[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e25178f by Salvatore Bonaccorso at 2018-03-27T10:19:10+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,35 +1,35 @@ CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable assertion in the ...) TODO: check CVE-2018-9054 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2018-9053 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2018-9052 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2018-9051 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2018-9050 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2018-9049 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2018-9048 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2018-9047 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2018-9046 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2018-9045 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2018-9044 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...) - TODO: check + NOT-FOR-US: Advanced SystemCare Ultimate CVE-2018-9043 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...) - TODO: check + NOT-FOR-US: Advanced SystemCare Ultimate CVE-2018-9042 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...) - TODO: check + NOT-FOR-US: Advanced SystemCare Ultimate CVE-2018-9041 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...) - TODO: check + NOT-FOR-US: Advanced SystemCare Ultimate CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...) - TODO: check + NOT-FOR-US: Advanced SystemCare Ultimate CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, ...) TODO: check CVE-2018-9038 @@ -45,7 +45,7 @@ CVE-2018-9034 CVE-2018-9033 RESERVED CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless ...) - TODO: check + NOT-FOR-US: D-Link CVE-2018-9031 RESERVED CVE-2018-9030 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e25178f4e315e68d81a8e58cc320ed78dab6f4f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e25178f4e315e68d81a8e58cc320ed78dab6f4f You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2875c3a7 by Salvatore Bonaccorso at 2018-03-20T10:31:02+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3411,7 +3411,7 @@ CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to multiple persistent cross- CVE-2018-7446 RESERVED CVE-2018-7445 (A buffer overflow was found in the MikroTik RouterOS SMB service when ...) - TODO: check + NOT-FOR-US: MikroTik RouterOS CVE-2018-7444 RESERVED CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote ...) @@ -20268,7 +20268,7 @@ CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect .. CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...) NOT-FOR-US: EMC RSA Archer CVE-2018-1218 (In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to ...) - TODO: check + NOT-FOR-US: EMC NetWorker CVE-2018-1217 RESERVED CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp Manager ...) @@ -20459,7 +20459,7 @@ CVE-2018-1173 CVE-2018-1172 RESERVED CVE-2018-1171 (This vulnerability allows local attackers to escalate privileges on ...) - TODO: check + NOT-FOR-US: Joyent SmartOS CVE-2018-1170 (This vulnerability allows adjacent attackers to inject arbitrary ...) NOT-FOR-US: Volkswagen Customer-Link App and HTC Customer-Link Bridge CVE-2018-1169 (This vulnerability allows remote attackers to execute arbitrary code ...) @@ -144975,7 +144975,7 @@ CVE-2014-4026 CVE-2014-4025 RESERVED CVE-2014-4024 (SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in ...) NOT-FOR-US: F5 BIG-IP CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, ...) @@ -148927,9 +148927,9 @@ CVE-2014-2677 CVE-2014-2676 RESERVED CVE-2014-2675 (Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php ...) - TODO: check + NOT-FOR-US: WP HTML Sitemap plugin for WordPress CVE-2014-2674 (Directory traversal vulnerability in the Ajax Pagination (twitter ...) - TODO: check + NOT-FOR-US: Ajax Pagination (twitter Style) plugin for WordPress CVE-2014-2671 (Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2014-2670 (Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ...) @@ -149232,7 +149232,7 @@ CVE-2014-2552 CVE-2014-2551 RESERVED CVE-2014-2550 (Cross-site request forgery (CSRF) vulnerability in the Disable ...) - TODO: check + NOT-FOR-US: Disable Comments plugin for WordPress CVE-2014-2549 RESERVED CVE-2014-2548 @@ -149987,7 +149987,7 @@ CVE-2014-2299 (Buffer overflow in the mpeg_read function in wiretap/mpeg.c in th CVE-2014-2298 RESERVED CVE-2014-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress CVE-2014-2296 RESERVED CVE-2014-2295 @@ -150068,7 +150068,7 @@ CVE-2014-2276 (The