[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jan 11 21:19:10 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5904a06 by Salvatore Bonaccorso at 2018-01-11T22:18:52+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9247,7 +9247,7 @@ CVE-2018-1363
 CVE-2018-1362
 	RESERVED
 CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Portal
 CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 ...)
 	NOT-FOR-US: Panda Global Protection
 CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 ...)
@@ -13555,7 +13555,7 @@ CVE-2018-0120
 CVE-2018-0119
 	RESERVED
 CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0117
 	RESERVED
 CVE-2018-0116
@@ -17885,55 +17885,55 @@ CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing ..
 	NOTE: Proposed patch (but not merged): https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff
 	NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and following.
 CVE-2017-15637 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15636 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15635 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15634 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15633 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15632 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15631 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15630 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15629 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15628 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15627 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15626 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15625 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15624 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15623 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15622 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15621 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15620 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15619 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15618 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15617 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15616 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15615 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15614 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15613 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such ...)
 	- mistune 0.8-1 (bug #879098)
 	[stretch] - mistune <no-dsa> (Minor issue)
@@ -43700,9 +43700,9 @@ CVE-2016-10259 (Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is susceptib
 CVE-2016-10258
 	RESERVED
 CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...)
 	NOT-FOR-US: cloudflare-scrape
 CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...)
@@ -51460,9 +51460,9 @@ CVE-2017-4952
 CVE-2017-4951
 	RESERVED
 CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free vulnerability ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View ...)
 	NOT-FOR-US: VMware
 CVE-2017-4947
@@ -53980,7 +53980,7 @@ CVE-2017-3767 (A local privilege escalation vulnerability was identified in the 
 CVE-2017-3766
 	RESERVED
 CVE-2017-3765 (In Enterprise Networking Operating System (ENOS) in Lenovo and IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM RackSwitch and BladeCenter products
 CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator (LXCA) ...)
 	NOT-FOR-US: Lenovo XClarity Administrator
 CVE-2017-3763 (An attacker who obtains access to the location where the LXCA file ...)
@@ -59748,9 +59748,9 @@ CVE-2017-1742
 CVE-2017-1741
 	RESERVED
 CVE-2017-1740 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and ...)
-	TODO: check
+	NOT-FOR-US: IBM Curam Social Program Management
 CVE-2017-1739 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is ...)
-	TODO: check
+	NOT-FOR-US: IBM Curam Social Program Management
 CVE-2017-1738
 	RESERVED
 CVE-2017-1737
@@ -59866,7 +59866,7 @@ CVE-2017-1683 (IBM Connections Engagement Center 6.0 is vulnerable to cross-site
 CVE-2017-1682
 	RESERVED
 CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2017-1680
 	RESERVED
 CVE-2017-1679
@@ -59886,17 +59886,17 @@ CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable 
 CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to ...)
 	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
 CVE-2017-1671 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
 CVE-2017-1670 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
 CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive ...)
 	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
 CVE-2017-1668 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
 CVE-2017-1667
 	RESERVED
 CVE-2017-1666 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
 CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
 	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
 CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
@@ -59982,7 +59982,7 @@ CVE-2017-1625
 CVE-2017-1624
 	RESERVED
 CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
-	TODO: check
+	NOT-FOR-US: IBM QRadar
 CVE-2017-1622
 	RESERVED
 CVE-2017-1621
@@ -60004,7 +60004,7 @@ CVE-2017-1614
 CVE-2017-1613 (IBM Connections 6.0 could allow an unauthenticated remote attacker to ...)
 	NOT-FOR-US: IBM Connections
 CVE-2017-1612 (IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere MQ
 CVE-2017-1611
 	RESERVED
 CVE-2017-1610
@@ -60160,9 +60160,9 @@ CVE-2017-1536 (IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8
 CVE-2017-1535 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2017-1534 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Access Manager Appliance
 CVE-2017-1533 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Access Manager Appliance
 CVE-2017-1532
 	RESERVED
 CVE-2017-1531 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...)
@@ -60242,7 +60242,7 @@ CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow
 CVE-2017-1494 (IBM Business Process Manager 8.5 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM Business Process Manager
 CVE-2017-1493 (IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated ...)
-	TODO: check
+	NOT-FOR-US: IBM UrbanCode Deploy
 CVE-2017-1492
 	RESERVED
 CVE-2017-1491 (IBM QRadar Network Security 5.4 supports interaction between multiple ...)
@@ -60272,7 +60272,7 @@ CVE-2017-1480
 CVE-2017-1479
 	RESERVED
 CVE-2017-1478 (IBM Security Access Manager Appliance 9.0.0 allows web pages to be ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Access Manager Appliance
 CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML ...)
 	NOT-FOR-US: IBM
 CVE-2017-1476
@@ -60310,7 +60310,7 @@ CVE-2017-1461 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerab
 CVE-2017-1460 (IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router ...)
 	NOT-FOR-US: IBM
 CVE-2017-1459 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Access Manager Appliance
 CVE-2017-1458 (IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity ...)
 	NOT-FOR-US: IBM
 CVE-2017-1457 (IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. ...)
@@ -61591,7 +61591,7 @@ CVE-2016-9724 (IBM QRadar 7.2 is vulnerable to a denial of service, caused by an
 CVE-2016-9723 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2016-9722 (IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical ...)
-	TODO: check
+	NOT-FOR-US: IBM QRadar
 CVE-2016-9721
 	RESERVED
 CVE-2016-9720 (IBM QRadar 7.2 discloses sensitive information to unauthorized users. ...)
@@ -65270,9 +65270,9 @@ CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lo
 CVE-2016-9110
 	RESERVED
 CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-9098
 	REJECTED
 CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ...)
@@ -67155,7 +67155,7 @@ CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet ...)
 CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with ...)
 	NOT-FOR-US: Fortiguard
 CVE-2016-8493 (In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows ...)
 	NOT-FOR-US: Fortinet FortiWLC
 CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC ...)
@@ -121203,7 +121203,7 @@ CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library 
 CVE-2012-6683
 	RESERVED
 CVE-2012-6682 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: DragonByte Technologies vBDownloads module for vBulletin
 CVE-2012-6681
 	RESERVED
 CVE-2012-6680
@@ -121225,15 +121225,15 @@ CVE-2012-6673
 CVE-2012-6672
 	RESERVED
 CVE-2012-6671 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: DragonByte Technologies Forumon RPG module for vBulletin
 CVE-2012-6670 (Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte ...)
-	TODO: check
+	NOT-FOR-US: DragonByte Technologies vbActivity module for vBulletin
 CVE-2012-6669
 	RESERVED
 CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout ...)
-	TODO: check
+	NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
 CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte ...)
-	TODO: check
+	NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
 CVE-2012-6666
 	RESERVED
 CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 ...)
@@ -131032,7 +131032,7 @@ CVE-2014-5396 (The web interface in Schrack Technik microControl with firmware b
 CVE-2014-5395 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei ...)
 	NOT-FOR-US: Huawei Routers
 CVE-2014-5394 (Multiple Huawei Campus switches allow remote attackers to enumerate ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2014-5393 (Directory traversal vulnerability in the JobScheduler Operations ...)
 	NOT-FOR-US: JobScheduler
 CVE-2014-5392 (XML External Entity (XXE) vulnerability in JobScheduler before ...)
@@ -131952,13 +131952,13 @@ CVE-2014-5073 (vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657
 CVE-2014-5072
 	RESERVED
 CVE-2014-5071 (SQL injection vulnerability in the checkPassword function in ...)
-	TODO: check
+	NOT-FOR-US: Symmetricom
 CVE-2014-5070 (Symmetricom s350i 2.70.15 allows remote authenticated users to gain ...)
-	TODO: check
+	NOT-FOR-US: Symmetricom
 CVE-2014-5069 (Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 ...)
-	TODO: check
+	NOT-FOR-US: Symmetricom
 CVE-2014-5068 (Directory traversal vulnerability in the web application in ...)
-	TODO: check
+	NOT-FOR-US: Symmetricom
 CVE-2014-5067
 	RESERVED
 CVE-2014-5066
@@ -132252,7 +132252,7 @@ CVE-2014-4974 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode
 CVE-2014-4973 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the ...)
 	NOT-FOR-US: ESET Personal Firewall
 CVE-2014-4972 (Unrestricted file upload vulnerability in the Gravity Upload Ajax ...)
-	TODO: check
+	NOT-FOR-US: Gravity Upload Ajax plugin for WordPress
 CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain IRP ...)
 	NOT-FOR-US: Microsoft Windows XP
 CVE-2014-4970
@@ -140073,7 +140073,7 @@ CVE-2014-2072
 	RESERVED
 	NOT-FOR-US: Dassault Systemes Catia
 CVE-2014-2071 (Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before ...)
-	TODO: check
+	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
 CVE-2014-2070
 	RESERVED
 CVE-2014-2069
@@ -180622,7 +180622,7 @@ CVE-2012-0701 (The client applications in the DataStage Administrator client in 
 CVE-2012-0700 (The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere ...)
 	NOT-FOR-US: IBM InfoSphere Information Server
 CVE-2012-0699 (Multiple cross-site request forgery (CSRF) vulnerabilities in Family ...)
-	TODO: check
+	NOT-FOR-US: Family Connections CMS
 CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a ...)
 	{DSA-2576-1}
 	- trousers 0.3.9-1 (low; bug #692649)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5904a061dad165be6c9cfd7319290d879ab3917

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5904a061dad165be6c9cfd7319290d879ab3917
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180111/a7a60821/attachment-0001.html>


More information about the Secure-testing-commits mailing list