[Secure-testing-commits] r56342 - data/CVE

Moritz Muehlenhoff Mon, 02 Oct 2017 03:15:08 -0700

Author: jmm
Date: 2017-10-02 10:11:55 +0000 (Mon, 02 Oct 2017)
New Revision: 56342


Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-02 10:09:34 UTC (rev 56341)
+++ data/CVE/list       2017-10-02 10:11:55 UTC (rev 56342)
@@ -74,7 +74,7 @@
 CVE-2017-14959
        RESERVED
 CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of 
dangerous ...)
-       TODO: check
+       NOT-FOR-US: PivotX
 CVE-2017-14957 (Stored XSS vulnerability via a comment in inc/conv.php in 
BlogoText ...)
        NOT-FOR-US: BlogoText
 CVE-2017-14956
@@ -2710,7 +2710,7 @@
 CVE-2017-13998
        RESERVED
 CVE-2017-13997 (A Missing Authentication for Critical Function issue was 
discovered in ...)
-       TODO: check
+       NOT-FOR-US: Schneider
 CVE-2017-13996
        RESERVED
 CVE-2017-13995
@@ -18342,13 +18342,13 @@
 CVE-2017-8448 (An error was found in the permission model used by X-Pack 
Alerting ...)
        - kibana <itp> (bug #700337)
 CVE-2017-8447 (An error was found in the X-Pack Security 5.3.0 to 5.5.2 
privilege ...)
-       NOT-FOR-US: X-Pack Security
+       NOT-FOR-US: X-Pack plugin for Kibana
 CVE-2017-8446 (The Reporting feature in X-Pack in versions prior to 5.5.2 and 
...)
        NOT-FOR-US: X-Pack plugin for Kibana
 CVE-2017-8445 (An error was found in the X-Pack Security TLS trust manager for 
...)
        NOT-FOR-US: X-PackSecurity TLS trust manager plugin for Elasticsearch
 CVE-2017-8444 (The client-forwarder in Elastic Cloud Enterprise versions prior 
to ...)
-       TODO: check
+       NOT-FOR-US: Elastic Cloud Enterprise
 CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana 
user ...)
        NOT-FOR-US: Kibana X-Pack Security
 CVE-2017-8442 (Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when 
enabled, ...)
@@ -74760,7 +74760,7 @@
 CVE-2015-8252 (The Frontel protocol before 3 on RSI Video Technologies 
Videofied ...)
        NOT-FOR-US: Frontel
 CVE-2015-8251 (OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 
15, ...)
-       TODO: check
+       NOT-FOR-US: OpenStage
 CVE-2015-8250
        RESERVED
 CVE-2015-8249 (The FileUploadServlet class in ManageEngine Desktop Central 9 
before ...)
@@ -77409,9 +77409,9 @@
 CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in ...)
        - freeswitch <itp> (bug #389591)
 CVE-2015-7391 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink 
before ...)
-       TODO: check
+       NOT-FOR-US: TestLink
 CVE-2015-7390 (SQL injection vulnerability in TestLink before 1.9.14 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: TestLink
 CVE-2015-7389
        RESERVED
 CVE-2015-7388
@@ -77645,7 +77645,7 @@
        NOTE: 
https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
        NOTE: https://nodesecurity.io/advisories/19
 CVE-2015-7293 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
Zope ...)
-       TODO: check
+       NOT-FOR-US: Zope Management Interface
 CVE-2015-7292 (Stack-based buffer overflow in the havok_write function in ...)
        NOT-FOR-US: Amazon Fire OS
 CVE-2015-7291 (Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi 
in the ...)
@@ -84912,11 +84912,11 @@
 CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control 
in ...)
        NOT-FOR-US: AjaxControlToolkit
 CVE-2015-4669 (The MySQL &quot;root&quot; user in Xsuite 2.3.0 and 2.4.3.0 
does not have a ...)
-       TODO: check
+       NOT-FOR-US: Xsuite
 CVE-2015-4668 (Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: Xsuite
 CVE-2015-4667 (Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0. ...)
-       TODO: check
+       NOT-FOR-US: Xsuite
 CVE-2015-4666 (Directory traversal vulnerability in opm/read_sessionlog.php in 
...)
        NOT-FOR-US: Xceedium Xsuite
 CVE-2015-4665 (Cross-site scripting (XSS) vulnerability in ajax_cmd.php in 
Xceedium ...)
@@ -88692,7 +88692,7 @@
 CVE-2015-3298
        RESERVED
 CVE-2015-3296 (Multiple cross-site scripting (XSS) vulnerabilities in NodeBB 
before ...)
-       TODO: check
+       NOT-FOR-US: NodeBB
 CVE-2015-3295 (markdown-it before 4.1.0 does not block data: URLs. ...)
        - ruby-rails-assets-markdown-it 4.2.1-1
 CVE-2015-3294 (The tcp_request function in Dnsmasq before 2.73rc4 does not 
properly ...)
@@ -94155,7 +94155,7 @@
 CVE-2015-1538 (Integer overflow in the SampleTable::setSampleToChunkParams 
function ...)
        NOT-FOR-US: libstagefright in Android
 CVE-2015-1537 (Integer overflow in IHDCP.cpp in the media_server component in 
Android ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2015-1536 (Integer overflow in the Bitmap_createFromParcel function in ...)
        NOT-FOR-US: Android
 CVE-2015-1535
@@ -94177,7 +94177,7 @@
 CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows 
local ...)
        NOT-FOR-US: Android
 CVE-2015-1526 (The media_server component in Android allows remote attackers 
to cause ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2015-1525
        RESERVED
 CVE-2015-1524


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56342 - data/CVE

Reply via email to