Author: carnil Date: 2017-11-09 21:18:13 +0000 (Thu, 09 Nov 2017) New Revision: 57515
Modified: data/CVE/list Log: Process some NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-09 21:11:15 UTC (rev 57514) +++ data/CVE/list 2017-11-09 21:18:13 UTC (rev 57515) @@ -3,7 +3,7 @@ CVE-2017-16755 RESERVED CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler ...) - TODO: check + NOT-FOR-US: Bolt CMS CVE-2017-16753 RESERVED CVE-2017-16752 @@ -283,9 +283,9 @@ CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the ...) NOT-FOR-US: TinyWebGallery CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2017-16632 RESERVED CVE-2017-16631 @@ -415,9 +415,9 @@ CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an ...) NOT-FOR-US: Zurmo CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...) - TODO: check + NOT-FOR-US: Logitech Media Server CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...) - TODO: check + NOT-FOR-US: Logitech Media Server CVE-2017-16566 RESERVED CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage ...) @@ -2943,7 +2943,7 @@ CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to ...) NOT-FOR-US: Mura CMS CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux ...) - TODO: check + NOT-FOR-US: SuSEfirewall2 in SUSE CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing ...) - wordpress <unfixed> (bug #880868) NOTE: https://core.trac.wordpress.org/ticket/21022 @@ -10224,7 +10224,7 @@ CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 ...) NOT-FOR-US: Apache2Triad CVE-2017-12969 (Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in ...) - TODO: check + NOT-FOR-US: Avaya IP Office Contact Center CVE-2017-12968 RESERVED CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor (BFD) ...) @@ -14983,7 +14983,7 @@ NOTE: Fixed by: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598 CVE-2017-11461 (NetApp OnCommand Unified Manager for 7-mode (core package) versions ...) - TODO: check + NOT-FOR-US: NetApp CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the DataArchivingService ...) NOT-FOR-US: SAP CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via ...) @@ -15474,7 +15474,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/517 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08 CVE-2017-11309 (Buffer overflow in the SoftConsole client in Avaya IP Office before ...) - TODO: check + NOT-FOR-US: Avaya IP Office CVE-2017-11308 RESERVED CVE-2017-11307 @@ -19799,7 +19799,7 @@ CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the ...) NOT-FOR-US: Zenbership CVE-2017-9758 (Savitech driver packages for Windows silently install a self-signed ...) - TODO: check + NOT-FOR-US: Savitech driver packages for Windows CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via ...) NOT-FOR-US: IPFire CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below the stack ...) @@ -34662,7 +34662,7 @@ {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5201 (NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow ...) - TODO: check + NOT-FOR-US: NetApp CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...) - salt 2016.11.2+ds-1 [jessie] - salt <not-affected> (Vulnerable code not present) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits