Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ded313a by security tracker role at 2018-08-14T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,83 @@
+CVE-2018-15349
+ RESERVED
+CVE-2018-15348
+ RESERVED
+CVE-2018-15347
+ RESERVED
+CVE-2018-15346
+ RESERVED
+CVE-2018-15345
+ RESERVED
+CVE-2018-15344
+ RESERVED
+CVE-2018-15343
+ RESERVED
+CVE-2018-15342
+ RESERVED
+CVE-2018-15341
+ RESERVED
+CVE-2018-15340
+ RESERVED
+CVE-2018-15339
+ RESERVED
+CVE-2018-15338
+ RESERVED
+CVE-2018-15337
+ RESERVED
+CVE-2018-15336
+ RESERVED
+CVE-2018-15335
+ RESERVED
+CVE-2018-15334
+ RESERVED
+CVE-2018-15333
+ RESERVED
+CVE-2018-15332
+ RESERVED
+CVE-2018-15331
+ RESERVED
+CVE-2018-15330
+ RESERVED
+CVE-2018-15329
+ RESERVED
+CVE-2018-15328
+ RESERVED
+CVE-2018-15327
+ RESERVED
+CVE-2018-15326
+ RESERVED
+CVE-2018-15325
+ RESERVED
+CVE-2018-15324
+ RESERVED
+CVE-2018-15323
+ RESERVED
+CVE-2018-15322
+ RESERVED
+CVE-2018-15321
+ RESERVED
+CVE-2018-15320
+ RESERVED
+CVE-2018-15319
+ RESERVED
+CVE-2018-15318
+ RESERVED
+CVE-2018-15317
+ RESERVED
+CVE-2018-15316
+ RESERVED
+CVE-2018-15315
+ RESERVED
+CVE-2018-15314
+ RESERVED
+CVE-2018-15313
+ RESERVED
+CVE-2018-15312
+ RESERVED
+CVE-2018-15311
+ RESERVED
+CVE-2018-15310
+ RESERVED
CVE-2018-XXXX [libykneomgr memory corruption]
- libykneomgr <unfixed> (low; bug #906138)
[stretch] - libykneomgr <no-dsa> (Minor issue)
@@ -800,8 +880,8 @@ CVE-2018-14924 (Matera Banco 1.0.0 is vulnerable to
multiple stored XSS, as ...)
NOT-FOR-US: Metara
CVE-2018-14923 (A vulnerability in uniview EZPlayer 1.0.6 could allow an
attacker to ...)
NOT-FOR-US: EZPlayer
-CVE-2018-14922
- RESERVED
+CVE-2018-14922 (Multiple cross-site scripting (XSS) vulnerabilities in Monstra
CMS ...)
+ TODO: check
CVE-2018-14921
RESERVED
CVE-2018-14920
@@ -875,8 +955,8 @@ CVE-2018-14890
RESERVED
CVE-2018-14889
RESERVED
-CVE-2018-14888
- RESERVED
+CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like
plugin ...)
+ TODO: check
CVE-2018-14887
RESERVED
CVE-2018-14886
@@ -2108,8 +2188,8 @@ CVE-2018-14431
RESERVED
CVE-2018-14430 (The Mondula Multi Step Form plugin through 1.2.5 for WordPress
allows ...)
NOT-FOR-US: Mondula Multi Step Form plugin for WordPress
-CVE-2018-14429
- RESERVED
+CVE-2018-14429 (man-cgi before 1.16 allows Local File Inclusion via absolute
path ...)
+ TODO: check
CVE-2018-14428
RESERVED
CVE-2018-14427
@@ -2128,8 +2208,7 @@ CVE-2016-10727
(camel/providers/imapx/camel-imapx-server.c in the IMAPx componen
- evolution-data-server 3.22.0-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334842
NOTE:
https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67
-CVE-2018-14424 [use-after-free of disposed transient displays]
- RESERVED
+CVE-2018-14424 (The daemon in GDM through 3.29.1 does not properly unexport
display ...)
