[Secure-testing-commits] r53704 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Jul 20 09:17:13 UTC 2017
Author: jmm
Date: 2017-07-20 09:17:13 +0000 (Thu, 20 Jul 2017)
New Revision: 53704
Modified:
data/CVE/list
Log:
new glpi issues
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-20 09:10:15 UTC (rev 53703)
+++ data/CVE/list 2017-07-20 09:17:13 UTC (rev 53704)
@@ -3,19 +3,21 @@
CVE-2017-11476
RESERVED
CVE-2017-11475 (GLPI before 9.1.5.1 has SQL Injection in the condition rule field, ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2017-11474 (GLPI before 9.1.5.1 has SQL Injection in the $crit variable in ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2017-11471 (IDERA Uptime Monitor 7.8 has SQL injection in ...)
- TODO: check
+ NOT-FOR-US: IDERA Uptime Monitor
CVE-2017-11470 (IDERA Uptime Monitor 7.8 has SQL injection in ...)
- TODO: check
+ NOT-FOR-US: IDERA Uptime Monitor
CVE-2017-11469 (get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the ...)
- TODO: check
+ NOT-FOR-US: IDERA Uptime Monitor
CVE-2017-11468
RESERVED
CVE-2017-11467 (OrientDB through 2.2.22 does not enforce privilege requirements during ...)
- TODO: check
+ NOT-FOR-US: OrientDB
CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows ...)
TODO: check
CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in ...)
More information about the Secure-testing-commits
mailing list