[Secure-testing-commits] r57679 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 16 13:24:07 UTC 2017
Author: carnil
Date: 2017-11-16 13:24:07 +0000 (Thu, 16 Nov 2017)
New Revision: 57679
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-16 11:36:49 UTC (rev 57678)
+++ data/CVE/list 2017-11-16 13:24:07 UTC (rev 57679)
@@ -1,9 +1,9 @@
CVE-2017-16843
RESERVED
CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Yoast SEO plugin for WordPress
CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...)
- TODO: check
+ NOT-FOR-US: LanSweeper
CVE-2017-16840
RESERVED
CVE-2017-16839
@@ -13,14 +13,14 @@
CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not ...)
TODO: check
CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...)
- TODO: check
+ NOT-FOR-US: Arris TG1682G devices
CVE-2017-16835
RESERVED
CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an ...)
- pnp4nagios <removed>
NOTE: https://github.com/lingej/pnp4nagios/issues/140
CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...)
- TODO: check
+ NOT-FOR-US: Gemirro
CVE-2017-XXXX [CPPOST-105]
- opensaml2 <unfixed> (bug #881856)
NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
@@ -80,7 +80,7 @@
CVE-2017-16822
RESERVED
CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java ...)
- TODO: check
+ NOT-FOR-US: b3log Symphony
CVE-2017-16819
RESERVED
CVE-2017-16818
@@ -12843,7 +12843,7 @@
CVE-2017-12351
RESERVED
CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-12349
RESERVED
CVE-2017-12348
@@ -14055,27 +14055,27 @@
CVE-2017-11838 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
NOT-FOR-US: Microsoft
CVE-2017-11837 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11836 (ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11835 (Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11834 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11833 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11832 (The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11831 (Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11830 (Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11829 (Microsoft Windows 10 allows an elevation of privilege vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2017-11828
RESERVED
CVE-2017-11827 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11826 (Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint ...)
NOT-FOR-US: Microsoft
CVE-2017-11825 (Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for ...)
@@ -14123,7 +14123,7 @@
CVE-2017-11804 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
NOT-FOR-US: Microsoft
CVE-2017-11803 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11802 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
NOT-FOR-US: Microsoft
CVE-2017-11801 (ChakraCore allows an attacker to execute arbitrary code in the context ...)
@@ -14147,13 +14147,13 @@
CVE-2017-11792 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an ...)
NOT-FOR-US: Microsoft
CVE-2017-11791 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11790 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
NOT-FOR-US: Microsoft
CVE-2017-11789
RESERVED
CVE-2017-11788 (Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11787
RESERVED
CVE-2017-11786 (Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business ...)
@@ -14193,7 +14193,7 @@
CVE-2017-11769 (The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, ...)
NOT-FOR-US: Microsoft
CVE-2017-11768 (Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-11767 (ChakraCore allows an attacker to gain the same user rights as the ...)
NOT-FOR-US: Microsoft
CVE-2017-11766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
@@ -19197,7 +19197,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10278 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10277 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
- mysql-connector-net <unfixed>
[wheezy] - mysql-connector-net <no-dsa> (Minor issue)
@@ -19217,13 +19217,13 @@
CVE-2017-10273
RESERVED
CVE-2017-10272 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-10270 (Vulnerability in the Oracle Identity Manager Connector component of ...)
NOT-FOR-US: Oracle
CVE-2017-10269 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4002-1 DLA-1141-1}
- mariadb-10.0 <removed>
@@ -19232,9 +19232,9 @@
- mysql-5.5 <removed> (bug #878402)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10267 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10266 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10265 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) ...)
NOT-FOR-US: Oracle
CVE-2017-10264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
More information about the Secure-testing-commits
mailing list