[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Fri, 22 Mar 2019 03:18:49 -0700

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
41973d45 by Moritz Muehlenhoff at 2019-03-22T10:17:50Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44001,7 +44001,7 @@ CVE-2018-12574 (CSRF exists for all actions in the web 
interface on TP-Link TL-W
 CVE-2018-12573
        RESERVED
 CVE-2018-12572 (Avast Free Antivirus prior to 19.1.2360 stores user 
credentials in mem ...)
-       TODO: check
+       NOT-FOR-US: Avast
 CVE-2018-12571 (uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront 
Unified ...)
        NOT-FOR-US: Microsoft
 CVE-2018-12570
@@ -45171,53 +45171,53 @@ CVE-2018-12221 (Insufficient input validation in 
Kernel Mode Driver in Intel(R)
 CVE-2018-12220 (Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver 
for Window ...)
        NOT-FOR-US: Intel
 CVE-2018-12219 (Insufficient input validation in Kernel Mode Driver in 
Intel(R) Graphi ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12218 (Unhandled exception in User Mode Driver in Intel(R) Graphics 
Driver fo ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12217 (Insufficient access control in Kernel Mode Driver in Intel(R) 
Graphics ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12216 (Insufficient input validation in Kernel Mode Driver in 
Intel(R) Graphi ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12215 (Insufficient input validation in Kernel Mode Driver in 
Intel(R) Graphi ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12214 (Potential memory corruption in Kernel Mode Driver in Intel(R) 
Graphics ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12213 (Potential memory corruption in Kernel Mode Driver in Intel(R) 
Graphics ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12212 (Buffer overflow in User Mode Driver in Intel(R) Graphics 
Driver for Wi ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12211 (Insufficient input validation in User Mode Driver in Intel(R) 
Graphics ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12210 (Multiple pointer dereferences in User Mode Driver in Intel(R) 
Graphics ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12209 (Insufficient access control in User Mode Driver in Intel(R) 
Graphics D ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12208 (Buffer overflow in HECI subsystem in Intel(R) CSME before 
versions 11. ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12207
        RESERVED
 CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist 
Technol ...)
        NOT-FOR-US: Intel QuickAssist Technology for Linux
 CVE-2018-12205 (Privilege escalation vulnerability in Platform Sample/ Silicon 
Referen ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12204 (Privilege escalation vulnerability in Platform Sample/ Silicon 
Referen ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12203 (Denial of service vulnerability in Platform Sample/ Silicon 
Reference  ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12202 (Privilege escalation vulnerability in Platform Sample/ Silicon 
Referen ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12201 (Buffer overflow vulnerability in Platform Sample / Silicon 
Reference f ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12200 (Insufficient access control in Intel(R) Capability Licensing 
Service b ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12199 (Buffer overflow in an OS component in Intel CSME before 
versions 11.8. ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12198 (Insufficient input validation in Intel(R) Server Platform 
Services HEC ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12197
        RESERVED
 CVE-2018-12196 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME 
before  ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12195
        RESERVED
 CVE-2018-12194
@@ -45225,21 +45225,21 @@ CVE-2018-12194
 CVE-2018-12193 (Insufficient access control in driver stack for Intel 
QuickAssist Tech ...)
        NOT-FOR-US: Intel
 CVE-2018-12192 (Logic bug in Kernel subsystem in Intel CSME before version 
11.8.60, 11 ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12191 (Bounds check in Kernel subsystem in Intel CSME before version 
11.8.60, ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12190 (Insufficient input validation in Intel CSME subsystem before 
versions  ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12189 (Unhandled exception in Content Protection subsystem in Intel 
CSME befo ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12188 (Insufficient input validation in Intel CSME before versions 
11.8.60, 1 ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12187 (Insufficient input validation in Intel(R) Active Management 
Technology ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12186
        RESERVED
 CVE-2018-12185 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME 
before  ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12184
        RESERVED
 CVE-2018-12183
@@ -46265,7 +46265,7 @@ CVE-2018-11790 (When loading a document with Apache 
Open Office 4.1.5 and earlie
        NOTE: https://www.openwall.com/lists/oss-security/2019/01/16/2
        NOTE: 
https://github.com/LibreOffice/core/commit/bbc94edb9a91b27910d43610db9994df10dd99e1
 CVE-2018-11789 (When accessing the heron-ui webpage, people can modify the 
file paths  ...)
-       TODO: check
+       NOT-FOR-US: Apache Heron
 CVE-2018-11788 (Apache Karaf provides a features deployer, which allows users 
to "hot  ...)
        - apache-karaf <itp> (bug #881297)
 CVE-2018-11787 (In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the 
webcons ...)
@@ -46393,7 +46393,7 @@ CVE-2018-11749 (When users are configured to use 
startTLS with RBAC LDAP, at log
 CVE-2018-11748 (Previous releases of the Puppet device_manager module creates 
configur ...)
        NOT-FOR-US: Puppet device_manager module
 CVE-2018-11747 (Previously, Puppet Discovery was shipped with a default 
generated TLS  ...)
-       TODO: check
+       NOT-FOR-US: Puppet Discovery
 CVE-2018-11746 (In Puppet Discovery prior to 1.2.0, when running Discovery 
against Win ...)
        NOT-FOR-US: Puppet Discovery
 CVE-2018-11745
@@ -51064,11 +51064,11 @@ CVE-2018-10095 (Cross-site scripting (XSS) 
vulnerability in Dolibarr before 7.0.
 CVE-2018-10094 (SQL injection vulnerability in Dolibarr before 7.0.2 allows 
remote att ...)
        - dolibarr <removed>
 CVE-2018-10093 (AudioCodes IP phone 420HD devices using firmware version 
2.2.12.126 al ...)
-       TODO: check
+       NOT-FOR-US: AudioCodes IP phone
 CVE-2018-10092 (The admin panel in Dolibarr before 7.0.2 might allow remote 
attackers  ...)
        - dolibarr <removed>
 CVE-2018-10091 (AudioCodes IP phone 420HD devices using firmware version 
2.2.12.126 al ...)
-       TODO: check
+       NOT-FOR-US: AudioCodes IP phone
 CVE-2018-10090
        RESERVED
 CVE-2018-10089
@@ -82886,11 +82886,11 @@ CVE-2017-16257
 CVE-2017-16256
        RESERVED
 CVE-2017-16255 (An exploitable buffer overflow vulnerability exists in the 
PubNub mess ...)
-       TODO: check
+       NOT-FOR-US: Insteon Hub
 CVE-2017-16254 (An exploitable buffer overflow vulnerability exists in the 
PubNub mess ...)
-       TODO: check
+       NOT-FOR-US: Insteon Hub
 CVE-2017-16253 (An exploitable buffer overflow vulnerability exists in the 
PubNub mess ...)
-       TODO: check
+       NOT-FOR-US: Insteon Hub
 CVE-2017-16252 (Specially crafted commands sent through the PubNub service in 
Insteon  ...)
        NOT-FOR-US: Insteon Hub
 CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST 
14.2, releas ...)
@@ -132316,7 +132316,7 @@ CVE-2016-9168 (A missing X-Frame-Options header in 
the NDS Utility Monitor in ND
 CVE-2016-9167 (NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs 
on LDAP  ...)
        NOT-FOR-US: Novell
 CVE-2016-9166 (NetIQ eDirectory versions prior to 9.0.2, under some 
circumstances, co ...)
-       TODO: check
+       NOT-FOR-US: Novell
 CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure 
Management (form ...)
        NOT-FOR-US: CA Unified Infrastructure Management
 CVE-2016-9164 (Directory traversal vulnerability in diag.jsp file in CA 
Unified Infra ...)
@@ -142978,7 +142978,7 @@ CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove 
(Out of China) and before 4.0
 CVE-2016-5820
        REJECTED
 CVE-2016-5819 (Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell 
G3111/G ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2016-5818 (An issue was discovered in Schneider Electric PowerLogic PM8ECC 
device ...)
        NOT-FOR-US: Schneider
 CVE-2016-5817 (SQL injection vulnerability in news pages in Cargotec Navis 
WebAccess  ...)
@@ -143016,7 +143016,7 @@ CVE-2016-5802 (An issue was discovered in Delta 
Electronics WPLSoft, Versions pr
 CVE-2016-5801 (An issue was discovered in OmniMetrix OmniView, Version 1.2. 
Insuffici ...)
        NOT-FOR-US: OmniMetrix OmniView
 CVE-2016-5800 (A malicious attacker can trigger a remote buffer overflow in 
the Commu ...)
-       TODO: check
+       NOT-FOR-US: Fatek
 CVE-2016-5799 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, 
and G3 ...)
        NOT-FOR-US: Moxa
 CVE-2016-5798 (An issue was discovered in Fatek Automation PM Designer V3 
Version 2.1 ...)
@@ -168375,17 +168375,17 @@ CVE-2015-6464 (The administrative web interface on 
Moxa EDS-405A and EDS-408A sw
 CVE-2015-6463 (CodeWrights HART Comm DTM components, as used with 
Endress+Hauser Fiel ...)
        NOT-FOR-US: CodeWrights HART Comm DTM components
 CVE-2015-6462 (Reflected Cross-Site Scripting (nonpersistent) allows an 
attacker to c ...)
-       TODO: check
+       NOT-FOR-US: Schneider
 CVE-2015-6461 (Remote file inclusion allows an attacker to craft a specific 
URL refer ...)
-       TODO: check
+       NOT-FOR-US: Schneider
 CVE-2015-6460 (Multiple heap-based buffer overflows in 3S-Smart CODESYS 
Gateway Serve ...)
        NOT-FOR-US: CODESYS Gateway Server
 CVE-2015-6459 (Absolute path traversal vulnerability in the download feature 
in FileD ...)
        NOT-FOR-US: FileDownloadServlet
 CVE-2015-6458 (Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow 
conditi ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2015-6457 (Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow 
conditi ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise 
before 3.1. ...)
        NOT-FOR-US: PulseNET
 CVE-2015-6455



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/41973d452c5814d8530763e29030628e8e0eaabf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/41973d452c5814d8530763e29030628e8e0eaabf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to