[Secure-testing-commits] r53965 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Jul 26 21:44:00 UTC 2017
Author: jmm
Date: 2017-07-26 21:44:00 +0000 (Wed, 26 Jul 2017)
New Revision: 53965
Modified:
data/CVE/list
Log:
NFus
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-26 21:40:50 UTC (rev 53964)
+++ data/CVE/list 2017-07-26 21:44:00 UTC (rev 53965)
@@ -1,7 +1,7 @@
CVE-2017-11667 (OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2017-11666 (Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the ...)
- TODO: check
+ NOT-FOR-US: Kopano
CVE-2017-11665
RESERVED
CVE-2017-11664
@@ -17,7 +17,7 @@
CVE-2017-11659
RESERVED
CVE-2017-11658 (In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-11657
RESERVED
CVE-2017-11656
@@ -159,7 +159,7 @@
CVE-2017-11616
RESERVED
CVE-2017-11615 (A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 ...)
- TODO: check
+ NOT-FOR-US: Wube Factorio
CVE-2017-11614 (MEDHOST Connex contains hard-coded credentials that are used for ...)
NOT-FOR-US: MEDHOST Connex
CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in the ...)
@@ -167,7 +167,7 @@
- tiff3 <removed>
NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
CVE-2017-11612 (In Joomla! before 3.7.4, inadequate filtering of potentially malicious ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...)
NOT-FOR-US: ZyXEL
CVE-2017-11611
@@ -212,7 +212,7 @@
CVE-2017-11594 (Cross-site scripting (XSS) vulnerability in the Markdown parser in ...)
- loomio <itp> (bug #756319)
CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus ...)
- TODO: check
+ NOT-FOR-US: Chrome extension Markdown Preview Plus
CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...)
- exiv2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
@@ -282,7 +282,7 @@
CVE-2017-11567
RESERVED
CVE-2017-11566 (AppUse 4.0 allows shell command injection via a proxy field. ...)
- TODO: check
+ NOT-FOR-US: AppUse
CVE-2017-1002151 [pagure: private repositories accessible through ssh]
- pagure <itp> (bug #829046)
NOTE: https://pagure.io/pagure/pull-request/2426
@@ -649,7 +649,7 @@
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11873 (not public)
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul
CVE-2017-11422 (Statamic framework before 2.6.0 does not correctly check a session's ...)
- TODO: check
+ NOT-FOR-US: Statamic
CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in ...)
NOT-FOR-US: ASUS
CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...)
@@ -17121,7 +17121,7 @@
CVE-2017-5692
RESERVED
CVE-2017-5691 (Incorrect check in Intel processors from 6th and 7th Generation Intel ...)
- TODO: check
+ NOT-FOR-US: Intel CPUs
CVE-2017-5690
RESERVED
CVE-2017-5689 (An unprivileged network attacker could gain system privileges to ...)
@@ -43749,7 +43749,7 @@
- tcpreplay 3.4.4-3 (bug #829350)
[jessie] - tcpreplay 3.4.4-2+deb8u1
CVE-2016-6133 (Cross-site scripting (XSS) vulnerability in Ektron Content Management ...)
- TODO: check
+ NOT-FOR-US: Ektron
CVE-2016-6153 (os_unix.c in SQLite before 3.13.0 improperly implements the temporary ...)
{DLA-543-1}
- sqlite3 3.13.0-1
@@ -80204,7 +80204,7 @@
CVE-2015-2799
RESERVED
CVE-2015-2798 (SQL injection vulnerability in Joomla! Component Contact Form Maker ...)
- TODO: check
+ NOT-FOR-US: Joomla! extension
CVE-2015-2797 (Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, ...)
NOT-FOR-US: AirTies Air DSL modems
CVE-2015-2796
@@ -83214,7 +83214,7 @@
- pcs <not-affected> (Fixed before initial release to Debian)
NOTE: https://github.com/feist/pcs/commit/898204596a779673c88097bbdbe2d7ed6ed0cc8b (0.9.140)
CVE-2015-1847 (Directory traversal vulnerability in the web request/response ...)
- TODO: check
+ NOT-FOR-US: Appserver.io
CVE-2015-1846 (unzoo allows remote attackers to cause a denial of service (infinite ...)
- unzoo <removed>
CVE-2015-1845 (Buffer overflow in the EntrReadArch function in unzoo might allow ...)
@@ -84563,7 +84563,7 @@
CVE-2015-1439
RESERVED
CVE-2015-1438 (Heap-based buffer overflow in Panda Security Kernel Memory Access ...)
- TODO: check
+ NOT-FOR-US: Panda
CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 ...)
NOT-FOR-US: Asus RT-N10+ D1 router
CVE-2015-1436 (Cross-site scripting (XSS) vulnerability in the Easing Slider plugin ...)
More information about the Secure-testing-commits
mailing list