[Secure-testing-commits] r57515 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 9 21:18:13 UTC 2017
Author: carnil
Date: 2017-11-09 21:18:13 +0000 (Thu, 09 Nov 2017)
New Revision: 57515
Modified:
data/CVE/list
Log:
Process some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-09 21:11:15 UTC (rev 57514)
+++ data/CVE/list 2017-11-09 21:18:13 UTC (rev 57515)
@@ -3,7 +3,7 @@
CVE-2017-16755
RESERVED
CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler ...)
- TODO: check
+ NOT-FOR-US: Bolt CMS
CVE-2017-16753
RESERVED
CVE-2017-16752
@@ -283,9 +283,9 @@
CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the ...)
NOT-FOR-US: TinyWebGallery
CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2017-16632
RESERVED
CVE-2017-16631
@@ -415,9 +415,9 @@
CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an ...)
NOT-FOR-US: Zurmo
CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...)
- TODO: check
+ NOT-FOR-US: Logitech Media Server
CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...)
- TODO: check
+ NOT-FOR-US: Logitech Media Server
CVE-2017-16566
RESERVED
CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage ...)
@@ -2943,7 +2943,7 @@
CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to ...)
NOT-FOR-US: Mura CMS
CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux ...)
- TODO: check
+ NOT-FOR-US: SuSEfirewall2 in SUSE
CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing ...)
- wordpress <unfixed> (bug #880868)
NOTE: https://core.trac.wordpress.org/ticket/21022
@@ -10224,7 +10224,7 @@
CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 ...)
NOT-FOR-US: Apache2Triad
CVE-2017-12969 (Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: Avaya IP Office Contact Center
CVE-2017-12968
RESERVED
CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor (BFD) ...)
@@ -14983,7 +14983,7 @@
NOTE: Fixed by: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
CVE-2017-11461 (NetApp OnCommand Unified Manager for 7-mode (core package) versions ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the DataArchivingService ...)
NOT-FOR-US: SAP
CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via ...)
@@ -15474,7 +15474,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/517
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08
CVE-2017-11309 (Buffer overflow in the SoftConsole client in Avaya IP Office before ...)
- TODO: check
+ NOT-FOR-US: Avaya IP Office
CVE-2017-11308
RESERVED
CVE-2017-11307
@@ -19799,7 +19799,7 @@
CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the ...)
NOT-FOR-US: Zenbership
CVE-2017-9758 (Savitech driver packages for Windows silently install a self-signed ...)
- TODO: check
+ NOT-FOR-US: Savitech driver packages for Windows
CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via ...)
NOT-FOR-US: IPFire
CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below the stack ...)
@@ -34662,7 +34662,7 @@
{DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5201 (NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...)
- salt 2016.11.2+ds-1
[jessie] - salt <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list