Author: carnil
Date: 2015-06-08 18:56:09 +0000 (Mon, 08 Jun 2015)
New Revision: 34805
Modified:
data/CVE/list
Log:
Process some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-08 17:45:52 UTC (rev 34804)
+++ data/CVE/list 2015-06-08 18:56:09 UTC (rev 34805)
@@ -111,7 +111,7 @@
CVE-2015-4136
RESERVED
CVE-2014-9727 (AVM Fritz!Box allows remote attackers to execute arbitrary
commands ...)
- TODO: check
+ NOT-FOR-US: AVM Fritz!Box
CVE-2014-9731 [udf: information leakage when reading symlink]
- linux 4.0.2-1
- linux-2.6 <removed>
@@ -292,13 +292,13 @@
CVE-2015-4095
RESERVED
CVE-2015-4094 (The Thycotic Password Manager Secret Server application through
2.3 ...)
- TODO: check
+ NOT-FOR-US: Thycotic Password Manager Secret Server application for iOS
CVE-2015-4093
RESERVED
CVE-2015-4092 (Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2
SP5 ...)
- TODO: check
+ NOT-FOR-US: SAP Afaria
CVE-2015-4091 (XML external entity (XXE) vulnerability in SAP NetWeaver AS
Java ...)
- TODO: check
+ NOT-FOR-US: SAP NetWeaver AS Java
CVE-2015-4090
RESERVED
CVE-2015-4089
@@ -340,9 +340,9 @@
CVE-2015-4070
RESERVED
CVE-2015-4069 (The EdgeServiceImpl web service in Arcserve UDP before 5.0
Update 4 ...)
- TODO: check
+ NOT-FOR-US: EdgeServiceImpl web service in Arcserve UDP
CVE-2015-4068 (Directory traversal vulnerability in Arcserve UDP before 5.0
Update 4 ...)
- TODO: check
+ NOT-FOR-US: Arcserve UDP
CVE-2015-4067 (Integer overflow in the libnv6 module in Dell NetVault Backup
before ...)
NOT-FOR-US: Dell NetVault Backup
CVE-2015-4066 (Multiple SQL injection vulnerabilities in admin/handlers.php in
the ...)
@@ -350,9 +350,9 @@
CVE-2015-4061
RESERVED
CVE-2015-4060 (Heap-based buffer overflow in the TermProxy
(WLTermProxyService.exe) ...)
- TODO: check
+ NOT-FOR-US: Wavelink ConnectPro
CVE-2015-4059 (Heap-based buffer overflow in the License Server
(LicenseServer.exe) ...)
- TODO: check
+ NOT-FOR-US: Wavelink Terminal Emulation
CVE-2015-4058
RESERVED
CVE-2015-4057
@@ -468,9 +468,9 @@
CVE-2015-4033
RESERVED
CVE-2015-4032 (projectContents.jsp in the Developer tools in Visual Mining
NetCharts ...)
- TODO: check
+ NOT-FOR-US: Visual Mining NetCharts Server
CVE-2015-4031 (Directory traversal vulnerability in saveFile.jsp in the
development ...)
- TODO: check
+ NOT-FOR-US: Visual Mining NetChart
CVE-2015-4030
RESERVED
CVE-2015-4029
@@ -597,9 +597,9 @@
CVE-2015-3996
RESERVED
CVE-2015-3995 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote ...)
- TODO: check
+ NOT-FOR-US: SAP HANA DB
CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS
Engine ...)
- TODO: check
+ NOT-FOR-US: SAP HANA DB
CVE-2015-3993
RESERVED
CVE-2015-3992
@@ -757,7 +757,7 @@
CVE-2015-3940
RESERVED
CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856
modules for ...)
- TODO: check
+ NOT-FOR-US: IDS RTU 850C devices
CVE-2015-3938
RESERVED
CVE-2015-3937
@@ -2494,7 +2494,7 @@
CVE-2015-3293 (FortiMail 5.0.3 through 5.2.3 allows remote administrators to
obtain ...)
NOT-FOR-US: FortiMail
CVE-2015-3292 (The installer in NetApp OnCommand Workflow Automation before
2.2.1P1 ...)
- TODO: check
+ NOT-FOR-US: NetApp OnCommand Workflow Automation
CVE-2015-3291
RESERVED
CVE-2015-3290
@@ -3393,7 +3393,7 @@
CVE-2015-2945 (mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before
2015-05-15 does ...)
NOT-FOR-US: Hajime Fujimoto mt-phpincgi
CVE-2015-2944 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Sling ...)
- TODO: check
+ NOT-FOR-US: Apache Sling
CVE-2015-2943
RESERVED
CVE-2015-3026 (Icecast before 2.4.2, when a stream_auth handler is defined for
URL ...)
@@ -3612,7 +3612,7 @@
CVE-2015-2852 (Cross-site request forgery (CSRF) vulnerability in the WebUI
component ...)
NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-2851 (client_chown in the sync client in Synology Cloud Station
1.1-2291 ...)
- TODO: check
+ NOT-FOR-US: Synology Cloud Station
CVE-2015-2850
RESERVED
CVE-2015-2849
@@ -9366,13 +9366,13 @@
CVE-2015-1014
RESERVED
CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not
ensure ...)
- TODO: check
+ NOT-FOR-US: OSIsoft PI AF and OSIsoft PI SQL for AF
CVE-2015-1012
RESERVED
CVE-2015-1011
RESERVED
CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier
does ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation RSView32
CVE-2015-1009
RESERVED
CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager
before 13 ...)
@@ -9420,7 +9420,7 @@
CVE-2015-0987
RESERVED
CVE-2015-0986 (Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK
Plus ...)
- TODO: check
+ NOT-FOR-US: Moxa VPort ActiveX SDK Plus
CVE-2015-0985 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR
OS on ...)
NOT-FOR-US: XZERES 442SR (wind turbine)
CVE-2015-0984 (Directory traversal vulnerability in the FTP server on
Honeywell Excel ...)
@@ -10344,7 +10344,7 @@
CVE-2015-0734 (Multiple cross-site scripting (XSS) vulnerabilities on the
Cisco Email ...)
NOT-FOR-US: Cisco
CVE-2015-0733 (CRLF injection vulnerability in the HTTP Header Handler in
Digital ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0732
RESERVED
CVE-2015-0731 (The ISDN implementation in Cisco IOS 15.3S allows remote
attackers to ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
