[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Jan 16 22:31:01 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6191c46e by Moritz Muehlenhoff at 2019-01-16T22:30:35Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57289,7 +57289,7 @@ CVE-2018-4406
CVE-2018-4405
RESERVED
CVE-2018-4404 (In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4403
RESERVED
CVE-2018-4402
@@ -57473,7 +57473,7 @@ CVE-2018-4332
CVE-2018-4331
RESERVED
CVE-2018-4330 (In iOS before 11.4, a memory corruption issue exists and was addressed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4329
RESERVED
CVE-2018-4328
@@ -61004,7 +61004,7 @@ CVE-2018-3313
CVE-2018-3312
RESERVED
CVE-2018-3311 (Vulnerability in the Oracle Retail Xstore Payment component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3310
RESERVED
CVE-2018-3309 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
@@ -61016,11 +61016,11 @@ CVE-2018-3307
CVE-2018-3306
RESERVED
CVE-2018-3305 (Vulnerability in the Oracle Application Testing Suite component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3304 (Vulnerability in the Oracle Application Testing Suite component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3303 (Vulnerability in the Enterprise Manager Base Platform component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3302 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-3301 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
@@ -61502,7 +61502,7 @@ CVE-2018-3127 (Vulnerability in the Oracle Demantra Demand Management component
CVE-2018-3126 (Vulnerability in the Oracle Retail Xstore Point of Service component ...)
NOT-FOR-US: Oracle
CVE-2018-3125 (Vulnerability in the Oracle Retail Merchandising System component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3124
RESERVED
CVE-2018-3123
@@ -69031,13 +69031,13 @@ CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform
[wheezy] - xen <not-affected> (arm not supported)
NOTE: https://xenbits.xen.org/xsa/advisory-245.html
CVE-2018-0705 (Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2018-0704 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2018-0703 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2018-0702 (Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2018-0701 (BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to ...)
NOT-FOR-US: BlueStacks App Player
CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular request ...)
@@ -69045,7 +69045,7 @@ CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular request
CVE-2018-0699 (Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier ...)
NOT-FOR-US: YukiWiki
CVE-2018-0698 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3 and ...)
NOT-FOR-US: Metabase
CVE-2018-0696
@@ -69063,9 +69063,9 @@ CVE-2018-0691 (Multiple +Message Apps (Softbank +Message App for Android prior t
CVE-2018-0690 (An unvalidated software update vulnerability in Music Center for PC ...)
NOT-FOR-US: Music Center for PC
CVE-2018-0689 (HTTP header injection vulnerability in SEIKO EPSON printers and ...)
- TODO: check
+ NOT-FOR-US: SEIKO
CVE-2018-0688 (Open redirect vulnerability in SEIKO EPSON printers and scanners ...)
- TODO: check
+ NOT-FOR-US: SEIKO
CVE-2018-0687 (Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun ...)
NOT-FOR-US: NEOJAPAN
CVE-2018-0686 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, ...)
@@ -69099,19 +69099,19 @@ CVE-2018-0673 (Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3
CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions prior to ...)
- movabletype-opensource <removed>
CVE-2018-0671 (Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: INplc-RT
CVE-2018-0670 (INplc-RT 3.08 and earlier allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: INplc-RT
CVE-2018-0669 (INplc-RT 3.08 and earlier allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: INplc-RT
CVE-2018-0668 (Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: INplc-RT
CVE-2018-0667 (Untrusted search path vulnerability in Installer of INplc SDK Express ...)
- TODO: check
+ NOT-FOR-US: INplc
CVE-2018-0666 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ...)
- TODO: check
+ NOT-FOR-US: Yamaha
CVE-2018-0665 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ...)
- TODO: check
+ NOT-FOR-US: Yamaha
CVE-2018-0664 (A vulnerability in NoMachine App for Android 5.0.63 and earlier allows ...)
NOT-FOR-US: NoMachine App for Android
CVE-2018-0663 (Multiple I-O DATA network camera products (TS-WRLP firmware ...)
@@ -69139,7 +69139,7 @@ CVE-2018-0653 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier
CVE-2018-0652 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier ...)
NOT-FOR-US: GROWI
CVE-2018-0651 (Buffer overflow in the license management function of YOKOGAWA ...)
- TODO: check
+ NOT-FOR-US: YOKOGAWA
CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 ...)
NOT-FOR-US: LINE MUSIC for Android
CVE-2018-0649 (Untrusted search path vulnerability in the installers of multiple ...)
@@ -69159,39 +69159,39 @@ CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 ...)
CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 ...)
NOT-FOR-US: FV Flowplayer Video Player
CVE-2018-0641 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0640 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0639 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0638 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0637 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0636 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0635 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0634 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0633 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0632 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0631 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0630 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0629 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0628 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0627 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0626 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0625 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series ...)
NOT-FOR-US: Yayoi
CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series ...)
@@ -69664,11 +69664,11 @@ CVE-2017-1000159 (Command injection in evince via filename when printing to PDF.
CVE-2018-0485 (A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation ...)
NOT-FOR-US: Cisco
CVE-2018-0484 (A vulnerability in the access control logic of the Secure Shell (SSH) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0483 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0482 (A vulnerability in the web-based management interface of Cisco Prime ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0481 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
NOT-FOR-US: Cisco
CVE-2018-0480 (A vulnerability in the errdisable per VLAN feature of Cisco IOS XE ...)
@@ -69684,7 +69684,7 @@ CVE-2018-0476 (A vulnerability in the Network Address Translation (NAT) Session
CVE-2018-0475 (A vulnerability in the implementation of the cluster feature of Cisco ...)
NOT-FOR-US: Cisco
CVE-2018-0474 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0473 (A vulnerability in the Precision Time Protocol (PTP) subsystem of ...)
NOT-FOR-US: Cisco
CVE-2018-0472 (A vulnerability in the IPsec driver code of multiple Cisco IOS XE ...)
@@ -69710,7 +69710,7 @@ CVE-2018-0463 (A vulnerability in the Cisco Network Plug and Play server compone
CVE-2018-0462 (A vulnerability in the user management functionality of Cisco ...)
NOT-FOR-US: Cisco
CVE-2018-0461 (A vulnerability in the Cisco IP Phone 8800 Series Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0460 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...)
NOT-FOR-US: Cisco
CVE-2018-0459 (A vulnerability in the web-based management interface of Cisco ...)
@@ -69734,7 +69734,7 @@ CVE-2018-0451 (A vulnerability in the web-based management interface of Cisco ..
CVE-2018-0450 (A vulnerability in the web-based management interface of Cisco Data ...)
NOT-FOR-US: Cisco
CVE-2018-0449 (A vulnerability in the Cisco Jabber Client Framework (JCF) software, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0448 (A vulnerability in the identity management service of Cisco Digital ...)
NOT-FOR-US: Cisco
CVE-2018-0447 (A vulnerability in the anti-spam protection mechanisms of Cisco ...)
@@ -70074,7 +70074,7 @@ CVE-2018-0284 (A vulnerability in the local status page functionality of the Cis
CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower System ...)
NOT-FOR-US: Cisco
CVE-2018-0282 (A vulnerability in the TCP socket code of Cisco IOS and IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower System ...)
NOT-FOR-US: Cisco
CVE-2018-0280 (A vulnerability in the Real-Time Transport Protocol (RTP) bitstream ...)
@@ -70285,7 +70285,7 @@ CVE-2018-0183 (A vulnerability in the CLI parser of Cisco IOS XE Software could
CVE-2018-0182 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
NOT-FOR-US: Cisco
CVE-2018-0181 (A vulnerability in the Redis implementation used by the Cisco Policy ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0180 (Multiple vulnerabilities in the Login Enhancements (Login Block) ...)
NOT-FOR-US: Cisco
CVE-2018-0179 (Multiple vulnerabilities in the Login Enhancements (Login Block) ...)
@@ -75524,15 +75524,15 @@ CVE-2017-15406 (A stack buffer overflow in V8 in Google Chrome prior to 62.0.320
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
CVE-2017-15405 (Inappropriate symlink handling and a race condition in the stateful ...)
- TODO: check
+ NOT-FOR-US: Chrome OS
CVE-2017-15404 (An ability to process crash dumps under root privileges and ...)
- TODO: check
+ NOT-FOR-US: Chrome OS
CVE-2017-15403 (Insufficient data validation in crosh could lead to a command ...)
- TODO: check
+ NOT-FOR-US: Chrome OS
CVE-2017-15402 (Using an ID that can be controlled by a compromised renderer which ...)
- TODO: check
+ NOT-FOR-US: Chrome OS
CVE-2017-15401 (A memory corruption bug in WebAssembly could lead to out of bounds ...)
- TODO: check
+ NOT-FOR-US: Chrome OS
CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS ...)
{DSA-4243-1}
- cups 2.2.3-2
@@ -80262,17 +80262,17 @@ CVE-2017-13893
CVE-2017-13892
RESERVED
CVE-2017-13891 (In iOS before 11.2, an inconsistent user interface issue was addressed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13890 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
CVE-2017-13889 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13888 (In iOS before 11.2, a type confusion issue was addressed with improved ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13887 (In macOS High Sierra before 10.13.2, a logic issue existed in APFS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13886 (In macOS High Sierra before 10.13.2, an access issue existed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13885 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
- webkit2gtk 2.18.6-1 (unimportant)
[stretch] - webkit2gtk 2.18.6-1~deb9u1
@@ -89139,7 +89139,7 @@ CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm closed-source components for Android
CVE-2017-11004 (A non-secure user may be able to access certain registers in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-11003 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11002 (In all Qualcomm products with Android releases from CAF using the ...)
@@ -111880,7 +111880,7 @@ CVE-2017-3720
CVE-2017-3719
RESERVED
CVE-2017-3718 (Improper setting of device configuration in system firmware for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2017-3717
RESERVED
CVE-2017-3716
@@ -115667,7 +115667,7 @@ CVE-2017-2413 (An issue was discovered in certain Apple products. macOS before .
CVE-2017-2412 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
NOT-FOR-US: Apple
CVE-2017-2411 (In iOS before 11.2, exchange rates were retrieved from HTTP rather ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-2410 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
CVE-2017-2409 (An issue was discovered in certain Apple products. macOS before ...)
@@ -127414,7 +127414,7 @@ CVE-2016-7578 (An issue was discovered in certain Apple products. iOS before 10.
CVE-2016-7577 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
NOT-FOR-US: Apple
CVE-2016-7576 (In iOS before 9.3.3, a memory corruption issue existed in the kernel. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-7574
RESERVED
CVE-2016-7573
@@ -137502,11 +137502,11 @@ CVE-2016-4646 (Audio in Apple OS X before 10.11.6 mishandles a size value, which
CVE-2016-4645 (CFNetwork in Apple OS X before 10.11.6 uses weak permissions for ...)
NOT-FOR-US: Apple
CVE-2016-4644 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4643 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4642 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4641 (Login Window in Apple OS X before 10.11.6 allows attackers to execute ...)
NOT-FOR-US: Apple
CVE-2016-4640 (Login Window in Apple OS X before 10.11.6 allows attackers to execute ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6191c46ea597d3e4d7ab084b784f8897891ec2f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6191c46ea597d3e4d7ab084b784f8897891ec2f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190116/62d9b949/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list