[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri May 25 21:27:16 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b05c9642 by Salvatore Bonaccorso at 2018-05-25T22:26:09+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
CVE-2018-11480
RESERVED
CVE-2018-11479 (The VPN component in Windscribe 1.81 uses the OpenVPN client for ...)
- TODO: check
+ NOT-FOR-US: VPN component in Windscribe
CVE-2018-11478
RESERVED
CVE-2018-11477
@@ -9,17 +9,17 @@ CVE-2018-11477
CVE-2018-11476
RESERVED
CVE-2018-11475 (Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A ...)
- TODO: check
+ NOT-FOR-US: Monstra CMS
CVE-2018-11474 (Monstra CMS 3.0.4 has a Session Management Issue in the Administrations ...)
- TODO: check
+ NOT-FOR-US: Monstra CMS
CVE-2018-11473 (Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login ...)
- TODO: check
+ NOT-FOR-US: Monstra CMS
CVE-2018-11472 (Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login ...)
- TODO: check
+ NOT-FOR-US: Monstra CMS
CVE-2018-11471 (Cockpit 0.5.5 has XSS via a collection, form, or region. ...)
- TODO: check
+ NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2018-11470 (iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' ...)
- TODO: check
+ NOT-FOR-US: iScripts eSwap
CVE-2018-11469 (Incorrect caching of responses to requests including an Authorization ...)
TODO: check
CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT ...)
@@ -69,13 +69,13 @@ CVE-2018-11447
CVE-2018-11446
RESERVED
CVE-2018-11445 (A CSRF issue was discovered on the User Add/System Settings Page ...)
- TODO: check
+ NOT-FOR-US: EasyService Billing
CVE-2018-11444 (A SQL Injection issue was observed in the parameter "q" in ...)
- TODO: check
+ NOT-FOR-US: EasyService Billing
CVE-2018-11443 (The parameter q is affected by Cross-site Scripting in ...)
- TODO: check
+ NOT-FOR-US: EasyService Billing
CVE-2018-11442 (A CSRF issue was discovered in EasyService Billing 1.0, which was ...)
- TODO: check
+ NOT-FOR-US: EasyService Billing
CVE-2018-11441
RESERVED
CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function ...)
@@ -2758,7 +2758,7 @@ CVE-2018-10352 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 coul
CVE-2018-10351 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could ...)
NOT-FOR-US: Trend Micro
CVE-2018-10350 (A SQL injection remote code execution vulnerability in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10349
RESERVED
CVE-2018-10348
@@ -5797,7 +5797,7 @@ CVE-2018-9093
CVE-2018-9092 (There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that ...)
NOT-FOR-US: MiniCMS
CVE-2018-9091 (A critical vulnerability in the KEMP LoadMaster Operating System ...)
- TODO: check
+ NOT-FOR-US: KEMP LoadMaster Operating System
CVE-2018-9090
RESERVED
CVE-2018-9089
@@ -6395,7 +6395,7 @@ CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys)
CVE-2018-8872 (In Schneider Electric Triconex Tricon MP model 3008 firmware versions ...)
NOT-FOR-US: Schneider
CVE-2018-8871 (In Delta Electronics Automation TPEditor version 1.89 or prior, ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics Automation TPEditor
CVE-2018-8870
RESERVED
CVE-2018-8869 (In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for ...)
@@ -6409,11 +6409,11 @@ CVE-2018-8866 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on
CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow ...)
NOT-FOR-US: Lantech
CVE-2018-8864 (In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, ...)
- TODO: check
+ NOT-FOR-US: ATI Systems Emergency Mass Notification Systems devices
CVE-2018-8863
RESERVED
CVE-2018-8862 (In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, ...)
- TODO: check
+ NOT-FOR-US: ATI Systems Emergency Mass Notification Systems devices
CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk environment ...)
NOT-FOR-US: Philips Brilliance
CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be ...)
@@ -12445,7 +12445,7 @@ CVE-2018-6676
CVE-2018-6675
RESERVED
CVE-2018-6674 (Privilege Escalation vulnerability in Microsoft Windows client in ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6673
RESERVED
CVE-2018-6672
@@ -12465,7 +12465,7 @@ CVE-2018-6666
CVE-2018-6665
RESERVED
CVE-2018-6664 (Application Protections Bypass vulnerability in Microsoft Windows in ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6663
RESERVED
CVE-2018-6662
@@ -13942,17 +13942,17 @@ CVE-2018-6239
CVE-2018-6238
RESERVED
CVE-2018-6237 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-6236 (A Time-of-Check Time-of-Use privilege escalation vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-6235 (An Out-of-Bounds write privilege escalation vulnerability in Trend ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-6234 (An Out-of-Bounds Read Information Disclosure vulnerability in Trend ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-6233 (A buffer overflow privilege escalation vulnerability in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-6232 (A buffer overflow privilege escalation vulnerability in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-6231 (A server auth command injection authentication bypass vulnerability in ...)
NOT-FOR-US: Trend Micro
CVE-2018-6230 (A SQL injection vulnerability in an Trend Micro Email Encryption ...)
@@ -26432,7 +26432,7 @@ CVE-2018-1567
CVE-2018-1566
RESERVED
CVE-2018-1565 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1564
RESERVED
CVE-2018-1563
@@ -26474,7 +26474,7 @@ CVE-2018-1546
CVE-2018-1545
RESERVED
CVE-2018-1544 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1543
RESERVED
CVE-2018-1542
@@ -26532,7 +26532,7 @@ CVE-2018-1517
CVE-2018-1516
RESERVED
CVE-2018-1515 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1514
RESERVED
CVE-2018-1513
@@ -26586,7 +26586,7 @@ CVE-2018-1490
CVE-2018-1489
RESERVED
CVE-2018-1488 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1487
RESERVED
CVE-2018-1486
@@ -26628,7 +26628,7 @@ CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could al
CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access ...)
NOT-FOR-US: IBM API Connect
CVE-2018-1467 (The IBM Storwize V7000 Unified management Web interface 1.6 exposes ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1466 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
NOT-FOR-US: IBM
CVE-2018-1465 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
@@ -26644,7 +26644,7 @@ CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize
CVE-2018-1460
RESERVED
CVE-2018-1459 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1458
RESERVED
CVE-2018-1457
@@ -26658,13 +26658,13 @@ CVE-2018-1454
CVE-2018-1453
RESERVED
CVE-2018-1452 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1451 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1450 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1449 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1448 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 ...)
NOT-FOR-US: IBM
CVE-2018-1447 (The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect ...)
@@ -40507,7 +40507,7 @@ CVE-2017-14187 (A local privilege escalation and local code execution vulnerabil
CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 ...)
NOT-FOR-US: Fortinet
CVE-2017-14185 (An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2017-14184 (An Information Disclosure vulnerability in Fortinet FortiClient for ...)
NOT-FOR-US: Fortinet
CVE-2017-14183
@@ -53992,7 +53992,7 @@ CVE-2017-9643
CVE-2017-9642
RESERVED
CVE-2017-9641 (PI Coresight 2016 R2 contains a cross-site request forgery ...)
- TODO: check
+ NOT-FOR-US: PI Coresight
CVE-2017-9640 (A Path Traversal issue was discovered in Automated Logic Corporation ...)
NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and ...)
@@ -71886,7 +71886,7 @@ CVE-2017-3963
CVE-2017-3962
RESERVED
CVE-2017-3961 (Cross-Site Scripting (XSS) vulnerability in the web interface in ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2017-3960
RESERVED
CVE-2017-3959
@@ -78221,7 +78221,7 @@ CVE-2017-1754
CVE-2017-1753
RESERVED
CVE-2017-1752 (IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated ...)
- TODO: check
+ NOT-FOR-US: IBM UrbanCode Deploy
CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is ...)
NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere
CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b05c96423256ebe64d344b5fe2417b490edda794
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b05c96423256ebe64d344b5fe2417b490edda794
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180525/2b929eae/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list