[Git][security-tracker-team/security-tracker][master] 2 commits: openslp no-dsa
Moritz Muehlenhoff
jmm at debian.org
Thu Apr 26 21:32:58 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd017683 by Moritz Muehlenhoff at 2018-04-26T22:21:16+02:00
openslp no-dsa
- - - - -
5dec02e5 by Moritz Muehlenhoff at 2018-04-26T22:32:36+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,11 +1,11 @@
CVE-2018-10432
RESERVED
CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...)
- TODO: check
+ NOT-FOR-US: DiliCMS
CVE-2018-10429 (Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the ...)
- TODO: check
+ NOT-FOR-US: Cosmo
CVE-2018-10428
RESERVED
CVE-2018-10427
@@ -113,7 +113,7 @@ CVE-2018-10378
CVE-2018-10377
RESERVED
CVE-2018-10376 (An integer overflow in the transferProxy function of a smart contract ...)
- TODO: check
+ NOT-FOR-US: SmartMesh token
CVE-2018-10375 (A file uploading vulnerability exists in ...)
NOT-FOR-US: DedeCMS
CVE-2018-10374 (EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) ...)
@@ -3761,15 +3761,15 @@ CVE-2018-8839
CVE-2018-8838 (A weakness in access controls in CENTUM CS 1000 all versions, CENTUM ...)
NOT-FOR-US: CENTUM
CVE-2018-8837 (Processing specially crafted .pm3 files in Advantech WebAccess HMI ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-8836 (Wago 750 Series PLCs with firmware version 10 and prior include a ...)
NOT-FOR-US: Wago 750 Series PLCs
CVE-2018-8835 (Double free vulnerabilities in Advantech WebAccess HMI Designer ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-8834 (Parsing malformed project files in Omron CX-One versions 4.42 and ...)
NOT-FOR-US: Omron
CVE-2018-8833 (Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable ...)
NOT-FOR-US: enhavo
CVE-2018-8831 (A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through ...)
@@ -5562,7 +5562,7 @@ CVE-2018-8074 (Yii 2.x before 2.0.15 allows remote attackers to inject unintende
CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA ...)
- yii <itp> (bug #597899)
CVE-2018-8072 (An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W ...)
- TODO: check
+ NOT-FOR-US: EDIMAX
CVE-2018-8071 (Mautic before v2.13.0 has stored XSS via a theme config file. ...)
NOT-FOR-US: Mautic
CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
@@ -7335,7 +7335,7 @@ CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial /css/
CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows remote ...)
NOT-FOR-US: TestLink
CVE-2018-7465 (An XSS issue was discovered in VirtueMart before 3.2.14. All the ...)
- TODO: check
+ NOT-FOR-US: VirtueMart
CVE-2018-7464
RESERVED
CVE-2018-7463 (SQL injection vulnerability in files.php in the "files" component in ...)
@@ -10286,7 +10286,7 @@ CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before
NOTE: updated in 1.15.2 to the respective fixed version.
NOTE: https://github.com/simplesamlphp/saml2/commit/726404bf7b4085a9eb9c9a869af1ecc146bd8f6d
CVE-2018-6518 (Composr CMS 10.0.13 has XSS via the site_name parameter in a ...)
- TODO: check
+ NOT-FOR-US: Composr CMS
CVE-2018-6517
RESERVED
CVE-2018-6516
@@ -14035,7 +14035,7 @@ CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible befor
CVE-2018-5227 (Various administrative application link resources in Atlassian ...)
NOT-FOR-US: Atlassian
CVE-2018-5226 (There was an argument injection vulnerability in Sourcetree for ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 ...)
NOT-FOR-US: Atlassian Bitbucket Server
CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial repository ...)
@@ -18436,7 +18436,8 @@ CVE-2017-17834
RESERVED
CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a ...)
{DLA-1364-1}
- - openslp-dfsg <removed>
+ - openslp-dfsg <removed> (low)
+ [jessie] - openslp-dfsg <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...)
NOT-FOR-US: ServersCheck Monitoring Software
@@ -23585,7 +23586,7 @@ CVE-2018-1420
CVE-2018-1419
RESERVED
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java ...)
NOT-FOR-US: IBM Runtimes for Java Technology
CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
@@ -25343,7 +25344,7 @@ CVE-2018-1076
CVE-2018-1075
RESERVED
CVE-2018-1074 (ovirt-engine API and administration web portal before versions ...)
- TODO: check
+ NOT-FOR-US: ovirt-engine
CVE-2018-1073
RESERVED
CVE-2018-1072
@@ -35566,7 +35567,7 @@ CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows ...)
- TODO: check
+ NOT-FOR-US: GeniXCMS
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...)
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
@@ -37848,7 +37849,7 @@ CVE-2017-14012
CVE-2017-14011 (A Cross-Site Request Forgery issue was discovered in ProMinent ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14010 (An uncontrolled search path element vulnerability has been identified ...)
- TODO: check
+ NOT-FOR-US: SpiderControl
CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent MultiFLEX ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14008 (GE Centricity PACS RA1000, diagnostic image analysis, all current ...)
@@ -51934,7 +51935,7 @@ CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in an
CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions ...)
NOT-FOR-US: NetIQ eDirectory
CVE-2017-9284 (IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive ...)
- TODO: check
+ NOT-FOR-US: IDM
CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus ...)
NOT-FOR-US: Micro Focus VisiBroker
CVE-2017-9282 (An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) ...)
@@ -51952,7 +51953,7 @@ CVE-2017-9277 (The LDAP backend in Novell eDirectory before 9.0 SP4 when switche
CVE-2017-9276 (Novell Access Manager iManager before 4.3.3 did not validate ...)
NOT-FOR-US: Novell Access Manager iManager
CVE-2017-9275 (NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is ...)
- TODO: check
+ NOT-FOR-US: NetIQ Identity Reporting
CVE-2017-9274 (A shell command injection in the obs-service-source_validator before ...)
- osc 0.162.1-1 (bug #887391)
[stretch] - osc <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/50cba2c155f1f3307896a3f64fc2ca36b36a70e5...5dec02e5ef4f95fe638012388dc9b7452c7aa043
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/50cba2c155f1f3307896a3f64fc2ca36b36a70e5...5dec02e5ef4f95fe638012388dc9b7452c7aa043
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180426/0dfd792e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list