Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7deadfba by Moritz Muehlenhoff at 2018-05-16T13:55:31+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1225,11 +1225,11 @@ CVE-2018-10593
CVE-2018-10592
RESERVED
CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-10590 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-10589 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-10588
RESERVED
CVE-2018-10587
@@ -5482,7 +5482,7 @@ CVE-2018-8847
CVE-2018-8846
RESERVED
CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-8844
RESERVED
CVE-2018-8843 (Rockwell Automation Arena versions 16.10.00 and prior contains
a use ...)
@@ -5490,7 +5490,7 @@ CVE-2018-8843 (Rockwell Automation Arena versions
16.10.00 and prior contains a
CVE-2018-8842
RESERVED
CVE-2018-8841 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-8840 (A remote attacker could send a carefully crafted packet in
InduSoft ...)
NOT-FOR-US: InduSoft
CVE-2018-8839 (Delta PMSoft versions 2.10 and prior have multiple stack-based
buffer ...)
@@ -8947,27 +8947,27 @@ CVE-2018-7507 (WPLSoft in Delta Electronics versions
2.45.0 and prior utilizes a
CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8
and ...)
NOT-FOR-US: Moxa
CVE-2018-7505 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft
PI ...)
NOT-FOR-US: OSIsoft PI
CVE-2018-7503 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-7502 (Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT
2.11 R3 ...)
NOT-FOR-US: Beckhoff TwinCAT
CVE-2018-7501 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was
discovered in ...)
NOT-FOR-US: OSIsoft PI
CVE-2018-7499 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of
proper ...)
NOT-FOR-US: Philips Alice 6 System
CVE-2018-7497 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI
Vision ...)
NOT-FOR-US: OSIsoft PI
CVE-2018-7495 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2018-7494 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes
a ...)
NOT-FOR-US: Delta Electronics
CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege
...)
@@ -26741,9 +26741,9 @@ CVE-2018-1265
CVE-2018-1264
RESERVED
CVE-2018-1263 (Addresses partial fix in CVE-2018-1261. Pivotal ...)
- TODO: check
+ NOT-FOR-US: Spring-integration-zip
CVE-2018-1262 (Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X,
introduced a ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry Foundation UAA
CVE-2018-1261 (Spring-integration-zip versions prior to 1.0.1 exposes an
arbitrary ...)
NOT-FOR-US: Spring-integration-zip
CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior
to ...)
@@ -45669,19 +45669,19 @@ CVE-2017-12131 (The Easy Testimonials plugin 3.0.4
for WordPress has XSS in ...)
CVE-2017-12130 (An exploitable NULL pointer dereference vulnerability exists
in the ...)
NOT-FOR-US: tinysvcmdns
CVE-2017-12129 (An exploitable Weak Cryptography for Passwords vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-12128 (An exploitable information disclosure vulnerability exists in
the ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-12127 (A password storage vulnerability exists in the operating
system ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-12126 (An exploitable cross-site request forgery vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-12125 (An exploitable command injection vulnerability exists in the
web ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-12124 (An exploitable denial of service vulnerability exists in the
web ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-12123 (An exploitable clear text transmission of password
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM
image ...)
{DSA-4184-1 DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
@@ -45690,9 +45690,9 @@ CVE-2017-12122 (An exploitable code execution
vulnerability exists in the ILBM i
NOTE: https://hg.libsdl.org/SDL_image/rev/16772bbb1b09
NOTE: https://hg.libsdl.org/SDL_image/rev/97f7f01e0665
CVE-2017-12121 (An exploitable command injection vulnerability exists in the
web ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-12120 (An exploitable command injection vulnerability exists in the
web ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2017-12119 (An exploitable unhandled exception vulnerability exists in
multiple ...)
- cpp-ethereum <itp> (bug #860434)
CVE-2017-12118 (An exploitable improper authorization vulnerability exists in
...)
@@ -64507,7 +64507,7 @@ CVE-2017-6023 (An issue was discovered in Fatek
Automation PLC Ethernet Module.
CVE-2017-6022 (A hard-coded password issue was discovered in Becton, Dickinson
and ...)
NOT-FOR-US: BD's Kiestra PerformA and KLA Journal Service applications
CVE-2017-6021 (In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and
prior, ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2017-6020 (Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME
LAquis ...)
NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA
ME LAquis SCADA software
CVE-2017-6019 (An issue was discovered in Schneider Electric Conext ComBox,
model ...)
@@ -74670,7 +74670,7 @@ CVE-2017-2816 (An exploitable buffer overflow
vulnerability exists in the tag pa
NOTE:
https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d
NOTE: https://github.com/libofx/libofx/issues/9
CVE-2017-2815 (An exploitable XML entity injection vulnerability exists in
OpenFire ...)
- TODO: check
+ NOT-FOR-US: OpenFire User Import Export Plugin
CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image
...)
- poppler <unfixed> (unimportant)
NOTE: Debian links against libjpeg which is unaffected
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7deadfbae1deb23e3c94ff03c36d5e339a284177
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7deadfbae1deb23e3c94ff03c36d5e339a284177
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
