[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Nov 20 20:18:41 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0b3b58c by Salvatore Bonaccorso at 2018-11-20T20:18:20Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2018-19369
 CVE-2018-19368
 	RESERVED
 CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2018-XXXX [XSA-280: Fix for XSA-240 conflicts with shadow paging]
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
@@ -134,9 +134,9 @@ CVE-2018-19337
 CVE-2018-19336
 	RESERVED
 CVE-2018-19335 (Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) ...)
-	TODO: check
+	NOT-FOR-US: Google Monorail
 CVE-2018-19334 (Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) ...)
-	TODO: check
+	NOT-FOR-US: Google Monorail
 CVE-2018-19333 (pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows ...)
 	NOT-FOR-US: gVisor
 CVE-2018-19332 (An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability ...)
@@ -1517,25 +1517,25 @@ CVE-2018-18867 (An SSRF issue was discovered in tecrail Responsive FileManager 9
 CVE-2018-18866
 	RESERVED
 CVE-2018-18865 (The Royal browser extensions TS before 4.3.60728 (Release Date ...)
-	TODO: check
+	NOT-FOR-US: Royal browser extensions TS
 CVE-2018-18864 (Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache ...)
-	TODO: check
+	NOT-FOR-US: Loadbalancer.org Enterprise VA MAX
 CVE-2018-18863
 	RESERVED
 CVE-2018-18862
 	RESERVED
 CVE-2018-18861 (Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2018-18860
 	RESERVED
 CVE-2018-18859 (Multiple local privilege escalation vulnerabilities have been ...)
-	TODO: check
+	NOT-FOR-US: LiquidVPN client for macOS
 CVE-2018-18858 (Multiple local privilege escalation vulnerabilities have been ...)
-	TODO: check
+	NOT-FOR-US: LiquidVPN client for macOS
 CVE-2018-18857 (Multiple local privilege escalation vulnerabilities have been ...)
-	TODO: check
+	NOT-FOR-US: LiquidVPN client for macOS
 CVE-2018-18856 (Multiple local privilege escalation vulnerabilities have been ...)
-	TODO: check
+	NOT-FOR-US: LiquidVPN client for macOS
 CVE-2018-18855
 	RESERVED
 CVE-2018-18854 (Lightbend Spray spray-json through 1.3.4 allows remote attackers to ...)
@@ -1730,11 +1730,11 @@ CVE-2018-18776 (Microstrategy Web, version 7, does not sufficiently encode ...)
 CVE-2018-18775 (Microstrategy Web, version 7, does not sufficiently encode ...)
 	NOT-FOR-US: Microstrategy Web
 CVE-2018-18774 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 ...)
-	TODO: check
+	NOT-FOR-US: CentOS Web Panel
 CVE-2018-18773 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 ...)
-	TODO: check
+	NOT-FOR-US: CentOS Web Panel
 CVE-2018-18772 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 ...)
-	TODO: check
+	NOT-FOR-US: CentOS Web Panel
 CVE-2018-18771 (An issue was discovered in LuLu CMS through 2015-05-14. ...)
 	NOT-FOR-US: Lulu CMS
 CVE-2018-18770
@@ -1857,9 +1857,9 @@ CVE-2018-18718 (An issue was discovered in gThumb through 3.6.2. There is a doub
 CVE-2018-18717 (An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists ...)
 	NOT-FOR-US: Eleanor CMS
 CVE-2018-18716 (Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2018-18715 (Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2018-18714 (RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible ...)
 	NOT-FOR-US: IOBit Malware Fighter
 CVE-2018-18713 (The function down_sql_action() in /admin/model/database.class.php in ...)
@@ -2254,15 +2254,15 @@ CVE-2018-18567 (AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows .
 CVE-2018-18566 (The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and ...)
 	NOT-FOR-US: Polycom
 CVE-2018-18565 (An issue was discovered in Roche Accu-Chek Inform II Instrument before ...)
-	TODO: check
+	NOT-FOR-US: Roche Diagnostics
 CVE-2018-18564 (An issue was discovered in Roche Accu-Chek Inform II Instrument before ...)
-	TODO: check
+	NOT-FOR-US: Roche Diagnostics
 CVE-2018-18563 (An issue was discovered in Roche Accu-Chek Inform II Instrument before ...)
-	TODO: check
+	NOT-FOR-US: Roche Diagnostics
 CVE-2018-18562 (An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base ...)
-	TODO: check
+	NOT-FOR-US: Roche Diagnostics
 CVE-2018-18561 (An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base ...)
-	TODO: check
+	NOT-FOR-US: Roche Diagnostics
 CVE-2018-18560
 	RESERVED
 CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due to a ...)
@@ -8099,11 +8099,11 @@ CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice Offi
 CVE-2018-16225 (The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network ...)
 	NOT-FOR-US: QBee MultiSensor Camera
 CVE-2018-16224 (Incorrect access control for the diagnostic files of the iSmartAlarm ...)
-	TODO: check
+	NOT-FOR-US: iSmartAlarm Cube One
 CVE-2018-16223 (Insecure Cryptographic Storage of credentials in ...)
-	TODO: check
+	NOT-FOR-US: QBee Cam application for Android
 CVE-2018-16222 (Cleartext Storage of credentials in the iSmartAlarmData.xml ...)
-	TODO: check
+	NOT-FOR-US: iSmartAlarm application for Android
 CVE-2018-16221
 	RESERVED
 CVE-2018-16220
@@ -18816,9 +18816,9 @@ CVE-2018-12040 (** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerabilit
 CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary ...)
 	NOT-FOR-US: joyplus-cms
 CVE-2018-12038 (An issue was discovered on Samsung 840 EVO devices. Vendor-specific ...)
-	TODO: check
+	NOT-FOR-US: Samsung 840 EVO devices
 CVE-2018-12037 (An issue was discovered on Samsung 840 EVO and 850 EVO devices (only ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2018-12036 (OWASP Dependency-Check before 3.2.0 allows attackers to write to ...)
 	NOT-FOR-US: OWASP Dependency-Check
 CVE-2018-12035 (In YARA 3.7.1 and prior, parsing a specially crafted compiled rule ...)
@@ -24156,7 +24156,7 @@ CVE-2018-10104
 CVE-2018-10103
 	RESERVED
 CVE-2018-10099 (Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) ...)
-	TODO: check
+	NOT-FOR-US: Google Monorail
 CVE-2018-10098 (In MicroWorld eScan Internet Security Suite (ISS) for Business ...)
 	NOT-FOR-US: MicroWorld eScan
 CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php ...)
@@ -47640,7 +47640,7 @@ CVE-2018-1781 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
 CVE-2018-1780 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
 	NOT-FOR-US: IBM
 CVE-2018-1779 (IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1778
 	RESERVED
 CVE-2018-1777 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b3b58cd694bd935f63b6f56fe2da6c25164a26

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b3b58cd694bd935f63b6f56fe2da6c25164a26
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181120/f041ef0a/attachment.html>

More information about the debian-security-tracker-commits mailing list