[Git][security-tracker-team/security-tracker][master] pyopenssl no-dsa, NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Oct 11 07:01:01 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d8f082f by Moritz Muehlenhoff at 2018-10-11T06:00:29Z
pyopenssl no-dsa, NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -361,7 +361,8 @@ CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0,
CVE-2018-1000809 (privacyIDEA version 2.23.1 and earlier contains a Improper Input ...)
NOT-FOR-US: privacyIDEA
CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0 ...)
- - pyopenssl 17.5.0-1
+ - pyopenssl 17.5.0-1 (low)
+ [stretch] - pyopenssl <no-dsa> (Minor issue)
NOTE: https://github.com/pyca/pyopenssl/pull/723
NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version ...)
@@ -50360,47 +50361,47 @@ CVE-2018-0065
CVE-2018-0064
RESERVED
CVE-2018-0063 (A vulnerability in the IP next-hop index database in Junos OS 17.3R3 ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0062 (A Denial of Service vulnerability in J-Web service may allow a remote ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0061 (A denial of service vulnerability in the telnetd service on Junos OS ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0060 (An improper input validation weakness in the device control daemon ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0059 (A persistent cross-site scripting vulnerability in the graphical user ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0058 (Receipt of a specially crafted IPv6 exception packet may be able to ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0057 (On MX Series and M120/M320 platforms configured in a Broadband Edge ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0056 (If a duplicate MAC address is learned by two different interfaces on ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0055 (Receipt of a specially crafted DHCPv6 message destined to a Junos OS ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0054 (On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0053 (An authentication bypass vulnerability in the initial boot sequence of ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0052 (If RSH service is enabled on Junos OS and if the PAM authentication is ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0051 (A Denial of Service vulnerability in the SIP application layer gateway ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0050 (An error handling vulnerability in Routing Protocols Daemon (RPD) of ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0049 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0048 (A vulnerability in the Routing Protocols Daemon (RPD) with Juniper ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0047 (A persistent cross-site scripting vulnerability in the UI framework ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0046 (A reflected cross-site scripting vulnerability in OpenNMS included ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0045 (Receipt of a specific Draft-Rosen MVPN control packet may cause the ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0044 (An insecure SSHD configuration in Juniper Device Manager (JDM) and ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0043 (Receipt of a specific MPLS packet may cause the routing protocol ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-0042 (Juniper Networks CSO versions prior to 4.0.0 may log passwords in log ...)
NOT-FOR-US: Juniper Networks CSO
CVE-2018-0041 (Juniper Networks Contrail Service Orchestration releases prior to ...)
@@ -50906,7 +50907,7 @@ CVE-2017-16716 (A SQL Injection issue was discovered in WebAccess versions prior
CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Version ...)
NOT-FOR-US: Moxa
CVE-2017-16714 (In Ice Qube Thermal Management Center versions prior to version 4.13, ...)
- TODO: check
+ NOT-FOR-US: Ice Qube Thermal Management Center
CVE-2017-16713
RESERVED
CVE-2017-16712
@@ -53556,7 +53557,7 @@ CVE-2017-15846 (In the video_ioctl2() function in the camera driver in Android f
CVE-2017-15845 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15844 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-15843 (Due to a race condition in a bus driver, a double free in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the mutex ...)
@@ -53590,7 +53591,7 @@ CVE-2017-15830 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-15829 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15828 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm component for Android
CVE-2017-15827
RESERVED
CVE-2017-15826 (Due to a race condition in MDSS rotator in Android for MSM, Firefox OS ...)
@@ -53610,7 +53611,7 @@ CVE-2017-15820 (In all Qualcomm products with Android releases from CAF using th
CVE-2017-15819
RESERVED
CVE-2017-15818 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm component for Android
CVE-2017-15817 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15816
@@ -54133,7 +54134,7 @@ CVE-2017-15610 (An issue was discovered in Octopus before 3.17.7. When the speci
CVE-2017-15609 (Octopus before 3.17.7 allows attackers to obtain sensitive cleartext ...)
NOT-FOR-US: Octopus Deploy
CVE-2017-15608 (Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change ...)
- TODO: check
+ NOT-FOR-US: Inedo ProGet
CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in filesystem-based ...)
NOT-FOR-US: Inedo Otter
CVE-2017-15606
@@ -57888,7 +57889,7 @@ CVE-2017-14445 (An exploitable buffer overflow vulnerability exists in Insteon H
CVE-2017-14444 (An exploitable buffer overflow vulnerability exists in Insteon Hub ...)
NOT-FOR-US: Insteon Hub
CVE-2017-14443 (An exploitable information leak vulnerability exists in Insteon Hub ...)
- TODO: check
+ NOT-FOR-US: Insteon Hub
CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP image ...)
