[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Jan 25 02:05:28 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
01d67980 by Moritz Muehlenhoff at 2018-01-25T03:05:20+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -10,7 +10,7 @@ CVE-2018-6186
CVE-2018-6185
RESERVED
CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next ...)
- TODO: check
+ NOT-FOR-US: ZEIT Next.js
CVE-2018-6183
RESERVED
CVE-2018-6182
@@ -22,7 +22,7 @@ CVE-2018-6180
CVE-2018-1000017
RESERVED
CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service ...)
- TODO: check
+ NOT-FOR-US: FreeSSHd
CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...)
- linux 4.14.13-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -373,9 +373,9 @@ CVE-2018-6020
CVE-2018-6019
RESERVED
CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ...)
- TODO: check
+ NOT-FOR-US: Tinder
CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...)
- TODO: check
+ NOT-FOR-US: Tinder
CVE-2018-6016
RESERVED
CVE-2018-6015
@@ -503,15 +503,15 @@ CVE-2018-5990
CVE-2018-5989
RESERVED
CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter to ...)
- TODO: check
+ NOT-FOR-US: Flexible Poll
CVE-2018-5987
RESERVED
CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or s_row ...)
- TODO: check
+ NOT-FOR-US: Easy Car Script
CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for ...)
- TODO: check
+ NOT-FOR-US: LiveCRM SaaS Cloud
CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 ...)
- TODO: check
+ NOT-FOR-US: Tumder
CVE-2018-5983
RESERVED
CVE-2018-5982
@@ -521,13 +521,13 @@ CVE-2018-5981
CVE-2018-5980
RESERVED
CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 ...)
- TODO: check
+ NOT-FOR-US: Wchat Fully Responsive PHP AJAX Chat Script
CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the ...)
- TODO: check
+ NOT-FOR-US: Facebook Style Php Ajax Chat Zechat
CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop Management System ...)
- TODO: check
+ NOT-FOR-US: Affiligator Affiliate Webshop Management System
CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 ...)
- TODO: check
+ NOT-FOR-US: RSVP Invitation Online
CVE-2018-5975
RESERVED
CVE-2018-5974
@@ -535,13 +535,13 @@ CVE-2018-5974
CVE-2018-5973
RESERVED
CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the ...)
- TODO: check
+ NOT-FOR-US: Classified Ads CMS Quickad
CVE-2018-5971
RESERVED
CVE-2018-5970
RESERVED
CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...)
- TODO: check
+ NOT-FOR-US: Photography CMS
CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...)
- jackson-databind <unfixed> (bug #888316)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
@@ -571,7 +571,7 @@ CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows
CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
NOT-FOR-US: Zillya! Antivirus
CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User controlled ...)
- TODO: check
+ NOT-FOR-US: GitStack
CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP ...)
NOT-FOR-US: LabF nfsAxe
CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 ...)
@@ -950,9 +950,9 @@ CVE-2018-5780
CVE-2018-5779
RESERVED
CVE-2018-5778 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 ...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2018-5777 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 ...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2018-5775
RESERVED
CVE-2018-5774
@@ -1070,7 +1070,7 @@ CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1
CVE-2018-5750
RESERVED
CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and ...)
- TODO: check
+ NOT-FOR-US: Minecraft Servers List Lite
CVE-2018-5748 [resource exhaustion via qemuMonitorIORead() method]
RESERVED
- libvirt 4.0.0-1 (bug #887700)
@@ -1194,7 +1194,7 @@ CVE-2018-5707
CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with ...)
NOT-FOR-US: Octopus Deploy
CVE-2018-5705 (Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected ...)
- TODO: check
+ NOT-FOR-US: Reservo Image Hosting
CVE-2018-1000003 (Improper input validation bugs in DNSSEC validators components in ...)
- pdns-recursor 4.1.1-1
[stretch] - pdns-recursor <not-affected> (Only affects 4.1)
@@ -1974,7 +1974,7 @@ CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
TODO: claimed to be fixed in latest libtiff, but no idication yet which changes adresses the issue
CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 can be ...)
- TODO: check
+ NOT-FOR-US: Flexense SysGauge
CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/939
@@ -2096,7 +2096,7 @@ CVE-2018-5321
CVE-2018-5320
RESERVED
CVE-2018-5319 (RAVPower FileHub 2.000.056 allows remote users to steal sensitive ...)
- TODO: check
+ NOT-FOR-US: RAVPower FileHub
CVE-2018-5318
RESERVED
CVE-2018-5317
@@ -3319,7 +3319,7 @@ CVE-2018-4836
CVE-2018-4835
RESERVED
CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers ...)
- TODO: check
+ NOT-FOR-US: Desigo
CVE-2018-4833
RESERVED
CVE-2018-4832
@@ -5547,7 +5547,7 @@ CVE-2016-10704 (Magento Community Edition and Enterprise Edition before 2.0.10 a
CVE-2017-18000
RESERVED
CVE-2017-17999 (SQL injection vulnerability in RISE Ultimate Project Manager 1.9 ...)
- TODO: check
+ NOT-FOR-US: RISE Ultimate Project Manager
CVE-2017-17998
RESERVED
CVE-2017-17997 (In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL ...)
@@ -12808,9 +12808,9 @@ CVE-2017-17409 (This vulnerability allows remote attackers to execute arbitrary
CVE-2017-17408 (This vulnerability allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: Bitdefender Internet Security 2018
CVE-2017-17407 (This vulnerability allows remote attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: NetGain
CVE-2017-17406 (This vulnerability allows remote attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: NetGain
CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ...)
{DLA-1222-1 DLA-1221-1}
- ruby2.5 2.5.0~rc1-1 (bug #884437)
@@ -14059,7 +14059,7 @@ CVE-2018-0864
CVE-2018-0863
RESERVED
CVE-2018-0862 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0861
RESERVED
CVE-2018-0860
@@ -14085,15 +14085,15 @@ CVE-2018-0851
CVE-2018-0850
RESERVED
CVE-2018-0849 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0848 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0847
RESERVED
CVE-2018-0846
RESERVED
CVE-2018-0845 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0844
RESERVED
CVE-2018-0843
@@ -17458,47 +17458,47 @@ CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local att
NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2
CVE-2017-16610 (This vulnerability allows remote attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16609 (This vulnerability allows remote attackers to disclose sensitive ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16608 (This vulnerability allows remote attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16607 (This vulnerability allows remote attackers to disclose sensitive ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16606 (This vulnerability allows remote attackers to execute code by creating ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16605 (This vulnerability allows remote attackers to overwrite arbitrary ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16604 (This vulnerability allows remote attackers to overwrite arbitrary ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16603 (This vulnerability allows remote attackers to execute code by creating ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16602 (This vulnerability allows remote attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16601 (This vulnerability allows remote attackers to overwrite arbitrary ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16600 (This vulnerability allows remote attackers to overwrite files on ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16599 (This vulnerability allows remote attackers to delete arbitrary files ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16598 (This vulnerability allows remote attackers to execute code by ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16597 (This vulnerability allows remote attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16596 (This vulnerability allows remote attackers to disclose sensitive ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16595 (This vulnerability allows remote attackers to disclose sensitive ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16594 (This vulnerability allows remote attackers to create arbitrary files ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16593 (This vulnerability allows remote attackers to delete arbitrary files ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16592 (This vulnerability allows remote attackers to disclose sensitive ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16591 (This vulnerability allows remote attackers to disclose sensitive ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16590 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: Netgain
CVE-2017-16589 (This vulnerability allows remote attackers to disclose sensitive ...)
NOT-FOR-US: Foxit Reader
CVE-2017-16588 (This vulnerability allows remote attackers to disclose sensitive ...)
@@ -20393,7 +20393,7 @@ CVE-2017-15533
CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a ...)
NOT-FOR-US: Symantec
CVE-2017-15531 (Symantec Reporter 9.5 prior to 9.5.4.1 and 10.x prior to 10.2 does not ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...)
NOT-FOR-US: Norton
CVE-2017-15529 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01d6798021e9a1beda7a1768920af23126ddc5ba
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01d6798021e9a1beda7a1768920af23126ddc5ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180125/c739ad04/attachment-0001.html>
More information about the Secure-testing-commits
mailing list