Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9df123a7 by Moritz Muehlenhoff at 2018-10-16T11:24:49Z
NFUs
"new" kfreebsd issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6991,11 +6991,11 @@ CVE-2018-15542 (** DISPUTED ** An issue was discovered
in the org.telegram.messe
CVE-2018-15541
RESERVED
CVE-2018-15540 (Agentejo Cockpit performs actions on files without appropriate
...)
- TODO: check
+ NOT-FOR-US: Agentejo Cockpit
CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF protection mechanism.
Thus, an ...)
- TODO: check
+ NOT-FOR-US: Agentejo Cockpit
CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting
vulnerabilities. ...)
- TODO: check
+ NOT-FOR-US: Agentejo Cockpit
CVE-2018-15537
RESERVED
CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager
before ...)
@@ -15492,7 +15492,7 @@ CVE-2018-12156
CVE-2018-12155
RESERVED
CVE-2018-12154 (Denial of Service in Unified Shader Compiler in Intel Graphics
Drivers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12153 (Denial of Service in Unified Shader Compiler in Intel Graphics
Drivers ...)
NOT-FOR-US: Intel
CVE-2018-12152 (Pointer corruption in Unified Shader Compiler in Intel
Graphics ...)
@@ -38215,13 +38215,13 @@ CVE-2018-4003
CVE-2018-4002
RESERVED
CVE-2018-4001 (An exploitable uninitialized pointer vulnerability exists in
the ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-4000 (An exploitable double-free vulnerability exists in the Office
Open XML ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3999 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3998 (An exploitable heap-based buffer overflow vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3997 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2018-3996 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
@@ -38249,31 +38249,31 @@ CVE-2018-3986
CVE-2018-3985
RESERVED
CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within
the ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3983
RESERVED
CVE-2018-3982 (An exploitable arbitrary write vulnerability exists in the Word
...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3981 (An exploitable uninitialized pointer vulnerability exists in
the Word ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3980
RESERVED
CVE-2018-3979
RESERVED
CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the
Word ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3977
RESERVED
CVE-2018-3976
RESERVED
CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in
the ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3974
RESERVED
CVE-2018-3973
RESERVED
CVE-2018-3972 (An exploitable code execution vulnerability exists in the Levin
...)
- TODO: check
+ NOT-FOR-US: Epee library
CVE-2018-3971
RESERVED
CVE-2018-3970
@@ -38283,7 +38283,7 @@ CVE-2018-3969
CVE-2018-3968
RESERVED
CVE-2018-3967 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
- TODO: check
+ NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3966 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3965 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
@@ -38387,11 +38387,11 @@ CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250
devices with firmware vers
CVE-2018-3916 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
NOT-FOR-US: Samsung
CVE-2018-3915 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3914 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3913 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware
version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in
the ...)
@@ -38405,7 +38405,7 @@ CVE-2018-3908 (An exploitable vulnerability exists in
the REST parser of video-c
CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of
video-core's ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3906 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3905 (An exploitable buffer overflow vulnerability exists in the
camera ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3904 (An exploitable buffer overflow vulnerability exists in the
camera ...)
@@ -38429,7 +38429,7 @@ CVE-2018-3896 (An exploitable buffer overflow
vulnerabilities exist in the ...)
CVE-2018-3895 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 Firmware
CVE-2018-3894 (An exploitable buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3892
@@ -38447,13 +38447,13 @@ CVE-2018-3887 (A memory corruption vulnerability
exists in the PCX-parsing ...)
CVE-2018-3886 (A memory corruption vulnerability exists in the PCX-parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3885 (An exploitable SQL injection vulnerability exists in the
authenticated ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2018-3884 (An exploitable SQL injection vulnerability exists in the
authenticated ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2018-3883 (An exploitable SQL injection vulnerability exists in the
authenticated ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2018-3882 (An exploitable SQL injection vulnerability exists in the
authenticated ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2018-3881 (An exploitable unauthenticated XML external injection
vulnerability ...)
NOT-FOR-US: FocalScope
CVE-2018-3880 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
@@ -38463,15 +38463,15 @@ CVE-2018-3879 (An exploitable JSON injection
vulnerability exists in the credent
CVE-2018-3878 (Multiple exploitable buffer overflow vulnerabilities exist in
the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3877 (An exploitable buffer overflow vulnerability exists in the
credentials ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3876 (An exploitable buffer overflow vulnerability exists in the
credentials ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3875 (An exploitable buffer overflow vulnerability exists in the
credentials ...)
NOT-FOR-US: Samsung
CVE-2018-3874 (An exploitable buffer overflow vulnerability exists in the
credentials ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3873 (An exploitable buffer overflow vulnerability exists in the
credentials ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3872 (An exploitable buffer overflow vulnerability exists in the
credentials ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing
...)
@@ -38487,9 +38487,9 @@ CVE-2018-3867 (An exploitable stack-based buffer
overflow vulnerability exists i
CVE-2018-3866 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3865 (An exploitable buffer overflow vulnerability exists in the
Samsung ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3864 (An exploitable buffer overflow vulnerability exists in the
Samsung ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-3863 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware
version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3862 (A specially crafted TIFF image processed via the application
can lead ...)
@@ -38617,19 +38617,19 @@ CVE-2018-3831 (Elasticsearch Alerting and Monitoring
in versions before 6.4.1 or
CVE-2018-3830 (Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS)
...)
- kibana <itp> (bug #700337)
CVE-2018-3829 (In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it
was ...)
- TODO: check
+ NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3828 (Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain
an ...)
- TODO: check
+ NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3827 (A sensitive data disclosure flaw was found in the Elasticsearch
...)
TODO: check
CVE-2018-3826 (In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure
flaw was ...)
TODO: check
CVE-2018-3825 (In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a
default ...)
- TODO: check
+ NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3824 (X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a
...)
- TODO: check
+ NOT-FOR-US: Elastic X-Pack Machine Learning
CVE-2018-3823 (X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a
...)
- TODO: check
+ NOT-FOR-US: Elastic X-Pack Machine Learning
CVE-2018-3822 (X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable
to a ...)
NOT-FOR-US: Elastic X-Pack Security
CVE-2018-3821 (Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a
...)
@@ -39236,7 +39236,7 @@ CVE-2018-3688 (Unquoted service paths in Intel Quartus
Prime Programmer and Tool
CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools
in ...)
NOT-FOR-US: Intel
CVE-2018-3686 (Code injection vulnerability in INTEL-SA-00086 Detection Tool
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3685
RESERVED
CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 -
15.0 ...)
@@ -39250,7 +39250,7 @@ CVE-2018-3681
CVE-2018-3680
RESERVED
CVE-2018-3679 (Escalation of privilege in Reference UI in Intel Data Center
Manager ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3678
RESERVED
CVE-2018-3677
@@ -39270,7 +39270,7 @@ CVE-2018-3671 (Escalation of privilege in Intel Saffron
admin application before
CVE-2018-3670 (Driver module in Intel Smart Sound Technology before version
...)
NOT-FOR-US: Driver module in Intel Smart Sound Technology
CVE-2018-3669 (A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel
Centrino ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool
(IPDT) ...)
NOT-FOR-US: Intel
CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool)
4.1.0.24 sets ...)
@@ -39296,15 +39296,15 @@ CVE-2018-3661 (Buffer overflow in Intel system
Configuration utilities selview.e
CVE-2018-3660
RESERVED
CVE-2018-3659 (A vulnerability in Intel PTT module in Intel CSME firmware
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3658 (Multiple memory leaks in Intel AMT in Intel CSME firmware
versions ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3657 (Multiple buffer overflows in Intel AMT in Intel CSME firmware
versions ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3656
RESERVED
CVE-2018-3655 (A vulnerability in a subsystem in Intel CSME before version
11.21.55, ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3654
RESERVED
CVE-2018-3653
@@ -39338,7 +39338,7 @@ CVE-2018-3645 (Escalation of privilege in all versions
of the Intel Remote Keybo
CVE-2018-3644
RESERVED
CVE-2018-3643 (A vulnerability in Power Management Controller firmware in
systems ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3642
RESERVED
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote
Keyboard ...)
@@ -39423,7 +39423,7 @@ CVE-2018-3618
CVE-2018-3617
REJECTED
CVE-2018-3616 (Bleichenbacher-style side channel vulnerability in TLS
implementation ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3615 (Systems with microprocessors utilizing speculative execution
and Intel ...)
- intel-microcode 3.20180703.1
NOTE:
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
@@ -40045,9 +40045,9 @@ CVE-2018-3576 (improper validation of array index in
WiFi driver function ...)
CVE-2018-3575
RESERVED
CVE-2018-3574 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ - linux <not-affected> (Qualcomm specific changes)
CVE-2018-3573 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-3572 (While processing a DSP buffer in an audio driver's event
handler, an ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3571 (In the KGSL driver in all Android releases from CAF (Android
for MSM, ...)
@@ -44500,13 +44500,13 @@ CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6,
2.7, and 3.0 uses incomplet
CVE-2018-1748
RESERVED
CVE-2018-1747 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1746
RESERVED
CVE-2018-1745 (IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an
...)
NOT-FOR-US: IBM
CVE-2018-1744 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could
allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1743 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses
sensitive ...)
NOT-FOR-US: IBM
CVE-2018-1742 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains
hard-coded ...)
@@ -46417,7 +46417,7 @@ CVE-2018-1199 (Spring Security (Spring Security 4.1.x
before 4.1.5, 4.2.x before
- libspring-security-java <itp> (bug #582181)
NOTE: https://pivotal.io/security/cve-2018-1199
CVE-2018-1198 (Pivotal Cloud Cache, versions prior to 1.3.1, prints a
superuser ...)
- TODO: check
+ NOT-FOR-US: Pivotal Cloud Cache
CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running
inside ...)
NOT-FOR-US: Windows Stemcells
CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used
to ...)
@@ -48865,7 +48865,7 @@ CVE-2018-0651
CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to
3.6.5 ...)
NOT-FOR-US: LINE MUSIC for Android
CVE-2018-0649 (Untrusted search path vulnerability in the installers of
multiple ...)
- TODO: check
+ NOT-FOR-US: CANON
CVE-2018-0648 (Untrusted search path vulnerability in installer of ChatWork
Desktop ...)
NOT-FOR-US: installer of ChatWork Desktop App for Windows
CVE-2018-0647 (Cross-site request forgery (CSRF) vulnerability in WL-330NUL
Firmware ...)
@@ -48873,11 +48873,11 @@ CVE-2018-0647 (Cross-site request forgery (CSRF)
vulnerability in WL-330NUL Firm
CVE-2018-0646 (Directory traversal vulnerability in Explzh v.7.58 and earlier
allows ...)
NOT-FOR-US: Explzh
CVE-2018-0645 (MTAppjQuery 1.8.1 and earlier allows remote PHP code execution
via ...)
- TODO: check
+ NOT-FOR-US: MTAppjQuery
CVE-2018-0644 (Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer
...)
- TODO: check
+ NOT-FOR-US: ORCA (Online Receipt Computer Advantage)
CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 ...)
- TODO: check
+ NOT-FOR-US: ORCA (Online Receipt Computer Advantage)
CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video
Player 6.1.2 ...)
TODO: check
CVE-2018-0641
@@ -48915,9 +48915,9 @@ CVE-2018-0626
CVE-2018-0625
RESERVED
CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series
...)
- TODO: check
+ NOT-FOR-US: Yayoi
CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series
...)
- TODO: check
+ NOT-FOR-US: Yayoi
CVE-2018-0622 (The DHC Online Shop App for Android version 3.2.0 and earlier
does not ...)
NOT-FOR-US: DHC Online Shop App for Android
CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION
UTILITY ...)
@@ -97734,7 +97734,7 @@ CVE-2017-1233 (IBM Remote Control v9 could allow a
local user to use the compone
CVE-2017-1232 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5)
...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1231 (IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in
plain in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1230 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5)
uses ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1229 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could
allow a ...)
@@ -98029,13 +98029,21 @@ CVE-2017-1086 (In FreeBSD before 11.1-STABLE,
11.1-RELEASE-p4, 11.0-RELEASE-p15,
- kfreebsd-10 <unfixed> (unimportant)
NOTE: kfreebsd not covered by security support
CVE-2017-1085 (In FreeBSD before 11.2-RELEASE, an application which calls
setrlimit() ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+ NOTE: kfreebsd not covered by security support
CVE-2017-1084 (In FreeBSD before 11.2-RELEASE, multiple issues with the ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+ NOTE: kfreebsd not covered by security support
CVE-2017-1083 (In FreeBSD before 11.2-RELEASE, a stack guard-page is available
but is ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+ NOTE: kfreebsd not covered by security support
CVE-2017-1082 (In FreeBSD 11.x before 11.1-RELEASE and 10.x before
10.4-RELEASE, the ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+ NOTE: kfreebsd not covered by security support
CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE,
and ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE:
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9df123a7183be9d942aebd0d849c3de1b17efd84
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9df123a7183be9d942aebd0d849c3de1b17efd84
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
