[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 11 Jul 2018 01:11:19 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
34ad66d3 by security tracker role at 2018-07-11T08:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,46 @@
-CVE-2018-13863 [Regular expression denial of service in decimal128.js]
+CVE-2018-13879 (A reflected XSS issue was discovered in the registration form 
in ...)
+       TODO: check
+CVE-2018-13878 (An XSS issue was discovered in 
packages/rocketchat-mentions/Mentions.js ...)
+       TODO: check
+CVE-2018-13877
+       RESERVED
+CVE-2018-13876 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a ...)
+       TODO: check
+CVE-2018-13875 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is an ...)
+       TODO: check
+CVE-2018-13874 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a ...)
+       TODO: check
+CVE-2018-13873 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a ...)
+       TODO: check
+CVE-2018-13872 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a ...)
+       TODO: check
+CVE-2018-13871 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a ...)
+       TODO: check
+CVE-2018-13870 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a ...)
+       TODO: check
+CVE-2018-13869 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a ...)
+       TODO: check
+CVE-2018-13868 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a ...)
+       TODO: check
+CVE-2018-13867 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is an out ...)
+       TODO: check
+CVE-2018-13866 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a ...)
+       TODO: check
+CVE-2018-13865 (An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists 
via the ...)
+       TODO: check
+CVE-2018-13864
+       RESERVED
+CVE-2018-13862
+       RESERVED
+CVE-2018-13861
+       RESERVED
+CVE-2018-13860
+       RESERVED
+CVE-2018-13859
+       RESERVED
+CVE-2018-13858
+       RESERVED
+CVE-2018-13863 (The MongoDB bson JavaScript module (also known as js-bson) 
versions ...)
        - node-bson <itp> (bug #897282)
        NOTE: 
https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a
 CVE-2018-13857
@@ -13709,8 +13751,8 @@ CVE-2018-8358
        RESERVED
 CVE-2018-8357
        RESERVED
-CVE-2018-8356
-       RESERVED
+CVE-2018-8356 (A security feature bypass vulnerability exists when Microsoft 
.NET ...)
+       TODO: check
 CVE-2018-8355
        RESERVED
 CVE-2018-8354
@@ -13767,24 +13809,24 @@ CVE-2018-8329
        RESERVED
 CVE-2018-8328
        RESERVED
-CVE-2018-8327
-       RESERVED
-CVE-2018-8326
-       RESERVED
-CVE-2018-8325
-       RESERVED
-CVE-2018-8324
-       RESERVED
-CVE-2018-8323
-       RESERVED
+CVE-2018-8327 (A remote code execution vulnerability exists in PowerShell 
Editor ...)
+       TODO: check
+CVE-2018-8326 (A cross-site-scripting (XSS) vulnerability exists when an open 
source ...)
+       TODO: check
+CVE-2018-8325 (An information disclosure vulnerability exists when Microsoft 
Edge ...)
+       TODO: check
+CVE-2018-8324 (An information disclosure vulnerability exists when Microsoft 
Edge ...)
+       TODO: check
+CVE-2018-8323 (An elevation of privilege vulnerability exists when Microsoft 
...)
+       TODO: check
 CVE-2018-8322
        RESERVED
 CVE-2018-8321
        RESERVED
 CVE-2018-8320
        RESERVED
-CVE-2018-8319
-       RESERVED
+CVE-2018-8319 (A Security Feature Bypass vulnerability exists in MSR 
JavaScript ...)
+       TODO: check
 CVE-2018-8318
        RESERVED
 CVE-2018-8317
@@ -13793,88 +13835,88 @@ CVE-2018-8316
        RESERVED
 CVE-2018-8315
        RESERVED
-CVE-2018-8314
-       RESERVED
-CVE-2018-8313
-       RESERVED
-CVE-2018-8312
-       RESERVED
-CVE-2018-8311
-       RESERVED
-CVE-2018-8310
-       RESERVED
-CVE-2018-8309
-       RESERVED
-CVE-2018-8308
-       RESERVED
-CVE-2018-8307
-       RESERVED
-CVE-2018-8306
-       RESERVED
-CVE-2018-8305
-       RESERVED
-CVE-2018-8304
-       RESERVED
+CVE-2018-8314 (An elevation of privilege vulnerability exists when Windows 
fails a ...)
+       TODO: check
+CVE-2018-8313 (An elevation of privilege vulnerability exists in the way that 
the ...)
+       TODO: check
+CVE-2018-8312 (A remote code execution vulnerability exists when Microsoft 
Access ...)
+       TODO: check
+CVE-2018-8311 (A remote code execution vulnerability exists when Skype for 
Business ...)
+       TODO: check
+CVE-2018-8310 (A tampering vulnerability exists when Microsoft Outlook does 
not ...)
+       TODO: check
+CVE-2018-8309 (A denial of service vulnerability exists when Windows 
improperly ...)
+       TODO: check
+CVE-2018-8308 (An elevation of privilege vulnerability exists when the Windows 
kernel ...)
+       TODO: check
+CVE-2018-8307 (A security feature bypass vulnerability exists when Microsoft 
WordPad ...)
+       TODO: check
+CVE-2018-8306 (A command injection vulnerability exists in the Microsoft 
Wireless ...)
+       TODO: check
+CVE-2018-8305 (An information disclosure vulnerability exists in Windows Mail 
Client ...)
+       TODO: check
+CVE-2018-8304 (A denial of service vulnerability exists in Windows Domain Name 
System ...)
+       TODO: check
 CVE-2018-8303
        RESERVED
 CVE-2018-8302
        RESERVED
-CVE-2018-8301
-       RESERVED
-CVE-2018-8300
-       RESERVED
-CVE-2018-8299
-       RESERVED
-CVE-2018-8298
-       RESERVED
-CVE-2018-8297
-       RESERVED
-CVE-2018-8296
-       RESERVED
+CVE-2018-8301 (A remote code execution vulnerability exists when Microsoft 
Edge ...)
+       TODO: check
+CVE-2018-8300 (A remote code execution vulnerability exists in Microsoft 
SharePoint ...)
+       TODO: check
+CVE-2018-8299 (An elevation of privilege vulnerability exists when Microsoft 
...)
+       TODO: check
+CVE-2018-8298 (A remote code execution vulnerability exists in the way that 
the ...)
+       TODO: check
+CVE-2018-8297 (An information disclosure vulnerability exists when Microsoft 
Edge ...)
+       TODO: check
+CVE-2018-8296 (A remote code execution vulnerability exists in the way that 
the ...)
+       TODO: check
 CVE-2018-8295
        RESERVED
-CVE-2018-8294
-       RESERVED
+CVE-2018-8294 (A remote code execution vulnerability exists in the way that 
the ...)
+       TODO: check
 CVE-2018-8293
        RESERVED
 CVE-2018-8292
        RESERVED
-CVE-2018-8291
-       RESERVED
-CVE-2018-8290
-       RESERVED
-CVE-2018-8289
-       RESERVED
-CVE-2018-8288
-       RESERVED
-CVE-2018-8287
-       RESERVED
-CVE-2018-8286
-       RESERVED
+CVE-2018-8291 (A remote code execution vulnerability exists in the way the 
scripting ...)
+       TODO: check
+CVE-2018-8290 (A remote code execution vulnerability exists in the way that 
the ...)
+       TODO: check
+CVE-2018-8289 (An information disclosure vulnerability exists when Microsoft 
Edge ...)
+       TODO: check
+CVE-2018-8288 (A remote code execution vulnerability exists in the way the 
scripting ...)
+       TODO: check
+CVE-2018-8287 (A remote code execution vulnerability exists in the way the 
scripting ...)
+       TODO: check
+CVE-2018-8286 (A remote code execution vulnerability exists in the way that 
the ...)
+       TODO: check
 CVE-2018-8285
        RESERVED
-CVE-2018-8284
-       RESERVED
-CVE-2018-8283
-       RESERVED
-CVE-2018-8282
-       RESERVED
-CVE-2018-8281
-       RESERVED
-CVE-2018-8280
-       RESERVED
-CVE-2018-8279
-       RESERVED
-CVE-2018-8278
-       RESERVED
+CVE-2018-8284 (A remote code execution vulnerability exists when the Microsoft 
.NET ...)
+       TODO: check
+CVE-2018-8283 (A remote code execution vulnerability exists in the way that 
the ...)
+       TODO: check
+CVE-2018-8282 (An elevation of privilege vulnerability exists in Windows when 
the ...)
+       TODO: check
+CVE-2018-8281 (A remote code execution vulnerability exists in Microsoft 
Office ...)
+       TODO: check
+CVE-2018-8280 (A remote code execution vulnerability exists in the way that 
the ...)
+       TODO: check
+CVE-2018-8279 (A remote code execution vulnerability exists when Microsoft 
Edge ...)
+       TODO: check
+CVE-2018-8278 (A spoofing vulnerability exists when Microsoft Edge improperly 
handles ...)
+       TODO: check
 CVE-2018-8277
        RESERVED
-CVE-2018-8276
-       RESERVED
-CVE-2018-8275
-       RESERVED
-CVE-2018-8274
-       RESERVED
+CVE-2018-8276 (A security feature bypass vulnerability exists in the Microsoft 
Chakra ...)
+       TODO: check
+CVE-2018-8275 (A remote code execution vulnerability exists when Microsoft 
Edge ...)
+       TODO: check
+CVE-2018-8274 (A remote code execution vulnerability exists when Microsoft 
Edge ...)
