Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd04f976 by security tracker role at 2018-08-22T20:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,85 @@
+CVE-2018-15726
+ RESERVED
+CVE-2018-15725
+ RESERVED
+CVE-2018-15724
+ RESERVED
+CVE-2018-15723
+ RESERVED
+CVE-2018-15722
+ RESERVED
+CVE-2018-15721
+ RESERVED
+CVE-2018-15720
+ RESERVED
+CVE-2018-15719
+ RESERVED
+CVE-2018-15718
+ RESERVED
+CVE-2018-15717
+ RESERVED
+CVE-2018-15716
+ RESERVED
+CVE-2018-15715
+ RESERVED
+CVE-2018-15714
+ RESERVED
+CVE-2018-15713
+ RESERVED
+CVE-2018-15712
+ RESERVED
+CVE-2018-15711
+ RESERVED
+CVE-2018-15710
+ RESERVED
+CVE-2018-15709
+ RESERVED
+CVE-2018-15708
+ RESERVED
+CVE-2018-15707
+ RESERVED
+CVE-2018-15706
+ RESERVED
+CVE-2018-15705
+ RESERVED
+CVE-2018-15704
+ RESERVED
+CVE-2018-15703
+ RESERVED
+CVE-2018-15702
+ RESERVED
+CVE-2018-15701
+ RESERVED
+CVE-2018-15700
+ RESERVED
+CVE-2018-15699
+ RESERVED
+CVE-2018-15698
+ RESERVED
+CVE-2018-15697
+ RESERVED
+CVE-2018-15696
+ RESERVED
+CVE-2018-15695
+ RESERVED
+CVE-2018-15694
+ RESERVED
+CVE-2018-15693
+ RESERVED
+CVE-2018-15692
+ RESERVED
+CVE-2018-15691
+ RESERVED
+CVE-2018-15690
+ RESERVED
+CVE-2018-15689
+ RESERVED
+CVE-2018-15688
+ RESERVED
+CVE-2018-15687
+ RESERVED
+CVE-2018-15686
+ RESERVED
CVE-2018-15685
RESERVED
CVE-2018-15684
@@ -1952,12 +2034,12 @@ CVE-2018-14803
RESERVED
CVE-2018-14802
RESERVED
-CVE-2018-14801
- RESERVED
+CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70
Cardiographs, all ...)
+ TODO: check
CVE-2018-14800
RESERVED
-CVE-2018-14799
- RESERVED
+CVE-2018-14799 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70
Cardiographs, all ...)
+ TODO: check
CVE-2018-14798
RESERVED
CVE-2018-14797
@@ -1976,12 +2058,12 @@ CVE-2018-14791
RESERVED
CVE-2018-14790
RESERVED
-CVE-2018-14789
- RESERVED
+CVE-2018-14789 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV
Version ...)
+ TODO: check
CVE-2018-14788
RESERVED
-CVE-2018-14787
- RESERVED
+CVE-2018-14787 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV
Version ...)
+ TODO: check
CVE-2018-14786
RESERVED
CVE-2018-14785 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25)
with ...)
@@ -9596,8 +9678,8 @@ CVE-2018-11778
RESERVED
CVE-2018-11777
RESERVED
-CVE-2018-11776
- RESERVED
+CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer
from ...)
+ TODO: check
CVE-2018-11775
RESERVED
CVE-2018-11774
@@ -11919,13 +12001,11 @@ CVE-2018-10920 (Improper input validation bug in DNS
resolver component of Knot
- knot-resolver <unfixed> (bug #905325)
NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2
(including patch)
-CVE-2018-10919
- RESERVED
+CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an
...)
{DSA-4271-1}
- samba 2:4.8.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2018-10919.html
-CVE-2018-10918
- RESERVED
+CVE-2018-10918 (A null pointer dereference flaw was found in the way samba
checked ...)
- samba 2:4.8.4+dfsg-1
[stretch] - samba <not-affected> (Only affects Samba 4.7.0 onwards)
[jessie] - samba <not-affected> (Only affects Samba 4.7.0 onwards)
@@ -12062,8 +12142,7 @@ CVE-2018-10886
NOTE: scope of the assigning CNA.
CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious
network-policy ...)
NOT-FOR-US: atomic-openshift
-CVE-2018-10884
- RESERVED
+CVE-2018-10884 (Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to
...)
NOT-FOR-US: Ansible Tower
CVE-2018-10883 (A flaw was found in the Linux kernel's ext4 filesystem. A
local user ...)
{DLA-1423-1}
@@ -12166,8 +12245,7 @@ CVE-2018-10859 (git-annex is vulnerable to an
Information Exposure when decrypti
[stretch] - git-annex 6.20170101-1+deb9u2
NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
NOTE:
https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
-CVE-2018-10858
- RESERVED
+CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients
processed ...)
{DSA-4271-1}
- samba 2:4.8.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html
@@ -12215,20 +12293,17 @@ CVE-2018-10847 (prosody before versions 0.10.2,
0.9.14 is vulnerable to an ...)
NOTE: https://blog.prosody.im/prosody-0-10-2-security-release/
NOTE:
https://prosody.im/security/advisory_20180531/issue1147-0.10.1.patch (0.10.1)
NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.9.patch
(0.9.x)
-CVE-2018-10846 ["Just in Time" PRIME + PROBE cache-based side channel attack
can lead to plaintext recovery]
- RESERVED
+CVE-2018-10846 (A cache-based side channel in GnuTLS implementation that leads
to ...)
- gnutls28 <unfixed>
- gnutls26 <removed>
NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
NOTE: https://eprint.iacr.org/2018/747
-CVE-2018-10845 [HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of
wrong constant]
- RESERVED
+CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384
was ...)
- gnutls28 <unfixed>
- gnutls26 <removed>
NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
NOTE: https://eprint.iacr.org/2018/747
-CVE-2018-10844 [HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not
enough dummy function calls]
- RESERVED
+CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256
was ...)
- gnutls28 <unfixed>
- gnutls26 <removed>
NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
@@ -19264,10 +19339,12 @@ CVE-2018-8022
CVE-2018-8021
RESERVED
CVE-2018-8020 (Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a
flaw ...)
+ {DLA-1475-1}
- tomcat-native 1.2.17-1
[stretch] - tomcat-native <no-dsa> (Minor issue)
NOTE: https://svn.apache.org/r1832863
CVE-2018-8019 (When using an OCSP responder Apache Tomcat Native 1.2.0 to
1.2.16 and ...)
+ {DLA-1475-1}
- tomcat-native 1.2.17-1
[stretch] - tomcat-native <no-dsa> (Minor issue)
NOTE: https://svn.apache.org/r1832832
@@ -28168,14 +28245,14 @@ CVE-2018-5240 (The Inventory Plugin for Symantec
Management Agent prior to 7.6 P
NOT-FOR-US: Inventory Plugin for Symantec Management Agent
CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a
bypass ...)
NOT-FOR-US: Norton
-CVE-2018-5238
- RESERVED
+CVE-2018-5238 (Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to
2.1.242) ...)
+ TODO: check
CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6
MP10 ...)
NOT-FOR-US: Symantec
CVE-2018-5236 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6
MP10 may ...)
NOT-FOR-US: Symantec
-CVE-2018-5235
- RESERVED
+CVE-2018-5235 (Norton Utilities (prior to 16.0.3.44) may be susceptible to a
DLL ...)
+ TODO: check
CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a
command ...)
NOT-FOR-US: Norton Core router
CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
@@ -37721,8 +37798,8 @@ CVE-2018-1601
RESERVED
CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or ...)
NOT-FOR-US: IBM
-CVE-2018-1599
- RESERVED
+CVE-2018-1599 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote
attacker ...)
+ TODO: check
CVE-2018-1598
RESERVED
CVE-2018-1597
@@ -39664,14 +39741,12 @@ CVE-2017-17381 (The Virtio Vring implementation in
QEMU allows local OS guest us
- qemu-kvm <removed>
[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html
-CVE-2018-1140
- RESERVED
+CVE-2018-1140 (A missing input sanitization flaw was found in the
implementation of ...)
- samba 2:4.8.4+dfsg-1
[stretch] - samba <not-affected> (Only affects Samba 4.8.0 onwards)
[jessie] - samba <not-affected> (Only affects Samba 4.8.0 onwards)
NOTE: https://www.samba.org/samba/security/CVE-2018-1140.html
-CVE-2018-1139
- RESERVED
+CVE-2018-1139 (A flaw was found in the way samba before 4.7.9 and 4.8.4
allowed the ...)
- samba 2:4.8.4+dfsg-1
[stretch] - samba <not-affected> (Issue introduced in 4.7.0)
[jessie] - samba <not-affected> (Issue introduced in 4.7.0)
@@ -72369,8 +72444,7 @@ CVE-2017-7529 (Nginx versions since 0.5.6 up to and
including 1.13.2 are vulnera
- nginx 1.13.3-1 (bug #868109)
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
NOTE: Fixed in 1.13.3, 1.12.1.
-CVE-2017-7528
- RESERVED
+CVE-2017-7528 (Ansible Tower as shipped with Red Hat CloudForms Management
Engine 5 ...)
NOT-FOR-US: Ansible Tower
CVE-2017-7527
RESERVED
@@ -72458,8 +72532,7 @@ CVE-2017-7515 (poppler through version 0.55.0 is
vulnerable to an uncontrolled .
NOTE: Crash in CLI tool, no security implications
CVE-2017-7514 (A cross-site scripting (XSS) flaw was found in how the failed
action ...)
NOT-FOR-US: Red Hat Satellite
-CVE-2017-7513
- RESERVED
+CVE-2017-7513 (It was found that Satellite 5 configured with SSL/TLS for the
...)
NOT-FOR-US: Red Hat Satellite
CVE-2017-7512 (Red Hat 3scale (aka RH-3scale) API Management Platform (AMP)
before ...)
NOT-FOR-US: Red Hat 3scale
@@ -87541,8 +87614,7 @@ CVE-2017-2664 (CloudForms Management Engine (cfme)
before 5.7.3 and 5.8.x before
NOT-FOR-US: Red Hat CloudForms
CVE-2017-2663 (It was found that subscription-manager's DBus interface before
1.19.4 ...)
NOT-FOR-US: candlepin / subscription-manager
-CVE-2017-2662
- RESERVED
+CVE-2017-2662 (A flaw was found in Foreman's katello plugin version 3.4.5.
After ...)
- foreman <itp> (bug #663101)
CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a
cross-site ...)
- pcs 0.9.155+dfsg-2 (bug #858379)
@@ -87655,8 +87727,7 @@ CVE-2017-2629 (curl before 7.53.0 has an incorrect TLS
Certificate Status Reques
NOTE: https://curl.haxx.se/docs/adv_20170222.html
CVE-2017-2628 (curl, as shipped in Red Hat Enterprise Linux 6 before version
...)
- curl <not-affected> (Red Hat specific backport issue)
-CVE-2017-2627 [openstack-tripleo-common: sudoers file is too permissive]
- RESERVED
+CVE-2017-2627 (A flaw was found in openstack-tripleo-common as shipped with
Red Hat ...)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421917
NOT-FOR-US: RHEL packaging flaw for openstack
CVE-2017-2626 (It was discovered that libICE before 1.0.9-8 used a weak
entropy to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd04f976f17eb98ddfdeac463d44c832774e7e0a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd04f976f17eb98ddfdeac463d44c832774e7e0a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
