[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Mar 26 17:26:52 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b0ea37f1 by Moritz Muehlenhoff at 2018-03-26T19:26:04+02:00
NFUs
- - - - -
f411120e by Moritz Muehlenhoff at 2018-03-26T19:26:40+02:00
Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,18 +1,18 @@
CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-9019
RESERVED
CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage ...)
- graphicsmagick <unfixed>
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/
CVE-2018-9017 (dsmall v20180320 allows XSS via the member search box at the ...)
- TODO: check
+ NOT-FOR-US: dsmall
CVE-2018-9016 (dsmall v20180320 allows XSS via the main page search box at the ...)
- TODO: check
+ NOT-FOR-US: dsmall
CVE-2018-9015 (dsmall v20180320 allows XSS via the ...)
- TODO: check
+ NOT-FOR-US: dsmall
CVE-2018-9014 (dsmall v20180320 allows physical path leakage via a ...)
- TODO: check
+ NOT-FOR-US: dsmall
CVE-2018-9013
RESERVED
CVE-2018-9012
@@ -20,7 +20,7 @@ CVE-2018-9012
CVE-2018-9011
RESERVED
CVE-2018-9010 (Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote ...)
- TODO: check
+ NOT-FOR-US: Intelbras
CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the decompileJUMP ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/131
@@ -83,9 +83,9 @@ CVE-2018-8981
CVE-2018-8980
RESERVED
CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a ...)
- TODO: check
+ NOT-FOR-US: Open-AudIT Professional
CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an ...)
- TODO: check
+ NOT-FOR-US: Open-AudIT Professional
CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in ...)
TODO: check
CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...)
@@ -154,7 +154,7 @@ CVE-2018-8949 (An issue was discovered in app/Model/Attribute.php in MISP before
CVE-2018-8948 (In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has ...)
NOT-FOR-US: MISP
CVE-2018-8947 (rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding ...)
- TODO: check
+ NOT-FOR-US: rap2hpoutre Laravel Log Viewer
CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect Access ...)
- i-librarian <itp> (bug #649291)
NOTE: https://github.com/mkucej/i-librarian/issues/124
@@ -489,7 +489,7 @@ CVE-2018-8819
CVE-2018-8818
RESERVED
CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...)
- TODO: check
+ NOT-FOR-US: Wampserver
CVE-2018-8816
RESERVED
CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in ...)
@@ -3019,7 +3019,7 @@ CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via ...)
CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Western ...)
NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. ...)
- TODO: check
+ NOT-FOR-US: Acrolinx Server
CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps ...)
- gpac <unfixed> (bug #892526)
[wheezy] - gpac <not-affected> (vulnerable code not present)
@@ -20831,7 +20831,7 @@ CVE-2018-1223
CVE-2018-1222
RESERVED
CVE-2018-1221 (In cf-deployment before 1.14.0 and routing-release before 0.172.0, the ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect ...)
NOT-FOR-US: EMC RSA Archer
CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...)
@@ -20885,7 +20885,7 @@ CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running insi
CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used to ...)
NOT-FOR-US: Spring Boot
CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment versions ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1194
RESERVED
CVE-2018-1193
@@ -23303,9 +23303,9 @@ CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier
CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier ...)
NOT-FOR-US: Jtrim installer
CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8 allows an ...)
- TODO: check
+ NOT-FOR-US: WebProxy (some software released by LunarLight)
CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to ...)
- TODO: check
+ NOT-FOR-US: Tiny FTP Daemon
CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 allows ...)
NOT-FOR-US: ViX
CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary ...)
@@ -26818,7 +26818,7 @@ CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Bui
CVE-2017-16243
RESERVED
CVE-2017-16242 (An issue was discovered on MECO USB Memory Stick with Fingerprint ...)
- TODO: check
+ NOT-FOR-US: MECO
CVE-2017-1000384
REJECTED
CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...)
@@ -29535,7 +29535,7 @@ CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an ...
CVE-2017-15327
RESERVED
CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions earlier ...)
NOT-FOR-US: Bdat driver of Prague smart phones
CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS ...)
@@ -59123,7 +59123,7 @@ CVE-2017-5738 (Escalation of privilege vulnerability in admin portal for Intel U
CVE-2017-5737
RESERVED
CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions Platform ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2017-5735
RESERVED
CVE-2017-5734
@@ -66951,7 +66951,7 @@ CVE-2016-9882 (An issue was discovered in Cloud Foundry Foundation cf-release ve
CVE-2016-9881
REJECTED
CVE-2016-9880 (The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x ...)
- libspring-security-java <itp> (bug #582181)
NOTE: https://pivotal.io/security/cve-2016-9879
@@ -72442,13 +72442,13 @@ CVE-2017-0937
CVE-2017-0936
RESERVED
CVE-2017-0935 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0934 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0933 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0932 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0931
RESERVED
CVE-2017-0930
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7634c39592c5e8c40619dd8da83e1161e7bfd7c5...f411120e4e894ef88a4e958f891b39b7db1e3e2d
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7634c39592c5e8c40619dd8da83e1161e7bfd7c5...f411120e4e894ef88a4e958f891b39b7db1e3e2d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180326/87ff7e19/attachment-0001.html>
More information about the Secure-testing-commits
mailing list