[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 20 21:01:37 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23d96db0 by Salvatore Bonaccorso at 2018-12-20T21:01:14Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2018-20309
CVE-2018-20308
RESERVED
CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a Directory ...)
- TODO: check
+ NOT-FOR-US: WeBid Auction Script
CVE-2018-1000881 (Traccar Traccar Server version 4.0 and earlier contains a CWE-94: ...)
TODO: check
CVE-2018-1000880 (libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 ...)
@@ -68,9 +68,9 @@ CVE-2018-1000870 (PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerabil
CVE-2018-1000869 (phpIPAM version 1.3.2 contains a CWE-89 vulnerability in ...)
TODO: check
CVE-2018-1000868 (WeBid version up to current version 1.2.2 contains a Cross Site ...)
- TODO: check
+ NOT-FOR-US: WeBid Auction Script
CVE-2018-1000867 (WeBid version up to current version 1.2.2 contains a SQL Injection ...)
- TODO: check
+ NOT-FOR-US: WeBid Auction Script
CVE-2018-1000860 (phpipam version 1.3.2 and earlier contains a Cross Site Scripting ...)
TODO: check
CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery ...)
@@ -78,7 +78,7 @@ CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request For
CVE-2018-1000857 (log-user-session version 0.7 and earlier contains a Directory ...)
TODO: check
CVE-2018-1000856 (DomainMOD version 4.09.03 and above. Also verified in the latest ...)
- TODO: check
+ NOT-FOR-US: DomainMOD
CVE-2018-1000855 (easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) ...)
TODO: check
CVE-2018-1000854 (esigate.org esigate version 5.2 and earlier contains a CWE-74: ...)
@@ -126,7 +126,7 @@ CVE-2018-1000833 (ZoneMinder version <= 1.32.2 contains a Other/Unknown vulne
CVE-2018-1000832 (ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in ...)
TODO: check
CVE-2018-1000831 (K9Mail version <= v5.600 contains a XML External Entity (XXE) ...)
- TODO: check
+ NOT-FOR-US: K9Mail
CVE-2018-1000830 (XR3Player version <= V3.124 contains a XML External Entity (XXE) ...)
TODO: check
CVE-2018-1000829 (Anyplace version before commit 80359b4 contains a XML External Entity ...)
@@ -154,23 +154,23 @@ CVE-2018-1000817 (Asset Pipeline Grails Plugin Asset-pipeline plugin version Pri
CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site ...)
TODO: check
CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains ...)
- TODO: check
+ NOT-FOR-US: Brave Software Inc. Brave
CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a ...)
TODO: check
CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site ...)
- TODO: check
+ NOT-FOR-US: Backdrop CMS
CVE-2018-1000812 (Ártica Soluciones Tecnológicas Integria IMS version 5.0 MR56 ...)
TODO: check
CVE-2018-1000811 (bludit version 3.0.0 contains a Unrestricted Upload of File with ...)
TODO: check
CVE-2018-20307 (Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and ...)
- TODO: check
+ NOT-FOR-US: Pulse Secure Virtual Traffic Manager
CVE-2018-20306 (A stored cross-site scripting (XSS) vulnerability in the web ...)
- TODO: check
+ NOT-FOR-US: Pulse Secure Virtual Traffic Manager
CVE-2018-20305 (D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code ...)
NOT-FOR-US: D-Link
CVE-2018-20304 (wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows ...)
- TODO: check
+ NOT-FOR-US: libexcel
CVE-2018-20303 (In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal ...)
NOT-FOR-US: Go Git Service
CVE-2018-20302 (An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23d96db049f01440c540369a5e1f935141bd2b27
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23d96db049f01440c540369a5e1f935141bd2b27
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181220/353a62a6/attachment.html>
More information about the debian-security-tracker-commits
mailing list