Author: jmm
Date: 2017-11-17 09:18:16 +0000 (Fri, 17 Nov 2017)
New Revision: 57698
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-17 09:10:18 UTC (rev 57697)
+++ data/CVE/list 2017-11-17 09:18:16 UTC (rev 57698)
@@ -9,29 +9,29 @@
CVE-2017-16868
RESERVED
CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...)
- TODO: check
+ NOT-FOR-US: Amazon Key
CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded
from redis ...)
TODO: check
CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3
is ...)
- TODO: check
+ NOT-FOR-US: CodeIgniter
CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the
...)
TODO: check
CVE-2017-1000241 (The application OpenEMR version 5.0.0, 5.0.1-dev and prior
is affected ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2017-1000240 (The application OpenEMR is affected by multiple reflected
& stored ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross
Site ...)
- TODO: check
+ NOT-FOR-US: InvoicePlane
CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary
File Upload ...)
- TODO: check
+ NOT-FOR-US: InvoicePlane
CVE-2017-1000237 (I, Librarian version <=4.6 & 4.7 is vulnerable to
Server-Side Request ...)
- TODO: check
+ NOT-FOR-US: I, Librarian
CVE-2017-1000236 (I, Librarian version <=4.6 & 4.7 is vulnerable to
Reflected Cross-Site ...)
- TODO: check
+ NOT-FOR-US: I, Librarian
CVE-2017-1000235 (I, Librarian version <=4.6 & 4.7 is vulnerable to OS
Command Injection ...)
- TODO: check
+ NOT-FOR-US: I, Librarian
CVE-2017-1000234 (I, Librarian version <=4.6 & 4.7 is vulnerable to
Directory ...)
- TODO: check
+ NOT-FOR-US: I, Librarian
CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have
...)
TODO: check
CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have
unspecified ...)
@@ -39,43 +39,43 @@
CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of
optipng 0.7.6 ...)
TODO: check
CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote
code ...)
- TODO: check
+ NOT-FOR-US: nodejs ejs
CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the
REST API ...)
TODO: check
CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when
using ...)
- TODO: check
+ NOT-FOR-US: Relevanssi
CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a
XSS) is ...)
- TODO: check
+ NOT-FOR-US: MODX Revolution
CVE-2017-1000220 (soyuka/pidusage <=1.1.4 is vulnerable to command
injection in the ...)
- TODO: check
+ NOT-FOR-US: soyuka/pidusage
CVE-2017-1000219 (npm/KyleRoss windows-cpu all versions vulnerable to command
injection ...)
- TODO: check
+ NOT-FOR-US: npm/KyleRoss windows-cpu
CVE-2017-1000218 (LightFTP version 1.1 is vulnerable to a buffer overflow in
the ...)
TODO: check
CVE-2017-1000213 (WBCE v1.1.11 is vulnerable to reflected XSS via the
"begriff" POST ...)
TODO: check
CVE-2017-1000210 (picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack
buffer ...)
- TODO: check
+ NOT-FOR-US: picoTCP
CVE-2017-1000209 (The Java WebSocket client nv-websocket-client does not
verify that the ...)
- TODO: check
+ NOT-FOR-US: Java WebSocket client nv-websocket-client
CVE-2017-1000208 (A vulnerability in Swagger-Parser's (version <= 1.0.30)
yaml parsing ...)
- TODO: check
+ NOT-FOR-US: Swagger-Parser
CVE-2017-1000197 (October CMS build 412 is vulnerable to file path
modification in asset ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2017-1000196 (October CMS build 412 is vulnerable to PHP code execution in
the asset ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2017-1000195 (October CMS build 412 is vulnerable to PHP object injection
in asset ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2017-1000194 (October CMS build 412 is vulnerable to Apache configuration
...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a
XSS) in brand ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: nodejs ejs
CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: nodejs ejs
CVE-2017-1000187 (In SWFTools, an address access exception was found in
pdf2swf. ...)
TODO: check
CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...)
@@ -89,19 +89,19 @@
CVE-2017-1000174 (In SWFTools, an address access exception was found in
swfdump ...)
TODO: check
CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code
Execution. ...)
- TODO: check
+ NOT-FOR-US: Creolabs Gravity
CVE-2017-1000172 (Creolabs Gravity Version: 1.0 Use-After-Free Possible code
execution. ...)
- TODO: check
+ NOT-FOR-US: Creolabs Gravity
CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the
Addressbook ...)
- TODO: check
+ NOT-FOR-US: Tine groupware
CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: EllisLab ExpressionEngine
CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an
integer overflow ...)
TODO: check
CVE-2017-1000129 (Serendipity 2.0.3 is vulnerable to a SQL injection in the
blog ...)
- TODO: check
+ - serendipity <removed>
CVE-2017-1000125 (Codiad(full version) is vulnerable to write anything to
configure file ...)
- TODO: check
+ NOT-FOR-US: Codiad
CVE-2018-0085
RESERVED
CVE-2018-0084
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
