[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Jul 13 16:27:07 BST 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14f7331b by Moritz Muehlenhoff at 2018-07-13T17:26:44+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6128,6 +6128,7 @@ CVE-2018-11530
 	RESERVED
 CVE-2018-11529 (VideoLAN VLC media player 2.2.x is prone to a use after free ...)
 	TODO: check
+	NOTE: Apparently fixed in 3.0.3, but should be doublechecked with upstream
 CVE-2018-11528 (WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. ...)
 	NOT-FOR-US: WUZHI CMS
 CVE-2018-11527 (An issue was discovered in CScms v4.1. A Cross-site request forgery ...)
@@ -14432,7 +14433,7 @@ CVE-2018-8204
 CVE-2018-8203
 	RESERVED
 CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET Framework which ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard that ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8200
@@ -14494,7 +14495,7 @@ CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft InfoPat
 CVE-2018-8172 (A remote code execution vulnerability exists in Visual Studio software ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8171 (A Security Feature Bypass vulnerability exists in ASP.NET when the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that the ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8169 (An elevation of privilege vulnerability exists when the (Human ...)
@@ -14586,7 +14587,7 @@ CVE-2018-8127 (An information disclosure vulnerability exists when the Windows k
 CVE-2018-8126 (A security feature bypass vulnerability exists when Internet Explorer ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8125 (A remote code execution vulnerability exists when Microsoft Edge ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-8124 (An elevation of privilege vulnerability exists in Windows when the ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft Edge ...)
@@ -19208,7 +19209,7 @@ CVE-2017-18157
 CVE-2017-18156
 	RESERVED
 CVE-2017-18155 (While playing HEVC content using HD DMB in Snapdragon Automobile and ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in MediaServer ...)
 	NOT-FOR-US: Android Mediaserver
 CVE-2017-18153
@@ -22852,7 +22853,7 @@ CVE-2018-5531
 CVE-2018-5530
 	RESERVED
 CVE-2018-5529 (The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5528 (Under certain conditions, TMM may restart and produce a core file ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5527 (On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods ...)
@@ -24799,7 +24800,7 @@ CVE-2018-4860 (A vulnerability has been identified in SCALANCE M875 (All version
 CVE-2018-4859 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
 	NOT-FOR-US: SCALANCE
 CVE-2018-4858 (A vulnerability has been identified in IEC 61850 system configurator ...)
-	TODO: check
+	NOT-FOR-US: IEC
 CVE-2018-4857
 	RESERVED
 CVE-2018-4856 (A vulnerability has been identified in SICLOCK TC100 (All versions) ...)
@@ -26727,21 +26728,21 @@ CVE-2018-3938
 CVE-2018-3937
 	RESERVED
 CVE-2018-3936 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
-	TODO: check
+	NOT-FOR-US: Antenna House Office Server Document Converter
 CVE-2018-3935
 	RESERVED
 CVE-2018-3934
 	RESERVED
 CVE-2018-3933 (An exploitable out-of-bounds write exists in the Microsoft Word ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-3932 (An exploitable stack-based buffer overflow exists in the Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-3931 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-3930 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-3929 (An exploitable heap corruption exists in the PowerPoint document ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-3928
 	RESERVED
 CVE-2018-3927
@@ -27602,19 +27603,19 @@ CVE-2018-3690
 CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform Software ...)
 	NOT-FOR-US: Intel
 CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and Tools in ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools in ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3686
 	RESERVED
 CVE-2018-3685
 	RESERVED
 CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3682 (BMC Firmware in Intel server boards, compute modules, and systems ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3681
 	RESERVED
 CVE-2018-3680
@@ -27642,9 +27643,9 @@ CVE-2018-3670
 CVE-2018-3669
 	RESERVED
 CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3666
 	RESERVED
 CVE-2018-3665 (System software utilizing Lazy FP state restore technique on systems ...)
@@ -27730,17 +27731,17 @@ CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connec
 CVE-2018-3633
 	RESERVED
 CVE-2018-3632 (Memory corruption in Intel Active Management Technology in Intel ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3631
 	RESERVED
 CVE-2018-3630
 	RESERVED
 CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management Technology ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3628 (Buffer overflow in HTTP handler in Intel Active Management Technology ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3627 (Logic bug in Intel Converged Security Management Engine 11.x may allow ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and ...)
 	NOT-FOR-US: Intel
 CVE-2018-3625
@@ -27756,7 +27757,7 @@ CVE-2018-3621
 CVE-2018-3620
 	RESERVED
 CVE-2018-3619 (Information disclosure vulnerability in storage media in systems with ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3618
 	RESERVED
 CVE-2018-3617
@@ -36267,7 +36268,7 @@ CVE-2018-0951 (A remote code execution vulnerability exists in the way that the 
 CVE-2018-0950 (An information disclosure vulnerability exists when Office renders ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-0949 (A security feature bypass vulnerability exists when Microsoft Internet ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0948
 	RESERVED
 CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint ...)
@@ -39655,9 +39656,9 @@ CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swf
 	NOTE: https://github.com/matthiaskramm/swftools/issues/46
 	NOTE: Crash in CLI tool, no security implications
 CVE-2017-16710 (Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 ...)
-	TODO: check
+	NOT-FOR-US: Creston
 CVE-2017-16709 (Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 ...)
-	TODO: check
+	NOT-FOR-US: Creston
 CVE-2017-16708
 	RESERVED
 CVE-2017-16707



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14f7331bf5aa6bc4365e2799a80825a550990701

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14f7331bf5aa6bc4365e2799a80825a550990701
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180713/cabbb45a/attachment.html>


More information about the debian-security-tracker-commits mailing list