[Secure-testing-commits] r30802 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Wed Dec 17 17:05:26 UTC 2014
Author: hertzog
Date: 2014-12-17 17:05:26 +0000 (Wed, 17 Dec 2014)
New Revision: 30802
Modified:
data/CVE/list
Log:
Switch data from temporary zoph entry to the newly allocated CVE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-17 17:05:20 UTC (rev 30801)
+++ data/CVE/list 2014-12-17 17:05:26 UTC (rev 30802)
@@ -289,9 +289,15 @@
CVE-2014-9237 (SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote ...)
NOT-FOR-US: Proticaret E-Commerce
CVE-2014-9236 (Cross-site scripting (XSS) vulnerability in php/edit_photos.php in ...)
- - zoph <removed>
+ - zoph <removed> (unimportant)
+ NOTE: http://seclists.org/fulldisclosure/2014/Nov/45
+ NOTE: https://github.com/jeroenrnl/zoph/issues/59
+ NOTE: The SQL injection and XSS claims appear to be mostly unfounded.
CVE-2014-9235 (Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes ...)
- - zoph <removed>
+ - zoph <removed> (unimportant)
+ NOTE: http://seclists.org/fulldisclosure/2014/Nov/45
+ NOTE: https://github.com/jeroenrnl/zoph/issues/59
+ NOTE: The SQL injection and XSS claims appear to be mostly unfounded.
CVE-2014-9234 (Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link ...)
NOT-FOR-US: D-link DCS-2103
CVE-2014-9233
@@ -2216,11 +2222,6 @@
RESERVED
CVE-2012-6663
RESERVED
-CVE-2014-XXXX [zoph multiple issues]
- - zoph <removed> (unimportant)
- NOTE: http://seclists.org/fulldisclosure/2014/Nov/45
- NOTE: https://github.com/jeroenrnl/zoph/issues/59
- NOTE: The SQL injection and XSS claims appear to be mostly unfounded.
CVE-2014-8988 (MantisBT before 1.2.18 allows remote authenticated users to bypass the ...)
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
More information about the Secure-testing-commits
mailing list