Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6dc6850f by Moritz Muehlenhoff at 2018-06-09T12:22:15+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -23,7 +23,7 @@ CVE-2018-12067
CVE-2018-12065 (A Local File Inclusion vulnerability in
/system/WCore/WHelper.php in ...)
NOT-FOR-US: wityCMS
CVE-2018-12064 (tinyexr 0.9.5 has a heap-based buffer over-read via ...)
- TODO: check
+ NOT-FOR-US: tinyexr
CVE-2018-12063
RESERVED
CVE-2018-12062
@@ -81,7 +81,7 @@ CVE-2018-12043 (content/content.blueprintspages.php in
Symphony 2.7.6 has XSS vi
CVE-2018-12042 (Roxy Fileman through v1.4.5 has Directory traversal via the
...)
NOT-FOR-US: Roxy Fileman
CVE-2018-12041 (An issue was discovered on the MediaTek AWUS036NH wireless USB
adapter ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2018-12040
RESERVED
CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an
Arbitrary ...)
@@ -583,19 +583,19 @@ CVE-2018-11806 [slirp: heap buffer overflow while
reassembling fragmented datagr
- qemu <unfixed> (bug #901017)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
CVE-2018-1000202 (A persisted cross-site scripting vulnerability exists in
Jenkins ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000198 (A XML external entity processing vulnerability exists in
Jenkins Black ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000197 (An improper authorization vulnerability exists in Jenkins
Black Duck ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000196 (A exposure of sensitive information vulnerability exists in
Jenkins ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000195 (A server-side request forgery vulnerability exists in
Jenkins 2.120 ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-1000194 (A path traversal vulnerability exists in Jenkins 2.120 and
older, LTS ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-1000193 (A improper neutralization of control sequences vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-12015 (In Perl through 5.26.2, the Archive::Tar module allows remote
attackers ...)
- perl <unfixed> (bug #900834)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=125523
@@ -1613,7 +1613,7 @@ CVE-2018-11410 (An issue was discovered in Liblouis
3.5.0. A invalid free in the
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1582024
NOTE: https://github.com/liblouis/liblouis/issues/573
CVE-2018-11409 (Splunk through 7.0.1 allows information disclosure by
appending ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2018-11408
RESERVED
CVE-2018-11407
@@ -4970,7 +4970,7 @@ CVE-2018-10090
CVE-2018-10089
RESERVED
CVE-2018-10088 (Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified
impact and ...)
- TODO: check
+ NOT-FOR-US: XiongMai uc-httpd
CVE-2018-10124 (The kill_something_info function in kernel/signal.c in the
Linux kernel ...)
- linux 4.13.4-1
[stretch] - linux <ignored> (Minor issue)
@@ -7142,7 +7142,7 @@ CVE-2018-9184
CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has
XSS. ...)
NOT-FOR-US: Joomla addon
CVE-2018-9182 (Twonky Server before 8.5.1 has XSS via a modified
"language" parameter ...)
- TODO: check
+ NOT-FOR-US: Twonky Server
CVE-2018-9181
RESERVED
CVE-2018-9180
@@ -7152,7 +7152,7 @@ CVE-2018-9179
CVE-2018-9178
RESERVED
CVE-2018-9177 (Twonky Server before 8.5.1 has XSS via a folder name on the
Shared ...)
- TODO: check
+ NOT-FOR-US: Twonky Server
CVE-2018-9176
RESERVED
CVE-2018-9175 (DedeCMS 5.7 allows remote attackers to execute arbitrary PHP
code via ...)
@@ -7815,9 +7815,9 @@ CVE-2018-8928
CVE-2018-8927
RESERVED
CVE-2018-8926 (Permissive regular expression vulnerability in
synophoto_dsm_user in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2018-8925 (Cross-site request forgery (CSRF) vulnerability in
admin/user.php in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2018-8924 (Cross-site scripting (XSS) vulnerability in Title Tootip in
Synology ...)
NOT-FOR-US: Synology
CVE-2018-8923 (Cross-site scripting (XSS) vulnerability in Attachment Preview
in ...)
@@ -7835,7 +7835,7 @@ CVE-2018-8918
CVE-2018-8917
RESERVED
CVE-2018-8916 (Unverified password change vulnerability in Change Password in
...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2018-8915 (Cross-site scripting (XSS) vulnerability in Notification Center
in ...)
NOT-FOR-US: Synology
CVE-2018-8914 (SQL injection vulnerability in UPnP DMA in Synology Media
Server ...)
@@ -11501,7 +11501,7 @@ CVE-2018-7512 (A cross-site scripting vulnerability has
been identified in Geute
CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple
cases ...)
NOT-FOR-US: Eaton ELCSoft
CVE-2018-7510 (In the web application in BeaconMedaes TotalAlert Scroll
Medical Air ...)
- TODO: check
+ NOT-FOR-US: BeaconMedaes TotalAlert
CVE-2018-7509 (WPLSoft in Delta Electronics versions 2.45.0 and prior writes
data ...)
NOT-FOR-US: Delta Electronics
CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web
API ...)
@@ -14031,7 +14031,7 @@ CVE-2018-6672
CVE-2018-6671
RESERVED
CVE-2018-6670 (External Entity Attack vulnerability in the ePO extension in
McAfee ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6669
RESERVED
CVE-2018-6668
@@ -14222,7 +14222,7 @@ CVE-2017-18156
CVE-2017-18155
RESERVED
CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in
MediaServer ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2017-18153
RESERVED
NOT-FOR-US: Qualcomm components for Android
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6dc6850f5b415aabcf5e31a8f5d94ee53bbf190d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6dc6850f5b415aabcf5e31a8f5d94ee53bbf190d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
