Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6191c46e by Moritz Muehlenhoff at 2019-01-16T22:30:35Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57289,7 +57289,7 @@ CVE-2018-4406
CVE-2018-4405
RESERVED
CVE-2018-4404 (In iOS before 11.4 and macOS High Sierra before 10.13.5, a
memory ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4403
RESERVED
CVE-2018-4402
@@ -57473,7 +57473,7 @@ CVE-2018-4332
CVE-2018-4331
RESERVED
CVE-2018-4330 (In iOS before 11.4, a memory corruption issue exists and was
addressed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4329
RESERVED
CVE-2018-4328
@@ -61004,7 +61004,7 @@ CVE-2018-3313
CVE-2018-3312
RESERVED
CVE-2018-3311 (Vulnerability in the Oracle Retail Xstore Payment component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3310
RESERVED
CVE-2018-3309 (Vulnerability in the Oracle VM VirtualBox component of Oracle
...)
@@ -61016,11 +61016,11 @@ CVE-2018-3307
CVE-2018-3306
RESERVED
CVE-2018-3305 (Vulnerability in the Oracle Application Testing Suite component
of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3304 (Vulnerability in the Oracle Application Testing Suite component
of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3303 (Vulnerability in the Enterprise Manager Base Platform component
of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3302 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-3301 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
@@ -61502,7 +61502,7 @@ CVE-2018-3127 (Vulnerability in the Oracle Demantra
Demand Management component
CVE-2018-3126 (Vulnerability in the Oracle Retail Xstore Point of Service
component ...)
NOT-FOR-US: Oracle
CVE-2018-3125 (Vulnerability in the Oracle Retail Merchandising System
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3124
RESERVED
CVE-2018-3123
@@ -69031,13 +69031,13 @@ CVE-2017-17046 (An issue was discovered in Xen
through 4.9.x on the ARM platform
[wheezy] - xen <not-affected> (arm not supported)
NOTE: https://xenbits.xen.org/xsa/advisory-245.html
CVE-2018-0705 (Directory traversal vulnerability in Cybozu Dezie 8.0.2 to
8.1.2 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2018-0704 (Directory traversal vulnerability in Cybozu Office 10.0.0 to
10.8.1 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2018-0703 (Directory traversal vulnerability in Cybozu Office 10.0.0 to
10.8.1 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2018-0702 (Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to
5.4.5 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2018-0701 (BlueStacks App Player (BlueStacks App Player for Windows 3.0.0
to ...)
NOT-FOR-US: BlueStacks App Player
CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular
request ...)
@@ -69045,7 +69045,7 @@ CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not
process a particular request
CVE-2018-0699 (Cross-site scripting vulnerability in YukiWiki 2.1.3 and
earlier ...)
NOT-FOR-US: YukiWiki
CVE-2018-0698 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3
and ...)
NOT-FOR-US: Metabase
CVE-2018-0696
@@ -69063,9 +69063,9 @@ CVE-2018-0691 (Multiple +Message Apps (Softbank
+Message App for Android prior t
CVE-2018-0690 (An unvalidated software update vulnerability in Music Center
for PC ...)
NOT-FOR-US: Music Center for PC
CVE-2018-0689 (HTTP header injection vulnerability in SEIKO EPSON printers and
...)
- TODO: check
+ NOT-FOR-US: SEIKO
CVE-2018-0688 (Open redirect vulnerability in SEIKO EPSON printers and
scanners ...)
- TODO: check
+ NOT-FOR-US: SEIKO
CVE-2018-0687 (Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc.
(Denbun ...)
NOT-FOR-US: NEOJAPAN
CVE-2018-0686 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and
earlier, ...)
@@ -69099,19 +69099,19 @@ CVE-2018-0673 (Directory traversal vulnerability in
Cybozu Garoon 3.5.0 to 4.6.3
CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions
prior to ...)
- movabletype-opensource <removed>
CVE-2018-0671 (Privilege escalation vulnerability in INplc-RT 3.08 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: INplc-RT
CVE-2018-0670 (INplc-RT 3.08 and earlier allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: INplc-RT
CVE-2018-0669 (INplc-RT 3.08 and earlier allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: INplc-RT
CVE-2018-0668 (Buffer overflow in INplc-RT 3.08 and earlier allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: INplc-RT
CVE-2018-0667 (Untrusted search path vulnerability in Installer of INplc SDK
Express ...)
- TODO: check
+ NOT-FOR-US: INplc
CVE-2018-0666 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51
and ...)
- TODO: check
+ NOT-FOR-US: Yamaha
CVE-2018-0665 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51
and ...)
- TODO: check
+ NOT-FOR-US: Yamaha
CVE-2018-0664 (A vulnerability in NoMachine App for Android 5.0.63 and earlier
allows ...)
NOT-FOR-US: NoMachine App for Android
CVE-2018-0663 (Multiple I-O DATA network camera products (TS-WRLP firmware ...)
@@ -69139,7 +69139,7 @@ CVE-2018-0653 (Cross-site scripting vulnerability in
GROWI v.3.1.11 and earlier
CVE-2018-0652 (Cross-site scripting vulnerability in GROWI v.3.1.11 and
earlier ...)
NOT-FOR-US: GROWI
CVE-2018-0651 (Buffer overflow in the license management function of YOKOGAWA
...)
- TODO: check
+ NOT-FOR-US: YOKOGAWA
CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to
3.6.5 ...)
NOT-FOR-US: LINE MUSIC for Android
CVE-2018-0649 (Untrusted search path vulnerability in the installers of
multiple ...)
@@ -69159,39 +69159,39 @@ CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt
Computer Advantage) 4.8.0 ...)
CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video
Player 6.1.2 ...)
NOT-FOR-US: FV Flowplayer Video Player
CVE-2018-0641 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows
attacker ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0640 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows
attacker ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0639 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0638 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0637 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0636 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0635 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0634 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0633 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows
attacker ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0632 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows
attacker ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0631 (Aterm W300P Ver1.0.13 and earlier allows attacker with
administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0630 (Aterm W300P Ver1.0.13 and earlier allows attacker with
administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0629 (Aterm W300P Ver1.0.13 and earlier allows attacker with
administrator ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0628 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker
with ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0627 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker
with ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0626 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker
with ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0625 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker
with ...)
- TODO: check
+ NOT-FOR-US: Aterm
CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series
...)
NOT-FOR-US: Yayoi
CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series
...)
@@ -69664,11 +69664,11 @@ CVE-2017-1000159 (Command injection in evince via
filename when printing to PDF.
CVE-2018-0485 (A vulnerability in the SM-1T3/E3 firmware on Cisco Second
Generation ...)
NOT-FOR-US: Cisco
CVE-2018-0484 (A vulnerability in the access control logic of the Secure Shell
(SSH) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0483 (A vulnerability in Cisco Jabber Client Framework (JCF) could
allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0482 (A vulnerability in the web-based management interface of Cisco
Prime ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0481 (A vulnerability in the CLI parser of Cisco IOS XE Software
could allow ...)
NOT-FOR-US: Cisco
CVE-2018-0480 (A vulnerability in the errdisable per VLAN feature of Cisco IOS
XE ...)
@@ -69684,7 +69684,7 @@ CVE-2018-0476 (A vulnerability in the Network Address
Translation (NAT) Session
CVE-2018-0475 (A vulnerability in the implementation of the cluster feature of
Cisco ...)
NOT-FOR-US: Cisco
CVE-2018-0474 (A vulnerability in the web-based management interface of Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0473 (A vulnerability in the Precision Time Protocol (PTP) subsystem
of ...)
NOT-FOR-US: Cisco
CVE-2018-0472 (A vulnerability in the IPsec driver code of multiple Cisco IOS
XE ...)
@@ -69710,7 +69710,7 @@ CVE-2018-0463 (A vulnerability in the Cisco Network
Plug and Play server compone
CVE-2018-0462 (A vulnerability in the user management functionality of Cisco
...)
NOT-FOR-US: Cisco
CVE-2018-0461 (A vulnerability in the Cisco IP Phone 8800 Series Software
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0460 (A vulnerability in the REST API of Cisco Enterprise NFV
Infrastructure ...)
NOT-FOR-US: Cisco
CVE-2018-0459 (A vulnerability in the web-based management interface of Cisco
...)
@@ -69734,7 +69734,7 @@ CVE-2018-0451 (A vulnerability in the web-based
management interface of Cisco ..
CVE-2018-0450 (A vulnerability in the web-based management interface of Cisco
Data ...)
NOT-FOR-US: Cisco
CVE-2018-0449 (A vulnerability in the Cisco Jabber Client Framework (JCF)
software, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0448 (A vulnerability in the identity management service of Cisco
Digital ...)
NOT-FOR-US: Cisco
CVE-2018-0447 (A vulnerability in the anti-spam protection mechanisms of Cisco
...)
@@ -70074,7 +70074,7 @@ CVE-2018-0284 (A vulnerability in the local status page
functionality of the Cis
CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower
System ...)
NOT-FOR-US: Cisco
CVE-2018-0282 (A vulnerability in the TCP socket code of Cisco IOS and IOS XE
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower
System ...)
NOT-FOR-US: Cisco
CVE-2018-0280 (A vulnerability in the Real-Time Transport Protocol (RTP)
bitstream ...)
