[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 11 20:49:01 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
94188034 by Salvatore Bonaccorso at 2019-01-11T20:47:53Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -201,13 +201,13 @@ CVE-2019-6140
CVE-2019-6139
RESERVED
CVE-2019-6138 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc and ...)
- TODO: check
+ NOT-FOR-US: libIEC61850
CVE-2019-6137 (An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in ...)
- TODO: check
+ NOT-FOR-US: lib60870
CVE-2019-6136 (An issue has been found in libIEC61850 v1.3.1. ...)
- TODO: check
+ NOT-FOR-US: libIEC61850
CVE-2019-6135 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc in ...)
- TODO: check
+ NOT-FOR-US: libIEC61850
CVE-2019-6134
RESERVED
CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...)
@@ -16506,7 +16506,7 @@ CVE-2019-0090
CVE-2019-0089
RESERVED
CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0087
RESERVED
CVE-2019-0086
@@ -19546,7 +19546,7 @@ CVE-2018-18100
CVE-2018-18099
RESERVED
CVE-2018-18098 (Improper file verification in install routine for Intel(R) SGX SDK and ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive Toolbox ...)
NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for Linux ...)
@@ -24352,41 +24352,41 @@ CVE-2018-16197 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home g
CVE-2018-16196 (Multiple Yokogawa products that contain Vnet/IP Open Communication ...)
TODO: check
CVE-2018-16195 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...)
- TODO: check
+ NOT-FOR-US: Aterm firmware
CVE-2018-16194 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...)
- TODO: check
+ NOT-FOR-US: Aterm firmware
CVE-2018-16193 (Cross-site scripting vulnerability in Aterm WF1200CR and Aterm ...)
- TODO: check
+ NOT-FOR-US: Aterm firmware
CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...)
- TODO: check
+ NOT-FOR-US: Aterm firmware
CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2018-16190
RESERVED
CVE-2018-16189
RESERVED
CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 ...)
- TODO: check
+ NOT-FOR-US: RICOH
CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to ...)
- TODO: check
+ NOT-FOR-US: RICOH
CVE-2018-16186 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, ...)
- TODO: check
+ NOT-FOR-US: RICOH
CVE-2018-16185 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, ...)
- TODO: check
+ NOT-FOR-US: RICOH
CVE-2018-16184 (RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, ...)
- TODO: check
+ NOT-FOR-US: RICOH
CVE-2018-16183 (An unquoted search path vulnerability in some pre-installed ...)
- TODO: check
+ NOT-FOR-US: Panasonic PC applications
CVE-2018-16182 (Untrusted search path vulnerability in the installer of MARKET SPEED ...)
- TODO: check
+ NOT-FOR-US: MARKET SPEED
CVE-2018-16181 (HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and ...)
TODO: check
CVE-2018-16180 (Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier ...)
TODO: check
CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier does not ...)
- TODO: check
+ NOT-FOR-US: Mizuho Direct App for Android
CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows10 Fall ...)
TODO: check
CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping Tool ...)
@@ -24398,13 +24398,13 @@ CVE-2018-16174 (Open redirect vulnerability in LearnPress prior to version 3.1.0
CVE-2018-16173 (Cross-site scripting vulnerability in LearnPress prior to version ...)
TODO: check
CVE-2018-16172 (Improper countermeasure against clickjacking attack in client ...)
- TODO: check
+ NOT-FOR-US: Cybozu Remote Service
CVE-2018-16171 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to ...)
- TODO: check
+ NOT-FOR-US: Cybozu Remote Service
CVE-2018-16170 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to ...)
- TODO: check
+ NOT-FOR-US: Cybozu Remote Service
CVE-2018-16169 (Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Cybozu Remote Service
CVE-2018-16168 (LogonTracer 1.2.0 and earlier allows remote attackers to conduct ...)
TODO: check
CVE-2018-16167 (LogonTracer 1.2.0 and earlier allows remote attackers to execute ...)
