Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df5fa684 by Moritz Muehlenhoff at 2019-01-03T16:29:49Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21934,15 +21934,15 @@ CVE-2018-14857 (Unrestricted file upload (with remote
code execution) in ...)
- ocsinventory-server <unfixed> (unimportant)
NOTE: Authentication is needed, only supported in trusted environments,
see debtags
CVE-2018-14856 (Buffer overflow in dhd_bus_flow_ring_create_response in ...)
- TODO: check
+ NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14855 (Buffer overflow in dhd_bus_flow_ring_flush_response in ...)
- TODO: check
+ NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14854 (Buffer overflow in dhd_bus_flow_ring_delete_response in ...)
- TODO: check
+ NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14853 (A NULL pointer dereference in dhd_prot_txdata_write_flush in
...)
- TODO: check
+ NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14852 (Out-of-bounds array access in dhd_rx_frame in ...)
- TODO: check
+ NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before
5.6.37, ...)
{DSA-4353-1 DLA-1490-1}
- php7.2 7.2.8-1
@@ -26509,7 +26509,7 @@ CVE-2018-13047
CVE-2018-13046
RESERVED
CVE-2018-13045 (SQL injection vulnerability in the "Bazar" page in
Yeswiki ...)
- TODO: check
+ NOT-FOR-US: Yeswiki
CVE-2018-13054 (An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The
...)
{DLA-1420-1}
- cinnamon 3.8.8-1 (bug #903201)
@@ -27448,7 +27448,7 @@ CVE-2018-12653
CVE-2018-12652
RESERVED
CVE-2018-12651 (A Reflected Cross Site Scripting (XSS) Vulnerability was
discovered in ...)
- TODO: check
+ NOT-FOR-US: Adrenalin HRMS
CVE-2018-12650 (Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site
Scripting ...)
NOT-FOR-US: Adrenalin HRMS
CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php
in MISP ...)
@@ -36011,47 +36011,47 @@ CVE-2018-9568 (In sk_clone_lock of sock.c, there is a
possible memory corruption
[jessie] - linux 3.16.59-1
NOTE: Fixed by:
https://git.kernel.org/linus/9d538fa60bad4f7b23193c89e843797a1cf71ef3
CVE-2018-9567 (On Pixel devices there is a bug causing verified boot to show
the same ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9566 (In process_service_search_rsp of sdp_discovery.c, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9565 (In readBytes of xltdecwbxml.c, there is a possible out of
bounds read ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9564
RESERVED
CVE-2018-9563
RESERVED
CVE-2018-9562 (In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible
out-of-bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9561
RESERVED
CVE-2018-9560 (In HID_DevAddRecord of hidd_api.cc, there is a possible
out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9559 (In persist_set_key and other functions of cryptfs.cpp, there is
a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9558 (In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9557 (In really_install_package of install.cpp, there is a possible
free of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9556 (In ParsePayloadHeader of payload_metadata.cc, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9555 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9554 (In dumpExtractors of IMediaExtractor.cp, there is a possible
...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2018-9553 (In MasteringMetadata::Parse of mkvparser.cc there is a possible
double ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2018-9552 (In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out
of ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2018-9551 (In CAacDecoder_Init of aacdecoder.cpp, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2018-9550 (In CAacDecoder_Init of aacdecoder.cpp, there is a possible out
of ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2018-9549 (In lppTransposer of lpp_tran.cpp there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2018-9548 (In multiple functions of ContentProvider.java, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9547 (In unflatten of GraphicBuffer.cpp, there is a possible bad fd
close ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9546
RESERVED
CVE-2018-9545 (In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible ...)
@@ -36069,7 +36069,7 @@ CVE-2018-9540 (In avrc_ctrl_pars_vendor_rsp of
avrc_pars_ct.c, there is a possib
CVE-2018-9539 (In the ClearKey CAS descrambler, there is a possible use after
free ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9538 (In V4L2SliceVideoDecodeAccelerator::Dequeue of ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2018-9537 (In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a
possible ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9536 (In numerous functions of libFDK, there are possible out of
bounds ...)
@@ -40265,7 +40265,7 @@ CVE-2018-7902 (Huawei 1288H V5 and 288H V5 with
software of V100R005C00 have a J
CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software
versions ...)
NOT-FOR-US: Huawei
CVE-2018-7900 (There is an information leak vulnerability in some Huawei HG
products. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7899 (The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart
phones ...)
NOT-FOR-US: Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart
phones
CVE-2018-7898
@@ -43236,7 +43236,7 @@ CVE-2018-6980 (VMware vRealize Log Insight (4.7.x
before 4.7.1 and 4.6.x before
CVE-2018-6979 (The VMware Workspace ONE Unified Endpoint Management Console
(A/W ...)
NOT-FOR-US: VMware
CVE-2018-6978 (vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before
...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2018-6977 (VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and
Fusion ...)
NOT-FOR-US: VMware
CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data
...)
@@ -44080,7 +44080,7 @@ CVE-2018-6670 (External Entity Attack vulnerability in
the ePO extension in McAf
CVE-2018-6669 (A whitelist bypass vulnerability in McAfee Application Control
/ ...)
NOT-FOR-US: McAfee
CVE-2018-6668 (A whitelist bypass vulnerability in McAfee Application Control
/ ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user
...)
NOT-FOR-US: McAfee
CVE-2018-6666
@@ -45326,21 +45326,21 @@ CVE-2018-6349
CVE-2018-6348
RESERVED
CVE-2018-6347 (An issue in the Proxygen handling of HTTP2 parsing of
headers/trailers ...)
- TODO: check
+ NOT-FOR-US: Facebook Proxygen
CVE-2018-6346 (A potential denial-of-service issue in the Proxygen handling of
...)
- TODO: check
+ NOT-FOR-US: Facebook Proxygen
CVE-2018-6345
RESERVED
CVE-2018-6344 (A heap corruption in WhatsApp can be caused by a malformed RTP
packet ...)
- TODO: check
+ NOT-FOR-US: Whatsapp
CVE-2018-6343 (Proxygen fails to validate that a secondary auth manager is set
before ...)
- TODO: check
+ NOT-FOR-US: Facebook Proxygen
CVE-2018-6342 (react-dev-utils on Windows allows developers to run a local
webserver ...)
- TODO: check
+ NOT-FOR-US: react-dev-utils
CVE-2018-6341 (React applications which rendered to HTML using the
ReactDOMServer API ...)
- TODO: check
+ NOT-FOR-US: React
CVE-2018-6340 (The Memcache::getextendedstats function can be used to trigger
an ...)
- TODO: check
+ - hhvm <removed>
CVE-2018-6339
RESERVED
CVE-2018-6338
@@ -45360,7 +45360,7 @@ CVE-2018-6334 (Multipart-file uploads call variables to
be improperly registered
NOTE: https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html
NOTE:
https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
CVE-2018-6333 (The hhvm-attach deep link handler in Nuclide did not properly
sanitize ...)
- TODO: check
+ NOT-FOR-US: Nuclide
CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of
...)
- hhvm 3.24.7+dfsg-1 (bug #895194)
NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
@@ -48269,7 +48269,7 @@ CVE-2018-5413
CVE-2018-5412
RESERVED
CVE-2018-5411 (Pixar's Tractor software, versions 2.2 and earlier, contain a
stored ...)
- TODO: check
+ NOT-FOR-US: Pixar Tractor
CVE-2018-5410
RESERVED
CVE-2018-5409
@@ -48952,11 +48952,11 @@ CVE-2018-5205 (When using incomplete escape codes,
Irssi before 1.0.6 may access
NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
NOTE:
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5204 (ML Report version Between 2.00.000.0000 and 2.18.628.5980
contains a ...)
- TODO: check
+ NOT-FOR-US: ML Report
CVE-2018-5203 (DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a ...)
