Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b45b729e by Moritz Muehlenhoff at 2018-08-29T09:09:51Z
NFUs
chromium n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -343,9 +343,9 @@ CVE-2018-15899 (An issue was discovered in MiniCMS 1.10.
There is a post.php?dat
CVE-2018-15898
RESERVED
CVE-2018-15897 (PHP Scripts Mall Website Seller Script 2.0.5 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-15896 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via
Personal ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-15895 (An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11
because ...)
NOT-FOR-US: iCMS
CVE-2018-15894 (A SQL injection was discovered in ...)
@@ -384,11 +384,11 @@ CVE-2018-15884 (RICOH MP C4504ex devices allow HTML
Injection via the ...)
CVE-2018-15883
RESERVED
CVE-2018-15882 (An issue was discovered in Joomla! before 3.8.12. Inadequate
checks in ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate
checks ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate
output ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2018-15879
RESERVED
CVE-2018-15878
@@ -415,7 +415,7 @@ CVE-2018-15875 (Cross-site scripting (XSS) vulnerability on
D-Link DIR-615 route
CVE-2018-15874 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615
routers ...)
NOT-FOR-US: D-Link
CVE-2018-15873 (A SQL Injection issue was discovered in Sentrifugo 3.2 via the
deptid ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2018-15872
RESERVED
CVE-2018-15871 (An invalid memory address dereference was discovered in ...)
@@ -1044,7 +1044,7 @@ CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6,
when --api is used, expos
CVE-2018-15597
RESERVED
CVE-2018-15596 (An issue was discovered in inc/class_feedgeneration.php in
MyBB ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2018-1000226 (Cobbler version Verified as present in Cobbler versions
2.6.11+, but ...)
- cobbler <removed>
CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions
2.6.11+, but ...)
@@ -1290,7 +1290,7 @@ CVE-2018-15531
CVE-2018-15530
RESERVED
CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny
...)
- TODO: check
+ NOT-FOR-US: Mutiny appliance
CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System
Solutions SSO ...)
NOT-FOR-US: Java System Solutions SSO plugin
CVE-2018-15527
@@ -2148,7 +2148,7 @@ CVE-2018-15123 (Insecure configuration storage in Zipato
Zipabox Smart Home Cont
CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through
2018.1.323.2 ...)
NOT-FOR-US: Telerik
CVE-2018-15121 (An issue was discovered in Auth0 auth0-aspnet and
auth0-aspnet-owin. ...)
- TODO: check
+ NOT-FOR-US: Auth0 auth0-aspnet
CVE-2018-15120 (libpango in Pango before 1.42.4, as used in hexchat and other
...)
- pango1.0 1.42.4-1 (low)
[stretch] - pango1.0 <not-affected> (Vulnerable code not present)
@@ -3457,7 +3457,7 @@ CVE-2018-14574 (django.middleware.common.CommonMiddleware
in Django 1.11.x befor
CVE-2018-14573 (A Local File Inclusion (LFI) vulnerability exists in the Web
Interface ...)
NOT-FOR-US: TightRope Media Carousel Digital Signage
CVE-2018-14572 (In conference-scheduler-cli, a pickle.load call on imported
data ...)
- TODO: check
+ NOT-FOR-US: conference-scheduler-cli
CVE-2018-14571
RESERVED
CVE-2018-14570 (A file upload vulnerability in
application/shop/controller/member.php ...)
@@ -24353,7 +24353,7 @@ CVE-2018-6645
CVE-2018-6644 (SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null
pointer (DoS) ...)
- sblim-sfcb <itp> (bug #754493)
CVE-2018-6643 (Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via
the ...)
- TODO: check
+ NOT-FOR-US: Infoblox NetMRI
CVE-2018-6642
RESERVED
CVE-2018-6641 (An Arbitrary Free (Remote Code Execution) issue was discovered
in ...)
@@ -32230,7 +32230,7 @@ CVE-2018-3928
CVE-2018-3927 (An exploitable information disclosure vulnerability exists in
the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3926 (An exploitable integer underflow vulnerability exists in the
ZigBee ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3925 (An exploitable buffer overflow vulnerability exists in the
remote ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
@@ -32250,7 +32250,7 @@ CVE-2018-3918 (An exploitable vulnerability exists in
the remote servers of Sams
CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware
version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3916 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3915
RESERVED
CVE-2018-3914
@@ -48940,7 +48940,7 @@ CVE-2017-15432
CVE-2017-15431
RESERVED
CVE-2017-15430 (Unsafe navigation in Chromecast in Google Chrome prior to
63.0.3239.84 ...)
- TODO: check
+ - chromium-browser <not-affected> (Plugin specific to Chrome)
CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in
Google ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b45b729eb2cec6a231257555073e1d9786a50440
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b45b729eb2cec6a231257555073e1d9786a50440
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
