Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bbb35783 by Salvatore Bonaccorso at 2018-12-22T08:33:47Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -550,7 +550,7 @@ CVE-2018-20194 (There is a stack-based buffer underflow in
the third instance of
- faad2 <unfixed>
NOTE: https://github.com/knik0/faad2/issues/21
CVE-2018-20193 (Certain Secure Access SA Series SSL VPN products (originally
developed ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2018-20192
RESERVED
CVE-2018-20191 (hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read
operation ...)
@@ -9173,13 +9173,13 @@ CVE-2018-19325
CVE-2018-19324 (kimsQ Rb 2.3.0 allows XSS via the second input field to the
...)
NOT-FOR-US: kimsQ Rb
CVE-2018-19323 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19322 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center
v1.05.21 ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19321 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center
v1.05.21 ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19320 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via
admin.php?m=Admin&c=gifts&a=update to ...)
NOT-FOR-US: SRCMS
CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via
admin.php?m=Admin&c=manager&a=update to ...)
@@ -11628,9 +11628,9 @@ CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in
ThreadPool in ...)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://github.com/openexr/openexr/issues/350
CVE-2018-18442 (D-Link DCS-825L devices with firmware 1.08 do not employ a
suitable ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18441 (D-Link DCS series Wi-Fi cameras expose sensitive information
regarding ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18440 (DENX U-Boot through 2018.09-rc1 has a locally exploitable
buffer ...)
- u-boot <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/02/2
@@ -11769,7 +11769,7 @@ CVE-2018-18390 (User Enumeration in Moxa ThingsPro IIoT
Gateway and Device Manag
CVE-2018-18389 (Due to incorrect access control in Neo4j Enterprise Database
Server ...)
NOT-FOR-US: Neo4J server
CVE-2018-18388 (eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld
...)
- TODO: check
+ NOT-FOR-US: MicroWorld Technologies eScan
CVE-2018-18387 (playSMS through 1.4.2 allows Privilege Escalation through
Daemon ...)
NOT-FOR-US: playSMS
CVE-2018-18386 (drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows
local ...)
@@ -12614,15 +12614,15 @@ CVE-2018-18099
CVE-2018-18098
RESERVED
CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive
Toolbox ...)
- TODO: check
+ NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for
Linux ...)
- TODO: check
+ NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-18095
RESERVED
CVE-2018-18094
RESERVED
CVE-2018-18093 (Improper file permissions in the installer for Intel VTune
Amplifier ...)
- TODO: check
+ NOT-FOR-US: Intel VTune Amplifier
CVE-2018-18092
RESERVED
CVE-2018-18091
@@ -12864,13 +12864,13 @@ CVE-2018-18011
CVE-2018-18010
RESERVED
CVE-2018-18009 (dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote
...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18008 (spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows
remote ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18007 (atbox.htm on D-Link DSL-2770L devices allows remote
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-18006 (Hardcoded credentials in the Ricoh myPrint application 2.9.2.4
for ...)
- TODO: check
+ NOT-FOR-US: Ricoh myPrint application
CVE-2018-18005
RESERVED
CVE-2018-18004
@@ -13455,7 +13455,7 @@ CVE-2018-17779
CVE-2018-17778
RESERVED
CVE-2018-17777 (An issue was discovered on D-Link DVA-5592 A1_WI_20180823
devices. If ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)"
permission for ...)
NOT-FOR-US: PCProtect Anti-Virus
CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)"
permission for ...)
@@ -14794,13 +14794,13 @@ CVE-2018-17197
CVE-2018-17196
RESERVED
CVE-2018-17195 (The template upload API endpoint accepted requests from
different ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-17194 (When a client request to a cluster node was replicated to
other nodes ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-17193 (The message-page.jsp error page used the value of the HTTP
request ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-17192 (The X-Frame-Options headers were applied inconsistently on
some HTTP ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2018-17191
RESERVED
CVE-2018-17190 (In all versions of Apache Spark, its standalone resource
manager ...)
