[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Sat Jun 30 21:28:03 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df5062e8 by Moritz Muehlenhoff at 2018-06-30T22:27:38+02:00
NFUs
obs n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
CVE-2018-13031
RESERVED
CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The build_huffman ...)
- TODO: check
+ NOT-FOR-US: jpeg-compressor
CVE-2018-13029
RESERVED
CVE-2018-13028
@@ -9,7 +9,7 @@ CVE-2018-13028
CVE-2018-13027
RESERVED
CVE-2018-13026 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based ...)
- TODO: check
+ NOT-FOR-US: gpmf-parser
CVE-2018-13025 (protected/apps/admin/controller/photoController.php in YXcms 1.4.7 ...)
NOT-FOR-US: YXcms
CVE-2018-13024 (Metinfo v6.0.0 allows remote attackers to write code into a .php file, ...)
@@ -81,7 +81,7 @@ CVE-2018-12992 (An issue was discovered CMS MaeloStore V.1.5.0. There is stored
CVE-2018-12991
RESERVED
CVE-2018-12990 (phpwcms 1.8.9 allows remote attackers to discover the installation path ...)
- TODO: check
+ NOT-FOR-US: phpwcms
CVE-2018-12989
RESERVED
CVE-2018-12988 (GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an ...)
@@ -14297,7 +14297,7 @@ CVE-2018-7477 (SQL Injection exists in PHP Scripts Mall School Management Script
CVE-2018-7476 (controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site ...)
NOT-FOR-US: FineCms
CVE-2018-7475 (Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in ...)
- TODO: check
+ NOT-FOR-US: IceWarp
CVE-2018-7474 (An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is ...)
- textpattern <removed>
CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot web ...)
@@ -38645,45 +38645,45 @@ CVE-2017-16190 (dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to
CVE-2017-16189 (sly07 is an API for censoring text. sly07 is vulnerable to a directory ...)
NOT-FOR-US: sly07
CVE-2017-16188 (reecerver is a web server. reecerver is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: reecerver
CVE-2017-16187 (open-device creates a web interface for any device. open-device is ...)
- TODO: check
+ NOT-FOR-US: open-device
CVE-2017-16186 (360class.jansenhm is a static file server. 360class.jansenhm is ...)
- TODO: check
+ NOT-FOR-US: 360class.jansenhm
CVE-2017-16185 (uekw1511server is a static file server. uekw1511server is vulnerable ...)
- TODO: check
+ NOT-FOR-US: uekw1511server
CVE-2017-16184 (scott-blanch-weather-app is a sample Node.js app using Express 4. ...)
- TODO: check
+ NOT-FOR-US: scott-blanch-weather-app
CVE-2017-16183 (iter-server is a static file server. iter-server is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: iter-server
CVE-2017-16182 (serverxxx is a static file server. serverxxx is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: serverxxx
CVE-2017-16181 (wintiwebdev is a static file server. wintiwebdev is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: wintiwebdev
CVE-2017-16180 (serverabc is a static file server. serverabc is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: serverabc
CVE-2017-16179 (dasafio is a web server. dasafio is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: dasafio
CVE-2017-16178 (intsol-package is a file server. intsol-package is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: intsol-package
CVE-2017-16177 (chatbyvista is a file server. chatbyvista is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: chatbyvista
CVE-2017-16176 (jansenstuffpleasework is a file server. jansenstuffpleasework is ...)
- TODO: check
+ NOT-FOR-US: jansenstuffpleasework
CVE-2017-16175 (ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: ewgaddis.lab6
CVE-2017-16174 (whispercast is a file server. whispercast is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: whispercast
CVE-2017-16173 (utahcityfinder constructs lists of Utah cities with a certain prefix. ...)
- TODO: check
+ NOT-FOR-US: utahcityfinder
CVE-2017-16172 (section2.madisonjbrooks12 is a simple web server. ...)
- TODO: check
+ NOT-FOR-US: section2.madisonjbrooks12
CVE-2017-16171 (hcbserver is a static file server. hcbserver is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: hcbserver
CVE-2017-16170 (liuyaserver is a static file server. liuyaserver is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: liuyaserver
CVE-2017-16169 (looppake is a simple http server. looppake is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: looppake
CVE-2017-16168 (wffserve is vulnerable to a directory traversal issue, giving an ...)
TODO: check
CVE-2017-16167 (yyooopack is a simple file server. yyooopack is vulnerable to a ...)
@@ -79904,11 +79904,11 @@ CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the ...)
CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the use of a ...)
NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2860 (An exploitable denial-of-service vulnerability exists in the lookup ...)
- TODO: check
+ NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2859
RESERVED
CVE-2017-2858 (An exploitable denial-of-service vulnerability exists in the traversal ...)
- TODO: check
+ NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2857
RESERVED
CVE-2017-2856
@@ -79920,7 +79920,7 @@ CVE-2017-2854
CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the ...)
NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2852 (An exploitable denial-of-service vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2850 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
@@ -84127,13 +84127,13 @@ CVE-2017-0933 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a ..
