[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Aug 31 09:45:44 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e3d36429 by Moritz Muehlenhoff at 2018-08-31T08:45:25Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69,23 +69,23 @@ CVE-2018-16241
CVE-2018-16240
RESERVED
CVE-2018-16239 (An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() ...)
- TODO: check
+ NOT-FOR-US: damiCMS
CVE-2018-16238 (An issue was discovered in damiCMS V6.0.1. Remote code execution can ...)
- TODO: check
+ NOT-FOR-US: damiCMS
CVE-2018-16237 (An issue was discovered in damiCMS V6.0.1. There is Directory Traversal ...)
- TODO: check
+ NOT-FOR-US: damiCMS
CVE-2018-16236 (cPanel through 74 allows XSS via a crafted filename in the logs ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2018-16235
RESERVED
CVE-2018-16234 (MorningStar WhatWeb 0.4.9 has XSS via JSON report files. ...)
- TODO: check
+ NOT-FOR-US: MorningStar WhatWeb
CVE-2018-16233 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2018-16232
RESERVED
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows ...)
- TODO: check
+ NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230
RESERVED
CVE-2018-16229
@@ -309,7 +309,7 @@ CVE-2018-16133 (Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a
CVE-2018-16132 (The image rendering component (createGenericPreview) of the Open ...)
NOT-FOR-US: Signal app (specific on iOS)
CVE-2018-16131 (The decodeRequest and decodeRequestWith directives in Lightbend Akka ...)
- TODO: check
+ NOT-FOR-US: Lightbend Akka
CVE-2018-16130
RESERVED
CVE-2018-558213
@@ -5896,21 +5896,21 @@ CVE-2018-13828
CVE-2018-13827
RESERVED
CVE-2018-13826 (An XML external entity vulnerability in the XOG functionality, in CA ...)
- TODO: check
+ NOT-FOR-US: CA PPM
CVE-2018-13825 (Insufficient input validation in the gridExcelExport functionality, in ...)
- TODO: check
+ NOT-FOR-US: CA PPM
CVE-2018-13824 (Insufficient input sanitization of two parameters in CA PPM 14.3 and ...)
- TODO: check
+ NOT-FOR-US: CA PPM
CVE-2018-13823 (An XML external entity vulnerability in the XOG functionality, in CA ...)
- TODO: check
+ NOT-FOR-US: CA PPM
CVE-2018-13822 (Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, ...)
- TODO: check
+ NOT-FOR-US: CA PPM
CVE-2018-13821 (A lack of authentication, in CA Unified Infrastructure Management ...)
- TODO: check
+ NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13820 (A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, ...)
- TODO: check
+ NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, ...)
- TODO: check
+ NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...)
- twig 2.4.4-2
NOTE: Fixed upstream in 2.4.4
@@ -11128,11 +11128,11 @@ CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code'
CVE-2018-11721
RESERVED
CVE-2018-11720 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory ...)
- TODO: check
+ NOT-FOR-US: Xovis
CVE-2018-11719 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. ...)
- TODO: check
+ NOT-FOR-US: Xovis
CVE-2018-11718 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. ...)
- TODO: check
+ NOT-FOR-US: Xovis
CVE-2017-18286 (nZEDb v0.7.3.3 has XSS in the 404 error page. ...)
NOT-FOR-US: nZEDb
CVE-2016-1000352 (In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES ...)
@@ -11448,9 +11448,9 @@ CVE-2018-11618 (This vulnerability allows remote attackers to execute arbitrary
CVE-2018-11617 (This vulnerability allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: Foxit Reader
CVE-2018-11616 (This vulnerability allows remote attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Tencent Foxmail
CVE-2018-11615 (This vulnerability allows remote attackers to deny service on ...)
- TODO: check
+ NOT-FOR-US: mosca
CVE-2018-11614
RESERVED
CVE-2018-11613
@@ -14509,9 +14509,9 @@ CVE-2018-10516 (In CMS Made Simple (CMSMS) through 2.2.7, the "file rename&
CVE-2018-10515 (In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation ...)
NOT-FOR-US: CMS Made Simple
CVE-2018-10514 (A Missing Impersonation Privilege Escalation vulnerability in Trend ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10513 (A Deserialization of Untrusted Data Privilege Escalation vulnerability ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10512 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) ...)
NOT-FOR-US: Trend Micro
CVE-2018-10511 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) ...)
@@ -25519,9 +25519,9 @@ CVE-2018-6501
CVE-2018-6500
RESERVED
CVE-2018-6499 (Remote Code Execution in the following products Hybrid Cloud ...)
- TODO: check
+ NOT-FOR-US: Hybrid Cloud Management Containerized Suite
CVE-2018-6498 (Remote Code Execution in the following products Hybrid Cloud ...)
- TODO: check
+ NOT-FOR-US: Hybrid Cloud Management Containerized Suite
CVE-2018-6497 (Remote Cross-site Request forgery (CSRF) potential has been identified ...)
NOT-FOR-US: UCMDB Server
CVE-2018-6496 (Remote Cross-site Request forgery (CSRF) potential has been identified ...)
@@ -125632,7 +125632,7 @@ CVE-2016-0375 (JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x throu
CVE-2016-0374 (The builder tools in IBM TRIRIGA Application Platform 3.3 before ...)
NOT-FOR-US: IBM
CVE-2016-0373 (IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0372 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, ...)
NOT-FOR-US: IBM
CVE-2016-0371 (The Tivoli Storage Manager (TSM) password may be displayed in plain ...)
@@ -125910,7 +125910,7 @@ CVE-2016-0236 (IBM Security Guardium Database Activity Monitor 8.2 before p310,
CVE-2016-0235 (IBM Security Guardium Database Activity Monitor 10 allows local users ...)
NOT-FOR-US: IBM
CVE-2016-0234 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0233 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, ...)
NOT-FOR-US: IBM
CVE-2016-0232 (IBM Financial Transaction Manager (FTM) for ACH Services, Check ...)
@@ -125968,7 +125968,7 @@ CVE-2016-0207 (IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.
CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated attacker to ...)
NOT-FOR-US: IBM
CVE-2016-0205 (A vulnerability has been identified in IBM Cloud Orchestrator 2.3, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0204 (Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before ...)
NOT-FOR-US: IBM
CVE-2016-0203 (A vulnerability has been identified in the IBM Cloud Orchestrator task ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3d364290bc6d3e0d2c7cacd9c7459e64a0a2a3b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3d364290bc6d3e0d2c7cacd9c7459e64a0a2a3b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180831/d19f231f/attachment.html>
More information about the debian-security-tracker-commits
mailing list