[Secure-testing-commits] r50434 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Apr 7 09:57:33 UTC 2017
Author: jmm
Date: 2017-04-07 09:57:33 +0000 (Fri, 07 Apr 2017)
New Revision: 50434
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-07 09:51:54 UTC (rev 50433)
+++ data/CVE/list 2017-04-07 09:57:33 UTC (rev 50434)
@@ -12,9 +12,9 @@
- backintime <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/2
CVE-2017-7571 (public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is ...)
- TODO: check
+ NOT-FOR-US: Faveo
CVE-2017-7570 (PivotX 2.3.11 allows remote authenticated Advanced users to execute ...)
- TODO: check
+ NOT-FOR-US: PivotX
CVE-2017-7569 (In vBulletin before 5.3.0, remote attackers can bypass the ...)
NOT-FOR-US: vBulletin
CVE-2017-7568
@@ -30,11 +30,11 @@
CVE-2017-7563
RESERVED
CVE-2016-10320 (textract before 1.5.0 allows OS Command Injection attacks via a ...)
- TODO: check
+ NOT-FOR-US: textract
CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC ...)
- TODO: check
+ NOT-FOR-US: ARM
CVE-2016-1000307 (Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket ...)
- TODO: check
+ NOT-FOR-US: ClipBucker
CVE-2016-1000306
REJECTED
CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow ...)
@@ -1052,7 +1052,7 @@
CVE-2017-7238
RESERVED
CVE-2017-7237 (The Spiceworks TFTP Server, as distributed with Spiceworks Inventory ...)
- TODO: check
+ NOT-FOR-US: Spiceworks
CVE-2017-7236
RESERVED
CVE-2016-10265
@@ -1231,7 +1231,7 @@
CVE-2017-7193
RESERVED
CVE-2017-7192 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass ...)
- TODO: check
+ NOT-FOR-US: Starscream
CVE-2017-7190
RESERVED
CVE-2017-7189
@@ -1703,7 +1703,7 @@
CVE-2017-6970 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...)
NOT-FOR-US: AlienVault
CVE-2017-6968 (GMV Checker ATM Security prior to 5.0.18 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: GMV Checker ATM Security
CVE-2017-6969 (readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer ...)
- binutils 2.28-3 (bug #858256)
[jessie] - binutils <no-dsa> (Minor issue)
@@ -1909,7 +1909,7 @@
NOTE: https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/
NOTE: Also affects openjk (only in experimental; bug #857715)
CVE-2017-6884 (A command injection vulnerability was discovered on the Zyxel EMG2926 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2017-6883 (The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF ...)
NOT-FOR-US: Foxit
CVE-2017-6882
@@ -4027,7 +4027,7 @@
CVE-2017-6131
RESERVED
CVE-2017-6130 (F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2017-6129
RESERVED
CVE-2017-6128
@@ -4734,7 +4734,7 @@
CVE-2017-5888
RESERVED
CVE-2017-5887 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass ...)
- TODO: check
+ NOT-FOR-US: Starscream
CVE-2017-5885 (Multiple integer overflows in the (1) vnc_connection_server_message ...)
{DLA-831-1}
- gtk-vnc 0.6.0-3 (bug #854450)
@@ -7939,7 +7939,7 @@
CVE-2017-4965
RESERVED
CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2017-4963
RESERVED
CVE-2017-4962
@@ -10337,11 +10337,11 @@
CVE-2017-3835 (A vulnerability in the sponsor portal of Cisco Identity Services Engine ...)
NOT-FOR-US: Cisco
CVE-2017-3834 (A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-3833 (A vulnerability in the web framework of Cisco Unified Communications ...)
NOT-FOR-US: Cisco
CVE-2017-3832 (A vulnerability in the web management interface of Cisco Wireless LAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-3831 (A vulnerability in the web-based GUI of Cisco Mobility Express 1800 ...)
NOT-FOR-US: Cisco
CVE-2017-3830 (A vulnerability in an internal API of the Cisco Meeting Server (CMS) ...)
@@ -13790,7 +13790,7 @@
CVE-2017-2676
RESERVED
CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 suffer from a local privilege ...)
- TODO: check
+ NOT-FOR-US: Little Snitch
CVE-2017-2674
RESERVED
NOT-FOR-US: Red Hat business central
@@ -20796,7 +20796,7 @@
CVE-2016-9259 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before ...)
NOT-FOR-US: Nessus
CVE-2017-0305 (F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2017-0304
RESERVED
CVE-2017-0303
@@ -20913,7 +20913,7 @@
CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet processing ...)
NOT-FOR-US: Cisco
CVE-2016-9219 (A vulnerability with IPv6 UDP ingress packet processing in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an ...)
NOT-FOR-US: Cisco
CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and Cisco ...)
@@ -20963,7 +20963,7 @@
CVE-2016-9195
RESERVED
CVE-2016-9194 (A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-9193 (A vulnerability in the malicious file detection and blocking features ...)
NOT-FOR-US: Cisco
CVE-2016-9192 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...)
@@ -23136,7 +23136,7 @@
CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC ...)
NOT-FOR-US: Fortinet FortiWLC
CVE-2015-8965 (Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows ...)
- TODO: check
+ NOT-FOR-US: Rogue Wave JViews
CVE-2016-XXXX [dbus format string vulnerability]
- dbus 1.10.12-1
[jessie] - dbus 1.8.22-0+deb8u1
@@ -62303,7 +62303,7 @@
CVE-2015-4674 (The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows ...)
NOT-FOR-US: TimeDoctor Pro
CVE-2015-4673 (Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2015-4672
RESERVED
CVE-2015-4671 (Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 ...)
More information about the Secure-testing-commits
mailing list