Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 23bfd857 by Salvatore Bonaccorso at 2018-02-28T21:13:42+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -31,7 +31,7 @@ CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a NULL pointer derefere - zsh <unfixed> NOTE: https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102 CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the ...) - TODO: check + NOT-FOR-US: lyadmin CVE-2018-7546 RESERVED CVE-2018-7545 @@ -3232,7 +3232,7 @@ CVE-2018-6483 CVE-2018-6482 RESERVED CVE-2018-6481 (A buffer overflow vulnerability in the control protocol of Disk Savvy ...) - TODO: check + NOT-FOR-US: Disk Savvy Enterprise CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to a ...) NOT-FOR-US: CCN-lite 2 CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An ...) @@ -15733,7 +15733,7 @@ CVE-2018-1418 CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes for ...) NOT-FOR-US: IBM Runtimes for Java Technology CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM WebSphere Portal CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL ...) @@ -31510,7 +31510,7 @@ CVE-2017-13275 CVE-2017-13274 RESERVED CVE-2017-13273 (In xt_qtaguid.c, there is a race condition due to insufficient ...) - TODO: check + NOT-FOR-US: Android CVE-2017-13272 RESERVED CVE-2017-13271 @@ -38875,7 +38875,7 @@ CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving me CVE-2017-10964 RESERVED CVE-2017-10963 (In Knox SDS IAM (Identity Access Management) and EMM (Enterprise ...) - TODO: check + NOT-FOR-US: Samsung CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...) NOT-FOR-US: REDCap CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the File ...) @@ -44729,7 +44729,7 @@ CVE-2017-8995 CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration ...) NOT-FOR-US: HPE CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and ...) - TODO: check + NOT-FOR-US: HPE Project and Portfolio Management CVE-2017-8992 RESERVED CVE-2017-8991 @@ -65819,7 +65819,7 @@ CVE-2017-2168 (Cross-site scripting vulnerability in WP Booking System Free vers CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive ...) NOT-FOR-US: PrimeDrive CVE-2017-2166 (Open redirect vulnerability in GroupSession version 4.7.0 and earlier ...) - TODO: check + NOT-FOR-US: GroupSession CVE-2017-2165 (GroupSession versions 4.6.4 and earlier allows remote authenticated ...) NOT-FOR-US: GroupSession CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 ...) @@ -73133,7 +73133,7 @@ CVE-2016-8743 (Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, w NOTE: Fixed in 2.4.25. NOTE: For 2.2 preparation is done in http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/ CVE-2016-8742 (The Windows installer that the Apache CouchDB team provides was ...) - TODO: check + NOT-FOR-US: Windows installer for Apache CouchDB CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use different so ...) - qpid-java <itp> (bug #840131) CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...) @@ -81235,7 +81235,7 @@ CVE-2016-6274 CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex License ...) NOT-FOR-US: Flexera CVE-2016-6272 (SQL injection vulnerability in EPIC MyChart allows remote attackers to ...) - TODO: check + NOT-FOR-US: EPIC MyChart CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...) {DSA-3631-1 DLA-628-1} - php7.0 7.0.9-1 @@ -118491,7 +118491,7 @@ CVE-2015-2798 (SQL injection vulnerability in Joomla! Component Contact Form Mak CVE-2015-2797 (Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, ...) NOT-FOR-US: AirTies Air DSL modems CVE-2015-2796 (Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ...) - TODO: check + NOT-FOR-US: Project-Pier ProjectPier-Core CVE-2015-2795 RESERVED CVE-2015-2794 (The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote ...) @@ -120554,7 +120554,7 @@ CVE-2015-2187 (The dissect_atn_cpdlc_heur function in ...) [squeeze] - wireshark <not-affected> (Only affects 1.12.x) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9952 CVE-2015-2186 (The Ansible edxapp role in the Configuration Repo in edX allows remote ...) - TODO: check + NOT-FOR-US: edX CVE-2015-2185 RESERVED CVE-2015-2184 (ZeusCart 4 allows remote attackers to obtain configuration information ...) @@ -120867,7 +120867,7 @@ CVE-2015-2083 (Cross-site request forgery (CSRF) vulnerability in Ilch CMS allow CVE-2015-2082 (Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 ...) NOT-FOR-US: UNIT4 Prosoft HRMS CVE-2015-2081 (Datto ALTO and SIRIS devices allow Remote Code Execution via ...) - TODO: check + NOT-FOR-US: Datto ALTO and SIRIS devices CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums ...) NOT-FOR-US: Vanilla Forums CVE-2015-8985 (The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...) @@ -126159,11 +126159,11 @@ CVE-2014-9508 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4. CVE-2014-9505 (Cross-site scripting (XSS) vulnerability in the School Administration ...) NOT-FOR-US: School Administration module for Drupal CVE-2014-9504 (The OG Subgroups module, when used with the Open Atrium module 7.x-2.x ...) - TODO: check + NOT-FOR-US: Open Atrium module for Drupal CVE-2014-9503 (The Discussions sub module in the Open Atrium module 7.x-2.x before ...) - TODO: check + NOT-FOR-US: Open Atrium module for Drupal CVE-2014-9502 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + NOT-FOR-US: Open Atrium module for Drupal CVE-2014-9501 (Cross-site scripting (XSS) vulnerability in the Poll Chart Block ...) NOT-FOR-US: Poll Chart Block module for Drupal CVE-2014-9500 (Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x ...) @@ -129255,7 +129255,7 @@ CVE-2014-8986 (Cross-site scripting (XSS) vulnerability in the selection list in NOTE: https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40 NOTE: https://github.com/mantisbt/mantisbt/commit/e326b73a (1.2.x) CVE-2014-8985 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2014-8984 REJECTED CVE-2014-8983 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23bfd857ec1666a54d88c4fc822b62bc206d0742 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23bfd857ec1666a54d88c4fc822b62bc206d0742 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits