Author: carnil Date: 2017-12-24 07:59:42 +0000 (Sun, 24 Dec 2017) New Revision: 58880
Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-24 07:44:12 UTC (rev 58879) +++ data/CVE/list 2017-12-24 07:59:42 UTC (rev 58880) @@ -105,7 +105,7 @@ CVE-2017-17833 RESERVED CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...) - TODO: check + NOT-FOR-US: ServersCheck Monitoring Software CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows remote ...) {DSA-4070-1 DLA-1219-1} - enigmail 2:1.9.9-1 @@ -6233,7 +6233,7 @@ CVE-2017-17412 RESERVED CVE-2017-17411 (This vulnerability allows remote attackers to execute arbitrary code ...) - TODO: check + NOT-FOR-US: web management portal of Linksys WVBR0 WVBR0 CVE-2017-17410 (This vulnerability allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Bitdefender Internet Security 2018 CVE-2017-17409 (This vulnerability allows remote attackers to execute arbitrary code ...) @@ -8471,7 +8471,7 @@ CVE-2017-17011 RESERVED CVE-2017-17010 (Untrusted search path vulnerability in Content Manager Assistant for ...) - TODO: check + NOT-FOR-US: Content Manager Assistant for PlayStation CVE-2017-17009 RESERVED CVE-2017-17008 @@ -10453,7 +10453,7 @@ CVE-2017-16767 RESERVED CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...) - TODO: check + NOT-FOR-US: Synology DiskStation Manager CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...) NOT-FOR-US: D-Link CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality ...) @@ -13426,7 +13426,7 @@ CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the ...) - qpid-java <itp> (bug #840131) CVE-2017-15700 (A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid ...) - TODO: check + NOT-FOR-US: Apache Sling Authentication Service CVE-2017-15699 RESERVED TODO: check, this is possibly specific to AMQ Interconnect as used by Red Hat JBoss, although based on Apache Qpid project @@ -14454,7 +14454,7 @@ CVE-2017-15329 RESERVED CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15327 RESERVED CVE-2017-15326 @@ -14462,41 +14462,41 @@ CVE-2017-15325 RESERVED CVE-2017-15324 (Huawei S12700 V200R006C00, V200R007C00, V200R007C01, V200R007C20, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15323 RESERVED CVE-2017-15322 (Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an ...) TODO: check CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software before ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15315 RESERVED CVE-2017-15314 RESERVED CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro ...) TODO: check CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file deletion ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal vulnerability ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15308 (Huawei iReader app before 8.0.2.301 has an input validation ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15307 (Huawei Honor 8 smartphone with software versions earlier than ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15306 (The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c ...) - linux 4.13.13-1 [stretch] - linux 4.9.65-1 @@ -16858,7 +16858,7 @@ CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...) NOT-FOR-US: Atlassian CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial ...) - TODO: check + NOT-FOR-US: Atlassian Bamboo CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker templates ...) TODO: check CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version ...) @@ -18565,7 +18565,7 @@ CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens SIMATIC ...) NOT-FOR-US: Siemens CVE-2017-14022 (An Improper Input Validation issue was discovered in Rockwell ...) - TODO: check + NOT-FOR-US: Rockwell Automation FactoryTalk Alarms and Events CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...) NOT-FOR-US: Korenix CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in ...) @@ -27813,7 +27813,7 @@ - h2o 2.2.4+dfsg-1 (medium) NOTE: https://github.com/h2o/h2o/issues/1544 CVE-2017-10907 (Directory traversal vulnerability in OneThird CMS Show Off v1.85 and ...) - TODO: check + NOT-FOR-US: OneThird CMS Show Off CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 ...) NOT-FOR-US: Fluentd CVE-2017-10905 (A vulnerability in applications created using Qt for Android prior to ...) @@ -60434,13 +60434,13 @@ CVE-2017-0305 (F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an ...) NOT-FOR-US: F5 CVE-2017-0304 (A SQL injection vulnerability exists in the BIG-IP AFM management UI ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2017-0303 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...) NOT-FOR-US: F5 CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated ...) NOT-FOR-US: F5 CVE-2017-0301 (In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to unspecified ...) {DLA-799-1} - ming <removed> (bug #843928) @@ -67805,7 +67805,7 @@ NOTE: Fixed by: https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415 NOTE: Fixed by: https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558 CVE-2016-6904 (Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 ...) - TODO: check + NOT-FOR-US: NetAPP CVE-2016-6901 (Format string vulnerability in Huawei AR100, AR120, AR150, AR200, ...) NOT-FOR-US: Huawei Routers CVE-2016-6900 (The Intelligent Baseboard Management Controller (iBMC) in Huawei ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits