[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 22 20:53:49 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
25f85058 by Salvatore Bonaccorso at 2018-02-22T21:53:29+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1065,7 +1065,7 @@ CVE-2018-6938
CVE-2018-6937
RESERVED
CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-6935
RESERVED
CVE-2018-6934
@@ -33746,7 +33746,7 @@ CVE-2017-12417
CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect internal ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-12415 (OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x ...)
- TODO: check
+ NOT-FOR-US: OXID eShop
CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption ...)
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an ...)
@@ -39032,13 +39032,13 @@ CVE-2017-9972
CVE-2017-9971
RESERVED
CVE-2017-9970 (A remote code execution vulnerability exists in Schneider Electric's ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2017-9969 (An information disclosure vulnerability exists in Schneider Electric's ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2017-9968 (A security misconfiguration vulnerability exists in Schneider ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2017-9967 (A security misconfiguration vulnerability exists in Schneider ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2017-9966 (A privilege escalation vulnerability exists in Schneider Electric's ...)
NOT-FOR-US: Schneider Electric
CVE-2017-9965 (An exposure of sensitive information vulnerability exists in Schneider ...)
@@ -39046,7 +39046,7 @@ CVE-2017-9965 (An exposure of sensitive information vulnerability exists in Schn
CVE-2017-9964 (A Path Traversal issue was discovered in Schneider Electric Pelco ...)
NOT-FOR-US: Schneider Electric
CVE-2017-9963 (A cross-site request forgery vulnerability exists on the Secure ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to August 2017 ...)
NOT-FOR-US: Schneider Electric
CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX ...)
@@ -42033,7 +42033,7 @@ CVE-2017-9515
CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a ...)
NOT-FOR-US: Atlassian Bamboo
CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams ...)
- TODO: check
+ NOT-FOR-US: Atlassian Activity Streams
CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and ...)
NOT-FOR-US: Atlassian
CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, before ...)
@@ -43952,19 +43952,19 @@ CVE-2017-8987
CVE-2017-8986
RESERVED
CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local ...)
- TODO: check
+ NOT-FOR-US: HPE XP Storage
CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent Management ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8983 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8982 (A Remote Authentication Restriction Bypass vulnerability in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8981 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8980 (A Remote Disclosure of Information vulnerability in HPE Intelligent ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8979 (Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) ...)
- TODO: check
+ NOT-FOR-US: HPE Integrated Lights-Out 2 (iLO 2) firmware
CVE-2017-8978 (A Remote Unauthorized Disclosure of Information vulnerability in HPE ...)
NOT-FOR-US: HPE IceWall Products
CVE-2017-8977 (A Remote Denial of Service vulnerability in Hewlett Packard Enterprise ...)
@@ -52834,17 +52834,17 @@ CVE-2017-6232
CVE-2017-6231
RESERVED
CVE-2017-6230 (Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus ...)
- TODO: check
+ NOT-FOR-US: Ruckus Networks firmware
CVE-2017-6229 (Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and ...)
- TODO: check
+ NOT-FOR-US: Ruckus Networks firmware
CVE-2017-6228
RESERVED
CVE-2017-6227 (A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2017-6226
RESERVED
CVE-2017-6225 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2017-6224 (Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ...)
NOT-FOR-US: Ruckus
CVE-2017-6223 (Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ...)
@@ -52978,7 +52978,7 @@ CVE-2017-6171
CVE-2017-6170
RESERVED
CVE-2017-6169 (In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 ...)
NOT-FOR-US: F5 BIG-IP
NOTE: https://support.f5.com/csp/article/K21905460
@@ -53034,7 +53034,7 @@ CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type
CVE-2017-6143
RESERVED
CVE-2017-6142 (X509 certificate verification was not correctly implemented in the ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2017-6141 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and ...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6140 (On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, ...)
@@ -53990,23 +53990,23 @@ CVE-2017-5817 (A Remote Code Execution vulnerability in HPE Intelligent Manageme
CVE-2017-5816 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5815 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5814 (A remote sql injection authentication bypass in HPE Network Automation ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2017-5813 (A remote unauthenticated access vulnerability in HPE Network ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2017-5812 (A remote sql information disclosure vulnerability in HPE Network ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2017-5811 (A remote code execution vulnerability in HPE Network Automation ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2017-5810 (A remote sql injection vulnerability in HPE Network Automation version ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2017-5809 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2017-5808 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2017-5807 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2017-5806 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5805 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
@@ -54284,7 +54284,7 @@ CVE-2017-5701 (Insecure platform configuration in system firmware for Intel ...)
CVE-2017-5700 (Insufficient protection of password storage in system firmware for ...)
NOT-FOR-US: Intel
CVE-2017-5699 (Input validation error in Intel MinnowBoard 3 Firmware versions prior ...)
- TODO: check
+ NOT-FOR-US: Intel MinnowBoard 3 Firmware
CVE-2017-5698 (Intel Active Management Technology, Intel Standard Manageability, and ...)
NOT-FOR-US: Intel
CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface of ...)
@@ -56606,7 +56606,7 @@ CVE-2017-5172
CVE-2017-5171
RESERVED
CVE-2017-5170 (An Uncontrolled Search Path Element issue was discovered in Moxa ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-5169 (An issue was discovered in Hanwha Techwin Smart Security Manager ...)
NOT-FOR-US: Hanwha Techwin
CVE-2017-5168 (An issue was discovered in Hanwha Techwin Smart Security Manager ...)
@@ -60109,7 +60109,7 @@ CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator (
CVE-2017-3763 (An attacker who obtains access to the location where the LXCA file ...)
NOT-FOR-US: Lenovo LXCA
CVE-2017-3762 (Sensitive data stored by Lenovo Fingerprint Manager Pro, version ...)
- TODO: check
+ NOT-FOR-US: Lenovo Fingerprint Manager Pro
CVE-2017-3761 (The Lenovo Service Framework Android application executes some system ...)
NOT-FOR-US: Lenovo
CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of ...)
@@ -60307,9 +60307,9 @@ CVE-2016-9953
CVE-2016-9952
RESERVED
CVE-2016-10008 (SQL injection vulnerability in the "Content Types > Content Types" ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms" screen in ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input ...)
NOT-FOR-US: OWASP AntiSamy
CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ...)
@@ -65848,7 +65848,7 @@ CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to cr
CVE-2017-1759
RESERVED
CVE-2017-1758 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
- TODO: check
+ NOT-FOR-US: IBM Financial Transaction Manager for ACH Services for Multi-Platform
CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote ...)
NOT-FOR-US: IBM Security Guardium
CVE-2017-1756
@@ -66156,7 +66156,7 @@ CVE-2017-1606 (IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) .
CVE-2017-1605
RESERVED
CVE-2017-1604 (IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Anywhere
CVE-2017-1603
RESERVED
CVE-2017-1602
@@ -66441,7 +66441,7 @@ CVE-2017-1464
CVE-2017-1463
RESERVED
CVE-2017-1462 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM Rhapsody DM
CVE-2017-1461 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1460 (IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router ...)
@@ -67572,7 +67572,7 @@ CVE-2017-0913
CVE-2017-0912
RESERVED
CVE-2017-0911 (Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback ...)
- TODO: check
+ NOT-FOR-US: Twitter Kit for iOS
CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms, a ...)
- zulip-server <itp> (bug #800052)
CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable to a ...)
@@ -69620,11 +69620,11 @@ CVE-2016-9572
CVE-2016-9571
REJECTED
CVE-2016-9570 (cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Carbon Black
CVE-2016-9569 (The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users ...)
- TODO: check
+ NOT-FOR-US: Carbon Black
CVE-2016-9568 (A security design issue can allow an unprivileged user to interact ...)
- TODO: check
+ NOT-FOR-US: Carbon Black
CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0) ...)
NOT-FOR-US: Samsung
CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users with ...)
@@ -73258,11 +73258,11 @@ CVE-2016-8520 (HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check
CVE-2016-8519 (A remote code execution vulnerability in HPE Operations Orchestration ...)
NOT-FOR-US: HPE Operations Orchestration
CVE-2016-8518 (A remote denial of service vulnerability in HPE Systems Insight ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-8517 (A cross site scripting vulnerability in HPE Systems Insight Manager in ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-8516 (A remote denial of service vulnerability in HPE Systems Insight ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-8515 (A remote malicious file upload vulnerability in HPE Version Control ...)
NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8514 (A remote information disclosure in HPE Version Control Repository ...)
@@ -73270,9 +73270,9 @@ CVE-2016-8514 (A remote information disclosure in HPE Version Control Repository
CVE-2016-8513 (A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version ...)
NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8512 (A Remote Code Execution vulnerability in all versions of HPE ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-8511 (A Remote Code Execution vulnerability in HPE Network Automation using ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-8510
REJECTED
CVE-2016-8509
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/25f85058e94f9fb751c7af2133862ada5421eee6
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/25f85058e94f9fb751c7af2133862ada5421eee6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180222/afb9cb2d/attachment-0001.html>
More information about the Secure-testing-commits
mailing list