[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Jun 28 10:27:54 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e7af9bd by Moritz Muehlenhoff at 2018-06-28T11:27:20+02:00
NFUs
new busybox issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -776,13 +776,15 @@ CVE-2018-1000505 (Tooltipy (tooltips for WP) version 5 contains a Cross ite Requ
CVE-2018-1000504 (Redirection version 2.7.3 contains a ACE via file inclusion ...)
NOT-FOR-US: Redirection
CVE-2018-1000503 (MyBB Group MyBB contains a Incorrect Access Control vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MyBB Group MyBB
CVE-2018-1000502 (MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel ...)
- TODO: check
+ NOT-FOR-US: MyBB Group MyBB
CVE-2018-1000501 (Instant Update CMS contains a Password Reset Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Instante Update CMS
CVE-2018-1000500 (Busybox contains a Missing SSL certificate validation vulnerability in ...)
- TODO: check
+ - busybox <unfixed> (unimportant)
+ NOTE: Intentional design decision:
+ NOTE: https://git.busybox.net/busybox/tree/networking/wget.c?id=8bc418f07eab79a9c8d26594629799f6157a9466#n74
CVE-2018-1000404
RESERVED
CVE-2018-12637
@@ -3805,11 +3807,11 @@ CVE-2018-11451
CVE-2018-11450
RESERVED
CVE-2018-11449 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
- TODO: check
+ NOT-FOR-US: SCALANCE
CVE-2018-11448 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
- TODO: check
+ NOT-FOR-US: SCALANCE
CVE-2018-11447 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
- TODO: check
+ NOT-FOR-US: SCALANCE
CVE-2018-11446 (The buy function of a smart contract implementation for Gold Reward ...)
NOT-FOR-US: Gold Reward
CVE-2018-11445 (A CSRF issue was discovered on the User Add/System Settings Page ...)
@@ -4855,7 +4857,7 @@ CVE-2018-11055
CVE-2018-11054
RESERVED
CVE-2018-11053 (Dell EMC iDRAC Service Module for all supported Linux and XenServer ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-11052
RESERVED
CVE-2018-11051
@@ -4869,7 +4871,7 @@ CVE-2018-11048
CVE-2018-11047
RESERVED
CVE-2018-11046 (Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2018-11045
RESERVED
CVE-2018-11044
@@ -4879,7 +4881,7 @@ CVE-2018-11043
CVE-2018-11042
RESERVED
CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to ...)
- libspring-java <unfixed>
NOTE: https://pivotal.io/security/cve-2018-11040
@@ -5095,7 +5097,7 @@ CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a SIG
CVE-2018-10957 (CSRF exists on D-Link DIR-868L devices, leading to (for example) a ...)
NOT-FOR-US: D-Link
CVE-2018-10956 (IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. ...)
- TODO: check
+ NOT-FOR-US: IPConfigure Orchid Core VMS
CVE-2018-10955 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
NOT-FOR-US: 2345 Security Guard
CVE-2018-10954 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
@@ -5844,19 +5846,19 @@ CVE-2018-10666 (The Owned smart contract implementation for Aurora IDEX Membersh
CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...)
NOT-FOR-US: ILIAS
CVE-2018-10664 (An issue was discovered in the httpd process in multiple models of ...)
- TODO: check
+ NOT-FOR-US: Axis
CVE-2018-10663 (An issue was discovered in multiple models of Axis IP Cameras. There ...)
- TODO: check
+ NOT-FOR-US: Axis
CVE-2018-10662 (An issue was discovered in multiple models of Axis IP Cameras. There ...)
- TODO: check
+ NOT-FOR-US: Axis
CVE-2018-10661 (An issue was discovered in multiple models of Axis IP Cameras. There ...)
- TODO: check
+ NOT-FOR-US: Axis
CVE-2018-10660 (An issue was discovered in multiple models of Axis IP Cameras. There ...)
- TODO: check
+ NOT-FOR-US: Axis
CVE-2018-10659 (There was a Memory Corruption issue discovered in multiple models of ...)
- TODO: check
+ NOT-FOR-US: Axis
CVE-2018-10658 (There was a Memory Corruption issue discovered in multiple models of ...)
- TODO: check
+ NOT-FOR-US: Axis
CVE-2018-10675 (The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel ...)
- linux 4.12.12-1
[stretch] - linux 4.9.47-1
@@ -5992,7 +5994,7 @@ CVE-2018-10596
CVE-2018-10595 (A vulnerability in ReadA version 1.1.0.2 and previous allows an ...)
NOT-FOR-US: BD Kiestra and InoqulA systems
CVE-2018-10594 (Delta Industrial Automation COMMGR from Delta Electronics versions ...)
- TODO: check
+ NOT-FOR-US: Delta
CVE-2018-10593 (A vulnerability in DB Manager version 3.0.1.0 and previous and ...)
NOT-FOR-US: BD Kiestra and InoqulA systems
CVE-2018-10592
@@ -10628,7 +10630,7 @@ CVE-2018-8757
CVE-2018-8756 (Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 ...)
NOT-FOR-US: YzmCMS
CVE-2018-8755 (NuCom WR644GACV devices before STA006 allow an attacker to download ...)
- TODO: check
+ NOT-FOR-US: NuCom
CVE-2018-8754 (The libevt_record_values_read_event() function in ...)
{DSA-4160-1}
- libevt 20180317-1 (bug #893431)
@@ -16393,7 +16395,7 @@ CVE-2018-6669
CVE-2018-6668
RESERVED
CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6666
RESERVED
CVE-2018-6665
@@ -20180,9 +20182,9 @@ CVE-2018-5530
CVE-2018-5529
RESERVED
CVE-2018-5528 (Under certain conditions, TMM may restart and produce a core file ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5527 (On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5526 (Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5525 (A local file vulnerability exists in the F5 BIG-IP Configuration ...)
@@ -20362,11 +20364,11 @@ CVE-2018-5439 (A Command Injection issue was discovered in Nortek Linear eMerge
CVE-2018-5438 (Philips ISCV application prior to version 2.3.0 has an insufficient ...)
NOT-FOR-US: Philips ISCV application
CVE-2018-5437 (The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client ...)
- TODO: check
+ NOT-FOR-US: TIBCO Spotfire
CVE-2018-5436 (The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire ...)
- TODO: check
+ NOT-FOR-US: TIBCO Spotfire
CVE-2018-5435 (The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client ...)
- TODO: check
+ NOT-FOR-US: TIBCO Spotfire
CVE-2018-5434 (The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime ...)
NOT-FOR-US: TIBCO Runtime Agent
CVE-2018-5433 (The TIBCO Administrator server component of TIBCO Software Inc.'s ...)
@@ -22119,11 +22121,11 @@ CVE-2018-4863 (Sophos Endpoint Protection 10.7 allows local users to bypass an .
CVE-2018-4862 (In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an ...)
NOT-FOR-US: Octopus Deploy
CVE-2018-4861 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
- TODO: check
+ NOT-FOR-US: SCALANCE
CVE-2018-4860 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
- TODO: check
+ NOT-FOR-US: SCALANCE
CVE-2018-4859 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
- TODO: check
+ NOT-FOR-US: SCALANCE
CVE-2018-4858
RESERVED
CVE-2018-4857
@@ -22149,9 +22151,9 @@ CVE-2018-4848 (A vulnerability has been identified in SCALANCE X-200 IRT (All ..
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS ...)
NOT-FOR-US: SIMATIC WinCC OA Operator iOS App
CVE-2018-4846 (A vulnerability has been identified in RAPIDLab 1200 systems / ...)
- TODO: check
+ NOT-FOR-US: RAPIDLab
CVE-2018-4845 (A vulnerability has been identified in RAPIDLab 1200 systems / ...)
- TODO: check
+ NOT-FOR-US: RAPIDLab
CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for Android ...)
NOT-FOR-US: SIMATIC
CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All ...)
@@ -23368,7 +23370,7 @@ CVE-2018-4239 (An issue was discovered in certain Apple products. iOS before 11.
CVE-2018-4238 (An issue was discovered in certain Apple products. iOS before 11.4 is ...)
NOT-FOR-US: Apple
CVE-2018-4237 (An issue was discovered in certain Apple products. iOS before 11.4 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4236 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
CVE-2018-4235 (An issue was discovered in certain Apple products. iOS before 11.4 is ...)
@@ -23386,7 +23388,7 @@ CVE-2018-4232 (An issue was discovered in certain Apple products. iOS before 11.
CVE-2018-4231
RESERVED
CVE-2018-4230 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4229 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
CVE-2018-4228 (An issue was discovered in certain Apple products. macOS before ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e7af9bd8d8787c035fd6d325e5e8e3c2fec4a2d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e7af9bd8d8787c035fd6d325e5e8e3c2fec4a2d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180628/7153a572/attachment.html>
More information about the debian-security-tracker-commits
mailing list