Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54a447f9 by security tracker role at 2018-05-31T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,89 @@
+CVE-2018-11628
+ RESERVED
+CVE-2018-11627 (Sinatra before 2.0.2 has XSS via the 400 Bad Request page that
occurs ...)
+ TODO: check
+CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a
stack-based buffer ...)
+ TODO: check
+CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the
quantize.c file ...)
+ TODO: check
+CVE-2018-11624 (In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in
coders/mat.c ...)
+ TODO: check
+CVE-2018-11623
+ RESERVED
+CVE-2018-11622
+ RESERVED
+CVE-2018-11621
+ RESERVED
+CVE-2018-11620
+ RESERVED
+CVE-2018-11619
+ RESERVED
+CVE-2018-11618
+ RESERVED
+CVE-2018-11617
+ RESERVED
+CVE-2018-11616
+ RESERVED
+CVE-2018-11615
+ RESERVED
+CVE-2018-11614
+ RESERVED
+CVE-2018-11613
+ RESERVED
+CVE-2018-11612
+ RESERVED
+CVE-2018-11611
+ RESERVED
+CVE-2018-11610
+ RESERVED
+CVE-2018-11609
+ RESERVED
+CVE-2018-11608
+ RESERVED
+CVE-2018-11607
+ RESERVED
+CVE-2018-11606
+ RESERVED
+CVE-2018-11605
+ RESERVED
+CVE-2018-11604
+ RESERVED
+CVE-2018-11603
+ RESERVED
+CVE-2018-11602
+ RESERVED
+CVE-2018-11601
+ RESERVED
+CVE-2018-11600
+ RESERVED
+CVE-2018-11599
+ RESERVED
+CVE-2018-11598 (Espruino before 1.99 allows attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2018-11597 (Espruino before 1.99 allows attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2018-11596 (Espruino before 1.99 allows attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2018-11595 (Espruino before 1.99 allows attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2018-11594 (Espruino before 1.99 allows attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2018-11593 (Espruino before 1.99 allows attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2018-11592 (Espruino before 1.98 allows attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2018-11591 (Espruino before 1.98 allows attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2018-11590 (Espruino before 1.99 allows attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2018-11589
+ RESERVED
+CVE-2018-11588
+ RESERVED
+CVE-2018-11587
+ RESERVED
+CVE-2018-11586
+ RESERVED
CVE-2018-11585
RESERVED
CVE-2018-11584
@@ -978,8 +1064,8 @@ CVE-2018-11222
RESERVED
CVE-2018-11221
RESERVED
-CVE-2018-11220
- RESERVED
+CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command
...)
+ TODO: check
CVE-2018-11219
RESERVED
CVE-2018-11218
@@ -1157,28 +1243,28 @@ CVE-2018-11144
RESERVED
CVE-2018-11143
RESERVED
-CVE-2018-11142
- RESERVED
-CVE-2018-11141
- RESERVED
-CVE-2018-11140
- RESERVED
-CVE-2018-11139
- RESERVED
-CVE-2018-11138
- RESERVED
-CVE-2018-11137
- RESERVED
-CVE-2018-11136
- RESERVED
-CVE-2018-11135
- RESERVED
-CVE-2018-11134
- RESERVED
-CVE-2018-11133
- RESERVED
-CVE-2018-11132
- RESERVED
+CVE-2018-11142 (The 'systemui/settings_network.php' and ...)
+ TODO: check
+CVE-2018-11141 (The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of
the ...)
+ TODO: check
+CVE-2018-11140 (The 'reportID' parameter received by the
'/common/run_report.php' ...)
+ TODO: check
+CVE-2018-11139 (The '/common/ajax_email_connection_test.php' script in the
Quest KACE ...)
+ TODO: check
+CVE-2018-11138 (The '/common/download_agent_installer.php' script in the Quest
KACE ...)
+ TODO: check
+CVE-2018-11137 (The 'checksum' parameter of the
'/common/download_attachment.php' ...)
+ TODO: check
+CVE-2018-11136 (The 'orgID' parameter received by the ...)
+ TODO: check
+CVE-2018-11135 (The script '/adminui/error_details.php' in the Quest KACE
System ...)
+ TODO: check
+CVE-2018-11134 (In order to perform actions that requires higher privileges,
the Quest ...)
+ TODO: check
+CVE-2018-11133 (The 'fmt' parameter of the '/common/run_cross_report.php'
script in the ...)
+ TODO: check
+CVE-2018-11132 (In order to perform actions that require higher privileges,
the Quest ...)
+ TODO: check
CVE-2018-11131
RESERVED
CVE-2018-11130 (The header::add_FORMAT_descriptor function in header.cpp in
VCFtools ...)
@@ -1397,8 +1483,8 @@ CVE-2018-11038
CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in
...)
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/307
-CVE-2018-11036
- RESERVED
+CVE-2018-11036 (Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG)
3.5.0, ...)
+ TODO: check
CVE-2018-11035 (In 2345 Security Guard 3.7, the driver file
(2345NsProtect.sys, X64 ...)
NOT-FOR-US: 2345 Security Guard
CVE-2018-11034 (In 2345 Security Guard 3.7, the driver file
(2345NsProtect.sys, X64 ...)
@@ -5418,30 +5504,30 @@ CVE-2018-9324
REJECTED
CVE-2018-9323
REJECTED
-CVE-2018-9322
- RESERVED
+CVE-2018-9322 (The Head Unit HU_NBT (aka Infotainment) component on BMW i
Series, BMW ...)
+ TODO: check
CVE-2018-9321
REJECTED
-CVE-2018-9320
- RESERVED
+CVE-2018-9320 (The Head Unit HU_NBT (aka Infotainment) component on BMW i
Series, BMW ...)
+ TODO: check
CVE-2018-9319
REJECTED
-CVE-2018-9318
- RESERVED
+CVE-2018-9318 (The Telematics Control Unit (aka Telematic Communication Box or
TCB), ...)
+ TODO: check
CVE-2018-9317
REJECTED
CVE-2018-9316
REJECTED
CVE-2018-9315
REJECTED
-CVE-2018-9314
- RESERVED
-CVE-2018-9313
- RESERVED
-CVE-2018-9312
- RESERVED
-CVE-2018-9311
- RESERVED
+CVE-2018-9314 (The Head Unit HU_NBT (aka Infotainment) component on BMW i
Series, BMW ...)
+ TODO: check
+CVE-2018-9313 (The Head Unit HU_NBT (aka Infotainment) component on BMW i
Series, BMW ...)
+ TODO: check
+CVE-2018-9312 (The Head Unit HU_NBT (aka Infotainment) component on BMW i
Series, BMW ...)
+ TODO: check
+CVE-2018-9311 (The Telematics Control Unit (aka Telematic Communication Box or
TCB), ...)
+ TODO: check
CVE-2018-1000155 (OpenFlow version 1.0 onwards contains a Denial of Service
and Improper ...)
NOT-FOR-US: Flaw in the OpenFlow protocol
CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a
Improper ...)
@@ -6034,7 +6120,8 @@ CVE-2018-9132 (libming 0.4.8 has a NULL pointer
dereference in the getInt functi
{DLA-1386-1}
- ming <removed>
NOTE: https://github.com/libming/libming/issues/133
-CVE-2018-9131 (Reaper 5.78 suffers from a local buffer overflow that allows
code ...)
+CVE-2018-9131
+ REJECTED
NOT-FOR-US: Reaper
CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
NOT-FOR-US: IBOS
@@ -16834,8 +16921,7 @@ CVE-2018-5390
RESERVED
CVE-2018-5389
RESERVED
-CVE-2018-5388 [buffer underflow in charon IKE daemon]
- RESERVED
+CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet
length ...)
- strongswan <unfixed>
[stretch] - strongswan <no-dsa> (needs root priv for access to the
stroke socket)
[jessie] - strongswan <no-dsa> (needs root priv for access to the
stroke socket)
@@ -28726,35 +28812,35 @@ CVE-2018-1127
RESERVED
NOT-FOR-US: tendrl-api
CVE-2018-1126 (procps-ng before version 3.3.15 is vulnerable to an incorrect
integer ...)
- {DSA-4208-1}
+ {DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE:
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
NOTE:
https://gitlab.com/procps-ng/procps/commit/f1077b7a558a5545837aae068422e58f1f9b1d33
CVE-2018-1125 (procps-ng before version 3.3.15 is vulnerable to a stack buffer
...)
- {DSA-4208-1}
+ {DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE:
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch:
0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
NOTE:
https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584
CVE-2018-1124 (procps-ng before version 3.3.15 is vulnerable to multiple
integer ...)
- {DSA-4208-1}
+ {DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE:
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch:
0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch
NOTE:
https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20
CVE-2018-1123 (procps-ng before version 3.3.15 is vulnerable to a denial of
service ...)
- {DSA-4208-1}
+ {DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE:
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch
NOTE:
https://gitlab.com/procps-ng/procps/commit/136e3724952827bbae8887a42d9d2b6f658a48ab
CVE-2018-1122 (procps-ng before version 3.3.15 is vulnerable to a local
privilege ...)
- {DSA-4208-1}
+ {DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE:
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/54a447f9f4bce189fc702e0257c5b434c8788590
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/54a447f9f4bce189fc702e0257c5b434c8788590
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
