diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2015-08-13 07:09:24 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2015-08-13 07:09:24 +0000 |
commit | ce24215cf211974dbf3d75b98e585c0a09bd1695 (patch) | |
tree | 4a8420dc696bc86531a1cc345799f93d76d3501a /data/CVE | |
parent | e99625e9cfbad4b9457c87a998e312c3bb402e39 (diff) |
Process list of NFUs
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@36028 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2003.list | 2 | ||||
-rw-r--r-- | data/CVE/2004.list | 2 | ||||
-rw-r--r-- | data/CVE/2006.list | 2 | ||||
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2009.list | 2 | ||||
-rw-r--r-- | data/CVE/2010.list | 10 | ||||
-rw-r--r-- | data/CVE/2011.list | 6 | ||||
-rw-r--r-- | data/CVE/2012.list | 8 | ||||
-rw-r--r-- | data/CVE/2013.list | 6 | ||||
-rw-r--r-- | data/CVE/2014.list | 6 | ||||
-rw-r--r-- | data/CVE/2015.list | 136 |
11 files changed, 91 insertions, 91 deletions
diff --git a/data/CVE/2003.list b/data/CVE/2003.list index 12b822c429..d2f077e6fd 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -1,5 +1,5 @@ CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...) - TODO: check + NOT-FOR-US: GE Healthcare Discovery VH CVE-2003-1602 RESERVED CVE-2003-1601 diff --git a/data/CVE/2004.list b/data/CVE/2004.list index a489982746..86a033c0e8 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,5 +1,5 @@ CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity Image Vault CVE-2004-XXXX [base-passwd: sets valid shells for system services] - base-passwd 3.5.30 (unimportant; bug #274229) NOTE: Hardening, not a direct vulnerability diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 0eb5c701f8..8f12221b88 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -1,5 +1,5 @@ CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...) - TODO: check + NOT-FOR-US: GE Healthcare Infinia II CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in ...) NOT-FOR-US: NetBSD/FreeBSD libc CVE-2006-7251 diff --git a/data/CVE/2007.list b/data/CVE/2007.list index aafa37ce0c..5910345347 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,7 +1,7 @@ CVE-2007-6758 RESERVED CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity DMS CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a ...) NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series CVE-2007-6755 (The NIST SP 800-90A default statement of the Dual Elliptic Curve ...) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 0160eabb38..7863f994d7 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -31,7 +31,7 @@ CVE-2009-5144 [vulnerability involving the directory context] - mod-gnutls 0.5.6-1 (bug #578663) NOTE: http://issues.outoforder.cc/view.php?id=93 CVE-2009-5143 (GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) ...) - TODO: check + NOT-FOR-US: GE Healthcare Discovery 530C CVE-2009-5142 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...) NOT-FOR-US: TimThumb CVE-2009-5141 (Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 ...) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index d2dbceb005..aece1721e6 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -45,15 +45,15 @@ CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst] [wheezy] - riece <no-dsa> (Minor issue) [squeeze] - riece <no-dsa> (Minor issue) CVE-2010-5310 (The Acquisition Workstation for the GE Healthcare Revolution XQ/i has ...) - TODO: check + NOT-FOR-US: GE Healthcare Revolution XQ/i CVE-2010-5309 (GE Healthcare CADStream Server has a default password of confirma for ...) - TODO: check + NOT-FOR-US: GE Healthcare CADStream Server CVE-2010-5308 (GE Healthcare Optima MR360 does not require authentication for the ...) - TODO: check + NOT-FOR-US: GE Healthcare Optima MR360 CVE-2010-5307 (The HIPAA configuration interface in GE Healthcare Optima MR360 has a ...) - TODO: check + NOT-FOR-US: GE Healthcare Optima MR360 CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default ...) - TODO: check + NOT-FOR-US: GE Healthcare Optima CVE-2010-5305 RESERVED CVE-2010-5304 diff --git a/data/CVE/2011.list b/data/CVE/2011.list index c6c60e9ee7..4111a4d171 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -1,9 +1,9 @@ CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity PACS-IW CVE-2011-5323 (GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity PACS-IW CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity Analytics Server CVE-2011-5321 [tty: kobject reference leakage in tty_open] RESERVED {DLA-246-1} diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 00c5426334..ac9462b923 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1,9 +1,9 @@ CVE-2012-6695 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity PACS Workstation CVE-2012-6694 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity PACS Workstation CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password of (1) ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity PACS CVE-2012-6692 (Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in ...) NOT-FOR-US: WordPress plugin wordpress-seo CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) @@ -106,7 +106,7 @@ CVE-2012-6661 (Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before - zope2.13 <not-affected> (Fixed before initial upload in upstream version 2.13.19) NOTE: CVE SPLIT from CVE-2012-5508 CVE-2012-6660 (GE Healthcare Precision MPi has a password of (1) orion for the ...) - TODO: check + NOT-FOR-US: GE Healthcare Precision MPi CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in ...) NOT-FOR-US: Phorum CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index ba6cc724a8..2feb1bb45c 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -8,7 +8,7 @@ CVE-2013-7443 [SQLite array overrun in the skip-scan optimization] NOTE: https://www.sqlite.org/src/info/520070ec7fbaac NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/5 CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity PACS Workstation CVE-2013-7440 [incorrect wildcard matching rules] RESERVED - python3.4 3.4~b1-4 @@ -186,9 +186,9 @@ CVE-2013-7407 (Cross-site request forgery (CSRF) vulnerability in the MRBS modul CVE-2013-7406 (SQL injection vulnerability in the MRBS module for Drupal allows ...) NOT-FOR-US: Drupal module MRBS CVE-2013-7405 (The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity DMS CVE-2013-7404 (GE Healthcare Discovery NM 750b has a password of 2getin for the ...) - TODO: check + NOT-FOR-US: GE Healthcare Discovery NM 750b CVE-2013-7403 RESERVED NOT-FOR-US: WordPress plugin wp-video-commando diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 76c334e1d4..91a02a0825 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -19,7 +19,7 @@ CVE-2014-9738 (Multiple cross-site scripting (XSS) vulnerabilities in the Tourna CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown module ...) NOT-FOR-US: Language Switcher Dropdown module for Drupal CVE-2014-9736 (GE Healthcare Centricity Clinical Archive Audit Trail Repository has a ...) - TODO: check + NOT-FOR-US: GE Healthcare Centricity Clinical Archive Audit Trail Repository CVE-2014-9735 (The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for ...) NOT-FOR-US: WordPress plugins ThemePunch Slider Revolution (revslider) and Showbiz Pro CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution (revslider) ...) @@ -7052,9 +7052,9 @@ CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asteris CVE-2014-7234 REJECTED CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 ...) - TODO: check + NOT-FOR-US: GE Healthcare Precision THUNIS-800+ CVE-2014-7232 (GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) ...) - TODO: check + NOT-FOR-US: GE Healthcare Discovery XR656 and XR656 G2 CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x ...) NOT-FOR-US: Joomla CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 4584f05ec9..0aa7f53573 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,5 +1,5 @@ CVE-2015-5965 (The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the ...) - TODO: check + NOT-FOR-US: Fortinet FortiOS CVE-2015-XXXX [crypt XSS] - request-tracker4 <unfixed> [wheezy] - request-tracker4 <not-affected> (Vulnerable code not present) @@ -27,11 +27,11 @@ CVE-2015-5964 CVE-2015-5963 RESERVED CVE-2015-5962 (Integer signedness error in the ...) - TODO: check + NOT-FOR-US: Mozilla Firefox OS CVE-2015-5961 (The COPPA error page in the Accounts setup dialog in Mozilla Firefox ...) - TODO: check + NOT-FOR-US: Mozilla Firefox OS CVE-2015-5960 (Mozilla Firefox OS before 2.2 allows physically proximate attackers to ...) - TODO: check + NOT-FOR-US: Mozilla Firefox OS CVE-2015-XXXX [allows access to a connected USB printer via all configured network addresses] - ippusbxd <unfixed> (bug #795162) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/11/1 @@ -865,7 +865,7 @@ CVE-2015-5620 CVE-2015-5619 RESERVED CVE-2015-5618 (Chiyu BF-630 and BF-630W fingerprint access-control devices allow ...) - TODO: check + NOT-FOR-US: Chiyu BF-630 and BF-630W fingerprint access-control devices CVE-2015-5617 RESERVED CVE-2015-5616 @@ -1069,7 +1069,7 @@ CVE-2015-5539 CVE-2015-5538 RESERVED CVE-2015-5537 (The SSL layer of the HTTPS service in Siemens RuggedCom ROS before ...) - TODO: check + NOT-FOR-US: Siemens CVE-2015-XXXX [more to CVE-2014-8146] - icu <unfixed> [wheezy] - icu <not-affected> (Vulnerable code not present) @@ -1497,7 +1497,7 @@ CVE-2015-5371 (The AuthenticationFilter class in SolarWinds Storage Manager allo CVE-2015-5370 RESERVED CVE-2015-5369 (Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, ...) - TODO: check + NOT-FOR-US: Pulse Connect Secure / Juniper PCS CVE-2015-5368 RESERVED CVE-2015-5367 @@ -2213,7 +2213,7 @@ CVE-2015-5086 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0 CVE-2015-5085 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2015-5084 (The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite ...) - TODO: check + NOT-FOR-US: Siemens CVE-2015-5083 RESERVED CVE-2015-5082 @@ -2516,7 +2516,7 @@ CVE-2015-4947 CVE-2015-4946 RESERVED CVE-2015-4945 (Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-4944 RESERVED CVE-2015-4943 @@ -2534,17 +2534,17 @@ CVE-2015-4938 CVE-2015-4937 RESERVED CVE-2015-4936 (Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-4935 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-4934 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-4933 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-4932 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-4931 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-4930 RESERVED CVE-2015-4929 @@ -2860,7 +2860,7 @@ CVE-2015-4775 (Unspecified vulnerability in the Data Store component in Oracle . CVE-2015-4774 (Unspecified vulnerability in the Data Store component in Oracle ...) TODO: check CVE-2015-4773 (Unspecified vulnerability in the Hyperion Common Security component in ...) - TODO: check + NOT-FOR-US: Oracle Hyperion CVE-2015-4772 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...) - mysql-5.6 5.6.25-2 - mysql-5.5 <not-affected> (Only 5.6 series) @@ -2870,7 +2870,7 @@ CVE-2015-4771 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earli - mysql-5.5 <not-affected> (Only 5.6 series) NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL CVE-2015-4770 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...) - TODO: check + NOT-FOR-US: Oracle Sun Solaris CVE-2015-4769 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...) - mysql-5.6 5.6.25-2 - mysql-5.5 <not-affected> (Only 5.6 series) @@ -3175,7 +3175,7 @@ CVE-2015-4680 [insufficent CRL application] NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/5e698b407dcac2bc45cf03484bac4398109d25c3 (v2.x.x branch) NOTE: http://www.ocert.org/advisories/ocert-2015-008.html CVE-2015-4674 (The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows ...) - TODO: check + NOT-FOR-US: TimeDoctor Pro CVE-2015-4673 RESERVED CVE-2015-4672 @@ -4065,25 +4065,25 @@ CVE-2015-4297 CVE-2015-4296 RESERVED CVE-2015-4295 (The Prime Collaboration Deployment component in Cisco Unified ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-4294 (Cross-site scripting (XSS) vulnerability in Cisco IM and Presence ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-4293 (The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-4292 (Cross-site scripting (XSS) vulnerability in the management interface ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-4291 (Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-4290 (The kernel extension in Cisco AnyConnect Secure Mobility Client ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-4289 (Directory traversal vulnerability in Cisco AnyConnect Secure Mobility ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-4288 (The LDAP implementation on the Cisco Web Security Appliance (WSA) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-4287 (Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-4286 (The web framework in Cisco UCS Central Software 1.3(0.99) allows ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-4285 (The Local Packet Transport Services (LPTS) implementation in Cisco IOS ...) NOT-FOR-US: Cisco CVE-2015-4284 (The Concurrent Data Management Replication process in Cisco IOS XR ...) @@ -5027,15 +5027,15 @@ CVE-2015-3965 CVE-2015-3964 RESERVED CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, ...) - TODO: check + NOT-FOR-US: Wind River VxWorks as used on Schneider Electric devices CVE-2015-3962 RESERVED CVE-2015-3961 (The web-server component in MNS before 4.5.6 on Belden GarrettCom ...) - TODO: check + NOT-FOR-US: Belden GarrettCom switches CVE-2015-3960 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...) - TODO: check + NOT-FOR-US: Belden GarrettCom switches CVE-2015-3959 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...) - TODO: check + NOT-FOR-US: Belden GarrrettCom switches CVE-2015-3958 (Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly ...) NOT-FOR-US: Hospira LifeCare CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private keys ...) @@ -5069,11 +5069,11 @@ CVE-2015-3944 CVE-2015-3943 RESERVED CVE-2015-3942 (Multiple cross-site scripting (XSS) vulnerabilities in the web-server ...) - TODO: check + NOT-FOR-US: Belden GarrettCom switches CVE-2015-3941 RESERVED CVE-2015-3940 (Untrusted search path vulnerability in Schneider Electric Wonderware ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 modules for ...) NOT-FOR-US: IDS RTU 850C devices CVE-2015-3938 @@ -5934,7 +5934,7 @@ CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descri - docker.io 1.6.1+dfsg1-1 (bug #784726) NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10 CVE-2015-3626 (Cross-site scripting (XSS) vulnerability in the DHCP Monitor page the ...) - TODO: check + NOT-FOR-US: Fortinet FortiOS CVE-2015-3625 (The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before ...) - nvidia-graphics-drivers <undetermined> NOTE: the text seems to indicate that this is freebsd-specific (possibly kfreebsd @@ -7907,19 +7907,19 @@ CVE-2015-2982 CVE-2015-2981 RESERVED CVE-2015-2980 (The Yodobashi application 1.2.1.0 and earlier for Android allows ...) - TODO: check + NOT-FOR-US: Yodobashi application for Android CVE-2015-2979 (Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary ...) - TODO: check + NOT-FOR-US: Webservice-DIC yoyaku_v41 CVE-2015-2978 (Webservice-DIC yoyaku_v41 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Webservice-DIC yoyaku_v41 CVE-2015-2977 (Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary ...) - TODO: check + NOT-FOR-US: Webservice-DIC yoyaku_v41 CVE-2015-2976 (Multiple cross-site scripting (XSS) vulnerabilities in Research ...) - TODO: check + NOT-FOR-US: Research Artisan Lite CVE-2015-2975 (Research Artisan Lite before 1.18 does not ensure that a user has ...) - TODO: check + NOT-FOR-US: Research Artisan Lite CVE-2015-2974 (LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to ...) - TODO: check + NOT-FOR-US: LEMON-S PHP Gazou BBS CVE-2015-2973 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart ...) NOT-FOR-US: Welcart plugin for WordPress CVE-2015-2972 (Multiple SQL injection vulnerabilities in Sysphonic Thetis before ...) @@ -8071,7 +8071,7 @@ CVE-2015-2899 CVE-2015-2898 RESERVED CVE-2015-2897 (Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices ...) - TODO: check + NOT-FOR-US: Sierra Wireless ALEOS CVE-2015-2896 RESERVED CVE-2015-2895 @@ -8085,7 +8085,7 @@ CVE-2015-2892 CVE-2015-2891 RESERVED CVE-2015-2890 (The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile ...) - TODO: check + NOT-FOR-US: BIOS implementations on Dell hardware with model-dependent firmware CVE-2015-2889 RESERVED CVE-2015-2888 @@ -8128,9 +8128,9 @@ CVE-2015-2873 CVE-2015-2872 RESERVED CVE-2015-2871 (Chiyu BF-660C fingerprint access-control devices allow remote ...) - TODO: check + NOT-FOR-US: Chiyu BF-660C fingerprint access-control devices CVE-2015-2870 (Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and ...) - TODO: check + NOT-FOR-US: Chiyu fingerprint access-control devices CVE-2015-2869 (The FileInfo plugin before 2.22 for Ghisler Total Commander allows ...) NOT-FOR-US: Ghisler Total Commander CVE-2015-2868 @@ -8174,9 +8174,9 @@ CVE-2015-2850 (Cross-site scripting (XSS) vulnerability in index-login.ant in th CVE-2015-2849 (SQL injection vulnerability in main.ant in the ANTlabs InnGate ...) NOT-FOR-US: ANTlabs CVE-2015-2848 (Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo ...) - TODO: check + NOT-FOR-US: Honeywell Tuxedo Touch CVE-2015-2847 (Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side ...) - TODO: check + NOT-FOR-US: Honeywell Tuxedo Touch CVE-2015-2846 (BitTorrent Sync allows remote attackers to execute arbitrary commands ...) - btsync <itp> (bug #706639) CVE-2015-2845 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...) @@ -8572,9 +8572,9 @@ CVE-2015-2774 [Erlang POODLE TLS vulnerability] NOTE: CVE about "ssl: ... added padding check for TLS-1.0 due to the Poodle vulnerability." NOTE: https://github.com/erlang/otp/commit/e53c55dd0ab69982bc511396ccf8655d27c6d38c CVE-2015-2745 (Multiple cross-site scripting (XSS) vulnerabilities in the Search app ...) - TODO: check + NOT-FOR-US: Mozilla Firefox OS CVE-2015-2744 (Cross-site scripting (XSS) vulnerability in the Search app in Gaia in ...) - TODO: check + NOT-FOR-US: Mozilla Firefox OS CVE-2015-2743 (PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 ...) {DSA-3300-1} - iceweasel 38.1.0esr-1 @@ -9067,7 +9067,7 @@ CVE-2015-2617 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earli - mysql-5.5 <not-affected> (Only 5.6 series) NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL CVE-2015-2616 (Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows ...) - TODO: check + NOT-FOR-US: Oracle Sun Solaris CVE-2015-2615 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: Oracle E-Business CVE-2015-2614 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...) @@ -9167,7 +9167,7 @@ CVE-2015-2582 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earli CVE-2015-2581 (Unspecified vulnerability in the Oracle Secure Global Desktop ...) NOT-FOR-US: Oracle Virtualization CVE-2015-2580 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...) - TODO: check + NOT-FOR-US: Oracle Sun Solaris CVE-2015-2579 (Unspecified vulnerability in the Oracle Health Sciences Argus Safety ...) NOT-FOR-US: Oracle CVE-2015-2578 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote ...) @@ -9784,7 +9784,7 @@ CVE-2015-2325 [heap buffer overflow in compile_branch()] CVE-2015-2324 RESERVED CVE-2015-2323 (FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, ...) - TODO: check + NOT-FOR-US: FortiOS CVE-2015-2322 RESERVED CVE-2015-2321 @@ -10738,7 +10738,7 @@ CVE-2015-1989 CVE-2015-1988 RESERVED CVE-2015-1987 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-1986 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...) NOT-FOR-US: IBM CVE-2015-1985 @@ -10772,7 +10772,7 @@ CVE-2015-1972 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 befo CVE-2015-1971 RESERVED CVE-2015-1970 (The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-1969 RESERVED CVE-2015-1968 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...) @@ -10796,13 +10796,13 @@ CVE-2015-1960 CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...) NOT-FOR-US: IBM CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-1957 RESERVED CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-1954 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) NOT-FOR-US: IBM CVE-2015-1953 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) @@ -10905,7 +10905,7 @@ CVE-2015-1906 (Cross-site scripting (XSS) vulnerability in the REST API in IBM . CVE-2015-1905 (The REST API in IBM Business Process Manager (BPM) 7.5.x through ...) NOT-FOR-US: IBM BPM CVE-2015-1904 (IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-1903 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...) NOT-FOR-US: IBM CVE-2015-1902 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...) @@ -12057,19 +12057,19 @@ CVE-2015-1495 (Multiple stack-based buffer overflows in Motorola Scanner SDK all CVE-2015-1494 (The FancyBox for WordPress plugin before 3.0.3 for WordPress does not ...) NOT-FOR-US: FancyBox plugin for WordPress CVE-2015-1492 (Untrusted search path vulnerability in the client in Symantec Endpoint ...) - TODO: check + NOT-FOR-US: Symantec CVE-2015-1491 (SQL injection vulnerability in the management console in Symantec ...) - TODO: check + NOT-FOR-US: Symantec CVE-2015-1490 (Directory traversal vulnerability in the management console in ...) - TODO: check + NOT-FOR-US: Symantec CVE-2015-1489 (The management console in Symantec Endpoint Protection Manager (SEPM) ...) - TODO: check + NOT-FOR-US: Symantec CVE-2015-1488 (An unspecified action handler in the management console in Symantec ...) - TODO: check + NOT-FOR-US: Symantec CVE-2015-1487 (The management console in Symantec Endpoint Protection Manager (SEPM) ...) - TODO: check + NOT-FOR-US: Symantec CVE-2015-1486 (The management console in Symantec Endpoint Protection Manager (SEPM) ...) - TODO: check + NOT-FOR-US: Symantec CVE-2015-1485 (Cross-site request forgery (CSRF) vulnerability in the administration ...) NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention CVE-2015-1484 (Unquoted Windows search path vulnerability in the agent in Symantec ...) @@ -13579,7 +13579,7 @@ CVE-2015-1011 (Hospira LifeCare PCA Infusion System before 7.0 has hardcoded ... CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does ...) NOT-FOR-US: Rockwell Automation RSView32 CVE-2015-1009 (Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before 13 ...) NOT-FOR-US: Emerson AMS Device Manager CVE-2015-1007 @@ -14359,7 +14359,7 @@ CVE-2015-0734 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco CVE-2015-0733 (CRLF injection vulnerability in the HTTP Header Handler in Digital ...) NOT-FOR-US: Cisco CVE-2015-0732 (Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0731 (The ISDN implementation in Cisco IOS 15.3S allows remote attackers to ...) NOT-FOR-US: Cisco CVE-2015-0730 (The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) ...) |