[Git][security-tracker-team/security-tracker][master] Process NFUs

Fri, 11 Jan 2019 12:49:21 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
94188034 by Salvatore Bonaccorso at 2019-01-11T20:47:53Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -201,13 +201,13 @@ CVE-2019-6140
 CVE-2019-6139
        RESERVED
 CVE-2019-6138 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc 
and ...)
-       TODO: check
+       NOT-FOR-US: libIEC61850
 CVE-2019-6137 (An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress 
in ...)
-       TODO: check
+       NOT-FOR-US: lib60870
 CVE-2019-6136 (An issue has been found in libIEC61850 v1.3.1. ...)
-       TODO: check
+       NOT-FOR-US: libIEC61850
 CVE-2019-6135 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc in 
...)
-       TODO: check
+       NOT-FOR-US: libIEC61850
 CVE-2019-6134
        RESERVED
 CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time" 
protection mechanism ...)
@@ -16506,7 +16506,7 @@ CVE-2019-0090
 CVE-2019-0089
        RESERVED
 CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility 
for ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2019-0087
        RESERVED
 CVE-2019-0086
@@ -19546,7 +19546,7 @@ CVE-2018-18100
 CVE-2018-18099
        RESERVED
 CVE-2018-18098 (Improper file verification in install routine for Intel(R) SGX 
SDK and ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive 
Toolbox ...)
        NOT-FOR-US: Intel Solid State Drive Toolbox
 CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for 
Linux ...)
@@ -24352,41 +24352,41 @@ CVE-2018-16197 (Toshiba Home gateway HEM-GW16A 1.2.9 
and earlier, Toshiba Home g
 CVE-2018-16196 (Multiple Yokogawa products that contain Vnet/IP Open 
Communication ...)
        TODO: check
 CVE-2018-16195 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware 
Ver1.1.1 ...)
-       TODO: check
+       NOT-FOR-US: Aterm firmware
 CVE-2018-16194 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware 
Ver1.1.1 ...)
-       TODO: check
+       NOT-FOR-US: Aterm firmware
 CVE-2018-16193 (Cross-site scripting vulnerability in Aterm WF1200CR and Aterm 
...)
-       TODO: check
+       NOT-FOR-US: Aterm firmware
 CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware 
Ver1.1.1 ...)
-       TODO: check
+       NOT-FOR-US: Aterm firmware
 CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 
3.0.1, ...)
-       TODO: check
+       NOT-FOR-US: EC-CUBE
 CVE-2018-16190
        RESERVED
 CVE-2018-16189
        RESERVED
 CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive 
Whiteboard D2200 ...)
-       TODO: check
+       NOT-FOR-US: RICOH
 CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 
V1.3 to ...)
-       TODO: check
+       NOT-FOR-US: RICOH
 CVE-2018-16186 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to 
V2.2, ...)
-       TODO: check
+       NOT-FOR-US: RICOH
 CVE-2018-16185 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to 
V2.2, ...)
-       TODO: check
+       NOT-FOR-US: RICOH
 CVE-2018-16184 (RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to 
V2.2, ...)
-       TODO: check
+       NOT-FOR-US: RICOH
 CVE-2018-16183 (An unquoted search path vulnerability in some pre-installed 
...)
-       TODO: check
+       NOT-FOR-US: Panasonic PC applications
 CVE-2018-16182 (Untrusted search path vulnerability in the installer of MARKET 
SPEED ...)
-       TODO: check
+       NOT-FOR-US: MARKET SPEED
 CVE-2018-16181 (HTTP header injection vulnerability in i-FILTER Ver.9.50R05 
and ...)
        TODO: check
 CVE-2018-16180 (Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and 
earlier ...)
        TODO: check
 CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier 
does not ...)
-       TODO: check
+       NOT-FOR-US: Mizuho Direct App for Android
 CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to 
bypass access ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Garoon
 CVE-2018-16177 (Untrusted search path vulnerability in The installer of 
Windows10 Fall ...)
        TODO: check
 CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping 
Tool ...)
@@ -24398,13 +24398,13 @@ CVE-2018-16174 (Open redirect vulnerability in 
LearnPress prior to version 3.1.0
 CVE-2018-16173 (Cross-site scripting vulnerability in LearnPress prior to 
version ...)
        TODO: check
 CVE-2018-16172 (Improper countermeasure against clickjacking attack in client 
...)
-       TODO: check
+       NOT-FOR-US: Cybozu Remote Service
 CVE-2018-16171 (Directory traversal vulnerability in Cybozu Remote Service 
3.0.0 to ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Remote Service
 CVE-2018-16170 (Directory traversal vulnerability in Cybozu Remote Service 
3.0.0 to ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Remote Service
 CVE-2018-16169 (Cybozu Remote Service 3.0.0 to 3.1.0 allows remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Remote Service
 CVE-2018-16168 (LogonTracer 1.2.0 and earlier allows remote attackers to 
conduct ...)
        TODO: check
 CVE-2018-16167 (LogonTracer 1.2.0 and earlier allows remote attackers to 
execute ...)
@@ -25441,7 +25441,7 @@ CVE-2018-15782
 CVE-2018-15781
        RESERVED
 CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper 
access ...)
-       TODO: check
+       NOT-FOR-US: RSA Archer
 CVE-2018-15779
        RESERVED
 CVE-2018-15778
@@ -26254,35 +26254,35 @@ CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs]
        - gitlab 11.1.8+dfsg-2
        NOTE: 
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-15467 (A vulnerability in the web-based management interface of Cisco 
...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-15466 (A vulnerability in the Graphite web interface of the Policy 
and ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-15465 (A vulnerability in the authorization subsystem of Cisco 
Adaptive ...)
        NOT-FOR-US: Cisco
 CVE-2018-15464 (A vulnerability in Cisco 900 Series Aggregation Services 
Router (ASR) ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-15463
        RESERVED
 CVE-2018-15462
        RESERVED
 CVE-2018-15461 (A vulnerability in the MyWebex component of Cisco Webex 
Business Suite ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-15460 (A vulnerability in the email message filtering feature of 
Cisco ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-15459
        RESERVED
 CVE-2018-15458 (A vulnerability in the Shell Access Filter feature of Cisco 
Firepower ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-15457 (A vulnerability in the web-based management interface of Cisco 
Prime ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-15456 (A vulnerability in the Admin Portal of Cisco Identity Services 
Engine ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-15455
        RESERVED
 CVE-2018-15454 (A vulnerability in the Session Initiation Protocol (SIP) 
inspection ...)
        NOT-FOR-US: Cisco
 CVE-2018-15453 (A vulnerability in the Secure/Multipurpose Internet Mail 
Extensions ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-15452 (A vulnerability in the DLL loading component of Cisco Advanced 
Malware ...)
        NOT-FOR-US: Cisco
 CVE-2018-15451 (A vulnerability in the web-based management interface of Cisco 
Prime ...)
@@ -33879,29 +33879,29 @@ CVE-2017-18332
 CVE-2017-18331
        RESERVED
 CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via 
initialization ...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in 
snapdragon ...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18328 (Use after free in QSH client rule processing in snapdragon 
mobile and ...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18327 (Security keys are logged when any WCDMA call is configured or 
...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18326 (Cryptographic keys are printed in modem debug messages in 
snapdragon ...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18325
        RESERVED
 CVE-2017-18324 (Cryptographic key material leaked in debug messages - GERAN in 
...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18323 (Cryptographic key material leaked in TDSCDMA RRC debug 
messages in ...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18322 (Cryptographic key material leaked in WCDMA debug messages in 
...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18321 (Security keys used by the terminal and NW for a session could 
be ...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18320 (QSEE unload attempt on a 3rd party TEE without previously 
loading ...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18319 (Information leak in UIM API debug messages in snapdragon 
mobile and ...)
-       TODO: check
+       NOT-FOR-US: snapdragon
 CVE-2017-18318 (Missing validation check on CRL issuer name in Snapdragon 
Automobile, ...)
        NOT-FOR-US: Snapdragon
 CVE-2017-18317 (Restrictions related to the modem (sim lock, sim kill) can be 
bypassed ...)
@@ -34765,7 +34765,7 @@ CVE-2018-12179
 CVE-2018-12178
        RESERVED
 CVE-2018-12177 (Improper directory permissions in the ZeroConfig service in 
Intel(R) ...)
-       TODO: check
+       NOT-FOR-US: Intel PROSet/Wireless WiFi Software
 CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may 
allow a ...)
        NOT-FOR-US: Intel
 CVE-2018-12175 (Default install directory permissions in Intel Distribution 
for Python ...)
@@ -34786,9 +34786,9 @@ CVE-2018-12169 (Platform sample code firmware in 4th 
Generation Intel Core Proce
 CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing 
...)
        NOT-FOR-US: Intel
 CVE-2018-12167 (Firmware update routine in bootloader for Intel(R) Optane(TM) 
SSD DC ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12166 (Insufficient write protection in firmware for Intel(R) 
Optane(TM) SSD ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-12165
        RESERVED
 CVE-2018-12164
@@ -43673,7 +43673,7 @@ CVE-2018-8828 (A Buffer Overflow issue was discovered 
in Kamailio before 4.4.7,
        NOTE: 
https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
        NOTE: 
https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
 CVE-2018-8827 (The admin web interface on Technicolor MediaAccess TG789vac v2 
HP ...)
-       TODO: check
+       NOT-FOR-US: Technicolor
 CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and 
RT-N12 D1 ...)
        NOT-FOR-US: ASUS routers
 CVE-2018-8825



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/94188034cda504518719679bf604d93d692cea52

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/94188034cda504518719679bf604d93d692cea52
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to