[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Dec 5 20:18:10 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c948be18 by Salvatore Bonaccorso at 2018-12-05T20:16:35Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2018-19866
 CVE-2018-19865 (A keystroke logging issue was discovered in Virtual Keyboard in Qt ...)
 	TODO: check
 CVE-2018-19864 (NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows ...)
-	TODO: check
+	NOT-FOR-US: NUUO NVRmini2 Network Video Recorder firmware
 CVE-2018-19863
 	RESERVED
 CVE-2018-19862
@@ -214,7 +214,7 @@ CVE-2018-19787 (An issue was discovered in lxml before 4.2.5. lxml/html/clean.py
 	- lxml 4.2.5-1
 	NOTE: Fixed by: https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 (lxml-4.2.5)
 CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the server log in ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2018-19785 (PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL ...)
 	NOT-FOR-US: PHP-Proxy
 CVE-2018-19784 (The str_rot_pass function in ...)
@@ -51363,7 +51363,7 @@ CVE-2018-1943
 CVE-2018-1942
 	RESERVED
 CVE-2018-1941 (IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1940
 	RESERVED
 CVE-2018-1939
@@ -51781,15 +51781,15 @@ CVE-2018-1734
 CVE-2018-1733
 	RESERVED
 CVE-2018-1732 (IBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1731
 	RESERVED
 CVE-2018-1730 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1729
 	RESERVED
 CVE-2018-1728 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1727
 	RESERVED
 CVE-2018-1726
@@ -51851,7 +51851,7 @@ CVE-2018-1699 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQ
 CVE-2018-1698 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an ...)
 	NOT-FOR-US: IBM
 CVE-2018-1697 (IBM Maximo Asset Management 7.6 could allow an authenticated user to ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1696
 	RESERVED
 CVE-2018-1695 (IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations ...)
@@ -51945,11 +51945,11 @@ CVE-2018-1652
 CVE-2018-1651
 	RESERVED
 CVE-2018-1650 (IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1649 (IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote ...)
 	NOT-FOR-US: IBM
 CVE-2018-1648 (IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1647 (IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict ...)
 	NOT-FOR-US: IBM
 CVE-2018-1646
@@ -52109,7 +52109,7 @@ CVE-2018-1570
 CVE-2018-1569
 	RESERVED
 CVE-2018-1568 (IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1567 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow ...)
 	NOT-FOR-US: IBM
 CVE-2018-1566 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
@@ -104266,7 +104266,7 @@ CVE-2017-1624 (IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-cri
 CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM QRadar
 CVE-2017-1622 (IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1621 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...)
 	NOT-FOR-US: IBM
 CVE-2017-1620



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c948be189d53e89cf181fcb241abfdfbc42d65ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c948be189d53e89cf181fcb241abfdfbc42d65ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181205/cad72411/attachment.html>

More information about the debian-security-tracker-commits mailing list