[Secure-testing-commits] r56369 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Oct 2 21:28:01 UTC 2017
Author: jmm
Date: 2017-10-02 21:28:01 +0000 (Mon, 02 Oct 2017)
New Revision: 56369
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-02 21:23:48 UTC (rev 56368)
+++ data/CVE/list 2017-10-02 21:28:01 UTC (rev 56369)
@@ -26,7 +26,7 @@
CVE-2017-14980
RESERVED
CVE-2017-14979 (Gxlcms uses an unsafe character-replacement approach in an attempt to ...)
- TODO: check
+ NOT-FOR-US: Gxlcms
CVE-2017-14978
RESERVED
CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler ...)
@@ -574,17 +574,15 @@
CVE-2017-14760 (SQL Injection exists in /includes/event-management/index.php in the ...)
NOT-FOR-US: Event Espresso Lite
CVE-2017-14759 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
- TODO: check
-CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
- TODO: check
+ NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14757 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
- TODO: check
+ NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14756 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
- TODO: check
+ NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14755 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
- TODO: check
+ NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14754 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
- TODO: check
+ NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14752
@@ -6278,7 +6276,7 @@
CVE-2017-12793
RESERVED
CVE-2017-12792 (Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2017-12791 (Directory traversal vulnerability in minion id validation in SaltStack ...)
- salt <unfixed> (bug #872399)
[stretch] - salt <no-dsa> (Minor issue)
@@ -15156,9 +15154,9 @@
CVE-2017-9539
RESERVED
CVE-2017-9538 (The 'Upload logo from external path' function of SolarWinds Network ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Network Performance Monitor
CVE-2017-9537 (Persistent cross-site scripting (XSS) in the Add Node function of ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Network Performance Monitor
CVE-2017-9536 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
NOT-FOR-US: IrfanView
CVE-2017-9535 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
@@ -25993,9 +25991,9 @@
CVE-2017-6091
RESERVED
CVE-2017-6090 (Unrestricted file upload vulnerability in clients/editclient.php in ...)
- TODO: check
+ NOT-FOR-US: PhpCollab
CVE-2017-6089 (SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: PhpCollab
CVE-2017-6088 (Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 ...)
NOT-FOR-US: EyesOfNetwork
CVE-2017-6087 (EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated ...)
@@ -38902,7 +38900,7 @@
CVE-2017-1570
RESERVED
CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1568
RESERVED
CVE-2017-1567
@@ -39182,7 +39180,7 @@
CVE-2017-1430
RESERVED
CVE-2017-1429 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1428 (IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the ...)
NOT-FOR-US: IBM
CVE-2017-1427 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
@@ -39302,7 +39300,7 @@
CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive ...)
NOT-FOR-US: IBM
CVE-2017-1369 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1368
RESERVED
CVE-2017-1367
@@ -39312,7 +39310,7 @@
CVE-2017-1365
RESERVED
CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1363
RESERVED
CVE-2017-1362 (IBM Security Identity Manager Adapters 6.0 and 7.0 stores user ...)
@@ -39322,7 +39320,7 @@
CVE-2017-1360
RESERVED
CVE-2017-1359 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1358
RESERVED
CVE-2017-1357 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated ...)
@@ -39350,7 +39348,7 @@
CVE-2017-1346 (IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores ...)
NOT-FOR-US: IBM
CVE-2017-1345 (IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1344
RESERVED
CVE-2017-1343
@@ -39370,9 +39368,9 @@
CVE-2017-1336
RESERVED
CVE-2017-1335 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1333
RESERVED
CVE-2017-1332 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
@@ -39392,7 +39390,7 @@
CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
CVE-2017-1324 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1323
RESERVED
CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity ...)
@@ -39418,7 +39416,7 @@
CVE-2017-1312
RESERVED
CVE-2017-1311 (IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1310 (IBM Informix Dynamic Server 12.1 could allow an authenticated user to ...)
NOT-FOR-US: IBM
CVE-2017-1309 (IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user ...)
@@ -51245,7 +51243,7 @@
CVE-2016-6807 (Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) ...)
NOT-FOR-US: Ambari Agent
CVE-2016-6806 (Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 ...)
- TODO: check
+ NOT-FOR-US: Apache Wicket
CVE-2016-6805 (Apache Ignite before 1.9 allows man-in-the-middle attackers to read ...)
NOT-FOR-US: Apache Ignite
CVE-2016-6804
@@ -76029,11 +76027,11 @@
CVE-2015-7844 (Huawei FusionAccess with software V100R005C10,V100R005C20 could allow ...)
NOT-FOR-US: Huawei
CVE-2015-7843 (The management interface on Huawei FusionServer rack servers RH2288 V3 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-7842
RESERVED
CVE-2015-7841 (The login page of the server on Huawei FusionServer rack servers ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-7872 (The key_gc_unused_keys function in security/keys/gc.c in the Linux ...)
{DSA-3396-1}
- linux 4.2.5-1
@@ -77525,11 +77523,11 @@
NOTE: issue still present in 1.908
NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
CVE-2015-7359 (The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in ...)
- TODO: check
+ NOT-FOR-US: TrueCrypt
CVE-2015-7358 (The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt ...)
- TODO: check
+ NOT-FOR-US: TrueCrypt
CVE-2015-7357 (Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) ...)
- TODO: check
+ NOT-FOR-US: uDesign
CVE-2015-7356
RESERVED
CVE-2015-7355
@@ -78484,7 +78482,7 @@
CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime ...)
NOT-FOR-US: Openfire
CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update) before ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2015-6970
RESERVED
CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...)
More information about the Secure-testing-commits
mailing list