[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 04 May 2018 13:16:30 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4f7fa632 by security tracker role at 2018-05-04T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,59 @@
+CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An 
...)
+       TODO: check
+CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An 
...)
+       TODO: check
+CVE-2018-10748 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An 
...)
+       TODO: check
+CVE-2018-10747 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An 
...)
+       TODO: check
+CVE-2018-10746 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An 
...)
+       TODO: check
+CVE-2018-10745
+       RESERVED
+CVE-2018-10744
+       RESERVED
+CVE-2018-10743
+       RESERVED
+CVE-2018-10742
+       RESERVED
+CVE-2018-10741
+       RESERVED
+CVE-2018-10740 (Axublog 1.1.0 allows remote Code Execution as demonstrated by 
injection ...)
+       TODO: check
+CVE-2018-10739 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 
...)
+       TODO: check
+CVE-2018-10738
+       RESERVED
+CVE-2018-10737
+       RESERVED
+CVE-2018-10736
+       RESERVED
+CVE-2018-10735
+       RESERVED
+CVE-2018-10734
+       RESERVED
+CVE-2018-10733 (There is a heap-based buffer over-read in the function ...)
+       TODO: check
+CVE-2018-10732
+       RESERVED
+CVE-2018-10731
+       RESERVED
+CVE-2018-10730
+       RESERVED
+CVE-2018-10729
+       RESERVED
+CVE-2018-10728
+       RESERVED
+CVE-2018-10727
+       RESERVED
+CVE-2018-10726 (** DISPUTED ** A stored XSS vulnerability was found in 
Datenstrom ...)
+       TODO: check
+CVE-2018-10725
+       RESERVED
+CVE-2018-10724
+       RESERVED
+CVE-2018-10723
+       RESERVED
 CVE-2018-10722 (In Cylance CylancePROTECT before 1470, an unprivileged local 
user can ...)
        NOT-FOR-US: Cylance CylancePROTECT
 CVE-2018-10721
@@ -835,7 +891,7 @@ CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU 
Binutils 2.30 allows remot
 CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent 
plugin ...)
        NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
 CVE-2018-1000178 [Implement custom deserializer to add our own sanity checks]
-       {DSA-4189-1}
+       {DSA-4189-1 DLA-1370-1}
        - quassel 1:0.12.5-1 (bug #896914)
        NOTE: 
https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f
 (master)
        NOTE: 
https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b
 (0.12)
@@ -3912,8 +3968,8 @@ CVE-2018-9065
        RESERVED
 CVE-2018-9064
        RESERVED
-CVE-2018-9063
-       RESERVED
+CVE-2018-9063 (MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In 
Lenovo ...)
+       TODO: check
 CVE-2018-9062
        RESERVED
 CVE-2018-9061
@@ -4438,46 +4494,46 @@ CVE-2018-8874 (In 2345 Security Guard 3.6, the driver 
file (2345Wrath.sys) allow
        NOT-FOR-US: 2345 Security Guard
 CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file 
(2345NetFirewall.sys) ...)
        NOT-FOR-US: 2345 Security Guard
-CVE-2018-8872
-       RESERVED
+CVE-2018-8872 (In Schneider Electric Triconex Tricon MP model 3008 firmware 
versions ...)
+       TODO: check
 CVE-2018-8871
        RESERVED
 CVE-2018-8870
        RESERVED
-CVE-2018-8869
-       RESERVED
+CVE-2018-8869 (In Lantech IDS 2102 2.0 and prior, nearly all input fields 
allow for ...)
+       TODO: check
 CVE-2018-8868
        RESERVED
 CVE-2018-8867
        RESERVED
 CVE-2018-8866
        RESERVED
-CVE-2018-8865
-       RESERVED
+CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer 
overflow ...)
+       TODO: check
 CVE-2018-8864
        RESERVED
 CVE-2018-8863
        RESERVED
 CVE-2018-8862
        RESERVED
-CVE-2018-8861
-       RESERVED
+CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk 
environment ...)
+       TODO: check
 CVE-2018-8860
        RESERVED
 CVE-2018-8859
        RESERVED
 CVE-2018-8858
        RESERVED
-CVE-2018-8857
-       RESERVED
+CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and 
prior, ...)
+       TODO: check
 CVE-2018-8856
        RESERVED
 CVE-2018-8855
        RESERVED
 CVE-2018-8854
        RESERVED
-CVE-2018-8853
-       RESERVED
+CVE-2018-8853 (Philips Brilliance CT devices operate user functions from 
within a ...)
+       TODO: check
 CVE-2018-8852
        RESERVED
 CVE-2018-8851
@@ -7915,8 +7971,8 @@ CVE-2018-7524 (A cross-site request forgery vulnerability 
has been identified in
        NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing 
malformed ...)
        NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7522
-       RESERVED
+CVE-2018-7522 (In Schneider Electric Triconex Tricon MP model 3008 firmware 
versions ...)
+       TODO: check
 CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free 
...)
        NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7520 (An improper access control vulnerability has been identified in 
...)
@@ -7941,12 +7997,12 @@ CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and 
prior, there are multiple c
        NOT-FOR-US: Eaton ELCSoft
 CVE-2018-7510
        RESERVED
-CVE-2018-7509
-       RESERVED
+CVE-2018-7509 (WPLSoft in Delta Electronics versions 2.45.0 and prior writes 
data ...)
+       TODO: check
 CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web 
API ...)
        NOT-FOR-US: OSIsoft PI
-CVE-2018-7507
-       RESERVED
+CVE-2018-7507 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes 
a ...)
+       TODO: check
 CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 
and ...)
        NOT-FOR-US: Moxa
 CVE-2018-7505
@@ -7971,8 +8027,8 @@ CVE-2018-7496 (An Information Exposure issue was 
discovered in OSIsoft PI Vision
        NOT-FOR-US: OSIsoft PI
 CVE-2018-7495
        RESERVED
-CVE-2018-7494
-       RESERVED
+CVE-2018-7494 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes 
a ...)
+       TODO: check
 CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege 
...)
        NOT-FOR-US: CactusVPN for macOS
 CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux 
kernel ...)
@@ -14240,12 +14296,12 @@ CVE-2018-5450
        RESERVED
 CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell 
...)
        NOT-FOR-US: Moxa
-CVE-2018-5448
-       RESERVED
+CVE-2018-5448 (All versions of the Medtronic 2090 Carelink Programmer are 
affected by ...)
+       TODO: check
 CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari 
PCS-9611 ...)
        NOT-FOR-US: Nari PCS-9611 relay
-CVE-2018-5446
-       RESERVED
+CVE-2018-5446 (All versions of the Medtronic 2090 Carelink Programmer are 
affected by ...)
+       TODO: check
 CVE-2018-5445 (A Path Traversal issue was discovered in Advantech 
WebAccess/SCADA ...)
        NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2018-5444
@@ -24354,7 +24410,8 @@ CVE-2018-1473 (IBM BigFix Platform 9.2 and 9.5 is 
vulnerable to cross-site scrip
        NOT-FOR-US: IBM
 CVE-2018-1472
        RESERVED
-CVE-2018-1471 (IBM BigFix Platform 9.2 and 9.5 stores user credentials in 
plain in ...)
+CVE-2018-1471
+       REJECTED
        NOT-FOR-US: IBM
 CVE-2018-1470
        RESERVED
@@ -59978,7 +60035,7 @@ CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 
and 0.6.1 silently fails
        NOTE: Fixed by: 
https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a
        NOTE: Introduced by: 
https://0xacab.org/mat/mat/commit/0d1fe2555e90db35eeb531a1b6026ff64f1f5ae5
 CVE-2017-7176
-       RESERVED
+       REJECTED
 CVE-2017-7175 (NfSen before 1.3.8 allows remote attackers to execute arbitrary 
OS ...)
        NOT-FOR-US: NfSen
 CVE-2017-7174 (The user-account creation feature in Chef Manage 2.1.0 through 
2.4.4 ...)
@@ -70032,8 +70089,8 @@ CVE-2017-3777
        REJECTED
 CVE-2017-3776 (Lenovo Help Android mobile app versions earlier than 6.1.2.0327 
...)
        NOT-FOR-US: Lenovo Help Android mobile app
-CVE-2017-3775
-       RESERVED
+CVE-2017-3775 (Some Lenovo System x server BIOS/UEFI versions, when Secure 
Boot mode ...)
+       TODO: check
 CVE-2017-3774 (A stack overflow vulnerability was discovered within the web 
...)
        NOT-FOR-US: IBM
 CVE-2017-3773
@@ -75870,8 +75927,8 @@ CVE-2017-1745
        RESERVED
 CVE-2017-1744
        RESERVED
-CVE-2017-1743
-       RESERVED
+CVE-2017-1743 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow a ...)
+       TODO: check
 CVE-2017-1742
        RESERVED
 CVE-2017-1741 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f7fa632b2413f0f9c1685ab9e478f4bcac14562

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f7fa632b2413f0f9c1685ab9e478f4bcac14562
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to