Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12e2f920 by Moritz Muehlenhoff at 2018-05-24T14:38:23+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20,19 +20,19 @@ CVE-2018-11407
CVE-2018-11406
RESERVED
CVE-2018-11405 (Kliqqi 2.0.2 has CSRF in admin/admin_users.php. ...)
- TODO: check
+ NOT-FOR-US: Kliqqi
CVE-2018-11404 (DomainMod v4.09.03 has XSS via the
assets/edit/ssl-provider-account.php ...)
- TODO: check
+ NOT-FOR-US: DomainMod
CVE-2018-11403 (DomainMod v4.09.03 has XSS via the
assets/edit/account-owner.php oid ...)
- TODO: check
+ NOT-FOR-US: DomainMod
CVE-2018-11402 (SimpliSafe Original has Unencrypted Keypad Transmissions,
which allows ...)
- TODO: check
+ NOT-FOR-US: SimpliSafe Original
CVE-2018-11401 (In SimpliSafe Original, RF Interference (e.g., an extremely
strong ...)
- TODO: check
+ NOT-FOR-US: SimpliSafe Original
CVE-2018-11400 (In SimpliSafe Original, the Base Station fails to detect
tamper ...)
- TODO: check
+ NOT-FOR-US: SimpliSafe Original
CVE-2018-11399 (SimpliSafe Original has Unencrypted Sensor Transmissions,
which allows ...)
- TODO: check
+ NOT-FOR-US: SimpliSafe Original
CVE-2018-11398
RESERVED
CVE-2018-11397
@@ -240,7 +240,7 @@ CVE-2018-11336
CVE-2018-11335
RESERVED
CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a NULL DACL that
allows ...)
- TODO: check
+ NOT-FOR-US: Windscribe
CVE-2018-11333
RESERVED
CVE-2018-11332
@@ -504,7 +504,7 @@ CVE-2018-11232 (The etm_setup_aux function in ...)
- linux <not-affected> (Vulnerable code never present in unstable)
NOTE: Fixed by:
https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f
CVE-2018-11231 (In the Divido plugin for OpenCart, there is SQL injection.
Attackers ...)
- TODO: check
+ NOT-FOR-US: OpenCart plugin
CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc
0.29 allows ...)
NOT-FOR-US: jbig2enc
CVE-2018-11229
@@ -1851,19 +1851,19 @@ CVE-2018-10656
CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor
(freeware) 5.72 ...)
NOT-FOR-US: DeviceLock Plug and Play Auditor
CVE-2018-10654 (There is a Hazelcast Library Java Deserialization
Vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10653 (There is an XML External Entity (XXE) Processing Vulnerability
in ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10652 (There is a Sensitive Data Leakage issue in Citrix XenMobile
Server ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10651 (There are Open Redirect Vulnerabilities in Citrix XenMobile
Server ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10650 (There is an Insufficient Path Validation Vulnerability in
Citrix ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10649 (There is a Cross-Site Scripting Vulnerability in Citrix
XenMobile ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10648 (There are Unauthenticated File Upload Vulnerabilities in
Citrix ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege
escalation ...)
NOT-FOR-US: SaferVPN
CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM
privilege ...)
@@ -2406,7 +2406,7 @@ CVE-2018-10430 (An issue was discovered in DiliCMS (aka
DiligentCMS) 2.4.0. Ther
CVE-2018-10429 (Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP
code via the ...)
NOT-FOR-US: Cosmo
CVE-2018-10428 (ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before
5.3.4, due ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2018-10427
RESERVED
CVE-2018-10426
@@ -2587,19 +2587,19 @@ CVE-2018-10359
CVE-2018-10358
RESERVED
CVE-2018-10357 (A directory traversal vulnerability in Trend Micro Endpoint
...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10356 (A SQL injection remote code execution vulnerability in Trend
Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10355 (An authentication weakness vulnerability in Trend Micro Email
...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10354 (A command injection remote command execution vulnerability in
Trend ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10353 (A SQL injection information disclosure vulnerability in Trend
Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10352 (A vulnerability in Trend Micro Email Encryption Gateway 5.5
could ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10351 (A vulnerability in Trend Micro Email Encryption Gateway 5.5
could ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10350
RESERVED
CVE-2018-10349
@@ -6157,7 +6157,7 @@ CVE-2018-8900 (The License Manager service of HASP SRM,
Sentinel HASP and Sentin
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before
2.1.3 ...)
NOT-FOR-US: IdentityServer
CVE-2018-8898 (A flaw in the authentication mechanism in the Login Panel of
router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and
IA-32 ...)
{DSA-4201-1 DSA-4196-1}
- linux 4.15.17-1
@@ -7816,7 +7816,7 @@ CVE-2018-8178 (A remote code execution vulnerability
exists in the way that Micr
CVE-2018-8177 (A remote code execution vulnerability exists in the way that
the ...)
NOT-FOR-US: Microsoft
CVE-2018-8176 (A remote code execution vulnerability exists in Microsoft
PowerPoint ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8175
RESERVED
CVE-2018-8174 (A remote code execution vulnerability exists in the way that
the ...)
@@ -10507,7 +10507,7 @@ CVE-2018-7297 (Remote Code Execution in the TCL script
interpreter in eQ-3 AG ..
CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage
method ...)
NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7295 (ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and
4.25 on ...)
- TODO: check
+ NOT-FOR-US: Final Fantasy
CVE-2018-7294
RESERVED
CVE-2018-7293
@@ -12968,7 +12968,7 @@ CVE-2018-6497
CVE-2018-6496
RESERVED
CVE-2018-6495 (Cross-Site Scripting (XSS) in Micro Focus Universal CMDB,
version ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software
Web Tier, ...)
NOT-FOR-US: HP
CVE-2018-6493 (SQL Injection in HP Network Operations Management Ultimate,
version ...)
@@ -27413,9 +27413,9 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when
generating an HTTP Digest .
CVE-2018-1311
RESERVED
CVE-2018-1310 (Apache NiFi JMS Deserialization issue because of ActiveMQ
client ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-1309 (Apache NiFi External XML Entity issue in SplitXML processor.
Malicious ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to
7.2.1 ...)
{DSA-4194-1 DLA-1360-1}
- lucene-solr 3.6.2+dfsg-12 (bug #896604)
@@ -27774,7 +27774,7 @@ CVE-2018-1195 (In Cloud Controller versions prior to
1.46.0, cf-deployment versi
CVE-2018-1194
REJECTED
CVE-2018-1193 (Cloud Foundry routing-release, versions prior to 0.175.0, lacks
...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285;
...)
NOT-FOR-US: Cloud Foundry
CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains
an ...)
@@ -54799,7 +54799,7 @@ CVE-2017-9319
CVE-2017-9318
RESERVED
CVE-2017-9317 (Privilege escalation vulnerability found in some Dahua IP
devices. ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2017-9316 (Firmware upgrade authentication bypass vulnerability was found
in ...)
NOT-FOR-US: Dahua
CVE-2017-9315 (Customer of Dahua IP camera or IP PTZ could submit relevant
device ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/12e2f9208039c6a76f7736eca45e6dbb197aa71c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/12e2f9208039c6a76f7736eca45e6dbb197aa71c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
