Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
225feccd by Salvatore Bonaccorso at 2018-06-17T15:16:05+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -31,7 +31,7 @@ CVE-2018-12503 (tinyexr 0.9.5 has a heap-based buffer
over-read in ...)
CVE-2018-12502
RESERVED
CVE-2018-12501 (Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2018-12500
RESERVED
CVE-2018-12499
@@ -15878,9 +15878,9 @@ CVE-2018-6499
CVE-2018-6498
RESERVED
CVE-2018-6497 (Remote Cross-site Request forgery (CSRF) potential has been
identified ...)
- TODO: check
+ NOT-FOR-US: UCMDB Server
CVE-2018-6496 (Remote Cross-site Request forgery (CSRF) potential has been
identified ...)
- TODO: check
+ NOT-FOR-US: UCMBD Browser
CVE-2018-6495 (Cross-Site Scripting (XSS) in Micro Focus Universal CMDB,
version ...)
NOT-FOR-US: Micro Focus
CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software
Web Tier, ...)
@@ -18333,17 +18333,17 @@ CVE-2018-5758 (The Upload File functionality in
upload.jspa in Aurea Jive Jive-n
CVE-2018-5757
RESERVED
CVE-2018-5756 (The backend component in Open-Xchange OX App Suite before
7.6.3-rev36, ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-5755 (Absolute path traversal vulnerability in the readerengine
component in ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-5754 (Cross-site scripting (XSS) vulnerability in the office-web
component ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-5753 (The frontend component in Open-Xchange OX App Suite before ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-5752 (The backend component in Open-Xchange OX App Suite before
7.6.3-rev36, ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-5751 (The backend component in Open-Xchange OX App Suite before
7.6.3-rev36, ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2017-18042 (The update user administration resource in Atlassian Bamboo
before ...)
NOT-FOR-US: Atlassian Bamboo
CVE-2017-18041 (The viewDeploymentVersionJiraIssuesDialog resource in
Atlassian Bamboo ...)
@@ -18488,7 +18488,7 @@ CVE-2018-5720 (An issue was discovered on DODOCOOL DC38
3-in-1 N300 Mini Wireles
CVE-2018-5719
RESERVED
CVE-2018-5718 (Improper restriction of write operations within the bounds of a
memory ...)
- TODO: check
+ NOT-FOR-US: SoftControl
CVE-2018-5717 (Memory write mechanism in NCR S2 Dispenser controller before
firmware ...)
NOT-FOR-US: NCR S2 Dispenser controller
CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This
...)
@@ -19750,7 +19750,7 @@ CVE-2018-5245
CVE-2018-5243
RESERVED
CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible
to a ...)
- TODO: check
+ NOT-FOR-US: Norton App Lock
CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG
6.5, ...)
NOT-FOR-US: Symantec
CVE-2018-5240
@@ -20908,7 +20908,7 @@ CVE-2018-4850 (A vulnerability has been identified in
SIMATIC S7-400 (incl. F) C
CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video
for ...)
NOT-FOR-US: Siveillance VMS Video
CVE-2018-4848 (A vulnerability has been identified in SCALANCE X-200 IRT (All
...)
- TODO: check
+ NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA
Operator iOS ...)
NOT-FOR-US: SIMATIC WinCC OA Operator iOS App
CVE-2018-4846
@@ -20920,7 +20920,7 @@ CVE-2018-4844 (A vulnerability has been identified in
SIMATIC WinCC OA UI for An
CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1
Advanced (All ...)
NOT-FOR-US: SIMATIC
CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200 IRT (All
...)
- TODO: check
+ NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All
versions < ...)
NOT-FOR-US: TIM
CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All
versions < ...)
@@ -23569,9 +23569,9 @@ CVE-2018-3728 (hoek node module before 4.2.0 and 5.0.x
before 5.0.3 suffers from
CVE-2018-3727 (626 node module suffers from a Path Traversal vulnerability due
to ...)
TODO: check
CVE-2018-3726 (crud-file-server node module before 0.8.0 suffers from a
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: crud-file-server nodejs module
CVE-2018-3725 (hekto node module suffers from a Path Traversal vulnerability
due to ...)
- TODO: check
+ NOT-FOR-US: hekto nodejs module
CVE-2018-3724 (general-file-server node module suffers from a Path Traversal
...)
TODO: check
CVE-2018-3723 (defaults-deep node module before 0.2.4 suffers from a
Modification of ...)
@@ -27428,15 +27428,15 @@ CVE-2018-2430
CVE-2018-2429
RESERVED
CVE-2018-2428 (Under certain conditions SAP UI5 Handler allows an attacker to
access ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2427
RESERVED
CVE-2018-2426
RESERVED
CVE-2018-2425 (Under certain conditions, SAP Business One, 9.2, 9.3, for SAP
HANA ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2424 (SAP UI5 did not validate user input before adding it to the DOM
...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2423 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49,
7.53, ...)
NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2422 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT,
7.45, ...)
@@ -29409,7 +29409,7 @@ CVE-2018-1462 (IBM SAN Volume Controller, IBM Storwize,
IBM Spectrum Virtualize
CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum
Virtualize and ...)
NOT-FOR-US: IBM
CVE-2018-1460 (IBM Netezza Platform Software (IBM PureData System for
Analytics ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1459 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2018-1458
@@ -29467,7 +29467,7 @@ CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize,
IBM Spectrum Virtualize
CVE-2018-1432 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is
...)
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2018-1431 (A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1,
4.2.0, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to
cross-site ...)
NOT-FOR-US: IBM API Connect
CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable
to ...)
@@ -29491,7 +29491,7 @@ CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1,
7.2, 7.5, 7.5.1, 7.5.2, a
CVE-2018-1420
RESERVED
CVE-2018-1419 (IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM
module for ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to
bypass ...)
NOT-FOR-US: IBM
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK,
Java ...)
@@ -29543,7 +29543,7 @@ CVE-2018-1395
CVE-2018-1394
RESERVED
CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for
Multi-Platform ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH
Services for ...)
NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH
Services for ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/225feccd613180c347df86af05feba967e9fc359
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/225feccd613180c347df86af05feba967e9fc359
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
