[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Jun 29 21:58:30 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13f8514c by Moritz Muehlenhoff at 2018-06-29T22:58:09+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,13 +1,13 @@
CVE-2018-13025 (protected/apps/admin/controller/photoController.php in YXcms 1.4.7 ...)
- TODO: check
+ NOT-FOR-US: YXcms
CVE-2018-13024 (Metinfo v6.0.0 allows remote attackers to write code into a .php file, ...)
- TODO: check
+ NOT-FOR-US: Metinfo
CVE-2018-13023
RESERVED
CVE-2018-13022
RESERVED
CVE-2018-13021 (An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script ...)
- TODO: check
+ NOT-FOR-US: HongCMS
CVE-2018-13020
RESERVED
CVE-2018-13019
@@ -21,21 +21,21 @@ CVE-2018-13016
CVE-2018-13015
RESERVED
CVE-2018-13014 (Storing password in recoverable format in safensec.com (SysWatch ...)
- TODO: check
+ NOT-FOR-US: SysWatch
CVE-2018-13013 (Improper check of unusual conditions when launching msiexec.exe in ...)
- TODO: check
+ NOT-FOR-US: SysWatch
CVE-2018-13012 (Download of code with improper integrity check in snsupd.exe and ...)
- TODO: check
+ NOT-FOR-US: SysWatch
CVE-2018-13011 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based ...)
- TODO: check
+ NOT-FOR-US: gpmf-parser
CVE-2018-13010 (WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit ...)
- TODO: check
+ NOT-FOR-US: WSTMall
CVE-2018-13009 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based ...)
- TODO: check
+ NOT-FOR-US: gpmf-parser
CVE-2018-13008 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based ...)
- TODO: check
+ NOT-FOR-US: gpmf-parser
CVE-2018-13007 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based ...)
- TODO: check
+ NOT-FOR-US: gpmf-parser
CVE-2018-13006 (An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based ...)
TODO: check
CVE-2018-13005 (An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read ...)
@@ -43,29 +43,29 @@ CVE-2018-13005 (An issue was discovered in MP4Box in GPAC 0.7.1. The function ur
CVE-2018-13004
RESERVED
CVE-2018-13003 (An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ...)
- TODO: check
+ NOT-FOR-US: OpenTSDB
CVE-2018-13002 (An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core ...)
- TODO: check
+ NOT-FOR-US: Weblication CMS
CVE-2018-13001 (An XSS issue was discovered in Sandoba CP:Shop v2016.1. The ...)
- TODO: check
+ NOT-FOR-US: Sandoba CP:Shop
CVE-2018-13000 (An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A ...)
- TODO: check
+ NOT-FOR-US: Advanced Electron Forum
CVE-2018-12999 (Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2018-12998 (A reflected Cross-site scripting (XSS) vulnerability in Zoho ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2018-12997 (Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2018-12996 (A reflected Cross-site scripting (XSS) vulnerability in Zoho ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2018-12995 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers ...)
- TODO: check
+ NOT-FOR-US: OneFileCMS
CVE-2018-12994 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers ...)
- TODO: check
+ NOT-FOR-US: OneFileCMS
CVE-2018-12993 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers ...)
- TODO: check
+ NOT-FOR-US: OneFileCMS
CVE-2018-12992 (An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in ...)
- TODO: check
+ NOT-FOR-US: CMS MaeloStore
CVE-2018-12991
RESERVED
CVE-2018-12990
@@ -959,7 +959,7 @@ CVE-2018-1000531 (inversoft prime-jwt version prior to commit ...)
CVE-2018-1000530
REJECTED
CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scripting ...)
- TODO: check
+ NOT-FOR-US: Grails Fields plugin
CVE-2018-1000528 (GONICUS GOsa version before commit ...)
- gosa <unfixed> (low)
NOTE: https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
@@ -1454,9 +1454,9 @@ CVE-2018-12467
CVE-2018-12466
RESERVED
CVE-2018-12465 (An OS command injection vulnerability in the web administration ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2018-12464 (A SQL injection vulnerability in the web administration and quarantine ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2018-12463
RESERVED
CVE-2018-12462
@@ -10467,9 +10467,9 @@ CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604,
CVE-2018-8903 (Open-AudIT Professional 2.1 allows XSS via the Name or Description ...)
NOT-FOR-US: Open-AudIT Professional
CVE-2018-8902 (An issue was discovered in Ivanti Avalanche for all versions between ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2018-8901 (An issue was discovered in Ivanti Avalanche for all versions between ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and Sentinel ...)
NOT-FOR-US: HASP SRM
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 ...)
@@ -38525,37 +38525,37 @@ CVE-2017-16227 (The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.
NOTE: https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
CVE-2017-16226 (The static-eval module is intended to evaluate statically-analyzable ...)
- TODO: check
+ NOT-FOR-US: static-eval module
CVE-2017-16225 (aegir is a module to help automate JavaScript project management. ...)
- TODO: check
+ NOT-FOR-US: aegir
CVE-2017-16224 (st is a module for serving static files. An attacker is able to craft ...)
- TODO: check
+ NOT-FOR-US: st
CVE-2017-16223 (nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: nodeaaaaa
CVE-2017-16222 (elding is a simple web server. elding is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: elding
CVE-2017-16221 (yzt is a simple file server. yzt is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: yzt
CVE-2017-16220 (wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: wind-mvc
CVE-2017-16219 (yttivy is a static file server. yttivy is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: yttivy
CVE-2017-16218 (dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: dgard8.lab6
CVE-2017-16217 (fbr-client sends files through sockets via socket.io and webRTC. ...)
- TODO: check
+ NOT-FOR-US: fbr-client
CVE-2017-16216 (tencent-server is a simple web server. tencent-server is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: tencent-server
CVE-2017-16215 (sgqserve is a simple file server. sgqserve is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: sgqserve
CVE-2017-16214 (peiserver is a static file server. peiserver is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: peiserver
CVE-2017-16213 (mfrserver is a simple file server. mfrserver is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: mfrserver
CVE-2017-16212 (ltt is a static file server. ltt is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: ltt
CVE-2017-16211 (lessindex is a static file server. lessindex is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: lessindex
CVE-2017-16210 (jn_jj_server is a static file server. jn_jj_server is vulnerable to a ...)
TODO: check
CVE-2017-16209 (enserver is a simple web server. enserver is vulnerable to a directory ...)
@@ -47787,7 +47787,7 @@ CVE-2017-13074
CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo ...)
NOT-FOR-US: NAP NAS application Photo Station
CVE-2017-13072 (Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern ...)
NOT-FOR-US: QNAP
CVE-2017-13070 (A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version ...)
@@ -51281,7 +51281,7 @@ CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel parsing
CVE-2017-12093 (An exploitable insufficient resource pool vulnerability exists in the ...)
NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12092 (An exploitable file write vulnerability exists in the memory module ...)
- TODO: check
+ NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12091
REJECTED
CVE-2017-12090 (An exploitable denial of service vulnerability exists in the ...)
@@ -51320,13 +51320,13 @@ CVE-2017-12080 (An information exposure vulnerability in default HTTP configurat
CVE-2017-12079 (Files or directories accessible to external parties vulnerability in ...)
NOT-FOR-US: Synology Photo Station
CVE-2017-12078 (Command injection vulnerability in EZ-Internet in Synology Router ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2017-12077 (Uncontrolled Resource Consumption vulnerability in ...)
NOT-FOR-US: Synology
CVE-2017-12076 (Uncontrolled Resource Consumption vulnerability in ...)
NOT-FOR-US: Synology
CVE-2017-12075 (Command injection vulnerability in EZ-Internet in Synology DiskStation ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2017-12074 (Directory traversal vulnerability in the ...)
NOT-FOR-US: Synology
CVE-2017-12073
@@ -51336,7 +51336,7 @@ CVE-2017-12072 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.p
CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...)
NOT-FOR-US: Synology
CVE-2017-12070 (Unsigned versions of the DLLs distributed by the OPC Foundation may be ...)
- TODO: check
+ NOT-FOR-US: OPC Foundation
CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .NET ...)
NOT-FOR-US: OPC Foundation UA .NET Sampe code and Local Discovery Server affecting various vendors
CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array ...)
@@ -52321,7 +52321,7 @@ CVE-2017-11674 (Reporter.exe in Acunetix 8 allows remote attackers to cause a de
CVE-2017-11673 (Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: Acunetix
CVE-2017-11672 (The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is ...)
- TODO: check
+ NOT-FOR-US: OPC Foundation Local Discovery Server
CVE-2017-11671 (Under certain circumstances, the ix86_expand_builtin function in i386.c ...)
- gcc-6 6.3.0-12
- gcc-5 5.4.1-10
@@ -54153,11 +54153,11 @@ CVE-2017-1000025 (GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3
CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...)
- shotwell 0.25.4+really0.24.5-0.1 (unimportant)
CVE-2017-1000023 (LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. ...)
- TODO: check
+ NOT-FOR-US: LogicalDoc Community Edition
CVE-2017-1000022 (LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. ...)
- TODO: check
+ NOT-FOR-US: LogicalDoc Community Edition
CVE-2017-1000021 (LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. ...)
- TODO: check
+ NOT-FOR-US: LogicalDoc Community Edition
CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded ...)
NOT-FOR-US: ECos
CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the ...)
@@ -59398,7 +59398,7 @@ CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, .
CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before ...)
- webmin <removed>
CVE-2017-9312 (Improperly implemented option-field processing in the TCP/IP stack on ...)
- TODO: check
+ NOT-FOR-US: Allen-Bradley
CVE-2017-9311
RESERVED
CVE-2017-9309
@@ -63490,11 +63490,11 @@ CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact Gmb
CVE-2017-7934 (An Improper Authentication issue was discovered in OSIsoft PI Server ...)
NOT-FOR-US: OSIsoft
CVE-2017-7933 (In ABB IP GATEWAY 3.39 and prior, some configuration files contain ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2017-7932 (An improper certificate validation issue was discovered in NXP i.MX 28 ...)
NOT-FOR-US: NXP i.MX devices
CVE-2017-7931 (In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2017-7930 (An Improper Authentication issue was discovered in OSIsoft PI Server ...)
NOT-FOR-US: OSIsoft
CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech WebAccess ...)
@@ -63544,7 +63544,7 @@ CVE-2017-7908
CVE-2017-7907 (An Improper XML Parser Configuration issue was discovered in Schneider ...)
NOT-FOR-US: Schneider
CVE-2017-7906 (In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2017-7905 (A Weak Cryptography for Passwords issue was discovered in General ...)
NOT-FOR-US: General Electric
CVE-2017-7904
@@ -64731,15 +64731,15 @@ CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ..
CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7639 (QNAP NAS application Proxy Server through version 1.2.0 does not ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7637 (QNAP NAS application Proxy Server through version 1.2.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2017-7636 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2017-7635 (QNAP NAS application Proxy Server through version 1.2.0 does not ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Media ...)
NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...)
@@ -67728,7 +67728,7 @@ CVE-2017-6781 (A vulnerability in the management of shell user accounts for Cisc
CVE-2017-6780 (A vulnerability in the TCP throttling process for Cisco IoT Field ...)
NOT-FOR-US: Cisco
CVE-2017-6779 (Multiple Cisco products are affected by a vulnerability in local file ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-6778 (A vulnerability in the Elastic Services Controller (ESC) web interface ...)
NOT-FOR-US: Cisco
CVE-2017-6777 (A vulnerability in the ConfD server of the Cisco Elastic Services ...)
@@ -69288,15 +69288,15 @@ CVE-2017-6296 (NVIDIA TrustZone Software contains a TOCTOU issue in the DRM ...)
CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymaster ...)
NOT-FOR-US: NVIDIA
CVE-2017-6294 (In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2017-6293 (In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 ...)
NOT-FOR-US: Nvidia component for Android
CVE-2017-6292 (In Android before the 2018-06-05 security patch level, NVIDIA TLZ ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2017-6291
RESERVED
CVE-2017-6290 (In Android before the 2018-06-05 security patch level, NVIDIA TLK ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2017-6289 (In Android before the 2018-05-05 security patch level, NVIDIA Trusted ...)
NOT-FOR-US: Nvidia component for Android
CVE-2017-6288 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
@@ -69634,7 +69634,7 @@ CVE-2017-6155 (On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.
CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - ...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6153 (Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the ...)
NOT-FOR-US: F5 BIG-IQ Centralized Management
CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
@@ -76094,7 +76094,7 @@ CVE-2017-3970
CVE-2017-3969 (Abuse of communication channels vulnerability in the server in McAfee ...)
NOT-FOR-US: McAfee
CVE-2017-3968 (Session fixation vulnerability in the web interface in McAfee Network ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2017-3967 (Target influence via framing vulnerability in the web interface in ...)
NOT-FOR-US: McAfee
CVE-2017-3966 (Exploitation of session variables, resource IDs and other trusted ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13f8514cb9e853fb23cf4df0ed38d6d2fe86dd3f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13f8514cb9e853fb23cf4df0ed38d6d2fe86dd3f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180629/b26ee625/attachment.html>
More information about the debian-security-tracker-commits
mailing list