Author: jmm
Date: 2017-10-23 11:10:04 +0000 (Mon, 23 Oct 2017)
New Revision: 56923
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-23 09:10:16 UTC (rev 56922)
+++ data/CVE/list 2017-10-23 11:10:04 UTC (rev 56923)
@@ -1,5 +1,5 @@
CVE-2017-15805 (Cisco Small Business SA520 and SA540 devices with firmware
2.1.71 and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-15804 (The glob function in glob.c in the GNU C Library (aka glibc or
libc6) ...)
- glibc <unfixed> (low)
[stretch] - glibc <no-dsa> (Minor issue)
@@ -244,7 +244,7 @@
CVE-2017-15688
RESERVED
CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media
Server ...)
- TODO: check
+ NOT-FOR-US: Logitech
CVE-2017-15686
RESERVED
CVE-2017-15685
@@ -464,13 +464,13 @@
CVE-2017-15581
RESERVED
CVE-2017-15580 (osTicket 1.10.1 provides a functionality to upload 'html'
files with ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via
an ...)
NOT-FOR-US: PHPSUGAR PHP Melody
CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via
the image ...)
NOT-FOR-US: PHPSUGAR PHP Melody
CVE-2017-15567 (The certificate import component in IDEMIA (formerly Morpho)
...)
- TODO: check
+ NOT-FOR-US: IDEMIA
CVE-2017-15566
RESERVED
CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the
...)
@@ -941,13 +941,13 @@
CVE-2017-15382
RESERVED
CVE-2017-15381 (SQL Injection exists in E-Sic 1.0 via the f parameter to ...)
- TODO: check
+ NOT-FOR-US: E-Sic
CVE-2017-15380 (XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the
...)
- TODO: check
+ NOT-FOR-US: E-Sic
CVE-2017-15379 (An authentication bypass exists in the E-Sic 1.0 /index (aka
login) URI ...)
- TODO: check
+ NOT-FOR-US: E-Sic
CVE-2017-15378 (SQL Injection exists in the E-Sic 1.0 password reset parameter
(aka the ...)
- TODO: check
+ NOT-FOR-US: E-Sic
CVE-2017-15377 (In Suricata before 4.x, it was possible to trigger lots of
redundant ...)
TODO: check
CVE-2017-15376 (The TELNET service in Mobatek MobaXterm 10.4 does not require
...)
@@ -3855,17 +3855,17 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21990
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=452bf675ea772002aa86fb1d28f3474da70ee1de
CVE-2017-14332 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Extreme EXOS
CVE-2017-14331 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to
bypass the ...)
- TODO: check
+ NOT-FOR-US: Extreme EXOS
CVE-2017-14330 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to
obtain a ...)
- TODO: check
+ NOT-FOR-US: Extreme EXOS
CVE-2017-14329 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to
obtain a ...)
- TODO: check
+ NOT-FOR-US: Extreme EXOS
CVE-2017-14328 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Extreme EXOS
CVE-2017-14327 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to
read ...)
- TODO: check
+ NOT-FOR-US: Extreme EXOS
CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was
found in ...)
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/740
@@ -8444,7 +8444,7 @@
NOTE: https://sourceforge.net/p/mpg123/bugs/254/
NOTE: https://sourceforge.net/p/mpg123/mailman/message/35987663/
CVE-2017-12796 (The Reporting Compatibility Add On before 2.0.4 for OpenMRS,
as ...)
- TODO: check
+ NOT-FOR-US: OpenMRS addon
CVE-2017-12795
RESERVED
CVE-2017-12794 (In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML
...)
@@ -14738,9 +14738,9 @@
CVE-2017-9948 (A stack buffer overflow vulnerability has been discovered in
Microsoft ...)
NOT-FOR-US: Microsoft Skype
CVE-2017-9947 (A vulnerability has been identified in Siemens APOGEE PXC and
TALON TC ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2017-9946 (A vulnerability has been identified in Siemens APOGEE PXC and
TALON TC ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2017-9945 (In the Siemens 7KM PAC Switched Ethernet PROFINET expansion
module (All ...)
NOT-FOR-US: Siemens
CVE-2017-9944
@@ -25414,89 +25414,89 @@
CVE-2017-7151
RESERVED
CVE-2017-7150 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7149 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7148 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7147 (An issue was discovered in certain Apple products. The Apple
Support ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7146 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7145 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7144 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ TODO: check, potentially webkit
CVE-2017-7143 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7142 (An issue was discovered in certain Apple products. Safari
before 11 is ...)
- webkit2gtk 2.18.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
NOTE: Not covered by security support
CVE-2017-7141 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7140 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7139 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7138 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7137 (An issue was discovered in certain Apple products. Xcode before
9 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7136 (An issue was discovered in certain Apple products. Xcode before
9 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7135 (An issue was discovered in certain Apple products. Xcode before
9 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7134 (An issue was discovered in certain Apple products. Xcode before
9 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7133 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7132
RESERVED
CVE-2017-7131 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7130 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ TODO: check, potentially sqlite
CVE-2017-7129 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ TODO: check, potentially sqlite
CVE-2017-7128 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ TODO: check, potentially sqlite
CVE-2017-7127 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ TODO: check, potentially sqlite
CVE-2017-7126 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ TODO: check, potentially file
CVE-2017-7125 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ TODO: check, potentially file
CVE-2017-7124 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ TODO: check, potentially file
CVE-2017-7123 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ TODO: check, potentially file
CVE-2017-7122 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ TODO: check, potentially file
CVE-2017-7121 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ TODO: check, potentially file
CVE-2017-7120 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- webkit2gtk 2.18.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
NOTE: Not covered by security support
CVE-2017-7119 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7118 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7117 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- webkit2gtk 2.18.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
NOTE: Not covered by security support
CVE-2017-7116 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7115 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7114 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7113
RESERVED
CVE-2017-7112 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7111 (An issue was discovered in certain Apple products. iOS before
11 is ...)
- webkit2gtk 2.18.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
