Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c6a1f793 by Salvatore Bonaccorso at 2018-01-01T20:41:11+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8737,7 +8737,7 @@ CVE-2017-17070
CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November
2017 ...)
NOT-FOR-US: ActiveSetupN.exe in Amazon Audible for Windows
CVE-2017-17068 (A cross-origin vulnerability has been discovered in the Auth0
auth0.js ...)
- TODO: check
+ NOT-FOR-US: Auth0 auth0.js library
CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x
before ...)
NOT-FOR-US: Splunk Web
CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha
implementations of the ...)
@@ -10518,7 +10518,7 @@ CVE-2017-16898 (The printMP3Headers function in
util/listmp3.c in libming v0.4.8
- ming <removed>
NOTE: https://github.com/libming/libming/issues/75
CVE-2017-16897 (A vulnerability has been discovered in the Auth0
passport-wsfed-saml2 ...)
- TODO: check
+ NOT-FOR-US: Auth0 passport-wsfed-saml2 library
CVE-2017-16896 (A SQL injection in classes/handler/public.php in the
forgotpass ...)
- tt-rss <unfixed> (bug #882543)
NOTE:
https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669
@@ -23144,13 +23144,13 @@ CVE-2017-12814 (Stack-based buffer overflow in the
CPerlHost::Add method in ...)
- perl <not-affected> (Windows specific issue)
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet
public)
CVE-2017-12813 (PHPJabbers File Sharing Script 1.0 has stored XSS in the
comments ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers File Sharing Script
CVE-2017-12812 (PHPJabbers Night Club Booking Software has stored XSS in the
name ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Night Club Booking Software
CVE-2017-12811 (PHPJabbers Star Rating Script 4.0 has stored XSS via a rating
item. ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Star Rating Script
CVE-2017-12810 (PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists
in the ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers PHP Newsletter Script
CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and
CD/DVD-ROM ...)
{DSA-3991-1}
- qemu 1:2.10.0-1 (bug #873849)
@@ -29632,7 +29632,7 @@ CVE-2017-9946 (A vulnerability has been identified in
Siemens APOGEE PXC and TAL
CVE-2017-9945 (In the Siemens 7KM PAC Switched Ethernet PROFINET expansion
module (All ...)
NOT-FOR-US: Siemens
CVE-2017-9944 (A vulnerability has been identified in Siemens 7KT PAC1200 data
manager ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2017-9943
RESERVED
CVE-2017-9942 (A vulnerability was discovered in Siemens SiPass integrated
(All ...)
@@ -40546,17 +40546,17 @@ CVE-2017-7165
CVE-2017-7164
RESERVED
CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before
...)
- TODO: check
+ NOT-FOR-US: Intel Graphics Driver on Apple / macOS
CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before
11.2 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7161
RESERVED
CVE-2017-7160 (An issue was discovered in certain Apple products. iOS before
11.2 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7159 (An issue was discovered in certain Apple products. macOS before
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7158 (An issue was discovered in certain Apple products. macOS before
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7157 (An issue was discovered in certain Apple products. iOS before
11.2 is ...)
- webkit2gtk 2.18.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
@@ -40566,13 +40566,13 @@ CVE-2017-7156 (An issue was discovered in certain
Apple products. iOS before 11.
NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
NOTE: Not covered by security support
CVE-2017-7155 (An issue was discovered in certain Apple products. macOS before
...)
- TODO: check
+ NOT-FOR-US: Intel Graphics Driver on Apple / macOS
CVE-2017-7154 (An issue was discovered in certain Apple products. iOS before
11.2 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7153
RESERVED
CVE-2017-7152 (An issue was discovered in certain Apple products. iOS before
11.2 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-7151
RESERVED
CVE-2017-7150 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
@@ -45118,7 +45118,7 @@ CVE-2017-5643 (Apache Camel's Validation Component is
vulnerable against SSRF vi
CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari
Server ...)
NOT-FOR-US: Apache Ambari
CVE-2017-5641 (Previous versions of Apache Flex BlazeDS (4.7.2 and earlier)
did not ...)
- TODO: check
+ NOT-FOR-US: Apache Flex BlazeDS
CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala
daemon ...)
NOT-FOR-US: Impala
CVE-2017-5639
@@ -57982,7 +57982,7 @@ CVE-2017-0911
CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms,
a ...)
- zulip-server <itp> (bug #800052)
CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable
to a ...)
- TODO: check
+ NOT-FOR-US: private_address_check ruby gem
CVE-2017-0908
REJECTED
CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8,
1.3.2, ...)
@@ -93671,7 +93671,7 @@ CVE-2015-7891 (Race condition in the ioctl
implementation in the Samsung Graphic
CVE-2015-7890
RESERVED
CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung
S6 Edge ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService
on the ...)
NOT-FOR-US: WifiHs20UtilityService on Samsung S6 Edge
LRX22G.G925VVRU1AOE2
CVE-2015-7887 (NetApp SnapCenter Server 1.0 allows remote authenticated users
to list ...)
@@ -95388,7 +95388,7 @@ CVE-2015-7326 (XML External Entity (XXE) vulnerability
in Milton Webdav before .
CVE-2015-7325
RESERVED
CVE-2015-7324 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: StackIdeas Komento component for Joomla!
CVE-2015-7323 (The Secure Meeting (Pulse Collaboration) in Pulse Connect
Secure ...)
NOT-FOR-US: Pulse Connect Secure
CVE-2015-7322 (The Secure Meeting (Pulse Collaboration) in Pulse Connect
Secure ...)
@@ -106495,7 +106495,7 @@ CVE-2015-3304
CVE-2015-3303
RESERVED
CVE-2015-3302 (The TheCartPress eCommerce Shopping Cart (aka The Professional
...)
- TODO: check
+ NOT-FOR-US: TheCartPress eCommerce Shopping Cart
CVE-2015-3301 (Directory traversal vulnerability in the TheCartPress eCommerce
...)
NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional
WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -120415,7 +120415,7 @@ CVE-2014-8391 (The Web interface in Sendio before
7.2.4 does not properly handle
CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before
2.2.168 ...)
NOT-FOR-US: Schneider Electric
CVE-2014-8389 (cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware
1.03.18 ...)
- TODO: check
+ NOT-FOR-US: AirLive
CVE-2014-8388 (Stack-based buffer overflow in Advantech WebAccess, formerly
BroadWin ...)
NOT-FOR-US: Advantech WebAccess
CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access
Point ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6a1f79366362f8c4dfc916200bb0721c344f063
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6a1f79366362f8c4dfc916200bb0721c344f063
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
