[Secure-testing-commits] r56207 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Sep 28 03:11:06 UTC 2017 

Author: carnil
Date: 2017-09-28 03:11:06 +0000 (Thu, 28 Sep 2017)
New Revision: 56207

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-27 21:10:18 UTC (rev 56206)
+++ data/CVE/list	2017-09-28 03:11:06 UTC (rev 56207)
@@ -1,25 +1,25 @@
 CVE-2017-14848
 	RESERVED
 CVE-2017-14847 (Mojoomla WPAMS Apartment Management System for WordPress allows SQL ...)
-	TODO: check
+	NOT-FOR-US: Mojoomla WPAMS Apartment Management System for WordPress
 CVE-2017-14846 (Mojoomla Hospital Management System for WordPress allows SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: Mojoomla Hospital Management System for WordPress
 CVE-2017-14845 (Mojoomla WPCHURCH Church Management System for WordPress allows SQL ...)
-	TODO: check
+	NOT-FOR-US: Mojoomla WPCHURCH Church Management System for WordPress
 CVE-2017-14844 (Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via ...)
-	TODO: check
+	NOT-FOR-US: Mojoomla WPGYM WordPress Gym Management System
 CVE-2017-14843 (Mojoomla School Management System for WordPress allows SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: Mojoomla School Management System for WordPress
 CVE-2017-14842 (Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL ...)
-	TODO: check
+	NOT-FOR-US: Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress
 CVE-2017-14841 (Mojoomla Annual Maintenance Contract (AMC) Management System allows ...)
-	TODO: check
+	NOT-FOR-US: Mojoomla Annual Maintenance Contract (AMC) Management System
 CVE-2017-14840 (TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. ...)
-	TODO: check
+	NOT-FOR-US: TeamWork TicketPlus
 CVE-2017-14839 (TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and ...)
-	TODO: check
+	NOT-FOR-US: TeamWork Photo Fusion
 CVE-2017-14838 (TeamWork Job Links allows Arbitrary File Upload in profileChange and ...)
-	TODO: check
+	NOT-FOR-US: TeamWork Job Links
 CVE-2017-14837
 	RESERVED
 CVE-2017-14836
@@ -145,7 +145,7 @@
 CVE-2017-14776
 	RESERVED
 CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification ...)
-	TODO: check
+	NOT-FOR-US: Laravel
 CVE-2017-14774
 	RESERVED
 CVE-2017-14773
@@ -545,7 +545,7 @@
 	NOTE: https://github.com/go-ldap/ldap/pull/126
 	NOTE: https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66
 CVE-2017-14622 (Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon ...)
-	TODO: check
+	NOT-FOR-US: 2kb Amazon Affiliates Store plugin for WordPress
 CVE-2017-14621 (Portus 2.2.0 has XSS via the Team field, related to typeahead. ...)
 	NOT-FOR-US: Portus
 CVE-2017-14620
@@ -3194,7 +3194,7 @@
 CVE-2017-13677
 	RESERVED
 CVE-2017-13676 (Norton Remove & Reinstall can be susceptible to a DLL preloading ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2017-13675
 	RESERVED
 CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege ...)
@@ -11091,7 +11091,7 @@
 CVE-2017-10933
 	RESERVED
 CVE-2017-10932 (All versions prior to V12.17.20 of the ZTE Microwave NR8000 series ...)
-	TODO: check
+	NOT-FOR-US: ZTE Microwave
 CVE-2017-10931 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download ...)
 	NOT-FOR-US: ZXR10 1800-2S
 CVE-2017-10930 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a ...)
@@ -36318,7 +36318,7 @@
 CVE-2017-2552
 	RESERVED
 CVE-2017-2551 (Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin BackWPup
 CVE-2017-2550 (Vulnerability in Easy Joomla Backup v3.2.4. The software creates a ...)
 	NOT-FOR-US: Easy Joomla Backup
 CVE-2017-2549 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
@@ -38324,7 +38324,7 @@
 CVE-2017-1592
 	RESERVED
 CVE-2017-1591 (IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1590
 	RESERVED
 CVE-2017-1589
@@ -38352,7 +38352,7 @@
 CVE-2017-1578
 	RESERVED
 CVE-2017-1577 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1576
 	RESERVED
 CVE-2017-1575
@@ -38540,7 +38540,7 @@
 CVE-2017-1484
 	RESERVED
 CVE-2017-1483 (IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1482
 	RESERVED
 CVE-2017-1481
@@ -38692,7 +38692,7 @@
 CVE-2017-1408
 	RESERVED
 CVE-2017-1407 (IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1406
 	RESERVED
 CVE-2017-1405
@@ -74259,7 +74259,7 @@
 CVE-2015-8250
 	RESERVED
 CVE-2015-8249 (The FileUploadServlet class in ManageEngine Desktop Central 9 before ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine Desktop Central
 CVE-2015-8248
 	REJECTED
 CVE-2015-8247 (Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo ...)
@@ -77011,7 +77011,7 @@
 CVE-2015-7350
 	RESERVED
 CVE-2015-7349 (Cross-site scripting (XSS) vulnerability in the sample feedback.inc ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2015-7348 (Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and ...)
 	NOT-FOR-US: zTree
 CVE-2015-7347 (Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages ...)
@@ -77214,7 +77214,7 @@
 CVE-2015-7257 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and ...)
 	NOT-FOR-US: ZTE modems
 CVE-2015-7256 (ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, NWA1123-NI Access ...)
-	TODO: check
+	NOT-FOR-US: ZyXEL
 CVE-2015-7255 (ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, ...)
 	NOT-FOR-US: ZTE
 CVE-2015-7254 (Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s ...)
@@ -92140,7 +92140,7 @@
 	[squeeze] - ecryptfs-utils <no-dsa> (Minor issue)
 	NOTE: http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/839
 CVE-2014-9686 (The Googlemaps plugin 3.2 and earlier for Joomla! allows remote ...)
-	TODO: check
+	NOT-FOR-US: Googlemaps plugin for Joomla!
 CVE-2013-7433 (Cross-site scripting (XSS) vulnerability in the Googlemaps plugin ...)
 	NOT-FOR-US: Googlemaps plugin for Joomla!
 CVE-2013-7432 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers ...)

More information about the Secure-testing-commits mailing list