Author: carnil
Date: 2017-12-24 07:59:42 +0000 (Sun, 24 Dec 2017)
New Revision: 58880
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-24 07:44:12 UTC (rev 58879)
+++ data/CVE/list 2017-12-24 07:59:42 UTC (rev 58880)
@@ -105,7 +105,7 @@
CVE-2017-17833
RESERVED
CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a
...)
- TODO: check
+ NOT-FOR-US: ServersCheck Monitoring Software
CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows
remote ...)
{DSA-4070-1 DLA-1219-1}
- enigmail 2:1.9.9-1
@@ -6233,7 +6233,7 @@
CVE-2017-17412
RESERVED
CVE-2017-17411 (This vulnerability allows remote attackers to execute
arbitrary code ...)
- TODO: check
+ NOT-FOR-US: web management portal of Linksys WVBR0 WVBR0
CVE-2017-17410 (This vulnerability allows remote attackers to execute
arbitrary code ...)
NOT-FOR-US: Bitdefender Internet Security 2018
CVE-2017-17409 (This vulnerability allows remote attackers to execute
arbitrary code ...)
@@ -8471,7 +8471,7 @@
CVE-2017-17011
RESERVED
CVE-2017-17010 (Untrusted search path vulnerability in Content Manager
Assistant for ...)
- TODO: check
+ NOT-FOR-US: Content Manager Assistant for PlayStation
CVE-2017-17009
RESERVED
CVE-2017-17008
@@ -10453,7 +10453,7 @@
CVE-2017-16767
RESERVED
CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in
Synology ...)
- TODO: check
+ NOT-FOR-US: Synology DiskStation Manager
CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via
cgi-bin/gui.cgi. ...)
NOT-FOR-US: D-Link
CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing
functionality ...)
@@ -13426,7 +13426,7 @@
CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4
(inclusive) the ...)
- qpid-java <itp> (bug #840131)
CVE-2017-15700 (A flaw in the
org.apache.sling.auth.core.AuthUtil#isRedirectValid ...)
- TODO: check
+ NOT-FOR-US: Apache Sling Authentication Service
CVE-2017-15699
RESERVED
TODO: check, this is possibly specific to AMQ Interconnect as used by
Red Hat JBoss, although based on Apache Qpid project
@@ -14454,7 +14454,7 @@
CVE-2017-15329
RESERVED
CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an
...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15327
RESERVED
CVE-2017-15326
@@ -14462,41 +14462,41 @@
CVE-2017-15325
RESERVED
CVE-2017-15324 (Huawei S12700 V200R006C00, V200R007C00, V200R007C01,
V200R007C20, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15323
RESERVED
CVE-2017-15322 (Some Huawei smartphones with software of
BGO-L03C158B003CUSTC158D001 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an
...)
TODO: check
CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00,
...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00,
...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00,
...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30;
AR1200 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software
before ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15315
RESERVED
CVE-2017-15314
RESERVED
CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection
vulnerability. An ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site
scripting) ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9
Pro ...)
TODO: check
CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file
deletion ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15308 (Huawei iReader app before 8.0.2.301 has an input validation
...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15307 (Huawei Honor 8 smartphone with software versions earlier than
...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15306 (The kvm_vm_ioctl_check_extension function in
arch/powerpc/kvm/powerpc.c ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
@@ -16858,7 +16858,7 @@
CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and
version ...)
NOT-FOR-US: Atlassian
CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial
...)
- TODO: check
+ NOT-FOR-US: Atlassian Bamboo
CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker
templates ...)
TODO: check
CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before
version ...)
@@ -18565,7 +18565,7 @@
CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens
SIMATIC ...)
NOT-FOR-US: Siemens
CVE-2017-14022 (An Improper Input Validation issue was discovered in Rockwell
...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation FactoryTalk Alarms and Events
CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in
Korenix ...)
NOT-FOR-US: Korenix
CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in
...)
@@ -27813,7 +27813,7 @@
- h2o 2.2.4+dfsg-1 (medium)
NOTE: https://github.com/h2o/h2o/issues/1544
CVE-2017-10907 (Directory traversal vulnerability in OneThird CMS Show Off
v1.85 and ...)
- TODO: check
+ NOT-FOR-US: OneThird CMS Show Off
CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions
0.12.29 ...)
NOT-FOR-US: Fluentd
CVE-2017-10905 (A vulnerability in applications created using Qt for Android
prior to ...)
@@ -60434,13 +60434,13 @@
CVE-2017-0305 (F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an
...)
NOT-FOR-US: F5
CVE-2017-0304 (A SQL injection vulnerability exists in the BIG-IP AFM
management UI ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2017-0303 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link
...)
NOT-FOR-US: F5
CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an
authenticated ...)
NOT-FOR-US: F5
CVE-2017-0301 (In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2,
11.5.3, ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to
unspecified ...)
{DLA-799-1}
- ming <removed> (bug #843928)
@@ -67805,7 +67805,7 @@
NOTE: Fixed by:
https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
NOTE: Fixed by:
https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558
CVE-2016-6904 (Versions of VASA Provider for Clustered Data ONTAP prior to
7.0P1 ...)
- TODO: check
+ NOT-FOR-US: NetAPP
CVE-2016-6901 (Format string vulnerability in Huawei AR100, AR120, AR150,
AR200, ...)
NOT-FOR-US: Huawei Routers
CVE-2016-6900 (The Intelligent Baseboard Management Controller (iBMC) in
Huawei ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
