[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed May 9 21:33:24 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff31f7d2 by Salvatore Bonaccorso at 2018-05-09T22:33:08+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -234,7 +234,7 @@ CVE-2018-10830 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X
 CVE-2018-10829
 	RESERVED
 CVE-2018-10828 (An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ...)
-	TODO: check
+	NOT-FOR-US: Alps Pointing-device Driver
 CVE-2018-10827 (LiteCart 2.1.2 allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: LiteCart
 CVE-2018-10826
@@ -386,7 +386,7 @@ CVE-2018-10771 (Stack-based buffer overflow in the get_key function in parse.c i
 	NOTE: https://github.com/leesavide/abcm2ps/commit/dc0372993674d0b50fedfbf7b9fad1239b8efc5f
 	NOTE: Crash in CLI tool (neutralised by toolchain hardening), no security impact
 CVE-2018-10770 (download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote ...)
-	TODO: check
+	NOT-FOR-US: ShenZhen Anni "5 in 1 XVR" devices
 CVE-2018-10769
 	RESERVED
 CVE-2018-10768 (There is a NULL pointer dereference in the AnnotPath::getCoordsLength ...)
@@ -4857,9 +4857,9 @@ CVE-2018-8914
 CVE-2018-8913
 	RESERVED
 CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in ...)
-	TODO: check
+	NOT-FOR-US: Synology Note Station
 CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview in ...)
-	TODO: check
+	NOT-FOR-US: Synology Note Station
 CVE-2018-8910
 	RESERVED
 CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...)
@@ -4980,7 +4980,7 @@ CVE-2018-8868
 CVE-2018-8867
 	RESERVED
 CVE-2018-8866 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an ...)
-	TODO: check
+	NOT-FOR-US: Vecna VGo Robot
 CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow ...)
 	NOT-FOR-US: Lantech
 CVE-2018-8864
@@ -6537,75 +6537,75 @@ CVE-2018-8181
 CVE-2018-8180
 	RESERVED
 CVE-2018-8179 (A remote code execution vulnerability exists when Microsoft Edge ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8178 (A remote code execution vulnerability exists in the way that Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8177 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8176
 	RESERVED
 CVE-2018-8175
 	RESERVED
 CVE-2018-8174 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft InfoPath ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8172
 	RESERVED
 CVE-2018-8171
 	RESERVED
 CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8169
 	RESERVED
 CVE-2018-8168 (An elevation of privilege vulnerability exists when Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8167 (An elevation of privilege vulnerability exists when the Windows Common ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8166 (An elevation of privilege vulnerability exists in Windows when the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8165 (An elevation of privilege vulnerability exists when the DirectX ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8164 (An elevation of privilege vulnerability exists in Windows when the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8163 (An information disclosure vulnerability exists when Microsoft Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8162 (A remote code execution vulnerability exists in Microsoft Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8161 (A remote code execution vulnerability exists in Microsoft Office ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8160 (An information disclosure vulnerability exists in Outlook when a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8159 (An elevation of privilege vulnerability exists when Microsoft Exchange ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8158 (A remote code execution vulnerability exists in Microsoft Office ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8157 (A remote code execution vulnerability exists in Microsoft Office ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8156 (An elevation of privilege vulnerability exists when Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8155 (An elevation of privilege vulnerability exists when Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8154 (A remote code execution vulnerability exists in Microsoft Exchange ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8153 (A spoofing vulnerability exists in Microsoft Exchange Server when ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8152 (An elevation of privilege vulnerability exists when Microsoft Exchange ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8151 (An information disclosure vulnerability exists when Microsoft Exchange ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8150 (A security feature bypass vulnerability exists when the Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8149 (An elevation of privilege vulnerability exists when Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8148 (A remote code execution vulnerability exists in Microsoft Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8147 (A remote code execution vulnerability exists in Microsoft Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8146
 	RESERVED
 CVE-2018-8145 (An information disclosure vulnerability exists when Chakra improperly ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8144
 	RESERVED
 CVE-2018-8143
@@ -6613,51 +6613,51 @@ CVE-2018-8143
 CVE-2018-8142
 	RESERVED
 CVE-2018-8141 (An information disclosure vulnerability exists when the Windows kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8140
 	RESERVED
 CVE-2018-8139 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8138
 	RESERVED
 CVE-2018-8137 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8136 (A remote code execution vulnerability exists in the way that Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8135
 	RESERVED
 CVE-2018-8134 (An elevation of privilege vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8133 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8132 (A security feature bypass vulnerability exists in Windows which could ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8131
 	RESERVED
 CVE-2018-8130 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8129 (A security feature bypass vulnerability exists in Windows which could ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8128 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8127 (An information disclosure vulnerability exists when the Windows kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8126 (A security feature bypass vulnerability exists when Internet Explorer ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8125
 	RESERVED
 CVE-2018-8124 (An elevation of privilege vulnerability exists in Windows when the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft Edge ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8122 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8121
 	RESERVED
 CVE-2018-8120 (An elevation of privilege vulnerability exists in Windows when the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8119 (A spoofing vulnerability exists when the Azure IoT Device Provisioning ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8118 (A remote code execution vulnerability exists when Internet Explorer ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8117 (A security feature bypass vulnerability exists in the Microsoft ...)
