[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Feb 7 21:41:07 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03c0fb9a by Salvatore Bonaccorso at 2018-02-07T22:40:12+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13546,7 +13546,7 @@ CVE-2018-1384
 CVE-2018-1383
 	RESERVED
 CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This ...)
-	TODO: check
+	NOT-FOR-US: IBM API Connect
 CVE-2018-1381
 	RESERVED
 CVE-2018-1380
@@ -13578,7 +13578,7 @@ CVE-2018-1368
 CVE-2018-1367
 	RESERVED
 CVE-2018-1366 (IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated ...)
-	TODO: check
+	NOT-FOR-US: IBM Content Navigator
 CVE-2018-1365
 	RESERVED
 CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External ...)
@@ -13909,7 +13909,7 @@ CVE-2017-17554 (A NULL pointer dereference (DoS) Vulnerability was found in the 
 CVE-2017-17553 (The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing ...)
 	NOT-FOR-US: Dolphin Browser for Android
 CVE-2017-17552 (/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine AD Manager Plus
 CVE-2018-1360
 	RESERVED
 CVE-2018-1359
@@ -14226,7 +14226,7 @@ CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International .
 CVE-2017-17483
 	RESERVED
 CVE-2017-17482 (An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and ...)
-	TODO: check
+	NOT-FOR-US: OpenVMS
 CVE-2017-17481
 	RESERVED
 CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
@@ -31239,7 +31239,7 @@ CVE-2017-12731 (A SQL Injection issue was discovered in OPW Fuel Management Syst
 CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO Versions ...)
 	NOT-FOR-US: mySCADA myPRO
 CVE-2017-12729 (A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer ...)
-	TODO: check
+	NOT-FOR-US: Moxa SoftCMS Live Viewer
 CVE-2017-12728 (An Improper Privilege Management issue was discovered in SpiderControl ...)
 	NOT-FOR-US: SpiderControl SCADA Web Server
 CVE-2017-12727
@@ -31965,27 +31965,27 @@ CVE-2017-12475 (The AP4_Processor::Process function in Core/Ap4Processor.cpp in 
 CVE-2017-12474 (The AP4_AtomSampleTable::GetSample function in ...)
 	NOT-FOR-US: Bento4
 CVE-2017-12473 (ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12472 (ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12471 (The cnb_parse_lev function in CCN-lite before 2.00 allows ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12470 (Integer overflow in the ndn_parse_sequence function in CCN-lite before ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12469 (Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12468 (Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12467 (Memory leak in CCN-lite before 2.00 allows context-dependent attackers ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12466 (CCN-lite before 2.00 allows context-dependent attackers to have ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12465 (Multiple integer overflows in CCN-lite before 2.00 allow ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12464 (ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12463 (Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12462
 	RESERVED
 CVE-2017-12461
@@ -32194,7 +32194,7 @@ CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because a
 CVE-2017-12413 (AXIS 2100 devices 2.43 have XSS via the URI, possibly related to ...)
 	NOT-FOR-US: AXIS 2100 devices
 CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2017-12411
 	RESERVED
 CVE-2017-12410
@@ -32446,9 +32446,9 @@ CVE-2017-12310
 CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) could allow ...)
 	NOT-FOR-US: Cisco
 CVE-2017-12308 (A vulnerability in the web framework of Cisco Small Business Managed ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-12307 (A vulnerability in the web framework of Cisco Small Business Managed ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-12306 (A vulnerability in the upgrade process of Cisco Spark Board could allow ...)
 	NOT-FOR-US: Cisco
 CVE-2017-12305 (A vulnerability in the debug interface of Cisco IP Phone 8800 series ...)
@@ -42560,7 +42560,7 @@ CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive Assist
 CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows ...)
 	NOT-FOR-US: Joomla
 CVE-2017-8916 (In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an ...)
-	TODO: check
+	NOT-FOR-US: Center for Internet Security CIS-CAT Pro Dashboard
 CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
 	NOT-FOR-US: SAP
 CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
@@ -47721,11 +47721,11 @@ CVE-2017-7329
 CVE-2017-7328
 	RESERVED
 CVE-2017-7327 (Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking ...)
-	TODO: check
+	NOT-FOR-US: Yandex Browser installer for Desktop
 CVE-2017-7326 (Race condition issue in Yandex Browser for Android before 17.4.0.16 ...)
-	TODO: check
+	NOT-FOR-US: Yandex Browser for Android
 CVE-2017-7325 (Yandex Browser before 16.9.0 allows remote attackers to spoof the ...)
-	TODO: check
+	NOT-FOR-US: Yandex Browser
 CVE-2017-7324 (setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier ...)
 	NOT-FOR-US: MODX Revolution
 CVE-2017-7323 (The (1) update and (2) package-installation features in MODX ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/03c0fb9a2fb5f2e7fdda10dd048eb9f4240d1a55

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/03c0fb9a2fb5f2e7fdda10dd048eb9f4240d1a55
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180207/349ca6cb/attachment-0001.html>

More information about the Secure-testing-commits mailing list