Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (2)
openslp no-dsa
· bd017683
Moritz Muehlenhoff
authored
Apr 26, 2018
bd017683
NFUs
· 5dec02e5
Moritz Muehlenhoff
authored
Apr 26, 2018
5dec02e5
Show whitespace changes
Inline
Side-by-side
data/CVE/list
View file @
5dec02e5
CVE-2018-10432
RESERVED
CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell ...)
TODO: chec
k
NOT-FOR-US: D-Lin
k
CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...)
TODO: check
NOT-FOR-US: DiliCMS
CVE-2018-10429 (Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the ...)
TODO: check
NOT-FOR-US: Cosmo
CVE-2018-10428
RESERVED
CVE-2018-10427
...
...
@@ -113,7 +113,7 @@ CVE-2018-10378
CVE-2018-10377
RESERVED
CVE-2018-10376 (An integer overflow in the transferProxy function of a smart contract ...)
TODO: check
NOT-FOR-US: SmartMesh token
CVE-2018-10375 (A file uploading vulnerability exists in ...)
NOT-FOR-US: DedeCMS
CVE-2018-10374 (EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) ...)
...
...
@@ -3761,15 +3761,15 @@ CVE-2018-8839
CVE-2018-8838 (A weakness in access controls in CENTUM CS 1000 all versions, CENTUM ...)
NOT-FOR-US: CENTUM
CVE-2018-8837 (Processing specially crafted .pm3 files in Advantech WebAccess HMI ...)
TODO: ch
ec
k
NOT-FOR-US: Advant
ec
h
CVE-2018-8836 (Wago 750 Series PLCs with firmware version 10 and prior include a ...)
NOT-FOR-US: Wago 750 Series PLCs
CVE-2018-8835 (Double free vulnerabilities in Advantech WebAccess HMI Designer ...)
TODO: ch
ec
k
NOT-FOR-US: Advant
ec
h
CVE-2018-8834 (Parsing malformed project files in Omron CX-One versions 4.42 and ...)
NOT-FOR-US: Omron
CVE-2018-8833 (Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI ...)
TODO: ch
ec
k
NOT-FOR-US: Advant
ec
h
CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable ...)
NOT-FOR-US: enhavo
CVE-2018-8831 (A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through ...)
...
...
@@ -5562,7 +5562,7 @@ CVE-2018-8074 (Yii 2.x before 2.0.15 allows remote attackers to inject unintende
CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA ...)
- yii <itp> (bug #597899)
CVE-2018-8072 (An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W ...)
TODO: check
NOT-FOR-US: EDIMAX
CVE-2018-8071 (Mautic before v2.13.0 has stored XSS via a theme config file. ...)
NOT-FOR-US: Mautic
CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
...
...
@@ -7335,7 +7335,7 @@ CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial /css/
CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows remote ...)
NOT-FOR-US: TestLink
CVE-2018-7465 (An XSS issue was discovered in VirtueMart before 3.2.14. All the ...)
TODO: check
NOT-FOR-US: VirtueMart
CVE-2018-7464
RESERVED
CVE-2018-7463 (SQL injection vulnerability in files.php in the "files" component in ...)
...
...
@@ -10286,7 +10286,7 @@ CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before
NOTE: updated in 1.15.2 to the respective fixed version.
NOTE: https://github.com/simplesamlphp/saml2/commit/726404bf7b4085a9eb9c9a869af1ecc146bd8f6d
CVE-2018-6518 (Composr CMS 10.0.13 has XSS via the site_name parameter in a ...)
TODO: check
NOT-FOR-US: Composr CMS
CVE-2018-6517
RESERVED
CVE-2018-6516
...
...
@@ -14035,7 +14035,7 @@ CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible befor
CVE-2018-5227 (Various administrative application link resources in Atlassian ...)
NOT-FOR-US: Atlassian
CVE-2018-5226 (There was an argument injection vulnerability in Sourcetree for ...)
TODO: check
NOT-FOR-US: Atlassian
CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 ...)
NOT-FOR-US: Atlassian Bitbucket Server
CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial repository ...)
...
...
@@ -18436,7 +18436,8 @@ CVE-2017-17834
RESERVED
CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a ...)
{DLA-1364-1}
- openslp-dfsg <removed>
- openslp-dfsg <removed> (low)
[jessie] - openslp-dfsg <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...)
NOT-FOR-US: ServersCheck Monitoring Software
...
...
@@ -23585,7 +23586,7 @@ CVE-2018-1420
CVE-2018-1419
RESERVED
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass ...)
TODO: check
NOT-FOR-US: IBM
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java ...)
NOT-FOR-US: IBM Runtimes for Java Technology
CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
...
...
@@ -25343,7 +25344,7 @@ CVE-2018-1076
CVE-2018-1075
RESERVED
CVE-2018-1074 (ovirt-engine API and administration web portal before versions ...)
TODO: check
NOT-FOR-US: ovirt-engine
CVE-2018-1073
RESERVED
CVE-2018-1072
...
...
@@ -35566,7 +35567,7 @@ CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows ...)
TODO: check
NOT-FOR-US: GeniXCMS
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...)
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
...
...
@@ -37848,7 +37849,7 @@ CVE-2017-14012
CVE-2017-14011 (A Cross-Site Request Forgery issue was discovered in ProMinent ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14010 (An uncontrolled search path element vulnerability has been identified ...)
TODO: check
NOT-FOR-US: SpiderControl
CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent MultiFLEX ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14008 (GE Centricity PACS RA1000, diagnostic image analysis, all current ...)
...
...
@@ -51934,7 +51935,7 @@ CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in an
CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions ...)
NOT-FOR-US: NetIQ eDirectory
CVE-2017-9284 (IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive ...)
TODO: check
NOT-FOR-US: IDM
CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus ...)
NOT-FOR-US: Micro Focus VisiBroker
CVE-2017-9282 (An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) ...)
...
...
@@ -51952,7 +51953,7 @@ CVE-2017-9277 (The LDAP backend in Novell eDirectory before 9.0 SP4 when switche
CVE-2017-9276 (Novell Access Manager iManager before 4.3.3 did not validate ...)
NOT-FOR-US: Novell Access Manager iManager
CVE-2017-9275 (NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is ...)
TODO: check
NOT-FOR-US: NetIQ Identity Reporting
CVE-2017-9274 (A shell command injection in the obs-service-source_validator before ...)
- osc 0.162.1-1 (bug #887391)
[stretch] - osc <no-dsa> (Minor issue)
