Author: carnil
Date: 2017-08-03 03:04:53 +0000 (Thu, 03 Aug 2017)
New Revision: 54214
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-02 21:21:05 UTC (rev 54213)
+++ data/CVE/list 2017-08-03 03:04:53 UTC (rev 54214)
@@ -1053,9 +1053,9 @@
- ming <removed>
NOTE: https://github.com/libming/libming/issues/82
CVE-2017-11727 (services/system_io/actionprocessor/Contact.rails in
ConnectWise Manage ...)
- TODO: check
+ NOT-FOR-US: ConnectWise Manage
CVE-2017-11726 (services/system_io/actionprocessor/System.rails in ConnectWise
Manage ...)
- TODO: check
+ NOT-FOR-US: ConnectWise Manage
CVE-2017-11725 (The share function in Thycotic Secret Server before
10.2.000019 ...)
NOT-FOR-US: Thycotic Secret Server
CVE-2017-11723 (Directory traversal vulnerability in
plugins/ImageManager/backend.php ...)
@@ -7183,7 +7183,7 @@
NOTE:
https://github.com/irssi/irssi/commit/528f51bfbe5c65c5b24546faa244009dd5b3c586
NOTE: https://irssi.org/security/irssi_sa_2017_06.txt
CVE-2017-9467 (Cross-site scripting (XSS) vulnerability in the GlobalProtect
external ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9466 (The executable httpd on the TP-Link WR841N V8 router before ...)
NOT-FOR-US: TP-Link
CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote
attackers ...)
@@ -7199,7 +7199,7 @@
CVE-2017-9460
RESERVED
CVE-2017-9459 (Cross-site scripting (XSS) vulnerability in the management web
...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9458
RESERVED
CVE-2017-9457 (Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware
does not ...)
@@ -8001,7 +8001,7 @@
CVE-2017-9248 (Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX
before R2 ...)
NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
CVE-2017-9247 (Multiple unquoted Windows search path vulnerabilities in Sierra
...)
- TODO: check
+ NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages
CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws
to safe ...)
NOT-FOR-US: New Relic .NET Agent
CVE-2017-9245 (The Google News and Weather application before 3.3.1 for
Android allows ...)
@@ -10353,7 +10353,7 @@
CVE-2017-8391 (The OS Installation Management component in CA Client
Automation r12.9, ...)
NOT-FOR-US: OS Installation Management component in CA Client Automation
CVE-2017-8390 (The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x
before ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-8389
RESERVED
CVE-2017-8388 (GeniXCMS 1.0.2 allows remote attackers to bypass the
alertDanger ...)
@@ -12643,7 +12643,7 @@
CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain
privileges ...)
NOT-FOR-US: Proxifier for Mac
CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin
(aka ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-7641
RESERVED
CVE-2017-7640
@@ -28772,27 +28772,27 @@
CVE-2017-2289
RESERVED
CVE-2017-2288 (Untrusted search path vulnerability in LhaForge Ver.1.6.5 and
earlier ...)
- TODO: check
+ NOT-FOR-US: LhaForge
CVE-2017-2287 (Untrusted search path vulnerability in NFC Port Software
remover ...)
- TODO: check
+ NOT-FOR-US: NFC Port Software remover
CVE-2017-2286 (Untrusted search path vulnerability in NFC Port Software
Version ...)
- TODO: check
+ NOT-FOR-US: NFC Port Software
CVE-2017-2285 (Cross-site scripting vulnerability in Simple Custom CSS and JS
prior ...)
- TODO: check
+ NOT-FOR-US: Simple Custom CSS and JS
CVE-2017-2284 (Cross-site scripting vulnerability in Popup Maker prior to
version ...)
TODO: check
CVE-2017-2283 (WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded ...)
- TODO: check
+ NOT-FOR-US: WN-G300R3 firmware
CVE-2017-2282 (Buffer overflow in WN-AX1167GR firmware version 3.00 and
earlier ...)
- TODO: check
+ NOT-FOR-US: WN-AX1167GR firmware
CVE-2017-2281 (WN-AX1167GR firmware version 3.00 and earlier allows an
attacker to ...)
- TODO: check
+ NOT-FOR-US: WN-AX1167GR firmware
CVE-2017-2280 (WN-AX1167GR firmware version 3.00 and earlier uses hardcoded
...)
- TODO: check
+ NOT-FOR-US: WN-AX1167GR firmware
CVE-2017-2279 (Untrusted search path vulnerability in Tween Ver1.6.6.0 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Tween
CVE-2017-2278 (The RBB SPEED TEST App for Android version 2.0.3 and earlier,
RBB ...)
- TODO: check
+ NOT-FOR-US: RBB SPEED TEST App
CVE-2017-2277 (WG-C10 v3.0.79 and earlier allows an attacker to bypass access
...)
NOT-FOR-US: WG-C10
CVE-2017-2276 (Buffer overflow in WG-C10 v3.0.79 and earlier allows an
attacker to ...)
@@ -29072,7 +29072,7 @@
CVE-2017-2139 (CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and
v3), ...)
NOT-FOR-US: CS-Cart
CVE-2017-2138 (Cross-site request forgery (CSRF) vulnerability in CS-Cart
Japanese ...)
- TODO: check
+ NOT-FOR-US: CS-Cart
CVE-2017-2137 (ProSAFE Plus Configuration Utility prior to 2.3.29 allows
remote ...)
