[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Apr 2 21:40:34 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
80e516f8 by Moritz Muehlenhoff at 2018-04-02T22:40:18+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
CVE-2018-9231
RESERVED
CVE-2018-9230 (In OpenResty before 1.13.6.1, URI parameters were obtained using the ...)
- TODO: check
+ NOT-FOR-US: OpenResty
CVE-2018-9229
RESERVED
CVE-2018-9228
@@ -95,7 +95,7 @@ CVE-2018-9185
CVE-2018-9184
RESERVED
CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2018-9182
RESERVED
CVE-2018-9181
@@ -136,7 +136,7 @@ CVE-2018-9165 (The pushdup function in util/decompile.c in libming through 0.4.8
CVE-2018-9164
RESERVED
CVE-2018-9163 (A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2018-9162 (Contec Smart Home 4.15 devices do not require authentication for ...)
NOT-FOR-US: Contec Smart Home
CVE-2018-9161 (Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers ...)
@@ -6741,11 +6741,11 @@ CVE-2018-6663
CVE-2018-6662
RESERVED
CVE-2018-6661 (DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6660 (Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6659 (Reflected Cross-Site Scripting vulnerability in McAfee ePolicy ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6658
RESERVED
CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through ...)
@@ -8131,11 +8131,11 @@ CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in DirectX and
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6250 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel mode ...)
- nvidia-graphics-drivers <unfixed> (bug #894338)
[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -8148,9 +8148,9 @@ CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel mode
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6248 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6247 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6246
RESERVED
CVE-2018-6245
@@ -21222,7 +21222,7 @@ CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x a
CVE-2018-1296
RESERVED
CVE-2018-1295 (In Apache Ignite 2.3 or earlier, the serialization mechanism does not ...)
- TODO: check
+ NOT-FOR-US: Apache Ignite
CVE-2018-1294 (If a user of Commons-Email (typically an application programmer) ...)
- commons-email <not-affected> (Fixed with first upload to Debian)
NOTE: https://marc.info/?i=CAF8HOZ+J3NkaywfbHuQpHxK9ZXeT4=4Vs9rOwCDiUdnt1QA1Yw@mail.gmail.com
@@ -22724,7 +22724,7 @@ CVE-2018-1040
CVE-2018-1039
RESERVED
CVE-2018-1038 (The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-1037
RESERVED
CVE-2018-1036
@@ -24771,7 +24771,7 @@ CVE-2018-0196 (A vulnerability in the web-based user interface (web UI) of Cisco
CVE-2018-0195 (A vulnerability in the Cisco IOS XE Software REST API could allow an ...)
NOT-FOR-US: Cisco
CVE-2018-0194 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0193 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
NOT-FOR-US: Cisco
CVE-2018-0192
@@ -77977,7 +77977,7 @@ CVE-2016-8719 (An exploitable reflected Cross-Site Scripting vulnerability exist
CVE-2016-8718 (An exploitable Cross-Site Request Forgery vulnerability exists in the ...)
NOT-FOR-US: Moxa
CVE-2016-8717 (An exploitable Use of Hard-coded Credentials vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-8716 (An exploitable Cleartext Transmission of Password vulnerability exists ...)
NOT-FOR-US: Moxa
CVE-2016-8715 (An exploitable heap corruption vulnerability exists in the loadTrailer ...)
@@ -125831,15 +125831,15 @@ CVE-2015-2006
CVE-2015-2005 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-2004 (The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might ...)
- TODO: check
+ NOT-FOR-US: GraceNote GNSDK SDK
CVE-2015-2003 (The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might ...)
- TODO: check
+ NOT-FOR-US: PJSIP PJSUA2 SDK
CVE-2015-2002 (The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow ...)
- TODO: check
+ NOT-FOR-US: ESRI ArcGis Runtime SDK
CVE-2015-2001 (The MetaIO SDK before 6.0.2.1 for Android might allow attackers to ...)
- TODO: check
+ NOT-FOR-US: MetaIO SDK
CVE-2015-2000 (The Jumio SDK before 1.5.0 for Android might allow attackers to ...)
- TODO: check
+ NOT-FOR-US: Jumio SDK
CVE-2015-1999 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 ...)
NOT-FOR-US: IBM QRadar
CVE-2015-1998
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80e516f8cf413749522ab9ce6b9853f0538ae286
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80e516f8cf413749522ab9ce6b9853f0538ae286
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180402/0df7d2d7/attachment.html>
More information about the debian-security-tracker-commits
mailing list