[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Mar 22 10:18:16 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
41973d45 by Moritz Muehlenhoff at 2019-03-22T10:17:50Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -44001,7 +44001,7 @@ CVE-2018-12574 (CSRF exists for all actions in the web interface on TP-Link TL-W
CVE-2018-12573
RESERVED
CVE-2018-12572 (Avast Free Antivirus prior to 19.1.2360 stores user credentials in mem ...)
- TODO: check
+ NOT-FOR-US: Avast
CVE-2018-12571 (uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified ...)
NOT-FOR-US: Microsoft
CVE-2018-12570
@@ -45171,53 +45171,53 @@ CVE-2018-12221 (Insufficient input validation in Kernel Mode Driver in Intel(R)
CVE-2018-12220 (Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Window ...)
NOT-FOR-US: Intel
CVE-2018-12219 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12218 (Unhandled exception in User Mode Driver in Intel(R) Graphics Driver fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12217 (Insufficient access control in Kernel Mode Driver in Intel(R) Graphics ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12216 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12215 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12214 (Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12213 (Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12212 (Buffer overflow in User Mode Driver in Intel(R) Graphics Driver for Wi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12211 (Insufficient input validation in User Mode Driver in Intel(R) Graphics ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12210 (Multiple pointer dereferences in User Mode Driver in Intel(R) Graphics ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12209 (Insufficient access control in User Mode Driver in Intel(R) Graphics D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12208 (Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12207
RESERVED
CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist Technol ...)
NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-12205 (Privilege escalation vulnerability in Platform Sample/ Silicon Referen ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12204 (Privilege escalation vulnerability in Platform Sample/ Silicon Referen ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12203 (Denial of service vulnerability in Platform Sample/ Silicon Reference ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12202 (Privilege escalation vulnerability in Platform Sample/ Silicon Referen ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12201 (Buffer overflow vulnerability in Platform Sample / Silicon Reference f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12200 (Insufficient access control in Intel(R) Capability Licensing Service b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12199 (Buffer overflow in an OS component in Intel CSME before versions 11.8. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12198 (Insufficient input validation in Intel(R) Server Platform Services HEC ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12197
RESERVED
CVE-2018-12196 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12195
RESERVED
CVE-2018-12194
@@ -45225,21 +45225,21 @@ CVE-2018-12194
CVE-2018-12193 (Insufficient access control in driver stack for Intel QuickAssist Tech ...)
NOT-FOR-US: Intel
CVE-2018-12192 (Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12191 (Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12190 (Insufficient input validation in Intel CSME subsystem before versions ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12189 (Unhandled exception in Content Protection subsystem in Intel CSME befo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12188 (Insufficient input validation in Intel CSME before versions 11.8.60, 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12187 (Insufficient input validation in Intel(R) Active Management Technology ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12186
RESERVED
CVE-2018-12185 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12184
RESERVED
CVE-2018-12183
@@ -46265,7 +46265,7 @@ CVE-2018-11790 (When loading a document with Apache Open Office 4.1.5 and earlie
NOTE: https://www.openwall.com/lists/oss-security/2019/01/16/2
NOTE: https://github.com/LibreOffice/core/commit/bbc94edb9a91b27910d43610db9994df10dd99e1
CVE-2018-11789 (When accessing the heron-ui webpage, people can modify the file paths ...)
- TODO: check
+ NOT-FOR-US: Apache Heron
CVE-2018-11788 (Apache Karaf provides a features deployer, which allows users to "hot ...)
- apache-karaf <itp> (bug #881297)
CVE-2018-11787 (In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webcons ...)
@@ -46393,7 +46393,7 @@ CVE-2018-11749 (When users are configured to use startTLS with RBAC LDAP, at log
CVE-2018-11748 (Previous releases of the Puppet device_manager module creates configur ...)
NOT-FOR-US: Puppet device_manager module
CVE-2018-11747 (Previously, Puppet Discovery was shipped with a default generated TLS ...)
- TODO: check
+ NOT-FOR-US: Puppet Discovery
CVE-2018-11746 (In Puppet Discovery prior to 1.2.0, when running Discovery against Win ...)
NOT-FOR-US: Puppet Discovery
CVE-2018-11745
@@ -51064,11 +51064,11 @@ CVE-2018-10095 (Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.
CVE-2018-10094 (SQL injection vulnerability in Dolibarr before 7.0.2 allows remote att ...)
- dolibarr <removed>
CVE-2018-10093 (AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 al ...)
- TODO: check
+ NOT-FOR-US: AudioCodes IP phone
CVE-2018-10092 (The admin panel in Dolibarr before 7.0.2 might allow remote attackers ...)
- dolibarr <removed>
CVE-2018-10091 (AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 al ...)
- TODO: check
+ NOT-FOR-US: AudioCodes IP phone
CVE-2018-10090
RESERVED
CVE-2018-10089
@@ -82886,11 +82886,11 @@ CVE-2017-16257
CVE-2017-16256
RESERVED
CVE-2017-16255 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
- TODO: check
+ NOT-FOR-US: Insteon Hub
CVE-2017-16254 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
- TODO: check
+ NOT-FOR-US: Insteon Hub
CVE-2017-16253 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
- TODO: check
+ NOT-FOR-US: Insteon Hub
CVE-2017-16252 (Specially crafted commands sent through the PubNub service in Insteon ...)
NOT-FOR-US: Insteon Hub
CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST 14.2, releas ...)
@@ -132316,7 +132316,7 @@ CVE-2016-9168 (A missing X-Frame-Options header in the NDS Utility Monitor in ND
CVE-2016-9167 (NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP ...)
NOT-FOR-US: Novell
CVE-2016-9166 (NetIQ eDirectory versions prior to 9.0.2, under some circumstances, co ...)
- TODO: check
+ NOT-FOR-US: Novell
CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure Management (form ...)
NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-9164 (Directory traversal vulnerability in diag.jsp file in CA Unified Infra ...)
@@ -142978,7 +142978,7 @@ CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0
CVE-2016-5820
REJECTED
CVE-2016-5819 (Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-5818 (An issue was discovered in Schneider Electric PowerLogic PM8ECC device ...)
NOT-FOR-US: Schneider
CVE-2016-5817 (SQL injection vulnerability in news pages in Cargotec Navis WebAccess ...)
@@ -143016,7 +143016,7 @@ CVE-2016-5802 (An issue was discovered in Delta Electronics WPLSoft, Versions pr
CVE-2016-5801 (An issue was discovered in OmniMetrix OmniView, Version 1.2. Insuffici ...)
NOT-FOR-US: OmniMetrix OmniView
CVE-2016-5800 (A malicious attacker can trigger a remote buffer overflow in the Commu ...)
- TODO: check
+ NOT-FOR-US: Fatek
CVE-2016-5799 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3 ...)
NOT-FOR-US: Moxa
CVE-2016-5798 (An issue was discovered in Fatek Automation PM Designer V3 Version 2.1 ...)
@@ -168375,17 +168375,17 @@ CVE-2015-6464 (The administrative web interface on Moxa EDS-405A and EDS-408A sw
CVE-2015-6463 (CodeWrights HART Comm DTM components, as used with Endress+Hauser Fiel ...)
NOT-FOR-US: CodeWrights HART Comm DTM components
CVE-2015-6462 (Reflected Cross-Site Scripting (nonpersistent) allows an attacker to c ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2015-6461 (Remote file inclusion allows an attacker to craft a specific URL refer ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2015-6460 (Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Serve ...)
NOT-FOR-US: CODESYS Gateway Server
CVE-2015-6459 (Absolute path traversal vulnerability in the download feature in FileD ...)
NOT-FOR-US: FileDownloadServlet
CVE-2015-6458 (Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow conditi ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2015-6457 (Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow conditi ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1. ...)
NOT-FOR-US: PulseNET
CVE-2015-6455
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/41973d452c5814d8530763e29030628e8e0eaabf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/41973d452c5814d8530763e29030628e8e0eaabf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190322/dec52a1c/attachment.html>
More information about the debian-security-tracker-commits
mailing list