[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Tue Oct 16 12:25:18 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9df123a7 by Moritz Muehlenhoff at 2018-10-16T11:24:49Z
NFUs
"new" kfreebsd issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6991,11 +6991,11 @@ CVE-2018-15542 (** DISPUTED ** An issue was discovered in the org.telegram.messe
CVE-2018-15541
RESERVED
CVE-2018-15540 (Agentejo Cockpit performs actions on files without appropriate ...)
- TODO: check
+ NOT-FOR-US: Agentejo Cockpit
CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an ...)
- TODO: check
+ NOT-FOR-US: Agentejo Cockpit
CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. ...)
- TODO: check
+ NOT-FOR-US: Agentejo Cockpit
CVE-2018-15537
RESERVED
CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before ...)
@@ -15492,7 +15492,7 @@ CVE-2018-12156
CVE-2018-12155
RESERVED
CVE-2018-12154 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12153 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
NOT-FOR-US: Intel
CVE-2018-12152 (Pointer corruption in Unified Shader Compiler in Intel Graphics ...)
@@ -38215,13 +38215,13 @@ CVE-2018-4003
CVE-2018-4002
RESERVED
CVE-2018-4001 (An exploitable uninitialized pointer vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-4000 (An exploitable double-free vulnerability exists in the Office Open XML ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3999 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3998 (An exploitable heap-based buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3997 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2018-3996 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
@@ -38249,31 +38249,31 @@ CVE-2018-3986
CVE-2018-3985
RESERVED
CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within the ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3983
RESERVED
CVE-2018-3982 (An exploitable arbitrary write vulnerability exists in the Word ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3981 (An exploitable uninitialized pointer vulnerability exists in the Word ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3980
RESERVED
CVE-2018-3979
RESERVED
CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3977
RESERVED
CVE-2018-3976
RESERVED
CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3974
RESERVED
CVE-2018-3973
RESERVED
CVE-2018-3972 (An exploitable code execution vulnerability exists in the Levin ...)
- TODO: check
+ NOT-FOR-US: Epee library
CVE-2018-3971
RESERVED
CVE-2018-3970
@@ -38283,7 +38283,7 @@ CVE-2018-3969
CVE-2018-3968
RESERVED
CVE-2018-3967 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
- TODO: check
+ NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3966 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3965 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
@@ -38387,11 +38387,11 @@ CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware vers
CVE-2018-3916 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung
CVE-2018-3915 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3914 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3913 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in the ...)
@@ -38405,7 +38405,7 @@ CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of video-c
CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of video-core's ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3906 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3905 (An exploitable buffer overflow vulnerability exists in the camera ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3904 (An exploitable buffer overflow vulnerability exists in the camera ...)
@@ -38429,7 +38429,7 @@ CVE-2018-3896 (An exploitable buffer overflow vulnerabilities exist in the ...)
CVE-2018-3895 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 Firmware
CVE-2018-3894 (An exploitable buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3892
@@ -38447,13 +38447,13 @@ CVE-2018-3887 (A memory corruption vulnerability exists in the PCX-parsing ...)
CVE-2018-3886 (A memory corruption vulnerability exists in the PCX-parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3885 (An exploitable SQL injection vulnerability exists in the authenticated ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2018-3884 (An exploitable SQL injection vulnerability exists in the authenticated ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2018-3883 (An exploitable SQL injection vulnerability exists in the authenticated ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2018-3882 (An exploitable SQL injection vulnerability exists in the authenticated ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2018-3881 (An exploitable unauthenticated XML external injection vulnerability ...)
NOT-FOR-US: FocalScope
CVE-2018-3880 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
@@ -38463,15 +38463,15 @@ CVE-2018-3879 (An exploitable JSON injection vulnerability exists in the credent
CVE-2018-3878 (Multiple exploitable buffer overflow vulnerabilities exist in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3877 (An exploitable buffer overflow vulnerability exists in the credentials ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3876 (An exploitable buffer overflow vulnerability exists in the credentials ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3875 (An exploitable buffer overflow vulnerability exists in the credentials ...)
NOT-FOR-US: Samsung
CVE-2018-3874 (An exploitable buffer overflow vulnerability exists in the credentials ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3873 (An exploitable buffer overflow vulnerability exists in the credentials ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3872 (An exploitable buffer overflow vulnerability exists in the credentials ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing ...)
@@ -38487,9 +38487,9 @@ CVE-2018-3867 (An exploitable stack-based buffer overflow vulnerability exists i
CVE-2018-3866 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3865 (An exploitable buffer overflow vulnerability exists in the Samsung ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3864 (An exploitable buffer overflow vulnerability exists in the Samsung ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3863 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3862 (A specially crafted TIFF image processed via the application can lead ...)
@@ -38617,19 +38617,19 @@ CVE-2018-3831 (Elasticsearch Alerting and Monitoring in versions before 6.4.1 or
CVE-2018-3830 (Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) ...)
- kibana <itp> (bug #700337)
CVE-2018-3829 (In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was ...)
- TODO: check
+ NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3828 (Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an ...)
- TODO: check
+ NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3827 (A sensitive data disclosure flaw was found in the Elasticsearch ...)
TODO: check
CVE-2018-3826 (In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was ...)
TODO: check
CVE-2018-3825 (In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default ...)
- TODO: check
+ NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3824 (X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a ...)
- TODO: check
+ NOT-FOR-US: Elastic X-Pack Machine Learning
CVE-2018-3823 (X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a ...)
- TODO: check
+ NOT-FOR-US: Elastic X-Pack Machine Learning
CVE-2018-3822 (X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a ...)
NOT-FOR-US: Elastic X-Pack Security
CVE-2018-3821 (Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a ...)
@@ -39236,7 +39236,7 @@ CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and Tool
CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools in ...)
NOT-FOR-US: Intel
CVE-2018-3686 (Code injection vulnerability in INTEL-SA-00086 Detection Tool before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3685
RESERVED
CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 ...)
@@ -39250,7 +39250,7 @@ CVE-2018-3681
CVE-2018-3680
RESERVED
CVE-2018-3679 (Escalation of privilege in Reference UI in Intel Data Center Manager ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3678
RESERVED
CVE-2018-3677
@@ -39270,7 +39270,7 @@ CVE-2018-3671 (Escalation of privilege in Intel Saffron admin application before
CVE-2018-3670 (Driver module in Intel Smart Sound Technology before version ...)
NOT-FOR-US: Driver module in Intel Smart Sound Technology
CVE-2018-3669 (A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) ...)
NOT-FOR-US: Intel
CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets ...)
@@ -39296,15 +39296,15 @@ CVE-2018-3661 (Buffer overflow in Intel system Configuration utilities selview.e
CVE-2018-3660
RESERVED
CVE-2018-3659 (A vulnerability in Intel PTT module in Intel CSME firmware before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3658 (Multiple memory leaks in Intel AMT in Intel CSME firmware versions ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3657 (Multiple buffer overflows in Intel AMT in Intel CSME firmware versions ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3656
RESERVED
CVE-2018-3655 (A vulnerability in a subsystem in Intel CSME before version 11.21.55, ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3654
RESERVED
CVE-2018-3653
@@ -39338,7 +39338,7 @@ CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote Keybo
CVE-2018-3644
RESERVED
CVE-2018-3643 (A vulnerability in Power Management Controller firmware in systems ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3642
RESERVED
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
@@ -39423,7 +39423,7 @@ CVE-2018-3618
CVE-2018-3617
REJECTED
CVE-2018-3616 (Bleichenbacher-style side channel vulnerability in TLS implementation ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3615 (Systems with microprocessors utilizing speculative execution and Intel ...)
- intel-microcode 3.20180703.1
NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
@@ -40045,9 +40045,9 @@ CVE-2018-3576 (improper validation of array index in WiFi driver function ...)
CVE-2018-3575
RESERVED
CVE-2018-3574 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
- TODO: check
+ - linux <not-affected> (Qualcomm specific changes)
CVE-2018-3573 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-3572 (While processing a DSP buffer in an audio driver's event handler, an ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3571 (In the KGSL driver in all Android releases from CAF (Android for MSM, ...)
@@ -44500,13 +44500,13 @@ CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplet
CVE-2018-1748
RESERVED
CVE-2018-1747 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1746
RESERVED
CVE-2018-1745 (IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an ...)
NOT-FOR-US: IBM
CVE-2018-1744 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1743 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive ...)
NOT-FOR-US: IBM
CVE-2018-1742 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded ...)
@@ -46417,7 +46417,7 @@ CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before
- libspring-security-java <itp> (bug #582181)
NOTE: https://pivotal.io/security/cve-2018-1199
CVE-2018-1198 (Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser ...)
- TODO: check
+ NOT-FOR-US: Pivotal Cloud Cache
CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running inside ...)
NOT-FOR-US: Windows Stemcells
CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used to ...)
@@ -48865,7 +48865,7 @@ CVE-2018-0651
CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 ...)
NOT-FOR-US: LINE MUSIC for Android
CVE-2018-0649 (Untrusted search path vulnerability in the installers of multiple ...)
- TODO: check
+ NOT-FOR-US: CANON
CVE-2018-0648 (Untrusted search path vulnerability in installer of ChatWork Desktop ...)
NOT-FOR-US: installer of ChatWork Desktop App for Windows
CVE-2018-0647 (Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware ...)
@@ -48873,11 +48873,11 @@ CVE-2018-0647 (Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firm
CVE-2018-0646 (Directory traversal vulnerability in Explzh v.7.58 and earlier allows ...)
NOT-FOR-US: Explzh
CVE-2018-0645 (MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via ...)
- TODO: check
+ NOT-FOR-US: MTAppjQuery
CVE-2018-0644 (Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer ...)
- TODO: check
+ NOT-FOR-US: ORCA (Online Receipt Computer Advantage)
CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 ...)
- TODO: check
+ NOT-FOR-US: ORCA (Online Receipt Computer Advantage)
CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 ...)
TODO: check
CVE-2018-0641
@@ -48915,9 +48915,9 @@ CVE-2018-0626
CVE-2018-0625
RESERVED
CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series ...)
- TODO: check
+ NOT-FOR-US: Yayoi
CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series ...)
- TODO: check
+ NOT-FOR-US: Yayoi
CVE-2018-0622 (The DHC Online Shop App for Android version 3.2.0 and earlier does not ...)
NOT-FOR-US: DHC Online Shop App for Android
CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY ...)
@@ -97734,7 +97734,7 @@ CVE-2017-1233 (IBM Remote Control v9 could allow a local user to use the compone
CVE-2017-1232 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1231 (IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1230 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1229 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a ...)
@@ -98029,13 +98029,21 @@ CVE-2017-1086 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15,
- kfreebsd-10 <unfixed> (unimportant)
NOTE: kfreebsd not covered by security support
CVE-2017-1085 (In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+ NOTE: kfreebsd not covered by security support
CVE-2017-1084 (In FreeBSD before 11.2-RELEASE, multiple issues with the ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+ NOTE: kfreebsd not covered by security support
CVE-2017-1083 (In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+ NOTE: kfreebsd not covered by security support
CVE-2017-1082 (In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+ NOTE: kfreebsd not covered by security support
CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9df123a7183be9d942aebd0d849c3de1b17efd84
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9df123a7183be9d942aebd0d849c3de1b17efd84
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181016/0a216f1f/attachment.html>
More information about the debian-security-tracker-commits
mailing list