Author: carnil
Date: 2015-10-03 17:51:38 +0000 (Sat, 03 Oct 2015)
New Revision: 36977
Modified:
data/CVE/list
Log:
Update round of NFU
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-03 15:37:36 UTC (rev 36976)
+++ data/CVE/list 2015-10-03 17:51:38 UTC (rev 36977)
@@ -122,7 +122,7 @@
CVE-2015-7614
RESERVED
CVE-2015-7612 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2015-7665
RESERVED
NOT-FOR-US: wget as used in Tails
@@ -174,13 +174,13 @@
RESERVED
NOT-FOR-US: Apache James
CVE-2015-7604 (Cross-site scripting (XSS) vulnerability in Splunk Web in
Splunk ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2015-7603 (Directory traversal vulnerability in Konica Minolta FTP Utility
1.0 ...)
- TODO: check
+ NOT-FOR-US: Konica Minolta FTP Utility
CVE-2015-7602 (Directory traversal vulnerability in BisonWare BisonFTP 3.5
allows ...)
- TODO: check
+ NOT-FOR-US: BisonWare BisonFTP
CVE-2015-7601 (Directory traversal vulnerability in PCMan's FTP Server 2.0.7
allows ...)
- TODO: check
+ NOT-FOR-US: PCMan's FTP Server
CVE-2015-7600
RESERVED
CVE-2015-7599
@@ -608,7 +608,7 @@
CVE-2015-7388
RESERVED
CVE-2015-7387 (ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and
earlier ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
CVE-2015-7386 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Gallery - Photo Albums - Portfolio plugin for WordPress
CVE-2015-7385
@@ -1609,7 +1609,7 @@
CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia
Networks ...)
NOT-FOR-US: Nokia
CVE-2015-6928 (classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and
6.x ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2015-6926
RESERVED
CVE-2015-6925
@@ -1617,7 +1617,7 @@
CVE-2015-6924
RESERVED
CVE-2015-6923 (The ndvbs module in VBox Communications Satellite Express
Protocol ...)
- TODO: check
+ NOT-FOR-US: VBox Communications Satellite Express Protocol
CVE-2015-6922
RESERVED
CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk
Feedback Tab ...)
@@ -2436,7 +2436,7 @@
CVE-2015-6603
RESERVED
CVE-2015-6602 (libutils in Android through 5.1.1 LMY48M allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: libutils in Android
CVE-2015-6601
RESERVED
CVE-2015-6600
@@ -2505,7 +2505,7 @@
CVE-2015-6576
RESERVED
CVE-2015-6575 (SampleTable.cpp in libstagefright in Android before 5.1.1
LMY48I does ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-6574
RESERVED
CVE-2015-6573
@@ -4553,7 +4553,7 @@
CVE-2015-5712
RESERVED
CVE-2015-5711 (TIBCO Managed File Transfer Internet Server before 7.2.5,
Managed File ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2015-5710
RESERVED
CVE-2015-5709
@@ -5332,7 +5332,7 @@
CVE-2015-5443
RESERVED
CVE-2015-5442 (Unspecified vulnerability in HP Software Update before
5.005.002.002 ...)
- TODO: check
+ NOT-FOR-US: HP Software Update
CVE-2015-5441
RESERVED
CVE-2015-5440 (HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11
before ...)
@@ -5346,7 +5346,7 @@
CVE-2015-5436
RESERVED
CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO)
firmware 3 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2015-5434
RESERVED
CVE-2015-5433 (HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0,
as used ...)
@@ -5464,7 +5464,7 @@
CVE-2015-5373
RESERVED
CVE-2015-5372 (The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0
before ...)
- TODO: check
+ NOT-FOR-US: AdNovum nevisAuth
CVE-2015-5371 (The AuthenticationFilter class in SolarWinds Storage Manager
allows ...)
NOT-FOR-US: SolarWinds
CVE-2015-5370
@@ -6398,7 +6398,7 @@
CVE-2015-5083
RESERVED
CVE-2015-5082 (Endian Firewall before 3.0 allows remote attackers to execute
...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2015-5080 (The Management Interface in Citrix NetScaler Application
Delivery ...)
NOT-FOR-US: Citrix
CVE-2015-5079
@@ -7654,7 +7654,7 @@
CVE-2015-4547
RESERVED
CVE-2015-4546 (Directory traversal vulnerability in EMC RSA OneStep 6.9 before
build ...)
- TODO: check
+ NOT-FOR-US: EMC RSA OneStep
CVE-2015-4545
RESERVED
CVE-2015-4544 (EMC Documentum Content Server before 7.1P20 and 7.2.x before
7.2P04 ...)
@@ -9337,7 +9337,7 @@
CVE-2015-3975
RESERVED
CVE-2015-3974 (EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21
and 2.x ...)
- TODO: check
+ NOT-FOR-US: EasyIO EasyIO-30P-SF controllers
CVE-2015-3973
RESERVED
CVE-2015-3972
@@ -9552,7 +9552,7 @@
CVE-2015-3877
RESERVED
CVE-2015-3876 (libstagefright in Android through 5.1.1 LMY48M allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-3875
RESERVED
CVE-2015-3874
@@ -9576,19 +9576,19 @@
CVE-2015-3865
RESERVED
CVE-2015-3864 (Integer underflow in the MPEG4Extractor::parseChunk function in
...)
- TODO: check
+ NOT-FOR-US: libstagefright in mediaserver in Android
CVE-2015-3863 (Multiple integer overflows in the Blob class in
keystore/keystore.cpp ...)
- TODO: check
+ NOT-FOR-US: Keystore in Android
CVE-2015-3862
RESERVED
CVE-2015-3861 (Multiple integer overflows in the addVorbisCodecInfo function
in ...)
- TODO: check
+ NOT-FOR-US: libstagefright in mediaserver in Android
CVE-2015-3860 (packages/Keyguard/res/layout/keyguard_password_view.xml in
Lockscreen ...)
- TODO: check
+ NOT-FOR-US: Lockscreen in Android
CVE-2015-3859
RESERVED
CVE-2015-3858 (The checkDestination function in
internal/telephony/SMSDispatcher.java ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-3857
RESERVED
CVE-2015-3856
@@ -9606,7 +9606,7 @@
CVE-2015-3850
RESERVED
CVE-2015-3849 (The Region_createFromParcel function in ...)
- TODO: check
+ NOT-FOR-US: Region in Android
CVE-2015-3848
RESERVED
CVE-2015-3847
@@ -9614,13 +9614,13 @@
CVE-2015-3846
RESERVED
CVE-2015-3845 (The Parcel::appendFrom function in libs/binder/Parcel.cpp in
Binder in ...)
- TODO: check
+ NOT-FOR-US: Binder in Android
CVE-2015-3844 (The getProcessRecordLocked method in ...)
- TODO: check
+ NOT-FOR-US: ActivityManager in Android
CVE-2015-3843 (The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I
allows ...)
- TODO: check
+ NOT-FOR-US: SIM Toolkit (STK) framework in Android
CVE-2015-3842 (Multiple heap-based buffer overflows in libeffects in the Audio
Policy ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-3841
RESERVED
CVE-2015-3840
@@ -9630,33 +9630,33 @@
CVE-2015-3838
RESERVED
CVE-2015-3837 (The OpenSSLX509Certificate class in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-3836 (The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the
...)
- TODO: check
+ NOT-FOR-US: Sonivox DLS-to-EAS converter in Android
CVE-2015-3835 (Buffer overflow in the OMXNodeInstance::emptyBuffer function in
...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-3834 (Multiple integer overflows in the BnHDCP::onTransact function
in ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-3833 (The getRunningAppProcesses function in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-3832 (Multiple buffer overflows in MPEG4Extractor.cpp in
libstagefright in ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-3831 (Buffer overflow in the readAt function in BpMediaHTTPConnection
in ...)
