[Secure-testing-commits] r56140 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Sep 26 04:31:36 UTC 2017 

Author: carnil
Date: 2017-09-26 04:31:35 +0000 (Tue, 26 Sep 2017)
New Revision: 56140

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-25 23:18:45 UTC (rev 56139)
+++ data/CVE/list	2017-09-26 04:31:35 UTC (rev 56140)
@@ -1646,7 +1646,7 @@
 CVE-2017-14126 (The Participants Database plugin before 1.7.5.10 for WordPress has XSS. ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2017-14125 (SQL injection vulnerability in the Responsive Image Gallery plugin ...)
-	TODO: check
+	NOT-FOR-US: Responsive Image Gallery plugin for WordPress
 CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when ...)
 	NOT-FOR-US: eLux
 CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File ...)
@@ -11654,19 +11654,19 @@
 CVE-2017-9963
 	RESERVED
 CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to August 2017 ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-9960 (An information disclosure vulnerability exists in Schneider Electric's ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-9959 (A vulnerability exists in Schneider Electric's U.motion Builder ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-9958 (An improper access control vulnerability exists in Schneider ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-9957 (A vulnerability exists in Schneider Electric's U.motion Builder ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-9956 (An authentication bypass vulnerability exists in Schneider Electric's ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-9955 (The get_build_id function in opncls.c in the Binary File Descriptor ...)
 	- binutils 2.29-1
 	[stretch] - binutils <ignored> (Minor issue)
@@ -18927,17 +18927,17 @@
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693
 	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
 CVE-2017-7974 (A path traversal information disclosure vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-7973 (A SQL injection vulnerability exists in Schneider Electric's U.motion ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-7972 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-7971 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-7970 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-7969 (A cross-site request forgery vulnerability exists on the Secure ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-7968 (An Incorrect Default Permissions issue was discovered in Schneider ...)
 	NOT-FOR-US: Schneider
 CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...)
@@ -38068,7 +38068,7 @@
 CVE-2017-1556 (IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular ...)
 	NOT-FOR-US: IBM
 CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1554
 	RESERVED
 CVE-2017-1553
@@ -38076,7 +38076,7 @@
 CVE-2017-1552
 	RESERVED
 CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1550
 	RESERVED
 CVE-2017-1549
@@ -38330,7 +38330,7 @@
 CVE-2017-1425
 	RESERVED
 CVE-2017-1424 (IBM Business Process Manager 8.5.7 is vulnerable to cross-site ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1423
 	RESERVED
 CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper ...)
@@ -38454,7 +38454,7 @@
 CVE-2017-1363
 	RESERVED
 CVE-2017-1362 (IBM Security Identity Manager Adapters 6.0 and 7.0 stores user ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1361
 	RESERVED
 CVE-2017-1360
@@ -38486,7 +38486,7 @@
 CVE-2017-1347 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL ...)
 	NOT-FOR-US: IBM
 CVE-2017-1346 (IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1345
 	RESERVED
 CVE-2017-1344
@@ -38708,7 +38708,7 @@
 CVE-2017-1236 (IBM WebSphere MQ 9.0.2 could allow an authenticated user to ...)
 	NOT-FOR-US: IBM
 CVE-2017-1235 (IBM WebSphere MQ 8.0 could allow an authenticated user to cause a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1234 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2017-1233
@@ -69203,7 +69203,7 @@
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-31.html
 CVE-2015-8707 (Password reset tokens in Magento CE before 1.9.2.2, and Magento EE ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2015-8744 (QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC ...)
 	{DSA-3471-1}
 	- qemu 1:2.5+dfsg-1
@@ -100451,7 +100451,7 @@
 CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 ...)
 	NOT-FOR-US: IBM
 CVE-2014-8889 (Dropbox SDK for Android before 1.6.2 might allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Dropbox SDK for Android
 CVE-2014-8888
 	RESERVED
 CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...)
@@ -120771,7 +120771,7 @@
 	- kfreebsd-8 <not-affected> (don't have newcons)
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
 CVE-2014-0997 (WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android ...)
-	TODO: check
+	NOT-FOR-US: WiFiMonitor in Android
 CVE-2014-0996
 	RESERVED
 CVE-2014-0995 (The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier ...)
@@ -180024,9 +180024,9 @@
 CVE-2010-3051
 	RESERVED
 CVE-2010-3050 (Cisco IOS before 12.2(33)SXI allows remote authenticated users to ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2010-3049 (Cisco IOS before 12.2(33)SXI allows local users to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2010-3048
 	RESERVED
 CVE-2010-3047

More information about the Secure-testing-commits mailing list