Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a7f7774 by Salvatore Bonaccorso at 2018-06-15T11:12:47+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19,9 +19,9 @@ CVE-2018-12434 (LibreSSL before 2.6.5 and 2.7.x before 2.7.4
allows a memory-cac
CVE-2018-12433 (** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache
...)
TODO: check
CVE-2018-12432 (JavaMelody through 1.60.0 has XSS via the counter parameter in
a ...)
- TODO: check
+ NOT-FOR-US: JavaMelody
CVE-2018-12431 (SeaCMS V6.61 has XSS via the site name parameter on an ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2018-12430
RESERVED
CVE-2018-12429
@@ -41,7 +41,7 @@ CVE-2018-12422
CVE-2018-12421 (LTB (aka LDAP Tool Box) Self Service Password before 1.3
allows a ...)
NOT-FOR-US: LTB Self Service Password
CVE-2018-12420 (IceHrm before 23.0.1.OS has a risky usage of a hashed password
in a ...)
- TODO: check
+ NOT-FOR-US: IceHrm
CVE-2018-12419
RESERVED
CVE-2018-12418 (Archive.java in Junrar before 1.0.1, as used in Apache Tika
and other ...)
@@ -452,7 +452,7 @@ CVE-2018-12231
CVE-2018-12230
RESERVED
CVE-2018-12229 (Cross-site scripting (XSS) vulnerability in Public Knowledge
Project ...)
- TODO: check
+ NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS)
CVE-2017-18291 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection
exists in ...)
NOT-FOR-US: PvPGN Stats (relates to pvpgn, but the PHP utilities
allowing integration with a PvPGN game server)
CVE-2017-18290 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection
exists in ...)
@@ -754,7 +754,7 @@ CVE-2018-12092 (tinyexr 0.9.5 has a heap-based buffer
over-read in ...)
CVE-2018-12091
RESERVED
CVE-2018-12090 (There is unauthenticated reflected cross-site scripting (XSS)
in LAMS ...)
- TODO: check
+ NOT-FOR-US: LAMS
CVE-2018-12089 (In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with
Task View ...)
NOT-FOR-US: Octopus Deploy
CVE-2018-12291 (The on_get_missing_events function in handlers/federation.py
in Matrix ...)
@@ -1732,11 +1732,11 @@ CVE-2018-11692 (An issue was discovered on Canon
LBP6650, LBP3370, LBP3460, and
CVE-2018-11691
RESERVED
CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous
versions for ...)
- TODO: check
+ NOT-FOR-US: Balbooa Gridbox extension for Joomla!
CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Smart Viewer in Samsung Web Viewer for Samsung DVR
CVE-2018-11688 (Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site
scripting, ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2018-11687
RESERVED
CVE-2018-11686
@@ -3913,7 +3913,7 @@ CVE-2018-10823
CVE-2018-10822
RESERVED
CVE-2018-10821 (Cross-site scripting (XSS) vulnerability in
backend/pages/modify.php ...)
- TODO: check
+ NOT-FOR-US: BlackCatCMS
CVE-2018-10820
RESERVED
CVE-2018-10819
@@ -4817,7 +4817,7 @@ CVE-2018-10474 (This vulnerability allows remote
attackers to execute arbitrary
CVE-2018-10473 (This vulnerability allows remote attackers to execute
arbitrary code ...)
NOT-FOR-US: Foxit Reader
CVE-2018-10470 (Little Snitch versions 4.0 to 4.0.6 use the ...)
- TODO: check
+ NOT-FOR-US: Little Snitch
CVE-2018-10469 (b3log Symphony (aka Sym) 2.6.0 allows remote attackers to
upload and ...)
NOT-FOR-US: b3log Symphony (aka Sym)
CVE-2018-10468 (The transferFrom function of a smart contract implementation
for ...)
@@ -4953,17 +4953,17 @@ CVE-2018-10410
CVE-2018-10409
RESERVED
CVE-2018-10408 (An issue was discovered in VirusTotal. A maliciously crafted
...)
- TODO: check
+ NOT-FOR-US: VirusTotal
CVE-2018-10407 (An issue was discovered in Carbon Black Cb Response. A
maliciously ...)
- TODO: check
+ NOT-FOR-US: Carbon Black Cb Response
CVE-2018-10406 (An issue was discovered in Yelp OSXCollector. A maliciously
crafted ...)
- TODO: check
+ NOT-FOR-US: Yelp OSXCollector
CVE-2018-10405 (An issue was discovered in Google Santa and
molcodesignchecker. A ...)
- TODO: check
+ NOT-FOR-US: Google Santa and molcodesignchecker
CVE-2018-10404 (An issue was discovered in Objective-See KnockKnock, LuLu, ...)
- TODO: check
+ NOT-FOR-US: Objective-See KnockKnock, LuLu, TaskExplorer,
WhatsYourSign, and procInfo
CVE-2018-10403 (An issue was discovered in F-Secure XFENCE and Little Flocker.
A ...)
- TODO: check
+ NOT-FOR-US: F-Secure XFENCE and Little Flocker
CVE-2018-10402
RESERVED
CVE-2018-10401
@@ -8637,7 +8637,7 @@ CVE-2018-8929
CVE-2018-8928
RESERVED
CVE-2018-8927 (Improper authorization vulnerability in SYNO.Cal.Event in
Calendar ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2018-8926 (Permissive regular expression vulnerability in
synophoto_dsm_user in ...)
NOT-FOR-US: Synology
CVE-2018-8925 (Cross-site request forgery (CSRF) vulnerability in
admin/user.php in ...)
@@ -10178,7 +10178,7 @@ CVE-2018-8269
CVE-2018-8268
RESERVED
CVE-2018-8267 (A remote code execution vulnerability exists in the way that
the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8266
RESERVED
CVE-2018-8265
@@ -10204,29 +10204,29 @@ CVE-2018-8256
CVE-2018-8255
RESERVED
CVE-2018-8254 (An elevation of privilege vulnerability exists when Microsoft
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8253
RESERVED
CVE-2018-8252 (An elevation of privilege vulnerability exists when Microsoft
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8251 (A memory corruption vulnerability exists when Windows Media
Foundation ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8250
RESERVED
CVE-2018-8249 (A remote code execution vulnerability exists when Internet
Explorer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8248 (A remote code execution vulnerability exists in Microsoft Excel
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8247 (An elevation of privilege vulnerability exists when Office Web
Apps ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8246 (An information disclosure vulnerability exists when Microsoft
Excel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8245 (An elevation of privilege vulnerability exists when Microsoft
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8244 (An elevation of privilege vulnerability exists when Microsoft
Outlook ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8243 (A remote code execution vulnerability exists in the way that
the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8242
RESERVED
CVE-2018-8241
@@ -10234,75 +10234,75 @@ CVE-2018-8241
CVE-2018-8240
RESERVED
CVE-2018-8239 (An information disclosure vulnerability exists when the Windows
GDI ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8238
RESERVED
CVE-2018-8237
RESERVED
CVE-2018-8236 (A remote code execution vulnerability exists when Microsoft
Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8235 (A security feature bypass vulnerability exists when Microsoft
Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8234 (An information disclosure vulnerability exists when Microsoft
Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8233 (An elevation of privilege vulnerability exists in Windows when
the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8232
RESERVED
CVE-2018-8231 (A remote code execution vulnerability exists when HTTP Protocol
Stack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8230
RESERVED
CVE-2018-8229 (A remote code execution vulnerability exists in the way that
the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8228
RESERVED
CVE-2018-8227 (A remote code execution vulnerability exists in the way that
the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8226 (A denial of service vulnerability exists in the HTTP 2.0
protocol ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8225 (A remote code execution vulnerability exists in Windows Domain
Name ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8224 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8223
RESERVED
CVE-2018-8222
RESERVED
CVE-2018-8221 (A security feature bypass vulnerability exists in Device Guard
that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8220
RESERVED
CVE-2018-8219 (An elevation of privilege vulnerability exists when Windows
Hyper-V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8218 (A denial of service vulnerability exists when Microsoft Hyper-V
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8217 (A security feature bypass vulnerability exists in Device Guard
that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8216 (A security feature bypass vulnerability exists in Device Guard
that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8215 (A security feature bypass vulnerability exists in Device Guard
that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8214 (An elevation of privilege vulnerability exists in Windows when
Desktop ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8213 (A remote code execution vulnerability exists when Windows
improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8212 (A security feature bypass vulnerability exists in Device Guard
that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8211 (A security feature bypass vulnerability exists in Device Guard
that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8210 (A remote code execution vulnerability exists when Windows
improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8209 (An information disclosure vulnerability exists when Windows
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8208 (An elevation of privilege vulnerability exists in Windows when
Desktop ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8207 (An information disclosure vulnerability exists when the Windows
kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8206
RESERVED
CVE-2018-8205 (A denial of service vulnerability exists when Windows
improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8204
RESERVED
CVE-2018-8203
@@ -10310,7 +10310,7 @@ CVE-2018-8203
CVE-2018-8202
RESERVED
CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard
that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8200
RESERVED
CVE-2018-8199
@@ -10362,7 +10362,7 @@ CVE-2018-8177 (A remote code execution vulnerability
exists in the way that the
CVE-2018-8176 (A remote code execution vulnerability exists in Microsoft
PowerPoint ...)
NOT-FOR-US: Microsoft
CVE-2018-8175 (An denial of service vulnerability exists when Windows NT
WEBDAV ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8174 (A remote code execution vulnerability exists in the way that
the ...)
NOT-FOR-US: Microsoft
CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft
InfoPath ...)
@@ -10374,7 +10374,7 @@ CVE-2018-8171
CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that
the ...)
NOT-FOR-US: Microsoft
CVE-2018-8169 (An elevation of privilege vulnerability exists when the (Human
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8168 (An elevation of privilege vulnerability exists when Microsoft
...)
NOT-FOR-US: Microsoft
CVE-2018-8167 (An elevation of privilege vulnerability exists when the Windows
Common ...)
@@ -10432,7 +10432,7 @@ CVE-2018-8142 (A security feature bypass exists when
Windows incorrectly validat
CVE-2018-8141 (An information disclosure vulnerability exists when the Windows
kernel ...)
NOT-FOR-US: Microsoft
CVE-2018-8140 (An Elevation of Privilege vulnerability exists when Cortana
retrieves ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8139 (A remote code execution vulnerability exists in the way that
the ...)
NOT-FOR-US: Microsoft
CVE-2018-8138
@@ -10470,7 +10470,7 @@ CVE-2018-8123 (An information disclosure vulnerability
exists when Microsoft Edg
CVE-2018-8122 (A remote code execution vulnerability exists in the way that
the ...)
NOT-FOR-US: Microsoft
CVE-2018-8121 (An information disclosure vulnerability exists when the Windows
kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8120 (An elevation of privilege vulnerability exists in Windows when
the ...)
NOT-FOR-US: Microsoft
CVE-2018-8119 (A spoofing vulnerability exists when the Azure IoT Device
Provisioning ...)
@@ -10486,13 +10486,13 @@ CVE-2018-8115 (A remote code execution vulnerability
exists when the Windows Hos
CVE-2018-8114 (A remote code execution vulnerability exists in the way that
the ...)
NOT-FOR-US: Microsoft
CVE-2018-8113 (A security feature bypass vulnerability exists in Internet
Explorer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8112 (A security feature bypass vulnerability exists when Microsoft
Edge ...)
NOT-FOR-US: Microsoft
CVE-2018-8111 (A remote code execution vulnerability exists when Microsoft
Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8110 (A remote code execution vulnerability exists when Microsoft
Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect
Access Control ...)
{DLA-1331-1}
- mercurial 4.5.2-1 (bug #892964)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a7f77748bceda2bfecd8b0f4b2e07cadae458a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a7f77748bceda2bfecd8b0f4b2e07cadae458a1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
