[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 13 14:17:14 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3ffd0c2c by Salvatore Bonaccorso at 2018-04-13T15:17:05+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,17 +1,17 @@
CVE-2018-10086 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10085 (CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10084 (CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10083 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10082 (CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware ...)
- TODO: check
+ NOT-FOR-US: Secutech RiS-11, RiS-22, and RiS-33 devices
CVE-2018-10079
RESERVED
CVE-2018-10078
@@ -8058,9 +8058,9 @@ CVE-2018-6937
CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via ...)
NOT-FOR-US: D-Link
CVE-2018-6935 (PHP Scripts Mall Student Profile Management System Script v2.0.6 has ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Student Profile Management System Script
CVE-2018-6934 (CSRF exists in student/personal-info in PHP Scripts Mall Online ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Online Tutoring Script
CVE-2018-6933
RESERVED
CVE-2018-6932
@@ -8204,15 +8204,15 @@ CVE-2018-6906
CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via ...)
- typo3-src <removed>
CVE-2018-6904 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2018-6903 (PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
CVE-2018-6902 (PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Image Sharing Script
CVE-2018-6901
RESERVED
CVE-2018-6900 (PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Website Broker Script
CVE-2018-6899
RESERVED
CVE-2018-6898
@@ -8264,7 +8264,7 @@ CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to discover the full path v
CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full ...)
NOT-FOR-US: EmpireCMS
CVE-2018-6879 (PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Scripts ...)
NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
CVE-2018-6877
@@ -8290,7 +8290,7 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attac
[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
NOTE: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a ...)
{DLA-1287-1}
- zziplib <unfixed>
@@ -12921,7 +12921,7 @@ CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is
CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before ...)
NOT-FOR-US: Arista
CVE-2018-5254 (Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Arista EOS
CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an ...)
NOT-FOR-US: Bento4
CVE-2018-5252 (libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has ...)
@@ -16059,7 +16059,7 @@ CVE-2018-3891
CVE-2018-3890
RESERVED
CVE-2018-3889 (A specially crafted PCX image processed via the application can lead ...)
- TODO: check
+ NOT-FOR-US: Computerinsel Photoline
CVE-2018-3888 (A memory corruption vulnerability exists in the PCX-parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3887 (A memory corruption vulnerability exists in the PCX-parsing ...)
@@ -16101,7 +16101,7 @@ CVE-2018-3870
CVE-2018-3869
RESERVED
CVE-2018-3868 (A specially crafted TIFF image processed via the application can lead ...)
- TODO: check
+ NOT-FOR-US: Computerinsel Photoline
CVE-2018-3867
RESERVED
CVE-2018-3866
@@ -16113,9 +16113,9 @@ CVE-2018-3864
CVE-2018-3863
RESERVED
CVE-2018-3862 (A specially crafted TIFF image processed via the application can lead ...)
- TODO: check
+ NOT-FOR-US: Computerinsel Photoline
CVE-2018-3861 (A specially crafted TIFF image processed via the application can lead ...)
- TODO: check
+ NOT-FOR-US: Computerinsel Photoline
CVE-2018-3860
RESERVED
CVE-2018-3859
@@ -58483,7 +58483,7 @@ CVE-2017-6912
CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It stores ...)
NOT-FOR-US: USB Pratirodh
CVE-2017-6910 (The HTTP and WebSocket engine components in the server in Kaazing ...)
- TODO: check
+ NOT-FOR-US: Kaazing Gateway
CVE-2017-6909 (An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists ...)
NOT-FOR-US: Shimmie
CVE-2017-6908 (An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability ...)
@@ -73531,7 +73531,7 @@ CVE-2017-1792
CVE-2017-1791
RESERVED
CVE-2017-1790 (IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM DOORS Next Generation
CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an ...)
NOT-FOR-US: IBM
CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form Login ...)
@@ -135902,13 +135902,13 @@ CVE-2015-0155
CVE-2015-0154
RESERVED
CVE-2015-0153 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2015-0152 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2015-0151 (Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2015-0150 (The remote administration UI in D-Link DIR-815 devices with firmware ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2015-0149 (The developer portal in IBM API Management 3.0 before 3.0.4.1 does not ...)
NOT-FOR-US: IBM API Management
CVE-2015-0148
@@ -136436,7 +136436,7 @@ CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5
CVE-2014-8889 (Dropbox SDK for Android before 1.6.2 might allow remote attackers to ...)
NOT-FOR-US: Dropbox SDK for Android
CVE-2014-8888 (The remote administration interface in D-Link DIR-815 devices with ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...)
NOT-FOR-US: IBM Marketing Operations
CVE-2014-8886 (AVM FRITZ!OS before 6.30 extracts the contents of firmware updates ...)
@@ -142986,7 +142986,7 @@ CVE-2014-6313 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugi
CVE-2014-6312 (Cross-site request forgery (CSRF) vulnerability in the Login Widget ...)
NOT-FOR-US: Login Widget With Shortcode (login-sidebar-widget) plugin for WordPress
CVE-2014-6309 (The HTTP and WebSocket engine components in the server in Kaazing ...)
- TODO: check
+ NOT-FOR-US: Kaazing Gateway
CVE-2014-6308 (Directory traversal vulnerability in OSClass before 3.4.2 allows ...)
NOT-FOR-US: OsClass
CVE-2014-6307
@@ -143349,7 +143349,7 @@ CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal
CVE-2014-6170 (The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 ...)
NOT-FOR-US: IBM
CVE-2014-6169 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...)
- TODO: check
+ NOT-FOR-US: IBM Forms Experience Builder
CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
NOT-FOR-US: IBM
CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting feature ...)
@@ -143447,7 +143447,7 @@ CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 befo
CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security AppScan ...)
NOT-FOR-US: IBM
CVE-2014-6120 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through ...)
- TODO: check
+ NOT-FOR-US: IBM Rational AppScan Source
CVE-2014-6119 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
NOT-FOR-US: IBM
CVE-2014-6118
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ffd0c2c891040734ad8a314bb32cd9425fa5edc
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ffd0c2c891040734ad8a314bb32cd9425fa5edc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180413/a607eace/attachment.html>
More information about the debian-security-tracker-commits
mailing list