Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d8e178a7 by Moritz Muehlenhoff at 2018-04-27T22:27:17+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,23 +1,23 @@
CVE-2018-10524
RESERVED
CVE-2018-10523 (CMS Made Simple (CMSMS) through 2.2.7 contains a physical path
leakage ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10522 (In CMS Made Simple (CMSMS) through 2.2.7, the "file
view" operation in ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10521 (In CMS Made Simple (CMSMS) through 2.2.7, the "file
move" operation in ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10520 (In CMS Made Simple (CMSMS) through 2.2.7, the "module
remove" operation ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10519 (CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation
...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10518 (In CMS Made Simple (CMSMS) through 2.2.7, the "file
delete" operation ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10517 (In CMS Made Simple (CMSMS) through 2.2.7, the "module
import" operation ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10516 (In CMS Made Simple (CMSMS) through 2.2.7, the "file
rename" operation ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10515 (In CMS Made Simple (CMSMS) through 2.2.7, the "file
unpack" operation ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2018-10514
RESERVED
CVE-2018-10513
@@ -39,9 +39,9 @@ CVE-2018-10506
CVE-2018-10505
RESERVED
CVE-2018-10504 (The WebDorado "Form Maker by WD" plugin before
1.12.24 for WordPress ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-10503 (An issue was discovered in index.php in baijiacms V4
v4_1_4_20170105. ...)
- TODO: check
+ NOT-FOR-US: baijiacms
CVE-2018-10502
RESERVED
CVE-2018-10501
@@ -105,7 +105,7 @@ CVE-2018-10473
CVE-2018-10470
RESERVED
CVE-2018-10469 (b3log Symphony (aka Sym) 2.6.0 allows remote attackers to
upload and ...)
- TODO: check
+ NOT-FOR-US: b3log Symphony (aka Sym)
CVE-2018-10468
RESERVED
CVE-2018-10467
@@ -6790,7 +6790,7 @@ CVE-2018-7671
CVE-2018-7670
RESERVED
CVE-2018-7669 (An issue was discovered in Sitecore Sitecore.NET 8.1 rev.
151207 ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read
arbitrary ...)
NOT-FOR-US: TestLink
CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
@@ -23668,7 +23668,7 @@ CVE-2018-1481
CVE-2018-1480
RESERVED
CVE-2018-1479 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site
request ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1478
RESERVED
CVE-2018-1477
@@ -23676,15 +23676,15 @@ CVE-2018-1477
CVE-2018-1476
RESERVED
CVE-2018-1475 (IBM BigFix Platform 9.2 and 9.5 uses an inadequate account
lockout ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1474
RESERVED
CVE-2018-1473 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site
scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1472
RESERVED
CVE-2018-1471 (IBM BigFix Platform 9.2 and 9.5 stores user credentials in
plain in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1470
RESERVED
CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could
allow ...)
@@ -76396,7 +76396,7 @@ CVE-2017-1118 (IBM WebSphere MQ Internet Pass-Thru 2.0
and 2.1 could allow n att
CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user
to ...)
NOT-FOR-US: IBM
CVE-2017-1116 (IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains
excessive ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1115
RESERVED
CVE-2017-1114
@@ -129864,7 +129864,7 @@ CVE-2015-1858 (Multiple buffer overflows in
gui/image/qbmphandler.cpp in the QtB
[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
NOTE:
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
CVE-2015-1857 (The odl-mdsal-apidocs feature in OpenDaylight Helium allow
remote ...)
- TODO: check
+ NOT-FOR-US: OpenDaylight
CVE-2015-1856 (OpenStack Object Storage (Swift) before 2.3.0, when
allow_version is ...)
- swift 2.2.0-2 (bug #783163)
[jessie] - swift 2.2.0-1+deb8u1
@@ -154115,7 +154115,7 @@ CVE-2014-2553 (Cross-site scripting (XSS)
vulnerability in Open Ticket Request S
- otrs2 3.3.6-1
[squeeze] - otrs2 <no-dsa> (Minor issue)
CVE-2014-2552 (Brookins Consulting (BC) Collected Information Export extension
for eZ ...)
- TODO: check
+ NOT-FOR-US: Brookins Consulting (BC) Collected Information Export
extension
CVE-2014-2551
RESERVED
CVE-2014-2550 (Cross-site request forgery (CSRF) vulnerability in the Disable
...)
@@ -158574,7 +158574,7 @@ CVE-2014-0843 (Cross-site scripting (XSS)
vulnerability in IBM Rational Focal Po
CVE-2014-0842 (The account-creation functionality in IBM Rational Focal Point
6.4.x ...)
NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0841 (IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0
use a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-0840 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Rational ...)
NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0839 (IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and
6.6.x ...)
@@ -159275,9 +159275,9 @@ CVE-2013-7206
CVE-2013-7204 (Cross-site request forgery (CSRF) vulnerability in
set_users.cgi in ...)
NOT-FOR-US: Conceptronic CIPCAMPTIWL Camera
CVE-2013-7202 (The WebHybridClient class in PayPal 5.3 and earlier for Android
allows ...)
- TODO: check
+ NOT-FOR-US: Paypal for Android
CVE-2013-7201 (WebHybridClient.java in PayPal 5.3 and earlier for Android
ignores SSL ...)
- TODO: check
+ NOT-FOR-US: Paypal for Android
CVE-2013-7200
RESERVED
CVE-2013-7199
@@ -162325,7 +162325,7 @@ CVE-2013-6741 (IBM Maximo Asset Management 7.x before
7.1.1.7 LAFIX.20140319-083
CVE-2013-6740
RESERVED
CVE-2013-6739 (IBM SPSS Modeler before 16 on UNIX allows remote authenticated
users ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-6738 (Cross-site scripting (XSS) vulnerability in IBM SmartCloud
Analytics ...)
NOT-FOR-US: IBM
CVE-2013-6737 (IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x
before ...)
@@ -165797,7 +165797,7 @@ CVE-2013-5463 (The WinCollect agent in IBM Security
QRadar SIEM before 7.1.1.569
CVE-2013-5462 (IBM/ECMClient/configure/explodedformat/navigator/header.jsp in
IBM ...)
NOT-FOR-US: IBM
CVE-2013-5461 (IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and
Tivoli ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-5460 (IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud
Control ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5459 (Unspecified vulnerability in IBM Rational Software Architect
(RSA) ...)
@@ -165937,7 +165937,7 @@ CVE-2013-5393 (The monitoring console in IBM
WebSphere eXtreme Scale 7.1.0, 7.1.
CVE-2013-5392
RESERVED
CVE-2013-5391 (IBM Worklight Consumer and Enterprise Editions 5.0.x before
5.0.6 Fix ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-5390 (Cross-site scripting (XSS) vulnerability in the monitoring
console in ...)
NOT-FOR-US: IBM WebSphere eXtreme Scale
CVE-2013-5389 (Cross-site scripting (XSS) vulnerability in iNotes in IBM
Domino 8.5.3 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8e178a7601eb40304f5864176dfee8124942e3b
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8e178a7601eb40304f5864176dfee8124942e3b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
