Skip to content
Commits on Source (2)
  • Salvatore Bonaccorso's avatar
    Update CVE-2018-19211 information · 64a4e1e9
    Salvatore Bonaccorso authored 
    As MITRE will not go to reject the CVE entry as clarified on a request
done by Sylvain Beucler, track explicitly the source package and use the
same fixed versions as for CVE-2018-10754.

The duplication was earlier already confirmed by Sven Joachim back in
2018 and lead us to mark it as a duplicate. As MITRE won't reject the
CVE, let's track the source package explicitly.

Thanks: Sylvain Beucler for prodding again MITRE CNA on clarification
for possible rejection.
    64a4e1e9
  • Salvatore Bonaccorso's avatar
    Process some NFUs · a492beda
    Salvatore Bonaccorso authored
    a492beda
Show whitespace changes
Inline Side-by-side
data/CVE/list
View file @ a492beda
......@@ -30321,8 +30321,13 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwe
NOT-FOR-US: libwebm
NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...)
NOTE: Duplicate of CVE-2018-10754
NOTE: Mitre request 673089 - for now they "are required to maintain these as separate CVEs according to the CNA Rules"
- ncurses 6.1+20180210-3 (low)
[stretch] - ncurses <no-dsa> (Minor issue)
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
NOTE: Technically a duplicate of CVE-2018-10754, but kept separate by MITRE as per
NOTE: MITRE request 673089.
CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWrite ...)
{DLA-1680-1}
- tiff 4.0.10-4 (bug #913675)
......@@ -32775,7 +32780,7 @@ CVE-2018-18263
CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. ...)
NOT-FOR-US: Zoho
CVE-2018-18261 (In waimai Super Cms 20150505, there is an XSS vulnerability via the /a ...)
TODO: check
NOT-FOR-US: waimai Super Cms
CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Th ...)
NOT-FOR-US: Camaleon CMS
CVE-2018-18259 (Stored XSS has been discovered in version 1.0.12 of the LUYA CMS softw ...)
......@@ -82970,7 +82975,7 @@ CVE-2017-17025
CVE-2017-17024
RESERVED
CVE-2017-17023 (The Sophos UTM VPN endpoint interacts with client software provided by ...)
TODO: check
NOT-FOR-US: Sophos IPSec Client and NCP "Secure Entry Client"
CVE-2017-17022
RESERVED
CVE-2017-17021
......@@ -92787,7 +92792,7 @@ CVE-2017-14201
CVE-2017-14200
RESERVED
CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's getaddrinfo() ...)
TODO: check
NOT-FOR-US: Zephyr OS
CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...)
NOT-FOR-US: Squiz Matrix
CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...)