Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0cad06c by security tracker role at 2019-04-03T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,139 @@
+CVE-2019-10741
+ RESERVED
+CVE-2019-10740
+ RESERVED
+CVE-2019-10739
+ RESERVED
+CVE-2019-10738
+ RESERVED
+CVE-2019-10737
+ RESERVED
+CVE-2019-10736
+ RESERVED
+CVE-2019-10735
+ RESERVED
+CVE-2019-10734
+ RESERVED
+CVE-2019-10733
+ RESERVED
+CVE-2019-10732
+ RESERVED
+CVE-2019-10731
+ RESERVED
+CVE-2019-10730
+ RESERVED
+CVE-2019-10729
+ RESERVED
+CVE-2019-10728
+ RESERVED
+CVE-2019-10727
+ RESERVED
+CVE-2019-10726
+ RESERVED
+CVE-2019-10725
+ RESERVED
+CVE-2019-10724
+ RESERVED
+CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache
class i ...)
+ TODO: check
+CVE-2019-1003099
+ RESERVED
+CVE-2019-1003098
+ RESERVED
+CVE-2019-1003097
+ RESERVED
+CVE-2019-1003096
+ RESERVED
+CVE-2019-1003095
+ RESERVED
+CVE-2019-1003094
+ RESERVED
+CVE-2019-1003093
+ RESERVED
+CVE-2019-1003092
+ RESERVED
+CVE-2019-1003091
+ RESERVED
+CVE-2019-1003090
+ RESERVED
+CVE-2019-1003089
+ RESERVED
+CVE-2019-1003088
+ RESERVED
+CVE-2019-1003087
+ RESERVED
+CVE-2019-1003086
+ RESERVED
+CVE-2019-1003085
+ RESERVED
+CVE-2019-1003084
+ RESERVED
+CVE-2019-1003083
+ RESERVED
+CVE-2019-1003082
+ RESERVED
+CVE-2019-1003081
+ RESERVED
+CVE-2019-1003080
+ RESERVED
+CVE-2019-1003079
+ RESERVED
+CVE-2019-1003078
+ RESERVED
+CVE-2019-1003077
+ RESERVED
+CVE-2019-1003076
+ RESERVED
+CVE-2019-1003075
+ RESERVED
+CVE-2019-1003074
+ RESERVED
+CVE-2019-1003073
+ RESERVED
+CVE-2019-1003072
+ RESERVED
+CVE-2019-1003071
+ RESERVED
+CVE-2019-1003070
+ RESERVED
+CVE-2019-1003069
+ RESERVED
+CVE-2019-1003068
+ RESERVED
+CVE-2019-1003067
+ RESERVED
+CVE-2019-1003066
+ RESERVED
+CVE-2019-1003065
+ RESERVED
+CVE-2019-1003064
+ RESERVED
+CVE-2019-1003063
+ RESERVED
+CVE-2019-1003062
+ RESERVED
+CVE-2019-1003061
+ RESERVED
+CVE-2019-1003060
+ RESERVED
+CVE-2019-1003059
+ RESERVED
+CVE-2019-1003058
+ RESERVED
+CVE-2019-1003057
+ RESERVED
+CVE-2019-1003056
+ RESERVED
+CVE-2019-1003055
+ RESERVED
+CVE-2019-1003054
+ RESERVED
+CVE-2019-1003053
+ RESERVED
+CVE-2019-1003052
+ RESERVED
+CVE-2019-1003051
+ RESERVED
CVE-2019-XXXX [Guessing order on field without access]
- tryton-server <unfixed>
NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262
@@ -932,7 +1068,7 @@ CVE-2019-10269 (BWA (aka Burrow-Wheeler Aligner) before
2019-01-23 has a stack-b
NOTE: https://github.com/lh3/bwa/pull/232
NOTE:
https://github.com/lh3/bwa/commit/20d0a13092aa4cb73230492b05f9697d5ef0b88e
CVE-2019-10268
- RESERVED
+ REJECTED
CVE-2019-10267
RESERVED
CVE-2019-10266
@@ -951,8 +1087,8 @@ CVE-2019-1002101 (The kubectl cp command allows copying
files between containers
- kubernetes <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by:
https://github.com/kubernetes/kubernetes/commit/b1f85e2dfec6e64d8e1bc272251277df0058ab20
NOTE: Upstream patch:
https://github.com/kubernetes/kubernetes/pull/75037
-CVE-2019-10261
- RESERVED
+CVE-2019-10261 (CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to
Stored/Persistent XS ...)
+ TODO: check
CVE-2019-10260 (Total.js CMS 12.0.0 has XSS related to
themes/admin/views/index.html ( ...)
NOT-FOR-US: Total.js CMS
CVE-2019-10259
@@ -1013,8 +1149,8 @@ CVE-2019-10242
RESERVED
CVE-2019-10241
RESERVED
-CVE-2019-10240
- RESERVED
+CVE-2019-10240 (Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build
artifac ...)
+ TODO: check
CVE-2017-18365 (The Management Console in GitHub Enterprise 2.8.x before 2.8.7
has a d ...)
NOT-FOR-US: GitHub Enterprise
CVE-2019-10239
@@ -1792,10 +1928,12 @@ CVE-2019-9900
CVE-2019-9899
RESERVED
CVE-2019-9898 (Potential recycling of random numbers used in cryptography
exists with ...)
+ {DSA-4423-1}
- putty 0.70-6
NOTE:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rng-reuse.html
NOTE:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=320bf8479ff5bcbad239db4f9f4aa63656b0675e
CVE-2019-9897 (Multiple denial-of-service attacks that can be triggered by
writing to ...)
+ {DSA-4423-1}
- putty 0.70-6
NOTE:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-one-column-cjk.html
NOTE:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=03777723e553024e94d8bfcf182f3a2e92ffb914
@@ -1806,10 +1944,12 @@ CVE-2019-9897 (Multiple denial-of-service attacks that
can be triggered by writi
CVE-2019-9896 (In PuTTY versions before 0.71 on Windows, local attackers could
hijack ...)
- putty <not-affected> (Only affects PuTTY specific on Windows)
CVE-2019-9895 (In PuTTY versions before 0.71 on Unix, a remotely triggerable
buffer o ...)
+ {DSA-4423-1}
- putty 0.70-6
NOTE:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-fd-set-overflow.html
NOTE:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=5c926d9ea4a9e0a0a2384f06c7583648cdff3ed6
CVE-2019-9894 (A remotely triggerable memory overwrite in RSA key exchange in
PuTTY b ...)
+ {DSA-4423-1}
- putty 0.70-6
NOTE:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rsa-kex-integer-overflow.html
NOTE:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d82854999516046122501b2e145099740ed0284f
@@ -2932,6 +3072,7 @@ CVE-2019-9743 (An issue was discovered on PHOENIX CONTACT
RAD-80211-XD and RAD-8
CVE-2019-9742 (gdwfpcd.sys in G Data Total Security before 2019-02-22 allows
an attac ...)
NOT-FOR-US: G Data Total Security
CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF
injection is po ...)
+ {DLA-1749-1}
- golang-1.12 1.12-1
- golang-1.11 1.11.6-1 (bug #924630)
- golang-1.8 <removed>
@@ -13491,12 +13632,12 @@ CVE-2019-5425
RESERVED
CVE-2019-5424
RESERVED
-CVE-2019-5423
- RESERVED
-CVE-2019-5422
- RESERVED
-CVE-2019-5421
- RESERVED
+CVE-2019-5423 (Path traversal vulnerability in http-live-simulator npm package
versio ...)
+ TODO: check
+CVE-2019-5422 (XSS in buttle npm package version 0.2.0 causes execution of
attacker-p ...)
+ TODO: check
+CVE-2019-5421 (Plataformatec Devise version 4.5.0 and earlier, using the
lockable mod ...)
+ TODO: check
CVE-2019-5420 (A remote code execution vulnerability in development mode Rails
<5. ...)
- rails 2:5.2.2.1+dfsg-1 (bug #924521)
[jessie] - rails <not-affected> (vulnerable code is not present in 4.x)
@@ -16344,8 +16485,8 @@ CVE-2019-4016 (IBM DB2 for Linux, UNIX and Windows
(includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2019-4015 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
NOT-FOR-US: IBM
-CVE-2019-4014
- RESERVED
+CVE-2019-4014 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
+ TODO: check
CVE-2019-4013
RESERVED
CVE-2019-4012
@@ -18242,10 +18383,10 @@ CVE-2018-20507 [Missing authentication for Prometheus
alert endpoint]
RESERVED
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20506
- RESERVED
-CVE-2018-20505
- RESERVED
+CVE-2018-20506 (SQLite before 3.25.3, when the FTS3 extension is enabled,
encounters a ...)
+ TODO: check
+CVE-2018-20505 (SQLite 3.25.2, when queries are run on a table with a
malformed PRIMAR ...)
+ TODO: check
CVE-2018-20504
RESERVED
CVE-2018-20503
@@ -28365,6 +28506,7 @@ CVE-2019-0221
RESERVED
CVE-2019-0220 [Apache httpd URL normalization inconsistincy]
RESERVED
+ {DSA-4422-1 DLA-1748-1}
- apache2 <unfixed>
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220
NOTE: https://svn.apache.org/r1855737
@@ -28375,6 +28517,7 @@ CVE-2019-0218
RESERVED
CVE-2019-0217 [mod_auth_digest access control bypass]
RESERVED
+ {DSA-4422-1 DLA-1748-1}
- apache2 <unfixed>
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217
NOTE: https://svn.apache.org/r1855298
@@ -28394,6 +28537,7 @@ CVE-2019-0212 (In all previously released Apache HBase
2.x versions (2.0.0-2.0.4
NOT-FOR-US: Apache HBase
CVE-2019-0211 [Apache HTTP Server privilege escalation from modules' scripts]
RESERVED
+ {DSA-4422-1}
- apache2 <unfixed>
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
@@ -28437,6 +28581,7 @@ CVE-2019-0197 [mod_http2, possible crash on late
upgrade]
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0197
CVE-2019-0196 [mod_http2, read-after-free on a string compare]
RESERVED
+ {DSA-4422-1}
- apache2 <unfixed>
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE: NOTE: HTTP/2 support introduced in 2.4.17
@@ -34022,7 +34167,7 @@ CVE-2018-17201
CVE-2018-17200
RESERVED
CVE-2018-17199 (In Apache HTTP Server 2.4 release 2.4.37 and prior,
mod_session checks ...)
- {DLA-1647-1}
+ {DSA-4422-1 DLA-1647-1}
- apache2 2.4.38-1 (low; bug #920303)
NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3
NOTE: 2.4.x http://svn.apache.org/r1851409
@@ -34052,6 +34197,7 @@ CVE-2018-17191 (Apache NetBeans (incubating) 9.0
NetBeans Proxy Auto-Configurati
CVE-2018-17190 (In all versions of Apache Spark, its standalone resource
manager accep ...)
NOT-FOR-US: Apache Spark
CVE-2018-17189 (In Apache HTTP server versions 2.4.37 and prior, by sending
request bo ...)
+ {DSA-4422-1}
- apache2 2.4.38-1 (low; bug #920302)
[jessie] - apache2 <not-affected> (Vulnerable code not present)
NOTE: HTTP/2 support introduced in 2.4.17
@@ -36640,7 +36786,7 @@ CVE-2018-16237 (An issue was discovered in damiCMS
V6.0.1. There is Directory Tr
NOT-FOR-US: damiCMS
CVE-2018-16236 (cPanel through 74 allows XSS via a crafted filename in the
logs subdir ...)
NOT-FOR-US: cPanel
-CVE-2018-16235 (Telligent Community 6.x, 7.x, 8.x, 9.x, and 10.x up to
10.1.10.11792 h ...)
+CVE-2018-16235 (Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796,
10.1.x bef ...)
NOT-FOR-US: Telligent Community
CVE-2018-16234 (MorningStar WhatWeb 0.4.9 has XSS via JSON report files. ...)
NOT-FOR-US: MorningStar WhatWeb
@@ -68994,8 +69140,8 @@ CVE-2018-4472
RESERVED
CVE-2018-4471
RESERVED
-CVE-2018-4470
- RESERVED
+CVE-2018-4470 (A privacy issue in the handling of Open Directory records was
addresse ...)
+ TODO: check
CVE-2018-4469
RESERVED
CVE-2018-4468
@@ -69004,29 +69150,28 @@ CVE-2018-4467
RESERVED
CVE-2018-4466
RESERVED
-CVE-2018-4465
- RESERVED
-CVE-2018-4464
- RESERVED
+CVE-2018-4465 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4464 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
NOTE: Not covered by security support
-CVE-2018-4463
- RESERVED
-CVE-2018-4462
- RESERVED
-CVE-2018-4461
- RESERVED
-CVE-2018-4460
- RESERVED
+CVE-2018-4463 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4462 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
+CVE-2018-4461 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4460 (A denial of service issue was addressed by removing the
vulnerable cod ...)
+ TODO: check
CVE-2018-4459
RESERVED
CVE-2018-4458
RESERVED
CVE-2018-4457
RESERVED
-CVE-2018-4456
- RESERVED
+CVE-2018-4456 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
CVE-2018-4455
RESERVED
CVE-2018-4454
@@ -69037,142 +69182,135 @@ CVE-2018-4452
RESERVED
CVE-2018-4451
RESERVED
-CVE-2018-4450
- RESERVED
-CVE-2018-4449
- RESERVED
+CVE-2018-4450 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4449 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2018-4448
RESERVED
-CVE-2018-4447
- RESERVED
-CVE-2018-4446
- RESERVED
-CVE-2018-4445
- RESERVED
+CVE-2018-4447 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
+CVE-2018-4446 (This issue was addressed with improved entitlements. This issue
affect ...)
+ TODO: check
+CVE-2018-4445 ("Clear History and Website Data" did not clear the history. The
issue ...)
+ TODO: check
CVE-2018-4444
RESERVED
-CVE-2018-4443
- RESERVED
+CVE-2018-4443 (A memory corruption issue was addressed with improved memory
handling. ...)
- webkit2gtk 2.22.3-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
NOTE: Not covered by security support
-CVE-2018-4442
- RESERVED
+CVE-2018-4442 (A memory corruption issue was addressed with improved memory
handling. ...)
- webkit2gtk 2.22.3-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
NOTE: Not covered by security support
-CVE-2018-4441
- RESERVED
+CVE-2018-4441 (A memory corruption issue was addressed with improved memory
handling. ...)
- webkit2gtk 2.22.3-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
NOTE: Not covered by security support
-CVE-2018-4440
- RESERVED
-CVE-2018-4439
- RESERVED
-CVE-2018-4438
- RESERVED
+CVE-2018-4440 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2018-4439 (A logic issue was addressed with improved validation. This
issue affec ...)
+ TODO: check
+CVE-2018-4438 (A logic issue existed resulting in memory corruption. This was
address ...)
- webkit2gtk 2.22.3-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
NOTE: Not covered by security support
-CVE-2018-4437
- RESERVED
+CVE-2018-4437 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.5-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
NOTE: Not covered by security support
-CVE-2018-4436
- RESERVED
-CVE-2018-4435
- RESERVED
-CVE-2018-4434
- RESERVED
+CVE-2018-4436 (A certificate validation issue existed in configuration
profiles. This ...)
