[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Sat Nov 3 08:59:09 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b532a308 by Moritz Muehlenhoff at 2018-11-03T08:58:41Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2018-18905
CVE-2018-18904
RESERVED
CVE-2018-18903 (Vanilla 2.6.x before 2.6.4 allows remote code execution. ...)
- TODO: check
+ NOT-FOR-US: Vanilla
CVE-2018-18902
RESERVED
CVE-2018-18901
@@ -2540,11 +2540,11 @@ CVE-2018-17918 (Circontrol CirCarLife all versions prior to 4.3.1, authenticatio
CVE-2018-17917 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud ...)
NOT-FOR-US: P2P Cloud Server
CVE-2018-17916 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...)
- TODO: check
+ NOT-FOR-US: InduSoft Web Studio
CVE-2018-17915 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud ...)
NOT-FOR-US: P2P Cloud Server
CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...)
- TODO: check
+ NOT-FOR-US: InduSoft Web Studio
CVE-2018-17913
RESERVED
CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when ...)
@@ -7804,7 +7804,7 @@ CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a re
CVE-2018-15763 (Pivotal Container Service, versions prior to 1.2.0, contains an ...)
NOT-FOR-US: Pivotal Container Service
CVE-2018-15762 (Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2018-15761
RESERVED
CVE-2018-15760
@@ -19917,7 +19917,7 @@ CVE-2018-11064 (Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE .
CVE-2018-11063 (Dell WMS versions 1.1 and prior are impacted by multiple unquoted ...)
NOT-FOR-US: Dell WMS
CVE-2018-11062 (Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 ...)
- TODO: check
+ NOT-FOR-US: Integrated Data Protection Appliance
CVE-2018-11061 (RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security ...)
NOT-FOR-US: RSA
CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass ...)
@@ -28359,7 +28359,7 @@ CVE-2018-7800
CVE-2018-7799 (A DLL hijacking vulnerability exists in Schneider Electric Software ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2018-7797
RESERVED
CVE-2018-7796
@@ -31341,13 +31341,13 @@ CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech WebAcces
CVE-2018-6910 (DedeCMS 5.7 allows remote attackers to discover the full path via a ...)
NOT-FOR-US: DedeCMS
CVE-2018-6909 (A missing X-Frame-Options header in the Green Electronics RainMachine ...)
- TODO: check
+ NOT-FOR-US: Green Electronics
CVE-2018-6908 (An authentication bypass vulnerability exists in the Green Electronics ...)
- TODO: check
+ NOT-FOR-US: Green Electronics
CVE-2018-6907 (A Cross Site Request Forgery (CSRF) vulnerability in the Green ...)
- TODO: check
+ NOT-FOR-US: Green Electronics
CVE-2018-6906 (A persistent Cross Site Scripting (XSS) vulnerability in the Green ...)
- TODO: check
+ NOT-FOR-US: Green Electronics
CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via ...)
- typo3-src <removed>
[wheezy] - typo3-src <end-of-life>
@@ -34476,9 +34476,9 @@ CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*&
CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to ...)
NOT-FOR-US: BigTree CMS
CVE-2018-6012 (The 'Weather Service' feature of the Green Electronics RainMachine ...)
- TODO: check
+ NOT-FOR-US: Green Electronics
CVE-2018-6011 (The time-based one-time-password (TOTP) function in the application ...)
- TODO: check
+ NOT-FOR-US: Green Electronics
CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could obtain ...)
NOT-FOR-US: Yii Framework
CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function in ...)
@@ -39866,7 +39866,7 @@ CVE-2018-3949
CVE-2018-3948
RESERVED
CVE-2018-3947 (An exploitable information disclosure vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3945 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
@@ -39890,9 +39890,9 @@ CVE-2018-3937 (An exploitable command injection vulnerability exists in the ...)
CVE-2018-3936 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
NOT-FOR-US: Antenna House Office Server Document Converter
CVE-2018-3935 (An exploitable code execution vulnerability exists in the UDP network ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3934 (An exploitable code execution vulnerability exists in the firmware ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3933 (An exploitable out-of-bounds write exists in the Microsoft Word ...)
NOT-FOR-US: Microsoft
CVE-2018-3932 (An exploitable stack-based buffer overflow exists in the Microsoft ...)
@@ -39904,7 +39904,7 @@ CVE-2018-3930 (In Antenna House Office Server Document Converter version V6.1 Pr
CVE-2018-3929 (An exploitable heap corruption exists in the PowerPoint document ...)
NOT-FOR-US: Microsoft
CVE-2018-3928 (An exploitable code execution vulnerability exists in the firmware ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3927 (An exploitable information disclosure vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3926 (An exploitable integer underflow vulnerability exists in the ZigBee ...)
@@ -39920,7 +39920,7 @@ CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing ...)
CVE-2018-3921 (A memory corruption vulnerability exists in the PSD-parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3920 (An exploitable code execution vulnerability exists in the firmware ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3919 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3918 (An exploitable vulnerability exists in the remote servers of Samsung ...)
@@ -39940,7 +39940,7 @@ CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware vers
CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3910 (An exploitable code execution vulnerability exists in the cloud OTA ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3909 (An exploitable vulnerability exists in the REST parser of video-core's ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of video-core's ...)
@@ -39960,11 +39960,11 @@ CVE-2018-3902 (An exploitable buffer overflow vulnerability exists in the camera
CVE-2018-3901
RESERVED
CVE-2018-3900 (An exploitable code execution vulnerability exists in the QR code ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3899 (An exploitable code execution vulnerability exists in the QR code ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3898 (An exploitable code execution vulnerability exists in the QR code ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3897 (An exploitable buffer overflow vulnerabilities exist in the ...)
NOT-FOR-US: Samsung
CVE-2018-3896 (An exploitable buffer overflow vulnerabilities exist in the ...)
@@ -39976,11 +39976,11 @@ CVE-2018-3894 (An exploitable buffer overflow vulnerability exists in the ...)
CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3892 (An exploitable firmware downgrade vulnerability exists in the time ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3891 (An exploitable firmware downgrade vulnerability exists in the firmware ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3890 (An exploitable code execution vulnerability exists in the firmware ...)
- TODO: check
+ NOT-FOR-US: Yi Home Camera
CVE-2018-3889 (A specially crafted PCX image processed via the application can lead ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3888 (A memory corruption vulnerability exists in the PCX-parsing ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b532a3084becf61c37fdfbd3acf90210544a36a8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b532a3084becf61c37fdfbd3acf90210544a36a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181103/1219204c/attachment.html>
More information about the debian-security-tracker-commits
mailing list