[Secure-testing-commits] r54413 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Aug 8 06:21:06 UTC 2017 

Author: carnil
Date: 2017-08-08 06:21:05 +0000 (Tue, 08 Aug 2017)
New Revision: 54413

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-08 04:56:25 UTC (rev 54412)
+++ data/CVE/list	2017-08-08 06:21:05 UTC (rev 54413)
@@ -16,23 +16,23 @@
 	- imagemagick 8:6.9.7.4+dfsg-16 (bug #870502)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/620
 CVE-2017-12653 (360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege ...)
-	TODO: check
+	NOT-FOR-US: 360 Total Security
 CVE-2017-12652
 	RESERVED
 CVE-2017-12651 (Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist ...)
-	TODO: check
+	NOT-FOR-US: Loginizer plugin for WordPress
 CVE-2017-12650 (SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress ...)
-	TODO: check
+	NOT-FOR-US: Loginizer plugin for WordPress
 CVE-2017-12649 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2017-12648 (XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2017-12647 (XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2017-12646 (XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2017-12645 (XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2017-12644 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/551
@@ -115,7 +115,7 @@
 CVE-2017-12607
 	RESERVED
 CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
 	- opencv <unfixed>
 	NOTE: https://github.com/opencv/opencv/issues/9309
@@ -215,7 +215,7 @@
 CVE-2017-12568 (Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother ...)
 	NOT-FOR-US: Brother
 CVE-2017-12567 (SQL injection exists in Quest KACE Asset Management Appliance ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Asset Management Appliance
 CVE-2017-12566 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...)
 	- imagemagick 8:6.9.7.4+dfsg-16 (bug #870503)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/603
@@ -409,11 +409,11 @@
 CVE-2017-12480 (Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading ...)
 	NOT-FOR-US: Sandboxie
 CVE-2017-12479 (It was discovered that an issue in the session logic in Unitrends ...)
-	TODO: check
+	NOT-FOR-US: Unitrends Backup
 CVE-2017-12478 (It was discovered that the api/storage web interface in Unitrends ...)
-	TODO: check
+	NOT-FOR-US: Unitrends Backup
 CVE-2017-12477 (It was discovered that the bpserverd proprietary protocol in Unitrends ...)
-	TODO: check
+	NOT-FOR-US: Unitrends Backup
 CVE-2017-12476
 	RESERVED
 CVE-2017-12475
@@ -68281,7 +68281,7 @@
 CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...)
 	NOT-FOR-US: WifiHs20UtilityService on Samsung S6 Edge LRX22G.G925VVRU1AOE2
 CVE-2015-7887 (NetApp SnapCenter Server 1.0 allows remote authenticated users to list ...)
-	TODO: check
+	NOT-FOR-US: NetApp SnapCenter Server
 CVE-2015-7886 (NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are ...)
 	NOT-FOR-US: NetApp
 CVE-2015-7899 (The com_content component in Joomla! 3.x before 3.4.5 does not ...)
@@ -73553,7 +73553,7 @@
 CVE-2015-5947
 	RESERVED
 CVE-2015-5946 (Incomplete blacklist vulnerability in SugarCRM 6.5.22 allows local ...)
-	TODO: check
+	NOT-FOR-US: SugarCRM
 CVE-2015-5945 (The Sandbox subsystem in Apple OS X before 10.11.1 allows local users ...)
 	NOT-FOR-US: Apple
 CVE-2015-5944 (CoreText in Apple OS X before 10.11.1 allows remote attackers to ...)
@@ -91857,7 +91857,7 @@
 CVE-2014-9261 (The sanitize function in Codoforum 2.5.1 does not properly implement ...)
 	NOT-FOR-US: Codoforum
 CVE-2014-9260 (The basic_settings function in the download manager plugin for ...)
-	TODO: check
+	NOT-FOR-US: download manager plugin for WordPress
 CVE-2014-9259
 	RESERVED
 CVE-2014-9258 (SQL injection vulnerability in ajax/getDropdownValue.php in GLPI ...)

More information about the Secure-testing-commits mailing list