+ TODO: check
+CVE-2018-4435 (A logic issue was addressed with improved restrictions. This
issue aff ...)
+ TODO: check
+CVE-2018-4434 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2018-4433
RESERVED
CVE-2018-4432
RESERVED
-CVE-2018-4431
- RESERVED
-CVE-2018-4430
- RESERVED
-CVE-2018-4429
- RESERVED
+CVE-2018-4431 (A memory initialization issue was addressed with improved
memory handl ...)
+ TODO: check
+CVE-2018-4430 (A lock screen issue allowed access to contacts on a locked
device. Thi ...)
+ TODO: check
+CVE-2018-4429 (A spoofing issue existed in the handling of URLs. This issue
was addre ...)
+ TODO: check
CVE-2018-4428
RESERVED
-CVE-2018-4427
- RESERVED
-CVE-2018-4426
- RESERVED
-CVE-2018-4425
- RESERVED
-CVE-2018-4424
- RESERVED
-CVE-2018-4423
- RESERVED
-CVE-2018-4422
- RESERVED
-CVE-2018-4421
- RESERVED
-CVE-2018-4420
- RESERVED
-CVE-2018-4419
- RESERVED
-CVE-2018-4418
- RESERVED
-CVE-2018-4417
- RESERVED
-CVE-2018-4416
- RESERVED
+CVE-2018-4427 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4426 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4425 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4424 (A buffer overflow was addressed with improved size validation.
This is ...)
+ TODO: check
+CVE-2018-4423 (A logic issue was addressed with improved validation. This
issue affec ...)
+ TODO: check
+CVE-2018-4422 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4421 (A memory initialization issue was addressed with improved
memory handl ...)
+ TODO: check
+CVE-2018-4420 (A memory corruption issue was addressed by removing the
vulnerable cod ...)
+ TODO: check
+CVE-2018-4419 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4418 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
+CVE-2018-4417 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
+CVE-2018-4416 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4415
- RESERVED
-CVE-2018-4414
- RESERVED
-CVE-2018-4413
- RESERVED
-CVE-2018-4412
- RESERVED
-CVE-2018-4411
- RESERVED
-CVE-2018-4410
- RESERVED
-CVE-2018-4409
- RESERVED
-CVE-2018-4408
- RESERVED
-CVE-2018-4407
- RESERVED
-CVE-2018-4406
- RESERVED
+CVE-2018-4415 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4414 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4413 (A memory initialization issue was addressed with improved
memory handl ...)
+ TODO: check
+CVE-2018-4412 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4411 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4410 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4409 (A resource exhaustion issue was addressed with improved input
validati ...)
+ TODO: check
+CVE-2018-4408 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4407 (A memory corruption issue was addressed with improved
validation. This ...)
+ TODO: check
+CVE-2018-4406 (A denial of service issue was addressed with improved
validation. This ...)
+ TODO: check
CVE-2018-4405
RESERVED
CVE-2018-4404 (In iOS before 11.4 and macOS High Sierra before 10.13.5, a
memory corr ...)
NOT-FOR-US: Apple
-CVE-2018-4403
- RESERVED
-CVE-2018-4402
- RESERVED
-CVE-2018-4401
- RESERVED
-CVE-2018-4400
- RESERVED
-CVE-2018-4399
- RESERVED
-CVE-2018-4398
- RESERVED
-CVE-2018-4397
- RESERVED
-CVE-2018-4396
- RESERVED
-CVE-2018-4395
- RESERVED
-CVE-2018-4394
- RESERVED
-CVE-2018-4393
- RESERVED
-CVE-2018-4392
- RESERVED
+CVE-2018-4403 (This issue was addressed by removing additional entitlements.
This iss ...)
+ TODO: check
+CVE-2018-4402 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4401 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4400 (A validation issue was addressed with improved logic. This
issue affec ...)
+ TODO: check
+CVE-2018-4399 (An access issue existed with privileged API calls. This issue
was addr ...)
+ TODO: check
+CVE-2018-4398 (An issue existed in the method for determining prime numbers.
This iss ...)
+ TODO: check
+CVE-2018-4397 (Analytics data was sent using HTTP rather than HTTPS. This was
address ...)
+ TODO: check
+CVE-2018-4396 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
+CVE-2018-4395 (This issue was addressed with improved checks. This issue
affected ver ...)
+ TODO: check
+CVE-2018-4394 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4393 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4392 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
@@ -69180,259 +69318,234 @@ CVE-2018-4391
RESERVED
CVE-2018-4390
RESERVED
-CVE-2018-4389
- RESERVED
-CVE-2018-4388
- RESERVED
-CVE-2018-4387
- RESERVED
-CVE-2018-4386
- RESERVED
+CVE-2018-4389 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
+CVE-2018-4388 (A lock screen issue allowed access to the share function on a
locked d ...)
+ TODO: check
+CVE-2018-4387 (A lock screen issue allowed access to photos via Reply With
Message on ...)
+ TODO: check
+CVE-2018-4386 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.3-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4385
- RESERVED
-CVE-2018-4384
- RESERVED
-CVE-2018-4383
- RESERVED
-CVE-2018-4382
- RESERVED
+CVE-2018-4385 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2018-4384 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4383 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
+CVE-2018-4382 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
CVE-2018-4381
RESERVED
-CVE-2018-4380
- RESERVED
-CVE-2018-4379
- RESERVED
-CVE-2018-4378
- RESERVED
+CVE-2018-4380 (A lock screen issue allowed access to photos and contacts on a
locked ...)
