiple directory traversal vulnerabilities in Magento Community ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2015-1394
RESERVED
NOT-FOR-US: WordPress plugin photo-gallery
@@ -7645,7 +7645,7 @@
NOTE: http://www.ubuntu.com/usn/usn-2581-1
NOTE: https://bazaar.launchpad.net/~phablet-team/network-manager/ofono-format-cleanup/view/head:/debian/patches/add_ofono_settings_support.patch
CVE-2015-1321 (Use-after-free vulnerability in the file picker implementation in ...)
- TODO: check
+ NOT-FOR-US: Oxide
CVE-2015-1320
RESERVED
CVE-2015-1319
@@ -8291,19 +8291,19 @@
CVE-2015-1157
RESERVED
CVE-2015-1156 (The page-loading implementation in WebKit, as used in Apple Safari ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1155 (The history implementation in WebKit, as used in Apple Safari before ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1154 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1153 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1152 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1151 (Wiki Server in Apple OS X Server before 4.1 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-1150 (The Firewall component in Apple OS X Server before 4.1 uses an ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-1149 (Integer overflow in the simulator in Swift in Apple Xcode before 6.3 ...)
NOT-FOR-US: Apple Xcode
CVE-2015-1148 (Screen Sharing in Apple OS X before 10.10.3 stores the password of a ...)
@@ -9254,15 +9254,15 @@
CVE-2015-0915 (Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 ...)
TODO: check
CVE-2015-0914 (EasyCTF before 1.4 does not validate the session ID, which allows ...)
- TODO: check
+ NOT-FOR-US: EasyCTF
CVE-2015-0913 (Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows ...)
- TODO: check
+ NOT-FOR-US: EasyCTF
CVE-2015-0912 (EasyCTF before 1.4 allows remote authenticated users to write ...)
- TODO: check
+ NOT-FOR-US: EasyCTF
CVE-2015-0911 (Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 ...)
- TODO: check
+ NOT-FOR-US: TAGAWA Takao TransmitMail
CVE-2015-0910 (Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail ...)
- TODO: check
+ NOT-FOR-US: TAGAWA Takao TransmitMail
CVE-2015-0909
RESERVED
CVE-2015-0908
@@ -10792,7 +10792,7 @@
CVE-2015-0539
RESERVED
CVE-2015-0538 (ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 ...)
- TODO: check
+ NOT-FOR-US: EMC AutoStart
CVE-2015-0537
RESERVED
CVE-2015-0536
@@ -10804,9 +10804,9 @@
CVE-2015-0533
RESERVED
CVE-2015-0532 (EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and ...)
- TODO: check
+ NOT-FOR-US: EMC RSA Identity Management and Governance
CVE-2015-0531 (EMC SourceOne Email Management before 7.2 does not have a lockout ...)
- TODO: check
+ NOT-FOR-US: EMC SourceOne Email Management
CVE-2015-0530 (Buffer overflow in an unspecified function in nsr_render_log in EMC ...)
NOT-FOR-US: EMC NetWorker
CVE-2015-0529 (EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default ...)
@@ -11591,7 +11591,7 @@
CVE-2014-9327
RESERVED
CVE-2014-9326 (The automatic signature update functionality in the (1) Phone Home ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2014-9325 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 ...)
NOT-FOR-US: Twiki
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325
@@ -14241,13 +14241,13 @@
CVE-2014-8620
RESERVED
CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in autolearn configuration ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiWeb
CVE-2014-8618 (Cross-site scripting (XSS) vulnerability in theme login page in ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiADC
CVE-2014-8617 (Cross-site scripting (XSS) vulnerability in the Web Action Quarantine ...)
NOT-FOR-US: FortiMail
CVE-2014-8616 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2014-8615
REJECTED
CVE-2014-8614
@@ -15111,7 +15111,7 @@
CVE-2014-8362
RESERVED
CVE-2014-8361 (The miniigd SOAP service in Realtek SDK allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Realtek SDK
CVE-2014-8360 (Directory traversal vulnerability in inc/autoload.function.php in GLPI ...)
- glpi <unfixed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
@@ -22288,7 +22288,7 @@
CVE-2014-5371
RESERVED
CVE-2014-5370 (Directory traversal vulnerability in the CFChart servlet ...)
- TODO: check
+ NOT-FOR-US: New Atlanta BlueDragon
CVE-2014-5369 (Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption ...)
- enigmail 2:1.7.2-1
[wheezy] - enigmail <not-affected> (Introduced in 1.7)
@@ -22309,7 +22309,7 @@
CVE-2014-5362
RESERVED
CVE-2014-5361 (Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk ...)
- TODO: check
+ NOT-FOR-US: LANDesk Management Suite
CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)
NOT-FOR-US: LANDESK Management Suite
CVE-2014-5359 (Directory traversal vulnerability in SafeNet Authentication Service ...)
@@ -34185,7 +34185,7 @@
CVE-2014-0920 (IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs ...)
NOT-FOR-US: IBM SPSS Analytic Server
CVE-2014-0919 (IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2014-0918 (Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in ...)
NOT-FOR-US: IBM Eclipse Help System
CVE-2014-0917 (Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System ...)
@@ -59275,7 +59275,7 @@
CVE-2011-5211 (Cross-site scripting (XSS) vulnerability in the poll module in Subrion ...)
NOT-FOR-US: Subrion CMS
CVE-2012-5451 (Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi ...)
- TODO: check
+ NOT-FOR-US: TVMOBiLi
CVE-2012-5450 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: CMS Made Simple
CVE-2012-5449
@@ -65979,11 +65979,11 @@
CVE-2012-2933
RESERVED
CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...)
- TODO: check
+ NOT-FOR-US: TinyWebGallery
CVE-2012-2931
RESERVED
CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: TinyWebGallery
CVE-2012-2929
RESERVED
CVE-2011-5091 (Multiple SQL injection vulnerabilities in GR Board (aka grboard) ...)
@@ -75302,7 +75302,7 @@
- jetty 6.1.19-1 (low; bug #528389)
NOTE: duplicate of CVE-2009-1523
CVE-2011-4403 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2011-4402
REJECTED
CVE-2011-4401
More information about the Secure-testing-commits
mailing list