Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb1b8eeb by Salvatore Bonaccorso at 2018-03-25T09:43:56+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,15 +1,15 @@
CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php
allows ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows
remote ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2018-8967 (An issue was discovered in zzcms 8.2. It allows SQL injection
via the ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2018-8966 (An issue was discovered in zzcms 8.2. It allows PHP code
injection via ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2018-8965 (An issue was discovered in zzcms 8.2. user/ppsave.php allows
remote ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2015-9257 (BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service
Pack 2 ...)
- TODO: check
+ NOT-FOR-US: BMC Remedy Action Request (AR) System
CVE-2018-8964 (In libming 0.4.8, the decompileDELETE function of decompile.c
has a ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/130
@@ -14933,11 +14933,11 @@ CVE-2017-17753 (Multiple cross-site scripting (XSS)
vulnerabilities in the ...)
CVE-2017-17752 (Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via
the body ...)
NOT-FOR-US: Ability Mail Server
CVE-2017-17751 (Bose SoundTouch devices allows remote attackers to achieve
remote ...)
- TODO: check
+ NOT-FOR-US: Bose SoundTouch devices
CVE-2017-17750 (Bose SoundTouch devices allow XSS via a crafted public
playlist from ...)
- TODO: check
+ NOT-FOR-US: Bose SoundTouch devices
CVE-2017-17749 (Bose SoundTouch devices allow XSS via crafted song data from a
music ...)
- TODO: check
+ NOT-FOR-US: Bose SoundTouch devices
CVE-2017-17748
RESERVED
CVE-2017-17747 (Weak access controls in the Device Logout functionality on the
TP-Link ...)
@@ -23134,7 +23134,7 @@ CVE-2018-0554
CVE-2018-0553
RESERVED
CVE-2018-0552 (Untrusted search path vulnerability in The installer of
PhishWall ...)
- TODO: check
+ NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition
for Windows)
CVE-2018-0551
RESERVED
CVE-2018-0550
@@ -23158,19 +23158,19 @@ CVE-2018-0542 (Directory traversal vulnerability in
WebProxy version 1.7.8 allow
CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker
to ...)
TODO: check
CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0
allows ...)
- TODO: check
+ NOT-FOR-US: ViX
CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute
arbitrary ...)
- TODO: check
+ NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24
allows an ...)
- TODO: check
+ NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24
allows an ...)
- TODO: check
+ NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24
allows an ...)
- TODO: check
+ NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c
allows ...)
- TODO: check
+ NOT-FOR-US: PHP 2chBBS
CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5
allows an ...)
- TODO: check
+ NOT-FOR-US: ArsenoL
CVE-2018-0533
RESERVED
CVE-2018-0532
@@ -25317,9 +25317,9 @@ CVE-2017-16774
CVE-2017-16773
RESERVED
CVE-2017-16772 (Improper input validation vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Synology Photo Station
CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in
Synology ...)
- TODO: check
+ NOT-FOR-US: Synology Photo Station
CVE-2017-16770 (File and directory information exposure vulnerability in ...)
NOT-FOR-US: Synology Surveillance Station
CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer
in ...)
@@ -29388,7 +29388,7 @@ CVE-2017-15327
CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak
encryption ...)
TODO: check
CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions
earlier ...)
- TODO: check
+ NOT-FOR-US: Bdat driver of Prague smart phones
CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS
...)
NOT-FOR-US: Huawei
CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20,
...)
@@ -70581,9 +70581,9 @@ CVE-2017-1791
CVE-2017-1790
RESERVED
CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form
Login ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed
...)
NOT-FOR-US: IBM Publishing Engine
CVE-2017-1786
@@ -70635,7 +70635,7 @@ CVE-2017-1764
CVE-2017-1763
RESERVED
CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle
Management ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1761 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to
...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to
crash ...)
@@ -70805,7 +70805,7 @@ CVE-2017-1679
CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1677 (IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux,
UNIX and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1676
RESERVED
CVE-2017-1675
@@ -70849,7 +70849,7 @@ CVE-2017-1657
CVE-2017-1656
RESERVED
CVE-2017-1655 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle
Management ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1654 (IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local
...)
NOT-FOR-US: IBM
CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle
Management ...)
@@ -70901,7 +70901,7 @@ CVE-2017-1631 (IBM Jazz for Service Management (IBM
Tivoli Components 1.1.3) is
CVE-2017-1630
RESERVED
CVE-2017-1629 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle
Management ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1628 (IBM Business Process Manager 8.6.0.0 allows authenticated users
to ...)
NOT-FOR-US: IBM
CVE-2017-1627
@@ -70955,7 +70955,7 @@ CVE-2017-1604 (IBM Maximo Anywhere 7.5 and 7.6 is
vulnerable to cross-site scrip
CVE-2017-1603
RESERVED
CVE-2017-1602 (IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0
and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1601
RESERVED
CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is
vulnerable to ...)
@@ -71017,7 +71017,7 @@ CVE-2017-1573
CVE-2017-1572
RESERVED
CVE-2017-1571 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1570 (IBM Jazz Foundation products could allow an authenticated user
to ...)
NOT-FOR-US: IBM
CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified ...)
@@ -71111,7 +71111,7 @@ CVE-2017-1526
CVE-2017-1525
RESERVED
CVE-2017-1524 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle
Management ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1523 (IBM InfoSphere Master Data Management - Collaborative Edition
11.5 ...)
NOT-FOR-US: IBM
CVE-2017-1522 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is
vulnerable to ...)
@@ -72568,7 +72568,7 @@ CVE-2016-9713
CVE-2016-9712
RESERVED
CVE-2016-9711 (IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0)
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow
a ...)
NOT-FOR-US: IBM
CVE-2016-9709
@@ -109508,7 +109508,7 @@ CVE-2015-7451 (Cross-site scripting (XSS)
vulnerability in IBM Maximo Asset ...)
CVE-2015-7450 (Serialized-object interfaces in certain IBM analytics, business
...)
NOT-FOR-US: IBM
CVE-2015-7449 (IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7448 (SQL injection vulnerability in IBM Maximo Asset Management 7.1
through ...)
NOT-FOR-US: IBM
CVE-2015-7447 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through
6.1.5.3 ...)
@@ -143301,7 +143301,7 @@ CVE-2014-4929 (Directory traversal vulnerability in
the routing component in own
- owncloud 6.0.4~beta1+dfsg-1
NOTE:
https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json
CVE-2014-4928 (SQL injection vulnerability in Invision Power Board (aka IPB or
...)
- TODO: check
+ NOT-FOR-US: Invision Power Board
CVE-2014-4927 (Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U
and ...)
NOT-FOR-US: ACME micro_httpd
CVE-2014-4926
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb1b8eebd2301eddb17f4b9e0f6e257146960a16
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb1b8eebd2301eddb17f4b9e0f6e257146960a16
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
