Author: geissert
Date: 2017-12-21 08:38:13 +0000 (Thu, 21 Dec 2017)
New Revision: 58764
Modified:
data/CVE/list
Log:
more NFUs, one itp
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-21 08:07:55 UTC (rev 58763)
+++ data/CVE/list 2017-12-21 08:38:13 UTC (rev 58764)
@@ -5036,17 +5036,17 @@
CVE-2017-17570 (FS Expedia Clone 1.0 has SQL Injection via the pages.php or
content.php ...)
NOT-FOR-US: FS Expedia Clone
CVE-2017-17569 (Scubez Posty Readymade Classifieds has XSS via the ...)
- TODO: check
+ NOT-FOR-US: Scubez Posty Readymade Classifieds
CVE-2017-17568 (Scubez Posty Readymade Classifieds has Incorrect Access
Control for ...)
- TODO: check
+ NOT-FOR-US: Scubez Posty Readymade Classifieds
CVE-2017-17567 (Scubez Posty Readymade Classifieds has SQL Injection via the
...)
- TODO: check
+ NOT-FOR-US: Scubez Posty Readymade Classifieds
CVE-2017-17562 (Embedthis GoAhead before 3.6.5 allows remote code execution if
CGI is ...)
TODO: check
CVE-2017-17561 (SeaCMS 6.56 allows remote authenticated administrators to
execute ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100
2.30.172 ...)
- TODO: check
+ NOT-FOR-US: Western Digital MyCloud
CVE-2017-17559
RESERVED
CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest
OS users ...)
@@ -5136,9 +5136,9 @@
CVE-2017-17539
RESERVED
CVE-2017-17538 (MikroTik v6.40.5 devices allow remote attackers to cause a
denial of ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2017-17537 (MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2018-1350
RESERVED
CVE-2018-1349
@@ -5160,7 +5160,7 @@
CVE-2018-1341
RESERVED
CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and
...)
- TODO: check
+ NOT-FOR-US: Phabricator
CVE-2017-17535 (lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate
strings before ...)
- gjots2 <unfixed> (unimportant)
NOTE:
https://sources.debian.org/src/gjots2/2.4.1-2/lib/gui.py/?hl=2188#L2188
@@ -7512,7 +7512,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750
NOTE: Crash in CLI tool not treated as a security issue
CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is
affected ...)
- TODO: check
+ NOT-FOR-US: SyncBreeze
CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of
a .swp ...)
- vim <unfixed>
[stretch] - vim <no-dsa> (Minor issue)
@@ -9181,7 +9181,7 @@
CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a
denial ...)
NOT-FOR-US: Winamp
CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server
before ...)
- TODO: check
+ - urbackup-server <itp> (bug #697325)
CVE-2017-16949 (An issue was discovered in the AccessKeys AccessPress
Anonymous Post ...)
NOT-FOR-US: AccessKeys AccessPress Anonymous Post Pro plugin for
WordPress
CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to
cause a ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
