[Secure-testing-commits] r50680 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Apr 14 21:18:36 UTC 2017
Author: jmm
Date: 2017-04-14 21:18:36 +0000 (Fri, 14 Apr 2017)
New Revision: 50680
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-14 21:10:11 UTC (rev 50679)
+++ data/CVE/list 2017-04-14 21:18:36 UTC (rev 50680)
@@ -1,11 +1,11 @@
CVE-2017-7880
RESERVED
CVE-2017-7879 (SQL Injection vulnerability in flatCore version 1.4.6 allows an ...)
- TODO: check
+ NOT-FOR-US: flatCore
CVE-2017-7878 (SQL Injection vulnerability in flatCore version 1.4.6 allows an ...)
- TODO: check
+ NOT-FOR-US: flatCore
CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: flatCore
CVE-2017-7876
RESERVED
CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends to ...)
@@ -17,13 +17,11 @@
CVE-2017-7872
RESERVED
CVE-2017-7871 (trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in ...)
- TODO: check
+ NOT-FOR-US: trollepierre/tdm
CVE-2016-1000259
REJECTED
- TODO: check
CVE-2016-1000258
REJECTED
- TODO: check
CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused by a ...)
- libreoffice 1:5.2.5-1
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
@@ -406,7 +404,7 @@
CVE-2017-7718
RESERVED
CVE-2017-7717 (SQL injection vulnerability in the getUserUddiElements method in the ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-7716 (The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 ...)
- radare2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/radare/radare2/issues/7260
@@ -482,7 +480,7 @@
NOTE: https://github.com/erikd/libsamplerate/issues/11
NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsamplerate-global-buffer-overflow-in-calc_output_single-src_sinc-c/
CVE-2017-7696 (SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-7695 (Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an ...)
NOT-FOR-US: BigTree CMS
CVE-2017-7694 (Remote Code Execution vulnerability in ...)
@@ -494,7 +492,7 @@
CVE-2017-7691 (A code injection vulnerability exists in SAP TREX / Business Warehouse ...)
NOT-FOR-US: SAP TREX
CVE-2017-7690 (Proxifier for Mac before 2.19.2, when first run, allows local users to ...)
- TODO: check
+ NOT-FOR-US: Proxifier for Mac
CVE-2017-7689 (A Command Injection vulnerability in Schneider Electric homeLYnk ...)
NOT-FOR-US: Schneider Electric
CVE-2017-7688
@@ -588,7 +586,7 @@
CVE-2017-7644
RESERVED
CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileges ...)
- TODO: check
+ NOT-FOR-US: Proxifier for Mac
CVE-2017-7642
RESERVED
CVE-2017-7641
@@ -1066,11 +1064,11 @@
CVE-2017-7458
RESERVED
CVE-2017-7457 (XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-7456 (Moxa MXView 2.8 allows remote attackers to cause a Denial of Service ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-7455 (Moxa MXView 2.8 allows remote attackers to read web server's private ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-7454 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...)
NOT-FOR-US: ImageWorsener
CVE-2017-7453 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...)
@@ -1182,7 +1180,7 @@
CVE-2017-7409
RESERVED
CVE-2017-7408 (Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks Traps ESM Console
CVE-2017-7407 (The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...)
{DLA-883-1}
- curl 7.52.1-4 (unimportant; bug #859500)
@@ -1356,7 +1354,7 @@
NOTE: https://launchpad.net/bugs/1677924
NOTE: Specific script debian/guest-account.sh not merged from Ubuntu
CVE-2017-7357 (Hipchat Server before 2.2.3 allows remote authenticated users with ...)
- TODO: check
+ NOT-FOR-US: Hipchat Server
CVE-2017-7356
RESERVED
CVE-2017-7355
@@ -1965,9 +1963,9 @@
CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 ...)
NOT-FOR-US: Citrix
CVE-2017-7218 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-7217 (The Management Web Interface in Palo Alto Networks PAN-OS before ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-7216
RESERVED
CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils ...)
@@ -2065,7 +2063,7 @@
CVE-2017-7189
RESERVED
CVE-2017-7188 (Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a ...)
- TODO: check
+ NOT-FOR-US: Zurmo
CVE-2017-7187 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through ...)
- linux 4.9.18-1
[jessie] - linux <not-affected> (Introduced in 3.17)
@@ -3482,7 +3480,7 @@
CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-6554 (pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows ...)
- TODO: check
+ NOT-FOR-US: Quest Privilege Manager
CVE-2017-6553
RESERVED
CVE-2017-6552 (Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently ...)
@@ -17834,7 +17832,7 @@
CVE-2017-1206
RESERVED
CVE-2017-1205 (IBM Platform LSF 10.1 contains an unspecified vulnerability that could ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1204
RESERVED
CVE-2017-1203
@@ -17941,7 +17939,7 @@
CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability ...)
NOT-FOR-US: IBM
CVE-2017-1152 (IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID ...)
NOT-FOR-US: IBM
CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) ...)
@@ -22624,11 +22622,11 @@
CVE-2016-8928 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote ...)
NOT-FOR-US: IBM
CVE-2016-8927 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8926 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8925 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8924
RESERVED
CVE-2016-8923
@@ -34481,13 +34479,13 @@
CVE-2016-5313 (Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated ...)
NOT-FOR-US: Symantec
CVE-2016-5312 (Directory traversal vulnerability in the charting component in ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2016-5311
RESERVED
CVE-2016-5310 (The RAR file parser component in the AntiVirus Decomposer engine in ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2016-5309 (The RAR file parser component in the AntiVirus Decomposer engine in ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2016-5308 (The Client Intrusion Detection System (CIDS) driver before 15.0.6 in ...)
NOT-FOR-US: Norton
CVE-2016-5307 (Directory traversal vulnerability in Symantec Endpoint Protection ...)
@@ -36590,11 +36588,11 @@
CVE-2016-4891 (Cross-site request forgery (CSRF) vulnerability in SetucoCMS. ...)
NOT-FOR-US: SetucoCMS
CVE-2016-4890 (ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4889 (ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4888 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4887
RESERVED
CVE-2016-4886
@@ -36620,7 +36618,7 @@
CVE-2016-4876
RESERVED
CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) ...)
- TODO: check
+ NOT-FOR-US: IVYWE
CVE-2016-4874
RESERVED
CVE-2016-4873
@@ -46524,7 +46522,7 @@
CVE-2016-1715 (The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 ...)
NOT-FOR-US: swin.sys kernel driver in McAfee Application Control
CVE-2016-1713 (Unrestricted file upload vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: vTiger
CVE-2016-1712 (Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x ...)
NOT-FOR-US: Palo Alto Networks
CVE-2015-8779 (Stack-based buffer overflow in the catopen function in the GNU C ...)
@@ -52597,7 +52595,7 @@
CVE-2015-8357 (Directory traversal vulnerability in the bitrix.xscan module before ...)
NOT-FOR-US: Bitrix
CVE-2015-8356 (Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 ...)
- TODO: check
+ NOT-FOR-US: Bitrix
CVE-2015-8355
RESERVED
CVE-2015-8354
@@ -57843,9 +57841,9 @@
CVE-2015-6569
RESERVED
CVE-2015-6568 (Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code ...)
- TODO: check
+ NOT-FOR-US: Wolf CMS
CVE-2015-6567 (Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code ...)
- TODO: check
+ NOT-FOR-US: Wolf CMS
CVE-2015-6566 (zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 ...)
- zarafa <itp> (bug #658433)
CVE-2015-6562
More information about the Secure-testing-commits
mailing list