[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4993d55 by Salvatore Bonaccorso at 2018-04-11T10:35:36+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -10,15 +10,15 @@ CVE-2018-9996 (An issue was discovered in cplus-dem.c in GNU libiberty, as ...) [jessie] - binutils (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 CVE-2018-9995 (TBK DVR4104 and DVR4216 devices allow remote attackers to bypass ...) - TODO: check + NOT-FOR-US: TBK DVR4104 and DVR4216 devices CVE-2018-9994 RESERVED CVE-2018-9993 (YUNUCMS 1.0.7 has XSS via the content title on an ...) - TODO: check + NOT-FOR-US: YUNUCMS CVE-2018-9992 (Frog CMS 0.9.5 has XSS via the name field of a new File or ...) - TODO: check + NOT-FOR-US: Frog CMS CVE-2018-9991 (Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username ...) - TODO: check + NOT-FOR-US: Frog CMS CVE-2018-9990 RESERVED CVE-2018-10018 @@ -58,7 +58,7 @@ CVE-2018-10002 CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...) TODO: check CVE-2018-1 (The Video Downloader professional extension before 2018-04-05 for ...) - TODO: check + NOT-FOR-US: The Video Downloader professional extension for Chrome CVE-2017-18260 (Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities ...) TODO: check CVE-2017-18259 (Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4993d55594c91217c90f3b2e973263043cea24b --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4993d55594c91217c90f3b2e973263043cea24b You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 55a23054 by Salvatore Bonaccorso at 2018-04-10T22:37:36+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -20099,27 +20099,27 @@ CVE-2018-2415 CVE-2018-2414 RESERVED CVE-2018-2413 (SAP Disclosure Management 10.1 does not perform necessary ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-2412 (SAP Disclosure Management 10.1 does not perform necessary ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-2411 RESERVED CVE-2018-2410 (SAP Business One, 9.2, 9.3, browser access does not sufficiently ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-2409 (Improper session management when using SAP Cloud Platform 2.0 ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-2408 (Improper Session Management in SAP Business Objects, 4.0, from 4.10, ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-2407 RESERVED CVE-2018-2406 (Unquoted windows search path (directory/path traversal) vulnerability ...) TODO: check CVE-2018-2405 (SAP Solution Manager, 7.10, 7.20, Incident Management Work Center ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-2404 (SAP Disclosure Management 10.1 allows an attacker to upload any file ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-2403 (Under certain conditions, SAP Disclosure Management 10.1 allows an ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-2402 (In systems using the optional capture replay functionality of SAP ...) NOT-FOR-US: SAP CVE-2018-2401 (SAP Business Process Automation (BPA) By Redwood does not sufficiently ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55a230548167a1a195d2bca08895b32b205f3eea --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55a230548167a1a195d2bca08895b32b205f3eea You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 896b8d4a by Salvatore Bonaccorso at 2018-04-04T22:29:18+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -151,9 +151,9 @@ CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzm CVE-2018-9250 RESERVED CVE-2018-9249 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ...) - TODO: check + NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices CVE-2018-9248 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via ...) - TODO: check + NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in ...) NOT-FOR-US: Gxlcms QY CVE-2018-9246 @@ -921,7 +921,7 @@ CVE-2017-18242 (The apply_dependent_coupling function in libavcodec/aacdec.c in [jessie] - libav (Minor issue) NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1093 CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with firmware EU ...) - TODO: check + NOT-FOR-US: D-Link CVE-2018-8940 RESERVED CVE-2018-8939 @@ -1210,9 +1210,9 @@ CVE-2018-8816 CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in ...) NOT-FOR-US: Alkacon OpenCMS CVE-2018-8814 (Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 ...) - TODO: check + NOT-FOR-US: WolfCMS CVE-2018-8813 (Open redirect vulnerability in the login[redirect] parameter login ...) - TODO: check + NOT-FOR-US: WolfCMS CVE-2018-8812 RESERVED CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in ...) @@ -1530,7 +1530,7 @@ CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has CVE-2018-8720 (ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name ...) NOT-FOR-US: ServiceNow ITSM CVE-2018-8719 (An issue was discovered in the WP Security Audit Log plugin 3.1.1 for ...) - TODO: check + NOT-FOR-US: WP Security Audit Log plugin for WordPress CVE-2018-8718 (Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin ...) - jenkins-mailer-plugin CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux kernel ...) @@ -20439,7 +20439,7 @@ CVE-2018-1471 CVE-2018-1470 RESERVED CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow ...) - TODO: check + NOT-FOR-US: IBM API Connect Developer Portal CVE-2018-1468 RESERVED CVE-2018-1467 @@ -20483,7 +20483,7 @@ CVE-2018-1449 CVE-2018-1448 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 ...) NOT-FOR-US: IBM CVE-2018-1447 (The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect ...) - TODO: check + NOT-FOR-US: IBM Spectrum Protect CVE-2018-1446 RESERVED CVE-2018-1445 @@ -20535,7 +20535,7 @@ CVE-2018-1423 CVE-2018-1422 RESERVED CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and ...) - TODO: check + NOT-FOR-US: IBM WebSphere DataPower Appliances CVE-2018-1420 RESERVED CVE-2018-1419 @@ -23133,7 +23133,7 @@ CVE-2018-0988 CVE-2018-0987 RESERVED CVE-2018-0986 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2018-0985 RESERVED CVE-2018-0984 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/896b8d4aa59a57c068f3262b1357455f361332d5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/896b8d4aa59a57c068f3262b1357455f361332d5 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31a0bc11 by Salvatore Bonaccorso at 2018-02-06T22:53:28+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -914,7 +914,7 @@ CVE-2018-6469 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in th CVE-2018-6468 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...) NOT-FOR-US: flickrRSS plugin for WordPress CVE-2018-6467 (The flickrRSS plugin 5.3.1 for WordPress has CSRF via ...) - TODO: check + NOT-FOR-US: flickrRSS plugin for WordPress CVE-2018-6466 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...) NOT-FOR-US: flickrRSS plugin for WordPress CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via the ...) @@ -1395,13 +1395,13 @@ CVE-2018-6293 CVE-2018-6292 RESERVED CVE-2018-6291 (WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway ...) - TODO: check + NOT-FOR-US: Kaspersky Secure Mail Gateway CVE-2018-6290 (Local Privilege Escalation in Kaspersky Secure Mail Gateway version ...) - TODO: check + NOT-FOR-US: Kaspersky Secure Mail Gateway CVE-2018-6289 (Configuration file injection leading to Code Execution as Root in ...) - TODO: check + NOT-FOR-US: Kaspersky Secure Mail Gateway CVE-2018-6288 (Cross-site Request Forgery leading to Administrative account takeover ...) - TODO: check + NOT-FOR-US: Kaspersky Secure Mail Gateway CVE-2018-6287 RESERVED CVE-2018-6286 @@ -3494,7 +3494,7 @@ CVE-2018-5459 CVE-2018-5458 RESERVED CVE-2018-5457 (A uncontrolled search path element issue was discovered in Vyaire ...) - TODO: check + NOT-FOR-US: Vyaire Medical CareFusion Upgrade Utility CVE-2018-5456 RESERVED CVE-2018-5455 @@ -3524,7 +3524,7 @@ CVE-2018-5444 CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2018-5442 (A Stack-based Buffer Overflow issue was discovered in Fuji Electric ...) - TODO: check + NOT-FOR-US: Fuji Electric V-Server VPR CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered in ...) NOT-FOR-US: PHOENIX CONTACT mGuard firmware CVE-2018-5440 @@ -4988,7 +4988,7 @@ CVE-2018-4879 CVE-2018-4878 (A use-after-free vulnerability was discovered in Adobe Flash Player ...) NOT-FOR-US: Adobe Flash Player CVE-2018-4877 (A use-after-free vulnerability was discovered in Adobe Flash Player ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2018-4876 RESERVED CVE-2018-4875 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31a0bc11d367bdf34045d99c8952c7bde6d739be --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31a0bc11d367bdf34045d99c8952c7bde6d739be You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0026a7e9 by Salvatore Bonaccorso at 2018-02-01T21:06:03+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -270,7 +270,7 @@ CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted hea CVE-2018-6375 RESERVED CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients ...) - TODO: check + NOT-FOR-US: PulseUI in Pulse Secure Desktop Linux clients CVE-2018-6373 RESERVED CVE-2018-6372 @@ -6254,7 +6254,7 @@ CVE-2018-3837 CVE-2018-3836 RESERVED CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in version 2.2 ...) - TODO: check + NOT-FOR-US: Per Face Texture (PTEX) CVE-2018-3834 RESERVED CVE-2018-3833 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0026a7e99c56af14c16fb11fa191e42aa6142179 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0026a7e99c56af14c16fb11fa191e42aa6142179 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd54a622 by Salvatore Bonaccorso at 2018-01-19T22:20:00+01:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -25,7 +25,7 @@ CVE-2018-5788
CVE-2018-5787
RESERVED
CVE-2017-18044 (A Command Injection issue was discovered in ...)
- TODO: check
+ NOT-FOR-US: Commvault
CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop
and ...)
- lrzip
NOTE: https://github.com/ckolivas/lrzip/issues/91
@@ -56,7 +56,7 @@ CVE-2018-5775
CVE-2018-5774
RESERVED
CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2)
through ...)
- TODO: check
+ NOT-FOR-US: python-markdown2 (not our markdown, different code base)
CVE-2017-18043 [integer overflow in ROUND_UP macro could result in DoS]
RESERVED
- qemu 1:2.10.0+dfsg-2
@@ -18622,7 +18622,7 @@ CVE-2017-15871 (** DISPUTED ** The deserialize function
in serialize-to-js throu
CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows
attackers ...)
NOT-FOR-US: Palo Alto Networks GlobalProtect Agent
CVE-2017-15869 (Cross-site scripting (XSS) vulnerability in knowledgebase.php
in ...)
- TODO: check
+ NOT-FOR-US: LiveZilla
CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c
in the ...)
{DSA-4082-1 DLA-1200-1}
- linux 4.0.2-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd54a6226fb734e89c5c10e2db80d3985345d223
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd54a6226fb734e89c5c10e2db80d3985345d223
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a2b15b5 by Salvatore Bonaccorso at 2018-01-13T11:15:22+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,7 @@ CVE-2018-5682 (PrestaShop 1.7.2.4 allow user enumeration via the Reset Password ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the Pages Edit ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2018-5680 RESERVED CVE-2018-5679 @@ -265,15 +265,15 @@ CVE-2018-5551 CVE-2018-5550 RESERVED CVE-2015-9250 (An issue was discovered in Skybox Platform before 7.5.401. Directory ...) - TODO: check + NOT-FOR-US: Skybox Platform CVE-2015-9249 (An issue was discovered in Skybox Platform before 7.5.401. SQL ...) - TODO: check + NOT-FOR-US: Skybox Platform CVE-2015-9248 (An issue was discovered in Skybox Platform before 7.5.401. Stored ...) - TODO: check + NOT-FOR-US: Skybox Platform CVE-2015-9247 (An issue was discovered in Skybox Platform before 7.5.401. Reflected ...) - TODO: check + NOT-FOR-US: Skybox Platform CVE-2015-9246 (An issue was discovered in Skybox Platform before 7.5.401. Remote ...) - TODO: check + NOT-FOR-US: Skybox Platform CVE-2018-5549 RESERVED CVE-2018-5548 @@ -15537,13 +15537,13 @@ CVE-2017-16741 (An Information Exposure issue was discovered in PHOENIX CONTACT CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation ...) NOT-FOR-US: Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers CVE-2017-16739 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...) - TODO: check + NOT-FOR-US: WECON Technology LEVI Studio HMI Editor CVE-2017-16738 RESERVED CVE-2017-16737 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...) - TODO: check + NOT-FOR-US: WECON Technology LEVI Studio HMI Editor CVE-2017-16736 (An Unrestricted Upload Of File With Dangerous Type issue was discovered ...) - TODO: check + NOT-FOR-US: Advantech WebAccess CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) NOT-FOR-US: Ecava IntegraXor CVE-2017-16734 @@ -15551,7 +15551,7 @@ CVE-2017-16734 CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) NOT-FOR-US: Ecava IntegraXor CVE-2017-16732 (A use-after-free issue was discovered in Advantech WebAccess versions ...) - TODO: check + NOT-FOR-US: Advantech WebAccess CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered in ABB ...) NOT-FOR-US: Ellipse CVE-2017-16730 @@ -23599,7 +23599,7 @@ CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2 CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral VTScada ...) NOT-FOR-US: Trihedral VTScada CVE-2017-14030 (An issue was discovered in Moxa MXview v2.8 and prior. The unquoted ...) - TODO: check + NOT-FOR-US: Moxa MXview CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in Trihedral ...) NOT-FOR-US: Trihedral VTScada CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version ...) @@ -27597,11 +27597,11 @@ CVE-2017-12699 (An Incorrect Default Permissions issue was discovered in AzeoTec CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech WebAccess ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12697 (A Man-in-the-Middle issue was discovered in General Motors (GM) and ...) - TODO: check + NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client CVE-2017-12696 RESERVED CVE-2017-12695 (An Improper Authentication issue was discovered in General Motors (GM) ...) - TODO: check + NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web ...) NOT-FOR-US: SpiderControl SCADA Web Server CVE-2017-1000101 (curl supports globbing of URLs, in which a user can pass a numerical ...) @@ -36303,7 +36303,7 @@ CVE-2017-9665 CVE-2017-9664 RESERVED CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was discovered in ...) - TODO: check + NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...) NOT-FOR-US: Fuji Electric Monitouch V-SFT CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in SIMPlight ...) @@ -41244,9 +41244,9 @@ CVE-2017-8000
