Process list of NFUs

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@36028 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Salvatore Bonaccorso <carnil@debian.org> 2015-08-13 07:09:24 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2015-08-13 07:09:24 +0000
commit: ce24215cf211974dbf3d75b98e585c0a09bd1695 (patch)
tree: 4a8420dc696bc86531a1cc345799f93d76d3501a /data/CVE
parent: e99625e9cfbad4b9457c87a998e312c3bb402e39 (diff)
11 files changed, 91 insertions, 91 deletions
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index 12b822c429..d2f077e6fd 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,5 +1,5 @@
 CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Discovery VH
 CVE-2003-1602
 	RESERVED
 CVE-2003-1601
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index a489982746..86a033c0e8 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1,5 +1,5 @@
 CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity Image Vault
 CVE-2004-XXXX [base-passwd: sets valid shells for system services]
 	- base-passwd 3.5.30 (unimportant; bug #274229)
 	NOTE: Hardening, not a direct vulnerability
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 0eb5c701f8..8f12221b88 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,5 +1,5 @@
 CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Infinia II
 CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in ...)
 	NOT-FOR-US: NetBSD/FreeBSD libc
 CVE-2006-7251
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index aafa37ce0c..5910345347 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,7 +1,7 @@
 CVE-2007-6758
 	RESERVED
 CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity DMS
 CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a ...)
 	NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series
 CVE-2007-6755 (The NIST SP 800-90A default statement of the Dual Elliptic Curve ...)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 0160eabb38..7863f994d7 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -31,7 +31,7 @@ CVE-2009-5144 [vulnerability involving the directory context]
 	- mod-gnutls 0.5.6-1 (bug #578663)
 	NOTE: http://issues.outoforder.cc/view.php?id=93
 CVE-2009-5143 (GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Discovery 530C
 CVE-2009-5142 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...)
 	NOT-FOR-US: TimThumb
 CVE-2009-5141 (Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 ...)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index d2dbceb005..aece1721e6 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -45,15 +45,15 @@ CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst]
 	[wheezy] - riece <no-dsa> (Minor issue)
 	[squeeze] - riece <no-dsa> (Minor issue)
 CVE-2010-5310 (The Acquisition Workstation for the GE Healthcare Revolution XQ/i has ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Revolution XQ/i
 CVE-2010-5309 (GE Healthcare CADStream Server has a default password of confirma for ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare CADStream Server
 CVE-2010-5308 (GE Healthcare Optima MR360 does not require authentication for the ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Optima MR360
 CVE-2010-5307 (The HIPAA configuration interface in GE Healthcare Optima MR360 has a ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Optima MR360
 CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Optima
 CVE-2010-5305
 	RESERVED
 CVE-2010-5304
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index c6c60e9ee7..4111a4d171 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -1,9 +1,9 @@
 CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity PACS-IW
 CVE-2011-5323 (GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity PACS-IW
 CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity Analytics Server
 CVE-2011-5321 [tty: kobject reference leakage in tty_open]
 	RESERVED
 	{DLA-246-1}
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 00c5426334..ac9462b923 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1,9 +1,9 @@
 CVE-2012-6695 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity PACS Workstation
 CVE-2012-6694 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity PACS Workstation
 CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password of (1) ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity PACS
 CVE-2012-6692 (Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in ...)
 	NOT-FOR-US: WordPress plugin wordpress-seo
 CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -106,7 +106,7 @@ CVE-2012-6661 (Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before
 	- zope2.13 <not-affected> (Fixed before initial upload in upstream version 2.13.19)
 	NOTE: CVE SPLIT from CVE-2012-5508
 CVE-2012-6660 (GE Healthcare Precision MPi has a password of (1) orion for the ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Precision MPi
 CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)
 	NOT-FOR-US: Phorum
 CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index ba6cc724a8..2feb1bb45c 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -8,7 +8,7 @@ CVE-2013-7443 [SQLite array overrun in the skip-scan optimization]
 	NOTE: https://www.sqlite.org/src/info/520070ec7fbaac
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/5
 CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity PACS Workstation
 CVE-2013-7440 [incorrect wildcard matching rules]
 	RESERVED
 	- python3.4 3.4~b1-4
@@ -186,9 +186,9 @@ CVE-2013-7407 (Cross-site request forgery (CSRF) vulnerability in the MRBS modul
 CVE-2013-7406 (SQL injection vulnerability in the MRBS module for Drupal allows ...)
 	NOT-FOR-US: Drupal module MRBS
 CVE-2013-7405 (The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity DMS
 CVE-2013-7404 (GE Healthcare Discovery NM 750b has a password of 2getin for the ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Discovery NM 750b
 CVE-2013-7403
 	RESERVED
 	NOT-FOR-US: WordPress plugin wp-video-commando
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 76c334e1d4..91a02a0825 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -19,7 +19,7 @@ CVE-2014-9738 (Multiple cross-site scripting (XSS) vulnerabilities in the Tourna
 CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown module ...)
 	NOT-FOR-US: Language Switcher Dropdown module for Drupal
 CVE-2014-9736 (GE Healthcare Centricity Clinical Archive Audit Trail Repository has a ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Centricity Clinical Archive Audit Trail Repository
 CVE-2014-9735 (The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for ...)
 	NOT-FOR-US: WordPress plugins ThemePunch Slider Revolution (revslider) and Showbiz Pro
 CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution (revslider) ...)
@@ -7052,9 +7052,9 @@ CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asteris
 CVE-2014-7234
 	REJECTED
 CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Precision THUNIS-800+
 CVE-2014-7232 (GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare Discovery XR656 and XR656 G2
 CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x ...)
 	NOT-FOR-US: Joomla
 CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, ...)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 4584f05ec9..0aa7f53573 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1,5 +1,5 @@
 CVE-2015-5965 (The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiOS
 CVE-2015-XXXX [crypt XSS]
 	- request-tracker4 <unfixed>
 	[wheezy] - request-tracker4 <not-affected> (Vulnerable code not present)
@@ -27,11 +27,11 @@ CVE-2015-5964
 CVE-2015-5963
 	RESERVED
 CVE-2015-5962 (Integer signedness error in the ...)
-	TODO: check
+	NOT-FOR-US: Mozilla Firefox OS
 CVE-2015-5961 (The COPPA error page in the Accounts setup dialog in Mozilla Firefox ...)
-	TODO: check
+	NOT-FOR-US: Mozilla Firefox OS
 CVE-2015-5960 (Mozilla Firefox OS before 2.2 allows physically proximate attackers to ...)
-	TODO: check
+	NOT-FOR-US: Mozilla Firefox OS
 CVE-2015-XXXX [allows access to a connected USB printer via all configured network addresses]
 	- ippusbxd <unfixed> (bug #795162)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/11/1
@@ -865,7 +865,7 @@ CVE-2015-5620
 CVE-2015-5619
 	RESERVED
 CVE-2015-5618 (Chiyu BF-630 and BF-630W fingerprint access-control devices allow ...)
-	TODO: check
+	NOT-FOR-US: Chiyu BF-630 and BF-630W fingerprint access-control devices
 CVE-2015-5617
 	RESERVED
 CVE-2015-5616
@@ -1069,7 +1069,7 @@ CVE-2015-5539
 CVE-2015-5538
 	RESERVED
 CVE-2015-5537 (The SSL layer of the HTTPS service in Siemens RuggedCom ROS before ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2015-XXXX [more to CVE-2014-8146]
 	- icu <unfixed>
 	[wheezy] - icu <not-affected> (Vulnerable code not present)
@@ -1497,7 +1497,7 @@ CVE-2015-5371 (The AuthenticationFilter class in SolarWinds Storage Manager allo
 CVE-2015-5370
 	RESERVED
 CVE-2015-5369 (Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, ...)
-	TODO: check
+	NOT-FOR-US: Pulse Connect Secure / Juniper PCS
 CVE-2015-5368
 	RESERVED
 CVE-2015-5367
@@ -2213,7 +2213,7 @@ CVE-2015-5086 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0
 CVE-2015-5085 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2015-5084 (The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2015-5083
 	RESERVED
 CVE-2015-5082
@@ -2516,7 +2516,7 @@ CVE-2015-4947
 CVE-2015-4946
 	RESERVED
 CVE-2015-4945 (Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-4944
 	RESERVED
 CVE-2015-4943
@@ -2534,17 +2534,17 @@ CVE-2015-4938
 CVE-2015-4937
 	RESERVED
 CVE-2015-4936 (Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-4935 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-4934 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-4933 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-4932 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-4931 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-4930
 	RESERVED
 CVE-2015-4929
@@ -2860,7 +2860,7 @@ CVE-2015-4775 (Unspecified vulnerability in the Data Store component in Oracle .
