[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Jan 10 21:38:00 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d345064 by Moritz Muehlenhoff at 2018-01-10T22:37:49+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2017-1000441
 CVE-2017-1000439
 	REJECTED
 CVE-2018-5331 (Discuz! DiscuzX X3.4 has XSS via the view parameter to ...)
-	TODO: check
+	NOT-FOR-US: Discuz!
 CVE-2018-5330
 	RESERVED
 CVE-2018-5329
@@ -39,7 +39,7 @@ CVE-2018-5315
 CVE-2018-5314
 	RESERVED
 CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored cross-site ...)
-	TODO: check
+	NOT-FOR-US: Sulu-standard
 CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file ...)
 	NOT-FOR-US: rui Li finecms
 CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...)
@@ -86,9 +86,9 @@ CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10 an
 CVE-2017-18025 (cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote ...)
 	NOT-FOR-US: Innotube ITGuard-Manager
 CVE-2017-18024 (AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default ...)
-	TODO: check
+	NOT-FOR-US: AvantFAX
 CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to the ...)
-	TODO: check
+	NOT-FOR-US: Office Tracker
 CVE-2018-XXXX [Password protect the JSONRPC interface]
 	- electrum 3.0.5-1 (bug #886683)
 	[jessie] - electrum <not-affected> (Only affects >= 2.6.4)
@@ -134,7 +134,7 @@ CVE-2018-5284 (The ImageInject plugin 1.15 for WordPress has XSS via the flickr_
 CVE-2018-5283 (The Photos in Wifi application 1.0.1 for iOS has directory traversal ...)
 	NOT-FOR-US: Photos in Wifi application for iOS
 CVE-2018-5282 (Kentico 9.0 through 11.0 has a stack-based buffer overflow via the ...)
-	TODO: check
+	NOT-FOR-US: Kentico
 CVE-2018-5281 (SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices ...)
 	NOT-FOR-US: SonicWall SonicOS
 CVE-2018-5280 (SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices ...)
@@ -297,7 +297,7 @@ CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has
 CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...)
 	NOT-FOR-US: Simple Download Monitor plugin for WordPress
 CVE-2018-5211 (PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack ...)
-	TODO: check
+	NOT-FOR-US: PHP Melody
 CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, ...)
 	NOT-FOR-US: Samsung mobile devices
 CVE-2018-5209
@@ -3315,9 +3315,9 @@ CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit ...)
 	NOTE: https://github.com/Mindwerks/wildmidi/issues/178
 	NOTE: https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab
 CVE-2017-1000413 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ...)
-	TODO: check
+	NOT-FOR-US: OP-TEE
 CVE-2017-1000412 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ...)
-	TODO: check
+	NOT-FOR-US: OP-TEE
 CVE-2018-3816
 	RESERVED
 CVE-2018-3815 (The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) ...)
@@ -3873,7 +3873,7 @@ CVE-2018-3612
 CVE-2018-3611
 	RESERVED
 CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before version 3.1.1 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in NetTransport ...)
 	NOT-FOR-US: NetTransport Download Manager
 CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote ...)
@@ -3921,7 +3921,7 @@ CVE-2017-17947
 CVE-2017-1000411
 	RESERVED
 CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Handy Password
 CVE-2017-17945
 	RESERVED
 CVE-2017-17944
@@ -4259,7 +4259,7 @@ CVE-2017-17852 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows 
 CVE-2017-17842
 	RESERVED
 CVE-2017-17841 (Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacker ...)
 	- open-iscsi 2.0.874-5 (bug #885021)
 	[stretch] - open-iscsi <no-dsa> (Minor issue)
@@ -9294,7 +9294,7 @@ CVE-2017-17664 (A Remote Crash issue was discovered in Asterisk Open Source 13.x
 CVE-2017-17663
 	RESERVED
 CVE-2017-17662 (Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 ...)
-	TODO: check
+	NOT-FOR-US: Yawcam
 CVE-2017-17661
 	RESERVED
 CVE-2017-17660
@@ -15399,7 +15399,7 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is
 CVE-2017-16515
 	RESERVED
 CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities ...)
-	TODO: check
+	NOT-FOR-US: WebsiteBaker
 CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in ...)
 	NOT-FOR-US: Ipswitch WS_FTP Professional
 CVE-2017-16512
@@ -17109,7 +17109,7 @@ CVE-2017-15943 (The configuration file import for applications, spyware and ...)
 CVE-2017-15942 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-15941 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-15940 (The web interface packet capture management component in Palo Alto ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-15939 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
@@ -17268,7 +17268,7 @@ CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 
 CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)
 	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
 CVE-2017-15883 (Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow ...)
-	TODO: check
+	NOT-FOR-US: Sitefinity
 CVE-2017-15882 (The London Trust Media Private Internet Access (PIA) application before ...)
 	NOT-FOR-US: London Trust Media Private Internet Access (PIA) application
 CVE-2017-15881 (Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d3450645d50951b64cfddccc8284e9f429bcc92

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d3450645d50951b64cfddccc8284e9f429bcc92
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180110/cc14a9dd/attachment-0001.html>

More information about the Secure-testing-commits mailing list