Author: jmm Date: 2017-11-17 09:18:16 +0000 (Fri, 17 Nov 2017) New Revision: 57698
Modified: data/CVE/list Log: NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-17 09:10:18 UTC (rev 57697) +++ data/CVE/list 2017-11-17 09:18:16 UTC (rev 57698) @@ -9,29 +9,29 @@ CVE-2017-16868 RESERVED CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...) - TODO: check + NOT-FOR-US: Amazon Key CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis ...) TODO: check CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 is ...) - TODO: check + NOT-FOR-US: CodeIgniter CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the ...) TODO: check CVE-2017-1000241 (The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2017-1000240 (The application OpenEMR is affected by multiple reflected & stored ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site ...) - TODO: check + NOT-FOR-US: InvoicePlane CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload ...) - TODO: check + NOT-FOR-US: InvoicePlane CVE-2017-1000237 (I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request ...) - TODO: check + NOT-FOR-US: I, Librarian CVE-2017-1000236 (I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site ...) - TODO: check + NOT-FOR-US: I, Librarian CVE-2017-1000235 (I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection ...) - TODO: check + NOT-FOR-US: I, Librarian CVE-2017-1000234 (I, Librarian version <=4.6 & 4.7 is vulnerable to Directory ...) - TODO: check + NOT-FOR-US: I, Librarian CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have ...) TODO: check CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...) @@ -39,43 +39,43 @@ CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...) TODO: check CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code ...) - TODO: check + NOT-FOR-US: nodejs ejs CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...) TODO: check CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using ...) - TODO: check + NOT-FOR-US: Relevanssi CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a XSS) is ...) - TODO: check + NOT-FOR-US: MODX Revolution CVE-2017-1000220 (soyuka/pidusage <=1.1.4 is vulnerable to command injection in the ...) - TODO: check + NOT-FOR-US: soyuka/pidusage CVE-2017-1000219 (npm/KyleRoss windows-cpu all versions vulnerable to command injection ...) - TODO: check + NOT-FOR-US: npm/KyleRoss windows-cpu CVE-2017-1000218 (LightFTP version 1.1 is vulnerable to a buffer overflow in the ...) TODO: check CVE-2017-1000213 (WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST ...) TODO: check CVE-2017-1000210 (picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer ...) - TODO: check + NOT-FOR-US: picoTCP CVE-2017-1000209 (The Java WebSocket client nv-websocket-client does not verify that the ...) - TODO: check + NOT-FOR-US: Java WebSocket client nv-websocket-client CVE-2017-1000208 (A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing ...) - TODO: check + NOT-FOR-US: Swagger-Parser CVE-2017-1000197 (October CMS build 412 is vulnerable to file path modification in asset ...) - TODO: check + NOT-FOR-US: October CMS CVE-2017-1000196 (October CMS build 412 is vulnerable to PHP code execution in the asset ...) - TODO: check + NOT-FOR-US: October CMS CVE-2017-1000195 (October CMS build 412 is vulnerable to PHP object injection in asset ...) - TODO: check + NOT-FOR-US: October CMS CVE-2017-1000194 (October CMS build 412 is vulnerable to Apache configuration ...) - TODO: check + NOT-FOR-US: October CMS CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand ...) - TODO: check + NOT-FOR-US: October CMS CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a ...) - TODO: check + NOT-FOR-US: nodejs ejs CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a ...) - TODO: check + NOT-FOR-US: nodejs ejs CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. ...) TODO: check CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...) @@ -89,19 +89,19 @@ CVE-2017-1000174 (In SWFTools, an address access exception was found in swfdump ...) TODO: check CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. ...) - TODO: check + NOT-FOR-US: Creolabs Gravity CVE-2017-1000172 (Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. ...) - TODO: check + NOT-FOR-US: Creolabs Gravity CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook ...) - TODO: check + NOT-FOR-US: Tine groupware CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...) - TODO: check + NOT-FOR-US: EllisLab ExpressionEngine CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...) TODO: check CVE-2017-1000129 (Serendipity 2.0.3 is vulnerable to a SQL injection in the blog ...) - TODO: check + - serendipity <removed> CVE-2017-1000125 (Codiad(full version) is vulnerable to write anything to configure file ...) - TODO: check + NOT-FOR-US: Codiad CVE-2018-0085 RESERVED CVE-2018-0084 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits