Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34f3435f by Salvatore Bonaccorso at 2018-10-19T10:25:37Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,13 +3,13 @@ CVE-2018-18490
CVE-2018-18489
RESERVED
CVE-2018-18488 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: Gxlcms
CVE-2018-18487 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the
database ...)
- TODO: check
+ NOT-FOR-US: Gxlcms
CVE-2018-18486 (An issue was discovered in PHPSHE 1.7. SQL injection exists
via the ...)
- TODO: check
+ NOT-FOR-US: PHPSHE
CVE-2018-18485 (An issue was discovered in PHPSHE 1.7.
admin.php?mod=db&act=del allows ...)
- TODO: check
+ NOT-FOR-US: PHPSHE
CVE-2018-18484 (An issue was discovered in cp-demangle.c in GNU libiberty, as
...)
TODO: check
CVE-2018-18483 (The get_count function in cplus-dem.c in GNU libiberty, as
distributed ...)
@@ -1393,7 +1393,7 @@ CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak
vulnerability in WriteSGI
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1052
CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via an Add Tags action. ...)
- TODO: check
+ NOT-FOR-US: Aryanic HighPortal
CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet
sizes ...)
- qemu <unfixed>
- qemu-kvm <removed>
@@ -6114,21 +6114,21 @@ CVE-2018-15978
CVE-2018-15977
RESERVED
CVE-2018-15976 (Adobe Technical Communications Suite versions 1.0.5.1 and
below have ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-15975
RESERVED
CVE-2018-15974 (Adobe Framemaker versions 1.0.5.1 and below have an insecure
library ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-15973 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-15972 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-15971 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-15970 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-15969 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-15968 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier,
...)
NOT-FOR-US: Adobe
CVE-2018-15967 (Adobe Flash Player versions 30.0.0.154 and earlier have a
privilege ...)
@@ -6693,7 +6693,7 @@ CVE-2018-15767
CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell
Endpoint ...)
NOT-FOR-US: Dell
CVE-2018-15765 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08,
...)
- TODO: check
+ NOT-FOR-US: EMC Secure Remote Services
CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a
remote ...)
NOT-FOR-US: EMC ESRS Policy Manager
CVE-2018-15763 (Pivotal Container Service, versions prior to 1.2.0, contains
an ...)
@@ -7011,7 +7011,7 @@ CVE-2018-15618
CVE-2018-15617
RESERVED
CVE-2018-15616 (A vulnerability in the Web UI component of Avaya Aura System
Platform ...)
- TODO: check
+ NOT-FOR-US: Avaya Aura System Platform
CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call
Management ...)
NOT-FOR-US: Avaya
CVE-2018-15614
@@ -7394,7 +7394,7 @@ CVE-2018-15494 (In Dojo Toolkit before 1.14, there is
unescaped string injection
- dojo 1.14.1+dfsg1-1 (bug #906540)
NOTE: https://github.com/dojo/dojox/pull/283
CVE-2018-15493 (vBulletin 5.4.3 has an Open Redirect. ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2018-15492 (A vulnerability in the lservnt.exe component of Sentinel
License ...)
NOT-FOR-US: Sentinel License Manager
CVE-2018-15491 (A vulnerability in the permission and encryption
implementation of ...)
@@ -7497,13 +7497,13 @@ CVE-2018-15440
CVE-2018-15439
RESERVED
CVE-2018-15438 (A vulnerability in the web-based management interface of Cisco
Prime ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15437
RESERVED
CVE-2018-15436 (A vulnerability in the web-based management interface of Cisco
Webex ...)
NOT-FOR-US: Cisco
CVE-2018-15435 (A vulnerability in the web-based management interface of Cisco
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15434 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
CVE-2018-15433 (A vulnerability in the server backup function of Cisco Prime
...)
@@ -7569,7 +7569,7 @@ CVE-2018-15404 (A vulnerability in the web interface of
Cisco Integrated Managem
CVE-2018-15403 (A vulnerability in the web interface of Cisco Emergency
Responder, ...)
NOT-FOR-US: Cisco
CVE-2018-15402 (A vulnerability in Cisco Enterprise NFV Infrastructure
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15401 (A vulnerability in the web-based management interface of Cisco
Hosted ...)
NOT-FOR-US: Cisco
CVE-2018-15400 (A vulnerability in the web-based management interface of Cisco
Cloud ...)
@@ -7583,7 +7583,7 @@ CVE-2018-15397 (A vulnerability in the implementation of
Traffic Flow Confidenti
CVE-2018-15396 (A vulnerability in the Bulk Administration Tool (BAT) for
Cisco Unity ...)
NOT-FOR-US: Cisco
CVE-2018-15395 (A vulnerability in the authentication and authorization
checking ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15394
RESERVED
CVE-2018-15393
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34f3435f9aeb172f9aa856f23d9952617a1281f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34f3435f9aeb172f9aa856f23d9952617a1281f2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
