[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bebd4eff by Moritz Muehlenhoff at 2018-10-17T14:46:33Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,27 +7,27 @@ CVE-2018-18438 [Integer overflow in ccid_card_vscard_read() 
allows memory corrup
 CVE-2018-18437
        RESERVED
 CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the ...)
-       TODO: check
+       NOT-FOR-US: JTBC(PHP)
 CVE-2018-18435
        RESERVED
 CVE-2018-18434 (An issue was discovered in litemall 0.9.0. Arbitrary file 
download is ...)
-       TODO: check
+       NOT-FOR-US: litemall
 CVE-2018-18433 (An issue was discovered in DESTOON B2B 7.0. 
admin/category.inc.php has ...)
-       TODO: check
+       NOT-FOR-US: DESTOON B2B
 CVE-2018-18432 (An issue was discovered in DESTOON B2B 7.0. CSRF exists via 
the ...)
-       TODO: check
+       NOT-FOR-US: DESTOON B2B
 CVE-2018-18431 (An issue was discovered in DESTOON B2B 7.0. XSS exists via 
certain text ...)
-       TODO: check
+       NOT-FOR-US: DESTOON B2B
 CVE-2018-18430 (An issue was discovered in DESTOON B2B 7.0. 
admin\setting.inc.php has ...)
-       TODO: check
+       NOT-FOR-US: DESTOON B2B
 CVE-2018-18429
        RESERVED
 CVE-2018-18428
        RESERVED
 CVE-2018-18427 (s-cms 3.0 allows SQL Injection via the member/post.php 0_id 
parameter ...)
-       TODO: check
+       NOT-FOR-US: s-cms
 CVE-2018-18426 (s-cms 3.0 allows remote attackers to execute arbitrary PHP 
code by ...)
-       TODO: check
+       NOT-FOR-US: s-cms
 CVE-2018-18425
        RESERVED
 CVE-2018-18424
@@ -35,7 +35,7 @@ CVE-2018-18424
 CVE-2018-18423
        RESERVED
 CVE-2018-18422 (UsualToolCMS 8.0 allows CSRF for adding a user account via the 
...)
-       TODO: check
+       NOT-FOR-US: UsualToolCMS
 CVE-2018-18421
        RESERVED
 CVE-2018-18420
@@ -1369,7 +1369,7 @@ CVE-2018-17913
 CVE-2018-17912
        RESERVED
 CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several 
stack-based ...)
-       TODO: check
+       NOT-FOR-US: LAquis SCADA
 CVE-2018-17910
        RESERVED
 CVE-2018-17909
@@ -1389,23 +1389,23 @@ CVE-2018-17903
 CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, 
All ...)
        NOT-FOR-US: Yokogawa STARDOM Controllers
 CVE-2018-17901 (LAquis SCADA Versions 4.1.0.3870 and prior, when processing 
project ...)
-       TODO: check
+       NOT-FOR-US: LAquis SCADA
 CVE-2018-17900 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, 
All ...)
        NOT-FOR-US: Yokogawa STARDOM Controllers
 CVE-2018-17899 (LAquis SCADA Versions 4.1.0.3870 and prior has a path 
traversal ...)
-       TODO: check
+       NOT-FOR-US: LAquis SCADA
 CVE-2018-17898 (Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, 
All ...)
        NOT-FOR-US: Yokogawa STARDOM Controllers
 CVE-2018-17897 (LAquis SCADA Versions 4.1.0.3870 and prior has several integer 
...)
-       TODO: check
+       NOT-FOR-US: LAquis SCADA
 CVE-2018-17896 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, 
All ...)
        NOT-FOR-US: Yokogawa STARDOM Controllers
 CVE-2018-17895 (LAquis SCADA Versions 4.1.0.3870 and prior has several 
out-of-bounds ...)
-       TODO: check
+       NOT-FOR-US: LAquis SCADA
 CVE-2018-17894 (NUUO CMS all versions 3.1 and prior, The application creates 
default ...)
        NOT-FOR-US: NUUO CMS
 CVE-2018-17893 (LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted 
pointer ...)
-       TODO: check
+       NOT-FOR-US: LAquis SCADA
 CVE-2018-17892 (NUUO CMS all versions 3.1 and prior, The application 
implements a ...)
        NOT-FOR-US: NUUO CMS
 CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior 
running ...)
@@ -12309,7 +12309,7 @@ CVE-2018-13401
 CVE-2018-13400
        RESERVED
 CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and 
Crucible ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye 
and ...)
        NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2018-13397
@@ -29709,7 +29709,7 @@ CVE-2018-6976 (The VMware Content Locker for iOS prior 
to 4.14 contains a data .
 CVE-2018-6975 (The AirWatch Agent for iOS prior to 5.8.1 contains a data 
protection ...)
        NOT-FOR-US: AirWatch Agent for iOS
 CVE-2018-6974 (VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2018-6973 (VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 
...)
        NOT-FOR-US: VMware
 CVE-2018-6972 (VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ...)
@@ -38482,11 +38482,11 @@ CVE-2018-3957 (A use-after-free vulnerability exists 
in the JavaScript engine of
 CVE-2018-3956
        RESERVED
 CVE-2018-3955 (An exploitable operating system command injection exists in the 
...)
-       TODO: check
+       NOT-FOR-US: Linksys
 CVE-2018-3954 (Devices in the Linksys ESeries line of routers (Linksys E1200 
Firmware ...)
-       TODO: check
+       NOT-FOR-US: Linksys
 CVE-2018-3953 (Devices in the Linksys ESeries line of routers (Linksys E1200 
Firmware ...)
-       TODO: check
+       NOT-FOR-US: Linksys
 CVE-2018-3952 (An exploitable code execution vulnerability exists in the 
connect ...)
        NOT-FOR-US: NordVPN
 CVE-2018-3951
@@ -41306,7 +41306,7 @@ CVE-2018-3212 (Vulnerability in the MySQL Server 
component of Oracle MySQL ...)
 CVE-2018-3211 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
        - openjdk-8 <not-affected> (Specific to Oracle Java)
 CVE-2018-3210 (Vulnerability in the Oracle GlassFish Server component of 
Oracle ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2018-3209 (Vulnerability in the Java SE component of Oracle Java SE ...)
        - openjfx <unfixed>
        [stretch] - openjfx <ignored> (Specific details withheld by Oracle, 
impossible to fix)
@@ -41457,7 +41457,7 @@ CVE-2018-3154 (Vulnerability in the PeopleSoft 
Enterprise PeopleTools component
 CVE-2018-3153 (Vulnerability in the PeopleSoft Enterprise PeopleTools 
component of ...)
        NOT-FOR-US: Oracle
 CVE-2018-3152 (Vulnerability in the Oracle GlassFish Server component of 
Oracle ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2018-3151 (Vulnerability in the Oracle iProcurement component of Oracle 
...)
        NOT-FOR-US: Oracle
 CVE-2018-3150 (Vulnerability in the Java SE component of Oracle Java SE ...)
@@ -42000,7 +42000,7 @@ CVE-2018-2913 (Vulnerability in the Oracle GoldenGate 
component of Oracle Golden
 CVE-2018-2912 (Vulnerability in the Oracle GoldenGate component of Oracle 
GoldenGate ...)
        NOT-FOR-US: Oracle
 CVE-2018-2911 (Vulnerability in the Oracle GlassFish Server component of 
Oracle ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2018-2910
        RESERVED
 CVE-2018-2909 (Vulnerability in the Oracle VM VirtualBox component of Oracle 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bebd4eff8f204bb43785c110d3dcceed9a6783cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bebd4eff8f204bb43785c110d3dcceed9a6783cf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits