[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 22 08:34:04 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bbb35783 by Salvatore Bonaccorso at 2018-12-22T08:33:47Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -550,7 +550,7 @@ CVE-2018-20194 (There is a stack-based buffer underflow in the third instance of
- faad2 <unfixed>
NOTE: https://github.com/knik0/faad2/issues/21
CVE-2018-20193 (Certain Secure Access SA Series SSL VPN products (originally developed ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-20192
RESERVED
CVE-2018-20191 (hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation ...)
@@ -9173,13 +9173,13 @@ CVE-2018-19325
CVE-2018-19324 (kimsQ Rb 2.3.0 allows XSS via the second input field to the ...)
NOT-FOR-US: kimsQ Rb
CVE-2018-19323 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19322 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19321 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19320 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to ...)
NOT-FOR-US: SRCMS
CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to ...)
@@ -11628,9 +11628,9 @@ CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in ...)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://github.com/openexr/openexr/issues/350
CVE-2018-18442 (D-Link DCS-825L devices with firmware 1.08 do not employ a suitable ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18441 (D-Link DCS series Wi-Fi cameras expose sensitive information regarding ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18440 (DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer ...)
- u-boot <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/02/2
@@ -11769,7 +11769,7 @@ CVE-2018-18390 (User Enumeration in Moxa ThingsPro IIoT Gateway and Device Manag
CVE-2018-18389 (Due to incorrect access control in Neo4j Enterprise Database Server ...)
NOT-FOR-US: Neo4J server
CVE-2018-18388 (eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld ...)
- TODO: check
+ NOT-FOR-US: MicroWorld Technologies eScan
CVE-2018-18387 (playSMS through 1.4.2 allows Privilege Escalation through Daemon ...)
NOT-FOR-US: playSMS
CVE-2018-18386 (drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local ...)
@@ -12614,15 +12614,15 @@ CVE-2018-18099
CVE-2018-18098
RESERVED
CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive Toolbox ...)
- TODO: check
+ NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for Linux ...)
- TODO: check
+ NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-18095
RESERVED
CVE-2018-18094
RESERVED
CVE-2018-18093 (Improper file permissions in the installer for Intel VTune Amplifier ...)
- TODO: check
+ NOT-FOR-US: Intel VTune Amplifier
CVE-2018-18092
RESERVED
CVE-2018-18091
@@ -12864,13 +12864,13 @@ CVE-2018-18011
CVE-2018-18010
RESERVED
CVE-2018-18009 (dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18008 (spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18007 (atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18006 (Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for ...)
- TODO: check
+ NOT-FOR-US: Ricoh myPrint application
CVE-2018-18005
RESERVED
CVE-2018-18004
@@ -13455,7 +13455,7 @@ CVE-2018-17779
CVE-2018-17778
RESERVED
CVE-2018-17777 (An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for ...)
NOT-FOR-US: PCProtect Anti-Virus
CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for ...)
@@ -14794,13 +14794,13 @@ CVE-2018-17197
CVE-2018-17196
RESERVED
CVE-2018-17195 (The template upload API endpoint accepted requests from different ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-17194 (When a client request to a cluster node was replicated to other nodes ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-17193 (The message-page.jsp error page used the value of the HTTP request ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-17192 (The X-Frame-Options headers were applied inconsistently on some HTTP ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-17191
RESERVED
CVE-2018-17190 (In all versions of Apache Spark, its standalone resource manager ...)
@@ -16355,7 +16355,7 @@ CVE-2018-16597 (An issue was discovered in the Linux kernel through 4.18.6. Inco
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1106512
NOTE: https://git.kernel.org/linus/c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862
CVE-2018-16596 (A stack-based buffer overflow in the LAN UPnP service running on UDP ...)
- TODO: check
+ NOT-FOR-US: Swisscom
CVE-2018-16595
RESERVED
CVE-2018-16594
@@ -16443,9 +16443,9 @@ CVE-2018-16559
CVE-2018-16558
RESERVED
CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-16555 (A vulnerability has been identified in SCALANCE S602 (All versions < ...)
TODO: check
CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversal ...)
@@ -18622,19 +18622,19 @@ CVE-2018-15725
CVE-2018-15724
RESERVED
CVE-2018-15723 (The Logitech Harmony Hub before version 4.15.206 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15722 (The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS ...)
- TODO: check
+ NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15721 (The XMPP server in Logitech Harmony Hub before version 4.15.206 is ...)
- TODO: check
+ NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15720 (Logitech Harmony Hub before version 4.15.206 contained two hard-coded ...)