- TODO: check
+ NOT-FOR-US: mediaserver service in Android
CVE-2015-3830
RESERVED
CVE-2015-3829 (Off-by-one error in the MPEG4Extractor::parseChunk function in
...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-3828 (The MPEG4Extractor::parse3GPPMetaData function in
MPEG4Extractor.cpp ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-3827 (The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp
in ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-3826 (The MPEG4Extractor::parse3GPPMetaData function in
MPEG4Extractor.cpp ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-3825
RESERVED
CVE-2015-3824 (The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp
in ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-3823
RESERVED
CVE-2015-3822
@@ -11599,7 +11599,7 @@
CVE-2015-3204 (libreswan 3.9 through 3.12 allows remote attackers to cause a
denial ...)
- libreswan <itp> (bug #773459)
CVE-2015-3203 (Unrestricted file upload vulnerability in h5ai before 0.25.0
allows ...)
- TODO: check
+ NOT-FOR-US: h5ai
CVE-2015-3202 (fusermount in FUSE before 2.9.3-15 does not properly clear the
...)
{DSA-3268-2 DSA-3268-1 DSA-3266-1 DLA-238-1 DLA-226-2 DLA-226-1}
- fuse 2.9.3-16 (bug #786439)
@@ -12438,11 +12438,11 @@
CVE-2015-2909
RESERVED
CVE-2015-2908 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with
...)
- TODO: check
+ NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2907 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with
...)
- TODO: check
+ NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2906 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with
...)
- TODO: check
+ NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2905 (Cross-site request forgery (CSRF) vulnerability on Actiontec
GT784WN ...)
NOT-FOR-US: Actiontec
CVE-2015-2904 (Actiontec GT784WN modems with firmware before NCS01-1.0.13 have
...)
@@ -12544,7 +12544,7 @@
CVE-2015-2859 (Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and
5.x ...)
NOT-FOR-US: Intel McAfee ePolicy Orchestrator
CVE-2015-2858 (Datalex airline booking software before 2015-09-03 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Datalex airline booking software
CVE-2015-2857
RESERVED
CVE-2015-2856
@@ -16604,17 +16604,17 @@
CVE-2015-1542
RESERVED
CVE-2015-1541 (The AppWidgetServiceImpl implementation in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-1540
RESERVED
CVE-2015-1539 (Multiple integer underflows in the ESDS::parseESDescriptor
function in ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-1538 (Integer overflow in the SampleTable::setSampleToChunkParams
function ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2015-1537
RESERVED
CVE-2015-1536 (Integer overflow in the Bitmap_createFromParcel function in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-1535
RESERVED
CVE-2015-1534
@@ -16630,7 +16630,7 @@
CVE-2015-1529
RESERVED
CVE-2015-1528 (Integer overflow in the native_handle_create function in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-1527
RESERVED
CVE-2015-1526
@@ -21907,7 +21907,7 @@
CVE-2014-9203 (Buffer overflow in the Field Device Tool (FDT) Frame
application in ...)
NOT-FOR-US: HART Device Type Manager (DTM) library
CVE-2014-9202 (Multiple stack-based buffer overflows in an unspecified DLL
file in ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2014-9201 (Beckwith Electric M-6200 Digital Voltage Regulator Control with
...)
NOT-FOR-US: Beckwith Electric digital voltage regulators
CVE-2014-9200 (Stack-based buffer overflow in an unspecified DLL file in a DTM
...)
@@ -22745,7 +22745,7 @@
CVE-2015-0300
RESERVED
CVE-2015-0299 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Source ...)
- TODO: check
+ NOT-FOR-US: Open Source Point of Sale
CVE-2015-0298 (Cross-site scripting (XSS) vulnerability in the manager web
interface ...)
NOT-FOR-US: mod_cluster
CVE-2015-0297 (Red Hat JBoss Operations Network 3.3.1 does not properly
restrict ...)
@@ -26495,11 +26495,11 @@
CVE-2014-7918
RESERVED
CVE-2014-7917 (Integer overflow in SampleTable.cpp in libstagefright in
Android ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2014-7916 (Integer overflow in SampleTable.cpp in libstagefright in
Android ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2014-7915 (Integer overflow in SampleTable.cpp in libstagefright in
Android ...)
- TODO: check
+ NOT-FOR-US: libstagefright in Android
CVE-2014-7914
RESERVED
CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through
6.9.1, as ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