@@ -16355,7 +16355,7 @@ CVE-2018-16597 (An issue was discovered in the Linux
kernel through 4.18.6. Inco
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1106512
NOTE:
https://git.kernel.org/linus/c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862
CVE-2018-16596 (A stack-based buffer overflow in the LAN UPnP service running
on UDP ...)
- TODO: check
+ NOT-FOR-US: Swisscom
CVE-2018-16595
RESERVED
CVE-2018-16594
@@ -16443,9 +16443,9 @@ CVE-2018-16559
CVE-2018-16558
RESERVED
CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 (incl.
F) V6 and ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 (incl.
F) V6 and ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-16555 (A vulnerability has been identified in SCALANCE S602 (All
versions < ...)
TODO: check
CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory
Traversal ...)
@@ -18622,19 +18622,19 @@ CVE-2018-15725
CVE-2018-15724
RESERVED
CVE-2018-15723 (The Logitech Harmony Hub before version 4.15.206 is vulnerable
to ...)
- TODO: check
+ NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15722 (The Logitech Harmony Hub before version 4.15.206 is vulnerable
to OS ...)
- TODO: check
+ NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15721 (The XMPP server in Logitech Harmony Hub before version
4.15.206 is ...)
- TODO: check
+ NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15720 (Logitech Harmony Hub before version 4.15.206 contained two
hard-coded ...)
- TODO: check
+ NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15719 (Open Dental before version 18.4 installs a mysql database and
uses the ...)
- TODO: check
+ NOT-FOR-US: Open Dental
CVE-2018-15718 (Open Dental before version 18.4 transmits the entire user
database ...)
- TODO: check
+ NOT-FOR-US: Open Dental
CVE-2018-15717 (Open Dental before version 18.4 stores user passwords as
base64 ...)
- TODO: check
+ NOT-FOR-US: Open Dental
CVE-2018-15716 (NUUO NVRMini2 version 3.9.1 is vulnerable to ...)
NOT-FOR-US: NUUO NVRMini2
CVE-2018-15715 (Zoom clients on Windows (before version 4.1.34814.1119), Mac
OS ...)
@@ -19575,13 +19575,13 @@ CVE-2018-15333
CVE-2018-15332 (The svpn component of the F5 BIG-IP APM client prior to
version ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-15331 (On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert
utility used ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15330 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or
12.1.0-12.1.3.7, when a ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15329 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or
12.1.0-12.1.3.7, or ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15328 (On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager
3.1.1, ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2018-15327 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise
Manager ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-15326 (In some situations on BIG-IP APM 14.0.0-14.0.0.2,
13.0.0-13.1.0.7, ...)
@@ -20649,7 +20649,7 @@ CVE-2018-14848
CVE-2018-14847 (MikroTik RouterOS through 6.42 allows unauthenticated remote
attackers ...)
NOT-FOR-US: Winbox for MikroTik RouterOS
CVE-2018-14846 (The Mondula Multi Step Form plugin before 1.2.8 for WordPress
has ...)
- TODO: check
+ NOT-FOR-US: Mondula Multi Step Form plugin for WordPress
CVE-2018-14845
RESERVED
CVE-2018-14844
@@ -23501,15 +23501,15 @@ CVE-2018-13817
CVE-2018-13816 (A vulnerability has been identified in TIM 1531 IRC (All
version < ...)
NOT-FOR-US: Siemens TIM 1531 IRC Modules
CVE-2018-13815 (A vulnerability has been identified in SIMATIC S7-1200 (All
versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13814 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels 4" - ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13813 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels 4" - ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13812 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels 4" - ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13811 (A vulnerability has been identified in SIMATIC STEP 7 (TIA
Portal) ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13810
RESERVED
CVE-2018-13809
@@ -23523,7 +23523,7 @@ CVE-2018-13806 (A vulnerability has been identified in
SIEMENS TD Keypad Designe
CVE-2018-13805 (A vulnerability has been identified in SIMATIC ET 200SP Open
...)
