[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 15 21:26:16 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d167d223 by Salvatore Bonaccorso at 2018-08-15T20:25:45Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -406,7 +406,7 @@ CVE-2018-15173 (Nmap through 7.70, when the -sV option is used, allows remote at
- nmap <unfixed> (unimportant)
NOTE: No security impact
CVE-2018-15172 (TP-Link WR840N devices have a buffer overflow via a long Authorization ...)
- TODO: check
+ NOT-FOR-US: TP-Link WR840N devices
CVE-2018-15171
RESERVED
CVE-2018-15170
@@ -438,27 +438,27 @@ CVE-2018-15158
CVE-2018-15157
RESERVED
CVE-2018-15156 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15155 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15154 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15153 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15152 (Authentication bypass vulnerability in portal/account/register.php in ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15151 (SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15150 (SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15149 (SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15148 (SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15147 (SQL injection vulnerability in interface/forms_admin/forms_admin.php ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15146 (SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-15145 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: OpenEMR
CVE-2018-15144 (SQL injection vulnerability in ...)
@@ -474,7 +474,7 @@ CVE-2018-15140 (Directory traversal in portal/import_template.php in versions of
CVE-2018-15139 (Unrestricted file upload in interface/super/manage_site_files.php in ...)
NOT-FOR-US: OpenEMR
CVE-2018-15138 (Ericsson-LG iPECS NMS 30M allows directory traversal via ...)
- TODO: check
+ NOT-FOR-US: Ericsson-LG iPECS NMS 30M
CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload any file ...)
NOT-FOR-US: CeLa Link CLR-M20 devices
CVE-2018-15136
@@ -4671,9 +4671,9 @@ CVE-2018-13396
CVE-2018-13395
RESERVED
CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence Questions
CVE-2018-13393 (The convertCommentToAnswer resource in Atlassian Confluence Questions ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence Questions
CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before version ...)
NOT-FOR-US: Atlassian
CVE-2018-13391
@@ -8127,7 +8127,7 @@ CVE-2018-12058
CVE-2018-12057
RESERVED
CVE-2018-12056 (The maxRandom function of a smart contract implementation for All For ...)
- TODO: check
+ NOT-FOR-US: smart contract implementation for All For One
CVE-2018-12055 (Multiple SQL Injections exist in PHP Scripts Mall Schools Alert ...)
NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12054 (Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management ...)
@@ -9083,7 +9083,7 @@ CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable
CVE-2018-11688 (Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site scripting, ...)
NOT-FOR-US: Ignite Realtime Openfire
CVE-2018-11687 (An integer overflow in the distributeBTR function of a smart contract ...)
- TODO: check
+ NOT-FOR-US: smart contract implementation for Bitcoin Red (BTCR)
CVE-2018-11686
RESERVED
CVE-2018-11685 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function ...)
@@ -10285,7 +10285,7 @@ CVE-2018-11249
CVE-2018-11248 (util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an ...)
NOT-FOR-US: FileDownloader
CVE-2018-11247 (The JMX/RMI interface in Nasdaq BWise 5.0 does not require ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-11246
RESERVED
CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex ...)
@@ -12308,11 +12308,11 @@ CVE-2018-10514
CVE-2018-10513
RESERVED
CVE-2018-10512 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10511 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10510 (A Directory Traversal Remote Code Execution vulnerability in Trend ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2018-10509 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow ...)
NOT-FOR-US: Trend Micro
CVE-2018-10508 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow ...)
@@ -12645,7 +12645,7 @@ CVE-2018-1000179 (A NULL Pointer Dereference of CWE-476 exists in quassel versio
CVE-2018-10370
RESERVED
CVE-2018-10369 (A Cross-site scripting (XSS) vulnerability was discovered on Intelbras ...)
- TODO: check
+ NOT-FOR-US: Intelbras Win devices
CVE-2018-10368 (An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> ...)
NOT-FOR-US: WUZHI CMS
CVE-2018-10367 (An issue was discovered in WUZHI CMS 4.1.0. The content-management ...)
@@ -15736,7 +15736,7 @@ CVE-2018-9131
CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
NOT-FOR-US: IBOS
CVE-2018-9129 (ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ZyXEL ZyWALL/USG series devices
CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf ...)
NOT-FOR-US: DVD X Player Standard
CVE-2018-9127 (Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard ...)
@@ -17515,11 +17515,11 @@ CVE-2018-8416
CVE-2018-8415
RESERVED
CVE-2018-8414 (A remote code execution vulnerability exists when the Windows Shell ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8413
RESERVED
CVE-2018-8412 (An elevation of privilege vulnerability exists when the Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8411
RESERVED
CVE-2018-8410
@@ -17535,9 +17535,9 @@ CVE-2018-8406 (An elevation of privilege vulnerability exists when the DirectX .
CVE-2018-8405 (An elevation of privilege vulnerability exists when the DirectX ...)
TODO: check
CVE-2018-8404 (An elevation of privilege vulnerability exists in Windows when the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8403 (A remote code execution vulnerability exists in the way that Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8402
RESERVED
CVE-2018-8401 (An elevation of privilege vulnerability exists when the DirectX ...)
@@ -17545,17 +17545,17 @@ CVE-2018-8401 (An elevation of privilege vulnerability exists when the DirectX .
CVE-2018-8400 (An elevation of privilege vulnerability exists when the DirectX ...)
TODO: check
CVE-2018-8399 (An elevation of privilege vulnerability exists in Windows when the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8398 (An information disclosure vulnerability exists when the Windows GDI ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8397 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8396 (An information disclosure vulnerability exists when the Windows GDI ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8395
RESERVED
CVE-2018-8394 (An information disclosure vulnerability exists when the Windows GDI ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8393
RESERVED
CVE-2018-8392
@@ -17563,47 +17563,47 @@ CVE-2018-8392
CVE-2018-8391
RESERVED
CVE-2018-8390 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8389 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8388 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8387 (A remote code execution vulnerability exists when Microsoft Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8386
RESERVED
CVE-2018-8385 (A remote code execution vulnerability exists in the way the scripting ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8384 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8383 (A spoofing vulnerability exists when Microsoft Edge does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8382 (An information disclosure vulnerability exists when Microsoft Excel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8381 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8380 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8379 (A remote code execution vulnerability exists in Microsoft Excel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8378 (An information disclosure vulnerability exists when Microsoft Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8377 (A remote code execution vulnerability exists when Microsoft Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8376 (A remote code execution vulnerability exists in Microsoft PowerPoint ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8375 (A remote code execution vulnerability exists in Microsoft Excel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8374 (A tampering vulnerability exists when Microsoft Exchange Server fails ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8373 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8372 (A remote code execution vulnerability exists in the way the scripting ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8371 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8370 (A information disclosure vulnerability exists when WebAudio Library ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8369
RESERVED
CVE-2018-8368
@@ -17625,47 +17625,47 @@ CVE-2018-8361
CVE-2018-8360 (An information disclosure vulnerability exists in Microsoft .NET ...)
TODO: check
CVE-2018-8359 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8358 (A security feature bypass vulnerability exists when Microsoft Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8357 (An elevation of privilege vulnerability exists in Microsoft browsers ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8356 (A security feature bypass vulnerability exists when Microsoft .NET ...)
