[Secure-testing-commits] r56767 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Oct 16 21:22:47 UTC 2017 

Author: jmm
Date: 2017-10-16 21:22:47 +0000 (Mon, 16 Oct 2017)
New Revision: 56767

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-16 21:19:11 UTC (rev 56766)
+++ data/CVE/list	2017-10-16 21:22:47 UTC (rev 56767)
@@ -1,7 +1,7 @@
 CVE-2017-15384 (rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. ...)
-	TODO: check
+	NOT-FOR-US: Rate Me
 CVE-2017-15383 (Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, ...)
-	TODO: check
+	NOT-FOR-US: Nero
 CVE-2017-15382
 	RESERVED
 CVE-2017-15381
@@ -61,7 +61,7 @@
 CVE-2017-15362 (osTicket 1.10.1 allows arbitrary client-side JavaScript code execution ...)
 	NOT-FOR-US: osTicket
 CVE-2017-15361 (The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module ...)
-	TODO: check
+	NOT-FOR-US: Infineon RSA library
 CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored ...)
 	NOT-FOR-US: PRTG Network Monitor
 CVE-2017-15359
@@ -192,15 +192,15 @@
 	NOTE: https://github.com/Katee/git-bomb
 	NOTE: No practical security implications
 CVE-2017-15297 (SAP Hostcontrol does not require authentication for the SOAP ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2017-15296 (The Java component in SAP CRM has CSRF. This is SAP Security Note ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2017-15295 (Xpress Server in SAP POS does not require authentication for ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2017-15294 (The Java administration console in SAP CRM has XSS. This is SAP ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2017-15293 (Xpress Server in SAP POS does not require authentication for file read ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2017-15292
 	RESERVED
 CVE-2017-15291
@@ -427,7 +427,7 @@
 CVE-2017-15222
 	RESERVED
 CVE-2017-15221 (ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a ...)
-	TODO: check
+	NOT-FOR-US: ASX to MP3 converter
 CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer ...)
 	NOT-FOR-US: Flexense VX Search Enterprise
 CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site ...)
@@ -86286,7 +86286,7 @@
 CVE-2015-4653
 	RESERVED
 CVE-2015-4650 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before ...)
-	TODO: check
+	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
 CVE-2015-4649 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before ...)
 	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
 CVE-2015-4648 (Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX ...)
@@ -91720,7 +91720,7 @@
 CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi ...)
 	NOT-FOR-US: Hotspot Express hotEx Billing Manager
 CVE-2015-2780 (Unrestricted file upload vulnerability in Berta CMS allows remote ...)
-	TODO: check
+	NOT-FOR-US: Berta CMS
 CVE-2015-2777
 	RESERVED
 CVE-2015-2775 (Directory traversal vulnerability in GNU Mailman before 2.1.20, when ...)
@@ -101053,9 +101053,9 @@
 CVE-2014-9149
 	RESERVED
 CVE-2014-9148 (Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access ...)
-	TODO: check
+	NOT-FOR-US: Fiyo CMS
 CVE-2014-9147 (Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: Fiyo CMS
 CVE-2014-9146 (Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS ...)
 	NOT-FOR-US: Fiyo CMS
 CVE-2014-9145 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow ...)
@@ -103136,7 +103136,7 @@
 CVE-2014-8622 (Cross-site scripting (XSS) vulnerability in compfight-search.php in ...)
 	NOT-FOR-US: Compfight plugin for WordPress
 CVE-2014-8621 (SQL injection vulnerability in the Store Locator plugin 2.3 through ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2014-8620
 	RESERVED
 CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in the autolearn ...)
@@ -104890,7 +104890,7 @@
 	NOTE: For the incomplete fix for CVE-2014-8080
 	NOTE: https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
 CVE-2014-8087 (Cross-site scripting (XSS) vulnerability in the post highlights plugin ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2014-8085 (Unrestricted file upload vulnerability in the CWebContact::doModel ...)
 	NOT-FOR-US: OsClass
 CVE-2014-8084 (Directory traversal vulnerability in ...)

More information about the Secure-testing-commits mailing list