[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sun Jun 17 14:16:31 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
225feccd by Salvatore Bonaccorso at 2018-06-17T15:16:05+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -31,7 +31,7 @@ CVE-2018-12503 (tinyexr 0.9.5 has a heap-based buffer over-read in ...)
CVE-2018-12502
RESERVED
CVE-2018-12501 (Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2018-12500
RESERVED
CVE-2018-12499
@@ -15878,9 +15878,9 @@ CVE-2018-6499
CVE-2018-6498
RESERVED
CVE-2018-6497 (Remote Cross-site Request forgery (CSRF) potential has been identified ...)
- TODO: check
+ NOT-FOR-US: UCMDB Server
CVE-2018-6496 (Remote Cross-site Request forgery (CSRF) potential has been identified ...)
- TODO: check
+ NOT-FOR-US: UCMBD Browser
CVE-2018-6495 (Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version ...)
NOT-FOR-US: Micro Focus
CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software Web Tier, ...)
@@ -18333,17 +18333,17 @@ CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n
CVE-2018-5757
RESERVED
CVE-2018-5756 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-5755 (Absolute path traversal vulnerability in the readerengine component in ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-5754 (Cross-site scripting (XSS) vulnerability in the office-web component ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-5753 (The frontend component in Open-Xchange OX App Suite before ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-5752 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-5751 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2017-18042 (The update user administration resource in Atlassian Bamboo before ...)
NOT-FOR-US: Atlassian Bamboo
CVE-2017-18041 (The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo ...)
@@ -18488,7 +18488,7 @@ CVE-2018-5720 (An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireles
CVE-2018-5719
RESERVED
CVE-2018-5718 (Improper restriction of write operations within the bounds of a memory ...)
- TODO: check
+ NOT-FOR-US: SoftControl
CVE-2018-5717 (Memory write mechanism in NCR S2 Dispenser controller before firmware ...)
NOT-FOR-US: NCR S2 Dispenser controller
CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This ...)
@@ -19750,7 +19750,7 @@ CVE-2018-5245
CVE-2018-5243
RESERVED
CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible to a ...)
- TODO: check
+ NOT-FOR-US: Norton App Lock
CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, ...)
NOT-FOR-US: Symantec
CVE-2018-5240
@@ -20908,7 +20908,7 @@ CVE-2018-4850 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) C
CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video for ...)
NOT-FOR-US: Siveillance VMS Video
CVE-2018-4848 (A vulnerability has been identified in SCALANCE X-200 IRT (All ...)
- TODO: check
+ NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS ...)
NOT-FOR-US: SIMATIC WinCC OA Operator iOS App
CVE-2018-4846
@@ -20920,7 +20920,7 @@ CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for An
CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All ...)
NOT-FOR-US: SIMATIC
CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200 IRT (All ...)
- TODO: check
+ NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions < ...)
NOT-FOR-US: TIM
CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...)
@@ -23569,9 +23569,9 @@ CVE-2018-3728 (hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from
CVE-2018-3727 (626 node module suffers from a Path Traversal vulnerability due to ...)
TODO: check
CVE-2018-3726 (crud-file-server node module before 0.8.0 suffers from a Cross-Site ...)
- TODO: check
+ NOT-FOR-US: crud-file-server nodejs module
CVE-2018-3725 (hekto node module suffers from a Path Traversal vulnerability due to ...)
- TODO: check
+ NOT-FOR-US: hekto nodejs module
CVE-2018-3724 (general-file-server node module suffers from a Path Traversal ...)
TODO: check
CVE-2018-3723 (defaults-deep node module before 0.2.4 suffers from a Modification of ...)
@@ -27428,15 +27428,15 @@ CVE-2018-2430
CVE-2018-2429
RESERVED
CVE-2018-2428 (Under certain conditions SAP UI5 Handler allows an attacker to access ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2427
RESERVED
CVE-2018-2426
RESERVED
CVE-2018-2425 (Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2424 (SAP UI5 did not validate user input before adding it to the DOM ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2423 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, ...)
NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2422 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, ...)
@@ -29409,7 +29409,7 @@ CVE-2018-1462 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize
CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
NOT-FOR-US: IBM
CVE-2018-1460 (IBM Netezza Platform Software (IBM PureData System for Analytics ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1459 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2018-1458
@@ -29467,7 +29467,7 @@ CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize
CVE-2018-1432 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is ...)
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2018-1431 (A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site ...)
NOT-FOR-US: IBM API Connect
CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to ...)
@@ -29491,7 +29491,7 @@ CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, a
CVE-2018-1420
RESERVED
CVE-2018-1419 (IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass ...)
NOT-FOR-US: IBM
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java ...)
@@ -29543,7 +29543,7 @@ CVE-2018-1395
CVE-2018-1394
RESERVED
CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/225feccd613180c347df86af05feba967e9fc359
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/225feccd613180c347df86af05feba967e9fc359
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180617/beb6e286/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list