[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFU

Salvatore Bonaccorso carnil at debian.org
Wed Dec 12 08:19:26 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f1babea by Salvatore Bonaccorso at 2018-12-12T08:12:20Z
Process NFU

- - - - -
e19e146d by Salvatore Bonaccorso at 2018-12-12T08:19:01Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -143,7 +143,7 @@ CVE-2018-20031
 CVE-2018-20030
 	RESERVED
 CVE-2018-20029 (The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before ...)
-	TODO: check
+	NOT-FOR-US: nxfs.sys driver in the DokanFS library in NoMachine on Windows
 CVE-2019-2394
 	RESERVED
 CVE-2019-2393
@@ -30371,7 +30371,7 @@ CVE-2018-10145
 CVE-2018-10144
 	RESERVED
 CVE-2018-10143 (The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks Expedition Migration tool
 CVE-2018-10142 (The Expedition Migration tool 1.0.106 and earlier may allow an ...)
 	NOT-FOR-US: Expedition Migration
 CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before ...)
@@ -34227,13 +34227,13 @@ CVE-2018-8654
 CVE-2018-8653
 	RESERVED
 CVE-2018-8652 (A Cross-site Scripting (XSS) vulnerability exists when Windows Azure ...)
-	TODO: check
+	NOT-FOR-US: Windows Azure Pack Rollup
 CVE-2018-8651 (A cross site scripting vulnerability exists when Microsoft Dynamics ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Dynamics NAV
 CVE-2018-8650
 	RESERVED
 CVE-2018-8649 (A denial of service vulnerability exists when Windows improperly ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8648
 	RESERVED
 CVE-2018-8647
@@ -34245,59 +34245,59 @@ CVE-2018-8645
 CVE-2018-8644
 	RESERVED
 CVE-2018-8643 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8642
 	RESERVED
 CVE-2018-8641 (An elevation of privilege vulnerability exists in Windows when the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8640
 	RESERVED
 CVE-2018-8639 (An elevation of privilege vulnerability exists in Windows when the ...)
-	TODO: check
+	NOT-FOR-US:  Microsoft Windows
 CVE-2018-8638 (An information disclosure vulnerability exists when DirectX improperly ...)
-	TODO: check
+	NOT-FOR-US:  Microsoft Windows
 CVE-2018-8637 (An information disclosure vulnerability exists in Windows kernel that ...)
-	TODO: check
+	NOT-FOR-US:  Microsoft Windows
 CVE-2018-8636 (A remote code execution vulnerability exists in Microsoft Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8635 (An elevation of privilege vulnerability exists when Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8634 (A remote code execution vulnerability exists in Windows where ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8633
 	RESERVED
 CVE-2018-8632
 	RESERVED
 CVE-2018-8631 (A remote code execution vulnerability exists when Internet Explorer ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8630
 	RESERVED
 CVE-2018-8629 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8628 (A remote code execution vulnerability exists in Microsoft PowerPoint ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8627 (An information disclosure vulnerability exists when Microsoft Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8626 (A remote code execution vulnerability exists in Windows Domain Name ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8625 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8624 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8623
 	RESERVED
 CVE-2018-8622 (An information disclosure vulnerability exists when the Windows kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8621 (An information disclosure vulnerability exists when the Windows kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8620
 	RESERVED
 CVE-2018-8619 (A remote code execution vulnerability exists when the Internet ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8618 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8617 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8616
 	RESERVED
 CVE-2018-8615
@@ -34307,9 +34307,9 @@ CVE-2018-8614
 CVE-2018-8613
 	RESERVED
 CVE-2018-8612 (A Denial Of Service vulnerability exists when Connected User ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8611 (An elevation of privilege vulnerability exists when the Windows kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8610
 	RESERVED
 CVE-2018-8609 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
@@ -34323,7 +34323,7 @@ CVE-2018-8606 (A cross site scripting vulnerability exists when Microsoft Dynami
 CVE-2018-8605 (A cross site scripting vulnerability exists when Microsoft Dynamics ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8604 (A tampering vulnerability exists when Microsoft Exchange Server fails ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8603
 	RESERVED
 CVE-2018-8602 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
@@ -34333,15 +34333,15 @@ CVE-2018-8601
