[Secure-testing-commits] r56767 - data/CVE

Moritz Muehlenhoff Mon, 16 Oct 2017 14:23:02 -0700

Author: jmm
Date: 2017-10-16 21:22:47 +0000 (Mon, 16 Oct 2017)
New Revision: 56767


Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-16 21:19:11 UTC (rev 56766)
+++ data/CVE/list       2017-10-16 21:22:47 UTC (rev 56767)
@@ -1,7 +1,7 @@
 CVE-2017-15384 (rate-me.php in Rate Me 1.0 has XSS via the id field in a rate 
action. ...)
-       TODO: check
+       NOT-FOR-US: Rate Me
 CVE-2017-15383 (Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, 
...)
-       TODO: check
+       NOT-FOR-US: Nero
 CVE-2017-15382
        RESERVED
 CVE-2017-15381
@@ -61,7 +61,7 @@
 CVE-2017-15362 (osTicket 1.10.1 allows arbitrary client-side JavaScript code 
execution ...)
        NOT-FOR-US: osTicket
 CVE-2017-15361 (The Infineon RSA library 1.02.013 in Infineon Trusted Platform 
Module ...)
-       TODO: check
+       NOT-FOR-US: Infineon RSA library
 CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to 
stored ...)
        NOT-FOR-US: PRTG Network Monitor
 CVE-2017-15359
@@ -192,15 +192,15 @@
        NOTE: https://github.com/Katee/git-bomb
        NOTE: No practical security implications
 CVE-2017-15297 (SAP Hostcontrol does not require authentication for the SOAP 
...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2017-15296 (The Java component in SAP CRM has CSRF. This is SAP Security 
Note ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2017-15295 (Xpress Server in SAP POS does not require authentication for 
...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2017-15294 (The Java administration console in SAP CRM has XSS. This is 
SAP ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2017-15293 (Xpress Server in SAP POS does not require authentication for 
file read ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2017-15292
        RESERVED
 CVE-2017-15291
@@ -427,7 +427,7 @@
 CVE-2017-15222
        RESERVED
 CVE-2017-15221 (ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow 
via a ...)
-       TODO: check
+       NOT-FOR-US: ASX to MP3 converter
 CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a 
buffer ...)
        NOT-FOR-US: Flexense VX Search Enterprise
 CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored 
Cross-Site ...)
@@ -86286,7 +86286,7 @@
 CVE-2015-4653
        RESERVED
 CVE-2015-4650 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x 
before ...)
-       TODO: check
+       NOT-FOR-US: Aruba Networks ClearPass Policy Manager
 CVE-2015-4649 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x 
before ...)
        NOT-FOR-US: Aruba Networks ClearPass Policy Manager
 CVE-2015-4648 (Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 
ActiveX ...)
@@ -91720,7 +91720,7 @@
 CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in 
cgi-bin/hotspotlogin.cgi ...)
        NOT-FOR-US: Hotspot Express hotEx Billing Manager
 CVE-2015-2780 (Unrestricted file upload vulnerability in Berta CMS allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: Berta CMS
 CVE-2015-2777
        RESERVED
 CVE-2015-2775 (Directory traversal vulnerability in GNU Mailman before 2.1.20, 
when ...)
@@ -101053,9 +101053,9 @@
 CVE-2014-9149
        RESERVED
 CVE-2014-9148 (Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended 
access ...)
-       TODO: check
+       NOT-FOR-US: Fiyo CMS
 CVE-2014-9147 (Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive 
...)
-       TODO: check
+       NOT-FOR-US: Fiyo CMS
 CVE-2014-9146 (Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 
...)
        NOT-FOR-US: Fiyo CMS
 CVE-2014-9145 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 
allow ...)
@@ -103136,7 +103136,7 @@
 CVE-2014-8622 (Cross-site scripting (XSS) vulnerability in 
compfight-search.php in ...)
        NOT-FOR-US: Compfight plugin for WordPress
 CVE-2014-8621 (SQL injection vulnerability in the Store Locator plugin 2.3 
through ...)
-       TODO: check
+       NOT-FOR-US: Wordpress plugin
 CVE-2014-8620
        RESERVED
 CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in the autolearn ...)
@@ -104890,7 +104890,7 @@
        NOTE: For the incomplete fix for CVE-2014-8080
        NOTE: 
https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
 CVE-2014-8087 (Cross-site scripting (XSS) vulnerability in the post highlights 
plugin ...)
-       TODO: check
+       NOT-FOR-US: Wordpress plugin
 CVE-2014-8085 (Unrestricted file upload vulnerability in the 
CWebContact::doModel ...)
        NOT-FOR-US: OsClass
 CVE-2014-8084 (Directory traversal vulnerability in ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56767 - data/CVE

Reply via email to