Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 972ac47c by Moritz Muehlenhoff at 2019-01-16T21:59:22Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -54,15 +54,15 @@ CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of - uriparser 0.9.1-1 NOTE: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4 CVE-2015-9280 (MailEnable before 8.60 allows XXE via an XML document in the ...) - TODO: check + NOT-FOR-US: MailEnable CVE-2015-9279 (MailEnable before 8.60 allows Stored XSS via malformed use of ...) - TODO: check + NOT-FOR-US: MailEnable CVE-2015-9278 (MailEnable before 8.60 allows Privilege Escalation because admin ...) - TODO: check + NOT-FOR-US: MailEnable CVE-2015-9277 (MailEnable before 8.60 allows Directory Traversal for reading the ...) - TODO: check + NOT-FOR-US: MailEnable CVE-2015-9276 (SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS ...) - TODO: check + NOT-FOR-US: SmarterTools SmarterMail CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle ...) - python-numpy <unfixed> NOTE: https://github.com/numpy/numpy/issues/12759 @@ -29464,7 +29464,7 @@ CVE-2018-14483 CVE-2018-14482 RESERVED CVE-2018-14481 (Osclass 3.7.4 has XSS via the query string to index.php, a different ...) - TODO: check + NOT-FOR-US: Osclass CVE-2018-14480 RESERVED CVE-2018-14479 @@ -47559,7 +47559,7 @@ CVE-2018-7605 CVE-2018-7604 RESERVED CVE-2018-7603 (In Drupal's 3rd party module search auto complete prior to versions ...) - TODO: check + NOT-FOR-US: Drupal addon CVE-2018-7602 (A remote code execution vulnerability exists within multiple ...) {DSA-4180-1 DLA-1365-1} - drupal7 <removed> (bug #896701) @@ -50686,7 +50686,7 @@ CVE-2017-18143 (In Android before security patch level 2018-04-05 on Qualcomm .. CVE-2017-18142 (In Android before security patch level 2018-04-05 on Qualcomm ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-18141 (When a 3rd party TEE has been loaded it is possible for the non-secure ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-18140 (In Android before security patch level 2018-04-05 on Qualcomm ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-18139 (In Android before security patch level 2018-04-05 on Qualcomm ...) @@ -51721,7 +51721,7 @@ CVE-2018-6347 (An issue in the Proxygen handling of HTTP2 parsing of headers/tra CVE-2018-6346 (A potential denial-of-service issue in the Proxygen handling of ...) NOT-FOR-US: Facebook Proxygen CVE-2018-6345 (The function number_format is vulnerable to a heap overflow issue when ...) - TODO: check + - hhvm <removed> CVE-2018-6344 (A heap corruption in WhatsApp can be caused by a malformed RTP packet ...) NOT-FOR-US: Whatsapp CVE-2018-6343 (Proxygen fails to validate that a secondary auth manager is set before ...) @@ -54464,7 +54464,7 @@ CVE-2018-5483 CVE-2018-5482 RESERVED CVE-2018-5481 (OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 ...) - TODO: check + NOT-FOR-US: OnCommand Unified Manager CVE-2018-5480 RESERVED CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to footer information) is vulnerable ...) @@ -54609,13 +54609,13 @@ CVE-2018-5415 CVE-2018-5414 RESERVED CVE-2018-5413 (Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low ...) - TODO: check + NOT-FOR-US: Imperva SecureSphere CVE-2018-5412 (Imperva SecureSphere running v12.0.0.50 is vulnerable to local ...) - TODO: check + NOT-FOR-US: Imperva SecureSphere CVE-2018-5411 (Pixar's Tractor software, versions 2.2 and earlier, contain a stored ...) NOT-FOR-US: Pixar Tractor CVE-2018-5410 (Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a ...) - TODO: check + NOT-FOR-US: Dokan CVE-2018-5409 RESERVED CVE-2018-5408 @@ -54637,7 +54637,7 @@ CVE-2018-5405 CVE-2018-5404 RESERVED CVE-2018-5403 (Imperva SecureSphere gateway (GW) running v13, for both pre-First Time ...) - TODO: check + NOT-FOR-US: Imperva SecureSphere CVE-2018-5402 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...) NOT-FOR-US: Auto-Maskin CVE-2018-5401 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...) @@ -57569,7 +57569,7 @@ CVE-2018-4299 NOTE: https://webkitgtk.org/security/WSA-2018-0007.html NOTE: Not covered by security support CVE-2018-4298 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4297 RESERVED CVE-2018-4296 @@ -57606,7 +57606,7 @@ CVE-2018-4283 CVE-2018-4282 RESERVED CVE-2018-4281 (In SwiftNIO before 1.8.0, a buffer overflow was addressed with ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4280 RESERVED CVE-2018-4279 @@ -57616,7 +57616,7 @@ CVE-2018-4278 (In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS befo NOTE: Not covered by security support NOTE: https://webkitgtk.org/security/WSA-2018-0006.html CVE-2018-4277 (In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4276 RESERVED CVE-2018-4275 @@ -57686,15 +57686,15 @@ CVE-2018-4260 CVE-2018-4259 RESERVED CVE-2018-4258 (In macOS High Sierra before 10.13.5, a buffer overflow was addressed ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4257 (In macOS High Sierra before 10.13.5, a buffer overflow was addressed ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4256 (In macOS High Sierra before 10.13.5, an out-of-bounds read was ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4255 (In macOS High Sierra before 10.13.5, an out-of-bounds read was ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4254 (In macOS High Sierra before 10.13.5, an input validation issue existed ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4253 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple CVE-2018-4252 (An issue was discovered in certain Apple products. iOS before 11.4 is ...) @@ -57778,7 +57778,7 @@ CVE-2018-4218 (An issue was discovered in certain Apple products. iOS before 11. NOTE: Not covered by security support NOTE: https://webkitgtk.org/security/WSA-2018-0005.html CVE-2018-4217 (In macOS High Sierra before 10.13.5, a privacy issue in the handling ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4216 RESERVED CVE-2018-4215 (An issue was discovered in certain Apple products. iOS before 11.4 is ...) @@ -57849,7 +57849,7 @@ CVE-2018-4196 (An issue was discovered in certain Apple products. macOS before . CVE-2018-4195 RESERVED CVE-2018-4194 (In iOS before 11.4, iCloud for Windows before 7.5, watchOS before ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4193 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple (Windows Server component) CVE-2018-4192 (An issue was discovered in certain Apple products. iOS before 11.4 is ...) @@ -57866,15 +57866,15 @@ CVE-2018-4190 (An issue was discovered in certain Apple products. iOS before 11. NOTE: Not covered by security support NOTE: https://webkitgtk.org/security/WSA-2018-0005.html CVE-2018-4189 (In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4188 (An issue was discovered in certain Apple products. iOS before 11.4 is ...) NOT-FOR-US: Safari CVE-2018-4187 (An issue was discovered in certain Apple products. iOS before 11.3.1 ...) NOT-FOR-US: Apple (LinkPresentation component) CVE-2018-4186 (In Safari before 11.1, an information leakage issue existed in the ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4185 (In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4184 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple (Speech component) CVE-2018-4183 (In macOS High Sierra before 10.13.5, an access issue was addressed ...) @@ -57892,7 +57892,7 @@ CVE-2018-4180 (In macOS High Sierra before 10.13.5, an issue existed in CUPS. Th - cups 2.2.8-2 NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc CVE-2018-4179 (In macOS High Sierra before 10.13.4, there was an issue with the ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4178 RESERVED CVE-2018-4177 @@ -57912,7 +57912,7 @@ CVE-2018-4171 (An issue was discovered in certain Apple products. macOS before . CVE-2018-4170 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple CVE-2018-4169 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4168 (An issue was discovered in certain Apple products. iOS before 11.3 is ...) NOT-FOR-US: Apple CVE-2018-4167 (An issue was discovered in certain Apple products. iOS before 11.3 is ...) @@ -57964,7 +57964,7 @@ CVE-2018-4149 (An issue was discovered in certain Apple products. iOS before 11. CVE-2018-4148 (An issue was discovered in certain Apple products. iOS before 11.3 is ...) NOT-FOR-US: Apple CVE-2018-4147 (In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4146 (An issue was discovered in certain Apple products. iOS before 11.3 is ...) - webkit2gtk 2.20.0-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2018-0003.html @@ -58208,19 +58208,19 @@ CVE-2018-4049 CVE-2018-4048 RESERVED CVE-2018-4047 (An exploitable privilege escalation vulnerability exists in the helper ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4046 (An exploitable denial-of-service vulnerability exists in the helper ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4045 (An exploitable privilege escalation vulnerability exists in the helper ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4044 (An exploitable privilege escalation vulnerability exists in the helper ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4043 (An exploitable privilege escalation vulnerability exists in the Clean ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4042 (An exploitable privilege escalation vulnerability exists in the helper ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4041 (An exploitable privilege escalation vulnerability exists in the helper ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4040 (An exploitable uninitialized pointer vulnerability exists in the rich ...) NOT-FOR-US: Atlantis Word Processor CVE-2018-4039 (An exploitable out-of-bounds write vulnerability exists in the PNG ...) @@ -58228,17 +58228,17 @@ CVE-2018-4039 (An exploitable out-of-bounds write vulnerability exists in the PN CVE-2018-4038 (An exploitable arbitrary write vulnerability exists in the open ...) NOT-FOR-US: Atlantis Word Processor CVE-2018-4037 (The CleanMyMac X software contains an exploitable privilege escalation ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4036 (The CleanMyMac X software contains an exploitable privilege escalation ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4035 (The CleanMyMac X software contains an exploitable privilege escalation ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4034 (The CleanMyMac X software contains an exploitable privilege escalation ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4033 (The CleanMyMac X software contains an exploitable privilege escalation ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4032 (An exploitable privilege escalation vulnerability exists in the way ...) - TODO: check + NOT-FOR-US: Clean My Mac X CVE-2018-4031 RESERVED CVE-2018-4030 @@ -58285,7 +58285,7 @@ CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP .. NOTE: http://lists.live555.com/pipermail/live-devel/2018-October/021071.html NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684 CVE-2018-4012 (An exploitable buffer overflow vulnerability exists in the HTTP ...) - TODO: check + NOT-FOR-US: Webroot BrightCloud SDK CVE-2018-4011 RESERVED CVE-2018-4010 (An exploitable code execution vulnerability exists in the connect ...) @@ -58337,7 +58337,7 @@ CVE-2018-3988 (Signal Messenger for Android 4.24.8 may expose private informatio CVE-2018-3987 RESERVED CVE-2018-3986 (An exploitable information disclosure vulnerability exists in the ...) - TODO: check + NOT-FOR-US: Telegram Android CVE-2018-3985 RESERVED CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within the ...) @@ -59302,7 +59302,7 @@ CVE-2018-3705 (Improper directory permissions in the installer for the Intel Sys CVE-2018-3704 (Improper directory permissions in the installer for the Intel Parallel ...) NOT-FOR-US: Intel Parallel Studio CVE-2018-3703 (Improper directory permissions in the installer for the Intel(R) SSD ...) - TODO: check + NOT-FOR-US: Intel CVE-2018-3702 RESERVED CVE-2018-3701 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/972ac47c28ccfb55220bfa0cd85e98ce56517d9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/972ac47c28ccfb55220bfa0cd85e98ce56517d9f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits