Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
25f85058 by Salvatore Bonaccorso at 2018-02-22T21:53:29+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1065,7 +1065,7 @@ CVE-2018-6938
 CVE-2018-6937
        RESERVED
 CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 
3.01 via ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2018-6935
        RESERVED
 CVE-2018-6934
@@ -33746,7 +33746,7 @@ CVE-2017-12417
 CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect 
internal ...)
        NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-12415 (OXID eShop Community Edition before 6.0.0 RC2 (development), 
4.10.x ...)
-       TODO: check
+       NOT-FOR-US: OXID eShop
 CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom 
encryption ...)
        NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because 
an ...)
@@ -39032,13 +39032,13 @@ CVE-2017-9972
 CVE-2017-9971
        RESERVED
 CVE-2017-9970 (A remote code execution vulnerability exists in Schneider 
Electric's ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2017-9969 (An information disclosure vulnerability exists in Schneider 
Electric's ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2017-9968 (A security misconfiguration vulnerability exists in Schneider 
...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2017-9967 (A security misconfiguration vulnerability exists in Schneider 
...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2017-9966 (A privilege escalation vulnerability exists in Schneider 
Electric's ...)
        NOT-FOR-US: Schneider Electric
 CVE-2017-9965 (An exposure of sensitive information vulnerability exists in 
Schneider ...)
@@ -39046,7 +39046,7 @@ CVE-2017-9965 (An exposure of sensitive information 
vulnerability exists in Schn
 CVE-2017-9964 (A Path Traversal issue was discovered in Schneider Electric 
Pelco ...)
        NOT-FOR-US: Schneider Electric
 CVE-2017-9963 (A cross-site request forgery vulnerability exists on the Secure 
...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to 
August 2017 ...)
        NOT-FOR-US: Schneider Electric
 CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro 
EX ...)
@@ -42033,7 +42033,7 @@ CVE-2017-9515
 CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 
had a ...)
        NOT-FOR-US: Atlassian Bamboo
 CVE-2017-9513 (Several rest inline action resources of Atlassian Activity 
Streams ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Activity Streams
 CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and 
...)
        NOT-FOR-US: Atlassian
 CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, 
before ...)
@@ -43952,19 +43952,19 @@ CVE-2017-8987
 CVE-2017-8986
        RESERVED
 CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a 
local ...)
-       TODO: check
+       NOT-FOR-US: HPE XP Storage
 CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent 
Management ...)
-       TODO: check
+       NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-8983 (A Remote Code Execution vulnerability in HPE Intelligent 
Management ...)
-       TODO: check
+       NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-8982 (A Remote Authentication Restriction Bypass vulnerability in HPE 
...)
-       TODO: check
+       NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-8981 (A Remote Code Execution vulnerability in HPE Intelligent 
Management ...)
-       TODO: check
+       NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-8980 (A Remote Disclosure of Information vulnerability in HPE 
Intelligent ...)
-       TODO: check
+       NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-8979 (Security vulnerabilities in the HPE Integrated Lights-Out 2 
(iLO 2) ...)
-       TODO: check
+       NOT-FOR-US: HPE Integrated Lights-Out 2 (iLO 2) firmware
 CVE-2017-8978 (A Remote Unauthorized Disclosure of Information vulnerability 
in HPE ...)
        NOT-FOR-US: HPE IceWall Products
 CVE-2017-8977 (A Remote Denial of Service vulnerability in Hewlett Packard 
Enterprise ...)
@@ -52834,17 +52834,17 @@ CVE-2017-6232
 CVE-2017-6231
        RESERVED
 CVE-2017-6230 (Ruckus Networks Solo APs firmware releases R110.x or before and 
Ruckus ...)
-       TODO: check
+       NOT-FOR-US: Ruckus Networks firmware
 CVE-2017-6229 (Ruckus Networks Unleashed AP firmware releases before 
200.6.10.1.x and ...)
-       TODO: check
+       NOT-FOR-US: Ruckus Networks firmware
 CVE-2017-6228
        RESERVED
 CVE-2017-6227 (A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN 
...)
-       TODO: check
+       NOT-FOR-US: Brocade
 CVE-2017-6226
        RESERVED
 CVE-2017-6225 (Cross-site scripting (XSS) vulnerability in the web-based 
management ...)
