[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Mar 15 10:42:16 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
90195bb0 by Moritz Muehlenhoff at 2018-03-15T11:42:01+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,9 +7,9 @@ CVE-2018-8724
CVE-2018-8723
RESERVED
CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2018-8720
RESERVED
CVE-2018-8719
@@ -1382,7 +1382,7 @@ CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to ...)
CVE-2018-8077
RESERVED
CVE-2018-8076 (ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability ...)
- TODO: check
+ NOT-FOR-US: ZenMate
CVE-2018-8075
RESERVED
CVE-2018-8074
@@ -1821,7 +1821,7 @@ CVE-2018-7888
CVE-2018-7887
RESERVED
CVE-2018-7886 (An issue was discovered in CloudMe 1.11.0. An unauthenticated remote ...)
- TODO: check
+ NOT-FOR-US: CloudMe
CVE-2018-7885
RESERVED
CVE-2018-7884
@@ -3766,7 +3766,7 @@ CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000072 (iRedMail version prior to commit f04b8ef contains a Insecure ...)
- TODO: check
+ NOT-FOR-US: iRedMail
CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure Permissions ...)
- roundcube <unfixed>
[stretch] - roundcube <no-dsa> (Minor issue)
@@ -6522,9 +6522,9 @@ CVE-2018-6331
CVE-2018-6330
RESERVED
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 ...)
- TODO: check
+ NOT-FOR-US: Unitrends Backup
CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user ...)
- TODO: check
+ NOT-FOR-US: Unitrends Backup
CVE-2018-6327
RESERVED
CVE-2018-6326
@@ -6599,9 +6599,9 @@ CVE-2018-6307
CVE-2018-6306
RESERVED
CVE-2018-6305 (Denial of service in Gemalto's Sentinel LDK RTE version before 7.65 ...)
- TODO: check
+ NOT-FOR-US: Gemalto
CVE-2018-6304 (Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE ...)
- TODO: check
+ NOT-FOR-US: Gemalto
CVE-2018-6303 (Denial of service by uploading malformed firmware in Hanwha Techwin ...)
NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6302 (Denial of service by blocking of new camera registration on the cloud ...)
@@ -16803,17 +16803,17 @@ CVE-2018-2404
CVE-2018-2403
RESERVED
CVE-2018-2402 (In systems using the optional capture & replay functionality of SAP ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2401 (SAP Business Process Automation (BPA) By Redwood does not sufficiently ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2400 (Under certain conditions SAP Business Process Automation (BPA) By ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2399 (Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2398 (Under certain conditions SAP Business Client 6.5 allows an attacker to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2397 (In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2396 (Under certain conditions a malicious user can prevent legitimate users ...)
NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2395 (Under certain conditions a malicious user may retrieve information on ...)
@@ -16875,7 +16875,7 @@ CVE-2018-2368 (SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.3
CVE-2018-2367 (ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to ...)
NOT-FOR-US: SAP BASIS
CVE-2018-2366 (SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2018-2365 (SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not ...)
NOT-FOR-US: SAP NetWeaver Portal
CVE-2018-2364 (SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND ...)
@@ -20040,7 +20040,7 @@ CVE-2017-17444
CVE-2017-17443
RESERVED
CVE-2017-17442 (In BlackBerry UEM Management Console version 12.7.1 and earlier, a ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2017-17441
RESERVED
CVE-2017-17446 (The Mem_File_Reader::read_avail function in Data_Reader.cpp in the ...)
@@ -21314,7 +21314,7 @@ CVE-2018-0985
CVE-2018-0984
RESERVED
CVE-2018-0983 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0982
RESERVED
CVE-2018-0981
@@ -21326,7 +21326,7 @@ CVE-2018-0979
CVE-2018-0978
RESERVED
CVE-2018-0977 (The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0976
RESERVED
CVE-2018-0975
@@ -21386,157 +21386,157 @@ CVE-2018-0949
CVE-2018-0948
RESERVED
CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0946
RESERVED
CVE-2018-0945
RESERVED
CVE-2018-0944 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0943
RESERVED
CVE-2018-0942 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0941 (Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0940 (Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0939 (ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0938
RESERVED
CVE-2018-0937 (ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0936 (ChakraCore and Microsoft Windows 10 1709 allow remote code execution, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0935 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0934 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0933 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0932 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0931 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0930 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0929 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0928
RESERVED
CVE-2018-0927 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0926 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0925 (ChakraCore allows remote code execution, due to how the ChakraCore ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0924 (Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0923 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0922 (Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0921 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0920
RESERVED
CVE-2018-0919 (Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0918
RESERVED
CVE-2018-0917 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0916 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0915 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0914 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0913 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0912 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0911 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0910 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0909 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0908 (Microsoft Identity Manager 2016 SP1 allows an attacker to gain ...)
NOT-FOR-US: Microsoft
CVE-2018-0907 (Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0906
RESERVED
CVE-2018-0905
RESERVED
CVE-2018-0904 (The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0903 (Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0902 (The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0901 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0900 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0899 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0898 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0897 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0896 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0895 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0894 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0893 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0892
RESERVED
CVE-2018-0891 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0890
RESERVED
CVE-2018-0889 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0888 (The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0887
RESERVED
CVE-2018-0886 (The Credential Security Support Provider protocol (CredSSP) in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0885 (The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0884 (Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0883 (Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0882 (The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0881 (The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0880 (The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0879 (Microsoft Edge in Windows 10 1709 allows information disclosure, due ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0878 (Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0877 (The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0876 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0875 (.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0874 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0873 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0872 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0871
RESERVED
CVE-2018-0870
@@ -21544,7 +21544,7 @@ CVE-2018-0870
CVE-2018-0869 (SharePoint Server 2016 allows an elevation of privilege vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2018-0868 (Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0867
RESERVED
CVE-2018-0866 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
@@ -21646,25 +21646,25 @@ CVE-2018-0819 (Microsoft Office 2016 for Mac allows an attacker to send a specia
CVE-2018-0818 (Microsoft ChakraCore allows an attacker to bypass Control Flow Guard ...)
NOT-FOR-US: Microsoft
CVE-2018-0817 (The Windows Graphics Device Interface (GDI) in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0816 (The Windows Graphics Device Interface (GDI) in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0815 (The Windows Graphics Device Interface (GDI) in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0814 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0813 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0812 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
NOT-FOR-US: Microsoft
CVE-2018-0811 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0810 (The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, ...)
NOT-FOR-US: Microsoft
CVE-2018-0809 (The Windows kernel in Windows 10, versions 1703 and 1709, and Windows ...)
NOT-FOR-US: Microsoft
CVE-2018-0808 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0807 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
NOT-FOR-US: Microsoft
CVE-2018-0806 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
@@ -21706,7 +21706,7 @@ CVE-2018-0789 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server
CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...)
NOT-FOR-US: Microsoft
CVE-2018-0787 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0786 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...)
NOT-FOR-US: Microsoft
CVE-2018-0785 (ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery ...)
@@ -25896,9 +25896,9 @@ CVE-2017-16253
CVE-2017-16252
RESERVED
CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST 14.2, ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2017-16250 (A vulnerability in Mitel ST 14.2, release GA28 and earlier, could ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2017-16249 (The Debut embedded http server contains a remotely exploitable denial ...)
NOT-FOR-US: Debut embedded http server
CVE-2017-16247
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90195bb057f6ef370f7ffca9c54397cc922d1d7a
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90195bb057f6ef370f7ffca9c54397cc922d1d7a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180315/0f7df294/attachment.html>
More information about the Secure-testing-commits
mailing list