[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Mar 29 06:40:43 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9a4e546 by Salvatore Bonaccorso at 2018-03-29T08:40:20+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,7 +7,7 @@ CVE-2018-9112
 CVE-2018-9111
 	RESERVED
 CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory Traversal via ...)
-	TODO: check
+	NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via the ...)
 	NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an ...)
@@ -4013,7 +4013,7 @@ CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was discover
 CVE-2018-7499
 	RESERVED
 CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of proper ...)
-	TODO: check
+	NOT-FOR-US: Philips Alice 6 System
 CVE-2018-7497
 	RESERVED
 CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI Vision ...)
@@ -5072,15 +5072,15 @@ CVE-2018-7198 (October CMS through 1.0.431 allows XSS by entering HTML on the Ad
 CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored cross-site ...)
 	NOT-FOR-US: Pluck CMS
 CVE-2018-7196 (Cross-site scripting (XSS) vulnerability in /scp/index.php in ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2018-7195 (Enhancesoft osTicket before 1.10.2 allows remote attackers to reset ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2018-7194 (Integer format vulnerability in the ticket number generator in ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2018-7193 (Cross-site scripting (XSS) vulnerability in /scp/directory.php in ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2018-7192 (Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2018-7191
 	RESERVED
 CVE-2018-7190
@@ -5904,7 +5904,7 @@ CVE-2018-6884
 CVE-2018-6883 (Piwigo before 2.9.3 has SQL injection in admin/tags.php in the ...)
 	- piwigo <removed>
 CVE-2018-6882 (Cross-site scripting (XSS) vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2018-1000062 (WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File ...)
 	NOT-FOR-US: WonderCMS
 CVE-2018-1000061 (ARM mbedTLS version development branch, 2.7.0 and earlier contains a ...)
@@ -9965,7 +9965,7 @@ CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was 
 CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process ...)
 	NOT-FOR-US: Emerson Process Management ControlWave Micro Process Automation Controller
 CVE-2018-5451 (In Philips Alice 6 System version R8.0.2 or prior, when an actor ...)
-	TODO: check
+	NOT-FOR-US: Philips Alice 6 System
 CVE-2018-5450
 	RESERVED
 CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell ...)
@@ -21058,9 +21058,9 @@ CVE-2018-1240
 CVE-2018-1239
 	RESERVED
 CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command injection ...)
-	TODO: check
+	NOT-FOR-US: EMC ScaleIO
 CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper restriction ...)
-	TODO: check
+	NOT-FOR-US: EMC ScaleIO
 CVE-2018-1236
 	RESERVED
 CVE-2018-1235
@@ -21124,7 +21124,7 @@ CVE-2018-1207 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI
 CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and ...)
 	NOT-FOR-US: EMC Data Protection Advisor
 CVE-2018-1205 (Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some ...)
-	TODO: check
+	NOT-FOR-US: EMC ScaleIO
 CVE-2018-1204 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - ...)
 	NOT-FOR-US: Dell
 CVE-2018-1203 (In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary ...)
@@ -37741,7 +37741,7 @@ CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of
 CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of ...)
 	NOT-FOR-US: Kaspersky Internet Security for Android
 CVE-2017-12815 (Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet ...)
-	TODO: check
+	NOT-FOR-US: Bomgar Remote Support Portal JavaStart Applet
 CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in ...)
 	- perl <not-affected> (Windows specific issue)
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public)
@@ -41451,7 +41451,7 @@ CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary
 CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...)
 	NOT-FOR-US: ManageEngine ServiceDesk
 CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that ...)
-	TODO: check
+	NOT-FOR-US: Wanscam's HW0021 network camera
 CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in ...)
 	TODO: check
 CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...)
@@ -53336,11 +53336,11 @@ CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application 
 CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...)
 	NOT-FOR-US: QNAP
 CVE-2017-7632 (Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS ...)
-	TODO: check
+	NOT-FOR-US: File Station of QNAP QTS
 CVE-2017-7631 (Cross-site scripting (XSS) vulnerability in the share link function of ...)
-	TODO: check
+	NOT-FOR-US: File Station of QNAP
 CVE-2017-7630 (QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password ...)
 	NOT-FOR-US: QNAP QTS
 CVE-2017-7628 (The "Smart related articles" extension 1.1 for Joomla! has SQL ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9a4e5467216b91261a3c633242c2cbc7b1b0919

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9a4e5467216b91261a3c633242c2cbc7b1b0919
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180329/732b9d3c/attachment.html>

More information about the Secure-testing-commits mailing list