- TODO: check
+ NOT-FOR-US: DEXTUploadX5
CVE-2018-5202 (SKCertService 2.5.5 and earlier contains a vulnerability that
could ...)
- TODO: check
+ NOT-FOR-US: SKCertService
CVE-2018-5201 (Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO
...)
NOT-FOR-US: Hancom Office
CVE-2018-5200 (KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow
...)
@@ -48966,9 +48966,9 @@ CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to
insufficient domain validatio
CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race condition when calling the
...)
NOT-FOR-US: Veraport G3 ALL
CVE-2018-5197 (A vulnerability in the ExtCommon.dll user extension module
version ...)
- TODO: check
+ NOT-FOR-US: Xplatform ActiveX
CVE-2018-5196 (Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow
caused ...)
- TODO: check
+ NOT-FOR-US: ALZip
CVE-2018-5195 (Hancom NEO versions 9.6.1.5183 and earlier have a buffer
Overflow ...)
NOT-FOR-US: Hancom NEO
CVE-2018-5194
@@ -51942,7 +51942,7 @@ CVE-2018-4017
CVE-2018-4016
RESERVED
CVE-2018-4015 (An exploitable vulnerability exists in the HTTP client
functionality ...)
- TODO: check
+ NOT-FOR-US: Webroot BrightCloud SDK
CVE-2018-4014
RESERVED
CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP
...)
@@ -51999,7 +51999,7 @@ CVE-2018-3990
CVE-2018-3989
RESERVED
CVE-2018-3988 (Signal Messenger for Android 4.24.8 may expose private
information ...)
- TODO: check
+ NOT-FOR-US: Signal Messenger
CVE-2018-3987
RESERVED
CVE-2018-3986
@@ -62601,9 +62601,9 @@ CVE-2018-0726
CVE-2018-0725
RESERVED
CVE-2018-0724 (Cross-site scripting (XSS) vulnerability in Q'center Virtual
Appliance ...)
- TODO: check
+ NOT-FOR-US: Q'center Virtual Appliance
CVE-2018-0723 (Cross-site scripting (XSS) vulnerability in Q'center Virtual
Appliance ...)
- TODO: check
+ NOT-FOR-US: Q'center Virtual Appliance
CVE-2018-0722
RESERVED
CVE-2018-0721 (Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711
and ...)
@@ -68059,7 +68059,7 @@ CVE-2017-15837 (In Qualcomm Android for MSM, Firefox OS
for MSM, and QRD Android
CVE-2017-15836 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD
Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15835 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-15834 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15833 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
@@ -71003,7 +71003,7 @@ CVE-2017-14890 (In Qualcomm Android for MSM, Firefox OS
for MSM, and QRD Android
CVE-2017-14889 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14888 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-14887 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14886
@@ -76673,7 +76673,7 @@ CVE-2017-12879 (Cross-site scripting (XSS-STORED)
vulnerability in the DEVICES O
CVE-2017-12878
RESERVED
CVE-2016-10502 (While generating trusted application id, An integer overflow
can occur ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2016-10501 (In Android before 2018-04-05 or earlier security patch level
on ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10500
@@ -86405,7 +86405,7 @@ CVE-2017-9734
CVE-2017-9733
RESERVED
CVE-2017-9732 (The read_packet function in knc (Kerberised NetCat) before
1.11-1 is ...)
- TODO: check
+ NOT-FOR-US: knc (Kerberised NetCat)
CVE-2017-9731 (In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0
for ...)
NOT-FOR-US: Poky for Yocto Project
CVE-2017-9730 (SQL injection vulnerability in rdr.php in nuevoMailer version
6.0 and ...)
@@ -86481,7 +86481,7 @@ CVE-2017-9706 (In Android for MSM, Firefox OS for MSM,
QRD Android, with all And
CVE-2017-9705 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9704 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-9703 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df5fa68445f737fa0c2548849e8926e832d733f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df5fa68445f737fa0c2548849e8926e832d733f2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
