[Secure-testing-commits] r51168 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Apr 29 07:40:15 UTC 2017 

Author: carnil
Date: 2017-04-29 07:40:15 +0000 (Sat, 29 Apr 2017)
New Revision: 51168

Modified:
   data/CVE/list
Log:
Process more NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-29 05:37:58 UTC (rev 51167)
+++ data/CVE/list	2017-04-29 07:40:15 UTC (rev 51168)
@@ -17579,37 +17579,37 @@
 CVE-2017-2106 (Multiple cross-site scripting vulnerabilities in Webmin versions prior ...)
 	TODO: check
 CVE-2017-2105 (The TVer App for Android 3.2.7 and earlier does not verify X.509 ...)
-	TODO: check
+	NOT-FOR-US: TVer App for Android
 CVE-2017-2104 (The Business LaLa Call App for Android 1.4.7 and earlier does not ...)
-	TODO: check
+	NOT-FOR-US: Business LaLa Call App for Android
 CVE-2017-2103 (The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 ...)
-	TODO: check
+	NOT-FOR-US: LaLa Call App for Android
 CVE-2017-2102 (Cross-site request forgery (CSRF) vulnerability in Hands-on ...)
-	TODO: check
+	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
 CVE-2017-2101 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
-	TODO: check
+	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
 CVE-2017-2100 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
-	TODO: check
+	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
 CVE-2017-2099 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
-	TODO: check
+	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
 CVE-2017-2098 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2017-2097 (Cross-site request forgery (CSRF) vulnerability in Knowledge versions ...)
-	TODO: check
+	NOT-FOR-US: Knowledge
 CVE-2017-2096 (smalruby-editor v0.4.0 and earlier allows remote attackers to execute ...)
 	TODO: check
 CVE-2017-2095 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2017-2094 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2017-2093 (Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2017-2092 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2017-2091 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2017-2090 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2017-2089
 	RESERVED
 CVE-2017-2088
@@ -19193,7 +19193,7 @@
 CVE-2017-1299
 	RESERVED
 CVE-2017-1298 (A denial of service vulnerability has been discovered in 40-GbE ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1297
 	RESERVED
 CVE-2017-1296
@@ -19401,7 +19401,7 @@
 CVE-2017-1195
 	RESERVED
 CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1193
 	RESERVED
 CVE-2017-1192
@@ -19508,7 +19508,7 @@
 CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...)
 	NOT-FOR-US: IBM
 CVE-2017-1141 (IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1140
 	RESERVED
 CVE-2017-1139
@@ -25345,25 +25345,25 @@
 	NOTE: http://bugs.gnu.org/24659
 	NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=245608911698adb3472803856019bdd5670b6614
 CVE-2016-8593 (Directory traversal vulnerability in upload.cgi in Trend Micro Threat ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2016-8592 (log_query_system.cgi in Trend Micro Threat Discovery Appliance ...)
 	TODO: check
 CVE-2016-8591 (log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2016-8590 (log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2016-8589 (log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2016-8588 (The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2016-8587 (dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2016-8586 (detected_potential_files.cgi in Trend Micro Threat Discovery Appliance ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2016-8585 (admin_sys_time.cgi in Trend Micro Threat Discovery Appliance ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2016-8584 (Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2016-8583 (Multiple GET parameters in the vulnerability scan scheduler of ...)
 	NOT-FOR-US: AlienVault
 CVE-2016-8582 (A vulnerability exists in gauge.php of AlienVault OSSIM and USM before ...)
@@ -28006,15 +28006,15 @@
 CVE-2016-7844
 	RESERVED
 CVE-2016-7843 (Directory traversal vulnerability in AttacheCase for Java 0.60 and ...)
-	TODO: check
+	NOT-FOR-US: AttacheCase
 CVE-2016-7842 (Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier ...)
-	TODO: check
+	NOT-FOR-US: AttacheCase
 CVE-2016-7841 (Cross-site scripting vulnerability in Olive Diary DX allows remote ...)
-	TODO: check
+	NOT-FOR-US: Olive Diary DX
 CVE-2016-7840 (Cross-site scripting vulnerability in WEB SCHEDULE allows remote ...)
-	TODO: check
+	NOT-FOR-US: WEB SCHEDULE
 CVE-2016-7839 (Cross-site scripting vulnerability in Olive Blog allows remote ...)
-	TODO: check
+	NOT-FOR-US: Olive Blog
 CVE-2016-7838
 	RESERVED
 CVE-2016-7837 [Buffer overflow in parse_line function]

More information about the Secure-testing-commits mailing list