Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f2b6d7b by Salvatore Bonaccorso at 2018-05-12T10:42:39+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -980,7 +980,7 @@ CVE-2018-10582
CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user
is able ...)
NOT-FOR-US: Octopus Deploy
CVE-2018-10580 (The "Latest Posts on Profile" plugin 1.1 for MyBB
has XSS because ...)
- TODO: check
+ NOT-FOR-US: "Latest Posts on Profile" plugin for MyBB
CVE-2018-10579
RESERVED
CVE-2018-10578 (An issue was discovered on WatchGuard AP100, AP102, and AP200
devices ...)
@@ -9650,7 +9650,7 @@ CVE-2018-7253 (The ParseDsdiffHeaderConfig function of
the cli/dsdiff.c file of
NOTE: https://github.com/dbry/WavPack/issues/28
NOTE:
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
CVE-2018-7248 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus
9.3 ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2018-7247 (An issue was discovered in pixHtmlViewer in prog/htmlviewer.c
in ...)
- leptonlib 1.76.0-1 (unimportant)
NOTE:
https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f
@@ -11415,11 +11415,11 @@ CVE-2018-6621 (The decode_frame function in
libavcodec/utvideodec.c in FFmpeg th
CVE-2018-6620 (Odoo does not require authentication to be configured for a
Backup ...)
NOT-FOR-US: Odoo
CVE-2018-6619 (Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier
for ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6618 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers
to ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6617 (Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a
local MySQL ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6616 (In OpenJPEG 2.3.0, there is excessive iteration in the ...)
- openjpeg2 <unfixed> (bug #889683)
NOTE: https://github.com/uclouvain/openjpeg/issues/1059
@@ -11996,7 +11996,7 @@ CVE-2018-6459 (The rsa_pss_params_parse function in ...)
[wheezy] - strongswan <not-affected> (Vulnerable code introduced later)
NOTE:
https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html
CVE-2018-6458 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6457
RESERVED
CVE-2018-6456
@@ -12290,9 +12290,9 @@ CVE-2017-18078 (systemd-tmpfiles in systemd before 237
attempts to support ...)
NOTE:
https://github.com/systemd/systemd/commit/5579f85663d10269e7ac7464be6548c99cea4ada
(v237)
NOTE: Neutralised by kernel hardening
CVE-2018-6362 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the
domainop ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6361 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op
...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6360 (mpv through 0.28.0 allows remote attackers to execute arbitrary
code ...)
{DSA-4105-1}
- mpv 0.27.0-3 (bug #888654)
@@ -13459,13 +13459,13 @@ CVE-2018-6025
CVE-2018-6024 (SQL Injection exists in the Project Log 1.5.3 component for
Joomla! via ...)
NOT-FOR-US: Project Log component for Joomla!
CVE-2018-6023 (Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with
impacts ...)
- TODO: check
+ NOT-FOR-US: Fastweb FASTgate
CVE-2018-6022 (Directory traversal vulnerability in ...)
NOT-FOR-US: NoneCms
CVE-2018-6021 (Silex SD-320AN version 2.01 and prior and GE
MobileLink(GEH-SD-320AN) ...)
- TODO: check
+ NOT-FOR-US: Silex Technology products
CVE-2018-6020 (In Silex SX-500 all versions and GE MobileLink(GEH-500) version
1.54 ...)
- TODO: check
+ NOT-FOR-US: Silex Technology products
CVE-2018-6019 (Samsung Display Solutions App before 3.02 for Android allows
...)
NOT-FOR-US: Samsung Display Solutions App for Android
CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder
Android ...)
@@ -15380,9 +15380,9 @@ CVE-2018-5306 (Multiple cross-site scripting (XSS)
vulnerabilities in Sonatype N
CVE-2018-5305
RESERVED
CVE-2018-5304 (An issue was discovered on the Impinj Speedway Connect R420
RFID ...)
- TODO: check
+ NOT-FOR-US: Impinj Speedway Connect R420 RFID Reader
CVE-2018-5303 (An issue was discovered on the Impinj Speedway Connect R420
RFID ...)
- TODO: check
+ NOT-FOR-US: Impinj Speedway Connect R420 RFID Reader
CVE-2018-5302
RESERVED
CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10
and ...)
@@ -19685,7 +19685,7 @@ CVE-2018-3614
CVE-2018-3613
RESERVED
CVE-2018-3612 (Intel NUC kits with insufficient input validation in system
firmware, ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3611
RESERVED
CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before
version 3.1.1 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f2b6d7b549b65195f5c361a9ddbc8c55dc9ccfe
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f2b6d7b549b65195f5c361a9ddbc8c55dc9ccfe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
