Author: jmm
Date: 2017-12-21 16:11:04 +0000 (Thu, 21 Dec 2017)
New Revision: 58803
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-21 16:01:32 UTC (rev 58802)
+++ data/CVE/list 2017-12-21 16:11:04 UTC (rev 58803)
@@ -5122,7 +5122,7 @@
CVE-2017-17567 (Scubez Posty Readymade Classifieds has SQL Injection via the
...)
NOT-FOR-US: Scubez Posty Readymade Classifieds
CVE-2017-17562 (Embedthis GoAhead before 3.6.5 allows remote code execution if
CGI is ...)
- TODO: check
+ NOT-FOR-US: Embedthis GoAhead
CVE-2017-17561 (SeaCMS 6.56 allows remote authenticated administrators to
execute ...)
NOT-FOR-US: SeaCMS
CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100
2.30.172 ...)
@@ -12852,11 +12852,11 @@
CVE-2017-15878 (A cross-site scripting (XSS) vulnerability exists in ...)
NOT-FOR-US: KeystoneJS
CVE-2017-15877 (Insecure Permissions vulnerability in db.php file in GPWeb
8.4.61 ...)
- TODO: check
+ NOT-FOR-US: GPWeb
CVE-2017-15876 (Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows
remote ...)
- TODO: check
+ NOT-FOR-US: GPWeb
CVE-2017-15875 (SQL injection vulnerability in Password Recovery in GPWeb
8.4.61 ...)
- TODO: check
+ NOT-FOR-US: GPWeb
CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has
an ...)
- busybox 1:1.27.2-2 (bug #879732)
[stretch] - busybox <not-affected> (Vulnerable code not present)
@@ -12877,7 +12877,7 @@
CVE-2017-15871 (** DISPUTED ** The deserialize function in serialize-to-js
through ...)
NOT-FOR-US: Disputed serialize-to-js issue
CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks GlobalProtect Agent
CVE-2017-15869
RESERVED
CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c
in the ...)
@@ -13630,13 +13630,13 @@
CVE-2017-15533
RESERVED
CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible
to a ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2017-15531
RESERVED
CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be
susceptible to ...)
- TODO: check
+ NOT-FOR-US: Norton
CVE-2017-15529 (Prior to 4.4.1.10, the Norton Family Android App can be
susceptible to ...)
- TODO: check
+ NOT-FOR-US: Norton
CVE-2017-15528 (Prior to v 7.6, the Install Norton Security (INS) product can
be ...)
NOT-FOR-US: Install Norton Security
CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be
...)
@@ -13646,7 +13646,7 @@
CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be
...)
NOT-FOR-US: Symantec
CVE-2017-15524 (The Application Firewall Pack (AFP, aka Web Application
Firewall) ...)
- TODO: check
+ NOT-FOR-US: Kemp Load Balancer
CVE-2017-15523
RESERVED
CVE-2017-15522
@@ -15205,9 +15205,9 @@
CVE-2017-15050
RESERVED
CVE-2017-15049 (The ZoomLauncher binary in the Zoom client for Linux before
...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2017-15048 (Stack-based buffer overflow in the ZoomLauncher binary in the
Zoom ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2
allows ...)
- redis 4:4.0.2-5 (bug #878076; unimportant)
[jessie] - redis <not-affected> (Vulnerable code introduced later)
@@ -17274,7 +17274,7 @@
CVE-2017-14387 (The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 -
8.0.1.1, and ...)
NOT-FOR-US: EMC Isilon OneFS
CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction
Laser ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family,
versions ...)
NOT-FOR-US: EMC Data Domain DD OS
CVE-2017-14384
@@ -18052,7 +18052,7 @@
CVE-2017-14135 (enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py
in the ...)
NOT-FOR-US: webadmin plugin for opendreambox
CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password
page of ...)
- TODO: check
+ NOT-FOR-US: Maplesoft Maple
CVE-2017-14133
RESERVED
CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of
service ...)
@@ -18178,7 +18178,7 @@
NOTE:
http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html
NOTE:
http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html
CVE-2017-14101 (A security researcher found an XML External Entity (XXE)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Conserus Image Repository
CVE-2017-14097
RESERVED
CVE-2017-14096
@@ -20438,13 +20438,13 @@
CVE-2017-13174 (An elevation of privilege vulnerability in the kernel edl.
Product: ...)
TODO: check
CVE-2017-13173 (An elevation of privilege vulnerability in the MediaTek system
server. ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2017-13172 (An elevation of privilege vulnerability in the MediaTek
bluetooth ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2017-13171 (An elevation of privilege vulnerability in the MediaTek
performance ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2017-13170 (An elevation of privilege vulnerability in the MediaTek
display ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2017-13169 (An information disclosure vulnerability in the kernel camera
server. ...)
TODO: check
CVE-2017-13168 (An elevation of privilege vulnerability in the kernel scsi
driver. ...)
@@ -20695,7 +20695,7 @@
CVE-2017-13071 (QNAP has already patched this vulnerability. This security
concern ...)
NOT-FOR-US: QNAP
CVE-2017-13070 (A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe)
version ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities
found in ...)
NOT-FOR-US: QNAP
CVE-2017-13068 (QNAP has already patched this vulnerability. This security
concern ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
