[Secure-testing-commits] r36868 - data/CVE
Michael Gilbert
mgilbert at moszumanska.debian.org
Sun Sep 27 18:21:44 UTC 2015
Author: mgilbert
Date: 2015-09-27 18:21:44 +0000 (Sun, 27 Sep 2015)
New Revision: 36868
Modified:
data/CVE/list
Log:
nfus
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-27 17:20:12 UTC (rev 36867)
+++ data/CVE/list 2015-09-27 18:21:44 UTC (rev 36868)
@@ -1873,9 +1873,9 @@
CVE-2015-6549
RESERVED
CVE-2015-6548 (Multiple SQL injection vulnerabilities in a PHP script in the ...)
- TODO: check
+ NOT-FOR-US: Symantec Web Gateway
CVE-2015-6547 (The management console on Symantec Web Gateway (SWG) appliances with ...)
- TODO: check
+ NOT-FOR-US: Semantec Web Gateway
CVE-2015-6546
RESERVED
CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb ...)
@@ -2100,9 +2100,9 @@
CVE-2015-6476
RESERVED
CVE-2015-6475 (Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ...)
- TODO: check
+ NOT-FOR-US: ServeMaster
CVE-2015-6474 (IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers ...)
- TODO: check
+ NOT-FOR-US: ServeMaster
CVE-2015-6473
RESERVED
CVE-2015-6472
@@ -2110,11 +2110,11 @@
CVE-2015-6471
RESERVED
CVE-2015-6470 (Resource Data Management Data Manager before 2.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: Resource Data Manager
CVE-2015-6469 (The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ ...)
- TODO: check
+ NOT-FOR-US: ServerMaster
CVE-2015-6468 (Cross-site request forgery (CSRF) vulnerability in Resource Data ...)
- TODO: check
+ NOT-FOR-US: Resource Data Manager
CVE-2015-6467
RESERVED
CVE-2015-6466 (Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature ...)
@@ -2130,19 +2130,19 @@
CVE-2015-6461
RESERVED
CVE-2015-6460 (Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway ...)
- TODO: check
+ NOT-FOR-US: CODESYS Gateway Server
CVE-2015-6459 (Absolute path traversal vulnerability in the download feature in ...)
- TODO: check
+ NOT-FOR-US: FileDownloadServlet
CVE-2015-6458
RESERVED
CVE-2015-6457
RESERVED
CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before ...)
- TODO: check
+ NOT-FOR-US: PulseNET
CVE-2015-6455
RESERVED
CVE-2015-6454 (Everest PeakHMI before 8.7.0.2, when the video server is used, allows ...)
- TODO: check
+ NOT-FOR-US: PeakHMI
CVE-2015-6453
RESERVED
CVE-2015-6452
@@ -2438,31 +2438,31 @@
CVE-2015-6307
RESERVED
CVE-2015-6306 (Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6305 (Untrusted search path vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6304 (Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6303 (The Cisco Spark application 2015-07-04 for mobile operating systems ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6302 (The RADIUS functionality on Cisco Wireless LAN Controller (WLC) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6301 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6300 (Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6299 (SQL injection vulnerability in the web interface in Cisco Unity ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6298
RESERVED
CVE-2015-6297 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6296 (Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6295 (Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6294 (Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-6293
RESERVED
CVE-2015-6292
@@ -2549,7 +2549,8 @@
CVE-2015-6253
RESERVED
CVE-2014-9743 (Cross-site scripting (XSS) vulnerability in the httpd_HtmlError ...)
- TODO: check
+ - vlc 2.2.1-4
+ NOTE: might be fixed earlier, but this was the version checked
CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c ...)
- linux 4.1.3-1
[jessie] - linux 3.16.7-ckt11-1
@@ -2569,7 +2570,7 @@
CVE-2015-6239
RESERVED
CVE-2015-6238 (Multiple cross-site scripting (XSS) vulnerabilities in the Google ...)
- TODO: check
+ NOT-FOR-US: Google Analyticator plugin for WordPress
CVE-2015-6237
RESERVED
CVE-2015-6236
@@ -3059,11 +3060,11 @@
CVE-2015-5994
RESERVED
CVE-2015-5993 (Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone ...)
- TODO: check
+ NOT-FOR-US: SpeedSurf
CVE-2015-5992 (Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on ...)
- TODO: check
+ NOT-FOR-US: SpeedSurf
CVE-2015-5991 (Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi ...)
- TODO: check
+ NOT-FOR-US: SpeedSurf
CVE-2015-5990
RESERVED
CVE-2015-5989
@@ -3375,7 +3376,7 @@
CVE-2015-5921 (WebKit in Apple iOS before 9 mishandles "Content-Disposition: ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5920 (The Software Update component in Apple iTunes before 12.3 does not ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-5919
RESERVED
CVE-2015-5918
@@ -3393,11 +3394,11 @@
CVE-2015-5912 (The CFNetwork FTPProtocol component in Apple iOS before 9 allows ...)
NOT-FOR-US: Apple
CVE-2015-5911 (Multiple unspecified vulnerabilities in Twisted in Wiki Server in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-5910 (IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-5909 (IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-5908
RESERVED
CVE-2015-5907 (WebKit in Apple iOS before 9 allows man-in-the-middle attackers to ...)
@@ -3505,7 +3506,7 @@
CVE-2015-5856 (The Application Store component in Apple iOS before 9 allows remote ...)
NOT-FOR-US: Apple
CVE-2015-5855 (Apple iOS before 9 allows attackers to discover the e-mail address of ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-5854
RESERVED
CVE-2015-5853
@@ -3545,7 +3546,7 @@
CVE-2015-5836
RESERVED
CVE-2015-5835 (Apple iOS before 9 allows attackers to obtain sensitive information ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-5834 (IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain ...)
NOT-FOR-US: Apple
CVE-2015-5833
@@ -3643,9 +3644,9 @@
CVE-2015-5787
RESERVED
CVE-2015-5786 (Apple QuickTime before 7.7.8 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-5785 (Apple QuickTime before 7.7.8 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-5784 (runner in Install.framework in the Install Framework Legacy component ...)
NOT-FOR-US: Apple OS X
CVE-2015-5783 (IOGraphics in Apple OS X before 10.10.5 allows attackers to execute ...)
@@ -3756,11 +3757,11 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dcf6f5e15ecee4f593eeacbe0591c1addc004d92
NOTE: iov_* function changed in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2278a69e7020d86a8c73a28474e7709d3e7d5081 (v1.2.0-rc0)
CVE-2015-5737 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2015-5736 (The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2015-5735 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2015-5729
RESERVED
CVE-2015-5728
@@ -3853,7 +3854,7 @@
NOTE: https://core.trac.wordpress.org/changeset/33535
NOTE: https://core.trac.wordpress.org/changeset/33536
CVE-2015-5717 (The Siemens COMPAS Mobile application before 1.6 for Android does not ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2015-5716
RESERVED
CVE-2015-5715
@@ -3976,19 +3977,19 @@
CVE-2015-5699
RESERVED
CVE-2015-5698 (Cross-site request forgery (CSRF) vulnerability in the web server on ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2015-5696 (Dell Netvault Backup before 10.0.5 allows remote attackers to cause a ...)
NOT-FOR-US: Dell Netvault Backup
CVE-2015-5693 (The management console on Symantec Web Gateway (SWG) appliances with ...)
- TODO: check
+ NOT-FOR-US: Symantec Web Gateway
CVE-2015-5692 (admin_messages.php in the management console on Symantec Web Gateway ...)
- TODO: check
+ NOT-FOR-US: Symantec Web Gateway
CVE-2015-5691 (Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in ...)
- TODO: check
+ NOT-FOR-US: Symantec Web Gateway
CVE-2015-5690 (The management console on Symantec Web Gateway (SWG) appliances with ...)
- TODO: check
+ NOT-FOR-US: Symantec Web Gateway
CVE-2015-5689 (ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2009-5148
RESERVED
CVE-2015-5695 [Quotas were being bypassed]
@@ -4002,7 +4003,7 @@
- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
[jessie] - designate <not-affected> (Vulnerable code doesn't exist)
CVE-2015-5688 (Directory traversal vulnerability in lib/app/index.js in Geddy before ...)
- TODO: check
+ NOT-FOR-US: Geddy
CVE-2015-5687
RESERVED
CVE-2015-5686
@@ -4112,25 +4113,25 @@
CVE-2015-5639
RESERVED
CVE-2015-5638 (Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before ...)
- TODO: check
+ NOT-FOR-US: H2O
CVE-2015-5637 (The Newphoria Photon application before 1.2 for Android allows ...)
- TODO: check
+ NOT-FOR-US: Newphoria
CVE-2015-5636 (The Newphoria Reversi application before 1.0.3 for Android and before ...)
- TODO: check
+ NOT-FOR-US: Newphoria
CVE-2015-5635 (The Newphoria Koritore application before 1.1 for Android and before ...)
- TODO: check
+ NOT-FOR-US: Newphoria
CVE-2015-5634 (The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and ...)
- TODO: check
+ NOT-FOR-US: Newphoria
CVE-2015-5633 (The Newphoria Auction Camera application for iOS and before 1.2 for ...)
- TODO: check
+ NOT-FOR-US: Newphoria
CVE-2015-5632 (The runtime engine in the Newphoria applican framework before 1.12.3 ...)
- TODO: check
+ NOT-FOR-US: Newphoria
CVE-2015-5631 (Cross-site request forgery (CSRF) vulnerability in the Remote UI on ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2015-5630 (Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform ...)
- TODO: check
+ NOT-FOR-US: NTT
CVE-2015-5629 (The NTT Broadband Platform Japan Connected-free Wi-Fi application ...)
- TODO: check
+ NOT-FOR-US: NTT
CVE-2015-5628
RESERVED
CVE-2015-5627
@@ -4138,9 +4139,9 @@
CVE-2015-5626
RESERVED
CVE-2015-5625 (Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 ...)
- TODO: check
+ NOT-FOR-US: OpenDocMan
CVE-2015-5624 (Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ...)
- TODO: check
+ NOT-FOR-US: FreeBit
CVE-2015-5697 (The get_bitmap_file function in drivers/md/md.c in the Linux kernel ...)
{DSA-3329-1 DLA-310-1}
- linux 4.1.3-1
@@ -4171,7 +4172,7 @@
CVE-2015-5613
RESERVED
CVE-2015-5612 (Cross-site scripting (XSS) vulnerability in October CMS build 271 and ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2015-5623 (WordPress before 4.2.3 does not properly verify the edit_posts ...)
{DSA-3328-1}
- wordpress 4.2.3+dfsg-1
@@ -4198,7 +4199,7 @@
CVE-2015-5604
RESERVED
CVE-2015-5603 (The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows ...)
- TODO: check
+ NOT-FOR-US: HipChat plugin
CVE-2015-5602
RESERVED
CVE-2015-5601
@@ -4337,7 +4338,7 @@
CVE-2015-5539 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-5538 (Multiple unspecified vulnerabilities in Citrix NetScaler Application ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2015-5537 (The SSL layer of the HTTPS service in Siemens RuggedCom ROS before ...)
NOT-FOR-US: Siemens
CVE-2015-XXXX [more to CVE-2014-8146]
@@ -4560,6 +4561,7 @@
NOTE: https://github.com/bestpractical/rt/commit/67d517ba3421ba462e349c73207a627d137ef8ac (4.2.x)
NOTE: https://github.com/bestpractical/rt/commit/4ec786bb4743f67a35a634c1bf43b13d3d3b39a9 (4.0.x)
CVE-2015-5474 (BitTorrent and uTorrent allow remote attackers to inject command line ...)
+ - bittorrent <unfixed>
TODO: check
CVE-2015-5473
RESERVED
@@ -4576,7 +4578,7 @@
CVE-2015-5466
RESERVED
CVE-2015-5465 (Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver ...)
- TODO: check
+ NOT-FOR-US: Silicon Integrated Systems
CVE-2015-5464 (The Gemalto SafeNet Luna HSM allows remote authenticated users to ...)
NOT-FOR-US: Gemalto
CVE-2015-5463
@@ -4790,9 +4792,9 @@
CVE-2015-5369 (Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, ...)
NOT-FOR-US: Pulse Connect Secure / Juniper PCS
CVE-2015-5368 (The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2015-5367 (The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2014-9740 (Cross-site scripting (XSS) vulnerability in the Rules Link module ...)
NOT-FOR-US: Rules Link module for Drupal
CVE-2014-9739 (Cross-site scripting (XSS) vulnerability in the Node Field module ...)
@@ -6697,7 +6699,7 @@
CVE-2015-4671
RESERVED
CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control in ...)
- TODO: check
+ NOT-FOR-US: AjaxControlToolkit
CVE-2015-4669
RESERVED
CVE-2015-4668
@@ -6797,7 +6799,7 @@
CVE-2015-4639
RESERVED
CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
- TODO: check
+ NOT-FOR-US: FastL4
CVE-2015-4637 (The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 ...)
NOT-FOR-US: BIG-IQ
CVE-2015-4636
@@ -6955,7 +6957,7 @@
CVE-2015-4553
RESERVED
CVE-2015-4552 (Cross-site scripting (XSS) vulnerability in the quick edit function in ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2015-4551
RESERVED
CVE-2015-4550 (The Cavium cryptographic-module firmware on Cisco Adaptive Security ...)
@@ -6973,11 +6975,11 @@
CVE-2015-4544 (EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4543 (EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored ...)
- TODO: check
+ NOT-FOR-US: EMC RSA Archer GRC
CVE-2015-4542 (EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users ...)
- TODO: check
+ NOT-FOR-US: EMC RSA Archer GRC
CVE-2015-4541 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
- TODO: check
+ NOT-FOR-US: EMC RSA Archer GRC
CVE-2015-4540 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA ...)
NOT-FOR-US: EMC RSA
CVE-2015-4539 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA ...)
@@ -7380,9 +7382,9 @@
CVE-2015-4427 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Ektron CMS
CVE-2015-4426 (SQL injection vulnerability in pimcore before build 3473 allows remote ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2015-4425 (Directory traversal vulnerability in pimcore before build 3473 allows ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2015-4424
RESERVED
CVE-2015-4423
@@ -7563,7 +7565,7 @@
CVE-2015-4331 (Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA ...)
NOT-FOR-US: Cisco Prime Infrastructure
CVE-2015-4330 (A local file script in Cisco TelePresence Video Communication Server ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-4329 (The administrator web interface in Cisco TelePresence Video ...)
NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-4328 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 ...)
@@ -8268,7 +8270,7 @@
CVE-2015-4078
RESERVED
CVE-2015-4077 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2015-4076
RESERVED
CVE-2015-4075
@@ -8393,7 +8395,7 @@
CVE-2015-4043
RESERVED
CVE-2015-4040 (Directory traversal vulnerability in the configuration utility in F5 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2015-4039
RESERVED
CVE-2015-4038 (The WP Membership plugin 1.2.3 for WordPress allows remote ...)
@@ -8666,15 +8668,15 @@
CVE-2015-3967
RESERVED
CVE-2015-3966 (The IPsec SA establishment process on Innominate mGuard devices with ...)
- TODO: check
+ NOT-FOR-US: Innominate mGuard
CVE-2015-3965
RESERVED
CVE-2015-3964 (SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier ...)
- TODO: check
+ NOT-FOR-US: SMA Solar Sunny WebBox
CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, ...)
NOT-FOR-US: Wind River VxWorks as used on Schneider Electric devices
CVE-2015-3962 (Schneider Electric StruxureWare Building Expert MPM before 2.15 does ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric StruxureWare
CVE-2015-3961 (The web-server component in MNS before 4.5.6 on Belden GarrettCom ...)
NOT-FOR-US: Belden GarrettCom switches
CVE-2015-3960 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...)
@@ -9066,7 +9068,7 @@
CVE-2015-3807 (libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
NOT-FOR-US: Apple
CVE-2015-3806 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-3805 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to ...)
NOT-FOR-US: Apple OS X
CVE-2015-3804 (FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
@@ -9144,11 +9146,11 @@
CVE-2015-3768 (Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X ...)
NOT-FOR-US: Apple OS X
CVE-2015-3767 (udf in Apple OS X before 10.10.5 allows local users to gain privileges ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-3766 (The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not ...)
NOT-FOR-US: Apple OS X
CVE-2015-3765 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-3764 (Notification Center in Apple OS X before 10.10.5 does not properly ...)
NOT-FOR-US: QuickTime
CVE-2015-3763 (Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript ...)
@@ -9220,7 +9222,7 @@
CVE-2015-3730 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3729 (Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2015-3728 (The WiFi Connectivity feature in Apple iOS before 8.4 allows remote ...)
NOT-FOR-US: Apple iOS
CVE-2015-3727 (WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before ...)
@@ -9597,7 +9599,7 @@
CVE-2015-3624 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Ektron Content Management System
CVE-2015-3623 (XML external entity (XXE) vulnerability in QlikTech Qlikview before ...)
- TODO: check
+ NOT-FOR-US: QlikTech
CVE-2015-3621 (Untrusted search path vulnerability in SAP Enterprise Central ...)
NOT-FOR-US: SAP ECC
CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced dataset ...)
@@ -10608,7 +10610,7 @@
CVE-2015-3270
RESERVED
CVE-2015-3269 (Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2015-3268
RESERVED
CVE-2015-3267 (Cross-site scripting (XSS) vulnerability in the 404 error page in Red ...)
@@ -11554,25 +11556,25 @@
RESERVED
- libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
CVE-2015-2991 (Buffer overflow in NScripter before 3.00 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: NScripter
CVE-2015-2990 (Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO ...)
- TODO: check
+ NOT-FOR-US: desknet NEO
CVE-2015-2989 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP ...)
- TODO: check
+ NOT-FOR-US: LEMON-S
CVE-2015-2988
RESERVED
CVE-2015-2987 (Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, ...)
- TODO: check
+ NOT-FOR-US: Type74 ED
CVE-2015-2986 (Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji ...)
- TODO: check
+ NOT-FOR-US: hitSuji
CVE-2015-2985 (Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 ...)
- TODO: check
+ NOT-FOR-US: guide-park.com BBS
CVE-2015-2984 (I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and ...)
- TODO: check
+ NOT-FOR-US: I-O DATA
CVE-2015-2983 (Cross-site request forgery (CSRF) vulnerability in admin.php in PHP ...)
- TODO: check
+ NOT-FOR-US: Kobo Photo Gallery CMS
CVE-2015-2982 (Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js ...)
- TODO: check
+ NOT-FOR-US: Kobo Photo Gallery CMS
CVE-2015-2981
RESERVED
CVE-2015-2980 (The Yodobashi application 1.2.1.0 and earlier for Android allows ...)
@@ -11733,13 +11735,13 @@
CVE-2015-2918
RESERVED
CVE-2015-2917 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
- TODO: check
+ NOT-FOR-US: Securifi Almond
CVE-2015-2916 (Cross-site request forgery (CSRF) vulnerability on Securifi Almond ...)
- TODO: check
+ NOT-FOR-US: Securifi Almond
CVE-2015-2915 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
- TODO: check
+ NOT-FOR-US: Securifi Almond
CVE-2015-2914 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
- TODO: check
+ NOT-FOR-US: Securifi Almond
CVE-2015-2913
RESERVED
CVE-2015-2912
@@ -11757,9 +11759,9 @@
CVE-2015-2906 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with ...)
TODO: check
CVE-2015-2905 (Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN ...)
- TODO: check
+ NOT-FOR-US: Actiontec
CVE-2015-2904 (Actiontec GT784WN modems with firmware before NCS01-1.0.13 have ...)
- TODO: check
+ NOT-FOR-US: Actiontec
CVE-2015-2903
RESERVED
CVE-2015-2902
@@ -11827,9 +11829,9 @@
CVE-2015-2874
RESERVED
CVE-2015-2873 (Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2015-2872 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2015-2871 (Chiyu BF-660C fingerprint access-control devices allow remote ...)
NOT-FOR-US: Chiyu BF-660C fingerprint access-control devices
CVE-2015-2870 (Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and ...)
@@ -11845,7 +11847,7 @@
CVE-2015-2865
REJECTED
CVE-2015-2864 (Retrospect and Retrospect Client before 10.0.2.119 on Windows, before ...)
- TODO: check
+ NOT-FOR-US: Retrospect Client
CVE-2015-2863 (Open redirect vulnerability in Kaseya Virtual System Administrator ...)
NOT-FOR-US: Kaseya VSA
CVE-2015-2862 (Directory traversal vulnerability in Kaseya Virtual System ...)
@@ -14599,7 +14601,7 @@
CVE-2015-2014 (Open redirect vulnerability in the web server in IBM Domino 8.5 before ...)
NOT-FOR-US: IBM Domino
CVE-2015-2013 (IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-2012
RESERVED
CVE-2015-2011
@@ -14739,7 +14741,7 @@
CVE-2015-1944 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
NOT-FOR-US: IBM WebSphere
CVE-2015-1943 (IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-1942 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...)
NOT-FOR-US: IBM
CVE-2015-1941 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...)
@@ -15967,7 +15969,7 @@
[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
NOTE: Request to mark the package as unsupported in #779104
CVE-2015-1516 (Cross-site scripting (XSS) vulnerability in Polycom RealPresence ...)
- TODO: check
+ NOT-FOR-US: Polycom
CVE-2015-1515 (The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 ...)
NOT-FOR-US: SoftSphere
CVE-2015-1514 (Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 ...)
@@ -16814,7 +16816,7 @@
CVE-2015-1320
RESERVED
CVE-2015-1319 (The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and ...)
- TODO: check
+ - unity <itp> (bug #609278)
CVE-2015-1318 (The crash reporting feature in Apport 2.13 through 2.17.x before ...)
