Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 94188034 by Salvatore Bonaccorso at 2019-01-11T20:47:53Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -201,13 +201,13 @@ CVE-2019-6140 CVE-2019-6139 RESERVED CVE-2019-6138 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc and ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2019-6137 (An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in ...) - TODO: check + NOT-FOR-US: lib60870 CVE-2019-6136 (An issue has been found in libIEC61850 v1.3.1. ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2019-6135 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc in ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2019-6134 RESERVED CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...) @@ -16506,7 +16506,7 @@ CVE-2019-0090 CVE-2019-0089 RESERVED CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility for ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-0087 RESERVED CVE-2019-0086 @@ -19546,7 +19546,7 @@ CVE-2018-18100 CVE-2018-18099 RESERVED CVE-2018-18098 (Improper file verification in install routine for Intel(R) SGX SDK and ...) - TODO: check + NOT-FOR-US: Intel CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive Toolbox ...) NOT-FOR-US: Intel Solid State Drive Toolbox CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for Linux ...) @@ -24352,41 +24352,41 @@ CVE-2018-16197 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home g CVE-2018-16196 (Multiple Yokogawa products that contain Vnet/IP Open Communication ...) TODO: check CVE-2018-16195 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...) - TODO: check + NOT-FOR-US: Aterm firmware CVE-2018-16194 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...) - TODO: check + NOT-FOR-US: Aterm firmware CVE-2018-16193 (Cross-site scripting vulnerability in Aterm WF1200CR and Aterm ...) - TODO: check + NOT-FOR-US: Aterm firmware CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...) - TODO: check + NOT-FOR-US: Aterm firmware CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, ...) - TODO: check + NOT-FOR-US: EC-CUBE CVE-2018-16190 RESERVED CVE-2018-16189 RESERVED CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 ...) - TODO: check + NOT-FOR-US: RICOH CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to ...) - TODO: check + NOT-FOR-US: RICOH CVE-2018-16186 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, ...) - TODO: check + NOT-FOR-US: RICOH CVE-2018-16185 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, ...) - TODO: check + NOT-FOR-US: RICOH CVE-2018-16184 (RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, ...) - TODO: check + NOT-FOR-US: RICOH CVE-2018-16183 (An unquoted search path vulnerability in some pre-installed ...) - TODO: check + NOT-FOR-US: Panasonic PC applications CVE-2018-16182 (Untrusted search path vulnerability in the installer of MARKET SPEED ...) - TODO: check + NOT-FOR-US: MARKET SPEED CVE-2018-16181 (HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and ...) TODO: check CVE-2018-16180 (Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier ...) TODO: check CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier does not ...) - TODO: check + NOT-FOR-US: Mizuho Direct App for Android CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows10 Fall ...) TODO: check CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping Tool ...) @@ -24398,13 +24398,13 @@ CVE-2018-16174 (Open redirect vulnerability in LearnPress prior to version 3.1.0 CVE-2018-16173 (Cross-site scripting vulnerability in LearnPress prior to version ...) TODO: check CVE-2018-16172 (Improper countermeasure against clickjacking attack in client ...) - TODO: check + NOT-FOR-US: Cybozu Remote Service CVE-2018-16171 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to ...) - TODO: check + NOT-FOR-US: Cybozu Remote Service CVE-2018-16170 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to ...) - TODO: check + NOT-FOR-US: Cybozu Remote Service CVE-2018-16169 (Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated ...) - TODO: check + NOT-FOR-US: Cybozu Remote Service CVE-2018-16168 (LogonTracer 1.2.0 and earlier allows remote attackers to conduct ...) TODO: check CVE-2018-16167 (LogonTracer 1.2.0 and earlier allows remote attackers to execute ...) @@ -25441,7 +25441,7 @@ CVE-2018-15782 CVE-2018-15781 RESERVED CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access ...) - TODO: check + NOT-FOR-US: RSA Archer CVE-2018-15779 RESERVED CVE-2018-15778 @@ -26254,35 +26254,35 @@ CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs] - gitlab 11.1.8+dfsg-2 NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-15467 (A vulnerability in the web-based management interface of Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-15466 (A vulnerability in the Graphite web interface of the Policy and ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-15465 (A vulnerability in the authorization subsystem of Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2018-15464 (A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-15463 RESERVED CVE-2018-15462 RESERVED CVE-2018-15461 (A vulnerability in the MyWebex component of Cisco Webex Business Suite ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-15460 (A vulnerability in the email message filtering feature of Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-15459 RESERVED CVE-2018-15458 (A vulnerability in the Shell Access Filter feature of Cisco Firepower ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-15457 (A vulnerability in the web-based management interface of Cisco Prime ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-15456 (A vulnerability in the Admin Portal of Cisco Identity Services Engine ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-15455 RESERVED CVE-2018-15454 (A vulnerability in the Session Initiation Protocol (SIP) inspection ...) NOT-FOR-US: Cisco CVE-2018-15453 (A vulnerability in the Secure/Multipurpose Internet Mail Extensions ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-15452 (A vulnerability in the DLL loading component of Cisco Advanced Malware ...) NOT-FOR-US: Cisco CVE-2018-15451 (A vulnerability in the web-based management interface of Cisco Prime ...) @@ -33879,29 +33879,29 @@ CVE-2017-18332 CVE-2017-18331 RESERVED CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via initialization ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in snapdragon ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18328 (Use after free in QSH client rule processing in snapdragon mobile and ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18327 (Security keys are logged when any WCDMA call is configured or ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18326 (Cryptographic keys are printed in modem debug messages in snapdragon ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18325 RESERVED CVE-2017-18324 (Cryptographic key material leaked in debug messages - GERAN in ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18323 (Cryptographic key material leaked in TDSCDMA RRC debug messages in ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18322 (Cryptographic key material leaked in WCDMA debug messages in ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18321 (Security keys used by the terminal and NW for a session could be ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18320 (QSEE unload attempt on a 3rd party TEE without previously loading ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18319 (Information leak in UIM API debug messages in snapdragon mobile and ...) - TODO: check + NOT-FOR-US: snapdragon CVE-2017-18318 (Missing validation check on CRL issuer name in Snapdragon Automobile, ...) NOT-FOR-US: Snapdragon CVE-2017-18317 (Restrictions related to the modem (sim lock, sim kill) can be bypassed ...) @@ -34765,7 +34765,7 @@ CVE-2018-12179 CVE-2018-12178 RESERVED CVE-2018-12177 (Improper directory permissions in the ZeroConfig service in Intel(R) ...) - TODO: check + NOT-FOR-US: Intel PROSet/Wireless WiFi Software CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a ...) NOT-FOR-US: Intel CVE-2018-12175 (Default install directory permissions in Intel Distribution for Python ...) @@ -34786,9 +34786,9 @@ CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Proce CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing ...) NOT-FOR-US: Intel CVE-2018-12167 (Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC ...) - TODO: check + NOT-FOR-US: Intel CVE-2018-12166 (Insufficient write protection in firmware for Intel(R) Optane(TM) SSD ...) - TODO: check + NOT-FOR-US: Intel CVE-2018-12165 RESERVED CVE-2018-12164 @@ -43673,7 +43673,7 @@ CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7, NOTE: https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow NOTE: https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097 CVE-2018-8827 (The admin web interface on Technicolor MediaAccess TG789vac v2 HP ...) - TODO: check + NOT-FOR-US: Technicolor CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 ...) NOT-FOR-US: ASUS routers CVE-2018-8825 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/94188034cda504518719679bf604d93d692cea52 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/94188034cda504518719679bf604d93d692cea52 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits