Author: jmm
Date: 2017-07-12 21:37:46 +0000 (Wed, 12 Jul 2017)
New Revision: 53420
Modified:
data/CVE/list
Log:
new imagemagick issues
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-12 21:31:11 UTC (rev 53419)
+++ data/CVE/list 2017-07-12 21:37:46 UTC (rev 53420)
@@ -1,11 +1,11 @@
CVE-2017-11196 (Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout
function ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2017-11195 (Pulse Connect Secure 8.3R1 has Reflected XSS in
launchHelp.cgi. The ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2017-11194 (Pulse Connect Secure 8.3R1 has Reflected XSS in ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2017-11193 (Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel,
the ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2017-11192
RESERVED
CVE-2017-11191
@@ -15,9 +15,10 @@
CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to
cause a ...)
TODO: check
CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick
7.0.6-0 has a ...)
- TODO: check
+ - imagemagick <unfixed>
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force
attacks ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2017-11186
RESERVED
CVE-2017-11185
@@ -89,12 +90,12 @@
CVE-2017-11168
RESERVED
CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP
code by ...)
- TODO: check
+ NOT-FOR-US: FineCMS
CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick
7.0.5-6 has a ...)
- imagemagick <unfixed> (low)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/471
CVE-2017-11165 (dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: dataTaker
CVE-2017-11164 (In PCRE 8.41, the OP_KETRMAX feature in the match function in
...)
TODO: check
CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in
aggregate_graphs.php in ...)
@@ -1653,7 +1654,7 @@
CVE-2017-9978
RESERVED
CVE-2017-9977 (AVG AntiVirus for MacOS with scan engine before 4668 might
allow ...)
- TODO: check
+ NOT-FOR-US: AVG
CVE-2017-9976
RESERVED
CVE-2017-9975
@@ -1966,11 +1967,11 @@
CVE-2017-9846 (Winmail Server 6.1 allows remote code execution by
authenticated users ...)
NOT-FOR-US: Winmail Server
CVE-2017-9845 (disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote
...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-9844 (SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause
a ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-9843 (SAP NetWeaver AS ABAP 7.40 allows remote authenticated users
with ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-9842
RESERVED
CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before
5.6.3 ...)
@@ -27584,7 +27585,7 @@
CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity
...)
NOT-FOR-US: IBM
CVE-2017-1321 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to
cross-site ...)
NOT-FOR-US: IBM
CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...)
@@ -27656,7 +27657,7 @@
CVE-2017-1286
RESERVED
CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated
user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with
ability ...)
NOT-FOR-US: IBM
CVE-2017-1283
@@ -32627,21 +32628,21 @@
CVE-2016-8954 (IBM dashDB Local uses hard-coded credentials that could allow a
remote ...)
NOT-FOR-US: IBM
CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8952
RESERVED
CVE-2016-8951
RESERVED
CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8949
RESERVED
CVE-2016-8948 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8947 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8946 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8945
RESERVED
CVE-2016-8944 (IBM AIX 7.1 and 7.2 allows a local user to open a file with a
...)
@@ -35089,7 +35090,7 @@
CVE-2017-0244 (The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7
SP1 ...)
NOT-FOR-US: Microsoft
CVE-2017-0243 (Microsoft Office allows a remote code execution vulnerability
due to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0242 (An information disclosure vulnerability exists in the way some
ActiveX ...)
NOT-FOR-US: Microsoft
CVE-2017-0241 (An elevation of privilege vulnerability exists when Microsoft
Edge ...)
@@ -35235,7 +35236,7 @@
CVE-2017-0171 (Windows DNS Server allows a denial of service vulnerability
when ...)
NOT-FOR-US: Microsoft
CVE-2017-0170 (Windows Performance Monitor in Windows Server 2008 SP2 and R2
SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0169 (An information disclosure vulnerability exists when Windows
Hyper-V ...)
NOT-FOR-US: Microsoft
CVE-2017-0168 (An information disclosure vulnerability exists when the Windows
...)
@@ -42122,7 +42123,7 @@
CVE-2016-6115 (IBM General Parallel File System is vulnerable to a buffer
overflow. A ...)
NOT-FOR-US: IBM
CVE-2016-6114 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This
vulnerability ...)
NOT-FOR-US: IBM
CVE-2016-6112 (IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1,
and ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
