Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: df6f0b1f by security tracker role at 2018-05-23T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,5 @@ +CVE-2018-11396 (ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through ...) + TODO: check CVE-2018-11395 RESERVED CVE-2018-11394 @@ -197,8 +199,8 @@ CVE-2018-11336 RESERVED CVE-2018-11335 RESERVED -CVE-2018-11334 - RESERVED +CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a NULL DACL that allows ...) + TODO: check CVE-2018-11333 RESERVED CVE-2018-11332 @@ -389,6 +391,7 @@ CVE-2018-11253 CVE-2018-11252 RESERVED CVE-2018-11251 (In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based ...) + {DLA-1381-1} - imagemagick 8:6.9.9.39+dfsg-1 NOTE: https://github.com/ImageMagick/ImageMagick/issues/956 NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fbc6a557b4f63af18b2debe83f817859ef7481 @@ -438,6 +441,7 @@ CVE-2018-11233 CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege Context ...) NOT-FOR-US: Kubernetes CRI-O CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop ...) + {DLA-1381-1} - imagemagick 8:6.9.9.34+dfsg-3 NOTE: https://github.com/ImageMagick/ImageMagick/issues/910 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8fcb59e9e1d1189caf2e0f5e39346944dcd6b9d @@ -447,6 +451,7 @@ CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a ...) NOTE: https://github.com/ImageMagick/ImageMagick/issues/918 NOTE: https://github.com/ImageMagick/ImageMagick/commit/93d029b70ac766ce0b5d7261a2dd334535f48038 CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop ...) + {DLA-1381-1} - imagemagick 8:6.9.9.34+dfsg-3 NOTE: https://github.com/ImageMagick/ImageMagick/issues/911 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e @@ -458,8 +463,8 @@ CVE-2017-18269 (An SSE2-optimized memmove implementation for i386 in ...) CVE-2018-11232 (The etm_setup_aux function in ...) - linux <not-affected> (Vulnerable code never present in unstable) NOTE: Fixed by: https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f -CVE-2018-11231 - RESERVED +CVE-2018-11231 (In the Divido plugin for OpenCart, there is SQL injection. Attackers ...) + TODO: check CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows ...) NOT-FOR-US: jbig2enc CVE-2018-11229 @@ -1805,20 +1810,20 @@ CVE-2018-10656 RESERVED CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 ...) NOT-FOR-US: DeviceLock Plug and Play Auditor -CVE-2018-10654 - RESERVED -CVE-2018-10653 - RESERVED -CVE-2018-10652 - RESERVED -CVE-2018-10651 - RESERVED -CVE-2018-10650 - RESERVED -CVE-2018-10649 - RESERVED -CVE-2018-10648 - RESERVED +CVE-2018-10654 (There is a Hazelcast Library Java Deserialization Vulnerability in ...) + TODO: check +CVE-2018-10653 (There is an XML External Entity (XXE) Processing Vulnerability in ...) + TODO: check +CVE-2018-10652 (There is a Sensitive Data Leakage issue in Citrix XenMobile Server ...) + TODO: check +CVE-2018-10651 (There are Open Redirect Vulnerabilities in Citrix XenMobile Server ...) + TODO: check +CVE-2018-10650 (There is an Insufficient Path Validation Vulnerability in Citrix ...) + TODO: check +CVE-2018-10649 (There is a Cross-Site Scripting Vulnerability in Citrix XenMobile ...) + TODO: check +CVE-2018-10648 (There are Unauthenticated File Upload Vulnerabilities in Citrix ...) + TODO: check CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation ...) NOT-FOR-US: SaferVPN CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege ...) @@ -2541,20 +2546,20 @@ CVE-2018-10359 RESERVED CVE-2018-10358 RESERVED -CVE-2018-10357 - RESERVED -CVE-2018-10356 - RESERVED -CVE-2018-10355 - RESERVED -CVE-2018-10354 - RESERVED -CVE-2018-10353 - RESERVED -CVE-2018-10352 - RESERVED -CVE-2018-10351 - RESERVED +CVE-2018-10357 (A directory traversal vulnerability in Trend Micro Endpoint ...) + TODO: check +CVE-2018-10356 (A SQL injection remote code execution vulnerability in Trend Micro ...) + TODO: check +CVE-2018-10355 (An authentication weakness vulnerability in Trend Micro Email ...) + TODO: check +CVE-2018-10354 (A command injection remote command execution vulnerability in Trend ...) + TODO: check +CVE-2018-10353 (A SQL injection information disclosure vulnerability in Trend Micro ...) + TODO: check +CVE-2018-10352 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could ...) + TODO: check +CVE-2018-10351 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could ...) + TODO: check CVE-2018-10350 RESERVED CVE-2018-10349 @@ -6106,8 +6111,8 @@ CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and Sentin NOT-FOR-US: HASP SRM CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 ...) NOT-FOR-US: IdentityServer -CVE-2018-8898 - RESERVED +CVE-2018-8898 (A flaw in the authentication mechanism in the Login Panel of router ...) + TODO: check CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...) {DSA-4201-1 DSA-4196-1} - linux 4.15.17-1 @@ -7765,8 +7770,8 @@ CVE-2018-8178 (A remote code execution vulnerability exists in the way that Micr NOT-FOR-US: Microsoft CVE-2018-8177 (A remote code execution vulnerability exists in the way that the ...) NOT-FOR-US: Microsoft -CVE-2018-8176 - RESERVED +CVE-2018-8176 (A remote code execution vulnerability exists in Microsoft PowerPoint ...) + TODO: check CVE-2018-8175 RESERVED CVE-2018-8174 (A remote code execution vulnerability exists in the way that the ...) @@ -10448,8 +10453,8 @@ CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG .. NOT-FOR-US: eQ-3 AG Homematic CCU2 CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage method ...) NOT-FOR-US: eQ-3 AG Homematic CCU2 -CVE-2018-7295 - RESERVED +CVE-2018-7295 (ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on ...) + TODO: check CVE-2018-7294 RESERVED CVE-2018-7293 @@ -12909,8 +12914,8 @@ CVE-2018-6497 RESERVED CVE-2018-6496 RESERVED -CVE-2018-6495 - RESERVED +CVE-2018-6495 (Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version ...) + TODO: check CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software Web Tier, ...) NOT-FOR-US: HP CVE-2018-6493 (SQL Injection in HP Network Operations Management Ultimate, version ...) @@ -27354,10 +27359,10 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest . NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/7 CVE-2018-1311 RESERVED -CVE-2018-1310 - RESERVED -CVE-2018-1309 - RESERVED +CVE-2018-1310 (Apache NiFi JMS Deserialization issue because of ActiveMQ client ...) + TODO: check +CVE-2018-1309 (Apache NiFi External XML Entity issue in SplitXML processor. Malicious ...) + TODO: check CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 ...) {DSA-4194-1 DLA-1360-1} - lucene-solr 3.6.2+dfsg-12 (bug #896604) @@ -27715,8 +27720,8 @@ CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment versi NOT-FOR-US: Cloud Foundry CVE-2018-1194 REJECTED -CVE-2018-1193 - RESERVED +CVE-2018-1193 (Cloud Foundry routing-release, versions prior to 0.175.0, lacks ...) + TODO: check CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285; ...) NOT-FOR-US: Cloud Foundry CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an ...) @@ -28061,40 +28066,35 @@ CVE-2018-1128 CVE-2018-1127 RESERVED NOT-FOR-US: tendrl-api -CVE-2018-1126 [0035-proc-alloc.-Use-size_t-not-unsigned-int.patch] - RESERVED +CVE-2018-1126 (procps-ng before version 3.3.15 is vulnerable to an incorrect integer ...) {DSA-4208-1} - procps 2:3.3.15-1 (bug #899170) NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1 NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt NOTE: Patch: 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch NOTE: https://gitlab.com/procps-ng/procps/commit/f1077b7a558a5545837aae068422e58f1f9b1d33 -CVE-2018-1125 [0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch] - RESERVED +CVE-2018-1125 (procps-ng before version 3.3.15 is vulnerable to a stack buffer ...) {DSA-4208-1} - procps 2:3.3.15-1 (bug #899170) NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1 NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt NOTE: Patch: 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch NOTE: https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584 -CVE-2018-1124 [Local Privilege Escalation in libprocps] - RESERVED +CVE-2018-1124 (procps-ng before version 3.3.15 is vulnerable to multiple integer ...) {DSA-4208-1} - procps 2:3.3.15-1 (bug #899170) NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1 NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt NOTE: Patch: 0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch NOTE: https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20 -CVE-2018-1123 [Denial of Service in ps] - RESERVED +CVE-2018-1123 (procps-ng before version 3.3.15 is vulnerable to a denial of service ...) {DSA-4208-1} - procps 2:3.3.15-1 (bug #899170) NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1 NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt NOTE: Patch: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch NOTE: https://gitlab.com/procps-ng/procps/commit/136e3724952827bbae8887a42d9d2b6f658a48ab -CVE-2018-1122 [Local Privilege Escalation in top] - RESERVED +CVE-2018-1122 (procps-ng before version 3.3.15 is vulnerable to a local privilege ...) {DSA-4208-1} - procps 2:3.3.15-1 (bug #899170) NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1 @@ -54745,8 +54745,8 @@ CVE-2017-9319 RESERVED CVE-2017-9318 RESERVED -CVE-2017-9317 - RESERVED +CVE-2017-9317 (Privilege escalation vulnerability found in some Dahua IP devices. ...) + TODO: check CVE-2017-9316 (Firmware upgrade authentication bypass vulnerability was found in ...) NOT-FOR-US: Dahua CVE-2017-9315 (Customer of Dahua IP camera or IP PTZ could submit relevant device ...) @@ -76145,8 +76145,7 @@ CVE-2017-2600 (In jenkins before versions 2.44, 2.32.2 node monitor data could b CVE-2017-2599 (Jenkins before versions 2.44 and 2.32.2 is vulnerable to an ...) - jenkins <removed> NOTE: https://jenkins.io/security/advisory/2017-02-01/ -CVE-2017-2598 - RESERVED +CVE-2017-2598 (Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode ...) - jenkins <removed> NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2597 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df6f0b1f0acf7a10b8ef8e5fbaf05da1a447b630 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df6f0b1f0acf7a10b8ef8e5fbaf05da1a447b630 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits