[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Wed, 28 Mar 2018 23:41:28 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e9a4e546 by Salvatore Bonaccorso at 2018-03-29T08:40:20+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,7 +7,7 @@ CVE-2018-9112
 CVE-2018-9111
        RESERVED
 CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory 
Traversal via ...)
-       TODO: check
+       NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via 
the ...)
        NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 
allows an ...)
@@ -4013,7 +4013,7 @@ CVE-2018-7500 (A Permissions, Privileges, and Access 
Controls issue was discover
 CVE-2018-7499
        RESERVED
 CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of 
proper ...)
-       TODO: check
+       NOT-FOR-US: Philips Alice 6 System
 CVE-2018-7497
        RESERVED
 CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI 
Vision ...)
@@ -5072,15 +5072,15 @@ CVE-2018-7198 (October CMS through 1.0.431 allows XSS 
by entering HTML on the Ad
 CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored 
cross-site ...)
        NOT-FOR-US: Pluck CMS
 CVE-2018-7196 (Cross-site scripting (XSS) vulnerability in /scp/index.php in 
...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2018-7195 (Enhancesoft osTicket before 1.10.2 allows remote attackers to 
reset ...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2018-7194 (Integer format vulnerability in the ticket number generator in 
...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2018-7193 (Cross-site scripting (XSS) vulnerability in /scp/directory.php 
in ...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2018-7192 (Cross-site scripting (XSS) vulnerability in 
/ajax.php/form/help-topic ...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2018-7191
        RESERVED
 CVE-2018-7190
@@ -5904,7 +5904,7 @@ CVE-2018-6884
 CVE-2018-6883 (Piwigo before 2.9.3 has SQL injection in admin/tags.php in the 
...)
        - piwigo <removed>
 CVE-2018-6882 (Cross-site scripting (XSS) vulnerability in the ...)
-       TODO: check
+       NOT-FOR-US: Zimbra
 CVE-2018-1000062 (WonderCMS version 2.4.0 contains a Stored Cross-Site 
Scripting on File ...)
        NOT-FOR-US: WonderCMS
 CVE-2018-1000061 (ARM mbedTLS version development branch, 2.7.0 and earlier 
contains a ...)
@@ -9965,7 +9965,7 @@ CVE-2018-5453 (An Improper Handling of Length Parameter 
Inconsistency issue was 
 CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson 
Process ...)
        NOT-FOR-US: Emerson Process Management ControlWave Micro Process 
Automation Controller
 CVE-2018-5451 (In Philips Alice 6 System version R8.0.2 or prior, when an 
actor ...)
-       TODO: check
+       NOT-FOR-US: Philips Alice 6 System
 CVE-2018-5450
        RESERVED
 CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell 
...)
@@ -21058,9 +21058,9 @@ CVE-2018-1240
 CVE-2018-1239
        RESERVED
 CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command 
injection ...)
-       TODO: check
+       NOT-FOR-US: EMC ScaleIO
 CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper 
restriction ...)
-       TODO: check
+       NOT-FOR-US: EMC ScaleIO
 CVE-2018-1236
        RESERVED
 CVE-2018-1235
@@ -21124,7 +21124,7 @@ CVE-2018-1207 (Dell EMC iDRAC7/iDRAC8, versions prior 
to 2.52.52.52, contain CGI
 CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 
159 and ...)
        NOT-FOR-US: EMC Data Protection Advisor
 CVE-2018-1205 (Dell EMC ScaleIO, versions prior to 2.5, do not properly handle 
some ...)
-       TODO: check
+       NOT-FOR-US: EMC ScaleIO
 CVE-2018-1204 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 
8.0.1.0 - ...)
        NOT-FOR-US: Dell
 CVE-2018-1203 (In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump 
binary ...)
@@ -37741,7 +37741,7 @@ CVE-2017-12817 (In Kaspersky Internet Security for 
Android 11.12.4.1622, some of
 CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some 
of ...)
        NOT-FOR-US: Kaspersky Internet Security for Android
 CVE-2017-12815 (Analysis of the Bomgar Remote Support Portal JavaStart.jar 
Applet ...)
-       TODO: check
+       NOT-FOR-US: Bomgar Remote Support Portal JavaStart Applet
 CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in 
...)
        - perl <not-affected> (Windows specific issue)
        NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet 
public)
@@ -41451,7 +41451,7 @@ CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 
is vulnerable to arbitrary
 CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to 
arbitrary file ...)
        NOT-FOR-US: ManageEngine ServiceDesk
 CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera 
that ...)
-       TODO: check
+       NOT-FOR-US: Wanscam's HW0021 network camera
 CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in 
...)
        TODO: check
 CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL 
Injection ...)
@@ -53336,11 +53336,11 @@ CVE-2017-7634 (Cross-site scripting (XSS) 
vulnerability in QNAP NAS application 
 CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive 
...)
        NOT-FOR-US: QNAP
 CVE-2017-7632 (Cross-site scripting (XSS) vulnerability in File Station of 
QNAP QTS ...)
-       TODO: check
+       NOT-FOR-US: File Station of QNAP QTS
 CVE-2017-7631 (Cross-site scripting (XSS) vulnerability in the share link 
function of ...)
-       TODO: check
+       NOT-FOR-US: File Station of QNAP
 CVE-2017-7630 (QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change 
password ...)
        NOT-FOR-US: QNAP QTS
 CVE-2017-7628 (The &quot;Smart related articles&quot; extension 1.1 for 
Joomla! has SQL ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9a4e5467216b91261a3c633242c2cbc7b1b0919

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9a4e5467216b91261a3c633242c2cbc7b1b0919
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to