FileUploadController servlet in EMC Connectrix Manager Conver CVE-2014-2275 RESERVED CVE-2014-2274 (Cross-site request forgery (CSRF) vulnerability in the Subscribe To ...) - TODO: check + NOT-FOR-US: Subscribe To Comments Reloaded plugin for WordPress CVE-2014-2273 (The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 ...) NOT-FOR-US: Huawei Router CVE-2014-2272 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2875c3a72474f5db50e624a05ded9620e2b7b8a0 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2875c3a72474f5db50e624a05ded9620e2b7b8a0 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 569d1726 by Salvatore Bonaccorso at 2018-03-15T22:32:11+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4611,7 +4611,7 @@ CVE-2018-6959 CVE-2018-6958 RESERVED CVE-2018-6957 (VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before ...) - TODO: check + NOT-FOR-US: VMware CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks ...) NOT-FOR-US: opentmpfiles CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an ...) @@ -6785,31 +6785,31 @@ CVE-2018-6233 CVE-2018-6232 RESERVED CVE-2018-6231 (A server auth command injection authentication bypass vulnerability in ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6230 (A SQL injection vulnerability in an Trend Micro Email Encryption ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6229 (A SQL injection vulnerability in an Trend Micro Email Encryption ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6228 (A SQL injection vulnerability in a Trend Micro Email Encryption ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6227 (A stored cross-site scripting (XSS) vulnerability in Trend Micro Email ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6226 (Reflected cross-site scripting (XSS) vulnerabilities in two Trend ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6225 (An XML external entity injection (XXE) vulnerability in Trend Micro ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6224 (A lack of cross-site request forgery (CSRF) protection vulnerability ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6223 (A missing authentication for appliance registration vulnerability in ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6222 (Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6221 (An unvalidated software update vulnerability in Trend Micro Email ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6220 (An arbitrary file write vulnerability in Trend Micro Email Encryption ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6219 (An Insecure Update via HTTP vulnerability in Trend Micro Email ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2018-6218 (A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking ...) NOT-FOR-US: Trend Micro CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS ...) @@ -19701,7 +19701,7 @@ CVE-2018-1321 CVE-2018-1320 RESERVED CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that cause ...) - TODO: check + NOT-FOR-US: Apache Allura CVE-2018-1318 RESERVED CVE-2018-1317 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/569d172640b745cdba24d6b256d4828c0d4ebc68 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/569d172640b745cdba24d6b256d4828c0d4ebc68 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cce7252a by Salvatore Bonaccorso at 2018-03-10T07:08:28+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -16,9 +16,9 @@ CVE-2018-7998 (In libvips before 8.6.3, a NULL function pointer dereference ...) NOTE: https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5 NOTE: https://github.com/jcupitt/libvips/issues/893 CVE-2018-7997 (Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file ...) - TODO: check + NOT-FOR-US: Eramba CVE-2018-7996 (Eramba e1.0.6.033 has Stored XSS on the tooltip box via the ...) - TODO: check + NOT-FOR-US: Eramba CVE-2018-7994 RESERVED CVE-2018-7993 @@ -220,7 +220,7 @@ CVE-2018-7896 CVE-2018-7895 RESERVED CVE-2018-7894 (Eramba e1.0.6.033 has Reflected XSS in ...) - TODO: check + NOT-FOR-US: Eramba CVE-2018-7893 RESERVED CVE-2018-7892 @@ -1054,9 +1054,9 @@ CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, CVE-2018-7583 (Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) ...) NOT-FOR-US: Proxy.exe in DualDesk 20 CVE-2018-7582 (WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of ...) - TODO: check + NOT-FOR-US: WebLog Expert Web Server Enterprise CVE-2018-7581 (\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert ...) - TODO: check + NOT-FOR-US: WebLog Expert Web Server Enterprise CVE-2018-7580 RESERVED CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was ...) @@ -18973,25 +18973,25 @@ CVE-2017-17332 CVE-2017-17331 RESERVED CVE-2017-17330 (Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17329 (Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17328 (Huawei smartphones with software of MHA-AL00AC00B125 have an integer ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17327 (Huawei smartphones with software of MHA-AL00AC00B125 have an improper ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17326 (Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17325 (Huawei video applications HiCinema with software of 8.0.3.308; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17324 (Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17323 (Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17322 (Huawei Honor Smart Scale Application with software of 1.1.1 has an ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17321 (Huawei eNSP software with software of versions earlier than ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17320 RESERVED CVE-2017-17319 @@ -19025,9 +19025,9 @@ CVE-2017-17306 CVE-2017-17305 RESERVED CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17303 (Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17302 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...) NOT-FOR-US: Huawei CVE-2017-17301 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, ...) @@ -19071,11 +19071,11 @@ CVE-2017-17283 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 . CVE-2017-17282 RESERVED CVE-2017-17281 (SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17280 (NFC (Near Field Communication) module in Huawei mobile phones with ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17279 (The soundtrigger module in Huawei Mate 9 Pro smart phones with ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17278 RESERVED CVE-2017-17277 @@ -19133,7 +19133,7 @@ CVE-2017-17252 CVE-2017-17251 RESERVED CVE-2017-17250 (Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17249 RESERVED CVE-2017-17248 @@ -19179,29 +19179,29 @@ CVE-2017-17229 CVE-2017-17228 RESERVED CVE-2017-17227 (GPU driver in Huawei Mate 10 smart phones with the versions before ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17226 (The TripAdvisor app with the
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c791ef1 by Salvatore Bonaccorso at 2018-03-08T22:40:07+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -7367,7 +7367,7 @@ CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 NOTE: https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e NOTE: upstream fixed in 3.2.9, 3.3.6 and 3.4.4 CVE-2018-5313 (A vulnerability allows local attackers to escalate privilege on Rapid ...) - TODO: check + NOT-FOR-US: Rapid Scada CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...) - matrixssl [wheezy] - matrixssl (not supported in Wheezy) @@ -8648,11 +8648,11 @@ CVE-2018-4842 CVE-2018-4841 RESERVED CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2018-4838 (A vulnerability has been identified in Siemens EN100 Ethernet module ...) - TODO: check + NOT-FOR-US: Siemens CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic ...) NOT-FOR-US: Siemens / TeleControl Server Basic CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic ...) @@ -16802,9 +16802,9 @@ CVE-2018-1445 CVE-2018-1444 RESERVED CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single sign-on ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1442 (IBM Application Performance Management - Response Time Monitoring ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1441 RESERVED CVE-2018-1440 @@ -16914,7 +16914,7 @@ CVE-2018-1389 CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies ...) NOT-FOR-US: IBM WebSphere MQ CVE-2018-1387 (IBM Application Performance Management for Monitoring Diagnostics ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1386 RESERVED CVE-2018-1385 @@ -17983,17 +17983,17 @@ CVE-2018-1222 CVE-2018-1221 RESERVED CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect ...) - TODO: check + NOT-FOR-US: EMC RSA Archer CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...) - TODO: check + NOT-FOR-US: EMC RSA Archer CVE-2018-1218 RESERVED CVE-2018-1217 RESERVED CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp Manager ...) - TODO: check + NOT-FOR-US: EMC CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Manager ...) - TODO: check + NOT-FOR-US: EMC CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows ...) NOT-FOR-US: EMC CVE-2018-1213 @@ -18063,7 +18063,7 @@ CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines CVE-2018-1183 RESERVED CVE-2018-1182 (An issue was discovered in EMC RSA Identity Governance and Lifecycle ...) - TODO: check + NOT-FOR-US: EMC CVE-2018-1181 RESERVED CVE-2017-17447 @@ -50107,13 +50107,13 @@ CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileg CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka ...) NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...) - TODO: check + NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...) - TODO: check + NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7639 RESERVED CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...) - TODO: check + NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7637 RESERVED CVE-2017-7636 @@ -50121,7 +50121,7 @@ CVE-2017-7636 CVE-2017-7635 RESERVED CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Media ...) - TODO: check + NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...) NOT-FOR-US: QNAP CVE-2017-7632 @@ -55023,7 +55023,7 @@ CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 CVE-2017-6153 RESERVED CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the ...) - TODO: check +
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6025a50f by Salvatore Bonaccorso at 2018-03-07T11:00:22+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4,9 +4,9 @@ CVE-2018-7740 (The resv_map_release function in mm/hugetlb.c in the Linux kernel CVE-2018-7739 (antsle antman before 0.9.1a allows remote attackers to bypass ...) TODO: check CVE-2018-7737 (In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as ...) - TODO: check + NOT-FOR-US: Z-BlogPHP CVE-2018-7736 (In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME ...) - TODO: check + NOT-FOR-US: Z-BlogPHP CVE-2017-18221 (The __munlock_pagevec function in mm/mlock.c in the Linux kernel before ...) - linux 4.11.6-1 [stretch] - linux 4.9.47-1 @@ -57,7 +57,7 @@ CVE-2018-7723 (The management panel in Piwigo 2.9.3 has stored XSS via the ...) CVE-2018-7722 (The management panel in Piwigo 2.9.3 has stored XSS via the name ...) - piwigo CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via ...) - TODO: check + NOT-FOR-US: MetInfo CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Western ...) TODO: check CVE-2018-7719 @@ -277,7 +277,7 @@ CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Ne NOTE: (upstream) is to listen on all IP addresses. [...] so make sure NOTE: it's listening on a firewalled interface." CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone:Script Classified Application CVE-2018-7649 RESERVED CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The ...) @@ -3630,13 +3630,13 @@ CVE-2018-6532 (An issue was discovered in Icinga 2.x through 2.8.1. By sending . CVE-2018-6531 RESERVED CVE-2018-6530 (OS command injection vulnerability in soap.cgi (soapcgi_main in ...) - TODO: check + NOT-FOR-US: D-Link CVE-2018-6529 (XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link ...) - TODO: check + NOT-FOR-US: D-Link CVE-2018-6528 (XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link ...) - TODO: check + NOT-FOR-US: D-Link CVE-2018-6527 (XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in ...) - TODO: check + NOT-FOR-US: D-Link CVE-2018-6526 (view_all_bug_page.php in MantisBT before 2018-02-02 allows remote ...) - mantis [wheezy] - mantis (Not supported in wheezy LTS) @@ -5079,7 +5079,7 @@ CVE-2018-6021 CVE-2018-6020 RESERVED CVE-2018-6019 (Samsung Display Solutions App before 3.02 for Android allows ...) - TODO: check + NOT-FOR-US: Samsung Display Solutions App for Android CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ...) NOT-FOR-US: Tinder CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6025a50f6f7f5bb0abdca008c2d3b80fce5e43f6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6025a50f6f7f5bb0abdca008c2d3b80fce5e43f6 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a36825a2 by Salvatore Bonaccorso at 2018-02-16T10:51:36+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -2380,7 +2380,7 @@ CVE-2017-18076 (In strategy.rb in OmniAuth before 1.3.2, the authenticity_token - ruby-omniauth 1.3.1-2 (bug #888523) NOTE: https://github.com/omniauth/omniauth/pull/867 CVE-2018-6324 (F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated ...) - TODO: check + NOT-FOR-US: F-Secure Radar CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descriptor ...) - binutils 2.30-3 [stretch] - binutils (Minor issue) @@ -2401,7 +2401,7 @@ CVE-2018-6318 (In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the cont CVE-2018-6317 (The remote management interface in Claymore Dual Miner 10.5 and ...) NOT-FOR-US: Claymore's Dual Ethereum CVE-2018-6316 (Ivanti Endpoint Security (formerly HEAT Endpoint Management and ...) - TODO: check + NOT-FOR-US: Ivanti Endpoint Security CVE-2018-6315 (The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming ...) - ming NOTE: https://github.com/libming/libming/issues/101 @@ -2689,7 +2689,7 @@ CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in ...) NOTE: https://github.com/tats/w3m/issues/88 NOTE: https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92 CVE-2018-6189 (F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors ...) - TODO: check + NOT-FOR-US: F-Secure Radar CVE-2018-6188 (django.contrib.auth.forms.AuthenticationForm in Django 2.0 before ...) - python-django 1:1.11.10-1 [stretch] - python-django (Issue introduced in 1.11.8 and 2.0) @@ -3826,7 +3826,7 @@ CVE-2018-5769 CVE-2018-5768 RESERVED CVE-2018-5767 (An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A ...) - TODO: check + NOT-FOR-US: Tenda AC15 V15.03.1.16_multi devices CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packet_ref ...) - libav [jessie] - libav (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a36825a2d979b18a532ee7f0832fae093d95b97a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a36825a2d979b18a532ee7f0832fae093d95b97a You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d1b77ae9 by Salvatore Bonaccorso at 2018-02-12T17:09:17+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -50,9 +50,9 @@ CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a CVE-2018-6890 RESERVED CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a Host ...) - TODO: check + NOT-FOR-US: Typesetter CMS CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions page ...) - TODO: check + NOT-FOR-US: Typesetter CMS CVE-2018-6887 RESERVED CVE-2018-6886 @@ -76,9 +76,9 @@ CVE-2018-160 (Sensu, Inc. Sensu Core version Before 1.2.0 before commi CVE-2018-159 (ValidFormBuilder version 4.5.4 contains a PHP Object Injection ...) NOT-FOR-US: ValidFormBuilder CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to discover the full path via an ...) - TODO: check + NOT-FOR-US: EmpireCMS CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full ...) - TODO: check + NOT-FOR-US: EmpireCMS CVE-2018-6879 RESERVED CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Scripts ...) @@ -121,19 +121,19 @@ CVE-2018-6866 CVE-2018-6865 RESERVED CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall Multi religion Responsive Matrimonial CVE-2018-6863 (SQL Injection exists in PHP Scripts Mall Select Your College Script ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall Select Your College Script CVE-2018-6862 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall Bitcoin MLM Software CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall Lawyer Search Script CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script CVE-2018-6859 RESERVED CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall Facebook Clone Script CVE-2018-6857 RESERVED CVE-2018-6856 @@ -159,7 +159,7 @@ CVE-2018-6847 CVE-2018-6846 (Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a ...) NOT-FOR-US: Z-BlogPHP CVE-2018-6845 (PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall Multi Language Olx Clone Script CVE-2018-6844 (MyBB 1.8.14 has XSS via the Title or Description field on the Edit ...) NOT-FOR-US: MyBB CVE-2018-6843 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1b77ae93845477b74a81dd874a917642541b413 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1b77ae93845477b74a81dd874a917642541b413 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4209ce68 by Salvatore Bonaccorso at 2018-02-06T22:37:30+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -211,7 +211,7 @@ CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI thr CVE-2018-6657 RESERVED CVE-2018-6656 (Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as ...) - TODO: check + NOT-FOR-US: Z-BlogPHP CVE-2018-6655 RESERVED CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote ...) @@ -221,7 +221,7 @@ CVE-2018-6653 CVE-2018-6652 RESERVED CVE-2018-6651 (In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as ...) - TODO: check + NOT-FOR-US: uncurl CVE-2018-6650 RESERVED CVE-2018-6649 @@ -910,13 +910,13 @@ CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file CVE-2018-6470 (Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each ...) NOT-FOR-US: Nibbleblog on macOS CVE-2018-6469 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...) - TODO: check + NOT-FOR-US: flickrRSS plugin for WordPress CVE-2018-6468 