[Secure-testing-commits] r55089 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Aug 25 21:16:41 UTC 2017 

Author: carnil
Date: 2017-08-25 21:16:41 +0000 (Fri, 25 Aug 2017)
New Revision: 55089

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-25 21:10:13 UTC (rev 55088)
+++ data/CVE/list	2017-08-25 21:16:41 UTC (rev 55089)
@@ -15,7 +15,7 @@
 CVE-2017-13698
 	RESERVED
 CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...)
-	TODO: check
+	NOT-FOR-US: FineCMS
 CVE-2017-13696
 	RESERVED
 CVE-2017-1000122
@@ -2490,9 +2490,9 @@
 CVE-2017-12818
 	RESERVED
 CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of the ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky Internet Security for Android
 CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky Internet Security for Android
 CVE-2017-12815
 	RESERVED
 CVE-2017-12814
@@ -2761,11 +2761,11 @@
 CVE-2017-12710
 	RESERVED
 CVE-2017-12709 (A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN ...)
-	TODO: check
+	NOT-FOR-US: Westermo devices
 CVE-2017-12708
 	RESERVED
 CVE-2017-12707 (A Stack-based Buffer Overflow issue was discovered in SpiderControl ...)
-	TODO: check
+	NOT-FOR-US: SpiderControl SCADA MicroBrowser
 CVE-2017-12706
 	RESERVED
 CVE-2017-12705
@@ -2773,7 +2773,7 @@
 CVE-2017-12704
 	RESERVED
 CVE-2017-12703 (A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo ...)
-	TODO: check
+	NOT-FOR-US: Westermo
 CVE-2017-12702
 	RESERVED
 CVE-2017-12701
@@ -2791,7 +2791,7 @@
 CVE-2017-12695
 	RESERVED
 CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web ...)
-	TODO: check
+	NOT-FOR-US: SpiderControl SCADA Web Server
 CVE-2017-1000101 [URL globbing out of bounds read]
 	- curl 7.55.0-1 (bug #871554)
 	[wheezy] - curl <not-affected> (Vulnerable code not present, introduced later in 7.34.0)
@@ -10844,7 +10844,7 @@
 CVE-2017-9651
 	RESERVED
 CVE-2017-9650 (An Unrestricted Upload of File with Dangerous Type issue was discovered ...)
-	TODO: check
+	NOT-FOR-US: Automated Logic Corporation (ALC)
 CVE-2017-9649
 	RESERVED
 CVE-2017-9648 (An Uncontrolled Search Path Element issue was discovered in Solar ...)
@@ -10856,7 +10856,7 @@
 CVE-2017-9645
 	RESERVED
 CVE-2017-9644 (An Unquoted Search Path or Element issue was discovered in Automated ...)
-	TODO: check
+	NOT-FOR-US: Automated Logic Corporation (ALC)
 CVE-2017-9643
 	RESERVED
 CVE-2017-9642
@@ -10864,7 +10864,7 @@
 CVE-2017-9641
 	RESERVED
 CVE-2017-9640 (A Path Traversal issue was discovered in Automated Logic Corporation ...)
-	TODO: check
+	NOT-FOR-US: Automated Logic Corporation (ALC)
 CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2017-9638
@@ -15781,7 +15781,7 @@
 CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact GmbH ...)
 	NOT-FOR-US: Phoenix Contact
 CVE-2017-7934 (An Improper Authentication issue was discovered in OSIsoft PI Server ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft
 CVE-2017-7933
 	RESERVED
 CVE-2017-7932 (An improper certificate validation issue was discovered in NXP i.MX 28 ...)
@@ -15789,7 +15789,7 @@
 CVE-2017-7931
 	RESERVED
 CVE-2017-7930 (An Improper Authentication issue was discovered in OSIsoft PI Server ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft
 CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech WebAccess ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2017-7928 (An Improper Access Control issue was discovered in Schweitzer ...)
@@ -15797,7 +15797,7 @@
 CVE-2017-7927 (A Use of Password Hash Instead of Password for Authentication issue was ...)
 	NOT-FOR-US: Dahua
 CVE-2017-7926 (A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft
 CVE-2017-7925 (A Password in Configuration File issue was discovered in Dahua ...)
 	NOT-FOR-US: Dahua
 CVE-2017-7924
@@ -50308,7 +50308,7 @@
 CVE-2016-5817 (SQL injection vulnerability in news pages in Cargotec Navis WebAccess ...)
 	NOT-FOR-US: Cargotec
 CVE-2016-5816 (A Use of Hard-Coded Cryptographic Key issue was discovered in ...)
-	TODO: check
+	NOT-FOR-US: Westermo
 CVE-2016-5815 (An issue was discovered on Schneider Electric IONXXXX series power ...)
 	NOT-FOR-US: Schneider
 CVE-2016-5814 (Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, ...)
@@ -93515,7 +93515,7 @@
 CVE-2014-9565
 	RESERVED
 CVE-2014-9564 (CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2014-9563
 	RESERVED
 CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 ...)
@@ -100003,13 +100003,13 @@
 	[wheezy] - swift <no-dsa> (Minor issue)
 	NOTE: affected version: all up to 2.1.0
 CVE-2014-7860 (The web/web_file/fb_publish.php script in D-Link DNS-320L before ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2014-7859 (Stack-based buffer overflow in login_mgr.cgi in D-Link firmware ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2014-7858 (The check_login function in D-Link DNR-326 before 2.10 build 03 allows ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2014-7857 (D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2014-7856
 	RESERVED
 CVE-2014-7855

More information about the Secure-testing-commits mailing list