[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Sun Jul 29 22:03:42 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd61fe9f by Moritz Muehlenhoff at 2018-07-29T20:55:05Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,23 +1,23 @@
CVE-2018-14745
RESERVED
CVE-2018-14744 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14743 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14742 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14741 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14740 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14739 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14738 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14737 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14735
RESERVED
CVE-2018-14733
@@ -745,7 +745,7 @@ CVE-2018-14446 (MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allow
CVE-2018-14445 (In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows ...)
NOT-FOR-US: Bento4
CVE-2018-14444 (libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 ...)
- TODO: check
+ NOT-FOR-US: libdxfrw
CVE-2018-14443 (get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote ...)
- libredwg <itp> (bug #595191)
CVE-2018-14442 (Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free ...)
@@ -813,7 +813,7 @@ CVE-2016-10727 (camel/providers/imapx/camel-imapx-server.c in the IMAPx componen
CVE-2018-14424
RESERVED
CVE-2018-14423 (Division-by-zero vulnerabilities in the functions pi_next_pcrl, ...)
- - openjpeg2 <unfixed> (bug #904873)
+ - openjpeg2 <unfixed> (low; bug #904873)
NOTE: https://github.com/uclouvain/openjpeg/issues/1123
CVE-2018-14422 (blog/index.php in SansCMS 0.7 has XSS via the q parameter. ...)
NOT-FOR-US: SansCMS
@@ -25223,13 +25223,13 @@ CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet l
NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html
NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html
CVE-2018-5387 (Wizkunde SAMLBase may incorrectly utilize the results of XML DOM ...)
- TODO: check
+ NOT-FOR-US: Wizkunde SAMLBase
CVE-2018-5386 (Some Navarino Infinity functions, up to version 2.2, placed in the URL ...)
- TODO: check
+ NOT-FOR-US: Navarino Infinity
CVE-2018-5385 (Navarino Infinity is prone to session fixation attacks. The server ...)
- TODO: check
+ NOT-FOR-US: Navarino Infinity
CVE-2018-5384 (Navarino Infinity web interface up to version 2.2 exposes an ...)
- TODO: check
+ NOT-FOR-US: Navarino Infinity
CVE-2018-5383
RESERVED
CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC that ...)
@@ -39283,7 +39283,7 @@ CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION UTILIT
CVE-2018-0620 (Untrusted search path vulnerability in LOGICOOL Game Software versions ...)
NOT-FOR-US: LOGICOOL
CVE-2018-0619 (Untrusted search path vulnerability in the installer of Glarysoft ...)
- TODO: check
+ NOT-FOR-US: Glarysoft
CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and earlier ...)
{DSA-4246-1 DLA-1442-1}
- mailman 1:2.1.27-1
@@ -39294,15 +39294,15 @@ CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and earlier
NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1783
NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1785
CVE-2018-0617 (Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to ...)
- TODO: check
+ NOT-FOR-US: ChamaNet MemoCGI
CVE-2018-0616
RESERVED
CVE-2018-0615
RESERVED
CVE-2018-0614 (Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2018-0613 (NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2018-0612 (Cross-site scripting vulnerability in 5000 trillion yen converter ...)
NOT-FOR-US: 5000 trillion yen converter
CVE-2018-0611 (The ANA App for iOS version 4.0.22 and earlier does not verify X.509 ...)
@@ -59433,7 +59433,7 @@ CVE-2017-10939
CVE-2017-10938
REJECTED
CVE-2017-10937 (SQL injection vulnerability in all versions prior to V2.01.05.09 of ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2017-10936 (SQL injection vulnerability in all versions prior to V4.01.01 of the ...)
NOT-FOR-US: ZTE ZXCDN-SNS
CVE-2017-10935 (All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products ...)
@@ -83361,7 +83361,7 @@ CVE-2017-3184 (ACTi cameras including the D, B, I, and E series using firmware .
CVE-2017-3183 (Sage XRT Treasury, version 3, fails to properly restrict database ...)
NOT-FOR-US: Sage XRT Treasury
CVE-2017-3182 (On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail ...)
- TODO: check
+ NOT-FOR-US: ThreatMetrix SDK
CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified ...)
TODO: check
CVE-2017-3180 (Multiple TIBCO Products are prone to multiple unspecified cross-site ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd61fe9f9757335cbddaa73b154bd4f8071b142e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd61fe9f9757335cbddaa73b154bd4f8071b142e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180729/00800cbd/attachment.html>
More information about the debian-security-tracker-commits
mailing list