Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a65ea674 by Salvatore Bonaccorso at 2018-08-13T20:16:43Z
Process NFUs
- - - - -
2605a56d by Salvatore Bonaccorso at 2018-08-13T20:16:59Z
Add CVE-2018-3780/nextcloud, itp'ed, #835086
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -331,19 +331,19 @@ CVE-2018-15147
CVE-2018-15146
RESERVED
CVE-2018-15145 (Multiple SQL injection vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15144 (SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15143 (Multiple SQL injection vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15142 (Directory traversal in portal/import_template.php in versions
of ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15141 (Directory traversal in portal/import_template.php in versions
of ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15140 (Directory traversal in portal/import_template.php in versions
of ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15139 (Unrestricted file upload in
interface/super/manage_site_files.php in ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15138
RESERVED
CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload
any file ...)
@@ -4537,7 +4537,7 @@ CVE-2018-13394
CVE-2018-13393
RESERVED
CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before
version ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-13391
RESERVED
CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via
network from ...)
@@ -6542,7 +6542,7 @@ CVE-2018-12589 (Polaris Office 2017 8.1 allows attackers
to execute arbitrary co
CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Public Knowledge Project (PKP) Open Monograph Press (OMP)
CVE-2018-12587 (A cross-site scripting (XSS) vulnerability was found in
valeuraddons ...)
- TODO: check
+ NOT-FOR-US: valeuraddons German Spelling Dictionary
CVE-2018-12586
RESERVED
CVE-2018-12585
@@ -11950,7 +11950,7 @@ CVE-2018-10571 (Multiple reflected cross-site scripting
(XSS) vulnerabilities in
CVE-2018-10570 (Frog CMS 0.9.5 has XSS in /install/index.php via the ...)
NOT-FOR-US: Frog CMS
CVE-2018-10569 (An issue was discovered in Edimax EW-7438RPn Mini v2 before
version ...)
- TODO: check
+ NOT-FOR-US: Edimax EW-7438RPn Mini v2
CVE-2018-10568 (XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to
v10.7. ...)
NOT-FOR-US: Flexense DiskSorter Enterprise
CVE-2018-10567 (XSS exists in Flexense VX Search Enterprise from v10.1.12 to
v10.7. ...)
@@ -23383,7 +23383,7 @@ CVE-2018-6416
CVE-2018-6415
RESERVED
CVE-2018-6414 (A buffer overflow vulnerability in the web server of some
Hikvision IP ...)
- TODO: check
+ NOT-FOR-US: Hikvision IP Cameras
CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S
of ...)
NOT-FOR-US: Hikvision Camera DS-2CD9111-S
CVE-2018-6412 (In the function sbusfb_ioctl_helper() in
drivers/video/fbdev/sbuslib.c ...)
@@ -25256,9 +25256,9 @@ CVE-2018-5927
CVE-2018-5926
RESERVED
CVE-2018-5925 (A security vulnerability has been identified with certain HP
Inkjet ...)
- TODO: check
+ NOT-FOR-US: HP Inkjet printers
CVE-2018-5924 (A security vulnerability has been identified with certain HP
Inkjet ...)
- TODO: check
+ NOT-FOR-US: HP Inkjet printers
CVE-2018-5923
RESERVED
CVE-2018-5922
@@ -30938,7 +30938,7 @@ CVE-2018-3782
CVE-2018-3781 (A missing sanitization of search results for an autocomplete
field in ...)
TODO: check
CVE-2018-3780 (A missing sanitization of search results for an autocomplete
field in ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2018-3779 (active-support ruby gem 5.2.0 could allow a remote attacker to
execute ...)
NOT-FOR-US: Trojaned gem release
CVE-2018-3778 (Improper authorization in aedes version <0.35.0 will publish
a LWT in ...)
@@ -88545,7 +88545,7 @@ CVE-2017-1751 (IBM Robotic Process Automation with
Automation Anywhere 10.0.0 is
CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0
through ...)
NOT-FOR-US: IBM Jazz Reporting Service
CVE-2017-1749 (IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: IBM UrbanCode Deploy
CVE-2017-1748 (IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker
to ...)
NOT-FOR-US: IBM
CVE-2017-1747 (A specially crafted message could cause a denial of service in
IBM ...)
@@ -89471,7 +89471,7 @@ CVE-2017-1288
CVE-2017-1287 (IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to
conduct ...)
NOT-FOR-US: IBM
CVE-2017-1286 (Sensitive information about the configuration of the IBM
UrbanCode ...)
- TODO: check
+ NOT-FOR-US: IBM UrbanCode Deploy
CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated
user ...)
NOT-FOR-US: IBM
CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with
ability ...)
@@ -113833,7 +113833,7 @@ CVE-2016-2924 (IBM Infosphere BigInsights is
vulnerable to cross-site scripting,
CVE-2016-2923 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9
Liberty ...)
NOT-FOR-US: IBM
CVE-2016-2922 (IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through
9.0.1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM Rational ClearQuest
CVE-2016-2921
RESERVED
CVE-2016-2920
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/f8300fe274f20f7152ca7a1f8461b70d7872e0bc...2605a56df87b22424b77038d8939908eb90894c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/f8300fe274f20f7152ca7a1f8461b70d7872e0bc...2605a56df87b22424b77038d8939908eb90894c0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
