[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed May 16 12:55:56 BST 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7deadfba by Moritz Muehlenhoff at 2018-05-16T13:55:31+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1225,11 +1225,11 @@ CVE-2018-10593
 CVE-2018-10592
 	RESERVED
 CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-10590 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-10589 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-10588
 	RESERVED
 CVE-2018-10587
@@ -5482,7 +5482,7 @@ CVE-2018-8847
 CVE-2018-8846
 	RESERVED
 CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-8844
 	RESERVED
 CVE-2018-8843 (Rockwell Automation Arena versions 16.10.00 and prior contains a use ...)
@@ -5490,7 +5490,7 @@ CVE-2018-8843 (Rockwell Automation Arena versions 16.10.00 and prior contains a 
 CVE-2018-8842
 	RESERVED
 CVE-2018-8841 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-8840 (A remote attacker could send a carefully crafted packet in InduSoft ...)
 	NOT-FOR-US: InduSoft
 CVE-2018-8839 (Delta PMSoft versions 2.10 and prior have multiple stack-based buffer ...)
@@ -8947,27 +8947,27 @@ CVE-2018-7507 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a
 CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 and ...)
 	NOT-FOR-US: Moxa
 CVE-2018-7505 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft PI ...)
 	NOT-FOR-US: OSIsoft PI
 CVE-2018-7503 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-7502 (Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 ...)
 	NOT-FOR-US: Beckhoff TwinCAT
 CVE-2018-7501 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was discovered in ...)
 	NOT-FOR-US: OSIsoft PI
 CVE-2018-7499 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of proper ...)
 	NOT-FOR-US: Philips Alice 6 System
 CVE-2018-7497 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI Vision ...)
 	NOT-FOR-US: OSIsoft PI
 CVE-2018-7495 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2018-7494 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege ...)
@@ -26741,9 +26741,9 @@ CVE-2018-1265
 CVE-2018-1264
 	RESERVED
 CVE-2018-1263 (Addresses partial fix in CVE-2018-1261. Pivotal ...)
-	TODO: check
+	NOT-FOR-US: Spring-integration-zip
 CVE-2018-1262 (Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry Foundation UAA
 CVE-2018-1261 (Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary ...)
 	NOT-FOR-US: Spring-integration-zip
 CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to ...)
@@ -45669,19 +45669,19 @@ CVE-2017-12131 (The Easy Testimonials plugin 3.0.4 for WordPress has XSS in ...)
 CVE-2017-12130 (An exploitable NULL pointer dereference vulnerability exists in the ...)
 	NOT-FOR-US: tinysvcmdns
 CVE-2017-12129 (An exploitable Weak Cryptography for Passwords vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2017-12128 (An exploitable information disclosure vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2017-12127 (A password storage vulnerability exists in the operating system ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2017-12126 (An exploitable cross-site request forgery vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2017-12125 (An exploitable command injection vulnerability exists in the web ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2017-12124 (An exploitable denial of service vulnerability exists in the web ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2017-12123 (An exploitable clear text transmission of password vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM image ...)
 	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
@@ -45690,9 +45690,9 @@ CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM i
 	NOTE: https://hg.libsdl.org/SDL_image/rev/16772bbb1b09
 	NOTE: https://hg.libsdl.org/SDL_image/rev/97f7f01e0665
 CVE-2017-12121 (An exploitable command injection vulnerability exists in the web ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2017-12120 (An exploitable command injection vulnerability exists in the web ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2017-12119 (An exploitable unhandled exception vulnerability exists in multiple ...)
 	- cpp-ethereum <itp> (bug #860434)
 CVE-2017-12118 (An exploitable improper authorization vulnerability exists in ...)
@@ -64507,7 +64507,7 @@ CVE-2017-6023 (An issue was discovered in Fatek Automation PLC Ethernet Module. 
 CVE-2017-6022 (A hard-coded password issue was discovered in Becton, Dickinson and ...)
 	NOT-FOR-US: BD's Kiestra PerformA and KLA Journal Service applications
 CVE-2017-6021 (In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2017-6020 (Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis ...)
 	NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software
 CVE-2017-6019 (An issue was discovered in Schneider Electric Conext ComBox, model ...)
@@ -74670,7 +74670,7 @@ CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag pa
 	NOTE: https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d
 	NOTE: https://github.com/libofx/libofx/issues/9
 CVE-2017-2815 (An exploitable XML entity injection vulnerability exists in OpenFire ...)
-	TODO: check
+	NOT-FOR-US: OpenFire User Import Export Plugin
 CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image ...)
 	- poppler <unfixed> (unimportant)
 	NOTE: Debian links against libjpeg which is unaffected



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7deadfbae1deb23e3c94ff03c36d5e339a284177

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7deadfbae1deb23e3c94ff03c36d5e339a284177
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180516/88cb9dbe/attachment.html>


More information about the debian-security-tracker-commits mailing list