[Secure-testing-commits] r53500 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Jul 14 21:35:49 UTC 2017
Author: jmm
Date: 2017-07-14 21:35:49 +0000 (Fri, 14 Jul 2017)
New Revision: 53500
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-14 21:30:52 UTC (rev 53499)
+++ data/CVE/list 2017-07-14 21:35:49 UTC (rev 53500)
@@ -459,60 +459,60 @@
NOTE: https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and ...)
- TODO: check
+ - jenkins <removed>
CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of ...)
- TODO: check
+ NOT-FOR-US: ONOS
CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets ...)
- TODO: check
+ NOT-FOR-US: ONOS
CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS ...)
- TODO: check
+ NOT-FOR-US: ONOS
CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the device ...)
- TODO: check
+ NOT-FOR-US: ONOS
CVE-2017-1000077
RESERVED
CVE-2017-1000076
RESERVED
CVE-2017-1000075 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...)
- TODO: check
+ NOT-FOR-US: Creolabs Gravity
CVE-2017-1000074 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...)
- TODO: check
+ NOT-FOR-US: Creolabs Gravity
CVE-2017-1000073 (Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an ...)
- TODO: check
+ NOT-FOR-US: Creolabs Gravity
CVE-2017-1000072 (Creolabs Gravity version 1.0 is vulnerable to a Double Free in ...)
- TODO: check
+ NOT-FOR-US: Creolabs Gravity
CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass ...)
TODO: check
CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was affected by an ...)
- TODO: check
+ NOT-FOR-US: Bitly oauth2_proxy
CVE-2017-1000069 (CSRF in Bitly oauth2_proxy 2.1 during authentication flow ...)
- TODO: check
+ NOT-FOR-US: Bitly oauth2_proxy
CVE-2017-1000068 (TestTrack Server versions 1.0 and earlier are vulnerable to an ...)
TODO: check
CVE-2017-1000067 (MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL ...)
- TODO: check
+ NOT-FOR-US: MODX Revolution
CVE-2017-1000066 (The entry details view function in KeePass version 1.32 inadvertently ...)
TODO: check
CVE-2017-1000065 (Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in ...)
- TODO: check
+ NOT-FOR-US: OpenMediaVault
CVE-2017-1000064 (kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion ...)
- TODO: check
+ NOT-FOR-US: kittoframework kitto
CVE-2017-1000063 (kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 ...)
- TODO: check
+ NOT-FOR-US: kittoframework kitto
CVE-2017-1000062 (kittoframework kitto 0.5.1 is vulnerable to directory traversal in the ...)
- TODO: check
+ NOT-FOR-US: kittoframework kitto
CVE-2017-1000061 (xmlsec 1.2.23 and before is vulnerable to XML External Entity ...)
- xmlsec1 1.2.24-1
[stretch] - xmlsec1 <no-dsa> (Minor issue)
[jessie] - xmlsec1 <no-dsa> (Minor issue)
NOTE: https://github.com/lsh123/xmlsec/issues/43
CVE-2017-1000060 (EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb ...)
- TODO: check
+ NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-1000059 (Live Helper Chat version 2.06v and older is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2017-1000058 (Stored XSS in chevereto CMS before version 3.8.11 ...)
- TODO: check
+ NOT-FOR-US: chevereto CMS
CVE-2017-1000057 (A reflected cross-site scripting vulnerability in GetSimple CMS ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2017-1000056 (Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation ...)
- kubernetes 1.5.5+dfsg-1
NOTE: https://github.com/kubernetes/kubernetes/issues/43459
More information about the Secure-testing-commits
mailing list