Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fac68fe5 by Salvatore Bonaccorso at 2018-01-27T10:46:11+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -329,12 +329,12 @@ CVE-2018-6195 CVE-2018-6194 RESERVED CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, ...) - TODO: check + NOT-FOR-US: Routers2 CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...) - mupdf <unfixed> (bug #888487) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916 CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an ...) - TODO: check + NOT-FOR-US: MuJS CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description field on ...) NOT-FOR-US: Netis WF2419 V3.2.41381 devices CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier ...) @@ -915,7 +915,7 @@ CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In t CVE-2018-5998 RESERVED CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub ...) - TODO: check + NOT-FOR-US: RAVPower Filehub CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak authentication data ...) {DSA-4098-1} - curl 7.58.0-1 @@ -973,7 +973,7 @@ CVE-2018-5975 CVE-2018-5974 RESERVED CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 via ...) - TODO: check + NOT-FOR-US: Professional Local Directory Script CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the ...) NOT-FOR-US: Classified Ads CMS Quickad CVE-2018-5971 @@ -991,11 +991,11 @@ CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description par CVE-2018-5966 RESERVED CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has ...) @@ -1024,7 +1024,7 @@ CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a de NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737 NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: phpFreeChat CVE-2018-5953 RESERVED CVE-2018-5952 @@ -1477,7 +1477,7 @@ CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was f CVE-2018-5760 RESERVED CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...) - TODO: check + NOT-FOR-US: MuJS CVE-2018-5758 RESERVED CVE-2018-5757 @@ -2216,15 +2216,15 @@ CVE-2018-5449 CVE-2018-5448 RESERVED CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari PCS-9611 ...) - TODO: check + NOT-FOR-US: Nari PCS-9611 relay CVE-2018-5446 RESERVED CVE-2018-5445 (A Path Traversal issue was discovered in Advantech WebAccess/SCADA ...) - TODO: check + NOT-FOR-US: Advantech WebAccess/SCADA CVE-2018-5444 RESERVED CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA ...) - TODO: check + NOT-FOR-US: Advantech WebAccess/SCADA CVE-2018-5442 RESERVED CVE-2018-5441 @@ -3807,11 +3807,11 @@ CVE-2018-4839 CVE-2018-4838 RESERVED CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic < ...) - TODO: check + NOT-FOR-US: Siemens / TeleControl Server Basic CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic < ...) - TODO: check + NOT-FOR-US: Siemens / TeleControl Server Basic CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic < ...) - TODO: check + NOT-FOR-US: Siemens / TeleControl Server Basic CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers ...) NOT-FOR-US: Desigo CVE-2018-4833 @@ -6104,7 +6104,7 @@ CVE-2017-17978 CVE-2017-17977 RESERVED CVE-2017-17976 (In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can ...) - TODO: check + NOT-FOR-US: Perfex CRM CVE-2017-17975 (Use-after-free in the usbtv_probe function in ...) - linux <unfixed> [jessie] - linux <not-affected> (Vulnerable code path not present) @@ -15490,7 +15490,7 @@ CVE-2018-0509 CVE-2018-0508 RESERVED CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & ...) - TODO: check + NOT-FOR-US: FLET'S VIRUS CLEAR CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...) TODO: check CVE-2018-0505 @@ -23976,9 +23976,9 @@ CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead t CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ...) NOT-FOR-US: Atlassian Jira CVE-2017-14593 (Sourcetree for Windows had several argument and command injection bugs ...) - TODO: check + NOT-FOR-US: Sourcetree CVE-2017-14592 (Sourcetree for macOS had several argument and command injection bugs ...) - TODO: check + NOT-FOR-US: Sourcetree CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...) NOT-FOR-US: Atlassian CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial ...) @@ -24141,11 +24141,11 @@ CVE-2017-14525 (Multiple open redirect vulnerabilities in OpenText Documentum We CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum ...) NOT-FOR-US: OpenText Documentum Administrator CVE-2017-14523 (WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2017-14522 (In WonderCMS 2.3.1, the application's input fields accept arbitrary ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2017-14521 (In WonderCMS 2.3.1, the upload functionality accepts random ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2017-14520 (In Poppler 0.59.0, a floating point exception occurs in ...) {DSA-4079-1} - poppler 0.61.1-2 (low; bug #876081) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac68fe519f61b244ff7095589ae9e9a41d1c56c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac68fe519f61b244ff7095589ae9e9a41d1c56c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits