Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4bad0e51 by security tracker role at 2018-12-12T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2018-20093
+ RESERVED
+CVE-2018-20092
+ RESERVED
+CVE-2018-20091
+ RESERVED
+CVE-2018-20090
+ RESERVED
+CVE-2018-20089
+ RESERVED
+CVE-2018-20088
+ RESERVED
+CVE-2018-20087
+ RESERVED
+CVE-2018-20086
+ RESERVED
+CVE-2018-20085
+ RESERVED
+CVE-2018-20084
+ RESERVED
+CVE-2018-20083
+ RESERVED
+CVE-2018-20082
+ RESERVED
+CVE-2018-20081
+ RESERVED
+CVE-2018-20080
+ RESERVED
+CVE-2018-20079
+ RESERVED
+CVE-2018-20078
+ RESERVED
+CVE-2018-20077
+ RESERVED
+CVE-2018-20076
+ RESERVED
+CVE-2018-20075
+ RESERVED
+CVE-2018-20074
+ RESERVED
+CVE-2018-20073
+ RESERVED
+CVE-2018-20072
+ RESERVED
+CVE-2018-20071
+ RESERVED
+CVE-2018-20070
+ RESERVED
+CVE-2018-20069
+ RESERVED
+CVE-2018-20068
+ RESERVED
+CVE-2018-20067
+ RESERVED
+CVE-2018-20066
+ RESERVED
+CVE-2018-20065
+ RESERVED
+CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary
files via ...)
+ TODO: check
CVE-2018-20063
RESERVED
CVE-2018-20062 (An issue was discovered in NoneCms V1.3.
thinkphp/library/think/App.php ...)
@@ -7725,8 +7785,8 @@ CVE-2018-18812
RESERVED
CVE-2018-18811
RESERVED
-CVE-2018-18810
- RESERVED
+CVE-2018-18810 (The Administrator Service component of TIBCO Software Inc.'s
TIBCO ...)
+ TODO: check
CVE-2018-18809
RESERVED
CVE-2018-18808
@@ -8784,8 +8844,7 @@ CVE-2018-18398 (Xfce Thunar 1.6.15, when Xfce 4.12 is
used, mishandles the IBus-
- thunar <unfixed> (unimportant)
NOTE: https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398/
NOTE: no security impact, crash in end user tool
-CVE-2018-18397 [userfaultfd bypasses tmpfs file permissions]
- RESERVED
+CVE-2018-18397 (The userfaultfd implementation in the Linux kernel before
4.19.7 ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -30311,8 +30370,8 @@ CVE-2018-10145
REJECTED
CVE-2018-10144
RESERVED
-CVE-2018-10143
- RESERVED
+CVE-2018-10143 (The Palo Alto Networks Expedition Migration tool 1.0.107 and
earlier ...)
+ TODO: check
CVE-2018-10142 (The Expedition Migration tool 1.0.106 and earlier may allow an
...)
NOT-FOR-US: Expedition Migration
CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS
before ...)
@@ -34167,14 +34226,14 @@ CVE-2018-8654
RESERVED
CVE-2018-8653
RESERVED
-CVE-2018-8652
- RESERVED
-CVE-2018-8651
- RESERVED
+CVE-2018-8652 (A Cross-site Scripting (XSS) vulnerability exists when Windows
Azure ...)
+ TODO: check
+CVE-2018-8651 (A cross site scripting vulnerability exists when Microsoft
Dynamics ...)
+ TODO: check
CVE-2018-8650
RESERVED
-CVE-2018-8649
- RESERVED
+CVE-2018-8649 (A denial of service vulnerability exists when Windows
improperly ...)
+ TODO: check
CVE-2018-8648
RESERVED
CVE-2018-8647
@@ -34185,60 +34244,60 @@ CVE-2018-8645
RESERVED
CVE-2018-8644
RESERVED
-CVE-2018-8643
- RESERVED
+CVE-2018-8643 (A remote code execution vulnerability exists in the way that
the ...)
+ TODO: check
CVE-2018-8642
RESERVED
-CVE-2018-8641
- RESERVED
+CVE-2018-8641 (An elevation of privilege vulnerability exists in Windows when
the ...)
+ TODO: check
CVE-2018-8640
RESERVED
-CVE-2018-8639
- RESERVED
-CVE-2018-8638
- RESERVED
-CVE-2018-8637
- RESERVED
-CVE-2018-8636
- RESERVED
-CVE-2018-8635
- RESERVED
-CVE-2018-8634
- RESERVED
+CVE-2018-8639 (An elevation of privilege vulnerability exists in Windows when
the ...)
+ TODO: check
+CVE-2018-8638 (An information disclosure vulnerability exists when DirectX
improperly ...)
+ TODO: check
+CVE-2018-8637 (An information disclosure vulnerability exists in Windows
kernel that ...)
+ TODO: check
+CVE-2018-8636 (A remote code execution vulnerability exists in Microsoft Excel
...)
+ TODO: check
+CVE-2018-8635 (An elevation of privilege vulnerability exists when Microsoft
...)
+ TODO: check
+CVE-2018-8634 (A remote code execution vulnerability exists in Windows where
...)
+ TODO: check
CVE-2018-8633
RESERVED
CVE-2018-8632
RESERVED
-CVE-2018-8631
- RESERVED
+CVE-2018-8631 (A remote code execution vulnerability exists when Internet
Explorer ...)
+ TODO: check
CVE-2018-8630
RESERVED
-CVE-2018-8629
- RESERVED
-CVE-2018-8628
- RESERVED
-CVE-2018-8627
- RESERVED
-CVE-2018-8626
- RESERVED
-CVE-2018-8625
- RESERVED
-CVE-2018-8624
- RESERVED
+CVE-2018-8629 (A remote code execution vulnerability exists in the way that
the ...)
+ TODO: check
+CVE-2018-8628 (A remote code execution vulnerability exists in Microsoft
PowerPoint ...)
+ TODO: check
+CVE-2018-8627 (An information disclosure vulnerability exists when Microsoft
Excel ...)
+ TODO: check
+CVE-2018-8626 (A remote code execution vulnerability exists in Windows Domain
Name ...)
+ TODO: check
+CVE-2018-8625 (A remote code execution vulnerability exists in the way that
the ...)
+ TODO: check
+CVE-2018-8624 (A remote code execution vulnerability exists in the way that
the ...)
+ TODO: check
CVE-2018-8623
RESERVED
-CVE-2018-8622
- RESERVED
-CVE-2018-8621
- RESERVED
+CVE-2018-8622 (An information disclosure vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2018-8621 (An information disclosure vulnerability exists when the Windows
kernel ...)
+ TODO: check
CVE-2018-8620
RESERVED
-CVE-2018-8619
- RESERVED
-CVE-2018-8618
- RESERVED
-CVE-2018-8617
- RESERVED
+CVE-2018-8619 (A remote code execution vulnerability exists when the Internet
...)
+ TODO: check
+CVE-2018-8618 (A remote code execution vulnerability exists in the way that
the ...)
+ TODO: check
+CVE-2018-8617 (A remote code execution vulnerability exists in the way that
the ...)
+ TODO: check
CVE-2018-8616
RESERVED
CVE-2018-8615
@@ -34247,10 +34306,10 @@ CVE-2018-8614
RESERVED
CVE-2018-8613
RESERVED
-CVE-2018-8612
- RESERVED
-CVE-2018-8611
- RESERVED
+CVE-2018-8612 (A Denial Of Service vulnerability exists when Connected User
...)
+ TODO: check
+CVE-2018-8611 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
CVE-2018-8610
RESERVED
CVE-2018-8609 (A remote code execution vulnerability exists in Microsoft
Dynamics 365 ...)
@@ -34263,8 +34322,8 @@ CVE-2018-8606 (A cross site scripting vulnerability
exists when Microsoft Dynami
NOT-FOR-US: Microsoft
CVE-2018-8605 (A cross site scripting vulnerability exists when Microsoft
Dynamics ...)
