[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Sun, 04 Mar 2018 03:40:51 -0800 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
66dbea84 by Moritz Muehlenhoff at 2018-03-04T12:40:07+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -44162,7 +44162,7 @@ CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress 
is vulnerable to a refle
 CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in 
an ...)
        NOT-FOR-US: OpenSUSE specific packaging issue of NextCloud
 CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login 
restrictions ...)
-       TODO: check
+       NOT-FOR-US: NetIQ eDirectory
 CVE-2017-9284
        RESERVED
 CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro 
Focus ...)
@@ -44172,15 +44172,15 @@ CVE-2017-9282 (An integer overflow (CWE-190) led to 
an out-of-bounds write (CWE-
 CVE-2017-9281 (An integer overflow (CWE-190) potentially causing an 
out-of-bounds ...)
        NOT-FOR-US: Micro Focus VisiBroker
 CVE-2017-9280 (Some NetIQ Identity Manager Applications before Identity 
Manager ...)
-       TODO: check
+       NOT-FOR-US: NetIQ Identity Manager
 CVE-2017-9279 (NetIQ Identity Manager before 4.5.6.1 allowed uploading files 
with ...)
-       TODO: check
+       NOT-FOR-US: NetIQ Identity Manager
 CVE-2017-9278 (The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 
sent EBS ...)
-       TODO: check
+       NOT-FOR-US: NetIQ Identity Manager
 CVE-2017-9277 (The LDAP backend in Novell eDirectory before 9.0 SP4 when 
switched to ...)
-       TODO: check
+       NOT-FOR-US: Novell eDirectory
 CVE-2017-9276 (Novell Access Manager iManager before 4.3.3 did not validate 
...)
-       TODO: check
+       NOT-FOR-US: Novell Access Manager iManager
 CVE-2017-9275
        RESERVED
 CVE-2017-9274 (A shell command injection in the obs-service-source_validator 
before ...)
@@ -44205,7 +44205,7 @@ CVE-2017-9269 (In libzypp before August 2018 GPG keys 
attached to YUM repositori
 CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and 
rebuild ...)
        TODO: check
 CVE-2017-9267 (In Novell eDirectory before 9.0.3.1 the LDAP interface was not 
...)
-       TODO: check
+       NOT-FOR-US: Novell eDirectory
 CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! 
allows SQL ...)
        NOT-FOR-US: Joomla addon
 CVE-2016-10378 (e107 2.1.1 allows SQL injection by remote authenticated 
administrators ...)
@@ -54257,7 +54257,7 @@ CVE-2017-6156
 CVE-2017-6155
        RESERVED
 CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 
11.6.1 - ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2017-6153
        RESERVED
 CVE-2017-6152
@@ -54265,7 +54265,7 @@ CVE-2017-6152
 CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge 
Gateway, ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 
- ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2017-6149
        RESERVED
 CVE-2017-6148
@@ -74507,7 +74507,7 @@ CVE-2016-8522 (A cross-site scripting vulnerability in 
HPE Diagnostics version 9
 CVE-2016-8521 (A Remote click jacking vulnerability in HPE Diagnostics version 
9.24 ...)
        NOT-FOR-US: HPE Diagnostics
 CVE-2016-8520 (HPE Helion Eucalyptus v4.3.0 and earlier does not correctly 
check IAM ...)
-       TODO: check
+       - eucalyptus <removed>
 CVE-2016-8519 (A remote code execution vulnerability in HPE Operations 
Orchestration ...)
        NOT-FOR-US: HPE Operations Orchestration
 CVE-2016-8518 (A remote denial of service vulnerability in HPE Systems Insight 
...)
@@ -104315,19 +104315,19 @@ CVE-2015-7969 (Multiple memory leaks in Xen 4.0 
through 4.6.x allow local guest 
 CVE-2015-7968
        RESERVED
 CVE-2015-7967 (SafeNet Authentication Service for Citrix Web Interface Agent 
uses a ...)
-       TODO: check
+       NOT-FOR-US: SafeNet Authentication Service
 CVE-2015-7966 (SafeNet Authentication Service Windows Logon Agent uses a weak 
ACL for ...)
-       TODO: check
+       NOT-FOR-US: SafeNet Authentication Service
 CVE-2015-7965 (SafeNet Authentication Service Windows Logon Agent uses a weak 
ACL for ...)
-       TODO: check
+       NOT-FOR-US: SafeNet Authentication Service
 CVE-2015-7964 (SafeNet Authentication Service for NPS Agent uses a weak ACL 
for ...)
-       TODO: check
+       NOT-FOR-US: SafeNet Authentication Service
 CVE-2015-7963 (SafeNet Authentication Service for AD FS Agent uses a weak ACL 
for ...)
-       TODO: check
+       NOT-FOR-US: SafeNet Authentication Service
 CVE-2015-7962 (SafeNet Authentication Service for Outlook Web App Agent uses a 
weak ...)
-       TODO: check
+       NOT-FOR-US: SafeNet Authentication Service
 CVE-2015-7961 (SafeNet Authentication Service Remote Web Workplace Agent uses 
a weak ...)
-       TODO: check
+       NOT-FOR-US: SafeNet Authentication Service
 CVE-2015-7960
        REJECTED
 CVE-2015-7959
@@ -105453,11 +105453,11 @@ CVE-2015-7600 (Cisco VPN Client 5.x through 
5.0.07.0440 uses weak permissions fo
 CVE-2015-7599 (Integer overflow in the _authenticate function in svc_auth.c in 
Wind ...)
        NOT-FOR-US: Wind River VxWorks
 CVE-2015-7598 (SafeNet Authentication Service TokenValidator Proxy Agent uses 
a weak ...)
-       TODO: check
+       NOT-FOR-US: SafeNet Authentication Service
 CVE-2015-7597 (SafeNet Authentication Service IIS Agent uses a weak ACL for 
...)
-       TODO: check
+       NOT-FOR-US: SafeNet Authentication Service
 CVE-2015-7596 (SafeNet Authentication Service End User Software Tools for 
Windows ...)
-       TODO: check
+       NOT-FOR-US: SafeNet Authentication Service
 CVE-2015-7595
        REJECTED
 CVE-2015-7594
@@ -159061,7 +159061,7 @@ CVE-2013-4893
 CVE-2013-4892
        RESERVED
 CVE-2013-4891 (The xss_clean function in CodeIgniter before 2.1.4 might allow 
remote ...)
-       TODO: check
+       NOT-FOR-US: CodeIgniter
 CVE-2013-4889 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
        NOT-FOR-US: Digital Signage Xibo
 CVE-2013-4888 (Cross-site scripting (XSS) vulnerability in index.php in 
Digital ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/66dbea84c420339c6cce2b2ecf44264b37961a5e

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/66dbea84c420339c6cce2b2ecf44264b37961a5e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to