[Secure-testing-commits] r56342 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Oct 2 10:11:55 UTC 2017 

Author: jmm
Date: 2017-10-02 10:11:55 +0000 (Mon, 02 Oct 2017)
New Revision: 56342

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-02 10:09:34 UTC (rev 56341)
+++ data/CVE/list	2017-10-02 10:11:55 UTC (rev 56342)
@@ -74,7 +74,7 @@
 CVE-2017-14959
 	RESERVED
 CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of dangerous ...)
-	TODO: check
+	NOT-FOR-US: PivotX
 CVE-2017-14957 (Stored XSS vulnerability via a comment in inc/conv.php in BlogoText ...)
 	NOT-FOR-US: BlogoText
 CVE-2017-14956
@@ -2710,7 +2710,7 @@
 CVE-2017-13998
 	RESERVED
 CVE-2017-13997 (A Missing Authentication for Critical Function issue was discovered in ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2017-13996
 	RESERVED
 CVE-2017-13995
@@ -18342,13 +18342,13 @@
 CVE-2017-8448 (An error was found in the permission model used by X-Pack Alerting ...)
 	- kibana <itp> (bug #700337)
 CVE-2017-8447 (An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege ...)
-	NOT-FOR-US: X-Pack Security
+	NOT-FOR-US: X-Pack plugin for Kibana
 CVE-2017-8446 (The Reporting feature in X-Pack in versions prior to 5.5.2 and ...)
 	NOT-FOR-US: X-Pack plugin for Kibana
 CVE-2017-8445 (An error was found in the X-Pack Security TLS trust manager for ...)
 	NOT-FOR-US: X-PackSecurity TLS trust manager plugin for Elasticsearch
 CVE-2017-8444 (The client-forwarder in Elastic Cloud Enterprise versions prior to ...)
-	TODO: check
+	NOT-FOR-US: Elastic Cloud Enterprise
 CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ...)
 	NOT-FOR-US: Kibana X-Pack Security
 CVE-2017-8442 (Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, ...)
@@ -74760,7 +74760,7 @@
 CVE-2015-8252 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)
 	NOT-FOR-US: Frontel
 CVE-2015-8251 (OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, ...)
-	TODO: check
+	NOT-FOR-US: OpenStage
 CVE-2015-8250
 	RESERVED
 CVE-2015-8249 (The FileUploadServlet class in ManageEngine Desktop Central 9 before ...)
@@ -77409,9 +77409,9 @@
 CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in ...)
 	- freeswitch <itp> (bug #389591)
 CVE-2015-7391 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2015-7390 (SQL injection vulnerability in TestLink before 1.9.14 allows remote ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2015-7389
 	RESERVED
 CVE-2015-7388
@@ -77645,7 +77645,7 @@
 	NOTE: https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
 	NOTE: https://nodesecurity.io/advisories/19
 CVE-2015-7293 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zope ...)
-	TODO: check
+	NOT-FOR-US: Zope Management Interface
 CVE-2015-7292 (Stack-based buffer overflow in the havok_write function in ...)
 	NOT-FOR-US: Amazon Fire OS
 CVE-2015-7291 (Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the ...)
@@ -84912,11 +84912,11 @@
 CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control in ...)
 	NOT-FOR-US: AjaxControlToolkit
 CVE-2015-4669 (The MySQL "root" user in Xsuite 2.3.0 and 2.4.3.0 does not have a ...)
-	TODO: check
+	NOT-FOR-US: Xsuite
 CVE-2015-4668 (Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Xsuite
 CVE-2015-4667 (Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0. ...)
-	TODO: check
+	NOT-FOR-US: Xsuite
 CVE-2015-4666 (Directory traversal vulnerability in opm/read_sessionlog.php in ...)
 	NOT-FOR-US: Xceedium Xsuite
 CVE-2015-4665 (Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium ...)
@@ -88692,7 +88692,7 @@
 CVE-2015-3298
 	RESERVED
 CVE-2015-3296 (Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before ...)
-	TODO: check
+	NOT-FOR-US: NodeBB
 CVE-2015-3295 (markdown-it before 4.1.0 does not block data: URLs. ...)
 	- ruby-rails-assets-markdown-it 4.2.1-1
 CVE-2015-3294 (The tcp_request function in Dnsmasq before 2.73rc4 does not properly ...)
@@ -94155,7 +94155,7 @@
 CVE-2015-1538 (Integer overflow in the SampleTable::setSampleToChunkParams function ...)
 	NOT-FOR-US: libstagefright in Android
 CVE-2015-1537 (Integer overflow in IHDCP.cpp in the media_server component in Android ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2015-1536 (Integer overflow in the Bitmap_createFromParcel function in ...)
 	NOT-FOR-US: Android
 CVE-2015-1535
@@ -94177,7 +94177,7 @@
 CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows local ...)
 	NOT-FOR-US: Android
 CVE-2015-1526 (The media_server component in Android allows remote attackers to cause ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2015-1525
 	RESERVED
 CVE-2015-1524

More information about the Secure-testing-commits mailing list