[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu May 24 13:38:47 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12e2f920 by Moritz Muehlenhoff at 2018-05-24T14:38:23+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20,19 +20,19 @@ CVE-2018-11407
CVE-2018-11406
RESERVED
CVE-2018-11405 (Kliqqi 2.0.2 has CSRF in admin/admin_users.php. ...)
- TODO: check
+ NOT-FOR-US: Kliqqi
CVE-2018-11404 (DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php ...)
- TODO: check
+ NOT-FOR-US: DomainMod
CVE-2018-11403 (DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid ...)
- TODO: check
+ NOT-FOR-US: DomainMod
CVE-2018-11402 (SimpliSafe Original has Unencrypted Keypad Transmissions, which allows ...)
- TODO: check
+ NOT-FOR-US: SimpliSafe Original
CVE-2018-11401 (In SimpliSafe Original, RF Interference (e.g., an extremely strong ...)
- TODO: check
+ NOT-FOR-US: SimpliSafe Original
CVE-2018-11400 (In SimpliSafe Original, the Base Station fails to detect tamper ...)
- TODO: check
+ NOT-FOR-US: SimpliSafe Original
CVE-2018-11399 (SimpliSafe Original has Unencrypted Sensor Transmissions, which allows ...)
- TODO: check
+ NOT-FOR-US: SimpliSafe Original
CVE-2018-11398
RESERVED
CVE-2018-11397
@@ -240,7 +240,7 @@ CVE-2018-11336
CVE-2018-11335
RESERVED
CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a NULL DACL that allows ...)
- TODO: check
+ NOT-FOR-US: Windscribe
CVE-2018-11333
RESERVED
CVE-2018-11332
@@ -504,7 +504,7 @@ CVE-2018-11232 (The etm_setup_aux function in ...)
- linux <not-affected> (Vulnerable code never present in unstable)
NOTE: Fixed by: https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f
CVE-2018-11231 (In the Divido plugin for OpenCart, there is SQL injection. Attackers ...)
- TODO: check
+ NOT-FOR-US: OpenCart plugin
CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows ...)
NOT-FOR-US: jbig2enc
CVE-2018-11229
@@ -1851,19 +1851,19 @@ CVE-2018-10656
CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 ...)
NOT-FOR-US: DeviceLock Plug and Play Auditor
CVE-2018-10654 (There is a Hazelcast Library Java Deserialization Vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10653 (There is an XML External Entity (XXE) Processing Vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10652 (There is a Sensitive Data Leakage issue in Citrix XenMobile Server ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10651 (There are Open Redirect Vulnerabilities in Citrix XenMobile Server ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10650 (There is an Insufficient Path Validation Vulnerability in Citrix ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10649 (There is a Cross-Site Scripting Vulnerability in Citrix XenMobile ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10648 (There are Unauthenticated File Upload Vulnerabilities in Citrix ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation ...)
NOT-FOR-US: SaferVPN
CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege ...)
@@ -2406,7 +2406,7 @@ CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. Ther
CVE-2018-10429 (Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the ...)
NOT-FOR-US: Cosmo
CVE-2018-10428 (ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2018-10427
RESERVED
CVE-2018-10426
@@ -2587,19 +2587,19 @@ CVE-2018-10359
CVE-2018-10358
RESERVED
CVE-2018-10357 (A directory traversal vulnerability in Trend Micro Endpoint ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10356 (A SQL injection remote code execution vulnerability in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10355 (An authentication weakness vulnerability in Trend Micro Email ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10354 (A command injection remote command execution vulnerability in Trend ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10353 (A SQL injection information disclosure vulnerability in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10352 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10351 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10350
RESERVED
CVE-2018-10349
@@ -6157,7 +6157,7 @@ CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and Sentin
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 ...)
NOT-FOR-US: IdentityServer
CVE-2018-8898 (A flaw in the authentication mechanism in the Login Panel of router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...)
{DSA-4201-1 DSA-4196-1}
- linux 4.15.17-1
@@ -7816,7 +7816,7 @@ CVE-2018-8178 (A remote code execution vulnerability exists in the way that Micr
CVE-2018-8177 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
CVE-2018-8176 (A remote code execution vulnerability exists in Microsoft PowerPoint ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8175
RESERVED
CVE-2018-8174 (A remote code execution vulnerability exists in the way that the ...)
@@ -10507,7 +10507,7 @@ CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG ..
CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage method ...)
NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7295 (ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on ...)
- TODO: check
+ NOT-FOR-US: Final Fantasy
CVE-2018-7294
RESERVED
CVE-2018-7293
@@ -12968,7 +12968,7 @@ CVE-2018-6497
CVE-2018-6496
RESERVED
CVE-2018-6495 (Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software Web Tier, ...)
NOT-FOR-US: HP
CVE-2018-6493 (SQL Injection in HP Network Operations Management Ultimate, version ...)
@@ -27413,9 +27413,9 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest .
CVE-2018-1311
RESERVED
CVE-2018-1310 (Apache NiFi JMS Deserialization issue because of ActiveMQ client ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-1309 (Apache NiFi External XML Entity issue in SplitXML processor. Malicious ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 ...)
{DSA-4194-1 DLA-1360-1}
- lucene-solr 3.6.2+dfsg-12 (bug #896604)
@@ -27774,7 +27774,7 @@ CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment versi
CVE-2018-1194
REJECTED
CVE-2018-1193 (Cloud Foundry routing-release, versions prior to 0.175.0, lacks ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285; ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an ...)
@@ -54799,7 +54799,7 @@ CVE-2017-9319
CVE-2017-9318
RESERVED
CVE-2017-9317 (Privilege escalation vulnerability found in some Dahua IP devices. ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2017-9316 (Firmware upgrade authentication bypass vulnerability was found in ...)
NOT-FOR-US: Dahua
CVE-2017-9315 (Customer of Dahua IP camera or IP PTZ could submit relevant device ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12e2f9208039c6a76f7736eca45e6dbb197aa71c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12e2f9208039c6a76f7736eca45e6dbb197aa71c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180524/044c25f8/attachment.html>
More information about the debian-security-tracker-commits
mailing list