[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sun Jan 7 16:10:20 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b055019c by Salvatore Bonaccorso at 2018-01-07T17:09:47+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3055,7 +3055,7 @@ CVE-2017-1000454 (CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Tem
CVE-2017-1000453 (CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and ...)
- TODO: check
+ NOT-FOR-US: Samlify
CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-git ...)
NOT-FOR-US: fs-git
CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and ...)
@@ -4070,7 +4070,7 @@ CVE-2017-17839
CVE-2017-17838
RESERVED
CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the ...)
- TODO: check
+ NOT-FOR-US: Apache DeltaSpike-JSF module
CVE-2017-17836
RESERVED
CVE-2017-17835
@@ -10044,7 +10044,7 @@ CVE-2018-1192
CVE-2018-1191
RESERVED
CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry products: all ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2018-1189
RESERVED
CVE-2018-1188
@@ -11155,9 +11155,9 @@ CVE-2017-17100
CVE-2017-17099 (There exists an unauthenticated SEH based Buffer Overflow vulnerability ...)
NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2017-17098 (The writeLog function in fn_common.php in gps-server.net GPS Tracking ...)
- TODO: check
+ NOT-FOR-US: gps-server.net GPS Tracking Software
CVE-2017-17097 (gps-server.net GPS Tracking Software (self hosted) 2.x has a password ...)
- TODO: check
+ NOT-FOR-US: gps-server.net GPS Tracking Software
CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards plugin ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open Source ...)
@@ -13321,7 +13321,7 @@ CVE-2018-0116
CVE-2018-0115
RESERVED
CVE-2018-0114 (A vulnerability in the Cisco node-jose open source library before ...)
- TODO: check
+ NOT-FOR-US: Cisco node-jose
CVE-2018-0113
RESERVED
CVE-2018-0112
@@ -20003,11 +20003,11 @@ CVE-2017-14906
CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Android MediaServer
CVE-2017-14903 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14902 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-14901 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14900 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -20017,11 +20017,11 @@ CVE-2017-14899 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-14898 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14897 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-14896 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-14894
RESERVED
CVE-2017-14893
@@ -21501,7 +21501,7 @@ CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family, ver
CVE-2017-14384
RESERVED
CVE-2017-14383 (In Dell EMC VNX2 versions prior to Operating Environment for File ...)
- TODO: check
+ NOT-FOR-US: EMC VNX
CVE-2017-14382
RESERVED
CVE-2017-14381
@@ -24969,7 +24969,7 @@ CVE-2017-13058 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in
CVE-2017-13057
RESERVED
CVE-2017-13056 (The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Viewer
CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
{DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
@@ -31451,7 +31451,7 @@ CVE-2017-11045 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-11044 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11043 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-11042 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11041 (In all Qualcomm products with Android releases from CAF using the ...)
@@ -31525,9 +31525,9 @@ CVE-2017-11008
CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
TODO: check
CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm closed-source components for Android
CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm closed-source components for Android
CVE-2017-11004
RESERVED
CVE-2017-11003
@@ -31872,9 +31872,9 @@ CVE-2017-10907 (Directory traversal vulnerability in OneThird CMS Show Off v1.85
CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 ...)
NOT-FOR-US: Fluentd
CVE-2017-10905 (A vulnerability in applications created using Qt for Android prior to ...)
- TODO: check
+ NOT-FOR-US: Qt for Android
CVE-2017-10904 (Qt for Android prior to 5.9.0 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Qt for Android
CVE-2017-10903 (Improper authentication issue in PTW-WMS1 firmware version 2.000.012 ...)
NOT-FOR-US: PTW-WMS1 firmware
CVE-2017-10902 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute ...)
@@ -35178,7 +35178,7 @@ CVE-2017-9718 (In Android for MSM, Firefox OS for MSM, QRD Android, with all And
CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9716 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: qbt1000 driver in Android
CVE-2017-9715 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9714 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -40133,7 +40133,7 @@ CVE-2017-8048 (In Cloud Foundry capi-release versions 1.33.0 and later, prior to
CVE-2017-8047 (In Cloud Foundry router routing-release all versions prior to v0.163.0 ...)
