[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Mar 8 10:38:33 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1f629490 by Moritz Muehlenhoff at 2018-03-08T11:38:12+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -237,7 +237,7 @@ CVE-2018-7677
CVE-2018-7676
RESERVED
CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the ...)
- TODO: check
+ NOT-FOR-US: NetIQ Sentinel
CVE-2018-7674
RESERVED
CVE-2018-7673
@@ -907,7 +907,7 @@ CVE-2018-7475
CVE-2018-7474
RESERVED
CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot web ...)
- TODO: check
+ NOT-FOR-US: SO Connect SO WIFI
CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of service ...)
NOT-FOR-US: INVT Studio
CVE-2018-7471 (KingView 7.5SP1 has an integer overflow during stgopenstorage API read ...)
@@ -1647,7 +1647,7 @@ CVE-2018-7266
CVE-2018-7265 (Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that ...)
NOT-FOR-US: Shimmie
CVE-2018-7264 (The Pictview image processing library embedded in the ActivePDF ...)
- TODO: check
+ NOT-FOR-US: ActivePDF
CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b ...)
- libid3tag 0.15.1b-5 (bug #304913)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647
@@ -1822,7 +1822,7 @@ CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub OAuthentica
CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in ...)
NOT-FOR-US: Kentico
CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-7203
RESERVED
CVE-2018-7202
@@ -2448,7 +2448,7 @@ CVE-2018-6949
CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a ...)
NOT-FOR-US: CCN-lite 2
CVE-2018-6947 (An uninitialised stack variable in the nxfuse component that is part ...)
- TODO: check
+ NOT-FOR-US: DokanFS
CVE-2018-6946
RESERVED
CVE-2018-6945
@@ -3184,7 +3184,7 @@ CVE-2018-6655 (PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an
CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote ...)
NOT-FOR-US: Grammarly extension for Chrome
CVE-2018-6653 (comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in ...)
- TODO: check
+ NOT-FOR-US: comforte SWAP
CVE-2018-6652
RESERVED
CVE-2018-6651 (In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as ...)
@@ -3473,7 +3473,7 @@ CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Imp
CVE-2018-6592 (Unisys Stealth Windows endpoints before 3.3.016.1 allow local users to ...)
NOT-FOR-US: Unisys Stealth Windows endpoints
CVE-2018-6591 (Converse.js and Inverse.js through 3.3 allow remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Converse.js
CVE-2018-6590
RESERVED
CVE-2018-6589
@@ -6680,7 +6680,7 @@ CVE-2018-5454
CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was ...)
NOT-FOR-US: Moxa
CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process ...)
- TODO: check
+ NOT-FOR-US: Emerson Process Management ControlWave Micro Process Automation Controller
CVE-2018-5451
RESERVED
CVE-2018-5450
@@ -17053,7 +17053,7 @@ CVE-2018-1345
CVE-2018-1344
RESERVED
CVE-2018-1343 (PAM exposure enabling unauthenticated access to remote host ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can upload ...)
NOT-FOR-US: NetIQ Access Manager
CVE-2018-1341
@@ -17400,7 +17400,7 @@ CVE-2018-1318
CVE-2018-1317
RESERVED
CVE-2018-1316 (The ODE process deployment web service was sensible to deployment ...)
- TODO: check
+ NOT-FOR-US: Apache ODE
CVE-2018-1315
RESERVED
CVE-2018-1314
@@ -21374,7 +21374,7 @@ CVE-2017-16924 (Remote Information Disclosure and Escalation of Privileges in ..
CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen Tenda ...)
NOT-FOR-US: Shenzhen Tenda
CVE-2017-16922 (In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza ...)
- TODO: check
+ NOT-FOR-US: Wowza
CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including ...)
{DSA-4066-1 DLA-1212-1}
- otrs2 6.0.2-1 (bug #883774)
@@ -25703,7 +25703,7 @@ CVE-2017-15521
CVE-2017-15520
REJECTED
CVE-2017-15519 (Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote ...)
- TODO: check
+ NOT-FOR-US: SnapCenter
CVE-2017-15518 (All versions of OnCommand API Services prior to 2.1 and NetApp Service ...)
NOT-FOR-US: NetApp
CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to ...)
@@ -37427,9 +37427,9 @@ CVE-2017-11652 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for
CVE-2017-11651 (NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url ...)
NOT-FOR-US: NexusPHP
CVE-2017-11650 (Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C ...)
- TODO: check
+ NOT-FOR-US: DrayTek
CVE-2017-11649 (Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor ...)
- TODO: check
+ NOT-FOR-US: DrayTek
CVE-2017-11648 (Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do ...)
NOT-FOR-US: Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices
CVE-2017-11647 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
@@ -41268,13 +41268,13 @@ CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it
NOTE: Issue is specific to Struts 2.x.
NOTE: https://struts.apache.org/docs/s2-049.html
CVE-2017-9786 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly ...)
- TODO: check
+ NOT-FOR-US: ProjectSend
CVE-2017-9785 (Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse ...)
NOT-FOR-US: NancyFX Nancy
CVE-2017-9784
RESERVED
CVE-2017-9783 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly ...)
- TODO: check
+ NOT-FOR-US: ProjectSend
CVE-2017-10599
RESERVED
CVE-2017-10598
@@ -47842,9 +47842,9 @@ CVE-2017-8167 (Huawei firewall products USG9500 V500R001C50 has a DoS vulnerabil
CVE-2017-8166 (Huawei mobile phones Honor V9 with the software versions before ...)
NOT-FOR-US: Huawei
CVE-2017-8165 (Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-8164 (Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-8163 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, ...)
NOT-FOR-US: Huawei
CVE-2017-8162 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, ...)
@@ -49821,7 +49821,7 @@ CVE-2017-7635
CVE-2017-7634
RESERVED
CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2017-7632
RESERVED
CVE-2017-7631
@@ -50639,7 +50639,7 @@ CVE-2017-7445
CVE-2017-0887 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the ...)
- nextcloud <itp> (bug #835086)
CVE-2016-7443 (Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...)
- libxslt <unfixed> (unimportant; bug #859796)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758400
@@ -50660,7 +50660,7 @@ CVE-2017-7439 (NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1
CVE-2017-7438 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed ...)
NOT-FOR-US: NetIQ Privileged Account Manager
CVE-2017-7437 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed ...)
- TODO: check
+ NOT-FOR-US: NetIQ Privileged Account Manager
CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned ...)
- libzypp <unfixed>
CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f6294905ebd1360aa7355bc13e94d8cd07710a7
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f6294905ebd1360aa7355bc13e94d8cd07710a7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180308/48a9c1b2/attachment.html>
More information about the Secure-testing-commits
mailing list