Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cafdbe1e by security tracker role at 2018-08-17T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,40 +1,258 @@
-CVE-2018-15367
+CVE-2018-15481
RESERVED
-CVE-2018-15366
+CVE-2018-15480
RESERVED
-CVE-2018-15365
+CVE-2018-15479
RESERVED
-CVE-2018-15364
+CVE-2018-15478
RESERVED
-CVE-2018-15363
+CVE-2018-15477
RESERVED
-CVE-2018-15362
+CVE-2018-15476
RESERVED
-CVE-2018-15361
+CVE-2018-15475
+ RESERVED
+CVE-2018-15474
+ RESERVED
+CVE-2018-15472
+ RESERVED
+CVE-2018-15467
+ RESERVED
+CVE-2018-15466
+ RESERVED
+CVE-2018-15465
+ RESERVED
+CVE-2018-15464
+ RESERVED
+CVE-2018-15463
+ RESERVED
+CVE-2018-15462
+ RESERVED
+CVE-2018-15461
+ RESERVED
+CVE-2018-15460
+ RESERVED
+CVE-2018-15459
+ RESERVED
+CVE-2018-15458
+ RESERVED
+CVE-2018-15457
+ RESERVED
+CVE-2018-15456
+ RESERVED
+CVE-2018-15455
+ RESERVED
+CVE-2018-15454
+ RESERVED
+CVE-2018-15453
+ RESERVED
+CVE-2018-15452
+ RESERVED
+CVE-2018-15451
+ RESERVED
+CVE-2018-15450
+ RESERVED
+CVE-2018-15449
+ RESERVED
+CVE-2018-15448
+ RESERVED
+CVE-2018-15447
+ RESERVED
+CVE-2018-15446
+ RESERVED
+CVE-2018-15445
+ RESERVED
+CVE-2018-15444
+ RESERVED
+CVE-2018-15443
+ RESERVED
+CVE-2018-15442
+ RESERVED
+CVE-2018-15441
+ RESERVED
+CVE-2018-15440
+ RESERVED
+CVE-2018-15439
+ RESERVED
+CVE-2018-15438
+ RESERVED
+CVE-2018-15437
+ RESERVED
+CVE-2018-15436
+ RESERVED
+CVE-2018-15435
+ RESERVED
+CVE-2018-15434
+ RESERVED
+CVE-2018-15433
+ RESERVED
+CVE-2018-15432
+ RESERVED
+CVE-2018-15431
+ RESERVED
+CVE-2018-15430
+ RESERVED
+CVE-2018-15429
+ RESERVED
+CVE-2018-15428
+ RESERVED
+CVE-2018-15427
+ RESERVED
+CVE-2018-15426
+ RESERVED
+CVE-2018-15425
+ RESERVED
+CVE-2018-15424
+ RESERVED
+CVE-2018-15423
+ RESERVED
+CVE-2018-15422
+ RESERVED
+CVE-2018-15421
+ RESERVED
+CVE-2018-15420
+ RESERVED
+CVE-2018-15419
+ RESERVED
+CVE-2018-15418
+ RESERVED
+CVE-2018-15417
+ RESERVED
+CVE-2018-15416
+ RESERVED
+CVE-2018-15415
+ RESERVED
+CVE-2018-15414
+ RESERVED
+CVE-2018-15413
+ RESERVED
+CVE-2018-15412
+ RESERVED
+CVE-2018-15411
+ RESERVED
+CVE-2018-15410
+ RESERVED
+CVE-2018-15409
+ RESERVED
+CVE-2018-15408
+ RESERVED
+CVE-2018-15407
+ RESERVED
+CVE-2018-15406
+ RESERVED
+CVE-2018-15405
+ RESERVED
+CVE-2018-15404
+ RESERVED
+CVE-2018-15403
+ RESERVED
+CVE-2018-15402
+ RESERVED
+CVE-2018-15401
RESERVED
-CVE-2018-15360
+CVE-2018-15400
RESERVED
-CVE-2018-15359
+CVE-2018-15399
RESERVED
-CVE-2018-15358
+CVE-2018-15398
RESERVED
-CVE-2018-15357
+CVE-2018-15397
RESERVED
-CVE-2018-15356
+CVE-2018-15396
RESERVED
-CVE-2018-15355
+CVE-2018-15395
RESERVED
-CVE-2018-15354
+CVE-2018-15394
RESERVED
-CVE-2018-15353
+CVE-2018-15393
RESERVED
-CVE-2018-15352
+CVE-2018-15392
RESERVED
-CVE-2018-15351
+CVE-2018-15391
RESERVED
-CVE-2018-15350
+CVE-2018-15390
RESERVED
-CVE-2018-15473 [openssh username enumeration]
+CVE-2018-15389
+ RESERVED
+CVE-2018-15388
+ RESERVED
+CVE-2018-15387
+ RESERVED
+CVE-2018-15386
+ RESERVED
+CVE-2018-15385
+ RESERVED
+CVE-2018-15384
+ RESERVED
+CVE-2018-15383
+ RESERVED
+CVE-2018-15382
+ RESERVED
+CVE-2018-15381
+ RESERVED
+CVE-2018-15380
+ RESERVED
+CVE-2018-15379
+ RESERVED
+CVE-2018-15378
+ RESERVED
+CVE-2018-15377
+ RESERVED
+CVE-2018-15376
+ RESERVED
+CVE-2018-15375
+ RESERVED
+CVE-2018-15374
+ RESERVED
+CVE-2018-15373
+ RESERVED
+CVE-2018-15372
+ RESERVED
+CVE-2018-15371
+ RESERVED
+CVE-2018-15370
+ RESERVED
+CVE-2018-15369
+ RESERVED
+CVE-2018-15368
+ RESERVED
+CVE-2018-15367
+ RESERVED
+CVE-2018-15366
+ RESERVED
+CVE-2018-15365
+ RESERVED
+CVE-2018-15364
+ RESERVED
+CVE-2018-15363
+ RESERVED
+CVE-2018-15362
+ RESERVED
+CVE-2018-15361
+ RESERVED
+CVE-2018-15360 (An attacker without authentication can login with default
credentials ...)
