[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Apr 7 08:07:40 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8bb9a5a7 by Salvatore Bonaccorso at 2018-04-07T09:07:03+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5681,7 +5681,7 @@ CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web API
 CVE-2018-7507
 	RESERVED
 CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 and ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-7505
 	RESERVED
 CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft PI ...)
@@ -8853,9 +8853,9 @@ CVE-2017-18100
 CVE-2017-18099
 	RESERVED
 CVE-2017-18098 (The searchrequest-xml resource in Atlassian Jira before version 7.6.1 ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2017-18097 (The Trello board importer resource in Atlassian Jira before version ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2017-18096 (The OAuth status rest resource in Atlassian Application Links before ...)
 	NOT-FOR-US: Atlassian Application Links
 CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before version ...)
@@ -70283,11 +70283,11 @@ CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the ...)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269
 	NOTE: Built with GCC in Debian, which doesn't remove the check
 CVE-2017-2869 (An exploitable code execution vulnerability exists in the OpenProducer ...)
-	TODO: check
+	NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2868 (An exploitable code execution vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2867 (An exploitable code execution vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup ...)
 	NOT-FOR-US: Circle with Disney
 CVE-2017-2865 (An exploitable vulnerability exists in the firmware update ...)
@@ -70304,7 +70304,7 @@ CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the ...)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784866
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
 CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the use of a ...)
-	TODO: check
+	NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2860
 	RESERVED
 CVE-2017-2859
@@ -70320,7 +70320,7 @@ CVE-2017-2855
 CVE-2017-2854
 	RESERVED
 CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2852
 	RESERVED
 CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
@@ -80748,7 +80748,7 @@ CVE-2016-8382
 CVE-2016-8381
 	RESERVED
 CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to read and ...)
-	TODO: check
+	NOT-FOR-US: web server in Phoenix Contact ILC PLCs
 CVE-2016-8379 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 ...)
 	NOT-FOR-US: Moxa
 CVE-2016-8378 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 ...)
@@ -80766,7 +80766,7 @@ CVE-2016-8373
 CVE-2016-8372 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 ...)
 	NOT-FOR-US: Moxa
 CVE-2016-8371 (The web server in Phoenix Contact ILC PLCs can be accessed without ...)
-	TODO: check
+	NOT-FOR-US: web server in Phoenix Contact ILC PLCs
 CVE-2016-8370 (An issue was discovered in Mitsubishi Electric Automation MELSEC-Q ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2016-8369 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 ...)
@@ -80776,7 +80776,7 @@ CVE-2016-8368 (An issue was discovered in Mitsubishi Electric Automation MELSEC-
 CVE-2016-8367 (An issue was discovered in Schneider Electric Magelis HMI Magelis GTO ...)
 	NOT-FOR-US: Schneider
 CVE-2016-8366 (Webvisit in Phoenix Contact ILC PLCs offers a password macro to ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact ILC PLCs
 CVE-2016-8365 (OSIsoft PI System software (Applications using PI Asset Framework (AF) ...)
 	NOT-FOR-US: OSIsoft PI
 CVE-2016-8364 (An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object ...)
@@ -145146,7 +145146,7 @@ CVE-2014-5074 (Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allo
 CVE-2014-5073 (vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 ...)
 	NOT-FOR-US: VMTurbo Operations Manager
 CVE-2014-5072 (Cross-site request forgery (CSRF) vulnerability in WP Security Audit ...)
-	TODO: check
+	NOT-FOR-US: WP Security Audit Log plugin for WordPress
 CVE-2014-5071 (SQL injection vulnerability in the checkPassword function in ...)
 	NOT-FOR-US: Symmetricom
 CVE-2014-5070 (Symmetricom s350i 2.70.15 allows remote authenticated users to gain ...)
@@ -145233,7 +145233,7 @@ CVE-2014-5036 (The Storage Controller (SC) component in Eucalyptus 3.4.2 through
 CVE-2014-5035 (The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers ...)
 	NOT-FOR-US: Opendaylight
 CVE-2014-5034 (Cross-site request forgery (CSRF) vulnerability in the Brute Force ...)
-	TODO: check
+	NOT-FOR-US: Brute Force Login Protection module for WordPress
 CVE-2014-5023 (Repository.php in Gitter, as used in Gitlist, allows remote attackers ...)
 	- gitlist <itp> (bug #750368)
 CVE-2014-5018 (Incomplete blacklist vulnerability in the autoEscape function in ...)
@@ -149654,7 +149654,7 @@ CVE-2014-3415 (SQL injection vulnerability in Sharetronix before 3.4 allows remo
 CVE-2014-3414 (Cross-site request forgery (CSRF) vulnerability in Sharetronix before ...)
 	NOT-FOR-US: Sharetronix
 CVE-2014-3413 (The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2014-3412 (Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when ...)
 	NOT-FOR-US: Juniper Junos Space
 CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in Juniper NSM before ...)
@@ -152509,7 +152509,7 @@ CVE-2014-2361 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Module
 CVE-2014-2360 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules ...)
 	NOT-FOR-US: OleumTech Wireless Gateway
 CVE-2014-2359 (OleumTech Wireless Sensor Network devices allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: OleumTech Wireless Sensor Network devices
 CVE-2014-2358 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	NOT-FOR-US: Fox-IT Fox DataDiode
 CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bb9a5a7e880602a4e8e02c6067535d43d02a2cb

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bb9a5a7e880602a4e8e02c6067535d43d02a2cb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180407/e3f683bb/attachment.html>

More information about the debian-security-tracker-commits mailing list