Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ec7fa1d by Salvatore Bonaccorso at 2019-01-29T20:47:06Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2019-7174
CVE-2019-7173 (A stored-self XSS exists in Croogo through v3.0.5, allowing an
attacker ...)
TODO: check
CVE-2019-7172 (A stored-self XSS exists in ATutor through v2.2.4, allowing an
attacker ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2019-7171 (A stored-self XSS exists in Croogo through v3.0.5, allowing an
attacker ...)
TODO: check
CVE-2019-7170 (A stored-self XSS exists in Croogo through v3.0.5, allowing an
attacker ...)
@@ -35,7 +35,7 @@ CVE-2019-7162
CVE-2019-7161
RESERVED
CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../
Directory ...)
- TODO: check
+ NOT-FOR-US: idreamsoft iCMS
CVE-2019-7159
RESERVED
CVE-2019-7158
@@ -399,7 +399,7 @@ CVE-2019-6991 (A classic Stack-based buffer overflow exists
in the zmLoadUser()
CVE-2019-6990 (A stored-self XSS exists in web/skins/classic/views/zones.php
of ...)
TODO: check
CVE-2016-10740 (Various resources in Atlassian Crowd before version 2.10.1
allow remote ...)
- TODO: check
+ NOT-FOR-US: Atlassian Crowd
CVE-2019-1000018 [Remote code execution in scp support]
- rssh 2.3.4-9 (bug #919623)
NOTE: https://sourceforge.net/p/rssh/mailman/message/36519118/
@@ -428,7 +428,7 @@ CVE-2019-6979 (An issue was discovered in the User IP
History Logs (aka ...)
CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS
policy into ...)
- yii <itp> (bug #597899)
CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively
converts a ...)
- TODO: check
+ NOT-FOR-US: Olivier Poitrey Go CORS handler
CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in
the ...)
- libgd2 <unfixed> (bug #920728)
NOTE: https://github.com/libgd/libgd/issues/492
@@ -65988,7 +65988,7 @@ CVE-2018-1978
CVE-2018-1977 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect
Server) ...)
NOT-FOR-US: IBM
CVE-2018-1976 (IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by
sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1975
RESERVED
CVE-2018-1974
@@ -66474,7 +66474,7 @@ CVE-2018-1735
CVE-2018-1734
RESERVED
CVE-2018-1733 (IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter
user-controlled ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1732 (IBM QRadar SIEM 1.14.0 discloses sensitive information to
unauthorized ...)
NOT-FOR-US: IBM
CVE-2018-1731
@@ -66604,7 +66604,7 @@ CVE-2018-1670 (IBM Financial Transaction Manager for
ACH Services for Multi-Plat
CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21,
7.5.0.0 ...)
NOT-FOR-US: IBM
CVE-2018-1668 (IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1667 (IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through
...)
NOT-FOR-US: IBM
CVE-2018-1666
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ec7fa1d2be95ff6c6c56449d3912d0a884745fd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ec7fa1d2be95ff6c6c56449d3912d0a884745fd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