NOT-FOR-US: Microsoft .NET, doesn't affect src:mono
CVE-2018-8355 (A remote code execution vulnerability exists in the way the scripting ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8354
RESERVED
CVE-2018-8353 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8352
RESERVED
CVE-2018-8351 (An information disclosure vulnerability exists when affected Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8350 (A remote code execution vulnerability exists when Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8349 (A remote code execution vulnerability exists in "Microsoft COM for ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8348 (An information disclosure vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8347 (An elevation of privilege vulnerability exists in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8346 (A remote code execution vulnerability exists in Microsoft Windows that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8345 (A remote code execution vulnerability exists in Microsoft Windows that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8344 (A remote code execution vulnerability exists when the Windows font ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8343 (An elevation of privilege vulnerability exists in the Network Driver ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8342 (An elevation of privilege vulnerability exists in the Network Driver ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8341 (An information disclosure vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8340 (A security feature bypass vulnerability exists when Active Directory ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8339 (An elevation of privilege vulnerability exists in the Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8338
RESERVED
CVE-2018-8337
@@ -17711,7 +17711,7 @@ CVE-2018-8318
CVE-2018-8317
RESERVED
CVE-2018-8316 (A remote code execution vulnerability exists when Internet Explorer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8315
RESERVED
CVE-2018-8314 (An elevation of privilege vulnerability exists when Windows fails a ...)
@@ -17739,7 +17739,7 @@ CVE-2018-8304 (A denial of service vulnerability exists in Windows Domain Name S
CVE-2018-8303
RESERVED
CVE-2018-8302 (A remote code execution vulnerability exists in Microsoft Exchange ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8301 (A remote code execution vulnerability exists when Microsoft Edge ...)
NOT-FOR-US: Microsoft
CVE-2018-8300 (A remote code execution vulnerability exists in Microsoft SharePoint ...)
@@ -17797,7 +17797,7 @@ CVE-2018-8275 (A remote code execution vulnerability exists when Microsoft Edge
CVE-2018-8274 (A remote code execution vulnerability exists when Microsoft Edge ...)
NOT-FOR-US: Microsoft
CVE-2018-8273 (A buffer overflow vulnerability exists in the Microsoft SQL Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8272
RESERVED
CVE-2018-8271
@@ -17811,7 +17811,7 @@ CVE-2018-8268
CVE-2018-8267 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
CVE-2018-8266 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8265
RESERVED
CVE-2018-8264
@@ -17837,7 +17837,7 @@ CVE-2018-8255
CVE-2018-8254 (An elevation of privilege vulnerability exists when Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2018-8253 (An elevation of privilege vulnerability exists when Microsoft Cortana ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8252 (An elevation of privilege vulnerability exists when Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2018-8251 (A memory corruption vulnerability exists when Windows Media Foundation ...)
@@ -17935,7 +17935,7 @@ CVE-2018-8206 (A denial of service vulnerability exists when Windows improperly
CVE-2018-8205 (A denial of service vulnerability exists when Windows improperly ...)
NOT-FOR-US: Microsoft
CVE-2018-8204 (A security feature bypass vulnerability exists in Device Guard that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8203
RESERVED
CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET Framework which ...)
@@ -17943,7 +17943,7 @@ CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET Framework
CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard that ...)
NOT-FOR-US: Microsoft
CVE-2018-8200 (A security feature bypass vulnerability exists in Device Guard that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8199
RESERVED
CVE-2018-8198
@@ -21732,7 +21732,7 @@ CVE-2018-6975
CVE-2018-6974
RESERVED
CVE-2018-6973 (VMware Workstation (14.x before 14.1.3) and Fusion (10.x before ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2018-6972 (VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ...)
NOT-FOR-US: VMware
CVE-2018-6971 (VMware Horizon View Agents (7.x.x before 7.5.1) contain a local ...)
@@ -37164,7 +37164,7 @@ CVE-2018-1457 (An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through
CVE-2018-1456 (IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable ...)
NOT-FOR-US: IBM
CVE-2018-1455 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1454 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a ...)
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2018-1453 (IBM Security Identity Manager Virtual Appliance 7.0 allows an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d167d223473d9050dfee7c39e4b8adf337f15c81
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d167d223473d9050dfee7c39e4b8adf337f15c81
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180815/69386135/attachment.html>
More information about the debian-security-tracker-commits
mailing list