Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d167d223 by Salvatore Bonaccorso at 2018-08-15T20:25:45Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -406,7 +406,7 @@ CVE-2018-15173 (Nmap through 7.70, when the -sV option is used, allows remote at - nmap <unfixed> (unimportant) NOTE: No security impact CVE-2018-15172 (TP-Link WR840N devices have a buffer overflow via a long Authorization ...) - TODO: check + NOT-FOR-US: TP-Link WR840N devices CVE-2018-15171 RESERVED CVE-2018-15170 @@ -438,27 +438,27 @@ CVE-2018-15158 CVE-2018-15157 RESERVED CVE-2018-15156 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15155 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15154 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15153 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15152 (Authentication bypass vulnerability in portal/account/register.php in ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15151 (SQL injection vulnerability in ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15150 (SQL injection vulnerability in ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15149 (SQL injection vulnerability in ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15148 (SQL injection vulnerability in ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15147 (SQL injection vulnerability in interface/forms_admin/forms_admin.php ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15146 (SQL injection vulnerability in ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-15145 (Multiple SQL injection vulnerabilities in ...) NOT-FOR-US: OpenEMR CVE-2018-15144 (SQL injection vulnerability in ...) @@ -474,7 +474,7 @@ CVE-2018-15140 (Directory traversal in portal/import_template.php in versions of CVE-2018-15139 (Unrestricted file upload in interface/super/manage_site_files.php in ...) NOT-FOR-US: OpenEMR CVE-2018-15138 (Ericsson-LG iPECS NMS 30M allows directory traversal via ...) - TODO: check + NOT-FOR-US: Ericsson-LG iPECS NMS 30M CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload any file ...) NOT-FOR-US: CeLa Link CLR-M20 devices CVE-2018-15136 @@ -4671,9 +4671,9 @@ CVE-2018-13396 CVE-2018-13395 RESERVED CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ...) - TODO: check + NOT-FOR-US: Atlassian Confluence Questions CVE-2018-13393 (The convertCommentToAnswer resource in Atlassian Confluence Questions ...) - TODO: check + NOT-FOR-US: Atlassian Confluence Questions CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before version ...) NOT-FOR-US: Atlassian CVE-2018-13391 @@ -8127,7 +8127,7 @@ CVE-2018-12058 CVE-2018-12057 RESERVED CVE-2018-12056 (The maxRandom function of a smart contract implementation for All For ...) - TODO: check + NOT-FOR-US: smart contract implementation for All For One CVE-2018-12055 (Multiple SQL Injections exist in PHP Scripts Mall Schools Alert ...) NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script CVE-2018-12054 (Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management ...) @@ -9083,7 +9083,7 @@ CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable CVE-2018-11688 (Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site scripting, ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2018-11687 (An integer overflow in the distributeBTR function of a smart contract ...) - TODO: check + NOT-FOR-US: smart contract implementation for Bitcoin Red (BTCR) CVE-2018-11686 RESERVED CVE-2018-11685 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function ...) @@ -10285,7 +10285,7 @@ CVE-2018-11249 CVE-2018-11248 (util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an ...) NOT-FOR-US: FileDownloader CVE-2018-11247 (The JMX/RMI interface in Nasdaq BWise 5.0 does not require ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-11246 RESERVED CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex ...) @@ -12308,11 +12308,11 @@ CVE-2018-10514 CVE-2018-10513 RESERVED CVE-2018-10512 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-10511 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-10510 (A Directory Traversal Remote Code Execution vulnerability in Trend ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-10509 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow ...) NOT-FOR-US: Trend Micro CVE-2018-10508 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow ...) @@ -12645,7 +12645,7 @@ CVE-2018-1000179 (A NULL Pointer Dereference of CWE-476 exists in quassel versio CVE-2018-10370 RESERVED CVE-2018-10369 (A Cross-site scripting (XSS) vulnerability was discovered on Intelbras ...) - TODO: check + NOT-FOR-US: Intelbras Win devices CVE-2018-10368 (An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> ...) NOT-FOR-US: WUZHI CMS CVE-2018-10367 (An issue was discovered in WUZHI CMS 4.1.0. The content-management ...) @@ -15736,7 +15736,7 @@ CVE-2018-9131 CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...) NOT-FOR-US: IBOS CVE-2018-9129 (ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in ...) - TODO: check + NOT-FOR-US: ZyXEL ZyWALL/USG series devices CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf ...) NOT-FOR-US: DVD X Player Standard CVE-2018-9127 (Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard ...) @@ -17515,11 +17515,11 @@ CVE-2018-8416 CVE-2018-8415 RESERVED CVE-2018-8414 (A remote code execution vulnerability exists when the Windows Shell ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8413 RESERVED CVE-2018-8412 (An elevation of privilege vulnerability exists when the Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8411 RESERVED CVE-2018-8410 @@ -17535,9 +17535,9 @@ CVE-2018-8406 (An elevation of privilege vulnerability exists when the DirectX . CVE-2018-8405 (An elevation of privilege vulnerability exists when the DirectX ...) TODO: check CVE-2018-8404 (An elevation of privilege vulnerability exists in Windows when the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8403 (A remote code execution vulnerability exists in the way that Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8402 RESERVED CVE-2018-8401 (An elevation of privilege vulnerability exists when the DirectX ...) @@ -17545,17 +17545,17 @@ CVE-2018-8401 (An elevation of privilege vulnerability exists when the DirectX . CVE-2018-8400 (An elevation of privilege vulnerability exists when the DirectX ...) TODO: check CVE-2018-8399 (An elevation of privilege vulnerability exists in Windows when the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8398 (An information disclosure vulnerability exists when the Windows GDI ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8397 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8396 (An information disclosure vulnerability exists when the Windows GDI ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8395 RESERVED CVE-2018-8394 (An information disclosure vulnerability exists when the Windows GDI ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8393 RESERVED CVE-2018-8392 @@ -17563,47 +17563,47 @@ CVE-2018-8392 CVE-2018-8391 RESERVED CVE-2018-8390 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8389 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8388 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8387 (A remote code execution vulnerability exists when Microsoft Edge ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8386 RESERVED CVE-2018-8385 (A remote code execution vulnerability exists in the way the scripting ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8384 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8383 (A spoofing vulnerability exists when Microsoft Edge does not properly ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8382 (An information disclosure vulnerability exists when Microsoft Excel ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8381 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8380 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8379 (A remote code execution vulnerability exists in Microsoft Excel ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8378 (An information disclosure vulnerability exists when Microsoft Office ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8377 (A remote code execution vulnerability exists when Microsoft Edge ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8376 (A remote code execution vulnerability exists in Microsoft PowerPoint ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8375 (A remote code execution vulnerability exists in Microsoft Excel ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8374 (A tampering vulnerability exists when Microsoft Exchange Server fails ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8373 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8372 (A remote code execution vulnerability exists in the way the scripting ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8371 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8370 (A information disclosure vulnerability exists when WebAudio Library ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8369 RESERVED CVE-2018-8368 @@ -17625,47 +17625,47 @@ CVE-2018-8361 CVE-2018-8360 (An information disclosure vulnerability exists in Microsoft .NET ...) TODO: check CVE-2018-8359 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8358 (A security feature bypass vulnerability exists when Microsoft Edge ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8357 (An elevation of privilege vulnerability exists in Microsoft browsers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8356 (A security feature bypass vulnerability exists when Microsoft .NET ...) NOT-FOR-US: Microsoft .NET, doesn't affect src:mono CVE-2018-8355 (A remote code execution vulnerability exists in the way the scripting ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8354 RESERVED CVE-2018-8353 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8352 RESERVED CVE-2018-8351 (An information disclosure vulnerability exists when affected Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8350 (A remote code execution vulnerability exists when Microsoft Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8349 (A remote code execution vulnerability exists in "Microsoft COM for ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8348 (An information disclosure vulnerability exists when the Windows kernel ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8347 (An elevation of privilege vulnerability exists in Microsoft Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8346 (A remote code execution vulnerability exists in Microsoft Windows that ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8345 (A remote code execution vulnerability exists in Microsoft Windows that ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8344 (A remote code execution vulnerability exists when the Windows font ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8343 (An elevation of privilege vulnerability exists in the Network Driver ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8342 (An elevation of privilege vulnerability exists in the Network Driver ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8341 (An information disclosure vulnerability exists when the Windows kernel ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8340 (A security feature bypass vulnerability exists when Active Directory ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8339 (An elevation of privilege vulnerability exists in the Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8338 RESERVED CVE-2018-8337 @@ -17711,7 +17711,7 @@ CVE-2018-8318 CVE-2018-8317 RESERVED CVE-2018-8316 (A remote code execution vulnerability exists when Internet Explorer ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8315 RESERVED CVE-2018-8314 (An elevation of privilege vulnerability exists when Windows fails a ...) @@ -17739,7 +17739,7 @@ CVE-2018-8304 (A denial of service vulnerability exists in Windows Domain Name S CVE-2018-8303 RESERVED CVE-2018-8302 (A remote code execution vulnerability exists in Microsoft Exchange ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8301 (A remote code execution vulnerability exists when Microsoft Edge ...) NOT-FOR-US: Microsoft CVE-2018-8300 (A remote code execution vulnerability exists in Microsoft SharePoint ...) @@ -17797,7 +17797,7 @@ CVE-2018-8275 (A remote code execution vulnerability exists when Microsoft Edge CVE-2018-8274 (A remote code execution vulnerability exists when Microsoft Edge ...) NOT-FOR-US: Microsoft CVE-2018-8273 (A buffer overflow vulnerability exists in the Microsoft SQL Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8272 RESERVED CVE-2018-8271 @@ -17811,7 +17811,7 @@ CVE-2018-8268 CVE-2018-8267 (A remote code execution vulnerability exists in the way that the ...) NOT-FOR-US: Microsoft CVE-2018-8266 (A remote code execution vulnerability exists in the way that the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8265 RESERVED CVE-2018-8264 @@ -17837,7 +17837,7 @@ CVE-2018-8255 CVE-2018-8254 (An elevation of privilege vulnerability exists when Microsoft ...) NOT-FOR-US: Microsoft CVE-2018-8253 (An elevation of privilege vulnerability exists when Microsoft Cortana ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8252 (An elevation of privilege vulnerability exists when Microsoft ...) NOT-FOR-US: Microsoft CVE-2018-8251 (A memory corruption vulnerability exists when Windows Media Foundation ...) @@ -17935,7 +17935,7 @@ CVE-2018-8206 (A denial of service vulnerability exists when Windows improperly CVE-2018-8205 (A denial of service vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2018-8204 (A security feature bypass vulnerability exists in Device Guard that ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8203 RESERVED CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET Framework which ...) @@ -17943,7 +17943,7 @@ CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET Framework CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard that ...) NOT-FOR-US: Microsoft CVE-2018-8200 (A security feature bypass vulnerability exists in Device Guard that ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-8199 RESERVED CVE-2018-8198 @@ -21732,7 +21732,7 @@ CVE-2018-6975 CVE-2018-6974 RESERVED CVE-2018-6973 (VMware Workstation (14.x before 14.1.3) and Fusion (10.x before ...) - TODO: check + NOT-FOR-US: VMware CVE-2018-6972 (VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ...) NOT-FOR-US: VMware CVE-2018-6971 (VMware Horizon View Agents (7.x.x before 7.5.1) contain a local ...) @@ -37164,7 +37164,7 @@ CVE-2018-1457 (An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through CVE-2018-1456 (IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable ...) NOT-FOR-US: IBM CVE-2018-1455 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1454 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2018-1453 (IBM Security Identity Manager Virtual Appliance 7.0 allows an ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d167d223473d9050dfee7c39e4b8adf337f15c81 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d167d223473d9050dfee7c39e4b8adf337f15c81 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits