[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Dec 8 08:55:26 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cedcf9c9 by Salvatore Bonaccorso at 2018-12-08T08:55:11Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6237,7 +6237,7 @@ CVE-2018-19003
 CVE-2018-19002
 	RESERVED
 CVE-2018-19001 (Philips HealthSuite Health Android App, all versions. The software ...)
-	TODO: check
+	NOT-FOR-US: Philips HealthSuite Health Android App
 CVE-2018-19000
 	RESERVED
 CVE-2018-18999
@@ -9074,7 +9074,7 @@ CVE-2018-17926
 CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX Control ...)
 	NOT-FOR-US: Gigasoft
 CVE-2018-17924 (Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix ...)
-	TODO: check
+	NOT-FOR-US: Rockwell
 CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
 	NOT-FOR-US: SAGA1-L8B
 CVE-2018-17922 (Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials ...)
@@ -15440,7 +15440,7 @@ CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information .
 CVE-2018-15363 (An Out-of-Bounds Read Privilege Escalation vulnerability in Trend ...)
 	NOT-FOR-US: Trend Micro
 CVE-2018-15362 (XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 ...)
-	TODO: check
+	NOT-FOR-US: GE Proficy Cimplicity GDS
 CVE-2018-15361
 	RESERVED
 CVE-2018-15360 (An attacker without authentication can login with default credentials ...)
@@ -36541,7 +36541,7 @@ CVE-2018-7366
 CVE-2018-7365
 	RESERVED
 CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product Orange ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
 	NOT-FOR-US: ZTE
 CVE-2018-7362 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
@@ -37554,9 +37554,9 @@ CVE-2018-7082
 CVE-2018-7081
 	RESERVED
 CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios that are ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2018-7079 (Aruba ClearPass Policy Manager guest authorization failure. Certain ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2018-7078 (A remote code execution was identified in HPE Integrated Lights-Out 4 ...)
 	NOT-FOR-US: HPE
 CVE-2018-7077 (A security vulnerability in HPE XP P9000 Command View Advanced Edition ...)
@@ -37580,15 +37580,15 @@ CVE-2018-7069 (HPE has identified a remote unauthenticated access to files ...)
 CVE-2018-7068 (HPE has identified a remote HOST header attack vulnerability in HPE ...)
 	NOT-FOR-US: HPE
 CVE-2018-7067 (A Remote Authentication bypass in Aruba ClearPass Policy Manager leads ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2018-7066 (An unauthenticated remote command execution exists in Aruba ClearPass ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2018-7065 (An authenticated SQL injection vulnerability in Aruba ClearPass Policy ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2018-7064
 	RESERVED
 CVE-2018-7063 (In Aruba ClearPass, disabled API admins can still perform read/write ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2018-7062
 	RESERVED
 CVE-2018-7061
@@ -52553,7 +52553,7 @@ CVE-2018-1922
 CVE-2018-1921
 	RESERVED
 CVE-2018-1920 (IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1919
 	RESERVED
 CVE-2018-1918
@@ -52601,7 +52601,7 @@ CVE-2018-1898
 CVE-2018-1897 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 ...)
 	NOT-FOR-US: IBM
 CVE-2018-1896 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1895
 	RESERVED
 CVE-2018-1894
@@ -52627,7 +52627,7 @@ CVE-2018-1885
 CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and ...)
 	NOT-FOR-US: IBM Case Manager
 CVE-2018-1883 (A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1882
 	RESERVED
 CVE-2018-1881
@@ -53067,7 +53067,7 @@ CVE-2018-1665
 CVE-2018-1664 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...)
 	NOT-FOR-US: IBM
 CVE-2018-1663 (IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1662
 	RESERVED
 CVE-2018-1661
@@ -53545,7 +53545,7 @@ CVE-2018-1426 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, a
 CVE-2018-1425 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker ...)
 	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1424 (IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1423 (IBM Jazz Foundation products could disclose sensitive information to ...)
 	NOT-FOR-US: IBM
 CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cedcf9c959f97a52845652784a4b2ba145acd920

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cedcf9c959f97a52845652784a4b2ba145acd920
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181208/a3b0201f/attachment.html>

More information about the debian-security-tracker-commits mailing list