[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 6 16:30:39 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9f0cef06 by Salvatore Bonaccorso at 2018-01-06T17:30:20+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -875,23 +875,23 @@ CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was f
NOTE: https://github.com/ImageMagick/ImageMagick/issues/867
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e5dae180b9236bccd73ce93bfce81e99232a8533
CVE-2017-1000473 (Linux Dash up to version v2 is vulnerable to multiple command ...)
- TODO: check
+ NOT-FOR-US: Linux Dash
CVE-2017-1000472 (The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO ...)
- poco 1.8.0-2
NOTE: https://github.com/pocoproject/poco/issues/1968
CVE-2017-1000471 (EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL ...)
- TODO: check
+ NOT-FOR-US: EmbedThis GoAhead Webserver
CVE-2017-1000470 (EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable ...)
- TODO: check
+ NOT-FOR-US: EmbedThis GoAhead Webserver
CVE-2017-1000469 (Cobbler version up to 2.8.2 is vulnerable to a command injection ...)
- cobbler <unfixed> (bug #886480)
NOTE: https://github.com/cobbler/cobbler/issues/1845
CVE-2017-1000467 (LavaLite version 5.2.4 is vulnerable to stored cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: LavaLite
CVE-2017-1000462 (BookStack version 0.18.4 is vulnerable to stored cross-site scripting, ...)
- TODO: check
+ NOT-FOR-US: BookStack
CVE-2017-1000461 (Brave Software's Brave Browser, version 0.19.73 (and earlier) is ...)
- TODO: check
+ NOT-FOR-US: Brave Software's Brave Browser
CVE-2017-1000460 (In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), ...)
TODO: check
CVE-2018-4867
@@ -905,7 +905,7 @@ CVE-2018-4864
CVE-2018-4863
RESERVED
CVE-2018-4862 (In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2018-4861
RESERVED
CVE-2018-4860
@@ -3003,7 +3003,7 @@ CVE-2017-18017 (The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c i
CVE-2017-18016
RESERVED
CVE-2017-1000493 (Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat Server
CVE-2017-1000492 (Leanote-desktop version v2.5 is vulnerable to a XSS which leads to ...)
NOT-FOR-US: Leanote-desktop
CVE-2017-1000491 (Shiba markdown live preview app version 1.1.0 is vulnerable to XSS ...)
@@ -3025,7 +3025,7 @@ CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run w
NOTE: https://github.com/rohe/pysaml2/issues/451
NOTE: Fixed by: https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5
CVE-2017-1000432 (Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting ...)
- TODO: check
+ NOT-FOR-US: Vanilla Forums
CVE-2017-1000427 (marked version 0.3.6 and earlier is vulnerable to an XSS attack in the ...)
- node-marked <unfixed> (unimportant; bug #886451)
NOTE: https://github.com/chjj/marked/commit/cd2f6f5b7091154c5526e79b5f3bfb4d15995a51
@@ -3033,7 +3033,7 @@ CVE-2017-1000427 (marked version 0.3.6 and earlier is vulnerable to an XSS attac
CVE-2017-1000426 (MapProxy version 1.10.3 and older is vulnerable to a Cross Site ...)
TODO: check
CVE-2017-1000425 (Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal CE
CVE-2017-1000458 (Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ...)
- bro 2.5.2-1
NOTE: https://bro-tracker.atlassian.net/browse/BIT-1856
@@ -3080,7 +3080,7 @@ CVE-2017-1000443 (Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnera
CVE-2017-1000442 (Passbolt API version 1.6.4 and older are vulnerable to a XSS in the ...)
TODO: check
CVE-2017-1000431 (eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is ...)
- TODO: check
+ NOT-FOR-US: eZ Systems eZ Publish
CVE-2017-1000430 (rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when ...)
TODO: check
CVE-2017-1000424 (Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable ...)
@@ -3959,7 +3959,7 @@ CVE-2017-17869 (The mgl-instagram-gallery plugin for WordPress has XSS via the .
CVE-2017-17868 (In Liferay Portal 6.1.0, the tags section has XSS via a Public Render ...)
NOT-FOR-US: Liferay Portal
CVE-2017-17867 (Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users ...)
- TODO: check
+ NOT-FOR-US: Inteno iopsys
CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain ...)