NOT-FOR-US: SIMATIC
CVE-2018-13804 (A vulnerability has been identified in SIMATIC IT LMS (All
versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13803
RESERVED
CVE-2018-13802 (A vulnerability has been identified in ROX II (All versions
< ...)
@@ -27699,7 +27699,7 @@ CVE-2018-12208
CVE-2018-12207
RESERVED
CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist
...)
- TODO: check
+ NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-12205
RESERVED
CVE-2018-12204
@@ -28011,7 +28011,7 @@ CVE-2018-12078 (The mintToken function of a smart
contract implementation for Po
CVE-2018-12077
RESERVED
CVE-2018-12076 (A vulnerability in the UPC bar code of the Avanti Markets
MarketCard ...)
- TODO: check
+ NOT-FOR-US: Avanti Markets MarketCard
CVE-2018-12075
RESERVED
CVE-2018-12074
@@ -29650,25 +29650,25 @@ CVE-2018-11468 (The __mkd_trim_line function in
mkdio.c in libmarkdown.a in DISC
CVE-2018-11467
RESERVED
CVE-2018-11466 (A vulnerability has been identified in SINUMERIK 808D V4.7
(All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11465 (A vulnerability has been identified in SINUMERIK 808D V4.7
(All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11464 (A vulnerability has been identified in SINUMERIK 828D V4.7
(All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11463 (A vulnerability has been identified in SINUMERIK 808D V4.7
(All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11462 (A vulnerability has been identified in SINUMERIK 808D V4.7
(All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11461 (A vulnerability has been identified in SINUMERIK 808D V4.7
(All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11460 (A vulnerability has been identified in SINUMERIK 808D V4.7
(All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11459 (A vulnerability has been identified in SINUMERIK 808D V4.7
(All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11458 (A vulnerability has been identified in SINUMERIK 828D V4.7
(All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11457 (A vulnerability has been identified in SINUMERIK 828D V4.7
(All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-11456 (A vulnerability has been identified in Automation License
Manager 5 ...)
NOT-FOR-US: Automation License Manager
CVE-2018-11455 (A vulnerability has been identified in Automation License
Manager 5 ...)
@@ -36478,15 +36478,15 @@ CVE-2018-8894 (In 2345 Security Guard 3.6, the driver
file (2345BdPcSafe.sys) al
CVE-2018-8893 (Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in
the ...)
NOT-FOR-US: Z-BlogPHP
CVE-2018-8892 (A cross-site request forgery (CSRF) vulnerability in the
Management ...)
- TODO: check
+ NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8891 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the ...)
- TODO: check
+ NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8890 (An information disclosure vulnerability in the Management
Console of ...)
NOT-FOR-US: BlackBerry
CVE-2018-8889 (A directory traversal vulnerability in the Connect Service of
the ...)
NOT-FOR-US: BlackBerry
CVE-2018-8888 (A stored cross-site scripting (XSS) vulnerability in the
Management ...)
- TODO: check
+ NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8887
RESERVED
CVE-2018-8886
@@ -37184,13 +37184,13 @@ CVE-2018-8655
CVE-2018-8654
RESERVED
CVE-2018-8653 (A remote code execution vulnerability exists in the way that
the ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2018-8652 (A Cross-site Scripting (XSS) vulnerability exists when Windows
Azure ...)
NOT-FOR-US: Windows Azure Pack Rollup
CVE-2018-8651 (A cross site scripting vulnerability exists when Microsoft
Dynamics ...)
NOT-FOR-US: Microsoft Dynamics NAV
CVE-2018-8650 (A cross-site-scripting (XSS) vulnerability exists when
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8649 (A denial of service vulnerability exists when Windows
improperly ...)
NOT-FOR-US: Microsoft Windows
CVE-2018-8648
@@ -39124,7 +39124,7 @@ CVE-2018-7835
CVE-2018-7834
RESERVED
CVE-2018-7833 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7832
RESERVED
CVE-2018-7831 (An Improper Neutralization of Script-Related HTML Tags in a Web
Page ...)
@@ -39166,7 +39166,7 @@ CVE-2018-7814
CVE-2018-7813
RESERVED
CVE-2018-7812 (An Information Exposure through Discrepancy vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7811 (An Unverified Password Change vulnerability exists in the
embedded web ...)
NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7810 (An Improper Neutralization of Input During Web Page Generation
...)
@@ -39182,7 +39182,7 @@ CVE-2018-7806 (Data Center Operation allows for the
upload of a zip file from it
CVE-2018-7805
RESERVED
CVE-2018-7804 (A URL Redirection to Untrusted Site vulnerability exists in the
...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7803
RESERVED
CVE-2018-7802
@@ -39196,7 +39196,7 @@ CVE-2018-7799 (A DLL hijacking vulnerability exists in
Schneider Electric Softwa
CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) ...)
NOT-FOR-US: Schneider
CVE-2018-7797 (A URL redirection vulnerability exists in Power Monitoring
Expert, ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7796
RESERVED
CVE-2018-7795 (A Cross Protocol Injection vulnerability exists in Schneider
...)
@@ -40648,7 +40648,7 @@ CVE-2018-7367
CVE-2018-7366
RESERVED
CVE-2018-7365 (All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView
product ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product
...)
NOT-FOR-US: ZTE
CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are
impacted ...)
@@ -42668,7 +42668,7 @@ CVE-2018-6709
CVE-2018-6708
RESERVED
CVE-2018-6707 (Denial of Service through Resource Depletion vulnerability in
the ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6706 (Insecure handling of temporary files in non-Windows McAfee
Agent 5.0.0 ...)
NOT-FOR-US: McAfee
CVE-2018-6705 (Privilege escalation vulnerability in McAfee Agent (MA) for
Linux ...)
@@ -42744,7 +42744,7 @@ CVE-2018-6671 (Application Protection Bypass
vulnerability in McAfee ePolicy ...
CVE-2018-6670 (External Entity Attack vulnerability in the ePO extension in
McAfee ...)
NOT-FOR-US: McAfee
CVE-2018-6669 (A whitelist bypass vulnerability in McAfee Application Control
/ ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6668
RESERVED
CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user
...)
@@ -46742,7 +46742,7 @@ CVE-2018-5498
CVE-2018-5497
RESERVED
CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are
...)
- TODO: check
+ NOT-FOR-US: Data ONTAP
CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a
vulnerability ...)
NOT-FOR-US: NetApp
CVE-2018-5494
@@ -47610,13 +47610,13 @@ CVE-2018-5203
CVE-2018-5202 (SKCertService 2.5.5 and earlier contains a vulnerability that
could ...)
TODO: check
CVE-2018-5201 (Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO
...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2018-5200 (KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow
...)
TODO: check
CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to insufficient domain
validation, It ...)
- TODO: check
+ NOT-FOR-US: Veraport G3 ALL
CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race condition when calling the
...)
- TODO: check
+ NOT-FOR-US: Veraport G3 ALL
CVE-2018-5197
RESERVED
CVE-2018-5196 (Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow
caused ...)
@@ -51614,9 +51614,9 @@ CVE-2018-3707
CVE-2018-3706
RESERVED
CVE-2018-3705 (Improper directory permissions in the installer for the Intel
System ...)
- TODO: check
+ NOT-FOR-US: Intel System Defense Utility
CVE-2018-3704 (Improper directory permissions in the installer for the Intel
Parallel ...)
- TODO: check
+ NOT-FOR-US: Intel Parallel Studio
CVE-2018-3703
RESERVED
CVE-2018-3702
@@ -69117,7 +69117,7 @@ CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a
memory leak in ReadYCBCRI
NOTE: https://github.com/ImageMagick/ImageMagick/pull/752
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0
CVE-2017-15031 (In all versions of ARM Trusted Firmware up to and including
v1.4, not ...)
- TODO: check
+ NOT-FOR-US: ARM Trusted Firmware
CVE-2017-15030
RESERVED
CVE-2017-15029
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbb357832851341f4493999b5eadd64dcdf13f04
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbb357832851341f4493999b5eadd64dcdf13f04
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
