Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: bf8d6d97 by security tracker role at 2018-08-21T20:10:27Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,121 @@ +CVE-2018-15663 + RESERVED +CVE-2018-15662 + RESERVED +CVE-2018-15661 (** DISPUTED ** An issue was discovered in the Ola Money (aka ...) + TODO: check +CVE-2018-15660 (** DISPUTED ** An issue was discovered in the Ola Money (aka ...) + TODO: check +CVE-2018-15659 + RESERVED +CVE-2018-15658 + RESERVED +CVE-2018-15657 + RESERVED +CVE-2018-15656 + RESERVED +CVE-2018-15655 + RESERVED +CVE-2018-15654 + RESERVED +CVE-2018-15653 + RESERVED +CVE-2018-15652 + RESERVED +CVE-2018-15651 + RESERVED +CVE-2018-15650 + RESERVED +CVE-2018-15649 + RESERVED +CVE-2018-15648 + RESERVED +CVE-2018-15647 + RESERVED +CVE-2018-15646 + RESERVED +CVE-2018-15645 + RESERVED +CVE-2018-15644 + RESERVED +CVE-2018-15643 + RESERVED +CVE-2018-15642 + RESERVED +CVE-2018-15641 + RESERVED +CVE-2018-15640 + RESERVED +CVE-2018-15639 + RESERVED +CVE-2018-15638 + RESERVED +CVE-2018-15637 + RESERVED +CVE-2018-15636 + RESERVED +CVE-2018-15635 + RESERVED +CVE-2018-15634 + RESERVED +CVE-2018-15633 + RESERVED +CVE-2018-15632 + RESERVED +CVE-2018-15631 + RESERVED +CVE-2018-15630 + RESERVED +CVE-2018-15629 + RESERVED +CVE-2018-15628 + RESERVED +CVE-2018-15627 + RESERVED +CVE-2018-15626 + RESERVED +CVE-2018-15625 + RESERVED +CVE-2018-15624 + RESERVED +CVE-2018-15623 + RESERVED +CVE-2018-15622 + RESERVED +CVE-2018-15621 + RESERVED +CVE-2018-15620 + RESERVED +CVE-2018-15619 + RESERVED +CVE-2018-15618 + RESERVED +CVE-2018-15617 + RESERVED +CVE-2018-15616 + RESERVED +CVE-2018-15615 + RESERVED +CVE-2018-15614 + RESERVED +CVE-2018-15613 + RESERVED +CVE-2018-15612 + RESERVED +CVE-2018-15611 + RESERVED +CVE-2018-15610 + RESERVED +CVE-2018-15609 + RESERVED +CVE-2018-15608 + RESERVED +CVE-2018-15607 (In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 ...) + TODO: check +CVE-2018-15606 + RESERVED +CVE-2018-15605 + RESERVED CVE-2018-XXXX [security issue with the PASS command and duplicate server instances] - charybdis <unfixed> (bug #906879) [stretch] - charybdis <not-affected> (Vulnerable code added later) @@ -239,10 +357,10 @@ CVE-2018-15536 RESERVED CVE-2018-15535 RESERVED -CVE-2018-15534 - RESERVED -CVE-2018-15533 - RESERVED +CVE-2018-15534 (Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of ...) + TODO: check +CVE-2018-15533 (A reflected cross-site scripting vulnerability exists in Geutebrueck ...) + TODO: check CVE-2018-15532 RESERVED CVE-2018-15531 @@ -251,8 +369,8 @@ CVE-2018-15530 RESERVED CVE-2018-15529 RESERVED -CVE-2018-15528 - RESERVED +CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System Solutions SSO ...) + TODO: check CVE-2018-15527 RESERVED CVE-2018-15526 @@ -349,8 +467,8 @@ CVE-2018-15483 RESERVED CVE-2018-15482 (Certain LG devices based on Android 6.0 through 8.1 have incorrect ...) NOT-FOR-US: LG devices specific issue -CVE-2018-15481 - RESERVED +CVE-2018-15481 (Improper input sanitization within the restricted administration shell ...) + TODO: check CVE-2018-15480 RESERVED CVE-2018-15479 @@ -604,6 +722,7 @@ CVE-2018-15351 (Denial of service via crafting malicious link and sending it to CVE-2018-15350 (Router Default Credentials in Kraftway 24F2XG Router firmware version ...) NOT-FOR-US: Kraftway 24F2XG Router firmware CVE-2018-15473 (OpenSSH through 7.7 is prone to a user enumeration vulnerability due to ...) + {DLA-1474-1} - openssh 1:7.7p1-4 (bug #906236) NOTE: http://www.openwall.com/lists/oss-security/2018/08/15/5 NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8 @@ -1794,12 +1913,12 @@ CVE-2018-14797 RESERVED CVE-2018-14796 RESERVED -CVE-2018-14795 - RESERVED +CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...) + TODO: check CVE-2018-14794 RESERVED -CVE-2018-14793 - RESERVED +CVE-2018-14793 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...) + TODO: check CVE-2018-14792 RESERVED CVE-2018-14791 @@ -2351,6 +2470,7 @@ CVE-2018-14595 CVE-2018-14594 RESERVED CVE-2018-14593 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x ...) + {DLA-1473-1} - otrs2 6.0.10-1 NOTE: https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/ NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/57cda14db8fdbcbfb8cabb32d85fbc89fde48c62 @@ -8598,8 +8718,7 @@ CVE-2018-12117 RESERVED CVE-2018-12116 RESERVED -CVE-2018-12115 - RESERVED +CVE-2018-12115 (In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when ...) - nodejs <unfixed> (unimportant) NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/ NOTE: Nodejs not covered by security support @@ -11707,8 +11826,7 @@ CVE-2018-10934 - wildfly <itp> (bug #752018) CVE-2018-10933 RESERVED -CVE-2018-10932 [improper sanitization of shell-escape codes ] - RESERVED +CVE-2018-10932 (lldptool version 1.0.1 and older can print a raw, unsanitized attacker ...) - lldpad 1.0.1+git20180808.4e642bd-1 (unimportant; bug #905901) NOTE: https://github.com/intel/openlldp/pull/7 NOTE: https://github.com/intel/openlldp/commit/41feb359a9d0082b0bcf68b1f2b37227f02af4f1 @@ -11816,8 +11934,7 @@ CVE-2018-10903 (A flaw was found in python-cryptography versions between >=1. [jessie] - python-cryptography <not-affected> (Vulnerable code introduced later) NOTE: https://github.com//pyca/cryptography/pull/4342 NOTE: https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef -CVE-2018-10902 [MIDI driver race condition leads to a double-free] - RESERVED +CVE-2018-10902 (It was found that the raw midi kernel driver does not protect against ...) - linux 4.17.15-1 NOTE: https://git.kernel.org/linus/39675f7a7c7e7702f7d5341f1e0d01db746543a0 (4.18-rc6) CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization subsystem. The ...) @@ -13849,7 +13966,7 @@ CVE-2018-10141 RESERVED CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 ...) NOT-FOR-US: Palo Alto Networks PAN-OS -CVE-2018-10139 (The PAN-OS response page for GlobalProtect in Palo Alto Networks ...) +CVE-2018-10139 (The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2018-10138 (The CATALooK.netStore module through 7.2.8 for DNN (formerly ...) NOT-FOR-US: DNN @@ -21930,8 +22047,7 @@ CVE-2018-7168 CVE-2018-7167 (Calling Buffer.fill() or Buffer.alloc() with some parameters can lead ...) - nodejs <unfixed> (unimportant) NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#calls-to-buffer-fill-and-or-buffer-alloc-may-hang-cve-2018-7167 -CVE-2018-7166 - RESERVED +CVE-2018-7166 (In all versions of Node.js 10 prior to 10.9.0, an argument processing ...) [experimental] - nodejs <unfixed> - nodejs <not-affected> (Only affects 10.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/ @@ -23143,8 +23259,8 @@ CVE-2018-6694 RESERVED CVE-2018-6693 RESERVED -CVE-2018-6692 - RESERVED +CVE-2018-6692 (Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin ...) + TODO: check CVE-2018-6691 RESERVED CVE-2018-6690 @@ -23682,8 +23798,8 @@ CVE-2018-6559 RESERVED CVE-2018-6558 RESERVED -CVE-2018-6557 - RESERVED +CVE-2018-6557 (The MOTD update script in the base-files package in Ubuntu 18.04 LTS ...) + TODO: check CVE-2018-6556 (lxc-user-nic when asked to delete a network interface will ...) - lxc <unfixed> (bug #905586) [stretch] - lxc <not-affected> (Vulnerable code introduced later) @@ -40105,10 +40221,10 @@ CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, . NOT-FOR-US: Huawei CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with Versions ...) NOT-FOR-US: inputhub driver of HUAWEI P9 Lite mobile phones -CVE-2017-17312 - RESERVED -CVE-2017-17311 - RESERVED +CVE-2017-17312 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...) + TODO: check +CVE-2017-17311 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...) + TODO: check CVE-2017-17310 (Electronic Numbers to URI Mapping (ENUM) module in some Huawei ...) NOT-FOR-US: Huawei CVE-2017-17309 (Huawei HG255s-10 V100R001C163B025SP02 has a path traversal ...) @@ -40119,8 +40235,8 @@ CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141 have NOT-FOR-US: Huawei CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141, ...) NOT-FOR-US: Huawei -CVE-2017-17305 - RESERVED +CVE-2017-17305 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...) + TODO: check CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...) NOT-FOR-US: Huawei CVE-2017-17303 (Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf8d6d976dee50e7ccce2fb28d455575804261b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf8d6d976dee50e7ccce2fb28d455575804261b1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits