[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Oct 25 09:26:43 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc153e8f by Moritz Muehlenhoff at 2018-10-25T08:26:22Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,13 +21,13 @@ CVE-2018-18640
CVE-2018-18639
RESERVED
CVE-2018-18638 (A command injection vulnerability in the setup API in the Neato Botvac ...)
- TODO: check
+ NOT-FOR-US: Neato
CVE-2018-18637
RESERVED
CVE-2018-18636 (XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18635 (www/guis/admin/application/controllers/UserController.php in the ...)
- TODO: check
+ NOT-FOR-US: MailCleaner
CVE-2018-18634
RESERVED
CVE-2018-18633
@@ -64,7 +64,7 @@ CVE-2018-18623
CVE-2018-18622 (An issue was discovered in Waimai Super Cms 20150505. There is XSS via ...)
NOT-FOR-US: Waimai Super Cms
CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! ...)
- TODO: check
+ NOT-FOR-US: CommuniGate Pro
CVE-2018-18620
RESERVED
CVE-2018-18619
@@ -194,11 +194,11 @@ CVE-2018-18570
CVE-2018-18569
RESERVED
CVE-2018-18568 (Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Polycom
CVE-2018-18567 (AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: AudioCodes devices
CVE-2018-18566 (The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and ...)
- TODO: check
+ NOT-FOR-US: Polycom
CVE-2018-18565
RESERVED
CVE-2018-18564
@@ -233,17 +233,17 @@ CVE-2018-18554
CVE-2018-18553 (Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is ...)
NOT-FOR-US: Leanote
CVE-2018-18552 (ServersCheck Monitoring Software through 14.3.3 allows local users to ...)
- TODO: check
+ NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18551 (ServersCheck Monitoring Software through 14.3.3 has Persistent and ...)
- TODO: check
+ NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18550 (ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by ...)
NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18549
RESERVED
CVE-2018-18548 (ajenticp (aka Ajenti Docker control panel) for Ajenti through ...)
- TODO: check
+ NOT-FOR-US: Ajenti
CVE-2018-18547 (Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain ...)
- TODO: check
+ NOT-FOR-US: Vesta Control Panel
CVE-2018-18546 (ThinkPHP 3.2.4 has SQL Injection via the order parameter because the ...)
NOT-FOR-US: ThinkPHP
CVE-2018-18545 (Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name ...)
@@ -318,7 +318,7 @@ CVE-2018-18519
CVE-2018-18518
RESERVED
CVE-2018-18517 (Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-18516
RESERVED
CVE-2018-18515
@@ -1668,9 +1668,9 @@ CVE-2018-18016 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCX
CVE-2018-18015
RESERVED
CVE-2018-18014 (** DISPUTED *** Lack of authentication in Citrix Xen Mobile through ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-18013 (** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-18012
RESERVED
CVE-2018-18011
@@ -1888,11 +1888,11 @@ CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX Control
CVE-2018-17924
RESERVED
CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SAGA1-L8B
CVE-2018-17922
RESERVED
CVE-2018-17921 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SAGA1-L8B
CVE-2018-17920
RESERVED
CVE-2018-17919 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud ...)
@@ -1928,7 +1928,7 @@ CVE-2018-17905
CVE-2018-17904
RESERVED
CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SAGA1-L8B
CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17901 (LAquis SCADA Versions 4.1.0.3870 and prior, when processing project ...)
@@ -9256,7 +9256,7 @@ CVE-2018-14814
CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14812 (An uncontrolled search path element (DLL Hijacking) vulnerability has ...)
- TODO: check
+ NOT-FOR-US: Fuji
CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14810 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and ...)
@@ -12977,7 +12977,7 @@ CVE-2018-13344
CVE-2018-13343
RESERVED
CVE-2018-13342 (The server API in the Anda app relies on hardcoded credentials. ...)
- TODO: check
+ NOT-FOR-US: Anda app
CVE-2018-13341 (Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all ...)
NOT-FOR-US: Creston
CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. ...)
@@ -14571,7 +14571,7 @@ CVE-2018-12652
CVE-2018-12651
RESERVED
CVE-2018-12650 (Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting ...)
- TODO: check
+ NOT-FOR-US: Adrenalin HRMS
CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php in MISP ...)
NOT-FOR-US: MISP
CVE-2018-12648 (The WEBP::GetLE32 function in ...)
@@ -17131,7 +17131,7 @@ CVE-2018-11794
CVE-2018-11793
RESERVED
CVE-2018-11792 (In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER ...)
- TODO: check
+ NOT-FOR-US: Apache Impala
CVE-2018-11791
RESERVED
CVE-2018-11790
@@ -17145,7 +17145,7 @@ CVE-2018-11787 (In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the .
CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf ...)
- apache-karaf <itp> (bug #881297)
CVE-2018-11785 (Missing authorization check in Apache Impala before 3.0.1 allows a ...)
- TODO: check
+ NOT-FOR-US: Apache Impala
CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...)
{DLA-1545-1 DLA-1544-1}
- tomcat9 <itp> (bug #802312)
@@ -23763,11 +23763,11 @@ CVE-2018-9283 (An XSS issue was discovered in CremeCRM 1.6.12. It is affected by
CVE-2018-9282 (An XSS issue was discovered in Subsonic Media Server 6.1.1. The ...)
NOT-FOR-US: Subsonic Media Server
CVE-2018-9281 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2018-9280 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2018-9279 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2018-9278
RESERVED
CVE-2018-9277
@@ -24684,7 +24684,7 @@ CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, re
CVE-2018-8956
RESERVED
CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded string ...)
- TODO: check
+ NOT-FOR-US: BitDefender GravityZone
CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...)
NOT-FOR-US: CA Workload Control Center
CVE-2018-8953 (CA Workload Automation AE before r11.3.6 SP7 allows remote attackers ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc153e8f62bd8902f65482c085fe41c8531512bc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc153e8f62bd8902f65482c085fe41c8531512bc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181025/9780bc62/attachment.html>
More information about the debian-security-tracker-commits
mailing list