[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Jan 3 13:49:36 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e3525b10 by Moritz Muehlenhoff at 2019-01-03T13:49:11Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -713,7 +713,7 @@ CVE-2018-20526
CVE-2018-20525
RESERVED
CVE-2018-20524 (The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use ...)
- TODO: check
+ NOT-FOR-US: Chat Anywhere Chrome extension
CVE-2018-20523
RESERVED
CVE-2018-20522
@@ -743,15 +743,15 @@ CVE-2018-20510
CVE-2018-20509
RESERVED
CVE-2018-20508 (CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This ...)
- TODO: check
+ NOT-FOR-US: CrashFix
CVE-2018-1000890 (FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection ...)
NOT-FOR-US: FrontAccounting
CVE-2018-1000889 (Logisim Evolution version 2.14.3 and earlier contains an XML External ...)
- TODO: check
+ NOT-FOR-US: Logisim Evolution
CVE-2018-1000888 (PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 ...)
TODO: check
CVE-2018-1000887 (Peel shopping peel-shopping_9_1_0 version contains a Cross Site ...)
- TODO: check
+ NOT-FOR-US: Peel shopping
CVE-2018-20511 (An issue was discovered in the Linux kernel before 4.18.11. The ...)
- linux 4.18.20-1
[stretch] - linux 4.9.130-1
@@ -968,9 +968,9 @@ CVE-2018-20439 (Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a d
CVE-2018-20438 (Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to ...)
NOT-FOR-US: Technicolor
CVE-2018-20437 (** DISPUTED ** An issue was discovered in the fileDownload function in ...)
- TODO: check
+ NOT-FOR-US: FEBS-Shiro
CVE-2018-20436 (** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android ...)
- TODO: check
+ NOT-FOR-US: Telegram for Android
CVE-2018-20435
RESERVED
CVE-2018-20434
@@ -1014,7 +1014,7 @@ CVE-2018-20423 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote
CVE-2018-20422 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote ...)
NOT-FOR-US: DiscuzX
CVE-2018-20421 (Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Go Ethereum
CVE-2018-20420 (In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access ...)
NOT-FOR-US: webERP
CVE-2018-20419 (DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an ...)
@@ -1126,7 +1126,7 @@ CVE-2018-20371 (PhotoRange Photo Vault 1.2 appends the password to the URI for .
CVE-2018-20370 (SZ NetChat before 7.9 has XSS in the MyName input field of the Options ...)
NOT-FOR-US: SZ NetChat
CVE-2018-20369 (Barracuda Message Archiver 2018 has XSS in the error_msg ...)
- TODO: check
+ NOT-FOR-US: Barracuda
CVE-2018-20368 (The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the ...)
NOT-FOR-US: Master Slider plugin for WordPress
CVE-2018-20367 (The "mall some commodity details: commodity consultation" component in ...)
@@ -1183,7 +1183,7 @@ CVE-2018-20353
CVE-2018-20352
RESERVED
CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on macOS ...)
- TODO: check
+ NOT-FOR-US: Evernote
CVE-2018-20350
RESERVED
CVE-2018-20349 (The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 ...)
@@ -1199,7 +1199,7 @@ CVE-2018-20348 (libpff_item_tree_create_node in libpff_item_tree.c in libpff bef
CVE-2018-20347
RESERVED
CVE-2018-20345 (Incorrect access control in StackStorm API (st2api) in StackStorm ...)
- TODO: check
+ NOT-FOR-US: SlackStorm
CVE-2018-20344
RESERVED
CVE-2018-20343
@@ -1226,7 +1226,7 @@ CVE-2018-20334
CVE-2018-20333
RESERVED
CVE-2018-20332 (An issue has been discovered in the OpenWebif plugin through 1.2.4 for ...)
- TODO: check
+ NOT-FOR-US: OpenWebif plugin
CVE-2018-20331 (Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ...)
NOT-FOR-US: Antiy AVL ATool
CVE-2018-20330 (The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow ...)
@@ -1240,9 +1240,9 @@ CVE-2018-20328 (Chamilo LMS version 1.11.8 contains XSS in main/social/group_vie
CVE-2018-20327 (Chamilo LMS version 1.11.8 contains XSS in ...)
NOT-FOR-US: Chamilo LMS
CVE-2018-20326 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware ...)
- TODO: check
+ NOT-FOR-US: ChinaMobile PLC Wireless Router
CVE-2018-20325 (There is a vulnerability in load() method in definitions/parser.py in ...)
- TODO: check
+ NOT-FOR-US: Danijar Hafner
CVE-2018-20324
RESERVED
CVE-2018-20323
@@ -1453,17 +1453,17 @@ CVE-2018-1000825 (FreeCol version <= nightly-2018-08-22 contains a XML Extern
[jessie] - freecol <end-of-life> (Games are not supported)
NOTE: https://github.com/FreeCol/freecol/issues/26
CVE-2018-1000824 (MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MegaMek
CVE-2018-1000823 (exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) ...)
TODO: check
CVE-2018-1000822 (codelibs fess version before commit faa265b contains a XML External ...)
TODO: check
CVE-2018-1000821 (MicroMathematics version before commit 5c05ac8 contains a XML External ...)
- TODO: check
+ NOT-FOR-US: MicroMathematics
CVE-2018-1000820 (neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c ...)
- TODO: check
+ NOT-FOR-US: neo4j-apoc-procedures
CVE-2018-1000817 (Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to ...)
- TODO: check
+ NOT-FOR-US: Asset Pipeline Grails Plugin
CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site ...)
- grafana <removed>
NOTE: https://github.com/grafana/grafana/issues/13667
@@ -1474,9 +1474,9 @@ CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a
CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site ...)
- backdrop <itp> (bug #914257)
CVE-2018-1000812 (Ártica Soluciones Tecnológicas Integria IMS version 5.0 MR56 ...)
- TODO: check
+ NOT-FOR-US: Integria IMS
CVE-2018-1000811 (bludit version 3.0.0 contains a Unrestricted Upload of File with ...)
- TODO: check
+ NOT-FOR-US: bludit
CVE-2018-20307 (Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and ...)
NOT-FOR-US: Pulse Secure Virtual Traffic Manager
CVE-2018-20306 (A stored cross-site scripting (XSS) vulnerability in the web ...)
@@ -1675,7 +1675,7 @@ CVE-2018-20228 (Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF
CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP ...)
NOT-FOR-US: RDF4J
CVE-2018-20226 (An organization administrator can add a super administrator in THEHIVE ...)
- TODO: check
+ NOT-FOR-US: THEHIVE
CVE-2018-20225
RESERVED
CVE-2018-20224
@@ -1715,7 +1715,7 @@ CVE-2018-20213 (wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01
CVE-2018-20212
RESERVED
CVE-2018-20211 (ExifTool 8.32 allows local users to gain privileges by creating a ...)
- TODO: check
+ NOT-FOR-US: Report for a Windows-specific flaw in a vintage version of libimage-exiftool-perl
CVE-2018-20210
RESERVED
CVE-2018-20209
@@ -1845,7 +1845,7 @@ CVE-2018-20169 (An issue was discovered in the Linux kernel before 4.19.9. The U
CVE-2018-20168 (Google gVisor before 2018-08-22 reuses a pagetable in a different level ...)
NOT-FOR-US: gVisor
CVE-2018-20166 (A file-upload vulnerability exists in Rukovoditel 2.3.1. ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel
CVE-2017-18355 (Installed packages are exposed by node_modules in Rendertron 1.0.0, ...)
NOT-FOR-US: Rendertron
CVE-2017-18354 (Rendertron 1.0.0 allows for alternative protocols such as 'file://' ...)
@@ -3935,7 +3935,7 @@ CVE-2018-20133 (ymlref allows code injection. ...)
CVE-2018-20132
RESERVED
CVE-2018-20131 (The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux ...)
- TODO: check
+ NOT-FOR-US: Code42
CVE-2018-20130
RESERVED
CVE-2018-20129 (An issue was discovered in DedeCMS V5.7 SP2. ...)
@@ -3998,7 +3998,7 @@ CVE-2018-20116
CVE-2018-20115
RESERVED
CVE-2018-20114 (On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-20113
RESERVED
CVE-2018-20112
@@ -4032,7 +4032,7 @@ CVE-2018-20102 (An out-of-bounds read in dns_validate_dns_response in dns.c was
CVE-2018-20101 (The codection "Import users from CSV with meta" plugin before 1.12.1 ...)
