Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
396ab576 by Salvatore Bonaccorso at 2018-03-29T23:37:35+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -201,7 +201,7 @@ CVE-2018-9033
CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L
Wireless ...)
NOT-FOR-US: D-Link
CVE-2018-9031 (The login interface on TNLSoftSolutions Sentry Vision 3.x
devices ...)
- TODO: check
+ NOT-FOR-US: TNLSoftSolutions Sentry Vision 3.x devices
CVE-2018-9030
RESERVED
CVE-2018-9029
@@ -595,7 +595,7 @@ CVE-2018-8887
CVE-2018-8886
RESERVED
CVE-2018-8885 (screenresolution-mechanism in screen-resolution-extra 0.17.2
does not ...)
- TODO: check
+ NOT-FOR-US: screen-resolution-extra
CVE-2018-1000136 (Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0
up to ...)
- electron <itp> (bug #842420)
CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local
users to ...)
@@ -3425,11 +3425,11 @@ CVE-2018-7678 (A cross site scripting vulnerability
exist in the Administration
CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4
Identity ...)
NOT-FOR-US: NetIQ Access Manager
CVE-2018-7676 (The NetIQ Identity Manager, in versions prior to 4.7, userapp
with log ...)
- TODO: check
+ NOT-FOR-US: NetIQ Identity Manager
CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into
the ...)
NOT-FOR-US: NetIQ Sentinel
CVE-2018-7674 (The NetIQ Identity Manager user console, in versions prior to
4.7, is ...)
- TODO: check
+ NOT-FOR-US: NetIQ Identity Manager
CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions
prior to ...)
NOT-FOR-US: NetIQ Identity Manager
CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux
kernel ...)
@@ -6716,7 +6716,7 @@ CVE-2018-6610 (Information Leakage exists in the jLike
1.0 component for Joomla!
CVE-2018-6609 (SQL Injection exists in the JSP Tickets 1.1 component for
Joomla! via ...)
NOT-FOR-US: JSP Tickets component for Joomla!
CVE-2018-6608 (In the WebRTC component in Opera 51.0.2830.55, after visiting a
web ...)
- TODO: check
+ NOT-FOR-US: WebRTC component in Opera
CVE-2018-6607
RESERVED
CVE-2018-6606 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150.
Improper ...)
@@ -6768,11 +6768,11 @@ CVE-2018-6590
CVE-2018-6589
RESERVED
CVE-2018-6588 (CA API Developer Portal 3.5 up to and including 3.5 CR5 has a
...)
- TODO: check
+ NOT-FOR-US: CA API Developer Portal
CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a
...)
- TODO: check
+ NOT-FOR-US: CA API Developer Portal
CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a
stored ...)
- TODO: check
+ NOT-FOR-US: CA API Developer Portal
CVE-2018-1000040
RESERVED
CVE-2018-1000039
@@ -58864,7 +58864,7 @@ CVE-2017-5949 (JavaScriptCore in WebKit, as distributed
in Safari Technology Pre
CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T
devices. ...)
NOT-FOR-US: OnePlus One
CVE-2017-5947 (An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5
devices ...)
- TODO: check
+ NOT-FOR-US: OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS
CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for
Ruby has a ...)
{DSA-3801-1 DLA-846-1}
- ruby-zip 1.2.0-1.1 (bug #856269)
@@ -116749,9 +116749,9 @@ CVE-2015-4955 (Cross-site scripting (XSS)
vulnerability in IBM Business Process
CVE-2015-4954 (IBM BigFix Remote Control before Interim Fix pack ...)
NOT-FOR-US: IBM
CVE-2015-4953 (IBM BigFix Remote Control before Interim Fix pack ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-4952 (The on-demand plugin in IBM Endpoint Manager for Remote Control
9.0.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-4951 (Client Acceptor Daemon (CAD) in the client in IBM Spectrum
Protect ...)
NOT-FOR-US: IBM Spectrum Protect
CVE-2015-4950 (The mailbox-restore feature in IBM Tivoli Storage Manager for
Mail: ...)
@@ -125535,7 +125535,7 @@ CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM
QRadar SIEM 7.1 MR2 before Pa
CVE-2015-2010
REJECTED
CVE-2015-2009 (Cross-site request forgery (CSRF) vulnerability in the
xmlrpc.cgi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-2008 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and
7.2.x ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-2007 (Directory traversal vulnerability in IBM Security QRadar SIEM
7.2.x ...)
@@ -139641,7 +139641,7 @@ CVE-2014-6606
CVE-2014-6605
RESERVED
CVE-2014-6604 (Cross-site scripting (XSS) vulnerability in
class-s2-list-table.php in ...)
- TODO: check
+ NOT-FOR-US: Subscribe2 plugin for WordPress
CVE-2014-6603 (The SSHParseBanner function in SSH parser (app-layer-ssh.c) in
...)
[squeeze] - suricata <not-affected> (Vulnerable code not yet present)
[wheezy] - suricata <not-affected> (Vulnerable code not yet present)
@@ -143154,7 +143154,7 @@ CVE-2014-5177 (libvirt 1.0.0 through 1.2.x before
1.2.5, when fine grained acces
[squeeze] - libvirt <not-affected> (Not exploitable in that version)
NOTE: http://security.libvirt.org/2014/0003.html
CVE-2014-5170 (The Storage API module 7.x before 7.x-1.6 for Drupal might
allow ...)
- TODO: check
+ NOT-FOR-US: Storage API module for Drupal
CVE-2014-5169 (Cross-site scripting (XSS) vulnerability in the Date module
before ...)
NOT-FOR-US: Drupal module Date
CVE-2014-5168
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/396ab5762d557945a4f2a8bc211a0203f909ebdf
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/396ab5762d557945a4f2a8bc211a0203f909ebdf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
