[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Jul 13 16:14:42 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af8607f1 by Moritz Muehlenhoff at 2018-07-13T17:14:12+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,19 +9,19 @@ CVE-2018-14036 [accountservice: insufficient path check in user_change_icon_file
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=107085
NOTE: https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a
CVE-2018-14035 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
- TODO: check
+ - hdf5 <undetermined>
CVE-2018-14034 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ...)
- TODO: check
+ - hdf5 <undetermined>
CVE-2018-14033 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
- TODO: check
+ - hdf5 <undetermined>
CVE-2018-14032 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
- TODO: check
+ - hdf5 <undetermined>
CVE-2018-14031 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
- TODO: check
+ - hdf5 <undetermined>
CVE-2018-14030
RESERVED
CVE-2018-14029 (CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 ...)
- TODO: check
+ NOT-FOR-US: Creatiwity wityCMS
CVE-2018-14028
RESERVED
CVE-2018-14027
@@ -391,7 +391,7 @@ CVE-2018-13852
CVE-2018-13851
RESERVED
CVE-2018-13850 (The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component ...)
- TODO: check
+ NOT-FOR-US: Firebase Cloud Messaging
CVE-2018-13849 (edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS ...)
NOT-FOR-US: yTakkar Instagram-clone
CVE-2018-13848 (An issue has been found in Bento4 1.5.1-624. It is a SEGV in ...)
@@ -434,7 +434,7 @@ CVE-2018-13835
CVE-2018-13834
RESERVED
CVE-2018-13833 (An issue was discovered in cmft through 2017-09-24. The ...)
- TODO: check
+ NOT-FOR-US: cmft
CVE-2018-13832
RESERVED
CVE-2018-13831
@@ -512,7 +512,7 @@ CVE-2018-13796 (Unspecified vulnerability in Mailman before 2.1.28 has unknown i
NOTE: Fixed in 2.1.28
NOTE: https://mail.python.org/pipermail/mailman-users/2018-July/083536.html
CVE-2016-10726 (The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before ...)
- TODO: check
+ NOT-FOR-US: DSpave
CVE-2018-13797 (The macaddress module before 0.2.9 for Node.js is prone to an arbitrary ...)
- node-macaddress 0.2.9-1 (unimportant)
NOTE: https://github.com/scravy/node-macaddress/pull/20
@@ -2143,7 +2143,7 @@ CVE-2018-13036
CVE-2018-13035
RESERVED
CVE-2018-13034 (Directory traversal in Jester web framework 0.2.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Jester web framework
CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
- binutils <unfixed> (low)
[stretch] - binutils <ignored> (Minor issue)
@@ -3209,7 +3209,7 @@ CVE-2018-1000500 (Busybox contains a Missing SSL certificate validation vulnerab
NOTE: Starting with 1:1.27.2-3 in unstable wget emmits a message that certificate
NOTE: verification is not implemented.
CVE-2018-1000404 (Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-12637
RESERVED
CVE-2018-12636 (The iThemes Security (better-wp-security) plugin before 7.0.3 for ...)
@@ -3281,11 +3281,11 @@ CVE-2018-12609
CVE-2018-12608
RESERVED
CVE-2018-1000403 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000402 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000401 (Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-12607 [gitlab: Persistent XSS in charts]
RESERVED
- gitlab <unfixed> (bug #902726)
@@ -3653,7 +3653,7 @@ CVE-2018-12465 (An OS command injection vulnerability in the web administration
CVE-2018-12464 (A SQL injection vulnerability in the web administration and quarantine ...)
NOT-FOR-US: Micro Focus
CVE-2018-12463 (An XML external entity (XXE) vulnerability in Fortify Software ...)
- TODO: check
+ NOT-FOR-US: Fortify
CVE-2018-12462 (NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. ...)
NOT-FOR-US: NetIQ iManager
CVE-2018-12461 (Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking ...)
@@ -9541,7 +9541,7 @@ CVE-2018-10198 (An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker
NOTE: https://github.com/OTRS/otrs/commit/9f5f09e4eef283c2f38c003ba0685b77234750d1
NOTE: https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework
CVE-2018-10197 (There is a time-based blind SQL injection vulnerability in the Access ...)
- TODO: check
+ NOT-FOR-US: ELO
CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists function ...)
- graphviz <unfixed> (low; bug #898841)
[stretch] - graphviz <no-dsa> (Minor issue)
@@ -14171,7 +14171,7 @@ CVE-2018-8328
CVE-2018-8327 (A remote code execution vulnerability exists in PowerShell Editor ...)
NOT-FOR-US: Microsoft
CVE-2018-8326 (A cross-site-scripting (XSS) vulnerability exists when an open source ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8325 (An information disclosure vulnerability exists when Microsoft Edge ...)
NOT-FOR-US: Microsoft
CVE-2018-8324 (An information disclosure vulnerability exists when Microsoft Edge ...)
@@ -14185,7 +14185,7 @@ CVE-2018-8321
CVE-2018-8320
RESERVED
CVE-2018-8319 (A Security Feature Bypass vulnerability exists in MSR JavaScript ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8318
RESERVED
CVE-2018-8317
@@ -14201,7 +14201,7 @@ CVE-2018-8313 (An elevation of privilege vulnerability exists in the way that th
CVE-2018-8312 (A remote code execution vulnerability exists when Microsoft Access ...)
NOT-FOR-US: Microsoft
CVE-2018-8311 (A remote code execution vulnerability exists when Skype for Business ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8310 (A tampering vulnerability exists when Microsoft Outlook does not ...)
NOT-FOR-US: Microsoft
CVE-2018-8309 (A denial of service vulnerability exists when Windows improperly ...)
@@ -14227,7 +14227,7 @@ CVE-2018-8300 (A remote code execution vulnerability exists in Microsoft SharePo
CVE-2018-8299 (An elevation of privilege vulnerability exists when Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2018-8298 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8297 (An information disclosure vulnerability exists when Microsoft Edge ...)
NOT-FOR-US: Microsoft
CVE-2018-8296 (A remote code execution vulnerability exists in the way that the ...)
@@ -14235,7 +14235,7 @@ CVE-2018-8296 (A remote code execution vulnerability exists in the way that the
CVE-2018-8295
RESERVED
CVE-2018-8294 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8293
RESERVED
CVE-2018-8292
@@ -14251,19 +14251,19 @@ CVE-2018-8288 (A remote code execution vulnerability exists in the way the scrip
CVE-2018-8287 (A remote code execution vulnerability exists in the way the scripting ...)
NOT-FOR-US: Microsoft
CVE-2018-8286 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8285
RESERVED
CVE-2018-8284 (A remote code execution vulnerability exists when the Microsoft .NET ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8283 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8282 (An elevation of privilege vulnerability exists in Windows when the ...)
NOT-FOR-US: Microsoft
CVE-2018-8281 (A remote code execution vulnerability exists in Microsoft Office ...)
NOT-FOR-US: Microsoft
CVE-2018-8280 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8279 (A remote code execution vulnerability exists when Microsoft Edge ...)
NOT-FOR-US: Microsoft
CVE-2018-8278 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
@@ -14303,7 +14303,7 @@ CVE-2018-8262 (A remote code execution vulnerability exists when Microsoft Edge
CVE-2018-8261
RESERVED
CVE-2018-8260 (A Remote Code Execution vulnerability exists in .NET software when the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8259
RESERVED
CVE-2018-8258
@@ -14339,7 +14339,7 @@ CVE-2018-8244 (An elevation of privilege vulnerability exists when Microsoft Out
CVE-2018-8243 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
CVE-2018-8242 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8241
RESERVED
CVE-2018-8240
@@ -14347,7 +14347,7 @@ CVE-2018-8240
CVE-2018-8239 (An information disclosure vulnerability exists when the Windows GDI ...)
NOT-FOR-US: Microsoft
CVE-2018-8238 (A security feature bypass vulnerability exists when Skype for Business ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8237
RESERVED
CVE-2018-8236 (A remote code execution vulnerability exists when Microsoft Edge ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af8607f1ee87c4beb92e541efdae48f570a91762
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af8607f1ee87c4beb92e541efdae48f570a91762
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180713/5cb987c5/attachment.html>
More information about the debian-security-tracker-commits
mailing list