Author: jmm
Date: 2017-04-13 21:23:31 +0000 (Thu, 13 Apr 2017)
New Revision: 50633
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-13 21:16:57 UTC (rev 50632)
+++ data/CVE/list 2017-04-13 21:23:31 UTC (rev 50633)
@@ -285,7 +285,7 @@
CVE-2017-7726
RESERVED
CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header
during ...)
- TODO: check
+ NOT-FOR-US: concrete5
CVE-2017-7724
RESERVED
CVE-2017-7723
@@ -1843,7 +1843,7 @@
CVE-2017-7220
RESERVED
CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway
versions 10.1 ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2017-7218
RESERVED
CVE-2017-7217
@@ -22952,21 +22952,21 @@
CVE-2016-8728
RESERVED
CVE-2016-8727 (An exploitable information disclosure vulnerability exists in
the Web ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-8726 (An exploitable null pointer dereference vulnerability exists in
the ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-8725 (An exploitable information disclosure vulnerability exists in
the Web ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-8724 (An exploitable information disclosure vulnerability exists in
the ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-8723 (An exploitable null pointer dereference exists in the Web
Application ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-8722 (An exploitable Information Disclosure vulnerability exists in
the Web ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-8721
RESERVED
CVE-2016-8720 (An exploitable HTTP Header Injection vulnerability exists in
the Web ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-8719 (An exploitable reflected Cross-Site Scripting vulnerability
exists in ...)
NOT-FOR-US: Moxa
CVE-2016-8718 (An exploitable Cross-Site Request Forgery vulnerability exists
in the ...)
@@ -22984,7 +22984,7 @@
CVE-2016-8713 (A remote out of bound write / memory corruption vulnerability
exists ...)
NOT-FOR-US: Nitro Pro
CVE-2016-8712 (An exploitable nonce reuse vulnerability exists in the Web
Application ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-8711 (A potential remote code execution vulnerability exists in the
PDF ...)
NOT-FOR-US: Nitro Pro
CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in
the ...)
@@ -26338,7 +26338,7 @@
CVE-2016-7835
RESERVED
CVE-2016-7834 (SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260,
SNC-DH120, ...)
- TODO: check
+ NOT-FOR-US: SONY
CVE-2016-7833
RESERVED
CVE-2016-7832
@@ -29115,7 +29115,7 @@
CVE-2016-6819
RESERVED
CVE-2016-6818 (SQL injection vulnerability in SAP Business Intelligence
platform ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-6817 [denial of service]
RESERVED
- tomcat9 <itp> (bug #802312)
@@ -31882,7 +31882,7 @@
CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not
limit the ...)
NOT-FOR-US: SAP HANA
CVE-2016-6143 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2016-6142 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote
attackers ...)
NOT-FOR-US: SAP
CVE-2016-6141
@@ -36452,9 +36452,9 @@
CVE-2016-4900
RESERVED
CVE-2016-4899 (The datamover module in the Linux version of NovaBACKUP
DataCenter ...)
- TODO: check
+ NOT-FOR-US: NovaBACKUP
CVE-2016-4898 (The datamover module in the Linux version of NovaBACKUP
DataCenter ...)
- TODO: check
+ NOT-FOR-US: NovaBACKUP
CVE-2016-4897 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Usermin
CVE-2016-4896 (SetucoCMS allows remote attackers to alter or disclose
information, ...)
@@ -38881,9 +38881,9 @@
CVE-2016-4033
RESERVED
CVE-2016-4032 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005
build ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2016-4031 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005
build ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2016-4037 (The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU
allows ...)
- qemu 1:2.6+dfsg-1 (bug #822344)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -38896,7 +38896,7 @@
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2
(v2.6.0-rc3)
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=a49923d2837d20510d645d3758f1ad87c32d0730
(v2.6.0-rc3)
CVE-2016-4030 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005
build ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2016-4029 (WordPress before 4.5 does not consider octal and hexadecimal IP
...)
{DSA-3681-1 DLA-633-1}
- wordpress 4.5+dfsg-1
@@ -43035,11 +43035,11 @@
CVE-2016-2573
RESERVED
CVE-2016-2567 (secfilter in the Samsung kernel for Android on SM-N9005 build
...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2016-2566 (Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy
S6) ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2016-2565 (Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy
S6) ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2016-2564
RESERVED
CVE-2016-2563 (Stack-based buffer overflow in the SCP command-line utility in
PuTTY ...)
@@ -43118,7 +43118,7 @@
CVE-2016-2556 (The Escape interface in the Kernel Mode Driver layer in the
NVIDIA GPU ...)
NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2555 (SQL injection vulnerability in
include/lib/mysql_connect.inc.php in ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2016-2553
REJECTED
CVE-2016-2552
@@ -45314,9 +45314,9 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-1/
NOTE: path disclosure not relevant on Debian
CVE-2016-2036 (The getURL function in drivers/secfilter/urlparser.c in
secfilter in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2015-8780 (Samsung wssyncmlnps before 2015-10-31 allows directory
traversal in a ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2016-2069 (Race condition in arch/x86/mm/tlb.c in the Linux kernel before
4.4.1 ...)
{DSA-3503-1 DLA-412-1}
- linux 4.3.5-1
@@ -45831,9 +45831,9 @@
CVE-2016-1916 (Cross-site scripting (XSS) vulnerability in the Management
Console in ...)
NOT-FOR-US: BlackBerry
CVE-2016-1915 (Multiple cross-site scripting (XSS) vulnerabilities in
BlackBerry ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2016-1914 (Multiple SQL injection vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2016-1913 (Multiple cross-site scripting (XSS) vulnerabilities in the
Redhen ...)
NOT-FOR-US: Redhen module for Drupal
CVE-2016-1912 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr
...)
@@ -48526,7 +48526,7 @@
CVE-2016-1156 (LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on
OS X ...)
NOT-FOR-US: LINE
CVE-2016-1155 (HTTP header injection vulnerability in the URLConnection class
in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-1154 (SQL injection vulnerability in the Help plug-in 1.3.5 and
earlier in ...)
NOT-FOR-US: Cuore EC-CUBE
CVE-2016-1153 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote
...)
@@ -48572,7 +48572,7 @@
CVE-2016-1133 (CRLF injection vulnerability in the on_req function in ...)
NOT-FOR-US: H2O
CVE-2016-1132 (Shoplat App for iOS 1.10.00 through 1.18.00 does not properly
verify ...)
- TODO: check
+ NOT-FOR-US: Shoplat App
CVE-2016-1131 (Buffer overflow in the CL_vsprintf function in Takumi Yamada DX
...)
NOT-FOR-US: Takumi Yamada
CVE-2015-8698 (CA Release Automation (formerly LISA Release Automation) 5.0.2
before ...)
@@ -52737,11 +52737,11 @@
CVE-2015-8285
RESERVED
CVE-2015-8284 (SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer
users to ...)
- TODO: check
+ NOT-FOR-US: SeaWell Networks Spectrum
CVE-2015-8283 (Directory traversal vulnerability in configure_manage.php in
SeaWell ...)
- TODO: check
+ NOT-FOR-US: SeaWell Networks Spectrum
CVE-2015-8282 (SeaWell Networks Spectrum SDC 02.05.00 has a default password
of ...)
- TODO: check
+ NOT-FOR-US: SeaWell Networks Spectrum
CVE-2015-8281 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows
attackers to ...)
NOT-FOR-US: Samsung
CVE-2015-8280 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
