[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Oct 17 15:46:58 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bebd4eff by Moritz Muehlenhoff at 2018-10-17T14:46:33Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,27 +7,27 @@ CVE-2018-18438 [Integer overflow in ccid_card_vscard_read() allows memory corrup
CVE-2018-18437
RESERVED
CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the ...)
- TODO: check
+ NOT-FOR-US: JTBC(PHP)
CVE-2018-18435
RESERVED
CVE-2018-18434 (An issue was discovered in litemall 0.9.0. Arbitrary file download is ...)
- TODO: check
+ NOT-FOR-US: litemall
CVE-2018-18433 (An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has ...)
- TODO: check
+ NOT-FOR-US: DESTOON B2B
CVE-2018-18432 (An issue was discovered in DESTOON B2B 7.0. CSRF exists via the ...)
- TODO: check
+ NOT-FOR-US: DESTOON B2B
CVE-2018-18431 (An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text ...)
- TODO: check
+ NOT-FOR-US: DESTOON B2B
CVE-2018-18430 (An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has ...)
- TODO: check
+ NOT-FOR-US: DESTOON B2B
CVE-2018-18429
RESERVED
CVE-2018-18428
RESERVED
CVE-2018-18427 (s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter ...)
- TODO: check
+ NOT-FOR-US: s-cms
CVE-2018-18426 (s-cms 3.0 allows remote attackers to execute arbitrary PHP code by ...)
- TODO: check
+ NOT-FOR-US: s-cms
CVE-2018-18425
RESERVED
CVE-2018-18424
@@ -35,7 +35,7 @@ CVE-2018-18424
CVE-2018-18423
RESERVED
CVE-2018-18422 (UsualToolCMS 8.0 allows CSRF for adding a user account via the ...)
- TODO: check
+ NOT-FOR-US: UsualToolCMS
CVE-2018-18421
RESERVED
CVE-2018-18420
@@ -1369,7 +1369,7 @@ CVE-2018-17913
CVE-2018-17912
RESERVED
CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based ...)
- TODO: check
+ NOT-FOR-US: LAquis SCADA
CVE-2018-17910
RESERVED
CVE-2018-17909
@@ -1389,23 +1389,23 @@ CVE-2018-17903
CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17901 (LAquis SCADA Versions 4.1.0.3870 and prior, when processing project ...)
- TODO: check
+ NOT-FOR-US: LAquis SCADA
CVE-2018-17900 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17899 (LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal ...)
- TODO: check
+ NOT-FOR-US: LAquis SCADA
CVE-2018-17898 (Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17897 (LAquis SCADA Versions 4.1.0.3870 and prior has several integer ...)
- TODO: check
+ NOT-FOR-US: LAquis SCADA
CVE-2018-17896 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17895 (LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: LAquis SCADA
CVE-2018-17894 (NUUO CMS all versions 3.1 and prior, The application creates default ...)
NOT-FOR-US: NUUO CMS
CVE-2018-17893 (LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer ...)
- TODO: check
+ NOT-FOR-US: LAquis SCADA
CVE-2018-17892 (NUUO CMS all versions 3.1 and prior, The application implements a ...)
NOT-FOR-US: NUUO CMS
CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running ...)
@@ -12309,7 +12309,7 @@ CVE-2018-13401
CVE-2018-13400
RESERVED
CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and Crucible ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye and ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2018-13397
@@ -29709,7 +29709,7 @@ CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data .
CVE-2018-6975 (The AirWatch Agent for iOS prior to 5.8.1 contains a data protection ...)
NOT-FOR-US: AirWatch Agent for iOS
CVE-2018-6974 (VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2018-6973 (VMware Workstation (14.x before 14.1.3) and Fusion (10.x before ...)
NOT-FOR-US: VMware
CVE-2018-6972 (VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ...)
@@ -38482,11 +38482,11 @@ CVE-2018-3957 (A use-after-free vulnerability exists in the JavaScript engine of
CVE-2018-3956
RESERVED
CVE-2018-3955 (An exploitable operating system command injection exists in the ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2018-3954 (Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2018-3953 (Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2018-3952 (An exploitable code execution vulnerability exists in the connect ...)
NOT-FOR-US: NordVPN
CVE-2018-3951
@@ -41306,7 +41306,7 @@ CVE-2018-3212 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-3211 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- openjdk-8 <not-affected> (Specific to Oracle Java)
CVE-2018-3210 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3209 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjfx <unfixed>
[stretch] - openjfx <ignored> (Specific details withheld by Oracle, impossible to fix)
@@ -41457,7 +41457,7 @@ CVE-2018-3154 (Vulnerability in the PeopleSoft Enterprise PeopleTools component
CVE-2018-3153 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-3152 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3151 (Vulnerability in the Oracle iProcurement component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-3150 (Vulnerability in the Java SE component of Oracle Java SE ...)
@@ -42000,7 +42000,7 @@ CVE-2018-2913 (Vulnerability in the Oracle GoldenGate component of Oracle Golden
CVE-2018-2912 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate ...)
NOT-FOR-US: Oracle
CVE-2018-2911 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-2910
RESERVED
CVE-2018-2909 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bebd4eff8f204bb43785c110d3dcceed9a6783cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bebd4eff8f204bb43785c110d3dcceed9a6783cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181017/ebaa84e6/attachment.html>
More information about the debian-security-tracker-commits
mailing list