[Secure-testing-commits] r58255 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Dec 4 21:29:22 UTC 2017


Author: carnil
Date: 2017-12-04 21:29:22 +0000 (Mon, 04 Dec 2017)
New Revision: 58255

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-04 21:10:19 UTC (rev 58254)
+++ data/CVE/list	2017-12-04 21:29:22 UTC (rev 58255)
@@ -1542,9 +1542,9 @@
 CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...)
 	NOT-FOR-US: WooCommerce plugin for WordPress
 CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...)
-	TODO: check
+	NOT-FOR-US: ZKTeco ZKTime Web Software
 CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator to ...)
-	TODO: check
+	NOT-FOR-US: ZKTeco ZKTime Web Software
 CVE-2017-17055
 	RESERVED
 CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function ...)
@@ -4127,7 +4127,7 @@
 CVE-2017-16722
 	RESERVED
 CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA ...)
-	TODO: check
+	NOT-FOR-US: Geovap Reliance SCADA
 CVE-2017-16720
 	RESERVED
 CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort ...)
@@ -6518,7 +6518,7 @@
 CVE-2017-15890
 	RESERVED
 CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...)
-	TODO: check
+	NOT-FOR-US: Synology DiskStation Manager
 CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...)
 	NOT-FOR-US: Synology
 CVE-2017-15887 (An improper restriction of excessive authentication attempts ...)
@@ -17581,9 +17581,9 @@
 CVE-2017-12081
 	RESERVED
 CVE-2017-12080 (An information exposure vulnerability in default HTTP configuration ...)
-	TODO: check
+	NOT-FOR-US: Synology Photo Station
 CVE-2017-12079 (Files or directories accessible to external parties vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Synology Photo Station
 CVE-2017-12078
 	RESERVED
 CVE-2017-12077 (Uncontrolled Resource Consumption vulnerability in ...)
@@ -20751,7 +20751,7 @@
 CVE-2017-11019
 	RESERVED
 CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11017 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	TODO: check
 CVE-2017-11016
@@ -20763,7 +20763,7 @@
 CVE-2017-11013 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	TODO: check
 CVE-2017-11012 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11011
 	RESERVED
 CVE-2017-11010
@@ -21124,13 +21124,13 @@
 CVE-2017-10904
 	RESERVED
 CVE-2017-10903 (Improper authentication issue in PTW-WMS1 firmware version 2.000.012 ...)
-	TODO: check
+	NOT-FOR-US: PTW-WMS1 firmware
 CVE-2017-10902 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: PTW-WMS1 firmware
 CVE-2017-10901 (Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote ...)
-	TODO: check
+	NOT-FOR-US: PTW-WMS1 firmware
 CVE-2017-10900 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: PTW-WMS1 firmware
 CVE-2017-10899 (SQL injection vulnerability in the A-Reserve and A-Reserve for MT ...)
 	TODO: check
 CVE-2017-10898 (SQL injection vulnerability in the A-Member and A-Member for MT cloud ...)
@@ -21140,15 +21140,15 @@
 CVE-2017-10896
 	RESERVED
 CVE-2017-10895 (sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause ...)
-	TODO: check
+	NOT-FOR-US: sDNSProxy
 CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: StreamRelay.NET
 CVE-2017-10893
 	RESERVED
 CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC version ...)
-	TODO: check
+	NOT-FOR-US: Music Center for PC
 CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 3.2.0.191 and ...)
-	TODO: check
+	NOT-FOR-US: Media Go
 CVE-2017-10890 (Session management issue in RX-V200 firmware versions prior to ...)
 	NOT-FOR-US: RX-V200 firmware
 CVE-2017-10889 (TablePress prior to version 1.8.1 allows an attacker to conduct XML ...)
@@ -21182,7 +21182,7 @@
 CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an ...)
 	NOT-FOR-US: I-O DATA DEVICE LAN DISK Connect
 CVE-2017-10874 (PWR-Q200 does not use random values for source ports of DNS query ...)
-	TODO: check
+	NOT-FOR-US: PWR-Q200
 CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...)
 	NOT-FOR-US: OpenAM
 CVE-2017-10872
@@ -21208,7 +21208,7 @@
 CVE-2017-10862 (jwt-scala 1.2.2 and earlier fails to verify token signatures correctly ...)
 	NOT-FOR-US: jwt-scala
 CVE-2017-10861 (Directory traversal vulnerability in QND Advance/Standard allows an ...)
-	TODO: check
+	NOT-FOR-US: QND Advance/Standard
 CVE-2017-10860 (Untrusted search path vulnerability in "i-filter 6.0 installer" ...)
 	NOT-FOR-US: i-filter 6.0 installer
 CVE-2017-10859 (Untrusted search path vulnerability in "i-filter 6.0 installer" ...)




More information about the Secure-testing-commits mailing list