[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 17 20:19:43 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7915e6eb by Salvatore Bonaccorso at 2018-12-17T20:19:23Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator ...)
- TODO: check
+ NOT-FOR-US: FUEL CMS
CVE-2018-20187
RESERVED
CVE-2018-20186 (An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-20185 (In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there ...)
TODO: check
CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based ...)
@@ -29,7 +29,7 @@ CVE-2018-20175
CVE-2018-20174
RESERVED
CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-XXXX ["Magellan" remote code execution vulnerability]
- sqlite3 <unfixed>
- chromium 71.0.3578.80-1
@@ -37,16 +37,16 @@ CVE-2018-XXXX ["Magellan" remote code execution vulnerability]
NOTE: https://blade.tencent.com/magellan/index_en.html
TODO: check, sqlite3 possibly fixed already in 3.25.3-1 (and not only in 3.26.0-1) as per chromium change
CVE-2018-20172 (An issue was discovered in Nagios XI before 5.5.8. The rss_url ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-20171 (An issue was discovered in Nagios XI before 5.5.8. The url parameter of ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-20170 (** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration ...)
TODO: check
CVE-2018-20169 (An issue was discovered in the Linux kernel before 4.19.9. The USB ...)
- linux 4.19.9-1
NOTE: https://git.kernel.org/linus/704620afc70cf47abb9d6a1a57f3825d2bca49cf
CVE-2018-20168 (Google gVisor before 2018-08-22 reuses a pagetable in a different level ...)
- TODO: check
+ NOT-FOR-US: gVisor
CVE-2018-20166
RESERVED
CVE-2017-18355 (Installed packages are exposed by node_modules in Rendertron 1.0.0, ...)
@@ -2133,7 +2133,7 @@ CVE-2018-20135
CVE-2018-20134
RESERVED
CVE-2018-20133 (ymlref allows code injection. ...)
- TODO: check
+ NOT-FOR-US: ymlref
CVE-2018-20132
RESERVED
CVE-2018-20131
@@ -2229,7 +2229,7 @@ CVE-2018-20094 (An issue was discovered in XXL-CONF 1.6.0. There is a path trave
CVE-2018-20093
RESERVED
CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-20091
RESERVED
CVE-2018-20090
@@ -3394,11 +3394,11 @@ CVE-2018-19938
CVE-2018-19937
RESERVED
CVE-2018-19936 (PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. ...)
- TODO: check
+ NOT-FOR-US: PrinterOn Enterprise
CVE-2018-19934
RESERVED
CVE-2018-19933 (Bolt CMS <3.6.2 allows XSS via text input click preview button as ...)
- TODO: check
+ NOT-FOR-US: Bolt CMS
CVE-2019-1984
RESERVED
CVE-2019-1983
@@ -4582,7 +4582,7 @@ CVE-2018-19830
CVE-2018-19829
RESERVED
CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
- TODO: check
+ NOT-FOR-US: Artica Integria IMS
CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the ...)
- libsass <unfixed>
[stretch] - libsass <no-dsa> (Minor issue)
@@ -4599,33 +4599,33 @@ CVE-2018-19824 (In the Linux kernel through 4.19.6, a local user could exploit a
CVE-2018-19823
RESERVED
CVE-2018-19822 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19821 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19820 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19819 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19818 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19817 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19816 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19815 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19814 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19813 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19812 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19811 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19810 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19809 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-1002105 (In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, ...)
- kubernetes <unfixed> (bug #915828)
NOTE: https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
@@ -4713,27 +4713,27 @@ CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an infinite loop in the functi
CVE-2018-19776
RESERVED
CVE-2018-19775 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19774 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19773 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19772 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19771 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19770 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19769 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19768 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19767 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19766 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19765 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19764
REJECTED
CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function: ...)
@@ -56086,11 +56086,11 @@ CVE-2018-1893
CVE-2018-1892
RESERVED
CVE-2018-1891 (IBM Security Guardium 10 and 10.5 is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1890
RESERVED
CVE-2018-1889 (IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1888
RESERVED
CVE-2018-1887 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
@@ -108959,7 +108959,7 @@ CVE-2017-1599
CVE-2017-1598 (IBM Security Guardium 10.0 Database Activity Monitor uses weaker than ...)
NOT-FOR-US: IBM Security Guardium
CVE-2017-1597 (IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1596 (IBM Security Guardium 10.0 Database Activity Monitor could allow a ...)
NOT-FOR-US: IBM Security Guardium
CVE-2017-1595 (IBM Security Guardium 10.0 Database Activity Monitor could allow a ...)
@@ -109609,7 +109609,7 @@ CVE-2017-1274 (IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow
CVE-2017-1273
RESERVED
CVE-2017-1272 (IBM Security Guardium 10.0 and 10.5 stores sensitive information in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1271 (IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between ...)
NOT-FOR-US: IBM
CVE-2017-1270 (IBM Security Guardium 10.0 does not renew a session variable after a ...)
@@ -109623,7 +109623,7 @@ CVE-2017-1267 (IBM Security Guardium 10.0 and 10.1 processes patches, image back
CVE-2017-1266 (IBM Security Guardium 10.0 specifies permissions for a ...)
NOT-FOR-US: IBM Security Guardium
CVE-2017-1265 (IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1264 (IBM Security Guardium 10.0 does not prove or insufficiently proves ...)
NOT-FOR-US: IBM
CVE-2017-1263
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7915e6ebbac7dd5b1e98a07d24d6e18400949bfe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7915e6ebbac7dd5b1e98a07d24d6e18400949bfe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181217/faecda0c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list