+ TODO: check
+CVE-2018-4379 (A lock screen issue allowed access to the share function on a
locked d ...)
+ TODO: check
+CVE-2018-4378 (A memory corruption issue was addressed with improved
validation. This ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4377
- RESERVED
-CVE-2018-4376
- RESERVED
+CVE-2018-4377 (A cross-site scripting issue existed in Safari. This issue was
address ...)
+ TODO: check
+CVE-2018-4376 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4375
- RESERVED
+CVE-2018-4375 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4374
- RESERVED
-CVE-2018-4373
- RESERVED
+CVE-2018-4374 (A logic issue was addressed with improved validation. This
issue affec ...)
+ TODO: check
+CVE-2018-4373 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4372
- RESERVED
+CVE-2018-4372 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.4-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4371
- RESERVED
+CVE-2018-4371 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2018-4370
RESERVED
-CVE-2018-4369
- RESERVED
-CVE-2018-4368
- RESERVED
-CVE-2018-4367
- RESERVED
-CVE-2018-4366
- RESERVED
-CVE-2018-4365
- RESERVED
+CVE-2018-4369 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2018-4368 (A denial of service issue was addressed with improved
validation. This ...)
+ TODO: check
+CVE-2018-4367 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4366 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4365 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
CVE-2018-4364
RESERVED
-CVE-2018-4363
- RESERVED
-CVE-2018-4362
- RESERVED
-CVE-2018-4361
- RESERVED
+CVE-2018-4363 (An input validation issue existed in the kernel. This issue was
addres ...)
+ TODO: check
+CVE-2018-4362 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
+CVE-2018-4361 (A memory consumption issue was addressed with improved memory
handling ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4360
- RESERVED
-CVE-2018-4359
- RESERVED
+CVE-2018-4360 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
+CVE-2018-4359 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4358
- RESERVED
+CVE-2018-4358 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4357
- RESERVED
-CVE-2018-4356
- RESERVED
-CVE-2018-4355
- RESERVED
-CVE-2018-4354
- RESERVED
-CVE-2018-4353
- RESERVED
-CVE-2018-4352
- RESERVED
-CVE-2018-4351
- RESERVED
-CVE-2018-4350
- RESERVED
+CVE-2018-4357 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4356 (A permissions issue existed. This issue was addressed with
improved pe ...)
+ TODO: check
+CVE-2018-4355 (A configuration issue was addressed with additional
restrictions. This ...)
+ TODO: check
+CVE-2018-4354 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4353 (A configuration issue was addressed with additional
restrictions. This ...)
+ TODO: check
+CVE-2018-4352 (A consistency issue existed in the handling of application
snapshots. ...)
+ TODO: check
+CVE-2018-4351 (A memory initialization issue was addressed with improved
memory handl ...)
+ TODO: check
+CVE-2018-4350 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
CVE-2018-4349
RESERVED
-CVE-2018-4348
- RESERVED
-CVE-2018-4347
- RESERVED
-CVE-2018-4346
- RESERVED
-CVE-2018-4345
- RESERVED
+CVE-2018-4348 (A validation issue was addressed with improved logic. This
issue affec ...)
+ TODO: check
+CVE-2018-4347 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2018-4346 (A validation issue existed which allowed local file access.
This was a ...)
+ TODO: check
+CVE-2018-4345 (A cross-site scripting issue existed in Safari. This issue was
address ...)
- webkit2gtk 2.22.3-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4344
- RESERVED
-CVE-2018-4343
- RESERVED
-CVE-2018-4342
- RESERVED
-CVE-2018-4341
- RESERVED
-CVE-2018-4340
- RESERVED
+CVE-2018-4344 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4343 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4342 (A configuration issue was addressed with additional
restrictions. This ...)
+ TODO: check
+CVE-2018-4341 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4340 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2018-4339
RESERVED
-CVE-2018-4338
- RESERVED
-CVE-2018-4337
- RESERVED
-CVE-2018-4336
- RESERVED
-CVE-2018-4335
- RESERVED
-CVE-2018-4334
- RESERVED
-CVE-2018-4333
- RESERVED
-CVE-2018-4332
- RESERVED
-CVE-2018-4331
- RESERVED
+CVE-2018-4338 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
+CVE-2018-4337 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4336 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4335 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
+CVE-2018-4334 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4333 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
+CVE-2018-4332 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4331 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2018-4330 (In iOS before 11.4, a memory corruption issue exists and was
addressed ...)
NOT-FOR-US: Apple
-CVE-2018-4329
- RESERVED
-CVE-2018-4328
- RESERVED
+CVE-2018-4329 (Clearing a history item may not clear visits with redirect
chains. The ...)
+ TODO: check
+CVE-2018-4328 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4327
- RESERVED
-CVE-2018-4326
- RESERVED
-CVE-2018-4325
- RESERVED
-CVE-2018-4324
- RESERVED
-CVE-2018-4323
- RESERVED
+CVE-2018-4327 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4326 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4325 (A logic issue was addressed with improved restrictions. This
issue aff ...)
+ TODO: check
+CVE-2018-4324 (A permissions issue existed in the handling of the Apple ID.
This issu ...)
+ TODO: check
+CVE-2018-4323 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4322
- RESERVED
-CVE-2018-4321
- RESERVED
+CVE-2018-4322 (This issue was addressed with improved entitlements. This issue
affect ...)
+ TODO: check
+CVE-2018-4321 (A validation issue existed in the entitlement verification.
This issue ...)
+ TODO: check
CVE-2018-4320
RESERVED
-CVE-2018-4319
- RESERVED
+CVE-2018-4319 (A cross-origin issue existed with "iframe" elements. This was
addresse ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4318
- RESERVED
+CVE-2018-4318 (A use after free issue was addressed with improved memory
management. ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4317
- RESERVED
+CVE-2018-4317 (A use after free issue was addressed with improved memory
management. ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4316
- RESERVED
+CVE-2018-4316 (A memory corruption issue was addressed with improved state
management ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4315
- RESERVED
+CVE-2018-4315 (A use after free issue was addressed with improved memory
management. ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4314
- RESERVED
+CVE-2018-4314 (A use after free issue was addressed with improved memory
management. ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4313
- RESERVED
-CVE-2018-4312
- RESERVED
+CVE-2018-4313 (A consistency issue existed in the handling of application
snapshots. ...)
+ TODO: check
+CVE-2018-4312 (A use after free issue was addressed with improved memory
management. ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4311
- RESERVED
+CVE-2018-4311 (The issue was addressed by removing origin information. This
issue aff ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4310
- RESERVED
-CVE-2018-4309
- RESERVED
+CVE-2018-4310 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
+CVE-2018-4309 (A cross-site scripting issue existed in Safari. This issue was
address ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4308
- RESERVED
-CVE-2018-4307
- RESERVED
-CVE-2018-4306
- RESERVED
+CVE-2018-4308 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2018-4307 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2018-4306 (A use after free issue was addressed with improved memory
management. ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
-CVE-2018-4305
- RESERVED
-CVE-2018-4304
- RESERVED
-CVE-2018-4303
- RESERVED
+CVE-2018-4305 (An input validation issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4304 (A denial of service issue was addressed with improved
validation. This ...)
+ TODO: check
+CVE-2018-4303 (An input validation issue was addressed with improved input
validation ...)
+ TODO: check
CVE-2018-4302
RESERVED
CVE-2018-4301
RESERVED
NOT-FOR-US: Apple
-CVE-2018-4300
- RESERVED
+CVE-2018-4300 (The session cookie generated by the CUPS web interface was easy
to gue ...)
NOT-FOR-US: Apple
-CVE-2018-4299
- RESERVED
+CVE-2018-4299 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
@@ -69442,101 +69555,91 @@ CVE-2018-4297
RESERVED
CVE-2018-4296
RESERVED
-CVE-2018-4295
- RESERVED
+CVE-2018-4295 (An input validation issue was addressed with improved input
validation ...)
+ TODO: check
CVE-2018-4294
RESERVED
-CVE-2018-4293
- RESERVED
+CVE-2018-4293 (A cookie management issue was addressed with improved checks.
This iss ...)
+ TODO: check
CVE-2018-4292
RESERVED
-CVE-2018-4291
- RESERVED
-CVE-2018-4290
- RESERVED
-CVE-2018-4289
- RESERVED
-CVE-2018-4288
- RESERVED
-CVE-2018-4287
- RESERVED
-CVE-2018-4286
- RESERVED
-CVE-2018-4285
- RESERVED
-CVE-2018-4284
- RESERVED
+CVE-2018-4291 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
+CVE-2018-4290 (A denial of service issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4289 (An information disclosure issue was addressed by removing the
vulnerab ...)
+ TODO: check
+CVE-2018-4288 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
+CVE-2018-4287 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
+CVE-2018-4286 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
+CVE-2018-4285 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ TODO: check
+CVE-2018-4284 (A type confusion issue was addressed with improved memory
handling. Th ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4283
- RESERVED
-CVE-2018-4282
- RESERVED
+CVE-2018-4283 (An out-of-bounds read issue existed that led to the disclosure
of kern ...)
+ TODO: check
+CVE-2018-4282 (An out-of-bounds read issue existed that led to the disclosure
of kern ...)
+ TODO: check
CVE-2018-4281 (In SwiftNIO before 1.8.0, a buffer overflow was addressed with
improve ...)
NOT-FOR-US: Apple
-CVE-2018-4280
- RESERVED
-CVE-2018-4279
- RESERVED
+CVE-2018-4280 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4279 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
CVE-2018-4278 (In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS
before 11 ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4277 (In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1,
Safari ...)
NOT-FOR-US: Apple
-CVE-2018-4276
- RESERVED
-CVE-2018-4275
- RESERVED
-CVE-2018-4274
- RESERVED
-CVE-2018-4273
- RESERVED
+CVE-2018-4276 (A null pointer dereference was addressed with improved
validation. Thi ...)
+ TODO: check
+CVE-2018-4275 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4274 (A spoofing issue existed in the handling of URLs. This issue
was addre ...)
+ TODO: check
+CVE-2018-4273 (Multiple memory corruption issues were addressed with improved
input v ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4272
- RESERVED
+CVE-2018-4272 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4271
- RESERVED
+CVE-2018-4271 (Multiple memory corruption issues were addressed with improved
input v ...)
- webkit2gtk 2.20.2-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4270
- RESERVED
+CVE-2018-4270 (A memory corruption issue was addressed with improved memory
handling. ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4269
- RESERVED
-CVE-2018-4268
- RESERVED
-CVE-2018-4267
- RESERVED
+CVE-2018-4269 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2018-4268 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2018-4267 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4266
- RESERVED
+CVE-2018-4266 (A race condition was addressed with additional validation. This
issue ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4265
- RESERVED
+CVE-2018-4265 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4264
- RESERVED
+CVE-2018-4264 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4263
- RESERVED
+CVE-2018-4263 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
@@ -69544,15 +69647,14 @@ CVE-2018-4262 (In Safari before 11.1.2, iTunes before
12.8 for Windows, iOS befo
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4261
- RESERVED
+CVE-2018-4261 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.20.4-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
-CVE-2018-4260
- RESERVED
-CVE-2018-4259
- RESERVED
+CVE-2018-4260 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
+CVE-2018-4259 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
CVE-2018-4258 (In macOS High Sierra before 10.13.5, a buffer overflow was
addressed w ...)
NOT-FOR-US: Apple
CVE-2018-4257 (In macOS High Sierra before 10.13.5, a buffer overflow was
addressed w ...)
@@ -69573,8 +69675,8 @@ CVE-2018-4250 (An issue was discovered in certain Apple
products. iOS before 11.
NOT-FOR-US: Apple
CVE-2018-4249 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
NOT-FOR-US: Apple
-CVE-2018-4248
- RESERVED
+CVE-2018-4248 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2018-4247 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
NOT-FOR-US: Apple
CVE-2018-4246 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
@@ -69647,8 +69749,8 @@ CVE-2018-4218 (An issue was discovered in certain Apple
products. iOS before 11.
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4217 (In macOS High Sierra before 10.13.5, a privacy issue in the
handling o ...)
NOT-FOR-US: Apple
-CVE-2018-4216
- RESERVED
+CVE-2018-4216 (A logic issue existed in the handling of call URLs. This issue
was add ...)
+ TODO: check
CVE-2018-4215 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
NOT-FOR-US: Apple
CVE-2018-4214 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
@@ -69689,8 +69791,8 @@ CVE-2018-4204 (An issue was discovered in certain Apple
products. iOS before 11.
- webkit2gtk 2.20.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
NOTE: Not covered by security support
-CVE-2018-4203
- RESERVED
+CVE-2018-4203 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
CVE-2018-4202 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
NOT-FOR-US: Apple (iBooks component)
CVE-2018-4201 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
@@ -69707,15 +69809,14 @@ CVE-2018-4199 (An issue was discovered in certain
Apple products. iOS before 11.
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4198 (An issue was discovered in certain Apple products. iOS before
11.4 is ...)
NOT-FOR-US: Apple (UIKit component)
-CVE-2018-4197
- RESERVED
+CVE-2018-4197 (A use after free issue was addressed with improved memory
management. ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
CVE-2018-4196 (An issue was discovered in certain Apple products. macOS before
10.13. ...)
NOT-FOR-US: Apple (Accessibility Framework component)
-CVE-2018-4195
- RESERVED
+CVE-2018-4195 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
CVE-2018-4194 (In iOS before 11.4, iCloud for Windows before 7.5, watchOS
before 4.3. ...)
NOT-FOR-US: Apple
CVE-2018-4193 (An issue was discovered in certain Apple products. macOS before
10.13. ...)
@@ -69724,8 +69825,7 @@ CVE-2018-4192 (An issue was discovered in certain Apple
products. iOS before 11.
- webkit2gtk 2.20.1-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
-CVE-2018-4191
- RESERVED
+CVE-2018-4191 (A memory corruption issue was addressed with improved
validation. This ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
@@ -69761,8 +69861,8 @@ CVE-2018-4180 (In macOS High Sierra before 10.13.5, an
issue existed in CUPS. Th
NOTE: Fixed by:
https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4179 (In macOS High Sierra before 10.13.4, there was an issue with
the handl ...)
NOT-FOR-US: Apple
-CVE-2018-4178
- RESERVED
+CVE-2018-4178 (A permissions issue existed in which execute permission was
incorrectl ...)
+ TODO: check
CVE-2018-4177
RESERVED
CVE-2018-4176 (An issue was discovered in certain Apple products. macOS before
10.13. ...)
@@ -69819,8 +69919,8 @@ CVE-2018-4155 (An issue was discovered in certain Apple
products. iOS before 11.
NOT-FOR-US: Apple
CVE-2018-4154 (An issue was discovered in certain Apple products. iOS before
11.3 is ...)
NOT-FOR-US: Apple
-CVE-2018-4153
- RESERVED
+CVE-2018-4153 (An injection issue was addressed with improved validation. This
issue ...)
+ TODO: check
CVE-2018-4152 (An issue was discovered in certain Apple products. macOS before
10.13. ...)
NOT-FOR-US: Apple
CVE-2018-4151 (An issue was discovered in certain Apple products. iOS before
11.3 is ...)
@@ -69837,8 +69937,8 @@ CVE-2018-4146 (An issue was discovered in certain Apple
products. iOS before 11.
- webkit2gtk 2.20.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
NOTE: Not covered by security support
-CVE-2018-4145
- RESERVED
+CVE-2018-4145 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
CVE-2018-4144 (An issue was discovered in certain Apple products. iOS before
11.3 is ...)
NOT-FOR-US: Apple
CVE-2018-4143 (An issue was discovered in certain Apple products. iOS before
11.3 is ...)
@@ -69883,8 +69983,8 @@ CVE-2018-4127 (An issue was discovered in certain Apple
products. iOS before 11.
- webkit2gtk 2.20.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
NOTE: Not covered by security support
-CVE-2018-4126
- RESERVED
+CVE-2018-4126 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2018-4125 (An issue was discovered in certain Apple products. iOS before
11.3 is ...)
- webkit2gtk 2.20.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
@@ -76229,8 +76329,8 @@ CVE-2018-1938 (IBM Cloud Private 3.1.1 could alllow a
local user with administra
NOT-FOR-US: IBM
CVE-2018-1937 (IBM Cloud Private 3.1.1 could alllow a local user with
administrator p ...)
NOT-FOR-US: IBM
-CVE-2018-1936
- RESERVED
+CVE-2018-1936 (IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to
a stac ...)
+ TODO: check
CVE-2018-1935 (IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated
user to ...)
NOT-FOR-US: IBM
CVE-2018-1934
@@ -76275,8 +76375,8 @@ CVE-2018-1915
RESERVED
CVE-2018-1914 (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is
vulner ...)
NOT-FOR-US: IBM
-CVE-2018-1913
- RESERVED
+CVE-2018-1913 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0
through ...)
+ TODO: check
CVE-2018-1912 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 is
vulnerable ...)
NOT-FOR-US: IBM
CVE-2018-1911 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0
through ...)
@@ -76639,8 +76739,8 @@ CVE-2018-1733 (IBM QRadar SIEM 7.2 and 7.3 fails to
adequately filter user-contr
NOT-FOR-US: IBM
CVE-2018-1732 (IBM QRadar SIEM 1.14.0 discloses sensitive information to
unauthorized ...)
NOT-FOR-US: IBM
-CVE-2018-1731
- RESERVED
+CVE-2018-1731 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0
through ...)
+ TODO: check
CVE-2018-1730 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External
Entity Inj ...)
NOT-FOR-US: IBM
CVE-2018-1729
@@ -92100,8 +92200,8 @@ CVE-2017-13913
RESERVED
CVE-2017-13912
RESERVED
-CVE-2017-13911
- RESERVED
+CVE-2017-13911 (A configuration issue was addressed with additional
restrictions. This ...)
+ TODO: check
CVE-2017-13910
RESERVED
CVE-2017-13909
@@ -113243,8 +113343,8 @@ CVE-2017-7153 (An issue was discovered in certain
Apple products. iOS before 11.
NOTE: Not covered by security support
CVE-2017-7152 (An issue was discovered in certain Apple products. iOS before
11.2 is ...)
NOT-FOR-US: Apple
-CVE-2017-7151
- RESERVED
+CVE-2017-7151 (A race condition was addressed with additional validation. This
issue ...)
+ TODO: check
CVE-2017-7150 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
NOT-FOR-US: Apple
CVE-2017-7149 (An issue was discovered in certain Apple products. macOS before
10.13 ...)
@@ -126855,10 +126955,14 @@ CVE-2017-2681 (A vulnerability has been identified
in SIMATIC CP 343-1 Std (All
NOT-FOR-US: Siemens
CVE-2017-2680 (SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions),
SIMATIC CP ...)
NOT-FOR-US: Siemens
-CVE-2017-2679 (Reason: The CNA or individual who requested this candidate did
not ass ...)
-CVE-2017-2678 (Reason: The CNA or individual who requested this candidate did
not ass ...)
-CVE-2017-2677 (Reason: The CNA or individual who requested this candidate did
not ass ...)
-CVE-2017-2676 (Reason: The CNA or individual who requested this candidate did
not ass ...)
+CVE-2017-2679
+ REJECTED
+CVE-2017-2678
+ REJECTED
+CVE-2017-2677
+ REJECTED
+CVE-2017-2676
+ REJECTED
CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 suffer from a local
privilege ...)
NOT-FOR-US: Little Snitch
CVE-2017-2674 (JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a
stored X ...)
@@ -172486,8 +172590,8 @@ CVE-2015-5609 (Absolute path traversal vulnerability
in the Image Export plugin
NOT-FOR-US: Image Export plugin for WordPress
CVE-2015-5608 (Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
...)
NOT-FOR-US: Joomla!
-CVE-2015-5606
- RESERVED
+CVE-2015-5606 (Vordel XML Gateway (acquired by Axway) version 7.2.2 could
allow remot ...)
+ TODO: check
CVE-2015-5605 (The regular-expression implementation in Google V8, as used in
Google ...)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0cad06c57a94b81037b9ee3a8785a5de0a1fbbf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0cad06c57a94b81037b9ee3a8785a5de0a1fbbf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
