[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Aug 23 21:19:34 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aec3b5a3 by Salvatore Bonaccorso at 2018-08-23T20:19:08Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2018-15806
 CVE-2018-15805
 	RESERVED
 CVE-2018-15804 (An issue was discovered in the MapR File System in MapR Converged Data ...)
-	TODO: check
+	NOT-FOR-US: MapR File System
 CVE-2018-15803
 	RESERVED
 CVE-2018-15802
@@ -115,7 +115,7 @@ CVE-2018-15750
 CVE-2018-15749
 	RESERVED
 CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, ...)
-	TODO: check
+	NOT-FOR-US: Dell 2335dn printers
 CVE-2018-15747
 	RESERVED
 CVE-2018-15746
@@ -2215,15 +2215,15 @@ CVE-2018-14803
 CVE-2018-14802
 	RESERVED
 CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all ...)
-	TODO: check
+	NOT-FOR-US: Philips PageWriter
 CVE-2018-14800
 	RESERVED
 CVE-2018-14799 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all ...)
-	TODO: check
+	NOT-FOR-US: Philips PageWriter
 CVE-2018-14798
 	RESERVED
 CVE-2018-14797 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a ...)
-	TODO: check
+	NOT-FOR-US: Emerson DeltaV DCS
 CVE-2018-14796
 	RESERVED
 CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...)
@@ -2235,15 +2235,15 @@ CVE-2018-14793 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulner
 CVE-2018-14792
 	RESERVED
 CVE-2018-14791 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may ...)
-	TODO: check
+	NOT-FOR-US: Emerson DeltaV DCS
 CVE-2018-14790
 	RESERVED
 CVE-2018-14789 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2018-14788
 	RESERVED
 CVE-2018-14787 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2018-14786 (Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps ...)
 	TODO: check
 CVE-2018-14785 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
@@ -23586,7 +23586,7 @@ CVE-2018-6694
 CVE-2018-6693
 	RESERVED
 CVE-2018-6692 (Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin ...)
-	TODO: check
+	NOT-FOR-US: Belkin Wemo Insight Smart Plug
 CVE-2018-6691
 	RESERVED
 CVE-2018-6690
@@ -28424,7 +28424,7 @@ CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTER
 CVE-2018-5245
 	RESERVED
 CVE-2018-5243 (The Symantec Encryption Management Server (SEMS) product, prior to ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible to a ...)
 	NOT-FOR-US: Norton App Lock
 CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, ...)
@@ -28434,13 +28434,13 @@ CVE-2018-5240 (The Inventory Plugin for Symantec Management Agent prior to 7.6 P
 CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass ...)
 	NOT-FOR-US: Norton
 CVE-2018-5238 (Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) ...)
-	TODO: check
+	NOT-FOR-US: Norton
 CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 ...)
 	NOT-FOR-US: Symantec
 CVE-2018-5236 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may ...)
 	NOT-FOR-US: Symantec
 CVE-2018-5235 (Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL ...)
-	TODO: check
+	NOT-FOR-US: Norton
 CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a command ...)
 	NOT-FOR-US: Norton Core router
 CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
@@ -31571,7 +31571,7 @@ CVE-2018-3927
 CVE-2018-3926
 	RESERVED
 CVE-2018-3925 (An exploitable buffer overflow vulnerability exists in the remote ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing ...)
@@ -31583,11 +31583,11 @@ CVE-2018-3921 (A memory corruption vulnerability exists in the PSD-parsing ...)
 CVE-2018-3920
 	RESERVED
 CVE-2018-3919 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3918
 	RESERVED
 CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3916
 	RESERVED
 CVE-2018-3915
@@ -31597,7 +31597,7 @@ CVE-2018-3914
 CVE-2018-3913
 	RESERVED
 CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3911
 	RESERVED
 CVE-2018-3910
@@ -31611,13 +31611,13 @@ CVE-2018-3907
 CVE-2018-3906
 	RESERVED
 CVE-2018-3905 (An exploitable buffer overflow vulnerability exists in the camera ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3904
 	RESERVED
 CVE-2018-3903 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3902 (An exploitable buffer overflow vulnerability exists in the camera ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3901
 	RESERVED
 CVE-2018-3900
@@ -31663,9 +31663,9 @@ CVE-2018-3881 (An exploitable unauthenticated XML external injection vulnerabili
 CVE-2018-3880
 	RESERVED
 CVE-2018-3879 (An exploitable JSON injection vulnerability exists in the credentials ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3878 (Multiple exploitable buffer overflow vulnerabilities exist in the ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3877
 	RESERVED
 CVE-2018-3876
@@ -31687,7 +31687,7 @@ CVE-2018-3869
 CVE-2018-3868 (A specially crafted TIFF image processed via the application can lead ...)
 	NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3867 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3866
 	RESERVED
 CVE-2018-3865
@@ -31695,7 +31695,7 @@ CVE-2018-3865
 CVE-2018-3864
 	RESERVED
 CVE-2018-3863 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
-	TODO: check
+	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3862 (A specially crafted TIFF image processed via the application can lead ...)
 	NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3861 (A specially crafted TIFF image processed via the application can lead ...)
@@ -37988,7 +37988,7 @@ CVE-2018-1601
 CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or ...)
 	NOT-FOR-US: IBM
 CVE-2018-1599 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1598
 	RESERVED
 CVE-2018-1597
@@ -38398,7 +38398,7 @@ CVE-2018-1396 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.
 CVE-2018-1395
 	RESERVED
 CVE-2018-1394 (Multiple IBM Rational products are vulnerable to cross-site scripting. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
 	NOT-FOR-US: IBM
 CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
@@ -39783,13 +39783,13 @@ CVE-2018-1161 (This vulnerability allows remote attackers to execute arbitrary c
 CVE-2018-1160
 	RESERVED
 CVE-2018-1159 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik RouterOS
 CVE-2018-1158 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik RouterOS
 CVE-2018-1157 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik RouterOS
 CVE-2018-1156 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik RouterOS
 CVE-2018-1155 (In SecurityCenter versions prior to 5.7.0, a cross-site scripting ...)
 	NOT-FOR-US: SecurityCenter
 CVE-2018-1154 (In SecurityCenter versions prior to 5.7.0, a username enumeration ...)
@@ -40555,9 +40555,9 @@ CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, .
 CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with Versions ...)
 	NOT-FOR-US: inputhub driver of HUAWEI P9 Lite mobile phones
 CVE-2017-17312 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17311 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17310 (Electronic Numbers to URI Mapping (ENUM) module in some Huawei ...)
 	NOT-FOR-US: Huawei
 CVE-2017-17309 (Huawei HG255s-10 V100R001C163B025SP02 has a path traversal ...)
@@ -40569,7 +40569,7 @@ CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141 have
 CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141, ...)
 	NOT-FOR-US: Huawei
 CVE-2017-17305 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...)
 	NOT-FOR-US: Huawei
 CVE-2017-17303 (Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; ...)
@@ -89841,7 +89841,7 @@ CVE-2017-1755 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.
 CVE-2017-1754
 	RESERVED
 CVE-2017-1753 (Multiple IBM Rational products are vulnerable to HTML injection. A ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1752 (IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated ...)
 	NOT-FOR-US: IBM UrbanCode Deploy
 CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aec3b5a3c547c08a4039244b691b7f8780ca10bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aec3b5a3c547c08a4039244b691b7f8780ca10bf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180823/0b5a88ac/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list