diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2017-02-21 17:50:07 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2017-02-21 17:50:07 +0000 |
commit | cacaf48277172b4a39f517f827a0db74518e7f27 (patch) | |
tree | d12e7b591f81b6e483317484917e85c6d53d9829 /data/CVE | |
parent | ac7de21dd85cd83514e377b7701ec8fa50ba6df6 (diff) |
new php-horde-text-filter issue
some linux issues android-specific
convert open-xchange ITP entries to NFUs, the ITP is dead for over 12 years and the license of the frontend is non-free anyway
drop sqlalchemy entry, no CVE assigned and would amount to a doc change anyway
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@49103 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2006.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 54 | ||||
-rw-r--r-- | data/CVE/2014.list | 28 | ||||
-rw-r--r-- | data/CVE/2015.list | 9 | ||||
-rw-r--r-- | data/CVE/2016.list | 42 | ||||
-rw-r--r-- | data/CVE/2017.list | 2 |
6 files changed, 67 insertions, 72 deletions
diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 68b9ad48fa..6f2de6239a 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -10157,7 +10157,7 @@ CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns ...) NOT-FOR-US: tinyBB CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote ...) NOT-FOR-US: Nukedit CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...) @@ -16251,7 +16251,7 @@ CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME CVE-2006-0092 REJECTED CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...) NOT-FOR-US: IDV Directory Viewer CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index aa4fb87b7d..28940c3984 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -987,13 +987,13 @@ CVE-2013-7145 CVE-2013-7144 (LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X ...) NOT-FOR-US: LINE CVE-2013-7143 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-7142 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-7141 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-7140 (XML External Entity (XXE) vulnerability in the CalDAV interface in ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-7139 (SQL injection vulnerability in download.php in Horizon Quick Content ...) NOT-FOR-US: Horizon CMS CVE-2013-7138 (Directory traversal vulnerability in lib/functions/d-load.php in ...) @@ -1456,7 +1456,7 @@ CVE-2013-6999 (** DISPUTED ** The IsHandleEntrySecure function in win32k.sys in CVE-2013-6998 REJECTED CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-6996 RESERVED CVE-2013-6995 @@ -3498,9 +3498,9 @@ CVE-2013-6275 [CSRF] - ingo1 <not-affected> (Affected code not present) CVE-2013-6242 RESERVED - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-6240 RESERVED CVE-2013-6239 @@ -3843,7 +3843,7 @@ CVE-2013-6075 (The compare_dn function in utils/identification.c in strongSwan 4 {DSA-2789-1} - strongswan 5.1.0-3 CVE-2013-6074 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-6073 RESERVED CVE-2013-6072 @@ -3999,7 +3999,7 @@ CVE-2013-6011 (Citrix NetScaler Application Delivery Controller (ADC) 10.0 befor CVE-2013-6010 (Cross-site scripting (XSS) vulnerability in the Comment Attachment ...) NOT-FOR-US: Wordpress Comment-Attachment plugin CVE-2013-6009 (CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-6008 RESERVED CVE-2013-6007 @@ -4151,11 +4151,11 @@ CVE-2013-5938 (Cross-site scripting (XSS) vulnerability in the Click2Sell Suite CVE-2013-5937 (Cross-site request forgery (CSRF) vulnerability in the Click2Sell ...) NOT-FOR-US: Click2Sell Suite Drupal contributed module CVE-2013-5936 (The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-5935 (The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-5934 (Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-5933 (Stack-based buffer overflow in the sub_E110 function in init in a ...) NOT-FOR-US: Motorola CVE-2013-5932 (Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro ...) @@ -4778,7 +4778,7 @@ CVE-2013-5700 (The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x CVE-2013-5699 RESERVED CVE-2013-5698 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-5697 (SQL injection vulnerability in mod_accounting.c in the mod_accounting ...) - libapache-mod-acct <removed> CVE-2013-5696 (inc/central.class.php in GLPI before 0.84.2 does not attempt to make ...) @@ -4800,7 +4800,7 @@ CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts) [wheezy] - kfreebsd-8 8.3-6+deb7u1 CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-5687 RESERVED CVE-2013-5686 @@ -5956,7 +5956,7 @@ CVE-2013-5202 CVE-2013-5201 RESERVED CVE-2013-5200 (The (1) REST and (2) memcache interfaces in the Hazelcast cluster API ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-5199 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-5198 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, ...) @@ -6292,7 +6292,7 @@ CVE-2013-5037 (The HOT HOTBOX router with software 2.1.11 has a default WPS PIN CVE-2013-5036 (The Square Squash allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Square Squash CVE-2013-5035 (Multiple race conditions in HtmlCleaner before 2.6, as used in ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-5034 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...) NOT-FOR-US: Atmail CVE-2013-5033 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...) @@ -6860,7 +6860,7 @@ CVE-2013-4792 CVE-2013-4791 RESERVED CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before ...) NOT-FOR-US: Cotonti CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or ...) @@ -11382,7 +11382,7 @@ CVE-2013-3108 CVE-2013-3107 (VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding ...) NOT-FOR-US: vCenter CVE-2013-3106 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-3105 RESERVED CVE-2013-3104 @@ -12681,9 +12681,9 @@ CVE-2013-2585 (Cross-site scripting (XSS) vulnerability in Atmail Webmail Server CVE-2013-2584 RESERVED CVE-2013-2583 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-2582 (CRLF injection vulnerability in the redirect servlet in Open-Xchange ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-2581 (cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, ...) NOT-FOR-US: TP-Link IP Cameras CVE-2013-2580 (Unrestricted file upload vulnerability in cgi-bin/uploadfile in ...) @@ -15850,19 +15850,19 @@ CVE-2013-1652 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1 {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1651 (OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-1650 (Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-1649 (Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-1648 (The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-1647 (Multiple CRLF injection vulnerabilities in Open-Xchange Server before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-1646 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-1645 (Directory traversal vulnerability in Open-Xchange Server before 6.20.7 ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2013-1644 RESERVED CVE-2013-1643 (The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 32eb2fe40b..4bdffa3509 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1675,7 +1675,7 @@ CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP CVE-2014-9467 RESERVED CVE-2014-9466 (Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-9464 (SQL injection vulnerability in Category.php in Microweber CMS 0.95 ...) NOT-FOR-US: Microweber CMS CVE-2014-9463 @@ -3118,7 +3118,7 @@ CVE-2014-8996 (Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog CVE-2014-8995 (SQL injection vulnerability in Maarch LetterBox 2.8 allows remote ...) NOT-FOR-US: Maarch LetterBox CVE-2014-8993 (Cross-site scripting (XSS) vulnerability in the backend in ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-8992 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: MODX Revolution CVE-2014-9030 (The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x ...) @@ -6224,7 +6224,7 @@ CVE-2014-7873 CVE-2014-7872 (Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC ...) NOT-FOR-US: Comodo GeekBuddy CVE-2014-7871 (SQL injection vulnerability in Open-Xchange (OX) AppSuite before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-7870 (Cross-site scripting (XSS) vulnerability in the Custom Search module ...) NOT-FOR-US: Drupal module Custom Search CVE-2014-7869 (Cross-site scripting (XSS) vulnerability in the configuration UI in ...) @@ -12132,16 +12132,16 @@ CVE-2014-5239 (The Microsoft Outlook.com application before 7.8.2.12.49.7090 for NOT-FOR-US: Microsoft CVE-2014-5238 RESERVED - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-5237 (Server-side request forgery (SSRF) vulnerability in the ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-5236 RESERVED - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-5235 (Cross-site scripting (XSS) vulnerability in the frontend in ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-5234 (Cross-site scripting (XSS) vulnerability in the backend in ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-5274 (Cross-site scripting (XSS) vulnerability in the view operations page ...) - phpmyadmin 4:4.2.7.1-1 (low; bug #758536) [wheezy] - phpmyadmin <not-affected> (vulnerable code not present) @@ -19808,11 +19808,11 @@ CVE-2014-2395 CVE-2014-2394 RESERVED CVE-2014-2393 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-2392 (The E-Mail autoconfiguration feature in Open-Xchange AppSuite before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-2391 (The password recovery service in Open-Xchange AppSuite before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-2390 (Cross-site request forgery (CSRF) vulnerability in the User Management ...) NOT-FOR-US: McAfee Network Security Manager CVE-2014-2389 (Stack-based buffer overflow in a certain decryption function in ...) @@ -20572,9 +20572,9 @@ CVE-2014-2079 [File New sets inappropriate permissions in ACL enabled directorie [squeeze] - xfe <no-dsa> (Minor issue) CVE-2014-2078 RESERVED - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-2076 RESERVED CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK ...) @@ -21743,7 +21743,7 @@ CVE-2014-1681 (Multiple unspecified vulnerabilities in Google Chrome before ...) CVE-2014-1680 (Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 ...) NOT-FOR-US: Bandisoft Bandizip CVE-2014-1679 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2014-1678 RESERVED CVE-2014-1677 [Technicolor TC7200 - Credentials Disclosure] diff --git a/data/CVE/2015.list b/data/CVE/2015.list index a83081fb92..aec187a576 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -4538,11 +4538,6 @@ CVE-2015-7707 (Ignite Realtime Openfire 3.10.2 allows remote authenticated users NOT-FOR-US: Ignite Realtime Openfire CVE-2015-7706 (Multiple cross-site scripting (XSS) vulnerabilities in Secure Data ...) NOT-FOR-US: Secure Data Space -CVE-2015-XXXX [EncryptedType uses static IV per key] - - python-sqlalchemy-utils <unfixed> - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/06/7 - NOTE: https://github.com/kvesteri/sqlalchemy-utils/issues/166 - TODO: check CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a ...) - gummi 0.6.5-6 (bug #756432) [jessie] - gummi 0.6.5-3+deb8u1 @@ -5538,7 +5533,7 @@ CVE-2015-7387 (ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier CVE-2015-7386 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Gallery - Photo Albums - Portfolio plugin for WordPress CVE-2015-7385 (Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2015-7384 [HTTP Denial of Service Vulnerability] RESERVED - nodejs 4.1.1~dfsg-3 (bug #800580) @@ -10715,7 +10710,7 @@ CVE-2015-5377 [Remote code execution vulnerability] CVE-2015-5376 RESERVED CVE-2015-5375 (Cross-site scripting (XSS) vulnerability in unspecified dialogs for ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange TODO: check CVE-2015-5374 (The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and ...) NOT-FOR-US: Siemens diff --git a/data/CVE/2016.list b/data/CVE/2016.list index f98eb70597..951169c38b 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -6059,20 +6059,20 @@ CVE-2016-8409 (An information disclosure vulnerability in the NVIDIA video drive CVE-2016-8408 (An information disclosure vulnerability in the NVIDIA video driver ...) NOT-FOR-US: NVIDIA driver for Android CVE-2016-8407 (An information disclosure vulnerability in kernel components including ...) - - linux <undetermined> + - linux <not-affected> (Android-specific Linux components) CVE-2016-8406 (An information disclosure vulnerability in kernel components including ...) - - linux <undetermined> + - linux <not-affected> (Android-specific Linux components) CVE-2016-8405 (An information disclosure vulnerability in kernel components including ...) - linux 4.9.6-1 NOTE: Fixed by: https://git.kernel.org/linus/2dc705a9930b4806250fbf5a76e55266e59389f2 CVE-2016-8404 (An information disclosure vulnerability in kernel components including ...) - - linux <undetermined> + - linux <not-affected> (Android-specific Linux components) CVE-2016-8403 (An information disclosure vulnerability in kernel components including ...) - - linux <undetermined> + - linux <not-affected> (Android-specific Linux components) CVE-2016-8402 (An information disclosure vulnerability in kernel components including ...) - - linux <undetermined> + - linux <not-affected> (Android-specific Linux components) CVE-2016-8401 (An information disclosure vulnerability in kernel components including ...) - - linux <undetermined> + - linux <not-affected> (Android-specific Linux components) CVE-2016-8400 (An information disclosure vulnerability in the NVIDIA librm library ...) NOT-FOR-US: NVIDIA driver for Android CVE-2016-8399 (An elevation of privilege vulnerability in the kernel networking ...) @@ -10282,31 +10282,31 @@ CVE-2016-6855 (Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770143 NOTE: https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4 CVE-2016-6854 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6853 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6852 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6851 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6850 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6849 RESERVED CVE-2016-6848 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6847 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6846 RESERVED CVE-2016-6845 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6844 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6843 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6842 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-6841 RESERVED CVE-2016-6840 (Cross-site scripting (XSS) vulnerability in the management interface ...) @@ -15425,7 +15425,7 @@ CVE-2016-5305 (Multiple cross-site scripting (XSS) vulnerabilities in management CVE-2016-5304 (Open redirect vulnerability in a report-routing component in Symantec ...) NOT-FOR-US: Symantec CVE-2016-5303 (Cross-site scripting (XSS) vulnerability in the Horde Text Filter API ...) - TODO: check + - php-horde-text-filter 2.3.5-1 (bug #837150) CVE-2016-5302 (Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has ...) NOT-FOR-US: Citrix CVE-2016-5299 @@ -16217,7 +16217,7 @@ CVE-2016-5127 (Use-after-free vulnerability in ...) CVE-2016-5125 RESERVED CVE-2016-5124 (An issue was discovered in Open-Xchange OX App Suite before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-5123 RESERVED CVE-2016-5122 @@ -21468,7 +21468,7 @@ CVE-2016-3176 (Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM exte CVE-2016-3175 RESERVED CVE-2016-3174 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange TODO: check CVE-2016-3173 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. ...) TODO: check @@ -22400,7 +22400,7 @@ CVE-2016-2858 (QEMU, when built with the Pseudo Random Number Generator (PRNG) . CVE-2016-8000 REJECTED CVE-2016-2840 (An issue was discovered in Open-Xchange Server 6 / OX AppSuite before ...) - - open-xchange <itp> (bug #269329) + NOT-FOR-US: Open-Xchange CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU allows ...) {DLA-574-1 DLA-573-1} - qemu 1:2.6+dfsg-1 (bug #817182) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index b00d043d17..b40a5f4703 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -7923,7 +7923,7 @@ CVE-2017-2628 CVE-2017-2627 [openstack-tripleo-common: sudoers file is too permissive] RESERVED NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421917 - TODO: check + NOT-FOR-US: RHEL packaging flaw for openstack CVE-2017-2626 RESERVED CVE-2017-2625 |