Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: adf73eb9 by Moritz Muehlenhoff at 2018-04-22T22:17:39+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,13 +1,13 @@ CVE-2018-10299 RESERVED CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...) - TODO: check + NOT-FOR-US: DiscuzX CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the ...) - TODO: check + NOT-FOR-US: DiscuzX CVE-2018-10296 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. ...) - TODO: check + NOT-FOR-US: MiniCMS CVE-2018-10295 (ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add ...) - TODO: check + NOT-FOR-US: ChemCMS CVE-2018-10294 RESERVED CVE-2018-10293 @@ -29,9 +29,9 @@ CVE-2018-10288 CVE-2018-10287 RESERVED CVE-2018-10286 (The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive ...) - TODO: check + NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac web application CVE-2018-10285 (The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access ...) - TODO: check + NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac web application CVE-2018-10284 (Adaltech G-Ticket v70 EME104 has SQL Injection via the ...) NOT-FOR-US: Adaltech G-Ticket v70 EME104 CVE-2018-10283 (CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php ...) @@ -2458,7 +2458,7 @@ CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php CVE-2018-9246 RESERVED CVE-2018-9245 (The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection ...) - TODO: check + NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac login portal CVE-2018-9242 RESERVED CVE-2018-9241 @@ -8556,7 +8556,7 @@ CVE-2018-6962 CVE-2018-6961 RESERVED CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken ...) - TODO: check + NOT-FOR-US: VMware Horizon DaaS CVE-2018-6959 (VMware vRealize Automation (vRA) prior to 7.4.0 contains a ...) NOT-FOR-US: VMware vRealize Automation CVE-2018-6958 (VMware vRealize Automation (vRA) prior to 7.3.1 contains a ...) @@ -17880,7 +17880,7 @@ CVE-2017-17904 (FS Lynda Clone has XSS via the keywords parameter to tutorial/ o CVE-2017-17903 (FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by ...) NOT-FOR-US: FS Lynda Clone CVE-2017-17902 (SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a ...) - TODO: check + NOT-FOR-US: Kliqqi CMS CVE-2017-17901 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of ...) NOT-FOR-US: ZyXEL CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...) @@ -17915,7 +17915,7 @@ CVE-2017-17891 (Readymade Video Sharing Script has CSRF via user-profile-edit.ph CVE-2017-17890 RESERVED CVE-2017-17889 (Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, ...) - TODO: check + NOT-FOR-US: Kliqqi CMS CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, ...) NOT-FOR-US: Anti-Web CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...) @@ -32376,7 +32376,7 @@ CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, t CVE-2017-15641 RESERVED CVE-2017-15640 (app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip ...) - TODO: check + NOT-FOR-US: phpIPAM CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to ...) NOT-FOR-US: Mura CMS CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux ...) @@ -144364,15 +144364,15 @@ CVE-2014-6114 (The Hosted Transparent Decision Service in the Rule Execution Ser CVE-2014-6113 (Cross-site scripting (XSS) vulnerability in the Web Reports component ...) NOT-FOR-US: IBM Tivoli CVE-2014-6112 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-6111 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-6110 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not ...) NOT-FOR-US: IBM CVE-2014-6109 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-6108 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-6107 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...) NOT-FOR-US: IBM CVE-2014-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...) @@ -147460,7 +147460,7 @@ CVE-2014-4784 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 befor CVE-2014-4783 (Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master ...) NOT-FOR-US: IBM CVE-2014-4782 (IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-4781 (The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before ...) NOT-FOR-US: IBM InfoSphere BigInsights CVE-2014-4780 @@ -157769,7 +157769,7 @@ CVE-2014-0952 (Cross-site scripting (XSS) vulnerability in boot_config.jsp in IB CVE-2014-0951 (Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0950 (Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-0949 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0948 (Unspecified vulnerability in IBM Rational Software Architect Design ...) @@ -157807,7 +157807,7 @@ CVE-2014-0933 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere CVE-2014-0932 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order ...) NOT-FOR-US: IBM CVE-2014-0931 (Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-0930 (The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, ...) NOT-FOR-US: IBM AIX CVE-2014-0929 (Cross-site request forgery (CSRF) vulnerability in the Profiles ...) @@ -157815,7 +157815,7 @@ CVE-2014-0929 (Cross-site request forgery (CSRF) vulnerability in the Profiles . CVE-2014-0928 RESERVED CVE-2014-0927 (The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-0926 RESERVED CVE-2014-0925 (Open redirect vulnerability in IBM Sterling Control Center 5.4.0 ...) @@ -157845,7 +157845,7 @@ CVE-2014-0914 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) CVE-2014-0913 (Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino ...) NOT-FOR-US: IBM iNotes CVE-2014-0912 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-0911 (inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before ...) NOT-FOR-US: IBM WebSphere MQ CVE-2014-0910 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...) @@ -157903,7 +157903,7 @@ CVE-2014-0885 (Cross-site request forgery (CSRF) vulnerability in the Admin Web CVE-2014-0884 (Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM ...) NOT-FOR-US: IBM Lotus Protector for Mail Security CVE-2014-0883 (Cross-site scripting (XSS) vulnerability in IBM Power Hardware ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-0882 RESERVED CVE-2014-0881 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/adf73eb90a2df2035e33a59e65a7722e32021977 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/adf73eb90a2df2035e33a59e65a7722e32021977 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits