Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5bf63df5 by Salvatore Bonaccorso at 2018-09-06T08:28:47Z
Process NFUs
- - - - -
54c518c1 by Salvatore Bonaccorso at 2018-09-06T08:29:06Z
Add CVE-2018-16548/zziplib
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,13 +5,14 @@ CVE-2018-16553
CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/,
...)
TODO: check
CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by ...)
- TODO: check
+ NOT-FOR-US: LavaLite
CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass
the ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory
Traversal via ...)
- TODO: check
+ NOT-FOR-US: HScripts PHP File Browser Script
CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a
memory ...)
- TODO: check
+ - zziplib <unfixed>
+ NOTE: https://github.com/gdraheim/zziplib/issues/58
CVE-2018-16547
RESERVED
CVE-2018-16546 (Amcrest networked devices use the same hardcoded SSL private
key across ...)
@@ -226,9 +227,9 @@ CVE-2018-16438 (An issue was discovered in the HDF HDF5
1.8.20 library. There is
- hdf5 <undetermined>
NOTE: [email protected]:498-10___out-of-bounds-read
CVE-2018-16437 (Gxlcms 2.0 has Directory Traversal exploitable by an
administrator. ...)
- TODO: check
+ NOT-FOR-US: Gxlcms
CVE-2018-16436 (Gxlcms 2.0 has SQL Injection exploitable by an administrator.
...)
- TODO: check
+ NOT-FOR-US: Gxlcms
CVE-2018-16435 (Little CMS (aka Little Color Management System) 2.9 has an
integer ...)
{DSA-4284-1}
- lcms2 2.9-3 (bug #907983)
@@ -409,7 +410,7 @@ CVE-2018-16382 (Netwide Assembler (NASM) 2.14rc15 has a
buffer over-read in ...)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392503
NOTE: Crash in CLI tool, no security impact
CVE-2018-16381 (e107 2.1.8 has XSS via the
e107_admin/users.php?mode=main&action=list ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2018-16380 (An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF
...)
NOT-FOR-US: Ogma CMS
CVE-2018-16379 (Ogma CMS 0.4 Beta has XSS via the "Footer Text
footer" field on the ...)
@@ -4128,11 +4129,11 @@ CVE-2018-14773 (An issue was discovered in Http
Foundation in Symfony 2.7.0 thro
CVE-2018-14772
RESERVED
CVE-2018-14771 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote
attackers ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK FD8177 devices
CVE-2018-14770 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote
attackers ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK FD8177 devices
CVE-2018-14769 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
...)
- TODO: check
+ NOT-FOR-US: VIVOTEK FD8177 devices
CVE-2018-14768 (Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*,
MS9*, SD9*, ...)
NOT-FOR-US: VIVOTEK devices
CVE-2018-1999025 (A man in the middle vulnerability exists in Jenkins
TraceTronic ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/eadd37be3f5a81d9c7a536827cc1331e054c4f1e...54c518c1f8ef2de0ce86193a83c810969dad5b32
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/eadd37be3f5a81d9c7a536827cc1331e054c4f1e...54c518c1f8ef2de0ce86193a83c810969dad5b32
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