+       TODO: check
 CVE-2018-8273
        RESERVED
 CVE-2018-8272
@@ -13897,12 +13939,12 @@ CVE-2018-8264
        RESERVED
 CVE-2018-8263
        RESERVED
-CVE-2018-8262
-       RESERVED
+CVE-2018-8262 (A remote code execution vulnerability exists when Microsoft 
Edge ...)
+       TODO: check
 CVE-2018-8261
        RESERVED
-CVE-2018-8260
-       RESERVED
+CVE-2018-8260 (A Remote Code Execution vulnerability exists in .NET software 
when the ...)
+       TODO: check
 CVE-2018-8259
        RESERVED
 CVE-2018-8258
@@ -13937,16 +13979,16 @@ CVE-2018-8244 (An elevation of privilege 
vulnerability exists when Microsoft Out
        NOT-FOR-US: Microsoft
 CVE-2018-8243 (A remote code execution vulnerability exists in the way that 
the ...)
        NOT-FOR-US: Microsoft
-CVE-2018-8242
-       RESERVED
+CVE-2018-8242 (A remote code execution vulnerability exists in the way that 
the ...)
+       TODO: check
 CVE-2018-8241
        RESERVED
 CVE-2018-8240
        RESERVED
 CVE-2018-8239 (An information disclosure vulnerability exists when the Windows 
GDI ...)
        NOT-FOR-US: Microsoft
-CVE-2018-8238
-       RESERVED
+CVE-2018-8238 (A security feature bypass vulnerability exists when Skype for 
Business ...)
+       TODO: check
 CVE-2018-8237
        RESERVED
 CVE-2018-8236 (A remote code execution vulnerability exists when Microsoft 
Edge ...)
@@ -13957,8 +13999,8 @@ CVE-2018-8234 (An information disclosure vulnerability 
exists when Microsoft Edg
        NOT-FOR-US: Microsoft
 CVE-2018-8233 (An elevation of privilege vulnerability exists in Windows when 
the ...)
        NOT-FOR-US: Microsoft
-CVE-2018-8232
-       RESERVED
+CVE-2018-8232 (A Tampering vulnerability exists when Microsoft Macro Assembler 
...)
+       TODO: check
 CVE-2018-8231 (A remote code execution vulnerability exists when HTTP Protocol 
Stack ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8230
@@ -13977,8 +14019,8 @@ CVE-2018-8224 (An elevation of privilege vulnerability 
exists when the Windows k
        NOT-FOR-US: Microsoft
 CVE-2018-8223
        RESERVED
-CVE-2018-8222
-       RESERVED
+CVE-2018-8222 (A security feature bypass vulnerability exists in Device Guard 
that ...)
+       TODO: check
 CVE-2018-8221 (A security feature bypass vulnerability exists in Device Guard 
that ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8220
@@ -14009,16 +14051,16 @@ CVE-2018-8208 (An elevation of privilege 
vulnerability exists in Windows when De
        NOT-FOR-US: Microsoft
 CVE-2018-8207 (An information disclosure vulnerability exists when the Windows 
kernel ...)
        NOT-FOR-US: Microsoft
-CVE-2018-8206
-       RESERVED
+CVE-2018-8206 (A denial of service vulnerability exists when Windows 
improperly ...)
+       TODO: check
 CVE-2018-8205 (A denial of service vulnerability exists when Windows 
improperly ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8204
        RESERVED
 CVE-2018-8203
        RESERVED
-CVE-2018-8202
-       RESERVED
+CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET 
Framework which ...)
+       TODO: check
 CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard 
that ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8200
@@ -14077,10 +14119,10 @@ CVE-2018-8174 (A remote code execution vulnerability 
exists in the way that the 
        NOT-FOR-US: Microsoft
 CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft 
InfoPath ...)
        NOT-FOR-US: Microsoft
-CVE-2018-8172
-       RESERVED
-CVE-2018-8171
-       RESERVED
+CVE-2018-8172 (A remote code execution vulnerability exists in Visual Studio 
software ...)
+       TODO: check
+CVE-2018-8171 (A Security Feature Bypass vulnerability exists in ASP.NET when 
the ...)
+       TODO: check
 CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that 
the ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8169 (An elevation of privilege vulnerability exists when the (Human 
...)
@@ -14171,8 +14213,8 @@ CVE-2018-8127 (An information disclosure vulnerability 
exists when the Windows k
        NOT-FOR-US: Microsoft
 CVE-2018-8126 (A security feature bypass vulnerability exists when Internet 
Explorer ...)
        NOT-FOR-US: Microsoft
-CVE-2018-8125
-       RESERVED
+CVE-2018-8125 (A remote code execution vulnerability exists when Microsoft 
Edge ...)
+       TODO: check
 CVE-2018-8124 (An elevation of privilege vulnerability exists in Windows when 
the ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft 
Edge ...)
@@ -27156,8 +27198,7 @@ CVE-2018-3695
        RESERVED
 CVE-2018-3694
        RESERVED
-CVE-2018-3693 [speculative bounds check bypass store]
-       RESERVED
+CVE-2018-3693 (Systems with microprocessors utilizing speculative execution 
and ...)
        - linux <unfixed>
        NOTE: https://access.redhat.com/solutions/3523601
        NOTE: https://01.org/security/advisories/intel-oss-10002
@@ -27169,20 +27210,20 @@ CVE-2018-3690
        RESERVED
 CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform 
Software ...)
        NOT-FOR-US: Intel
-CVE-2018-3688
-       RESERVED
-CVE-2018-3687
-       RESERVED
+CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and 
Tools in ...)
+       TODO: check
+CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools 
in ...)
+       TODO: check
 CVE-2018-3686
        RESERVED
 CVE-2018-3685
        RESERVED
-CVE-2018-3684
-       RESERVED
-CVE-2018-3683
-       RESERVED
-CVE-2018-3682
-       RESERVED
+CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 
15.0 ...)
+       TODO: check
+CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1 
- 18.0 ...)
+       TODO: check
+CVE-2018-3682 (BMC Firmware in Intel server boards, compute modules, and 
systems ...)
+       TODO: check
 CVE-2018-3681
        RESERVED
 CVE-2018-3680
@@ -27209,10 +27250,10 @@ CVE-2018-3670
        RESERVED
 CVE-2018-3669
        RESERVED
-CVE-2018-3668
-       RESERVED
-CVE-2018-3667
-       RESERVED
+CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool 
(IPDT) ...)
+       TODO: check
+CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 
4.1.0.24 sets ...)
+       TODO: check
 CVE-2018-3666
        RESERVED
 CVE-2018-3665 (System software utilizing Lazy FP state restore technique on 
systems ...)
@@ -27247,8 +27288,8 @@ CVE-2018-3654
        RESERVED
 CVE-2018-3653
        RESERVED
-CVE-2018-3652
-       RESERVED
+CVE-2018-3652 (Existing UEFI setting restrictions for DCI (Direct Connect 
Interface) ...)
+       TODO: check
 CVE-2018-3651
        RESERVED
 CVE-2018-3650
@@ -27297,18 +27338,18 @@ CVE-2018-3634 (Parameter corruption in NDIS filter 
driver in Intel Online Connec
        NOT-FOR-US: Intel
 CVE-2018-3633
        RESERVED
-CVE-2018-3632
-       RESERVED
+CVE-2018-3632 (Memory corruption in Intel Active Management Technology in 
Intel ...)
+       TODO: check
 CVE-2018-3631
        RESERVED
 CVE-2018-3630
        RESERVED
-CVE-2018-3629
-       RESERVED
-CVE-2018-3628
-       RESERVED
-CVE-2018-3627
-       RESERVED
+CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management 
Technology ...)
+       TODO: check
+CVE-2018-3628 (Buffer overflow in HTTP handler in Intel Active Management 
Technology ...)
+       TODO: check
+CVE-2018-3627 (Logic bug in Intel Converged Security Management Engine 11.x 
may allow ...)
+       TODO: check
 CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) 
and ...)
        NOT-FOR-US: Intel
 CVE-2018-3625
@@ -27323,8 +27364,8 @@ CVE-2018-3621
        RESERVED
 CVE-2018-3620
        RESERVED
-CVE-2018-3619
-       RESERVED
+CVE-2018-3619 (Information disclosure vulnerability in storage media in 
systems with ...)
+       TODO: check
 CVE-2018-3618
        RESERVED
 CVE-2018-3617
@@ -35832,8 +35873,8 @@ CVE-2018-0951 (A remote code execution vulnerability 
exists in the way that the 
        NOT-FOR-US: Microsoft
 CVE-2018-0950 (An information disclosure vulnerability exists when Office 
renders ...)
        NOT-FOR-US: Microsoft
-CVE-2018-0949
-       RESERVED
+CVE-2018-0949 (A security feature bypass vulnerability exists when Microsoft 
Internet ...)
+       TODO: check
 CVE-2018-0948
        RESERVED
 CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft 
SharePoint ...)
@@ -72911,8 +72952,8 @@ CVE-2017-5706 (Multiple buffer overflows in kernel in 
Intel Server Platform Serv
        NOT-FOR-US: Intel
 CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability 
Engine ...)
        NOT-FOR-US: Intel
-CVE-2017-5704
-       RESERVED
+CVE-2017-5704 (Platform sample code firmware included with 4th Gen Intel Core 
...)
+       TODO: check
 CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel 
...)
        NOT-FOR-US: Intel
 CVE-2017-5702



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34ad66d37db2f6b79f037993b28fe16f82ca853d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34ad66d37db2f6b79f037993b28fe16f82ca853d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to