[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Jun 29 09:07:50 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c14aeda by Moritz Muehlenhoff at 2018-06-29T10:07:28+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20,21 +20,21 @@ CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the L
 CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered ...)
 	TODO: check
 CVE-2018-12927 (Northern Electric & Power (NEP) inverter devices allow remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Northern Electric
 CVE-2018-12926 (Pharos Controls devices allow remote attackers to obtain potentially ...)
-	TODO: check
+	NOT-FOR-US: Pharos Controls
 CVE-2018-12925 (Baseon Lantronix MSS devices do not require a password for TELNET ...)
-	TODO: check
+	NOT-FOR-US: Baseon Lantronix
 CVE-2018-12924 (Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have ...)
-	TODO: check
+	NOT-FOR-US: Sollae
 CVE-2018-12923 (BWS Systems HA-Bridge devices allow remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: BWS Systems
 CVE-2018-12922 (Emerson Liebert IntelliSlot Web Card devices allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Emerson Liebert
 CVE-2018-12921 (Electro Industries GaugeTech Nexus devices allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Electro Industries GaugeTech
 CVE-2018-12920 (Brickstream 2300 devices allow remote attackers to obtain potentially ...)
-	TODO: check
+	NOT-FOR-US: Brickstream
 CVE-2018-12919 (In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows ...)
 	NOT-FOR-US: CraftedWeb
 CVE-2018-12918 (In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in ...)
@@ -963,7 +963,7 @@ CVE-2018-12591 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from
 CVE-2018-12590 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an ...)
 	NOT-FOR-US: Ubiquiti Networks EdgeSwitch
 CVE-2018-12589 (Polaris Office 2017 8.1 allows attackers to execute arbitrary code via ...)
-	TODO: check
+	NOT-FOR-US: Polaris Office
 CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Public Knowledge Project (PKP) Open Monograph Press (OMP)
 CVE-2018-12587
@@ -3712,7 +3712,7 @@ CVE-2018-11512 (Stored cross-site scripting (XSS) vulnerability in the "Web
 CVE-2018-11511
 	RESERVED
 CVE-2018-11510 (ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default root:admin ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR
 CVE-2018-11509
 	RESERVED
 CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux kernel ...)
@@ -12331,6 +12331,7 @@ CVE-2018-8040
 	RESERVED
 CVE-2018-8039
 	RESERVED
+	NOT-FOR-US: Apache CXF
 CVE-2018-8038
 	RESERVED
 CVE-2018-8037
@@ -31255,7 +31256,7 @@ CVE-2018-1353
 CVE-2018-1352
 	RESERVED
 CVE-2018-1351 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2017-17551 (The Backup and Restore feature in Mobotap Dolphin Browser for Android ...)
 	NOT-FOR-US: Dolphin Browser for Android
 CVE-2017-17550
@@ -31795,7 +31796,7 @@ CVE-2018-1283 (In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured t
 CVE-2018-1282 (This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows ...)
 	NOT-FOR-US: Apache Hive
 CVE-2018-1281 (The clustered setup of Apache MXNet allows users to specify which IP ...)
-	TODO: check
+	NOT-FOR-US: Apache MXNet
 CVE-2017-17459 (http_transport.c in Fossil before 2.4, when the SSH sync protocol is ...)
 	- fossil 1:2.4-1
 	[stretch] - fossil <no-dsa> (Minor issue)
@@ -33441,7 +33442,7 @@ CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open Source
 	NOTE: http://downloads.digium.com/pub/security/AST-2017-013.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27452
 CVE-2018-1040 (A denial of service vulnerability exists in the way that the Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-1039 (A security feature bypass vulnerability exists in .Net Framework which ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-1038 (The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 ...)
@@ -33449,7 +33450,7 @@ CVE-2018-1038 (The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP
 CVE-2018-1037 (An information disclosure vulnerability exists when Visual Studio ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-1036 (An elevation of privilege vulnerability exists when NTFS improperly ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-1035 (A security feature bypass vulnerability exists in Windows which could ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-1034 (An elevation of privilege vulnerability exists when Microsoft ...)
@@ -33557,7 +33558,7 @@ CVE-2018-0984
 CVE-2018-0983 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0982 (An elevation of privilege vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0981 (An information disclosure vulnerability exists in the way that the ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0980 (A remote code execution vulnerability exists in the way that the ...)
@@ -33565,7 +33566,7 @@ CVE-2018-0980 (A remote code execution vulnerability exists in the way that the 
 CVE-2018-0979 (A remote code execution vulnerability exists in the way that the ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0978 (A remote code execution vulnerability exists when Internet Explorer ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0977 (The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0976 (A denial of service vulnerability exists in Remote Desktop Protocol ...)
@@ -33779,7 +33780,7 @@ CVE-2018-0873 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607,
 CVE-2018-0872 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0871 (An information disclosure vulnerability exists when Edge improperly ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0870 (A remote code execution vulnerability exists when Internet Explorer ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0869 (SharePoint Server 2016 allows an elevation of privilege vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c14aedaf097e230cd6d275b2db5ee5eac51cf3e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c14aedaf097e230cd6d275b2db5ee5eac51cf3e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180629/9fb3760a/attachment.html>

More information about the debian-security-tracker-commits mailing list