[Secure-testing-commits] r55946 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Sep 20 21:16:27 UTC 2017


Author: jmm
Date: 2017-09-20 21:16:27 +0000 (Wed, 20 Sep 2017)
New Revision: 55946

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-20 21:10:14 UTC (rev 55945)
+++ data/CVE/list	2017-09-20 21:16:27 UTC (rev 55946)
@@ -1,7 +1,7 @@
 CVE-2017-14616 (An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard Fireware
 CVE-2017-14615 (An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard Fireware
 CVE-2017-14614
 	RESERVED
 CVE-2017-14613
@@ -23,7 +23,7 @@
 CVE-2017-14605
 	RESERVED
 CVE-2015-9231 (iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords ...)
-	TODO: check
+	NOT-FOR-US: iTerm2
 CVE-2017-14604 (GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by ...)
 	- nautilus 3.25.90-1 (bug #860268)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777991
@@ -45,9 +45,9 @@
 CVE-2017-14597 (AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the ...)
 	NOT-FOR-US: AfterLogic WebMail
 CVE-2017-14596 (In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2017-14594
 	RESERVED
 CVE-2017-14593
@@ -13755,7 +13755,7 @@
 CVE-2017-9650 (An Unrestricted Upload of File with Dangerous Type issue was discovered ...)
 	NOT-FOR-US: Automated Logic Corporation (ALC)
 CVE-2017-9649 (A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion ...)
-	TODO: check
+	NOT-FOR-US: Mirion
 CVE-2017-9648 (An Uncontrolled Search Path Element issue was discovered in Solar ...)
 	NOT-FOR-US: Solar Controls WATTConfig M Software
 CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the Continental ...)
@@ -13763,7 +13763,7 @@
 CVE-2017-9646 (An Uncontrolled Search Path Element issue was discovered in Solar ...)
 	NOT-FOR-US: Solar Controls Heating Control Downloader (HCDownloader)
 CVE-2017-9645 (An Inadequate Encryption Strength issue was discovered in Mirion ...)
-	TODO: check
+	NOT-FOR-US: Mirion
 CVE-2017-9644 (An Unquoted Search Path or Element issue was discovered in Automated ...)
 	NOT-FOR-US: Automated Logic Corporation (ALC)
 CVE-2017-9643
@@ -13875,7 +13875,7 @@
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89
 CVE-2017-9607 (The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might ...)
-	TODO: check
+	NOT-FOR-US: ARM Trusted Firmware
 CVE-2017-9606 (Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local ...)
 	NOT-FOR-US: Infotecs ViPNet Client and Coordinator
 CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in ...)
@@ -16591,11 +16591,11 @@
 CVE-2017-8773 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security ...)
 	NOT-FOR-US: Quick Heal Internet Security
 CVE-2017-8772 (On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet ...)
-	TODO: check
+	NOT-FOR-US: BE126 WIFI repeater
 CVE-2017-8771 (On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet ...)
-	TODO: check
+	NOT-FOR-US: BE126 WIFI repeater
 CVE-2017-8770 (There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 ...)
-	TODO: check
+	NOT-FOR-US: BE126 WIFI repeater
 CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger 2.17.146 for Android uses ...)
 	NOT-FOR-US: WhatsApp Messenger
 CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command ...)
@@ -18736,7 +18736,7 @@
 CVE-2017-7925 (A Password in Configuration File issue was discovered in Dahua ...)
 	NOT-FOR-US: Dahua
 CVE-2017-7924 (An Improper Input Validation issue was discovered in Rockwell ...)
-	TODO: check
+	NOT-FOR-US: Rockwell
 CVE-2017-7923 (A Password in Configuration File issue was discovered in Hikvision ...)
 	NOT-FOR-US: Hikvision
 CVE-2017-7922 (An Improper Privilege Management issue was discovered in Cambium ...)
@@ -72853,7 +72853,7 @@
 	{DSA-3583-1}
 	- swift-plugin-s3 1.9-1 (bug #822688)
 CVE-2014-9758 (Cross-site scripting (XSS) vulnerability in Magento E-Commerce ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2015-XXXX [uses non-random tempdir /tmp/tmprepo.0/.git/]
 	- git-repair 1.20151215-1 (unimportant; bug #807341)
 	NOTE: Non-exploitable on release archs due to kernel hardening
@@ -73626,7 +73626,7 @@
 CVE-2015-8225 (The Joint Photographic Experts Group Processing Unit (JPU) driver in ...)
 	NOT-FOR-US: Huawei
 CVE-2015-8224 (Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2015-8223 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and ...)
 	NOT-FOR-US: Huawei
 CVE-2015-8222 (The lxd-unix.socket systemd unit file in the Ubuntu lxd package before ...)
@@ -76319,7 +76319,7 @@
 CVE-2015-7348 (Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and ...)
 	NOT-FOR-US: zTree
 CVE-2015-7347 (Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages ...)
-	TODO: check
+	NOT-FOR-US: ZCMS
 CVE-2015-7346 (SQL injection vulnerability in ZCMS 1.1. ...)
 	NOT-FOR-US: ZCMS
 CVE-2015-7345
@@ -80869,7 +80869,7 @@
 CVE-2015-5609 (Absolute path traversal vulnerability in the Image Export plugin 1.1 ...)
 	NOT-FOR-US: Image Export plugin for WordPress
 CVE-2015-5608 (Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2015-5606
 	RESERVED
 CVE-2015-5605 (The regular-expression implementation in Google V8, as used in Google ...)
@@ -85305,13 +85305,13 @@
 CVE-2015-4076
 	RESERVED
 CVE-2015-4075 (The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote ...)
-	TODO: check
+	NOT-FOR-US: Joomla! plugin
 CVE-2015-4074 (Directory traversal vulnerability in the Helpdesk Pro plugin before ...)
-	TODO: check
+	NOT-FOR-US: Joomla! plugin
 CVE-2015-4073 (Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin ...)
-	TODO: check
+	NOT-FOR-US: Joomla! plugin
 CVE-2015-4072 (Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk ...)
-	TODO: check
+	NOT-FOR-US: Joomla! plugin
 CVE-2015-4071 (The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote ...)
 	NOT-FOR-US: Helpdesk Pro Plugin for Joomla!
 CVE-2015-4070 (Open redirect vulnerability in the proxyimages function in ...)




More information about the Secure-testing-commits mailing list