[Secure-testing-commits] r52402 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jun 7 22:01:29 UTC 2017


Author: jmm
Date: 2017-06-07 22:01:29 +0000 (Wed, 07 Jun 2017)
New Revision: 52402

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-07 21:57:25 UTC (rev 52401)
+++ data/CVE/list	2017-06-07 22:01:29 UTC (rev 52402)
@@ -173,7 +173,7 @@
 CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This ...)
 	NOT-FOR-US: Openbravo Business Suite
 CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in ...)
-	TODO: check
+	NOT-FOR-US: TeamPass
 CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in ...)
 	- dolibarr <unfixed>
 	NOTE: https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04
@@ -395,7 +395,7 @@
 	- pjproject 2.5.5~dfsg-6 (bug #863901)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-002.txt
 CVE-2017-9355 (XML external entity (XXE) vulnerability in the import playlist feature ...)
-	TODO: check
+	NOT-FOR-US: Subsonic
 CVE-2017-9354 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector ...)
 	- wireshark <unfixed> (bug #864058)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html
@@ -470,7 +470,7 @@
 CVE-2017-9333
 	RESERVED
 CVE-2017-9332 (The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 ...)
-	TODO: check
+	NOT-FOR-US: PivotX
 CVE-2017-9331 (The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored ...)
 	NOT-FOR-US: Telaxus EPESI
 CVE-2017-9329
@@ -4232,9 +4232,9 @@
 CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...)
 	NOT-FOR-US: Schneider
 CVE-2017-7966 (A DLL Hijacking vulnerability in the programming software in Schneider ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2017-7965 (A buffer overflow vulnerability exists in Programming Software ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2017-7964 (Zyxel WRE6505 devices have a default TELNET password of 1234 for the ...)
 	NOT-FOR-US: Zyxel
 CVE-2017-7963 (** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) ...)
@@ -5481,9 +5481,9 @@
 CVE-2017-7565 (Splunk Hadoop Connect App has a path traversal vulnerability that ...)
 	NOT-FOR-US: Splunk Hadoop Connect App
 CVE-2017-7564 (In ARM Trusted Firmware through 1.3, the secure self-hosted invasive ...)
-	TODO: check
+	NOT-FOR-US: ARM
 CVE-2017-7563 (In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 ...)
-	TODO: check
+	NOT-FOR-US: ARM
 CVE-2016-10320 (textract before 1.5.0 allows OS Command Injection attacks via a ...)
 	NOT-FOR-US: textract
 CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC ...)
@@ -6215,11 +6215,11 @@
 CVE-2017-7315
 	RESERVED
 CVE-2017-7314 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. ...)
-	TODO: check
+	NOT-FOR-US: Personify360 e-Business
 CVE-2017-7313 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. ...)
-	TODO: check
+	NOT-FOR-US: Personify360 e-Business
 CVE-2017-7312 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. ...)
-	TODO: check
+	NOT-FOR-US: Personify360 e-Business
 CVE-2017-7311
 	RESERVED
 CVE-2017-7310 (A buffer overflow vulnerability in Import Command in Sync Breeze ...)
@@ -14065,13 +14065,13 @@
 CVE-2017-4918
 	RESERVED
 CVE-2017-4917 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4916 (VMware Workstation Pro/Player contains a NULL pointer dereference ...)
 	NOT-FOR-US: VMware
 CVE-2017-4915 (VMware Workstation Pro/Player contains an insecure library loading ...)
 	NOT-FOR-US: VMware
 CVE-2017-4914 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4913
 	RESERVED
 CVE-2017-4912
@@ -14089,21 +14089,21 @@
 CVE-2017-4906
 	RESERVED
 CVE-2017-4905 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4904 (The XHCI controller in VMware ESXi 6.5 without patch ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4903 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4902 (VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4901
 	RESERVED
 CVE-2017-4900 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4899 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a security ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4898 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4897 (VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists ...)
 	NOT-FOR-US: VMware Horizon DaaS
 CVE-2017-4896 (Airwatch Inbox for Android contains a vulnerability that may allow a ...)
@@ -16649,7 +16649,7 @@
 CVE-2016-9978 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an ...)
 	NOT-FOR-US: IBM
 CVE-2016-9977 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-9976 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote ...)
 	NOT-FOR-US: IBM
 CVE-2016-9975 (IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to ...)
@@ -19145,7 +19145,7 @@
 CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x ...)
 	NOT-FOR-US: Zikula
 CVE-2016-9834 (An XSS vulnerability allows remote attackers to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2016-9833
 	RESERVED
 CVE-2016-9832 (PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows ...)
@@ -22901,7 +22901,7 @@
 CVE-2017-1306
 	RESERVED
 CVE-2017-1305 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1304
 	RESERVED
 CVE-2017-1303
@@ -23119,7 +23119,7 @@
 CVE-2017-1197
 	RESERVED
 CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1195
 	RESERVED
 CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
@@ -23156,7 +23156,7 @@
 CVE-2017-1179
 	RESERVED
 CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1177
 	RESERVED
 CVE-2017-1176
@@ -23262,7 +23262,7 @@
 CVE-2017-1126
 	RESERVED
 CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local ...)
 	NOT-FOR-US: IBM
 CVE-2017-1123
@@ -23845,7 +23845,7 @@
 CVE-2016-9711
 	RESERVED
 CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-9709
 	RESERVED
 CVE-2016-9708
@@ -27916,7 +27916,7 @@
 CVE-2016-8940 (IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and ...)
 	NOT-FOR-US: IBM
 CVE-2016-8939 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-8938 (IBM UrbanCode Deploy could allow a user to execute code using a ...)
 	NOT-FOR-US: IBM
 CVE-2016-8937
@@ -37423,11 +37423,11 @@
 CVE-2016-6090 (IBM WebSphere Commerce contains an unspecified vulnerability that ...)
 	NOT-FOR-US: IBM
 CVE-2016-6089 (IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-6088
 	RESERVED
 CVE-2016-6087 (IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-6086
 	RESERVED
 CVE-2016-6085 (IBM BigFix Platform could allow an attacker on the local network to ...)
@@ -37681,9 +37681,9 @@
 CVE-2016-5961
 	RESERVED
 CVE-2016-5960 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-5959 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-5958 (IBM Security Privileged Identity Manager could allow a remote attacker ...)
 	NOT-FOR-US: IBM
 CVE-2016-5957 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
@@ -46986,7 +46986,7 @@
 CVE-2016-3052 (IBM WebSphere MQ 8.0, under nonstandard configurations, sends password ...)
 	NOT-FOR-US: IBM
 CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an authenticated ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-3050
 	RESERVED
 CVE-2016-3049
@@ -47054,7 +47054,7 @@
 CVE-2016-3020 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could ...)
 	NOT-FOR-US: IBM
 CVE-2016-3019 (IBM Security Access Manager for Web 9.0.0 uses weaker than expected ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-3018 (IBM Security Access Manager for Web is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
 CVE-2016-3017 (IBM Security Access Manager for Web could allow a remote attacker to ...)
@@ -56810,7 +56810,7 @@
 CVE-2016-0255 (IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site ...)
 	NOT-FOR-US: IBM
 CVE-2016-0254 (IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-0253
 	RESERVED
 CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control ...)




More information about the Secure-testing-commits mailing list