{DSA-4270-1}
- gdm3 3.28.2-4
NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/401
@@ -2400,8 +2479,7 @@ CVE-2018-14349 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
NOTE:
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
-CVE-2018-14348 [cgrulesengd creates log files with insecure permissions]
- RESERVED
+CVE-2018-14348 (libcgroup up to and including 0.41 creates /var/log/cgred with
mode ...)
- libcgroup <unfixed>
NOTE:
https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/
CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop
vulnerability in ...)
@@ -6711,15 +6789,14 @@ CVE-2018-12541
RESERVED
CVE-2018-12540 (In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the
CSRFHandler do ...)
NOT-FOR-US: Eclipse Vertx
-CVE-2018-12539
- RESERVED
+CVE-2018-12539 (In Eclipse OpenJ9 version 0.8, users other than the process
owner may ...)
+ TODO: check
CVE-2018-12538 (In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the
optional ...)
- jetty9 <not-affected> (Only affects 9.4.x)
- jetty8 <not-affected> (Only affects 9.4.x)
- jetty <not-affected> (Only affects 9.4.x)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018
-CVE-2018-12537
- RESERVED
+CVE-2018-12537 (In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer
response ...)
NOT-FOR-US: Eclipse Vertx
CVE-2018-12536 (In Eclipse Jetty Server, all 9.x versions, on webapps deployed
using ...)
- jetty9 <unfixed> (bug #902774)
@@ -11013,6 +11090,7 @@ CVE-2018-10920 (Improper input validation bug in DNS
resolver component of Knot
NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2
(including patch)
CVE-2018-10919
RESERVED
+ {DSA-4271-1}
- samba <unfixed>
NOTE: https://www.samba.org/samba/security/CVE-2018-10919.html
CVE-2018-10918
@@ -11253,6 +11331,7 @@ CVE-2018-10859 (git-annex is vulnerable to an
Information Exposure when decrypti
NOTE:
https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10858
RESERVED
+ {DSA-4271-1}
- samba <unfixed>
NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html
CVE-2018-10857 (git-annex is vulnerable to a private data exposure and
exfiltration ...)
@@ -18276,7 +18355,7 @@ CVE-2018-8039 (It is possible to configure Apache CXF
to use the com.sun.net.ssl
NOT-FOR-US: Apache CXF
CVE-2018-8038 (Versions of Apache CXF Fediz prior to 1.4.4 do not fully
disable ...)
NOT-FOR-US: Apache CXF
-CVE-2018-8037 (A bug in the tracking of connection closures can lead to reuse
of user ...)
+CVE-2018-8037 (If an async request was completed by the application at the
same time ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.32-1
- tomcat8.0 <not-affected> (Vulnerable code only present in 8.5.5 to
8.5.31 in 8.x series)
@@ -21324,22 +21403,22 @@ CVE-2018-7102
RESERVED
CVE-2018-7101
RESERVED
-CVE-2018-7100
- RESERVED
-CVE-2018-7099
- RESERVED
-CVE-2018-7098
- RESERVED
-CVE-2018-7097
- RESERVED
-CVE-2018-7096
- RESERVED
-CVE-2018-7095
- RESERVED
-CVE-2018-7094
- RESERVED
-CVE-2018-7093
- RESERVED
+CVE-2018-7100 (A potential security vulnerability has been identified in HPE
...)
+ TODO: check
+CVE-2018-7099 (A security vulnerability was identified in 3PAR Service
Processor (SP) ...)
+ TODO: check
+CVE-2018-7098 (A security vulnerability was identified in 3PAR Service
Processor (SP) ...)
+ TODO: check
+CVE-2018-7097 (A security vulnerability was identified in 3PAR Service
Processor (SP) ...)
+ TODO: check
+CVE-2018-7096 (A security vulnerability was identified in 3PAR Service
Processor (SP) ...)
+ TODO: check
+CVE-2018-7095 (A security vulnerability was identified in 3PAR Service
Processor (SP) ...)
