[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Aug 13 16:31:10 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a2e4ee05 by Moritz Muehlenhoff at 2018-08-13T15:30:44Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4538,7 +4538,7 @@ CVE-2018-13392
CVE-2018-13391
RESERVED
CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via network from ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-13389 (The attachment resource in Atlassian Confluence before version 6.6.1 ...)
NOT-FOR-US: Atlassian Confluence
CVE-2018-13388 (The review attachment resource in Atlassian Fisheye and Crucible ...)
@@ -5236,7 +5236,7 @@ CVE-2018-13066 (There is a memory leak in util/parser.c in libming 0.4.8, which
- ming <removed>
NOTE: https://github.com/libming/libming/issues/146
CVE-2018-13065 (** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of ...)
- TODO: check
+ NOT-FOR-US: Bogus claim for ModSecurity, to be revoked
CVE-2018-13064
RESERVED
CVE-2018-13063
@@ -21370,11 +21370,11 @@ CVE-2018-7062
CVE-2018-7061
RESERVED
CVE-2018-7060 (Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is ...)
- TODO: check
+ NOT-FOR-US: Aruba ClearPass
CVE-2018-7059 (Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that ...)
- TODO: check
+ NOT-FOR-US: Aruba ClearPass
CVE-2018-7058 (Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by ...)
- TODO: check
+ NOT-FOR-US: Aruba ClearPass
CVE-2018-7057 (RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName ...)
NOT-FOR-US: RoomWizard
CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain potentially ...)
@@ -30943,7 +30943,7 @@ CVE-2018-3780
CVE-2018-3779 (active-support ruby gem 5.2.0 could allow a remote attacker to execute ...)
TODO: check
CVE-2018-3778 (Improper authorization in aedes version <0.35.0 will publish a LWT in ...)
- TODO: check
+ NOT-FOR-US: aedes
CVE-2018-3777 (Insufficient URI encoding in restforce before 3.0.0 allows attacker to ...)
NOT-FOR-US: restforce
CVE-2018-3776 (Improper input validator in Nextcloud Server prior to 12.0.3 and ...)
@@ -31259,7 +31259,7 @@ CVE-2018-3652 (Existing UEFI setting restrictions for DCI (Direct Connect Interf
CVE-2018-3651
RESERVED
CVE-2018-3650 (Insufficient Input Validation in Bleach module in INTEL Distribution ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3649 (DLL injection vulnerability in the installation executables ...)
NOT-FOR-US: Intel
CVE-2018-3648
@@ -33199,7 +33199,7 @@ CVE-2018-3112
CVE-2018-3111
RESERVED
CVE-2018-3110 (A vulnerability was discovered in the Java VM component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3109 (Vulnerability in the Oracle Fusion Middleware MapViewer component of ...)
NOT-FOR-US: Oracle
CVE-2018-3108 (Vulnerability in the Oracle Fusion Middleware component of Oracle ...)
@@ -66770,13 +66770,13 @@ CVE-2017-9005
CVE-2017-9004
RESERVED
CVE-2017-9003 (Multiple memory corruption flaws are present in ArubaOS which could ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2017-9002 (All versions of Aruba ClearPass prior to 6.6.8 contain reflected ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2017-9001 (Aruba ClearPass 6.6.3 and later includes a feature called "SSH ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2017-9000 (ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2017-8999
RESERVED
CVE-2017-8998
@@ -84848,7 +84848,7 @@ CVE-2017-3212 (The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.110
CVE-2017-3211
RESERVED
CVE-2017-3210 (Applications developed using the Portrait Display SDK, versions 2.30 ...)
- TODO: check
+ NOT-FOR-US: Portrait Display SDK
CVE-2017-3209 (The DBPOWER U818A WIFI quadcopter drone provides FTP access over its ...)
NOT-FOR-US: DBPOWER U818A WIFI quadcopter drone
CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB for Java ...)
@@ -84909,9 +84909,9 @@ CVE-2017-3183 (Sage XRT Treasury, version 3, fails to properly restrict database
CVE-2017-3182 (On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail ...)
NOT-FOR-US: ThreatMetrix SDK
CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2017-3180 (Multiple TIBCO Products are prone to multiple unspecified cross-site ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2017-3179
RESERVED
CVE-2017-3178
@@ -86521,13 +86521,13 @@ CVE-2017-2654 (jenkins-email-ext before version 2.57.1 is vulnerable to an ...)
CVE-2017-2653 (A number of unused delete routes are present in CloudForms before ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2017-2652 (It was found that there were no permission checks performed in the ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2017-2651 (jenkins-mailer-plugin before version 1.20 is vulnerable to an ...)
NOT-FOR-US: jenkins-mailer-plugin
CVE-2017-2650 (It was found that the use of Pipeline: Classpath Step Jenkins plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2017-2649 (It was found that the Active Directory Plugin for Jenkins up to and ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2017-2648 (It was found that jenkins-ssh-slaves-plugin before version 1.15 did ...)
NOT-FOR-US: jenkins-ssh-slaves-plugin
CVE-2017-2647 (The KEYS subsystem in the Linux kernel before 3.18 allows local users ...)
@@ -95826,9 +95826,9 @@ CVE-2016-8529 (A Remote Arbitrary Command Execution vulnerability in HPE StoreVi
CVE-2016-8528 (A Remote Escalation of Privilege vulnerability in HPE Helion ...)
NOT-FOR-US: HPE Helion Eucalyptus
CVE-2016-8527 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2016-8526 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2016-8525 (A Remote Disclosure of Information vulnerability in HPE iMC PLAT ...)
NOT-FOR-US: HPE iMC PLAT
CVE-2016-8524
@@ -109858,7 +109858,7 @@ CVE-2016-4407 (The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 doe
CVE-2016-4406 (A remote cross site scripting vulnerability was identified in HPE iLO ...)
NOT-FOR-US: HPE iLO
CVE-2016-4405 (A remote code execution vulnerability was identified in HP Business ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2016-4404 (A security vulnerability was identified in the Filter SDK component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4403 (A security vulnerability was identified in the Filter SDK component of ...)
@@ -168240,7 +168240,7 @@ CVE-2014-2298
CVE-2014-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-2296 (XML external entity (XXE) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Jasig CAS
CVE-2014-2295
RESERVED
CVE-2014-2294 (Open Web Analytics (OWA) before 1.5.7 allows remote attackers to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2e4ee0598454f726a0c4592736961bd0f570dd3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2e4ee0598454f726a0c4592736961bd0f570dd3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180813/07b90876/attachment.html>
More information about the debian-security-tracker-commits
mailing list