Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
537e562c by Moritz Muehlenhoff at 2018-05-25T14:32:26+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -39,9 +39,9 @@ CVE-2018-11421
CVE-2018-11420
RESERVED
CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a
heap-based ...)
- TODO: check
+ NOT-FOR-US: JerryScript
CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a
heap-based ...)
- TODO: check
+ NOT-FOR-US: JerryScript
CVE-2018-11417
RESERVED
CVE-2018-11416 (jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid
use of ...)
@@ -50,9 +50,9 @@ CVE-2018-11416 (jpegoptim.c in jpegoptim 1.4.5 (fixed in
1.4.6) has an invalid u
CVE-2018-11415 (SAP Internet Transaction Server (ITS) 6200.X.X has Reflected
Cross Site ...)
NOT-FOR-US: SAP Internet Transaction Server
CVE-2018-11414 (An issue was discovered in BearAdmin 0.5. There is ...)
- TODO: check
+ NOT-FOR-US: BearAdmin
CVE-2018-11413 (An issue was discovered in BearAdmin 0.5. Remote attackers can
download ...)
- TODO: check
+ NOT-FOR-US: BearAdmin
CVE-2018-11412 (In the Linux kernel 4.13 through 4.16.11,
ext4_read_inline_data() in ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
@@ -61,7 +61,7 @@ CVE-2018-11412 (In the Linux kernel 4.13 through 4.16.11,
ext4_read_inline_data(
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1580
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199803
CVE-2018-11411 (The transferFrom function of a smart contract implementation
for ...)
- TODO: check
+ NOT-FOR-US: DimonCoin
CVE-2018-11410 (An issue was discovered in Liblouis 3.5.0. A invalid free in
the ...)
- liblouis 3.5.0-2 (bug #899999)
[stretch] - liblouis <no-dsa> (Minor issue; can be fixed via point
release)
@@ -3752,7 +3752,7 @@ CVE-2018-9922 (An issue was discovered in idreamsoft iCMS
through 7.0.7. Physica
CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it
possible ...)
NOT-FOR-US: CMS Made Simple
CVE-2018-9920 (Server side request forgery exists in the runtime application
in K2 ...)
- TODO: check
+ NOT-FOR-US: K2
CVE-2018-9919 (A web-accessible backdoor, with resultant SSRF, exists in
Tp-shop ...)
NOT-FOR-US: Tp-shop
CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain
"expected dictionary ...)
@@ -9818,7 +9818,7 @@ CVE-2018-7528 (An SQL injection vulnerability has been
identified in Geutebruck
CVE-2018-7527 (A buffer overflow can be triggered in LeviStudio HMI Editor,
Version ...)
NOT-FOR-US: LeviStudio HMI Editor
CVE-2018-7526 (In TotalAlert Web Application in BeaconMedaes Scroll Medical
Air ...)
- TODO: check
+ NOT-FOR-US: TotalAlert Web Application
CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7524 (A cross-site request forgery vulnerability has been identified
in ...)
@@ -9834,7 +9834,7 @@ CVE-2018-7520 (An improper access control vulnerability
has been identified in .
CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7518 (In TotalAlert Web Application in BeaconMedaes Scroll Medical
Air ...)
- TODO: check
+ NOT-FOR-US: TotalAlert Web Application
CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7516 (A server-side request forgery vulnerability has been identified
in ...)
@@ -10224,9 +10224,9 @@ CVE-2018-7409 (In unixODBC before 2.3.5, there is a
buffer overflow in the ...)
CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release
(marked ...)
- npm <not-affected> (Vulnerable code introduced later)
CVE-2018-7407 (An issue was discovered in Foxit Reader before 9.1 and
PhantomPDF ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2018-7406 (An issue was discovered in Foxit Reader before 9.1 and
PhantomPDF ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2018-7405 (Cross-site scripting (XSS) in Zoho ManageEngine EventLog
Analyzer ...)
NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
CVE-2018-7404
@@ -15739,19 +15739,19 @@ CVE-2018-5682 (PrestaShop 1.7.2.4 allows user
enumeration via the Reset Password
CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the
"Pages > Edit ...)
NOT-FOR-US: PrestaShop
CVE-2018-5680 (This vulnerability allows remote attackers to execute arbitrary
code ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2018-5679 (This vulnerability allows remote attackers to execute arbitrary
code ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2018-5678 (This vulnerability allows remote attackers to execute arbitrary
code ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2018-5677 (This vulnerability allows remote attackers to execute arbitrary
code ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2018-5676 (This vulnerability allows remote attackers to execute arbitrary
code ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2018-5675 (This vulnerability allows remote attackers to execute arbitrary
code ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2018-5674 (This vulnerability allows remote attackers to execute arbitrary
code ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2018-5673 (An issue was discovered in the booking-calendar plugin 2.1.7
for ...)
NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5672 (An issue was discovered in the booking-calendar plugin 2.1.7
for ...)
@@ -40419,7 +40419,7 @@ CVE-2017-14189 (An improper access control
vulnerability in Fortinet FortiWebMan
CVE-2017-14188
RESERVED
CVE-2017-14187 (A local privilege escalation and local code execution
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS
5.6.0 ...)
NOT-FOR-US: Fortinet
CVE-2017-14185
@@ -53862,7 +53862,7 @@ CVE-2017-9666
CVE-2017-9665
RESERVED
CVE-2017-9664 (In ABB SREA-01 revisions A, B, C: application versions up to
3.31.5, ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was
discovered in ...)
NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji
Electric ...)
@@ -54541,7 +54541,7 @@ CVE-2017-9423
CVE-2017-9422
REJECTED
CVE-2017-9421 (Authentication Bypass vulnerability in Accellion kiteworks
before ...)
- TODO: check
+ NOT-FOR-US: Accellion kiteworks
CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar
plugin ...)
NOT-FOR-US: Spiffy Calendar plugin for WordPress
CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP
Custom ...)
@@ -175015,9 +175015,9 @@ CVE-2013-3026 (Buffer overflow in the Lotus Quickr
for Domino ActiveX control in
CVE-2013-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Rational ...)
NOT-FOR-US: IBM
CVE-2013-3024 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on
UNIX ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3023 (IBM Tivoli Application Dependency Discovery Manager (TADDM)
7.1.2 and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3022
RESERVED
CVE-2013-3021
@@ -175027,7 +175027,7 @@ CVE-2013-3020 (IBM Sterling B2B Integrator 5.1 and
5.2 and Sterling File Gateway
CVE-2013-3019
RESERVED
CVE-2013-3018 (The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3017
RESERVED
CVE-2013-3016 (IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers
to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/537e562c5e8de790979bfb7db8dfe0513f5f6d13
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/537e562c5e8de790979bfb7db8dfe0513f5f6d13
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
