Author: jmm
Date: 2017-05-02 21:23:51 +0000 (Tue, 02 May 2017)
New Revision: 51292
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-02 21:21:25 UTC (rev 51291)
+++ data/CVE/list 2017-05-02 21:23:51 UTC (rev 51292)
@@ -2776,7 +2776,7 @@
CVE-2017-7441
RESERVED
CVE-2017-7440 (Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client
desktop ...)
- TODO: check
+ NOT-FOR-US: Kerio
CVE-2017-7439
RESERVED
CVE-2017-7438
@@ -3692,7 +3692,7 @@
CVE-2017-7217 (The Management Web Interface in Palo Alto Networks PAN-OS
before ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-7216 (The Management Web Interface in Palo Alto Networks PAN-OS
before 7.1.9 ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in
elfutils ...)
- elfutils 0.168-0.2 (low)
[jessie] - elfutils <no-dsa> (Minor issue)
@@ -5225,7 +5225,7 @@
CVE-2017-6552 (Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an
insufficiently ...)
NOT-FOR-US: Livebox 3 Sagemcom
CVE-2017-6551 (Pexip Infinity before 14.2 allows remote attackers to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: Pexip Infinity
CVE-2017-6550 (Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson
...)
NOT-FOR-US: Kinsey Infor-Lawson
CVE-2017-6549 (Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U,
...)
@@ -7783,7 +7783,7 @@
CVE-2017-5690
RESERVED
CVE-2017-5689 (An unprivileged network attacker could gain system privileges
to ...)
- TODO: check
+ NOT-FOR-US: Intel AMT
CVE-2017-5688
RESERVED
CVE-2017-5687
@@ -34752,7 +34752,7 @@
CVE-2016-5811 (An issue was discovered in Visonic PowerLink2, all versions
prior to ...)
NOT-FOR-US: Visonic PowerLink
CVE-2016-5810 (upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2016-5809 (An issue was discovered on Schneider Electric IONXXXX series
power ...)
NOT-FOR-US: Schneider
CVE-2016-5808
@@ -37990,7 +37990,7 @@
CVE-2016-5064
RESERVED
CVE-2016-5063 (The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2
and 8.7 ...)
- TODO: check
+ NOT-FOR-US: BMC Server Automation
CVE-2016-5062 (The web server in Aternity before 9.0.1 does not require ...)
NOT-FOR-US: Aternity
CVE-2016-5061 (Multiple cross-site scripting (XSS) vulnerabilities in the web
server ...)
@@ -38107,7 +38107,7 @@
NOTE: Mitigations exists in https://pivotal.io/security/cve-2016-5007
NOTE: Other (already unsupported) versions are affected as well by the
issue
CVE-2016-5006 (The Cloud Controller in Cloud Foundry before 239 logs
user-provided ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva
1.3.9 and ...)
NOT-FOR-US: Apache Archiva
CVE-2016-5004
@@ -39954,7 +39954,7 @@
CVE-2016-4443 (Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows
local ...)
NOT-FOR-US: org.ovirt.engine-root / engine-setup (Red Hat)
CVE-2016-4442 (The rack-mini-profiler gem before 0.10.1 for Ruby allows remote
...)
- TODO: check
+ NOT-FOR-US: rack-mini-profiler gem
CVE-2016-4441 (The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI
...)
- qemu 1:2.6+dfsg-2 (bug #824856)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future
DSA)
@@ -54976,7 +54976,7 @@
CVE-2015-8258 (AXIS Communications products with firmware through 5.80.x allow
remote ...)
NOT-FOR-US: AXIS Communications
CVE-2015-8257 (The devtools.sh script in AXIS network cameras allows remote
...)
- TODO: check
+ NOT-FOR-US: Axis network cameras
CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis
network ...)
NOT-FOR-US: Axis network cameras
CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
