[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Mon, 02 Apr 2018 13:41:22 -0700

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
80e516f8 by Moritz Muehlenhoff at 2018-04-02T22:40:18+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-9231
        RESERVED
 CVE-2018-9230 (In OpenResty before 1.13.6.1, URI parameters were obtained 
using the ...)
-       TODO: check
+       NOT-FOR-US: OpenResty
 CVE-2018-9229
        RESERVED
 CVE-2018-9228
@@ -95,7 +95,7 @@ CVE-2018-9185
 CVE-2018-9184
        RESERVED
 CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has 
XSS. ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2018-9182
        RESERVED
 CVE-2018-9181
@@ -136,7 +136,7 @@ CVE-2018-9165 (The pushdup function in util/decompile.c in 
libming through 0.4.8
 CVE-2018-9164
        RESERVED
 CVE-2018-9163 (A stored Cross-site scripting (XSS) vulnerability in Zoho 
ManageEngine ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2018-9162 (Contec Smart Home 4.15 devices do not require authentication 
for ...)
        NOT-FOR-US: Contec Smart Home
 CVE-2018-9161 (Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote 
attackers ...)
@@ -6741,11 +6741,11 @@ CVE-2018-6663
 CVE-2018-6662
        RESERVED
 CVE-2018-6661 (DLL Side-Loading vulnerability in Microsoft Windows Client in 
McAfee ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2018-6660 (Directory Traversal vulnerability in McAfee ePolicy 
Orchestrator (ePO) ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2018-6659 (Reflected Cross-Site Scripting vulnerability in McAfee ePolicy 
...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2018-6658
        RESERVED
 CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI 
through ...)
@@ -8131,11 +8131,11 @@ CVE-2018-6253 (NVIDIA GPU Display Driver contains a 
vulnerability in DirectX and
        [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
        NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
 CVE-2018-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in 
the ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in 
DirectX ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6250 (NVIDIA Windows GPU Display Driver contains a vulnerability in 
the ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel 
mode ...)
        - nvidia-graphics-drivers <unfixed> (bug #894338)
        [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -8148,9 +8148,9 @@ CVE-2018-6249 (NVIDIA GPU Display Driver contains a 
vulnerability in kernel mode
        [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
        NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
 CVE-2018-6248 (NVIDIA Windows GPU Display Driver contains a vulnerability in 
the ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6247 (NVIDIA Windows GPU Display Driver contains a vulnerability in 
the ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6246
        RESERVED
 CVE-2018-6245
@@ -21222,7 +21222,7 @@ CVE-2018-1297 (When using Distributed Test only (RMI 
based), Apache JMeter 2.x a
 CVE-2018-1296
        RESERVED
 CVE-2018-1295 (In Apache Ignite 2.3 or earlier, the serialization mechanism 
does not ...)
-       TODO: check
+       NOT-FOR-US: Apache Ignite
 CVE-2018-1294 (If a user of Commons-Email (typically an application 
programmer) ...)
        - commons-email <not-affected> (Fixed with first upload to Debian)
        NOTE: 
https://marc.info/?i=CAF8HOZ+J3NkaywfbHuQpHxK9ZXeT4=4vs9rowcdiudnt1qa...@mail.gmail.com
@@ -22724,7 +22724,7 @@ CVE-2018-1040
 CVE-2018-1039
        RESERVED
 CVE-2018-1038 (The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 
SP1 ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-1037
        RESERVED
 CVE-2018-1036
@@ -24771,7 +24771,7 @@ CVE-2018-0196 (A vulnerability in the web-based user 
interface (web UI) of Cisco
 CVE-2018-0195 (A vulnerability in the Cisco IOS XE Software REST API could 
allow an ...)
        NOT-FOR-US: Cisco
 CVE-2018-0194 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE 
Software ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0193 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE 
Software ...)
        NOT-FOR-US: Cisco
 CVE-2018-0192
@@ -77977,7 +77977,7 @@ CVE-2016-8719 (An exploitable reflected Cross-Site 
Scripting vulnerability exist
 CVE-2016-8718 (An exploitable Cross-Site Request Forgery vulnerability exists 
in the ...)
        NOT-FOR-US: Moxa
 CVE-2016-8717 (An exploitable Use of Hard-coded Credentials vulnerability 
exists in ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2016-8716 (An exploitable Cleartext Transmission of Password vulnerability 
exists ...)
        NOT-FOR-US: Moxa
 CVE-2016-8715 (An exploitable heap corruption vulnerability exists in the 
loadTrailer ...)
@@ -125831,15 +125831,15 @@ CVE-2015-2006
 CVE-2015-2005 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 
7.2.x ...)
        NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2015-2004 (The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android 
might ...)
-       TODO: check
+       NOT-FOR-US: GraceNote GNSDK SDK
 CVE-2015-2003 (The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android 
might ...)
-       TODO: check
+       NOT-FOR-US: PJSIP PJSUA2 SDK
 CVE-2015-2002 (The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might 
allow ...)
-       TODO: check
+       NOT-FOR-US: ESRI ArcGis Runtime SDK
 CVE-2015-2001 (The MetaIO SDK before 6.0.2.1 for Android might allow attackers 
to ...)
-       TODO: check
+       NOT-FOR-US: MetaIO SDK
 CVE-2015-2000 (The Jumio SDK before 1.5.0 for Android might allow attackers to 
...)
-       TODO: check
+       NOT-FOR-US: Jumio SDK
 CVE-2015-1999 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 
5 ...)
        NOT-FOR-US: IBM QRadar
 CVE-2015-1998



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80e516f8cf413749522ab9ce6b9853f0538ae286

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80e516f8cf413749522ab9ce6b9853f0538ae286
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to