Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd61fe9f by Moritz Muehlenhoff at 2018-07-29T20:55:05Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,23 +1,23 @@
CVE-2018-14745
RESERVED
CVE-2018-14744 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14743 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14742 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14741 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14740 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14739 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14738 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14737 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
- TODO: check
+ NOT-FOR-US: cloudwu PBC
CVE-2018-14735
RESERVED
CVE-2018-14733
@@ -745,7 +745,7 @@ CVE-2018-14446 (MP4Integer32Property::Read in atom_avcC.cpp
in MP4v2 2.1.0 allow
CVE-2018-14445 (In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp
allows ...)
NOT-FOR-US: Bento4
CVE-2018-14444 (libdxfrw 0.6.3 has an Integer Overflow in
dwgCompressor::decompress18 ...)
- TODO: check
+ NOT-FOR-US: libdxfrw
CVE-2018-14443 (get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036
allows remote ...)
- libredwg <itp> (bug #595191)
CVE-2018-14442 (Foxit Reader before 9.2 and PhantomPDF before 9.2 have a
Use-After-Free ...)
@@ -813,7 +813,7 @@ CVE-2016-10727 (camel/providers/imapx/camel-imapx-server.c
in the IMAPx componen
CVE-2018-14424
RESERVED
CVE-2018-14423 (Division-by-zero vulnerabilities in the functions
pi_next_pcrl, ...)
- - openjpeg2 <unfixed> (bug #904873)
+ - openjpeg2 <unfixed> (low; bug #904873)
NOTE: https://github.com/uclouvain/openjpeg/issues/1123
CVE-2018-14422 (blog/index.php in SansCMS 0.7 has XSS via the q parameter. ...)
NOT-FOR-US: SansCMS
@@ -25223,13 +25223,13 @@ CVE-2018-5388 (In stroke_socket.c in strongSwan
before 5.6.3, a missing packet l
NOTE:
https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html
NOTE:
https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html
CVE-2018-5387 (Wizkunde SAMLBase may incorrectly utilize the results of XML
DOM ...)
- TODO: check
+ NOT-FOR-US: Wizkunde SAMLBase
CVE-2018-5386 (Some Navarino Infinity functions, up to version 2.2, placed in
the URL ...)
- TODO: check
+ NOT-FOR-US: Navarino Infinity
CVE-2018-5385 (Navarino Infinity is prone to session fixation attacks. The
server ...)
- TODO: check
+ NOT-FOR-US: Navarino Infinity
CVE-2018-5384 (Navarino Infinity web interface up to version 2.2 exposes an
...)
- TODO: check
+ NOT-FOR-US: Navarino Infinity
CVE-2018-5383
RESERVED
CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC
that ...)
@@ -39283,7 +39283,7 @@ CVE-2018-0621 (Untrusted search path vulnerability in
LOGICOOL CONNECTION UTILIT
CVE-2018-0620 (Untrusted search path vulnerability in LOGICOOL Game Software
versions ...)
NOT-FOR-US: LOGICOOL
CVE-2018-0619 (Untrusted search path vulnerability in the installer of
Glarysoft ...)
- TODO: check
+ NOT-FOR-US: Glarysoft
CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and
earlier ...)
{DSA-4246-1 DLA-1442-1}
- mailman 1:2.1.27-1
@@ -39294,15 +39294,15 @@ CVE-2018-0618 (Cross-site scripting vulnerability in
Mailman 2.1.26 and earlier
NOTE:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1783
NOTE:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1785
CVE-2018-0617 (Directory traversal vulnerability in ChamaNet MemoCGI v2.1800
to ...)
- TODO: check
+ NOT-FOR-US: ChamaNet MemoCGI
CVE-2018-0616
RESERVED
CVE-2018-0615
RESERVED
CVE-2018-0614 (Cross-site scripting vulnerability in NEC Platforms Calsos CSDX
and ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2018-0613 (NEC Platforms Calsos CSDX and CSDJ series products (CSDX
1.37210411 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2018-0612 (Cross-site scripting vulnerability in 5000 trillion yen
converter ...)
NOT-FOR-US: 5000 trillion yen converter
CVE-2018-0611 (The ANA App for iOS version 4.0.22 and earlier does not verify
X.509 ...)
@@ -59433,7 +59433,7 @@ CVE-2017-10939
CVE-2017-10938
REJECTED
CVE-2017-10937 (SQL injection vulnerability in all versions prior to
V2.01.05.09 of ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2017-10936 (SQL injection vulnerability in all versions prior to V4.01.01
of the ...)
NOT-FOR-US: ZTE ZXCDN-SNS
CVE-2017-10935 (All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S
products ...)
@@ -83361,7 +83361,7 @@ CVE-2017-3184 (ACTi cameras including the D, B, I, and
E series using firmware .
CVE-2017-3183 (Sage XRT Treasury, version 3, fails to properly restrict
database ...)
NOT-FOR-US: Sage XRT Treasury
CVE-2017-3182 (On the iOS platform, the ThreatMetrix SDK versions prior to 3.2
fail ...)
- TODO: check
+ NOT-FOR-US: ThreatMetrix SDK
CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified ...)
TODO: check
CVE-2017-3180 (Multiple TIBCO Products are prone to multiple unspecified
cross-site ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd61fe9f9757335cbddaa73b154bd4f8071b142e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd61fe9f9757335cbddaa73b154bd4f8071b142e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
