[Secure-testing-commits] r56184 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Sep 27 09:29:31 UTC 2017
Author: jmm
Date: 2017-09-27 09:29:31 +0000 (Wed, 27 Sep 2017)
New Revision: 56184
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-27 09:20:23 UTC (rev 56183)
+++ data/CVE/list 2017-09-27 09:29:31 UTC (rev 56184)
@@ -8,19 +8,19 @@
NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
NOTE: Fixed in 3.2.8
CVE-2017-14766 (The Simple Student Result plugin before 1.6.4 for WordPress has an ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-14765 (In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a ...)
- TODO: check
+ NOT-FOR-US: GeniXCMS
CVE-2017-14764 (In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated ...)
- TODO: check
+ NOT-FOR-US: GeniXCMS
CVE-2017-14763 (In the Install Themes page in GeniXCMS 1.1.4, remote authenticated ...)
- TODO: check
+ NOT-FOR-US: GeniXCMS
CVE-2017-14762 (In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS ...)
- TODO: check
+ NOT-FOR-US: GeniXCMS
CVE-2017-14761 (In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the ...)
- TODO: check
+ NOT-FOR-US: GeniXCMS
CVE-2017-14760 (SQL Injection exists in /includes/event-management/index.php in the ...)
- TODO: check
+ NOT-FOR-US: Event Espresso Lite
CVE-2017-14759
RESERVED
CVE-2017-14758
@@ -34,17 +34,17 @@
CVE-2017-14754
RESERVED
CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web ...)
- TODO: check
+ NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14752
RESERVED
CVE-2017-14751 (The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-14750
RESERVED
CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: JerryScript
CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: Blizzard Overwatch
CVE-2017-14747
RESERVED
CVE-2017-14746
@@ -64,7 +64,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/09/26/9
NOTE: https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u
CVE-2017-14744 (UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. ...)
- TODO: check
+ NOT-FOR-US: UEditor
CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL ...)
NOT-FOR-US: Faleemi FSC-880 00.01.01.0048P2 devices
CVE-2017-14742
@@ -92,9 +92,9 @@
CVE-2017-14736
RESERVED
CVE-2017-14735 (OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as ...)
- TODO: check
+ NOT-FOR-US: OWASP AntiSamy
CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote ...)
- TODO: check
+ NOT-FOR-US: libbpg
CVE-2017-14733 (ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE ...)
- graphicsmagick <unfixed>
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3
@@ -105,7 +105,7 @@
- libofx <unfixed>
NOTE: https://github.com/libofx/libofx/issues/10
CVE-2017-14730 (The init script in the Gentoo app-admin/logstash-bin package before ...)
- TODO: check
+ NOT-FOR-US: Gentoo packagin flaw for Logstash
CVE-2017-14729 (The *_get_synthetic_symtab functions in the Binary File Descriptor ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
@@ -181,9 +181,9 @@
CVE-2017-14705 (DenyAll WAF before 6.4.1 allows unauthenticated remote command ...)
NOT-FOR-US: DenyAll WAF
CVE-2017-14704 (Multiple unrestricted file upload vulnerabilities in the (1) ...)
- TODO: check
+ NOT-FOR-US: Claydip Laravel Airbnb Clone
CVE-2017-14703 (SQL injection vulnerability in Cash Back Comparison Script 1.0 allows ...)
- TODO: check
+ NOT-FOR-US: Cash Back Comparison Script
CVE-2017-14702
RESERVED
CVE-2017-14701
More information about the Secure-testing-commits
mailing list