[Git][security-tracker-team/security-tracker][master] 2 commits: Process several NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 2 21:38:21 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aeac497f by Salvatore Bonaccorso at 2018-10-02T20:23:12Z
Process several NFUs
- - - - -
2eb2dd8a by Salvatore Bonaccorso at 2018-10-02T20:37:23Z
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2018-17887
RESERVED
CVE-2018-17886 (An issue was discovered in JEESNS 1.3. The XSS filter in ...)
- TODO: check
+ NOT-FOR-US: JEESNS
CVE-2018-17885
RESERVED
CVE-2018-17883
@@ -105,11 +105,11 @@ CVE-2018-17840
CVE-2018-17839
RESERVED
CVE-2018-17838 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read ...)
- TODO: check
+ NOT-FOR-US: JTBC
CVE-2018-17837 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion ...)
- TODO: check
+ NOT-FOR-US: JTBC
CVE-2018-17836 (An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote ...)
- TODO: check
+ NOT-FOR-US: JTBC
CVE-2018-17835 (An issue was discovered in GetSimple CMS 3.3.15. An administrator can ...)
NOT-FOR-US: GetSimple CMS
CVE-2018-17834
@@ -219,9 +219,9 @@ CVE-2018-17789
CVE-2018-17788
RESERVED
CVE-2018-17787 (On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 ...)
- TODO: check
+ NOT-FOR-US: D-Link DIR-823G devices
CVE-2018-17786 (On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, ...)
- TODO: check
+ NOT-FOR-US: D-Link DIR-823G devices
CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal exists via ...)
NOT-FOR-US: blynk-server in Blynk
CVE-2018-17784
@@ -604,25 +604,25 @@ CVE-2018-17598
CVE-2018-17597
RESERVED
CVE-2018-17596 (In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2018-17595 (In the 5.4.0 version of the Fork CMS software, HTML Injection and ...)
- TODO: check
+ NOT-FOR-US: Fork CMS
CVE-2018-17594 (AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the ...)
- TODO: check
+ NOT-FOR-US: AirTies Air 5443v2 devices
CVE-2018-17593 (AirTies Air 5453 devices with software 1.0.0.18 have XSS via the ...)
- TODO: check
+ NOT-FOR-US: AirTies Air 5453 devices
CVE-2018-17592
RESERVED
CVE-2018-17591 (AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the ...)
- TODO: check
+ NOT-FOR-US: AirTies Air 5343v2 devices
CVE-2018-17590 (AirTies Air 5442 devices with software 1.0.0.18 have XSS via the ...)
- TODO: check
+ NOT-FOR-US: AirTies Air 5442 devices
CVE-2018-17589 (AirTies Air 5650 devices with software 1.0.0.18 have XSS via the ...)
- TODO: check
+ NOT-FOR-US: AirTies Air 5650 devices
CVE-2018-17588 (AirTies Air 5021 devices with software 1.0.0.18 have XSS via the ...)
- TODO: check
+ NOT-FOR-US: AirTies Air 5021 devices
CVE-2018-17587 (AirTies Air 5750 devices with software 1.0.0.18 have XSS via the ...)
- TODO: check
+ NOT-FOR-US: AirTies Air 5750 devices
CVE-2018-17586
RESERVED
CVE-2018-17585
@@ -971,7 +971,7 @@ CVE-2018-17429
CVE-2018-17428
RESERVED
CVE-2018-17427 (SIMDComp before 0.1.0 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: SIMDComp
CVE-2018-17426
RESERVED
CVE-2018-17425
@@ -5028,9 +5028,9 @@ CVE-2018-15755
CVE-2018-15754
RESERVED
CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...)
- TODO: check
+ NOT-FOR-US: MensaMax application for Android
CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...)
- TODO: check
+ NOT-FOR-US: MensaMax application for Android
CVE-2018-15751
RESERVED
CVE-2018-15750
@@ -5149,11 +5149,11 @@ CVE-2018-15704
CVE-2018-15703
RESERVED
CVE-2018-15702 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2018-15701 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2018-15700 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2018-15699 (ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a ...)
NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15698 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote ...)
@@ -5556,7 +5556,7 @@ CVE-2018-15565 (An issue was discovered in daveismyname simple-cms through 2014-
CVE-2018-15564 (An issue was discovered in daveismyname simple-cms through 2014-03-11. ...)
NOT-FOR-US: simple-cms
CVE-2018-15563 (_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2018-15562 (CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or ...)
NOT-FOR-US: CMS ISWEB
CVE-2018-15561
@@ -7160,7 +7160,7 @@ CVE-2018-14810
CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users ...)
- TODO: check
+ NOT-FOR-US: Emerson AMS Device Manager
CVE-2018-14807
RESERVED
CVE-2018-14806
@@ -7168,7 +7168,7 @@ CVE-2018-14806
CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the system ...)
NOT-FOR-US: ABB eSOMS
CVE-2018-14804 (Emerson AMS Device Manager v12.0 to v13.5. A specially crafted ...)
- TODO: check
+ NOT-FOR-US: Emerson AMS Device Manager
CVE-2018-14803 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
NOT-FOR-US: Philips e-Alert Unit
CVE-2018-14802 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), ...)
@@ -16511,9 +16511,9 @@ CVE-2018-11243 (PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote
CVE-2018-11242 (An issue was discovered in the MakeMyTrip application 7.2.4 for ...)
NOT-FOR-US: MakeMyTrip application for Android
CVE-2018-11241 (An issue was discovered on SoftCase T-Router build 20112017 devices. A ...)
- TODO: check
+ NOT-FOR-US: SoftCase T-Router devices
CVE-2018-11240 (An issue was discovered on SoftCase T-Router build 20112017 devices. ...)
- TODO: check
+ NOT-FOR-US: SoftCase T-Router devices
CVE-2018-11239 (An integer overflow in the _transfer function of a smart contract ...)
NOT-FOR-US: Hexagon (HXG)
CVE-2018-11238
@@ -16941,13 +16941,13 @@ CVE-2018-11077
CVE-2018-11076
RESERVED
CVE-2018-11075 (RSA Authentication Manager versions prior to 8.3 P3 contain a ...)
- TODO: check
+ NOT-FOR-US: RSA Authentication Manager
CVE-2018-11074 (RSA Authentication Manager versions prior to 8.3 P3 are affected by a ...)
- TODO: check
+ NOT-FOR-US: RSA Authentication Manager
CVE-2018-11073 (RSA Authentication Manager versions prior to 8.3 P3 contain a stored ...)
- TODO: check
+ NOT-FOR-US: RSA Authentication Manager
CVE-2018-11072 (Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection ...)
- TODO: check
+ NOT-FOR-US: Dell Digital Delivery
CVE-2018-11071 (Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, ...)
NOT-FOR-US: EMC Isilon OneFS
CVE-2018-11070 (RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J ...)
@@ -18313,15 +18313,15 @@ CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be expl
CVE-2018-10607 (Martem TELEM GW6 and GWM devices with firmware ...)
NOT-FOR-US: Martem TELEM GW6 and GWM devices
CVE-2018-10606 (WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based ...)
- TODO: check
+ NOT-FOR-US: WECON LeviStudio
CVE-2018-10605 (Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow ...)
- TODO: check
+ NOT-FOR-US: Martem TELEM GW6/GWM
CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full access to ...)
NOT-FOR-US: SEL Compass
CVE-2018-10603 (Martem TELEM GW6 and GWM devices with firmware ...)
NOT-FOR-US: Martem TELEM GW6 and GWM devices
CVE-2018-10602 (WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based ...)
- TODO: check
+ NOT-FOR-US: WECON LeviStudio
CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including ...)
NOT-FOR-US: Philips
CVE-2018-10600 (SEL AcSELerator Architect version 2.2.24.0 and prior allows ...)
@@ -43145,11 +43145,11 @@ CVE-2018-1706
CVE-2018-1705 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...)
NOT-FOR-US: IBM Platform Symphony
CVE-2018-1704 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1703
RESERVED
CVE-2018-1702 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1701
RESERVED
CVE-2018-1700
@@ -43169,9 +43169,9 @@ CVE-2018-1694
CVE-2018-1693
RESERVED
CVE-2018-1692 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1691 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1690 (IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site ...)
NOT-FOR-US: IBM Rhapsody Model Manager
CVE-2018-1689
@@ -43209,7 +43209,7 @@ CVE-2018-1674 (IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through
CVE-2018-1673
RESERVED
CVE-2018-1672 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1671
RESERVED
CVE-2018-1670
@@ -43343,7 +43343,7 @@ CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6
CVE-2018-1606
RESERVED
CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1604
RESERVED
CVE-2018-1603
@@ -43351,7 +43351,7 @@ CVE-2018-1603
CVE-2018-1602
RESERVED
CVE-2018-1601 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or ...)
NOT-FOR-US: IBM
CVE-2018-1599 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker ...)
@@ -43367,7 +43367,7 @@ CVE-2018-1595 (IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 cou
CVE-2018-1594
RESERVED
CVE-2018-1593 (IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1592
RESERVED
CVE-2018-1591
@@ -43437,9 +43437,9 @@ CVE-2018-1560 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6
CVE-2018-1559
RESERVED
CVE-2018-1558 (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1557 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1556 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to ...)
NOT-FOR-US: IBM FileNet Content Manager
CVE-2018-1555 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to ...)
@@ -43509,7 +43509,7 @@ CVE-2018-1524 (IBM Maximo Asset Management 7.6 through 7.6.3 installs with a def
CVE-2018-1523 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 ...)
NOT-FOR-US: IBM
CVE-2018-1522 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1521 (IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are ...)
NOT-FOR-US: IBM
CVE-2018-1520
@@ -43535,7 +43535,7 @@ CVE-2018-1511
CVE-2018-1510
RESERVED
CVE-2018-1509 (IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1508
RESERVED
CVE-2018-1507 (IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site ...)
@@ -43557,7 +43557,7 @@ CVE-2018-1500
CVE-2018-1499
RESERVED
CVE-2018-1498 (IBM Security Guardium EcoSystem 10.5 stores user credentials in plain ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1497
RESERVED
CVE-2018-1496 (IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is ...)
@@ -43673,9 +43673,9 @@ CVE-2018-1442 (IBM Application Performance Management - Response Time Monitoring
CVE-2018-1441 (IBM Application Performance Management - Response Time Monitoring ...)
NOT-FOR-US: IBM
CVE-2018-1440 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1439 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1438 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
NOT-FOR-US: IBM
CVE-2018-1437 (IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary ...)
@@ -43713,7 +43713,7 @@ CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next Generation
CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and ...)
NOT-FOR-US: IBM WebSphere DataPower Appliances
CVE-2018-1420 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1419 (IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for ...)
NOT-FOR-US: IBM
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass ...)
@@ -43743,11 +43743,11 @@ CVE-2018-1407 (IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5
CVE-2018-1406
RESERVED
CVE-2018-1405 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1404 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1403 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1402
RESERVED
CVE-2018-1401 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site ...)
@@ -43763,7 +43763,7 @@ CVE-2018-1397
CVE-2018-1396 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 ...)
NOT-FOR-US: IBM
CVE-2018-1395 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1394 (Multiple IBM Rational products are vulnerable to cross-site scripting. ...)
NOT-FOR-US: IBM
CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
@@ -44867,9 +44867,9 @@ CVE-2018-1253 (RSA Authentication Manager Operation Console, versions 8.3 P1 and
CVE-2018-1252 (RSA Web Threat Detection versions prior to 6.4, contain an SQL ...)
NOT-FOR-US: RSA Web Threat Detection
CVE-2018-1251 (Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 ...)
- TODO: check
+ NOT-FOR-US: EMC Unity and UnityVSA
CVE-2018-1250 (Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 ...)
- TODO: check
+ NOT-FOR-US: EMC Unity and UnityVSA
CVE-2018-1249 (Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use ...)
NOT-FOR-US: EMC
CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console and ...)
@@ -44877,7 +44877,7 @@ CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console an
CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and earlier, ...)
NOT-FOR-US: RSA Authentication Manager
CVE-2018-1246 (Dell EMC Unity and UnityVSA contains reflected cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: EMC Unity and UnityVSA
CVE-2018-1245 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 ...)
NOT-FOR-US: RSA
CVE-2018-1244 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 ...)
@@ -95447,7 +95447,7 @@ CVE-2017-1651 (IBM Rational Quality Manager and IBM Rational Collaborative Lifec
CVE-2017-1650 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2017-1649 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1648
RESERVED
CVE-2017-1647
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b33c701bbcbfac2f1eb9235574218989b4684e98...2eb2dd8a3c93fc5cb11d8b3310bd0b9f92deba17
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b33c701bbcbfac2f1eb9235574218989b4684e98...2eb2dd8a3c93fc5cb11d8b3310bd0b9f92deba17
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181002/92c0a896/attachment.html>
More information about the debian-security-tracker-commits
mailing list