[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 24 21:18:38 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5354b9a by Salvatore Bonaccorso at 2018-07-24T22:17:59+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,29 +5,29 @@ CVE-2018-14592
CVE-2018-14591
RESERVED
CVE-2018-14590 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14589 (An issue has been discovered in Bento4 1.5.1-624. ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14588 (An issue has been discovered in Bento4 1.5.1-624. A NULL pointer ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14587 (An issue has been discovered in Bento4 1.5.1-624. ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14586 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14585 (An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14584 (An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14583 (xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background ...)
- TODO: check
+ NOT-FOR-US: XYHCMS
CVE-2018-14582 (index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a ...)
- TODO: check
+ NOT-FOR-US: BageCMS
CVE-2018-14581
RESERVED
CVE-2018-14580
RESERVED
CVE-2018-14579 (GolemCMS through 2008-12-24, if the install/ directory remains active ...)
- TODO: check
+ NOT-FOR-US: GolemCMS
CVE-2018-14578
RESERVED
CVE-2018-14577
@@ -772,7 +772,7 @@ CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow lo
NOTE: https://github.com/samtools/htslib/issues/736
NOTE: Neutralised by kernel hardening
CVE-2018-14328 (Brynamics "Online Trade - Online trading and cryptocurrency investment ...)
- TODO: check
+ NOT-FOR-US: Brynamics "Online Trade - Online trading and cryptocurrency investment system"
CVE-2018-14327
RESERVED
CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP ...)
@@ -2837,9 +2837,9 @@ CVE-2018-13388 (The review attachment resource in Atlassian Fisheye and Crucible
CVE-2018-13387 (The IncomingMailServers resource in Atlassian JIRA Server before ...)
NOT-FOR-US: Atlassian
CVE-2018-13386 (There was an argument injection vulnerability in Sourcetree for ...)
- TODO: check
+ NOT-FOR-US: Sourcetree
CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for macOS ...)
- TODO: check
+ NOT-FOR-US: Sourcetree
CVE-2018-13384
RESERVED
CVE-2018-13383
@@ -8843,9 +8843,9 @@ CVE-2018-11062
CVE-2018-11061
RESERVED
CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass ...)
- TODO: check
+ NOT-FOR-US: RSA Archer
CVE-2018-11059 (RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site ...)
- TODO: check
+ NOT-FOR-US: RSA Archer
CVE-2018-11058
RESERVED
CVE-2018-11057
@@ -10021,7 +10021,7 @@ CVE-2018-10634
CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version ...)
NOT-FOR-US: Universal Robots
CVE-2018-10632 (In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician ...)
NOT-FOR-US: Medtronic
CVE-2018-10630
@@ -10029,9 +10029,9 @@ CVE-2018-10630
CVE-2018-10629
RESERVED
CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
- TODO: check
+ NOT-FOR-US: Echelon
CVE-2018-10626
RESERVED
CVE-2018-10625
@@ -10069,7 +10069,7 @@ CVE-2018-10610
CVE-2018-10609
RESERVED
CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited ...)
- TODO: check
+ NOT-FOR-US: SEL AcSELerator Architect
CVE-2018-10607
RESERVED
CVE-2018-10606
@@ -10077,7 +10077,7 @@ CVE-2018-10606
CVE-2018-10605
RESERVED
CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full access to ...)
- TODO: check
+ NOT-FOR-US: SEL Compass
CVE-2018-10603
RESERVED
CVE-2018-10602
@@ -10085,7 +10085,7 @@ CVE-2018-10602
CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including ...)
NOT-FOR-US: Philips
CVE-2018-10600 (SEL AcSELerator Architect version 2.2.24.0 and prior allows ...)
- TODO: check
+ NOT-FOR-US: SEL AcSELerator Architect
CVE-2018-10599 (IntelliVue Patient Monitors MP Series (including ...)
NOT-FOR-US: Philips
CVE-2018-10598
@@ -14467,7 +14467,7 @@ CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk environmen
CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be ...)
NOT-FOR-US: Vecna VGo Robot
CVE-2018-8859 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
- TODO: check
+ NOT-FOR-US: Echelon
CVE-2018-8858
RESERVED
CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, ...)
@@ -14475,7 +14475,7 @@ CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and p
CVE-2018-8856
RESERVED
CVE-2018-8855 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
- TODO: check
+ NOT-FOR-US: Echelon
CVE-2018-8854
RESERVED
CVE-2018-8853 (Philips Brilliance CT devices operate user functions from within a ...)
@@ -14483,7 +14483,7 @@ CVE-2018-8853 (Philips Brilliance CT devices operate user functions from within
CVE-2018-8852
RESERVED
CVE-2018-8851 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
- TODO: check
+ NOT-FOR-US: Echelon
CVE-2018-8850
RESERVED
CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician ...)
@@ -21349,7 +21349,7 @@ CVE-2017-18106
CVE-2017-18105
RESERVED
CVE-2017-18104 (The Webhooks component of Atlassian Jira before version 7.6.7 and from ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2017-18103 (The atlassian-http library, as used in various Atlassian products, ...)
NOT-FOR-US: Atlassian
CVE-2017-18102 (The wiki markup component of atlassian-renderer from version 8.0.0 ...)
@@ -82802,7 +82802,7 @@ CVE-2017-3224 (Open Shortest Path First (OSPF) protocol implementations may ...)
[wheezy] - quagga <no-dsa> (Minor issue)
NOTE: http://www.kb.cert.org/vuls/id/793496
CVE-2017-3223 (Dahua IP camera products using firmware versions prior to ...)
- TODO: check
+ NOT-FOR-US: Dahua IP camera products
CVE-2017-3222 (Hard-coded credentials in AmosConnect 8 allow remote attackers to gain ...)
NOT-FOR-US: AmosConnect
CVE-2017-3221 (Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote ...)
@@ -82814,7 +82814,7 @@ CVE-2017-3219 (Acronis True Image up to and including version 2017 Build 8053 ..
CVE-2017-3218 (Samsung Magician 5.0 fails to validate TLS certificates for HTTPS ...)
NOT-FOR-US: Samsung
CVE-2017-3217 (CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text ...)
- TODO: check
+ NOT-FOR-US: CalAmp LMU 3030 series OBD-II CDMA and GSM devices
CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a custom ...)
NOT-FOR-US: WiMAX routers
CVE-2017-3215 (The Milwaukee ONE-KEY Android mobile application uses bearer tokens ...)
@@ -82830,7 +82830,7 @@ CVE-2017-3211
CVE-2017-3210 (Applications developed using the Portrait Display SDK, versions 2.30 ...)
TODO: check
CVE-2017-3209 (The DBPOWER U818A WIFI quadcopter drone provides FTP access over its ...)
- TODO: check
+ NOT-FOR-US: DBPOWER U818A WIFI quadcopter drone
CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB for Java ...)
NOT-FOR-US: AMF3 deserialisers
CVE-2017-3207 (The Java implementations of AMF3 deserializers in WebORB for Java by ...)
@@ -82873,11 +82873,11 @@ CVE-2017-3191 (D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version
CVE-2017-3190 (Flash Seats Mobile App for Android version 1.7.9 and earlier and for ...)
NOT-FOR-US: Flash Seats Mobile App
CVE-2017-3189 (The dotCMS administration panel, versions 3.7.1 and earlier, "Push ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2017-3188 (The dotCMS administration panel, versions 3.7.1 and earlier, "Push ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2017-3187 (The dotCMS administration panel, versions 3.7.1 and earlier, are ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2017-3186 (ACTi cameras including the D, B, I, and E series using firmware ...)
NOT-FOR-US: ACTi cameras
CVE-2017-3185 (ACTi cameras including the D, B, I, and E series using firmware ...)
@@ -82885,7 +82885,7 @@ CVE-2017-3185 (ACTi cameras including the D, B, I, and E series using firmware .
CVE-2017-3184 (ACTi cameras including the D, B, I, and E series using firmware ...)
NOT-FOR-US: ACTi cameras
CVE-2017-3183 (Sage XRT Treasury, version 3, fails to properly restrict database ...)
- TODO: check
+ NOT-FOR-US: Sage XRT Treasury
CVE-2017-3182 (On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail ...)
TODO: check
CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified ...)
@@ -103285,7 +103285,7 @@ CVE-2016-5651
CVE-2016-5650 (ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 ...)
NOT-FOR-US: ZModo
CVE-2016-5649 (A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2016-5648 (Acer Portal app before 3.9.4.2000 for Android does not properly ...)
NOT-FOR-US: Acer Portal Android application
CVE-2016-5647 (The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, ...)
@@ -103307,7 +103307,7 @@ CVE-2016-5640 (Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestr
CVE-2016-5639 (Directory traversal vulnerability in cgi-bin/login.cgi on Crestron ...)
NOT-FOR-US: Creston
CVE-2016-5638 (There are few web pages associated with the genie app on the Netgear ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 ...)
NOTE: https://www.kb.cert.org/vuls/id/123799
NOTE: No further information provided, but this is very likely a dupe of CVE-2016-8710
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5354b9af49785932fbc0d1425dfd6d9a2e97ffb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5354b9af49785932fbc0d1425dfd6d9a2e97ffb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180724/5971a36e/attachment.html>
More information about the debian-security-tracker-commits
mailing list