Author: helmutg
Date: 2015-04-26 14:38:37 +0000 (Sun, 26 Apr 2015)
New Revision: 33864
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-26 14:38:28 UTC (rev 33863)
+++ data/CVE/list 2015-04-26 14:38:37 UTC (rev 33864)
@@ -3032,7 +3032,7 @@
CVE-2015-2248
RESERVED
CVE-2015-2247 (Unspecified vulnerability in Boosted Boards skateboards allows
...)
- TODO: check
+ NOT-FOR-US: Boosted Boards skateboards
CVE-2015-2246
RESERVED
CVE-2015-2245
@@ -3110,7 +3110,7 @@
CVE-2015-2224
RESERVED
CVE-2015-2223 (Multiple cross-site scripting (XSS) vulnerabilities in Palo
Alto ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks Traps
CVE-2015-2222
RESERVED
CVE-2015-2221
@@ -5564,7 +5564,7 @@
CVE-2015-1416
RESERVED
CVE-2015-1415 (The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when
...)
- TODO: check
+ NOT-FOR-US: FreeBSD installer
CVE-2015-1414 (Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10.
10.0 ...)
{DSA-3175-1}
- kfreebsd-10 10.1~svn274115-4 (bug #779195)
@@ -5814,7 +5814,7 @@
CVE-2015-1315 (Buffer overflow in the charset_to_intern function in
unix/unix.c in ...)
- unzip <not-affected> (*-unzip60-alt-iconv-utf8 patch not applied in
Debian)
CVE-2015-1314 (The USAA Mobile Banking application before 7.10.1 for Android
displays ...)
- TODO: check
+ NOT-FOR-US: USAA Mobile Banking application for Android
CVE-2015-1313
RESERVED
CVE-2015-1312 (The Dealer Portal in SAP ERP does not properly restrict access,
which ...)
@@ -6389,7 +6389,7 @@
CVE-2015-1150
RESERVED
CVE-2015-1149 (Integer overflow in the simulator in Swift in Apple Xcode
before 6.3 ...)
- TODO: check
+ NOT-FOR-US: Apple Xcode
CVE-2015-1148 (Screen Sharing in Apple OS X before 10.10.3 stores the password
of a ...)
NOT-FOR-US: Apple
CVE-2015-1147 (Open Directory Client in Apple OS X before 10.10.3 sends
unencrypted ...)
@@ -6429,15 +6429,15 @@
CVE-2015-1130 (The XPC implementation in Admin Framework in Apple OS X before
10.10.3 ...)
NOT-FOR-US: Apple
CVE-2015-1129 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before
8.0.5 does ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2015-1128 (The private-browsing implementation in Apple Safari before
6.2.5, 7.x ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2015-1127 (The private-browsing implementation in WebKit in Apple Safari
before ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2015-1126 (WebKit, as used in Apple iOS before 8.3 and Apple Safari before
6.2.5, ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2015-1125 (The touch-events implementation in WebKit in Apple iOS before
8.3 ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2015-1124 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2,
and ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2015-1123 (WebKit, as used in Apple iOS before 8.3 and Apple TV before
7.2, ...)
@@ -7354,7 +7354,7 @@
CVE-2015-0904
RESERVED
CVE-2015-0903 (Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: Saitoh Kikaku Maruo Editor
CVE-2015-0902 (The Semper Fi All in One SEO Pack plugin before 2.2.6 for
WordPress ...)
NOT-FOR-US: WordPress plugin all-in-one-seo-pack
CVE-2015-0901 (Cross-site scripting (XSS) vulnerability in the duwasai flashy
theme ...)
@@ -7420,9 +7420,9 @@
CVE-2015-0878 (Directory traversal vulnerability in CREAR AL-Mail32 before
1.13d ...)
NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0877 (Unrestricted file upload vulnerability in app/lib/mlf.pl in
C-BOARD ...)
- TODO: check
+ NOT-FOR-US: C-BOARD Moyuku
CVE-2015-0876 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Saurus CMS
CVE-2015-0875 (The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0
for ...)
