[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 31 21:20:02 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23db7d7a by Salvatore Bonaccorso at 2018-01-31T22:19:43+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,23 +1,23 @@
CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to a ...)
- TODO: check
+ NOT-FOR-US: CCN-lite 2
CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An ...)
- TODO: check
+ NOT-FOR-US: Netwave IP Camera devices
CVE-2018-6478
RESERVED
CVE-2018-6477
RESERVED
CVE-2018-6476 (In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS ...)
- TODO: check
+ NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6475 (In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe ...)
- TODO: check
+ NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6474 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
- TODO: check
+ NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6473 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
- TODO: check
+ NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6472 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
- TODO: check
+ NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
- TODO: check
+ NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6470
RESERVED
CVE-2018-6469
@@ -29,7 +29,7 @@ CVE-2018-6467
CVE-2018-6466
RESERVED
CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via the ...)
- TODO: check
+ NOT-FOR-US: PropertyHive plugin for WordPress
CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a ...)
TODO: check
CVE-2018-6463
@@ -199,7 +199,7 @@ CVE-2018-6386
CVE-2018-6385
RESERVED
CVE-2018-6384 (Unquoted Windows search path vulnerability in NSClient++ before ...)
- TODO: check
+ NOT-FOR-US: NSClient++
CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that ...)
NOT-FOR-US: Monstra CMS
CVE-2018-6382 (MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via ...)
@@ -2010,7 +2010,7 @@ CVE-2018-5703 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the L
CVE-2017-18032 (The download-manager plugin before 2.9.52 for WordPress has XSS via the ...)
NOT-FOR-US: download-manager plugin for WordPress
CVE-2018-5701 (In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys ...)
- TODO: check
+ NOT-FOR-US: Iolo System Shield AntiVirus and AntiSpyware
CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by ...)
NOT-FOR-US: Winmail Server
CVE-2018-5699
@@ -16739,7 +16739,7 @@ CVE-2018-0138
CVE-2018-0137
RESERVED
CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0135
RESERVED
CVE-2018-0134
@@ -16809,7 +16809,7 @@ CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording
CVE-2018-0102 (A vulnerability in the Pong tool of Cisco NX-OS Software could allow an ...)
NOT-FOR-US: Cisco
CVE-2018-0101 (A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0100 (A vulnerability in the Profile Editor of the Cisco AnyConnect Secure ...)
NOT-FOR-US: Cisco
CVE-2018-0099 (A vulnerability in the web management GUI of the Cisco D9800 Network ...)
@@ -16943,7 +16943,7 @@ CVE-2017-16947
CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php in MISP ...)
NOT-FOR-US: MISP
CVE-2017-16945 (The standardrestorer binary in Arq 5.10 and earlier for Mac allows ...)
- TODO: check
+ NOT-FOR-US: standardrestorer binary in Arq
CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists ...)
- libsndfile 1.0.27-1
[jessie] - libsndfile <no-dsa> (Minor issue)
@@ -17024,7 +17024,7 @@ CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 1
CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...)
NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
CVE-2017-16928 (The arq_updater binary in Arq 5.10 and earlier for Mac allows local ...)
- TODO: check
+ NOT-FOR-US: arq_updater binary in Arq
CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...)
{DLA-1203-1}
- xrdp 0.9.4-3 (bug #882463)
@@ -17656,7 +17656,7 @@ CVE-2017-16860
CVE-2017-16859
RESERVED
CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the Google Apps ...)
- TODO: check
+ NOT-FOR-US: 'crowd-application' plugin module in Atlassian Crowd
CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via ...)
NOT-FOR-US: Atlassian
CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...)
@@ -21043,13 +21043,13 @@ CVE-2017-15658
CVE-2017-15657
RESERVED
CVE-2017-15656 (Password are stored in plaintext in nvram in the HTTPd server in all ...)
- TODO: check
+ NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15655 (Multiple buffer overflow vulnerabilities exist in the HTTPd server in ...)
- TODO: check
+ NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all current ...)
- TODO: check
+ NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15653 (Improper administrator IP validation after his login in the HTTPd ...)
- TODO: check
+ NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15652
RESERVED
CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated ...)
@@ -24053,9 +24053,9 @@ CVE-2017-14701
CVE-2017-14700
RESERVED
CVE-2017-14699 (Multiple XML external entity (XXE) vulnerabilities in the AiCloud ...)
- TODO: check
+ NOT-FOR-US: ASUS routers
CVE-2017-14698 (ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, ...)
- TODO: check
+ NOT-FOR-US: ASUS routers
CVE-2017-14697
RESERVED
CVE-2017-14696 (SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and ...)
@@ -25540,7 +25540,7 @@ CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui
CVE-2017-14191
RESERVED
CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager ...)
NOT-FOR-US: Fortinet
CVE-2017-14188
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23db7d7a8957d31a54eb13c31eed3feee2e36268
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23db7d7a8957d31a54eb13c31eed3feee2e36268
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180131/8e6c7a01/attachment.html>
More information about the Secure-testing-commits
mailing list