[Secure-testing-commits] r52368 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-06-07 04:44:28 +0000 (Wed, 07 Jun 2017)
New Revision: 52368

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-07 04:26:13 UTC (rev 52367)
+++ data/CVE/list	2017-06-07 04:44:28 UTC (rev 52368)
@@ -17,13 +17,13 @@
 CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 ...)
 	TODO: check
 CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php in ...)
-	TODO: check
+	NOT-FOR-US: flatCore CMS
 CVE-2017-9450
 	RESERVED
 CVE-2017-9449 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote ...)
-	TODO: check
+	NOT-FOR-US: BigTree CMS
 CVE-2017-9448 (Cross-site scripting (XSS) vulnerabilities in BigTree CMS through ...)
-	TODO: check
+	NOT-FOR-US: BigTree CMS
 CVE-2017-9462 [allows remote users unauthorized access to a hg serve --stdio instance]
 	- mercurial <unfixed> (bug #861243)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
@@ -2808,13 +2808,13 @@
 CVE-2017-8442
 	RESERVED
 CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not ...)
-	TODO: check
+	NOT-FOR-US: Elastic X-Pack Security
 CVE-2017-8440 (Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) ...)
 	TODO: check
 CVE-2017-8439 (Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug ...)
 	TODO: check
 CVE-2017-8438 (Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege ...)
-	TODO: check
+	NOT-FOR-US: Elastic X-Pack Security
 CVE-2017-8437
 	RESERVED
 CVE-2017-8436
@@ -3803,7 +3803,7 @@
 CVE-2017-8084
 	RESERVED
 CVE-2017-8083 (CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 ...)
-	TODO: check
+	NOT-FOR-US: CompuLab Intense PC and MintBox 2 devices
 CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which ...)
 	NOT-FOR-US: concrete5
 CVE-2017-8081 (Poor cryptographic salt initialization in ...)
@@ -12768,7 +12768,7 @@
 CVE-2017-5244
 	RESERVED
 CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances ...)
-	TODO: check
+	NOT-FOR-US: Rapid7 Nexpose hardware appliances
 CVE-2017-5242
 	RESERVED
 CVE-2017-5241
@@ -70540,7 +70540,7 @@
 CVE-2015-3831 (Buffer overflow in the readAt function in BpMediaHTTPConnection in ...)
 	NOT-FOR-US: mediaserver service in Android
 CVE-2015-3830 (The stock Android browser address bar in all Android operating systems ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2015-3829 (Off-by-one error in the MPEG4Extractor::parseChunk function in ...)
 	NOT-FOR-US: libstagefright in Android
 CVE-2015-3828 (The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp ...)