Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
972ac47c by Moritz Muehlenhoff at 2019-01-16T21:59:22Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -54,15 +54,15 @@ CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser
before 0.9.1 has an out-of
- uriparser 0.9.1-1
NOTE:
https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
CVE-2015-9280 (MailEnable before 8.60 allows XXE via an XML document in the
...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2015-9279 (MailEnable before 8.60 allows Stored XSS via malformed use of
...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2015-9278 (MailEnable before 8.60 allows Privilege Escalation because
admin ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2015-9277 (MailEnable before 8.60 allows Directory Traversal for reading
the ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2015-9276 (SmarterTools SmarterMail before 13.3.5535 was vulnerable to
stored XSS ...)
- TODO: check
+ NOT-FOR-US: SmarterTools SmarterMail
CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses
the pickle ...)
- python-numpy <unfixed>
NOTE: https://github.com/numpy/numpy/issues/12759
@@ -29464,7 +29464,7 @@ CVE-2018-14483
CVE-2018-14482
RESERVED
CVE-2018-14481 (Osclass 3.7.4 has XSS via the query string to index.php, a
different ...)
- TODO: check
+ NOT-FOR-US: Osclass
CVE-2018-14480
RESERVED
CVE-2018-14479
@@ -47559,7 +47559,7 @@ CVE-2018-7605
CVE-2018-7604
RESERVED
CVE-2018-7603 (In Drupal's 3rd party module search auto complete prior to
versions ...)
- TODO: check
+ NOT-FOR-US: Drupal addon
CVE-2018-7602 (A remote code execution vulnerability exists within multiple
...)
{DSA-4180-1 DLA-1365-1}
- drupal7 <removed> (bug #896701)
@@ -50686,7 +50686,7 @@ CVE-2017-18143 (In Android before security patch level
2018-04-05 on Qualcomm ..
CVE-2017-18142 (In Android before security patch level 2018-04-05 on Qualcomm
...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18141 (When a 3rd party TEE has been loaded it is possible for the
non-secure ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18140 (In Android before security patch level 2018-04-05 on Qualcomm
...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18139 (In Android before security patch level 2018-04-05 on Qualcomm
...)
@@ -51721,7 +51721,7 @@ CVE-2018-6347 (An issue in the Proxygen handling of
HTTP2 parsing of headers/tra
CVE-2018-6346 (A potential denial-of-service issue in the Proxygen handling of
...)
NOT-FOR-US: Facebook Proxygen
CVE-2018-6345 (The function number_format is vulnerable to a heap overflow
issue when ...)
- TODO: check
+ - hhvm <removed>
CVE-2018-6344 (A heap corruption in WhatsApp can be caused by a malformed RTP
packet ...)
NOT-FOR-US: Whatsapp
CVE-2018-6343 (Proxygen fails to validate that a secondary auth manager is set
before ...)
@@ -54464,7 +54464,7 @@ CVE-2018-5483
CVE-2018-5482
RESERVED
CVE-2018-5481 (OnCommand Unified Manager for 7-Mode (core package) prior to
5.2.4 ...)
- TODO: check
+ NOT-FOR-US: OnCommand Unified Manager
CVE-2018-5480
RESERVED
CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to footer information) is
vulnerable ...)
@@ -54609,13 +54609,13 @@ CVE-2018-5415
CVE-2018-5414
RESERVED
CVE-2018-5413 (Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low
...)
- TODO: check
+ NOT-FOR-US: Imperva SecureSphere
CVE-2018-5412 (Imperva SecureSphere running v12.0.0.50 is vulnerable to local
...)
- TODO: check
+ NOT-FOR-US: Imperva SecureSphere
CVE-2018-5411 (Pixar's Tractor software, versions 2.2 and earlier, contain a
stored ...)
NOT-FOR-US: Pixar Tractor
CVE-2018-5410 (Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are
vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Dokan
CVE-2018-5409
RESERVED
CVE-2018-5408
@@ -54637,7 +54637,7 @@ CVE-2018-5405
CVE-2018-5404
RESERVED
CVE-2018-5403 (Imperva SecureSphere gateway (GW) running v13, for both
pre-First Time ...)
- TODO: check
+ NOT-FOR-US: Imperva SecureSphere
CVE-2018-5402 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer
Android App ...)
NOT-FOR-US: Auto-Maskin
CVE-2018-5401 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer
Android App ...)
@@ -57569,7 +57569,7 @@ CVE-2018-4299
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
CVE-2018-4298 (In macOS High Sierra before 10.13.3, Security Update 2018-001
Sierra, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4297
RESERVED
CVE-2018-4296
@@ -57606,7 +57606,7 @@ CVE-2018-4283
CVE-2018-4282
RESERVED
CVE-2018-4281 (In SwiftNIO before 1.8.0, a buffer overflow was addressed with
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4280
RESERVED
CVE-2018-4279
@@ -57616,7 +57616,7 @@ CVE-2018-4278 (In Safari before 11.1.2, iTunes before
12.8 for Windows, iOS befo
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4277 (In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1,
Safari ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4276
RESERVED
CVE-2018-4275
@@ -57686,15 +57686,15 @@ CVE-2018-4260
CVE-2018-4259
RESERVED
CVE-2018-4258 (In macOS High Sierra before 10.13.5, a buffer overflow was
addressed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4257 (In macOS High Sierra before 10.13.5, a buffer overflow was
addressed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4256 (In macOS High Sierra before 10.13.5, an out-of-bounds read was
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4255 (In macOS High Sierra before 10.13.5, an out-of-bounds read was
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4254 (In macOS High Sierra before 10.13.5, an input validation issue
existed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4253 (An issue was discovered in certain Apple products. macOS before
...)
NOT-FOR-US: Apple
CVE-2018-4252 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
@@ -57778,7 +57778,7 @@ CVE-2018-4218 (An issue was discovered in certain Apple
products. iOS before 11.
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4217 (In macOS High Sierra before 10.13.5, a privacy issue in the
handling ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4216
RESERVED
CVE-2018-4215 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
@@ -57849,7 +57849,7 @@ CVE-2018-4196 (An issue was discovered in certain Apple
products. macOS before .
CVE-2018-4195
RESERVED
CVE-2018-4194 (In iOS before 11.4, iCloud for Windows before 7.5, watchOS
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4193 (An issue was discovered in certain Apple products. macOS before
...)
NOT-FOR-US: Apple (Windows Server component)
CVE-2018-4192 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
@@ -57866,15 +57866,15 @@ CVE-2018-4190 (An issue was discovered in certain
Apple products. iOS before 11.
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4189 (In iOS before 11.2.5, macOS High Sierra before 10.13.3,
Security ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4188 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
NOT-FOR-US: Safari
CVE-2018-4187 (An issue was discovered in certain Apple products. iOS before
11.3.1 ...)
NOT-FOR-US: Apple (LinkPresentation component)
CVE-2018-4186 (In Safari before 11.1, an information leakage issue existed in
the ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4185 (In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and
macOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4184 (An issue was discovered in certain Apple products. macOS before
...)
NOT-FOR-US: Apple (Speech component)
CVE-2018-4183 (In macOS High Sierra before 10.13.5, an access issue was
addressed ...)
@@ -57892,7 +57892,7 @@ CVE-2018-4180 (In macOS High Sierra before 10.13.5, an
issue existed in CUPS. Th
- cups 2.2.8-2
NOTE: Fixed by:
https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4179 (In macOS High Sierra before 10.13.4, there was an issue with
the ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4178
RESERVED
CVE-2018-4177
@@ -57912,7 +57912,7 @@ CVE-2018-4171 (An issue was discovered in certain Apple
products. macOS before .
CVE-2018-4170 (An issue was discovered in certain Apple products. macOS before
...)
NOT-FOR-US: Apple
CVE-2018-4169 (In macOS High Sierra before 10.13.3, Security Update 2018-001
Sierra, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4168 (An issue was discovered in certain Apple products. iOS before
11.3 is ...)
NOT-FOR-US: Apple
CVE-2018-4167 (An issue was discovered in certain Apple products. iOS before
11.3 is ...)
@@ -57964,7 +57964,7 @@ CVE-2018-4149 (An issue was discovered in certain Apple
products. iOS before 11.
CVE-2018-4148 (An issue was discovered in certain Apple products. iOS before
11.3 is ...)
NOT-FOR-US: Apple
CVE-2018-4147 (In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4146 (An issue was discovered in certain Apple products. iOS before
11.3 is ...)
- webkit2gtk 2.20.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
@@ -58208,19 +58208,19 @@ CVE-2018-4049
CVE-2018-4048
RESERVED
CVE-2018-4047 (An exploitable privilege escalation vulnerability exists in the
helper ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4046 (An exploitable denial-of-service vulnerability exists in the
helper ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4045 (An exploitable privilege escalation vulnerability exists in the
helper ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4044 (An exploitable privilege escalation vulnerability exists in the
helper ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4043 (An exploitable privilege escalation vulnerability exists in the
Clean ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4042 (An exploitable privilege escalation vulnerability exists in the
helper ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4041 (An exploitable privilege escalation vulnerability exists in the
helper ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4040 (An exploitable uninitialized pointer vulnerability exists in
the rich ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-4039 (An exploitable out-of-bounds write vulnerability exists in the
PNG ...)
@@ -58228,17 +58228,17 @@ CVE-2018-4039 (An exploitable out-of-bounds write
vulnerability exists in the PN
CVE-2018-4038 (An exploitable arbitrary write vulnerability exists in the open
...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-4037 (The CleanMyMac X software contains an exploitable privilege
escalation ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4036 (The CleanMyMac X software contains an exploitable privilege
escalation ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4035 (The CleanMyMac X software contains an exploitable privilege
escalation ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4034 (The CleanMyMac X software contains an exploitable privilege
escalation ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4033 (The CleanMyMac X software contains an exploitable privilege
escalation ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4032 (An exploitable privilege escalation vulnerability exists in the
way ...)
- TODO: check
+ NOT-FOR-US: Clean My Mac X
CVE-2018-4031
RESERVED
CVE-2018-4030
@@ -58285,7 +58285,7 @@ CVE-2018-4013 (An exploitable code execution
vulnerability exists in the HTTP ..
NOTE:
http://lists.live555.com/pipermail/live-devel/2018-October/021071.html
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684
CVE-2018-4012 (An exploitable buffer overflow vulnerability exists in the HTTP
...)
- TODO: check
+ NOT-FOR-US: Webroot BrightCloud SDK
CVE-2018-4011
RESERVED
CVE-2018-4010 (An exploitable code execution vulnerability exists in the
connect ...)
@@ -58337,7 +58337,7 @@ CVE-2018-3988 (Signal Messenger for Android 4.24.8 may
expose private informatio
CVE-2018-3987
RESERVED
CVE-2018-3986 (An exploitable information disclosure vulnerability exists in
the ...)
- TODO: check
+ NOT-FOR-US: Telegram Android
CVE-2018-3985
RESERVED
CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within
the ...)
@@ -59302,7 +59302,7 @@ CVE-2018-3705 (Improper directory permissions in the
installer for the Intel Sys
CVE-2018-3704 (Improper directory permissions in the installer for the Intel
Parallel ...)
NOT-FOR-US: Intel Parallel Studio
CVE-2018-3703 (Improper directory permissions in the installer for the
Intel(R) SSD ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3702
RESERVED
CVE-2018-3701
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/972ac47c28ccfb55220bfa0cd85e98ce56517d9f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/972ac47c28ccfb55220bfa0cd85e98ce56517d9f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
