[Secure-testing-commits] r48672 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Feb 2 22:27:27 UTC 2017
Author: jmm
Date: 2017-02-02 22:27:27 +0000 (Thu, 02 Feb 2017)
New Revision: 48672
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-02 22:19:55 UTC (rev 48671)
+++ data/CVE/list 2017-02-02 22:27:27 UTC (rev 48672)
@@ -2048,9 +2048,9 @@
CVE-2017-5220
RESERVED
CVE-2017-5219 (An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component ...)
- TODO: check
+ NOT-FOR-US: SageCRM
CVE-2017-5218 (A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The ...)
- TODO: check
+ NOT-FOR-US: SageCRM
CVE-2017-5217 (Installing a zero-permission Android application on certain Samsung ...)
NOT-FOR-US: Samsung
CVE-2017-5216 (Stack-based buffer overflow vulnerability in Netop Remote Control ...)
@@ -2966,7 +2966,7 @@
CVE-2016-10080
RESERVED
CVE-2016-10079 (SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of ...)
- TODO: check
+ NOT-FOR-US: SAPlpd
CVE-2016-10078
RESERVED
CVE-2016-10077
@@ -5118,7 +5118,7 @@
CVE-2016-10044
RESERVED
CVE-2016-10043 (An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The ...)
- TODO: check
+ NOT-FOR-US: Radisys MRF Web Panel
CVE-2016-10042
RESERVED
CVE-2016-10041 (An issue was discovered in Sprecher Automation SPRECON-E Service ...)
@@ -5314,7 +5314,7 @@
CVE-2017-3824
RESERVED
CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 1.0.7 on ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-3822
RESERVED
CVE-2017-3821
@@ -5378,7 +5378,7 @@
CVE-2017-3792 (A vulnerability in a proprietary device driver in the kernel of Cisco ...)
NOT-FOR-US: Cisco TelePresence
CVE-2017-3791 (A vulnerability in the web-based GUI of Cisco Prime Home could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-3790 (A vulnerability in the received packet parser of Cisco Expressway ...)
NOT-FOR-US: Cisco Expressway
CVE-2016-5103
@@ -12383,7 +12383,7 @@
CVE-2016-9740
RESERVED
CVE-2016-9739 (IBM Security Identity Manager Virtual Appliance stores user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9738
RESERVED
CVE-2016-9737
@@ -12399,7 +12399,7 @@
CVE-2016-9732
RESERVED
CVE-2016-9731 (IBM Business Process Manager is vulnerable to cross-site scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9730
RESERVED
CVE-2016-9729
@@ -12453,9 +12453,9 @@
CVE-2016-9705
RESERVED
CVE-2016-9704 (IBM Security Identity Manager Virtual Appliance is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9703 (IBM Security Identity Manager Virtual Appliance does not invalidate ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9702
RESERVED
CVE-2016-9701
@@ -14729,45 +14729,45 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297
CVE-2016-9421 (Cross-site scripting (XSS) vulnerability in the Users module in the ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9420 (MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9419 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9418 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9417 (The fetch_remote_file function in MyBB (aka MyBulletinBoard) before ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9416 (SQL injection vulnerability in the users data handler in MyBB (aka ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9415 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9414 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9413 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9412 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9411 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9410 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9409 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9408 (Cross-site scripting (XSS) vulnerability in the Mod control panel in ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9407 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9406 (Cross-site scripting (XSS) vulnerability in the User control panel in ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9405 (Cross-site scripting (XSS) vulnerability in member validation in MyBB ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9404 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9403 (newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9402 (SQL injection vulnerability in the moderation tool in MyBB (aka ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9386 (The x86 emulator in Xen does not properly treat x86 NULL segments as ...)
{DSA-3729-1 DLA-720-1}
- xen 4.8.0-1 (bug #845663)
@@ -14903,15 +14903,15 @@
NOTE: https://github.com/redhotpenguin/soaplite/pull/21
NOTE: https://github.com/redhotpenguin/soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124
CVE-2015-8977 (MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2015-8976 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2015-8975 (Cross-site scripting (XSS) vulnerability in the error handler in MyBB ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2015-8974 (SQL injection vulnerability in the Group Promotions module in the ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2015-8973 (xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2016-9453 (The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote ...)
{DSA-3762-1}
- tiff 4.0.6-3
@@ -15444,7 +15444,7 @@
CVE-2016-9261
RESERVED
CVE-2016-9260 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2016-9259
RESERVED
CVE-2017-0305
@@ -16138,7 +16138,7 @@
CVE-2016-9040
RESERVED
CVE-2016-9039 (An exploitable denial of service exists in the the Joyent SmartOS ...)
