Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eef33ef6 by Salvatore Bonaccorso at 2018-09-13T06:53:07Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2018-16953
CVE-2018-16952
RESERVED
CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics
STM32F0 ...)
- TODO: check
+ NOT-FOR-US: STMicroelectronics STM32F0 series devices
CVE-2018-16976 [prevent access to repos which are in the process of being
migrated]
- gitolite3 <unfixed> (bug #908699)
[stretch] - gitolite3 <no-dsa> (Minor issue)
@@ -540,13 +540,13 @@ CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by
(for example) adding t
CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the
site name. ...)
NOT-FOR-US: CScms
CVE-2018-16729 (Pluck 4.7.7 allows XSS via an SVG file that contains
Javascript in a ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2018-16728 (feindura 2.0.7 allows XSS via the tags field of a new page
created at ...)
- TODO: check
+ NOT-FOR-US: feindura
CVE-2018-16727 (razorCMS 3.4.7 allows Stored XSS via the keywords of the
homepage ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2018-16726 (razorCMS 3.4.7 allows HTML injection via the description of
the ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the ...)
NOT-FOR-US: baijiacms
CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection
exists via ...)
@@ -821,7 +821,7 @@ CVE-2018-16607
CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference
(IDOR) ...)
NOT-FOR-US: ProConf
CVE-2018-16605 (D-Link DIR-600M devices allow XSS via the Hostname and
Username fields ...)
- TODO: check
+ NOT-FOR-US: D-Link DIR-600M devices
CVE-2018-16604 (An issue was discovered in Nibbleblog v4.0.5. With an admin's
username ...)
NOT-FOR-US: Nibbleblog
CVE-2018-16603
@@ -1374,9 +1374,9 @@ CVE-2018-16391 (Several buffer overflows when handling
responses from a Muscle C
CVE-2018-16390
RESERVED
CVE-2018-16389 (e107_admin/banlist.php in e107 2.1.8 allows SQL injection via
the ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2018-16388 (e107_web/js/plupload/upload.php in e107 2.1.8 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is
a CSRF ...)
NOT-FOR-US: Elefant CMS
CVE-2018-16386
@@ -3592,7 +3592,7 @@ CVE-2018-15504 (An issue was discovered in Embedthis
GoAhead before 4.0.1 and Ap
CVE-2018-15503 (The unpack implementation in Swoole version 4.0.4 lacks
correct size ...)
NOT-FOR-US: Swoole
CVE-2018-15502 (Insecure permissions in Lone Wolf Technologies loadingDOCS
2018-08-13 ...)
- TODO: check
+ NOT-FOR-US: Lone Wolf Technologies loadingDOCS
CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6
and 0.27.x ...)
{DLA-1477-1}
- libgit2 0.27.4+dfsg.1-0.1 (low)
@@ -7729,9 +7729,9 @@ CVE-2018-13809
CVE-2018-13808
RESERVED
CVE-2018-13807 (A vulnerability has been identified in SCALANCE X300 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad
Designer (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13805
RESERVED
CVE-2018-13804
@@ -8586,9 +8586,9 @@ CVE-2018-13414
CVE-2018-13413
RESERVED
CVE-2018-13412 (An issue was discovered in the Self Service Portal in Zoho ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-13411 (An issue was discovered in Zoho ManageEngine Desktop Central
before ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-13410 (** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT
command-line ...)
- zip <unfixed> (unimportant; bug #903196)
NOTE: http://seclists.org/fulldisclosure/2018/Jul/24
@@ -11874,7 +11874,7 @@ CVE-2018-12178
CVE-2018-12177
RESERVED
CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may
allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12175 (Default install directory permissions in Intel Distribution
for Python ...)
TODO: check
CVE-2018-12174
@@ -11884,7 +11884,7 @@ CVE-2018-12173
CVE-2018-12172
RESERVED
CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller
(BMC) ...)
- TODO: check
+ NOT-FOR-US: Intel Baseboard Management Controller firmware
CVE-2018-12170
RESERVED
CVE-2018-12169
@@ -11900,13 +11900,13 @@ CVE-2018-12165
CVE-2018-12164
RESERVED
CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit
4.0 ...)
- TODO: check
+ NOT-FOR-US: Intel IoT Developers Kit
CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for
Windows before ...)
- TODO: check
+ NOT-FOR-US: Intel OpenVINO Toolkit for Windows
CVE-2018-12161
RESERVED
CVE-2018-12160 (DLL injection vulnerability in software installer for Intel
Data ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12159
RESERVED
CVE-2018-12158
@@ -11924,13 +11924,13 @@ CVE-2018-12153
CVE-2018-12152
RESERVED
CVE-2018-12151 (Buffer overflow in installer for Intel Extreme Tuning Utility
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12150 (Escalation of privilege in Installer for Intel Extreme Tuning
Utility ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12149 (Buffer overflow in input handling in Intel Extreme Tuning
Utility ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and
Support ...)
- TODO: check
+ NOT-FOR-US: INtel
CVE-2018-12147
RESERVED
CVE-2018-12146
@@ -22858,7 +22858,7 @@ CVE-2018-7941 (Huawei iBMC V200R002C60 have an
authentication bypass vulnerabili
CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier
versions than ...)
NOT-FOR-US: Huawei
CVE-2018-7939 (Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with
the ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7938 (P10 Huawei smartphones with the versions before
Victoria-AL00AC00B217 ...)
NOT-FOR-US: Huawei
CVE-2018-7937 (In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and
...)
@@ -22890,11 +22890,11 @@ CVE-2018-7925
CVE-2018-7924
RESERVED
CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09
...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7922 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09
...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7921 (Huawei B315s-22 products with software of 21.318.01.00.26 have
an ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7920 (Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200
...)
NOT-FOR-US: Huawei
CVE-2018-7919
@@ -22924,7 +22924,7 @@ CVE-2018-7908
CVE-2018-7907
RESERVED
CVE-2018-7906 (Some Huawei smart phones with software of Leland-AL00
8.0.0.114(C636), ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7905
RESERVED
CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a
JSON ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eef33ef68c1382390e50fa4c3d02f96b6d2f1705
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eef33ef68c1382390e50fa4c3d02f96b6d2f1705
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
