[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 29 Oct 2018 13:10:45 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fc4cb7e0 by security tracker role at 2018-10-29T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1027,8 +1027,8 @@ CVE-2018-18389 (Due to incorrect access control in Neo4j 
Enterprise Database Ser
        NOT-FOR-US: Neo4J server
 CVE-2018-18388
        RESERVED
-CVE-2018-18387
-       RESERVED
+CVE-2018-18387 (playSMS through 1.4.2 allows Privilege Escalation through 
Daemon ...)
+       TODO: check
 CVE-2018-18386 (drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows 
local ...)
        - linux 4.14.12-1
        [stretch] - linux 4.9.82-1+deb9u1
@@ -2308,12 +2308,12 @@ CVE-2018-17912
        RESERVED
 CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several 
stack-based ...)
        NOT-FOR-US: LAquis SCADA
-CVE-2018-17910
-       RESERVED
+CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to 
properly ...)
+       TODO: check
 CVE-2018-17909
        RESERVED
-CVE-2018-17908
-       RESERVED
+CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the 
...)
+       TODO: check
 CVE-2018-17907
        RESERVED
 CVE-2018-17906
@@ -17288,68 +17288,64 @@ CVE-2018-11886 (In all android releases (Android for 
MSM, Firefox OS for MSM, QR
        NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11885
        RESERVED
-CVE-2018-11884
-       RESERVED
+CVE-2018-11884 (Improper input validation leads to buffer overflow while 
processing ...)
+       TODO: check
 CVE-2018-11883 (In all android releases (Android for MSM, Firefox OS for MSM, 
QRD ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11882
-       RESERVED
+CVE-2018-11882 (Incorrect bound check can lead to potential buffer overwrite 
in WLAN ...)
+       TODO: check
 CVE-2018-11881
        RESERVED
-CVE-2018-11880
-       RESERVED
-CVE-2018-11879
-       RESERVED
+CVE-2018-11880 (Incorrect bound check can lead to potential buffer overwrite 
in WLAN ...)
+       TODO: check
+CVE-2018-11879 (When the buffer length passed is very large, bounds check 
could be ...)
+       TODO: check
 CVE-2018-11878 (In all android releases (Android for MSM, Firefox OS for MSM, 
QRD ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11877
-       RESERVED
-CVE-2018-11876
-       RESERVED
-CVE-2018-11875
-       RESERVED
-CVE-2018-11874
-       RESERVED
-CVE-2018-11873
-       RESERVED
-CVE-2018-11872
-       RESERVED
-CVE-2018-11871
-       RESERVED
-CVE-2018-11870
-       RESERVED
+CVE-2018-11877 (When the buffer length passed is very large in WLAN, bounds 
check ...)
+       TODO: check
+CVE-2018-11876 (Lack of input validation while copying to buffer in WLAN will 
lead to ...)
+       TODO: check
+CVE-2018-11875 (Lack of check of buffer size before copying in a WLAN function 
can ...)
+       TODO: check
+CVE-2018-11874 (Buffer overflow if the length of passphrase is more than 32 
when ...)
+       TODO: check
+CVE-2018-11873 (Improper input validation leads to buffer overwrite in the 
WLAN ...)
+       TODO: check
+CVE-2018-11872 (Improper input validation leads to buffer overwrite in the 
WLAN ...)
+       TODO: check
+CVE-2018-11871 (Buffer overwrite can happen in WLAN function while processing 
set pdev ...)
+       TODO: check
+CVE-2018-11870 (Buffer overwrite can occur when the legacy rates count 
received from ...)
+       TODO: check
 CVE-2018-11869 (In all android releases (Android for MSM, Firefox OS for MSM, 
QRD ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11868 (In all android releases (Android for MSM, Firefox OS for MSM, 
QRD ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11867
-       RESERVED
-CVE-2018-11866
-       RESERVED
+CVE-2018-11867 (Lack of buffer length check before copying in WLAN function 
while ...)
+       TODO: check
+CVE-2018-11866 (Integer overflow may happen in WLAN when calculating an 
internal ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11865
-       RESERVED
+CVE-2018-11865 (Integer overflow may happen when calculating an internal 
structure ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11864
        RESERVED
 CVE-2018-11863 (In all android releases (Android for MSM, Firefox OS for MSM, 
QRD ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11862
-       RESERVED
-CVE-2018-11861
-       RESERVED
+CVE-2018-11862 (Buffer overflow can happen in WLAN module due to lack of 
validation of ...)
+       TODO: check
+CVE-2018-11861 (Buffer overflow can happen in WLAN function due to lack of 
validation ...)
+       TODO: check
 CVE-2018-11860 (In all android releases (Android for MSM, Firefox OS for MSM, 
QRD ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11859
-       RESERVED
-CVE-2018-11858
-       RESERVED
+CVE-2018-11859 (Buffer overwrite can happen in WLAN due to lack of validation 
of the ...)
+       TODO: check
+CVE-2018-11858 (When processing IE set command, buffer overwrite may occur due 
to lack ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11857
-       RESERVED
+CVE-2018-11857 (Improper input validation in WLAN encrypt/decrypt module can 
lead to a ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11856
-       RESERVED
+CVE-2018-11856 (Improper input validation leads to buffer overwrite in the 
WLAN ...)