@@ -6667,11 +6667,11 @@ CVE-2018-8116 (A denial of service vulnerability exists in the way that Windows 
 CVE-2018-8115 (A remote code execution vulnerability exists when the Windows Host ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8114 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8113
 	RESERVED
 CVE-2018-8112 (A security feature bypass vulnerability exists when Microsoft Edge ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8111
 	RESERVED
 CVE-2018-8110
@@ -27624,15 +27624,15 @@ CVE-2018-1027 (A remote code execution vulnerability exists in Microsoft Excel .
 CVE-2018-1026 (A remote code execution vulnerability exists in Microsoft Office ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-1025 (An information disclosure vulnerability exists when affected Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-1024
 	RESERVED
 CVE-2018-1023 (A remote code execution vulnerability exists in the way that Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-1022 (A remote code execution vulnerability exists in the way the scripting ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-1021 (An information disclosure vulnerability exists when Microsoft Edge ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-1020 (A remote code execution vulnerability exists when Internet Explorer ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-1019 (A remote code execution vulnerability exists in the way that the ...)
@@ -27752,27 +27752,27 @@ CVE-2018-0963 (An elevation of privilege vulnerability exists in the way that th
 CVE-2018-0962
 	RESERVED
 CVE-2018-0961 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0960 (An information disclosure vulnerability exists when the Windows kernel ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0959 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0958 (A security feature bypass vulnerability exists in Windows which could ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0957 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0956 (A denial of service vulnerability exists in the HTTP 2.0 protocol ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0955 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0954 (A remote code execution vulnerability exists in the way the scripting ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0953 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0952
 	RESERVED
 CVE-2018-0951 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0950 (An information disclosure vulnerability exists when Office renders ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0949
@@ -27782,13 +27782,13 @@ CVE-2018-0948
 CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0946 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0945 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0944 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0943 (A remote code execution vulnerability exists in the way that the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0942 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0941 (Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft ...)
@@ -27966,7 +27966,7 @@ CVE-2018-0856 (Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 17
 CVE-2018-0855 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0854 (A security feature bypass vulnerability exists in Windows Scripting ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0853 (Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0852 (Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft ...)
@@ -28026,7 +28026,7 @@ CVE-2018-0826 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 
 CVE-2018-0825 (StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0824 (A remote code execution vulnerability exists in "Microsoft COM for ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0823 (The Named Pipe File System in Windows 10 version 1709 and Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0822 (NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server ...)
@@ -67112,7 +67112,7 @@ CVE-2017-5177 (A Stack Buffer Overflow issue was discovered in VIPA Controls Win
 CVE-2017-5176 (A DLL Hijack issue was discovered in Rockwell Automation Connected ...)
 	NOT-FOR-US: Rockwell Automation Connected Components Workbench
 CVE-2017-5175 (Advantech WebAccess 8.1 and earlier contains a DLL hijacking ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2017-5174 (An Authentication Bypass issue was discovered in Geutebruck IP Camera ...)
 	NOT-FOR-US: Geutebruck IP Camera G-Cam/EFD-2250
 CVE-2017-5173 (An Improper Neutralization of Special Elements (in an OS command) issue ...)
@@ -80943,7 +80943,7 @@ CVE-2016-9337 (An issue was discovered in Tesla Motors Model S automobile, all .
 CVE-2016-9336
 	REJECTED
 CVE-2016-9335 (A hard-coded cryptographic key vulnerability was identified in Red ...)
-	TODO: check
+	NOT-FOR-US: Red Lion Controls Sixnet-Managed Industrial Switches
 CVE-2016-9334 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix ...)
 	NOT-FOR-US: Rockwell
 CVE-2016-9333 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff31f7d27219e160fc81f3727a42ce370df3d19d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff31f7d27219e160fc81f3727a42ce370df3d19d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180509/3b2c46e8/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list