Author: jmm
Date: 2017-02-07 22:10:55 +0000 (Tue, 07 Feb 2017)
New Revision: 48764
Modified:
data/CVE/list
Log:
new zoneminder issues
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-07 21:52:57 UTC (rev 48763)
+++ data/CVE/list 2017-02-07 22:10:55 UTC (rev 48764)
@@ -83,13 +83,13 @@
CVE-2017-5883
RESERVED
CVE-2017-5882 (Cross-site scripting (XSS) vulnerability in index.asp in
SANADATA ...)
- TODO: check
+ NOT-FOR-US: SanaCMS
CVE-2017-5881
RESERVED
CVE-2017-5880 (Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2,
6.4.x ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2017-5879 (An issue was discovered in Exponent CMS 2.4.1. This is a blind
SQL ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2017-5878
RESERVED
CVE-2016-10207 [tigervnc: vnc server can crash when TLS handshake terminates
early]
@@ -636,7 +636,7 @@
CVE-2017-5678
RESERVED
CVE-2017-5677 (PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection
...)
- TODO: check
+ NOT-FOR-US: PEAR HTML_AJAX
NOTE: http://karmainsecurity.com/KIS-2017-01
CVE-2017-5676
RESERVED
@@ -1800,9 +1800,9 @@
CVE-2017-5369
RESERVED
CVE-2017-5368 (ZoneMinder v1.30 and v1.29, an open-source CCTV server web
application, ...)
- TODO: check
+ - zoneminder <unfixed>
CVE-2017-5367 (Multiple reflected XSS vulnerabilities exist within form and
link input ...)
- TODO: check
+ - zoneminder <unfixed>
CVE-2017-5366
RESERVED
CVE-2017-5365
@@ -2559,9 +2559,9 @@
CVE-2017-5138
RESERVED
CVE-2017-5137 (An issue was discovered on SendQuick Entera and Avera devices
before ...)
- TODO: check
+ NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2017-5136 (An issue was discovered on SendQuick Entera and Avera devices
before ...)
- TODO: check
+ NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before
2016-02-22. ...)
- lxc 1:2.0.0-1
[jessie] - lxc <no-dsa> (Minor issue)
@@ -3022,7 +3022,7 @@
NOTE:
https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=3aaab9d998b5deb16a246cc7517e44144d281d3b
NOTE: http://www.openwall.com/lists/oss-security/2017/01/03/2
CVE-2016-10098 (An issue was discovered on SendQuick Entera and Avera devices
before ...)
- TODO: check
+ NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2016-10097 (XML External Entity (XXE) Vulnerability in ...)
NOT-FOR-US: OpenAM
CVE-2016-10096 (SQL injection vulnerability in register.php in GeniXCMS before
1.0.0 ...)
@@ -19966,7 +19966,6 @@
NOTE: Vulnerable code introduced in
49d925ce50383a286278143c05511d30ec41a36e
NOTE: Though this commit fixed an OOB read access issue which might need
NOTE: potentially a new separate CVE id if it does not have one yet.
- TODO: double-check notes and analysis
CVE-2016-7994 (Memory leak in the virtio_gpu_resource_create_2d function in
...)
- qemu 1:2.8+dfsg-1 (bug #840228)
[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