 CVE-2015-4774 (Unspecified vulnerability in the Data Store component in Oracle ...)
 	TODO: check
 CVE-2015-4773 (Unspecified vulnerability in the Hyperion Common Security component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle Hyperion
 CVE-2015-4772 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
 	- mysql-5.6 5.6.25-2
 	- mysql-5.5 <not-affected> (Only 5.6 series)
@@ -2870,7 +2870,7 @@ CVE-2015-4771 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earli
 	- mysql-5.5 <not-affected> (Only 5.6 series)
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
 CVE-2015-4770 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
-	TODO: check
+	NOT-FOR-US: Oracle Sun Solaris
 CVE-2015-4769 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
 	- mysql-5.6 5.6.25-2
 	- mysql-5.5 <not-affected> (Only 5.6 series)
@@ -3175,7 +3175,7 @@ CVE-2015-4680 [insufficent CRL application]
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/5e698b407dcac2bc45cf03484bac4398109d25c3 (v2.x.x branch)
 	NOTE: http://www.ocert.org/advisories/ocert-2015-008.html
 CVE-2015-4674 (The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows ...)
-	TODO: check
+	NOT-FOR-US: TimeDoctor Pro
 CVE-2015-4673
 	RESERVED
 CVE-2015-4672
@@ -4065,25 +4065,25 @@ CVE-2015-4297
 CVE-2015-4296
 	RESERVED
 CVE-2015-4295 (The Prime Collaboration Deployment component in Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4294 (Cross-site scripting (XSS) vulnerability in Cisco IM and Presence ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4293 (The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4292 (Cross-site scripting (XSS) vulnerability in the management interface ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4291 (Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4290 (The kernel extension in Cisco AnyConnect Secure Mobility Client ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4289 (Directory traversal vulnerability in Cisco AnyConnect Secure Mobility ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4288 (The LDAP implementation on the Cisco Web Security Appliance (WSA) ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4287 (Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4286 (The web framework in Cisco UCS Central Software 1.3(0.99) allows ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-4285 (The Local Packet Transport Services (LPTS) implementation in Cisco IOS ...)
 	NOT-FOR-US: Cisco
 CVE-2015-4284 (The Concurrent Data Management Replication process in Cisco IOS XR ...)
@@ -5027,15 +5027,15 @@ CVE-2015-3965
 CVE-2015-3964
 	RESERVED
 CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks as used on Schneider Electric devices
 CVE-2015-3962
 	RESERVED
 CVE-2015-3961 (The web-server component in MNS before 4.5.6 on Belden GarrettCom ...)
-	TODO: check
+	NOT-FOR-US: Belden GarrettCom switches
 CVE-2015-3960 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...)
-	TODO: check
+	NOT-FOR-US: Belden GarrettCom switches
 CVE-2015-3959 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...)
-	TODO: check
+	NOT-FOR-US: Belden GarrrettCom switches
 CVE-2015-3958 (Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly ...)
 	NOT-FOR-US: Hospira LifeCare
 CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private keys ...)
@@ -5069,11 +5069,11 @@ CVE-2015-3944
 CVE-2015-3943
 	RESERVED
 CVE-2015-3942 (Multiple cross-site scripting (XSS) vulnerabilities in the web-server ...)
-	TODO: check
+	NOT-FOR-US: Belden GarrettCom switches
 CVE-2015-3941
 	RESERVED
 CVE-2015-3940 (Untrusted search path vulnerability in Schneider Electric Wonderware ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 modules for ...)
 	NOT-FOR-US: IDS RTU 850C devices
 CVE-2015-3938
@@ -5934,7 +5934,7 @@ CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descri
 	- docker.io 1.6.1+dfsg1-1 (bug #784726)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
 CVE-2015-3626 (Cross-site scripting (XSS) vulnerability in the DHCP Monitor page the ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiOS
 CVE-2015-3625 (The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before ...)
 	- nvidia-graphics-drivers <undetermined>
 	NOTE: the text seems to indicate that this is freebsd-specific (possibly kfreebsd
@@ -7907,19 +7907,19 @@ CVE-2015-2982
 CVE-2015-2981
 	RESERVED
 CVE-2015-2980 (The Yodobashi application 1.2.1.0 and earlier for Android allows ...)
-	TODO: check
+	NOT-FOR-US: Yodobashi application for Android
 CVE-2015-2979 (Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Webservice-DIC yoyaku_v41
 CVE-2015-2978 (Webservice-DIC yoyaku_v41 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Webservice-DIC yoyaku_v41
 CVE-2015-2977 (Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Webservice-DIC yoyaku_v41
 CVE-2015-2976 (Multiple cross-site scripting (XSS) vulnerabilities in Research ...)
-	TODO: check
+	NOT-FOR-US: Research Artisan Lite
 CVE-2015-2975 (Research Artisan Lite before 1.18 does not ensure that a user has ...)
-	TODO: check
+	NOT-FOR-US: Research Artisan Lite
 CVE-2015-2974 (LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: LEMON-S PHP Gazou BBS
 CVE-2015-2973 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart ...)
 	NOT-FOR-US: Welcart plugin for WordPress
 CVE-2015-2972 (Multiple SQL injection vulnerabilities in Sysphonic Thetis before ...)
@@ -8071,7 +8071,7 @@ CVE-2015-2899
 CVE-2015-2898
 	RESERVED
 CVE-2015-2897 (Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices ...)
-	TODO: check
+	NOT-FOR-US: Sierra Wireless ALEOS
 CVE-2015-2896
 	RESERVED
 CVE-2015-2895
@@ -8085,7 +8085,7 @@ CVE-2015-2892
 CVE-2015-2891
 	RESERVED
 CVE-2015-2890 (The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile ...)
-	TODO: check
+	NOT-FOR-US: BIOS implementations on Dell hardware with model-dependent firmware
 CVE-2015-2889
 	RESERVED
 CVE-2015-2888
@@ -8128,9 +8128,9 @@ CVE-2015-2873
 CVE-2015-2872
 	RESERVED
 CVE-2015-2871 (Chiyu BF-660C fingerprint access-control devices allow remote ...)
-	TODO: check
+	NOT-FOR-US: Chiyu BF-660C fingerprint access-control devices
 CVE-2015-2870 (Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and ...)
-	TODO: check
+	NOT-FOR-US: Chiyu fingerprint access-control devices
 CVE-2015-2869 (The FileInfo plugin before 2.22 for Ghisler Total Commander allows ...)
 	NOT-FOR-US: Ghisler Total Commander
 CVE-2015-2868
@@ -8174,9 +8174,9 @@ CVE-2015-2850 (Cross-site scripting (XSS) vulnerability in index-login.ant in th
 CVE-2015-2849 (SQL injection vulnerability in main.ant in the ANTlabs InnGate ...)
 	NOT-FOR-US: ANTlabs
 CVE-2015-2848 (Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo ...)
-	TODO: check
+	NOT-FOR-US: Honeywell Tuxedo Touch
 CVE-2015-2847 (Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side ...)
-	TODO: check
+	NOT-FOR-US: Honeywell Tuxedo Touch
 CVE-2015-2846 (BitTorrent Sync allows remote attackers to execute arbitrary commands ...)
 	- btsync <itp> (bug #706639)
 CVE-2015-2845 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...)
@@ -8572,9 +8572,9 @@ CVE-2015-2774 [Erlang POODLE TLS vulnerability]
 	NOTE: CVE about "ssl: ... added padding check for TLS-1.0 due to the Poodle vulnerability."
 	NOTE: https://github.com/erlang/otp/commit/e53c55dd0ab69982bc511396ccf8655d27c6d38c
 CVE-2015-2745 (Multiple cross-site scripting (XSS) vulnerabilities in the Search app ...)
-	TODO: check
+	NOT-FOR-US: Mozilla Firefox OS
 CVE-2015-2744 (Cross-site scripting (XSS) vulnerability in the Search app in Gaia in ...)