@@ -25441,7 +25441,7 @@ CVE-2018-15782
CVE-2018-15781
RESERVED
CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access ...)
- TODO: check
+ NOT-FOR-US: RSA Archer
CVE-2018-15779
RESERVED
CVE-2018-15778
@@ -26254,35 +26254,35 @@ CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs]
- gitlab 11.1.8+dfsg-2
NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-15467 (A vulnerability in the web-based management interface of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15466 (A vulnerability in the Graphite web interface of the Policy and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15465 (A vulnerability in the authorization subsystem of Cisco Adaptive ...)
NOT-FOR-US: Cisco
CVE-2018-15464 (A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15463
RESERVED
CVE-2018-15462
RESERVED
CVE-2018-15461 (A vulnerability in the MyWebex component of Cisco Webex Business Suite ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15460 (A vulnerability in the email message filtering feature of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15459
RESERVED
CVE-2018-15458 (A vulnerability in the Shell Access Filter feature of Cisco Firepower ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15457 (A vulnerability in the web-based management interface of Cisco Prime ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15456 (A vulnerability in the Admin Portal of Cisco Identity Services Engine ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15455
RESERVED
CVE-2018-15454 (A vulnerability in the Session Initiation Protocol (SIP) inspection ...)
NOT-FOR-US: Cisco
CVE-2018-15453 (A vulnerability in the Secure/Multipurpose Internet Mail Extensions ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-15452 (A vulnerability in the DLL loading component of Cisco Advanced Malware ...)
NOT-FOR-US: Cisco
CVE-2018-15451 (A vulnerability in the web-based management interface of Cisco Prime ...)
@@ -33879,29 +33879,29 @@ CVE-2017-18332
CVE-2017-18331
RESERVED
CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via initialization ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in snapdragon ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18328 (Use after free in QSH client rule processing in snapdragon mobile and ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18327 (Security keys are logged when any WCDMA call is configured or ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18326 (Cryptographic keys are printed in modem debug messages in snapdragon ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18325
RESERVED
CVE-2017-18324 (Cryptographic key material leaked in debug messages - GERAN in ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18323 (Cryptographic key material leaked in TDSCDMA RRC debug messages in ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18322 (Cryptographic key material leaked in WCDMA debug messages in ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18321 (Security keys used by the terminal and NW for a session could be ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18320 (QSEE unload attempt on a 3rd party TEE without previously loading ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18319 (Information leak in UIM API debug messages in snapdragon mobile and ...)
- TODO: check
+ NOT-FOR-US: snapdragon
CVE-2017-18318 (Missing validation check on CRL issuer name in Snapdragon Automobile, ...)
NOT-FOR-US: Snapdragon
CVE-2017-18317 (Restrictions related to the modem (sim lock, sim kill) can be bypassed ...)
@@ -34765,7 +34765,7 @@ CVE-2018-12179
CVE-2018-12178
RESERVED
CVE-2018-12177 (Improper directory permissions in the ZeroConfig service in Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel PROSet/Wireless WiFi Software
CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a ...)
NOT-FOR-US: Intel
CVE-2018-12175 (Default install directory permissions in Intel Distribution for Python ...)
@@ -34786,9 +34786,9 @@ CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Proce
CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing ...)
NOT-FOR-US: Intel
CVE-2018-12167 (Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12166 (Insufficient write protection in firmware for Intel(R) Optane(TM) SSD ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12165
RESERVED
CVE-2018-12164
@@ -43673,7 +43673,7 @@ CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7,
NOTE: https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
NOTE: https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
CVE-2018-8827 (The admin web interface on Technicolor MediaAccess TG789vac v2 HP ...)
- TODO: check
+ NOT-FOR-US: Technicolor
CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 ...)
NOT-FOR-US: ASUS routers
CVE-2018-8825
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/94188034cda504518719679bf604d93d692cea52
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/94188034cda504518719679bf604d93d692cea52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190111/0c94a71a/attachment.html>
More information about the debian-security-tracker-commits
mailing list