NOT-FOR-US: Cloud Foundry
CVE-2017-8046 (Malicious PATCH requests submitted to spring-data-rest servers in ...)
- TODO: check
+ NOT-FOR-US: Spring Data REST
CVE-2017-8045 (In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an ...)
NOT-FOR-US: Spring AMQP
CVE-2017-8044 (In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and ...)
@@ -46766,7 +46766,7 @@ CVE-2017-6096 (A SQL injection issue was discovered in the Mail Masta (aka mail-
CVE-2017-6095 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta) ...)
NOT-FOR-US: Mail Masta plugin for Wordpress
CVE-2017-6094 (CPEs used by subscribers on the access network receive their ...)
- TODO: check
+ NOT-FOR-US: Genexis GASP
CVE-2017-6093
RESERVED
CVE-2017-6092
@@ -51207,13 +51207,13 @@ CVE-2017-4950
CVE-2017-4949
RESERVED
CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4947
RESERVED
CVE-2017-4946 (The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4945 (VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4944
RESERVED
CVE-2017-4943 (VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a ...)
@@ -59517,7 +59517,7 @@ CVE-2017-1729
CVE-2017-1728
RESERVED
CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1726
RESERVED
CVE-2017-1725
@@ -59573,7 +59573,7 @@ CVE-2017-1701
CVE-2017-1700
RESERVED
CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure ...)
- TODO: check
+ NOT-FOR-US: IBM MQ Managed File Transfer Agent
CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2017-1697
@@ -59625,15 +59625,15 @@ CVE-2017-1675
CVE-2017-1674
RESERVED
CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1671
RESERVED
CVE-2017-1670
RESERVED
CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1668
RESERVED
CVE-2017-1667
@@ -59641,9 +59641,9 @@ CVE-2017-1667
CVE-2017-1666
RESERVED
CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1663
RESERVED
CVE-2017-1662
@@ -71907,7 +71907,7 @@ CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for .
CVE-2016-6915 (Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver ...)
NOT-FOR-US: Nvidia driver for Android
CVE-2016-6914 (Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti UniFi Video
CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before ...)
NOT-FOR-US: OSSIM
CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the GD ...)
@@ -101342,7 +101342,7 @@ CVE-2015-6239
CVE-2015-6238 (Multiple cross-site scripting (XSS) vulnerabilities in the Google ...)
NOT-FOR-US: Google Analyticator plugin for WordPress
CVE-2015-6237 (The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 ...)
- TODO: check
+ NOT-FOR-US: Tripwire IP360 VnE Manager
CVE-2015-6236
REJECTED
CVE-2015-6235
@@ -123010,7 +123010,7 @@ CVE-2014-8581
CVE-2014-8580 (Citrix NetScaler Application Delivery Controller and NetScaler Gateway ...)
NOT-FOR-US: Citrix Netscaler
CVE-2014-8579 (TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a ...)
- TODO: check
+ NOT-FOR-US: TRENDnet TEW-823DRU devices
CVE-2014-8578 (Cross-site scripting (XSS) vulnerability in the Groups panel in ...)
- horizon 2014.1.1-3
[wheezy] - horizon <not-affected> (Vulnerable code not present)
@@ -123701,9 +123701,9 @@ CVE-2014-8338
CVE-2014-8337
RESERVED
CVE-2014-8336 (The "Sql Run Query" panel in WP-DBManager (aka Database Manager) ...)
- TODO: check
+ NOT-FOR-US: WP-DBManager plugin for WordPress
CVE-2014-8335 ((1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager ...)
- TODO: check
+ NOT-FOR-US: WP-DBManager (aka Database Manager) plugin for WordPress
CVE-2014-8334 (The WP-DBManager (aka Database Manager) plugin before 2.7.2 for ...)
NOT-FOR-US: WordPress plugin wp-dbmanager
CVE-2014-8332
@@ -125157,7 +125157,7 @@ CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServl
CVE-2014-7863
RESERVED
CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly ...)
NOT-FOR-US: Apple OS X
CVE-2011-5282
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b055019c551ec63452e1149ea08a9e0ab498f979
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b055019c551ec63452e1149ea08a9e0ab498f979
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180107/281baa79/attachment-0001.html>
More information about the Secure-testing-commits
mailing list