[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Thu, 15 Mar 2018 04:10:33 -0700

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0f5ccdba by Moritz Muehlenhoff at 2018-03-15T12:10:04+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2357,9 +2357,9 @@ CVE-2018-7680
 CVE-2018-7679
        RESERVED
 CVE-2018-7678 (A cross site scripting vulnerability exist in the 
Administration ...)
-       TODO: check
+       NOT-FOR-US: NetIQ Access Manager
 CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 
Identity ...)
-       TODO: check
+       NOT-FOR-US: NetIQ Access Manager
 CVE-2018-7676
        RESERVED
 CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into 
the ...)
@@ -2641,7 +2641,6 @@ CVE-2018-7587 (An issue was discovered in CImg v.220. DoS 
occurs when loading a 
        [stretch] - cimg <no-dsa> (Minor issue)
        [jessie] - cimg <no-dsa> (Minor issue)
        [wheezy] - cimg <no-dsa> (Minor issue)
-       TODO: check, not reported upstream
 CVE-2018-7586 (In the nextgen-gallery plugin before 2.2.50 for WordPress, 
gallery ...)
        NOT-FOR-US: nextgen-gallery plugin for WordPress
 CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a 
heap-based ...)
@@ -2890,15 +2889,15 @@ CVE-2018-7535
 CVE-2018-7534
        RESERVED
 CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in 
OSIsoft PI ...)
-       TODO: check
+       NOT-FOR-US: OSIsoft PI
 CVE-2018-7532
        RESERVED
 CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI 
Data ...)
-       TODO: check
+       NOT-FOR-US: OSIsoft PI
 CVE-2018-7530
        RESERVED
 CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in 
OSIsoft PI ...)
-       TODO: check
+       NOT-FOR-US: OSIsoft PI
 CVE-2018-7528
        RESERVED
 CVE-2018-7527
@@ -2940,7 +2939,7 @@ CVE-2018-7510
 CVE-2018-7509
        RESERVED
 CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web 
API ...)
-       TODO: check
+       NOT-FOR-US: OSIsoft PI
 CVE-2018-7507
        RESERVED
 CVE-2018-7506
@@ -2948,7 +2947,7 @@ CVE-2018-7506
 CVE-2018-7505
        RESERVED
 CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft 
PI ...)
-       TODO: check
+       NOT-FOR-US: OSIsoft PI
 CVE-2018-7503
        RESERVED
 CVE-2018-7502
@@ -2956,7 +2955,7 @@ CVE-2018-7502
 CVE-2018-7501
        RESERVED
 CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was 
discovered in ...)
-       TODO: check
+       NOT-FOR-US: OSIsoft PI
 CVE-2018-7499
        RESERVED
 CVE-2018-7498
@@ -2964,7 +2963,7 @@ CVE-2018-7498
 CVE-2018-7497
        RESERVED
 CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI 
Vision ...)
-       TODO: check
+       NOT-FOR-US: OSIsoft PI
 CVE-2018-7495
        RESERVED
 CVE-2018-7494
@@ -3062,7 +3061,7 @@ CVE-2018-7476 (controllers/admin/Linkage.php in dayrui 
FineCms 5.3.0 has Cross S
 CVE-2018-7475
        RESERVED
 CVE-2018-7474 (An issue was discovered in Textpattern CMS 4.6.2 and earlier. 
It is ...)
-       TODO: check
+       - textpattern <removed>
 CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot 
web ...)
        NOT-FOR-US: SO Connect SO WIFI
 CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of 
service ...)
@@ -3666,13 +3665,13 @@ CVE-2018-7281 (CactusVPN 5.3.6 for macOS contains a 
root privilege escalation ..
 CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...)
        NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2018-1000093 (CryptoNote version version 0.8.9 and possibly later contain 
a local ...)
-       TODO: check
+       NOT-FOR-US: CryptoNote
 CVE-2018-1000092 (CMS Made Simple version versions 2.2.5 contains a Cross ite 
Request ...)
        NOT-FOR-US: CMS Made Simple
 CVE-2018-1000091 (KadNode version version 2.2.0 contains a Buffer Overflow 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: KadNode
 CVE-2018-1000090 (textpattern version version 4.6.2 contains a XML Injection 
...)
-       TODO: check
+       - textpattern <removed>
 CVE-2018-1000089 (Anymail django-anymail version version 0.2 through 1.3 
contains a ...)
        - django-anymail 1.4-1 (bug #890097)
        [stretch] - django-anymail <no-dsa> (Minor issue; non-free/contrib not 
security supported)
@@ -3684,7 +3683,7 @@ CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 
contains a Cross Site S
 CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross 
Site ...)
        NOT-FOR-US: WolfCMS
 CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 
contains a ...)
-       TODO: check
+       NOT-FOR-US: pym.js
 CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap 
memory ...)
        - clamav 0.99.3~beta1+dfsg-1
        [stretch] - clamav 0.99.4+dfsg-1+deb9u1
@@ -3775,11 +3774,11 @@ CVE-2018-1000071 (roundcube version 1.3.4 and earlier 
contains an Insecure Permi
        NOTE: 
https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt
        NOTE: Can be mitigated by moving home folder outside the scope of the 
webserver
 CVE-2018-1000070 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or 
after ...)
-       TODO: check
+       NOT-FOR-US: PyBitmessage
 CVE-2018-1000069 (FreePlane version 1.5.9 and earlier contains a XML External 
Entity ...)
        TODO: check
 CVE-2018-7279 (A remote code execution issue was discovered in AlienVault USM 
and ...)
-       TODO: check
+       NOT-FOR-US: AlienVault
 CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / 
FDS-PC-DP ...)
        NOT-FOR-US: RLE Protocol Converter FDS-PC / FDS-PC-DP devices
 CVE-2018-7277 (An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. 
Persistent ...)
@@ -4849,7 +4848,7 @@ CVE-2018-6877
 CVE-2018-6876 (The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as 
used in ...)
        NOT-FOR-US: libfpx
 CVE-2018-6875 (Format String vulnerability in KeepKey version 4.0.0 allows 
attackers ...)
-       TODO: check
+       NOT-FOR-US: KeepKey
 CVE-2018-6874
        RESERVED
 CVE-2018-6873



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f5ccdbab6e34afb0e47f35d693b645f8670a615

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f5ccdbab6e34afb0e47f35d693b645f8670a615
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to