Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3edc141e by Moritz Muehlenhoff at 2018-07-15T23:00:53+02:00
NFUs
new ruby-rails-admin issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21,19 +21,19 @@ CVE-2018-14071
CVE-2018-14070
RESERVED
CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF
vulnerability ...)
- TODO: check
+ NOT-FOR-US: SRCMS
CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF
vulnerability ...)
- TODO: check
+ NOT-FOR-US: SRCMS
CVE-2018-14067
RESERVED
CVE-2018-14066 (The content://wappush content provider in ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...)
- TODO: check
+ NOT-FOR-US: PHPOffice
CVE-2018-14064 (The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera
devices ...)
- TODO: check
+ NOT-FOR-US: VelotiSmart WiFi B-380 camera devices
CVE-2018-14063 (The increaseApproval function of a smart contract
implementation for ...)
- TODO: check
+ NOT-FOR-US: smart contract
CVE-2018-14062
RESERVED
CVE-2018-14061
@@ -206,7 +206,7 @@ CVE-2018-14012 (WolfSight CMS 3.2 allows SQL injection via
the PATH_INFO to the
CVE-2018-14011
RESERVED
CVE-2018-14010 (OS command injection in the guest Wi-Fi settings feature in
...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2018-14009 (Codiad through 2.8.4 allows Remote Code Execution, a different
...)
NOT-FOR-US: Codiad
CVE-2018-14008
@@ -42039,29 +42039,30 @@ CVE-2016-10531 (marked is an application that is
meant to parse and compile mark
NOTE: https://nodesecurity.io/advisories/101
NOTE: nodejs not covered by security support
CVE-2016-10530 (The airbrake module 0.3.8 and earlier defaults to sending
environment ...)
- TODO: check
+ NOT-FOR-US: airbrake
CVE-2016-10529 (Droppy versions <3.5.0 does not perform any verification
for ...)
- TODO: check
+ NOT-FOR-US: Droppy
CVE-2016-10528 (restafary is a REpresentful State Transfer API for Creating,
Reading, ...)
- TODO: check
+ NOT-FOR-US: restafary
CVE-2016-10527 (The riot-compiler version version 2.3.21 has an issue in a
regex ...)
- TODO: check
+ NOT-FOR-US: riot-compiler
CVE-2016-10526 (A common setup to deploy to gh-pages on every commit via a CI
system ...)
- TODO: check
+ NOT-FOR-US: gh-pages
CVE-2016-10525 (When attempting to allow authentication mode `try` in hapi,
...)
- TODO: check
+ NOT-FOR-US: hapi
CVE-2016-10524 (i18n-node-angular is a module used to interact between i18n
and ...)
- TODO: check
+ NOT-FOR-US: i18n-node-angular
CVE-2016-10523 (MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically
crafted ...)
- TODO: check
+ - node-mqtt-packet <not-affected> (Fixed before initial upload to the
archive)
+ NOTE: https://nodesecurity.io/advisories/75
CVE-2016-10522 (rails_admin ruby gem <v1.1.1 is vulnerable to cross-site
request ...)
- TODO: check
+ - ruby-rails-admin <unfixed>
CVE-2016-10521 (jshamcrest is vulnerable to regular expression denial of
service ...)
- TODO: check
+ NOT-FOR-US: jshamcrest
CVE-2016-10520 (jadedown is vulnerable to regular expression denial of service
(ReDoS) ...)
- TODO: check
+ NOT-FOR-US: jadedown
CVE-2016-10519 (A security issue was found in bittorrent-dht before 5.1.3 that
allows ...)
- TODO: check
+ NOT-FOR-US: bittorrent-dht
CVE-2016-10518 (A vulnerability was found in the ping functionality of the ws
module ...)
TODO: check
CVE-2015-9243 (When server level, connection level or route level CORS
configurations ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3edc141ec54c832ff0acdb897506e044f3a931b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3edc141ec54c832ff0acdb897506e044f3a931b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