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...) - TODO: check + NOT-FOR-US: flickrRSS plugin for WordPress CVE-2018-6467 (The flickrRSS plugin 5.3.1 for WordPress has CSRF via ...) TODO: check CVE-2018-6466 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...) - TODO: check + NOT-FOR-US: flickrRSS plugin for WordPress CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via the ...) NOT-FOR-US: PropertyHive plugin for WordPress CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4209ce68b6bc9d1276c27b9fcb64b63cafd9168b --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4209ce68b6bc9d1276c27b9fcb64b63cafd9168b You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8e1f396 by Salvatore Bonaccorso at 2018-02-04T11:14:01+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,7 @@ CVE-2018-6607 RESERVED CVE-2018-6606 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...) - TODO: check + NOT-FOR-US: MalwareFox AntiMalware CVE-2018-6605 RESERVED CVE-2018-6604 @@ -33,7 +33,7 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generat NOTE: The issue is found as well in pycryptodome (fork from python-crypto) NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90 CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...) - TODO: check + NOT-FOR-US: MalwareFox AntiMalware CVE-2018-6592 RESERVED CVE-2018-6591 @@ -8354,7 +8354,7 @@ CVE-2017-17705 CVE-2017-17704 (A door-unlocking issue was discovered on Software House iStar Ultra ...) NOT-FOR-US: Software House iStar Ultra devices CVE-2017-17703 (Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2017-17702 RESERVED CVE-2018-3559 @@ -16380,7 +16380,7 @@ CVE-2018-0508 (Cross-site scripting vulnerability in epg search result viewer .. CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup ...) NOT-FOR-US: FLET'S VIRUS CLEAR CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...) - TODO: check + NOT-FOR-US: Nootka CVE-2018-0505 RESERVED CVE-2018-0504 @@ -42365,7 +42365,7 @@ CVE-2017-8785 (FastStone Image Viewer 6.2 has a Data from Faulting Address CVE-2017-8784 REJECTED CVE-2017-8783 (Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2017-8782 (The readString function in util/read.c and util/old/read.c in libming ...) {DLA-980-1} - ming View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8e1f3968b17e8047bca6d69a86c94cdf79cd8d1 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8e1f3968b17e8047bca6d69a86c94cdf79cd8d1 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7bfdbac0 by Salvatore Bonaccorso at 2018-01-30T22:28:33+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -11,13 +11,13 @@ CVE-2018-6400 CVE-2018-6399 RESERVED CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for ...) - TODO: check + NOT-FOR-US: CP Event Calendar component for Joomla! CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4 component for ...) - TODO: check + NOT-FOR-US: Picture Calendar component for Joomla! CVE-2018-6396 RESERVED CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! ...) - TODO: check + NOT-FOR-US: Visual Calendar component for Joomla! CVE-2018-6394 RESERVED CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection via the ...) @@ -51,15 +51,15 @@ CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by inval [wheezy] - zziplib (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/12 CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes leads ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri class ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2018-6378 RESERVED CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in com_fields leads ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable in a ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2018-129 RESERVED CVE-2018-126 @@ -145,7 +145,7 @@ CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the . CVE-2018-6356 RESERVED CVE-2018-6355 (/goform/setLang on iBall 300M devices with iB-WRB302N_1.0.1-Sep 8 ...) - TODO: check + NOT-FOR-US: iBall 300M devices CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS ...) NOT-FOR-US: Formspree CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 ...) @@ -2414,7 +2414,7 @@ CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA CVE-2018-5442 RESERVED CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered in ...) - TODO: check + NOT-FOR-US: PHOENIX CONTACT mGuard firmware CVE-2018-5440 RESERVED CVE-2018-5439 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bfdbac054b99b302a60acd2f2884e0e818ee61f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bfdbac054b99b302a60acd2f2884e0e818ee61f You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8eebed5b by Salvatore Bonaccorso at 2018-01-29T22:13:23+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -12236,7 +12236,7 @@ CVE-2018-1366 CVE-2018-1365 RESERVED CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External ...) - TODO: check + NOT-FOR-US: IBM Content Navigator CVE-2018-1363 RESERVED CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 ...) @@ -62842,9 +62842,9 @@ CVE-2017-1786 CVE-2017-1785 RESERVED CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary files ...) - TODO: check + NOT-FOR-US: IBM Cognos Analytics CVE-2017-1783 (IBM Cognos Analytics 11.0 could allow a local user to change ...) - TODO: check + NOT-FOR-US: IBM Cognos Analytics CVE-2017-1782 RESERVED CVE-2017-1781 @@ -62852,7 +62852,7 @@ CVE-2017-1781 CVE-2017-1780 RESERVED CVE-2017-1779 (IBM Cognos Analytics 11.0 could store cached credentials locally that ...) - TODO: check + NOT-FOR-US: IBM Cognos Analytics CVE-2017-1778 RESERVED CVE-2017-1777 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8eebed5bfbaea19f9fe9d208582087f8f250f4f8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8eebed5bfbaea19f9fe9d208582087f8f250f4f8 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f1dbd33 by Salvatore Bonaccorso at 2018-01-17T22:45:21+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1072,7 +1072,7 @@ CVE-2018- [Password protect the JSONRPC interface] CVE-2018-5300 RESERVED CVE-2018-5299 (A stack-based Buffer Overflow Vulnerability exists in the web server in ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2018-5298 (In the Procter Gamble Oral-B App (aka com.pg.oralb.oralbapp) ...) NOT-FOR-US: Procter & Gamble "Oral-B App" for Android CVE-2018-5297 @@ -1159,7 +1159,7 @@ CVE-2018-5260 CVE-2018-5259 (Discuz! DiscuzX X3.4 allows remote authenticated users to bypass ...) NOT-FOR-US: Discuz! DiscuzX CVE-2018-5258 (The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL ...) - TODO: check + NOT-FOR-US: Neon app CVE-2018-5257 RESERVED CVE-2018-5256 @@ -1312,7 +1312,7 @@ CVE-2018-5197 CVE-2018-5196 RESERVED CVE-2018-5195 (Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow ...) - TODO: check + NOT-FOR-US: Hancom NEO CVE-2018-5194 RESERVED CVE-2018-5193 @@ -4902,7 +4902,7 @@ CVE-2017-17949 (Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. CVE-2017-17948 (Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic ...) NOT-FOR-US: Cells Blog CVE-2017-17947 (A cross site scripting issue has been found in custompage.cgi in Pulse ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2017-1000411 RESERVED NOT-FOR-US: OpenDayLight View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f1dbd33e23e501467e7fe4ff747ee32df064b8e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f1dbd33e23e501467e7fe4ff747ee32df064b8e You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 517825bc by Salvatore Bonaccorso at 2018-01-09T10:44:53+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,9 +1,9 @@ CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the ...) - TODO: check + NOT-FOR-US: tabs-responsive plugin for WordPress CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the ...) - TODO: check + NOT-FOR-US: Easy Custom Auto Excerpt plugin for WordPress CVE-2018-5310 (In the Media from FTP plugin before 9.85 for WordPress, Directory ...) - TODO: check + NOT-FOR-US: "Media from FTP" plugin for WordPress CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...) TODO: check CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the ...) @@ -21,7 +21,7 @@ CVE-2018-5303 CVE-2018-5302 RESERVED CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10 and ...) - TODO: check + NOT-FOR-US: Magento CVE-2017-18025 (cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote ...) TODO: check CVE-2017-18024 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/517825bcc345ad80b9bf246483959e88046b12d6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/517825bcc345ad80b9bf246483959e88046b12d6 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 15e7ca85 by Salvatore Bonaccorso at 2018-01-08T21:47:53+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3213,7 +3213,7 @@ CVE-2017-1000412 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 CVE-2018-3816 RESERVED CVE-2018-3815 (The XML Interface to Messaging, Scheduling, and Signaling (XIMSS) ...) - TODO: check + NOT-FOR-US: CommuniGate Pro CVE-2017-18015 (The ILLID Share This Image plugin before 1.04 for WordPress has XSS via ...) NOT-FOR-US: ILLID Share This Image plugin for WordPress CVE-2017-18014 @@ -17096,7 +17096,7 @@ CVE-2017-15915 CVE-2017-15914 RESERVED CVE-2017-15913 (The Installer in Whale allows DLL hijacking. ...) - TODO: check + NOT-FOR-US: Installer in Whale CVE-2017-15912 RESERVED CVE-2017-15911 (The Admin Console in Ignite Realtime Openfire Server before 4.1.7 ...) @@ -47249,7 +47249,7 @@ CVE-2016-10224 (An issue was discovered in Sauter NovaWeb web HMI. The applicati CVE-2016-10223 (An issue was discovered in BigTree CMS before 4.2.15. The vulnerability ...) NOT-FOR-US: BigTree CMS CVE-2017-5971 (SQL injection vulnerability in NewsBee CMS allow remote attackers to ...) - TODO: check + NOT-FOR-US: NewsBee CMS CVE-2017-5970 (The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the ...) {DSA-3791-1 DLA-922-1} - linux 4.9.10-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15e7ca85f24ce99b201e3e6accf0dde767d4791e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15e7ca85f24ce99b201e3e6accf0dde767d4791e You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c6a1f793 by Salvatore Bonaccorso at 2018-01-01T20:41:11+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -8737,7 +8737,7 @@ CVE-2017-17070 CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 2017 ...) NOT-FOR-US: ActiveSetupN.exe in Amazon Audible for Windows CVE-2017-17068 (A cross-origin vulnerability has been discovered in the Auth0 auth0.js ...) - TODO: check + NOT-FOR-US: Auth0 auth0.js library CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...) NOT-FOR-US: Splunk Web CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the ...) @@ -10518,7 +10518,7 @@ CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 - ming NOTE: https://github.com/libming/libming/issues/75 CVE-2017-16897 (A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 ...) - TODO: check + NOT-FOR-US: Auth0 passport-wsfed-saml2 library CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass ...) - tt-rss (bug #882543) NOTE: https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669 @@ -23144,13 +23144,13 @@ CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in ...) - perl (Windows specific issue) NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public) CVE-2017-12813 (PHPJabbers File Sharing Script 1.0 has stored XSS in the comments ...) - TODO: check + NOT-FOR-US: PHPJabbers File Sharing Script CVE-2017-12812 (PHPJabbers Night Club Booking Software has stored XSS in the name ...) - TODO: check + NOT-FOR-US: PHPJabbers Night Club Booking Software CVE-2017-12811 (PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. ...) - TODO: check + NOT-FOR-US: PHPJabbers Star Rating Script CVE-2017-12810 (PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the ...) - TODO: check + NOT-FOR-US: PHPJabbers PHP Newsletter Script CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM ...) {DSA-3991-1} - qemu 1:2.10.0-1 (bug #873849) @@ -29632,7 +29632,7 @@ CVE-2017-9946 (A vulnerability has been identified in Siemens APOGEE PXC and TAL CVE-2017-9945 (In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All ...) NOT-FOR-US: Siemens CVE-2017-9944 (A vulnerability has been identified in Siemens 7KT PAC1200 data manager ...) - TODO: check + NOT-FOR-US: Siemens CVE-2017-9943 RESERVED CVE-2017-9942 (A vulnerability was discovered in Siemens SiPass integrated (All ...) @@ -40546,17 +40546,17 @@ CVE-2017-7165 CVE-2017-7164 RESERVED CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before ...) - TODO: check + NOT-FOR-US: Intel Graphics Driver on Apple / macOS CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7161 RESERVED CVE-2017-7160 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7159 (An issue was discovered in certain Apple products. macOS before ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7158 (An issue was discovered in certain Apple products. macOS before ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7157 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0010.html @@ -40566,13 +40566,13 @@ CVE-2017-7156 (An issue was discovered in certain Apple products. iOS before 11. NOTE: https://webkitgtk.org/security/WSA-2017-0010.html NOTE: Not covered by security support CVE-2017-7155 (An issue was discovered in certain Apple products. macOS before ...) - TODO: check + NOT-FOR-US: Intel Graphics Driver on Apple / macOS CVE-2017-7154 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7153 RESERVED CVE-2017-7152 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-7151 RESERVED CVE-2017-7150 (An issue was discovered in certain Apple products. macOS before 10.13 ...) @@ -45118,7 +45118,7 @@ CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF vi CVE-2017-5642 (During installation of Ambari