Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (2)
ruby-ffi n/a
· be91df10
Moritz Muehlenhoff
authored
Jun 23, 2018
be91df10
new mongoose issue
· 0227191f
Moritz Muehlenhoff
authored
Jun 23, 2018
0227191f
Show whitespace changes
Inline
Side-by-side
data/CVE/list
View file @
0227191f
...
...
@@ -2421,7 +2421,7 @@ CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) fr
[jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266
CVE-2018-1000201 (ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can ...)
TODO: check
- ruby-ffi <not-affected> (Windows-specific)
CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. ...)
NOT-FOR-US: Pluck CMS
CVE-2018-11735 (index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or ...)
...
...
@@ -2693,7 +2693,7 @@ CVE-2018-11649 (Hue 3.12 has XSS via the /pig/save/ name and script parameters.
CVE-2018-11648
RESERVED
CVE-2018-11647 (index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. ...)
TODO: check
NOT-FOR-US: oauth2orize-fprm
CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and ...)
- webkit2gtk 2.20.3-1 (unimportant)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=186164
...
...
@@ -2978,7 +2978,7 @@ CVE-2018-11539
CVE-2018-11538 (servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, ...)
NOT-FOR-US: SearchBlox
CVE-2018-11537 (Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as ...)
TODO: check
NOT-FOR-US: angular-jwt
CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because ...)
NOT-FOR-US: md4c
CVE-2018-11535 (An issue was discovered in SITEMAKIN SLAC (Site Login and Access ...)
...
...
@@ -4508,7 +4508,11 @@ CVE-2017-18266 (The open_envvar function in xdg-open in xdg-utils before 1.1.3 d
NOTE: Upstream bug discussed possible other approach to fix the issue.
NOTE: Fixed by: https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
CVE-2018-10945 (The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows ...)
TODO: check
- smplayer 18.5.0~ds1-1
[stretch] - smplayer <not-affected> (Vulnerable code not present)
[jessie] - smplayer <not-affected> (Vulnerable code not present)
[wheezy] - smplayer <not-affected> (Vulnerable code not present)
NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2018-10944 (The request_dividend function of a smart contract implementation for ...)
NOT-FOR-US: Rasputin Online Coin
CVE-2018-10943
