[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Oct 22 17:11:23 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
673f8530 by Moritz Muehlenhoff at 2018-10-22T16:10:00Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -170,9 +170,9 @@ CVE-2018-18483 (The get_count function in cplus-dem.c in GNU libiberty, as distr
CVE-2018-18482 (An issue was discovered in libpg_query 10-1.0.2. There is a memory leak ...)
NOT-FOR-US: libpg_query
CVE-2018-18481 (A heap-based buffer over-read exists in libopencad 0.2.0 in the ...)
- TODO: check
+ NOT-FOR-US: libopenca
CVE-2018-18480 (A heap-based buffer over-read exists in libopencad 0.2.0 in the ...)
- TODO: check
+ NOT-FOR-US: libopenca
CVE-2018-18479
RESERVED
CVE-2018-18478 (Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 ...)
@@ -944,9 +944,9 @@ CVE-2018-18225 (In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. Thi
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=09a02cc1ea6de9f6c6cae75b3510a5477ef5f555
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-49.html
CVE-2018-18224 (A vulnerability exists in the file reading procedure in Open Design ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance Drawings
CVE-2018-18223 (Open Design Alliance Drawings SDK 2019Update1 has a vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance Drawings
CVE-2018-18222
RESERVED
CVE-2018-18221
@@ -1395,7 +1395,7 @@ CVE-2018-18028
CVE-2018-18027
RESERVED
CVE-2018-18026 (IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower ...)
- TODO: check
+ NOT-FOR-US: IObit Malware Fighter
CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...)
- imagemagick <unfixed> (bug #911435)
[stretch] - imagemagick <postponed> (Fix along in next DSA)
@@ -5658,7 +5658,7 @@ CVE-2018-16234 (MorningStar WhatWeb 0.4.9 has XSS via JSON report files. ...)
CVE-2018-16233 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. ...)
NOT-FOR-US: MiniCMS
CVE-2018-16232 (An authenticated command injection vulnerability exists in IPFire ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows ...)
NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230
@@ -9033,7 +9033,7 @@ CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users ...)
NOT-FOR-US: Emerson AMS Device Manager
CVE-2018-14807 (A stack-based buffer overflow vulnerability in Opto 22 PAC Control ...)
- TODO: check
+ NOT-FOR-US: Opto
CVE-2018-14806
RESERVED
CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the system ...)
@@ -9672,7 +9672,7 @@ CVE-2017-18344 (The timer_create syscall implementation in kernel/time/posix-tim
[jessie] - linux 3.16.56-1
NOTE: Fixed by: https://git.kernel.org/linus/cef31d9af908243421258f1df35a4a644604efbe
CVE-2018-14597 (CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA ...)
- TODO: check
+ NOT-FOR-US: CA Technologies Identity Governance
CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory traversal, ...)
- mono <unfixed>
[stretch] - mono <no-dsa> (Minor issue)
@@ -14286,25 +14286,25 @@ CVE-2018-12677
CVE-2018-12676
RESERVED
CVE-2018-12675 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and ...)
- TODO: check
+ NOT-FOR-US: SV3C
CVE-2018-12674 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and ...)
- TODO: check
+ NOT-FOR-US: SV3C
CVE-2018-12673 (An attacker with remote access to the SV3C HD Camera (L-SERIES ...)
- TODO: check
+ NOT-FOR-US: SV3C
CVE-2018-12672 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not ...)
- TODO: check
+ NOT-FOR-US: SV3C
CVE-2018-12671 (An attacker with remote access to the SV3C HD Camera (L-SERIES ...)
- TODO: check
+ NOT-FOR-US: SV3C
CVE-2018-12670 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and ...)
- TODO: check
+ NOT-FOR-US: SV3C
CVE-2018-12669 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and ...)
- TODO: check
+ NOT-FOR-US: SV3C
CVE-2018-12668 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and ...)
- TODO: check
+ NOT-FOR-US: SV3C
CVE-2018-12667 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and ...)
- TODO: check
+ NOT-FOR-US: SV3C
CVE-2018-12666 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices ...)
- TODO: check
+ NOT-FOR-US: SV3C
CVE-2018-12665
RESERVED
CVE-2018-12664
@@ -19679,7 +19679,7 @@ CVE-2018-10826
CVE-2018-10825 (Mimo Baby 2 devices do not use authentication or encryption for the ...)
NOT-FOR-US: Mimo Baby 2
CVE-2018-10824 (An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-10823 (An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 ...)
NOT-FOR-US: D-Link
CVE-2018-10822 (Directory traversal vulnerability in the web interface on D-Link ...)
@@ -29704,9 +29704,9 @@ CVE-2018-7113
CVE-2018-7112
RESERVED
CVE-2018-7111 (A remote unauthorized access vulnerability was identified in HPE UIoT ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2018-7110 (A remote unauthorized disclosure of information vulnerability was ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2018-7109 (HPE has addressed a remote arbitrary file modification vulnerability ...)
NOT-FOR-US: HPE
CVE-2018-7108 (HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to ...)
@@ -29774,7 +29774,7 @@ CVE-2018-7078 (A remote code execution was identified in HPE Integrated Lights-O
CVE-2018-7077 (A security vulnerability in HPE XP P9000 Command View Advanced Edition ...)
NOT-FOR-US: HPE
CVE-2018-7076 (A remote code execution vulnerability was identified in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2018-7075 (A remote cross-site scripting (XSS) vulnerability was identified in ...)
NOT-FOR-US: HPE
CVE-2018-7074 (A remote code execution vulnerability was identified in HPE ...)
@@ -143744,13 +143744,13 @@ CVE-2015-4634 (SQL injection vulnerability in graphs.php in Cacti before 0.8.8e
NOTE: http://bugs.cacti.net/view.php?id=2577
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-4633 (Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, ...)
- TODO: check
+ - koha <itp> (bug #389876)
CVE-2015-4632 (Multiple directory traversal vulnerabilities in Koha 3.14.x before ...)
- TODO: check
+ - koha <itp> (bug #389876)
CVE-2015-4631 (Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x ...)
- TODO: check
+ - koha <itp> (bug #389876)
CVE-2015-4630 (Multiple cross-site request forgery (CSRF) vulnerabilities in Koha ...)
- TODO: check
+ - koha <itp> (bug #389876)
CVE-2015-4629 (Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to ...)
NOT-FOR-US: Huawei
CVE-2015-4628 (SQL injection vulnerability in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/673f85305ab077ee8db0c5ded20eef138539e0e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/673f85305ab077ee8db0c5ded20eef138539e0e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181022/b305d36b/attachment.html>
More information about the debian-security-tracker-commits
mailing list