[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Oct 24 11:03:51 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81533b11 by Moritz Muehlenhoff at 2018-10-24T10:03:15Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2018-18630
 CVE-2018-18629
 	RESERVED
 CVE-2018-18628 (An issue was discovered in Pippo 1.11.0. The function ...)
-	TODO: check
+	NOT-FOR-US: Pippo
 CVE-2017-18349 (parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in ...)
-	TODO: check
+	NOT-FOR-US: FastjsonEngine
 CVE-2018-18627
 	RESERVED
 CVE-2018-18626 (An issue was discovered in PHPYun V4.6. There is a vulnerability that ...)
@@ -360,7 +360,7 @@ CVE-2018-18477
 CVE-2018-18476
 	RESERVED
 CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3 build 123214 allows ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2018-18474
 	RESERVED
 CVE-2018-18473
@@ -376,7 +376,7 @@ CVE-2018-18469
 CVE-2018-18468
 	RESERVED
 CVE-2018-18467 (An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is ...)
-	TODO: check
+	NOT-FOR-US: Daniel Gultsch Conversations
 CVE-2018-18466
 	RESERVED
 CVE-2018-18465
@@ -476,7 +476,7 @@ CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its associa
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html
 CVE-2018-18437 (In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, ...)
-	TODO: check
+	NOT-FOR-US: AXIOS
 CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the ...)
 	NOT-FOR-US: JTBC(PHP)
 CVE-2018-18435
@@ -1731,7 +1731,7 @@ CVE-2018-17972 (An issue was discovered in the proc_pid_stack function in ...)
 CVE-2018-17969 (Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote ...)
 	NOT-FOR-US: Samsung SCX-6545X V2.00.03.01 03-23-2012 devices
 CVE-2018-17968 (A gambling smart contract implementation for RuletkaIo, an Ethereum ...)
-	TODO: check
+	NOT-FOR-US: RuletkaIo
 CVE-2018-17967 (ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in ...)
 	- imagemagick <unfixed> (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1051
@@ -1943,7 +1943,7 @@ CVE-2018-17879
 CVE-2018-17878
 	RESERVED
 CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ethereum ...)
-	TODO: check
+	NOT-FOR-US: Greedy 599
 CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version ...)
 	NOT-FOR-US: Coaster CMS
 CVE-2018-17875
@@ -1951,7 +1951,7 @@ CVE-2018-17875
 CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
 	NOT-FOR-US: ExpressionEngine
 CVE-2018-17873 (An incorrect access control vulnerability in the FTP configuration of ...)
-	TODO: check
+	NOT-FOR-US: WifiRanger
 CVE-2018-17872 (Verba Collaboration Compliance and Quality Management Platform before ...)
 	NOT-FOR-US: Verba Collaboration Compliance and Quality Management Platform
 CVE-2018-17871 (Verba Collaboration Compliance and Quality Management Platform before ...)
@@ -2922,15 +2922,15 @@ CVE-2018-17449 [Confidential information disclosure in events API endpoint]
 	[stretch] - gitlab <not-affected> (Only affects 9.3 and later)
 	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17448 (An Incorrect Access Control issue was discovered in Citrix SD-WAN ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2018-17447 (An Information Exposure Through Log Files issue was discovered in ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2018-17446 (A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2018-17445 (A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2018-17444 (A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2018-17443 (An issue was discovered on D-Link Central WiFi Manager before v ...)
 	NOT-FOR-US: D-Link
 CVE-2018-17442 (An issue was discovered on D-Link Central WiFi Manager before v ...)
@@ -5835,7 +5835,7 @@ CVE-2018-16237 (An issue was discovered in damiCMS V6.0.1. There is Directory Tr
 CVE-2018-16236 (cPanel through 74 allows XSS via a crafted filename in the logs ...)
 	NOT-FOR-US: cPanel
 CVE-2018-16235 (Telligent Community 6.x, 7.x, 8.x, 9.x, and 10.x up to 10.1.10.11792 ...)
