[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Oct 9 15:02:44 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71e372d7 by Moritz Muehlenhoff at 2018-10-09T14:02:20Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2018-18069 (process_forms in the WPML (aka sitepress-multilingual-cms) plugin ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-18068
 	RESERVED
 CVE-2018-18067
@@ -39,7 +39,7 @@ CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0,
 	NOTE: https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0
 	NOTE: Fixed upstream in 1.29.1
 CVE-2018-1000809 (privacyIDEA version 2.23.1 and earlier contains a Improper Input ...)
-	TODO: check
+	NOT-FOR-US: privacyIDEA
 CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0 ...)
 	TODO: check
 CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version ...)
@@ -47,7 +47,7 @@ CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to vers
 CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 ...)
 	TODO: check
 CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL ...)
-	TODO: check
+	NOT-FOR-US: contiki-ng
 CVE-2018-1000803 (Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability ...)
 	- gitea <removed>
 	NOTE: https://github.com/go-gitea/gitea/pull/4664
@@ -429,7 +429,7 @@ CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior ru
 CVE-2018-17890
 	RESERVED
 CVE-2018-17889 (In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior ...)
-	TODO: check
+	NOT-FOR-US: PI Studio HMI
 CVE-2018-17888
 	RESERVED
 CVE-2018-17887
@@ -695,7 +695,7 @@ CVE-2018-17777
 CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for ...)
 	NOT-FOR-US: PCProtect Anti-Virus
 CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for ...)
-	TODO: check
+	NOT-FOR-US: Seqrite End Point Security
 CVE-2018-17774
 	RESERVED
 CVE-2018-17773
@@ -1398,13 +1398,13 @@ CVE-2018-17445
 CVE-2018-17444
 	RESERVED
 CVE-2018-17443 (An issue was discovered on D-Link Central WiFi Manager before v ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-17442 (An issue was discovered on D-Link Central WiFi Manager before v ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-17441 (An issue was discovered on D-Link Central WiFi Manager before v ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before v ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
@@ -2295,7 +2295,7 @@ CVE-2018-17062 (An issue was discovered in SeaCMS 6.64. XSS exists in admin_vide
 CVE-2018-17061 (BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing, ...)
 	NOT-FOR-US: BullGuard Safe Browsing
 CVE-2018-17060 (Telerik Extensions for ASP.NET MVC (all versions) does not whitelist ...)
-	TODO: check
+	NOT-FOR-US: Telerik Extensions for ASP.NET MVC
 CVE-2018-17059
 	RESERVED
 CVE-2018-17058
@@ -4158,19 +4158,19 @@ CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory .
 CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an ...)
 	NOT-FOR-US: MiniCMS
 CVE-2018-16297 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2018-16296 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2018-16295 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2018-16294 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2018-16293 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2018-16292 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2018-16291 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2018-16290
 	RESERVED
 CVE-2018-16289
@@ -5084,7 +5084,7 @@ CVE-2018-15905
 CVE-2018-15904 (A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before ...)
 	NOT-FOR-US: A10 ACOS Web Application Firewall
 CVE-2018-15903 (The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored ...)
-	TODO: check
+	NOT-FOR-US: Claromentis
 CVE-2018-15902
 	RESERVED
 CVE-2018-15901 (e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing ...)
@@ -7638,7 +7638,7 @@ CVE-2018-14820
 CVE-2018-14819 (Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14818 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and ...)
-	TODO: check
+	NOT-FOR-US: PI Studio HMI
 CVE-2018-14817 (Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14816
@@ -7654,7 +7654,7 @@ CVE-2018-14812
 CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14810 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and ...)
-	TODO: check
+	NOT-FOR-US: PI Studio HMI
 CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5.  Non-administrative users ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71e372d7e8e105145c6f6496f7c1c2ffe3b650f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71e372d7e8e105145c6f6496f7c1c2ffe3b650f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181009/ff589c07/attachment.html>

More information about the debian-security-tracker-commits mailing list