Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: b0ea37f1 by Moritz Muehlenhoff at 2018-03-26T19:26:04+02:00 NFUs - - - - - f411120e by Moritz Muehlenhoff at 2018-03-26T19:26:40+02:00 Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,18 +1,18 @@ CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2018-9019 RESERVED CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage ...) - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/ CVE-2018-9017 (dsmall v20180320 allows XSS via the member search box at the ...) - TODO: check + NOT-FOR-US: dsmall CVE-2018-9016 (dsmall v20180320 allows XSS via the main page search box at the ...) - TODO: check + NOT-FOR-US: dsmall CVE-2018-9015 (dsmall v20180320 allows XSS via the ...) - TODO: check + NOT-FOR-US: dsmall CVE-2018-9014 (dsmall v20180320 allows physical path leakage via a ...) - TODO: check + NOT-FOR-US: dsmall CVE-2018-9013 RESERVED CVE-2018-9012 @@ -20,7 +20,7 @@ CVE-2018-9012 CVE-2018-9011 RESERVED CVE-2018-9010 (Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote ...) - TODO: check + NOT-FOR-US: Intelbras CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the decompileJUMP ...) - ming <removed> NOTE: https://github.com/libming/libming/issues/131 @@ -83,9 +83,9 @@ CVE-2018-8981 CVE-2018-8980 RESERVED CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a ...) - TODO: check + NOT-FOR-US: Open-AudIT Professional CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an ...) - TODO: check + NOT-FOR-US: Open-AudIT Professional CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in ...) TODO: check CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...) @@ -154,7 +154,7 @@ CVE-2018-8949 (An issue was discovered in app/Model/Attribute.php in MISP before CVE-2018-8948 (In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has ...) NOT-FOR-US: MISP CVE-2018-8947 (rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding ...) - TODO: check + NOT-FOR-US: rap2hpoutre Laravel Log Viewer CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect Access ...) - i-librarian <itp> (bug #649291) NOTE: https://github.com/mkucej/i-librarian/issues/124 @@ -489,7 +489,7 @@ CVE-2018-8819 CVE-2018-8818 RESERVED CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...) - TODO: check + NOT-FOR-US: Wampserver CVE-2018-8816 RESERVED CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in ...) @@ -3019,7 +3019,7 @@ CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via ...) CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Western ...) NOT-FOR-US: Western Bridge Cobub Razor CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. ...) - TODO: check + NOT-FOR-US: Acrolinx Server CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps ...) - gpac <unfixed> (bug #892526) [wheezy] - gpac <not-affected> (vulnerable code not present) @@ -20831,7 +20831,7 @@ CVE-2018-1223 CVE-2018-1222 RESERVED CVE-2018-1221 (In cf-deployment before 1.14.0 and routing-release before 0.172.0, the ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect ...) NOT-FOR-US: EMC RSA Archer CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...) @@ -20885,7 +20885,7 @@ CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running insi CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used to ...) NOT-FOR-US: Spring Boot CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment versions ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2018-1194 RESERVED CVE-2018-1193 @@ -23303,9 +23303,9 @@ CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier ...) NOT-FOR-US: Jtrim installer CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8 allows an ...) - TODO: check + NOT-FOR-US: WebProxy (some software released by LunarLight) CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to ...) - TODO: check + NOT-FOR-US: Tiny FTP Daemon CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 allows ...) NOT-FOR-US: ViX CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary ...) @@ -26818,7 +26818,7 @@ CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Bui CVE-2017-16243 RESERVED CVE-2017-16242 (An issue was discovered on MECO USB Memory Stick with Fingerprint ...) - TODO: check + NOT-FOR-US: MECO CVE-2017-1000384 REJECTED CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...) @@ -29535,7 +29535,7 @@ CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an ... CVE-2017-15327 RESERVED CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions earlier ...) NOT-FOR-US: Bdat driver of Prague smart phones CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS ...) @@ -59123,7 +59123,7 @@ CVE-2017-5738 (Escalation of privilege vulnerability in admin portal for Intel U CVE-2017-5737 RESERVED CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions Platform ...) - TODO: check + NOT-FOR-US: Intel CVE-2017-5735 RESERVED CVE-2017-5734 @@ -66951,7 +66951,7 @@ CVE-2016-9882 (An issue was discovered in Cloud Foundry Foundation cf-release ve CVE-2016-9881 REJECTED CVE-2016-9880 (The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x ...) - libspring-security-java <itp> (bug #582181) NOTE: https://pivotal.io/security/cve-2016-9879 @@ -72442,13 +72442,13 @@ CVE-2017-0937 CVE-2017-0936 RESERVED CVE-2017-0935 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an ...) - TODO: check + NOT-FOR-US: Ubiquiti Networks EdgeOS CVE-2017-0934 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an ...) - TODO: check + NOT-FOR-US: Ubiquiti Networks EdgeOS CVE-2017-0933 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a ...) - TODO: check + NOT-FOR-US: Ubiquiti Networks EdgeOS CVE-2017-0932 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an ...) - TODO: check + NOT-FOR-US: Ubiquiti Networks EdgeOS CVE-2017-0931 RESERVED CVE-2017-0930 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7634c39592c5e8c40619dd8da83e1161e7bfd7c5...f411120e4e894ef88a4e958f891b39b7db1e3e2d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7634c39592c5e8c40619dd8da83e1161e7bfd7c5...f411120e4e894ef88a4e958f891b39b7db1e3e2d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits