[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFU

Salvatore Bonaccorso Wed, 12 Dec 2018 00:19:51 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9f1babea by Salvatore Bonaccorso at 2018-12-12T08:12:20Z
Process NFU

- - - - -
e19e146d by Salvatore Bonaccorso at 2018-12-12T08:19:01Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -143,7 +143,7 @@ CVE-2018-20031
 CVE-2018-20030
        RESERVED
 CVE-2018-20029 (The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine 
before ...)
-       TODO: check
+       NOT-FOR-US: nxfs.sys driver in the DokanFS library in NoMachine on 
Windows
 CVE-2019-2394
        RESERVED
 CVE-2019-2393
@@ -30371,7 +30371,7 @@ CVE-2018-10145
 CVE-2018-10144
        RESERVED
 CVE-2018-10143 (The Palo Alto Networks Expedition Migration tool 1.0.107 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks Expedition Migration tool
 CVE-2018-10142 (The Expedition Migration tool 1.0.106 and earlier may allow an 
...)
        NOT-FOR-US: Expedition Migration
 CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS 
before ...)
@@ -34227,13 +34227,13 @@ CVE-2018-8654
 CVE-2018-8653
        RESERVED
 CVE-2018-8652 (A Cross-site Scripting (XSS) vulnerability exists when Windows 
Azure ...)
-       TODO: check
+       NOT-FOR-US: Windows Azure Pack Rollup
 CVE-2018-8651 (A cross site scripting vulnerability exists when Microsoft 
Dynamics ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Dynamics NAV
 CVE-2018-8650
        RESERVED
 CVE-2018-8649 (A denial of service vulnerability exists when Windows 
improperly ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8648
        RESERVED
 CVE-2018-8647
@@ -34245,59 +34245,59 @@ CVE-2018-8645
 CVE-2018-8644
        RESERVED
 CVE-2018-8643 (A remote code execution vulnerability exists in the way that 
the ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8642
        RESERVED
 CVE-2018-8641 (An elevation of privilege vulnerability exists in Windows when 
the ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8640
        RESERVED
 CVE-2018-8639 (An elevation of privilege vulnerability exists in Windows when 
the ...)
-       TODO: check
+       NOT-FOR-US:  Microsoft Windows
 CVE-2018-8638 (An information disclosure vulnerability exists when DirectX 
improperly ...)
-       TODO: check
+       NOT-FOR-US:  Microsoft Windows
 CVE-2018-8637 (An information disclosure vulnerability exists in Windows 
kernel that ...)
-       TODO: check
+       NOT-FOR-US:  Microsoft Windows
 CVE-2018-8636 (A remote code execution vulnerability exists in Microsoft Excel 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8635 (An elevation of privilege vulnerability exists when Microsoft 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8634 (A remote code execution vulnerability exists in Windows where 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8633
        RESERVED
 CVE-2018-8632
        RESERVED
 CVE-2018-8631 (A remote code execution vulnerability exists when Internet 
Explorer ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8630
        RESERVED
 CVE-2018-8629 (A remote code execution vulnerability exists in the way that 
the ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8628 (A remote code execution vulnerability exists in Microsoft 
PowerPoint ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8627 (An information disclosure vulnerability exists when Microsoft 
Excel ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8626 (A remote code execution vulnerability exists in Windows Domain 
Name ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8625 (A remote code execution vulnerability exists in the way that 
the ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8624 (A remote code execution vulnerability exists in the way that 
the ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8623
        RESERVED
 CVE-2018-8622 (An information disclosure vulnerability exists when the Windows 
kernel ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8621 (An information disclosure vulnerability exists when the Windows 
kernel ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8620
        RESERVED
 CVE-2018-8619 (A remote code execution vulnerability exists when the Internet 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8618 (A remote code execution vulnerability exists in the way that 
the ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8617 (A remote code execution vulnerability exists in the way that 
the ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8616
        RESERVED
 CVE-2018-8615
@@ -34307,9 +34307,9 @@ CVE-2018-8614
 CVE-2018-8613
        RESERVED
 CVE-2018-8612 (A Denial Of Service vulnerability exists when Connected User 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8611 (An elevation of privilege vulnerability exists when the Windows 
kernel ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8610
        RESERVED
 CVE-2018-8609 (A remote code execution vulnerability exists in Microsoft 
Dynamics 365 ...)
@@ -34323,7 +34323,7 @@ CVE-2018-8606 (A cross site scripting vulnerability 
exists when Microsoft Dynami
 CVE-2018-8605 (A cross site scripting vulnerability exists when Microsoft 
Dynamics ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8604 (A tampering vulnerability exists when Microsoft Exchange Server 
fails ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8603
        RESERVED
 CVE-2018-8602 (A Cross-site Scripting (XSS) vulnerability exists when Team 
Foundation ...)
@@ -34333,15 +34333,15 @@ CVE-2018-8601
 CVE-2018-8600 (A Cross-site Scripting (XSS) vulnerability exists when Azure 
App ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8599 (An elevation of privilege vulnerability exists when the 
Diagnostics ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8598 (An information disclosure vulnerability exists when Microsoft 
Excel ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8597 (A remote code execution vulnerability exists in Microsoft Excel 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8596 (An information disclosure vulnerability exists when the Windows 
GDI ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8595 (An information disclosure vulnerability exists when the Windows 
GDI ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8594
        RESERVED
 CVE-2018-8593
@@ -34357,7 +34357,7 @@ CVE-2018-8589 (An elevation of privilege vulnerability 
exists when Windows impro
 CVE-2018-8588 (A remote code execution vulnerability exists in the way that 
the ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8587 (A remote code execution vulnerability exists in Microsoft 
Outlook ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8586
        RESERVED
 CVE-2018-8585
@@ -34365,13 +34365,13 @@ CVE-2018-8585
 CVE-2018-8584 (An elevation of privilege vulnerability exists when Windows 
improperly ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8583 (A remote code execution vulnerability exists in the way that 
the ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8582 (A remote code execution vulnerability exists in the way that 
Microsoft ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8581 (An elevation of privilege vulnerability exists in Microsoft 
Exchange ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8580 (An information disclosure vulnerability exists where certain 
modes of ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8579 (An information disclosure vulnerability exists when attaching 
files to ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8578 (An information disclosure vulnerability exists when Microsoft 
...)
@@ -34503,7 +34503,7 @@ CVE-2018-8516
 CVE-2018-8515
        RESERVED
 CVE-2018-8514 (An information disclosure vulnerability exists when Remote 
Procedure ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8513 (A remote code execution vulnerability exists in the way that 
the ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8512 (A security feature bypass vulnerability exists in Microsoft 
Edge when ...)
@@ -34577,7 +34577,7 @@ CVE-2018-8479 (A spoofing vulnerability exists for the 
Azure IoT Device Provisio
 CVE-2018-8478
        RESERVED
 CVE-2018-8477 (An information disclosure vulnerability exists when the Windows 
kernel ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Windows
 CVE-2018-8476 (A remote code execution vulnerability exists in the way that 
Windows ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8475 (A remote code execution vulnerability exists when Windows does 
not ...)
@@ -39718,7 +39718,7 @@ CVE-2018-6705
 CVE-2018-6704
        RESERVED
 CVE-2018-6703 (Use After Free in McAfee Common service in McAfee Agent (MA) 
5.0.0 ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2018-6702
        RESERVED
 CVE-2018-6701
@@ -52489,33 +52489,33 @@ CVE-2018-2507
 CVE-2018-2506
        RESERVED
 CVE-2018-2505 (SAP Commerce does not sufficiently validate user-controlled 
inputs, ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-2504 (SAP NetWeaver AS Java Web Container service does not validate 
against ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-2503 (By default, the SAP NetWeaver AS Java keystore service does not 
...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-2502 (TRACE method is enabled in SAP Business One Service Layer . 
Attacker ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-2501
        RESERVED
 CVE-2018-2500 (Under certain conditions SAP Mobile Secure Android client 
(before ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-2499
        RESERVED
 CVE-2018-2498
        RESERVED
 CVE-2018-2497 (The security audit log of SAP HANA, versions 1.0 and 2.0, does 
not log ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-2496
        RESERVED
 CVE-2018-2495
        RESERVED
 CVE-2018-2494 (Necessary authorization checks for an authenticated user, 
resulting in ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-2493
        RESERVED
 CVE-2018-2492 (SAML 2.0 functionality in SAP NetWeaver AS Java, does not 
sufficiently ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-2491 (When opening a deep link URL in SAP Fiori Client with log level 
set to ...)
        NOT-FOR-US: SAP
 CVE-2018-2490 (The broadcast messages received by SAP Fiori Client are not 
protected ...)
@@ -52527,7 +52527,7 @@ CVE-2018-2488 (It is possible for a malware application 
installed on an Android
 CVE-2018-2487 (SAP Disclosure Management 10.x allows an attacker to exploit 
through a ...)
        NOT-FOR-US: SAP
 CVE-2018-2486 (SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 
1.14)) does ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-2485 (It is possible for a malicious application or malware to 
execute ...)
        NOT-FOR-US: SAP
 CVE-2018-2484



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/4bad0e517b7b119236bd2a7da22fa48013945e86...e19e146d72e864fd0b1d56f7a5d8a28d9a89e182

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/4bad0e517b7b119236bd2a7da22fa48013945e86...e19e146d72e864fd0b1d56f7a5d8a28d9a89e182
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFU

Reply via email to