Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4923a543 by security tracker role at 2018-05-09T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,53 @@
+CVE-2018-10838
+ RESERVED
+CVE-2018-10837
+ RESERVED
+CVE-2018-10836
+ RESERVED
+CVE-2018-10835
+ RESERVED
+CVE-2018-10834
+ RESERVED
+CVE-2018-10833
+ RESERVED
+CVE-2018-10832
+ RESERVED
+CVE-2018-10831 (Z-NOMP before 2018-04-05 has an incorrect Equihash solution
verifier ...)
+ TODO: check
+CVE-2018-10830 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys,
X64 ...)
+ TODO: check
+CVE-2018-10829
+ RESERVED
+CVE-2018-10828
+ RESERVED
+CVE-2018-10827 (LiteCart 2.1.2 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2018-10826
+ RESERVED
+CVE-2018-10825
+ RESERVED
+CVE-2018-10824
+ RESERVED
+CVE-2018-10823
+ RESERVED
+CVE-2018-10822
+ RESERVED
+CVE-2018-10821
+ RESERVED
+CVE-2018-10820
+ RESERVED
+CVE-2018-10819
+ RESERVED
+CVE-2018-10818
+ RESERVED
+CVE-2018-10817 (Severalnines ClusterControl before 1.6.0-4699 allows XSS. ...)
+ TODO: check
+CVE-2018-10816
+ RESERVED
+CVE-2018-10815
+ RESERVED
+CVE-2018-10814
+ RESERVED
CVE-2018-10813
RESERVED
CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses
cleartext ...)
@@ -268,8 +318,8 @@ CVE-2018-10707
RESERVED
CVE-2018-10706
RESERVED
-CVE-2018-10705
- RESERVED
+CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA),
an ...)
+ TODO: check
CVE-2018-10704
RESERVED
CVE-2018-10703
@@ -1542,8 +1592,8 @@ CVE-2018-10186 (In radare2 2.5.0, there is a heap-based
buffer over-read in the
NOTE: Before applying the fix for CVE-2018-8808 the issue is
covered/differently visible
CVE-2018-10185 (An issue was discovered in TuziCMS v2.0.6. There is a CSRF ...)
NOT-FOR-US: TuziCMS
-CVE-2018-10184
- RESERVED
+CVE-2018-10184 (An issue was discovered in HAProxy before 1.8.8. The incoming
H2 frame ...)
+ TODO: check
CVE-2018-10183 (An issue was discovered in BigTree 4.2.22. There is cross-site
...)
NOT-FOR-US: BigTree CMS
CVE-2018-10182
@@ -4607,6 +4657,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x before
1.5.3 and 2.x before 2.
CVE-2018-8898
RESERVED
CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and
IA-32 ...)
+ {DSA-4196-1}
- linux 4.15.17-1
NOTE: Fixed by:
https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
- xen <unfixed>
@@ -26313,7 +26364,7 @@ CVE-2018-1121
CVE-2018-1120
RESERVED
CVE-2018-1119 [Heap buffer overflow in mux_h2.c:h2_process_demux() can allow
attackers to cause a denial of service]
- RESERVED
+ REJECTED
- haproxy 1.8.8-1
[stretch] - haproxy <not-affected> (Vulnerable code introduced later
with HTTP/2 support)
[jessie] - haproxy <not-affected> (Vulnerable code introduced later
with HTTP/2 support)
@@ -26451,6 +26502,7 @@ CVE-2018-1088 (A privilege escalation flaw was found in
gluster 3.x snapshot ...
NOTE: Needs: https://review.gluster.org/#/c/19899/1..2
CVE-2018-1087 [error in exception handling leads to wrong debug stack value]
RESERVED
+ {DSA-4196-1}
- linux 4.15.17-1
NOTE: Fixed by:
https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09 (4.16-rc7)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/5
@@ -38542,7 +38594,7 @@ CVE-2017-14160 (The bark_noise_hybridmp function in
psy.c in Xiph.Org libvorbis
NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/2
NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330
- NOTE: Upstream fix:
https://gitlab.xiph.org/xiph/vorbis/uploads/b1e77c7aab2afccf645e32678d8ba52d/patch1
+ NOTE: Upstream fix:
https://gitlab.xiph.org/xiph/vorbis/uploads/b1e77c7aab2afccf645e32678d8ba52d/patch1
CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows
remote ...)
{DSA-4052-1 DLA-1107-1}
- bzr 2.7.0+bzr6622-7 (bug #874429)
@@ -74274,8 +74326,7 @@ CVE-2017-2607
RESERVED
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2606
- RESERVED
+CVE-2017-2606 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an
information ...)
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2605
@@ -131866,8 +131917,8 @@ CVE-2015-1505
RESERVED
CVE-2015-1504
RESERVED
-CVE-2015-1503
- RESERVED
+CVE-2015-1503 (Multiple directory traversal vulnerabilities in IceWarp Mail
Server ...)
+ TODO: check
CVE-2015-1502
RESERVED
CVE-2015-1501 (The factory.loadExtensionFactory function in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4923a543b46de2cbbb9b2e331da085990af3cb6f
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4923a543b46de2cbbb9b2e331da085990af3cb6f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
