[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Dec 7 10:41:34 GMT 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea69d420 by Moritz Muehlenhoff at 2018-12-07T10:41:03Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -833,7 +833,7 @@ CVE-2018-19921 (Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the do
 CVE-2018-19920
 	RESERVED
 CVE-2018-19919 (Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php ...)
-	TODO: check
+	NOT-FOR-US: Pixelimity
 CVE-2018-19918
 	RESERVED
 CVE-2019-1584
@@ -994,7 +994,7 @@ CVE-2018-19876 (cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c,
 CVE-2018-1002104
 	RESERVED
 CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes ...)
-	TODO: check
+	NOT-FOR-US: minikube
 CVE-2018-1002102
 	RESERVED
 CVE-2018-19875
@@ -1517,7 +1517,7 @@ CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer
 	NOTE: https://github.com/erikd/libsndfile/issues/429
 	NOTE: Probably a dupe of CVE-2017-17456/CVE-2017-17457
 CVE-2018-19660 (An exploitable authenticated command-injection vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-19659 (An exploitable authenticated command-injection vulnerability exists in ...)
 	NOT-FOR-US: Moxa
 CVE-2018-19658
@@ -12165,17 +12165,17 @@ CVE-2018-16605 (D-Link DIR-600M devices allow XSS via the Hostname and Username
 CVE-2018-16604 (An issue was discovered in Nibbleblog v4.0.5. With an admin's username ...)
 	NOT-FOR-US: Nibbleblog
 CVE-2018-16603 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16602 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16601 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16600 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16599 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16598 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16597 (An issue was discovered in the Linux kernel through 4.18.6. Incorrect ...)
 	- linux 4.8.5-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -12367,19 +12367,19 @@ CVE-2018-16530
 CVE-2018-16529
 	RESERVED
 CVE-2018-16528 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16527 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16526 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16525 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16524 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16523 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16522 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized ...)
-	TODO: check
+	NOT-FOR-US: FreeRTOS
 CVE-2018-16521 (An XML External Entity (XXE) vulnerability exists in HTML Form Entry ...)
 	NOT-FOR-US: OpenMRS
 CVE-2018-16520
@@ -14270,7 +14270,7 @@ CVE-2018-15799
 CVE-2018-15798
 	RESERVED
 CVE-2018-15797 (Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2018-15796 (Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2018-15795 (Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a ...)
@@ -23590,7 +23590,7 @@ CVE-2018-12157
 CVE-2018-12156
 	RESERVED
 CVE-2018-12155 (Data leakage in cryptographic libraries for Intel IPP before 2019 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-12154 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
 	NOT-FOR-US: Intel
 CVE-2018-12153 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
@@ -25796,9 +25796,9 @@ CVE-2018-11350 (An issue was discovered in Jirafeau before 3.4.1. The file &quot
 CVE-2018-11349 (The administration panel of Jirafeau before 3.4.1 is vulnerable to ...)
 	NOT-FOR-US: Jirafeau
 CVE-2018-11348 (Two XSS vulnerabilities are located in the profile edition page of the ...)
-	TODO: check
+	NOT-FOR-US: Yunihost
 CVE-2018-11347 (The YunoHost 2.7.2 through 2.7.14 web application is affected by one ...)
-	TODO: check
+	NOT-FOR-US: Yunihost
 CVE-2018-11346 (An insecure direct object reference vulnerability in download.cgi in ...)
 	NOT-FOR-US: ASUSTOR
 CVE-2018-11345 (An unrestricted file upload vulnerability in upload.cgi in ASUSTOR ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea69d4205ad9a3c419eef6cf666853c055160aa1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea69d4205ad9a3c419eef6cf666853c055160aa1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181207/72ea23f0/attachment.html>


More information about the debian-security-tracker-commits mailing list