[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Sat Aug 25 17:09:35 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44661c1f by Moritz Muehlenhoff at 2018-08-25T16:09:17Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -285,7 +285,7 @@ CVE-2018-15730
 CVE-2018-15729
 	RESERVED
 CVE-2018-15728 (An issue was discovered in Couchbase Server. Authenticated users can ...)
-	TODO: check
+	NOT-FOR-US: Couchbase
 CVE-2018-15727
 	RESERVED
 CVE-2018-1999047 (A improper authorization vulnerability exists in Jenkins 2.137 and ...)
@@ -722,7 +722,7 @@ CVE-2018-15578
 CVE-2018-15577
 	RESERVED
 CVE-2018-15576 (An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php ...)
-	TODO: check
+	NOT-FOR-US: EasyLogin Pro
 CVE-2018-15575
 	RESERVED
 CVE-2018-15574 (** DISPUTED ** An issue was discovered in the license editor in Reprise ...)
@@ -810,9 +810,9 @@ CVE-2018-15538
 CVE-2018-15537
 	RESERVED
 CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before ...)
-	TODO: check
+	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-15535 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before ...)
-	TODO: check
+	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-15534 (Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of ...)
 	NOT-FOR-US: Geutebrueck
 CVE-2018-15533 (A reflected cross-site scripting vulnerability exists in Geutebrueck ...)
@@ -887,7 +887,7 @@ CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and
 CVE-2018-15500
 	RESERVED
 CVE-2018-15499 (GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow ...)
-	TODO: check
+	NOT-FOR-US: GEAR Software
 CVE-2018-15498
 	RESERVED
 CVE-2018-15497
@@ -2389,7 +2389,7 @@ CVE-2018-14788
 CVE-2018-14787 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version ...)
 	NOT-FOR-US: Philips
 CVE-2018-14786 (Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps ...)
-	TODO: check
+	NOT-FOR-US: medical pumps
 CVE-2018-14785 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
 	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
 CVE-2018-14784 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
@@ -10368,9 +10368,9 @@ CVE-2018-11655 (In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/930
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7414b7322201a9c8a5cacf563f08468c329b4b1
 CVE-2018-11654 (Information disclosure in Netwave IP camera at get_status.cgi (via ...)
-	TODO: check
+	NOT-FOR-US: Netwave IP camera
 CVE-2018-11653 (Information disclosure in Netwave IP camera at //etc/RT2870STA.dat ...)
-	TODO: check
+	NOT-FOR-US: Netwave IP camera
 CVE-2018-11652 (CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote ...)
 	- nikto 1:2.1.5-3 (bug #900608)
 	[stretch] - nikto <no-dsa> (non-free not supported)
@@ -10768,7 +10768,7 @@ CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in DISCOU
 	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
 	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
 CVE-2018-11502 (An issue was discovered in the Moderator Log Notes plugin 1.1 for ...)
-	TODO: check
+	NOT-FOR-US: MyBB plugin
 CVE-2018-11501 (PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via ...)
 	NOT-FOR-US: PHP Scripts Mall Website Seller Script
 CVE-2018-11500 (An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF ...)
@@ -11947,7 +11947,7 @@ CVE-2018-11067
 CVE-2018-11066
 	RESERVED
 CVE-2018-11065 (The WorkPoint component, which is embedded in all RSA Archer, versions ...)
-	TODO: check
+	NOT-FOR-US: RSA
 CVE-2018-11064
 	RESERVED
 CVE-2018-11063 (Dell WMS versions 1.1 and prior are impacted by multiple unquoted ...)
@@ -11955,7 +11955,7 @@ CVE-2018-11063 (Dell WMS versions 1.1 and prior are impacted by multiple unquote
 CVE-2018-11062
 	RESERVED
 CVE-2018-11061 (RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security ...)
-	TODO: check
+	NOT-FOR-US: RSA
 CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass ...)
 	NOT-FOR-US: RSA Archer
 CVE-2018-11059 (RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site ...)
@@ -31955,9 +31955,9 @@ CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in versio
 CVE-2018-3834 (An exploitable permanent denial of service vulnerability exists in ...)
 	NOT-FOR-US: Insteon Hub
 CVE-2018-3833 (An exploitable firmware downgrade vulnerability exists in Insteon Hub ...)
-	TODO: check
+	NOT-FOR-US: Insteon Hub
 CVE-2018-3832 (An exploitable firmware update vulnerability exists in Insteon Hub ...)
-	TODO: check
+	NOT-FOR-US: Insteon Hub
 CVE-2018-3831
 	RESERVED
 CVE-2018-3830
@@ -32324,7 +32324,7 @@ CVE-2018-3788
 CVE-2018-3787
 	RESERVED
 CVE-2018-3786 (A command injection vulnerability in egg-scripts <v2.8.1 allows ...)
-	TODO: check
+	NOT-FOR-US: egg-scripts
 CVE-2018-3785 (A command injection in git-dummy-commit v1.3.0 allows os level ...)
 	NOT-FOR-US: Node.js third-party module git-dummy-commit
 CVE-2018-3784 (A code injection in cryo 0.0.6 allows an attacker to arbitrarily ...)
@@ -37818,7 +37818,7 @@ CVE-2018-1757
 CVE-2018-1756
 	RESERVED
 CVE-2018-1755 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1754
 	RESERVED
 CVE-2018-1753
@@ -37884,7 +37884,7 @@ CVE-2018-1724
 CVE-2018-1723
 	RESERVED
 CVE-2018-1722 (IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1721
 	RESERVED
 CVE-2018-1720
@@ -37930,7 +37930,7 @@ CVE-2018-1701
 CVE-2018-1700
 	RESERVED
 CVE-2018-1699 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1698
 	RESERVED
 CVE-2018-1697
@@ -44690,7 +44690,7 @@ CVE-2017-16750
 CVE-2017-16749 (A Use-after-Free issue was discovered in Delta Electronics Delta ...)
 	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
 CVE-2017-16748 (An attacker can log into the local Niagara platform (Niagara AX ...)
-	TODO: check
+	NOT-FOR-US: Niagara AX
 CVE-2017-16747 (An Out-of-bounds Write issue was discovered in Delta Electronics Delta ...)
 	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
 CVE-2017-16746
@@ -44698,7 +44698,7 @@ CVE-2017-16746
 CVE-2017-16745 (A Type Confusion issue was discovered in Delta Electronics Delta ...)
 	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
 CVE-2017-16744 (A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and ...)
-	TODO: check
+	NOT-FOR-US: Niagara AX
 CVE-2017-16743 (An Improper Authorization issue was discovered in PHOENIX CONTACT FL ...)
 	NOT-FOR-US: PHOENIX CONTACT FL SWITCH
 CVE-2017-16742
@@ -45801,7 +45801,7 @@ CVE-2017-16350
 CVE-2017-16349 (An exploitable XML external entity vulnerability exists in the ...)
 	NOT-FOR-US: SAP
 CVE-2017-16348 (An exploitable denial of service vulnerability exists in Insteon Hub ...)
-	TODO: check
+	NOT-FOR-US: Insteon Hub
 CVE-2017-16347 (An attacker could send an authenticated HTTP request to trigger this ...)
 	NOT-FOR-US: Insteon Hub
 CVE-2017-16346 (An attacker could send an authenticated HTTP request to trigger this ...)
@@ -45823,7 +45823,7 @@ CVE-2017-16339 (An attacker could send an authenticated HTTP request to trigger
 CVE-2017-16338 (An attacker could send an authenticated HTTP request to trigger this ...)
 	NOT-FOR-US: Insteon Hub
 CVE-2017-16337 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...)
-	TODO: check
+	NOT-FOR-US: Insteon Hub
 CVE-2017-16336
 	RESERVED
 CVE-2017-16335
@@ -51715,13 +51715,13 @@ CVE-2017-14457 (An exploitable information leak/denial of service vulnerability
 CVE-2017-14456
 	RESERVED
 CVE-2017-14455 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...)
-	TODO: check
+	NOT-FOR-US: Insteon Hub
 CVE-2017-14454
 	RESERVED
 CVE-2017-14453 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...)
-	TODO: check
+	NOT-FOR-US: Insteon Hub
 CVE-2017-14452 (An exploitable buffer overflow vulnerability exists in the PubNub ...)
-	TODO: check
+	NOT-FOR-US: Insteon Hub
 CVE-2017-14451
 	RESERVED
 CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing ...)
@@ -57488,15 +57488,15 @@ CVE-2017-12579 (An insecure suid wrapper binary in the HashiCorp Vagrant VMware
 CVE-2017-12578
 	RESERVED
 CVE-2017-12577 (An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded ...)
-	TODO: check
+	NOT-FOR-US: PLANEX
 CVE-2017-12576 (An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and ...)
-	TODO: check
+	NOT-FOR-US: PLANEX
 CVE-2017-12575 (An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router ...)
-	TODO: check
+	NOT-FOR-US: NEC
 CVE-2017-12574 (An issue was discovered on PLANEX CS-W50HD devices with firmware ...)
-	TODO: check
+	NOT-FOR-US: PLANEX
 CVE-2017-12573 (An issue was discovered on PLANEX CS-W50HD devices with firmware ...)
-	TODO: check
+	NOT-FOR-US: PLANEX
 CVE-2017-12572 (Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x ...)
 	NOT-FOR-US: Splunk
 CVE-2017-12571
@@ -60326,9 +60326,9 @@ CVE-2017-1002151 (Pagure 3.3.0 and earlier is vulnerable to loss of confidential
 	- pagure <itp> (bug #829046)
 	NOTE: https://pagure.io/pagure/pull-request/2426
 CVE-2017-11564 (The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2017-11563 (D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks ...)
 	NOT-FOR-US: MT4 SenhaSegura
 CVE-2017-11561
@@ -63730,13 +63730,13 @@ CVE-2017-9823
 CVE-2017-9822 (DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a ...)
 	NOT-FOR-US: DotNetNuke
 CVE-2017-9821 (The National Payments Corporation of India BHIM application 1.3 for ...)
-	TODO: check
+	NOT-FOR-US: India BHIM
 CVE-2017-9820 (The National Payments Corporation of India BHIM application 1.3 for ...)
-	TODO: check
+	NOT-FOR-US: India BHIM
 CVE-2017-9819 (The National Payments Corporation of India BHIM application 1.3 for ...)
-	TODO: check
+	NOT-FOR-US: India BHIM
 CVE-2017-9818 (The National Payments Corporation of India BHIM application 1.3 for ...)
-	TODO: check
+	NOT-FOR-US: India BHIM
 CVE-2017-9817
 	RESERVED
 CVE-2017-9816 (Cross-site scripting (XSS) vulnerability in Paessler PRTG Network ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44661c1f93ad69feddff6b270e9273ef5784fa12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44661c1f93ad69feddff6b270e9273ef5784fa12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180825/51bff90a/attachment.html>

More information about the debian-security-tracker-commits mailing list