[Secure-testing-commits] r54213 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Aug 2 21:21:05 UTC 2017 

Author: jmm
Date: 2017-08-02 21:21:05 +0000 (Wed, 02 Aug 2017)
New Revision: 54213

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-02 21:10:13 UTC (rev 54212)
+++ data/CVE/list	2017-08-02 21:21:05 UTC (rev 54213)
@@ -158,7 +158,7 @@
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e14a27723cc3a154d67f3f26e719d08c0ba9ad25
 	NOTE: https://arxiv.org/pdf/1205.4011.pdf
 CVE-2017-12131 (The Easy Testimonials plugin 3.0.4 for WordPress has XSS in ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-12130
 	RESERVED
 CVE-2017-12129
@@ -284,7 +284,7 @@
 CVE-2017-12069
 	RESERVED
 CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic ...)
 	- potrace <unfixed> (unimportant; bug #870356)
 	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap
@@ -1761,7 +1761,7 @@
 CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow ...)
 	NOT-FOR-US: PHICOMM
 CVE-2017-11494 (SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and ...)
-	TODO: check
+	NOT-FOR-US: SOL.Connect ISET-mpp meter
 CVE-2017-11493
 	RESERVED
 CVE-2017-11492
@@ -2093,7 +2093,7 @@
 CVE-2017-11365
 	RESERVED
 CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2017-11363
 	RESERVED
 CVE-2017-11362 (In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...)
@@ -2125,9 +2125,9 @@
 CVE-2017-11357
 	RESERVED
 CVE-2017-11356 (The application distribution export functionality in PEGA Platform 7.2 ...)
-	TODO: check
+	NOT-FOR-US: PEGA Platform
 CVE-2017-11355 (Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform ...)
-	TODO: check
+	NOT-FOR-US: PEGA Platform
 CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in ...)
 	NOT-FOR-US: Fiyo CMS
 CVE-2017-11351
@@ -2897,21 +2897,21 @@
 CVE-2017-11137
 	RESERVED
 CVE-2017-11136 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
-	TODO: check
+	NOT-FOR-US: heinekingmedia StashCat
 CVE-2017-11135 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
-	TODO: check
+	NOT-FOR-US: heinekingmedia StashCat
 CVE-2017-11134 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
-	TODO: check
+	NOT-FOR-US: heinekingmedia StashCat
 CVE-2017-11133 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
-	TODO: check
+	NOT-FOR-US: heinekingmedia StashCat
 CVE-2017-11132 (An issue was discovered in heinekingmedia StashCat before 1.5.18 for ...)
-	TODO: check
+	NOT-FOR-US: heinekingmedia StashCat
 CVE-2017-11131 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
-	TODO: check
+	NOT-FOR-US: heinekingmedia StashCat
 CVE-2017-11130 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
-	TODO: check
+	NOT-FOR-US: heinekingmedia StashCat
 CVE-2017-11129 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
-	TODO: check
+	NOT-FOR-US: heinekingmedia StashCat
 CVE-2017-11128 (Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2017-11127 (Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a ...)
@@ -6229,9 +6229,9 @@
 CVE-2017-9771 (install\save.php in WebsiteBaker v2.10.0 allows remote attackers to ...)
 	NOT-FOR-US: WebsiteBaker
 CVE-2017-9770 (A specially crafted IOCTL can be issued to the rzpnk.sys driver in ...)
-	TODO: check
+	NOT-FOR-US: Razer Synapse
 CVE-2017-9769 (A specially crafted IOCTL can be issued to the rzpnk.sys driver in ...)
-	TODO: check
+	NOT-FOR-US: Razer Synapse
 CVE-2017-9768
 	RESERVED
 CVE-2017-9767
@@ -8007,7 +8007,7 @@
 CVE-2017-9245 (The Google News and Weather application before 3.3.1 for Android allows ...)
 	NOT-FOR-US: Google News and Weather application for Android
 CVE-2017-9244 (Cross-site scripting (XSS) vulnerability in the Trello app before ...)
-	TODO: check
+	NOT-FOR-US: Trello
 CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 ...)
 	NOT-FOR-US: Aries QWR-1104 Wireless-N Router
 CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...)
@@ -24331,7 +24331,7 @@
 CVE-2016-9982 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an ...)
 	NOT-FOR-US: IBM
 CVE-2016-9981 (IBM AppScan Enterprise Edition 9.0 contains an unspecified ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2016-9979 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)

More information about the Secure-testing-commits mailing list