[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu May 3 22:09:18 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7179c6c7 by Moritz Muehlenhoff at 2018-05-03T23:08:35+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,9 +3,9 @@ CVE-2018-10720
CVE-2018-10719
RESERVED
CVE-2018-10718 (Stack-based buffer overflow in Activision Infinity Ward Call of Duty ...)
- TODO: check
+ NOT-FOR-US: Activision
CVE-2018-10717 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not ...)
- TODO: check
+ NOT-FOR-US: ngiflib
CVE-2018-10716 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10715
@@ -98,7 +98,7 @@ CVE-2018-10679
CVE-2018-10678
RESERVED
CVE-2018-10677 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks ...)
- TODO: check
+ NOT-FOR-US: ngiflib
CVE-2018-10676 (CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR ...)
NOT-FOR-US: CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices
CVE-2018-10674
@@ -118,7 +118,7 @@ CVE-2018-10668
CVE-2018-10667
RESERVED
CVE-2018-10666 (The Owned smart contract implementation for Aurora IDEX Membership ...)
- TODO: check
+ NOT-FOR-US: Aurora IDEX
CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...)
NOT-FOR-US: ILIAS
CVE-2018-10664
@@ -1927,7 +1927,7 @@ CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it po
CVE-2018-9920
RESERVED
CVE-2018-9919 (A web-accessible backdoor, with resultant SSRF, exists in Tp-shop ...)
- TODO: check
+ NOT-FOR-US: Tp-shop
CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary ...)
- qpdf 8.0.2-3 (bug #895443)
[stretch] - qpdf <no-dsa> (Minor issue)
@@ -4340,7 +4340,7 @@ CVE-2018-8902
CVE-2018-8901
RESERVED
CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and Sentinel ...)
- TODO: check
+ NOT-FOR-US: HASP SRM
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 ...)
NOT-FOR-US: IdentityServer
CVE-2018-8898
@@ -6115,7 +6115,7 @@ CVE-2018-8117 (A security feature bypass vulnerability exists in the Microsoft .
CVE-2018-8116 (A denial of service vulnerability exists in the way that Windows ...)
NOT-FOR-US: Microsoft
CVE-2018-8115 (A remote code execution vulnerability exists when the Windows Host ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8114
RESERVED
CVE-2018-8113
@@ -6704,7 +6704,7 @@ CVE-2018-7893 (CMS Made Simple (CMSMS) 2.2.6 has stored XSS in ...)
CVE-2018-7892
RESERVED
CVE-2018-7891 (The Milestone XProtect Video Management Software (Corporate, Expert, ...)
- TODO: check
+ NOT-FOR-US: Milestone XProtect Video Management Software
CVE-2018-7995 (** DISPUTED ** Race condition in the store_int_with_restart() function ...)
{DSA-4188-1 DSA-4187-1 DLA-1369-1}
- linux 4.15.11-1
@@ -10770,7 +10770,7 @@ CVE-2018-6591 (Converse.js and Inverse.js through 3.3 allow remote attackers to
CVE-2018-6590
RESERVED
CVE-2018-6589 (CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to ...)
- TODO: check
+ NOT-FOR-US: CA Spectrum
CVE-2018-6588 (CA API Developer Portal 3.5 up to and including 3.5 CR5 has a ...)
NOT-FOR-US: CA API Developer Portal
CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a ...)
@@ -11399,7 +11399,7 @@ CVE-2018-6403
CVE-2018-6402
RESERVED
CVE-2018-6401 (Meross MSS110 devices before 1.1.24 contain a TELNET listener providing ...)
- TODO: check
+ NOT-FOR-US: Meross
CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain ...)
NOT-FOR-US: Kingsoft WPS Office Free
CVE-2018-6399
@@ -11881,7 +11881,7 @@ CVE-2018-6244
CVE-2018-6243
RESERVED
CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016 contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2018-6241
RESERVED
CVE-2018-6240
@@ -14854,7 +14854,7 @@ CVE-2018-5236
CVE-2018-5235
RESERVED
CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a command ...)
- TODO: check
+ NOT-FOR-US: Norton Core router
CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/904
@@ -15975,7 +15975,7 @@ CVE-2018-4851
CVE-2018-4850
RESERVED
CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video for ...)
- TODO: check
+ NOT-FOR-US: Siveillance VMS Video
CVE-2018-4848
RESERVED
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS ...)
@@ -25499,7 +25499,7 @@ CVE-2018-1279
CVE-2018-1278
RESERVED
CVE-2018-1277 (Cloud Foundry Garden-runC, versions prior to 1.13.0, does not ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1276
RESERVED
CVE-2018-1275 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
@@ -25696,7 +25696,7 @@ CVE-2018-1185 (An issue was discovered in EMC RecoverPoint for Virtual Machines
CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines ...)
NOT-FOR-US: EMC
CVE-2018-1183 (In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2018-1182 (An issue was discovered in EMC RSA Identity Governance and Lifecycle ...)
NOT-FOR-US: EMC
CVE-2018-1181
@@ -26527,7 +26527,7 @@ CVE-2017-17320 (Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D
CVE-2017-17319 (Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 ...)
NOT-FOR-US: Huawei
CVE-2017-17318 (Huawei MBB (Mobile Broadband) products E5771h-937 with the versions ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17317
RESERVED
CVE-2017-17316
@@ -26535,7 +26535,7 @@ CVE-2017-17316
CVE-2017-17315
RESERVED
CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with Versions ...)
NOT-FOR-US: inputhub driver of HUAWEI P9 Lite mobile phones
CVE-2017-17312
@@ -27853,7 +27853,7 @@ CVE-2018-0713
CVE-2018-0712
RESERVED
CVE-2018-0711 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2018-0710
RESERVED
CVE-2018-0709
@@ -28409,7 +28409,7 @@ CVE-2017-17022
CVE-2017-17021
RESERVED
CVE-2017-17020 (On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2017-17019
RESERVED
CVE-2017-17018
@@ -28891,27 +28891,27 @@ CVE-2018-0290
CVE-2018-0289
RESERVED
CVE-2018-0288 (A vulnerability in Cisco WebEx Recording Format (WRF) Player could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0287 (A vulnerability in the Cisco WebEx Network Recording Player for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0286 (A vulnerability in the netconf interface of Cisco IOS XR Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0285 (A vulnerability in service logging for Cisco Prime Service Catalog ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0284
RESERVED
CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower System ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0282
RESERVED
CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower System ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0280
RESERVED
CVE-2018-0279
RESERVED
CVE-2018-0278 (A vulnerability in the management console of Cisco Firepower System ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0277
RESERVED
CVE-2018-0276 (A vulnerability in Cisco WebEx Connect IM could allow an ...)
@@ -28939,11 +28939,11 @@ CVE-2018-0266 (A vulnerability in the web framework of Cisco Unified Communicati
CVE-2018-0265
RESERVED
CVE-2018-0264 (A vulnerability in the Cisco WebEx Network Recording Player for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0263
RESERVED
CVE-2018-0262 (A vulnerability in Cisco Meeting Server could allow an unauthenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0261
RESERVED
CVE-2018-0260 (A vulnerability in the web interface of Cisco MATE Live could allow an ...)
@@ -28951,7 +28951,7 @@ CVE-2018-0260 (A vulnerability in the web interface of Cisco MATE Live could all
CVE-2018-0259 (A vulnerability in the web-based management interface of Cisco MATE ...)
NOT-FOR-US: Cisco
CVE-2018-0258 (A vulnerability in the Cisco Prime File Upload servlet affecting ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0257 (A vulnerability in Cisco IOS XE Software running on Cisco cBR Series ...)
NOT-FOR-US: Cisco
CVE-2018-0256 (A vulnerability in the peer-to-peer message processing functionality of ...)
@@ -28961,23 +28961,23 @@ CVE-2018-0255 (A vulnerability in the device manager web interface of Cisco Indu
CVE-2018-0254 (A vulnerability in the detection engine of Cisco Firepower System ...)
NOT-FOR-US: Cisco
CVE-2018-0253 (A vulnerability in the ACS Report component of Cisco Secure Access ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0252 (A vulnerability in the IP Version 4 (IPv4) fragment reassembly function ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0251 (A vulnerability in the Web Server Authentication Required screen of the ...)
NOT-FOR-US: Cisco
CVE-2018-0250 (A vulnerability in Central Web Authentication (CWA) with FlexConnect ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0249 (A vulnerability when handling incoming 802.11 Association Requests for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0248
RESERVED
CVE-2018-0247 (A vulnerability in Web Authentication (WebAuth) clients for the Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0246
RESERVED
CVE-2018-0245 (A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0244 (A vulnerability in the detection engine of Cisco Firepower System ...)
NOT-FOR-US: Cisco
CVE-2018-0243 (A vulnerability in the detection engine of Cisco Firepower System ...)
@@ -28997,9 +28997,9 @@ CVE-2018-0237 (A vulnerability in the file type detection mechanism of the Cisco
CVE-2018-0236
RESERVED
CVE-2018-0235 (A vulnerability in the 802.11 frame validation functionality of the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0234 (A vulnerability in the implementation of Point-to-Point Tunneling ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0233 (A vulnerability in the Secure Sockets Layer (SSL) packet reassembly ...)
NOT-FOR-US: Cisco
CVE-2018-0232
@@ -29015,7 +29015,7 @@ CVE-2018-0228 (A vulnerability in the ingress flow creation functionality of Cis
CVE-2018-0227 (A vulnerability in the Secure Sockets Layer (SSL) Virtual Private ...)
NOT-FOR-US: Cisco
CVE-2018-0226 (A vulnerability in the assignment and management of default user ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0225
RESERVED
CVE-2018-0224 (A vulnerability in the CLI of the Cisco StarOS operating system for ...)
@@ -38746,11 +38746,11 @@ CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in Advantech
CVE-2017-14015
RESERVED
CVE-2017-14014 (Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded ...)
- TODO: check
+ NOT-FOR-US: Boston Scientific ZOOM LATITUDE PRM Model 3120
CVE-2017-14013 (A Client-Side Enforcement of Server-Side Security issue was discovered ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14012 (Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at ...)
- TODO: check
+ NOT-FOR-US: Boston Scientific ZOOM LATITUDE PRM Model 3120
CVE-2017-14011 (A Cross-Site Request Forgery issue was discovered in ProMinent ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14010 (In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7179c6c755ca65291444538089b31ebefb81d6a1
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7179c6c755ca65291444538089b31ebefb81d6a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180503/215625a8/attachment.html>
More information about the debian-security-tracker-commits
mailing list