[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Jul 16 21:53:05 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5f515f5 by Moritz Muehlenhoff at 2018-07-16T22:52:47+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -46487,9 +46487,9 @@ CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Pho
CVE-2017-14711 (The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka ...)
NOT-FOR-US: Kickbase GmbH "Kickbase Bundesliga Manager"
CVE-2017-14710 (The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein ...)
- TODO: check
+ NOT-FOR-US: Fashion Shopping app
CVE-2017-14709 (The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- ...)
- TODO: check
+ NOT-FOR-US: Cycling & Hiking Maps app
CVE-2017-14708
RESERVED
CVE-2017-14707
@@ -46797,7 +46797,7 @@ CVE-2017-14614 (Directory traversal vulnerability in the Visor GUI Console in Gr
CVE-2017-14613
RESERVED
CVE-2017-14612 ("Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka ...)
- TODO: check
+ NOT-FOR-US: Book sale app
CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote ...)
NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 ...)
@@ -50863,19 +50863,19 @@ CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use
NOTE: Fixed in 1.59 beta 9
NOTE: https://robotattack.org/
CVE-2017-13097 (The P1735 IEEE standard describes flawed methods for encrypting ...)
- TODO: check
+ NOT-FOR-US: P1735 IEEE standard
CVE-2017-13096 (The P1735 IEEE standard describes flawed methods for encrypting ...)
- TODO: check
+ NOT-FOR-US: P1735 IEEE standard
CVE-2017-13095 (The P1735 IEEE standard describes flawed methods for encrypting ...)
- TODO: check
+ NOT-FOR-US: P1735 IEEE standard
CVE-2017-13094 (The P1735 IEEE standard describes flawed methods for encrypting ...)
- TODO: check
+ NOT-FOR-US: P1735 IEEE standard
CVE-2017-13093 (The P1735 IEEE standard describes flawed methods for encrypting ...)
- TODO: check
+ NOT-FOR-US: P1735 IEEE standard
CVE-2017-13092 (The P1735 IEEE standard describes flawed methods for encrypting ...)
- TODO: check
+ NOT-FOR-US: P1735 IEEE standard
CVE-2017-13091 (The P1735 IEEE standard describes flawed methods for encrypting ...)
- TODO: check
+ NOT-FOR-US: P1735 IEEE standard
CVE-2017-13090 (The retr.c:fd_read_body() function is called when processing OK ...)
{DSA-4008-1 DLA-1149-1}
- wget 1.19.2-1 (bug #879957)
@@ -57549,7 +57549,7 @@ CVE-2017-11090 (In android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-11089 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11088 (Improper Input Validation in Linux io-prefetch in Snapdragon Mobile ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2017-11087 (libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-11086
@@ -74068,7 +74068,7 @@ CVE-2017-5706 (Multiple buffer overflows in kernel in Intel Server Platform Serv
CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability Engine ...)
NOT-FOR-US: Intel
CVE-2017-5704 (Platform sample code firmware included with 4th Gen Intel Core ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel ...)
NOT-FOR-US: Intel
CVE-2017-5702
@@ -81908,9 +81908,9 @@ CVE-2017-3200 (The Java implementation of AMF3 deserializers used in GraniteDS,
CVE-2017-3199 (The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 ...)
NOT-FOR-US: AMF3 deserialisers
CVE-2017-3198 (GIGABYTE BRIX UEFI firmware does not cryptographically validate images ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE
CVE-2017-3197 (GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE
CVE-2017-3196 (PCAUSA Rawether framework does not properly validate BPF data, ...)
NOT-FOR-US: PCAUSA Rawether
CVE-2017-3195 (Commvault Edge Communication Service (cvd) prior to version 11 SP7 or ...)
@@ -89461,43 +89461,43 @@ CVE-2016-9502
CVE-2016-9501
REJECTED
CVE-2016-9500 (Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft ...)
- TODO: check
+ NOT-FOR-US: Accellion
CVE-2016-9499 (Accellion FTP server prior to version FTA_9_12_220 only returns the ...)
- TODO: check
+ NOT-FOR-US: Accellion
CVE-2016-9498 (ManageEngine Applications Manager 12 and 13, allows unserialization of ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2016-9497 (Hughes high-performance broadband satellite modems, models HN7740S ...)
- TODO: check
+ NOT-FOR-US: Hughes
CVE-2016-9496 (Hughes high-performance broadband satellite modems, models HN7740S ...)
- TODO: check
+ NOT-FOR-US: Hughes
CVE-2016-9495 (Hughes high-performance broadband satellite modems, models HN7740S ...)
- TODO: check
+ NOT-FOR-US: Hughes
CVE-2016-9494 (Hughes high-performance broadband satellite modems, models HN7740S ...)
- TODO: check
+ NOT-FOR-US: Hughes
CVE-2016-9493 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...)
- TODO: check
+ NOT-FOR-US: PHP FormMail Generator
CVE-2016-9492 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...)
- TODO: check
+ NOT-FOR-US: PHP FormMail Generator
CVE-2016-9491 (ManageEngine Applications Manager 12 and 13 allows an authenticated ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 suffer from a ...)
NOT-FOR-US: ManageEngine Applications Manager
CVE-2016-9489 (In ManageEngine Applications Manager 12 and 13, an authenticated user ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2016-9488 (ManageEngine Applications Manager versions 12 and 13 suffer from ...)
NOT-FOR-US: ManageEngine Applications Manager
CVE-2016-9487 (EpubCheck 4.0.1 does not properly restrict resolving external entities ...)
- TODO: check
+ NOT-FOR-US: EpubCheck
CVE-2016-9486 (On Windows endpoints, the SecureConnector agent must run under the ...)
- TODO: check
+ NOT-FOR-US: SecureConnector agent
CVE-2016-9485 (On Windows endpoints, the SecureConnector agent must run under the ...)
- TODO: check
+ NOT-FOR-US: SecureConnector agent
CVE-2016-9484 (The generated PHP form code does not properly validate user input ...)
- TODO: check
+ NOT-FOR-US: PHP FormMail Generator
CVE-2016-9483 (The PHP form code generated by PHP FormMail Generator deserializes ...)
- TODO: check
+ NOT-FOR-US: PHP FormMail Generator
CVE-2016-9482 (Code generated by PHP FormMail Generator may allow a remote ...)
- TODO: check
+ NOT-FOR-US: PHP FormMail Generator
CVE-2014-9912 (The get_icu_disp_value_src_php function in ...)
- php5 5.6.0+dfsg-1
[wheezy] - php5 5.4.34-0+deb7u1
@@ -99281,7 +99281,7 @@ CVE-2016-6582 (The Doorkeeper gem before 4.2.0 for Ruby might allow remote attac
CVE-2016-6579
REJECTED
CVE-2016-6578 (CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a ...)
- TODO: check
+ NOT-FOR-US: CodeLathe FileCloud
CVE-2016-6577
RESERVED
CVE-2016-6576
@@ -99303,11 +99303,11 @@ CVE-2016-6569
CVE-2016-6568
RESERVED
CVE-2016-6567 (SHDesigns' Resident Download Manager provides firmware update ...)
- TODO: check
+ NOT-FOR-US: SHDesigns
CVE-2016-6566 (The valueAsString parameter inside the JSON payload contained by the ...)
- TODO: check
+ NOT-FOR-US: Sungard
CVE-2016-6565 (The Imagely NextGen Gallery plugin for Wordpress prior to version ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-6564 (Android devices with code from Ragentek contain a privileged binary ...)
TODO: check
CVE-2016-6563 (Processing malformed SOAP messages when performing the HNAP Login ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5f515f5c29785c9438c979d54a14f966b3fa9d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5f515f5c29785c9438c979d54a14f966b3fa9d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180716/6203017f/attachment.html>
More information about the debian-security-tracker-commits
mailing list