[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 19 22:35:56 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8fc103a by Salvatore Bonaccorso at 2018-10-19T21:35:20Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2018-18528
RESERVED
CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or ...)
- TODO: check
+ NOT-FOR-US: OwnTicket
CVE-2018-18526
RESERVED
CVE-2018-18525
@@ -313,19 +313,19 @@ CVE-2018-18398
CVE-2018-18397
RESERVED
CVE-2018-18396 (Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-18395 (Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-18394 (Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-18393 (Password Management Issue in Moxa ThingsPro IIoT Gateway and Device ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-18392 (Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-18391 (User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-18390 (User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-18389 (Due to incorrect access control in Neo4j Enterprise Database Server ...)
NOT-FOR-US: Neo4J server
CVE-2018-18388
@@ -7841,15 +7841,15 @@ CVE-2018-15318
CVE-2018-15317
RESERVED
CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15315 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15314 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15313 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15312 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15311 (When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-15310 (A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, ...)
@@ -13875,27 +13875,27 @@ CVE-2018-12825 (Adobe Flash Player 30.0.0.134 and earlier have a security bypass
CVE-2018-12824 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read ...)
NOT-FOR-US: Adobe
CVE-2018-12823 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-12822 (Adobe Digital Editions versions 4.5.8 and below have an use after free ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-12821 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-12820 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-12819 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-12818 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-12817
RESERVED
CVE-2018-12816 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-12815 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
NOT-FOR-US: Adobe
CVE-2018-12814 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-12813 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-12812 (Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and ...)
NOT-FOR-US: Adobe
CVE-2018-12811 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before ...)
@@ -18740,9 +18740,9 @@ CVE-2018-11082 (Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundr
CVE-2018-11081 (Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior ...)
NOT-FOR-US: Pivotal
CVE-2018-11080 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, ...)
- TODO: check
+ NOT-FOR-US: EMC Secure Remote Services
CVE-2018-11079 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, ...)
- TODO: check
+ NOT-FOR-US: EMC Secure Remote Services
CVE-2018-11078 (Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an ...)
NOT-FOR-US: EMC VPlex GeoSynchrony
CVE-2018-11077
@@ -19590,9 +19590,9 @@ CVE-2018-10825 (Mimo Baby 2 devices do not use authentication or encryption for
CVE-2018-10824 (An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L ...)
TODO: check
CVE-2018-10823 (An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-10822 (Directory traversal vulnerability in the web interface on D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-10821 (Cross-site scripting (XSS) vulnerability in backend/pages/modify.php ...)
NOT-FOR-US: BlackCatCMS
CVE-2018-10820
@@ -26765,7 +26765,7 @@ CVE-2018-7991 (Huawei smartphones Mate10 with versions earlier before ALP-AL00B
CVE-2018-7990 (Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) ...)
NOT-FOR-US: Huawei
CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before BLA-AL00B ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7988
RESERVED
CVE-2018-7987
@@ -26895,7 +26895,7 @@ CVE-2018-7926
CVE-2018-7925
RESERVED
CVE-2018-7924 (Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 ...)
NOT-FOR-US: Huawei
CVE-2018-7922 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 ...)
@@ -44827,7 +44827,7 @@ CVE-2018-1824
CVE-2018-1823
RESERVED
CVE-2018-1822 (IBM FlashSystem 900 product GUI allows a specially crafted attack to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1821
RESERVED
CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site ...)
@@ -45435,7 +45435,7 @@ CVE-2018-1520
CVE-2018-1519
RESERVED
CVE-2018-1518 (IBM InfoSphere Information Server 11.7 is affected by a weak password ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1517 (A flaw in the java.math component in IBM SDK, Java Technology Edition ...)
NOT-FOR-US: IBM JDK
CVE-2018-1516
@@ -48114,7 +48114,7 @@ CVE-2017-17178
CVE-2017-17177
RESERVED
CVE-2017-17176 (The hardware security module of Mate 9 and Mate 9 Pro Huawei smart ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17175 (Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones ...)
NOT-FOR-US: Huawei
CVE-2017-17174 (Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; ...)
@@ -49919,7 +49919,7 @@ CVE-2018-0458 (A vulnerability in the web-based management interface of Cisco Pr
CVE-2018-0457 (A vulnerability in the Cisco Webex Player for Webex Recording Format ...)
NOT-FOR-US: Cisco
CVE-2018-0456 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0455 (A vulnerability in the Server Message Block Version 2 (SMBv2) and ...)
NOT-FOR-US: Cisco
CVE-2018-0454 (A vulnerability in the web-based management interface of Cisco Cloud ...)
@@ -49945,11 +49945,11 @@ CVE-2018-0445 (A vulnerability in the web-based management interface of Cisco ..
CVE-2018-0444 (A vulnerability in the web-based management interface of Cisco ...)
NOT-FOR-US: Cisco
CVE-2018-0443 (A vulnerability in the Control and Provisioning of Wireless Access ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0442 (A vulnerability in the Control and Provisioning of Wireless Access ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0441 (A vulnerability in the 802.11r Fast Transition feature set of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0440 (A vulnerability in the web interface of Cisco Data Center Network ...)
NOT-FOR-US: Cisco
CVE-2018-0439 (A vulnerability in the web-based management interface of Cisco Meeting ...)
@@ -49991,15 +49991,15 @@ CVE-2018-0422 (A vulnerability in the folder permissions of Cisco Webex Meetings
CVE-2018-0421 (A vulnerability in TCP connection management in Cisco Prime Access ...)
NOT-FOR-US: Cisco
CVE-2018-0420 (A vulnerability in the web-based interface of Cisco Wireless LAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0419 (A vulnerability in certain attachment detection mechanisms of Cisco ...)
NOT-FOR-US: Cisco
CVE-2018-0418 (A vulnerability in the Local Packet Transport Services (LPTS) feature ...)
NOT-FOR-US: Cisco
CVE-2018-0417 (A vulnerability in TACACS authentication with Cisco Wireless LAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0416 (A vulnerability in the web-based interface of Cisco Wireless LAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0415 (A vulnerability in the implementation of Extensible Authentication ...)
NOT-FOR-US: Cisco
CVE-2018-0414 (A vulnerability in the web-based UI of Cisco Secure Access Control ...)
@@ -50041,7 +50041,7 @@ CVE-2018-0397 (A vulnerability in Cisco AMP for Endpoints Mac Connector Software
CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2018-0395 (A vulnerability in the Link Layer Discovery Protocol (LLDP) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0394 (A vulnerability in the web upload function of Cisco Cloud Services ...)
NOT-FOR-US: Cisco
CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy Builder ...)
@@ -50055,7 +50055,7 @@ CVE-2018-0390 (A vulnerability in the web framework of Cisco Webex could allow a
CVE-2018-0389
RESERVED
CVE-2018-0388 (A vulnerability in the web-based interface of Cisco Wireless LAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS) could ...)
NOT-FOR-US: Cisco
CVE-2018-0386 (A vulnerability in Cisco Unified Communications Domain Manager ...)
@@ -50069,13 +50069,13 @@ CVE-2018-0383 (A vulnerability in the detection engine of Cisco FireSIGHT System
CVE-2018-0382
RESERVED
CVE-2018-0381 (A vulnerability in the Cisco Aironet Series Access Points (APs) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0380 (Multiple vulnerabilities exist in the Cisco Webex Network Recording ...)
NOT-FOR-US: Cisco
CVE-2018-0379 (Multiple vulnerabilities exist in the Cisco Webex Network Recording ...)
NOT-FOR-US: Cisco
CVE-2018-0378 (A vulnerability in the Precision Time Protocol (PTP) feature of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0377 (A vulnerability in the Open Systems Gateway initiative (OSGi) interface ...)
NOT-FOR-US: Cisco
CVE-2018-0376 (A vulnerability in the Policy Builder interface of Cisco Policy Suite ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8fc103a6eb5714a8daf91cee4e486393747fec4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8fc103a6eb5714a8daf91cee4e486393747fec4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181019/10794c82/attachment.html>
More information about the debian-security-tracker-commits
mailing list