Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e2207b15 by security tracker role at 2018-03-20T21:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-8829
+ RESERVED
+CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before
4.4.7, 5.0.x ...)
+ TODO: check
+CVE-2018-8827
+ RESERVED
+CVE-2018-8826
+ RESERVED
+CVE-2018-8825
+ RESERVED
+CVE-2018-8824
+ RESERVED
+CVE-2018-8823
+ RESERVED
+CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel
function in ...)
+ TODO: check
+CVE-2018-1000135 (GNOME NetworkManager version 1.10.2 and earlier contains a
Information ...)
+ TODO: check
CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows
attackers ...)
NOT-FOR-US: windrvr1260.sys in Jungo DriverWizard WinDriver
CVE-2018-8820
@@ -1599,8 +1617,8 @@ CVE-2018-8090
RESERVED
CVE-2018-8089
RESERVED
-CVE-2018-8088
- RESERVED
+CVE-2018-8088 (org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J
before ...)
+ TODO: check
CVE-2018-8087 (Memory leak in the hwsim_new_radio_nl function in ...)
- linux 4.15.11-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -3201,8 +3219,8 @@ CVE-2018-7513
RESERVED
CVE-2018-7512
RESERVED
-CVE-2018-7511
- RESERVED
+CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple
cases ...)
+ TODO: check
CVE-2018-7510
RESERVED
CVE-2018-7509
@@ -8374,12 +8392,12 @@ CVE-2018-5772 (In Exiv2 0.26, there is a segmentation
fault caused by uncontroll
NOTE: https://github.com/Exiv2/exiv2/issues/216
CVE-2018-5771
RESERVED
-CVE-2018-5770
- RESERVED
+CVE-2018-5770 (An issue was discovered on Tenda AC15 devices. A remote, ...)
+ TODO: check
CVE-2018-5769
RESERVED
-CVE-2018-5768
- RESERVED
+CVE-2018-5768 (A remote, unauthenticated attacker can gain remote code
execution on ...)
+ TODO: check
CVE-2018-5767 (An issue was discovered on Tenda AC15 V15.03.1.16_multi
devices. A ...)
NOT-FOR-US: Tenda AC15 V15.03.1.16_multi devices
CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the
av_packet_ref ...)
@@ -8550,8 +8568,8 @@ CVE-2018-5719
RESERVED
CVE-2018-5718
RESERVED
-CVE-2018-5717
- RESERVED
+CVE-2018-5717 (Memory write mechanism in NCR S2 Dispenser controller before
firmware ...)
+ TODO: check
CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This
...)
NOT-FOR-US: Reprise License Manager
CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in
the query ...)
@@ -9185,8 +9203,8 @@ CVE-2018-5440 (A Stack-based Buffer Overflow issue was
discovered in 3S-Smart CO
NOT-FOR-US: 3S-Smart
CVE-2018-5439 (A Command Injection issue was discovered in Nortek Linear
eMerge E3 ...)
NOT-FOR-US: Nortek Linear eMerge E3 series
-CVE-2018-5438
- RESERVED
+CVE-2018-5438 (Philips ISCV application prior to version 2.3.0 has an
insufficient ...)
+ TODO: check
CVE-2018-5437
RESERVED
CVE-2018-5436
@@ -10783,7 +10801,7 @@ CVE-2017-1000489 (Mautic versions 2.0.0 - 2.11.0 with a
SSO plugin installed cou
CVE-2017-1000488 (Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS
XSS attack ...)
NOT-FOR-US: Mautic
CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command
injection because ...)
- {DLA-1237-1 DLA-1236-1}
+ {DSA-4146-1 DLA-1237-1 DLA-1236-1}
- plexus-utils 1:1.5.15-5
- plexus-utils2 3.0.22-1
NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522
@@ -10888,10 +10906,10 @@ CVE-2018-4846
RESERVED
CVE-2018-4845
RESERVED
-CVE-2018-4844
- RESERVED
-CVE-2018-4843
- RESERVED
+CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for
Android ...)
+ TODO: check
+CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1
Advanced (All ...)
+ TODO: check
CVE-2018-4842
RESERVED
CVE-2018-4841
@@ -13674,8 +13692,8 @@ CVE-2018-3628
RESERVED
CVE-2018-3627
RESERVED
-CVE-2018-3626
- RESERVED
+CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux)
and ...)
+ TODO: check
CVE-2018-3625
RESERVED
CVE-2018-3624
@@ -19289,8 +19307,8 @@ CVE-2017-17669 (There is a heap-based buffer over-read
in the ...)
