[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 6 08:51:00 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c7e3c2d4 by Salvatore Bonaccorso at 2018-12-06T08:50:35Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2018-19907 (A Server-Side Template Injection issue was discovered in Crafter CMS ...)
- TODO: check
+ NOT-FOR-US: Crafter CMS
CVE-2018-19906
RESERVED
CVE-2018-19905
@@ -17,19 +17,19 @@ CVE-2018-19900
CVE-2018-19899
RESERVED
CVE-2018-19898 (ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ...)
- TODO: check
+ NOT-FOR-US: ThinkCMF
CVE-2018-19897 (ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in ...)
- TODO: check
+ NOT-FOR-US: ThinkCMF
CVE-2018-19896 (ThinkCMF X2.2.2 has SQL Injection via the function delete() in ...)
- TODO: check
+ NOT-FOR-US: ThinkCMF
CVE-2018-19895 (ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in ...)
- TODO: check
+ NOT-FOR-US: ThinkCMF
CVE-2018-19894 (ThinkCMF X2.2.2 has SQL Injection via the functions check() and ...)
- TODO: check
+ NOT-FOR-US: ThinkCMF
CVE-2018-19893 (SearchController.php in PbootCMS 1.2.1 has SQL injection via the ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2018-19892 (DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php ...)
- TODO: check
+ NOT-FOR-US: DomainMOD
CVE-2018-19891 (An invalid memory address dereference was discovered in the huffcode ...)
TODO: check
CVE-2018-19890 (An invalid memory address dereference was discovered in the huffcode ...)
@@ -356,9 +356,9 @@ CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: .
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528
NOTE: https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
CVE-2018-19754 (Tarantella Enterprise before 3.11 allows bypassing Access Control. ...)
- TODO: check
+ NOT-FOR-US: Tarantella Enterprise
CVE-2018-19753 (Tarantella Enterprise before 3.11 allows Directory Traversal. ...)
- TODO: check
+ NOT-FOR-US: Tarantella Enterprise
CVE-2018-19752 (DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php ...)
NOT-FOR-US: DomainMOD
CVE-2018-19751 (DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php ...)
@@ -578,7 +578,7 @@ CVE-2018-19652
CVE-2018-19651 (admin/functions/remote.php in Interspire Email Marketer through 6.1.6 ...)
NOT-FOR-US: Interspire Email Marketer
CVE-2018-19650 (Local attackers can trigger a stack-based buffer overflow on ...)
- TODO: check
+ NOT-FOR-US: Antiy-AVL ATool security management
CVE-2019-1564
RESERVED
CVE-2019-1563
@@ -5208,7 +5208,7 @@ CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been discov
CVE-2018-18992
RESERVED
CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA WebServer ...)
- TODO: check
+ NOT-FOR-US: SCADA WebServer
CVE-2018-18990
RESERVED
CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and ...)
@@ -10734,9 +10734,9 @@ CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Inco
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
CVE-2018-16792 (SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via ...)
- TODO: check
+ NOT-FOR-US: SolarWinds SFTP/SCP server
CVE-2018-16791 (In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration ...)
- TODO: check
+ NOT-FOR-US: SolarWinds SFTP/SCP server
CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in ...)
- libbson <unfixed> (bug #913896)
[stretch] - libbson <no-dsa> (Minor issue)
@@ -13351,7 +13351,7 @@ CVE-2018-15775
CVE-2018-15774
RESERVED
CVE-2018-15773 (Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-15772 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for ...)
NOT-FOR-US: EMC RecoverPoint
CVE-2018-15771 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7e3c2d4c5a74012605ce1d836938083be2915ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7e3c2d4c5a74012605ce1d836938083be2915ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181206/3e96fcb4/attachment.html>
More information about the debian-security-tracker-commits
mailing list