Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc153e8f by Moritz Muehlenhoff at 2018-10-25T08:26:22Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,13 +21,13 @@ CVE-2018-18640
CVE-2018-18639
RESERVED
CVE-2018-18638 (A command injection vulnerability in the setup API in the
Neato Botvac ...)
- TODO: check
+ NOT-FOR-US: Neato
CVE-2018-18637
RESERVED
CVE-2018-18636 (XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via
the ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18635 (www/guis/admin/application/controllers/UserController.php in
the ...)
- TODO: check
+ NOT-FOR-US: MailCleaner
CVE-2018-18634
RESERVED
CVE-2018-18633
@@ -64,7 +64,7 @@ CVE-2018-18623
CVE-2018-18622 (An issue was discovered in Waimai Super Cms 20150505. There is
XSS via ...)
NOT-FOR-US: Waimai Super Cms
CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via a message body in
Pronto! ...)
- TODO: check
+ NOT-FOR-US: CommuniGate Pro
CVE-2018-18620
RESERVED
CVE-2018-18619
@@ -194,11 +194,11 @@ CVE-2018-18570
CVE-2018-18569
RESERVED
CVE-2018-18568 (Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows
...)
- TODO: check
+ NOT-FOR-US: Polycom
CVE-2018-18567 (AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows
...)
- TODO: check
+ NOT-FOR-US: AudioCodes devices
CVE-2018-18566 (The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848
and ...)
- TODO: check
+ NOT-FOR-US: Polycom
CVE-2018-18565
RESERVED
CVE-2018-18564
@@ -233,17 +233,17 @@ CVE-2018-18554
CVE-2018-18553 (Leanote 2.6.1 has XSS via the Blog Basic Setting title field,
which is ...)
NOT-FOR-US: Leanote
CVE-2018-18552 (ServersCheck Monitoring Software through 14.3.3 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18551 (ServersCheck Monitoring Software through 14.3.3 has Persistent
and ...)
- TODO: check
+ NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18550 (ServersCheck Monitoring Software before 14.3.4 allows SQL
Injection by ...)
NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18549
RESERVED
CVE-2018-18548 (ajenticp (aka Ajenti Docker control panel) for Ajenti through
...)
- TODO: check
+ NOT-FOR-US: Ajenti
CVE-2018-18547 (Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/
domain ...)
- TODO: check
+ NOT-FOR-US: Vesta Control Panel
CVE-2018-18546 (ThinkPHP 3.2.4 has SQL Injection via the order parameter
because the ...)
NOT-FOR-US: ThinkPHP
CVE-2018-18545 (Fiyo CMS 2.0.7 has XSS via the
dapur\apps\app_user\edit_user.php name ...)
@@ -318,7 +318,7 @@ CVE-2018-18519
CVE-2018-18518
RESERVED
CVE-2018-18517 (Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x
before ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-18516
RESERVED
CVE-2018-18515
@@ -1668,9 +1668,9 @@ CVE-2018-18016 (ImageMagick 7.0.7-28 has a memory leak
vulnerability in WritePCX
CVE-2018-18015
RESERVED
CVE-2018-18014 (** DISPUTED *** Lack of authentication in Citrix Xen Mobile
through ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-18013 (** DISPUTED *** Xen Mobile through 10.8.0 includes a service
listening ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-18012
RESERVED
CVE-2018-18011
@@ -1888,11 +1888,11 @@ CVE-2018-17925 (Multiple instances of this
vulnerability (Unsafe ActiveX Control
CVE-2018-17924
RESERVED
CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SAGA1-L8B
CVE-2018-17922
RESERVED
CVE-2018-17921 (SAGA1-L8B with any firmware versions prior to A0.10 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SAGA1-L8B
CVE-2018-17920
RESERVED
CVE-2018-17919 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye
P2P Cloud ...)
@@ -1928,7 +1928,7 @@ CVE-2018-17905
CVE-2018-17904
RESERVED
CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SAGA1-L8B
CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500,
All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17901 (LAquis SCADA Versions 4.1.0.3870 and prior, when processing
project ...)
@@ -9256,7 +9256,7 @@ CVE-2018-14814
CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer
overflow ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14812 (An uncontrolled search path element (DLL Hijacking)
vulnerability has ...)
- TODO: check
+ NOT-FOR-US: Fuji
CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted
pointer ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14810 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and
prior and ...)
@@ -12977,7 +12977,7 @@ CVE-2018-13344
CVE-2018-13343
RESERVED
CVE-2018-13342 (The server API in the Anda app relies on hardcoded
credentials. ...)
- TODO: check
+ NOT-FOR-US: Anda app
CVE-2018-13341 (Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3
all ...)
NOT-FOR-US: Creston
CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add
request. ...)
@@ -14571,7 +14571,7 @@ CVE-2018-12652
CVE-2018-12651
RESERVED
CVE-2018-12650 (Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: Adrenalin HRMS
CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php
in MISP ...)
NOT-FOR-US: MISP
CVE-2018-12648 (The WEBP::GetLE32 function in ...)
@@ -17131,7 +17131,7 @@ CVE-2018-11794
CVE-2018-11793
RESERVED
CVE-2018-11792 (In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME
required ALTER ...)
- TODO: check
+ NOT-FOR-US: Apache Impala
CVE-2018-11791
RESERVED
CVE-2018-11790
@@ -17145,7 +17145,7 @@ CVE-2018-11787 (In Apache Karaf version prior to 3.0.9,
4.0.9, 4.1.1, when the .
CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, if the sshd service in
Karaf ...)
- apache-karaf <itp> (bug #881297)
CVE-2018-11785 (Missing authorization check in Apache Impala before 3.0.1
allows a ...)
- TODO: check
+ NOT-FOR-US: Apache Impala
CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to
9.0.11, ...)
{DLA-1545-1 DLA-1544-1}
- tomcat9 <itp> (bug #802312)
@@ -23763,11 +23763,11 @@ CVE-2018-9283 (An XSS issue was discovered in
CremeCRM 1.6.12. It is affected by
CVE-2018-9282 (An XSS issue was discovered in Subsonic Media Server 6.1.1. The
...)
NOT-FOR-US: Subsonic Media Server
CVE-2018-9281 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The
...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2018-9280 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The
...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2018-9279 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The
...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2018-9278
RESERVED
CVE-2018-9277
@@ -24684,7 +24684,7 @@ CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth
input box to index.php, re
CVE-2018-8956
RESERVED
CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded
string ...)
- TODO: check
+ NOT-FOR-US: BitDefender GravityZone
CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote
attackers to ...)
NOT-FOR-US: CA Workload Control Center
CVE-2018-8953 (CA Workload Automation AE before r11.3.6 SP7 allows remote
attackers ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc153e8f62bd8902f65482c085fe41c8531512bc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc153e8f62bd8902f65482c085fe41c8531512bc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
