[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Sep 13 07:53:33 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eef33ef6 by Salvatore Bonaccorso at 2018-09-13T06:53:07Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2018-16953
 CVE-2018-16952
 	RESERVED
 CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 ...)
-	TODO: check
+	NOT-FOR-US: STMicroelectronics STM32F0 series devices
 CVE-2018-16976 [prevent access to repos which are in the process of being migrated]
 	- gitolite3 <unfixed> (bug #908699)
 	[stretch] - gitolite3 <no-dsa> (Minor issue)
@@ -540,13 +540,13 @@ CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding t
 CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. ...)
 	NOT-FOR-US: CScms
 CVE-2018-16729 (Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2018-16728 (feindura 2.0.7 allows XSS via the tags field of a new page created at ...)
-	TODO: check
+	NOT-FOR-US: feindura
 CVE-2018-16727 (razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage ...)
-	TODO: check
+	NOT-FOR-US: razorCMS
 CVE-2018-16726 (razorCMS 3.4.7 allows HTML injection via the description of the ...)
-	TODO: check
+	NOT-FOR-US: razorCMS
 CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the ...)
 	NOT-FOR-US: baijiacms
 CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...)
@@ -821,7 +821,7 @@ CVE-2018-16607
 CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) ...)
 	NOT-FOR-US: ProConf
 CVE-2018-16605 (D-Link DIR-600M devices allow XSS via the Hostname and Username fields ...)
-	TODO: check
+	NOT-FOR-US: D-Link DIR-600M devices
 CVE-2018-16604 (An issue was discovered in Nibbleblog v4.0.5. With an admin's username ...)
 	NOT-FOR-US: Nibbleblog
 CVE-2018-16603
@@ -1374,9 +1374,9 @@ CVE-2018-16391 (Several buffer overflows when handling responses from a Muscle C
 CVE-2018-16390
 	RESERVED
 CVE-2018-16389 (e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2018-16388 (e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF ...)
 	NOT-FOR-US: Elefant CMS
 CVE-2018-16386
@@ -3592,7 +3592,7 @@ CVE-2018-15504 (An issue was discovered in Embedthis GoAhead before 4.0.1 and Ap
 CVE-2018-15503 (The unpack implementation in Swoole version 4.0.4 lacks correct size ...)
 	NOT-FOR-US: Swoole
 CVE-2018-15502 (Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 ...)
-	TODO: check
+	NOT-FOR-US: Lone Wolf Technologies loadingDOCS
 CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x ...)
 	{DLA-1477-1}
 	- libgit2 0.27.4+dfsg.1-0.1 (low)
@@ -7729,9 +7729,9 @@ CVE-2018-13809
 CVE-2018-13808
 	RESERVED
 CVE-2018-13807 (A vulnerability has been identified in SCALANCE X300 (All versions < ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad Designer (All ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2018-13805
 	RESERVED
 CVE-2018-13804
@@ -8586,9 +8586,9 @@ CVE-2018-13414
 CVE-2018-13413
 	RESERVED
 CVE-2018-13412 (An issue was discovered in the Self Service Portal in Zoho ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-13411 (An issue was discovered in Zoho ManageEngine Desktop Central before ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-13410 (** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line ...)
 	- zip <unfixed> (unimportant; bug #903196)
 	NOTE: http://seclists.org/fulldisclosure/2018/Jul/24
@@ -11874,7 +11874,7 @@ CVE-2018-12178
 CVE-2018-12177
 	RESERVED
 CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-12175 (Default install directory permissions in Intel Distribution for Python ...)
 	TODO: check
 CVE-2018-12174
@@ -11884,7 +11884,7 @@ CVE-2018-12173
 CVE-2018-12172
 	RESERVED
 CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller (BMC) ...)
-	TODO: check
+	NOT-FOR-US: Intel Baseboard Management Controller firmware
 CVE-2018-12170
 	RESERVED
 CVE-2018-12169
@@ -11900,13 +11900,13 @@ CVE-2018-12165
 CVE-2018-12164
 	RESERVED
 CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 ...)
-	TODO: check
+	NOT-FOR-US: Intel IoT Developers Kit
 CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for Windows before ...)
-	TODO: check
+	NOT-FOR-US: Intel OpenVINO Toolkit for Windows
 CVE-2018-12161
 	RESERVED
 CVE-2018-12160 (DLL injection vulnerability in software installer for Intel Data ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-12159
 	RESERVED
 CVE-2018-12158
@@ -11924,13 +11924,13 @@ CVE-2018-12153
 CVE-2018-12152
 	RESERVED
 CVE-2018-12151 (Buffer overflow in installer for Intel Extreme Tuning Utility before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-12150 (Escalation of privilege in Installer for Intel Extreme Tuning Utility ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-12149 (Buffer overflow in input handling in Intel Extreme Tuning Utility ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and Support ...)
-	TODO: check
+	NOT-FOR-US: INtel
 CVE-2018-12147
 	RESERVED
 CVE-2018-12146
@@ -22858,7 +22858,7 @@ CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass vulnerabili
 CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than ...)
 	NOT-FOR-US: Huawei
 CVE-2018-7939 (Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7938 (P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 ...)
 	NOT-FOR-US: Huawei
 CVE-2018-7937 (In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and ...)
@@ -22890,11 +22890,11 @@ CVE-2018-7925
 CVE-2018-7924
 	RESERVED
 CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7922 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7921 (Huawei B315s-22 products with software of 21.318.01.00.26 have an ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7920 (Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 ...)
 	NOT-FOR-US: Huawei
 CVE-2018-7919
@@ -22924,7 +22924,7 @@ CVE-2018-7908
 CVE-2018-7907
 	RESERVED
 CVE-2018-7906 (Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7905
 	RESERVED
 CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eef33ef68c1382390e50fa4c3d02f96b6d2f1705

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eef33ef68c1382390e50fa4c3d02f96b6d2f1705
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180913/d817861a/attachment.html>

More information about the debian-security-tracker-commits mailing list