Author: carnil Date: 2017-08-03 03:04:53 +0000 (Thu, 03 Aug 2017) New Revision: 54214
Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-02 21:21:05 UTC (rev 54213) +++ data/CVE/list 2017-08-03 03:04:53 UTC (rev 54214) @@ -1053,9 +1053,9 @@ - ming <removed> NOTE: https://github.com/libming/libming/issues/82 CVE-2017-11727 (services/system_io/actionprocessor/Contact.rails in ConnectWise Manage ...) - TODO: check + NOT-FOR-US: ConnectWise Manage CVE-2017-11726 (services/system_io/actionprocessor/System.rails in ConnectWise Manage ...) - TODO: check + NOT-FOR-US: ConnectWise Manage CVE-2017-11725 (The share function in Thycotic Secret Server before 10.2.000019 ...) NOT-FOR-US: Thycotic Secret Server CVE-2017-11723 (Directory traversal vulnerability in plugins/ImageManager/backend.php ...) @@ -7183,7 +7183,7 @@ NOTE: https://github.com/irssi/irssi/commit/528f51bfbe5c65c5b24546faa244009dd5b3c586 NOTE: https://irssi.org/security/irssi_sa_2017_06.txt CVE-2017-9467 (Cross-site scripting (XSS) vulnerability in the GlobalProtect external ...) - TODO: check + NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-9466 (The executable httpd on the TP-Link WR841N V8 router before ...) NOT-FOR-US: TP-Link CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote attackers ...) @@ -7199,7 +7199,7 @@ CVE-2017-9460 RESERVED CVE-2017-9459 (Cross-site scripting (XSS) vulnerability in the management web ...) - TODO: check + NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-9458 RESERVED CVE-2017-9457 (Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware does not ...) @@ -8001,7 +8001,7 @@ CVE-2017-9248 (Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 ...) NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX CVE-2017-9247 (Multiple unquoted Windows search path vulnerabilities in Sierra ...) - TODO: check + NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe ...) NOT-FOR-US: New Relic .NET Agent CVE-2017-9245 (The Google News and Weather application before 3.3.1 for Android allows ...) @@ -10353,7 +10353,7 @@ CVE-2017-8391 (The OS Installation Management component in CA Client Automation r12.9, ...) NOT-FOR-US: OS Installation Management component in CA Client Automation CVE-2017-8390 (The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before ...) - TODO: check + NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-8389 RESERVED CVE-2017-8388 (GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger ...) @@ -12643,7 +12643,7 @@ CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileges ...) NOT-FOR-US: Proxifier for Mac CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka ...) - TODO: check + NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin CVE-2017-7641 RESERVED CVE-2017-7640 @@ -28772,27 +28772,27 @@ CVE-2017-2289 RESERVED CVE-2017-2288 (Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier ...) - TODO: check + NOT-FOR-US: LhaForge CVE-2017-2287 (Untrusted search path vulnerability in NFC Port Software remover ...) - TODO: check + NOT-FOR-US: NFC Port Software remover CVE-2017-2286 (Untrusted search path vulnerability in NFC Port Software Version ...) - TODO: check + NOT-FOR-US: NFC Port Software CVE-2017-2285 (Cross-site scripting vulnerability in Simple Custom CSS and JS prior ...) - TODO: check + NOT-FOR-US: Simple Custom CSS and JS CVE-2017-2284 (Cross-site scripting vulnerability in Popup Maker prior to version ...) TODO: check CVE-2017-2283 (WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded ...) - TODO: check + NOT-FOR-US: WN-G300R3 firmware CVE-2017-2282 (Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier ...) - TODO: check + NOT-FOR-US: WN-AX1167GR firmware CVE-2017-2281 (WN-AX1167GR firmware version 3.00 and earlier allows an attacker to ...) - TODO: check + NOT-FOR-US: WN-AX1167GR firmware CVE-2017-2280 (WN-AX1167GR firmware version 3.00 and earlier uses hardcoded ...) - TODO: check + NOT-FOR-US: WN-AX1167GR firmware CVE-2017-2279 (Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier ...) - TODO: check + NOT-FOR-US: Tween CVE-2017-2278 (The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB ...) - TODO: check + NOT-FOR-US: RBB SPEED TEST App CVE-2017-2277 (WG-C10 v3.0.79 and earlier allows an attacker to bypass access ...) NOT-FOR-US: WG-C10 CVE-2017-2276 (Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to ...) @@ -29072,7 +29072,7 @@ CVE-2017-2139 (CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), ...) NOT-FOR-US: CS-Cart CVE-2017-2138 (Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese ...) - TODO: check + NOT-FOR-US: CS-Cart CVE-2017-2137 (ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote ...) NOT-FOR-US: ProSAFE Plus Configuration Utility CVE-2017-2136 