[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 23 20:49:39 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c857635 by Salvatore Bonaccorso at 2018-01-23T21:49:18+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
CVE-2018-6029 (The copy function in application/admin/controller/Article.php in ...)
- TODO: check
+ NOT-FOR-US: NoneCms
CVE-2018-6028
RESERVED
CVE-2018-6027
@@ -13,7 +13,7 @@ CVE-2018-6024
CVE-2018-6023
RESERVED
CVE-2018-6022 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: NoneCms
CVE-2018-6021
RESERVED
CVE-2018-6020
@@ -31,15 +31,15 @@ CVE-2018-6015
CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash ...)
TODO: check
CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to ...)
- TODO: check
+ NOT-FOR-US: BigTree CMS
CVE-2018-6012
RESERVED
CVE-2018-6011
RESERVED
CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could obtain ...)
- TODO: check
+ NOT-FOR-US: Yii Framework
CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function in ...)
- TODO: check
+ NOT-FOR-US: Yii Framework
CVE-2018-6008
RESERVED
CVE-2018-6007
@@ -101,9 +101,9 @@ CVE-2017-18051
CVE-2017-18050
RESERVED
CVE-2017-18049 (In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads ...)
- TODO: check
+ NOT-FOR-US: Monstra CMS
CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic ...)
TODO: check
CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...)
@@ -115,13 +115,13 @@ CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function i
NOTE: Affected function introduced in: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9 (libtasn1_4_3)
NOTE: Fixed by: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97 (libtasn1_4_13)
CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress has ...)
- TODO: check
+ NOT-FOR-US: Soundy Background Music plugin for WordPress
CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress has ...)
- TODO: check
+ NOT-FOR-US: Soundy Audio Playlist plugin for WordPress
CVE-2018-6000 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The ...)
- TODO: check
+ NOT-FOR-US: AsusWRT
CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the ...)
- TODO: check
+ NOT-FOR-US: AsusWRT
CVE-2018-5998
RESERVED
CVE-2018-5997
@@ -197,27 +197,27 @@ CVE-2018-5964
CVE-2018-5963
RESERVED
CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2018-5960 (Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of ...)
TODO: check
CVE-2018-5959
RESERVED
CVE-2018-5958 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
- TODO: check
+ NOT-FOR-US: Zillya! Antivirus
CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
- TODO: check
+ NOT-FOR-US: Zillya! Antivirus
CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
- TODO: check
+ NOT-FOR-US: Zillya! Antivirus
CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User controlled ...)
TODO: check
CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP ...)
TODO: check
CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 ...)
- TODO: check
+ NOT-FOR-US: Dasan GPON ONT WiFi Router devices
CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of ...)
TODO: check
CVE-2018-5954
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c8576358eb3164e0ec4bfaab12f27a0494c48fb
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c8576358eb3164e0ec4bfaab12f27a0494c48fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180123/00ef8064/attachment.html>
More information about the Secure-testing-commits
mailing list