[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jan 11 11:54:41 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d404585 by Salvatore Bonaccorso at 2018-01-11T12:54:25+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11918,9 +11918,9 @@ CVE-2018-0787
 CVE-2018-0786 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0785 (ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0784 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0783
 	RESERVED
 CVE-2018-0782
@@ -14056,7 +14056,7 @@ CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in .
 	NOTE: PoC https://packetstormsecurity.com/files/download/145045/tic-overflow.tgz
 	NOTE: http://invisible-island.net/ncurses/NEWS.html#t20171125
 CVE-2017-16878 (Cross-site scripting (XSS) vulnerability in the Captive Portal ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...)
 	NOT-FOR-US: ZEIT Next.js
 CVE-2017-16876 (Cross-site scripting (XSS) vulnerability in the _keyify function in ...)
@@ -14401,33 +14401,33 @@ CVE-2018-0016
 CVE-2018-0015
 	RESERVED
 CVE-2018-0014 (Juniper Networks ScreenOS devices do not pad Ethernet packets with ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0013 (A local file inclusion vulnerability in Juniper Networks Junos Space ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0012 (Junos Space is affected by a privilege escalation vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0011 (A reflected cross site scripting (XSS) vulnerability in Junos Space ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0010 (A vulnerability in the Juniper Networks Junos Space Security Director ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0009 (On Juniper Networks SRX series devices, firewall rules configured to ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0008 (An unauthenticated root login may allow upon reboot when a commit ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0007 (An unauthenticated network-based attacker able to send a maliciously ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0006 (A high rate of VLAN authentication attempts sent from an adjacent host ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0005 (QFX and EX Series switches configured to drop traffic when the MAC ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0004 (A sustained sequence of different types of normal transit traffic can ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0003 (A specially crafted MPLS packet received or processed by the system, ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0002 (On SRX Series and MX Series devices with a Service PIC with any ALG ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2018-0001 (A remote, unauthenticated attacker may be able to execute code by ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2017-16866 (dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) ...)
 	NOT-FOR-US: dayrui FineCms
 CVE-2017-16865
@@ -17810,13 +17810,13 @@ CVE-2017-15667 (In Flexense SysGauge Server 3.6.18, the Control Protocol suffers
 CVE-2017-15666
 	RESERVED
 CVE-2017-15665 (In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers ...)
-	TODO: check
+	NOT-FOR-US: Flexense DiskBoss Enterprise
 CVE-2017-15664 (In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol ...)
-	TODO: check
+	NOT-FOR-US: Flexense Sync Breeze Enterprise
 CVE-2017-15663 (In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol ...)
-	TODO: check
+	NOT-FOR-US: Flexense Disk Pulse Enterprise
 CVE-2017-15662 (In Flexense VX Search Enterprise v10.1.12, the Control Protocol ...)
-	TODO: check
+	NOT-FOR-US: Flexense VX Search Enterprise
 CVE-2017-15661
 	RESERVED
 CVE-2017-15660



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d404585e57044bf4b660b95e6d2efc9d07a4e96

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d404585e57044bf4b660b95e6d2efc9d07a4e96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180111/0881bb36/attachment.html>

More information about the Secure-testing-commits mailing list