Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3d36429 by Moritz Muehlenhoff at 2018-08-31T08:45:25Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69,23 +69,23 @@ CVE-2018-16241
CVE-2018-16240
RESERVED
CVE-2018-16239 (An issue was discovered in damiCMS V6.0.1. It relies on the
PHP time() ...)
- TODO: check
+ NOT-FOR-US: damiCMS
CVE-2018-16238 (An issue was discovered in damiCMS V6.0.1. Remote code
execution can ...)
- TODO: check
+ NOT-FOR-US: damiCMS
CVE-2018-16237 (An issue was discovered in damiCMS V6.0.1. There is Directory
Traversal ...)
- TODO: check
+ NOT-FOR-US: damiCMS
CVE-2018-16236 (cPanel through 74 allows XSS via a crafted filename in the
logs ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2018-16235
RESERVED
CVE-2018-16234 (MorningStar WhatWeb 0.4.9 has XSS via JSON report files. ...)
- TODO: check
+ NOT-FOR-US: MorningStar WhatWeb
CVE-2018-16233 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags
parameter. ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2018-16232
RESERVED
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f
allows ...)
- TODO: check
+ NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230
RESERVED
CVE-2018-16229
@@ -309,7 +309,7 @@ CVE-2018-16133 (Cybrotech CyBroHttpServer 1.0.3 allows
Directory Traversal via a
CVE-2018-16132 (The image rendering component (createGenericPreview) of the
Open ...)
NOT-FOR-US: Signal app (specific on iOS)
CVE-2018-16131 (The decodeRequest and decodeRequestWith directives in
Lightbend Akka ...)
- TODO: check
+ NOT-FOR-US: Lightbend Akka
CVE-2018-16130
RESERVED
CVE-2018-558213
@@ -5896,21 +5896,21 @@ CVE-2018-13828
CVE-2018-13827
RESERVED
CVE-2018-13826 (An XML external entity vulnerability in the XOG functionality,
in CA ...)
- TODO: check
+ NOT-FOR-US: CA PPM
CVE-2018-13825 (Insufficient input validation in the gridExcelExport
functionality, in ...)
- TODO: check
+ NOT-FOR-US: CA PPM
CVE-2018-13824 (Insufficient input sanitization of two parameters in CA PPM
14.3 and ...)
- TODO: check
+ NOT-FOR-US: CA PPM
CVE-2018-13823 (An XML external entity vulnerability in the XOG functionality,
in CA ...)
- TODO: check
+ NOT-FOR-US: CA PPM
CVE-2018-13822 (Unprotected storage of credentials in CA PPM 14.3 and below,
14.4, ...)
- TODO: check
+ NOT-FOR-US: CA PPM
CVE-2018-13821 (A lack of authentication, in CA Unified Infrastructure
Management ...)
- TODO: check
+ NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13820 (A hardcoded passphrase, in CA Unified Infrastructure
Management 8.5.1, ...)
- TODO: check
+ NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure
Management 8.5.1, ...)
- TODO: check
+ NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI)
via the ...)
- twig 2.4.4-2
NOTE: Fixed upstream in 2.4.4
@@ -11128,11 +11128,11 @@ CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection
in api/uc.php via the 'code'
CVE-2018-11721
RESERVED
CVE-2018-11720 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory
...)
- TODO: check
+ NOT-FOR-US: Xovis
CVE-2018-11719 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. ...)
- TODO: check
+ NOT-FOR-US: Xovis
CVE-2018-11718 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. ...)
- TODO: check
+ NOT-FOR-US: Xovis
CVE-2017-18286 (nZEDb v0.7.3.3 has XSS in the 404 error page. ...)
NOT-FOR-US: nZEDb
CVE-2016-1000352 (In the Bouncy Castle JCE Provider version 1.55 and earlier
the ECIES ...)
@@ -11448,9 +11448,9 @@ CVE-2018-11618 (This vulnerability allows remote
attackers to execute arbitrary
CVE-2018-11617 (This vulnerability allows remote attackers to execute
arbitrary code ...)
NOT-FOR-US: Foxit Reader
CVE-2018-11616 (This vulnerability allows remote attackers to execute
arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Tencent Foxmail
CVE-2018-11615 (This vulnerability allows remote attackers to deny service on
...)
- TODO: check
+ NOT-FOR-US: mosca
CVE-2018-11614
RESERVED
CVE-2018-11613
@@ -14509,9 +14509,9 @@ CVE-2018-10516 (In CMS Made Simple (CMSMS) through
2.2.7, the "file rename&
CVE-2018-10515 (In CMS Made Simple (CMSMS) through 2.2.7, the "file
unpack" operation ...)
NOT-FOR-US: CMS Made Simple
CVE-2018-10514 (A Missing Impersonation Privilege Escalation vulnerability in
Trend ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10513 (A Deserialization of Untrusted Data Privilege Escalation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10512 (A vulnerability in Trend Micro Control Manager (versions 6.0
and 7.0) ...)
NOT-FOR-US: Trend Micro
CVE-2018-10511 (A vulnerability in Trend Micro Control Manager (versions 6.0
and 7.0) ...)
@@ -25519,9 +25519,9 @@ CVE-2018-6501
CVE-2018-6500
RESERVED
CVE-2018-6499 (Remote Code Execution in the following products Hybrid Cloud
...)
- TODO: check
+ NOT-FOR-US: Hybrid Cloud Management Containerized Suite
CVE-2018-6498 (Remote Code Execution in the following products Hybrid Cloud
...)
- TODO: check
+ NOT-FOR-US: Hybrid Cloud Management Containerized Suite
CVE-2018-6497 (Remote Cross-site Request forgery (CSRF) potential has been
identified ...)
NOT-FOR-US: UCMDB Server
CVE-2018-6496 (Remote Cross-site Request forgery (CSRF) potential has been
identified ...)
@@ -125632,7 +125632,7 @@ CVE-2016-0375 (JMS Client in IBM MessageSight 1.1.x
through 1.1.0.1, 1.2.x throu
CVE-2016-0374 (The builder tools in IBM TRIRIGA Application Platform 3.3
before ...)
NOT-FOR-US: IBM
CVE-2016-0373 (IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an
authenticated ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0372 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before
iFix8, ...)
NOT-FOR-US: IBM
CVE-2016-0371 (The Tivoli Storage Manager (TSM) password may be displayed in
plain ...)
@@ -125910,7 +125910,7 @@ CVE-2016-0236 (IBM Security Guardium Database
Activity Monitor 8.2 before p310,
CVE-2016-0235 (IBM Security Guardium Database Activity Monitor 10 allows local
users ...)
NOT-FOR-US: IBM
CVE-2016-0234 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a
local user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0233 (SQL injection vulnerability in IBM Marketing Platform 8.5.x,
8.6.x, ...)
NOT-FOR-US: IBM
CVE-2016-0232 (IBM Financial Transaction Manager (FTM) for ACH Services, Check
...)
@@ -125968,7 +125968,7 @@ CVE-2016-0207 (IBM Algorithmics One-Algo Risk
Application (ARA) 4.9.1 through 5.
CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated
attacker to ...)
NOT-FOR-US: IBM
CVE-2016-0205 (A vulnerability has been identified in IBM Cloud Orchestrator
2.3, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0204 (Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x
before ...)
NOT-FOR-US: IBM
CVE-2016-0203 (A vulnerability has been identified in the IBM Cloud
Orchestrator task ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3d364290bc6d3e0d2c7cacd9c7459e64a0a2a3b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3d364290bc6d3e0d2c7cacd9c7459e64a0a2a3b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
