[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Aug 14 10:39:01 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05f20c31 by Moritz Muehlenhoff at 2018-08-14T09:38:41Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -382,11 +382,11 @@ CVE-2018-15127
 CVE-2018-15126
 	RESERVED
 CVE-2018-15125 (Sensitive Information Disclosure in Zipato Zipabox Smart Home ...)
-	TODO: check
+	NOT-FOR-US: Zipato
 CVE-2018-15124 (Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD ...)
-	TODO: check
+	NOT-FOR-US: Zipato
 CVE-2018-15123 (Insecure configuration storage in Zipato Zipabox Smart Home Controller ...)
-	TODO: check
+	NOT-FOR-US: Zipato
 CVE-2018-15122
 	RESERVED
 CVE-2018-15121
@@ -897,7 +897,7 @@ CVE-2018-XXXX [Default KeyInfo resolver doesn't check for empty element content.
 	NOTE: https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491
 	NOTE: https://shibboleth.net/community/advisories/secadv_20180803.txt
 CVE-2018-14878 (JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 ...)
-	TODO: check
+	NOT-FOR-US: JetBrains dotPeek
 CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site ...)
 	NOT-FOR-US: WeaselCMS
 CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp in ...)
@@ -1100,7 +1100,7 @@ CVE-2018-14783 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with
 CVE-2018-14782 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
 	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
 CVE-2018-14781 (Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm ...)
-	TODO: check
+	NOT-FOR-US: Medtronic
 CVE-2018-14780
 	RESERVED
 CVE-2018-14779
@@ -4484,7 +4484,7 @@ CVE-2018-13417 (In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for ..
 CVE-2018-13416 (In Universal Media Server (UMS) 7.1.0, the XML parsing engine for ...)
 	NOT-FOR-US: Universal Media Server
 CVE-2018-13415 (In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server
 CVE-2018-13414
 	RESERVED
 CVE-2018-13413
@@ -11816,11 +11816,11 @@ CVE-2018-10638
 CVE-2018-10637
 	RESERVED
 CVE-2018-10636 (CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 ...)
-	TODO: check
+	NOT-FOR-US: CNCSoft
 CVE-2018-10635 (In Universal Robots Robot Controllers Version CB 3.1, SW Version ...)
 	NOT-FOR-US: Universal Robots
 CVE-2018-10634 (Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm ...)
-	TODO: check
+	NOT-FOR-US: Medtronic
 CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version ...)
 	NOT-FOR-US: Universal Robots
 CVE-2018-10632 (In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and ...)
@@ -11892,7 +11892,7 @@ CVE-2018-10600 (SEL AcSELerator Architect version 2.2.24.0 and prior allows ...)
 CVE-2018-10599 (IntelliVue Patient Monitors MP Series (including ...)
 	NOT-FOR-US: Philips
 CVE-2018-10598 (CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 ...)
-	TODO: check
+	NOT-FOR-US: CNCSoft
 CVE-2018-10597 (IntelliVue Patient Monitors MP Series (including ...)
 	NOT-FOR-US: Philips
 CVE-2018-10596 (Medtronic 2090 CareLink Programmer all versions The affected product ...)
@@ -21591,7 +21591,7 @@ CVE-2018-6972 (VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ...)
 CVE-2018-6971 (VMware Horizon View Agents (7.x.x before 7.5.1) contain a local ...)
 	NOT-FOR-US: VMware
 CVE-2018-6970 (VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2018-6969 (VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds ...)
 	NOT-FOR-US: VMware
 CVE-2018-6968 (The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent ...)
@@ -30944,7 +30944,7 @@ CVE-2018-3783
 CVE-2018-3782
 	REJECTED
 CVE-2018-3781 (A missing sanitization of search results for an autocomplete field in ...)
-	TODO: check
+	NOT-FOR-US: NextCloud Talk
 CVE-2018-3780 (A missing sanitization of search results for an autocomplete field in ...)
 	- nextcloud <itp> (bug #835086)
 CVE-2018-3779 (active-support ruby gem 5.2.0 could allow a remote attacker to execute ...)
@@ -40594,7 +40594,7 @@ CVE-2018-0716
 CVE-2018-0715
 	RESERVED
 CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and ...)
-	TODO: check
+	NOT-FOR-US: Helpdesk
 CVE-2018-0713
 	RESERVED
 CVE-2018-0712 (Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05f20c3186bd771cec5bb414c55fc5e2f22706b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05f20c3186bd771cec5bb414c55fc5e2f22706b3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180814/e46057d7/attachment.html>

More information about the debian-security-tracker-commits mailing list