[Secure-testing-commits] r53420 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Jul 12 21:37:47 UTC 2017
Author: jmm
Date: 2017-07-12 21:37:46 +0000 (Wed, 12 Jul 2017)
New Revision: 53420
Modified:
data/CVE/list
Log:
new imagemagick issues
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-12 21:31:11 UTC (rev 53419)
+++ data/CVE/list 2017-07-12 21:37:46 UTC (rev 53420)
@@ -1,11 +1,11 @@
CVE-2017-11196 (Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2017-11195 (Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2017-11194 (Pulse Connect Secure 8.3R1 has Reflected XSS in ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2017-11193 (Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2017-11192
RESERVED
CVE-2017-11191
@@ -15,9 +15,10 @@
CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...)
TODO: check
CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...)
- TODO: check
+ - imagemagick <unfixed>
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2017-11186
RESERVED
CVE-2017-11185
@@ -89,12 +90,12 @@
CVE-2017-11168
RESERVED
CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...)
- TODO: check
+ NOT-FOR-US: FineCMS
CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...)
- imagemagick <unfixed> (low)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/471
CVE-2017-11165 (dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: dataTaker
CVE-2017-11164 (In PCRE 8.41, the OP_KETRMAX feature in the match function in ...)
TODO: check
CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...)
@@ -1653,7 +1654,7 @@
CVE-2017-9978
RESERVED
CVE-2017-9977 (AVG AntiVirus for MacOS with scan engine before 4668 might allow ...)
- TODO: check
+ NOT-FOR-US: AVG
CVE-2017-9976
RESERVED
CVE-2017-9975
@@ -1966,11 +1967,11 @@
CVE-2017-9846 (Winmail Server 6.1 allows remote code execution by authenticated users ...)
NOT-FOR-US: Winmail Server
CVE-2017-9845 (disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-9844 (SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-9843 (SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-9842
RESERVED
CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 ...)
@@ -27584,7 +27585,7 @@
CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity ...)
NOT-FOR-US: IBM
CVE-2017-1321 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...)
@@ -27656,7 +27657,7 @@
CVE-2017-1286
RESERVED
CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...)
NOT-FOR-US: IBM
CVE-2017-1283
@@ -32627,21 +32628,21 @@
CVE-2016-8954 (IBM dashDB Local uses hard-coded credentials that could allow a remote ...)
NOT-FOR-US: IBM
CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8952
RESERVED
CVE-2016-8951
RESERVED
CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8949
RESERVED
CVE-2016-8948 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8947 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8946 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8945
RESERVED
CVE-2016-8944 (IBM AIX 7.1 and 7.2 allows a local user to open a file with a ...)
@@ -35089,7 +35090,7 @@
CVE-2017-0244 (The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 ...)
NOT-FOR-US: Microsoft
CVE-2017-0243 (Microsoft Office allows a remote code execution vulnerability due to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0242 (An information disclosure vulnerability exists in the way some ActiveX ...)
NOT-FOR-US: Microsoft
CVE-2017-0241 (An elevation of privilege vulnerability exists when Microsoft Edge ...)
@@ -35235,7 +35236,7 @@
CVE-2017-0171 (Windows DNS Server allows a denial of service vulnerability when ...)
NOT-FOR-US: Microsoft
CVE-2017-0170 (Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0169 (An information disclosure vulnerability exists when Windows Hyper-V ...)
NOT-FOR-US: Microsoft
CVE-2017-0168 (An information disclosure vulnerability exists when the Windows ...)
@@ -42122,7 +42123,7 @@
CVE-2016-6115 (IBM General Parallel File System is vulnerable to a buffer overflow. A ...)
NOT-FOR-US: IBM
CVE-2016-6114 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This vulnerability ...)
NOT-FOR-US: IBM
CVE-2016-6112 (IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and ...)
More information about the Secure-testing-commits
mailing list