Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a549485 by security tracker role at 2018-05-24T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,12 +1,22 @@
-CVE-2018-11412 [Linux ext4: out-of-bounds memcpy via non-inline system.data
xattr]
+CVE-2018-11417
+ RESERVED
+CVE-2018-11416
+ RESERVED
+CVE-2018-11415 (SAP Internet Transaction Server (ITS) 6200.X.X has Reflected
Cross Site ...)
+ TODO: check
+CVE-2018-11414 (An issue was discovered in BearAdmin 0.5. There is ...)
+ TODO: check
+CVE-2018-11413 (An issue was discovered in BearAdmin 0.5. Remote attackers can
download ...)
+ TODO: check
+CVE-2018-11412 (In the Linux kernel 4.13 through 4.16.11,
ext4_read_inline_data() in ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
[jessie] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
[wheezy] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1580
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199803
-CVE-2018-11411
- RESERVED
+CVE-2018-11411 (The transferFrom function of a smart contract implementation
for ...)
+ TODO: check
CVE-2018-11410 (An issue was discovered in Liblouis 3.5.0. A invalid free in
the ...)
- liblouis <unfixed> (bug #899999)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1582024
@@ -243,8 +253,8 @@ CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a
NULL DACL that allow
NOT-FOR-US: Windscribe
CVE-2018-11333
RESERVED
-CVE-2018-11332
- RESERVED
+CVE-2018-11332 (Stored cross-site scripting (XSS) vulnerability in the
"Site Name" ...)
+ TODO: check
CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code
...)
NOT-FOR-US: Pluck CMS
CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is
authenticated ...)
@@ -1456,13 +1466,11 @@ CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a
memory leak in WriteTIFF
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add
credentials ...)
NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer
-CVE-2018-1000301 [RTSP bad headers buffer over-read]
- RESERVED
+CVE-2018-1000301 (curl version curl 7.20.0 to and including curl 7.59.0
contains a ...)
{DSA-4202-1 DLA-1379-1}
- curl 7.60.0-1 (bug #898856)
NOTE: https://curl.haxx.se/docs/adv_2018-b138.html
-CVE-2018-1000300 [FTP shutdown response buffer overflow]
- RESERVED
+CVE-2018-1000300 (curl version curl 7.54.1 to and including curl 7.59.0
contains a ...)
- curl 7.60.0-1
[stretch] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
[jessie] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
@@ -1968,12 +1976,12 @@ CVE-2018-10597
RESERVED
CVE-2018-10596
RESERVED
-CVE-2018-10595
- RESERVED
+CVE-2018-10595 (A vulnerability in ReadA version 1.1.0.2 and previous allows
an ...)
+ TODO: check
CVE-2018-10594
RESERVED
-CVE-2018-10593
- RESERVED
+CVE-2018-10593 (A vulnerability in DB Manager version 3.0.1.0 and previous and
...)
+ TODO: check
CVE-2018-10592
RESERVED
CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior,
WebAccess ...)
@@ -3039,8 +3047,7 @@ CVE-2018-10183 (An issue was discovered in BigTree
4.2.22. There is cross-site .
NOT-FOR-US: BigTree CMS
CVE-2018-10182
RESERVED
-CVE-2018-1000199 [ptrace() incorrect error handling leads to corruption and
DoS]
- RESERVED
+CVE-2018-1000199 (The Linux Kernel version 3.18 contains a dangerous feature
...)
{DSA-4188-1 DSA-4187-1 DLA-1369-1}
- linux 4.15.17-1
NOTE: Fixed by:
https://git.kernel.org/linus/f67b15037a7a50c57f72e69a6d59941ad90a0f0f
@@ -3677,8 +3684,8 @@ CVE-2018-9922 (An issue was discovered in idreamsoft iCMS
through 7.0.7. Physica
NOT-FOR-US: idreamsoft iCMS
CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it
possible ...)
NOT-FOR-US: CMS Made Simple
-CVE-2018-9920
- RESERVED
+CVE-2018-9920 (Server side request forgery exists in the runtime application
in K2 ...)
+ TODO: check
CVE-2018-9919 (A web-accessible backdoor, with resultant SSRF, exists in
Tp-shop ...)
NOT-FOR-US: Tp-shop
CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain
"expected dictionary ...)
@@ -4978,8 +4985,7 @@ CVE-2018-9312
RESERVED
CVE-2018-9311
RESERVED
-CVE-2018-1000155 [Denial of Service, Improper Authentication and
Authorization, and Covert Channel in the OpenFlow handshake]
- RESERVED
+CVE-2018-1000155 (OpenFlow version 1.0 onwards contains a Denial of Service
and Improper ...)
NOT-FOR-US: Flaw in the OpenFlow protocol
CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a
Improper ...)
NOT-FOR-US: Zammad GmbH Zammad
@@ -8278,8 +8284,7 @@ CVE-2018-8014 (The defaults settings for the CORS filter
provided in Apache Tomc
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
NOTE: It is expected that users of the CORS filter will have configured
it appropriately
NOTE: for their einvironment rather than using it in the default
configuration
-CVE-2018-8013 [Apache Batik information disclosure vulnerability]
- RESERVED
+CVE-2018-8013 (In Apache Batik 1.x before 1.10, when deserializing subclass of
...)
- batik <unfixed> (bug #899374)
CVE-2018-8012 (No authentication/authorization is enforced when a server
attempts to ...)
- zookeeper 3.4.10-2 (bug #899332)
@@ -8450,8 +8455,8 @@ CVE-2018-7944
RESERVED
CVE-2018-7943
RESERVED
-CVE-2018-7942
- RESERVED
+CVE-2018-7942 (The iBMC (Intelligent Baseboard Management Controller) of some
Huawei ...)
+ TODO: check
CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass
vulnerability. A ...)
NOT-FOR-US: Huawei
CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier
versions than ...)
@@ -8526,12 +8531,12 @@ CVE-2018-7906
RESERVED
CVE-2018-7905
RESERVED
-CVE-2018-7904
- RESERVED
-CVE-2018-7903
- RESERVED
-CVE-2018-7902
- RESERVED
+CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a
JSON ...)
+ TODO: check
+CVE-2018-7903 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a
JSON ...)
+ TODO: check
+CVE-2018-7902 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a
JSON ...)
+ TODO: check
CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software
versions ...)
NOT-FOR-US: Huawei
CVE-2018-7900
@@ -12642,16 +12647,16 @@ CVE-2018-6587 (CA API Developer Portal 3.5 up to and
including 3.5 CR6 has a ...
NOT-FOR-US: CA API Developer Portal
CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a
stored ...)
NOT-FOR-US: CA API Developer Portal
-CVE-2018-1000040
- RESERVED
-CVE-2018-1000039
- RESERVED
-CVE-2018-1000038
- RESERVED
-CVE-2018-1000037
- RESERVED
-CVE-2018-1000036
- RESERVED
+CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized
value bugs ...)
+ TODO: check
+CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free
bugs in the ...)
+ TODO: check
+CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in
function ...)
+ TODO: check
+CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions
in the PDF ...)
+ TODO: check
+CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the
PDF parser ...)
+ TODO: check
CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip
version <= 6.00 ...)
- unzip <unfixed> (bug #889838)
[stretch] - unzip <no-dsa> (Harmless crash, builds with fortified
source)
@@ -16034,12 +16039,12 @@ CVE-2018-5489
RESERVED
CVE-2018-5488
RESERVED
-CVE-2018-5487
- RESERVED
+CVE-2018-5487 (NetApp OnCommand Unified Manager for Linux versions 7.2 through
7.3 ...)
+ TODO: check
CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though
7.3 ...)
NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
-CVE-2018-5485
- RESERVED
+CVE-2018-5485 (NetApp OnCommand Unified Manager for Windows versions 7.2
through 7.3 ...)
+ TODO: check
CVE-2018-5484
RESERVED
CVE-2018-5483
@@ -28686,8 +28691,8 @@ CVE-2017-17317
RESERVED
CVE-2017-17316
RESERVED
-CVE-2017-17315
- RESERVED
+CVE-2017-17315 (Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10;
...)
+ TODO: check
CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10,
...)
NOT-FOR-US: Huawei
CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with
Versions ...)
@@ -29000,8 +29005,8 @@ CVE-2017-17160 (Huawei AR120-S V200R006C10,
V200R007C00, AR1200 V200R006C10, ...
NOT-FOR-US: Huawei
CVE-2017-17159 (Some Huawei smart phones with software of NXT-AL10C00B386, ...)
NOT-FOR-US: Huawei
-CVE-2017-17158
- RESERVED
+CVE-2017-17158 (Some Huawei smart phones with the versions before ...)
+ TODO: check
CVE-2017-17157 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
NOT-FOR-US: Huawei
CVE-2017-17156 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
@@ -54427,8 +54432,8 @@ CVE-2017-9423
RESERVED
CVE-2017-9422
REJECTED
-CVE-2017-9421
- RESERVED
+CVE-2017-9421 (Authentication Bypass vulnerability in Accellion kiteworks
before ...)
+ TODO: check
CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar
plugin ...)
NOT-FOR-US: Spiffy Calendar plugin for WordPress
CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP
Custom ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a549485afe1b01a34b3394244262af7816de463
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a549485afe1b01a34b3394244262af7816de463
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
