Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f7478b0 by Moritz Muehlenhoff at 2018-07-05T23:11:06+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -25829,23 +25829,23 @@ CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta
and v1.0.0_beta-1 are vulner
CVE-2018-3755 (XSS in sexstatic <=0.6.2 causes HTML injection in directory
name(s) ...)
NOT-FOR-US: sexstatic
CVE-2018-3754 (Node.js third-party module query-mysql versions 0.0.0, 0.0.1,
and ...)
- TODO: check
+ NOT-FOR-US: query-mysql
CVE-2018-3753 (The utilities function in all versions <= 1.0.0 of the
merge-objects ...)
- TODO: check
+ NOT-FOR-US: merge-objects
CVE-2018-3752 (The utilities function in all versions <= 1.0.0 of the
merge-options ...)
- TODO: check
+ NOT-FOR-US: merge-options
CVE-2018-3751 (The utilities function in all versions <= 0.3.0 of the
merge-recursive ...)
- TODO: check
+ NOT-FOR-US: merge-recursive
CVE-2018-3750 (The utilities function in all versions <= 0.5.0 of the
deep-extend ...)
- node-deep-extend <unfixed> (unimportant)
NOTE: https://nodesecurity.io/advisories/612
NOTE: nodejs not covered by security support
CVE-2018-3749 (The utilities function in all versions < 1.0.1 of the deap
node module ...)
- TODO: check
+ NOT-FOR-US: deap
CVE-2018-3748 (There is a Stored XSS vulnerability in the glance node module
versions ...)
- TODO: check
+ NOT-FOR-US: glance node module (different from src:glance)
CVE-2018-3747 (The public node module versions <= 1.0.3 allows to embed
HTML in file ...)
- TODO: check
+ NOT-FOR-US: public node module versions
CVE-2018-3746 (The pdfinfojs NPM module versions <= 0.3.6 has a command
injection ...)
NOT-FOR-US: pdfinfojs nodejs module
CVE-2018-3745 (atob 2.0.3 and earlier allocates uninitialized Buffers when
number is ...)
@@ -33986,9 +33986,9 @@ CVE-2017-17319 (Huawei P9 smartphones with the versions
before EVA-AL10C00B399SP
CVE-2017-17318 (Huawei MBB (Mobile Broadband) products E5771h-937 with the
versions ...)
NOT-FOR-US: Huawei
CVE-2017-17317 (Common Open Policy Service Protocol (COPS) module in Huawei
USG6300 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17316 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30
...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17315 (Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10;
...)
NOT-FOR-US: Huawei
CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10,
...)
@@ -34270,7 +34270,7 @@ CVE-2017-17177
CVE-2017-17176
RESERVED
CVE-2017-17175 (Short Message Service (SMS) module of Mate 9 Pro Huawei smart
phones ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17174
RESERVED
CVE-2017-17173 (Due to insufficient parameters verification GPU driver of Mate
9 Pro ...)
@@ -37908,7 +37908,7 @@ CVE-2017-16775
CVE-2017-16774
RESERVED
CVE-2017-16773 (Improper authorization vulnerability in Highlight Preview in
Synology ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2017-16772 (Improper input validation vulnerability in ...)
NOT-FOR-US: Synology Photo Station
CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in
Synology ...)
@@ -39888,25 +39888,25 @@ CVE-2016-10684 (healthcenter - IBM Monitoring and
Diagnostic Tools health Center
CVE-2016-10683 (arcanist downloads resources over HTTP, which leaves it
vulnerable to ...)
TODO: check
CVE-2016-10682 (massif is a Phantomjs fork massif downloads resources over
HTTP, which ...)
- TODO: check
+ NOT-FOR-US: massif
CVE-2016-10681 (roslib-socketio - The standard ROS Javascript Library fork for
add ...)
- TODO: check
+ NOT-FOR-US: roslib-socketio
CVE-2016-10680 (adamvr-geoip-lite is a light weight native JavaScript
implementation ...)
- TODO: check
+ NOT-FOR-US: adamvr-geoip-lite
CVE-2016-10679 (selenium-standalone-painful installs a start-selenium command
line to ...)
- TODO: check
+ NOT-FOR-US: selenium-standalone-painful
CVE-2016-10678 (serc.js is a Selenium RC process wrapper serc.js downloads
binary ...)
- TODO: check
+ NOT-FOR-US: serc.js
CVE-2016-10677 (google-closure-tools-latest is a Node.js module wrapper for
...)
- TODO: check
+ NOT-FOR-US: google-closure-tools-latest
CVE-2016-10676 (rs-brightcove is a wrapper around brightcove's web api
rs-brightcove ...)
- TODO: check
+ NOT-FOR-US: rs-brightcove
CVE-2016-10675 (libsbmlsim is a module that installs linux binaries for
libsbmlsim ...)
- TODO: check
+ NOT-FOR-US: libsbmlsim
CVE-2016-10674 (limbus-buildgen is a "build anywhere" build system.
limbus-buildgen ...)
- TODO: check
+ NOT-FOR-US: limbus-buildgen
CVE-2016-10673 (ipip-coffee queries geolocation information from IP
ipip-coffee ...)
- TODO: check
+ NOT-FOR-US: ipip-coffee
CVE-2016-10672 (cloudpub-redis is a module for CloudPub: Redis Backend
cloudpub-redis ...)
TODO: check
CVE-2016-10671 (mystem-wrapper is a Yandex mystem app wrapper module.
mystem-wrapper ...)
@@ -54707,7 +54707,7 @@ CVE-2017-11176 (The mq_notify function in the Linux
kernel through 4.11.9 does n
- linux 4.11.11-1
NOTE: Fixed by:
https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1
CVE-2017-11175 (In J2 Innovations FIN Stack 4.0, the authentication webform is
...)
- TODO: check
+ NOT-FOR-US: J2 Innovations FIN Stack
CVE-2017-11174 (In install/page_dbsettings.php in the Core distribution of
XOOPS ...)
NOT-FOR-US: XOOPS
CVE-2017-11173 (Missing anchor in generated regex for rack-cors before 0.4.1
allows a ...)
@@ -84910,7 +84910,7 @@ CVE-2017-0931 (html-janitor node module suffers from a
Cross-Site Scripting (XSS
CVE-2017-0930 (augustine node module suffers from a Path Traversal
vulnerability due ...)
NOT-FOR-US: augustine node module
CVE-2017-0929 (DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side
Request ...)
- TODO: check
+ NOT-FOR-US: DNN (aka DotNetNuke)
CVE-2017-0928 (html-janitor node module suffers from an External Control of
Critical ...)
NOT-FOR-US: html-janitor node module
CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an
improper ...)
@@ -84967,9 +84967,9 @@ CVE-2017-0914 (Gitlab Community and Enterprise Editions
version 10.1, 10.2, and
[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0913 (Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated
user to ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti UCRM
CVE-2017-0912 (Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored
...)
- TODO: check
+ NOT-FOR-US: Ubiquiti UCRM
CVE-2017-0911 (Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a
callback ...)
NOT-FOR-US: Twitter Kit for iOS
CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms,
a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f7478b02a74001b9ac835f18264f5120320eeee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f7478b02a74001b9ac835f18264f5120320eeee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