-	TODO: check
+	NOT-FOR-US: Telligent Community
 CVE-2018-16234 (MorningStar WhatWeb 0.4.9 has XSS via JSON report files. ...)
 	NOT-FOR-US: MorningStar WhatWeb
 CVE-2018-16233 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. ...)
@@ -5853,7 +5853,7 @@ CVE-2018-16228
 CVE-2018-16227
 	RESERVED
 CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice Office ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2018-16225 (The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network ...)
 	NOT-FOR-US: QBee MultiSensor Camera
 CVE-2018-16224
@@ -7742,7 +7742,7 @@ CVE-2018-15499 (GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, al
 CVE-2018-15498
 	RESERVED
 CVE-2018-15497 (The Mitel MiVoice 5330e VoIP device is affected by memory corruption ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2018-15496
 	RESERVED
 CVE-2018-15495 (/filemanager/upload.php in Responsive FileManager before 9.13.3 allows ...)
@@ -9174,7 +9174,7 @@ CVE-2018-14830
 CVE-2018-14829 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This ...)
 	NOT-FOR-US: Rockwell Automation RSLinx Classic
 CVE-2018-14828 (Advantech WebAccess 8.3.1 and earlier has an improper privilege ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2018-14827 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A ...)
 	NOT-FOR-US: Rockwell Automation RSLinx Classic
 CVE-2018-14826 (Entes EMG12 versions 2.57 and prior The application uses a web ...)
@@ -9190,7 +9190,7 @@ CVE-2018-14822 (Entes EMG12 versions 2.57 and prior an information exposure thro
 CVE-2018-14821 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This ...)
 	NOT-FOR-US: Rockwell Automation RSLinx Classic
 CVE-2018-14820 (Advantech WebAccess 8.3.1 and earlier has a .dll component that is ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2018-14819 (Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14818 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and ...)
@@ -9198,7 +9198,7 @@ CVE-2018-14818 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prio
 CVE-2018-14817 (Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14816 (Advantech WebAccess 8.3.1 and earlier has several stack-based buffer ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2018-14815 (Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14814
@@ -9218,7 +9218,7 @@ CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5.  Non-administrative u
 CVE-2018-14807 (A stack-based buffer overflow vulnerability in Opto 22 PAC Control ...)
 	NOT-FOR-US: Opto
 CVE-2018-14806 (Advantech WebAccess 8.3.1 and earlier has a path traversal ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the system ...)
 	NOT-FOR-US: ABB eSOMS
 CVE-2018-14804 (Emerson AMS Device Manager v12.0 to v13.5.  A specially crafted ...)
@@ -13945,7 +13945,7 @@ CVE-2018-12903 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity) ...
 CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search bar of ...)
 	NOT-FOR-US: Easy Magazine
 CVE-2018-12901 (A vulnerability in the conferencing component of Mitel ST 14.2, ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...)
 	- tiff <unfixed> (bug #902718)
 	[stretch] - tiff <postponed> (Minor issue, can be fixed along in future DSA)
@@ -28768,17 +28768,17 @@ CVE-2018-7434 (zzcms 8.2 allows remote attackers to discover the full path via a
 CVE-2018-7433 (The iThemes Security plugin before 6.9.1 for WordPress does not ...)
 	NOT-FOR-US: iThemes Security plugin for WordPress
 CVE-2018-7432 (Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2018-7431 (Directory traversal vulnerability in the Splunk Django App in Splunk ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2018-7430
 	RESERVED
 CVE-2018-7429 (Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2018-7428
 	RESERVED
 CVE-2018-7427 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2018-7426
 	RESERVED
 CVE-2018-7425



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81533b119a0f3a0e0bf3a2d08de5843cfa9fcac5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81533b119a0f3a0e0bf3a2d08de5843cfa9fcac5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181024/01d14b87/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list