[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Aug 17 22:20:03 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc0f0c15 by Salvatore Bonaccorso at 2018-08-17T21:19:39Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -231,27 +231,27 @@ CVE-2018-15362
 CVE-2018-15361
 	RESERVED
 CVE-2018-15360 (An attacker without authentication can login with default credentials ...)
-	TODO: check
+	NOT-FOR-US: Eltex ESP-200 firmware
 CVE-2018-15359 (An authenticated attacker with low privileges can use insecure sudo ...)
-	TODO: check
+	NOT-FOR-US: Eltex ESP-200 firmware
 CVE-2018-15358 (An authenticated attacker with low privileges can activate high ...)
-	TODO: check
+	NOT-FOR-US: Eltex ESP-200 firmware
 CVE-2018-15357 (An authenticated attacker with low privileges can extract password ...)
-	TODO: check
+	NOT-FOR-US: Eltex ESP-200 firmware
 CVE-2018-15356 (An authenticated attacker can execute arbitrary code using command ...)
-	TODO: check
+	NOT-FOR-US: Eltex ESP-200 firmware
 CVE-2018-15355 (Usage of SSLv2 and SSLv3 leads to transmitted data decryption in ...)
-	TODO: check
+	NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15354 (A Buffer Overflow exploited through web interface by remote attacker ...)
-	TODO: check
+	NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15353 (A Buffer Overflow exploited through web interface by remote attacker ...)
-	TODO: check
+	NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15352 (An attacker with low privileges can cause denial of service in ...)
-	TODO: check
+	NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15351 (Denial of service via crafting malicious link and sending it to a ...)
-	TODO: check
+	NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15350 (Router Default Credentials in Kraftway 24F2XG Router firmware version ...)
-	TODO: check
+	NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15473 (OpenSSH through 7.7 is prone to a user enumeration vulnerability due to ...)
 	- openssh 1:7.7p1-4 (bug #906236)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/15/5
@@ -3387,10 +3387,11 @@ CVE-2018-14060 (OS command injection in the AP mode settings feature in /cgi-bin
 	NOT-FOR-US: Xiaomi R3D
 CVE-2018-14059
 	RESERVED
+	NOT-FOR-US: Pimcore
 CVE-2018-14058 (Pimcore before 5.3.0 allows SQL Injection via the REST web service ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2018-14057 (Pimcore before 5.3.0 allows remote attackers to conduct cross-site ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming ...)
 	{DSA-4252-1 DLA-1427-1}
 	- znc 1.7.1-1 (bug #903787)
@@ -26736,9 +26737,9 @@ CVE-2018-5549
 CVE-2018-5548
 	RESERVED
 CVE-2018-5547 (Windows Logon Integration feature of F5 BIG-IP APM client prior to ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5546 (The svpn and policyserver components of the F5 BIG-IP APM client prior ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5545
 	RESERVED
 CVE-2018-5544 (When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain ...)
@@ -89011,7 +89012,7 @@ CVE-2017-1734 (IBM Jazz Team Server affecting the following IBM Rational Product
 CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log files ...)
 	NOT-FOR-US: IBM
 CVE-2017-1732 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2017-1730



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc0f0c1507b6cb0ff0f6c6a3317b02b8425e8dfb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc0f0c1507b6cb0ff0f6c6a3317b02b8425e8dfb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180817/d0057ec4/attachment.html>

More information about the debian-security-tracker-commits mailing list