Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a3b6e99 by Moritz Muehlenhoff at 2019-02-18T21:30:29Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2019-8917 (SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote
code ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Orion NPM
CVE-2019-8916
RESERVED
CVE-2019-8915
@@ -34,7 +34,7 @@ CVE-2019-8904 (do_bid_note in readelf.c in libmagic.a in file
5.35 has a stack-b
NOTE: https://bugs.astron.com/view.php?id=62
NOTE:
https://github.com/file/file/commit/94b7501f48e134e77716e7ebefc73d6bbe72ba55
CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path
traversal. ...)
- TODO: check
+ NOT-FOR-US: Total.js Platform
CVE-2019-8902 (An issue was discovered in idreamsoft iCMS through 7.0.14. A
CSRF ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2019-8901
@@ -1113,7 +1113,7 @@ CVE-2019-8374
CVE-2019-8373
RESERVED
CVE-2019-8372 (The LHA.sys driver before 1.1.1811.2101 in LG Device Manager
exposes ...)
- TODO: check
+ NOT-FOR-US: LG
CVE-2019-8371
RESERVED
CVE-2019-8370
@@ -2685,9 +2685,10 @@ CVE-2019-7635 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4498
CVE-2018-20764 (A buffer overflow exists in HelpSystems tcpcrypt on Linux,
used for ...)
+ NOT-FOR-US: BoKS
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676393
NOTE:
https://community.helpsystems.com/knowledge-base/fox-technologies/hotfix/515/
- TODO: check, if it affects src:tcpcrypt, as it is about tcpcrypt as
used in BoKS
+ NOTE: No specific information is provided, but seems caused by BoKS
shipping tcpcrypt setuid
CVE-2019-7634
RESERVED
CVE-2019-7633
@@ -5598,7 +5599,7 @@ CVE-2019-6454 [systemd (PID1) crash with specially
crafted D-Bus message]
- systemd 240-6
NOTE: https://www.openwall.com/lists/oss-security/2019/02/18/3
CVE-2019-6453 (mIRC before 7.55 allows remote command execution by using
argument ...)
- TODO: check
+ NOT-FOR-US: mIRC
CVE-2019-6452
RESERVED
CVE-2019-6451
@@ -22989,7 +22990,7 @@ CVE-2019-0129
CVE-2019-0128
RESERVED
CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3
and ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0126
RESERVED
CVE-2019-0125
@@ -23019,29 +23020,29 @@ CVE-2019-0114
CVE-2019-0113
RESERVED
CVE-2019-0112 (Improper flow control in crypto routines for Intel(R) Data
Center ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0111 (Improper file permissions for Intel(R) Data Center Manager SDK
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0110 (Insufficient key management for Intel(R) Data Center Manager
SDK ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0109 (Improper folder permissions in Intel(R) Data Center Manager SDK
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0108 (Improper file permissions for Intel(R) Data Center Manager SDK
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0107 (Insufficient user prompt in install routine for Intel(R) Data
Center ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0106 (Insufficient run protection in install routine for Intel(R)
Data ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0105 (Insufficient file permissions checking in install routine for
Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0104 (Insufficient file protection in uninstall routine for Intel(R)
Data ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0103 (Insufficient file protection in install routine for Intel(R)
Data ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0102 (Insufficient session authentication in web server for Intel(R)
Data ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0101 (Authentication bypass in the Intel Unite(R) solution versions
3.2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0100
RESERVED
CVE-2019-0099
@@ -41554,7 +41555,7 @@ CVE-2018-12161 (Insufficient session validation in the
webserver component of th
CVE-2018-12160 (DLL injection vulnerability in software installer for Intel
Data ...)
NOT-FOR-US: Intel
CVE-2018-12159 (Buffer overflow in the command-line interface for Intel(R)
PROSet ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12158 (Insufficient input validation in BIOS update utility in Intel
NUC FW ...)
NOT-FOR-US: Intel
CVE-2018-12157
@@ -65423,7 +65424,7 @@ CVE-2018-3702
CVE-2018-3701
RESERVED
CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB
3.0 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3699 (Cross-site scripting in the Intel RAID Web Console v3 for
Windows may ...)
NOT-FOR-US: Intel RAID Web Console
CVE-2018-3698 (Improper file permissions in the installer for the Intel Ready
Mode ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a3b6e9964774b3fc82c8ecc107c5d77a404bd33
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a3b6e9964774b3fc82c8ecc107c5d77a404bd33
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
