[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Sun Apr 22 21:18:05 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
adf73eb9 by Moritz Muehlenhoff at 2018-04-22T22:17:39+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,13 +1,13 @@
CVE-2018-10299
RESERVED
CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...)
- TODO: check
+ NOT-FOR-US: DiscuzX
CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the ...)
- TODO: check
+ NOT-FOR-US: DiscuzX
CVE-2018-10296 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2018-10295 (ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add ...)
- TODO: check
+ NOT-FOR-US: ChemCMS
CVE-2018-10294
RESERVED
CVE-2018-10293
@@ -29,9 +29,9 @@ CVE-2018-10288
CVE-2018-10287
RESERVED
CVE-2018-10286 (The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive ...)
- TODO: check
+ NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac web application
CVE-2018-10285 (The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access ...)
- TODO: check
+ NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac web application
CVE-2018-10284 (Adaltech G-Ticket v70 EME104 has SQL Injection via the ...)
NOT-FOR-US: Adaltech G-Ticket v70 EME104
CVE-2018-10283 (CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php ...)
@@ -2458,7 +2458,7 @@ CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php
CVE-2018-9246
RESERVED
CVE-2018-9245 (The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection ...)
- TODO: check
+ NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac login portal
CVE-2018-9242
RESERVED
CVE-2018-9241
@@ -8556,7 +8556,7 @@ CVE-2018-6962
CVE-2018-6961
RESERVED
CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken ...)
- TODO: check
+ NOT-FOR-US: VMware Horizon DaaS
CVE-2018-6959 (VMware vRealize Automation (vRA) prior to 7.4.0 contains a ...)
NOT-FOR-US: VMware vRealize Automation
CVE-2018-6958 (VMware vRealize Automation (vRA) prior to 7.3.1 contains a ...)
@@ -17880,7 +17880,7 @@ CVE-2017-17904 (FS Lynda Clone has XSS via the keywords parameter to tutorial/ o
CVE-2017-17903 (FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by ...)
NOT-FOR-US: FS Lynda Clone
CVE-2017-17902 (SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a ...)
- TODO: check
+ NOT-FOR-US: Kliqqi CMS
CVE-2017-17901 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of ...)
NOT-FOR-US: ZyXEL
CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...)
@@ -17915,7 +17915,7 @@ CVE-2017-17891 (Readymade Video Sharing Script has CSRF via user-profile-edit.ph
CVE-2017-17890
RESERVED
CVE-2017-17889 (Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, ...)
- TODO: check
+ NOT-FOR-US: Kliqqi CMS
CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, ...)
NOT-FOR-US: Anti-Web
CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...)
@@ -32376,7 +32376,7 @@ CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, t
CVE-2017-15641
RESERVED
CVE-2017-15640 (app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip ...)
- TODO: check
+ NOT-FOR-US: phpIPAM
CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to ...)
NOT-FOR-US: Mura CMS
CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux ...)
@@ -144364,15 +144364,15 @@ CVE-2014-6114 (The Hosted Transparent Decision Service in the Rule Execution Ser
CVE-2014-6113 (Cross-site scripting (XSS) vulnerability in the Web Reports component ...)
NOT-FOR-US: IBM Tivoli
CVE-2014-6112 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6111 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6110 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not ...)
NOT-FOR-US: IBM
CVE-2014-6109 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6108 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6107 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
NOT-FOR-US: IBM
CVE-2014-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
@@ -147460,7 +147460,7 @@ CVE-2014-4784 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 befor
CVE-2014-4783 (Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master ...)
NOT-FOR-US: IBM
CVE-2014-4782 (IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-4781 (The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before ...)
NOT-FOR-US: IBM InfoSphere BigInsights
CVE-2014-4780
@@ -157769,7 +157769,7 @@ CVE-2014-0952 (Cross-site scripting (XSS) vulnerability in boot_config.jsp in IB
CVE-2014-0951 (Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0950 (Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0949 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0948 (Unspecified vulnerability in IBM Rational Software Architect Design ...)
@@ -157807,7 +157807,7 @@ CVE-2014-0933 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere
CVE-2014-0932 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order ...)
NOT-FOR-US: IBM
CVE-2014-0931 (Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0930 (The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, ...)
NOT-FOR-US: IBM AIX
CVE-2014-0929 (Cross-site request forgery (CSRF) vulnerability in the Profiles ...)
@@ -157815,7 +157815,7 @@ CVE-2014-0929 (Cross-site request forgery (CSRF) vulnerability in the Profiles .
CVE-2014-0928
RESERVED
CVE-2014-0927 (The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0926
RESERVED
CVE-2014-0925 (Open redirect vulnerability in IBM Sterling Control Center 5.4.0 ...)
@@ -157845,7 +157845,7 @@ CVE-2014-0914 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
CVE-2014-0913 (Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino ...)
NOT-FOR-US: IBM iNotes
CVE-2014-0912 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0911 (inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before ...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2014-0910 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
@@ -157903,7 +157903,7 @@ CVE-2014-0885 (Cross-site request forgery (CSRF) vulnerability in the Admin Web
CVE-2014-0884 (Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM ...)
NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0883 (Cross-site scripting (XSS) vulnerability in IBM Power Hardware ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0882
RESERVED
CVE-2014-0881
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/adf73eb90a2df2035e33a59e65a7722e32021977
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/adf73eb90a2df2035e33a59e65a7722e32021977
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180422/9fd625bf/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list