+       TODO: check
 CVE-2018-11855
        RESERVED
        NOT-FOR-US: Qualcomm components for Android
@@ -19049,8 +19045,7 @@ CVE-2017-18283 (Possible memory corruption when Read 
Val Blob Req is received wi
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18282 (Non-secure SW can cause SDCC to generate secure bus accesses, 
which ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18281
-       RESERVED
+CVE-2017-18281 (A bool variable in Video function, which gets typecasted to 
int before ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18280 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, 
MSM8909W, ...)
        NOT-FOR-US: Qualcomm components for Android
@@ -19776,7 +19771,7 @@ CVE-2018-10982 (An issue was discovered in Xen through 
4.10.x allowing x86 HVM g
        - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
        NOTE: https://xenbits.xen.org/xsa/advisory-261.html
 CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM 
guest OS ...)
-       {DSA-4201-1 DLA-1383-1}
+       {DSA-4201-1 DLA-1559-1 DLA-1383-1}
        - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
        NOTE: https://xenbits.xen.org/xsa/advisory-262.html
 CVE-2018-10980
@@ -21397,7 +21392,7 @@ CVE-2018-10471 (An issue was discovered in Xen through 
4.10.x allowing x86 PV gu
        [wheezy] - xen <not-affected> (Regression for XSA-254 which was not 
applied in wheezy)
        NOTE: https://xenbits.xen.org/xsa/advisory-259.html
 CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM 
guest OS ...)
-       {DSA-4201-1}
+       {DSA-4201-1 DLA-1559-1}
        - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
        [wheezy] - xen <not-affected> (No QMP support in wheezy)
        NOTE: https://xenbits.xen.org/xsa/advisory-258.html
@@ -45748,10 +45743,10 @@ CVE-2018-1769
        RESERVED
 CVE-2018-1768 (IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose 
sensitive ...)
        NOT-FOR-US: IBM
-CVE-2018-1767
-       RESERVED
-CVE-2018-1766
-       RESERVED
+CVE-2018-1767 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 
Cachemonitor ...)
+       TODO: check
+CVE-2018-1766 (IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 
are ...)
+       TODO: check
 CVE-2018-1765
        RESERVED
 CVE-2018-1764
@@ -46522,8 +46517,8 @@ CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to 
cross-site scripting. Th
        NOT-FOR-US: IBM API Connect
 CVE-2018-1381
        RESERVED
-CVE-2018-1380
-       RESERVED
+CVE-2018-1380 (IBM InfoSphere Master Data Management Collaboration Server 
11.4, 11.5, ...)
+       TODO: check
 CVE-2018-1379
        RESERVED
 CVE-2018-1378
@@ -49835,8 +49830,7 @@ CVE-2018-0737 (The OpenSSL RSA Key generation algorithm 
has been shown to be ...
        NOTE: https://eprint.iacr.org/2018/367
 CVE-2018-0736
        RESERVED
-CVE-2018-0735 [Timing vulnerability in ECDSA signature generation]
-       RESERVED
+CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be 
vulnerable ...)
        - openssl <unfixed>
        - openssl1.0 <unfixed>
        NOTE: https://www.openssl.org/news/secadv/20181029.txt
@@ -50037,11 +50031,11 @@ CVE-2017-17028 (A buffer overflow vulnerability in 
external device function in Q
 CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS 
version ...)
        NOT-FOR-US: QNAP QTS
 CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM 
guest OS ...)
-       {DSA-4050-1 DLA-1230-1}
+       {DSA-4050-1 DLA-1559-1 DLA-1230-1}
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-247.html
 CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM 
guest OS ...)
-       {DSA-4050-1 DLA-1230-1}
+       {DSA-4050-1 DLA-1559-1 DLA-1230-1}
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-246.html
 CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM 
platform ...)
@@ -56879,16 +56873,16 @@ CVE-2017-15291 (Cross-site scripting (XSS) 
vulnerability in the Wireless MAC Fil
 CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x 
before ...)
        NOT-FOR-US: Mirasys Video Management System
 CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM 
PV guest ...)
-       {DSA-4050-1}
+       {DSA-4050-1 DLA-1559-1}
        - xen 4.8.2+xsa245-0+deb9u1
        [wheezy] - xen <ignored> (minor issue)
        NOTE: https://xenbits.xen.org/xsa/advisory-244.html
 CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM 
guest OS ...)
-       {DSA-4050-1 DLA-1181-1}
+       {DSA-4050-1 DLA-1559-1 DLA-1181-1}
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-243.html
 CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
-       {DSA-4050-1 DLA-1181-1}
+       {DSA-4050-1 DLA-1559-1 DLA-1181-1}
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-242.html
 CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
@@ -56896,7 +56890,7 @@ CVE-2017-15588 (An issue was discovered in Xen through 
4.9.x allowing x86 PV gue
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-241.html
 CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
-       {DSA-4050-1 DLA-1181-1}
+       {DSA-4050-1 DLA-1559-1 DLA-1181-1}
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-240.html
 CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM 
guest OS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc4cb7e012ce876d5b6574ab2ee291b3c0c43580

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc4cb7e012ce876d5b6574ab2ee291b3c0c43580
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to