[Git][security-tracker-team/security-tracker][master] note on hadoop CVE ID

Moritz Muehlenhoff jmm at debian.org
Wed May 2 09:29:05 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2484d811 by Moritz Muehlenhoff at 2018-05-02T10:28:37+02:00
note on hadoop CVE ID
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -17,17 +17,17 @@ CVE-2018-10649
 CVE-2018-10648
 	RESERVED
 CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation ...)
-	TODO: check
+	NOT-FOR-US: SaferVPN
 CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege ...)
-	TODO: check
+	NOT-FOR-US: CyberGhost
 CVE-2018-10645 (Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM ...)
-	TODO: check
+	NOT-FOR-US: Golden Frog VyprVPN
 CVE-2018-10644
 	RESERVED
 CVE-2018-10643
 	RESERVED
 CVE-2018-10642 (Command injection vulnerability in Combodo iTop 2.4.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2018-10641
 	RESERVED
 CVE-2018-10640
@@ -167,7 +167,7 @@ CVE-2018-10575 (An issue was discovered on WatchGuard AP100, AP102, and AP200 de
 CVE-2018-10574 (site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows ...)
 	NOT-FOR-US: BigTree CMS
 CVE-2018-1000172 (Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross ...)
-	TODO: check
+	NOT-FOR-US: Imagely NextGEN Gallery
 CVE-2018-10573 (interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote ...)
 	NOT-FOR-US: OpenEMR
 CVE-2018-10572 (interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote ...)
@@ -252,7 +252,7 @@ CVE-2018-10545 (An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.2
 	NOTE: Fixed in 5.6.35, 7.0.29, 7.1.16, 7.2.4
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75605
 CVE-2018-10544 (Meross MSS110 devices through 1.1.24 contain an unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: Meross MSS110
 CVE-2018-10543
 	RESERVED
 CVE-2018-10542
@@ -522,7 +522,7 @@ CVE-2018-10434
 CVE-2018-10433
 	RESERVED
 CVE-2017-18262 (Blackboard Learn (Since at least 17th of October 2017) has allowed ...)
-	TODO: check
+	NOT-FOR-US: Blackboard Learn
 CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-259.html
@@ -914,17 +914,17 @@ CVE-2018-10262
 CVE-2018-10261
 	RESERVED
 CVE-2018-10260 (A Local File Inclusion vulnerability was found in HRSALE The Ultimate ...)
-	TODO: check
+	NOT-FOR-US: HRSALE
 CVE-2018-10259 (An Authenticated Stored XSS vulnerability was found in HRSALE The ...)
-	TODO: check
+	NOT-FOR-US: HRSALE
 CVE-2018-10258 (A CSV Injection vulnerability was discovered in Shopy Point of Sale ...)
-	TODO: check
+	NOT-FOR-US: Shopy
 CVE-2018-10257 (A CSV Injection vulnerability was discovered in HRSALE The Ultimate ...)
-	TODO: check
+	NOT-FOR-US: HRSALE
 CVE-2018-10256 (A SQL Injection vulnerability was discovered in HRSALE The Ultimate ...)
-	TODO: check
+	NOT-FOR-US: HRSALE
 CVE-2018-10255 (A CSV Injection vulnerability was discovered in clustercoding Blog ...)
-	TODO: check
+	NOT-FOR-US: clustercoding
 CVE-2018-10254 (Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the ...)
 	- nasm <unfixed> (bug #896523)
 	[stretch] - nasm <no-dsa> (Minor issue)
@@ -4095,7 +4095,7 @@ CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with firmwar
 CVE-2018-8940
 	RESERVED
 CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch
 CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp in ...)
 	TODO: check
 CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is possible ...)
@@ -6521,7 +6521,7 @@ CVE-2018-7903
 CVE-2018-7902
 	RESERVED
 CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software versions ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7900
 	RESERVED
 CVE-2018-7899 (The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones ...)
@@ -88346,6 +88346,7 @@ CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x
 CVE-2016-6811 (In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn ...)
 	- hadoop <itp> (bug #793644)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/05/01/2
+	NOTE: CVE ID will be moved to something CVE-2018-
 CVE-2016-6810 (In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site ...)
 	- activemq 5.14.2+dfsg-1 (unimportant)
 	NOTE: Admin console not enabled in the Debian package, see #702670



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2484d811888f9fbb29f71133dd4ac3927433ed58

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2484d811888f9fbb29f71133dd4ac3927433ed58
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180502/c74de774/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list