NOT-FOR-US: Microsoft
-CVE-2018-8604
- RESERVED
+CVE-2018-8604 (A tampering vulnerability exists when Microsoft Exchange Server
fails ...)
+ TODO: check
CVE-2018-8603
RESERVED
CVE-2018-8602 (A Cross-site Scripting (XSS) vulnerability exists when Team
Foundation ...)
@@ -34273,16 +34332,16 @@ CVE-2018-8601
RESERVED
CVE-2018-8600 (A Cross-site Scripting (XSS) vulnerability exists when Azure
App ...)
NOT-FOR-US: Microsoft
-CVE-2018-8599
- RESERVED
-CVE-2018-8598
- RESERVED
-CVE-2018-8597
- RESERVED
-CVE-2018-8596
- RESERVED
-CVE-2018-8595
- RESERVED
+CVE-2018-8599 (An elevation of privilege vulnerability exists when the
Diagnostics ...)
+ TODO: check
+CVE-2018-8598 (An information disclosure vulnerability exists when Microsoft
Excel ...)
+ TODO: check
+CVE-2018-8597 (A remote code execution vulnerability exists in Microsoft Excel
...)
+ TODO: check
+CVE-2018-8596 (An information disclosure vulnerability exists when the Windows
GDI ...)
+ TODO: check
+CVE-2018-8595 (An information disclosure vulnerability exists when the Windows
GDI ...)
+ TODO: check
CVE-2018-8594
RESERVED
CVE-2018-8593
@@ -34297,22 +34356,22 @@ CVE-2018-8589 (An elevation of privilege
vulnerability exists when Windows impro
NOT-FOR-US: Microsoft
CVE-2018-8588 (A remote code execution vulnerability exists in the way that
the ...)
NOT-FOR-US: Microsoft
-CVE-2018-8587
- RESERVED
+CVE-2018-8587 (A remote code execution vulnerability exists in Microsoft
Outlook ...)
+ TODO: check
CVE-2018-8586
RESERVED
CVE-2018-8585
RESERVED
CVE-2018-8584 (An elevation of privilege vulnerability exists when Windows
improperly ...)
NOT-FOR-US: Microsoft
-CVE-2018-8583
- RESERVED
+CVE-2018-8583 (A remote code execution vulnerability exists in the way that
the ...)
+ TODO: check
CVE-2018-8582 (A remote code execution vulnerability exists in the way that
Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2018-8581 (An elevation of privilege vulnerability exists in Microsoft
Exchange ...)
NOT-FOR-US: Microsoft
-CVE-2018-8580
- RESERVED
+CVE-2018-8580 (An information disclosure vulnerability exists where certain
modes of ...)
+ TODO: check
CVE-2018-8579 (An information disclosure vulnerability exists when attaching
files to ...)
NOT-FOR-US: Microsoft
CVE-2018-8578 (An information disclosure vulnerability exists when Microsoft
...)
@@ -34391,8 +34450,8 @@ CVE-2018-8542 (A remote code execution vulnerability
exists in the way that the
NOT-FOR-US: Microsoft
CVE-2018-8541 (A remote code execution vulnerability exists in the way that
the ...)
NOT-FOR-US: Microsoft
-CVE-2018-8540
- RESERVED
+CVE-2018-8540 (A remote code execution vulnerability exists when the Microsoft
.NET ...)
+ TODO: check
CVE-2018-8539 (A remote code execution vulnerability exists in Microsoft Word
...)
NOT-FOR-US: Microsoft
CVE-2018-8538
@@ -34437,14 +34496,14 @@ CVE-2018-8519
RESERVED
CVE-2018-8518 (An elevation of privilege vulnerability exists when Microsoft
...)
NOT-FOR-US: Microsoft
-CVE-2018-8517
- RESERVED
+CVE-2018-8517 (A denial of service vulnerability exists when .NET Framework
...)
+ TODO: check
CVE-2018-8516
RESERVED
CVE-2018-8515
RESERVED
-CVE-2018-8514
- RESERVED
+CVE-2018-8514 (An information disclosure vulnerability exists when Remote
Procedure ...)
+ TODO: check
CVE-2018-8513 (A remote code execution vulnerability exists in the way that
the ...)
NOT-FOR-US: Microsoft
CVE-2018-8512 (A security feature bypass vulnerability exists in Microsoft
Edge when ...)
@@ -34517,8 +34576,8 @@ CVE-2018-8479 (A spoofing vulnerability exists for the
Azure IoT Device Provisio
NOT-FOR-US: Azure
CVE-2018-8478
RESERVED
-CVE-2018-8477
- RESERVED
+CVE-2018-8477 (An information disclosure vulnerability exists when the Windows
kernel ...)
+ TODO: check
CVE-2018-8476 (A remote code execution vulnerability exists in the way that
Windows ...)
NOT-FOR-US: Microsoft
CVE-2018-8475 (A remote code execution vulnerability exists when Windows does
not ...)
@@ -39658,8 +39717,8 @@ CVE-2018-6705
RESERVED
CVE-2018-6704
RESERVED
-CVE-2018-6703
- RESERVED
+CVE-2018-6703 (Use After Free in McAfee Common service in McAfee Agent (MA)
5.0.0 ...)
+ TODO: check
CVE-2018-6702
RESERVED
CVE-2018-6701
@@ -52429,34 +52488,34 @@ CVE-2018-2507
RESERVED
CVE-2018-2506
RESERVED
-CVE-2018-2505
- RESERVED
-CVE-2018-2504
- RESERVED
-CVE-2018-2503
- RESERVED
-CVE-2018-2502
- RESERVED
+CVE-2018-2505 (SAP Commerce does not sufficiently validate user-controlled
inputs, ...)
+ TODO: check
+CVE-2018-2504 (SAP NetWeaver AS Java Web Container service does not validate
against ...)
+ TODO: check
+CVE-2018-2503 (By default, the SAP NetWeaver AS Java keystore service does not
...)
+ TODO: check
+CVE-2018-2502 (TRACE method is enabled in SAP Business One Service Layer .
Attacker ...)
+ TODO: check
CVE-2018-2501
RESERVED
-CVE-2018-2500
- RESERVED
+CVE-2018-2500 (Under certain conditions SAP Mobile Secure Android client
(before ...)
+ TODO: check
CVE-2018-2499
RESERVED
CVE-2018-2498
RESERVED
-CVE-2018-2497
- RESERVED
+CVE-2018-2497 (The security audit log of SAP HANA, versions 1.0 and 2.0, does
not log ...)
+ TODO: check
CVE-2018-2496
RESERVED
CVE-2018-2495
RESERVED
-CVE-2018-2494
- RESERVED
+CVE-2018-2494 (Necessary authorization checks for an authenticated user,
resulting in ...)
+ TODO: check
CVE-2018-2493
RESERVED
-CVE-2018-2492
- RESERVED
+CVE-2018-2492 (SAML 2.0 functionality in SAP NetWeaver AS Java, does not
sufficiently ...)
+ TODO: check
CVE-2018-2491 (When opening a deep link URL in SAP Fiori Client with log level
set to ...)
NOT-FOR-US: SAP
CVE-2018-2490 (The broadcast messages received by SAP Fiori Client are not
protected ...)
@@ -52467,8 +52526,8 @@ CVE-2018-2488 (It is possible for a malware application
installed on an Android
NOT-FOR-US: SAP
CVE-2018-2487 (SAP Disclosure Management 10.x allows an attacker to exploit
through a ...)
NOT-FOR-US: SAP
-CVE-2018-2486
- RESERVED
+CVE-2018-2486 (SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13,
1.14)) does ...)
+ TODO: check
CVE-2018-2485 (It is possible for a malicious application or malware to
execute ...)
NOT-FOR-US: SAP
CVE-2018-2484
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bad0e517b7b119236bd2a7da22fa48013945e86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bad0e517b7b119236bd2a7da22fa48013945e86
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
