[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Nov 29 11:14:09 GMT 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe622d1c by Moritz Muehlenhoff at 2018-11-29T11:13:48Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2018-19666 (The agent in OSSEC through 3.1.0 on Windows allows local users to gain ...)
-	TODO: check
+	- ossec-hids <itp> (bug #361954)
 CVE-2018-19665
 	RESERVED
 CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the ...)
@@ -23,13 +23,13 @@ CVE-2018-19656
 CVE-2018-19655 (A stack-based buffer overflow in the find_green() function of dcraw ...)
 	TODO: check
 CVE-2018-19654 (An issue was discovered in Sales & Company Management System (SCMS) ...)
-	TODO: check
+	NOT-FOR-US: Sales & Company Management System (SCMS) 
 CVE-2018-19653
 	RESERVED
 CVE-2018-19652
 	RESERVED
 CVE-2018-19651 (admin/functions/remote.php in Interspire Email Marketer through 6.1.6 ...)
-	TODO: check
+	NOT-FOR-US: Interspire Email Marketer
 CVE-2018-19650
 	RESERVED
 CVE-2019-1564
@@ -2997,9 +2997,9 @@ CVE-2018-19532 (A NULL pointer dereference vulnerability exists in the function
 	[stretch] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/podofo/tickets/32/
 CVE-2018-19531 (HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote ...)
-	TODO: check
+	NOT-FOR-US: HTTL
 CVE-2018-19530 (HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote ...)
-	TODO: check
+	NOT-FOR-US: HTTL
 CVE-2018-19529
 	RESERVED
 CVE-2018-19528 (TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a ...)
@@ -3406,7 +3406,7 @@ CVE-2018-19372
 CVE-2018-19371
 	RESERVED
 CVE-2018-19370 (A Race condition vulnerability in unzip_file in ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-19369
 	RESERVED
 CVE-2018-19368
@@ -6686,7 +6686,7 @@ CVE-2018-18205
 CVE-2018-18204
 	RESERVED
 CVE-2018-18203 (A vulnerability in the update mechanism of Subaru StarLink Harman head ...)
-	TODO: check
+	NOT-FOR-US: Subaru
 CVE-2018-18202 (The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 ...)
 	NOT-FOR-US: IBM
 CVE-2018-18201 (qibosoft V7.0 allows CSRF via ...)
@@ -7370,7 +7370,7 @@ CVE-2018-17932
 CVE-2018-17931 (If an attacker has physical access to the VGo Robot (Versions ...)
 	NOT-FOR-US: VGo Robot
 CVE-2018-17930 (A stack-based buffer overflow vulnerability has been identified in ...)
-	TODO: check
+	NOT-FOR-US: Teledyne DALSA Sherlock
 CVE-2018-17929 (In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and ...)
 	NOT-FOR-US: TPEditor
 CVE-2018-17928
@@ -13555,7 +13555,7 @@ CVE-2018-15443 (A vulnerability in the detection engine of Cisco Firepower Syste
 CVE-2018-15442 (A vulnerability in the update service of Cisco Webex Meetings Desktop ...)
 	NOT-FOR-US: Cisco
 CVE-2018-15441 (A vulnerability in the web framework code of Cisco Prime License ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-15440
 	RESERVED
 CVE-2018-15439 (A vulnerability in the Cisco Small Business Switches software could ...)
@@ -15115,13 +15115,13 @@ CVE-2018-14751
 CVE-2018-14750
 	RESERVED
 CVE-2018-14749 (Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-14748 (Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-14747 (NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-14746 (Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-14955 (The mail message display page in SquirrelMail through 1.4.22 has XSS ...)
 	{DLA-1484-1}
 	- squirrelmail <removed> (bug #905023)
@@ -21085,13 +21085,13 @@ CVE-2017-18320
 CVE-2017-18319
 	RESERVED
 CVE-2017-18318 (Missing validation check on CRL issuer name in Snapdragon Automobile, ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2017-18317 (Restrictions related to the modem (sim lock, sim kill) can be bypassed ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2017-18316 (Secure application can access QSEE kernel memory through Ontario ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2017-18315 (Buffer over-read vulnerabilities in an older version of ASN.1 parser ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2017-18314 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18313 (Under certain mode of operations, HLOS may be able get direct or ...)
@@ -22396,7 +22396,7 @@ CVE-2018-11998
 CVE-2018-11997
 	RESERVED
 CVE-2018-11996 (When a malformed command is sent to the device programmer, an ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
 	TODO: check
 CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to access ...)
@@ -27502,7 +27502,7 @@ CVE-2018-10144
 CVE-2018-10143
 	RESERVED
 CVE-2018-10142 (The Expedition Migration tool 1.0.106 and earlier may allow an ...)
-	TODO: check
+	NOT-FOR-US: Expedition Migration
 CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 ...)
@@ -36062,7 +36062,7 @@ CVE-2018-6985
 CVE-2018-6984
 	RESERVED
 CVE-2018-6983 (VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2018-6982
 	RESERVED
 	NOT-FOR-US: VMware
@@ -38365,13 +38365,13 @@ CVE-2018-6268
 CVE-2018-6267
 	RESERVED
 CVE-2018-6266 (NVIDIA GeForce Experience contains a vulnerability in all versions ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2018-6265 (NVIDIA GeForce Experience contains a vulnerability in all versions ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2018-6264
 	RESERVED
 CVE-2018-6263 (NVIDIA GeForce Experience contains a vulnerability in all versions ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2018-6262 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when ...)
 	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2018-6261 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when ...)
@@ -40789,7 +40789,7 @@ CVE-2018-5561
 CVE-2018-5560
 	RESERVED
 CVE-2018-5559 (In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are ...)
-	TODO: check
+	NOT-FOR-US: Rapid7 Komand
 CVE-2018-5558
 	RESERVED
 CVE-2018-5557



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe622d1c044bc8976381aea187d65f4b01c7f753

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe622d1c044bc8976381aea187d65f4b01c7f753
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181129/a0effa50/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list