[Secure-testing-commits] r52435 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jun 9 04:16:40 UTC 2017
Author: carnil
Date: 2017-06-09 04:16:40 +0000 (Fri, 09 Jun 2017)
New Revision: 52435
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-09 04:16:30 UTC (rev 52434)
+++ data/CVE/list 2017-06-09 04:16:40 UTC (rev 52435)
@@ -4,13 +4,13 @@
NOTE: https://github.com/radare/radare2/issues/7698
TODO: check
CVE-2017-9519 (atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user ...)
- TODO: check
+ NOT-FOR-US: atmail
CVE-2017-9518 (atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP ...)
- TODO: check
+ NOT-FOR-US: atmail
CVE-2017-9517 (atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and ...)
- TODO: check
+ NOT-FOR-US: atmail
CVE-2017-9516 (Craft CMS before 2.6.2982 allows for a potential XSS attack vector by ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2017-9515
RESERVED
CVE-2017-9514
@@ -6899,7 +6899,7 @@
CVE-2017-7181
RESERVED
CVE-2017-7180 (Net Monitor for Employees Pro through 5.3.4 has an unquoted service ...)
- TODO: check
+ NOT-FOR-US: Net Monitor for Employees Pro
CVE-2017-7179
RESERVED
CVE-2016-10253 (An issue was discovered in Erlang/OTP 18.x. Erlang's generation of ...)
@@ -8126,7 +8126,7 @@
CVE-2017-6649 (A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through ...)
NOT-FOR-US: Cisco
CVE-2017-6648 (A vulnerability in the Session Initiation Protocol (SIP) of the Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-6647 (A vulnerability in the web interface of Cisco Remote Expert Manager ...)
NOT-FOR-US: Cisco
CVE-2017-6646 (A vulnerability in the web interface of Cisco Remote Expert Manager ...)
@@ -8142,11 +8142,11 @@
CVE-2017-6641 (A vulnerability in the TCP connection handling functionality of Cisco ...)
NOT-FOR-US: Cisco
CVE-2017-6640 (A vulnerability in Cisco Prime Data Center Network Manager (DCNM) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-6639 (A vulnerability in the role-based access control (RBAC) functionality ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-6638 (A vulnerability in how DLL files are loaded with Cisco AnyConnect ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-6637 (A vulnerability in the web interface of Cisco Prime Collaboration ...)
NOT-FOR-US: Cisco
CVE-2017-6636 (A vulnerability in the web interface of Cisco Prime Collaboration ...)
@@ -10499,7 +10499,7 @@
CVE-2017-5879 (An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL ...)
NOT-FOR-US: Exponent CMS
CVE-2017-5878 (The AMF unmarshallers in Red5 Media Server before 1.0.8 do not ...)
- TODO: check
+ NOT-FOR-US: AMF unmarshallers in Red5 Media Server
CVE-2016-10207 (The Xvnc server in TigerVNC allows remote attackers to cause a denial ...)
- tigervnc 1.7.0-1
NOTE: https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649
@@ -14081,7 +14081,7 @@
CVE-2017-4919
RESERVED
CVE-2017-4918 (VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4917 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x ...)
NOT-FOR-US: VMware
CVE-2017-4916 (VMware Workstation Pro/Player contains a NULL pointer dereference ...)
@@ -14091,19 +14091,19 @@
CVE-2017-4914 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x ...)
NOT-FOR-US: VMware
CVE-2017-4913 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4912 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4911 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4910 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4909 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4908 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4907 (VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4906
RESERVED
CVE-2017-4905 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without ...)
@@ -14115,7 +14115,7 @@
CVE-2017-4902 (VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without ...)
NOT-FOR-US: VMware
CVE-2017-4901 (The drag-and-drop (DnD) function in VMware Workstation 12.x before ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4900 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL ...)
NOT-FOR-US: VMware
CVE-2017-4899 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a security ...)
@@ -35578,7 +35578,7 @@
CVE-2016-6596
RESERVED
CVE-2016-6594 (Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and ...)
- TODO: check
+ NOT-FOR-US: Blue Coat
CVE-2016-6593
RESERVED
NOT-FOR-US: Symantec VIP Access
@@ -46804,7 +46804,7 @@
NOTE: Upstream advisory http://markmail.org/message/oyxfv73jb2g7rjg3
NOTE: https://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E
CVE-2016-3091 (Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry Diego
CVE-2016-3090
RESERVED
CVE-2016-3089 (Cross-site scripting (XSS) vulnerability in the SWF panel in Apache ...)
@@ -50753,7 +50753,7 @@
CVE-2016-2035
REJECTED
CVE-2016-2034 (SQL injection vulnerability in ClearPass Policy Manager 6.5.x through ...)
- TODO: check
+ NOT-FOR-US: ClearPass Policy Manager
CVE-2016-2033
RESERVED
CVE-2016-2032
@@ -73812,7 +73812,7 @@
CVE-2015-2801
RESERVED
CVE-2015-2800 (The user authentication module in Huawei Campus switches S5700, S5300, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-2799
RESERVED
CVE-2015-2798
@@ -75672,15 +75672,15 @@
CVE-2015-2256
RESERVED
CVE-2015-2255 (Huawei AR1220 routers with software before V200R005SPH006 allows ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-2254
RESERVED
CVE-2015-2253 (The XML interface in Huawei OceanStor UDS devices with software before ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-2252 (Huawei OceanStor UDS devices with software before V100R002C01SPC102 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-2251 (The DeviceManager in Huawei OceanStor UDS devices with software before ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-2250 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 ...)
NOT-FOR-US: concrete5
CVE-2015-2249
@@ -82799,7 +82799,7 @@
CVE-2014-9311 (Cross-site scripting (XSS) vulnerability in admin.php in the ...)
NOT-FOR-US: Shareaholic plugin for WordPress
CVE-2014-9310 (Cross-site scripting (XSS) vulnerability in the WordPress Backup to ...)
- TODO: check
+ NOT-FOR-US: WordPress Backup to Dropbox plugin for WordPress
CVE-2014-9309
RESERVED
CVE-2014-9308 (Unrestricted file upload vulnerability in ...)
@@ -85237,7 +85237,7 @@
CVE-2014-8688 (An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for ...)
NOT-FOR-US: Telegram Messenger
CVE-2014-8687 (Seagate Business NAS devices with firmware before 2015.00322 allow ...)
- TODO: check
+ NOT-FOR-US: Seagate Business NAS devices
CVE-2014-8686
RESERVED
CVE-2014-8685
@@ -92075,7 +92075,7 @@
CVE-2014-6032 (Multiple XML External Entity (XXE) vulnerabilities in the ...)
NOT-FOR-US: F5 Networks Big-IP
CVE-2014-6031 (Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP systems
CVE-2014-6030 (Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET ...)
NOT-FOR-US: ClassApps SelectSurvey.NET
CVE-2014-6026
@@ -94899,7 +94899,7 @@
CVE-2014-4844 (The import/export functionality in IBM Business Process Manager (BPM) ...)
NOT-FOR-US: IBM
CVE-2014-4843 (Curam Universal Access in IBM Curam Social Program Management (SPM) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4842
RESERVED
CVE-2014-4841
More information about the Secure-testing-commits
mailing list