Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5a549485 by security tracker role at 2018-05-24T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,12 +1,22 @@ -CVE-2018-11412 [Linux ext4: out-of-bounds memcpy via non-inline system.data xattr] +CVE-2018-11417 + RESERVED +CVE-2018-11416 + RESERVED +CVE-2018-11415 (SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site ...) + TODO: check +CVE-2018-11414 (An issue was discovered in BearAdmin 0.5. There is ...) + TODO: check +CVE-2018-11413 (An issue was discovered in BearAdmin 0.5. Remote attackers can download ...) + TODO: check +CVE-2018-11412 (In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in ...) - linux <unfixed> [stretch] - linux <not-affected> (Introduced in e50e5129f384 in 4.13) [jessie] - linux <not-affected> (Introduced in e50e5129f384 in 4.13) [wheezy] - linux <not-affected> (Introduced in e50e5129f384 in 4.13) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1580 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199803 -CVE-2018-11411 - RESERVED +CVE-2018-11411 (The transferFrom function of a smart contract implementation for ...) + TODO: check CVE-2018-11410 (An issue was discovered in Liblouis 3.5.0. A invalid free in the ...) - liblouis <unfixed> (bug #899999) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1582024 @@ -243,8 +253,8 @@ CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a NULL DACL that allow NOT-FOR-US: Windscribe CVE-2018-11333 RESERVED -CVE-2018-11332 - RESERVED +CVE-2018-11332 (Stored cross-site scripting (XSS) vulnerability in the "Site Name" ...) + TODO: check CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code ...) NOT-FOR-US: Pluck CMS CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is authenticated ...) @@ -1456,13 +1466,11 @@ CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFF NOTE: https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91 CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add credentials ...) NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer -CVE-2018-1000301 [RTSP bad headers buffer over-read] - RESERVED +CVE-2018-1000301 (curl version curl 7.20.0 to and including curl 7.59.0 contains a ...) {DSA-4202-1 DLA-1379-1} - curl 7.60.0-1 (bug #898856) NOTE: https://curl.haxx.se/docs/adv_2018-b138.html -CVE-2018-1000300 [FTP shutdown response buffer overflow] - RESERVED +CVE-2018-1000300 (curl version curl 7.54.1 to and including curl 7.59.0 contains a ...) - curl 7.60.0-1 [stretch] - curl <not-affected> (Vulnerable code introduced in 7.54.1) [jessie] - curl <not-affected> (Vulnerable code introduced in 7.54.1) @@ -1968,12 +1976,12 @@ CVE-2018-10597 RESERVED CVE-2018-10596 RESERVED -CVE-2018-10595 - RESERVED +CVE-2018-10595 (A vulnerability in ReadA version 1.1.0.2 and previous allows an ...) + TODO: check CVE-2018-10594 RESERVED -CVE-2018-10593 - RESERVED +CVE-2018-10593 (A vulnerability in DB Manager version 3.0.1.0 and previous and ...) + TODO: check CVE-2018-10592 RESERVED CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...) @@ -3039,8 +3047,7 @@ CVE-2018-10183 (An issue was discovered in BigTree 4.2.22. There is cross-site . NOT-FOR-US: BigTree CMS CVE-2018-10182 RESERVED -CVE-2018-1000199 [ptrace() incorrect error handling leads to corruption and DoS] - RESERVED +CVE-2018-1000199 (The Linux Kernel version 3.18 contains a dangerous feature ...) {DSA-4188-1 DSA-4187-1 DLA-1369-1} - linux 4.15.17-1 NOTE: Fixed by: https://git.kernel.org/linus/f67b15037a7a50c57f72e69a6d59941ad90a0f0f @@ -3677,8 +3684,8 @@ CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7. Physica NOT-FOR-US: idreamsoft iCMS CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible ...) NOT-FOR-US: CMS Made Simple -CVE-2018-9920 - RESERVED +CVE-2018-9920 (Server side request forgery exists in the runtime application in K2 ...) + TODO: check CVE-2018-9919 (A web-accessible backdoor, with resultant SSRF, exists in Tp-shop ...) NOT-FOR-US: Tp-shop CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary ...) @@ -4978,8 +4985,7 @@ CVE-2018-9312 RESERVED CVE-2018-9311 RESERVED -CVE-2018-1000155 [Denial of Service, Improper Authentication and Authorization, and Covert Channel in the OpenFlow handshake] - RESERVED +CVE-2018-1000155 (OpenFlow version 1.0 onwards contains a Denial of Service and Improper ...) NOT-FOR-US: Flaw in the OpenFlow protocol CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper ...) NOT-FOR-US: Zammad GmbH Zammad @@ -8278,8 +8284,7 @@ CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomc NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 NOTE: It is expected that users of the CORS filter will have configured it appropriately NOTE: for their einvironment rather than using it in the default configuration -CVE-2018-8013 [Apache Batik information disclosure vulnerability] - RESERVED +CVE-2018-8013 (In Apache Batik 1.x before 1.10, when deserializing subclass of ...) - batik <unfixed> (bug #899374) CVE-2018-8012 (No authentication/authorization is enforced when a server attempts to ...) - zookeeper 3.4.10-2 (bug #899332) @@ -8450,8 +8455,8 @@ CVE-2018-7944 RESERVED CVE-2018-7943 RESERVED -CVE-2018-7942 - RESERVED +CVE-2018-7942 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei ...) + TODO: check CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A ...) NOT-FOR-US: Huawei CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than ...) @@ -8526,12 +8531,12 @@ CVE-2018-7906 RESERVED CVE-2018-7905 RESERVED -CVE-2018-7904 - RESERVED -CVE-2018-7903 - RESERVED -CVE-2018-7902 - RESERVED +CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON ...) + TODO: check +CVE-2018-7903 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON ...) + TODO: check +CVE-2018-7902 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON ...) + TODO: check CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software versions ...) NOT-FOR-US: Huawei CVE-2018-7900 @@ -12642,16 +12647,16 @@ CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a ... NOT-FOR-US: CA API Developer Portal CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored ...) NOT-FOR-US: CA API Developer Portal -CVE-2018-1000040 - RESERVED -CVE-2018-1000039 - RESERVED -CVE-2018-1000038 - RESERVED -CVE-2018-1000037 - RESERVED -CVE-2018-1000036 - RESERVED +CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs ...) + TODO: check +CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the ...) + TODO: check +CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in function ...) + TODO: check +CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF ...) + TODO: check +CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser ...) + TODO: check CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 ...) - unzip <unfixed> (bug #889838) [stretch] - unzip <no-dsa> (Harmless crash, builds with fortified source) @@ -16034,12 +16039,12 @@ CVE-2018-5489 RESERVED CVE-2018-5488 RESERVED -CVE-2018-5487 - RESERVED +CVE-2018-5487 (NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ...) + TODO: check CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ...) NOT-FOR-US: NetApp OnCommand Unified Manager for Linux -CVE-2018-5485 - RESERVED +CVE-2018-5485 (NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 ...) + TODO: check CVE-2018-5484 RESERVED CVE-2018-5483 @@ -28686,8 +28691,8 @@ CVE-2017-17317 RESERVED CVE-2017-17316 RESERVED -CVE-2017-17315 - RESERVED +CVE-2017-17315 (Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; ...) + TODO: check CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...) NOT-FOR-US: Huawei CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with Versions ...) @@ -29000,8 +29005,8 @@ CVE-2017-17160 (Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, ... NOT-FOR-US: Huawei CVE-2017-17159 (Some Huawei smart phones with software of NXT-AL10C00B386, ...) NOT-FOR-US: Huawei -CVE-2017-17158 - RESERVED +CVE-2017-17158 (Some Huawei smart phones with the versions before ...) + TODO: check CVE-2017-17157 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...) NOT-FOR-US: Huawei CVE-2017-17156 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...) @@ -54427,8 +54432,8 @@ CVE-2017-9423 RESERVED CVE-2017-9422 REJECTED -CVE-2017-9421 - RESERVED +CVE-2017-9421 (Authentication Bypass vulnerability in Accellion kiteworks before ...) + TODO: check CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...) NOT-FOR-US: Spiffy Calendar plugin for WordPress CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a549485afe1b01a34b3394244262af7816de463 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a549485afe1b01a34b3394244262af7816de463 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits