[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some SAP specific NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Feb 14 21:37:47 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
96840827 by Salvatore Bonaccorso at 2018-02-14T22:37:16+01:00
Process some SAP specific NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -12110,61 +12110,61 @@ CVE-2018-2398
 CVE-2018-2397
 	RESERVED
 CVE-2018-2396 (Under certain conditions a malicious user can prevent legitimate users ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2395 (Under certain conditions a malicious user may retrieve information on ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphic Server
 CVE-2018-2394 (Under certain conditions an unauthenticated malicious user can prevent ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2393 (Under certain conditions SAP Internet Graphics Server (IGS) 7.20, ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2392 (Under certain conditions SAP Internet Graphics Server (IGS) 7.20, ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2391 (Under certain conditions a malicious user can prevent legitimate users ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2390 (Under certain conditions a malicious user can prevent legitimate users ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2389 (Under certain conditions a malicious user can inject log files of SAP ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2388 (Stored cross-site scripting vulnerability in SAP internet Graphics ...)
-	TODO: check
+	NOT-FOR-US: SAP internet Graphics Server
 CVE-2018-2387 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, ...)
-	TODO: check
+	NOT-FOR-US: SAP internet Graphics Server
 CVE-2018-2386 (Under certain conditions a malicious user provoking an out of bounds ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2385 (Under certain conditions a malicious user provoking a divide by zero ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2384 (Under certain conditions a malicious user provoking a Null Pointer ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2383 (Reflected cross-site scripting vulnerability in SAP internet Graphics ...)
-	TODO: check
+	NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2382 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, ...)
-	TODO: check
+	NOT-FOR-US: SAP internet Graphics Server
 CVE-2018-2381 (SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, ...)
-	TODO: check
+	NOT-FOR-US: SAP ERP Financials Information System
 CVE-2018-2380
 	RESERVED
 CVE-2018-2379 (In SAP HANA Extended Application Services, 1.0, an unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA Extended Application Services
 CVE-2018-2378 (In SAP HANA Extended Application Services, 1.0, unauthorized users can ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA Extended Application Services
 CVE-2018-2377 (In SAP HANA Extended Application Services, 1.0, some general server ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA Extended Application Services
 CVE-2018-2376 (In SAP HANA Extended Application Services, 1.0, a controller user who ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA Extended Application Services
 CVE-2018-2375 (In SAP HANA Extended Application Services, 1.0, a controller user who ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA Extended Application Services
 CVE-2018-2374 (In SAP HANA Extended Application Services, 1.0, a controller user who ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA Extended Application Services
 CVE-2018-2373 (Under certain circumstances, a specific endpoint of the Controller's ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA Extended Application Services
 CVE-2018-2372 (A plain keystore password is written to a system log file in SAP HANA ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA Extended Application Services
 CVE-2018-2371 (The SAML 2.0 service provider of SAP Netweaver AS Java Web ...)
-	TODO: check
+	NOT-FOR-US: SAP Netweaver AS Java Web Application
 CVE-2018-2370 (Server Side Request Forgery (SSRF) vulnerability in SAP Central ...)
-	TODO: check
+	NOT-FOR-US: SAP Central Management Console
 CVE-2018-2369 (Under certain conditions SAP HANA, 1.00, 2.00, allows an ...)
-	TODO: check
+	NOT-FOR-US: SAP HANA
 CVE-2018-2368
 	RESERVED
 CVE-2018-2367



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9684082764b11bdcd38b2ebc7957570f68786bee

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9684082764b11bdcd38b2ebc7957570f68786bee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180214/4918b5de/attachment.html>

More information about the Secure-testing-commits mailing list