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0030e1d8 by Salvatore Bonaccorso at 2018-01-04T23:18:05+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -11,11 +11,11 @@ CVE-2018-5216 (Radiant CMS 1.1.4 has XSS via crafted Markdown input in the ...) CVE-2018-5215 (Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title ...) NOT-FOR-US: Fork CMS CVE-2018-5214 (The Add Link to Facebook plugin through 2.3 for WordPress has XSS via ...) - TODO: check + NOT-FOR-US: "Add Link to Facebook" plugin for WordPress CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...) - TODO: check + NOT-FOR-US: Simple Download Monitor plugin for WordPress CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...) - TODO: check + NOT-FOR-US: Simple Download Monitor plugin for WordPress CVE-2018-5211 RESERVED CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, ...) @@ -726,7 +726,7 @@ CVE-2017-1000497 (Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in CVE-2017-1000496 (Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration ...) TODO: check CVE-2017-1000495 (QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site ...) - TODO: check + NOT-FOR-US: QuickApps CMS CVE-2017-1000494 (Uninitialized stack variable vulnerability in NameValueParserEndElt ...) TODO: check CVE-2017-1000490 (Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any ...) @@ -752,7 +752,7 @@ CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...) TODO: check CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to clickjacking ...) - TODO: check + NOT-FOR-US: pfSense CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in ...) TODO: check CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0030e1d86fa5e2d55065cf9af9b6c539f58802df --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0030e1d86fa5e2d55065cf9af9b6c539f58802df You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ebc69ed4 by Salvatore Bonaccorso at 2018-01-01T11:45:16+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -26,7 +26,7 @@ CVE-2017-18008 (In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPIm CVE-2017-18007 RESERVED CVE-2017-18006 (netpub/server.np in Extensis Portfolio NetPublish has XSS in the ...) - TODO: check + NOT-FOR-US: Extensis Portfolio NetPublish CVE-2017-18005 (Exiv2 0.26 has a Null Pointer Dereference in the ...) - exiv2 (bug #885981) [stretch] - exiv2 (Minor issue) @@ -34,13 +34,13 @@ CVE-2017-18005 (Exiv2 0.26 has a Null Pointer Dereference in the ...) NOTE: https://github.com/Exiv2/exiv2/issues/168 NOTE: Fixed via: https://github.com/Exiv2/exiv2/pull/199 CVE-2017-18004 (Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to ...) - TODO: check + NOT-FOR-US: Zurmo CVE-2017-18003 RESERVED CVE-2017-18002 RESERVED CVE-2017-18001 (Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote ...) - TODO: check + NOT-FOR-US: Trustwave Secure Web Gateway CVE-2016-10704 (Magento Community Edition and Enterprise Edition before 2.0.10 and ...) NOT-FOR-US: Magento CVE-2017-18000 @@ -1433,7 +1433,7 @@ CVE-2017-17706 CVE-2017-17705 RESERVED CVE-2017-17704 (A door-unlocking issue was discovered on Software House iStar Ultra ...) - TODO: check + NOT-FOR-US: Software House iStar Ultra devices CVE-2017-17703 RESERVED CVE-2017-17702 @@ -13897,7 +13897,7 @@ CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radi CVE-2017-15887 (An improper restriction of excessive authentication attempts ...) NOT-FOR-US: Synology CVE-2017-15886 (Server-side request forgery (SSRF) vulnerability in Link Preview in ...) - TODO: check + NOT-FOR-US: Synology Chat CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Network ...) NOT-FOR-US: Axis CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ebc69ed421d7a2c9ad8000afe59a5b03e88f359d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ebc69ed421d7a2c9ad8000afe59a5b03e88f359d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ef5ac40c by Salvatore Bonaccorso at 2017-12-30T15:29:22+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -14015,7 +14015,7 @@ CVE-2017-15815 CVE-2017-15814 RESERVED CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm closed-source components on Android CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...) NOT-FOR-US: Wordpress plugin CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the ...) @@ -14358,7 +14358,7 @@ CVE-2017-15669 CVE-2017-15668 RESERVED CVE-2017-15667 (In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a ...) - TODO: check + NOT-FOR-US: Flexense SysGauge Server CVE-2017-15666 RESERVED CVE-2017-15665 @@ -16788,15 +16788,15 @@ CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm closed-source components on Android CVE-2017-14906 RESERVED CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components on Android CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) TODO: check CVE-2017-14903 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components on Android CVE-2017-14902 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) TODO: check CVE-2017-14901 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef5ac40c3e393141f1b14cc9c7def8d21f380395 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef5ac40c3e393141f1b14cc9c7def8d21f380395 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
