[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Sat, 27 Jan 2018 01:47:09 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fac68fe5 by Salvatore Bonaccorso at 2018-01-27T10:46:11+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -329,12 +329,12 @@ CVE-2018-6195
 CVE-2018-6194
        RESERVED
 CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in 
Routers2 2.24, ...)
-       TODO: check
+       NOT-FOR-US: Routers2
 CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...)
        - mupdf <unfixed> (bug #888487)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
 CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 
1.0.2 has an ...)
-       TODO: check
+       NOT-FOR-US: MuJS
 CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description 
field on ...)
        NOT-FOR-US: Netis WF2419 V3.2.41381 devices
 CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and 
earlier ...)
@@ -915,7 +915,7 @@ CVE-2018-5999 (An issue was discovered in AsusWRT before 
3.0.0.4.384_10007. In t
 CVE-2018-5998
        RESERVED
 CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub 
...)
-       TODO: check
+       NOT-FOR-US: RAVPower Filehub
 CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak 
authentication data ...)
        {DSA-4098-1}
        - curl 7.58.0-1
@@ -973,7 +973,7 @@ CVE-2018-5975
 CVE-2018-5974
        RESERVED
 CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 
via ...)
-       TODO: check
+       NOT-FOR-US: Professional Local Directory Script
 CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the 
...)
        NOT-FOR-US: Classified Ads CMS Quickad
 CVE-2018-5971
@@ -991,11 +991,11 @@ CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS 
via the Description par
 CVE-2018-5966
        RESERVED
 CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in 
admin/moduleinterface.php via ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
 CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in 
admin/moduleinterface.php via ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
 CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php 
via the ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
 CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 
through ...)
        NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 
v0.9.8.12 has ...)
@@ -1024,7 +1024,7 @@ CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote 
attackers to cause a de
        NOTE: 
https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
        NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
 CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a 
denial ...)
-       TODO: check
+       NOT-FOR-US: phpFreeChat
 CVE-2018-5953
        RESERVED
 CVE-2018-5952
@@ -1477,7 +1477,7 @@ CVE-2018-5761 (A man-in-the-middle vulnerability related 
to vCenter access was f
 CVE-2018-5760
        RESERVED
 CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly 
maintain the ...)
-       TODO: check
+       NOT-FOR-US: MuJS
 CVE-2018-5758
        RESERVED
 CVE-2018-5757
@@ -2216,15 +2216,15 @@ CVE-2018-5449
 CVE-2018-5448
        RESERVED
 CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari 
PCS-9611 ...)
-       TODO: check
+       NOT-FOR-US: Nari PCS-9611 relay
 CVE-2018-5446
        RESERVED
 CVE-2018-5445 (A Path Traversal issue was discovered in Advantech 
WebAccess/SCADA ...)
-       TODO: check
+       NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2018-5444
        RESERVED
 CVE-2018-5443 (A SQL Injection issue was discovered in Advantech 
WebAccess/SCADA ...)
-       TODO: check
+       NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2018-5442
        RESERVED
 CVE-2018-5441
@@ -3807,11 +3807,11 @@ CVE-2018-4839
 CVE-2018-4838
        RESERVED
 CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic 
&lt; ...)
-       TODO: check
+       NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic 
&lt; ...)
-       TODO: check
+       NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic 
&lt; ...)
-       TODO: check
+       NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4834 (A vulnerability has been identified in Desigo Automation 
Controllers ...)
        NOT-FOR-US: Desigo
 CVE-2018-4833
@@ -6104,7 +6104,7 @@ CVE-2017-17978
 CVE-2017-17977
        RESERVED
 CVE-2017-17976 (In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload 
can ...)
-       TODO: check
+       NOT-FOR-US: Perfex CRM
 CVE-2017-17975 (Use-after-free in the usbtv_probe function in ...)
        - linux <unfixed>
        [jessie] - linux <not-affected> (Vulnerable code path not present)
@@ -15490,7 +15490,7 @@ CVE-2018-0509
 CVE-2018-0508
        RESERVED
 CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy 
Setup &amp; ...)
-       TODO: check
+       NOT-FOR-US: FLET'S VIRUS CLEAR
 CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute 
arbitrary ...)
        TODO: check
 CVE-2018-0505
@@ -23976,9 +23976,9 @@ CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in 
a SQL query could lead t
 CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira 
before ...)
        NOT-FOR-US: Atlassian Jira
 CVE-2017-14593 (Sourcetree for Windows had several argument and command 
injection bugs ...)
-       TODO: check
+       NOT-FOR-US: Sourcetree
 CVE-2017-14592 (Sourcetree for macOS had several argument and command 
injection bugs ...)
-       TODO: check
+       NOT-FOR-US: Sourcetree
 CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and 
version ...)
        NOT-FOR-US: Atlassian
 CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial 
...)
@@ -24141,11 +24141,11 @@ CVE-2017-14525 (Multiple open redirect 
vulnerabilities in OpenText Documentum We
 CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum 
...)
        NOT-FOR-US: OpenText Documentum Administrator
 CVE-2017-14523 (WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection 
attack. ...)
-       TODO: check
+       NOT-FOR-US: WonderCMS
 CVE-2017-14522 (In WonderCMS 2.3.1, the application's input fields accept 
arbitrary ...)
-       TODO: check
+       NOT-FOR-US: WonderCMS
 CVE-2017-14521 (In WonderCMS 2.3.1, the upload functionality accepts random 
...)
-       TODO: check
+       NOT-FOR-US: WonderCMS
 CVE-2017-14520 (In Poppler 0.59.0, a floating point exception occurs in ...)
        {DSA-4079-1}
        - poppler 0.61.1-2 (low; bug #876081)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac68fe519f61b244ff7095589ae9e9a41d1c56c

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac68fe519f61b244ff7095589ae9e9a41d1c56c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to