Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f28d2d46 by security tracker role at 2018-06-15T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,219 @@
+CVE-2018-12498 (spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id
...)
+ TODO: check
+CVE-2018-12497
+ RESERVED
+CVE-2018-12496
+ RESERVED
+CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in
DISCOUNT ...)
+ TODO: check
+CVE-2018-12494 (An issue discovered in PublicCMS V4.0.20180210. There is a
"Directory ...)
+ TODO: check
+CVE-2018-12493 (An issue discovered in PublicCMS V4.0.20180210. There is a
"Directory ...)
+ TODO: check
+CVE-2018-12492 (PHPOK 4.9.032 has an arbitrary file deletion vulnerability in
the ...)
+ TODO: check
+CVE-2018-12491 (PHPOK 4.9.032 has an arbitrary file upload vulnerability in
the ...)
+ TODO: check
+CVE-2018-12490
+ RESERVED
+CVE-2018-12489
+ RESERVED
+CVE-2018-12488
+ RESERVED
+CVE-2018-12487
+ RESERVED
+CVE-2018-12486
+ RESERVED
+CVE-2018-12485
+ RESERVED
+CVE-2018-12484
+ RESERVED
+CVE-2018-12483
+ RESERVED
+CVE-2018-12482
+ RESERVED
+CVE-2018-12481 (The Olive Tree Ftp Server application 1.32 for Android has a
"Sensitive ...)
+ TODO: check
+CVE-2018-12480
+ RESERVED
+CVE-2018-12479
+ RESERVED
+CVE-2018-12478
+ RESERVED
+CVE-2018-12477
+ RESERVED
+CVE-2018-12476
+ RESERVED
+CVE-2018-12475
+ RESERVED
+CVE-2018-12474
+ RESERVED
+CVE-2018-12473
+ RESERVED
+CVE-2018-12472
+ RESERVED
+CVE-2018-12471
+ RESERVED
+CVE-2018-12470
+ RESERVED
+CVE-2018-12469
+ RESERVED
+CVE-2018-12468
+ RESERVED
+CVE-2018-12467
+ RESERVED
+CVE-2018-12466
+ RESERVED
+CVE-2018-12465
+ RESERVED
+CVE-2018-12464
+ RESERVED
+CVE-2018-12463
+ RESERVED
+CVE-2018-12462
+ RESERVED
+CVE-2018-12461
+ RESERVED
+CVE-2018-12460 (libavcodec in FFmpeg 4.0 may trigger a NULL pointer
dereference if the ...)
+ TODO: check
+CVE-2018-12459 (An inconsistent bits-per-sample value in the ...)
+ TODO: check
+CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header
function in ...)
+ TODO: check
+CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an
admin ...)
+ TODO: check
+CVE-2018-12456
+ RESERVED
+CVE-2018-12455
+ RESERVED
+CVE-2018-12454
+ RESERVED
+CVE-2018-12453
+ RESERVED
+CVE-2018-12452
+ RESERVED
+CVE-2018-12451
+ RESERVED
+CVE-2018-12450
+ RESERVED
+CVE-2018-12449
+ RESERVED
+CVE-2018-12448
+ RESERVED
+CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in
libavcodec, as used ...)
+ TODO: check
+CVE-2018-12446
+ RESERVED
+CVE-2018-12445
+ RESERVED
+CVE-2018-12444
+ RESERVED
+CVE-2018-12443
+ RESERVED
+CVE-2018-12442
+ RESERVED
+CVE-2018-12441
+ RESERVED
+CVE-2017-18341
+ RESERVED
+CVE-2017-18340
+ RESERVED
+CVE-2017-18339
+ RESERVED
+CVE-2017-18338
+ RESERVED
+CVE-2017-18337
+ RESERVED
+CVE-2017-18336
+ RESERVED
+CVE-2017-18335
+ RESERVED
+CVE-2017-18334
+ RESERVED
+CVE-2017-18333
+ RESERVED
+CVE-2017-18332
+ RESERVED
+CVE-2017-18331
+ RESERVED
+CVE-2017-18330
+ RESERVED
+CVE-2017-18329
+ RESERVED
+CVE-2017-18328
+ RESERVED
+CVE-2017-18327
+ RESERVED
+CVE-2017-18326
+ RESERVED
+CVE-2017-18325
+ RESERVED
+CVE-2017-18324
+ RESERVED
+CVE-2017-18323
+ RESERVED
+CVE-2017-18322
+ RESERVED
+CVE-2017-18321
+ RESERVED
+CVE-2017-18320
+ RESERVED
+CVE-2017-18319
+ RESERVED
+CVE-2017-18318
+ RESERVED
+CVE-2017-18317
+ RESERVED
+CVE-2017-18316
+ RESERVED
+CVE-2017-18315
+ RESERVED
+CVE-2017-18314
+ RESERVED
+CVE-2017-18313
+ RESERVED
+CVE-2017-18312
+ RESERVED
+CVE-2017-18311
+ RESERVED
+CVE-2017-18310
+ RESERVED
+CVE-2017-18309
+ RESERVED
+CVE-2017-18308
+ RESERVED
+CVE-2017-18307
+ RESERVED
+CVE-2017-18306
+ RESERVED
+CVE-2017-18305
+ RESERVED
+CVE-2017-18304
+ RESERVED
+CVE-2017-18303
+ RESERVED
+CVE-2017-18302
+ RESERVED
+CVE-2017-18301
+ RESERVED
+CVE-2017-18300
+ RESERVED
+CVE-2017-18299
+ RESERVED
+CVE-2017-18298
+ RESERVED
+CVE-2017-18297
+ RESERVED
+CVE-2017-18296
+ RESERVED
+CVE-2017-18295
+ RESERVED
+CVE-2017-18294
+ RESERVED
+CVE-2017-18293
+ RESERVED
+CVE-2017-18292
+ RESERVED
CVE-2018-12440 (BoringSSL through 2018-06-14 allows a memory-cache
side-channel attack ...)
- boringssl <itp> (bug #823933)
CVE-2018-12439 (MatrixSSL through 3.9.5 Open allows a memory-cache
side-channel attack ...)
@@ -10,7 +226,7 @@ CVE-2018-12436 (wolfcrypt/src/ecc.c in wolfSSL before
3.15.1.patch allows a ...)
- wolfssl <unfixed> (bug #901627)
NOTE:
https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca
NOTE: https://www.wolfssl.com/wolfssh-and-rohnp/
-CVE-2018-12435 (Botan through 2.6.0 allows a memory-cache side-channel attack
on ECDSA ...)
+CVE-2018-12435 (Botan 2.5.0 through 2.6.0 allows a memory-cache side-channel
attack on ...)
- botan <unfixed> (bug #901619)
- botan1.10 <not-affected> (Issue introduced in 2.5.0)
NOTE: https://github.com/randombit/botan/pull/1604
@@ -37,8 +253,8 @@ CVE-2018-12425
RESERVED
CVE-2018-12424
RESERVED
-CVE-2018-12422
- RESERVED
+CVE-2018-12422 (addressbook/backends/ldap/e-book-backend-ldap.c in ...)
+ TODO: check
CVE-2018-12421 (LTB (aka LDAP Tool Box) Self Service Password before 1.3
allows a ...)
NOT-FOR-US: LTB Self Service Password
CVE-2018-12420 (IceHrm before 23.0.1.OS has a risky usage of a hashed password
in a ...)
@@ -859,9 +1075,9 @@ CVE-2018-XXXX [OVE-20180430-0001: mpatch: be more careful
about parsing binary p
- mercurial 4.6.1-1 (bug #901050)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
-CVE-2018-12049 (A remote attacker can bypass the System Manager Mode on the
Canon ...)
+CVE-2018-12049 (** DISPUTED ** A remote attacker can bypass the System Manager
Mode on ...)
NOT-FOR-US: Canon
-CVE-2018-12048 (A remote attacker can bypass the Management Mode on the Canon
LBP7110Cw ...)
+CVE-2018-12048 (** DISPUTED ** A remote attacker can bypass the Management
Mode on the ...)
NOT-FOR-US: Canon
CVE-2018-12047 (xfind/search in Ximdex 4.0 has XSS via the filter[n][value]
parameters ...)
NOT-FOR-US: Ximdex
@@ -888,18 +1104,18 @@ CVE-2018-12037
RESERVED
CVE-2018-12036 (OWASP Dependency-Check before 3.2.0 allows attackers to write
to ...)
NOT-FOR-US: OWASP Dependency-Check
-CVE-2018-12035
- RESERVED
-CVE-2018-12034
- RESERVED
+CVE-2018-12035 (In YARA 3.7.1 and prior, parsing a specially crafted compiled
rule ...)
+ TODO: check
+CVE-2018-12034 (In YARA 3.7.1 and prior, parsing a specially crafted compiled
rule ...)
+ TODO: check
CVE-2018-12033
RESERVED
CVE-2018-12032
RESERVED
CVE-2018-12031 (Local file inclusion in Eaton Intelligent Power Manager v1.6
allows an ...)
NOT-FOR-US: Eaton Intelligent Power Manager
-CVE-2018-12030
- RESERVED
+CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
+ TODO: check
CVE-2018-12029
RESERVED
CVE-2018-12028
@@ -1656,7 +1872,7 @@ CVE-2018-11712
(WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in
NOTE: https://trac.webkit.org/changeset/230886/webkit
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
-CVE-2018-11711 (A remote attacker can bypass the System Manager Mode on the
Canon MF210 ...)
+CVE-2018-11711 (** DISPUTED ** A remote attacker can bypass the System Manager
Mode on ...)
NOT-FOR-US: Canon MF210 and MF220 web interface
CVE-2018-11710 (soundlib/pattern.h in libopenmpt before 0.3.9 allows remote
attackers ...)
- libopenmpt 0.3.9-1
@@ -1728,7 +1944,7 @@ CVE-2018-11693 (An issue was discovered in LibSaas
through 3.5.4. An out-of-boun
- libsass <unfixed>
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2661
-CVE-2018-11692 (An issue was discovered on Canon LBP6650, LBP3370, LBP3460,
and ...)
+CVE-2018-11692 (** DISPUTED ** An issue was discovered on Canon LBP6650,
LBP3370, ...)
NOT-FOR-US: Canon devices
CVE-2018-11691
RESERVED
@@ -14866,10 +15082,10 @@ CVE-2018-6674 (Privilege Escalation vulnerability in
Microsoft Windows client in
NOT-FOR-US: McAfee
CVE-2018-6673
RESERVED
-CVE-2018-6672
- RESERVED
-CVE-2018-6671
- RESERVED
+CVE-2018-6672 (Information disclosure vulnerability in McAfee ePolicy
Orchestrator ...)
+ TODO: check
+CVE-2018-6671 (Application Protection Bypass vulnerability in McAfee ePolicy
...)
+ TODO: check
CVE-2018-6670 (External Entity Attack vulnerability in the ePO extension in
McAfee ...)
NOT-FOR-US: McAfee
CVE-2018-6669
@@ -17724,14 +17940,14 @@ CVE-2018-5859
RESERVED
CVE-2018-5858
RESERVED
-CVE-2018-5857
- RESERVED
+CVE-2018-5857 (In the WCD CPE codec, a Use After Free condition can occur in
all ...)
+ TODO: check
CVE-2018-5856
RESERVED
CVE-2018-5855
RESERVED
-CVE-2018-5854
- RESERVED
+CVE-2018-5854 (In fastboot, a stack-based buffer overflow can occur in all
Android ...)
+ TODO: check
CVE-2018-5853
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -29100,8 +29316,8 @@ CVE-2018-1462 (IBM SAN Volume Controller, IBM Storwize,
IBM Spectrum Virtualize
NOT-FOR-US: IBM
CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum
Virtualize and ...)
NOT-FOR-US: IBM
-CVE-2018-1460
- RESERVED
+CVE-2018-1460 (IBM Netezza Platform Software (IBM PureData System for
Analytics ...)
+ TODO: check
CVE-2018-1459 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2018-1458
@@ -29182,8 +29398,8 @@ CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1,
7.2, 7.5, 7.5.1, 7.5.2, a
NOT-FOR-US: IBM WebSphere DataPower Appliances
CVE-2018-1420
RESERVED
-CVE-2018-1419
- RESERVED
+CVE-2018-1419 (IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM
module for ...)
+ TODO: check
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to
bypass ...)
NOT-FOR-US: IBM
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK,
Java ...)
@@ -30975,8 +31191,7 @@ CVE-2018-1086 (pcs before versions 0.9.164 and 0.10 is
vulnerable to a debug ...
{DSA-4169-1}
- pcs 0.9.164-1 (bug #895313)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2
-CVE-2018-1085
- RESERVED
+CVE-2018-1085 (openshift-ansible before versions 3.9.23, 3.7.46 deploys a ...)
NOT-FOR-US: openshift-ansible
CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer
overflow in ...)
{DSA-4174-1}
@@ -45570,7 +45785,7 @@ CVE-2017-13220 (An elevation of privilege vulnerability
in the Upstream kernel b
NOTE:
https://git.kernel.org/linus/51bda2bca53b265715ca1852528f38dc67429d9a
CVE-2017-13219 (A denial of service vulnerability in the Upstream kernel
synaptics ...)
NOT-FOR-US: Android kernel component (no source release, no apparently
not affecting mainline)
-CVE-2017-13218 (Access to CNTVCT_EL0 could be used for side channel attacks.
This ...)
+CVE-2017-13218 (Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile,
...)
NOT-FOR-US: Android kernel component (no source release, no apparently
not affecting mainline)
CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds
write ...)
NOT-FOR-US: Android kernel component (no source release, no apparently
not affecting mainline)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f28d2d469b0939cc44a6a5deec2e3fc35c96edbf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f28d2d469b0939cc44a6a5deec2e3fc35c96edbf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