-       TODO: check
+       NOT-FOR-US: Brocade
 CVE-2017-6224 (Ruckus Wireless Zone Director Controller firmware releases 
ZD9.x, ...)
        NOT-FOR-US: Ruckus
 CVE-2017-6223 (Ruckus Wireless Zone Director Controller firmware releases 
ZD9.9.x, ...)
@@ -52978,7 +52978,7 @@ CVE-2017-6171
 CVE-2017-6170
        RESERVED
 CVE-2017-6169 (In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 
BIG-IP ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 
12.0.0-12.1.2 ...)
        NOT-FOR-US: F5 BIG-IP
        NOTE: https://support.f5.com/csp/article/K21905460
@@ -53034,7 +53034,7 @@ CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2 
when downloading the Type 
 CVE-2017-6143
        RESERVED
 CVE-2017-6142 (X509 certificate verification was not correctly implemented in 
the ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2017-6141 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and 
...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2017-6140 (On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, 
i7800, ...)
@@ -53990,23 +53990,23 @@ CVE-2017-5817 (A Remote Code Execution vulnerability 
in HPE Intelligent Manageme
 CVE-2017-5816 (A Remote Code Execution vulnerability in HPE Intelligent 
Management ...)
        NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5815 (A Remote Code Execution vulnerability in HPE Intelligent 
Management ...)
-       TODO: check
+       NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5814 (A remote sql injection authentication bypass in HPE Network 
Automation ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2017-5813 (A remote unauthenticated access vulnerability in HPE Network 
...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2017-5812 (A remote sql information disclosure vulnerability in HPE 
Network ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2017-5811 (A remote code execution vulnerability in HPE Network Automation 
...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2017-5810 (A remote sql injection vulnerability in HPE Network Automation 
version ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2017-5809 (A Remote Arbitrary Code Execution vulnerability in HPE Data 
Protector ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2017-5808 (A Remote Arbitrary Code Execution vulnerability in HPE Data 
Protector ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2017-5807 (A Remote Arbitrary Code Execution vulnerability in HPE Data 
Protector ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2017-5806 (A Remote Code Execution vulnerability in HPE Intelligent 
Management ...)
        NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5805 (A Remote Code Execution vulnerability in HPE Intelligent 
Management ...)
@@ -54284,7 +54284,7 @@ CVE-2017-5701 (Insecure platform configuration in 
system firmware for Intel ...)
 CVE-2017-5700 (Insufficient protection of password storage in system firmware 
for ...)
        NOT-FOR-US: Intel
 CVE-2017-5699 (Input validation error in Intel MinnowBoard 3 Firmware versions 
prior ...)
-       TODO: check
+       NOT-FOR-US: Intel MinnowBoard 3 Firmware
 CVE-2017-5698 (Intel Active Management Technology, Intel Standard 
Manageability, and ...)
        NOT-FOR-US: Intel
 CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface 
of ...)
@@ -56606,7 +56606,7 @@ CVE-2017-5172
 CVE-2017-5171
        RESERVED
 CVE-2017-5170 (An Uncontrolled Search Path Element issue was discovered in 
Moxa ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2017-5169 (An issue was discovered in Hanwha Techwin Smart Security 
Manager ...)
        NOT-FOR-US: Hanwha Techwin
 CVE-2017-5168 (An issue was discovered in Hanwha Techwin Smart Security 
Manager ...)
@@ -60109,7 +60109,7 @@ CVE-2017-3764 (A vulnerability was identified in Lenovo 
XClarity Administrator (
 CVE-2017-3763 (An attacker who obtains access to the location where the LXCA 
file ...)
        NOT-FOR-US: Lenovo LXCA
 CVE-2017-3762 (Sensitive data stored by Lenovo Fingerprint Manager Pro, 
version ...)
-       TODO: check
+       NOT-FOR-US: Lenovo Fingerprint Manager Pro
 CVE-2017-3761 (The Lenovo Service Framework Android application executes some 
system ...)
        NOT-FOR-US: Lenovo
 CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of 
...)
@@ -60307,9 +60307,9 @@ CVE-2016-9953
 CVE-2016-9952
        RESERVED
 CVE-2016-10008 (SQL injection vulnerability in the "Content Types > 
Content Types" ...)
