[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Sun Apr 1 14:02:09 BST 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67cd8f05 by Moritz Muehlenhoff at 2018-04-01T15:01:47+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -90,7 +90,7 @@ CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
 CVE-2018-9129
 	RESERVED
 CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf ...)
-	TODO: check
+	NOT-FOR-US: DVD X Player Standard
 CVE-2018-9127
 	RESERVED
 CVE-2018-9126
@@ -640,7 +640,7 @@ CVE-2018-8910
 CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...)
 	NOT-FOR-US: Wire application for Android
 CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The ...)
-	TODO: check
+	NOT-FOR-US: Frog CMS
 CVE-2018-8907
 	RESERVED
 CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...)
@@ -674,7 +674,7 @@ CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) a
 CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows ...)
 	NOT-FOR-US: 2345 Security Guard
 CVE-2018-8893 (Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ...)
-	TODO: check
+	NOT-FOR-US: Z-BlogPHP
 CVE-2018-8892
 	RESERVED
 CVE-2018-8891
@@ -5333,7 +5333,7 @@ CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins vers
 CVE-2018-7172 (In index.php in WonderCMS before 2.4.1, remote attackers can delete ...)
 	NOT-FOR-US: WonderCMS
 CVE-2018-7171 (Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 ...)
-	TODO: check
+	NOT-FOR-US: Twonky Server
 CVE-2018-7170 (ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows ...)
 	- ntp 1:4.2.8p11+dfsg-1
 	[stretch] - ntp <no-dsa> (Minor issue)
@@ -26339,7 +26339,7 @@ CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing function
 CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality ...)
 	NOT-FOR-US: MLAlchemy
 CVE-2017-16614 (SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows ...)
-	TODO: check
+	NOT-FOR-US: tpshop
 CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth through ...)
 	{DSA-4044-1}
 	- swauth 1.2.0-4 (bug #882314)
@@ -26644,7 +26644,7 @@ CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabil
 CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in ...)
 	NOT-FOR-US: Ipswitch WS_FTP Professional
 CVE-2017-16512 (The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 ...)
-	TODO: check
+	NOT-FOR-US: vagrant-vmware-fusion
 CVE-2017-16511
 	RESERVED
 CVE-2017-1000171 (Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to ...)
@@ -31568,7 +31568,7 @@ CVE-2017-14883 (In the function wma_unified_power_debug_stats_event_handler() in
 CVE-2017-14882 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14881 (While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14880
 	RESERVED
 CVE-2017-14879 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -71225,11 +71225,11 @@ CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site requ
 CVE-2017-1768
 	RESERVED
 CVE-2017-1767 (IBM Business Process Manager 8.6 is vulnerable to cross-site ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1766 (Due to incorrect authorization in IBM Business Process Manager 8.6 an ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated user ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1764
 	RESERVED
 CVE-2017-1763
@@ -71247,7 +71247,7 @@ CVE-2017-1758 (IBM Financial Transaction Manager for ACH Services for Multi-Plat
 CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote ...)
 	NOT-FOR-US: IBM Security Guardium
 CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored locally ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1755
 	RESERVED
 CVE-2017-1754
@@ -71265,7 +71265,7 @@ CVE-2017-1749
 CVE-2017-1748
 	RESERVED
 CVE-2017-1747 (A specially crafted message could cause a denial of service in IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1746 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is ...)
 	NOT-FOR-US: IBM Jazz for Service Management
 CVE-2017-1745
@@ -71349,7 +71349,7 @@ CVE-2017-1707
 CVE-2017-1706
 	RESERVED
 CVE-2017-1705 (IBM Security Privileged Identity Manager 2.1.0 contains left-over, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1704
 	RESERVED
 CVE-2017-1703
@@ -84459,7 +84459,7 @@ CVE-2016-6660
 CVE-2016-6659 (Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, ...)
 	NOT-FOR-US: Pivotal
 CVE-2016-6658 (Applications in cf-release before 245 can be configured and pushed ...)
-	TODO: check
+	NOT-FOR-US: cf-release
 CVE-2016-6657 (An open redirect vulnerability has been detected with some Pivotal ...)
 	NOT-FOR-US: Pivotal
 CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation ...)
@@ -104137,7 +104137,7 @@ CVE-2016-0900 (Cross-site scripting (XSS) vulnerability in EMC RSA Authenticatio
 CVE-2016-0899 (EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated ...)
 	NOT-FOR-US: RSA Archer GRC Platform
 CVE-2016-0898 (MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS ...)
-	TODO: check
+	NOT-FOR-US: MySQL for PCF tiles
 CVE-2016-0897 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before ...)
 	NOT-FOR-US: Pivotal Cloud Foundry
 CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x ...)
@@ -125624,7 +125624,7 @@ CVE-2015-2022
 CVE-2015-2021
 	RESERVED
 CVE-2015-2020 (The MyScript SDK before 1.3 for Android might allow attackers to ...)
-	TODO: check
+	NOT-FOR-US: MyScript SDK
 CVE-2015-2019 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...)
 	NOT-FOR-US: IBM
 CVE-2015-2018 (IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67cd8f05599151e09679e488051a959c2b022433

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67cd8f05599151e09679e488051a959c2b022433
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180401/30fd38a2/attachment.html>


More information about the debian-security-tracker-commits mailing list