Commit 94188034 authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso

Process NFUs

parent 94069009
...@@ -201,13 +201,13 @@ CVE-2019-6140 ...@@ -201,13 +201,13 @@ CVE-2019-6140
CVE-2019-6139 CVE-2019-6139
RESERVED RESERVED
CVE-2019-6138 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc and ...) CVE-2019-6138 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc and ...)
TODO: check NOT-FOR-US: libIEC61850
CVE-2019-6137 (An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in ...) CVE-2019-6137 (An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in ...)
TODO: check NOT-FOR-US: lib60870
CVE-2019-6136 (An issue has been found in libIEC61850 v1.3.1. ...) CVE-2019-6136 (An issue has been found in libIEC61850 v1.3.1. ...)
TODO: check NOT-FOR-US: libIEC61850
CVE-2019-6135 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc in ...) CVE-2019-6135 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc in ...)
TODO: check NOT-FOR-US: libIEC61850
CVE-2019-6134 CVE-2019-6134
RESERVED RESERVED
CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...) CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...)
...@@ -16506,7 +16506,7 @@ CVE-2019-0090 ...@@ -16506,7 +16506,7 @@ CVE-2019-0090
CVE-2019-0089 CVE-2019-0089
RESERVED RESERVED
CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility for ...) CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility for ...)
TODO: check NOT-FOR-US: Intel
CVE-2019-0087 CVE-2019-0087
RESERVED RESERVED
CVE-2019-0086 CVE-2019-0086
...@@ -19546,7 +19546,7 @@ CVE-2018-18100 ...@@ -19546,7 +19546,7 @@ CVE-2018-18100
CVE-2018-18099 CVE-2018-18099
RESERVED RESERVED
CVE-2018-18098 (Improper file verification in install routine for Intel(R) SGX SDK and ...) CVE-2018-18098 (Improper file verification in install routine for Intel(R) SGX SDK and ...)
TODO: check NOT-FOR-US: Intel
CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive Toolbox ...) CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive Toolbox ...)
NOT-FOR-US: Intel Solid State Drive Toolbox NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for Linux ...) CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for Linux ...)
...@@ -24352,41 +24352,41 @@ CVE-2018-16197 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home g ...@@ -24352,41 +24352,41 @@ CVE-2018-16197 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home g
CVE-2018-16196 (Multiple Yokogawa products that contain Vnet/IP Open Communication ...) CVE-2018-16196 (Multiple Yokogawa products that contain Vnet/IP Open Communication ...)
TODO: check TODO: check
CVE-2018-16195 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...) CVE-2018-16195 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...)
TODO: check NOT-FOR-US: Aterm firmware
CVE-2018-16194 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...) CVE-2018-16194 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...)
TODO: check NOT-FOR-US: Aterm firmware
CVE-2018-16193 (Cross-site scripting vulnerability in Aterm WF1200CR and Aterm ...) CVE-2018-16193 (Cross-site scripting vulnerability in Aterm WF1200CR and Aterm ...)
TODO: check NOT-FOR-US: Aterm firmware
CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...) CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...)
TODO: check NOT-FOR-US: Aterm firmware
CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, ...) CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, ...)
TODO: check NOT-FOR-US: EC-CUBE
CVE-2018-16190 CVE-2018-16190
RESERVED RESERVED
CVE-2018-16189 CVE-2018-16189
RESERVED RESERVED
CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 ...) CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 ...)
TODO: check NOT-FOR-US: RICOH
CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to ...) CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to ...)
TODO: check NOT-FOR-US: RICOH
CVE-2018-16186 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, ...) CVE-2018-16186 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, ...)
TODO: check NOT-FOR-US: RICOH
CVE-2018-16185 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, ...) CVE-2018-16185 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, ...)
TODO: check NOT-FOR-US: RICOH
CVE-2018-16184 (RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, ...) CVE-2018-16184 (RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, ...)
TODO: check NOT-FOR-US: RICOH
CVE-2018-16183 (An unquoted search path vulnerability in some pre-installed ...) CVE-2018-16183 (An unquoted search path vulnerability in some pre-installed ...)
TODO: check NOT-FOR-US: Panasonic PC applications
CVE-2018-16182 (Untrusted search path vulnerability in the installer of MARKET SPEED ...) CVE-2018-16182 (Untrusted search path vulnerability in the installer of MARKET SPEED ...)
TODO: check NOT-FOR-US: MARKET SPEED
CVE-2018-16181 (HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and ...) CVE-2018-16181 (HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and ...)
TODO: check TODO: check
CVE-2018-16180 (Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier ...) CVE-2018-16180 (Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier ...)
TODO: check TODO: check
CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier does not ...) CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier does not ...)
TODO: check NOT-FOR-US: Mizuho Direct App for Android
CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access ...) CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access ...)
TODO: check NOT-FOR-US: Cybozu Garoon
CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows10 Fall ...) CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows10 Fall ...)
TODO: check TODO: check
CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping Tool ...) CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping Tool ...)
