[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Mar 13 21:44:25 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e739be85 by Salvatore Bonaccorso at 2018-03-13T22:44:07+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1921,7 +1921,7 @@ CVE-2018-7407
 CVE-2018-7406
 	RESERVED
 CVE-2018-7405 (Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
 CVE-2018-7404
 	RESERVED
 CVE-2018-7403
@@ -2309,7 +2309,7 @@ CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...)
 CVE-2018-1000093 (CryptoNote version version 0.8.9 and possibly later contain a local ...)
 	TODO: check
 CVE-2018-1000092 (CMS Made Simple version versions 2.2.5 contains a Cross ite Request ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2018-1000091 (KadNode version version 2.2.0 contains a Buffer Overflow vulnerability ...)
 	TODO: check
 CVE-2018-1000090 (textpattern version version 4.6.2 contains a XML Injection ...)
@@ -2323,7 +2323,7 @@ CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site S
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970
 CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Site ...)
-	TODO: check
+	NOT-FOR-US: WolfCMS
 CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a ...)
 	TODO: check
 CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap memory ...)
@@ -2333,7 +2333,7 @@ CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap me
 	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/29/4
 CVE-2018-1000084 (WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WolfCMS
 CVE-2018-1000083 (Ajenti version version 2 contains a Improper Error Handling ...)
 	TODO: check
 CVE-2018-1000082 (Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) ...)
@@ -5241,25 +5241,25 @@ CVE-2018-6305 (Denial of service in Gemalto's Sentinel LDK RTE version before 7.
 CVE-2018-6304 (Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE ...)
 	TODO: check
 CVE-2018-6303 (Denial of service by uploading malformed firmware in Hanwha Techwin ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6302 (Denial of service by blocking of new camera registration on the cloud ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6301 (Arbitrary camera access and monitoring via cloud in Hanwha Techwin ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6300 (Remote password change in Hanwha Techwin Smartcams ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6299 (Authentication bypass in Hanwha Techwin Smartcams ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6298 (Remote code execution in Hanwha Techwin Smartcams ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6297 (Buffer overflow in Hanwha Techwin Smartcams ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6296 (An undocumented (hidden) capability for switching the web interface in ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6295 (Unencrypted way of remote control and communications in Hanwha Techwin ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6294 (Unsecured way of firmware update in Hanwha Techwin Smartcams ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6293 (Arbitrary File Read in Saperion Web Client version 7.5.2 83166. ...)
 	NOT-FOR-US: Saperion Web Client
 CVE-2018-6292 (Remote Code Execution in Saperion Web Client version 7.5.2 83166. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e739be85be87317c256bdafe5462afc351e2e94a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e739be85be87317c256bdafe5462afc351e2e94a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180313/ddcc032b/attachment.html>

More information about the Secure-testing-commits mailing list