[Git][security-tracker-team/security-tracker][master] new ocsinventory issue

Moritz Muehlenhoff jmm at debian.org
Sat Aug 11 12:39:18 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52a7653b by Moritz Muehlenhoff at 2018-08-11T11:38:35Z
new ocsinventory issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -939,7 +939,8 @@ CVE-2018-14859
 CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2018-14857 (Unrestricted file upload (with remote code execution) in ...)
-	TODO: check
+	- ocsinventory-server <unfixed> (unimportant)
+	NOTE: Authentication is needed, only supported in trusted environments, see debtags
 CVE-2018-14856
 	RESERVED
 CVE-2018-14855
@@ -988,7 +989,7 @@ CVE-2018-14839
 CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content parameter. ...)
 	NOT-FOR-US: rejucms
 CVE-2018-14837 (Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ...)
-	TODO: check
+	NOT-FOR-US: Wolf CMS
 CVE-2018-14836 (Subrion 4.2.1 is vulnerable to Improper Access control because user ...)
 	NOT-FOR-US: Subrion CMS
 CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping ...)
@@ -1092,13 +1093,13 @@ CVE-2018-14787
 CVE-2018-14786
 	RESERVED
 CVE-2018-14785 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
-	TODO: check
+	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
 CVE-2018-14784 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
-	TODO: check
+	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
 CVE-2018-14783 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
-	TODO: check
+	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
 CVE-2018-14782 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
-	TODO: check
+	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
 CVE-2018-14781
 	RESERVED
 CVE-2018-14780
@@ -1888,7 +1889,7 @@ CVE-2018-14504 (An issue was discovered in manage_filter_edit_page.php in Mantis
 	NOTE: https://mantisbt.org/blog/archives/mantisbt/602
 	NOTE: https://mantisbt.org/bugs/view.php?id=24608
 CVE-2018-14503 (Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in ...)
-	TODO: check
+	NOT-FOR-US: Coremail XT
 CVE-2018-14502
 	RESERVED
 CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as ...)
@@ -4625,7 +4626,7 @@ CVE-2018-13343
 CVE-2018-13342
 	RESERVED
 CVE-2018-13341 (Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all ...)
-	TODO: check
+	NOT-FOR-US: Creston
 CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. ...)
 	NOT-FOR-US: Gleez CMS
 CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode ...)
@@ -7103,7 +7104,7 @@ CVE-2018-12410
 CVE-2018-12409
 	RESERVED
 CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2018-12407
 	RESERVED
 CVE-2018-12406
@@ -9446,7 +9447,7 @@ CVE-2018-11494 (The "program extension upload" feature in OpenCart thr
 CVE-2018-11493 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
 	NOT-FOR-US: WUZHI CMS
 CVE-2018-11492 (ASUS HG100 devices allow denial of service via an IPv4 packet flood. ...)
-	TODO: check
+	NOT-FOR-US: ASUS HG100 devices
 CVE-2018-11491 (ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated ...)
 	NOT-FOR-US: ASUS HG100 devices
 CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly ...)
@@ -10602,7 +10603,7 @@ CVE-2018-11065
 CVE-2018-11064
 	RESERVED
 CVE-2018-11063 (Dell WMS versions 1.1 and prior are impacted by multiple unquoted ...)
-	TODO: check
+	NOT-FOR-US: Dell WMS
 CVE-2018-11062
 	RESERVED
 CVE-2018-11061
@@ -10632,7 +10633,7 @@ CVE-2018-11050 (Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.
 CVE-2018-11049 (RSA Identity Governance and Lifecycle, RSA Via Lifecycle and ...)
 	NOT-FOR-US: RSA
 CVE-2018-11048 (Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2018-11047 (Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2018-11046 (Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version ...)
@@ -11475,7 +11476,7 @@ CVE-2018-10771 (Stack-based buffer overflow in the get_key function in parse.c i
 CVE-2018-10770 (download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote ...)
 	NOT-FOR-US: ShenZhen Anni "5 in 1 XVR" devices
 CVE-2018-10769 (The transferProxy and approveProxy functions of a smart contract ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-10768 (There is a NULL pointer dereference in the AnnotPath::getCoordsLength ...)
 	- poppler 0.38.0-2
 	[jessie] - poppler <no-dsa> (Minor issue)
@@ -11810,7 +11811,7 @@ CVE-2018-10632 (In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 a
 CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician ...)
 	NOT-FOR-US: Medtronic
 CVE-2018-10630 (For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version ...)
-	TODO: check
+	NOT-FOR-US: Creston
 CVE-2018-10629
 	RESERVED
 CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update ...)
@@ -11818,7 +11819,7 @@ CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 
 CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
 	NOT-FOR-US: Echelon
 CVE-2018-10626 (A vulnerability was discovered in all versions of Medtronic MyCareLink ...)
-	TODO: check
+	NOT-FOR-US: Medtronic
 CVE-2018-10625
 	RESERVED
 CVE-2018-10624 (In Johnson Controls Metasys System Versions 8.0 and prior and BCPro ...)
@@ -11826,7 +11827,7 @@ CVE-2018-10624 (In Johnson Controls Metasys System Versions 8.0 and prior and BC
 CVE-2018-10623 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
 	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
 CVE-2018-10622 (A vulnerability was discovered in all versions of Medtronic MyCareLink ...)
-	TODO: check
+	NOT-FOR-US: Medtronic
 CVE-2018-10621 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
 	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
 CVE-2018-10620 (AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52a7653b1f2cf119e848c05be816fc0667c26e8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52a7653b1f2cf119e848c05be816fc0667c26e8d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180811/aca4660d/attachment.html>

More information about the debian-security-tracker-commits mailing list