Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9ded9630 by security tracker role at 2018-10-23T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2018-18627
+ RESERVED
+CVE-2018-18626 (An issue was discovered in PHPYun V4.6. There is a
vulnerability that ...)
+ TODO: check
+CVE-2018-18625
+ RESERVED
+CVE-2018-18624
+ RESERVED
+CVE-2018-18623
+ RESERVED
+CVE-2018-18622 (An issue was discovered in Waimai Super Cms 20150505. There is
XSS via ...)
+ TODO: check
+CVE-2018-18621
+ RESERVED
+CVE-2018-18620
+ RESERVED
+CVE-2018-18619
+ RESERVED
+CVE-2018-18618
+ RESERVED
+CVE-2018-18617
+ RESERVED
+CVE-2018-18616
+ RESERVED
+CVE-2018-18615
+ RESERVED
+CVE-2018-18614
+ RESERVED
+CVE-2018-18613
+ RESERVED
+CVE-2018-18612
+ RESERVED
+CVE-2018-18611
+ RESERVED
+CVE-2018-18610
+ RESERVED
+CVE-2018-18609
+ RESERVED
+CVE-2018-18608 (DedeCMS 5.7 SP2 allows XSS via the function named GetPageList
defined ...)
+ TODO: check
+CVE-2018-18607 (An issue was discovered in elf_link_input_bfd in elflink.c in
the ...)
+ TODO: check
+CVE-2018-18606 (An issue was discovered in the merge_strings function in
merge.c in the ...)
+ TODO: check
+CVE-2018-18605 (A heap-based buffer over-read issue was discovered in the
function ...)
+ TODO: check
+CVE-2018-18604
+ RESERVED
+CVE-2018-18603 (360 Total Security 3.5.0.1033 allows a Sandbox Escape via an
"import ...)
+ TODO: check
+CVE-2018-18602
+ RESERVED
+CVE-2018-18601
+ RESERVED
+CVE-2018-18600
+ RESERVED
+CVE-2018-18599 (Stegdetect through 2018-05-26 has an out-of-bounds write in
f5_compress ...)
+ TODO: check
+CVE-2018-18598
+ RESERVED
+CVE-2018-18597
+ RESERVED
+CVE-2018-18596
+ RESERVED
+CVE-2018-18595
+ RESERVED
+CVE-2018-18594
+ RESERVED
+CVE-2018-18593
+ RESERVED
+CVE-2018-18592
+ RESERVED
+CVE-2018-18591
+ RESERVED
+CVE-2018-18590
+ RESERVED
+CVE-2018-18589 (A potential Remote Arbitrary Code Execution vulnerability has
been ...)
+ TODO: check
+CVE-2018-18588
+ RESERVED
+CVE-2018-18587 (BigProf AppGini 5.70 stores the passwords in the database
using the MD5 ...)
+ TODO: check
CVE-2018-18583 (An issue has been found in LuPng through 2017-03-10. It is a
heap-based ...)
TODO: check
CVE-2018-18582 (An issue has been found in LuPng through 2017-03-10. It is a
heap-based ...)
@@ -617,12 +699,12 @@ CVE-2018-18331
RESERVED
CVE-2018-18330
RESERVED
-CVE-2018-18329
- RESERVED
-CVE-2018-18328
- RESERVED
-CVE-2018-18327
- RESERVED
+CVE-2018-18329 (A KERedirect Untrusted Pointer Dereference Privilege
Escalation ...)
+ TODO: check
+CVE-2018-18328 (A KERedirect Untrusted Pointer Dereference Privilege
Escalation ...)
+ TODO: check
+CVE-2018-18327 (A KERedirect Untrusted Pointer Dereference Privilege
Escalation ...)
+ TODO: check
CVE-2018-18326
RESERVED
CVE-2018-18325
@@ -4212,8 +4294,8 @@ CVE-2018-16839
RESERVED
CVE-2018-16838
RESERVED
-CVE-2018-16837
- RESERVED
+CVE-2018-16837 (Ansible "User" module leaks any data which is passed
on as a parameter ...)
+ TODO: check
CVE-2018-16836 (Rubedo through 3.4.0 contains a Directory Traversal
vulnerability in ...)
NOT-FOR-US: Rubedo CMS
CVE-2018-16835
@@ -7900,10 +7982,10 @@ CVE-2018-15369 (A vulnerability in the TACACS+ client
subsystem of Cisco IOS Sof
NOT-FOR-US: Cisco
CVE-2018-15368 (A vulnerability in the CLI parser of Cisco IOS XE Software
could allow ...)
NOT-FOR-US: Cisco
-CVE-2018-15367
- RESERVED
-CVE-2018-15366
- RESERVED
+CVE-2018-15367 (A ctl_set KERedirect Untrusted Pointer Dereference Privilege
...)
+ TODO: check
+CVE-2018-15366 (A UrlfWTPPagePtr KERedirect Use-After-Free Privilege
Escalation ...)
+ TODO: check
CVE-2018-15365 (A Reflected Cross-Site Scripting (XSS) vulnerability in Trend
Micro ...)
NOT-FOR-US: Trend Micro
CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information
...)
@@ -12714,12 +12796,12 @@ CVE-2018-13404
RESERVED
CVE-2018-13403
RESERVED
-CVE-2018-13402
- RESERVED
-CVE-2018-13401
- RESERVED
-CVE-2018-13400
- RESERVED
+CVE-2018-13402 (Many resources in Atlassian Jira before version 7.6.9, from
version ...)
+ TODO: check
+CVE-2018-13401 (The XsrfErrorAction resource in Atlassian Jira before version
7.6.9, ...)
+ TODO: check
+CVE-2018-13400 (Several administrative resources in Atlassian Jira before
version ...)
+ TODO: check
CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and
Crucible ...)
NOT-FOR-US: Atlassian
CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye
and ...)
@@ -15195,11 +15277,9 @@ CVE-2017-18315
RESERVED
CVE-2017-18314 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206,
MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18313
- RESERVED
+CVE-2017-18313 (Under certain mode of operations, HLOS may be able get direct
or ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18312
- RESERVED
+CVE-2017-18312 (While accessing SafeSwitch services, third party can
manipulate a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18311
RESERVED
@@ -15217,45 +15297,33 @@ CVE-2017-18307
RESERVED
CVE-2017-18306
RESERVED
-CVE-2017-18305
- RESERVED
+CVE-2017-18305 (XBL sec mem dump system call allows complete control of EL3 by
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18304
- RESERVED
+CVE-2017-18304 (Insufficient memory allocation in boot due to incorrect size
being ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18303
- RESERVED
+CVE-2017-18303 (While processing the sensors registry configuration file, if
inputs ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18302 (In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD
425, SD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18301 (In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in
version ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18300
- RESERVED
+CVE-2017-18300 (Secure display content could be accessed by third party
trusted ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18299
- RESERVED
+CVE-2017-18299 (Improper translation table consolidation logic leads to
resource ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18298
- RESERVED
+CVE-2017-18298 (Lack of Input Validation in SDMX API can lead to NULL pointer
access ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18297
- RESERVED
+CVE-2017-18297 (Double memory free while closing TEE SE API Session management
in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18296
- RESERVED
+CVE-2017-18296 (Access control on applications is not applied while accessing
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18295
- RESERVED
+CVE-2017-18295 (Possible buffer overflow if input is not null terminated in
DSP ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18294
- RESERVED
+CVE-2017-18294 (While reading file class type from ELF header, a buffer
overread may ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18293
- RESERVED
+CVE-2017-18293 (When a particular GPIO is protected by blocking access to the
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18292
- RESERVED
+CVE-2017-18292 (Secure app running in non secure space can restart TZ by
calling ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-12440 (BoringSSL through 2018-06-14 allows a memory-cache
side-channel attack ...)
- boringssl <itp> (bug #823933)
@@ -18418,11 +18486,9 @@ CVE-2018-11258 (In ADSP RPC in Snapdragon Automobile,
Snapdragon Mobile and Snap
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11257 (Permissions, Privileges, and Access Controls in TA in
Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18283
- RESERVED
+CVE-2017-18283 (Possible memory corruption when Read Val Blob Req is received
with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18282
- RESERVED
+CVE-2017-18282 (Non-secure SW can cause SDCC to generate secure bus accesses,
which ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18281
RESERVED
@@ -18435,8 +18501,7 @@ CVE-2017-18279
CVE-2017-18278
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18277
- RESERVED
+CVE-2017-18277 (When dynamic memory allocation fails, currently the process
sleeps for ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18276
RESERVED
@@ -25539,8 +25604,8 @@ CVE-2018-8571
RESERVED
CVE-2018-8570
RESERVED
-CVE-2018-8569
- RESERVED
+CVE-2018-8569 (A remote code execution vulnerability exists in the Yammer
desktop ...)
+ TODO: check
CVE-2018-8568
RESERVED
CVE-2018-8567
@@ -27098,8 +27163,8 @@ CVE-2018-7913
RESERVED
CVE-2018-7912
RESERVED
-CVE-2018-7911
- RESERVED
+CVE-2018-7911 (Some Huawei smart phones ALP-AL00B 8.0.0.106(C00),
8.0.0.113(SP2C00), ...)
+ TODO: check
CVE-2018-7910
RESERVED
CVE-2018-7909
@@ -31085,14 +31150,11 @@ CVE-2017-18174 (In the Linux kernel before 4.7, the
amd_gpio_remove function in
CVE-2017-18173
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18172
- RESERVED
+CVE-2017-18172 (In a device, with screen size 1440x2560, the check of
contiguous ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18171
- RESERVED
+CVE-2017-18171 (Improper input validation for GATT data packet received in
Bluetooth ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18170
- RESERVED
+CVE-2017-18170 (Improper input validation in Bluetooth Controller function can
lead to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18169 (User process can perform the kernel DOS in ashmem when doing
cache ...)
- linux <not-affected> (Android-specific)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ded963024753de1e4c59b81531efc861a97d95b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ded963024753de1e4c59b81531efc861a97d95b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