[experimental] - apport <unfixed>
NOTE: apport only in experimental, so we cannot track this in security-tracker
@@ -17432,11 +17434,11 @@
CVE-2015-1174
RESERVED
CVE-2015-1173 (Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not ...)
- TODO: check
+ NOT-FOR-US: Unit4 Polska TETA Web
CVE-2015-1172 (Unrestricted file upload vulnerability in admin/upload-file.php in the ...)
NOT-FOR-US: WordPress theme holding_pattern
CVE-2015-1171 (Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) ...)
- TODO: check
+ NOT-FOR-US: SIM Card Editor
CVE-2015-1170 (The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 ...)
NOT-FOR-US: NVIDIA Windows driver
CVE-2015-1169 (Apereo Central Authentication Service (CAS) Server before 3.5.3 allows ...)
@@ -17875,7 +17877,7 @@
CVE-2014-9606
RESERVED
CVE-2014-9605 (WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a ...)
{DSA-3189-1}
- ffmpeg 7:2.5.1-1
@@ -21153,11 +21155,11 @@
CVE-2014-9230 (Cross-site scripting (XSS) vulnerability in the administration console ...)
NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention
CVE-2014-9229 (Multiple SQL injection vulnerabilities in interface PHP scripts in the ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2014-9228 (sysplant.sys in the Manager component in Symantec Endpoint Protection ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2014-9227 (Multiple untrusted search path vulnerabilities in the Manager ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2014-9226 (The management server in Symantec Critical System Protection (SCSP) ...)
NOT-FOR-US: Symantec Data Center Security
CVE-2014-9225 (The ajaxswing webui in the management server in Symantec Critical ...)
@@ -21193,7 +21195,7 @@
CVE-2014-9209 (Untrusted search path vulnerability in the Clean Utility application ...)
NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2014-9208 (Multiple stack-based buffer overflows in unspecified DLL files in ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2014-9207 (Untrusted search path vulnerability in CmnView.exe in CIMON CmnView ...)
NOT-FOR-US: CIMON CmnView
CVE-2014-9206 (Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and ...)
@@ -23281,7 +23283,7 @@
CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across different ...)
NOT-FOR-US: Pexip Infinity
CVE-2014-8778 (Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote ...)
- TODO: check
+ NOT-FOR-US: Checkmarx
CVE-2014-8777
RESERVED
CVE-2014-8776
@@ -25800,8 +25802,12 @@
CVE-2014-7914
RESERVED
CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...)
+ - dhcpcd5 <unfixed>
+ NOTE: android's dhcpd is a fork of dhcpcd5, and code very similar to the vulnerable section exists in dhcpcd5, but i didn't have time to check whether it too is vulnerable to the problem
TODO: check
CVE-2014-7912 (The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in ...)
+ - dhcpcd5 <unfixed>
+ NOTE: android's dhcpd is a fork of dhcpcd5, and code very similar to the vulnerable section exists in dhcpcd5, but i didn't have time to check whether it too is vulnerable to the problem
TODO: check
CVE-2014-7911 (luni/src/main/java/java/io/ObjectInputStream.java in the ...)
NOT-FOR-US: Android
@@ -27389,7 +27395,7 @@
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-7216 (Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 ...)
- TODO: check
+ NOT-FOR-US: Yahoo
CVE-2014-7215
RESERVED
CVE-2014-7214
@@ -37731,7 +37737,7 @@
CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board ...)
NOT-FOR-US: Invision Power IP.Board
CVE-2014-3148 (Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid ...)
- TODO: check
+ NOT-FOR-US: OkCupid
CVE-2014-3147 (Cross-site scripting (XSS) vulnerability in the auto-complete feature ...)
NOT-FOR-US: Splunk
CVE-2014-3146 (Incomplete blacklist vulnerability in the lxml.html.clean module in ...)
@@ -40818,7 +40824,7 @@
CVE-2014-1973 (Directory traversal vulnerability in the NextApp File Explorer ...)
NOT-FOR-US: NextApp File Explorer application for Android
CVE-2014-1972 (Apache Tapestry before 5.3.6 relies on client-side object storage ...)
- TODO: check
+ NOT-FOR-US: Apache Tapestry
CVE-2014-1971 (Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows ...)
NOT-FOR-US: Silex
CVE-2014-1970 (Directory traversal vulnerability in the ES File Explorer File Manager ...)
More information about the Secure-testing-commits
mailing list