[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 18 21:38:14 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b3faccb0 by Salvatore Bonaccorso at 2018-07-18T22:37:31+02:00
Process NFUs
- - - - -
486001ad by Salvatore Bonaccorso at 2018-07-18T22:37:57+02:00
Add CVE-2018-14380/graylog2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15,9 +15,9 @@ CVE-2018-14383
CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...)
NOT-FOR-US: InstantCMS
CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect ...)
- TODO: check
+ NOT-FOR-US: Pagekit CMS
CVE-2018-14380 (In Graylog before 2.4.6, XSS was possible in typeahead components, ...)
- TODO: check
+ - graylog2 <itp> (bug #652273)
CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the ...)
- mp4v2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1
@@ -681,7 +681,7 @@ CVE-2018-14084 (An issue was discovered in a smart contract implementation for M
CVE-2018-14083
RESERVED
CVE-2018-14082 (PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall JOB SITE (aka Job Portal)
CVE-2018-14081
RESERVED
CVE-2018-14080
@@ -9413,7 +9413,7 @@ CVE-2018-10618
CVE-2018-10617 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-10616 (ABB Panel Builder 800 all versions has an improper input validation ...)
- TODO: check
+ NOT-FOR-US: ABB Panel Builder 800
CVE-2018-10615 (Directory traversal may lead to files being exfiltrated or deleted on ...)
NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10614
@@ -17257,7 +17257,7 @@ CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a NULL pointer derefere
CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the ...)
NOT-FOR-US: lyadmin
CVE-2018-7546 (wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 ...)
- TODO: check
+ NOT-FOR-US: Kingsoft WPS Office 2016 and Jinshan PDF
CVE-2018-7545
RESERVED
CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...)
@@ -24591,7 +24591,7 @@ CVE-2018-5244 (In Xen 4.10, new infrastructure was introduced as part of an over
CVE-2018-5233 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Grav CMS admin plugin
CVE-2018-5232 (The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2018-5231 (The ForgotLoginDetails resource in Atlassian Jira before version ...)
NOT-FOR-US: Atlassian
CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6, from ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7eb3209a8f850f72c8188a98e08da1520d2be5bc...486001ade4d50f6f0b7c8b9fe03841f877633254
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7eb3209a8f850f72c8188a98e08da1520d2be5bc...486001ade4d50f6f0b7c8b9fe03841f877633254
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180718/44836161/attachment.html>
More information about the debian-security-tracker-commits
mailing list