[Git][security-tracker-team/security-tracker][master] note on hadoop CVE ID
Moritz Muehlenhoff
jmm at debian.org
Wed May 2 09:29:05 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2484d811 by Moritz Muehlenhoff at 2018-05-02T10:28:37+02:00
note on hadoop CVE ID
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -17,17 +17,17 @@ CVE-2018-10649
CVE-2018-10648
RESERVED
CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation ...)
- TODO: check
+ NOT-FOR-US: SaferVPN
CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege ...)
- TODO: check
+ NOT-FOR-US: CyberGhost
CVE-2018-10645 (Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM ...)
- TODO: check
+ NOT-FOR-US: Golden Frog VyprVPN
CVE-2018-10644
RESERVED
CVE-2018-10643
RESERVED
CVE-2018-10642 (Command injection vulnerability in Combodo iTop 2.4.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2018-10641
RESERVED
CVE-2018-10640
@@ -167,7 +167,7 @@ CVE-2018-10575 (An issue was discovered on WatchGuard AP100, AP102, and AP200 de
CVE-2018-10574 (site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows ...)
NOT-FOR-US: BigTree CMS
CVE-2018-1000172 (Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross ...)
- TODO: check
+ NOT-FOR-US: Imagely NextGEN Gallery
CVE-2018-10573 (interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote ...)
NOT-FOR-US: OpenEMR
CVE-2018-10572 (interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote ...)
@@ -252,7 +252,7 @@ CVE-2018-10545 (An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.2
NOTE: Fixed in 5.6.35, 7.0.29, 7.1.16, 7.2.4
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75605
CVE-2018-10544 (Meross MSS110 devices through 1.1.24 contain an unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Meross MSS110
CVE-2018-10543
RESERVED
CVE-2018-10542
@@ -522,7 +522,7 @@ CVE-2018-10434
CVE-2018-10433
RESERVED
CVE-2017-18262 (Blackboard Learn (Since at least 17th of October 2017) has allowed ...)
- TODO: check
+ NOT-FOR-US: Blackboard Learn
CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-259.html
@@ -914,17 +914,17 @@ CVE-2018-10262
CVE-2018-10261
RESERVED
CVE-2018-10260 (A Local File Inclusion vulnerability was found in HRSALE The Ultimate ...)
- TODO: check
+ NOT-FOR-US: HRSALE
CVE-2018-10259 (An Authenticated Stored XSS vulnerability was found in HRSALE The ...)
- TODO: check
+ NOT-FOR-US: HRSALE
CVE-2018-10258 (A CSV Injection vulnerability was discovered in Shopy Point of Sale ...)
- TODO: check
+ NOT-FOR-US: Shopy
CVE-2018-10257 (A CSV Injection vulnerability was discovered in HRSALE The Ultimate ...)
- TODO: check
+ NOT-FOR-US: HRSALE
CVE-2018-10256 (A SQL Injection vulnerability was discovered in HRSALE The Ultimate ...)
- TODO: check
+ NOT-FOR-US: HRSALE
CVE-2018-10255 (A CSV Injection vulnerability was discovered in clustercoding Blog ...)
- TODO: check
+ NOT-FOR-US: clustercoding
CVE-2018-10254 (Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the ...)
- nasm <unfixed> (bug #896523)
[stretch] - nasm <no-dsa> (Minor issue)
@@ -4095,7 +4095,7 @@ CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with firmwar
CVE-2018-8940
RESERVED
CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold ...)
- TODO: check
+ NOT-FOR-US: Ipswitch
CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp in ...)
TODO: check
CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is possible ...)
@@ -6521,7 +6521,7 @@ CVE-2018-7903
CVE-2018-7902
RESERVED
CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software versions ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7900
RESERVED
CVE-2018-7899 (The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones ...)
@@ -88346,6 +88346,7 @@ CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x
CVE-2016-6811 (In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn ...)
- hadoop <itp> (bug #793644)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/01/2
+ NOTE: CVE ID will be moved to something CVE-2018-
CVE-2016-6810 (In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site ...)
- activemq 5.14.2+dfsg-1 (unimportant)
NOTE: Admin console not enabled in the Debian package, see #702670
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2484d811888f9fbb29f71133dd4ac3927433ed58
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2484d811888f9fbb29f71133dd4ac3927433ed58
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180502/c74de774/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list