Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4b7c0da2 by Moritz Muehlenhoff at 2018-06-11T18:19:46+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21932,7 +21932,7 @@ CVE-2018-3854
CVE-2018-3853 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2018-3852 (An exploitable denial of service vulnerability exists in the
Ocularis ...)
- TODO: check
+ NOT-FOR-US: Ocularis Recorder
CVE-2018-3851 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3850 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
@@ -22446,7 +22446,7 @@ CVE-2018-3760
CVE-2018-3759
RESERVED
CVE-2018-3758 (Unrestricted file upload (RCE) in express-cart module before
1.1.7 ...)
- TODO: check
+ NOT-FOR-US: express-cart
CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an
unescaped ...)
NOT-FOR-US: node pdf-image
CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are
vulnerable ...)
@@ -22493,7 +22493,7 @@ CVE-2018-3740 (A specially crafted HTML fragment can
cause Sanitize gem for Ruby
NOTE: The 'fragment' method was renamed from 'clean' method in earlier
version
NOTE: in v3.0.0
CVE-2018-3739 (https-proxy-agent before 2.1.1 passes auth option to the Buffer
...)
- TODO: check
+ NOT-FOR-US: https-proxy-agent
CVE-2018-3738 (protobufjs is vulnerable to ReDoS when parsing crafted invalid
.proto ...)
TODO: check
CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid
public keys. ...)
@@ -22549,18 +22549,18 @@ CVE-2018-3719 (mixin-deep node module before 1.3.1
suffers from a Modification o
NOTE: https://nodesecurity.io/advisories/578
NOTE: nodejs not covered by security support
CVE-2018-3718 (serve node module suffers from Improper Handling of URL
Encoding by ...)
- TODO: check
+ NOT-FOR-US: serve node module
CVE-2018-3717 (connect node module before 2.14.0 suffers from a Cross-Site
Scripting ...)
- node-connect 3.0.0-1
NOTE:
https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b
CVE-2018-3716 (simplehttpserver node module suffers from a Cross-Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: simplehttpserver node module
CVE-2018-3715 (glance node module before 3.0.4 suffers from a Path Traversal
...)
- TODO: check
+ NOT-FOR-US: glance node module
CVE-2018-3714 (node-srv node module suffers from a Path Traversal
vulnerability due ...)
- TODO: check
+ NOT-FOR-US: node-srv node module
CVE-2018-3713 (angular-http-server node module suffers from a Path Traversal
...)
- TODO: check
+ NOT-FOR-US: angular-http-server node module
CVE-2018-3712 (serve node module before 6.4.9 suffers from a Path Traversal
...)
NOT-FOR-US: npm serve
NOTE: fixed in 6.4.9 upstream
@@ -22622,7 +22622,7 @@ CVE-2018-3693
CVE-2018-3692
RESERVED
CVE-2018-3691 (Some implementations in Intel Integrated Performance Primitives
...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3690
RESERVED
CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform
Software ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b7c0da216022581b0151c18d5fcacf6743fb688
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b7c0da216022581b0151c18d5fcacf6743fb688
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
