[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Sun, 01 Apr 2018 06:02:37 -0700

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
67cd8f05 by Moritz Muehlenhoff at 2018-04-01T15:01:47+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -90,7 +90,7 @@ CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. 
...)
 CVE-2018-9129
        RESERVED
 CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a 
crafted .plf ...)
-       TODO: check
+       NOT-FOR-US: DVD X Player Standard
 CVE-2018-9127
        RESERVED
 CVE-2018-9126
@@ -640,7 +640,7 @@ CVE-2018-8910
 CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows 
attackers to ...)
        NOT-FOR-US: Wire application for Android
 CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. 
The ...)
-       TODO: check
+       NOT-FOR-US: Frog CMS
 CVE-2018-8907
        RESERVED
 CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...)
@@ -674,7 +674,7 @@ CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file 
(2345DumpBlock.sys) a
 CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) 
allows ...)
        NOT-FOR-US: 2345 Security Guard
 CVE-2018-8893 (Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in 
the ...)
-       TODO: check
+       NOT-FOR-US: Z-BlogPHP
 CVE-2018-8892
        RESERVED
 CVE-2018-8891
@@ -5333,7 +5333,7 @@ CVE-2018-1000067 (An improper authorization vulnerability 
exists in Jenkins vers
 CVE-2018-7172 (In index.php in WonderCMS before 2.4.1, remote attackers can 
delete ...)
        NOT-FOR-US: WonderCMS
 CVE-2018-7171 (Directory traversal vulnerability in Twonky Server 7.0.11 
through 8.5 ...)
-       TODO: check
+       NOT-FOR-US: Twonky Server
 CVE-2018-7170 (ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows 
...)
        - ntp 1:4.2.8p11+dfsg-1
        [stretch] - ntp <no-dsa> (Minor issue)
@@ -26339,7 +26339,7 @@ CVE-2017-16616 (An exploitable vulnerability exists in 
the YAML parsing function
 CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing 
functionality ...)
        NOT-FOR-US: MLAlchemy
 CVE-2017-16614 (SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 
allows ...)
-       TODO: check
+       NOT-FOR-US: tpshop
 CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth 
through ...)
        {DSA-4044-1}
        - swauth 1.2.0-4 (bug #882314)
@@ -26644,7 +26644,7 @@ CVE-2017-16514 (Multiple persistent stored 
Cross-Site-Scripting (XSS) vulnerabil
 CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer 
overflows in ...)
        NOT-FOR-US: Ipswitch WS_FTP Professional
 CVE-2017-16512 (The vagrant update process in Hashicorp vagrant-vmware-fusion 
5.0.2 ...)
-       TODO: check
+       NOT-FOR-US: vagrant-vmware-fusion
 CVE-2017-16511
        RESERVED
 CVE-2017-1000171 (Mahara Mobile before 1.2.1 is vulnerable to passwords being 
sent to ...)
@@ -31568,7 +31568,7 @@ CVE-2017-14883 (In the function 
wma_unified_power_debug_stats_event_handler() in
 CVE-2017-14882 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
        NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14881 (While calling the IPA IOCTL handler for 
IPA_IOC_ADD_HDR_PROC_CTX in ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14880
        RESERVED
 CVE-2017-14879 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
@@ -71225,11 +71225,11 @@ CVE-2017-1769 (IBM Business Process Manager 8.6 is 
vulnerable to cross-site requ
 CVE-2017-1768
        RESERVED
 CVE-2017-1767 (IBM Business Process Manager 8.6 is vulnerable to cross-site 
...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2017-1766 (Due to incorrect authorization in IBM Business Process Manager 
8.6 an ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated 
user ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2017-1764
        RESERVED
 CVE-2017-1763
@@ -71247,7 +71247,7 @@ CVE-2017-1758 (IBM Financial Transaction Manager for 
ACH Services for Multi-Plat
 CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A 
remote ...)
        NOT-FOR-US: IBM Security Guardium
 CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored 
locally ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2017-1755
        RESERVED
 CVE-2017-1754
@@ -71265,7 +71265,7 @@ CVE-2017-1749
 CVE-2017-1748
        RESERVED
 CVE-2017-1747 (A specially crafted message could cause a denial of service in 
IBM ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2017-1746 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) 
is ...)
        NOT-FOR-US: IBM Jazz for Service Management
 CVE-2017-1745
@@ -71349,7 +71349,7 @@ CVE-2017-1707
 CVE-2017-1706
        RESERVED
 CVE-2017-1705 (IBM Security Privileged Identity Manager 2.1.0 contains 
left-over, ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2017-1704
        RESERVED
 CVE-2017-1703
@@ -84459,7 +84459,7 @@ CVE-2016-6660
 CVE-2016-6659 (Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 
3.6.5, ...)
        NOT-FOR-US: Pivotal
 CVE-2016-6658 (Applications in cf-release before 245 can be configured and 
pushed ...)
-       TODO: check
+       NOT-FOR-US: cf-release
 CVE-2016-6657 (An open redirect vulnerability has been detected with some 
Pivotal ...)
        NOT-FOR-US: Pivotal
 CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0. 
Creation ...)
@@ -104137,7 +104137,7 @@ CVE-2016-0900 (Cross-site scripting (XSS) 
vulnerability in EMC RSA Authenticatio
 CVE-2016-0899 (EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote 
authenticated ...)
        NOT-FOR-US: RSA Archer GRC Platform
 CVE-2016-0898 (MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log 
the AWS ...)
-       TODO: check
+       NOT-FOR-US: MySQL for PCF tiles
 CVE-2016-0897 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x 
before ...)
        NOT-FOR-US: Pivotal Cloud Foundry
 CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 
1.7.x ...)
@@ -125624,7 +125624,7 @@ CVE-2015-2022
 CVE-2015-2021
        RESERVED
 CVE-2015-2020 (The MyScript SDK before 1.3 for Android might allow attackers 
to ...)
-       TODO: check
+       NOT-FOR-US: MyScript SDK
 CVE-2015-2019 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 
before ...)
        NOT-FOR-US: IBM
 CVE-2015-2018 (IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere 
Message ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/67cd8f05599151e09679e488051a959c2b022433

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/67cd8f05599151e09679e488051a959c2b022433
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to