[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Tue, 27 Mar 2018 13:29:23 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6922d3ee by Salvatore Bonaccorso at 2018-03-27T22:28:40+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-9057 (aws/resource_aws_iam_user_login_profile.go in the HashiCorp 
Terraform ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Terraform Amazon Web Services
 CVE-2018-9056 (Systems with microprocessors utilizing speculative execution 
may allow ...)
        TODO: check
 CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable 
assertion in the ...)
@@ -36,7 +36,7 @@ CVE-2018-9041 (In Advanced SystemCare Ultimate 11.0.1.58, the 
driver file ...)
 CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
        NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an 
authenticated user, ...)
-       TODO: check
+       NOT-FOR-US: Octopus Deploy
 CVE-2018-9038
        RESERVED
 CVE-2018-9037
@@ -644,7 +644,7 @@ CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 
7.0.7-25 Q16 allows 
 CVE-2018-8803
        RESERVED
 CVE-2018-8802 (SQL injection vulnerability in the management interface in 
ePortal ...)
-       TODO: check
+       NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
 CVE-2018-8801
        RESERVED
        - gitlab 10.5.6+dfsg-1 (bug #893905)
@@ -3211,7 +3211,7 @@ CVE-2017-18219 (An issue was discovered in GraphicsMagick 
1.3.26. An allocation 
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/
 CVE-2018-7700 (DedeCMS 5.7 has CSRF with an impact of arbitrary code 
execution, ...)
-       TODO: check
+       NOT-FOR-US: DedeCMS
 CVE-2018-7699
        RESERVED
 CVE-2018-7698 (An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for 
DCS-933L ...)
@@ -3325,7 +3325,7 @@ CVE-2018-7711 (HTTPRedirect.php in the saml2 library in 
SimpleSAMLphp before 1.1
        NOTE: https://simplesamlphp.org/security/201803-01
        NOTE: 
https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
 CVE-2018-7658 (NTSServerSvc.exe in the server in Softros Network Time System 
2.3.4 ...)
-       TODO: check
+       NOT-FOR-US: Softros Network Time System
 CVE-2018-7657
        RESERVED
 CVE-2018-7656
@@ -6046,9 +6046,9 @@ CVE-2018-6769 (In Jiangmin Antivirus 16.0.0.100, the 
driver file (KrnlCall.sys) 
 CVE-2018-6768 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
        NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6766 (Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that 
could ...)
-       TODO: check
+       NOT-FOR-US: Swisscom TVMediaHelper
 CVE-2018-6765 (Swisscom MySwisscomAssistant 2.17.1.1065 contains a 
vulnerability that ...)
-       TODO: check
+       NOT-FOR-US: Swisscom MySwisscomAssistant
 CVE-2018-6763
        RESERVED
 CVE-2018-6762
@@ -24264,7 +24264,7 @@ CVE-2018-0200 (A vulnerability in the web-based 
interface of Cisco Prime Service
 CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could 
allow an ...)
        NOT-FOR-US: Cisco
 CVE-2018-0198 (A vulnerability in the web framework of Cisco Unified 
Communications ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0197
        RESERVED
 CVE-2018-0196
@@ -38796,7 +38796,7 @@ CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 
2.0.0 allows context-depend
 CVE-2017-12411
        RESERVED
 CVE-2017-12410 (It is possible to exploit a Time of Check &amp; Time of Use 
(TOCTOU) ...)
-       TODO: check
+       NOT-FOR-US: Kaseya Virtual System Administrator agent
 CVE-2017-12409
        RESERVED
 CVE-2017-12408
@@ -39022,7 +39022,7 @@ CVE-2017-12321 (Multiple vulnerabilities in the web 
interface of the Cisco Regis
 CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco 
Registered ...)
        NOT-FOR-US: Cisco
 CVE-2017-12319 (A vulnerability in the Border Gateway Protocol (BGP) over an 
Ethernet ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 
devices ...)
        NOT-FOR-US: Cisco
 CVE-2017-12317 (The Cisco AMP For Endpoints application allows an 
authenticated, local ...)
@@ -39040,7 +39040,7 @@ CVE-2017-12312 (An untrusted search path (aka DLL 
Preloading) vulnerability in t
 CVE-2017-12311 (A vulnerability in the H.264 decoder function of Cisco Meeting 
Server ...)
        NOT-FOR-US: Cisco
 CVE-2017-12310 (A vulnerability in the auto discovery phase of Cisco Spark 
Hybrid ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) 
could allow ...)
        NOT-FOR-US: Cisco
 CVE-2017-12308 (A vulnerability in the web framework of Cisco Small Business 
Managed ...)
@@ -116413,7 +116413,7 @@ CVE-2015-5018 (IBM Security Access Manager for Web 
7.0.0 before FP19 and 8.0 bef
 CVE-2015-5017 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 
7.5.0.8 ...)
        NOT-FOR-US: IBM
 CVE-2015-5016 (IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset 
Management ...)
-       TODO: check
+       NOT-FOR-US: IBM Maximo Asset Management
 CVE-2015-5015 (IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before 
Feature Pack ...)
        NOT-FOR-US: IBM
 CVE-2015-5014 (IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 
10.2.4 ...)
@@ -116471,7 +116471,7 @@ CVE-2015-4989 (The portal in IBM Tealeaf Customer 
Experience before 8.7.1.8814, 
 CVE-2015-4988 (Directory traversal vulnerability in the replay server in IBM 
Tealeaf ...)
        NOT-FOR-US: IBM Tealeaf Customer Experience
 CVE-2015-4987 (The search and replay servers in IBM Tealeaf Customer 
Experience 8.0 ...)
-       TODO: check
+       NOT-FOR-US: IBM Tealeaf Customer Experience
 CVE-2015-4986
        RESERVED
 CVE-2015-4985
@@ -116537,7 +116537,7 @@ CVE-2015-4956 (The Web UI in IBM Security QRadar SIEM 
7.1.x before 7.1 MR2 Patch
 CVE-2015-4955 (Cross-site scripting (XSS) vulnerability in IBM Business 
Process ...)
        NOT-FOR-US: IBM
 CVE-2015-4954 (IBM BigFix Remote Control before Interim Fix pack ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2015-4953
        RESERVED
 CVE-2015-4952



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6922d3eee275fbda7d6db47393fa7896c219c032

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6922d3eee275fbda7d6db47393fa7896c219c032
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to