[Secure-testing-commits] r52341 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-06-06 04:31:22 +0000 (Tue, 06 Jun 2017)
New Revision: 52341

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-06 04:16:35 UTC (rev 52340)
+++ data/CVE/list	2017-06-06 04:31:22 UTC (rev 52341)
@@ -5,13 +5,13 @@
 CVE-2017-9445
 	RESERVED
 CVE-2017-9444 (BigTree CMS through 4.2.18 has CSRF related to the ...)
-	TODO: check
+	NOT-FOR-US: BigTree CMS
 CVE-2017-9443 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: BigTree CMS
 CVE-2017-9442 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: BigTree CMS
 CVE-2017-9441 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: BigTree CMS
 CVE-2017-9440 (In ImageMagick 7.0.5-5, a memory leak was found in the function ...)
 	TODO: check
 CVE-2017-9439 (In ImageMagick 7.0.5-5, a memory leak was found in the function ...)
@@ -19,7 +19,7 @@
 CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers ...)
 	TODO: check
 CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This ...)
-	TODO: check
+	NOT-FOR-US: Openbravo Business Suite
 CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in ...)
 	TODO: check
 CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in ...)
@@ -61,7 +61,7 @@
 CVE-2017-9421
 	RESERVED
 CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...)
-	TODO: check
+	NOT-FOR-US: Spiffy Calendar plugin for WordPress
 CVE-2017-9419
 	RESERVED
 CVE-2017-9418
@@ -1861,19 +1861,19 @@
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
 	NOTE: Crash in CLI tool, no security implications
 CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, ...)
-	TODO: check
+	NOT-FOR-US: Peplink Balance devices
 CVE-2017-8840 (Debug information disclosure exists on Peplink Balance 305, 380, 580, ...)
-	TODO: check
+	NOT-FOR-US: Peplink Balance devices
 CVE-2017-8839 (XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, ...)
-	TODO: check
+	NOT-FOR-US: Peplink Balance devices
 CVE-2017-8838 (XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and ...)
-	TODO: check
+	NOT-FOR-US: Peplink Balance devices
 CVE-2017-8837 (Cleartext password storage exists on Peplink Balance 305, 380, 580, ...)
-	TODO: check
+	NOT-FOR-US: Peplink Balance devices
 CVE-2017-8836 (CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 ...)
-	TODO: check
+	NOT-FOR-US: Peplink Balance devices
 CVE-2017-8835 (SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and ...)
-	TODO: check
+	NOT-FOR-US: Peplink Balance devices
 CVE-2016-10370 (An issue was discovered on OnePlus devices such as the 3T. The OnePlus ...)
 	NOT-FOR-US: OnePlus
 CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a ...)