Skip to content
Commits on Source (2)
Hide whitespace changes
Inline Side-by-side
data/CVE/list
View file @ 3980c0da
......@@ -9,13 +9,13 @@ CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains a
- sharutils <unfixed>
NOTE: http://seclists.org/bugtraq/2018/Feb/54
CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit ...)
TODO: check
NOT-FOR-US: tiny-json-http
CVE-2018-1000095 (oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) ...)
TODO: check
NOT-FOR-US: ovirt-engine
CVE-2018-1000094 (CMS Made Simple version 2.2.5 contains a Remote Code Execution ...)
TODO: check
NOT-FOR-US: CMS Made Simple
CVE-2017-18228 (Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey ...)
TODO: check
NOT-FOR-US: Remedy Mid Tier in BMC Remedy AR System
CVE-2018-8084
RESERVED
CVE-2018-8083
......@@ -29,7 +29,7 @@ CVE-2018-8080
CVE-2018-8079
RESERVED
CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to ...)
TODO: check
NOT-FOR-US: YzmCMS
CVE-2018-8077
RESERVED
CVE-2018-8076
......@@ -1395,9 +1395,11 @@ CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...)
CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...)
NOT-FOR-US: Polycom QDX 6000 devices
CVE-2018-7563 (An issue was discovered in GLPI through 9.2.1. The application is ...)
TODO: check
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-7562 (A remote code execution issue was discovered in GLPI through 9.2.1. ...)
TODO: check
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
NOT-FOR-US: Tenda AC9 devices
CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...)
......@@ -4049,7 +4051,7 @@ CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD3
CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass ...)
NOT-FOR-US: OMRON NS devices
CVE-2018-6623 (An issue was discovered in Hola 1.79.859. An unprivileged user could ...)
TODO: check
NOT-FOR-US: Hola
CVE-2018-1000058 (Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an ...)
NOT-FOR-US: jenkins-plugin-workflow-support
CVE-2018-1000057 (Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it ...)
......@@ -4902,7 +4904,7 @@ CVE-2018-6402
CVE-2018-6401
RESERVED
CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain ...)
TODO: check
NOT-FOR-US: Kingsoft WPS Office Free
CVE-2018-6399
RESERVED
CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for ...)
......@@ -5182,9 +5184,9 @@ CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descrip
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22746
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=38e64b0ecc7f4ee64a02514b8d532782ac057fa2
CVE-2018-6322 (Panda Global Protection 17.0.1 allows local users to gain privileges ...)
TODO: check
NOT-FOR-US: Panda Global Protection
CVE-2018-6321 (Unquoted Windows search path vulnerability in the panda_url_filtering ...)
TODO: check
NOT-FOR-US: Panda Global Protection
CVE-2018-6320
RESERVED
CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special ...)
......@@ -5503,7 +5505,7 @@ CVE-2018-6185
CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next ...)
NOT-FOR-US: ZEIT Next.js
CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges ...)
TODO: check
NOT-FOR-US: BitDefender Total Security
CVE-2018-6182
RESERVED
CVE-2018-6181
......@@ -6050,7 +6052,7 @@ CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Andro
CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...)
NOT-FOR-US: Tinder
CVE-2018-6016 (Unquoted Windows search path vulnerability in the ...)
TODO: check
NOT-FOR-US: 10-Strike Network Monitor
CVE-2018-6015 (An issue was discovered in the &quot;Email Subscribers &amp; Newsletters&quot; ...)
NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain=&quot;*&quot; Flash ...)
......@@ -6760,7 +6762,7 @@ CVE-2018-5760
CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...)
NOT-FOR-US: MuJS
CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n ...)
TODO: check
NOT-FOR-US: Aurea Jive Jive-n
CVE-2018-5757
RESERVED
CVE-2018-5756
......@@ -18598,7 +18600,7 @@ CVE-2018-1208
CVE-2018-1207
RESERVED
CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and ...)
TODO: check
NOT-FOR-US: EMC Data Protection Advisor
CVE-2018-1205
RESERVED
CVE-2018-1204