[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Dec 17 20:19:43 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7915e6eb by Salvatore Bonaccorso at 2018-12-17T20:19:23Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator ...)
-	TODO: check
+	NOT-FOR-US: FUEL CMS
 CVE-2018-20187
 	RESERVED
 CVE-2018-20186 (An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2018-20185 (In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there ...)
 	TODO: check
 CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based ...)
@@ -29,7 +29,7 @@ CVE-2018-20175
 CVE-2018-20174
 	RESERVED
 CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2018-XXXX ["Magellan" remote code execution vulnerability]
 	- sqlite3 <unfixed>
 	- chromium 71.0.3578.80-1
@@ -37,16 +37,16 @@ CVE-2018-XXXX ["Magellan" remote code execution vulnerability]
 	NOTE: https://blade.tencent.com/magellan/index_en.html
 	TODO: check, sqlite3 possibly fixed already in 3.25.3-1 (and not only in 3.26.0-1) as per chromium change
 CVE-2018-20172 (An issue was discovered in Nagios XI before 5.5.8. The rss_url ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2018-20171 (An issue was discovered in Nagios XI before 5.5.8. The url parameter of ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2018-20170 (** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration ...)
 	TODO: check
 CVE-2018-20169 (An issue was discovered in the Linux kernel before 4.19.9. The USB ...)
 	- linux 4.19.9-1
 	NOTE: https://git.kernel.org/linus/704620afc70cf47abb9d6a1a57f3825d2bca49cf
 CVE-2018-20168 (Google gVisor before 2018-08-22 reuses a pagetable in a different level ...)
-	TODO: check
+	NOT-FOR-US: gVisor
 CVE-2018-20166
 	RESERVED
 CVE-2017-18355 (Installed packages are exposed by node_modules in Rendertron 1.0.0, ...)
@@ -2133,7 +2133,7 @@ CVE-2018-20135
 CVE-2018-20134
 	RESERVED
 CVE-2018-20133 (ymlref allows code injection. ...)
-	TODO: check
+	NOT-FOR-US: ymlref
 CVE-2018-20132
 	RESERVED
 CVE-2018-20131
@@ -2229,7 +2229,7 @@ CVE-2018-20094 (An issue was discovered in XXL-CONF 1.6.0. There is a path trave
 CVE-2018-20093
 	RESERVED
 CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: PTC ThingWorx Platform
 CVE-2018-20091
 	RESERVED
 CVE-2018-20090
@@ -3394,11 +3394,11 @@ CVE-2018-19938
 CVE-2018-19937
 	RESERVED
 CVE-2018-19936 (PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. ...)
-	TODO: check
+	NOT-FOR-US: PrinterOn Enterprise
 CVE-2018-19934
 	RESERVED
 CVE-2018-19933 (Bolt CMS <3.6.2 allows XSS via text input click preview button as ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2019-1984
 	RESERVED
 CVE-2019-1983
@@ -4582,7 +4582,7 @@ CVE-2018-19830
 CVE-2018-19829
 	RESERVED
 CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
-	TODO: check
+	NOT-FOR-US: Artica Integria IMS
 CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the ...)
 	- libsass <unfixed>
 	[stretch] - libsass <no-dsa> (Minor issue)
@@ -4599,33 +4599,33 @@ CVE-2018-19824 (In the Linux kernel through 4.19.6, a local user could exploit a
 CVE-2018-19823
 	RESERVED
 CVE-2018-19822 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19821 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19820 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19819 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19818 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19817 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19816 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19815 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19814 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19813 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19812 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19811 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19810 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19809 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-1002105 (In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, ...)
 	- kubernetes <unfixed> (bug #915828)
 	NOTE: https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
@@ -4713,27 +4713,27 @@ CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an infinite loop in the functi
 CVE-2018-19776
 	RESERVED
 CVE-2018-19775 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19774 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19773 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19772 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19771 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19770 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19769 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19768 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19767 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19766 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19765 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-19764
 	REJECTED
 CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function: ...)
@@ -56086,11 +56086,11 @@ CVE-2018-1893
 CVE-2018-1892
 	RESERVED
 CVE-2018-1891 (IBM Security Guardium 10 and 10.5 is vulnerable to cross-site ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1890
 	RESERVED
 CVE-2018-1889 (IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1888
 	RESERVED
 CVE-2018-1887 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
@@ -108959,7 +108959,7 @@ CVE-2017-1599
 CVE-2017-1598 (IBM Security Guardium 10.0 Database Activity Monitor uses weaker than ...)
 	NOT-FOR-US: IBM Security Guardium
 CVE-2017-1597 (IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1596 (IBM Security Guardium 10.0 Database Activity Monitor could allow a ...)
 	NOT-FOR-US: IBM Security Guardium
 CVE-2017-1595 (IBM Security Guardium 10.0 Database Activity Monitor could allow a ...)
@@ -109609,7 +109609,7 @@ CVE-2017-1274 (IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow
 CVE-2017-1273
 	RESERVED
 CVE-2017-1272 (IBM Security Guardium 10.0 and 10.5 stores sensitive information in ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1271 (IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between ...)
 	NOT-FOR-US: IBM
 CVE-2017-1270 (IBM Security Guardium 10.0 does not renew a session variable after a ...)
@@ -109623,7 +109623,7 @@ CVE-2017-1267 (IBM Security Guardium 10.0 and 10.1 processes patches, image back
 CVE-2017-1266 (IBM Security Guardium 10.0 specifies permissions for a ...)
 	NOT-FOR-US: IBM Security Guardium
 CVE-2017-1265 (IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1264 (IBM Security Guardium 10.0 does not prove or insufficiently proves ...)
 	NOT-FOR-US: IBM
 CVE-2017-1263



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7915e6ebbac7dd5b1e98a07d24d6e18400949bfe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7915e6ebbac7dd5b1e98a07d24d6e18400949bfe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181217/faecda0c/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list