[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Jul 13 16:27:07 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
14f7331b by Moritz Muehlenhoff at 2018-07-13T17:26:44+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6128,6 +6128,7 @@ CVE-2018-11530
RESERVED
CVE-2018-11529 (VideoLAN VLC media player 2.2.x is prone to a use after free ...)
TODO: check
+ NOTE: Apparently fixed in 3.0.3, but should be doublechecked with upstream
CVE-2018-11528 (WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. ...)
NOT-FOR-US: WUZHI CMS
CVE-2018-11527 (An issue was discovered in CScms v4.1. A Cross-site request forgery ...)
@@ -14432,7 +14433,7 @@ CVE-2018-8204
CVE-2018-8203
RESERVED
CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET Framework which ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard that ...)
NOT-FOR-US: Microsoft
CVE-2018-8200
@@ -14494,7 +14495,7 @@ CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft InfoPat
CVE-2018-8172 (A remote code execution vulnerability exists in Visual Studio software ...)
NOT-FOR-US: Microsoft
CVE-2018-8171 (A Security Feature Bypass vulnerability exists in ASP.NET when the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
CVE-2018-8169 (An elevation of privilege vulnerability exists when the (Human ...)
@@ -14586,7 +14587,7 @@ CVE-2018-8127 (An information disclosure vulnerability exists when the Windows k
CVE-2018-8126 (A security feature bypass vulnerability exists when Internet Explorer ...)
NOT-FOR-US: Microsoft
CVE-2018-8125 (A remote code execution vulnerability exists when Microsoft Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8124 (An elevation of privilege vulnerability exists in Windows when the ...)
NOT-FOR-US: Microsoft
CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft Edge ...)
@@ -19208,7 +19209,7 @@ CVE-2017-18157
CVE-2017-18156
RESERVED
CVE-2017-18155 (While playing HEVC content using HD DMB in Snapdragon Automobile and ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in MediaServer ...)
NOT-FOR-US: Android Mediaserver
CVE-2017-18153
@@ -22852,7 +22853,7 @@ CVE-2018-5531
CVE-2018-5530
RESERVED
CVE-2018-5529 (The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5528 (Under certain conditions, TMM may restart and produce a core file ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5527 (On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods ...)
@@ -24799,7 +24800,7 @@ CVE-2018-4860 (A vulnerability has been identified in SCALANCE M875 (All version
CVE-2018-4859 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
NOT-FOR-US: SCALANCE
CVE-2018-4858 (A vulnerability has been identified in IEC 61850 system configurator ...)
- TODO: check
+ NOT-FOR-US: IEC
CVE-2018-4857
RESERVED
CVE-2018-4856 (A vulnerability has been identified in SICLOCK TC100 (All versions) ...)
@@ -26727,21 +26728,21 @@ CVE-2018-3938
CVE-2018-3937
RESERVED
CVE-2018-3936 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
- TODO: check
+ NOT-FOR-US: Antenna House Office Server Document Converter
CVE-2018-3935
RESERVED
CVE-2018-3934
RESERVED
CVE-2018-3933 (An exploitable out-of-bounds write exists in the Microsoft Word ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-3932 (An exploitable stack-based buffer overflow exists in the Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-3931 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-3930 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-3929 (An exploitable heap corruption exists in the PowerPoint document ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-3928
RESERVED
CVE-2018-3927
@@ -27602,19 +27603,19 @@ CVE-2018-3690
CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform Software ...)
NOT-FOR-US: Intel
CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and Tools in ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools in ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3686
RESERVED
CVE-2018-3685
RESERVED
CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3682 (BMC Firmware in Intel server boards, compute modules, and systems ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3681
RESERVED
CVE-2018-3680
@@ -27642,9 +27643,9 @@ CVE-2018-3670
CVE-2018-3669
RESERVED
CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3666
RESERVED
CVE-2018-3665 (System software utilizing Lazy FP state restore technique on systems ...)
@@ -27730,17 +27731,17 @@ CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connec
CVE-2018-3633
RESERVED
CVE-2018-3632 (Memory corruption in Intel Active Management Technology in Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3631
RESERVED
CVE-2018-3630
RESERVED
CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management Technology ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3628 (Buffer overflow in HTTP handler in Intel Active Management Technology ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3627 (Logic bug in Intel Converged Security Management Engine 11.x may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and ...)
NOT-FOR-US: Intel
CVE-2018-3625
@@ -27756,7 +27757,7 @@ CVE-2018-3621
CVE-2018-3620
RESERVED
CVE-2018-3619 (Information disclosure vulnerability in storage media in systems with ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3618
RESERVED
CVE-2018-3617
@@ -36267,7 +36268,7 @@ CVE-2018-0951 (A remote code execution vulnerability exists in the way that the
CVE-2018-0950 (An information disclosure vulnerability exists when Office renders ...)
NOT-FOR-US: Microsoft
CVE-2018-0949 (A security feature bypass vulnerability exists when Microsoft Internet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0948
RESERVED
CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint ...)
@@ -39655,9 +39656,9 @@ CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swf
NOTE: https://github.com/matthiaskramm/swftools/issues/46
NOTE: Crash in CLI tool, no security implications
CVE-2017-16710 (Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2017-16709 (Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2017-16708
RESERVED
CVE-2017-16707
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14f7331bf5aa6bc4365e2799a80825a550990701
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14f7331bf5aa6bc4365e2799a80825a550990701
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180713/cabbb45a/attachment.html>
More information about the debian-security-tracker-commits
mailing list