[Secure-testing-commits] r50620 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Apr 13 10:01:52 UTC 2017 

Author: jmm
Date: 2017-04-13 10:01:52 +0000 (Thu, 13 Apr 2017)
New Revision: 50620

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-13 09:45:52 UTC (rev 50619)
+++ data/CVE/list	2017-04-13 10:01:52 UTC (rev 50620)
@@ -491,11 +491,11 @@
 CVE-2017-7629
 	RESERVED
 CVE-2017-7628 (The "Smart related articles" extension 1.1 for Joomla! has SQL ...)
-	TODO: check
+	NOT-FOR-US: Joomla extension
 CVE-2017-7627 (The "Smart related articles" extension 1.1 for Joomla! does not prevent ...)
-	TODO: check
+	NOT-FOR-US: Joomla extension
 CVE-2017-7626 (The "Smart related articles" extension 1.1 for Joomla! has XSS in ...)
-	TODO: check
+	NOT-FOR-US: Joomla extension
 CVE-2017-7625 (In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the ...)
 	NOT-FOR-US: Fiyo CMS
 CVE-2017-7624 (The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ...)
@@ -1543,17 +1543,17 @@
 CVE-2017-7285 (A vulnerability in the network stack of MikroTik Version 6.38.5 ...)
 	NOT-FOR-US: MikroTik
 CVE-2017-7284 (An attacker that has hijacked a Unitrends Enterprise Backup (before ...)
-	TODO: check
+	NOT-FOR-US: Unitrends Enterprise Backup
 CVE-2017-7283
 	RESERVED
 CVE-2017-7282
 	RESERVED
 CVE-2017-7281 (An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A ...)
-	TODO: check
+	NOT-FOR-US: Unitrends Enterprise Backup
 CVE-2017-7280 (An issue was discovered in api/includes/systems.php in Unitrends ...)
-	TODO: check
+	NOT-FOR-US: Unitrends Enterprise Backup
 CVE-2017-7279 (An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Unitrends Enterprise Backup
 CVE-2017-7278
 	RESERVED
 CVE-2017-7277 (The TCP stack in the Linux kernel through 4.10.6 mishandles the ...)
@@ -32517,7 +32517,7 @@
 CVE-2016-5857 (The Qualcomm SPCom driver in Android before 7.0 allows local users to ...)
 	NOTE: Red Hat seem to have typoed the CVE, which should be CVE-2016-5875, asked to confirm
 CVE-2016-5856 (Drivers/soc/qcom/spcom.c in the Qualcom SPCom driver in the Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-5855
 	RESERVED
 CVE-2016-5854
@@ -34354,7 +34354,7 @@
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=654
 	NOTE: Upstream fix https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
 CVE-2016-5313 (Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-5312
 	RESERVED
 CVE-2016-5311
@@ -36452,19 +36452,19 @@
 CVE-2016-4898
 	RESERVED
 CVE-2016-4897 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
-	TODO: check
+	NOT-FOR-US: Usermin
 CVE-2016-4896 (SetucoCMS allows remote attackers to alter or disclose information, ...)
-	TODO: check
+	NOT-FOR-US: SetucoCMS
 CVE-2016-4895 (SetucoCMS allows remote authenticated users to execute arbitrary code. ...)
-	TODO: check
+	NOT-FOR-US: SetucoCMS
 CVE-2016-4894 (SetucoCMS allows remote attackers to cause a denial of service. ...)
-	TODO: check
+	NOT-FOR-US: SetucoCMS
 CVE-2016-4893 (SQL injection vulnerability in SetucoCMS. ...)
-	TODO: check
+	NOT-FOR-US: SetucoCMS
 CVE-2016-4892 (Cross-site scripting (XSS) vulnerability in SetucoCMS. ...)
-	TODO: check
+	NOT-FOR-US: SetucoCMS
 CVE-2016-4891 (Cross-site request forgery (CSRF) vulnerability in SetucoCMS. ...)
-	TODO: check
+	NOT-FOR-US: SetucoCMS
 CVE-2016-4890
 	RESERVED
 CVE-2016-4889
@@ -38064,7 +38064,7 @@
 	NOTE: http://seclists.org/bugtraq/2016/May/11
 	NOTE: https://support.zabbix.com/browse/ZBX-10741
 CVE-2016-4337 (SQL injection vulnerability in the mgr.login.php file in Ktools.net ...)
-	TODO: check
+	NOT-FOR-US: Photostore
 CVE-2016-4336 (An exploitable out-of-bounds write exists in the Bzip2 parsing of the ...)
 	NOT-FOR-US: Lexmark Document Filters
 CVE-2016-4335 (An exploitable buffer overflow exists in the XLS parsing of the ...)
@@ -48481,9 +48481,9 @@
 CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...)
 	NOT-FOR-US: Cyber-Will Social-button Premium plugin
 CVE-2016-1179 (Cross-site scripting (XSS) vulnerability in the standard template of ...)
-	TODO: check
+	NOT-FOR-US: appleple a-blog cms
 CVE-2016-1178 (The session management of the comment functionality in appleple a-blog ...)
-	TODO: check
+	NOT-FOR-US: appleple a-blog cms
 CVE-2016-1177 (The management screen in Falcon WisePoint 4.3.1 and earlier and ...)
 	NOT-FOR-US: Falcon WisePoint
 CVE-2016-1176 (Buffer overflow in the ActiveX control in Sharp EVA Animeter allows ...)
@@ -54976,11 +54976,11 @@
 CVE-2015-7565
 	RESERVED
 CVE-2015-7564 (Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier ...)
-	TODO: check
+	NOT-FOR-US: TeamPass
 CVE-2015-7563 (Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and ...)
-	TODO: check
+	NOT-FOR-US: TeamPass
 CVE-2015-7562 (Mulitple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 ...)
-	TODO: check
+	NOT-FOR-US: TeamPass
 CVE-2015-7561
 	RESERVED
 	NOT-FOR-US: OpenShift

More information about the Secure-testing-commits mailing list