NOT-FOR-US: codection "Import users from CSV with meta" plugin for WordPress
CVE-2018-20100 (An issue was discovered on August Connect devices. Insecure data ...)
- TODO: check
+ NOT-FOR-US: August Connect
CVE-2018-20099 (There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of ...)
[experimental] - exiv2 <unfixed> (low)
- exiv2 <not-affected> (Vulnerable code introduced later)
@@ -5019,7 +5019,7 @@ CVE-2019-1985
CVE-2018-20028
RESERVED
CVE-2018-20027 (The yaml_parse.load method in Pylearn2 allows code injection. ...)
- TODO: check
+ NOT-FOR-US: Pylearn2
CVE-2018-20026
RESERVED
NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS V3 Products
@@ -5264,7 +5264,7 @@ CVE-2018-19939 (The Goodix GT9xx touchscreen driver for custom Linux kernels on
CVE-2018-19938
RESERVED
CVE-2018-19937 (A local, authenticated attacker can bypass the passcode in the ...)
- TODO: check
+ NOT-FOR-US: VLC port/application for iOS
CVE-2018-19936 (PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. ...)
NOT-FOR-US: PrinterOn Enterprise
CVE-2018-19934
@@ -6124,7 +6124,7 @@ CVE-2018-19920
CVE-2018-19919 (Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php ...)
NOT-FOR-US: Pixelimity
CVE-2018-19918 (CuppaCMS has XSS via an SVG document uploaded to the ...)
- TODO: check
+ NOT-FOR-US: CuppaCMS
CVE-2019-1584
RESERVED
CVE-2019-1583
@@ -6192,17 +6192,17 @@ CVE-2018-1000853
CVE-2018-19907 (A Server-Side Template Injection issue was discovered in Crafter CMS ...)
NOT-FOR-US: Crafter CMS
CVE-2018-19906 (Stored XSS exists in razorCMS 3.4.8 via the /#/page description ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2018-19905 (HTML injection exists in razorCMS 3.4.8 via the /#/page keywords ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2018-19904 (Persistent XSS exists in XSLT CMS via the ...)
- TODO: check
+ NOT-FOR-US: XSLT CMS
CVE-2018-19903 (Persistent XSS exists in XSLT CMS via the ...)
- TODO: check
+ NOT-FOR-US: XSLT CMS
CVE-2018-19902 (No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article ...)
- TODO: check
+ NOT-FOR-US: NO-CMS
CVE-2018-19901 (No-CMS 1.1.3 is prone to Persistent XSS via the ...)
- TODO: check
+ NOT-FOR-US: NO-CMS
CVE-2018-19900
RESERVED
CVE-2018-19899
@@ -6396,9 +6396,9 @@ CVE-2018-19847
CVE-2018-19846
RESERVED
CVE-2018-19845 (There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2018-19844 (FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, ...)
- TODO: check
+ NOT-FOR-US: FROG CMS
CVE-2018-19843 (opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows ...)
- radare2 3.1.0+dfsg-1 (low)
[stretch] - radare2 <no-dsa> (Minor issue)
@@ -10298,7 +10298,7 @@ CVE-2018-19373
CVE-2018-19372
RESERVED
CVE-2018-19371 (The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has ...)
- TODO: check
+ NOT-FOR-US: SDL Web
CVE-2018-19370 (A Race condition vulnerability in unzip_file in ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-19369
@@ -11764,7 +11764,7 @@ CVE-2018-18895
CVE-2018-18894
RESERVED
CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to ...)
- TODO: check
+ NOT-FOR-US: Jinjava
CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php ...)
NOT-FOR-US: MiniCMS
CVE-2018-18891 (MiniCMS 1.10 allows file deletion via ...)
@@ -12281,11 +12281,11 @@ CVE-2018-18669
CVE-2018-18668
RESERVED
CVE-2018-18667 (The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum ...)
- TODO: check
+ NOT-FOR-US: Some Ethereum token
CVE-2018-18666 (The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum ...)
- TODO: check
+ NOT-FOR-US: Some Ethereum token
CVE-2018-18665 (The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum ...)
- TODO: check
+ NOT-FOR-US: Some Ethereum token
CVE-2018-18664
RESERVED
CVE-2018-18663
@@ -12398,7 +12398,7 @@ CVE-2018-18631
CVE-2018-18630
RESERVED
CVE-2018-18629 (An issue was discovered in the Keybase command-line client before ...)
- TODO: check
+ NOT-FOR-US: Keybase command-line client
CVE-2018-18628 (An issue was discovered in Pippo 1.11.0. The function ...)
NOT-FOR-US: Pippo
CVE-2017-18349 (parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in ...)
@@ -12469,11 +12469,11 @@ CVE-2018-18604
CVE-2018-18603 (** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox Escape ...)
NOT-FOR-US: 360 Total Security
CVE-2018-18602 (The Cloud API on Guardzilla smart cameras allows user enumeration, ...)
- TODO: check
+ NOT-FOR-US: Guardzilla
CVE-2018-18601 (The TK_set_deviceModel_req_handle function in the cloud communication ...)
- TODO: check
+ NOT-FOR-US: Guardzilla
CVE-2018-18600 (The remote upgrade feature in Guardzilla GZ180 devices allow command ...)
- TODO: check
+ NOT-FOR-US: Guardzilla
CVE-2018-18599 (Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress ...)
- stegdetect <removed>
CVE-2018-18598
@@ -12487,7 +12487,7 @@ CVE-2018-18595
CVE-2018-18594
RESERVED
CVE-2018-18593 (Remote Directory Traversal and Remote Disclosure of Privileged ...)
- TODO: check
+ NOT-FOR-US: UCMDB Configuration Management Service
CVE-2018-18592
RESERVED
CVE-2018-18591 (A potential unauthorized disclosure of data vulnerability has been ...)
@@ -13016,7 +13016,7 @@ CVE-2018-18401
CVE-2018-18400
RESERVED
CVE-2018-18399 (SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" ...)
- TODO: check
+ NOT-FOR-US: KARMA
CVE-2018-18398 (Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey ...)
- thunar <unfixed> (unimportant)
NOTE: https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398/
@@ -13360,7 +13360,7 @@ CVE-2018-18266
CVE-2018-18265
RESERVED
CVE-2018-18264 (Kubernetes Dashboard before 1.10.1 allows attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Kubernetes Dashboard
CVE-2018-18263
RESERVED
CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. ...)
@@ -14189,7 +14189,7 @@ CVE-2018-17989
CVE-2018-17988
RESERVED
CVE-2018-17987 (The determineWinner function of a smart contract implementation for ...)
- TODO: check
+ NOT-FOR-US: Some Ethereum application
CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password ...)
NOT-FOR-US: razorCMS
CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as ...)
@@ -14317,13 +14317,13 @@ CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rul
NOTE: And fixed with (use-correct-IP-address.patch)
NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/use-correct-IP-address.patch
CVE-2018-17952 (Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 ...)
- TODO: check
+ NOT-FOR-US: eDirectory
CVE-2018-17951
RESERVED
CVE-2018-17950 (Incorrect enforcement of authorization checks in eDirectory prior to ...)
- TODO: check
+ NOT-FOR-US: eDirectory
CVE-2018-17949 (Cross site scripting vulnerability in iManager prior to 3.1 SP2. ...)
- TODO: check
+ NOT-FOR-US: iManager
CVE-2018-17948 (An open redirect vulnerability exists in the Access Manager Identity ...)
NOT-FOR-US: Microfocus
CVE-2018-17947 (The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text ...)
@@ -16138,7 +16138,7 @@ CVE-2018-17174 (A stack-based buffer overflow was discovered in the xtimor NMEA
CVE-2018-17173 (LG SuperSign CMS allows remote attackers to execute arbitrary code via ...)
NOT-FOR-US: LG SuperSign CMS
CVE-2018-17172 (The web application on Xerox AltaLink B80xx before 100.008.028.05200, ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2018-17171
RESERVED
CVE-2018-17170
@@ -17205,7 +17205,7 @@ CVE-2018-16780 (Complete Responsive CMS Blog through 2018-05-20 has XSS via a co
CVE-2018-16779 (BlogCMS through 2016-10-25 has XSS via a comment. ...)
NOT-FOR-US: BlogCMS
CVE-2018-16778 (Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through ...)
- TODO: check
+ NOT-FOR-US: Jenzabar
CVE-2018-16777
RESERVED
CVE-2018-16776 (wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" ...)
@@ -17576,13 +17576,13 @@ CVE-2018-16632 (Mezzanine CMS v4.3.1 allows XSS via the ...)
CVE-2018-16631 (Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ ...)
NOT-FOR-US: Subrion CMS
CVE-2018-16630 (Kirby v2.5.12 allows XSS by using the "site files" Add option to ...)
- TODO: check
+ NOT-FOR-US: Kirby
CVE-2018-16629 (panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG ...)
NOT-FOR-US: Subrion CMS
CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
NOT-FOR-US: Kirby
CVE-2018-16627 (panel/login in Kirby v2.5.12 allows Host header injection via the ...)
- TODO: check
+ NOT-FOR-US: Kirby
CVE-2018-16626
RESERVED
CVE-2018-16625
@@ -17745,7 +17745,7 @@ CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 (incl. F)
CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
NOT-FOR-US: Siemens
CVE-2018-16555 (A vulnerability has been identified in SCALANCE S602 (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversal ...)
{DSA-4303-1 DLA-1516-1}
- okular 4:17.12.2-2.1 (bug #908168)
@@ -19739,11 +19739,11 @@ CVE-2018-15802
CVE-2018-15801 (Spring Security versions 5.1.x prior to 5.1.2 contain an authorization ...)
TODO: check
CVE-2018-15800 (Cloud Foundry Bits Service, versions prior to 2.18.0, includes an ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-15799
REJECTED
CVE-2018-15798 (Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2018-15797 (Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-15796 (Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an ...)
@@ -19833,7 +19833,7 @@ CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, .
CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-15754 (Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...)
NOT-FOR-US: MensaMax application for Android
CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...)
@@ -20553,7 +20553,7 @@ CVE-2018-15492 (A vulnerability in the lservnt.exe component of Sentinel License
CVE-2018-15491 (A vulnerability in the permission and encryption implementation of ...)
NOT-FOR-US: Zemana Anti-Logger
CVE-2018-15490 (An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe ...)
- TODO: check
+ NOT-FOR-US: ExpressVPN
CVE-2018-15489
RESERVED
CVE-2018-15488
@@ -21587,13 +21587,13 @@ CVE-2018-15009
CVE-2018-15008
RESERVED
CVE-2018-15007 (The Sky Elite 6.0L+ Android device with a build fingerprint of ...)
- TODO: check
+ NOT-FOR-US: Sky Elite
CVE-2018-15006 (The ZTE ZMAX Champ Android device with a build fingerprint of ...)
NOT-FOR-US: ZTE
CVE-2018-15005 (The ZTE ZMAX Champ Android device with a build fingerprint of ...)
NOT-FOR-US: ZTE
CVE-2018-15004 (The Coolpad Canvas device with a build fingerprint of ...)
- TODO: check
+ NOT-FOR-US: Coolpad
CVE-2018-15003
RESERVED
CVE-2018-15002 (The Vivo V7 device with a build fingerprint of ...)
@@ -21625,9 +21625,9 @@ CVE-2018-14990
CVE-2018-14989
RESERVED
CVE-2018-14988 (The MXQ TV Box 4.4.2 Android device with a build fingerprint of ...)
- TODO: check
+ NOT-FOR-US: MXQ TV Box
CVE-2018-14987 (The MXQ TV Box 4.4.2 Android device with a build fingerprint of ...)
- TODO: check
+ NOT-FOR-US: MXQ TV Box
CVE-2018-14986 (The Leagoo Z5C Android device with a build fingerprint of ...)
NOT-FOR-US: Leagoo Z5C Android device
CVE-2018-14985 (The Leagoo Z5C Android device with a build fingerprint of ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3525b10ced708120893e53211276937832a1339
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3525b10ced708120893e53211276937832a1339
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/968e37ea/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list