[Secure-testing-commits] r53533 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jul 16 08:53:08 UTC 2017
Author: carnil
Date: 2017-07-16 08:53:08 +0000 (Sun, 16 Jul 2017)
New Revision: 53533
Modified:
data/CVE/list
Log:
Process several NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-16 08:34:52 UTC (rev 53532)
+++ data/CVE/list 2017-07-16 08:53:08 UTC (rev 53533)
@@ -588,7 +588,7 @@
CVE-2017-1000042 (Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are ...)
NOT-FOR-US: Mapbox.js
CVE-2017-1000039 (Framadate version 1.0 is vulnerable to Formula Injection in the CSV ...)
- TODO: check
+ NOT-FOR-US: Framadate
CVE-2017-1000038 (WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored ...)
NOT-FOR-US: WordPress plugin
CVE-2017-1000037 (RVM automatically loads environment variables from files in $PWD ...)
@@ -612,7 +612,7 @@
CVE-2017-1000028 (Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both ...)
TODO: check
CVE-2017-1000027 (Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable ...)
- TODO: check
+ NOT-FOR-US: Koozali Foundation SME Server
CVE-2017-1000026 (Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable ...)
TODO: check
CVE-2017-1000025 (GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 ...)
@@ -1963,15 +1963,15 @@
CVE-2017-10606
RESERVED
CVE-2017-10605 (On all vSRX and SRX Series devices, when the DHCP or DHCP relay is ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-10604 (When the device is configured to perform account lockout with a ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-10603 (An XML injection vulnerability in Junos OS CLI can allow a locally ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-10602 (A buffer overflow vulnerability in Junos OS CLI may allow a local ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-10601 (A specific device configuration can result in a commit failure ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates ...)
NOT-FOR-US: ubuntu-image
CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x ...)
@@ -25915,35 +25915,35 @@
- webkit2gtk 2.14.4-1 (unimportant)
NOTE: Not covered by security support
CVE-2017-2349 (A command injection vulnerability in the IDP feature of Juniper ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2348 (The Juniper Enhanced jdhcpd daemon may experience high CPU ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2347 (A denial of service vulnerability in rpd daemon of Juniper Networks ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2346 (An MS-MPC or MS-MIC Service PIC may crash when large fragmented ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2345 (On Junos OS devices with SNMP enabled, a network based attacker with ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2344 (A routine within an internal Junos OS sockets library is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2343 (The Integrated User Firewall (UserFW) feature was introduced in Junos ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2342 (MACsec feature on Juniper Networks Junos OS 15.1X49 prior to ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2341 (An insufficient authentication vulnerability on platforms where Junos ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2340 (On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 ...)
NOT-FOR-US: Juniper
CVE-2017-2339 (A security researcher testing a Juniper NetScreen Firewall+VPN found ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2338 (A security researcher testing a Juniper NetScreen Firewall+VPN found ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2337 (A security researcher testing a Juniper NetScreen Firewall+VPN found ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2336 (A security researcher testing a Juniper NetScreen Firewall+VPN found ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2335 (A security researcher testing a Juniper NetScreen Firewall+VPN found ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2334 (An information leak vulnerability in Juniper Networks NorthStar ...)
NOT-FOR-US: Juniper
CVE-2017-2333 (A persistent denial of service vulnerability in Juniper Networks ...)
@@ -25985,7 +25985,7 @@
CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switches running affected Junos ...)
NOT-FOR-US: Juniper
CVE-2017-2314 (Receipt of a malformed BGP OPEN message may cause the routing protocol ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2017-2313 (Juniper Networks devices running affected Junos OS versions may be ...)
NOT-FOR-US: Juniper
CVE-2017-2312 (On Juniper Networks devices running Junos OS affected versions and ...)
@@ -26075,21 +26075,21 @@
CVE-2017-2273
RESERVED
CVE-2017-2272 (Untrusted search path vulnerability in Self-extracting encrypted files ...)
- TODO: check
+ NOT-FOR-US: AttacheCase
CVE-2017-2271 (Untrusted search path vulnerability in Self-extracting encrypted files ...)
- TODO: check
+ NOT-FOR-US: AttacheCase
CVE-2017-2270 (Untrusted search path vulnerability in Encrypted files in ...)
- TODO: check
+ NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2269 (Untrusted search path vulnerability in FileCapsule Deluxe Portable ...)
- TODO: check
+ NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2268 (Untrusted search path vulnerability in Encrypted files in ...)
