[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Fri, 17 Aug 2018 01:20:01 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f569af91 by Salvatore Bonaccorso at 2018-08-17T08:19:28Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -534,7 +534,7 @@ CVE-2018-15124 (Weak hashing algorithm in Zipato Zipabox 
Smart Home Controller B
 CVE-2018-15123 (Insecure configuration storage in Zipato Zipabox Smart Home 
Controller ...)
        NOT-FOR-US: Zipato
 CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 
2018.1.323.2 ...)
-       TODO: check
+       NOT-FOR-US: Telerik
 CVE-2018-15121
        RESERVED
 CVE-2018-15120
@@ -4565,7 +4565,7 @@ CVE-2018-13447 (SQL injection vulnerability in 
product/card.php in Dolibarr ERP/
        - dolibarr <removed>
        NOTE: 
https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
 CVE-2018-13446 (** DISPUTED ** An issue was discovered in the LINE 
jp.naver.line ...)
-       TODO: check
+       NOT-FOR-US: LINE jp.naver.line application for Android
 CVE-2018-13445 (An issue was discovered in SeaCMS 6.61. There is a CSRF 
vulnerability ...)
        NOT-FOR-US: SeaCMS
 CVE-2018-13444 (An issue was discovered in SeaCMS 6.61. There is a CSRF 
vulnerability ...)
@@ -4591,9 +4591,9 @@ CVE-2018-13437
 CVE-2018-13436
        RESERVED
 CVE-2018-13435 (** DISPUTED ** An issue was discovered in the LINE 
jp.naver.line ...)
-       TODO: check
+       NOT-FOR-US: LINE jp.naver.line application for iOS
 CVE-2018-13434 (** DISPUTED ** An issue was discovered in the LINE 
jp.naver.line ...)
-       TODO: check
+       NOT-FOR-US: LINE jp.naver.line application for iOS
 CVE-2018-13433 (Boostnote v0.11.7 allows XSS during highlighting of Markdown 
text, as ...)
        NOT-FOR-US: Boostnote
 CVE-2018-13432
@@ -7687,7 +7687,7 @@ CVE-2018-12258 (An issue was discovered on Momentum Axel 
720P 5.1.8 devices. Cus
 CVE-2018-12257 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. 
There is ...)
        NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
 CVE-2018-12256 (admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 
allows remote ...)
-       TODO: check
+       NOT-FOR-US: LiteCart
 CVE-2018-12255 (An XSS issue was discovered in InvoicePlane 1.5.10 via the 
&quot;Quote PDF ...)
        NOT-FOR-US: InvoicePlane
 CVE-2018-12254 (router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 
component for ...)
@@ -9557,11 +9557,11 @@ CVE-2018-11513
 CVE-2018-11512 (Stored cross-site scripting (XSS) vulnerability in the 
&quot;Website's name&quot; ...)
        NOT-FOR-US: wityCMS
 CVE-2018-11511 (The tree list functionality in the photo gallery application 
in ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-11510 (ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default 
root:admin ...)
        NOT-FOR-US: ASUSTOR
 CVE-2018-11509 (ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin 
username and ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux 
kernel ...)
        - linux 4.16.12-1
        [stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -17553,9 +17553,9 @@ CVE-2018-8408
 CVE-2018-8407
        RESERVED
 CVE-2018-8406 (An elevation of privilege vulnerability exists when the DirectX 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8405 (An elevation of privilege vulnerability exists when the DirectX 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8404 (An elevation of privilege vulnerability exists in Windows when 
the ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8403 (A remote code execution vulnerability exists in the way that 
Microsoft ...)
@@ -17563,9 +17563,9 @@ CVE-2018-8403 (A remote code execution vulnerability 
exists in the way that Micr
 CVE-2018-8402
        RESERVED
 CVE-2018-8401 (An elevation of privilege vulnerability exists when the DirectX 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8400 (An elevation of privilege vulnerability exists when the DirectX 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8399 (An elevation of privilege vulnerability exists in Windows when 
the ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8398 (An information disclosure vulnerability exists when the Windows 
GDI ...)
@@ -54002,23 +54002,23 @@ CVE-2017-13110
 CVE-2017-13109
        RESERVED
 CVE-2017-13108 (DFNDR Security Antivirus, Anti-hacking &amp; Cleaner, 5.0.9, 
2017-11-01, ...)
-       TODO: check
+       NOT-FOR-US: DFNDR Security Antivirus, Anti-hacking & Cleaner
 CVE-2017-13107 (Live.me - live stream video chat, 3.7.20, 2017-11-06, Android 
...)
-       TODO: check
+       NOT-FOR-US: Live.me - live stream video chat Android application
 CVE-2017-13106 (Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, 
Efficient, ...)
-       TODO: check
+       NOT-FOR-US: Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, 
Efficient Android application
 CVE-2017-13105 (Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 
...)
-       TODO: check
+       NOT-FOR-US: Hi Security Virus Cleaner - Antivirus, Booster Android 
application
 CVE-2017-13104 (Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 
1.108.10001, ...)
-       TODO: check
+       NOT-FOR-US: Uber Technologies, Inc. UberEATS: Uber for Food Delivery 
iOS application
 CVE-2017-13103 (Pinterest, 6.37, 2017-10-24, iOS application uses a hard-coded 
key for ...)
-       TODO: check
+       NOT-FOR-US: Pinterest iOS application
 CVE-2017-13102 (Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 
2017-08-13, iOS ...)
-       TODO: check
+       NOT-FOR-US: Gameloft Asphalt Xtreme: Offroad Rally Racing iOS 
application
 CVE-2017-13101 (Musical.ly Inc., musical.ly - your video social network, 
6.1.6, ...)
-       TODO: check
+       NOT-FOR-US: Musical.ly Inc., musical.ly - your video social network iOS 
application
 CVE-2017-13100 (DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS 
application ...)
-       TODO: check
+       NOT-FOR-US: DistinctDev, Inc., The Moron Test iOS application
 CVE-2017-13099 (wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher 
oracle ...)
        - wolfssl 3.13.0+dfsg-1 (bug #884235)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/1229



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f569af91448bc6e0588fad140d9708d34860668f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f569af91448bc6e0588fad140d9708d34860668f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to