[Git][security-tracker-team/security-tracker][master] Process NFUs

Tue Apr 24 09:48:00 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23bef396 by Salvatore Bonaccorso at 2018-04-24T10:47:43+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-10329 (app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on ...)
 	TODO: check
 CVE-2018-10328 (Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming ...)
-	TODO: check
+	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
 CVE-2018-10327
 	RESERVED
 CVE-2018-10326
@@ -15,13 +15,13 @@ CVE-2018-10323 (The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap
 CVE-2018-10322 (The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the ...)
 	TODO: check
 CVE-2018-10321 (Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via ...)
-	TODO: check
+	NOT-FOR-US: Frog CMS
 CVE-2018-10320 (Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] ...)
-	TODO: check
+	NOT-FOR-US: Frog CMS
 CVE-2018-10319 (Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] ...)
-	TODO: check
+	NOT-FOR-US: Frog CMS
 CVE-2018-10318 (Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] ...)
-	TODO: check
+	NOT-FOR-US: Frog CMS
 CVE-2018-10317
 	RESERVED
 CVE-2018-10316 (Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the ...)
@@ -31,15 +31,15 @@ CVE-2018-10315
 CVE-2018-10314
 	RESERVED
 CVE-2018-10313 (WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter ...)
-	TODO: check
+	NOT-FOR-US: WUZHI CMS
 CVE-2018-10312 (index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change ...)
-	TODO: check
+	NOT-FOR-US: WUZHI CMS
 CVE-2018-10311 (A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent ...)
-	TODO: check
+	NOT-FOR-US: WUZHI CMS
 CVE-2018-10310
 	RESERVED
 CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress ...)
-	TODO: check
+	NOT-FOR-US: Responsive Cookie Consent plugin for WordPress
 CVE-2018-10308
 	RESERVED
 CVE-2018-10307
@@ -51,9 +51,9 @@ CVE-2018-10305 (The MessageSearch2 function in PersonalMessage.php in Simple Mac
 CVE-2018-10304
 	RESERVED
 CVE-2018-10303 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-10302 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-XXXX [Authorization bypass]
 	- phpliteadmin <unfixed> (bug #896682)
 	NOTE: https://github.com/phpLiteAdmin/pla/issues/11
@@ -10094,7 +10094,7 @@ CVE-2018-6493
 CVE-2018-6492
 	RESERVED
 CVE-2018-6491 (Local Escalation of Priviledge vulnerability to Micro Focus Universal ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus Universal CMDB
 CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...)
 	NOT-FOR-US: Micro Focus Operations Orchestration Software
 CVE-2018-6489 (XML External Entity (XXE) vulnerability in Micro Focus Project and ...)
@@ -39870,7 +39870,7 @@ CVE-2017-13075
 CVE-2017-13074
 	RESERVED
 CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo ...)
-	TODO: check
+	NOT-FOR-US: NAP NAS application Photo Station
 CVE-2017-13072
 	RESERVED
 CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern ...)
@@ -74544,7 +74544,7 @@ CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form Login
 CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed ...)
 	NOT-FOR-US: IBM Publishing Engine
 CVE-2017-1786 (IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote ...)
 	NOT-FOR-US: IBM API Connect
 CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary files ...)
@@ -74588,7 +74588,7 @@ CVE-2017-1766 (Due to incorrect authorization in IBM Business Process Manager 8.
 CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated user ...)
 	NOT-FOR-US: IBM
 CVE-2017-1764 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1763
 	RESERVED
 CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
@@ -74714,7 +74714,7 @@ CVE-2017-1703
 CVE-2017-1702
 	RESERVED
 CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1700
 	RESERVED
 CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure ...)
@@ -75145,7 +75145,7 @@ CVE-2017-1488
 CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated attacker to ...)
 	NOT-FOR-US: IBM
 CVE-2017-1486 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2017-1484 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...)
@@ -75171,7 +75171,7 @@ CVE-2017-1475
 CVE-2017-1474
 	RESERVED
 CVE-2017-1473 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1472
 	RESERVED
 CVE-2017-1471



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23bef39605745ba81b560f159f8b18b74c173319

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23bef39605745ba81b560f159f8b18b74c173319
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180424/cb69ea4b/attachment-0001.html>
