[Secure-testing-commits] r57698 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Nov 17 09:18:16 UTC 2017
Author: jmm
Date: 2017-11-17 09:18:16 +0000 (Fri, 17 Nov 2017)
New Revision: 57698
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-17 09:10:18 UTC (rev 57697)
+++ data/CVE/list 2017-11-17 09:18:16 UTC (rev 57698)
@@ -9,29 +9,29 @@
CVE-2017-16868
RESERVED
CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...)
- TODO: check
+ NOT-FOR-US: Amazon Key
CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis ...)
TODO: check
CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 is ...)
- TODO: check
+ NOT-FOR-US: CodeIgniter
CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the ...)
TODO: check
CVE-2017-1000241 (The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2017-1000240 (The application OpenEMR is affected by multiple reflected & stored ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site ...)
- TODO: check
+ NOT-FOR-US: InvoicePlane
CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload ...)
- TODO: check
+ NOT-FOR-US: InvoicePlane
CVE-2017-1000237 (I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request ...)
- TODO: check
+ NOT-FOR-US: I, Librarian
CVE-2017-1000236 (I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site ...)
- TODO: check
+ NOT-FOR-US: I, Librarian
CVE-2017-1000235 (I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection ...)
- TODO: check
+ NOT-FOR-US: I, Librarian
CVE-2017-1000234 (I, Librarian version <=4.6 & 4.7 is vulnerable to Directory ...)
- TODO: check
+ NOT-FOR-US: I, Librarian
CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have ...)
TODO: check
CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...)
@@ -39,43 +39,43 @@
CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...)
TODO: check
CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code ...)
- TODO: check
+ NOT-FOR-US: nodejs ejs
CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...)
TODO: check
CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using ...)
- TODO: check
+ NOT-FOR-US: Relevanssi
CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a XSS) is ...)
- TODO: check
+ NOT-FOR-US: MODX Revolution
CVE-2017-1000220 (soyuka/pidusage <=1.1.4 is vulnerable to command injection in the ...)
- TODO: check
+ NOT-FOR-US: soyuka/pidusage
CVE-2017-1000219 (npm/KyleRoss windows-cpu all versions vulnerable to command injection ...)
- TODO: check
+ NOT-FOR-US: npm/KyleRoss windows-cpu
CVE-2017-1000218 (LightFTP version 1.1 is vulnerable to a buffer overflow in the ...)
TODO: check
CVE-2017-1000213 (WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST ...)
TODO: check
CVE-2017-1000210 (picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer ...)
- TODO: check
+ NOT-FOR-US: picoTCP
CVE-2017-1000209 (The Java WebSocket client nv-websocket-client does not verify that the ...)
- TODO: check
+ NOT-FOR-US: Java WebSocket client nv-websocket-client
CVE-2017-1000208 (A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing ...)
- TODO: check
+ NOT-FOR-US: Swagger-Parser
CVE-2017-1000197 (October CMS build 412 is vulnerable to file path modification in asset ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2017-1000196 (October CMS build 412 is vulnerable to PHP code execution in the asset ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2017-1000195 (October CMS build 412 is vulnerable to PHP object injection in asset ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2017-1000194 (October CMS build 412 is vulnerable to Apache configuration ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: nodejs ejs
CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: nodejs ejs
CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. ...)
TODO: check
CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...)
@@ -89,19 +89,19 @@
CVE-2017-1000174 (In SWFTools, an address access exception was found in swfdump ...)
TODO: check
CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. ...)
- TODO: check
+ NOT-FOR-US: Creolabs Gravity
CVE-2017-1000172 (Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. ...)
- TODO: check
+ NOT-FOR-US: Creolabs Gravity
CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook ...)
- TODO: check
+ NOT-FOR-US: Tine groupware
CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: EllisLab ExpressionEngine
CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...)
TODO: check
CVE-2017-1000129 (Serendipity 2.0.3 is vulnerable to a SQL injection in the blog ...)
- TODO: check
+ - serendipity <removed>
CVE-2017-1000125 (Codiad(full version) is vulnerable to write anything to configure file ...)
- TODO: check
+ NOT-FOR-US: Codiad
CVE-2018-0085
RESERVED
CVE-2018-0084
More information about the Secure-testing-commits
mailing list