[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Mar 26 21:02:03 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
15d3ece4 by Moritz Muehlenhoff at 2018-03-26T23:01:46+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -226,7 +226,7 @@ CVE-2018-8939
CVE-2018-8938
RESERVED
CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is possible ...)
- TODO: check
+ NOT-FOR-US: Open-AudIT Professional
CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...)
NOT-FOR-US: AMD
CVE-2018-8935 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, ...)
@@ -3162,7 +3162,7 @@ CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into th
CVE-2018-7674
RESERVED
CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions prior to ...)
- TODO: check
+ NOT-FOR-US: NetIQ Identity Manager
CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel ...)
- linux 4.13.4-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -3661,7 +3661,7 @@ CVE-2018-7544 (** DISPUTED ** A cross-protocol scripting issue was discovered in
NOTE: affected problematic configurations in both the documentation and with
NOTE: a runtime warning.
CVE-2018-7543 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-7539
RESERVED
CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of Enalean ...)
@@ -9668,31 +9668,31 @@ CVE-2018-5476 (A Stack-based Buffer Overflow issue was discovered in Delta Elect
CVE-2018-5475 (A Stack-based Buffer Overflow issue was discovered in GE D60 Line ...)
NOT-FOR-US: GE D60 Line Distance Relay devices
CVE-2018-5474 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input ...)
- TODO: check
+ NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5473 (An Improper Restriction of Operations within the Bounds of a Memory ...)
NOT-FOR-US: GE D60 Line Distance Relay devices
CVE-2018-5472 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have an ...)
- TODO: check
+ NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5471 (A Cleartext Transmission of Sensitive Information issue was discovered ...)
NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5470 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
- TODO: check
+ NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5469 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5468 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote ...)
- TODO: check
+ NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5467 (An Information Exposure Through Query Strings in GET Request issue was ...)
NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5466 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a ...)
- TODO: check
+ NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5465 (A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, ...)
NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5464 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
- TODO: check
+ NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5463
RESERVED
CVE-2018-5462 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
- TODO: check
+ NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in Belden ...)
NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5460
@@ -9700,7 +9700,7 @@ CVE-2018-5460
CVE-2018-5459 (An Improper Authentication issue was discovered in WAGO PFC200 Series ...)
NOT-FOR-US: WAGO PFC200
CVE-2018-5458 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a ...)
- TODO: check
+ NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5457 (A uncontrolled search path element issue was discovered in Vyaire ...)
NOT-FOR-US: Vyaire Medical CareFusion Upgrade Utility
CVE-2018-5456
@@ -9708,7 +9708,7 @@ CVE-2018-5456
CVE-2018-5455 (A Reliance on Cookies without Validation and Integrity Checking issue ...)
NOT-FOR-US: Moxa
CVE-2018-5454 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a ...)
- TODO: check
+ NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was ...)
NOT-FOR-US: Moxa
CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process ...)
@@ -20172,11 +20172,11 @@ CVE-2017-17538 (MikroTik v6.40.5 devices allow remote attackers to cause a denia
CVE-2017-17537 (MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated ...)
NOT-FOR-US: MikroTik
CVE-2018-1350 (The NetIQ Identity Manager driver log file, in versions prior to 4.7, ...)
- TODO: check
+ NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1349 (The NetIQ Identity Manager driver log file, in versions prior to 4.7, ...)
- TODO: check
+ NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1348 (NetIQ Identity Manager driver, in versions prior to 4.7, allows for an ...)
- TODO: check
+ NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1347 (The administrative web interface in NetIQ iManager, versions prior to ...)
NOT-FOR-US: NetIQ
CVE-2018-1346 (Addresses denial of service attack to eDirectory versions prior to ...)
@@ -20852,7 +20852,7 @@ CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Man
CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows ...)
NOT-FOR-US: EMC
CVE-2018-1213 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-1212
RESERVED
CVE-2018-1211 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path ...)
@@ -20870,13 +20870,13 @@ CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159
CVE-2018-1205
RESERVED
CVE-2018-1204 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-1203 (In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-1202 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-1201 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-1200 (Apps Manager for PCF (Pivotal Application Service 1.11.x before ...)
NOT-FOR-US: Pivotal
CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before ...)
@@ -20902,13 +20902,13 @@ CVE-2018-1191
CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry products: all ...)
NOT-FOR-US: Pivotal
CVE-2018-1189 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-1188 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-1187 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-1186 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-1185 (An issue was discovered in EMC RecoverPoint for Virtual Machines ...)
NOT-FOR-US: EMC
CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines ...)
@@ -28872,7 +28872,7 @@ CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...)
- mongodb <not-affected> (wire protocol compression introduced in 3.4.x and disabled by default)
NOTE: https://jira.mongodb.org/browse/SERVER-31273
CVE-2017-15534 (The Norton App Lock prior to version 1.3.0.13 can be susceptible to an ...)
- TODO: check
+ NOT-FOR-US: Noron App Lock
CVE-2017-15533
RESERVED
CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a ...)
@@ -57642,7 +57642,7 @@ CVE-2017-6280 (NVIDIA driver contains a possible out-of-bounds read vulnerabilit
CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...)
NOT-FOR-US: Nvidia component for Android
CVE-2017-6278 (NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Tegra
CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6276 (NVIDIA mediaserver contains a vulnerability where it is possible a use ...)
@@ -109691,11 +109691,11 @@ CVE-2015-7436 (IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before I
CVE-2015-7435 (IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, ...)
NOT-FOR-US: IBM
CVE-2015-7434 (IBM Capacity Management Analytics 2.1.0.0 allows local users to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7433 (IBM Capacity Management Analytics 2.1.0.0 allows local users to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7432 (IBM Capacity Management Analytics 2.1.0.0 allows local users to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7431 (Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM ...)
NOT-FOR-US: IBM
CVE-2015-7430 (The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for ...)
@@ -109711,9 +109711,9 @@ CVE-2015-7426 (The Data Protection extension in the VMware GUI in IBM Tivoli Sto
CVE-2015-7425 (The Data Protection component in the VMware vSphere GUI in IBM Tivoli ...)
NOT-FOR-US: IBM
CVE-2015-7424 (IBM InfoSphere Master Data Management (MDM) - Collaborative Edition ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7423 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7422 (Buffer overflow in IBM i Access 7.1 on Windows allows local users to ...)
NOT-FOR-US: IBM i Access
CVE-2015-7421 (Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before ...)
@@ -109757,7 +109757,7 @@ CVE-2015-7403 (IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel Fi
CVE-2015-7402 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
NOT-FOR-US: IBM
CVE-2015-7401 (IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7400 (The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote ...)
NOT-FOR-US: IBM
CVE-2015-7399 (IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and ...)
@@ -115147,7 +115147,7 @@ CVE-2015-5351 (The (1) Manager and (2) Host Manager applications in Apache Tomca
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1720661
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1720663
CVE-2015-5350 (In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2015-5349 (The CSV export in Apache LDAP Studio and Apache Directory Studio ...)
NOT-FOR-US: Apache LDAP Studio and Apache Directory Studio
CVE-2015-5348 (Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x ...)
@@ -116228,7 +116228,7 @@ CVE-2015-5047
CVE-2015-5046
RESERVED
CVE-2015-5045 (The Administration and Reporting tool in IBM Rational License Key ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-5044 (The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 ...)
NOT-FOR-US: IBM QRadar
CVE-2015-5043 (diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, ...)
@@ -116240,7 +116240,7 @@ CVE-2015-5041 (The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20
CVE-2015-5040 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 ...)
NOT-FOR-US: IBM Domino
CVE-2015-5039 (The Remote Client and change management integrations in IBM Rational ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-5038 (IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before ...)
NOT-FOR-US: IBM
CVE-2015-5037 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x ...)
@@ -145685,7 +145685,7 @@ CVE-2014-3992 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3
CVE-2014-3991 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...)
- dolibarr 3.5.5+dfsg1-1
CVE-2014-3990 (The Cart::getProducts method in system/library/cart.php in OpenCart ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2014-3989
RESERVED
CVE-2014-3988 (Cross-site scripting (XSS) vulnerability in index.php in SunHater ...)
@@ -149623,7 +149623,7 @@ CVE-2014-2653 (The verify_host_key function in sshconnect.c in the client in Ope
{DSA-2894-1}
- openssh 1:6.6p1-1 (low; bug #742513)
CVE-2014-2652 (SQL injection vulnerability in OpenScape Deployment Service (DLS) ...)
- TODO: check
+ NOT-FOR-US: OpenScape Deployment Service
CVE-2014-2651
RESERVED
CVE-2014-2650
@@ -150579,7 +150579,7 @@ CVE-2014-2295
CVE-2014-2294
RESERVED
CVE-2014-2293 (Zikula Application Framework before 1.3.7 build 11 allows remote ...)
- TODO: check
+ NOT-FOR-US: Zikula
CVE-2014-2292 (Unspecified vulnerability in the Linux Network Connect client in ...)
NOT-FOR-US: Junos Pulse Secure Access Service
CVE-2014-2291 (Cross-site scripting (XSS) vulnerability in the Pulse Collaboration ...)
@@ -153295,7 +153295,7 @@ CVE-2014-1459 (SQL injection vulnerability in dg-admin/index.php in doorGets CMS
CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web administration ...)
NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1457 (Open Web Analytics (OWA) before 1.5.6 improperly generates random ...)
- TODO: check
+ NOT-FOR-US: Open Web Analytics
CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in Open Web ...)
NOT-FOR-US: Open Web Analytics
CVE-2014-1455 (SQL injection vulnerability in the password reset functionality in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15d3ece47f38c48a8637b1f558c07fe1c809a621
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15d3ece47f38c48a8637b1f558c07fe1c809a621
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180326/33cbcb5f/attachment.html>
More information about the Secure-testing-commits
mailing list