- TODO: check
+ NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2267 (Untrusted search path vulnerability in FileCapsule Deluxe Portable ...)
- TODO: check
+ NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2266 (Untrusted search path vulnerability in Encrypted files in ...)
- TODO: check
+ NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2265 (Untrusted search path vulnerability in FileCapsule Deluxe Portable ...)
- TODO: check
+ NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2264
RESERVED
CVE-2017-2263
@@ -26113,21 +26113,21 @@
CVE-2017-2254
RESERVED
CVE-2017-2253 (Untrusted search path vulnerability in Installer of Yahoo! Toolbar ...)
- TODO: check
+ NOT-FOR-US: Installer of Yahoo! Toolbar (for Internet explorer)
CVE-2017-2252 (Untrusted search path vulnerability in Self-extracting archive files ...)
- TODO: check
+ NOT-FOR-US: File Compact
CVE-2017-2251
RESERVED
CVE-2017-2250
RESERVED
CVE-2017-2249 (Untrusted search path vulnerability in Self-extracting archive files ...)
- TODO: check
+ NOT-FOR-US: Lhaz+
CVE-2017-2248 (Untrusted search path vulnerability in Installer of Lhaz+ version ...)
- TODO: check
+ NOT-FOR-US: Lhaz+
CVE-2017-2247 (Untrusted search path vulnerability in Self-extracting archive files ...)
- TODO: check
+ NOT-FOR-US: Lhaz
CVE-2017-2246 (Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 ...)
- TODO: check
+ NOT-FOR-US: Lhaz
CVE-2017-2245 (Directory traversal vulnerability in Shortcodes Ultimate prior to ...)
NOT-FOR-US: Shortcodes Ultimate
CVE-2017-2244 (Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN ...)
@@ -26137,9 +26137,9 @@
CVE-2017-2242
RESERVED
CVE-2017-2241 (SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and ...)
- TODO: check
+ NOT-FOR-US: AssetView for MacOS
CVE-2017-2240 (Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and ...)
- TODO: check
+ NOT-FOR-US: AssetView for MacOS
CVE-2017-2239 (Marp versions v0.0.10 and earlier may allow an attacker to access ...)
NOT-FOR-US: Marp
CVE-2017-2238 (Cross-site request forgery (CSRF) vulnerability in Toshiba Home ...)
@@ -28003,7 +28003,7 @@
CVE-2017-1309
RESERVED
CVE-2017-1308 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1307
RESERVED
CVE-2017-1306
@@ -28253,11 +28253,11 @@
CVE-2017-1184
RESERVED
CVE-2017-1183 (IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1182 (IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) ...)
NOT-FOR-US: Oracle Primavera
CVE-2017-1181 (IBM Tivoli Monitoring Portal V6 client could allow a local attacker to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1180 (The IBM TRIRIGA Document Manager contains a vulnerability that could ...)
NOT-FOR-US: IBM TRIRIGA Document Manager
CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected ...)
@@ -32997,7 +32997,7 @@
CVE-2016-8965
RESERVED
CVE-2016-8964 (IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive information in ...)
NOT-FOR-US: IBM
CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should have ...)
@@ -33021,9 +33021,9 @@
CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...)
NOT-FOR-US: IBM
CVE-2016-8952 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8951 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2016-8949
@@ -35575,7 +35575,7 @@
CVE-2017-0197 (Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote ...)
NOT-FOR-US: Microsoft
CVE-2017-0196 (An information disclosure vulnerability in Microsoft scripting engine ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0195 (Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and ...)
NOT-FOR-US: Microsoft
CVE-2017-0194 (Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office ...)
@@ -35663,7 +35663,7 @@
CVE-2017-0153
RESERVED
CVE-2017-0152 (A remote code execution vulnerability exists in the way affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0151 (A remote code execution vulnerability exists in the way affected ...)
NOT-FOR-US: Microsoft
CVE-2017-0150 (A remote code execution vulnerability exists in the way affected ...)
@@ -35911,7 +35911,7 @@
CVE-2017-0029 (Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word ...)
NOT-FOR-US: Microsoft
CVE-2017-0028 (A remote code execution vulnerability exists when Microsoft scripting ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0027 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel ...)
NOT-FOR-US: Microsoft
CVE-2017-0026 (The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 ...)
@@ -42702,7 +42702,7 @@
CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a remote ...)
NOT-FOR-US: IBM
CVE-2016-6019 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6018
RESERVED
CVE-2016-6017
More information about the Secure-testing-commits
mailing list