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...) @@ -30358,7 +30358,7 @@ CVE-2017-1496 (IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1494 RESERVED CVE-2017-1493 @@ -30412,9 +30412,9 @@ CVE-2017-1469 RESERVED CVE-2017-1468 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1467 (A network layer security vulnerability in InfoSphere Information ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1466 RESERVED CVE-2017-1465 @@ -30582,7 +30582,7 @@ CVE-2017-1384 RESERVED CVE-2017-1383 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1382 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create ...) NOT-FOR-US: IBM CVE-2017-1381 (IBM WebSphere Application Server Proxy Server or On-demand-router ...) @@ -31112,7 +31112,7 @@ CVE-2017-1119 RESERVED CVE-2017-1118 (IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to ...) NOT-FOR-US: IBM CVE-2017-1116 @@ -39626,9 +39626,9 @@ CVE-2016-7846 REJECTED CVE-2016-7845 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload ...) - TODO: check + NOT-FOR-US: GigaCC OFFICE CVE-2016-7844 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: GigaCC OFFICE CVE-2016-7843 (Directory traversal vulnerability in AttacheCase for Java 0.60 and ...) NOT-FOR-US: AttacheCase CVE-2016-7842 (Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier ...) @@ -39695,7 +39695,7 @@ CVE-2016-7813 (Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and ...) NOT-FOR-US: DERAEMON-CMS CVE-2016-7812 (The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ...) - TODO: check + NOT-FOR-US: Bank of Tokyo-Mitsubishi UFJ, Ltd. App CVE-2016-7811 (Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker ...) NOT-FOR-US: Corega CVE-2016-7810 (Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. ...) @@ -66017,7 +66017,7 @@ CVE-2015-8265 (Huawei Mobile WiFi E5151 routers with software before ...) NOT-FOR-US: Huawei CVE-2015-8264 (Untrusted search path vulnerability in F-Secure Online Scanner allows ...) - TODO: check + NOT-FOR-US: F-Secure Online Scanner CVE-2015-8263 (NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source ...) NOT-FOR-US: NETGEAR CVE-2015-8262 (Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an ...) @@ -67125,7 +67125,7 @@ CVE-2015-7892 RESERVED CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphics 2D ...) - TODO: check + NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android CVE-2015-7890 RESERVED CVE-2015-7889 @@ -79133,7 +79133,7 @@ CVE-2015-3643 RESERVED CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler ...) - TODO: check + NOT-FOR-US: Citrix CVE-2015-3641 RESERVED CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the "." ...) @@ -82155,7 +82155,7 @@ CVE-2015-2691 RESERVED CVE-2015-2690 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: Digium Addons module for FreePBX CVE-2015-2704 (realmd allows remote attackers to inject arbitrary configurations in ...) - realmd 0.16.0-1 (bug #781179) [jessie] - realmd <no-dsa> (Minor issue) @@ -82548,7 +82548,7 @@ CVE-2015-2561 RESERVED CVE-2015-2560 (Manage Engine Desktop Central 9 before build 90135 allows remote ...) - TODO: check + NOT-FOR-US: Manage Engine Desktop Central CVE-2015-2558 (Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 ...) NOT-FOR-US: Microsoft CVE-2015-2557 (Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote ...) @@ -87067,7 +87067,7 @@ CVE-2015-1176 (Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in ...) NOT-FOR-US: osTicket CVE-2015-1174 (Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA ...) - TODO: check + NOT-FOR-US: Unit4 Polska TETA Web CVE-2015-1173 (Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not ...) NOT-FOR-US: Unit4 Polska TETA Web CVE-2015-1172 (Unrestricted file upload vulnerability in admin/upload-file.php in the ...) @@ -92076,7 +92076,7 @@ CVE-2015-0195 (Cross-site scripting (XSS) vulnerability in IBM Content Template ...) NOT-FOR-US: IBM CVE-2015-0194 (XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-0193 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...) NOT-FOR-US: IBM Business Process Manager CVE-2015-0192 (Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 ...) @@ -92662,7 +92662,7 @@ CVE-2014-8904 (lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows ...) NOT-FOR-US: IBM AIX, VIOS CVE-2014-8903 (IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-8902 (Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-8901 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 ...) @@ -139483,7 +139483,7 @@ CVE-2012-5031 RESERVED CVE-2012-5030 (Cisco IOS before 15.2(4)S6 does not initialize an unspecified ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2012-5029 RESERVED CVE-2012-5028 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits