[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Nov 1 08:38:10 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ccd3ef3e by Moritz Muehlenhoff at 2018-11-01T08:37:47Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5894,9 +5894,9 @@ CVE-2018-16464 (A missing access check in Nextcloud Server prior to 14.0.0 could
CVE-2018-16463 (A bug causing session fixation in Nextcloud Server prior to 14.0.0, ...)
- nextcloud <itp> (bug #835086)
CVE-2018-16462 (A command injection vulnerability in the apex-publish-static-files npm ...)
- TODO: check
+ NOT-FOR-US: apex-publish-static-files npm
CVE-2018-16461 (A command injection vulnerability in libnmapp package for versions ...)
- TODO: check
+ NOT-FOR-US: libnmapp
CVE-2018-16460 (A command Injection in ps package versions <1.0.0 for Node.js allowed ...)
NOT-FOR-US: ps node module
CVE-2018-16459 (An unescaped payload in exceljs <v1.6 allows a possible XSS via cell ...)
@@ -7850,11 +7850,11 @@ CVE-2018-15709
CVE-2018-15708
RESERVED
CVE-2018-15707 (Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2018-15706 (WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2018-15705 (WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2018-15704 (Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer ...)
NOT-FOR-US: Advantech WebAccess
CVE-2018-15703 (Advantech WebAccess 8.3.2 and below is vulnerable to multiple ...)
@@ -17518,41 +17518,41 @@ CVE-2018-11886 (In all android releases (Android for MSM, Firefox OS for MSM, QR
CVE-2018-11885
RESERVED
CVE-2018-11884 (Improper input validation leads to buffer overflow while processing ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11883 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11882 (Incorrect bound check can lead to potential buffer overwrite in WLAN ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11881
RESERVED
CVE-2018-11880 (Incorrect bound check can lead to potential buffer overwrite in WLAN ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11879 (When the buffer length passed is very large, bounds check could be ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11878 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11877 (When the buffer length passed is very large in WLAN, bounds check ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11876 (Lack of input validation while copying to buffer in WLAN will lead to ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11875 (Lack of check of buffer size before copying in a WLAN function can ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11874 (Buffer overflow if the length of passphrase is more than 32 when ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11873 (Improper input validation leads to buffer overwrite in the WLAN ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11872 (Improper input validation leads to buffer overwrite in the WLAN ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11871 (Buffer overwrite can happen in WLAN function while processing set pdev ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11870 (Buffer overwrite can occur when the legacy rates count received from ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11869 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11868 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11867 (Lack of buffer length check before copying in WLAN function while ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11866 (Integer overflow may happen in WLAN when calculating an internal ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11865 (Integer overflow may happen when calculating an internal structure ...)
@@ -17562,19 +17562,19 @@ CVE-2018-11864
CVE-2018-11863 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11862 (Buffer overflow can happen in WLAN module due to lack of validation of ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11861 (Buffer overflow can happen in WLAN function due to lack of validation ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11860 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11859 (Buffer overwrite can happen in WLAN due to lack of validation of the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11858 (When processing IE set command, buffer overwrite may occur due to lack ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11857 (Improper input validation in WLAN encrypt/decrypt module can lead to a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11856 (Improper input validation leads to buffer overwrite in the WLAN ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11855
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -17631,7 +17631,7 @@ CVE-2018-11830
CVE-2018-11829
RESERVED
CVE-2018-11828 (When FW tries to get random mac address generated from new SW RNG and ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11827 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11826 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
@@ -17643,9 +17643,9 @@ CVE-2018-11824 (A stack-based buffer overflow can occur in a firmware routine in
CVE-2018-11823
RESERVED
CVE-2018-11822 (A possible integer overflow may happen in WLAN during memory ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11821 (Possible integer overflow may happen in WLAN during memory allocation ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11820
RESERVED
CVE-2018-11819
@@ -20943,13 +20943,13 @@ CVE-2018-10714
CVE-2018-10713 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
NOT-FOR-US: D-Link
CVE-2018-10712 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
- TODO: check
+ NOT-FOR-US: ASRock
CVE-2018-10711 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
- TODO: check
+ NOT-FOR-US: ASRock
CVE-2018-10710 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
- TODO: check
+ NOT-FOR-US: ASRock
CVE-2018-10709 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
- TODO: check
+ NOT-FOR-US: ASRock
CVE-2018-10708
RESERVED
CVE-2018-10707
@@ -21412,7 +21412,7 @@ CVE-2018-10534 (The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXige
CVE-2018-10533
RESERVED
CVE-2018-10532 (An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 ...)
- TODO: check
+ NOT-FOR-US: EE 4GEE HH70VB-2BE8GB3s
CVE-2018-10531
RESERVED
CVE-2018-10530
@@ -25633,7 +25633,7 @@ CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may
CVE-2018-8859 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
NOT-FOR-US: Echelon
CVE-2018-8858 (If an attacker has access to the firmware from the VGo Robot (Versions ...)
- TODO: check
+ NOT-FOR-US: VGo Robot
CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, ...)
NOT-FOR-US: Philips Brilliance
CVE-2018-8856 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
@@ -45820,7 +45820,7 @@ CVE-2018-1853
CVE-2018-1852
RESERVED
CVE-2018-1851 (IBM WebSphere Application Server Liberty OpenID Connect could allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1850 (IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 ...)
NOT-FOR-US: IBM
CVE-2018-1849
@@ -76606,7 +76606,7 @@ CVE-2017-8932 (A bug in the standard library ScalarMult implementation of curve
NOTE: Fix for 1.7: https://go-review.googlesource.com/c/43773
NOTE: Fix for 1.8: https://go-review.googlesource.com/c/43770
CVE-2017-8931 (Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2017-8930 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple ...)
NOT-FOR-US: Simple Invoices
CVE-2017-8929 (The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 ...)
@@ -137414,7 +137414,7 @@ CVE-2015-7268 (Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT0
CVE-2015-7267 (Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 ...)
NOT-FOR-US: Samsung
CVE-2015-7266 (The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol ...)
- TODO: check
+ NOT-FOR-US: Interactive Advertising Bureau (IAB) OpenRTB
CVE-2015-7265 (Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request ...)
NOT-FOR-US: Facebook Proxygen
CVE-2015-7264 (The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ccd3ef3ecd001e8f631493dc9b771d79416288be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ccd3ef3ecd001e8f631493dc9b771d79416288be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181101/7624f6a6/attachment.html>
More information about the debian-security-tracker-commits
mailing list