Author: carnil
Date: 2017-09-08 04:58:18 +0000 (Fri, 08 Sep 2017)
New Revision: 55560
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-07 21:12:04 UTC (rev 55559)
+++ data/CVE/list 2017-09-08 04:58:18 UTC (rev 55560)
@@ -45,13 +45,13 @@
CVE-2017-14196
RESERVED
CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui
FineCms 5.0.11 ...)
- TODO: check
+ NOT-FOR-US: dayrui FineCms
CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui
FineCms ...)
- TODO: check
+ NOT-FOR-US: dayrui FineCms
CVE-2017-14193 (The oauth function in controllers/member/api.php in dayrui
FineCms ...)
- TODO: check
+ NOT-FOR-US: dayrui FineCms
CVE-2017-14192 (The checktitle function in controllers/member/api.php in
dayrui FineCms ...)
- TODO: check
+ NOT-FOR-US: dayrui FineCms
CVE-2017-14191
RESERVED
CVE-2017-14190
@@ -1060,7 +1060,7 @@
CVE-2017-13772
RESERVED
CVE-2017-13771 (Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network
...)
- TODO: check
+ NOT-FOR-US: Lexmark Scan To Network
CVE-2017-13770
RESERVED
CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in
ImageMagick ...)
@@ -1339,7 +1339,7 @@
CVE-2017-13714
RESERVED
CVE-2017-13713 (T&W WIFI Repeater BE126 allows remote authenticated users
to execute ...)
- TODO: check
+ NOT-FOR-US: T&W WIFI Repeater BE126
CVE-2017-13712 (NULL Pointer Dereference in the id3v2AddAudioDuration function
in ...)
- lame <unfixed>
[stretch] - lame <no-dsa> (Minor issue)
@@ -3250,7 +3250,7 @@
CVE-2017-12907 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via
the url ...)
NOT-FOR-US: NexusPHP
CVE-2017-12906 (Multiple cross-site scripting (XSS) vulnerabilities in
NexusPHP allow ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2017-12905
RESERVED
CVE-2017-12904 (Improper Neutralization of Special Elements used in an OS
Command in ...)
@@ -3968,7 +3968,7 @@
CVE-2017-12839
RESERVED
CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP
1.5 allows ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2017-12837
RESERVED
CVE-2017-12835
@@ -4050,7 +4050,7 @@
CVE-2017-12800
RESERVED
CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers
(rev. Ax) ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote
repositories, might ...)
{DSA-3940-1 DLA-1056-1}
- cvs 2:1.12.13+real-24 (bug #871810)
@@ -5111,7 +5111,7 @@
CVE-2017-12417
RESERVED
CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect
internal ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-12415
RESERVED
CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom
encryption ...)
@@ -10504,7 +10504,7 @@
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066
CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before
5.5.3.7 for ...)
- TODO: check
+ NOT-FOR-US: WatuPRO plugin for WordPress
CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the
injection of ...)
NOT-FOR-US: Undetermined product
NOTE: /wapopen is not part of BOA, it's probably an insecure CGI
@@ -13065,7 +13065,7 @@
CVE-2017-9459 (Cross-site scripting (XSS) vulnerability in the management web
...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9458 (XML external entity (XXE) vulnerability in the GlobalProtect
internal ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9457 (Intense PC Phoenix SecureCore UEFI firmware does not perform
capsule ...)
NOT-FOR-US: Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware
CVE-2017-9456
@@ -36568,7 +36568,7 @@
CVE-2017-1503
RESERVED
CVE-2017-1502 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could
provide ...)
NOT-FOR-US: IBM
CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in
the ...)
@@ -37194,7 +37194,7 @@
CVE-2017-1190 (IBM Emptoris Strategic Supply Management Platform 10.x and 10.1
could ...)
NOT-FOR-US: IBM
CVE-2017-1189 (IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0
is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1188
RESERVED
CVE-2017-1187
@@ -37376,7 +37376,7 @@
CVE-2017-1099 (IBM Jazz Foundation could expose potentially sensitive
information to ...)
NOT-FOR-US: IBM
CVE-2017-1098 (IBM Emptoris Supplier Lifecycle Management 10.1.0.x is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1097 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x
through ...)
NOT-FOR-US: IBM
CVE-2017-1096 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to
...)
@@ -82649,11 +82649,11 @@
CVE-2015-4630
RESERVED
CVE-2015-4629 (Huawei E5756S before V200R002B146D23SP00C00 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-4628 (SQL injection vulnerability in ...)
- limesurvey <itp> (bug #472802)
CVE-2015-4627 (SQL injection vulnerability in Pragyan CMS 3.0. ...)
- TODO: check
+ NOT-FOR-US: Pragyan CMS
CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side
validation, ...)
NOT-FOR-US: B.A.S C2Box
CVE-2015-4624 (Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF
tokens. ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
