Author: carnil
Date: 2015-02-07 11:58:12 +0000 (Sat, 07 Feb 2015)
New Revision: 32053
Modified:
data/CVE/list
Log:
Process couple of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-07 11:53:24 UTC (rev 32052)
+++ data/CVE/list 2015-02-07 11:58:12 UTC (rev 32053)
@@ -66,7 +66,7 @@
CVE-2015-1477 (SQL injection vulnerability in the CMSJunkie
J-ClassifiedsManager ...)
TODO: check
CVE-2015-1476 (Multiple SQL injection vulnerabilities in xlinkerz
ecommerceMajor ...)
- TODO: check
+ NOT-FOR-US: xlinkerz ecommerceMajor
CVE-2015-1475 (Multiple cross-site scripting (XSS) vulnerabilities in my
little forum ...)
NOT-FOR-US: My Little Forum
CVE-2015-1474
@@ -340,7 +340,7 @@
CVE-2015-1368 (Multiple cross-site scripting (XSS) vulnerabilities in Ansible
Tower ...)
NOT-FOR-US: Ansible Tower
CVE-2015-1367 (SQL injection vulnerability in index.php in CatBot 0.4.2 allows
remote ...)
- TODO: check
+ NOT-FOR-US: CatBot
CVE-2015-1366 (Cross-site scripting (XSS) vulnerability in pixabay-images.php
in the ...)
NOT-FOR-US: Wordpress plugin Pixabay Images
CVE-2015-1365 (Directory traversal vulnerability in pixabay-images.php in the
Pixabay ...)
@@ -350,7 +350,7 @@
CVE-2015-1363 (Cross-site scripting (XSS) vulnerability in Free Reprintables
...)
NOT-FOR-US: ArticleFR
CVE-2015-1362 (Buffer overflow in the Customize 35mm tab in Two Pilots Exif
Pilot ...)
- TODO: check
+ NOT-FOR-US: Exif Pilot
CVE-2015-1361 (platform/image-decoders/ImageFrame.h in Blink, as used in
Google ...)
TODO: check
CVE-2015-1360 (Skia, as used in Google Chrome before 40.0.2214.91, allows
remote ...)
@@ -835,9 +835,9 @@
CVE-2015-1181
RESERVED
CVE-2015-1180 (Cross-site scripting (XSS) vulnerability in the Web Reports in
...)
- TODO: check
+ NOT-FOR-US: EventSentry
CVE-2015-1179 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Mango Automation
CVE-2015-1178 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php
in ...)
NOT-FOR-US: X-Cart
CVE-2015-1177
@@ -1637,7 +1637,7 @@
CVE-2015-0927
RESERVED
CVE-2015-0926 (Labtech before 100.237 on Linux uses world-writable permissions
for ...)
- TODO: check
+ NOT-FOR-US: Labtech
CVE-2015-0925 (The client in iPass Open Mobile before 2.4.5 on Windows allows
remote ...)
NOT-FOR-US: iPass Open Mobile
CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the
root ...)
@@ -2020,7 +2020,7 @@
CVE-2015-0869 (I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause
a ...)
NOT-FOR-US: I-O DATA DEVICE NP-BBRM routers
CVE-2015-0868 (Unrestricted file upload vulnerability in Mrs. Shiromuku Perl
CGI ...)
- TODO: check
+ NOT-FOR-US: Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS
CVE-2015-0867 (Directory traversal vulnerability in SYNCK GRAPHICA Download
Log CGI ...)
NOT-FOR-US: SYNCK GRAPHICA Download Log CGI
CVE-2015-0866 (Multiple cross-site scripting (XSS) vulnerabilities in Zoho ...)
@@ -2653,7 +2653,7 @@
CVE-2014-9575 (VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote
...)
NOT-FOR-US: VDG Security SENSE
CVE-2014-9574 (Directory traversal vulnerability in install.php in FluxBB
before ...)
- TODO: check
+ NOT-FOR-US: FluxBB
CVE-2014-9573 (SQL injection vulnerability in manage_user_page.php in MantisBT
before ...)
- mantis <removed>
[wheezy] - mantis <no-dsa> (Minor issue)
@@ -2689,13 +2689,13 @@
CVE-2014-9563
RESERVED
CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php
in M2 ...)
- TODO: check
+ NOT-FOR-US: M2 OptimalSite
CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in
redir_last_post_list.php ...)
NOT-FOR-US: SoftBB
CVE-2014-9560 (SQL injection vulnerability in redir_last_post_list.php in
SoftBB ...)
NOT-FOR-US: SoftBB
CVE-2014-9559 (Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a,
1.0b1, ...)
- TODO: check
+ NOT-FOR-US: SnipSnap
CVE-2014-9558
RESERVED
CVE-2014-9557
@@ -2931,9 +2931,9 @@
CVE-2014-9492
REJECTED
CVE-2014-9491 (The devzvol_readdir function in illumos does not check the
return ...)
- TODO: check
+ NOT-FOR-US: illumos
CVE-2014-9490 (The numtok function in lib/raven/okjson.rb in the raven-ruby
gem ...)
- TODO: check
+ NOT-FOR-US: raven ruby gem
CVE-2014-9488
RESERVED
CVE-2014-9484
@@ -4037,7 +4037,7 @@
CVE-2014-9332
RESERVED
CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO
ManageEngine ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine Desktop Central
CVE-2014-9330 (Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3
allows ...)
- tiff 4.0.3-12 (bug #773987)
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF
tools)
@@ -4338,13 +4338,13 @@
CVE-2014-9201
RESERVED
CVE-2014-9200 (Stack-based buffer overflow in an unspecified DLL file in a DTM
...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-9199 (The Clorius Controls Java web client before 01.00.0009g allows
remote ...)
- TODO: check
+ NOT-FOR-US: Clorius Controls Java web client
CVE-2014-9198 (The FTP server on the Schneider Electric ETG3000 FactoryCast
HMI ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-9197 (The Schneider Electric ETG3000 FactoryCast HMI Gateway with
firmware ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-9196
RESERVED
CVE-2014-9195 (Phoenix Contact ProConOs and MultiProg do not require
authentication, ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
