[Secure-testing-commits] r55197 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Aug 29 14:49:06 UTC 2017 

Author: jmm
Date: 2017-08-29 14:49:06 +0000 (Tue, 29 Aug 2017)
New Revision: 55197

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-29 14:37:00 UTC (rev 55196)
+++ data/CVE/list	2017-08-29 14:49:06 UTC (rev 55197)
@@ -28871,7 +28871,7 @@
 CVE-2017-3758
 	RESERVED
 CVE-2017-3757 (An unquoted service path vulnerability was identified in the driver ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2017-3756 (A privilege escalation vulnerability was identified in Lenovo Active ...)
 	NOT-FOR-US: Lenovo
 CVE-2017-3755
@@ -28893,7 +28893,7 @@
 CVE-2017-3747 (Privilege escalation vulnerability in Lenovo Nerve Center for Windows ...)
 	NOT-FOR-US: Lenovo
 CVE-2017-3746 (ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2017-3745 (In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data ...)
 	NOT-FOR-US: Lenovo
 CVE-2017-3744 (In the IMM2 firmware of Lenovo System x servers, remote commands ...)
@@ -70356,7 +70356,7 @@
 CVE-2015-8356 (Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 ...)
 	NOT-FOR-US: Bitrix
 CVE-2015-8355 (Multiple SQL injection vulnerabilities in the orion.extfeedbackform ...)
-	TODO: check
+	NOT-FOR-US: Bitrix
 CVE-2015-8354
 	RESERVED
 	NOT-FOR-US: WordPress plugin ultimate-member
@@ -70364,7 +70364,7 @@
 	RESERVED
 	NOT-FOR-US: WordPress plugin role-scoper
 CVE-2015-8352 (Directory traversal vulnerability in Zen Cart 1.5.4 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2015-8351
 	RESERVED
 	NOT-FOR-US: WordPress plugin gwolle-gb
@@ -70429,7 +70429,7 @@
 CVE-2015-8333 (The Operation and Maintenance Unit (OMU) in Huawei VCN500 with ...)
 	NOT-FOR-US: Huawei
 CVE-2015-8332 (Huawei Video Content Management (VCM) before V100R001C10SPC001 does ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2015-8331 (The Operation and Maintenance Unit (OMU) in Huawei VCN500 with ...)
 	NOT-FOR-US: Huawei
 CVE-2015-8330 (The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers ...)
@@ -70578,7 +70578,7 @@
 	NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.14/revision/2166 (1.14.x)
 	NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.16/revision/2207 (1.16.x)
 CVE-2015-8300 (Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: ...)
-	TODO: check
+	NOT-FOR-US: Polycom BToE Connector
 CVE-2015-8299
 	RESERVED
 CVE-2015-8298
@@ -82828,7 +82828,7 @@
 CVE-2015-3977 (Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2015-3976 (Cross-site scripting (XSS) vulnerability in GE Multilink ...)
-	TODO: check
+	NOT-FOR-US: GE
 CVE-2015-3975
 	REJECTED
 CVE-2015-3974 (EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x ...)
@@ -89121,7 +89121,7 @@
 CVE-2015-1878 (Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, ...)
 	NOT-FOR-US: nShield Connect hardware models
 CVE-2015-1876 (Directory traversal vulnerability in ES File Explorer 3.2.4.1. ...)
-	TODO: check
+	NOT-FOR-US: ES File Explorer
 CVE-2015-1875 (SQL injection vulnerability in a2billing/customer/iridium_threed.php ...)
 	NOT-FOR-US: Elastix
 CVE-2015-1874 (Cross-site request forgery (CSRF) vulnerability in the Contact Form DB ...)
@@ -90593,11 +90593,11 @@
 CVE-2015-1446
 	RESERVED
 CVE-2015-1445 (HTTP header injection in the httpd package in fli4l before 3.10.1 and ...)
-	TODO: check
+	NOT-FOR-US: fli4l
 CVE-2015-1444 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
 	NOT-FOR-US: fli4l
 CVE-2015-1443 (The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 ...)
-	TODO: check
+	NOT-FOR-US: fli4l
 CVE-2015-1442 (SQL injection vulnerability in views/zero_transact_user.php in the ...)
 	NOT-FOR-US: ZeroCMS
 CVE-2015-1440
@@ -93920,7 +93920,7 @@
 CVE-2014-9515
 	RESERVED
 CVE-2014-9514 (Cross-site scripting (XSS) vulnerability in BMC Footprints Service ...)
-	TODO: check
+	NOT-FOR-US: BMC
 CVE-2014-9512 (rsync 3.1.1 allows remote attackers to write to arbitrary files via a ...)
 	- rsync 3.1.1-3 (low; bug #778333)
 	[wheezy] - rsync <not-affected> (Affected sanitising functionality not yet present)

More information about the Secure-testing-commits mailing list