[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sun Mar 25 07:44:15 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb1b8eeb by Salvatore Bonaccorso at 2018-03-25T09:43:56+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,15 +1,15 @@
 CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php allows ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows remote ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-8967 (An issue was discovered in zzcms 8.2. It allows SQL injection via the ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-8966 (An issue was discovered in zzcms 8.2. It allows PHP code injection via ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-8965 (An issue was discovered in zzcms 8.2. user/ppsave.php allows remote ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2015-9257 (BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 ...)
-	TODO: check
+	NOT-FOR-US: BMC Remedy Action Request (AR) System
 CVE-2018-8964 (In libming 0.4.8, the decompileDELETE function of decompile.c has a ...)
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/130
@@ -14933,11 +14933,11 @@ CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 CVE-2017-17752 (Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body ...)
 	NOT-FOR-US: Ability Mail Server
 CVE-2017-17751 (Bose SoundTouch devices allows remote attackers to achieve remote ...)
-	TODO: check
+	NOT-FOR-US: Bose SoundTouch devices
 CVE-2017-17750 (Bose SoundTouch devices allow XSS via a crafted public playlist from ...)
-	TODO: check
+	NOT-FOR-US: Bose SoundTouch devices
 CVE-2017-17749 (Bose SoundTouch devices allow XSS via crafted song data from a music ...)
-	TODO: check
+	NOT-FOR-US: Bose SoundTouch devices
 CVE-2017-17748
 	RESERVED
 CVE-2017-17747 (Weak access controls in the Device Logout functionality on the TP-Link ...)
@@ -23134,7 +23134,7 @@ CVE-2018-0554
 CVE-2018-0553
 	RESERVED
 CVE-2018-0552 (Untrusted search path vulnerability in The installer of PhishWall ...)
-	TODO: check
+	NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition for Windows)
 CVE-2018-0551
 	RESERVED
 CVE-2018-0550
@@ -23158,19 +23158,19 @@ CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8 allow
 CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to ...)
 	TODO: check
 CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 allows ...)
-	TODO: check
+	NOT-FOR-US: ViX
 CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an ...)
-	TODO: check
+	NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an ...)
-	TODO: check
+	NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an ...)
-	TODO: check
+	NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows ...)
-	TODO: check
+	NOT-FOR-US: PHP 2chBBS
 CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an ...)
-	TODO: check
+	NOT-FOR-US: ArsenoL
 CVE-2018-0533
 	RESERVED
 CVE-2018-0532
@@ -25317,9 +25317,9 @@ CVE-2017-16774
 CVE-2017-16773
 	RESERVED
 CVE-2017-16772 (Improper input validation vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Synology Photo Station
 CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in Synology ...)
-	TODO: check
+	NOT-FOR-US: Synology Photo Station
 CVE-2017-16770 (File and directory information exposure vulnerability in ...)
 	NOT-FOR-US: Synology Surveillance Station
 CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer in ...)
@@ -29388,7 +29388,7 @@ CVE-2017-15327
 CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption ...)
 	TODO: check
 CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions earlier ...)
-	TODO: check
+	NOT-FOR-US: Bdat driver of Prague smart phones
 CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS ...)
 	NOT-FOR-US: Huawei
 CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, ...)
@@ -70581,9 +70581,9 @@ CVE-2017-1791
 CVE-2017-1790
 	RESERVED
 CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form Login ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed ...)
 	NOT-FOR-US: IBM Publishing Engine
 CVE-2017-1786
@@ -70635,7 +70635,7 @@ CVE-2017-1764
 CVE-2017-1763
 	RESERVED
 CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1761 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash ...)
@@ -70805,7 +70805,7 @@ CVE-2017-1679
 CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2017-1677 (IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1676
 	RESERVED
 CVE-2017-1675
@@ -70849,7 +70849,7 @@ CVE-2017-1657
 CVE-2017-1656
 	RESERVED
 CVE-2017-1655 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1654 (IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local ...)
 	NOT-FOR-US: IBM
 CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
@@ -70901,7 +70901,7 @@ CVE-2017-1631 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is 
 CVE-2017-1630
 	RESERVED
 CVE-2017-1629 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1628 (IBM Business Process Manager 8.6.0.0 allows authenticated users to ...)
 	NOT-FOR-US: IBM
 CVE-2017-1627
@@ -70955,7 +70955,7 @@ CVE-2017-1604 (IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scrip
 CVE-2017-1603
 	RESERVED
 CVE-2017-1602 (IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1601
 	RESERVED
 CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to ...)
@@ -71017,7 +71017,7 @@ CVE-2017-1573
 CVE-2017-1572
 	RESERVED
 CVE-2017-1571 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1570 (IBM Jazz Foundation products could allow an authenticated user to ...)
 	NOT-FOR-US: IBM
 CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified ...)
@@ -71111,7 +71111,7 @@ CVE-2017-1526
 CVE-2017-1525
 	RESERVED
 CVE-2017-1524 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1523 (IBM InfoSphere Master Data Management - Collaborative Edition 11.5 ...)
 	NOT-FOR-US: IBM
 CVE-2017-1522 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...)
@@ -72568,7 +72568,7 @@ CVE-2016-9713
 CVE-2016-9712
 	RESERVED
 CVE-2016-9711 (IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow a ...)
 	NOT-FOR-US: IBM
 CVE-2016-9709
@@ -109508,7 +109508,7 @@ CVE-2015-7451 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
 CVE-2015-7450 (Serialized-object interfaces in certain IBM analytics, business ...)
 	NOT-FOR-US: IBM
 CVE-2015-7449 (IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-7448 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
 	NOT-FOR-US: IBM
 CVE-2015-7447 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
@@ -143301,7 +143301,7 @@ CVE-2014-4929 (Directory traversal vulnerability in the routing component in own
 	- owncloud 6.0.4~beta1+dfsg-1
 	NOTE: https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json
 CVE-2014-4928 (SQL injection vulnerability in Invision Power Board (aka IPB or ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2014-4927 (Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and ...)
 	NOT-FOR-US: ACME micro_httpd
 CVE-2014-4926



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb1b8eebd2301eddb17f4b9e0f6e257146960a16

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb1b8eebd2301eddb17f4b9e0f6e257146960a16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180325/3c4e29b1/attachment.html>

More information about the Secure-testing-commits mailing list