Author: jmm Date: 2017-03-23 22:07:08 +0000 (Thu, 23 Mar 2017) New Revision: 49980
Modified: data/CVE/list Log: NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-23 21:59:26 UTC (rev 49979) +++ data/CVE/list 2017-03-23 22:07:08 UTC (rev 49980) @@ -1,7 +1,7 @@ CVE-2017-7243 RESERVED CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules ...) - TODO: check + NOT-FOR-US: SLiMS CVE-2017-7241 RESERVED CVE-2017-7240 @@ -148,7 +148,7 @@ CVE-2017-7201 RESERVED CVE-2017-7199 (Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions ...) - TODO: check + NOT-FOR-US: Nessus CVE-2017-7200 (An SSRF issue was discovered in OpenStack Glance before Newton. The ...) - glance 2:13.0.0-1 [jessie] - glance <no-dsa> (Minor issue, too intrusive to backport) @@ -688,7 +688,7 @@ CVE-2017-6951 (The keyring_search_aux function in security/keys/keyring.c in the Linux ...) - linux 4.0.2-1 CVE-2017-6950 (SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended ...) - TODO: check + NOT-FOR-US: SAP CVE-2017-6949 (An issue was discovered in CHICKEN Scheme through 4.12.0. When using a ...) - chicken <unfixed> (bug #858057) [jessie] - chicken <no-dsa> (Minor issue) @@ -768,7 +768,7 @@ CVE-2017-6912 RESERVED CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It stores ...) - TODO: check + NOT-FOR-US: USB Pratirodh CVE-2017-6910 RESERVED CVE-2017-6909 (An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists ...) @@ -798,7 +798,7 @@ CVE-2017-6896 (Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 ...) NOT-FOR-US: DIGISOL DG-HR1400 1.00.02 wireless router CVE-2017-6895 (USB Pratirodh allows remote attackers to conduct XML External Entity ...) - TODO: check + NOT-FOR-US: USB Pratirodh CVE-2017-6894 RESERVED CVE-2017-6893 @@ -1637,7 +1637,7 @@ CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in ...) NOT-FOR-US: SanaCMS CVE-2017-6517 (Microsoft Skype 7.16.0.102 contains a vulnerability that could allow ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-6516 (A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo ...) NOT-FOR-US: MagniComp CVE-2017-6515 @@ -2258,11 +2258,11 @@ CVE-2017-6362 RESERVED CVE-2017-6361 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute ...) - TODO: check + NOT-FOR-US: QNAP CVE-2017-6360 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain ...) - TODO: check + NOT-FOR-US: QNAP CVE-2017-6359 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain ...) - TODO: check + NOT-FOR-US: QNAP CVE-2017-6358 RESERVED CVE-2017-6357 @@ -2736,7 +2736,7 @@ CVE-2017-6192 RESERVED CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to ...) - TODO: check + NOT-FOR-US: APNGDis CVE-2017-6190 RESERVED CVE-2017-6189 (Untrusted search path vulnerability in Amazon Kindle for PC before ...) @@ -5848,7 +5848,7 @@ CVE-2017-5228 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 ...) NOT-FOR-US: Rapid7 CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to obtain ...) - TODO: check + NOT-FOR-US: QNAP CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the ...) {DLA-795-1} - tiff 4.0.7-5 (bug #851297) @@ -25063,7 +25063,7 @@ CVE-2016-7469 RESERVED CVE-2016-7468 (An unauthenticated remote attacker may be able to disrupt services on ...) - TODO: check + NOT-FOR-US: F5 CVE-2016-7467 RESERVED CVE-2016-7465 @@ -46539,7 +46539,7 @@ NOTE: http://gultsch.de/gajim_roster_push_and_message_interception.html NOTE: https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/ CVE-2015-8687 (Multiple cross-site scripting (XSS) vulnerabilities in the Management ...) - TODO: check + NOT-FOR-US: Alcatel CVE-2015-8686 RESERVED CVE-2015-8685 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...) @@ -57583,7 +57583,7 @@ CVE-2015-5735 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) ...) NOT-FOR-US: Fortinet CVE-2015-5729 (The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, ...) - TODO: check + NOT-FOR-US: Samsung CVE-2015-5728 RESERVED CVE-2015-5727 (The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before ...) @@ -62284,7 +62284,7 @@ CVE-2015-4168 RESERVED CVE-2015-4166 (Cloudera Key Trustee Server before 5.4.3 does not store keys ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2015-4165 [unspecified arbitrary files modification vulnerability] RESERVED - elasticsearch 1.6.0+dfsg-1 (bug #788471) @@ -62574,7 +62574,7 @@ CVE-2015-4079 RESERVED CVE-2015-4078 (Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2015-4077 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) ...) NOT-FOR-US: Fortinet CVE-2015-4076 @@ -68247,7 +68247,7 @@ CVE-2015-2264 (Multiple untrusted search path vulnerabilities in (1) ...) NOT-FOR-US: Telerik Analytics Monitor Library CVE-2015-2263 (Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2015-2262 RESERVED CVE-2015-2261 @@ -81654,7 +81654,7 @@ CVE-2014-7280 (Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 ...) NOT-FOR-US: Nessus Web UI CVE-2014-7279 (The Konke Smart Plug K does not require authentication for TELNET ...) - TODO: check + NOT-FOR-US: Konke Smart Plug K CVE-2014-7284 (The net_get_random_once implementation in net/core/utils.c in the ...) - linux 3.16.2-1 [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13) @@ -100682,7 +100682,7 @@ NOTE: https://svn.apache.org/viewvc?view=revision&revision=1603781 (7.x) NOTE: https://svn.apache.org/viewvc?view=revision&revision=1659537 (6.x) CVE-2014-0229 (Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in ...) - TODO: check + NOT-FOR-US: Hadoop as packaged by Cloudera CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based authorization ...) NOT-FOR-US: Apache Hive CVE-2014-0227 (java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in ...) @@ -102834,7 +102834,7 @@ CVE-2013-6447 (Multiple XML External Entity (XXE) vulnerabilities in the (1) ...) NOT-FOR-US: JBoss Seam CVE-2013-6446 (The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2013-6445 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...) NOT-FOR-US: Cumin CVE-2013-6444 (PyWBEM 0.7 and earlier does not verify that the server hostname ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits