[Git][security-tracker-team/security-tracker][master] new sass issue, NFUs
Moritz Muehlenhoff
jmm at debian.org
Tue Dec 18 09:47:40 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b93efb41 by Moritz Muehlenhoff at 2018-12-18T09:47:11Z
new sass issue, NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,7 +26,9 @@ CVE-2018-20192
CVE-2018-20191
RESERVED
CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer Dereference in the function ...)
- TODO: check
+ - libsass <unfixed> (low)
+ [stretch] - libsass <no-dsa> (Minor issue)
+ NOTE: https://github.com/sass/libsass/issues/2786
CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has ...)
- graphicsmagick <unfixed>
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589
@@ -87,13 +89,13 @@ CVE-2018-20168 (Google gVisor before 2018-08-22 reuses a pagetable in a differen
CVE-2018-20166
RESERVED
CVE-2017-18355 (Installed packages are exposed by node_modules in Rendertron 1.0.0, ...)
- TODO: check
+ NOT-FOR-US: Rendertron
CVE-2017-18354 (Rendertron 1.0.0 allows for alternative protocols such as 'file://' ...)
- TODO: check
+ NOT-FOR-US: Rendertron
CVE-2017-18353 (Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome ...)
- TODO: check
+ NOT-FOR-US: Rendertron
CVE-2017-18352 (Error reporting within Rendertron 1.0.0 allows reflected Cross Site ...)
- TODO: check
+ NOT-FOR-US: Rendertron
CVE-2018-20167 (Terminology before 1.3.1 allows Remote Code Execution because popmedia ...)
- terminology 1.3.1-1 (bug #916630)
NOTE: https://phab.enlightenment.org/T7504
@@ -3312,7 +3314,7 @@ CVE-2018-20001 (In Libav 12.3, there is a floating point exception in the ...)
[jessie] - libav <no-dsa> (floating point exception cannot be observed on Jessie)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1141
CVE-2018-20000 (Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as ...)
- TODO: check
+ NOT-FOR-US: Apereo Bedework bw-webdav
CVE-2018-19999
RESERVED
CVE-2018-19998
@@ -5097,7 +5099,7 @@ CVE-2019-1536
CVE-2019-1535
RESERVED
CVE-2018-19649 (XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). ...)
- TODO: check
+ NOT-FOR-US: InfoVista VistaPortal
CVE-2018-19648
RESERVED
CVE-2018-19647
@@ -8272,7 +8274,7 @@ CVE-2018-19441
CVE-2018-19440
RESERVED
CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-19438
RESERVED
CVE-2018-19443 (The client in Tryton 5.x before 5.0.1 tries to make a connection to the ...)
@@ -8342,7 +8344,7 @@ CVE-2018-19415
CVE-2018-19414
RESERVED
CVE-2018-19413 (A vulnerability in the API of SonarSource SonarQube before 7.4 could ...)
- TODO: check
+ NOT-FOR-US: SonarQube
CVE-2018-19412
RESERVED
CVE-2018-19411 (PRTG Network Monitor before 18.2.40.1683 allows an authenticated user ...)
@@ -9379,7 +9381,7 @@ CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 a
CVE-2018-19119
RESERVED
CVE-2018-19118 (Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2018-19117
RESERVED
CVE-2018-19116
@@ -9596,7 +9598,7 @@ CVE-2018-19038
CVE-2018-19037
RESERVED
CVE-2018-19036 (An issue was discovered in several Bosch IP cameras for firmware ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2018-19035
RESERVED
CVE-2018-19034
@@ -9654,7 +9656,7 @@ CVE-2018-19009
CVE-2018-19008
RESERVED
CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the ...)
- TODO: check
+ NOT-FOR-US: Geutebrueck cameras
CVE-2018-19006
RESERVED
CVE-2018-19005
@@ -9662,7 +9664,7 @@ CVE-2018-19005
CVE-2018-19004
RESERVED
CVE-2018-19003 (GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to ...)
- TODO: check
+ NOT-FOR-US: GE Mark
CVE-2018-19002
RESERVED
CVE-2018-19001 (Philips HealthSuite Health Android App, all versions. The software ...)
@@ -9700,7 +9702,7 @@ CVE-2018-18986
CVE-2018-18985
RESERVED
CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 ...)
- TODO: check
+ NOT-FOR-US: Medtronic
CVE-2018-18983 (VT-Designer Version 2.1.7.31 is vulnerable by the program reading the ...)
NOT-FOR-US: VT-Designer
CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application allows ...)
@@ -9846,9 +9848,9 @@ CVE-2018-18925 (Gogs 0.11.66 allows remote code execution because it does not pr
CVE-2018-18924 (The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to ...)
NOT-FOR-US: ProjeQtOr
CVE-2018-18923 (AbiSoft Ticketly 1.0 is affected by multiple SQL Injection ...)
- TODO: check
+ NOT-FOR-US: AbiSoft Ticketly
CVE-2018-18922 (add_user in AbiSoft Ticketly 1.0 allows remote attackers to create ...)
- TODO: check
+ NOT-FOR-US: AbiSoft Ticketly
CVE-2018-18921
RESERVED
CVE-2018-18920 (Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b93efb41a1ef9a6985edd362d4813c5ee3849bce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b93efb41a1ef9a6985edd362d4813c5ee3849bce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181218/862c28a7/attachment.html>
More information about the debian-security-tracker-commits
mailing list