Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c6a1f793 by Salvatore Bonaccorso at 2018-01-01T20:41:11+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -8737,7 +8737,7 @@ CVE-2017-17070 CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 2017 ...) NOT-FOR-US: ActiveSetupN.exe in Amazon Audible for Windows CVE-2017-17068 (A cross-origin vulnerability has been discovered in the Auth0 auth0.js ...) - TODO: check + NOT-FOR-US: Auth0 auth0.js library CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...) NOT-FOR-US: Splunk Web CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the ...) @@ -10518,7 +10518,7 @@ CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 - ming <removed> NOTE: https://github.com/libming/libming/issues/75 CVE-2017-16897 (A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 ...) - TODO: check + NOT-FOR-US: Auth0 passport-wsfed-saml2 library CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass ...) - tt-rss <unfixed> (bug #882543) NOTE: https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669 @@ -23144,13 +23144,13 @@ CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in ...) - perl <not-affected> (Windows specific issue) NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public) CVE-2017-12813 (PHPJabbers File Sharing Script 1.0 has stored XSS in the comments ...) - TODO: check + NOT-FOR-US: PHPJabbers File Sharing Script CVE-2017-12812 (PHPJabbers Night Club Booking Software has stored XSS in the name ...) - TODO: check + NOT-FOR-US: PHPJabbers Night Club Booking Software CVE-2017-12811 (PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. ...) - TODO: check + NOT-FOR-US: PHPJabbers Star Rating Script CVE-2017-12810 (PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the ...) - TODO: check + NOT-FOR-US: PHPJabbers PHP Newsletter Script CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM ...) {DSA-3991-1} - qemu 1:2.10.0-1 (bug #873849) @@ -29632,7 +29632,7 @@ CVE-2017-9946 (A vulnerability has been identified in Siemens APOGEE PXC and TAL CVE-2017-9945 (In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All ...) NOT-FOR-US: Siemens CVE-2017-9944 (A vulnerability has been identified in Siemens 7KT PAC1200 data manager ...) - TODO: check + NOT-FOR-US: Siemens CVE-2017-9943 RESERVED CVE-2017-9942 (A vulnerability was discovered in Siemens SiPass integrated (All ...) @@ -40546,17 +40546,17 @@ CVE-2017-7165 CVE-2017-7164 RESERVED CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before ...) - TODO: check + NOT-FOR-US: Intel Graphics Driver on Apple / macOS CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7161 RESERVED CVE-2017-7160 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7159 (An issue was discovered in certain Apple products. macOS before ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7158 (An issue was discovered in certain Apple products. macOS before ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7157 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0010.html @@ -40566,13 +40566,13 @@ CVE-2017-7156 (An issue was discovered in certain Apple products. iOS before 11. NOTE: https://webkitgtk.org/security/WSA-2017-0010.html NOTE: Not covered by security support CVE-2017-7155 (An issue was discovered in certain Apple products. macOS before ...) - TODO: check + NOT-FOR-US: Intel Graphics Driver on Apple / macOS CVE-2017-7154 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7153 RESERVED CVE-2017-7152 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7151 RESERVED CVE-2017-7150 (An issue was discovered in certain Apple products. macOS before 10.13 ...) @@ -45118,7 +45118,7 @@ CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF vi CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari Server ...) NOT-FOR-US: Apache Ambari CVE-2017-5641 (Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not ...) - TODO: check + NOT-FOR-US: Apache Flex BlazeDS CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala daemon ...) NOT-FOR-US: Impala CVE-2017-5639 @@ -57982,7 +57982,7 @@ CVE-2017-0911 CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms, a ...) - zulip-server <itp> (bug #800052) CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable to a ...) - TODO: check + NOT-FOR-US: private_address_check ruby gem CVE-2017-0908 REJECTED CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, ...) @@ -93671,7 +93671,7 @@ CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphic CVE-2015-7890 RESERVED CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung S6 Edge ...) - TODO: check + NOT-FOR-US: Samsung CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...) NOT-FOR-US: WifiHs20UtilityService on Samsung S6 Edge LRX22G.G925VVRU1AOE2 CVE-2015-7887 (NetApp SnapCenter Server 1.0 allows remote authenticated users to list ...) @@ -95388,7 +95388,7 @@ CVE-2015-7326 (XML External Entity (XXE) vulnerability in Milton Webdav before . CVE-2015-7325 RESERVED CVE-2015-7324 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: StackIdeas Komento component for Joomla! CVE-2015-7323 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure ...) NOT-FOR-US: Pulse Connect Secure CVE-2015-7322 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure ...) @@ -106495,7 +106495,7 @@ CVE-2015-3304 CVE-2015-3303 RESERVED CVE-2015-3302 (The TheCartPress eCommerce Shopping Cart (aka The Professional ...) - TODO: check + NOT-FOR-US: TheCartPress eCommerce Shopping Cart CVE-2015-3301 (Directory traversal vulnerability in the TheCartPress eCommerce ...) NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) @@ -120415,7 +120415,7 @@ CVE-2014-8391 (The Web interface in Sendio before 7.2.4 does not properly handle CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 ...) NOT-FOR-US: Schneider Electric CVE-2014-8389 (cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 ...) - TODO: check + NOT-FOR-US: AirLive CVE-2014-8388 (Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin ...) NOT-FOR-US: Advantech WebAccess CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6a1f79366362f8c4dfc916200bb0721c344f063 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6a1f79366362f8c4dfc916200bb0721c344f063 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits