Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
294c9d8e by Salvatore Bonaccorso at 2018-05-02T22:56:56+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
CVE-2018-10681
RESERVED
CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: Z-BlogPHP
CVE-2018-10679
RESERVED
CVE-2018-10678
@@ -9,7 +9,7 @@ CVE-2018-10678
CVE-2018-10677 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4
lacks ...)
TODO: check
CVE-2018-10676 (CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision
DVR ...)
- TODO: check
+ NOT-FOR-US: CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK
Vision DVR devices
CVE-2018-10674
RESERVED
CVE-2018-10673
@@ -29,7 +29,7 @@ CVE-2018-10667
CVE-2018-10666
RESERVED
CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF,
related to ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2018-10664
RESERVED
CVE-2018-10663
@@ -3426,7 +3426,7 @@ CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL
pointer dereference flaw. I
CVE-2018-9233 (Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for
...)
NOT-FOR-US: Sophos
CVE-2018-9232 (Due to the lack of firmware authentication in the upgrade
process of ...)
- TODO: check
+ NOT-FOR-US: T&W WIFI Repeater BE126 devices
CVE-2018-9231
RESERVED
CVE-2018-9230 (** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters
are ...)
@@ -4160,7 +4160,7 @@ CVE-2018-8940
CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp
Gold ...)
NOT-FOR-US: Ipswitch
CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp
in ...)
- TODO: check
+ NOT-FOR-US: Ipswitch
CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is
possible ...)
NOT-FOR-US: Open-AudIT Professional
CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile
processor chips ...)
@@ -13975,23 +13975,23 @@ CVE-2018-5522
CVE-2018-5521
RESERVED
CVE-2018-5520 (On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or
11.2.1-11.6.3.1 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5519 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or
11.2.1-11.6.3.1, ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5518 (On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root
users ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5517 (On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a
self IP ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5516 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or
11.2.1-11.6.3.1, ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5515 (On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication
responses ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5514 (On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2
request ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5513
RESERVED
CVE-2018-5512 (On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO)
and SYN ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5511 (On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5510 (On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management
Microkernel ...)
@@ -24169,7 +24169,7 @@ CVE-2018-1504
CVE-2018-1503
RESERVED
CVE-2018-1502 (IBM Content Manager Enterprise Edition Resource Manager 8.4.3
and 9.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1501
RESERVED
CVE-2018-1500
@@ -24237,7 +24237,7 @@ CVE-2018-1470
CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could
allow ...)
NOT-FOR-US: IBM API Connect Developer Portal
CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get
access ...)
- TODO: check
+ NOT-FOR-US: IBM API Connect
CVE-2018-1467
RESERVED
CVE-2018-1466
@@ -24313,7 +24313,7 @@ CVE-2018-1432
CVE-2018-1431
RESERVED
CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM API Connect
CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable
to ...)
NOT-FOR-US: IBM
CVE-2018-1428 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,
and ...)
@@ -24395,7 +24395,7 @@ CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4
and 3.1.0 for ACH Service
CVE-2018-1390 (IBM Financial Transaction Manager for Check Services for ...)
NOT-FOR-US: IBM
CVE-2018-1389 (IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by
generated ...)
- TODO: check
+ NOT-FOR-US: IBM API Connect
CVE-2018-1388 (GSKit V7 may disclose side channel information via
discrepancies ...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2018-1387 (IBM Application Performance Management for Monitoring &
Diagnostics ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/294c9d8e6415499e9ab587bf3afbe8c598697644
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/294c9d8e6415499e9ab587bf3afbe8c598697644
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