- mupdf <unfixed> (bug #885120)
NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0
@@ -11630,13 +11630,13 @@ CVE-2018-0805
CVE-2018-0804
RESERVED
CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0802
RESERVED
CVE-2018-0801
RESERVED
CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0799
RESERVED
CVE-2018-0798
@@ -11660,7 +11660,7 @@ CVE-2018-0790
CVE-2018-0789
RESERVED
CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0787
RESERVED
CVE-2018-0786
@@ -11674,37 +11674,37 @@ CVE-2018-0783
CVE-2018-0782
RESERVED
CVE-2018-0781 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0780 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0779
RESERVED
CVE-2018-0778 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0777 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0776 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0775 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0774 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0773 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0772 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0771
RESERVED
CVE-2018-0770 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0769 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0768 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0767 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0765
RESERVED
CVE-2018-0764
@@ -11712,7 +11712,7 @@ CVE-2018-0764
CVE-2018-0763
RESERVED
CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0761
RESERVED
CVE-2018-0760
@@ -11720,7 +11720,7 @@ CVE-2018-0760
CVE-2018-0759
RESERVED
CVE-2018-0758 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0757
RESERVED
CVE-2018-0756
@@ -11728,33 +11728,33 @@ CVE-2018-0756
CVE-2018-0755
RESERVED
CVE-2018-0754 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0753 (Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0752 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0751 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0750 (The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0749 (The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0748 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0747 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0746 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0745 (The Windows kernel in Windows 10 version 1703. Windows 10 version ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0744 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0743 (Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0742
RESERVED
CVE-2018-0741 (The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-17089 (custom/run.cgi in Webmin before 1.870 allows remote authenticated ...)
- webmin <removed>
CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser ...)
@@ -13331,9 +13331,9 @@ CVE-2018-0106
CVE-2018-0105
RESERVED
CVE-2018-0104 (A vulnerability in Cisco WebEx Network Recording Player for Advanced ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0102
RESERVED
CVE-2018-0101
@@ -13630,7 +13630,7 @@ CVE-2017-16906 (In Horde Groupware 5.2.19, there is XSS via the URL field in a .
NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
TODO: check
CVE-2017-16905 (The DuoLingo TinyCards application before 1.0 for Android has one use ...)
- TODO: check
+ NOT-FOR-US: DuoLingo TinyCards application
CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 allows ...)
NOT-FOR-US: LvyeCMS
CVE-2017-16903 (LvyeCMS through 3.1 allows remote attackers to upload and execute ...)
@@ -14511,7 +14511,7 @@ CVE-2017-16755
CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler ...)
NOT-FOR-US: Bolt CMS
CVE-2017-16753 (An Improper Input Validation issue was discovered in Advantech ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2017-16752
RESERVED
CVE-2017-16751
@@ -14561,7 +14561,7 @@ CVE-2017-16730
CVE-2017-16729
RESERVED
CVE-2017-16728 (An Untrusted Pointer Dereference issue was discovered in Advantech ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2017-16727 (A Credentials Management issue was discovered in Moxa NPort W2150A ...)
NOT-FOR-US: Moxa
CVE-2017-16726
@@ -14569,7 +14569,7 @@ CVE-2017-16726
CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai ...)
NOT-FOR-US: Xiongmai Technology IP Cameras and DVRs
CVE-2017-16724 (A Stack-based Buffer Overflow issue was discovered in Advantech ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2017-16723 (A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL ...)
NOT-FOR-US: PHOENIX
CVE-2017-16722
@@ -14577,7 +14577,7 @@ CVE-2017-16722
CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA ...)
NOT-FOR-US: Geovap Reliance SCADA
CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions prior to ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort ...)
NOT-FOR-US: Moxa
CVE-2017-16718
@@ -14585,7 +14585,7 @@ CVE-2017-16718
CVE-2017-16717 (A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio ...)
NOT-FOR-US: WECON LeviStudio HMI
CVE-2017-16716 (A SQL Injection issue was discovered in WebAccess versions prior to ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Version ...)
NOT-FOR-US: Moxa
CVE-2017-16714
@@ -14707,7 +14707,7 @@ CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to
CVE-2017-16668
RESERVED
CVE-2017-16666 (Xplico before 1.2.1 allows remote authenticated users to execute ...)
- TODO: check
+ NOT-FOR-US: Xplico
CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...)
NOT-FOR-US: RemObjects Remoting SDK
CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket ...)
@@ -17434,7 +17434,7 @@ CVE-2017-15716
CVE-2017-15715
RESERVED
CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape ...)
- TODO: check
+ NOT-FOR-US: BIRT plugin in Apache OFBiz
CVE-2017-15713
RESERVED
CVE-2017-15712
@@ -17793,11 +17793,11 @@ CVE-2017-15552
CVE-2017-15551
RESERVED
CVE-2017-15550 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, ...)
- TODO: check
+ NOT-FOR-US: EMC Avamar Server
CVE-2017-15549 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, ...)
- TODO: check
+ NOT-FOR-US: EMC Avamar Server
CVE-2017-15548 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, ...)
- TODO: check
+ NOT-FOR-US: EMC Avamar Server
CVE-2017-15547
RESERVED
CVE-2017-15546
@@ -19798,7 +19798,7 @@ CVE-2017-14962 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver cont
CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an ...)
NOT-FOR-US: IKARUS anti.virus
CVE-2017-14960 (xDashboard in OpenText Document Sciences xPression (formerly EMC ...)
- TODO: check
+ NOT-FOR-US: EMC Document Sciences xPression
CVE-2017-14959
RESERVED
CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of dangerous ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f0cef06c7e6ec4d744e12f8d1198ca1216192db
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f0cef06c7e6ec4d744e12f8d1198ca1216192db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180106/d7028615/attachment.html>
More information about the Secure-testing-commits
mailing list