Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e6800e5d by Moritz Muehlenhoff at 2018-02-28T18:46:08+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -36584,13 +36584,13 @@ CVE-2017-11636 (GraphicsMagick 1.3.26 has a heap
overflow in the WriteRGBImage()
- graphicsmagick 1.3.26-4 (bug #870149)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c
CVE-2017-11635 (An issue was discovered on Wireless IP Camera 360 devices.
Attackers ...)
- TODO: check
+ NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11634 (An issue was discovered on Wireless IP Camera 360 devices.
Remote ...)
- TODO: check
+ NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11633 (An issue was discovered on Wireless IP Camera 360 devices.
Remote ...)
- TODO: check
+ NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11632 (An issue was discovered on Wireless IP Camera 360 devices. A
root ...)
- TODO: check
+ NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11631 (dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has
SQL ...)
NOT-FOR-US: Fiyo CMS
CVE-2017-11630 (dapur\apps\app_config\controller\backuper.php in Fiyo CMS
2.0.7 allows ...)
@@ -41055,7 +41055,7 @@ CVE-2017-10303 (Vulnerability in the Oracle Interaction
Center Intelligence comp
CVE-2017-10302 (Vulnerability in the Siebel UI Framework component of Oracle
Siebel ...)
NOT-FOR-US: Oracle
CVE-2017-10301 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction
Hub ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10300 (Vulnerability in the Siebel CRM Desktop component of Oracle
Siebel CRM ...)
NOT-FOR-US: Oracle
CVE-2017-10299 (Vulnerability in the Oracle Agile PLM component of Oracle
Supply Chain ...)
@@ -41118,7 +41118,7 @@ CVE-2017-10283 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10282 (Vulnerability in the Core RDBMS component of Oracle Database
Server. ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
{DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
@@ -41155,7 +41155,7 @@ CVE-2017-10274 (Vulnerability in the Java SE component
of Oracle Java SE ...)
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10273 (Vulnerability in the Oracle JDeveloper component of Oracle
Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10272 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion
...)
NOT-FOR-US: Oracle
CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of
Oracle Fusion ...)
@@ -41185,7 +41185,7 @@ CVE-2017-10264 (Vulnerability in the Siebel UI
Framework component of Oracle Sie
CVE-2017-10263 (Vulnerability in the Siebel UI Framework component of Oracle
Siebel ...)
NOT-FOR-US: Oracle
CVE-2017-10262 (Vulnerability in the Oracle Access Manager component of Oracle
Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10261 (Vulnerability in the XML Database component of Oracle Database
Server. ...)
NOT-FOR-US: Oracle
CVE-2017-10260 (Vulnerability in the Oracle Integrated Lights Out Manager
(ILOM) ...)
@@ -41732,7 +41732,7 @@ CVE-2017-10070 (Vulnerability in the PeopleSoft
Enterprise PRTL Interaction Hub
CVE-2017-10069 (Vulnerability in the Oracle Payment Interface component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-10068 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10067 (Vulnerability in the Java SE component of Oracle Java SE ...)
{DSA-3954-1 DSA-3919-1 DLA-1073-1}
- openjdk-8 8u141-b15-1
@@ -50026,7 +50026,7 @@ CVE-2017-7353
CVE-2017-7352 (Stored Cross-site scripting (XSS) vulnerability in Pure Storage
Purity ...)
NOT-FOR-US: Pure Storage Purity
CVE-2017-7351 (A SQL injection issue exists in a file upload handler in REDCap
7.x ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2017-7350
RESERVED
CVE-2017-7349
@@ -53682,13 +53682,13 @@ CVE-2017-6203
CVE-2017-6202
RESERVED
CVE-2017-6201 (A Server Side Request Forgery vulnerability exists in the
install app ...)
- TODO: check
+ NOT-FOR-US: Sandstorm
CVE-2017-6200 (Sandstorm before build 0.203 allows remote attackers to read
any ...)
- TODO: check
+ NOT-FOR-US: Sandstorm
CVE-2017-6199 (A remote attacker could bypass the Sandstorm organization
restriction ...)
- TODO: check
+ NOT-FOR-US: Sandstorm
CVE-2017-6198 (The Supervisor in Sandstorm doesn't set and enforce the
resource ...)
- TODO: check
+ NOT-FOR-US: Sandstorm
CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2
1.2.1 ...)
{DLA-837-1}
- radare2 1.1.0+dfsg-2 (bug #856063)
@@ -53714,9 +53714,9 @@ CVE-2017-6194 (The relocs function in
libr/bin/p/bin_bflt.c in radare2 1.2.1 all
NOTE:
https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18
(1.3.0-git)
NOTE: https://github.com/radare/radare2/issues/6829
CVE-2017-6193 (Buffer overflow in APNGDis 2.8 and earlier allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: APNGDis
CVE-2017-6192 (Buffer overflow in APNGDis 2.8 and earlier allows a remote
attackers ...)
- TODO: check
+ NOT-FOR-US: APNGDis
CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote
attacker to ...)
NOT-FOR-US: APNGDis
CVE-2017-6190 (Directory traversal vulnerability in the web interface on the
D-Link ...)
@@ -54986,7 +54986,7 @@ CVE-2017-5729 (Frame replay vulnerability in Wi-Fi
subsystem in Intel Dual-Band
CVE-2017-5728
RESERVED
CVE-2017-5727 (Pointer dereference in subsystem in Intel Graphics Driver
15.40.x.x, ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2017-5726
RESERVED
CVE-2017-5725
@@ -55077,7 +55077,7 @@ CVE-2017-5698 (Intel Active Management Technology,
Intel Standard Manageability,
CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface
of ...)
NOT-FOR-US: Intel
CVE-2017-5696 (Untrusted search path in Intel Graphics Driver 15.40.x.x,
15.45.x.x, ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2017-5695 (Data corruption vulnerability in firmware in Intel Solid-State
Drive ...)
NOT-FOR-US: Intel
CVE-2017-5694 (Data corruption vulnerability in firmware in Intel Solid-State
Drive ...)
@@ -57107,11 +57107,11 @@ CVE-2017-5253
CVE-2017-5252
RESERVED
CVE-2017-5251 (In version 1012 and prior of Insteon's Insteon Hub, the radio
...)
- TODO: check
+ NOT-FOR-US: Insteon
CVE-2017-5250 (In version 1.9.7 and prior of Insteon's Insteon for Hub Android
app, ...)
- TODO: check
+ NOT-FOR-US: Insteon
CVE-2017-5249 (In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home
Android ...)
- TODO: check
+ NOT-FOR-US: Wink
CVE-2017-5248
RESERVED
CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site
scripting in ...)
@@ -63073,7 +63073,7 @@ CVE-2017-3162 (HDFS clients interact with a servlet on
the DataNode to browse th
CVE-2017-3161 (The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to
a ...)
- hadoop <itp> (bug #793644)
CVE-2017-3160 (After the Android platform is added to Cordova the first time,
or ...)
- TODO: check
+ NOT-FOR-US: Apache Cordova
CVE-2017-3159 (Apache Camel's camel-snakeyaml component is vulnerable to Java
object ...)
NOT-FOR-US: Apache Camel
CVE-2017-3158 (A race condition in Guacamole's terminal emulator in versions
0.9.5 ...)
@@ -68689,11 +68689,11 @@ CVE-2017-0847 (An elevation of privilege
vulnerability in the Android media fram
CVE-2017-0846 (An information disclosure vulnerability in the Android
framework ...)
NOT-FOR-US: Android
CVE-2017-0845 (A denial of service vulnerability in the Android framework ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0844
RESERVED
CVE-2017-0843 (An elevation of privilege vulnerability in the MediaTek ccci.
Product: ...)
- TODO: check
+ NOT-FOR-US: MediaTek component for Android
CVE-2017-0842 (An elevation of privilege vulnerability in the Android system
...)
NOT-FOR-US: Fluoride Bluetooth stack in Android
CVE-2017-0841 (A remote code execution vulnerability in the Android system ...)
@@ -79381,7 +79381,7 @@ CVE-2016-6814 (When an application with unsupported
Codehaus versions of Groovy
- groovy2 <removed>
[jessie] - groovy2 2.2.2+dfsg-3+deb8u2
CVE-2016-6813 (Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API
call ...)
- TODO: check
+ NOT-FOR-US: Apache CloudStack
CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and
3.1.x ...)
NOT-FOR-US: Apache CXF
CVE-2016-6811
@@ -107886,7 +107886,7 @@ CVE-2015-6546 (The vCMP host in F5 BIG-IP Analytics,
APM, ASM, GTM, Link Control
CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in
Cerb ...)
NOT-FOR-US: Cerb
CVE-2015-6544 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Combodo
CVE-2015-6543
RESERVED
CVE-2015-6542
@@ -139332,7 +139332,7 @@ CVE-2014-4921
CVE-2014-4920
RESERVED
CVE-2014-4919 (OXID eShop Professional Edition before 4.7.13 and 4.8.x before
4.8.7, ...)
- TODO: check
+ NOT-FOR-US: OXID eShop
CVE-2014-4918
RESERVED
NOT-FOR-US: TR-069 Auto Configuration Servers
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e6800e5dc997605ffb8a2dddba009166a0f8e25d
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e6800e5dc997605ffb8a2dddba009166a0f8e25d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
