[Secure-testing-commits] r50741 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Apr 18 03:38:11 UTC 2017
Author: carnil
Date: 2017-04-18 03:38:11 +0000 (Tue, 18 Apr 2017)
New Revision: 50741
Modified:
data/CVE/list
Log:
Mark some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-18 03:22:13 UTC (rev 50740)
+++ data/CVE/list 2017-04-18 03:38:11 UTC (rev 50741)
@@ -4,7 +4,7 @@
NOTE: Fixed by: https://github.com/sandstorm-io/capnproto/commit/52bc956459a5e83d7c31be95763ff6399e064ae4
TODO: according to the advisory so far only Apple's compiler has been shown to apply the problematic optimization, so possibly "unimportant" for us, but fixed in 0.5.3.1 upstream
CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the ...)
- TODO: check
+ NOT-FOR-US: SourceBans++
CVE-2017-7890
RESERVED
CVE-2017-7888
@@ -36683,25 +36683,25 @@
CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) ...)
NOT-FOR-US: IVYWE
CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4873 (The "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4872 (The "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4870 (Cross-site scripting (XSS) vulnerability in "Schedule" function in ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4869 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4868 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4867 (The "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4866 (Cross-site scripting (XSS) vulnerability in the "Project" function in ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4865 (Cross-site scripting (XSS) vulnerability in the "Customapp" function ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4864
RESERVED
CVE-2016-4863
@@ -52987,7 +52987,7 @@
CVE-2015-8257
RESERVED
CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis network ...)
- TODO: check
+ NOT-FOR-US: Axis network cameras
CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...)
NOT-FOR-US: AXIS Communications
CVE-2015-8254 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)
More information about the Secure-testing-commits
mailing list