Author: jmm Date: 2017-07-12 21:37:46 +0000 (Wed, 12 Jul 2017) New Revision: 53420
Modified: data/CVE/list Log: new imagemagick issues NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-12 21:31:11 UTC (rev 53419) +++ data/CVE/list 2017-07-12 21:37:46 UTC (rev 53420) @@ -1,11 +1,11 @@ CVE-2017-11196 (Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function ...) - TODO: check + NOT-FOR-US: Pulse Connect Secure CVE-2017-11195 (Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The ...) - TODO: check + NOT-FOR-US: Pulse Connect Secure CVE-2017-11194 (Pulse Connect Secure 8.3R1 has Reflected XSS in ...) - TODO: check + NOT-FOR-US: Pulse Connect Secure CVE-2017-11193 (Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the ...) - TODO: check + NOT-FOR-US: Pulse Connect Secure CVE-2017-11192 RESERVED CVE-2017-11191 @@ -15,9 +15,10 @@ CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...) TODO: check CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...) - TODO: check + - imagemagick <unfixed> + NOTE: https://github.com/ImageMagick/ImageMagick/issues/509 CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks ...) - TODO: check + NOT-FOR-US: phpMyFAQ CVE-2017-11186 RESERVED CVE-2017-11185 @@ -89,12 +90,12 @@ CVE-2017-11168 RESERVED CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...) - TODO: check + NOT-FOR-US: FineCMS CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...) - imagemagick <unfixed> (low) NOTE: https://github.com/ImageMagick/ImageMagick/issues/471 CVE-2017-11165 (dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: dataTaker CVE-2017-11164 (In PCRE 8.41, the OP_KETRMAX feature in the match function in ...) TODO: check CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...) @@ -1653,7 +1654,7 @@ CVE-2017-9978 RESERVED CVE-2017-9977 (AVG AntiVirus for MacOS with scan engine before 4668 might allow ...) - TODO: check + NOT-FOR-US: AVG CVE-2017-9976 RESERVED CVE-2017-9975 @@ -1966,11 +1967,11 @@ CVE-2017-9846 (Winmail Server 6.1 allows remote code execution by authenticated users ...) NOT-FOR-US: Winmail Server CVE-2017-9845 (disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote ...) - TODO: check + NOT-FOR-US: SAP CVE-2017-9844 (SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: SAP CVE-2017-9843 (SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with ...) - TODO: check + NOT-FOR-US: SAP CVE-2017-9842 RESERVED CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 ...) @@ -27584,7 +27585,7 @@ CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity ...) NOT-FOR-US: IBM CVE-2017-1321 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...) @@ -27656,7 +27657,7 @@ CVE-2017-1286 RESERVED CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...) NOT-FOR-US: IBM CVE-2017-1283 @@ -32627,21 +32628,21 @@ CVE-2016-8954 (IBM dashDB Local uses hard-coded credentials that could allow a remote ...) NOT-FOR-US: IBM CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-8952 RESERVED CVE-2016-8951 RESERVED CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-8949 RESERVED CVE-2016-8948 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-8947 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-8946 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-8945 RESERVED CVE-2016-8944 (IBM AIX 7.1 and 7.2 allows a local user to open a file with a ...) @@ -35089,7 +35090,7 @@ CVE-2017-0244 (The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 ...) NOT-FOR-US: Microsoft CVE-2017-0243 (Microsoft Office allows a remote code execution vulnerability due to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-0242 (An information disclosure vulnerability exists in the way some ActiveX ...) NOT-FOR-US: Microsoft CVE-2017-0241 (An elevation of privilege vulnerability exists when Microsoft Edge ...) @@ -35235,7 +35236,7 @@ CVE-2017-0171 (Windows DNS Server allows a denial of service vulnerability when ...) NOT-FOR-US: Microsoft CVE-2017-0170 (Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-0169 (An information disclosure vulnerability exists when Windows Hyper-V ...) NOT-FOR-US: Microsoft CVE-2017-0168 (An information disclosure vulnerability exists when the Windows ...) @@ -42122,7 +42123,7 @@ CVE-2016-6115 (IBM General Parallel File System is vulnerable to a buffer overflow. A ...) NOT-FOR-US: IBM CVE-2016-6114 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This vulnerability ...) NOT-FOR-US: IBM CVE-2016-6112 (IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits