[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 13 07:36:52 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
208f9b70 by Salvatore Bonaccorso at 2018-01-13T08:36:36+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -343,11 +343,11 @@ CVE-2018-5379
CVE-2018-5378
RESERVED
CVE-2018-5377 (Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access ...)
- TODO: check
+ NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php ...)
- TODO: check
+ NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php ...)
- TODO: check
+ NOT-FOR-US: Discuz! DiscuzX
CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in ...)
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/691
@@ -372,33 +372,33 @@ CVE-2018-XXXX [rpc session-id mechanism design flaw results in RCE]
NOTE: https://github.com/transmission/transmission/pull/468
NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
CVE-2018-5374 (The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL ...)
- TODO: check
+ NOT-FOR-US: Dbox 3D Slider Lite plugin for WordPress
CVE-2018-5373 (The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection ...)
- TODO: check
+ NOT-FOR-US: Smooth Slider plugin for WordPress
CVE-2018-5372 (The Testimonial Slider plugin through 1.2.4 for WordPress has SQL ...)
- TODO: check
+ NOT-FOR-US: Testimonial Slider plugin for WordPress
CVE-2018-5371 (diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-5370
RESERVED
CVE-2018-5369 (The SrbTransLatin plugin 1.46 for WordPress has XSS via an ...)
- TODO: check
+ NOT-FOR-US: SrbTransLatin plugin for WordPress
CVE-2018-5368 (The SrbTransLatin plugin 1.46 for WordPress has CSRF via an ...)
- TODO: check
+ NOT-FOR-US: SrbTransLatin plugin for WordPress
CVE-2018-5367 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
- TODO: check
+ NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5366 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
- TODO: check
+ NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5365 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
- TODO: check
+ NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5364 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
- TODO: check
+ NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5363 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
- TODO: check
+ NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
- TODO: check
+ NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...)
- TODO: check
+ NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5360
RESERVED
CVE-2018-5359
@@ -524,7 +524,7 @@ CVE-2018-5317
CVE-2018-5316 (The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for ...)
NOT-FOR-US: "SagePay Server Gateway for WooCommerce" plugin for WordPress
CVE-2018-5315 (The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL ...)
- TODO: check
+ NOT-FOR-US: Wachipi WP Events Calendar plugin for WordPress
CVE-2018-5314
RESERVED
CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored cross-site ...)
@@ -665,7 +665,7 @@ CVE-2018-5264
CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before ...)
NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier ...)
- TODO: check
+ NOT-FOR-US: Flexense DiskBoss
CVE-2018-5261
RESERVED
CVE-2018-5260
@@ -3814,7 +3814,7 @@ CVE-2018-3815 (The "XML Interface to Messaging, Scheduling, and Signaling&q
CVE-2017-18015 (The ILLID Share This Image plugin before 1.04 for WordPress has XSS via ...)
NOT-FOR-US: ILLID Share This Image plugin for WordPress
CVE-2017-18014 (An NC-25986 issue was discovered in the Logging subsystem of Sophos XG ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2018-3814 (Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP ...)
NOT-FOR-US: Craft CMS
CVE-2018-3813 (getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 ...)
@@ -4161,7 +4161,7 @@ CVE-2018-3711
CVE-2018-3710
RESERVED
CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...)
- TODO: check
+ NOT-FOR-US: Muviko
CVE-2017-17969
RESERVED
CVE-2018-3709
@@ -14392,11 +14392,11 @@ CVE-2017-16889
CVE-2017-16888
RESERVED
CVE-2017-16887 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...)
- TODO: check
+ NOT-FOR-US: FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38
CVE-2017-16886 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...)
- TODO: check
+ NOT-FOR-US: FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38
CVE-2017-16885 (Improper Permissions Handling in the Portal on FiberHome LM53Q1 ...)
- TODO: check
+ NOT-FOR-US: FiberHome LM53Q1 VH519R05C01S38 devices
CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...)
{DSA-4082-1 DSA-4073-1 DLA-1200-1}
- linux 4.14.7-1
@@ -15250,11 +15250,11 @@ CVE-2017-16745
CVE-2017-16744
RESERVED
CVE-2017-16743 (An Improper Authorization issue was discovered in PHOENIX CONTACT FL ...)
- TODO: check
+ NOT-FOR-US: PHOENIX CONTACT FL SWITCH
CVE-2017-16742
RESERVED
CVE-2017-16741 (An Information Exposure issue was discovered in PHOENIX CONTACT FL ...)
- TODO: check
+ NOT-FOR-US: PHOENIX CONTACT FL SWITCH
CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation ...)
NOT-FOR-US: Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers
CVE-2017-16739 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...)
@@ -94960,15 +94960,15 @@ CVE-2016-0338 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 th
CVE-2016-0337
RESERVED
CVE-2016-0336 (Cross-site scripting (XSS) vulnerability in IBM Security Identity ...)
- TODO: check
+ NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0335 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
- TODO: check
+ NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0334
RESERVED
CVE-2016-0333
RESERVED
CVE-2016-0332 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0331 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
NOT-FOR-US: IBM
CVE-2016-0330 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
@@ -94978,13 +94978,13 @@ CVE-2016-0329
CVE-2016-0328 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
NOT-FOR-US: IBM
CVE-2016-0327 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0326 (IBM Rational Quality Manager (RQM) and Rational Collaborative ...)
NOT-FOR-US: IBM
CVE-2016-0325 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, ...)
NOT-FOR-US: IBM
CVE-2016-0324 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
- TODO: check
+ NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0323 (The Auto-Scaling agent in Liberty for Java in IBM Bluemix before ...)
NOT-FOR-US: IBM
CVE-2016-0322 (Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/208f9b701db89829aa6a0a9fc287eb9b2f6f5e52
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/208f9b701db89829aa6a0a9fc287eb9b2f6f5e52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180113/94a2c13b/attachment.html>
More information about the Secure-testing-commits
mailing list