Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 71c155d7 by Salvatore Bonaccorso at 2018-03-13T21:53:43+01:00 Process NFUs - - - - - 3980c0da by Salvatore Bonaccorso at 2018-03-13T21:54:06+01:00 Add two glpi issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -9,13 +9,13 @@ CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains a - sharutils <unfixed> NOTE: http://seclists.org/bugtraq/2018/Feb/54 CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit ...) - TODO: check + NOT-FOR-US: tiny-json-http CVE-2018-1000095 (oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) ...) - TODO: check + NOT-FOR-US: ovirt-engine CVE-2018-1000094 (CMS Made Simple version 2.2.5 contains a Remote Code Execution ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2017-18228 (Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey ...) - TODO: check + NOT-FOR-US: Remedy Mid Tier in BMC Remedy AR System CVE-2018-8084 RESERVED CVE-2018-8083 @@ -29,7 +29,7 @@ CVE-2018-8080 CVE-2018-8079 RESERVED CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to ...) - TODO: check + NOT-FOR-US: YzmCMS CVE-2018-8077 RESERVED CVE-2018-8076 @@ -1395,9 +1395,11 @@ CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...) CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...) NOT-FOR-US: Polycom QDX 6000 devices CVE-2018-7563 (An issue was discovered in GLPI through 9.2.1. The application is ...) - TODO: check + - glpi <removed> (unimportant) + NOTE: Only supported behind an authenticated HTTP zone CVE-2018-7562 (A remote code execution issue was discovered in GLPI through 9.2.1. ...) - TODO: check + - glpi <removed> (unimportant) + NOTE: Only supported behind an authenticated HTTP zone CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...) NOT-FOR-US: Tenda AC9 devices CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...) @@ -4049,7 +4051,7 @@ CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD3 CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass ...) NOT-FOR-US: OMRON NS devices CVE-2018-6623 (An issue was discovered in Hola 1.79.859. An unprivileged user could ...) - TODO: check + NOT-FOR-US: Hola CVE-2018-1000058 (Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an ...) NOT-FOR-US: jenkins-plugin-workflow-support CVE-2018-1000057 (Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it ...) @@ -4902,7 +4904,7 @@ CVE-2018-6402 CVE-2018-6401 RESERVED CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain ...) - TODO: check + NOT-FOR-US: Kingsoft WPS Office Free CVE-2018-6399 RESERVED CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for ...) @@ -5182,9 +5184,9 @@ CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descrip NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22746 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=38e64b0ecc7f4ee64a02514b8d532782ac057fa2 CVE-2018-6322 (Panda Global Protection 17.0.1 allows local users to gain privileges ...) - TODO: check + NOT-FOR-US: Panda Global Protection CVE-2018-6321 (Unquoted Windows search path vulnerability in the panda_url_filtering ...) - TODO: check + NOT-FOR-US: Panda Global Protection CVE-2018-6320 RESERVED CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special ...) @@ -5503,7 +5505,7 @@ CVE-2018-6185 CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next ...) NOT-FOR-US: ZEIT Next.js CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges ...) - TODO: check + NOT-FOR-US: BitDefender Total Security CVE-2018-6182 RESERVED CVE-2018-6181 @@ -6050,7 +6052,7 @@ CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Andro CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...) NOT-FOR-US: Tinder CVE-2018-6016 (Unquoted Windows search path vulnerability in the ...) - TODO: check + NOT-FOR-US: 10-Strike Network Monitor CVE-2018-6015 (An issue was discovered in the "Email Subscribers & Newsletters" ...) NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash ...) @@ -6760,7 +6762,7 @@ CVE-2018-5760 CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...) NOT-FOR-US: MuJS CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n ...) - TODO: check + NOT-FOR-US: Aurea Jive Jive-n CVE-2018-5757 RESERVED CVE-2018-5756 @@ -18598,7 +18600,7 @@ CVE-2018-1208 CVE-2018-1207 RESERVED CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and ...) - TODO: check + NOT-FOR-US: EMC Data Protection Advisor CVE-2018-1205 RESERVED CVE-2018-1204 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8d55696b4365e536e849b819e25508d4a0901bae...3980c0da790ba8dae423b662388e5da8d6e3cb78 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8d55696b4365e536e849b819e25508d4a0901bae...3980c0da790ba8dae423b662388e5da8d6e3cb78 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits