[Secure-testing-commits] r57779 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Nov 18 13:05:45 UTC 2017


Author: carnil
Date: 2017-11-18 13:05:45 +0000 (Sat, 18 Nov 2017)
New Revision: 57779

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-18 12:35:47 UTC (rev 57778)
+++ data/CVE/list	2017-11-18 13:05:45 UTC (rev 57779)
@@ -1,7 +1,7 @@
 CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before ...)
-	TODO: check
+	NOT-FOR-US: filp whoops
 CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...)
-	TODO: check
+	NOT-FOR-US: Snap7 Server
 CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme ...)
 	TODO: check
 CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...)
@@ -1103,7 +1103,7 @@
 CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...)
 	NOT-FOR-US: Logitech Media Server
 CVE-2017-16566 (On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not ...)
-	TODO: check
+	NOT-FOR-US: Jooan IP Camera A5 2.3.36 devices
 CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage ...)
 	NOT-FOR-US: Vonage
 CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on ...)
@@ -8185,7 +8185,7 @@
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27013
 	NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27013
 CVE-2017-14077 (HTML Injection in Securimage 3.6.4 and earlier allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Securimage
 CVE-2017-14076 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id ...)
 	NOT-FOR-US: NexusPHP
 CVE-2017-14075 (This vulnerability allows local attackers to escalate privileges on ...)
@@ -17546,7 +17546,7 @@
 CVE-2017-10890 (Session management issue in RX-V200 firmware versions prior to ...)
 	NOT-FOR-US: RX-V200 firmware
 CVE-2017-10889 (TablePress prior to version 1.8.1 allows an attacker to conduct XML ...)
-	TODO: check
+	NOT-FOR-US: TablePress
 CVE-2017-10888 (BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac ...)
 	NOT-FOR-US: BOOK WALKER
 CVE-2017-10887 (Untrusted search path vulnerability in BOOK WALKER for Windows ...)
@@ -36665,7 +36665,7 @@
 CVE-2017-4940
 	RESERVED
 CVE-2017-4939 (VMware Workstation (12.x before 12.5.8) installer contains a DLL ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...)
 	NOT-FOR-US: VMware
 CVE-2017-4937 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...)




More information about the Secure-testing-commits mailing list