[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Sat, 07 Apr 2018 00:08:39 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8bb9a5a7 by Salvatore Bonaccorso at 2018-04-07T09:07:03+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5681,7 +5681,7 @@ CVE-2018-7508 (A Cross-site Scripting issue was 
discovered in OSIsoft PI Web API
 CVE-2018-7507
        RESERVED
 CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 
and ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2018-7505
        RESERVED
 CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft 
PI ...)
@@ -8853,9 +8853,9 @@ CVE-2017-18100
 CVE-2017-18099
        RESERVED
 CVE-2017-18098 (The searchrequest-xml resource in Atlassian Jira before 
version 7.6.1 ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2017-18097 (The Trello board importer resource in Atlassian Jira before 
version ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2017-18096 (The OAuth status rest resource in Atlassian Application Links 
before ...)
        NOT-FOR-US: Atlassian Application Links
 CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before 
version ...)
@@ -70283,11 +70283,11 @@ CVE-2017-2870 (An exploitable integer overflow 
vulnerability exists in the ...)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269
        NOTE: Built with GCC in Debian, which doesn't remove the check
 CVE-2017-2869 (An exploitable code execution vulnerability exists in the 
OpenProducer ...)
-       TODO: check
+       NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2868 (An exploitable code execution vulnerability exists in the ...)
-       TODO: check
+       NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2867 (An exploitable code execution vulnerability exists in the ...)
-       TODO: check
+       NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup 
...)
        NOT-FOR-US: Circle with Disney
 CVE-2017-2865 (An exploitable vulnerability exists in the firmware update ...)
@@ -70304,7 +70304,7 @@ CVE-2017-2862 (An exploitable heap overflow 
vulnerability exists in the ...)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784866
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
 CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the 
use of a ...)
-       TODO: check
+       NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2860
        RESERVED
 CVE-2017-2859
@@ -70320,7 +70320,7 @@ CVE-2017-2855
 CVE-2017-2854
        RESERVED
 CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the ...)
-       TODO: check
+       NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2852
        RESERVED
 CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras 
with ...)
@@ -80748,7 +80748,7 @@ CVE-2016-8382
 CVE-2016-8381
        RESERVED
 CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to 
read and ...)
-       TODO: check
+       NOT-FOR-US: web server in Phoenix Contact ILC PLCs
 CVE-2016-8379 (An issue was discovered in Moxa ioLogik E1210, firmware Version 
V2.4 ...)
        NOT-FOR-US: Moxa
 CVE-2016-8378 (An issue was discovered in Lynxspring JENEsys BAS Bridge 
versions 1.1.8 ...)
@@ -80766,7 +80766,7 @@ CVE-2016-8373
 CVE-2016-8372 (An issue was discovered in Moxa ioLogik E1210, firmware Version 
V2.4 ...)
        NOT-FOR-US: Moxa
 CVE-2016-8371 (The web server in Phoenix Contact ILC PLCs can be accessed 
without ...)
-       TODO: check
+       NOT-FOR-US: web server in Phoenix Contact ILC PLCs
 CVE-2016-8370 (An issue was discovered in Mitsubishi Electric Automation 
MELSEC-Q ...)
        NOT-FOR-US: Mitsubishi
 CVE-2016-8369 (An issue was discovered in Lynxspring JENEsys BAS Bridge 
versions 1.1.8 ...)
@@ -80776,7 +80776,7 @@ CVE-2016-8368 (An issue was discovered in Mitsubishi 
Electric Automation MELSEC-
 CVE-2016-8367 (An issue was discovered in Schneider Electric Magelis HMI 
Magelis GTO ...)
        NOT-FOR-US: Schneider
 CVE-2016-8366 (Webvisit in Phoenix Contact ILC PLCs offers a password macro to 
...)
-       TODO: check
+       NOT-FOR-US: Phoenix Contact ILC PLCs
 CVE-2016-8365 (OSIsoft PI System software (Applications using PI Asset 
Framework (AF) ...)
        NOT-FOR-US: OSIsoft PI
 CVE-2016-8364 (An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. 
Object ...)
@@ -145146,7 +145146,7 @@ CVE-2014-5074 (Siemens SIMATIC S7-1500 CPU devices 
with firmware before 1.6 allo
 CVE-2014-5073 (vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 
28657 ...)
        NOT-FOR-US: VMTurbo Operations Manager
 CVE-2014-5072 (Cross-site request forgery (CSRF) vulnerability in WP Security 
Audit ...)
-       TODO: check
+       NOT-FOR-US: WP Security Audit Log plugin for WordPress
 CVE-2014-5071 (SQL injection vulnerability in the checkPassword function in 
...)
        NOT-FOR-US: Symmetricom
 CVE-2014-5070 (Symmetricom s350i 2.70.15 allows remote authenticated users to 
gain ...)
@@ -145233,7 +145233,7 @@ CVE-2014-5036 (The Storage Controller (SC) component 
in Eucalyptus 3.4.2 through
 CVE-2014-5035 (The Netconf (TCP) service in OpenDaylight 1.0 allows remote 
attackers ...)
        NOT-FOR-US: Opendaylight
 CVE-2014-5034 (Cross-site request forgery (CSRF) vulnerability in the Brute 
Force ...)
-       TODO: check
+       NOT-FOR-US: Brute Force Login Protection module for WordPress
 CVE-2014-5023 (Repository.php in Gitter, as used in Gitlist, allows remote 
attackers ...)
        - gitlist <itp> (bug #750368)
 CVE-2014-5018 (Incomplete blacklist vulnerability in the autoEscape function 
in ...)
@@ -149654,7 +149654,7 @@ CVE-2014-3415 (SQL injection vulnerability in 
Sharetronix before 3.4 allows remo
 CVE-2014-3414 (Cross-site request forgery (CSRF) vulnerability in Sharetronix 
before ...)
        NOT-FOR-US: Sharetronix
 CVE-2014-3413 (The MySQL server in Juniper Networks Junos Space before 
13.3R1.8 has ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2014-3412 (Unspecified vulnerability in Juniper Junos Space before 
13.3R1.8, when ...)
        NOT-FOR-US: Juniper Junos Space
 CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in Juniper NSM 
before ...)
@@ -152509,7 +152509,7 @@ CVE-2014-2361 (OleumTech WIO DH2 Wireless Gateway and 
Sensor Wireless I/O Module
 CVE-2014-2360 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O 
Modules ...)
        NOT-FOR-US: OleumTech Wireless Gateway
 CVE-2014-2359 (OleumTech Wireless Sensor Network devices allow remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: OleumTech Wireless Sensor Network devices
 CVE-2014-2358 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the ...)
        NOT-FOR-US: Fox-IT Fox DataDiode
 CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application 
in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bb9a5a7e880602a4e8e02c6067535d43d02a2cb

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bb9a5a7e880602a4e8e02c6067535d43d02a2cb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to