NOT-FOR-US: Ogaki Kyoritsu Bank Smartphone Passbook application for
Android
CVE-2015-0874
@@ -7889,7 +7889,7 @@
CVE-2015-0699 (SQL injection vulnerability in the Interactive Voice Response
(IVR) ...)
NOT-FOR-US: Cisco
CVE-2015-0698 (Multiple cross-site scripting (XSS) vulnerabilities in filter
search ...)
- TODO: check
+ NOT-FOR-US: Cisco WSA
CVE-2015-0697 (Open redirect vulnerability in the login page in Cisco TC
Software ...)
NOT-FOR-US: Cisco
CVE-2015-0696 (Cross-site scripting (XSS) vulnerability in the login page in
Cisco TC ...)
@@ -7897,11 +7897,11 @@
CVE-2015-0695 (Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when
uRPF, PBR, ...)
NOT-FOR-US: Cisco IOS
CVE-2015-0694 (Cisco ASR 9000 devices with software 5.3.0.BASE do not
recognize that ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0693 (Cisco Web Security Appliance (WSA) devices with software
8.5.0-ise-147 ...)
- TODO: check
+ NOT-FOR-US: Cisco WSA
CVE-2015-0692 (Cisco Web Security Appliance (WSA) devices with software
8.5.0-ise-147 ...)
- TODO: check
+ NOT-FOR-US: Cisco WSA
CVE-2015-0691 (A certain Cisco JAR file, as distributed in Cache Cleaner in
Cisco ...)
NOT-FOR-US: Cisco Secure Desktop Cache Cleaner
CVE-2015-0690 (Cross-site scripting (XSS) vulnerability in the HTML help
system on ...)
@@ -10036,7 +10036,6 @@
CVE-2015-0346 (Double free vulnerability in Adobe Flash Player before
13.0.0.281 and ...)
NOT-FOR-US: Adobe Flash
CVE-2015-0345 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10
before ...)
- TODO: check
NOT-FOR-US: Adobe ColdFusion
CVE-2015-0344
RESERVED
@@ -10216,9 +10215,9 @@
CVE-2014-9147
RESERVED
CVE-2014-9146 (Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS
...)
- TODO: check
+ NOT-FOR-US: Fiyo CMS
CVE-2014-9145 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8
allow ...)
- TODO: check
+ NOT-FOR-US: Fiyo CMS
CVE-2014-9144 (Technicolor Router TD5130 with firmware 2.05.C29GV allows
remote ...)
NOT-FOR-US: Technicolor routers
CVE-2014-9143 (Open redirect vulnerability in Technicolor Router TD5130 with
firmware ...)
@@ -13123,7 +13122,7 @@
CVE-2014-8391
RESERVED
CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before
2.2.168 ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-8389
RESERVED
CVE-2014-8388 (Stack-based buffer overflow in Advantech WebAccess, formerly
BroadWin ...)
@@ -20206,17 +20205,17 @@
CVE-2014-5406
RESERVED
CVE-2014-5405 (Hospira MedNet before 6.1 uses a hardcoded cleartext password
to ...)
- TODO: check
+ NOT-FOR-US: Hospira MedNet
CVE-2014-5404
RESERVED
CVE-2014-5403 (Hospira MedNet before 6.1 uses hardcoded cryptographic keys for
...)
- TODO: check
+ NOT-FOR-US: Hospira MedNet
CVE-2014-5402
RESERVED
CVE-2014-5401
RESERVED
CVE-2014-5400 (The installation component in Hospira MedNet before 6.1 places
...)
- TODO: check
+ NOT-FOR-US: Hospira MedNet
CVE-2014-5399 (SQL injection vulnerability in Schneider Electric Wonderware
...)
NOT-FOR-US: Schneider Electric
CVE-2014-5398 (Schneider Electric Wonderware Information Server (WIS) Portal
4.0 SP1 ...)
@@ -40867,7 +40866,7 @@
CVE-2013-4867
RESERVED
CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for
Android ...)
- TODO: check
+ NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for
Android
CVE-2013-4865
RESERVED
CVE-2013-4864
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
