[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Nov 8 21:38:01 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
569d3f14 by Moritz Muehlenhoff at 2018-11-08T21:37:27Z
NFUs
two noisy wp reportsx
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -127,7 +127,7 @@ CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable
CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ...)
NOT-FOR-US: SimpleMDE
CVE-2018-19056 (pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" ...)
- TODO: check
+ NOT-FOR-US: pandao Editor.md
CVE-2018-XXXX [VirtualBox E1000 Guest-to-Host Escape]
- virtualbox <unfixed> (bug #913137)
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
@@ -6235,7 +6235,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa
CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference ...)
NOT-FOR-US: zephyr-rtos
CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
- TODO: check
+ - wordpress <undetermined>
CVE-2018-1000673
REJECTED
CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirection to ...)
@@ -6270,7 +6270,7 @@ CVE-2018-1000659 (LimeSurvey version 3.14.4 and earlier contains a directory tra
CVE-2018-1000658 (LimeSurvey version prior to 3.14.4 contains a file upload ...)
- limesurvey <itp> (bug #472802)
CVE-2017-1000600 (WordPress version <4.9 contains a CWE-20 Input Validation ...)
- TODO: check
+ - wordpress <undetermined>
CVE-2018-16553
RESERVED
CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, ...)
@@ -24527,7 +24527,7 @@ CVE-2018-9491 (In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a pos
CVE-2018-9490 (In CollectValuesOrEntriesImpl of elements.cc, there is possible remote ...)
NOT-FOR-US: Android
CVE-2018-9489 (When wifi is switched, function sendNetworkStateChangeBroadcast of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9488 (In the SELinux permissions of crash_dump.te, there is a permissions ...)
NOT-FOR-US: Android
CVE-2018-9487
@@ -25356,7 +25356,7 @@ CVE-2018-9210
CVE-2018-9209
RESERVED
CVE-2018-9208 (Unauthenticated arbitrary file upload vulnerability in jQuery Picture ...)
- TODO: check
+ NOT-FOR-US: jQuery Picture
CVE-2018-9207
RESERVED
CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp ...)
@@ -28282,7 +28282,7 @@ CVE-2018-8022 (A carefully crafted invalid TLS handshake can cause Apache Traffi
NOTE: Only affects 6.x, marking 7.0 as the fixed version
NOTE: https://github.com/apache/trafficserver/pull/2147
CVE-2018-8021 (Versions of Superset prior to 0.23 used an unsafe load method from the ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2018-8020 (Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw ...)
{DLA-1475-1}
- tomcat-native 1.2.17-1
@@ -33353,25 +33353,25 @@ CVE-2018-6444
CVE-2018-6443
RESERVED
CVE-2018-6442 (A vulnerability in the Brocade Webtools firmware update section of ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2018-6441 (A vulnerability in Secure Shell implementation of Brocade Fabric OS ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2018-6440
RESERVED
CVE-2018-6439
RESERVED
CVE-2018-6438 (A Vulnerability in the supportsave command of Brocade Fabric OS ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2018-6437 (A Vulnerability in the help command of Brocade Fabric OS command line ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2018-6436 (A Vulnerability in the firmwaredownload command of Brocade Fabric OS ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2018-6435 (A Vulnerability in the secryptocfg command of Brocade Fabric OS ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2018-6434 (A vulnerability in the web management interface of Brocade Fabric OS ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2018-6433 (A vulnerability in the secryptocfg export command of Brocade Fabric OS ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2018-6432
RESERVED
CVE-2018-6431
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/569d3f1499220a05fba0f3a2268cac69df2e01ac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/569d3f1499220a05fba0f3a2268cac69df2e01ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181108/b7cc5ede/attachment.html>
More information about the debian-security-tracker-commits
mailing list