Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
71c155d7 by Salvatore Bonaccorso at 2018-03-13T21:53:43+01:00
Process NFUs
- - - - -
3980c0da by Salvatore Bonaccorso at 2018-03-13T21:54:06+01:00
Add two glpi issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,13 +9,13 @@ CVE-2018-1000097 (Sharutils sharutils (unshar command)
version 4.15.2 contains a
- sharutils <unfixed>
NOTE: http://seclists.org/bugtraq/2018/Feb/54
CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit
...)
- TODO: check
+ NOT-FOR-US: tiny-json-http
CVE-2018-1000095 (oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting
(XSS) ...)
- TODO: check
+ NOT-FOR-US: ovirt-engine
CVE-2018-1000094 (CMS Made Simple version 2.2.5 contains a Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2017-18228 (Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the
ATTKey ...)
- TODO: check
+ NOT-FOR-US: Remedy Mid Tier in BMC Remedy AR System
CVE-2018-8084
RESERVED
CVE-2018-8083
@@ -29,7 +29,7 @@ CVE-2018-8080
CVE-2018-8079
RESERVED
CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to ...)
- TODO: check
+ NOT-FOR-US: YzmCMS
CVE-2018-8077
RESERVED
CVE-2018-8076
@@ -1395,9 +1395,11 @@ CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices.
...)
CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...)
NOT-FOR-US: Polycom QDX 6000 devices
CVE-2018-7563 (An issue was discovered in GLPI through 9.2.1. The application
is ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-7562 (A remote code execution issue was discovered in GLPI through
9.2.1. ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
NOT-FOR-US: Tenda AC9 devices
CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM
package ...)
@@ -4049,7 +4051,7 @@ CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the
driver file (ZAMGUARD3
CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to
bypass ...)
NOT-FOR-US: OMRON NS devices
CVE-2018-6623 (An issue was discovered in Hola 1.79.859. An unprivileged user
could ...)
- TODO: check
+ NOT-FOR-US: Hola
CVE-2018-1000058 (Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier
have an ...)
NOT-FOR-US: jenkins-plugin-workflow-support
CVE-2018-1000057 (Jenkins Credentials Binding Plugin 1.14 and earlier masks
passwords it ...)
@@ -4902,7 +4904,7 @@ CVE-2018-6402
CVE-2018-6401
RESERVED
CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain
...)
- TODO: check
+ NOT-FOR-US: Kingsoft WPS Office Free
CVE-2018-6399
RESERVED
CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component
for ...)
@@ -5182,9 +5184,9 @@ CVE-2018-6323 (The elf_object_p function in elfcode.h in
the Binary File Descrip
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22746
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=38e64b0ecc7f4ee64a02514b8d532782ac057fa2
CVE-2018-6322 (Panda Global Protection 17.0.1 allows local users to gain
privileges ...)
- TODO: check
+ NOT-FOR-US: Panda Global Protection
CVE-2018-6321 (Unquoted Windows search path vulnerability in the
panda_url_filtering ...)
- TODO: check
+ NOT-FOR-US: Panda Global Protection
CVE-2018-6320
RESERVED
CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a
special ...)
@@ -5503,7 +5505,7 @@ CVE-2018-6185
CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the
/_next ...)
NOT-FOR-US: ZEIT Next.js
CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain
privileges ...)
- TODO: check
+ NOT-FOR-US: BitDefender Total Security
CVE-2018-6182
RESERVED
CVE-2018-6181
@@ -6050,7 +6052,7 @@ CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder
iOS app and Tinder Andro
CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder
...)
NOT-FOR-US: Tinder
CVE-2018-6016 (Unquoted Windows search path vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: 10-Strike Network Monitor
CVE-2018-6015 (An issue was discovered in the "Email Subscribers &
Newsletters" ...)
NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from
domain="*" Flash ...)
@@ -6760,7 +6762,7 @@ CVE-2018-5760
CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly
maintain the ...)
NOT-FOR-US: MuJS
CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive
Jive-n ...)
- TODO: check
+ NOT-FOR-US: Aurea Jive Jive-n
CVE-2018-5757
RESERVED
CVE-2018-5756
@@ -18598,7 +18600,7 @@ CVE-2018-1208
CVE-2018-1207
RESERVED
CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch
159 and ...)
- TODO: check
+ NOT-FOR-US: EMC Data Protection Advisor
CVE-2018-1205
RESERVED
CVE-2018-1204
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8d55696b4365e536e849b819e25508d4a0901bae...3980c0da790ba8dae423b662388e5da8d6e3cb78
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8d55696b4365e536e849b819e25508d4a0901bae...3980c0da790ba8dae423b662388e5da8d6e3cb78
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
