Author: jmm
Date: 2017-04-13 21:31:16 +0000 (Thu, 13 Apr 2017)
New Revision: 50634
Modified:
data/CVE/list
Log:
new rtmpdump issues
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-13 21:23:31 UTC (rev 50633)
+++ data/CVE/list 2017-04-13 21:31:16 UTC (rev 50634)
@@ -52761,11 +52761,14 @@
CVE-2015-8273
RESERVED
CVE-2015-8272 (RTMPDump 2.4 allows remote attackers to trigger a denial of
service ...)
- TODO: check
+ - rtmpdump <unfixed>
+ NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0068/
CVE-2015-8271 (The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows
remote ...)
- TODO: check
+ - rtmpdump <unfixed>
+ NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0067/
CVE-2015-8270 (The AMF3ReadString function in amf.c in RTMPDump 2.4 allows
remote ...)
- TODO: check
+ - rtmpdump <unfixed>
+ NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0066/
CVE-2015-8269 (The API on Fisher-Price Smart Toy Bear devices allows remote
attackers ...)
NOT-FOR-US: Fisher-Price
CVE-2015-8268 (The up.time agent in Idera Uptime Infrastructure Monitor 7.5
and 7.6 ...)
@@ -52872,7 +52875,7 @@
CVE-2015-8224
RESERVED
CVE-2015-8223 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and
P7-L09C92B85, and ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8222 (The lxd-unix.socket systemd unit file in the Ubuntu lxd package
before ...)
- lxd <itp> (bug #768073)
CVE-2015-8221 (Integer overflow in Google Picasa before 3.9.140 Build 259
allows ...)
@@ -68009,7 +68012,7 @@
CVE-2015-2948 (Cross-site scripting (XSS) vulnerability in the image processor
in ...)
NOT-FOR-US: Zenphoto
CVE-2015-2947 (KanColleViewer versions 3.8.1 and earlier operates as an open
proxy ...)
- TODO: check
+ NOT-FOR-US: KanColleViewer
CVE-2015-2946 (Stack-based buffer overflow in the Open CAD Format Council SXF
common ...)
NOT-FOR-US: Open CAD Format Council SXF common library
CVE-2015-2945 (mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before
2015-05-15 does ...)
@@ -82232,9 +82235,9 @@
CVE-2014-7922 (The GoogleAuthUtil.getToken method in the Google Play services
SDK ...)
NOT-FOR-US: Google Play
CVE-2014-7921 (mediaserver in Android 4.0.3 through 5.x before 5.1 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Android MediaServer
CVE-2014-7920 (mediaserver in Android 2.2 through 5.x before 5.1 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Android MediaServer
CVE-2014-7919
RESERVED
CVE-2014-7918
@@ -91859,7 +91862,7 @@
CVE-2014-3888 (Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa
CENTUM CS ...)
NOT-FOR-US: Yokogawa
CVE-2014-3887 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE
RockDisk ...)
- TODO: check
+ NOT-FOR-US: I-O DATA DEVICE
CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before
1.690, when ...)
NOT-FOR-US: Webmin
CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690
allows ...)
@@ -95353,7 +95356,7 @@
CVE-2014-2711 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper
Junos ...)
NOT-FOR-US: Juniper Junos
CVE-2014-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver
...)
- TODO: check
+ NOT-FOR-US: Oliver (formerly Webshar)
CVE-2014-2705
RESERVED
CVE-2014-2704
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
