[Secure-testing-commits] r58817 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Dec 21 19:34:17 UTC 2017
Author: jmm
Date: 2017-12-21 19:34:16 +0000 (Thu, 21 Dec 2017)
New Revision: 58817
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-21 19:31:41 UTC (rev 58816)
+++ data/CVE/list 2017-12-21 19:34:16 UTC (rev 58817)
@@ -10252,7 +10252,7 @@
CVE-2017-16790
RESERVED
CVE-2017-16789 (Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2017-16788 (Directory traversal vulnerability in the "Upload Groupkey" ...)
NOT-FOR-US: Meinberg LANTIME
CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with ...)
@@ -10370,11 +10370,11 @@
CVE-2017-16734
RESERVED
CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...)
- NOT-FOR-US: Ecava IntegraXor
+ NOT-FOR-US: Ecava IntegraXor
CVE-2017-16732
RESERVED
CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered in ABB ...)
- TODO: check
+ NOT-FOR-US: Ellipse
CVE-2017-16730
RESERVED
CVE-2017-16729
@@ -12842,7 +12842,7 @@
CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in ...)
NOT-FOR-US: Synology Calendar
CVE-2017-15890 (Cross-site scripting (XSS) vulnerability in Disclaimer in Synology ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...)
@@ -15770,15 +15770,15 @@
NOTE: Debian doesn't use zlib 1.2.9 yet
NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm component for Android
CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm component for Android
CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm component for Android
CVE-2017-14915
RESERVED
CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm component for Android
CVE-2017-14913
RESERVED
CVE-2017-14912
@@ -15788,9 +15788,9 @@
CVE-2017-14910
RESERVED
CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm component for Android
CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm component for Android
CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
TODO: check
CVE-2017-14906
@@ -22616,7 +22616,7 @@
CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...)
NOT-FOR-US: Apache CXF
CVE-2017-12630 (In Apache Drill 1.11.0 and earlier when submitting form from Query ...)
- TODO: check
+ NOT-FOR-US: Apache Drill
CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apache ...)
- lucene-solr <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501529
@@ -23350,7 +23350,7 @@
CVE-2017-12374
RESERVED
CVE-2017-12373 (A vulnerability in the TLS protocol implementation of legacy Cisco ASA ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-12372 (A "Cisco WebEx Network Recording Player Remote Code Execution ...)
NOT-FOR-US: Cisco
CVE-2017-12371 (A "Cisco WebEx Network Recording Player Remote Code Execution ...)
@@ -24139,7 +24139,7 @@
CVE-2017-12073
RESERVED
CVE-2017-12072 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...)
NOT-FOR-US: Synology
CVE-2017-12070
@@ -25563,7 +25563,7 @@
CVE-2017-11563
RESERVED
CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks ...)
- TODO: check
+ NOT-FOR-US: MT4 SenhaSegura
CVE-2017-11561
RESERVED
CVE-2017-11560
@@ -25814,7 +25814,7 @@
CVE-2017-11481 (Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting ...)
- kibana <itp> (bug #700337)
CVE-2017-11480 (Packetbeat versions prior to 5.6.4 are affected by a denial of service ...)
- TODO: check
+ NOT-FOR-US: Packetbeat
CVE-2017-11479 (Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) ...)
- kibana <itp> (bug #700337)
CVE-2017-11477
@@ -25859,7 +25859,7 @@
CVE-2017-11466 (Arbitrary file upload vulnerability in ...)
NOT-FOR-US: dotCMS
CVE-2017-11463 (In LANDESK Management Suite 2016.4 and 2017.x, an Unrestricted Direct ...)
- TODO: check
+ NOT-FOR-US: LANDESK
CVE-2017-11462 (Double free vulnerability in MIT Kerberos 5 (aka krb5) allows ...)
- krb5 1.15.2-1 (low; bug #873563)
[stretch] - krb5 <ignored> (Minor issue, might lead to behaviour changes)
@@ -26346,7 +26346,7 @@
CVE-2017-11320 (Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor ...)
NOT-FOR-US: Technicolor TC7337 routers
CVE-2017-11319 (Perspective ICM Investigation & Case 5.1.1.16 allows remote ...)
- TODO: check
+ NOT-FOR-US: Perspective ICM Investigation
CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to add and ...)
NOT-FOR-US: Cobian
CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 ...)
@@ -27688,7 +27688,7 @@
CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to ...)
NOT-FOR-US: StreamRelay.NET
CVE-2017-10893 (Untrusted search path vulnerability in The Public Certification ...)
- TODO: check
+ NOT-FOR-US: The Public Certification Service for Individuals
CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC version ...)
NOT-FOR-US: Music Center for PC
CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 3.2.0.191 and ...)
@@ -42137,9 +42137,9 @@
CVE-2017-6264 (An elevation of privilege vulnerability exists in the NVIDIA GPU ...)
NOT-FOR-US: NVIDIA components for Android
CVE-2017-6263 (NVIDIA driver contains a vulnerability where it is possible a use ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6262 (NVIDIA driver contains a vulnerability where it is possible a use ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6261
RESERVED
CVE-2017-6260 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
@@ -43585,7 +43585,7 @@
CVE-2017-5718
RESERVED
CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphics ...)
- TODO: check
+ NOT-FOR-US: Intel graphics driver
CVE-2017-5716
REJECTED
CVE-2017-5715
@@ -46937,13 +46937,13 @@
CVE-2017-4944
RESERVED
CVE-2017-4943 (VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4942 (VMware AirWatch Console (AWC) contains a Broken Access Control ...)
NOT-FOR-US: VMware
CVE-2017-4941 (VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4940 (The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4939 (VMware Workstation (12.x before 12.5.8) installer contains a DLL ...)
NOT-FOR-US: VMware
CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...)
@@ -46957,7 +46957,7 @@
CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...)
NOT-FOR-US: VMware
CVE-2017-4933 (VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a ...)
NOT-FOR-US: VMware
CVE-2017-4931 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability ...)
@@ -119382,7 +119382,7 @@
CVE-2014-8359 (Untrusted search path vulnerability in Huawei Mobile Partner for ...)
NOT-FOR-US: Huawei Mobile Partner for Windows
CVE-2014-8358 (Huawei EC156, EC176, and EC177 USB Modem products with software before ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2014-8357 (backupsettings.html in the web administrative portal in Zhone zNID ...)
NOT-FOR-US: ZHONE Router
CVE-2014-8356
@@ -171388,7 +171388,7 @@
CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...)
NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-2576 (SQL injection vulnerability in the LoginServlet page in SolarWinds ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 ...)
NOT-FOR-US: NetWin SurgeMail
CVE-2012-2574 (SQL injection vulnerability in the management console in Symantec Web ...)
More information about the Secure-testing-commits
mailing list