+ TODO: check
+CVE-2018-15359 (An authenticated attacker with low privileges can use insecure
sudo ...)
+ TODO: check
+CVE-2018-15358 (An authenticated attacker with low privileges can activate
high ...)
+ TODO: check
+CVE-2018-15357 (An authenticated attacker with low privileges can extract
password ...)
+ TODO: check
+CVE-2018-15356 (An authenticated attacker can execute arbitrary code using
command ...)
+ TODO: check
+CVE-2018-15355 (Usage of SSLv2 and SSLv3 leads to transmitted data decryption
in ...)
+ TODO: check
+CVE-2018-15354 (A Buffer Overflow exploited through web interface by remote
attacker ...)
+ TODO: check
+CVE-2018-15353 (A Buffer Overflow exploited through web interface by remote
attacker ...)
+ TODO: check
+CVE-2018-15352 (An attacker with low privileges can cause denial of service in
...)
+ TODO: check
+CVE-2018-15351 (Denial of service via crafting malicious link and sending it
to a ...)
+ TODO: check
+CVE-2018-15350 (Router Default Credentials in Kraftway 24F2XG Router firmware
version ...)
+ TODO: check
+CVE-2018-15473 (OpenSSH through 7.7 is prone to a user enumeration
vulnerability due to ...)
- openssh 1:7.7p1-4 (bug #906236)
NOTE: http://www.openwall.com/lists/oss-security/2018/08/15/5
NOTE:
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
@@ -123,19 +341,22 @@ CVE-2018-XXXX [libykneomgr memory corruption]
[stretch] - libykneomgr <no-dsa> (Minor issue)
[jessie] - libykneomgr <no-dsa> (Minor issue)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/
-CVE-2018-15470 [XSA 272: oxenstored does not apply quota-maxentity]
+CVE-2018-15470 (An issue was discovered in Xen through 4.11.x. The logic in
oxenstored ...)
+ {DSA-4274-1}
- xen <unfixed> (unimportant)
NOTE: https://xenbits.xen.org/xsa/advisory-272.html
-CVE-2018-15471 [XSA 270: Linux netback driver OOB access in hash handling]
+CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in ...)
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-270.html
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1607
-CVE-2018-15468 [XSA 269: x86: Incorrect MSR_DEBUGCTL handling lets guests
enable BTS]
+CVE-2018-15468 (An issue was discovered in Xen through 4.11.x. The DEBUGCTL
MSR ...)
+ {DSA-4274-1}
- xen <unfixed>
[jessie] - xen <not-affected> (Only affects 4.6 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-269.html
-CVE-2018-15469 [XSA 268: Use of v2 grant tables may cause crash on ARM]
+CVE-2018-15469 (An issue was discovered in Xen through 4.11.x. ARM never
properly ...)
+ {DSA-4274-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-268.html
CVE-2018-15309
@@ -2432,94 +2653,94 @@ CVE-2018-14364 (GitLab Community and Enterprise Edition
before 10.7.7, 10.8.x be
- gitlab <unfixed> (bug #904026)
NOTE:
https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c
does not ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.9.1-1
NOTE:
https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code
without neomutt patchset
NOTE: previous versions ship a neomutt patchset.
CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
NOTE:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c
proceeds ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.9.1-1
NOTE:
https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585
NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code
without neomutt patchset
NOTE: previous versions ship a neomutt patchset.
CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16.
nntp_add_group in ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.9.1-1
NOTE:
https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3
NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code
without neomutt patchset
NOTE: previous versions ship a neomutt patchset.
CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85
NOTE:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
NOTE:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725
NOTE:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14356 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82
NOTE:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14355 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d
NOTE:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14354 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb
NOTE:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14353 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23
NOTE:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14352 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4
NOTE:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14351 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741
NOTE:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14350 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
NOTE:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- {DLA-1455-1}
+ {DSA-4277-1 DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
@@ -3166,10 +3387,10 @@ CVE-2018-14060 (OS command injection in the AP mode
settings feature in /cgi-bin
NOT-FOR-US: Xiaomi R3D
CVE-2018-14059
RESERVED
-CVE-2018-14058
- RESERVED
-CVE-2018-14057
- RESERVED
+CVE-2018-14058 (Pimcore before 5.3.0 allows SQL Injection via the REST web
service ...)
+ TODO: check
+CVE-2018-14057 (Pimcore before 5.3.0 allows remote attackers to conduct
cross-site ...)
+ TODO: check
CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted
lines coming ...)
{DSA-4252-1 DLA-1427-1}
- znc 1.7.1-1 (bug #903787)
@@ -10725,7 +10946,7 @@ CVE-2018-11087
CVE-2018-11086
RESERVED
CVE-2018-11085
- RESERVED
+ REJECTED
CVE-2018-11084
RESERVED
CVE-2018-11083
@@ -11338,8 +11559,7 @@ CVE-2018-10874 (In ansible it was found that inventory
variables are loaded from
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596528
NOTE: https://github.com/ansible/ansible/pull/42067
NOTE:
https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e
-CVE-2018-10873 [Missing check in demarshal.py:write_validate_array_item()
allows for buffer overflow and denial of service]
- RESERVED
+CVE-2018-10873 (A vulnerability was discovered in SPICE before version 0.14.1
where ...)
- spice <unfixed> (bug #906315)
- spice-gtk <unfixed> (bug #906316)
NOTE:
https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
@@ -17841,7 +18061,7 @@ CVE-2018-8263
CVE-2018-8262 (A remote code execution vulnerability exists when Microsoft
Edge ...)
NOT-FOR-US: Microsoft
CVE-2018-8261
- RESERVED
+ REJECTED
CVE-2018-8260 (A Remote Code Execution vulnerability exists in .NET software
when the ...)
NOT-FOR-US: Microsoft
CVE-2018-8259
@@ -22835,8 +23055,8 @@ CVE-2017-18125 (In Android before security patch level
2018-04-05 on Qualcomm ..
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18124
RESERVED
-CVE-2018-6622
- RESERVED
+CVE-2018-6622 (An issue was discovered that affects all producers of BIOS
firmware ...)
+ TODO: check
CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg
through ...)
{DSA-4249-1}
- ffmpeg 7:3.4.2-1 (low)
@@ -26515,10 +26735,10 @@ CVE-2018-5549
RESERVED
CVE-2018-5548
RESERVED
-CVE-2018-5547
- RESERVED
-CVE-2018-5546
- RESERVED
+CVE-2018-5547 (Windows Logon Integration feature of F5 BIG-IP APM client prior
to ...)
+ TODO: check
+CVE-2018-5546 (The svpn and policyserver components of the F5 BIG-IP APM
client prior ...)
+ TODO: check
CVE-2018-5545
RESERVED
CVE-2018-5544 (When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders
certain ...)
@@ -31112,12 +31332,12 @@ CVE-2018-3787
RESERVED
CVE-2018-3786
RESERVED
-CVE-2018-3785
- RESERVED
-CVE-2018-3784
- RESERVED
-CVE-2018-3783
- RESERVED
+CVE-2018-3785 (A command injection in git-dummy-commit v1.3.0 allows os level
...)
+ TODO: check
+CVE-2018-3784 (A code injection in cryo 0.0.6 allows an attacker to
arbitrarily ...)
+ TODO: check
+CVE-2018-3783 (A privilege escalation detected in flintcms versions <=
1.1.9 allows ...)
+ TODO: check
CVE-2018-3782
REJECTED
CVE-2018-3781 (A missing sanitization of search results for an autocomplete
field in ...)
@@ -38437,7 +38657,7 @@ CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5,
contain a command injecti
CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper
restriction ...)
NOT-FOR-US: EMC ScaleIO
CVE-2018-1236
- RESERVED
+ REJECTED
CVE-2018-1235 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint
for VMs ...)
NOT-FOR-US: Dell
CVE-2018-1234 (RSA Authentication Agent version 8.0.1 and earlier for Web for
IIS is ...)
@@ -88788,8 +89008,8 @@ CVE-2017-1734 (IBM Jazz Team Server affecting the
following IBM Rational Product
NOT-FOR-US: IBM
CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log
files ...)
NOT-FOR-US: IBM
-CVE-2017-1732
- RESERVED
+CVE-2017-1732 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2
does ...)
+ TODO: check
CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
provide ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2017-1730
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cafdbe1e88411a90fce319ff330079c1e6be095e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cafdbe1e88411a90fce319ff330079c1e6be095e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
