Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23bef396 by Salvatore Bonaccorso at 2018-04-24T10:47:43+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
CVE-2018-10329 (app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected
XSS on ...)
TODO: check
CVE-2018-10328 (Momentum Axel 720P 5.1.8 devices have a hardcoded password of
streaming ...)
- TODO: check
+ NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-10327
RESERVED
CVE-2018-10326
@@ -15,13 +15,13 @@ CVE-2018-10323 (The xfs_bmap_extents_to_btree function in
fs/xfs/libxfs/xfs_bmap
CVE-2018-10322 (The xfs_dinode_verify function in
fs/xfs/libxfs/xfs_inode_buf.c in the ...)
TODO: check
CVE-2018-10321 (Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability
via ...)
- TODO: check
+ NOT-FOR-US: Frog CMS
CVE-2018-10320 (Frog CMS 0.9.5 has XSS via the admin/?/layout/edit
layout[name] ...)
- TODO: check
+ NOT-FOR-US: Frog CMS
CVE-2018-10319 (Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit
snippet[name] ...)
- TODO: check
+ NOT-FOR-US: Frog CMS
CVE-2018-10318 (Frog CMS 0.9.5 has XSS via the admin/?/page/edit
page[keywords] ...)
- TODO: check
+ NOT-FOR-US: Frog CMS
CVE-2018-10317
RESERVED
CVE-2018-10316 (Netwide Assembler (NASM) 2.14rc0 has an endless while loop in
the ...)
@@ -31,15 +31,15 @@ CVE-2018-10315
CVE-2018-10314
RESERVED
CVE-2018-10313 (WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D
parameter ...)
- TODO: check
+ NOT-FOR-US: WUZHI CMS
CVE-2018-10312 (index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows
CSRF to change ...)
- TODO: check
+ NOT-FOR-US: WUZHI CMS
CVE-2018-10311 (A vulnerability was discovered in WUZHI CMS 4.1.0. There is
persistent ...)
- TODO: check
+ NOT-FOR-US: WUZHI CMS
CVE-2018-10310
RESERVED
CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress
...)
- TODO: check
+ NOT-FOR-US: Responsive Cookie Consent plugin for WordPress
CVE-2018-10308
RESERVED
CVE-2018-10307
@@ -51,9 +51,9 @@ CVE-2018-10305 (The MessageSearch2 function in
PersonalMessage.php in Simple Mac
CVE-2018-10304
RESERVED
CVE-2018-10303 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF
before 9.1 ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader
CVE-2018-10302 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF
before 9.1 ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader
CVE-2018-XXXX [Authorization bypass]
- phpliteadmin <unfixed> (bug #896682)
NOTE: https://github.com/phpLiteAdmin/pla/issues/11
@@ -10094,7 +10094,7 @@ CVE-2018-6493
CVE-2018-6492
RESERVED
CVE-2018-6491 (Local Escalation of Priviledge vulnerability to Micro Focus
Universal ...)
- TODO: check
+ NOT-FOR-US: Micro Focus Universal CMDB
CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...)
NOT-FOR-US: Micro Focus Operations Orchestration Software
CVE-2018-6489 (XML External Entity (XXE) vulnerability in Micro Focus Project
and ...)
@@ -39870,7 +39870,7 @@ CVE-2017-13075
CVE-2017-13074
RESERVED
CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS
application Photo ...)
- TODO: check
+ NOT-FOR-US: NAP NAS application Photo Station
CVE-2017-13072
RESERVED
CVE-2017-13071 (QNAP has already patched this vulnerability. This security
concern ...)
@@ -74544,7 +74544,7 @@ CVE-2017-1788 (IBM WebSphere Application Server 9
installations using Form Login
CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed
...)
NOT-FOR-US: IBM Publishing Engine
CVE-2017-1786 (IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4
under ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated
remote ...)
NOT-FOR-US: IBM API Connect
CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary
files ...)
@@ -74588,7 +74588,7 @@ CVE-2017-1766 (Due to incorrect authorization in IBM
Business Process Manager 8.
CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated
user ...)
NOT-FOR-US: IBM
CVE-2017-1764 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and
10.2.2, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1763
RESERVED
CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle
Management ...)
@@ -74714,7 +74714,7 @@ CVE-2017-1703
CVE-2017-1702
RESERVED
CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2,
6.0.3, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1700
RESERVED
CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure
...)
@@ -75145,7 +75145,7 @@ CVE-2017-1488
CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated
attacker to ...)
NOT-FOR-US: IBM
CVE-2017-1486 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and
10.2.2 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
CVE-2017-1484 (IBM WebSphere Commerce Enterprise, Professional, Express, and
...)
@@ -75171,7 +75171,7 @@ CVE-2017-1475
CVE-2017-1474
RESERVED
CVE-2017-1473 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and
9.0.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1472
RESERVED
CVE-2017-1471
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23bef39605745ba81b560f159f8b18b74c173319
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23bef39605745ba81b560f159f8b18b74c173319
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
