[Secure-testing-commits] r58817 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Dec 21 19:34:17 UTC 2017


Author: jmm
Date: 2017-12-21 19:34:16 +0000 (Thu, 21 Dec 2017)
New Revision: 58817

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-21 19:31:41 UTC (rev 58816)
+++ data/CVE/list	2017-12-21 19:34:16 UTC (rev 58817)
@@ -10252,7 +10252,7 @@
 CVE-2017-16790
 	RESERVED
 CVE-2017-16789 (Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2017-16788 (Directory traversal vulnerability in the "Upload Groupkey" ...)
 	NOT-FOR-US: Meinberg LANTIME
 CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with ...)
@@ -10370,11 +10370,11 @@
 CVE-2017-16734
 	RESERVED
 CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...)
-	NOT-FOR-US: Ecava IntegraXor
+ 	NOT-FOR-US: Ecava IntegraXor
 CVE-2017-16732
 	RESERVED
 CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered in ABB ...)
-	TODO: check
+ 	NOT-FOR-US: Ellipse
 CVE-2017-16730
 	RESERVED
 CVE-2017-16729
@@ -12842,7 +12842,7 @@
 CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in ...)
 	NOT-FOR-US: Synology Calendar
 CVE-2017-15890 (Cross-site scripting (XSS) vulnerability in Disclaimer in Synology ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...)
 	NOT-FOR-US: Synology DiskStation Manager
 CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...)
@@ -15770,15 +15770,15 @@
 	NOTE: Debian doesn't use zlib 1.2.9 yet
 	NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
 CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14915
 	RESERVED
 CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14913
 	RESERVED
 CVE-2017-14912
@@ -15788,9 +15788,9 @@
 CVE-2017-14910
 	RESERVED
 CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	TODO: check
 CVE-2017-14906
@@ -22616,7 +22616,7 @@
 CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...)
 	NOT-FOR-US: Apache CXF
 CVE-2017-12630 (In Apache Drill 1.11.0 and earlier when submitting form from Query ...)
-	TODO: check
+	NOT-FOR-US: Apache Drill
 CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apache ...)
 	- lucene-solr <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501529
@@ -23350,7 +23350,7 @@
 CVE-2017-12374
 	RESERVED
 CVE-2017-12373 (A vulnerability in the TLS protocol implementation of legacy Cisco ASA ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-12372 (A "Cisco WebEx Network Recording Player Remote Code Execution ...)
 	NOT-FOR-US: Cisco
 CVE-2017-12371 (A "Cisco WebEx Network Recording Player Remote Code Execution ...)
@@ -24139,7 +24139,7 @@
 CVE-2017-12073
 	RESERVED
 CVE-2017-12072 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...)
 	NOT-FOR-US: Synology
 CVE-2017-12070
@@ -25563,7 +25563,7 @@
 CVE-2017-11563
 	RESERVED
 CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks ...)
-	TODO: check
+	NOT-FOR-US: MT4 SenhaSegura
 CVE-2017-11561
 	RESERVED
 CVE-2017-11560
@@ -25814,7 +25814,7 @@
 CVE-2017-11481 (Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting ...)
 	- kibana <itp> (bug #700337)
 CVE-2017-11480 (Packetbeat versions prior to 5.6.4 are affected by a denial of service ...)
-	TODO: check
+	NOT-FOR-US: Packetbeat
 CVE-2017-11479 (Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) ...)
 	- kibana <itp> (bug #700337)
 CVE-2017-11477
@@ -25859,7 +25859,7 @@
 CVE-2017-11466 (Arbitrary file upload vulnerability in ...)
 	NOT-FOR-US: dotCMS
 CVE-2017-11463 (In LANDESK Management Suite 2016.4 and 2017.x, an Unrestricted Direct ...)
-	TODO: check
+	NOT-FOR-US: LANDESK
 CVE-2017-11462 (Double free vulnerability in MIT Kerberos 5 (aka krb5) allows ...)
 	- krb5 1.15.2-1 (low; bug #873563)
 	[stretch] - krb5 <ignored> (Minor issue, might lead to behaviour changes)
@@ -26346,7 +26346,7 @@
 CVE-2017-11320 (Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor ...)
 	NOT-FOR-US: Technicolor TC7337 routers
 CVE-2017-11319 (Perspective ICM Investigation & Case 5.1.1.16 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Perspective ICM Investigation
 CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to add and ...)
 	NOT-FOR-US: Cobian
 CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 ...)
@@ -27688,7 +27688,7 @@
 CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to ...)
 	NOT-FOR-US: StreamRelay.NET
 CVE-2017-10893 (Untrusted search path vulnerability in The Public Certification ...)
-	TODO: check
+	NOT-FOR-US: The Public Certification Service for Individuals
 CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC version ...)
 	NOT-FOR-US: Music Center for PC
 CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 3.2.0.191 and ...)
@@ -42137,9 +42137,9 @@
 CVE-2017-6264 (An elevation of privilege vulnerability exists in the NVIDIA GPU ...)
 	NOT-FOR-US: NVIDIA components for Android
 CVE-2017-6263 (NVIDIA driver contains a vulnerability where it is possible a use ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-6262 (NVIDIA driver contains a vulnerability where it is possible a use ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-6261
 	RESERVED
 CVE-2017-6260 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
@@ -43585,7 +43585,7 @@
 CVE-2017-5718
 	RESERVED
 CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphics ...)
-	TODO: check
+	NOT-FOR-US: Intel graphics driver
 CVE-2017-5716
 	REJECTED
 CVE-2017-5715
@@ -46937,13 +46937,13 @@
 CVE-2017-4944
 	RESERVED
 CVE-2017-4943 (VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4942 (VMware AirWatch Console (AWC) contains a Broken Access Control ...)
 	NOT-FOR-US: VMware
 CVE-2017-4941 (VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4940 (The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4939 (VMware Workstation (12.x before 12.5.8) installer contains a DLL ...)
 	NOT-FOR-US: VMware
 CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...)
@@ -46957,7 +46957,7 @@
 CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...)
 	NOT-FOR-US: VMware
 CVE-2017-4933 (VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a ...)
 	NOT-FOR-US: VMware
 CVE-2017-4931 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability ...)
@@ -119382,7 +119382,7 @@
 CVE-2014-8359 (Untrusted search path vulnerability in Huawei Mobile Partner for ...)
 	NOT-FOR-US: Huawei Mobile Partner for Windows
 CVE-2014-8358 (Huawei EC156, EC176, and EC177 USB Modem products with software before ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2014-8357 (backupsettings.html in the web administrative portal in Zhone zNID ...)
 	NOT-FOR-US: ZHONE Router
 CVE-2014-8356
@@ -171388,7 +171388,7 @@
 CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...)
 	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
 CVE-2012-2576 (SQL injection vulnerability in the LoginServlet page in SolarWinds ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 ...)
 	NOT-FOR-US: NetWin SurgeMail
 CVE-2012-2574 (SQL injection vulnerability in the management console in Symantec Web ...)




More information about the Secure-testing-commits mailing list