[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 22 21:37:39 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
140cba52 by Salvatore Bonaccorso at 2018-02-22T22:37:19+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -153,7 +153,7 @@ CVE-2018-7340
CVE-2018-7339
RESERVED
CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...)
- TODO: check
+ NOT-FOR-US: HamayeshNegar CMS
CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...)
- linux 4.13.4-1
NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
@@ -208,21 +208,21 @@ CVE-2018-7321
CVE-2018-7320
RESERVED
CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 component ...)
- TODO: check
+ NOT-FOR-US: OS Property Real Estate component for Joomla!
CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for Joomla! via ...)
- TODO: check
+ NOT-FOR-US: CheckList component for Joomla!
CVE-2018-7317 (Backup Download exists in the Proclaim 9.1.1 component for Joomla! via ...)
- TODO: check
+ NOT-FOR-US: Proclaim component for Joomla!
CVE-2018-7316 (Arbitrary File Upload exists in the Proclaim 9.1.1 component for ...)
- TODO: check
+ NOT-FOR-US: Proclaim component for Joomla!
CVE-2018-7315 (SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the ...)
- TODO: check
+ NOT-FOR-US: Ek Rishta component for Joomla!
CVE-2018-7314 (SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! ...)
- TODO: check
+ NOT-FOR-US: PrayerCenter component for Joomla!
CVE-2018-7313 (SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the ...)
- TODO: check
+ NOT-FOR-US: CW Tags component for Joomla!
CVE-2018-7312 (SQL Injection exists in the Alexandria Book Library 3.1.2 component for ...)
- TODO: check
+ NOT-FOR-US: Alexandria Book Library component for Joomla!
CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root ...)
NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7310
@@ -244,17 +244,17 @@ CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...)
CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...)
NOT-FOR-US: Tiki
CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port ...)
- TODO: check
+ NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices
CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in ...)
- TODO: check
+ NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7299 (Remote Code Execution in the addon installation process in eQ-3 AG ...)
- TODO: check
+ NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7298 (In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic ...)
- TODO: check
+ NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG ...)
- TODO: check
+ NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage method ...)
- TODO: check
+ NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7295
RESERVED
CVE-2018-7294
@@ -1386,7 +1386,7 @@ CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An unauthentica
CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a ...)
NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite
CVE-2018-6890 (Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the ...)
- TODO: check
+ NOT-FOR-US: Wolf CMS
CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a Host ...)
NOT-FOR-US: Typesetter CMS
CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions page ...)
@@ -15139,13 +15139,13 @@ CVE-2018-1419
CVE-2018-1418
RESERVED
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes for ...)
- TODO: check
+ NOT-FOR-US: IBM Runtimes for Java Technology
CVE-2018-1416
RESERVED
CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-1413
RESERVED
CVE-2018-1412
@@ -15189,9 +15189,9 @@ CVE-2018-1394
CVE-2018-1393
RESERVED
CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
- TODO: check
+ NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
- TODO: check
+ NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1390
RESERVED
CVE-2018-1389
@@ -100753,13 +100753,13 @@ CVE-2016-0371 (The Tivoli Storage Manager (TSM) password may be displayed in pla
CVE-2016-0370 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...)
NOT-FOR-US: IBM
CVE-2016-0369 (XML external entity (XXE) vulnerability in IBM Forms Experience ...)
- TODO: check
+ NOT-FOR-US: IBM Forms Experience Builder
CVE-2016-0368
RESERVED
CVE-2016-0367 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...)
- TODO: check
+ NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0366 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...)
- TODO: check
+ NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0365 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
NOT-FOR-US: IBM
CVE-2016-0364 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
@@ -100789,23 +100789,23 @@ CVE-2016-0353 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, wh
CVE-2016-0352
RESERVED
CVE-2016-0351 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...)
- TODO: check
+ NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0350 (Cross-site scripting (XSS) vulnerability in the Report Builder and ...)
NOT-FOR-US: IBM
CVE-2016-0349 (IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before ...)
NOT-FOR-US: IBM
CVE-2016-0348 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA ...)
- TODO: check
+ NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0347
RESERVED
CVE-2016-0346 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...)
NOT-FOR-US: IBM
CVE-2016-0345 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
- TODO: check
+ NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0344 (Cross-site scripting (XSS) vulnerability in the My Reports component ...)
- TODO: check
+ NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0343 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
- TODO: check
+ NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0342 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/140cba52289f3852c421f3ac692ef37264b53269
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/140cba52289f3852c421f3ac692ef37264b53269
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180222/7de8f9f4/attachment-0001.html>
More information about the Secure-testing-commits
mailing list