CVE-2017-0932 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an ...)
NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0931 (html-janitor node module suffers from a Cross-Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: html-janitor node module
CVE-2017-0930 (augustine node module suffers from a Path Traversal vulnerability due ...)
- TODO: check
+ NOT-FOR-US: augustine node module
CVE-2017-0929
RESERVED
CVE-2017-0928 (html-janitor node module suffers from an External Control of Critical ...)
- TODO: check
+ NOT-FOR-US: html-janitor node module
CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an improper ...)
- gitlab 10.5.5+dfsg-1 (bug #888508)
[stretch] - gitlab <not-affected> (Doesn't affect 8.x)
@@ -86358,11 +86358,11 @@ CVE-2016-9492
CVE-2016-9491
RESERVED
CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 suffer from a ...)
- TODO: check
+ NOT-FOR-US: ManageEngine Applications Manager
CVE-2016-9489
RESERVED
CVE-2016-9488 (ManageEngine Applications Manager versions 12 and 13 suffer from ...)
- TODO: check
+ NOT-FOR-US: ManageEngine Applications Manager
CVE-2016-9487
RESERVED
CVE-2016-9486
@@ -90260,7 +90260,7 @@ CVE-2016-XXXX [nspr, nss: unprotected environment variables]
NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.1_release_notes
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/02/4
CVE-2016-8390 (An exploitable out of bounds write vulnerability exists in the parsing ...)
- TODO: check
+ NOT-FOR-US: Hopper Disassembler
CVE-2016-8389 (An exploitable integer-overflow vulnerability exists within Iceni ...)
NOT-FOR-US: Iceni Argus
CVE-2016-8388 (An exploitable arbitrary heap-overwrite vulnerability exists within ...)
@@ -120680,7 +120680,7 @@ CVE-2015-7613 (Race condition in the IPC object implementation in the Linux kern
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf (v4.3-rc4)
CVE-2015-7610 (Cross-site request forgery (CSRF) vulnerability in the login form in ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2015-7609
RESERVED
CVE-2015-7608
@@ -130560,7 +130560,7 @@ CVE-2015-4045 (The sudoers file in the asset discovery scanner in AlienVault OSS
CVE-2015-4044
RESERVED
CVE-2015-4043 (SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows ...)
- TODO: check
+ NOT-FOR-US: ConnX ESP
CVE-2015-4040 (Directory traversal vulnerability in the configuration utility in F5 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2015-4039
@@ -166510,7 +166510,7 @@ CVE-2014-0594 (In the Open Build Service (OBS) before version 2.4.6 the CSRF ...
NOTE: https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=870606
CVE-2014-0593 (The set_version script as shipped with obs-service-set_version is a ...)
- TODO: check
+ NOT-FOR-US: script for OBS
CVE-2014-0592 (Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used ...)
NOT-FOR-US: Crowbar
CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND ...)
@@ -204087,7 +204087,7 @@ CVE-2012-0435 (SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to m
CVE-2012-0434 (The server in Crowbar, as used in SUSE Cloud 1.0, uses weak ...)
NOT-FOR-US: Crowbar
CVE-2012-0433 (The install-chef-suse.sh script shipped with crowbar before 2012-10-02 ...)
- TODO: check
+ NOT-FOR-US: crowbar
CVE-2012-0432 (Stack-based buffer overflow in the Novell NCP implementation in NetIQ ...)
NOT-FOR-US: NetIQ eDirectory
CVE-2012-0431
@@ -207579,7 +207579,7 @@ CVE-2011-4192 (kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.
CVE-2011-4191 (Stack-based buffer overflow in the xdrDecodeString function in ...)
NOT-FOR-US: Novell NetWare
CVE-2011-4190 (The kdump implementation is missing the host key verification in the ...)
- TODO: check
+ NOT-FOR-US: kdump as used in SuSE
CVE-2011-4189 (The client in Novell GroupWise 8.0x through 8.02HP3 allows remote ...)
NOT-FOR-US: Novell GroupWise
CVE-2011-4188 (Buffer overflow in the Create Attribute function in jclient in Novell ...)
@@ -207593,7 +207593,9 @@ CVE-2011-4185 (The GetPrinterURLList2 method in the ActiveX control in Novell iP
CVE-2011-4184
RESERVED
CVE-2011-4183 (A vulnerability in open build service allows remote attackers to ...)
- TODO: check
+ - open-build-service <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=736243
+ NOTE: https://github.com/openSUSE/open-build-service/commit/5281e4bff9df31f1f91e22a0d1e9086b93b23d7e
CVE-2011-4182 (Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise ...)
NOT-FOR-US: sysconfig in SUSE Linux Enterprise
CVE-2011-4181 (A vulnerability in open build service allows remote attackers to gain ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df5062e86cb2bf8c5b3c93c14d14534046d7be22
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df5062e86cb2bf8c5b3c93c14d14534046d7be22
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180630/4e9a5428/attachment.html>
More information about the debian-security-tracker-commits
mailing list