- TODO: check
+ NOT-FOR-US: Joyent
CVE-2016-9038
RESERVED
CVE-2016-9037 (An exploitable out-of-bounds array access vulnerability exists in the ...)
@@ -16244,7 +16244,7 @@
CVE-2016-9009
RESERVED
CVE-2016-9008 (IBM UrbanCode Deploy could allow a malicious user to access the Agent ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9007
RESERVED
CVE-2016-9006
@@ -16260,9 +16260,9 @@
CVE-2016-9001
RESERVED
CVE-2016-9000 (IBM InfoSphere DataStage is vulnerable to cross-frame scripting, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8999 (IBM InfoSphere Information Server contains a Path-relative stylesheet ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8998
RESERVED
CVE-2016-8997
@@ -16296,17 +16296,17 @@
CVE-2016-8983
RESERVED
CVE-2016-8982 (IBM InfoSphere Information Server stores sensitive information in URL ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8981 (IBM BigFix Inventory v9 allows web pages to be stored locally which ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8980 (IBM BigFix Inventory v9 is vulnerable to a denial of service, caused ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8979
RESERVED
CVE-2016-8978
RESERVED
CVE-2016-8977 (IBM BigFix Inventory v9 could disclose sensitive information to an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8976
RESERVED
CVE-2016-8975
@@ -16326,19 +16326,19 @@
CVE-2016-8968
RESERVED
CVE-2016-8967 (IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8966 (IBM BigFix Inventory v9 could allow a remote attacker to obtain ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8965
RESERVED
CVE-2016-8964
RESERVED
CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive information in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8962
RESERVED
CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to conduct ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8960
RESERVED
CVE-2016-8959
@@ -16374,37 +16374,37 @@
CVE-2016-8944
RESERVED
CVE-2016-8943 (IBM Tivoli Storage Productivity Center is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8942 (IBM Tivoli Storage Productivity Center could allow an authenticated ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8941 (IBM Tivoli Storage Productivity Center is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8940
RESERVED
CVE-2016-8939
RESERVED
CVE-2016-8938 (IBM UrbanCode Deploy could allow a user to execute code using a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8937
RESERVED
CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8935
RESERVED
CVE-2016-8934 (IBM WebSphere Application Server is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8933 (IBM Kenexa LMS on Cloud could allow a remote attacker to traverse ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8932 (IBM Kenexa LMS on Cloud could allow a remote attacker to upload ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8931 (IBM Kenexa LMS on Cloud could allow a remote attacker to upload ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8930 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8929 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8928 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8927
RESERVED
CVE-2016-8926
@@ -16416,15 +16416,15 @@
CVE-2016-8923
RESERVED
CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This ...)
- TODO: check
+ NOT-FOR-US: Exphox WebRadar
CVE-2016-8921 (IBM FileNet WorkPlace XT could allow a remote attacker to upload ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8920 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8919 (IBM WebSphere Application Server may be vulnerable to a denial of ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8918 (IBM Integration Bus, under non default configurations, could allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8917
RESERVED
CVE-2016-8916
@@ -16434,11 +16434,11 @@
CVE-2016-8914
RESERVED
CVE-2016-8913 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8912 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8911 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9016 (Firejail 0.9.38.4 allows local users to execute arbitrary commands ...)
- firejail 0.9.44-1
NOTE: https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b
@@ -17795,7 +17795,7 @@
CVE-2016-8492
RESERVED
CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiWLC
CVE-2015-8965
RESERVED
CVE-2016-XXXX [dbus format string vulnerability]
@@ -19499,15 +19499,15 @@
CVE-2016-8107
RESERVED
CVE-2016-8106 (A Denial of Service in Intel Ethernet Controller's X710/XL710 with ...)
- TODO: check
+ NOT-FOR-US: Intel driver
CVE-2016-8105
RESERVED
CVE-2016-8104 (Buffer overflow in Intel PROSet/Wireless Software and Drivers in ...)
- TODO: check
+ NOT-FOR-US: Intel driver
CVE-2016-8103 (SMM call out in all Intel Branded NUC Kits allows a local privileged ...)
- TODO: check
+ NOT-FOR-US: Intel driver
CVE-2016-8102 (Unquoted service path vulnerability in Intel Wireless Bluetooth ...)
- TODO: check
+ NOT-FOR-US: Intel driver
CVE-2016-8101 (The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local ...)
NOT-FOR-US: Intel SSD Toolbox
CVE-2016-8100 (Intel Integrated Performance Primitives (aka IPP) Cryptography before ...)
More information about the Secure-testing-commits
mailing list