...@@ -24398,13 +24398,13 @@ CVE-2018-16174 (Open redirect vulnerability in LearnPress prior to version 3.1.0 ...@@ -24398,13 +24398,13 @@ CVE-2018-16174 (Open redirect vulnerability in LearnPress prior to version 3.1.0
CVE-2018-16173 (Cross-site scripting vulnerability in LearnPress prior to version ...) CVE-2018-16173 (Cross-site scripting vulnerability in LearnPress prior to version ...)
TODO: check TODO: check
CVE-2018-16172 (Improper countermeasure against clickjacking attack in client ...) CVE-2018-16172 (Improper countermeasure against clickjacking attack in client ...)
TODO: check NOT-FOR-US: Cybozu Remote Service
CVE-2018-16171 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to ...) CVE-2018-16171 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to ...)
TODO: check NOT-FOR-US: Cybozu Remote Service
CVE-2018-16170 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to ...) CVE-2018-16170 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to ...)
TODO: check NOT-FOR-US: Cybozu Remote Service
CVE-2018-16169 (Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated ...) CVE-2018-16169 (Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated ...)
TODO: check NOT-FOR-US: Cybozu Remote Service
CVE-2018-16168 (LogonTracer 1.2.0 and earlier allows remote attackers to conduct ...) CVE-2018-16168 (LogonTracer 1.2.0 and earlier allows remote attackers to conduct ...)
TODO: check TODO: check
CVE-2018-16167 (LogonTracer 1.2.0 and earlier allows remote attackers to execute ...) CVE-2018-16167 (LogonTracer 1.2.0 and earlier allows remote attackers to execute ...)
...@@ -25441,7 +25441,7 @@ CVE-2018-15782 ...@@ -25441,7 +25441,7 @@ CVE-2018-15782
CVE-2018-15781 CVE-2018-15781
RESERVED RESERVED
CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access ...) CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access ...)
TODO: check NOT-FOR-US: RSA Archer
CVE-2018-15779 CVE-2018-15779
RESERVED RESERVED
CVE-2018-15778 CVE-2018-15778
...@@ -26254,35 +26254,35 @@ CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs] ...@@ -26254,35 +26254,35 @@ CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs]
- gitlab 11.1.8+dfsg-2 - gitlab 11.1.8+dfsg-2
NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-15467 (A vulnerability in the web-based management interface of Cisco ...) CVE-2018-15467 (A vulnerability in the web-based management interface of Cisco ...)
TODO: check NOT-FOR-US: Cisco
CVE-2018-15466 (A vulnerability in the Graphite web interface of the Policy and ...) CVE-2018-15466 (A vulnerability in the Graphite web interface of the Policy and ...)
TODO: check NOT-FOR-US: Cisco
CVE-2018-15465 (A vulnerability in the authorization subsystem of Cisco Adaptive ...) CVE-2018-15465 (A vulnerability in the authorization subsystem of Cisco Adaptive ...)
NOT-FOR-US: Cisco NOT-FOR-US: Cisco
CVE-2018-15464 (A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) ...) CVE-2018-15464 (A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) ...)
TODO: check NOT-FOR-US: Cisco
CVE-2018-15463 CVE-2018-15463
RESERVED RESERVED
CVE-2018-15462 CVE-2018-15462
RESERVED RESERVED
CVE-2018-15461 (A vulnerability in the MyWebex component of Cisco Webex Business Suite ...) CVE-2018-15461 (A vulnerability in the MyWebex component of Cisco Webex Business Suite ...)
TODO: check NOT-FOR-US: Cisco
CVE-2018-15460 (A vulnerability in the email message filtering feature of Cisco ...) CVE-2018-15460 (A vulnerability in the email message filtering feature of Cisco ...)
TODO: check NOT-FOR-US: Cisco
CVE-2018-15459 CVE-2018-15459
RESERVED RESERVED
CVE-2018-15458 (A vulnerability in the Shell Access Filter feature of Cisco Firepower ...) CVE-2018-15458 (A vulnerability in the Shell Access Filter feature of Cisco Firepower ...)
TODO: check NOT-FOR-US: Cisco
CVE-2018-15457 (A vulnerability in the web-based management interface of Cisco Prime ...) CVE-2018-15457 (A vulnerability in the web-based management interface of Cisco Prime ...)
TODO: check NOT-FOR-US: Cisco
CVE-2018-15456 (A vulnerability in the Admin Portal of Cisco Identity Services Engine ...) CVE-2018-15456 (A vulnerability in the Admin Portal of Cisco Identity Services Engine ...)
TODO: check NOT-FOR-US: Cisco
CVE-2018-15455 CVE-2018-15455
RESERVED RESERVED
CVE-2018-15454 (A vulnerability in the Session Initiation Protocol (SIP) inspection ...) CVE-2018-15454 (A vulnerability in the Session Initiation Protocol (SIP) inspection ...)
NOT-FOR-US: Cisco NOT-FOR-US: Cisco
CVE-2018-15453 (A vulnerability in the Secure/Multipurpose Internet Mail Extensions ...) CVE-2018-15453 (A vulnerability in the Secure/Multipurpose Internet Mail Extensions ...)
TODO: check NOT-FOR-US: Cisco
CVE-2018-15452 (A vulnerability in the DLL loading component of Cisco Advanced Malware ...) CVE-2018-15452 (A vulnerability in the DLL loading component of Cisco Advanced Malware ...)
NOT-FOR-US: Cisco NOT-FOR-US: Cisco
CVE-2018-15451 (A vulnerability in the web-based management interface of Cisco Prime ...) CVE-2018-15451 (A vulnerability in the web-based management interface of Cisco Prime ...)
...@@ -33879,29 +33879,29 @@ CVE-2017-18332 ...@@ -33879,29 +33879,29 @@ CVE-2017-18332
CVE-2017-18331 CVE-2017-18331
RESERVED RESERVED
CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via initialization ...) CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via initialization ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in snapdragon ...) CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in snapdragon ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18328 (Use after free in QSH client rule processing in snapdragon mobile and ...) CVE-2017-18328 (Use after free in QSH client rule processing in snapdragon mobile and ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18327 (Security keys are logged when any WCDMA call is configured or ...) CVE-2017-18327 (Security keys are logged when any WCDMA call is configured or ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18326 (Cryptographic keys are printed in modem debug messages in snapdragon ...) CVE-2017-18326 (Cryptographic keys are printed in modem debug messages in snapdragon ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18325 CVE-2017-18325
RESERVED RESERVED
CVE-2017-18324 (Cryptographic key material leaked in debug messages - GERAN in ...) CVE-2017-18324 (Cryptographic key material leaked in debug messages - GERAN in ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18323 (Cryptographic key material leaked in TDSCDMA RRC debug messages in ...) CVE-2017-18323 (Cryptographic key material leaked in TDSCDMA RRC debug messages in ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18322 (Cryptographic key material leaked in WCDMA debug messages in ...) CVE-2017-18322 (Cryptographic key material leaked in WCDMA debug messages in ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18321 (Security keys used by the terminal and NW for a session could be ...) CVE-2017-18321 (Security keys used by the terminal and NW for a session could be ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18320 (QSEE unload attempt on a 3rd party TEE without previously loading ...) CVE-2017-18320 (QSEE unload attempt on a 3rd party TEE without previously loading ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18319 (Information leak in UIM API debug messages in snapdragon mobile and ...) CVE-2017-18319 (Information leak in UIM API debug messages in snapdragon mobile and ...)
TODO: check NOT-FOR-US: snapdragon
CVE-2017-18318 (Missing validation check on CRL issuer name in Snapdragon Automobile, ...) CVE-2017-18318 (Missing validation check on CRL issuer name in Snapdragon Automobile, ...)
NOT-FOR-US: Snapdragon NOT-FOR-US: Snapdragon
CVE-2017-18317 (Restrictions related to the modem (sim lock, sim kill) can be bypassed ...) CVE-2017-18317 (Restrictions related to the modem (sim lock, sim kill) can be bypassed ...)
...@@ -34765,7 +34765,7 @@ CVE-2018-12179 ...@@ -34765,7 +34765,7 @@ CVE-2018-12179
CVE-2018-12178 CVE-2018-12178
RESERVED RESERVED
CVE-2018-12177 (Improper directory permissions in the ZeroConfig service in Intel(R) ...) CVE-2018-12177 (Improper directory permissions in the ZeroConfig service in Intel(R) ...)
TODO: check NOT-FOR-US: Intel PROSet/Wireless WiFi Software
CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a ...) CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a ...)
NOT-FOR-US: Intel NOT-FOR-US: Intel
CVE-2018-12175 (Default install directory permissions in Intel Distribution for Python ...) CVE-2018-12175 (Default install directory permissions in Intel Distribution for Python ...)
...@@ -34786,9 +34786,9 @@ CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Proce ...@@ -34786,9 +34786,9 @@ CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Proce
CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing ...) CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing ...)
NOT-FOR-US: Intel NOT-FOR-US: Intel
CVE-2018-12167 (Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC ...) CVE-2018-12167 (Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC ...)
TODO: check NOT-FOR-US: Intel
CVE-2018-12166 (Insufficient write protection in firmware for Intel(R) Optane(TM) SSD ...) CVE-2018-12166 (Insufficient write protection in firmware for Intel(R) Optane(TM) SSD ...)
TODO: check NOT-FOR-US: Intel
CVE-2018-12165 CVE-2018-12165
RESERVED RESERVED
CVE-2018-12164 CVE-2018-12164
...@@ -43673,7 +43673,7 @@ CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7, ...@@ -43673,7 +43673,7 @@ CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7,
NOTE: https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow NOTE: https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
NOTE: https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097 NOTE: https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
CVE-2018-8827 (The admin web interface on Technicolor MediaAccess TG789vac v2 HP ...) CVE-2018-8827 (The admin web interface on Technicolor MediaAccess TG789vac v2 HP ...)
TODO: check NOT-FOR-US: Technicolor
CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 ...) CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 ...)
NOT-FOR-US: ASUS routers NOT-FOR-US: ASUS routers
CVE-2018-8825 CVE-2018-8825
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment