Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
90d76901 by Moritz Muehlenhoff at 2018-07-06T10:16:52+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -41,9 +41,9 @@ CVE-2018-13342
CVE-2018-13341
RESERVED
CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add
request. ...)
- TODO: check
+ NOT-FOR-US: Gleez CMS
CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML
content mode ...)
- TODO: check
+ NOT-FOR-US: Imperavi Redactor
CVE-2018-13338
RESERVED
CVE-2018-13337
@@ -657,7 +657,7 @@ CVE-2018-13053 (The alarm_timer_nsleep function in
kernel/time/alarmtimer.c in t
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200303
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef
CVE-2018-13052 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity),
...)
- TODO: check
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager
CVE-2018-13051
RESERVED
CVE-2018-13050 (A SQL Injection vulnerability exists in Zoho ManageEngine
Applications ...)
@@ -712,7 +712,7 @@ CVE-2018-13033 (The Binary File Descriptor (BFD) library
(aka libbfd), as distri
CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add
superuser ...)
NOT-FOR-US: ECESSA ShieldLink
CVE-2018-13031 (DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add
an ...)
- TODO: check
+ NOT-FOR-US: DamiCMS
CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The
build_huffman ...)
NOT-FOR-US: jpeg-compressor
CVE-2018-13029
@@ -1378,7 +1378,7 @@ CVE-2018-12741
CVE-2018-12740
RESERVED
CVE-2018-12739 (In BEESCMS 4.0, CSRF allows administrators to be added
arbitrarily, a ...)
- TODO: check
+ NOT-FOR-US: BEESCMS
CVE-2018-12738
RESERVED
CVE-2018-12737
@@ -1937,7 +1937,7 @@ CVE-2018-12573
CVE-2018-12572
RESERVED
CVE-2018-12571 (uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront
Unified ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-12570
RESERVED
CVE-2018-12569
@@ -3156,7 +3156,7 @@ CVE-2018-12115
CVE-2018-12114 (Maccms 10 allows CSRF via admin.php/admin/admin/info.html to
add user ...)
NOT-FOR-US: Maccms
CVE-2018-12113 (Core FTP LE version 2.2 Build 1921 is prone to a buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Core FTP LE
CVE-2018-12112 (md_build_attribute in md4c.c in md4c 0.2.6 allows remote
attackers to ...)
NOT-FOR-US: md4c
CVE-2018-12111 (Cross-site scripting (XSS) vulnerability in the Canon PrintMe
EFI ...)
@@ -3178,7 +3178,7 @@ CVE-2018-12105
CVE-2018-12104 (Cross-site scripting (XSS) vulnerability in Airbnb Knowledge
Repo 0.7.4 ...)
NOT-FOR-US: Airbnb Knowledge Repo
CVE-2018-12103 (An issue was discovered on D-Link DIR-890L A2 devices. Due to
the ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function ...)
NOT-FOR-US: md4c
CVE-2018-12101
@@ -6050,9 +6050,9 @@ CVE-2018-10990 (On Arris Touchstone Telephony Gateway
TG1682G 9.1.103J6 devices,
CVE-2018-10989 (Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices
are ...)
NOT-FOR-US: Arris Touchstone Telephony Gateway
CVE-2018-10988 (An issue was discovered on Diqee Diqee360 devices. A firmware
update ...)
- TODO: check
+ NOT-FOR-US: Diqee
CVE-2018-10987 (An issue was discovered on Dongguan Diqee Diqee360 devices.
The ...)
- TODO: check
+ NOT-FOR-US: Diqee
CVE-2018-10986
RESERVED
CVE-2018-10985
@@ -8564,9 +8564,9 @@ CVE-2018-10019
CVE-2018-9999 (In Zulip Server versions before 1.7.2, there was an XSS issue
with user ...)
- zulip-server <itp> (bug #800052)
CVE-2018-9998 (Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-9997 (Cross-site scripting (XSS) vulnerability in mail compose in ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2018-9996 (An issue was discovered in cplus-dem.c in GNU libiberty, as ...)
- binutils <unfixed> (low)
[stretch] - binutils <ignored> (Minor issue)
@@ -11803,7 +11803,7 @@ CVE-2016-10716 (The Mail.ru Calendar plugin before
2.5.0.61 for Atlassian Jira h
CVE-2016-10715 (The Artezio Kanban Board plugin 1.4 revision 1914 for
Atlassian Jira ...)
NOT-FOR-US: Atlassian Jira plugin
CVE-2018-8738 (Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.
...)
- TODO: check
+ NOT-FOR-US: Airties
CVE-2018-8737 (Bookme Control Panel 2.0 Application is vulnerable to stored
XSS within ...)
NOT-FOR-US: Bookme Control Panel Application
CVE-2018-8736 (A privilege escalation vulnerability in Nagios XI 5.2.x through
5.4.x ...)
@@ -13353,7 +13353,7 @@ CVE-2018-8048 (In the Loofah gem through 2.2.0 for
Ruby, non-whitelisted HTML ..
CVE-2018-8047
RESERVED
CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6
before ...)
- TODO: check
+ NOT-FOR-US: Sencha
CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a
variable ...)
NOT-FOR-US: Joomla
CVE-2018-8044
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90d7690176b788fd9412657aea62dd3b6b1e9dd4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90d7690176b788fd9412657aea62dd3b6b1e9dd4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