{DSA-4184-1 DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
@@ -59159,7 +59160,7 @@ CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Ve
CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...)
NOT-FOR-US: Korenix
CVE-2017-14026 (In Ice Qube Thermal Management Center versions prior to version 4.13, ...)
- TODO: check
+ NOT-FOR-US: Ice Qube Thermal Management Center
CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB FOX515T ...)
NOT-FOR-US: ABB FOX515T
CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in Schneider ...)
@@ -77276,7 +77277,7 @@ CVE-2017-7910 (A Stack-Based Buffer Overflow issue was discovered in Digital Can
CVE-2017-7909 (A Use of Client-Side Authentication issue was discovered in Advantech ...)
NOT-FOR-US: Advantech
CVE-2017-7908 (A heap-based buffer overflow exists in the third-party product ...)
- TODO: check
+ NOT-FOR-US: Gigasoft
CVE-2017-7907 (An Improper XML Parser Configuration issue was discovered in Schneider ...)
NOT-FOR-US: Schneider
CVE-2017-7906 (In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently ...)
@@ -81096,7 +81097,7 @@ CVE-2017-6915 (CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to
CVE-2017-6914 (CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to ...)
NOT-FOR-US: BigTree CMS
CVE-2017-6913 (Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2017-6912
RESERVED
CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It stores ...)
@@ -89953,7 +89954,7 @@ CVE-2017-3914
CVE-2017-3913
RESERVED
CVE-2017-3912 (Bypassing password security vulnerability in McAfee Application and ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2017-3911
RESERVED
CVE-2017-3910
@@ -93565,21 +93566,21 @@ CVE-2017-2881 (An exploitable vulnerability exists in the torlist update ...)
CVE-2017-2880 (An memory corruption vulnerability exists in the .GIF parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2017-2879 (An exploitable buffer overflow vulnerability exists in the UPnP ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2878 (An exploitable buffer overflow vulnerability exists in the web ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2877 (A missing error check exists in the Multi-Camera interface used by the ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2876 (An exploitable buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2875 (An exploitable buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2874 (An information disclosure vulnerability exists in the Multi-Camera ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2873 (An exploitable command injection vulnerability exists in the web ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2872 (Insufficient security checks exist in the recovery procedure used by ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2871 (Insufficient security checks exist in the recovery procedure used by ...)
NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the ...)
@@ -93618,13 +93619,13 @@ CVE-2017-2859
CVE-2017-2858 (An exploitable denial-of-service vulnerability exists in the traversal ...)
NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2857 (An exploitable buffer overflow vulnerability exists in the DDNS client ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2856 (An exploitable buffer overflow vulnerability exists in the DDNS client ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2855 (An exploitable buffer overflow vulnerability exists in the DDNS client ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2854 (An exploitable buffer overflow vulnerability exists in the DDNS client ...)
- TODO: check
+ NOT-FOR-US: Foscam
CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the ...)
NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2852 (An exploitable denial-of-service vulnerability exists in the ...)
@@ -93908,7 +93909,7 @@ CVE-2017-2753
CVE-2017-2752
RESERVED
CVE-2017-2751 (A BIOS password extraction vulnerability has been reported on certain ...)
- TODO: check
+ NOT-FOR-US: firmware on HP notebooks
CVE-2017-2750 (Insufficient Solution DLL Signature Validation allows potential ...)
NOT-FOR-US: HP printers
CVE-2017-2749
@@ -101901,7 +101902,7 @@ CVE-2016-9042 (An exploitable denial of service vulnerability exists in the orig
CVE-2016-9041
REJECTED
CVE-2016-9040 (An exploitable denial of service exists in the the Joyent SmartOS OS ...)
- TODO: check
+ NOT-FOR-US: Joyent
CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS ...)
NOT-FOR-US: Joyent
CVE-2016-9038 (An exploitable double fetch vulnerability exists in the SboxDrv.sys ...)
@@ -106759,7 +106760,7 @@ CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11
CVE-2016-7476 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2016-7475 (Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2016-7474 (In some cases the MCPD binary cache in F5 BIG-IP devices may allow a ...)
NOT-FOR-US: F5 BIG-IP
CVE-2016-7473
@@ -129556,7 +129557,7 @@ CVE-2016-0717
CVE-2016-0716
REJECTED
CVE-2016-0715 (Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, ...)
- TODO: check
+ NOT-FOR-US: Pivotal Cloud Foundry Elastic Runtime
CVE-2016-0714 (The session-persistence implementation in Apache Tomcat 6.x before ...)
{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d8f082f4a3d45f2fd5f2898220916496aef08ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d8f082f4a3d45f2fd5f2898220916496aef08ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181011/d48b2b13/attachment.html>
More information about the debian-security-tracker-commits
mailing list