Author: geissert Date: 2017-12-21 08:38:13 +0000 (Thu, 21 Dec 2017) New Revision: 58764
Modified: data/CVE/list Log: more NFUs, one itp Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-21 08:07:55 UTC (rev 58763) +++ data/CVE/list 2017-12-21 08:38:13 UTC (rev 58764) @@ -5036,17 +5036,17 @@ CVE-2017-17570 (FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php ...) NOT-FOR-US: FS Expedia Clone CVE-2017-17569 (Scubez Posty Readymade Classifieds has XSS via the ...) - TODO: check + NOT-FOR-US: Scubez Posty Readymade Classifieds CVE-2017-17568 (Scubez Posty Readymade Classifieds has Incorrect Access Control for ...) - TODO: check + NOT-FOR-US: Scubez Posty Readymade Classifieds CVE-2017-17567 (Scubez Posty Readymade Classifieds has SQL Injection via the ...) - TODO: check + NOT-FOR-US: Scubez Posty Readymade Classifieds CVE-2017-17562 (Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is ...) TODO: check CVE-2017-17561 (SeaCMS 6.56 allows remote authenticated administrators to execute ...) - TODO: check + NOT-FOR-US: SeaCMS CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100 2.30.172 ...) - TODO: check + NOT-FOR-US: Western Digital MyCloud CVE-2017-17559 RESERVED CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...) @@ -5136,9 +5136,9 @@ CVE-2017-17539 RESERVED CVE-2017-17538 (MikroTik v6.40.5 devices allow remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: MikroTik CVE-2017-17537 (MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated ...) - TODO: check + NOT-FOR-US: MikroTik CVE-2018-1350 RESERVED CVE-2018-1349 @@ -5160,7 +5160,7 @@ CVE-2018-1341 RESERVED CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and ...) - TODO: check + NOT-FOR-US: Phabricator CVE-2017-17535 (lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...) - gjots2 <unfixed> (unimportant) NOTE: https://sources.debian.org/src/gjots2/2.4.1-2/lib/gui.py/?hl=2188#L2188 @@ -7512,7 +7512,7 @@ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750 NOTE: Crash in CLI tool not treated as a security issue CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected ...) - TODO: check + NOT-FOR-US: SyncBreeze CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...) - vim <unfixed> [stretch] - vim <no-dsa> (Minor issue) @@ -9181,7 +9181,7 @@ CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial ...) NOT-FOR-US: Winamp CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server before ...) - TODO: check + - urbackup-server <itp> (bug #697325) CVE-2017-16949 (An issue was discovered in the AccessKeys AccessPress Anonymous Post ...) NOT-FOR-US: AccessKeys AccessPress Anonymous Post Pro plugin for WordPress CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits