[Secure-testing-commits] r55911 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Sep 19 21:23:21 UTC 2017
Author: jmm
Date: 2017-09-19 21:23:21 +0000 (Tue, 19 Sep 2017)
New Revision: 55911
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-19 21:16:13 UTC (rev 55910)
+++ data/CVE/list 2017-09-19 21:23:21 UTC (rev 55911)
@@ -42,7 +42,7 @@
- pcb-rnd 1.2.5-2
[stretch] - pcb-rnd <no-dsa> (Minor issue)
CVE-2017-14581 (The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-14580 (XnView Classic for Windows Version 2.41 allows attackers to execute ...)
NOT-FOR-US: XnView
CVE-2017-14579 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
@@ -737,7 +737,7 @@
[wheezy] - xen <not-affected> (No arm support in Wheezy)
NOTE: https://xenbits.xen.org/xsa/advisory-235.html
CVE-2017-14311 (The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows ...)
- TODO: check
+ NOT-FOR-US: NetMechanica NetDecision
CVE-2017-14310 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
NOT-FOR-US: STDU Viewer
CVE-2017-14309 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
@@ -1216,11 +1216,11 @@
CVE-2017-14144
RESERVED
CVE-2017-14143 (The getUserzoneCookie function in Kaltura before 13.2.0 uses a ...)
- TODO: check
+ NOT-FOR-US: Kaltura
CVE-2017-14142 (Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before ...)
- TODO: check
+ NOT-FOR-US: Kaltura
CVE-2017-14141 (The wiki_decode Developer System Helper function in the admin panel in ...)
- TODO: check
+ NOT-FOR-US: Kaltura
CVE-2017-14140 (The move_pages system call in mm/migrate.c in the Linux kernel before ...)
{DLA-1099-1}
- linux 4.12.12-1
@@ -10408,9 +10408,9 @@
CVE-2017-10932
RESERVED
CVE-2017-10931 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download ...)
- TODO: check
+ NOT-FOR-US: ZXR10 1800-2S
CVE-2017-10930 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a ...)
- TODO: check
+ NOT-FOR-US: ZXR10 1800-2S
CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...)
{DLA-1044-1}
- ipsec-tools 1:0.8.2+20140711-9 (bug #867986)
@@ -10918,7 +10918,7 @@
CVE-2017-10701
RESERVED
CVE-2017-10700 (In the medialibrary component in QNAP NAS 4.3.3.0229, an ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before ...)
- vlc 2.2.6-3
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
@@ -24177,7 +24177,7 @@
CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote ...)
NOT-FOR-US: Citrix
CVE-2017-6315 (Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Astaro
CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in GraphicsMagick ...)
- graphicsmagick 1.3.25-8
[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
@@ -83590,15 +83590,15 @@
CVE-2015-4686
RESERVED
CVE-2015-4685 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
- TODO: check
+ NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4684 (Multiple directory traversal vulnerabilities in Polycom RealPresence ...)
- TODO: check
+ NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4683 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
- TODO: check
+ NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4682 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
- TODO: check
+ NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4681 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
- TODO: check
+ NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4679 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
NOT-FOR-US: Airties RT-210
CVE-2015-4678 (SQL injection vulnerability in Persian Car CMS 1.0 allows remote ...)
@@ -85235,7 +85235,7 @@
CVE-2015-4090
RESERVED
CVE-2015-4089 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-4088
RESERVED
CVE-2015-4087
@@ -87044,9 +87044,9 @@
CVE-2015-3433
RESERVED
CVE-2015-3432 (Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly ...)
- TODO: check
+ - ajaxplorer <itp> (bug #668381)
CVE-2015-3431 (Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to ...)
- TODO: check
+ - ajaxplorer <itp> (bug #668381)
CVE-2015-3430
RESERVED
CVE-2015-3428
@@ -87064,7 +87064,7 @@
CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop ...)
NOT-FOR-US: Wordpress Eshop
CVE-2015-3419 (vBulletin 5.x through 5.1.6 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2015-3413
RESERVED
- hhvm 3.11.0+dfsg-1
@@ -87461,7 +87461,7 @@
CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3299 (Cross-site scripting (XSS) vulnerability in the Floating Social Bar ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-3298
RESERVED
CVE-2015-3296
@@ -94863,13 +94863,13 @@
[wheezy] - glance <no-dsa> (Minor issue)
NOTE: Versions: up to 2014.1.3 and 2014.2 version up to 2014.2.1
CVE-2014-9619 (Unrestricted file upload vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9618 (The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9617
RESERVED
CVE-2014-9616 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9615
RESERVED
CVE-2014-9614
@@ -94879,9 +94879,9 @@
CVE-2014-9612
RESERVED
CVE-2014-9611 (Netsweeper before 4.0.5 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9610 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9609
RESERVED
CVE-2014-9608
@@ -96200,7 +96200,7 @@
CVE-2015-0690 (Cross-site scripting (XSS) vulnerability in the HTML help system on ...)
NOT-FOR-US: Cisco
CVE-2015-0689 (Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0688 (Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services ...)
NOT-FOR-US: Cisco
CVE-2015-0687 (The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 ...)
@@ -100439,11 +100439,11 @@
CVE-2014-8687 (Seagate Business NAS devices with firmware before 2015.00322 allow ...)
NOT-FOR-US: Seagate Business NAS devices
CVE-2014-8686 (CodeIgniter before 2.2.0 makes it easier for attackers to decode ...)
- TODO: check
+ NOT-FOR-US: CodeIgniter
CVE-2014-8685
RESERVED
CVE-2014-8684 (CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through ...)
- TODO: check
+ NOT-FOR-US: CodeIgniter
CVE-2014-8683 (Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs ...)
NOT-FOR-US: Go Git Service
CVE-2014-8682 (Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) ...)
@@ -106933,7 +106933,7 @@
CVE-2014-6192 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
NOT-FOR-US: IBM
CVE-2014-6191 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6190 (The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows ...)
NOT-FOR-US: IBM
CVE-2014-6189 (Cross-site scripting (XSS) vulnerability in IBM Security Network ...)
@@ -108693,7 +108693,7 @@
CVE-2014-5363
RESERVED
CVE-2014-5362 (The admin interface in Landesk Management Suite 9.6 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: LANDesk Management Suite
CVE-2014-5361 (Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk ...)
NOT-FOR-US: LANDesk Management Suite
CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)
More information about the Secure-testing-commits
mailing list