-	TODO: check
+	NOT-FOR-US: Mozilla Firefox OS
 CVE-2015-2743 (PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
@@ -9067,7 +9067,7 @@ CVE-2015-2617 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earli
 	- mysql-5.5 <not-affected> (Only 5.6 series)
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
 CVE-2015-2616 (Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows ...)
-	TODO: check
+	NOT-FOR-US: Oracle Sun Solaris
 CVE-2015-2615 (Unspecified vulnerability in the Oracle Applications Framework ...)
 	NOT-FOR-US: Oracle E-Business
 CVE-2015-2614 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
@@ -9167,7 +9167,7 @@ CVE-2015-2582 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earli
 CVE-2015-2581 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
 	NOT-FOR-US: Oracle Virtualization
 CVE-2015-2580 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
-	TODO: check
+	NOT-FOR-US: Oracle Sun Solaris
 CVE-2015-2579 (Unspecified vulnerability in the Oracle Health Sciences Argus Safety ...)
 	NOT-FOR-US: Oracle
 CVE-2015-2578 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote ...)
@@ -9784,7 +9784,7 @@ CVE-2015-2325 [heap buffer overflow in compile_branch()]
 CVE-2015-2324
 	RESERVED
 CVE-2015-2323 (FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, ...)
-	TODO: check
+	NOT-FOR-US: FortiOS
 CVE-2015-2322
 	RESERVED
 CVE-2015-2321
@@ -10738,7 +10738,7 @@ CVE-2015-1989
 CVE-2015-1988
 	RESERVED
 CVE-2015-1987 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-1986 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...)
 	NOT-FOR-US: IBM
 CVE-2015-1985
@@ -10772,7 +10772,7 @@ CVE-2015-1972 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 befo
 CVE-2015-1971
 	RESERVED
 CVE-2015-1970 (The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-1969
 	RESERVED
 CVE-2015-1968 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
@@ -10796,13 +10796,13 @@ CVE-2015-1960
 CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...)
 	NOT-FOR-US: IBM
 CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-1957
 	RESERVED
 CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-1954 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
 	NOT-FOR-US: IBM
 CVE-2015-1953 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
@@ -10905,7 +10905,7 @@ CVE-2015-1906 (Cross-site scripting (XSS) vulnerability in the REST API in IBM .
 CVE-2015-1905 (The REST API in IBM Business Process Manager (BPM) 7.5.x through ...)
 	NOT-FOR-US: IBM BPM
 CVE-2015-1904 (IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-1903 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...)
 	NOT-FOR-US: IBM
 CVE-2015-1902 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...)
@@ -12057,19 +12057,19 @@ CVE-2015-1495 (Multiple stack-based buffer overflows in Motorola Scanner SDK all
 CVE-2015-1494 (The FancyBox for WordPress plugin before 3.0.3 for WordPress does not ...)
 	NOT-FOR-US: FancyBox plugin for WordPress
 CVE-2015-1492 (Untrusted search path vulnerability in the client in Symantec Endpoint ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2015-1491 (SQL injection vulnerability in the management console in Symantec ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2015-1490 (Directory traversal vulnerability in the management console in ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2015-1489 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2015-1488 (An unspecified action handler in the management console in Symantec ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2015-1487 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2015-1486 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2015-1485 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
 	NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention
 CVE-2015-1484 (Unquoted Windows search path vulnerability in the agent in Symantec ...)
@@ -13579,7 +13579,7 @@ CVE-2015-1011 (Hospira LifeCare PCA Infusion System before 7.0 has hardcoded ...
 CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does ...)
 	NOT-FOR-US: Rockwell Automation RSView32
 CVE-2015-1009 (Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before 13 ...)
 	NOT-FOR-US: Emerson AMS Device Manager
 CVE-2015-1007
@@ -14359,7 +14359,7 @@ CVE-2015-0734 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco
 CVE-2015-0733 (CRLF injection vulnerability in the HTTP Header Handler in Digital ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0732 (Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0731 (The ISDN implementation in Cisco IOS 15.3S allows remote attackers to ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0730 (The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2015-08-13 07:09:24 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2015-08-13 07:09:24 +0000
commit	ce24215cf211974dbf3d75b98e585c0a09bd1695 (patch)
tree	4a8420dc696bc86531a1cc345799f93d76d3501a /data/CVE
parent	e99625e9cfbad4b9457c87a998e312c3bb402e39 (diff)