Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a2e4ee05 by Moritz Muehlenhoff at 2018-08-13T15:30:44Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4538,7 +4538,7 @@ CVE-2018-13392
CVE-2018-13391
RESERVED
CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via
network from ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-13389 (The attachment resource in Atlassian Confluence before version
6.6.1 ...)
NOT-FOR-US: Atlassian Confluence
CVE-2018-13388 (The review attachment resource in Atlassian Fisheye and
Crucible ...)
@@ -5236,7 +5236,7 @@ CVE-2018-13066 (There is a memory leak in util/parser.c
in libming 0.4.8, which
- ming <removed>
NOTE: https://github.com/libming/libming/issues/146
CVE-2018-13065 (** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror
attribute of ...)
- TODO: check
+ NOT-FOR-US: Bogus claim for ModSecurity, to be revoked
CVE-2018-13064
RESERVED
CVE-2018-13063
@@ -21370,11 +21370,11 @@ CVE-2018-7062
CVE-2018-7061
RESERVED
CVE-2018-7060 (Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1
is ...)
- TODO: check
+ NOT-FOR-US: Aruba ClearPass
CVE-2018-7059 (Aruba ClearPass prior to 6.6.9 has a vulnerability in the API
that ...)
- TODO: check
+ NOT-FOR-US: Aruba ClearPass
CVE-2018-7058 (Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are
affected by ...)
- TODO: check
+ NOT-FOR-US: Aruba ClearPass
CVE-2018-7057 (RoomWizard before 4.4.x allows XSS via the HelpAction.action
pageName ...)
NOT-FOR-US: RoomWizard
CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain
potentially ...)
@@ -30943,7 +30943,7 @@ CVE-2018-3780
CVE-2018-3779 (active-support ruby gem 5.2.0 could allow a remote attacker to
execute ...)
TODO: check
CVE-2018-3778 (Improper authorization in aedes version <0.35.0 will publish
a LWT in ...)
- TODO: check
+ NOT-FOR-US: aedes
CVE-2018-3777 (Insufficient URI encoding in restforce before 3.0.0 allows
attacker to ...)
NOT-FOR-US: restforce
CVE-2018-3776 (Improper input validator in Nextcloud Server prior to 12.0.3
and ...)
@@ -31259,7 +31259,7 @@ CVE-2018-3652 (Existing UEFI setting restrictions for
DCI (Direct Connect Interf
CVE-2018-3651
RESERVED
CVE-2018-3650 (Insufficient Input Validation in Bleach module in INTEL
Distribution ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3649 (DLL injection vulnerability in the installation executables ...)
NOT-FOR-US: Intel
CVE-2018-3648
@@ -33199,7 +33199,7 @@ CVE-2018-3112
CVE-2018-3111
RESERVED
CVE-2018-3110 (A vulnerability was discovered in the Java VM component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3109 (Vulnerability in the Oracle Fusion Middleware MapViewer
component of ...)
NOT-FOR-US: Oracle
CVE-2018-3108 (Vulnerability in the Oracle Fusion Middleware component of
Oracle ...)
@@ -66770,13 +66770,13 @@ CVE-2017-9005
CVE-2017-9004
RESERVED
CVE-2017-9003 (Multiple memory corruption flaws are present in ArubaOS which
could ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2017-9002 (All versions of Aruba ClearPass prior to 6.6.8 contain
reflected ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2017-9001 (Aruba ClearPass 6.6.3 and later includes a feature called
"SSH ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2017-9000 (ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16,
6.5.x ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2017-8999
RESERVED
CVE-2017-8998
@@ -84848,7 +84848,7 @@ CVE-2017-3212 (The Space Coast Credit Union Mobile app
2.2 for iOS and 2.1.0.110
CVE-2017-3211
RESERVED
CVE-2017-3210 (Applications developed using the Portrait Display SDK, versions
2.30 ...)
- TODO: check
+ NOT-FOR-US: Portrait Display SDK
CVE-2017-3209 (The DBPOWER U818A WIFI quadcopter drone provides FTP access
over its ...)
NOT-FOR-US: DBPOWER U818A WIFI quadcopter drone
CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB
for Java ...)
@@ -84909,9 +84909,9 @@ CVE-2017-3183 (Sage XRT Treasury, version 3, fails to
properly restrict database
CVE-2017-3182 (On the iOS platform, the ThreatMetrix SDK versions prior to 3.2
fail ...)
NOT-FOR-US: ThreatMetrix SDK
CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2017-3180 (Multiple TIBCO Products are prone to multiple unspecified
cross-site ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2017-3179
RESERVED
CVE-2017-3178
@@ -86521,13 +86521,13 @@ CVE-2017-2654 (jenkins-email-ext before version
2.57.1 is vulnerable to an ...)
CVE-2017-2653 (A number of unused delete routes are present in CloudForms
before ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2017-2652 (It was found that there were no permission checks performed in
the ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2017-2651 (jenkins-mailer-plugin before version 1.20 is vulnerable to an
...)
NOT-FOR-US: jenkins-mailer-plugin
CVE-2017-2650 (It was found that the use of Pipeline: Classpath Step Jenkins
plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2017-2649 (It was found that the Active Directory Plugin for Jenkins up to
and ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2017-2648 (It was found that jenkins-ssh-slaves-plugin before version 1.15
did ...)
NOT-FOR-US: jenkins-ssh-slaves-plugin
CVE-2017-2647 (The KEYS subsystem in the Linux kernel before 3.18 allows local
users ...)
@@ -95826,9 +95826,9 @@ CVE-2016-8529 (A Remote Arbitrary Command Execution
vulnerability in HPE StoreVi
CVE-2016-8528 (A Remote Escalation of Privilege vulnerability in HPE Helion
...)
NOT-FOR-US: HPE Helion Eucalyptus
CVE-2016-8527 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is
...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2016-8526 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is
...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2016-8525 (A Remote Disclosure of Information vulnerability in HPE iMC
PLAT ...)
NOT-FOR-US: HPE iMC PLAT
CVE-2016-8524
@@ -109858,7 +109858,7 @@ CVE-2016-4407 (The DSA algorithm implementation in
SAP SAPCRYPTOLIB 5.555.38 doe
CVE-2016-4406 (A remote cross site scripting vulnerability was identified in
HPE iLO ...)
NOT-FOR-US: HPE iLO
CVE-2016-4405 (A remote code execution vulnerability was identified in HP
Business ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2016-4404 (A security vulnerability was identified in the Filter SDK
component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4403 (A security vulnerability was identified in the Filter SDK
component of ...)
@@ -168240,7 +168240,7 @@ CVE-2014-2298
CVE-2014-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-2296 (XML external entity (XXE) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Jasig CAS
CVE-2014-2295
RESERVED
CVE-2014-2294 (Open Web Analytics (OWA) before 1.5.7 allows remote attackers
to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2e4ee0598454f726a0c4592736961bd0f570dd3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2e4ee0598454f726a0c4592736961bd0f570dd3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
