[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Tue Apr 24 22:24:24 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8b49f71 by Moritz Muehlenhoff at 2018-04-24T23:23:59+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2839,7 +2839,7 @@ CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt functi
- ming <removed>
NOTE: https://github.com/libming/libming/issues/133
CVE-2018-9131 (Reaper 5.78 suffers from a local buffer overflow that allows code ...)
- TODO: check
+ NOT-FOR-US: Reaper
CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
NOT-FOR-US: IBOS
CVE-2018-9129
@@ -5691,9 +5691,9 @@ CVE-2018-7934
CVE-2018-7933
RESERVED
CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7931 (Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7930 (The Near Field Communication (NFC) module in Mate 9 Huawei mobile ...)
NOT-FOR-US: Mate 9 Huawei mobile phones
CVE-2018-7929
@@ -13830,7 +13830,7 @@ CVE-2018-5230
CVE-2018-5229
RESERVED
CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible before ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-5227 (Various administrative application link resources in Atlassian ...)
NOT-FOR-US: Atlassian
CVE-2018-5226
@@ -14965,7 +14965,7 @@ CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controll
CVE-2018-4833
RESERVED
CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-4831
RESERVED
CVE-2018-4830
@@ -25561,21 +25561,21 @@ CVE-2017-17260
CVE-2017-17259
RESERVED
CVE-2017-17258 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17257 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17256 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17255 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17254 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17253 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17252 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17251 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17250 (Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; ...)
NOT-FOR-US: Huawei
CVE-2017-17249
@@ -43336,7 +43336,7 @@ CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the ...)
CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the ...)
TODO: check
CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing ...)
- TODO: check
+ NOT-FOR-US: Computerinsel Photoline
CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ...)
@@ -50425,11 +50425,11 @@ CVE-2017-9658
CVE-2017-9657
RESERVED
CVE-2017-9656 (The backend database of the Philips DoseWise Portal application ...)
- TODO: check
+ NOT-FOR-US: Philips DoseWise Portal
CVE-2017-9655 (A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator ...)
NOT-FOR-US: OSIsoft
CVE-2017-9654 (The Philips DoseWise Portal web-based application versions 1.1.7.333 ...)
- TODO: check
+ NOT-FOR-US: Philips DoseWise Portal
CVE-2017-9653 (An Improper Authorization issue was discovered in OSIsoft PI ...)
NOT-FOR-US: OSIsoft
CVE-2017-9652
@@ -72101,7 +72101,7 @@ CVE-2017-2842 (In the web management interface in Foscam C1 Indoor HD Camera run
CVE-2017-2841 (An exploitable command injection vulnerability exists in the web ...)
NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2840 (A buffer overflow vulnerability exists in the ISO parsing ...)
- TODO: check
+ NOT-FOR-US: EZB Systems UltraISO
CVE-2017-2839 (An exploitable denial of service vulnerability exists within the ...)
{DSA-3923-1 DLA-1095-1}
- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
@@ -72140,9 +72140,9 @@ CVE-2017-2834 (An exploitable code execution vulnerability exists in the ...)
NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2833 (An exploitable command injection vulnerability exists in the web ...)
- TODO: check
+ NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2832 (An exploitable command injection vulnerability exists in the web ...)
- TODO: check
+ NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2831 (An exploitable buffer overflow vulnerability exists in the web ...)
NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2830 (An exploitable buffer overflow vulnerability exists in the web ...)
@@ -72206,9 +72206,9 @@ CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image ..
CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...)
NOT-FOR-US: IrfanView
CVE-2017-2812 (A code execution vulnerability exists in the kdu_buffered_expand ...)
- TODO: check
+ NOT-FOR-US: Kakadu
CVE-2017-2811 (A code execution vulnerability exists in the Kakadu SDK 7.9's parsing ...)
- TODO: check
+ NOT-FOR-US: Kakadu
CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading ...)
- python-tablib 0.9.11-3 (bug #864818)
[stretch] - python-tablib 0.9.11-2+deb8u1
@@ -72234,11 +72234,11 @@ CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Le
CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2804 (A remote out of bound write vulnerability exists in the TIFF parsing ...)
- TODO: check
+ NOT-FOR-US: Core PHOTO-PAINT X8
CVE-2017-2803 (A remote out of bound write vulnerability exists in the TIFF parsing ...)
- TODO: check
+ NOT-FOR-US: Core PHOTO-PAINT X8
CVE-2017-2802 (An exploitable dll hijacking vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2017-2801 (A programming error exists in a way Randombit Botan cryptographic ...)
{DSA-3939-1 DLA-915-1}
- botan1.10 1.10.16-1 (bug #860072)
@@ -74688,7 +74688,7 @@ CVE-2017-1736
CVE-2017-1735
RESERVED
CVE-2017-1734 (IBM Jazz Team Server affecting the following IBM Rational Products: ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log files ...)
NOT-FOR-US: IBM
CVE-2017-1732
@@ -74706,7 +74706,7 @@ CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sens
CVE-2017-1726
RESERVED
CVE-2017-1725 (IBM Jazz Team Server affecting the following IBM Rational Products: ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1724
RESERVED
CVE-2017-1723
@@ -74756,7 +74756,7 @@ CVE-2017-1702
CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, ...)
NOT-FOR-US: IBM
CVE-2017-1700 (IBM Jazz Team Server affecting the following IBM Rational Products: ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure ...)
NOT-FOR-US: IBM MQ Managed File Transfer Agent
CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive ...)
@@ -80429,7 +80429,7 @@ CVE-2016-9045
CVE-2016-9044
RESERVED
CVE-2016-9043 (An out of bound write vulnerability exists in the EMF parsing ...)
- TODO: check
+ NOT-FOR-US: CorelDRAW X8
CVE-2016-9042
RESERVED
- ntp 1:4.2.8p10+dfsg-1
@@ -80448,7 +80448,7 @@ CVE-2016-9040
CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS ...)
NOT-FOR-US: Joyent
CVE-2016-9038 (An exploitable double fetch vulnerability exists in the SboxDrv.sys ...)
- TODO: check
+ NOT-FOR-US: Invincea-X
CVE-2016-9037 (An exploitable out-of-bounds array access vulnerability exists in the ...)
- tarantool 1.7.2.385.g952d79e-1
[jessie] - tarantool <not-affected> (Vulnerable code not present)
@@ -81148,11 +81148,11 @@ CVE-2016-8734 (Subversion's mod_dontdothat module and HTTP clients 1.4.0 through
CVE-2016-8733 (An exploitable integer overflow exists in the Joyent SmartOS ...)
NOT-FOR-US: Joyent SmartOS
CVE-2016-8732 (Multiple security flaws exists in InvProtectDrv.sys which is a part of ...)
- TODO: check
+ NOT-FOR-US: Invincea Dell Protected Workspace
CVE-2016-8731 (Hard-coded FTP credentials (r:r) are included in the Foscam C1 running ...)
NOT-FOR-US: Foscam C1
CVE-2016-8730 (An of bound write / memory corruption vulnerability exists in the GIF ...)
- TODO: check
+ NOT-FOR-US: Core PHOTO-PAINT X8
CVE-2016-8729 (An exploitable memory corruption vulnerability exists in the JBIG2 ...)
{DSA-3817-1 DLA-874-1}
- jbig2dec 0.13-4 (bug #863886)
@@ -82469,11 +82469,11 @@ CVE-2016-8386 (An exploitable heap-based buffer overflow exists in Iceni Argus.
CVE-2016-8385 (An exploitable uninitialized variable vulnerability which leads to a ...)
NOT-FOR-US: Iceni Argus
CVE-2016-8384 (An exploitable heap corruption vulnerability exists in the DHFSummary ...)
- TODO: check
+ NOT-FOR-US: AntennaHouse
CVE-2016-8383 (An exploitable heap corruption vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: AntennaHouse
CVE-2016-8382 (An exploitable heap corruption vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: AntennaHouse
CVE-2016-8381
RESERVED
CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to read and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8b49f71c612cbd48811b96baf5009ac8a6beaba
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8b49f71c612cbd48811b96baf5009ac8a6beaba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180424/1f8e4b0e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list