Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df0f2b78 by security tracker role at 2018-12-14T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2018-20146
+ RESERVED
CVE-2018-XXXX [Several security issues versions 3.8-5.0]
- wordpress <unfixed> (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
@@ -48,8 +50,7 @@ CVE-2018-20123 [pvrdma: memory leakage in device hotplug]
- qemu <unfixed>
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html
-CVE-2018-20145 [mosquitto acl bypass]
- RESERVED
+CVE-2018-20145 (Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the
option ...)
- mosquitto 1.5.5-1
[stretch] - mosquitto <not-affected> (Only affects 1.5.x)
[jessie] - mosquitto <not-affected> (Only affects 1.5.x)
@@ -9854,16 +9855,16 @@ CVE-2018-18099
RESERVED
CVE-2018-18098
RESERVED
-CVE-2018-18097
- RESERVED
-CVE-2018-18096
- RESERVED
+CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive
Toolbox ...)
+ TODO: check
+CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for
Linux ...)
+ TODO: check
CVE-2018-18095
RESERVED
CVE-2018-18094
RESERVED
-CVE-2018-18093
- RESERVED
+CVE-2018-18093 (Improper file permissions in the installer for Intel VTune
Amplifier ...)
+ TODO: check
CVE-2018-18092
RESERVED
CVE-2018-18091
@@ -12808,8 +12809,7 @@ CVE-2018-16873 [cmd/go: remote command execution during
"go get -u"]
NOTE:
https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972
(1.10.6)
NOTE:
https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be
(1.10.6)
TODO: check other versions
-CVE-2018-16872 [usb-mtp: path traversal by host filesystem manipulation in
Media Transfer Protocol (MTP)]
- RESERVED
+CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The
code ...)
- qemu <unfixed> (bug #916397)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html
@@ -15717,12 +15717,12 @@ CVE-2018-15778
RESERVED
CVE-2018-15777
RESERVED
-CVE-2018-15776
- RESERVED
+CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an
...)
+ TODO: check
CVE-2018-15775
RESERVED
-CVE-2018-15774
- RESERVED
+CVE-2018-15774 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9
...)
+ TODO: check
CVE-2018-15773 (Dell Encryption (formerly Dell Data Protection | Encryption)
v10.1.0 ...)
NOT-FOR-US: Dell
CVE-2018-15772 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and
RecoverPoint for ...)
@@ -15763,8 +15763,8 @@ CVE-2018-15756 (Spring Framework, version 5.1, versions
5.0.x prior to 5.0.10, .
NOTE: https://pivotal.io/security/cve-2018-15756
CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to
2.16.0, ...)
NOT-FOR-US: Cloud Foundry
-CVE-2018-15754
- RESERVED
+CVE-2018-15754 (Cloud Foundry UAA, all versions in v60.x, v61.x, v62.x, v63.x,
and ...)
+ TODO: check
CVE-2018-15753 (An issue was discovered in the MensaMax (aka
com.breustedt.mensamax) ...)
NOT-FOR-US: MensaMax application for Android
CVE-2018-15752 (An issue was discovered in the MensaMax (aka
com.breustedt.mensamax) ...)
@@ -18546,8 +18546,7 @@ CVE-2018-14624 (A vulnerability was discovered in
389-ds-base through versions .
NOTE: https://pagure.io/389-ds-base/c/8ff8cb850 (master)
NOTE: https://pagure.io/389-ds-base/c/c5e78249d (389-ds-base-1.3.8)
NOTE: https://pagure.io/389-ds-base/c/9f28620d2 (389-ds-base-1.3.7)
-CVE-2018-14623
- RESERVED
+CVE-2018-14623 (A SQL injection flaw was found in katello's errata-related
API. An ...)
NOT-FOR-US: Katello
CVE-2018-14622 (A null-pointer dereference vulnerability was found in libtirpc
before ...)
{DLA-1487-1}
@@ -24924,8 +24923,8 @@ CVE-2018-12208
RESERVED
CVE-2018-12207
RESERVED
-CVE-2018-12206
- RESERVED
+CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist
...)
+ TODO: check
CVE-2018-12205
RESERVED
CVE-2018-12204
@@ -39885,8 +39884,8 @@ CVE-2018-6709
RESERVED
CVE-2018-6708
RESERVED
-CVE-2018-6707
- RESERVED
+CVE-2018-6707 (Denial of Service through Resource Depletion vulnerability in
the ...)
+ TODO: check
CVE-2018-6706 (Insecure handling of temporary files in non-Windows McAfee
Agent 5.0.0 ...)
NOT-FOR-US: McAfee
CVE-2018-6705 (Privilege escalation vulnerability in McAfee Agent (MA) for
Linux ...)
@@ -44128,8 +44127,8 @@ CVE-2018-5413
RESERVED
CVE-2018-5412
RESERVED
-CVE-2018-5411
- RESERVED
+CVE-2018-5411 (Pixar's Tractor software, versions 2.2 and earlier, contain a
stored ...)
+ TODO: check
CVE-2018-5410
RESERVED
CVE-2018-5409
@@ -48800,10 +48799,10 @@ CVE-2018-3707
RESERVED
CVE-2018-3706
RESERVED
-CVE-2018-3705
- RESERVED
-CVE-2018-3704
- RESERVED
+CVE-2018-3705 (Improper directory permissions in the installer for the Intel
System ...)
+ TODO: check
+CVE-2018-3704 (Improper directory permissions in the installer for the Intel
Parallel ...)
+ TODO: check
CVE-2018-3703
RESERVED
CVE-2018-3702
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df0f2b78a113ff18affa4ebc95b3a82168e74f7b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df0f2b78a113ff18affa4ebc95b3a82168e74f7b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
