Author: carnil Date: 2017-09-08 04:58:18 +0000 (Fri, 08 Sep 2017) New Revision: 55560
Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-07 21:12:04 UTC (rev 55559) +++ data/CVE/list 2017-09-08 04:58:18 UTC (rev 55560) @@ -45,13 +45,13 @@ CVE-2017-14196 RESERVED CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 ...) - TODO: check + NOT-FOR-US: dayrui FineCms CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui FineCms ...) - TODO: check + NOT-FOR-US: dayrui FineCms CVE-2017-14193 (The oauth function in controllers/member/api.php in dayrui FineCms ...) - TODO: check + NOT-FOR-US: dayrui FineCms CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui FineCms ...) - TODO: check + NOT-FOR-US: dayrui FineCms CVE-2017-14191 RESERVED CVE-2017-14190 @@ -1060,7 +1060,7 @@ CVE-2017-13772 RESERVED CVE-2017-13771 (Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network ...) - TODO: check + NOT-FOR-US: Lexmark Scan To Network CVE-2017-13770 RESERVED CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick ...) @@ -1339,7 +1339,7 @@ CVE-2017-13714 RESERVED CVE-2017-13713 (T&W WIFI Repeater BE126 allows remote authenticated users to execute ...) - TODO: check + NOT-FOR-US: T&W WIFI Repeater BE126 CVE-2017-13712 (NULL Pointer Dereference in the id3v2AddAudioDuration function in ...) - lame <unfixed> [stretch] - lame <no-dsa> (Minor issue) @@ -3250,7 +3250,7 @@ CVE-2017-12907 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url ...) NOT-FOR-US: NexusPHP CVE-2017-12906 (Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow ...) - TODO: check + NOT-FOR-US: NexusPHP CVE-2017-12905 RESERVED CVE-2017-12904 (Improper Neutralization of Special Elements used in an OS Command in ...) @@ -3968,7 +3968,7 @@ CVE-2017-12839 RESERVED CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...) - TODO: check + NOT-FOR-US: NexusPHP CVE-2017-12837 RESERVED CVE-2017-12835 @@ -4050,7 +4050,7 @@ CVE-2017-12800 RESERVED CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) ...) - TODO: check + NOT-FOR-US: D-Link CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote repositories, might ...) {DSA-3940-1 DLA-1056-1} - cvs 2:1.12.13+real-24 (bug #871810) @@ -5111,7 +5111,7 @@ CVE-2017-12417 RESERVED CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect internal ...) - TODO: check + NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-12415 RESERVED CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption ...) @@ -10504,7 +10504,7 @@ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for ...) - TODO: check + NOT-FOR-US: WatuPRO plugin for WordPress CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of ...) NOT-FOR-US: Undetermined product NOTE: /wapopen is not part of BOA, it's probably an insecure CGI @@ -13065,7 +13065,7 @@ CVE-2017-9459 (Cross-site scripting (XSS) vulnerability in the management web ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-9458 (XML external entity (XXE) vulnerability in the GlobalProtect internal ...) - TODO: check + NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-9457 (Intense PC Phoenix SecureCore UEFI firmware does not perform capsule ...) NOT-FOR-US: Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware CVE-2017-9456 @@ -36568,7 +36568,7 @@ CVE-2017-1503 RESERVED CVE-2017-1502 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide ...) NOT-FOR-US: IBM CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in the ...) @@ -37194,7 +37194,7 @@ CVE-2017-1190 (IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could ...) NOT-FOR-US: IBM CVE-2017-1189 (IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1188 RESERVED CVE-2017-1187 @@ -37376,7 +37376,7 @@ CVE-2017-1099 (IBM Jazz Foundation could expose potentially sensitive information to ...) NOT-FOR-US: IBM CVE-2017-1098 (IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1097 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...) NOT-FOR-US: IBM CVE-2017-1096 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to ...) @@ -82649,11 +82649,11 @@ CVE-2015-4630 RESERVED CVE-2015-4629 (Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Huawei CVE-2015-4628 (SQL injection vulnerability in ...) - limesurvey <itp> (bug #472802) CVE-2015-4627 (SQL injection vulnerability in Pragyan CMS 3.0. ...) - TODO: check + NOT-FOR-US: Pragyan CMS CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, ...) NOT-FOR-US: B.A.S C2Box CVE-2015-4624 (Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits