Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f5354b9a by Salvatore Bonaccorso at 2018-07-24T22:17:59+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,29 +5,29 @@ CVE-2018-14592
CVE-2018-14591
RESERVED
CVE-2018-14590 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can
occur in ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14589 (An issue has been discovered in Bento4 1.5.1-624. ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14588 (An issue has been discovered in Bento4 1.5.1-624. A NULL
pointer ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14587 (An issue has been discovered in Bento4 1.5.1-624. ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14586 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can
occur in ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14585 (An issue has been discovered in Bento4 1.5.1-624.
AP4_BytesToUInt16BE ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14584 (An issue has been discovered in Bento4 1.5.1-624.
AP4_AvccAtom::Create ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2018-14583 (xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a
background ...)
- TODO: check
+ NOT-FOR-US: XYHCMS
CVE-2018-14582 (index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF
to add a ...)
- TODO: check
+ NOT-FOR-US: BageCMS
CVE-2018-14581
RESERVED
CVE-2018-14580
RESERVED
CVE-2018-14579 (GolemCMS through 2008-12-24, if the install/ directory remains
active ...)
- TODO: check
+ NOT-FOR-US: GolemCMS
CVE-2018-14578
RESERVED
CVE-2018-14577
@@ -772,7 +772,7 @@ CVE-2018-14329 (In HTSlib 1.8, a race condition in
cram/cram_io.c might allow lo
NOTE: https://github.com/samtools/htslib/issues/736
NOTE: Neutralised by kernel hardening
CVE-2018-14328 (Brynamics "Online Trade - Online trading and
cryptocurrency investment ...)
- TODO: check
+ NOT-FOR-US: Brynamics "Online Trade - Online trading and cryptocurrency
investment system"
CVE-2018-14327
RESERVED
CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0
has TCP ...)
@@ -2837,9 +2837,9 @@ CVE-2018-13388 (The review attachment resource in
Atlassian Fisheye and Crucible
CVE-2018-13387 (The IncomingMailServers resource in Atlassian JIRA Server
before ...)
NOT-FOR-US: Atlassian
CVE-2018-13386 (There was an argument injection vulnerability in Sourcetree
for ...)
- TODO: check
+ NOT-FOR-US: Sourcetree
CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree
for macOS ...)
- TODO: check
+ NOT-FOR-US: Sourcetree
CVE-2018-13384
RESERVED
CVE-2018-13383
@@ -8843,9 +8843,9 @@ CVE-2018-11062
CVE-2018-11061
RESERVED
CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1, contain an
authorization bypass ...)
- TODO: check
+ NOT-FOR-US: RSA Archer
CVE-2018-11059 (RSA Archer, versions prior to 6.4.0.1, contain a stored
cross-site ...)
- TODO: check
+ NOT-FOR-US: RSA Archer
CVE-2018-11058
RESERVED
CVE-2018-11057
@@ -10021,7 +10021,7 @@ CVE-2018-10634
CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version
...)
NOT-FOR-US: Universal Robots
CVE-2018-10632 (In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709
and ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision
Clinician ...)
NOT-FOR-US: Medtronic
CVE-2018-10630
@@ -10029,9 +10029,9 @@ CVE-2018-10630
CVE-2018-10629
RESERVED
CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch
2017 Update ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions
prior ...)
- TODO: check
+ NOT-FOR-US: Echelon
CVE-2018-10626
RESERVED
CVE-2018-10625
@@ -10069,7 +10069,7 @@ CVE-2018-10610
CVE-2018-10609
RESERVED
CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be
exploited ...)
- TODO: check
+ NOT-FOR-US: SEL AcSELerator Architect
CVE-2018-10607
RESERVED
CVE-2018-10606
@@ -10077,7 +10077,7 @@ CVE-2018-10606
CVE-2018-10605
RESERVED
CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full
access to ...)
- TODO: check
+ NOT-FOR-US: SEL Compass
CVE-2018-10603
RESERVED
CVE-2018-10602
@@ -10085,7 +10085,7 @@ CVE-2018-10602
CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including ...)
NOT-FOR-US: Philips
CVE-2018-10600 (SEL AcSELerator Architect version 2.2.24.0 and prior allows
...)
- TODO: check
+ NOT-FOR-US: SEL AcSELerator Architect
CVE-2018-10599 (IntelliVue Patient Monitors MP Series (including ...)
NOT-FOR-US: Philips
CVE-2018-10598
@@ -14467,7 +14467,7 @@ CVE-2018-8861 (Vulnerabilities within the Philips
Brilliance CT kiosk environmen
CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker
may be ...)
NOT-FOR-US: Vecna VGo Robot
CVE-2018-8859 (Echelon SmartServer 1 all versions, SmartServer 2 all versions
prior ...)
- TODO: check
+ NOT-FOR-US: Echelon
CVE-2018-8858
RESERVED
CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and
prior, ...)
@@ -14475,7 +14475,7 @@ CVE-2018-8857 (Philips Brilliance CT software
(Brilliance 64 version 2.6.2 and p
CVE-2018-8856
RESERVED
CVE-2018-8855 (Echelon SmartServer 1 all versions, SmartServer 2 all versions
prior ...)
- TODO: check
+ NOT-FOR-US: Echelon
CVE-2018-8854
RESERVED
CVE-2018-8853 (Philips Brilliance CT devices operate user functions from
within a ...)
@@ -14483,7 +14483,7 @@ CVE-2018-8853 (Philips Brilliance CT devices operate
user functions from within
CVE-2018-8852
RESERVED
CVE-2018-8851 (Echelon SmartServer 1 all versions, SmartServer 2 all versions
prior ...)
- TODO: check
+ NOT-FOR-US: Echelon
CVE-2018-8850
RESERVED
CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician
...)
@@ -21349,7 +21349,7 @@ CVE-2017-18106
CVE-2017-18105
RESERVED
CVE-2017-18104 (The Webhooks component of Atlassian Jira before version 7.6.7
and from ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2017-18103 (The atlassian-http library, as used in various Atlassian
products, ...)
NOT-FOR-US: Atlassian
CVE-2017-18102 (The wiki markup component of atlassian-renderer from version
8.0.0 ...)
@@ -82802,7 +82802,7 @@ CVE-2017-3224 (Open Shortest Path First (OSPF) protocol
implementations may ...)
[wheezy] - quagga <no-dsa> (Minor issue)
NOTE: http://www.kb.cert.org/vuls/id/793496
CVE-2017-3223 (Dahua IP camera products using firmware versions prior to ...)
- TODO: check
+ NOT-FOR-US: Dahua IP camera products
CVE-2017-3222 (Hard-coded credentials in AmosConnect 8 allow remote attackers
to gain ...)
NOT-FOR-US: AmosConnect
CVE-2017-3221 (Blind SQL injection in Inmarsat AmosConnect 8 login form allows
remote ...)
@@ -82814,7 +82814,7 @@ CVE-2017-3219 (Acronis True Image up to and including
version 2017 Build 8053 ..
CVE-2017-3218 (Samsung Magician 5.0 fails to validate TLS certificates for
HTTPS ...)
NOT-FOR-US: Samsung
CVE-2017-3217 (CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS
(text ...)
- TODO: check
+ NOT-FOR-US: CalAmp LMU 3030 series OBD-II CDMA and GSM devices
CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a
custom ...)
NOT-FOR-US: WiMAX routers
CVE-2017-3215 (The Milwaukee ONE-KEY Android mobile application uses bearer
tokens ...)
@@ -82830,7 +82830,7 @@ CVE-2017-3211
CVE-2017-3210 (Applications developed using the Portrait Display SDK, versions
2.30 ...)
TODO: check
CVE-2017-3209 (The DBPOWER U818A WIFI quadcopter drone provides FTP access
over its ...)
- TODO: check
+ NOT-FOR-US: DBPOWER U818A WIFI quadcopter drone
CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB
for Java ...)
NOT-FOR-US: AMF3 deserialisers
CVE-2017-3207 (The Java implementations of AMF3 deserializers in WebORB for
Java by ...)
@@ -82873,11 +82873,11 @@ CVE-2017-3191 (D-Link DIR-130 firmware version 1.23
and DIR-330 firmware version
CVE-2017-3190 (Flash Seats Mobile App for Android version 1.7.9 and earlier
and for ...)
NOT-FOR-US: Flash Seats Mobile App
CVE-2017-3189 (The dotCMS administration panel, versions 3.7.1 and earlier,
"Push ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2017-3188 (The dotCMS administration panel, versions 3.7.1 and earlier,
"Push ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2017-3187 (The dotCMS administration panel, versions 3.7.1 and earlier,
are ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2017-3186 (ACTi cameras including the D, B, I, and E series using firmware
...)
NOT-FOR-US: ACTi cameras
CVE-2017-3185 (ACTi cameras including the D, B, I, and E series using firmware
...)
@@ -82885,7 +82885,7 @@ CVE-2017-3185 (ACTi cameras including the D, B, I, and
E series using firmware .
CVE-2017-3184 (ACTi cameras including the D, B, I, and E series using firmware
...)
NOT-FOR-US: ACTi cameras
CVE-2017-3183 (Sage XRT Treasury, version 3, fails to properly restrict
database ...)
- TODO: check
+ NOT-FOR-US: Sage XRT Treasury
CVE-2017-3182 (On the iOS platform, the ThreatMetrix SDK versions prior to 3.2
fail ...)
TODO: check
CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified ...)
@@ -103285,7 +103285,7 @@ CVE-2016-5651
CVE-2016-5650 (ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2
...)
NOT-FOR-US: ZModo
CVE-2016-5649 (A vulnerability is in the 'BSW_cxttongr.htm' page of the
Netgear ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2016-5648 (Acer Portal app before 3.9.4.2000 for Android does not properly
...)
NOT-FOR-US: Acer Portal Android application
CVE-2016-5647 (The igdkmd64 module in the Intel Graphics Driver through
15.33.42.435, ...)
@@ -103307,7 +103307,7 @@ CVE-2016-5640 (Directory traversal vulnerability in
cgi-bin/rftest.cgi on Crestr
CVE-2016-5639 (Directory traversal vulnerability in cgi-bin/login.cgi on
Crestron ...)
NOT-FOR-US: Creston
CVE-2016-5638 (There are few web pages associated with the genie app on the
Netgear ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7
...)
NOTE: https://www.kb.cert.org/vuls/id/123799
NOTE: No further information provided, but this is very likely a dupe
of CVE-2016-8710
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5354b9af49785932fbc0d1425dfd6d9a2e97ffb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5354b9af49785932fbc0d1425dfd6d9a2e97ffb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
