Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23bfd857 by Salvatore Bonaccorso at 2018-02-28T21:13:42+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -31,7 +31,7 @@ CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a
NULL pointer derefere
- zsh <unfixed>
NOTE:
https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to
the ...)
- TODO: check
+ NOT-FOR-US: lyadmin
CVE-2018-7546
RESERVED
CVE-2018-7545
@@ -3232,7 +3232,7 @@ CVE-2018-6483
CVE-2018-6482
RESERVED
CVE-2018-6481 (A buffer overflow vulnerability in the control protocol of Disk
Savvy ...)
- TODO: check
+ NOT-FOR-US: Disk Savvy Enterprise
CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to
a ...)
NOT-FOR-US: CCN-lite 2
CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An ...)
@@ -15733,7 +15733,7 @@ CVE-2018-1418
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes
for ...)
NOT-FOR-US: IBM Runtimes for Java Technology
CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to
...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site
scripting. ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL
...)
@@ -31510,7 +31510,7 @@ CVE-2017-13275
CVE-2017-13274
RESERVED
CVE-2017-13273 (In xt_qtaguid.c, there is a race condition due to insufficient
...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-13272
RESERVED
CVE-2017-13271
@@ -38875,7 +38875,7 @@ CVE-2017-10965 (An issue was discovered in Irssi before
1.0.4. When receiving me
CVE-2017-10964
RESERVED
CVE-2017-10963 (In Knox SDS IAM (Identity Access Management) and EMM
(Enterprise ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...)
NOT-FOR-US: REDCap
CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the
File ...)
@@ -44729,7 +44729,7 @@ CVE-2017-8995
CVE-2017-8994 (A input validation vulnerability in HPE Operations
Orchestration ...)
NOT-FOR-US: HPE
CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and
...)
- TODO: check
+ NOT-FOR-US: HPE Project and Portfolio Management
CVE-2017-8992
RESERVED
CVE-2017-8991
@@ -65819,7 +65819,7 @@ CVE-2017-2168 (Cross-site scripting vulnerability in WP
Booking System Free vers
CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive
...)
NOT-FOR-US: PrimeDrive
CVE-2017-2166 (Open redirect vulnerability in GroupSession version 4.7.0 and
earlier ...)
- TODO: check
+ NOT-FOR-US: GroupSession
CVE-2017-2165 (GroupSession versions 4.6.4 and earlier allows remote
authenticated ...)
NOT-FOR-US: GroupSession
CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer
1.8.12 ...)
@@ -73133,7 +73133,7 @@ CVE-2016-8743 (Apache HTTP Server, in all releases
prior to 2.2.32 and 2.4.25, w
NOTE: Fixed in 2.4.25.
NOTE: For 2.2 preparation is done in
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/
CVE-2016-8742 (The Windows installer that the Apache CouchDB team provides was
...)
- TODO: check
+ NOT-FOR-US: Windows installer for Apache CouchDB
CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use
different so ...)
- qpid-java <itp> (bug #840131)
CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through
2.4.23, ...)
@@ -81235,7 +81235,7 @@ CVE-2016-6274
CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex
License ...)
NOT-FOR-US: Flexera
CVE-2016-6272 (SQL injection vulnerability in EPIC MyChart allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: EPIC MyChart
CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
{DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
@@ -118491,7 +118491,7 @@ CVE-2015-2798 (SQL injection vulnerability in Joomla!
Component Contact Form Mak
CVE-2015-2797 (Stack-based buffer overflow in AirTies Air 6372, 5760, 5750,
5650TT, ...)
NOT-FOR-US: AirTies Air DSL modems
CVE-2015-2796 (Multiple cross-site scripting (XSS) vulnerabilities in
Project-Pier ...)
- TODO: check
+ NOT-FOR-US: Project-Pier ProjectPier-Core
CVE-2015-2795
RESERVED
CVE-2015-2794 (The installation wizard in DotNetNuke (DNN) before 7.4.1 allows
remote ...)
@@ -120554,7 +120554,7 @@ CVE-2015-2187 (The dissect_atn_cpdlc_heur function in
...)
[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9952
CVE-2015-2186 (The Ansible edxapp role in the Configuration Repo in edX allows
remote ...)
- TODO: check
+ NOT-FOR-US: edX
CVE-2015-2185
RESERVED
CVE-2015-2184 (ZeusCart 4 allows remote attackers to obtain configuration
information ...)
@@ -120867,7 +120867,7 @@ CVE-2015-2083 (Cross-site request forgery (CSRF)
vulnerability in Ilch CMS allow
CVE-2015-2082 (Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4
...)
NOT-FOR-US: UNIT4 Prosoft HRMS
CVE-2015-2081 (Datto ALTO and SIRIS devices allow Remote Code Execution via
...)
- TODO: check
+ NOT-FOR-US: Datto ALTO and SIRIS devices
CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla
Forums ...)
NOT-FOR-US: Vanilla Forums
CVE-2015-8985 (The pop_fail_stack function in the GNU C Library (aka glibc or
libc6) ...)
@@ -126159,11 +126159,11 @@ CVE-2014-9508 (The frontend rendering component in
TYPO3 4.5.x before 4.5.39, 4.
CVE-2014-9505 (Cross-site scripting (XSS) vulnerability in the School
Administration ...)
NOT-FOR-US: School Administration module for Drupal
CVE-2014-9504 (The OG Subgroups module, when used with the Open Atrium module
7.x-2.x ...)
- TODO: check
+ NOT-FOR-US: Open Atrium module for Drupal
CVE-2014-9503 (The Discussions sub module in the Open Atrium module 7.x-2.x
before ...)
- TODO: check
+ NOT-FOR-US: Open Atrium module for Drupal
CVE-2014-9502 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: Open Atrium module for Drupal
CVE-2014-9501 (Cross-site scripting (XSS) vulnerability in the Poll Chart
Block ...)
NOT-FOR-US: Poll Chart Block module for Drupal
CVE-2014-9500 (Cross-site scripting (XSS) vulnerability in the Moip module
7.x-1.x ...)
@@ -129255,7 +129255,7 @@ CVE-2014-8986 (Cross-site scripting (XSS)
vulnerability in the selection list in
NOTE:
https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40
NOTE: https://github.com/mantisbt/mantisbt/commit/e326b73a (1.2.x)
CVE-2014-8985 (Microsoft Internet Explorer 11 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2014-8984
REJECTED
CVE-2014-8983
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23bfd857ec1666a54d88c4fc822b62bc206d0742
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23bfd857ec1666a54d88c4fc822b62bc206d0742
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
