[Git][security-tracker-team/security-tracker][master] 2 commits: Process more NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 2 08:07:41 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
22b16f3e by Salvatore Bonaccorso at 2018-06-02T09:06:56+02:00
Process more NFUs
- - - - -
df886a0d by Salvatore Bonaccorso at 2018-06-02T09:07:19+02:00
Add two mahara CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -101,14 +101,14 @@ CVE-2018-11630
CVE-2018-11629
RESERVED
CVE-2018-11628 (Data input into EMS Master Calendar before 8.0.0.201805210 via URL ...)
- TODO: check
+ NOT-FOR-US: EMS Master Calendar
CVE-2018-11627 (Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs ...)
- ruby-sinatra <not-affected> (Vulnerable code not present)
NOTE: https://github.com/sinatra/sinatra/issues/1428
NOTE: Introduced by: https://github.com/sinatra/sinatra/commit/8f8df53ff29938ace79b31097c27d9cdac803b44
NOTE: Fixed by: https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer ...)
- TODO: check
+ NOT-FOR-US: SELA
CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file ...)
- imagemagick <unfixed>
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/5294966898532a6bd54699fbf04edf18902513ac
@@ -265,9 +265,9 @@ CVE-2018-11554
CVE-2018-11553
RESERVED
CVE-2018-11552 (There is a reflected XSS vulnerability in AXON PBX 2.02 via the ...)
- TODO: check
+ NOT-FOR-US: AXON PBX
CVE-2018-11551 (AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow ...)
- TODO: check
+ NOT-FOR-US: AXON PBX
CVE-2018-11550
REJECTED
CVE-2018-11549 (An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS ...)
@@ -320,7 +320,7 @@ CVE-2018-11540
CVE-2018-11539
RESERVED
CVE-2018-11538 (servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, ...)
- TODO: check
+ NOT-FOR-US: SearchBlox
CVE-2018-11537
RESERVED
CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because ...)
@@ -361,7 +361,7 @@ CVE-2018-11520
CVE-2018-11519
RESERVED
CVE-2018-11518 (A vulnerability allows a phreaking attack on HCL legacy IVR systems ...)
- TODO: check
+ NOT-FOR-US: HCL legacy IVR systems
CVE-2018-11517 (mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a ...)
NOT-FOR-US: mySCADA myPRO
CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c in ...)
@@ -447,9 +447,9 @@ CVE-2018-11488 (A stack exhaustion vulnerability in the search function of dtSea
CVE-2018-11487 (PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the ...)
NOT-FOR-US: PHPMyWind
CVE-2018-11486 (An issue was discovered in the MULTIDOTS Advance Search for ...)
- TODO: check
+ NOT-FOR-US: MULTIDOTS Advance Search for WooCommerce plugin for WordPress
CVE-2018-11485 (The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for ...)
- TODO: check
+ NOT-FOR-US: MULTIDOTS WooCommerce Quick Reports plugin for WordPress
CVE-2018-11484
RESERVED
CVE-2018-11483
@@ -1178,7 +1178,7 @@ CVE-2018-11222
CVE-2018-11221
RESERVED
CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command ...)
- TODO: check
+ NOT-FOR-US: Bitmain Antminer D3, L3+, and S9 devices
CVE-2018-11219
RESERVED
CVE-2018-11218
@@ -1249,9 +1249,13 @@ CVE-2018-11198
CVE-2018-11197
RESERVED
CVE-2018-11196 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before ...)
- TODO: check
+ - mahara <removed>
+ NOTE: https://bugs.launchpad.net/bugs/1770535
+ NOTE: https://mahara.org/interaction/forum/topic.php?id=8270
CVE-2018-11195 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before ...)
- TODO: check
+ - mahara <removed>
+ NOTE: https://bugs.launchpad.net/mahara/+bug/1770561
+ NOTE: https://mahara.org/interaction/forum/topic.php?id=8269
CVE-2018-11194
RESERVED
CVE-2018-11193
@@ -1357,27 +1361,27 @@ CVE-2018-11144
CVE-2018-11143
RESERVED
CVE-2018-11142 (The 'systemui/settings_network.php' and ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11141 (The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Virtual Appliance
CVE-2018-11140 (The 'reportID' parameter received by the '/common/run_report.php' ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11139 (The '/common/ajax_email_connection_test.php' script in the Quest KACE ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11138 (The '/common/download_agent_installer.php' script in the Quest KACE ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11137 (The 'checksum' parameter of the '/common/download_attachment.php' ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11136 (The 'orgID' parameter received by the ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11135 (The script '/adminui/error_details.php' in the Quest KACE System ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11134 (In order to perform actions that requires higher privileges, the Quest ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11133 (The 'fmt' parameter of the '/common/run_cross_report.php' script in the ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11132 (In order to perform actions that require higher privileges, the Quest ...)
- TODO: check
+ NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11131
RESERVED
CVE-2018-11130 (The header::add_FORMAT_descriptor function in header.cpp in VCFtools ...)
@@ -1597,7 +1601,7 @@ CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in .
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/307
CVE-2018-11036 (Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, ...)
- TODO: check
+ NOT-FOR-US: Ruckus devices
CVE-2018-11035 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ...)
NOT-FOR-US: 2345 Security Guard
CVE-2018-11034 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ...)
@@ -1834,7 +1838,7 @@ CVE-2018-10940 (The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c
- linux 4.16.12-1
NOTE: Fixed by: https://git.kernel.org/linus/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
CVE-2018-10939 (Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before ...)
- TODO: check
+ NOT-FOR-US: Zimbra Web Client
CVE-2018-10938
RESERVED
CVE-2018-10937
@@ -3179,7 +3183,7 @@ CVE-2018-10384
CVE-2018-10383
RESERVED
CVE-2018-10382 (MODX Revolution 2.6.3 has XSS. ...)
- TODO: check
+ NOT-FOR-US: MODX Revolution
CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege ...)
NOT-FOR-US: TunnelBear for Windows
CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ...)
@@ -5624,15 +5628,15 @@ CVE-2018-9324
CVE-2018-9323
REJECTED
CVE-2018-9322 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
- TODO: check
+ NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9321
REJECTED
CVE-2018-9320 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
- TODO: check
+ NOT-FOR-US: BMW (Head Unit HU_NBT component) on BMW vehicles
CVE-2018-9319
REJECTED
CVE-2018-9318 (The Telematics Control Unit (aka Telematic Communication Box or TCB), ...)
- TODO: check
+ NOT-FOR-US: Telematics Control Unit (aka Telematic Communication Box or TCB) on BMW vehicles
CVE-2018-9317
REJECTED
CVE-2018-9316
@@ -5640,13 +5644,13 @@ CVE-2018-9316
CVE-2018-9315
REJECTED
CVE-2018-9314 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
- TODO: check
+ NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9313 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
- TODO: check
+ NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9312 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
- TODO: check
+ NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9311 (The Telematics Control Unit (aka Telematic Communication Box or TCB), ...)
- TODO: check
+ NOT-FOR-US: Telematics Control Unit (aka Telematic Communication Box or TCB) on BMW vehicles
CVE-2018-1000155 (OpenFlow version 1.0 onwards contains a Denial of Service and Improper ...)
NOT-FOR-US: Flaw in the OpenFlow protocol
CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper ...)
@@ -6096,7 +6100,7 @@ CVE-2018-9188
CVE-2018-9187
RESERVED
CVE-2018-9186 (A cross-site scripting (XSS) vulnerability in Fortinet ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2018-9185
RESERVED
CVE-2018-9184
@@ -6786,9 +6790,9 @@ CVE-2018-8924
CVE-2018-8923
RESERVED
CVE-2018-8922 (Improper access control vulnerability in Synology Drive before ...)
- TODO: check
+ NOT-FOR-US: Synology Drive
CVE-2018-8921 (Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast ...)
- TODO: check
+ NOT-FOR-US: Synology Drive
CVE-2018-8920
RESERVED
CVE-2018-8919
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d76ae3fa5bab583b9615c70ea76655788d4acf60...df886a0dae4b69edccac6f9cd21cedec58e619a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d76ae3fa5bab583b9615c70ea76655788d4acf60...df886a0dae4b69edccac6f9cd21cedec58e619a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180602/4d4a0693/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list