@@ -70285,7 +70285,7 @@ CVE-2018-0183 (A vulnerability in the CLI parser of
Cisco IOS XE Software could
CVE-2018-0182 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE
Software ...)
NOT-FOR-US: Cisco
CVE-2018-0181 (A vulnerability in the Redis implementation used by the Cisco
Policy ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0180 (Multiple vulnerabilities in the Login Enhancements (Login
Block) ...)
NOT-FOR-US: Cisco
CVE-2018-0179 (Multiple vulnerabilities in the Login Enhancements (Login
Block) ...)
@@ -75524,15 +75524,15 @@ CVE-2017-15406 (A stack buffer overflow in V8 in
Google Chrome prior to 62.0.320
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
CVE-2017-15405 (Inappropriate symlink handling and a race condition in the
stateful ...)
- TODO: check
+ NOT-FOR-US: Chrome OS
CVE-2017-15404 (An ability to process crash dumps under root privileges and
...)
- TODO: check
+ NOT-FOR-US: Chrome OS
CVE-2017-15403 (Insufficient data validation in crosh could lead to a command
...)
- TODO: check
+ NOT-FOR-US: Chrome OS
CVE-2017-15402 (Using an ID that can be controlled by a compromised renderer
which ...)
- TODO: check
+ NOT-FOR-US: Chrome OS
CVE-2017-15401 (A memory corruption bug in WebAssembly could lead to out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Chrome OS
CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google
Chrome OS ...)
{DSA-4243-1}
- cups 2.2.3-2
@@ -80262,17 +80262,17 @@ CVE-2017-13893
CVE-2017-13892
RESERVED
CVE-2017-13891 (In iOS before 11.2, an inconsistent user interface issue was
addressed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13890 (An issue was discovered in certain Apple products. macOS
before ...)
NOT-FOR-US: Apple
CVE-2017-13889 (In macOS High Sierra before 10.13.3, Security Update 2018-001
Sierra, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13888 (In iOS before 11.2, a type confusion issue was addressed with
improved ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13887 (In macOS High Sierra before 10.13.2, a logic issue existed in
APFS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13886 (In macOS High Sierra before 10.13.2, an access issue existed
with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13885 (An issue was discovered in certain Apple products. iOS before
11.2 is ...)
- webkit2gtk 2.18.6-1 (unimportant)
[stretch] - webkit2gtk 2.18.6-1~deb9u1
@@ -89139,7 +89139,7 @@ CVE-2017-11006 (In Android for MSM, Firefox OS for MSM,
QRD Android, with all An
CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm closed-source components for Android
CVE-2017-11004 (A non-secure user may be able to access certain registers in
...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-11003 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11002 (In all Qualcomm products with Android releases from CAF using
the ...)
@@ -111880,7 +111880,7 @@ CVE-2017-3720
CVE-2017-3719
RESERVED
CVE-2017-3718 (Improper setting of device configuration in system firmware for
...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2017-3717
RESERVED
CVE-2017-3716
@@ -115667,7 +115667,7 @@ CVE-2017-2413 (An issue was discovered in certain
Apple products. macOS before .
CVE-2017-2412 (An issue was discovered in certain Apple products. iOS before
10.3 is ...)
NOT-FOR-US: Apple
CVE-2017-2411 (In iOS before 11.2, exchange rates were retrieved from HTTP
rather ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-2410 (An issue was discovered in certain Apple products. macOS before
...)
NOT-FOR-US: Apple
CVE-2017-2409 (An issue was discovered in certain Apple products. macOS before
...)
@@ -127414,7 +127414,7 @@ CVE-2016-7578 (An issue was discovered in certain
Apple products. iOS before 10.
CVE-2016-7577 (An issue was discovered in certain Apple products. iOS before
10.1 is ...)
NOT-FOR-US: Apple
CVE-2016-7576 (In iOS before 9.3.3, a memory corruption issue existed in the
kernel. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-7574
RESERVED
CVE-2016-7573
@@ -137502,11 +137502,11 @@ CVE-2016-4646 (Audio in Apple OS X before 10.11.6
mishandles a size value, which
CVE-2016-4645 (CFNetwork in Apple OS X before 10.11.6 uses weak permissions
for ...)
NOT-FOR-US: Apple
CVE-2016-4644 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4643 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4642 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4641 (Login Window in Apple OS X before 10.11.6 allows attackers to
execute ...)
NOT-FOR-US: Apple
CVE-2016-4640 (Login Window in Apple OS X before 10.11.6 allows attackers to
execute ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6191c46ea597d3e4d7ab084b784f8897891ec2f0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6191c46ea597d3e4d7ab084b784f8897891ec2f0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
