Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
14f7331b by Moritz Muehlenhoff at 2018-07-13T17:26:44+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6128,6 +6128,7 @@ CVE-2018-11530
RESERVED
CVE-2018-11529 (VideoLAN VLC media player 2.2.x is prone to a use after free
...)
TODO: check
+ NOTE: Apparently fixed in 3.0.3, but should be doublechecked with
upstream
CVE-2018-11528 (WUZHI CMS 4.1.0 has SQL Injection via an
api/sms_check.php?param= URI. ...)
NOT-FOR-US: WUZHI CMS
CVE-2018-11527 (An issue was discovered in CScms v4.1. A Cross-site request
forgery ...)
@@ -14432,7 +14433,7 @@ CVE-2018-8204
CVE-2018-8203
RESERVED
CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET
Framework which ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard
that ...)
NOT-FOR-US: Microsoft
CVE-2018-8200
@@ -14494,7 +14495,7 @@ CVE-2018-8173 (A remote code execution vulnerability
exists in Microsoft InfoPat
CVE-2018-8172 (A remote code execution vulnerability exists in Visual Studio
software ...)
NOT-FOR-US: Microsoft
CVE-2018-8171 (A Security Feature Bypass vulnerability exists in ASP.NET when
the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that
the ...)
NOT-FOR-US: Microsoft
CVE-2018-8169 (An elevation of privilege vulnerability exists when the (Human
...)
@@ -14586,7 +14587,7 @@ CVE-2018-8127 (An information disclosure vulnerability
exists when the Windows k
CVE-2018-8126 (A security feature bypass vulnerability exists when Internet
Explorer ...)
NOT-FOR-US: Microsoft
CVE-2018-8125 (A remote code execution vulnerability exists when Microsoft
Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8124 (An elevation of privilege vulnerability exists in Windows when
the ...)
NOT-FOR-US: Microsoft
CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft
Edge ...)
@@ -19208,7 +19209,7 @@ CVE-2017-18157
CVE-2017-18156
RESERVED
CVE-2017-18155 (While playing HEVC content using HD DMB in Snapdragon
Automobile and ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in
MediaServer ...)
NOT-FOR-US: Android Mediaserver
CVE-2017-18153
@@ -22852,7 +22853,7 @@ CVE-2018-5531
CVE-2018-5530
RESERVED
CVE-2018-5529 (The svpn component of the F5 BIG-IP APM client prior to version
7.1.7 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-5528 (Under certain conditions, TMM may restart and produce a core
file ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5527 (On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed
methods ...)
@@ -24799,7 +24800,7 @@ CVE-2018-4860 (A vulnerability has been identified in
SCALANCE M875 (All version
CVE-2018-4859 (A vulnerability has been identified in SCALANCE M875 (All
versions). ...)
NOT-FOR-US: SCALANCE
CVE-2018-4858 (A vulnerability has been identified in IEC 61850 system
configurator ...)
- TODO: check
+ NOT-FOR-US: IEC
CVE-2018-4857
RESERVED
CVE-2018-4856 (A vulnerability has been identified in SICLOCK TC100 (All
versions) ...)
@@ -26727,21 +26728,21 @@ CVE-2018-3938
CVE-2018-3937
RESERVED
CVE-2018-3936 (In Antenna House Office Server Document Converter version V6.1
Pro MR2 ...)
- TODO: check
+ NOT-FOR-US: Antenna House Office Server Document Converter
CVE-2018-3935
RESERVED
CVE-2018-3934
RESERVED
CVE-2018-3933 (An exploitable out-of-bounds write exists in the Microsoft Word
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-3932 (An exploitable stack-based buffer overflow exists in the
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-3931 (In Antenna House Office Server Document Converter version V6.1
Pro MR2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-3930 (In Antenna House Office Server Document Converter version V6.1
Pro MR2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-3929 (An exploitable heap corruption exists in the PowerPoint
document ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-3928
RESERVED
CVE-2018-3927
@@ -27602,19 +27603,19 @@ CVE-2018-3690
CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform
Software ...)
NOT-FOR-US: Intel
CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and
Tools in ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools
in ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3686
RESERVED
CVE-2018-3685
RESERVED
CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 -
15.0 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1
- 18.0 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3682 (BMC Firmware in Intel server boards, compute modules, and
systems ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3681
RESERVED
CVE-2018-3680
@@ -27642,9 +27643,9 @@ CVE-2018-3670
CVE-2018-3669
RESERVED
CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool
(IPDT) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool)
4.1.0.24 sets ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3666
RESERVED
CVE-2018-3665 (System software utilizing Lazy FP state restore technique on
systems ...)
@@ -27730,17 +27731,17 @@ CVE-2018-3634 (Parameter corruption in NDIS filter
driver in Intel Online Connec
CVE-2018-3633
RESERVED
CVE-2018-3632 (Memory corruption in Intel Active Management Technology in
Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3631
RESERVED
CVE-2018-3630
RESERVED
CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management
Technology ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3628 (Buffer overflow in HTTP handler in Intel Active Management
Technology ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3627 (Logic bug in Intel Converged Security Management Engine 11.x
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux)
and ...)
NOT-FOR-US: Intel
CVE-2018-3625
@@ -27756,7 +27757,7 @@ CVE-2018-3621
CVE-2018-3620
RESERVED
CVE-2018-3619 (Information disclosure vulnerability in storage media in
systems with ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3618
RESERVED
CVE-2018-3617
@@ -36267,7 +36268,7 @@ CVE-2018-0951 (A remote code execution vulnerability
exists in the way that the
CVE-2018-0950 (An information disclosure vulnerability exists when Office
renders ...)
NOT-FOR-US: Microsoft
CVE-2018-0949 (A security feature bypass vulnerability exists when Microsoft
Internet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-0948
RESERVED
CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft
SharePoint ...)
@@ -39655,9 +39656,9 @@ CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage
function in lib/modules/swf
NOTE: https://github.com/matthiaskramm/swftools/issues/46
NOTE: Crash in CLI tool, no security implications
CVE-2017-16710 (Cross-site scripting (XSS) vulnerability in Crestron Airmedia
AM-100 ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2017-16709 (Crestron Airmedia AM-100 devices with firmware before 1.6.0
and AM-101 ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2017-16708
RESERVED
CVE-2017-16707
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14f7331bf5aa6bc4365e2799a80825a550990701
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14f7331bf5aa6bc4365e2799a80825a550990701
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
