[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Aug 13 21:17:26 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a65ea674 by Salvatore Bonaccorso at 2018-08-13T20:16:43Z
Process NFUs

- - - - -
2605a56d by Salvatore Bonaccorso at 2018-08-13T20:16:59Z
Add CVE-2018-3780/nextcloud, itp'ed, #835086

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -331,19 +331,19 @@ CVE-2018-15147
 CVE-2018-15146
 	RESERVED
 CVE-2018-15145 (Multiple SQL injection vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2018-15144 (SQL injection vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2018-15143 (Multiple SQL injection vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2018-15142 (Directory traversal in portal/import_template.php in versions of ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2018-15141 (Directory traversal in portal/import_template.php in versions of ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2018-15140 (Directory traversal in portal/import_template.php in versions of ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2018-15139 (Unrestricted file upload in interface/super/manage_site_files.php in ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2018-15138
 	RESERVED
 CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload any file ...)
@@ -4537,7 +4537,7 @@ CVE-2018-13394
 CVE-2018-13393
 	RESERVED
 CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before version ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-13391
 	RESERVED
 CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via network from ...)
@@ -6542,7 +6542,7 @@ CVE-2018-12589 (Polaris Office 2017 8.1 allows attackers to execute arbitrary co
 CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Public Knowledge Project (PKP) Open Monograph Press (OMP)
 CVE-2018-12587 (A cross-site scripting (XSS) vulnerability was found in valeuraddons ...)
-	TODO: check
+	NOT-FOR-US: valeuraddons German Spelling Dictionary
 CVE-2018-12586
 	RESERVED
 CVE-2018-12585
@@ -11950,7 +11950,7 @@ CVE-2018-10571 (Multiple reflected cross-site scripting (XSS) vulnerabilities in
 CVE-2018-10570 (Frog CMS 0.9.5 has XSS in /install/index.php via the ...)
 	NOT-FOR-US: Frog CMS
 CVE-2018-10569 (An issue was discovered in Edimax EW-7438RPn Mini v2 before version ...)
-	TODO: check
+	NOT-FOR-US: Edimax EW-7438RPn Mini v2
 CVE-2018-10568 (XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. ...)
 	NOT-FOR-US: Flexense DiskSorter Enterprise
 CVE-2018-10567 (XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. ...)
@@ -23383,7 +23383,7 @@ CVE-2018-6416
 CVE-2018-6415
 	RESERVED
 CVE-2018-6414 (A buffer overflow vulnerability in the web server of some Hikvision IP ...)
-	TODO: check
+	NOT-FOR-US: Hikvision IP Cameras
 CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of ...)
 	NOT-FOR-US: Hikvision Camera DS-2CD9111-S
 CVE-2018-6412 (In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c ...)
@@ -25256,9 +25256,9 @@ CVE-2018-5927
 CVE-2018-5926
 	RESERVED
 CVE-2018-5925 (A security vulnerability has been identified with certain HP Inkjet ...)
-	TODO: check
+	NOT-FOR-US: HP Inkjet printers
 CVE-2018-5924 (A security vulnerability has been identified with certain HP Inkjet ...)
-	TODO: check
+	NOT-FOR-US: HP Inkjet printers
 CVE-2018-5923
 	RESERVED
 CVE-2018-5922
@@ -30938,7 +30938,7 @@ CVE-2018-3782
 CVE-2018-3781 (A missing sanitization of search results for an autocomplete field in ...)
 	TODO: check
 CVE-2018-3780 (A missing sanitization of search results for an autocomplete field in ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2018-3779 (active-support ruby gem 5.2.0 could allow a remote attacker to execute ...)
 	NOT-FOR-US: Trojaned gem release
 CVE-2018-3778 (Improper authorization in aedes version <0.35.0 will publish a LWT in ...)
@@ -88545,7 +88545,7 @@ CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is
 CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...)
 	NOT-FOR-US: IBM Jazz Reporting Service
 CVE-2017-1749 (IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM UrbanCode Deploy
 CVE-2017-1748 (IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to ...)
 	NOT-FOR-US: IBM
 CVE-2017-1747 (A specially crafted message could cause a denial of service in IBM ...)
@@ -89471,7 +89471,7 @@ CVE-2017-1288
 CVE-2017-1287 (IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct ...)
 	NOT-FOR-US: IBM
 CVE-2017-1286 (Sensitive information about the configuration of the IBM UrbanCode ...)
-	TODO: check
+	NOT-FOR-US: IBM UrbanCode Deploy
 CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user ...)
 	NOT-FOR-US: IBM
 CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...)
@@ -113833,7 +113833,7 @@ CVE-2016-2924 (IBM Infosphere BigInsights is vulnerable to cross-site scripting,
 CVE-2016-2923 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty ...)
 	NOT-FOR-US: IBM
 CVE-2016-2922 (IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2016-2921
 	RESERVED
 CVE-2016-2920



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f8300fe274f20f7152ca7a1f8461b70d7872e0bc...2605a56df87b22424b77038d8939908eb90894c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f8300fe274f20f7152ca7a1f8461b70d7872e0bc...2605a56df87b22424b77038d8939908eb90894c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180813/09a61e59/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list