 CVE-2018-8600 (A Cross-site Scripting (XSS) vulnerability exists when Azure App ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8599 (An elevation of privilege vulnerability exists when the Diagnostics ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8598 (An information disclosure vulnerability exists when Microsoft Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8597 (A remote code execution vulnerability exists in Microsoft Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8596 (An information disclosure vulnerability exists when the Windows GDI ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8595 (An information disclosure vulnerability exists when the Windows GDI ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8594
 	RESERVED
 CVE-2018-8593
@@ -34357,7 +34357,7 @@ CVE-2018-8589 (An elevation of privilege vulnerability exists when Windows impro
 CVE-2018-8588 (A remote code execution vulnerability exists in the way that the ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8587 (A remote code execution vulnerability exists in Microsoft Outlook ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8586
 	RESERVED
 CVE-2018-8585
@@ -34365,13 +34365,13 @@ CVE-2018-8585
 CVE-2018-8584 (An elevation of privilege vulnerability exists when Windows improperly ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8583 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8582 (A remote code execution vulnerability exists in the way that Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8581 (An elevation of privilege vulnerability exists in Microsoft Exchange ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8580 (An information disclosure vulnerability exists where certain modes of ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8579 (An information disclosure vulnerability exists when attaching files to ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8578 (An information disclosure vulnerability exists when Microsoft ...)
@@ -34503,7 +34503,7 @@ CVE-2018-8516
 CVE-2018-8515
 	RESERVED
 CVE-2018-8514 (An information disclosure vulnerability exists when Remote Procedure ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8513 (A remote code execution vulnerability exists in the way that the ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8512 (A security feature bypass vulnerability exists in Microsoft Edge when ...)
@@ -34577,7 +34577,7 @@ CVE-2018-8479 (A spoofing vulnerability exists for the Azure IoT Device Provisio
 CVE-2018-8478
 	RESERVED
 CVE-2018-8477 (An information disclosure vulnerability exists when the Windows kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2018-8476 (A remote code execution vulnerability exists in the way that Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8475 (A remote code execution vulnerability exists when Windows does not ...)
@@ -39718,7 +39718,7 @@ CVE-2018-6705
 CVE-2018-6704
 	RESERVED
 CVE-2018-6703 (Use After Free in McAfee Common service in McAfee Agent (MA) 5.0.0 ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2018-6702
 	RESERVED
 CVE-2018-6701
@@ -52489,33 +52489,33 @@ CVE-2018-2507
 CVE-2018-2506
 	RESERVED
 CVE-2018-2505 (SAP Commerce does not sufficiently validate user-controlled inputs, ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-2504 (SAP NetWeaver AS Java Web Container service does not validate against ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-2503 (By default, the SAP NetWeaver AS Java keystore service does not ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-2502 (TRACE method is enabled in SAP Business One Service Layer . Attacker ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-2501
 	RESERVED
 CVE-2018-2500 (Under certain conditions SAP Mobile Secure Android client (before ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-2499
 	RESERVED
 CVE-2018-2498
 	RESERVED
 CVE-2018-2497 (The security audit log of SAP HANA, versions 1.0 and 2.0, does not log ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-2496
 	RESERVED
 CVE-2018-2495
 	RESERVED
 CVE-2018-2494 (Necessary authorization checks for an authenticated user, resulting in ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-2493
 	RESERVED
 CVE-2018-2492 (SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-2491 (When opening a deep link URL in SAP Fiori Client with log level set to ...)
 	NOT-FOR-US: SAP
 CVE-2018-2490 (The broadcast messages received by SAP Fiori Client are not protected ...)
@@ -52527,7 +52527,7 @@ CVE-2018-2488 (It is possible for a malware application installed on an Android
 CVE-2018-2487 (SAP Disclosure Management 10.x allows an attacker to exploit through a ...)
 	NOT-FOR-US: SAP
 CVE-2018-2486 (SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-2485 (It is possible for a malicious application or malware to execute ...)
 	NOT-FOR-US: SAP
 CVE-2018-2484



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4bad0e517b7b119236bd2a7da22fa48013945e86...e19e146d72e864fd0b1d56f7a5d8a28d9a89e182

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4bad0e517b7b119236bd2a7da22fa48013945e86...e19e146d72e864fd0b1d56f7a5d8a28d9a89e182
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181212/4a4c7e08/attachment.html>


More information about the debian-security-tracker-commits mailing list