NOT-FOR-US: ProSAFE Plus Configuration Utility
CVE-2017-2136 (Cross-site scripting vulnerability in WP Statistics version
12.0.4 and ...)
@@ -30358,7 +30358,7 @@
CVE-2017-1496 (IBM Sterling B2B Integrator Standard Edition 5.2.x is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could
allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1494
RESERVED
CVE-2017-1493
@@ -30412,9 +30412,9 @@
CVE-2017-1469
RESERVED
CVE-2017-1468 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could
allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1467 (A network layer security vulnerability in InfoSphere
Information ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1466
RESERVED
CVE-2017-1465
@@ -30582,7 +30582,7 @@
CVE-2017-1384
RESERVED
CVE-2017-1383 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1382 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might
create ...)
NOT-FOR-US: IBM
CVE-2017-1381 (IBM WebSphere Application Server Proxy Server or
On-demand-router ...)
@@ -31112,7 +31112,7 @@
CVE-2017-1119
RESERVED
CVE-2017-1118 (IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n
attacker ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user
to ...)
NOT-FOR-US: IBM
CVE-2017-1116
@@ -39626,9 +39626,9 @@
CVE-2016-7846
REJECTED
CVE-2016-7845 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to
upload ...)
- TODO: check
+ NOT-FOR-US: GigaCC OFFICE
CVE-2016-7844 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: GigaCC OFFICE
CVE-2016-7843 (Directory traversal vulnerability in AttacheCase for Java 0.60
and ...)
NOT-FOR-US: AttacheCase
CVE-2016-7842 (Directory traversal vulnerability in AttacheCase 2.8.2.8 and
earlier ...)
@@ -39695,7 +39695,7 @@
CVE-2016-7813 (Cross-site scripting vulnerability in DERAEMON-CMS version
0.8.9 and ...)
NOT-FOR-US: DERAEMON-CMS
CVE-2016-7812 (The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android
ver5.3.1, ...)
- TODO: check
+ NOT-FOR-US: Bank of Tokyo-Mitsubishi UFJ, Ltd. App
CVE-2016-7811 (Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an
attacker ...)
NOT-FOR-US: Corega
CVE-2016-7810 (Cross-site scripting vulnerability in Corega CG-WLR300NX
firmware Ver. ...)
@@ -66017,7 +66017,7 @@
CVE-2015-8265 (Huawei Mobile WiFi E5151 routers with software before ...)
NOT-FOR-US: Huawei
CVE-2015-8264 (Untrusted search path vulnerability in F-Secure Online Scanner
allows ...)
- TODO: check
+ NOT-FOR-US: F-Secure Online Scanner
CVE-2015-8263 (NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same
source ...)
NOT-FOR-US: NETGEAR
CVE-2015-8262 (Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16
use an ...)
@@ -67125,7 +67125,7 @@
CVE-2015-7892
RESERVED
CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung
Graphics 2D ...)
- TODO: check
+ NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
CVE-2015-7890
RESERVED
CVE-2015-7889
@@ -79133,7 +79133,7 @@
CVE-2015-3643
RESERVED
CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler
...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2015-3641
RESERVED
CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the
"." ...)
@@ -82155,7 +82155,7 @@
CVE-2015-2691
RESERVED
CVE-2015-2690 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Digium Addons module for FreePBX
CVE-2015-2704 (realmd allows remote attackers to inject arbitrary
configurations in ...)
- realmd 0.16.0-1 (bug #781179)
[jessie] - realmd <no-dsa> (Minor issue)
@@ -82548,7 +82548,7 @@
CVE-2015-2561
RESERVED
CVE-2015-2560 (Manage Engine Desktop Central 9 before build 90135 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Manage Engine Desktop Central
CVE-2015-2558 (Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel
2010 ...)
NOT-FOR-US: Microsoft
CVE-2015-2557 (Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows
remote ...)
@@ -87067,7 +87067,7 @@
CVE-2015-1176 (Cross-site scripting (XSS) vulnerability in
upload/scp/tickets.php in ...)
NOT-FOR-US: osTicket
CVE-2015-1174 (Session fixation vulnerability in Unit4 Polska TETA Web
(formerly TETA ...)
- TODO: check
+ NOT-FOR-US: Unit4 Polska TETA Web
CVE-2015-1173 (Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does
not ...)
NOT-FOR-US: Unit4 Polska TETA Web
CVE-2015-1172 (Unrestricted file upload vulnerability in admin/upload-file.php
in the ...)
@@ -92076,7 +92076,7 @@
CVE-2015-0195 (Cross-site scripting (XSS) vulnerability in IBM Content
Template ...)
NOT-FOR-US: IBM
CVE-2015-0194 (XML External Entity (XXE) vulnerability in IBM Sterling B2B
Integrator ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-0193 (Cross-site scripting (XSS) vulnerability in IBM Business
Process ...)
NOT-FOR-US: IBM Business Process Manager
CVE-2015-0192 (Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before
SR2 ...)
@@ -92662,7 +92662,7 @@
CVE-2014-8904 (lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x
allows ...)
NOT-FOR-US: IBM AIX, VIOS
CVE-2014-8903 (IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8902 (Cross-site scripting (XSS) vulnerability in the Blog Portlet in
IBM ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-8901 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5,
10.1 ...)
@@ -139483,7 +139483,7 @@
CVE-2012-5031
RESERVED
CVE-2012-5030 (Cisco IOS before 15.2(4)S6 does not initialize an unspecified
...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2012-5029
RESERVED
CVE-2012-5028
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