-       TODO: check
+       NOT-FOR-US: dotCMS
 CVE-2016-10007 (SQL injection vulnerability in the "Marketing > 
Forms" screen in ...)
-       TODO: check
+       NOT-FOR-US: dotCMS
 CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially 
crafted input ...)
        NOT-FOR-US: OWASP AntiSamy
 CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote 
attackers to ...)
@@ -65848,7 +65848,7 @@ CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could 
allow a local user to cr
 CVE-2017-1759
        RESERVED
 CVE-2017-1758 (IBM Financial Transaction Manager for ACH Services for 
Multi-Platform ...)
-       TODO: check
+       NOT-FOR-US: IBM Financial Transaction Manager for ACH Services for 
Multi-Platform
 CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A 
remote ...)
        NOT-FOR-US: IBM Security Guardium
 CVE-2017-1756
@@ -66156,7 +66156,7 @@ CVE-2017-1606 (IBM Financial Transaction Manager (FTM) 
for Multi-Platform (MP) .
 CVE-2017-1605
        RESERVED
 CVE-2017-1604 (IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site 
scripting. ...)
-       TODO: check
+       NOT-FOR-US: IBM Maximo Anywhere
 CVE-2017-1603
        RESERVED
 CVE-2017-1602
@@ -66441,7 +66441,7 @@ CVE-2017-1464
 CVE-2017-1463
        RESERVED
 CVE-2017-1462 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site 
scripting. ...)
-       TODO: check
+       NOT-FOR-US: IBM Rhapsody DM
 CVE-2017-1461 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is 
vulnerable to ...)
        NOT-FOR-US: IBM
 CVE-2017-1460 (IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue 
router ...)
@@ -67572,7 +67572,7 @@ CVE-2017-0913
 CVE-2017-0912
        RESERVED
 CVE-2017-0911 (Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a 
callback ...)
-       TODO: check
+       NOT-FOR-US: Twitter Kit for iOS
 CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms, 
a ...)
        - zulip-server <itp> (bug #800052)
 CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable 
to a ...)
@@ -69620,11 +69620,11 @@ CVE-2016-9572
 CVE-2016-9571
        REJECTED
 CVE-2016-9570 (cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a 
denial ...)
-       TODO: check
+       NOT-FOR-US: Carbon Black
 CVE-2016-9569 (The cbstream.sys driver in Carbon Black 5.1.1.60603 allows 
local users ...)
-       TODO: check
+       NOT-FOR-US: Carbon Black
 CVE-2016-9568 (A security design issue can allow an unprivileged user to 
interact ...)
-       TODO: check
+       NOT-FOR-US: Carbon Black
 CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with 
M(6.0) ...)
        NOT-FOR-US: Samsung
 CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users 
with ...)
@@ -73258,11 +73258,11 @@ CVE-2016-8520 (HPE Helion Eucalyptus v4.3.0 and 
earlier does not correctly check
 CVE-2016-8519 (A remote code execution vulnerability in HPE Operations 
Orchestration ...)
        NOT-FOR-US: HPE Operations Orchestration
 CVE-2016-8518 (A remote denial of service vulnerability in HPE Systems Insight 
...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2016-8517 (A cross site scripting vulnerability in HPE Systems Insight 
Manager in ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2016-8516 (A remote denial of service vulnerability in HPE Systems Insight 
...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2016-8515 (A remote malicious file upload vulnerability in HPE Version 
Control ...)
        NOT-FOR-US: HPE Version Control Repository Manager
 CVE-2016-8514 (A remote information disclosure in HPE Version Control 
Repository ...)
@@ -73270,9 +73270,9 @@ CVE-2016-8514 (A remote information disclosure in HPE 
Version Control Repository
 CVE-2016-8513 (A Cross-Site Request Forgery (CSRF) vulnerability in HPE 
Version ...)
        NOT-FOR-US: HPE Version Control Repository Manager
 CVE-2016-8512 (A Remote Code Execution vulnerability in all versions of HPE 
...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2016-8511 (A Remote Code Execution vulnerability in HPE Network Automation 
using ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2016-8510
        REJECTED
 CVE-2016-8509



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/25f85058e94f9fb751c7af2133862ada5421eee6

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/25f85058e94f9fb751c7af2133862ada5421eee6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to