[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 30 Jul 2018 13:10:38 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
57b58faa by security tracker role at 2018-07-30T20:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-14766
+       RESERVED
+CVE-2018-14765
+       RESERVED
+CVE-2018-14764
+       RESERVED
+CVE-2018-14763
+       RESERVED
+CVE-2018-14762
+       RESERVED
+CVE-2018-14761
+       RESERVED
+CVE-2018-14760
+       RESERVED
+CVE-2018-14759
+       RESERVED
+CVE-2018-14758
+       RESERVED
+CVE-2018-14757
+       RESERVED
+CVE-2018-14756
+       RESERVED
+CVE-2018-14755
+       RESERVED
+CVE-2018-14754
+       RESERVED
+CVE-2018-14753
+       RESERVED
+CVE-2018-14752
+       RESERVED
+CVE-2018-14751
+       RESERVED
+CVE-2018-14750
+       RESERVED
+CVE-2018-14749
+       RESERVED
+CVE-2018-14748
+       RESERVED
+CVE-2018-14747
+       RESERVED
+CVE-2018-14746
+       RESERVED
 CVE-2018-XXXX [Multiple persistent XSS vulnerabilities in message display]
        - squirrelmail <removed> (bug #905023)
        NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
@@ -3475,8 +3517,8 @@ CVE-2018-13282
        RESERVED
 CVE-2018-13281
        RESERVED
-CVE-2018-13280
-       RESERVED
+CVE-2018-13280 (Use of insufficiently random values vulnerability in ...)
+       TODO: check
 CVE-2018-13279
        RESERVED
 CVE-2018-13278
@@ -9657,8 +9699,7 @@ CVE-2018-10905 (CloudForms Management Engine (cfme) is 
vulnerable to an improper
        NOT-FOR-US: Red Hat CloudForms Management Engine
 CVE-2018-10904
        RESERVED
-CVE-2018-10903 [GCM tag forgery via truncated tag in finalize_with_tag API]
-       RESERVED
+CVE-2018-10903 (A flaw was found in python-cryptography versions between 
&gt;=1.9.0 and ...)
        - python-cryptography 2.3-1 (bug #904072)
        [stretch] - python-cryptography <not-affected> (Vulnerable code 
introduced later)
        [jessie] - python-cryptography <not-affected> (Vulnerable code 
introduced later)
@@ -9676,8 +9717,7 @@ CVE-2018-10900 (Network Manager VPNC plugin (aka 
networkmanager-vpnc) before ver
        NOTE: 
https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
 CVE-2018-10899
        RESERVED
-CVE-2018-10898
-       RESERVED
+CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates 
before ...)
        - tripleo-heat-templates <removed>
 CVE-2018-10897 [reposync: improper path validation may lead to directory 
traversal]
        RESERVED
@@ -9742,8 +9782,7 @@ CVE-2018-10885 (In atomic-openshift before version 3.10.9 
a malicious network-po
        NOT-FOR-US: atomic-openshift
 CVE-2018-10884
        RESERVED
-CVE-2018-10883
-       RESERVED
+CVE-2018-10883 (A flaw was found in the Linux kernel's ext4 filesystem. A 
local user ...)
        {DLA-1423-1}
        - linux 4.17.3-1
        [stretch] - linux 4.9.110-1
@@ -9878,8 +9917,7 @@ CVE-2018-10849
        REJECTED
 CVE-2018-10848
        REJECTED
-CVE-2018-10847 [insufficient stream header validation]
-       RESERVED
+CVE-2018-10847 (prosody before versions 0.10.2, 0.9.14 is vulnerable to an ...)
        {DSA-4216-1}
        - prosody 0.10.2-1 (bug #900524)
        NOTE: https://issues.prosody.im/1147
@@ -14313,12 +14351,12 @@ CVE-2018-9068 (The IMM2 First Failure Data Capture 
function collects management 
        NOT-FOR-US: IBM
 CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 
had ...)
        NOT-FOR-US: Lenovo
-CVE-2018-9066
-       RESERVED
-CVE-2018-9065
-       RESERVED
-CVE-2018-9064
-       RESERVED
+CVE-2018-9066 (In Lenovo xClarity Administrator versions earlier than 2.1.0, 
an ...)
+       TODO: check
+CVE-2018-9065 (In Lenovo xClarity Administrator versions earlier than 2.1.0, 
an ...)
+       TODO: check
+CVE-2018-9064 (In Lenovo xClarity Administrator versions earlier than 2.1.0, 
an ...)
+       TODO: check
 CVE-2018-9063 (MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In 
Lenovo ...)
        NOT-FOR-US: Lenovo
 CVE-2018-9062
@@ -29461,10 +29499,10 @@ CVE-2018-3775
        RESERVED
 CVE-2018-3774
        RESERVED
-CVE-2018-3773
-       RESERVED
-CVE-2018-3772
-       RESERVED
+CVE-2018-3773 (There is a stored Cross-Site Scripting vulnerability in Open 
Graph ...)
+       TODO: check
+CVE-2018-3772 (Concatenating unsanitized user input in the `whereis` npm 
module &lt; ...)
+       TODO: check
 CVE-2018-3771 (An XSS in statics-server &lt;= 0.0.9 can be used via injected 
iframe in ...)
        NOT-FOR-US: statics-server nodejs module
 CVE-2018-3770 (A path traversal exists in markdown-pdf version &lt;9.0.0 that 
allows a ...)
@@ -69858,8 +69896,7 @@ CVE-2017-7519 (In Ceph, a format string flaw was found 
in the way libradosstripe
        [stretch] - ceph <no-dsa> (Minor issue)
        [jessie] - ceph <not-affected> (Vulnerable code not present)
        NOTE: http://tracker.ceph.com/issues/20240
-CVE-2017-7518 [debug exception via syscall emulation]
-       RESERVED
+CVE-2017-7518 (A flaw was found in the Linux kernel before version 4.12 in the 
way ...)
        {DSA-3981-1}
        - linux 4.11.11-1
        [wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -69877,8 +69914,7 @@ CVE-2017-7515 (poppler through version 0.55.0 is 
vulnerable to an uncontrolled .
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101208
        NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=771c82623e8e1e0c92b8ca6f7c2b8a81ccbb60d3
        NOTE: Crash in CLI tool, no security implications
-CVE-2017-7514
-       RESERVED
+CVE-2017-7514 (A cross-site scripting (XSS) flaw was found in how the failed 
action ...)
        NOT-FOR-US: Red Hat Satellite
 CVE-2017-7513
        RESERVED
@@ -70011,8 +70047,7 @@ CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of 
service attack by passin
        [jessie] - rxvt <no-dsa> (Minor issue)
        [wheezy] - rxvt <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
-CVE-2017-7482
-       RESERVED
+CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets 
decoded ...)
        {DSA-3945-1 DSA-3927-1 DLA-1099-1}
        - linux 4.11.11-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
@@ -90604,8 +90639,7 @@ CVE-2016-9599 (puppet-tripleo before versions 5.5.0, 
6.2.0 is vulnerable to an .
 CVE-2016-9598 [out-of-bounds read]
        RESERVED
        - libxml2 <not-affected> (Red Hat specific security regressions)
-CVE-2016-9597 [stack overflow before detecting invalid XML file]
-       RESERVED
+CVE-2016-9597 (It was found that Red Hat JBoss Core Services erratum 
RHSA-2016:2957 ...)
        - libxml2 <not-affected> (Red Hat specific security regressions)
 CVE-2016-9596 [stack exhaustion while parsing xml files in recovery mode]
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/57b58faa5c0db333e24e75b87fa629c6dfda344e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/57b58faa5c0db333e24e75b87fa629c6dfda344e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to