[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Jan 31 21:20:02 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23db7d7a by Salvatore Bonaccorso at 2018-01-31T22:19:43+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,23 +1,23 @@
 CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to a ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite 2
 CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An ...)
-	TODO: check
+	NOT-FOR-US: Netwave IP Camera devices
 CVE-2018-6478
 	RESERVED
 CVE-2018-6477
 	RESERVED
 CVE-2018-6476 (In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS ...)
-	TODO: check
+	NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6475 (In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe ...)
-	TODO: check
+	NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6474 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
-	TODO: check
+	NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6473 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
-	TODO: check
+	NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6472 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
-	TODO: check
+	NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
-	TODO: check
+	NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6470
 	RESERVED
 CVE-2018-6469
@@ -29,7 +29,7 @@ CVE-2018-6467
 CVE-2018-6466
 	RESERVED
 CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via the ...)
-	TODO: check
+	NOT-FOR-US: PropertyHive plugin for WordPress
 CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a ...)
 	TODO: check
 CVE-2018-6463
@@ -199,7 +199,7 @@ CVE-2018-6386
 CVE-2018-6385
 	RESERVED
 CVE-2018-6384 (Unquoted Windows search path vulnerability in NSClient++ before ...)
-	TODO: check
+	NOT-FOR-US: NSClient++
 CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that ...)
 	NOT-FOR-US: Monstra CMS
 CVE-2018-6382 (MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via ...)
@@ -2010,7 +2010,7 @@ CVE-2018-5703 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the L
 CVE-2017-18032 (The download-manager plugin before 2.9.52 for WordPress has XSS via the ...)
 	NOT-FOR-US: download-manager plugin for WordPress
 CVE-2018-5701 (In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys ...)
-	TODO: check
+	NOT-FOR-US: Iolo System Shield AntiVirus and AntiSpyware
 CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by ...)
 	NOT-FOR-US: Winmail Server
 CVE-2018-5699
@@ -16739,7 +16739,7 @@ CVE-2018-0138
 CVE-2018-0137
 	RESERVED
 CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0135
 	RESERVED
 CVE-2018-0134
@@ -16809,7 +16809,7 @@ CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording 
 CVE-2018-0102 (A vulnerability in the Pong tool of Cisco NX-OS Software could allow an ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0101 (A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0100 (A vulnerability in the Profile Editor of the Cisco AnyConnect Secure ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0099 (A vulnerability in the web management GUI of the Cisco D9800 Network ...)
@@ -16943,7 +16943,7 @@ CVE-2017-16947
 CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php in MISP ...)
 	NOT-FOR-US: MISP
 CVE-2017-16945 (The standardrestorer binary in Arq 5.10 and earlier for Mac allows ...)
-	TODO: check
+	NOT-FOR-US: standardrestorer binary in Arq
 CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists ...)
 	- libsndfile 1.0.27-1
 	[jessie] - libsndfile <no-dsa> (Minor issue)
@@ -17024,7 +17024,7 @@ CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 1
 CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...)
 	NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
 CVE-2017-16928 (The arq_updater binary in Arq 5.10 and earlier for Mac allows local ...)
-	TODO: check
+	NOT-FOR-US: arq_updater binary in Arq
 CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...)
 	{DLA-1203-1}
 	- xrdp 0.9.4-3 (bug #882463)
@@ -17656,7 +17656,7 @@ CVE-2017-16860
 CVE-2017-16859
 	RESERVED
 CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the Google Apps ...)
-	TODO: check
+	NOT-FOR-US: 'crowd-application' plugin module in Atlassian Crowd
 CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via ...)
 	NOT-FOR-US: Atlassian
 CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...)
@@ -21043,13 +21043,13 @@ CVE-2017-15658
 CVE-2017-15657
 	RESERVED
 CVE-2017-15656 (Password are stored in plaintext in nvram in the HTTPd server in all ...)
-	TODO: check
+	NOT-FOR-US: HTTPd server in Asus asuswrt
 CVE-2017-15655 (Multiple buffer overflow vulnerabilities exist in the HTTPd server in ...)
-	TODO: check
+	NOT-FOR-US: HTTPd server in Asus asuswrt
 CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all current ...)
-	TODO: check
+	NOT-FOR-US: HTTPd server in Asus asuswrt
 CVE-2017-15653 (Improper administrator IP validation after his login in the HTTPd ...)
-	TODO: check
+	NOT-FOR-US: HTTPd server in Asus asuswrt
 CVE-2017-15652
 	RESERVED
 CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated ...)
@@ -24053,9 +24053,9 @@ CVE-2017-14701
 CVE-2017-14700
 	RESERVED
 CVE-2017-14699 (Multiple XML external entity (XXE) vulnerabilities in the AiCloud ...)
-	TODO: check
+	NOT-FOR-US: ASUS routers
 CVE-2017-14698 (ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, ...)
-	TODO: check
+	NOT-FOR-US: ASUS routers
 CVE-2017-14697
 	RESERVED
 CVE-2017-14696 (SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and ...)
@@ -25540,7 +25540,7 @@ CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui 
 CVE-2017-14191
 	RESERVED
 CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiOS
 CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager ...)
 	NOT-FOR-US: Fortinet
 CVE-2017-14188



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23db7d7a8957d31a54eb13c31eed3feee2e36268

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23db7d7a8957d31a54eb13c31eed3feee2e36268
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180131/8e6c7a01/attachment.html>


More information about the Secure-testing-commits mailing list