+ TODO: check
+CVE-2018-7094 (A security vulnerability was identified in 3PAR Service
Processor (SP) ...)
+ TODO: check
+CVE-2018-7093 (A security vulnerability in HPE Integrated Lights-Out 3 prior
to ...)
+ TODO: check
CVE-2018-7092 (A potential security vulnerability has been identified in HPE
...)
NOT-FOR-US: HPE
CVE-2018-7091 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has
open ...)
@@ -21370,8 +21449,8 @@ CVE-2018-7079
RESERVED
CVE-2018-7078 (A remote code execution was identified in HPE Integrated
Lights-Out 4 ...)
NOT-FOR-US: HPE
-CVE-2018-7077
- RESERVED
+CVE-2018-7077 (A security vulnerability in HPE XP P9000 Command View Advanced
Edition ...)
+ TODO: check
CVE-2018-7076
RESERVED
CVE-2018-7075 (A remote cross-site scripting (XSS) vulnerability was
identified in ...)
@@ -26691,8 +26770,7 @@ CVE-2018-5394
RESERVED
CVE-2018-5393
RESERVED
-CVE-2018-5392 [mingw-w64 by default produces executables that opt in to ASLR,
but are not compatible with ASLR]
- RESERVED
+CVE-2018-5392 (mingw-w64 version 5.0.4 by default produces executables that
opt in to ...)
- mingw-w64 <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/mingw-w64/mailman/message/31034877/
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17321
@@ -30332,10 +30410,10 @@ CVE-2018-3940
RESERVED
CVE-2018-3939 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
NOT-FOR-US: Foxit
-CVE-2018-3938
- RESERVED
-CVE-2018-3937
- RESERVED
+CVE-2018-3938 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
+ TODO: check
+CVE-2018-3937 (An exploitable command injection vulnerability exists in the
...)
+ TODO: check
CVE-2018-3936 (In Antenna House Office Server Document Converter version V6.1
Pro MR2 ...)
NOT-FOR-US: Antenna House Office Server Document Converter
CVE-2018-3935
@@ -31311,8 +31389,7 @@ CVE-2018-3648
RESERVED
CVE-2018-3647
RESERVED
-CVE-2018-3646 [L1 Terminal Fault-VMM]
- RESERVED
+CVE-2018-3646 (Systems with microprocessors utilizing speculative execution
and ...)
- linux <unfixed>
- xen <unfixed>
- intel-microcode <unfixed>
@@ -31382,8 +31459,7 @@ CVE-2018-3622
RESERVED
CVE-2018-3621
RESERVED
-CVE-2018-3620 [L1 Terminal Fault-OS/SMM Foreshadow-NG]
- RESERVED
+CVE-2018-3620 (Systems with microprocessors utilizing speculative execution
and ...)
- linux <unfixed>
- xen <unfixed>
- intel-microcode <unfixed>
@@ -31399,8 +31475,7 @@ CVE-2018-3617
REJECTED
CVE-2018-3616
RESERVED
-CVE-2018-3615 [L1 Terminal Fault-SGX / Foreshadow]
- RESERVED
+CVE-2018-3615 (Systems with microprocessors utilizing speculative execution
and Intel ...)
- intel-microcode <unfixed>
NOTE:
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
NOTE: https://foreshadowattack.eu/
@@ -35005,28 +35080,28 @@ CVE-2018-2453
RESERVED
CVE-2018-2452
RESERVED
-CVE-2018-2451
- RESERVED
-CVE-2018-2450
- RESERVED
-CVE-2018-2449
- RESERVED
-CVE-2018-2448
- RESERVED
-CVE-2018-2447
- RESERVED
-CVE-2018-2446
- RESERVED
-CVE-2018-2445
- RESERVED
-CVE-2018-2444
- RESERVED
+CVE-2018-2451 (XS Command-Line Interface (CLI) user sessions with the SAP HANA
...)
+ TODO: check
+CVE-2018-2450 (SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker
who ...)
+ TODO: check
+CVE-2018-2449 (SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver
7.3) - ...)
+ TODO: check
+CVE-2018-2448 (Admin tools in SAP BusinessObjects Business Intelligence
Platform, ...)
+ TODO: check
+CVE-2018-2447 (SAP BusinessObjects Business Intelligence (Launchpad Web ...)
+ TODO: check
+CVE-2018-2446 (Admin tools in SAP BusinessObjects Business Intelligence,
versions ...)
+ TODO: check
+CVE-2018-2445 (AdminTools in SAP BusinessObjects Business Intelligence,
versions 4.1, ...)
+ TODO: check
+CVE-2018-2444 (SAP BusinessObjects Financial Consolidation, versions 10.0,
10.1, does ...)
+ TODO: check
CVE-2018-2443
RESERVED
-CVE-2018-2442
- RESERVED
-CVE-2018-2441
- RESERVED
+CVE-2018-2442 (In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1
and ...)
+ TODO: check
+CVE-2018-2441 (Under certain conditions the SAP Change and Transport System
(ABAP), ...)
+ TODO: check
CVE-2018-2440 (Under certain circumstances SAP Dynamic Authorization
Management (DAM) ...)
NOT-FOR-US: SAP
CVE-2018-2439 (The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45,
7.49, ...)
@@ -35075,7 +35150,7 @@ CVE-2018-2418 (SAP MaxDB ODBC driver (all versions
before 7.9.09.07) allows an .
NOT-FOR-US: SAP MaxDB ODBC driver
CVE-2018-2417 (Under certain conditions, the SAP Identity Management 8.0 (pass
of ...)
NOT-FOR-US: SAP Identity Management
-CVE-2018-2416 (SAP Identity Management 8.0 does not sufficiently validate an
XML ...)
+CVE-2018-2416 (SAP Identity Management 7.2 does not sufficiently validate an
XML ...)
NOT-FOR-US: SAP Identity Management
CVE-2018-2415 (SAP NetWeaver Application Server Java Web Container and HTTP
Service ...)
NOT-FOR-US: SAP NetWeaver Application Server Java Web Container and
HTTP Service
@@ -38703,7 +38778,7 @@ CVE-2017-17381 (The Virtio Vring implementation in QEMU
allows local OS guest us
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html
CVE-2018-1140
RESERVED
- - samba <unfixed>
+ - samba <unfixed>
[stretch] - samba <not-affected> (Only affects Samba 4.8.0 onwards)
[jessie] - samba <not-affected> (Only affects Samba 4.8.0 onwards)
NOTE: https://www.samba.org/samba/security/CVE-2018-1140.html
@@ -42048,8 +42123,8 @@ CVE-2018-0133
RESERVED
CVE-2018-0132 (A vulnerability in the forwarding information base (FIB) code
of Cisco ...)
NOT-FOR-US: Cisco
-CVE-2018-0131
- RESERVED
+CVE-2018-0131 (A vulnerability in the implementation of RSA-encrypted nonces
in Cisco ...)
+ TODO: check
CVE-2018-0130 (A vulnerability in the use of JSON web tokens by the web-based
service ...)
NOT-FOR-US: Cisco
CVE-2018-0129 (A vulnerability in the web-based management interface of Cisco
Data ...)
@@ -108087,8 +108162,8 @@ CVE-2016-4977 (When processing authorization requests
using the whitelabel views
NOT-FOR-US: Spring Security OAuth
CVE-2016-4976 (Apache Ambari 2.x before 2.4.0 includes KDC administrator
passwords on ...)
NOT-FOR-US: Apache Ambari
-CVE-2016-4975
- RESERVED
+CVE-2016-4975 (Possible CRLF injection allowing HTTP response splitting
attacks for ...)
+ TODO: check
CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0)
before ...)
- qpid-java <itp> (bug #840131)
CVE-2016-4973 (Binaries compiled against targets that use the libssp library
in GCC ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ded313abfb36eb4cf5968c770df74c640a047c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ded313abfb36eb4cf5968c770df74c640a047c5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