- TODO: check
+ NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15719 (Open Dental before version 18.4 installs a mysql database and uses the ...)
- TODO: check
+ NOT-FOR-US: Open Dental
CVE-2018-15718 (Open Dental before version 18.4 transmits the entire user database ...)
- TODO: check
+ NOT-FOR-US: Open Dental
CVE-2018-15717 (Open Dental before version 18.4 stores user passwords as base64 ...)
- TODO: check
+ NOT-FOR-US: Open Dental
CVE-2018-15716 (NUUO NVRMini2 version 3.9.1 is vulnerable to ...)
NOT-FOR-US: NUUO NVRMini2
CVE-2018-15715 (Zoom clients on Windows (before version 4.1.34814.1119), Mac OS ...)
@@ -19575,13 +19575,13 @@ CVE-2018-15333
CVE-2018-15332 (The svpn component of the F5 BIG-IP APM client prior to version ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-15331 (On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15330 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15329 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15328 (On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15327 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-15326 (In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, ...)
@@ -20649,7 +20649,7 @@ CVE-2018-14848
CVE-2018-14847 (MikroTik RouterOS through 6.42 allows unauthenticated remote attackers ...)
NOT-FOR-US: Winbox for MikroTik RouterOS
CVE-2018-14846 (The Mondula Multi Step Form plugin before 1.2.8 for WordPress has ...)
- TODO: check
+ NOT-FOR-US: Mondula Multi Step Form plugin for WordPress
CVE-2018-14845
RESERVED
CVE-2018-14844
@@ -23501,15 +23501,15 @@ CVE-2018-13817
CVE-2018-13816 (A vulnerability has been identified in TIM 1531 IRC (All version < ...)
NOT-FOR-US: Siemens TIM 1531 IRC Modules
CVE-2018-13815 (A vulnerability has been identified in SIMATIC S7-1200 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13814 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13813 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13812 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13811 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13810
RESERVED
CVE-2018-13809
@@ -23523,7 +23523,7 @@ CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad Designe
CVE-2018-13805 (A vulnerability has been identified in SIMATIC ET 200SP Open ...)
NOT-FOR-US: SIMATIC
CVE-2018-13804 (A vulnerability has been identified in SIMATIC IT LMS (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13803
RESERVED
CVE-2018-13802 (A vulnerability has been identified in ROX II (All versions < ...)
@@ -27699,7 +27699,7 @@ CVE-2018-12208
CVE-2018-12207
RESERVED
CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist ...)
- TODO: check
+ NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-12205
RESERVED
CVE-2018-12204
@@ -28011,7 +28011,7 @@ CVE-2018-12078 (The mintToken function of a smart contract implementation for Po
CVE-2018-12077
RESERVED
CVE-2018-12076 (A vulnerability in the UPC bar code of the Avanti Markets MarketCard ...)
- TODO: check
+ NOT-FOR-US: Avanti Markets MarketCard
CVE-2018-12075
RESERVED
CVE-2018-12074
@@ -29650,25 +29650,25 @@ CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISC
CVE-2018-11467
RESERVED
CVE-2018-11466 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11465 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11464 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11463 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11462 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11461 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11460 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11459 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11458 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11457 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11456 (A vulnerability has been identified in Automation License Manager 5 ...)
NOT-FOR-US: Automation License Manager
CVE-2018-11455 (A vulnerability has been identified in Automation License Manager 5 ...)
@@ -36478,15 +36478,15 @@ CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) al
CVE-2018-8893 (Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ...)
NOT-FOR-US: Z-BlogPHP
CVE-2018-8892 (A cross-site request forgery (CSRF) vulnerability in the Management ...)
- TODO: check
+ NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8891 (Multiple stored cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8890 (An information disclosure vulnerability in the Management Console of ...)
NOT-FOR-US: BlackBerry
CVE-2018-8889 (A directory traversal vulnerability in the Connect Service of the ...)
NOT-FOR-US: BlackBerry
CVE-2018-8888 (A stored cross-site scripting (XSS) vulnerability in the Management ...)
- TODO: check
+ NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8887
RESERVED
CVE-2018-8886
@@ -37184,13 +37184,13 @@ CVE-2018-8655
CVE-2018-8654
RESERVED
CVE-2018-8653 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2018-8652 (A Cross-site Scripting (XSS) vulnerability exists when Windows Azure ...)
NOT-FOR-US: Windows Azure Pack Rollup
CVE-2018-8651 (A cross site scripting vulnerability exists when Microsoft Dynamics ...)
NOT-FOR-US: Microsoft Dynamics NAV
CVE-2018-8650 (A cross-site-scripting (XSS) vulnerability exists when Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8649 (A denial of service vulnerability exists when Windows improperly ...)
NOT-FOR-US: Microsoft Windows
CVE-2018-8648
@@ -39124,7 +39124,7 @@ CVE-2018-7835
CVE-2018-7834
RESERVED
CVE-2018-7833 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7832
RESERVED
CVE-2018-7831 (An Improper Neutralization of Script-Related HTML Tags in a Web Page ...)
@@ -39166,7 +39166,7 @@ CVE-2018-7814
CVE-2018-7813
RESERVED
CVE-2018-7812 (An Information Exposure through Discrepancy vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7811 (An Unverified Password Change vulnerability exists in the embedded web ...)
NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7810 (An Improper Neutralization of Input During Web Page Generation ...)
@@ -39182,7 +39182,7 @@ CVE-2018-7806 (Data Center Operation allows for the upload of a zip file from it
CVE-2018-7805
RESERVED
CVE-2018-7804 (A URL Redirection to Untrusted Site vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7803
RESERVED
CVE-2018-7802
@@ -39196,7 +39196,7 @@ CVE-2018-7799 (A DLL hijacking vulnerability exists in Schneider Electric Softwa
CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) ...)
NOT-FOR-US: Schneider
CVE-2018-7797 (A URL redirection vulnerability exists in Power Monitoring Expert, ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7796
RESERVED
CVE-2018-7795 (A Cross Protocol Injection vulnerability exists in Schneider ...)
@@ -40648,7 +40648,7 @@ CVE-2018-7367
CVE-2018-7366
RESERVED
CVE-2018-7365 (All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product ...)
NOT-FOR-US: ZTE
CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
@@ -42668,7 +42668,7 @@ CVE-2018-6709
CVE-2018-6708
RESERVED
CVE-2018-6707 (Denial of Service through Resource Depletion vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6706 (Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 ...)
NOT-FOR-US: McAfee
CVE-2018-6705 (Privilege escalation vulnerability in McAfee Agent (MA) for Linux ...)
@@ -42744,7 +42744,7 @@ CVE-2018-6671 (Application Protection Bypass vulnerability in McAfee ePolicy ...
CVE-2018-6670 (External Entity Attack vulnerability in the ePO extension in McAfee ...)
NOT-FOR-US: McAfee
CVE-2018-6669 (A whitelist bypass vulnerability in McAfee Application Control / ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6668
RESERVED
CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user ...)
@@ -46742,7 +46742,7 @@ CVE-2018-5498
CVE-2018-5497
RESERVED
CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are ...)
- TODO: check
+ NOT-FOR-US: Data ONTAP
CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a vulnerability ...)
NOT-FOR-US: NetApp
CVE-2018-5494
@@ -47610,13 +47610,13 @@ CVE-2018-5203
CVE-2018-5202 (SKCertService 2.5.5 and earlier contains a vulnerability that could ...)
TODO: check
CVE-2018-5201 (Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2018-5200 (KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow ...)
TODO: check
CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to insufficient domain validation, It ...)
- TODO: check
+ NOT-FOR-US: Veraport G3 ALL
CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race condition when calling the ...)
- TODO: check
+ NOT-FOR-US: Veraport G3 ALL
CVE-2018-5197
RESERVED
CVE-2018-5196 (Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused ...)
@@ -51614,9 +51614,9 @@ CVE-2018-3707
CVE-2018-3706
RESERVED
CVE-2018-3705 (Improper directory permissions in the installer for the Intel System ...)
- TODO: check
+ NOT-FOR-US: Intel System Defense Utility
CVE-2018-3704 (Improper directory permissions in the installer for the Intel Parallel ...)
- TODO: check
+ NOT-FOR-US: Intel Parallel Studio
CVE-2018-3703
RESERVED
CVE-2018-3702
@@ -69117,7 +69117,7 @@ CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRI
NOTE: https://github.com/ImageMagick/ImageMagick/pull/752
NOTE: https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0
CVE-2017-15031 (In all versions of ARM Trusted Firmware up to and including v1.4, not ...)
- TODO: check
+ NOT-FOR-US: ARM Trusted Firmware
CVE-2017-15030
RESERVED
CVE-2017-15029
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbb357832851341f4493999b5eadd64dcdf13f04
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbb357832851341f4493999b5eadd64dcdf13f04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181222/c33a99b2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list