[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 13 10:16:09 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a2b15b5 by Salvatore Bonaccorso at 2018-01-13T11:15:22+01:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
CVE-2018-5682 (PrestaShop 1.7.2.4 allow user enumeration via the Reset Password ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2018-5680
RESERVED
CVE-2018-5679
@@ -265,15 +265,15 @@ CVE-2018-5551
CVE-2018-5550
RESERVED
CVE-2015-9250 (An issue was discovered in Skybox Platform before 7.5.401. Directory ...)
- TODO: check
+ NOT-FOR-US: Skybox Platform
CVE-2015-9249 (An issue was discovered in Skybox Platform before 7.5.401. SQL ...)
- TODO: check
+ NOT-FOR-US: Skybox Platform
CVE-2015-9248 (An issue was discovered in Skybox Platform before 7.5.401. Stored ...)
- TODO: check
+ NOT-FOR-US: Skybox Platform
CVE-2015-9247 (An issue was discovered in Skybox Platform before 7.5.401. Reflected ...)
- TODO: check
+ NOT-FOR-US: Skybox Platform
CVE-2015-9246 (An issue was discovered in Skybox Platform before 7.5.401. Remote ...)
- TODO: check
+ NOT-FOR-US: Skybox Platform
CVE-2018-5549
RESERVED
CVE-2018-5548
@@ -15537,13 +15537,13 @@ CVE-2017-16741 (An Information Exposure issue was discovered in PHOENIX CONTACT
CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation ...)
NOT-FOR-US: Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers
CVE-2017-16739 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...)
- TODO: check
+ NOT-FOR-US: WECON Technology LEVI Studio HMI Editor
CVE-2017-16738
RESERVED
CVE-2017-16737 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...)
- TODO: check
+ NOT-FOR-US: WECON Technology LEVI Studio HMI Editor
CVE-2017-16736 (An Unrestricted Upload Of File With Dangerous Type issue was discovered ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...)
NOT-FOR-US: Ecava IntegraXor
CVE-2017-16734
@@ -15551,7 +15551,7 @@ CVE-2017-16734
CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...)
NOT-FOR-US: Ecava IntegraXor
CVE-2017-16732 (A use-after-free issue was discovered in Advantech WebAccess versions ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered in ABB ...)
NOT-FOR-US: Ellipse
CVE-2017-16730
@@ -23599,7 +23599,7 @@ CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2
CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral VTScada ...)
NOT-FOR-US: Trihedral VTScada
CVE-2017-14030 (An issue was discovered in Moxa MXview v2.8 and prior. The unquoted ...)
- TODO: check
+ NOT-FOR-US: Moxa MXview
CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in Trihedral ...)
NOT-FOR-US: Trihedral VTScada
CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version ...)
@@ -27597,11 +27597,11 @@ CVE-2017-12699 (An Incorrect Default Permissions issue was discovered in AzeoTec
CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech WebAccess ...)
NOT-FOR-US: Advantech WebAccess
CVE-2017-12697 (A Man-in-the-Middle issue was discovered in General Motors (GM) and ...)
- TODO: check
+ NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
CVE-2017-12696
RESERVED
CVE-2017-12695 (An Improper Authentication issue was discovered in General Motors (GM) ...)
- TODO: check
+ NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web ...)
NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2017-1000101 (curl supports "globbing" of URLs, in which a user can pass a numerical ...)
@@ -36303,7 +36303,7 @@ CVE-2017-9665
CVE-2017-9664
RESERVED
CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was discovered in ...)
- TODO: check
+ NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...)
NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in SIMPlight ...)
@@ -41244,9 +41244,9 @@ CVE-2017-8000 (In EMC RSA Authentication Manager 8.2 SP1 and earlier, a maliciou
CVE-2017-7999 (Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote ...)
NOT-FOR-US: Atlassian Eucalyptus
CVE-2017-7998 (Multiple cross-site scripting (XSS) vulnerabilities in Gespage before ...)
- TODO: check
+ NOT-FOR-US: Gespage
CVE-2017-7997 (Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow ...)
- TODO: check
+ NOT-FOR-US: Gespage
CVE-2017-7996
RESERVED
CVE-2017-7995 (Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges ...)
@@ -109062,7 +109062,7 @@ CVE-2015-3890 (Use-after-free vulnerability in Open Litespeed before 1.3.10. ...
CVE-2015-3889
RESERVED
CVE-2015-3888 (Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof ...)
- TODO: check
+ NOT-FOR-US: Jolla Sailfish OS
CVE-2015-3887 (Untrusted search path vulnerability in ProxyChains-NG before 4.9 ...)
NOT-FOR-US: proxychains-ng
NOTE: proxychains does not contain the vulnerable code
@@ -109792,7 +109792,7 @@ CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input .
CVE-2015-3638 (phpMyBackupPro before 2.5 does not validate integer input, which ...)
NOT-FOR-US: phpMyBackupPro
CVE-2015-3637 (SQL injection vulnerability in phpMyBackupPro when run in multi-user ...)
- TODO: check
+ NOT-FOR-US: phpMyBackupPro
CVE-2015-3635
RESERVED
CVE-2015-3634 (The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function ...)
@@ -111787,7 +111787,7 @@ CVE-2015-2983 (Cross-site request forgery (CSRF) vulnerability in admin.php in P
CVE-2015-2982 (Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js ...)
NOT-FOR-US: Kobo Photo Gallery CMS
CVE-2015-2981 (The Yodobashi App for Android 1.2.1.0 and earlier does not verify ...)
- TODO: check
+ NOT-FOR-US: Yodobashi App for Android
CVE-2015-2980 (The Yodobashi application 1.2.1.0 and earlier for Android allows ...)
NOT-FOR-US: Yodobashi application for Android
CVE-2015-2979 (Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary ...)
@@ -129498,11 +129498,11 @@ CVE-2014-6438 (The URI.decode_www_form_component method in Ruby before 1.9.2-p33
NOTE: https://github.com/ruby/ruby/commit/7b9354af8805c02ed968765abe300162e0fcc943
NOTE: CVE assignment is specific to ruby 1.9.x series?
CVE-2014-6437 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow ...)
- TODO: check
+ NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices
CVE-2014-6436 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly ...)
- TODO: check
+ NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices
CVE-2014-6435 (cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and ...)
- TODO: check
+ NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices
CVE-2014-6434 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary ...)
NOT-FOR-US: GoPro
CVE-2014-6433 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a2b15b53cd0e076b853f9eec1f9f3fb461bc1f9
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a2b15b53cd0e076b853f9eec1f9f3fb461bc1f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180113/d4e3d54a/attachment.html>
More information about the Secure-testing-commits
mailing list