Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5904a06 by Salvatore Bonaccorso at 2018-01-11T22:18:52+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9247,7 +9247,7 @@ CVE-2018-1363
CVE-2018-1362
RESERVED
CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site
...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Portal
CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a
0xb3702c04 ...)
NOT-FOR-US: Panda Global Protection
CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a
0xb3702c44 ...)
@@ -13555,7 +13555,7 @@ CVE-2018-0120
CVE-2018-0119
RESERVED
CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0117
RESERVED
CVE-2018-0116
@@ -17885,55 +17885,55 @@ CVE-2012-6707 (WordPress through 4.8.2 uses a weak
MD5-based password hashing ..
NOTE: Proposed patch (but not merged):
https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff
NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and
following.
CVE-2017-15637 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15636 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15635 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15634 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15633 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15632 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15631 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15630 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15629 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15628 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15627 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15626 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15625 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15624 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15623 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15622 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15621 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15620 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15619 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15618 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15617 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15616 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15615 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15614 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15613 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected
newline (such ...)
- mistune 0.8-1 (bug #879098)
[stretch] - mistune <no-dsa> (Minor issue)
@@ -43700,9 +43700,9 @@ CVE-2016-10259 (Blue Coat SSL Visibility (SSLV) 3.x
before 3.11.3.1 is susceptib
CVE-2016-10258
RESERVED
CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior
to ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7
(prior to ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through
1.7.1. A ...)
NOT-FOR-US: cloudflare-scrape
CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9
before ...)
@@ -51460,9 +51460,9 @@ CVE-2017-4952
CVE-2017-4951
RESERVED
CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free
vulnerability ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon
View ...)
NOT-FOR-US: VMware
CVE-2017-4947
@@ -53980,7 +53980,7 @@ CVE-2017-3767 (A local privilege escalation
vulnerability was identified in the
CVE-2017-3766
RESERVED
CVE-2017-3765 (In Enterprise Networking Operating System (ENOS) in Lenovo and
IBM ...)
- TODO: check
+ NOT-FOR-US: IBM RackSwitch and BladeCenter products
CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator
(LXCA) ...)
NOT-FOR-US: Lenovo XClarity Administrator
CVE-2017-3763 (An attacker who obtains access to the location where the LXCA
file ...)
@@ -59748,9 +59748,9 @@ CVE-2017-1742
CVE-2017-1741
RESERVED
CVE-2017-1740 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1,
and ...)
- TODO: check
+ NOT-FOR-US: IBM Curam Social Program Management
CVE-2017-1739 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and
7.0.1 is ...)
- TODO: check
+ NOT-FOR-US: IBM Curam Social Program Management
CVE-2017-1738
RESERVED
CVE-2017-1737
@@ -59866,7 +59866,7 @@ CVE-2017-1683 (IBM Connections Engagement Center 6.0 is
vulnerable to cross-site
CVE-2017-1682
RESERVED
CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for
Bluemix ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2017-1680
RESERVED
CVE-2017-1679
@@ -59886,17 +59886,17 @@ CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5,
2.6, and 2.7 is vulnerable
CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to
...)
NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1671 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow
a ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1670 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores
sensitive ...)
NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1668 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow
a ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1667
RESERVED
CVE-2017-1666 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is
vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker
than ...)
NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker
than ...)
@@ -59982,7 +59982,7 @@ CVE-2017-1625
CVE-2017-1624
RESERVED
CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting.
This ...)
- TODO: check
+ NOT-FOR-US: IBM QRadar
CVE-2017-1622
RESERVED
CVE-2017-1621
@@ -60004,7 +60004,7 @@ CVE-2017-1614
CVE-2017-1613 (IBM Connections 6.0 could allow an unauthenticated remote
attacker to ...)
NOT-FOR-US: IBM Connections
CVE-2017-1612 (IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace
module ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere MQ
CVE-2017-1611
RESERVED
CVE-2017-1610
@@ -60160,9 +60160,9 @@ CVE-2017-1536 (IBM Support Tools for Lotus WCM (IBM
WebSphere Portal 7.0, 8.0, 8
CVE-2017-1535 (IBM Cognos Analytics 11.0 is vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
CVE-2017-1534 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could
allow a ...)
- TODO: check
+ NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1533 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to
...)
- TODO: check
+ NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1532
RESERVED
CVE-2017-1531 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to
...)
@@ -60242,7 +60242,7 @@ CVE-2017-1495 (IBM InfoSphere Information Server 9.1,
11.3, and 11.5 could allow
CVE-2017-1494 (IBM Business Process Manager 8.5 is vulnerable to cross-site
...)
NOT-FOR-US: IBM Business Process Manager
CVE-2017-1493 (IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an
authenticated ...)
- TODO: check
+ NOT-FOR-US: IBM UrbanCode Deploy
CVE-2017-1492
RESERVED
CVE-2017-1491 (IBM QRadar Network Security 5.4 supports interaction between
multiple ...)
@@ -60272,7 +60272,7 @@ CVE-2017-1480
CVE-2017-1479
RESERVED
CVE-2017-1478 (IBM Security Access Manager Appliance 9.0.0 allows web pages to
be ...)
- TODO: check
+ NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a
XML ...)
NOT-FOR-US: IBM
CVE-2017-1476
@@ -60310,7 +60310,7 @@ CVE-2017-1461 (IBM DOORS Next Generation (DNG/RRC) 4.0,
5.0, and 6.0 is vulnerab
CVE-2017-1460 (IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue
router ...)
NOT-FOR-US: IBM
CVE-2017-1459 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies
...)
- TODO: check
+ NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1458 (IBM QRadar Network Security 5.4 is vulnerable to a XML External
Entity ...)
NOT-FOR-US: IBM
CVE-2017-1457 (IBM QRadar Network Security 5.4 is vulnerable to cross-site
scripting. ...)
@@ -61591,7 +61591,7 @@ CVE-2016-9724 (IBM QRadar 7.2 is vulnerable to a denial
of service, caused by an
CVE-2016-9723 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
CVE-2016-9722 (IBM QRadar 7.2 and 7.3 specifies permissions for a
security-critical ...)
- TODO: check
+ NOT-FOR-US: IBM QRadar
CVE-2016-9721
RESERVED
CVE-2016-9720 (IBM QRadar 7.2 discloses sensitive information to unauthorized
users. ...)
@@ -65270,9 +65270,9 @@ CVE-2016-9111 (Incorrect access control mechanisms in
Citrix Receiver Desktop Lo
CVE-2016-9110
RESERVED
CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13,
ASG 6.7 ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to
6.7.2.1, ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2016-9098
REJECTED
CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to
6.6.5.8, ...)
@@ -67155,7 +67155,7 @@ CVE-2016-8495 (An improper certificate validation
vulnerability in Fortinet ...)
CVE-2016-8494 (Insufficient verification of uploaded files allows attackers
with ...)
NOT-FOR-US: Fortiguard
CVE-2016-8493 (In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate
...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate
allows ...)
NOT-FOR-US: Fortinet FortiWLC
CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet
FortiWLC ...)
@@ -121203,7 +121203,7 @@ CVE-2012-6684 (Cross-site scripting (XSS)
vulnerability in the RedCloth library
CVE-2012-6683
RESERVED
CVE-2012-6682 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: DragonByte Technologies vBDownloads module for vBulletin
CVE-2012-6681
RESERVED
CVE-2012-6680
@@ -121225,15 +121225,15 @@ CVE-2012-6673
CVE-2012-6672
RESERVED
CVE-2012-6671 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: DragonByte Technologies Forumon RPG module for vBulletin
CVE-2012-6670 (Multiple cross-site scripting (XSS) vulnerabilities in the
DragonByte ...)
- TODO: check
+ NOT-FOR-US: DragonByte Technologies vbActivity module for vBulletin
CVE-2012-6669
RESERVED
CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the
Shout ...)
- TODO: check
+ NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in
DragonByte ...)
- TODO: check
+ NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
CVE-2012-6666
RESERVED
CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before
2.6.38 ...)
@@ -131032,7 +131032,7 @@ CVE-2014-5396 (The web interface in Schrack Technik
microControl with firmware b
CVE-2014-5395 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Huawei ...)
NOT-FOR-US: Huawei Routers
CVE-2014-5394 (Multiple Huawei Campus switches allow remote attackers to
enumerate ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2014-5393 (Directory traversal vulnerability in the JobScheduler
Operations ...)
NOT-FOR-US: JobScheduler
CVE-2014-5392 (XML External Entity (XXE) vulnerability in JobScheduler before
...)
@@ -131952,13 +131952,13 @@ CVE-2014-5073 (vmtadmin.cgi in VMTurbo Operations
Manager before 4.6 build 28657
CVE-2014-5072
RESERVED
CVE-2014-5071 (SQL injection vulnerability in the checkPassword function in
...)
- TODO: check
+ NOT-FOR-US: Symmetricom
CVE-2014-5070 (Symmetricom s350i 2.70.15 allows remote authenticated users to
gain ...)
- TODO: check
+ NOT-FOR-US: Symmetricom
CVE-2014-5069 (Cross-site scripting (XSS) vulnerability in Symmetricom s350i
2.70.15 ...)
- TODO: check
+ NOT-FOR-US: Symmetricom
CVE-2014-5068 (Directory traversal vulnerability in the web application in ...)
- TODO: check
+ NOT-FOR-US: Symmetricom
CVE-2014-5067
RESERVED
CVE-2014-5066
@@ -132252,7 +132252,7 @@ CVE-2014-4974 (The ESET Personal Firewall NDIS filter
(EpFwNdis.sys) kernel mode
CVE-2014-4973 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in
the ...)
NOT-FOR-US: ESET Personal Firewall
CVE-2014-4972 (Unrestricted file upload vulnerability in the Gravity Upload
Ajax ...)
- TODO: check
+ NOT-FOR-US: Gravity Upload Ajax plugin for WordPress
CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain
IRP ...)
NOT-FOR-US: Microsoft Windows XP
CVE-2014-4970
@@ -140073,7 +140073,7 @@ CVE-2014-2072
RESERVED
NOT-FOR-US: Dassault Systemes Catia
CVE-2014-2071 (Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before ...)
- TODO: check
+ NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2014-2070
RESERVED
CVE-2014-2069
@@ -180622,7 +180622,7 @@ CVE-2012-0701 (The client applications in the
DataStage Administrator client in
CVE-2012-0700 (The client in InfoSphere FastTrack 8.1 through 8.7 in IBM
InfoSphere ...)
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0699 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Family ...)
- TODO: check
+ NOT-FOR-US: Family Connections CMS
CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause
a ...)
{DSA-2576-1}
- trousers 0.3.9-1 (low; bug #692649)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5904a061dad165be6c9cfd7319290d879ab3917
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5904a061dad165be6c9cfd7319290d879ab3917
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
