[Secure-testing-commits] r56342 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Oct 2 10:11:55 UTC 2017
Author: jmm
Date: 2017-10-02 10:11:55 +0000 (Mon, 02 Oct 2017)
New Revision: 56342
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-02 10:09:34 UTC (rev 56341)
+++ data/CVE/list 2017-10-02 10:11:55 UTC (rev 56342)
@@ -74,7 +74,7 @@
CVE-2017-14959
RESERVED
CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of dangerous ...)
- TODO: check
+ NOT-FOR-US: PivotX
CVE-2017-14957 (Stored XSS vulnerability via a comment in inc/conv.php in BlogoText ...)
NOT-FOR-US: BlogoText
CVE-2017-14956
@@ -2710,7 +2710,7 @@
CVE-2017-13998
RESERVED
CVE-2017-13997 (A Missing Authentication for Critical Function issue was discovered in ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2017-13996
RESERVED
CVE-2017-13995
@@ -18342,13 +18342,13 @@
CVE-2017-8448 (An error was found in the permission model used by X-Pack Alerting ...)
- kibana <itp> (bug #700337)
CVE-2017-8447 (An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege ...)
- NOT-FOR-US: X-Pack Security
+ NOT-FOR-US: X-Pack plugin for Kibana
CVE-2017-8446 (The Reporting feature in X-Pack in versions prior to 5.5.2 and ...)
NOT-FOR-US: X-Pack plugin for Kibana
CVE-2017-8445 (An error was found in the X-Pack Security TLS trust manager for ...)
NOT-FOR-US: X-PackSecurity TLS trust manager plugin for Elasticsearch
CVE-2017-8444 (The client-forwarder in Elastic Cloud Enterprise versions prior to ...)
- TODO: check
+ NOT-FOR-US: Elastic Cloud Enterprise
CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ...)
NOT-FOR-US: Kibana X-Pack Security
CVE-2017-8442 (Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, ...)
@@ -74760,7 +74760,7 @@
CVE-2015-8252 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)
NOT-FOR-US: Frontel
CVE-2015-8251 (OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, ...)
- TODO: check
+ NOT-FOR-US: OpenStage
CVE-2015-8250
RESERVED
CVE-2015-8249 (The FileUploadServlet class in ManageEngine Desktop Central 9 before ...)
@@ -77409,9 +77409,9 @@
CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in ...)
- freeswitch <itp> (bug #389591)
CVE-2015-7391 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
- TODO: check
+ NOT-FOR-US: TestLink
CVE-2015-7390 (SQL injection vulnerability in TestLink before 1.9.14 allows remote ...)
- TODO: check
+ NOT-FOR-US: TestLink
CVE-2015-7389
RESERVED
CVE-2015-7388
@@ -77645,7 +77645,7 @@
NOTE: https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
NOTE: https://nodesecurity.io/advisories/19
CVE-2015-7293 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zope ...)
- TODO: check
+ NOT-FOR-US: Zope Management Interface
CVE-2015-7292 (Stack-based buffer overflow in the havok_write function in ...)
NOT-FOR-US: Amazon Fire OS
CVE-2015-7291 (Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the ...)
@@ -84912,11 +84912,11 @@
CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control in ...)
NOT-FOR-US: AjaxControlToolkit
CVE-2015-4669 (The MySQL "root" user in Xsuite 2.3.0 and 2.4.3.0 does not have a ...)
- TODO: check
+ NOT-FOR-US: Xsuite
CVE-2015-4668 (Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Xsuite
CVE-2015-4667 (Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0. ...)
- TODO: check
+ NOT-FOR-US: Xsuite
CVE-2015-4666 (Directory traversal vulnerability in opm/read_sessionlog.php in ...)
NOT-FOR-US: Xceedium Xsuite
CVE-2015-4665 (Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium ...)
@@ -88692,7 +88692,7 @@
CVE-2015-3298
RESERVED
CVE-2015-3296 (Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2015-3295 (markdown-it before 4.1.0 does not block data: URLs. ...)
- ruby-rails-assets-markdown-it 4.2.1-1
CVE-2015-3294 (The tcp_request function in Dnsmasq before 2.73rc4 does not properly ...)
@@ -94155,7 +94155,7 @@
CVE-2015-1538 (Integer overflow in the SampleTable::setSampleToChunkParams function ...)
NOT-FOR-US: libstagefright in Android
CVE-2015-1537 (Integer overflow in IHDCP.cpp in the media_server component in Android ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-1536 (Integer overflow in the Bitmap_createFromParcel function in ...)
NOT-FOR-US: Android
CVE-2015-1535
@@ -94177,7 +94177,7 @@
CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows local ...)
NOT-FOR-US: Android
CVE-2015-1526 (The media_server component in Android allows remote attackers to cause ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-1525
RESERVED
CVE-2015-1524
More information about the Secure-testing-commits
mailing list