[jessie] - exiv2 <ignored> (Minor issue)
[wheezy] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/187
-CVE-2017-17668
- RESERVED
+CVE-2017-17668 (Memory write mechanism in NCR S1 Dispenser controller before
firmware ...)
+ TODO: check
CVE-2017-17667
RESERVED
CVE-2017-17666
@@ -19963,11 +19981,9 @@ CVE-2018-1323 (The IIS/ISAPI specific code in the
Apache Tomcat JK ISAPI Connect
- libapache-mod-jk <not-affected> (Windows/IIS vhost handling specific
issue)
NOTE:
http://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.43
NOTE: Fixed by: http://svn.apache.org/r1825658
-CVE-2018-1322
- RESERVED
+CVE-2018-1322 (An administrator with user search entitlements in Apache
Syncope 1.2.x ...)
NOT-FOR-US: Apache Syncope
-CVE-2018-1321
- RESERVED
+CVE-2018-1321 (An administrator with report and template entitlements in
Apache ...)
NOT-FOR-US: Apache Syncope
CVE-2018-1320
RESERVED
@@ -20052,8 +20068,7 @@ CVE-2018-1296
RESERVED
CVE-2018-1295
RESERVED
-CVE-2018-1294
- RESERVED
+CVE-2018-1294 (If a user of Commons-Email (typically an application
programmer) ...)
- commons-email <not-affected> (Fixed with first upload to Debian)
NOTE:
https://marc.info/?i=CAF8HOZ+J3NkaywfbHuQpHxK9ZXeT4=4vs9rowcdiudnt1qa...@mail.gmail.com
NOTE: Fixed by:
https://svn.apache.org/viewvc?view=revision&revision=1777030
@@ -20520,8 +20535,8 @@ CVE-2018-1143
RESERVED
CVE-2018-1142
RESERVED
-CVE-2018-1141
- RESERVED
+CVE-2018-1141 (When installing Nessus to a directory outside of the default
location, ...)
+ TODO: check
CVE-2017-17425 (This vulnerability allows remote attackers to execute
arbitrary code ...)
NOT-FOR-US: Quest NetVault Backup
CVE-2017-17424 (This vulnerability allows remote attackers to execute
arbitrary code ...)
@@ -21021,10 +21036,10 @@ CVE-2017-17322 (Huawei Honor Smart Scale Application
with software of 1.1.1 has
NOT-FOR-US: Huawei
CVE-2017-17321 (Huawei eNSP software with software of versions earlier than
...)
NOT-FOR-US: Huawei
-CVE-2017-17320
- RESERVED
-CVE-2017-17319
- RESERVED
+CVE-2017-17320 (Huawei Mate 9 Pro smartphones with software of
LON-AL00BC00B139D, ...)
+ TODO: check
+CVE-2017-17319 (Huawei P9 smartphones with the versions before
EVA-AL10C00B399SP02 ...)
+ TODO: check
CVE-2017-17318
RESERVED
CVE-2017-17317
@@ -21047,10 +21062,10 @@ CVE-2017-17309
RESERVED
CVE-2017-17308
RESERVED
-CVE-2017-17307
- RESERVED
-CVE-2017-17306
- RESERVED
+CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141
have an ...)
+ TODO: check
+CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141,
...)
+ TODO: check
CVE-2017-17305
RESERVED
CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00;
V500R002C00B010; ...)
@@ -21231,8 +21246,8 @@ CVE-2017-17217 (Media Gateway Control Protocol (MGCP)
in Huawei DP300 V500R002C0
NOT-FOR-US: Huawei
CVE-2017-17216 (Media Gateway Control Protocol (MGCP) in Huawei DP300
V500R002C00; ...)
NOT-FOR-US: Huawei
-CVE-2017-17215
- RESERVED
+CVE-2017-17215 (Huawei HG532 with some customized versions has a remote code
execution ...)
+ TODO: check
CVE-2017-17214
RESERVED
CVE-2017-17213
@@ -32564,8 +32579,8 @@ CVE-2017-14193 (The oauth function in
controllers/member/api.php in dayrui FineC
NOT-FOR-US: dayrui FineCms
CVE-2017-14192 (The checktitle function in controllers/member/api.php in
dayrui FineCms ...)
NOT-FOR-US: dayrui FineCms
-CVE-2017-14191
- RESERVED
+CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb
5.6.0 ...)
+ TODO: check
CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0
to ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2017-14189 (An improper access control vulnerability in Fortinet
FortiWebManager ...)
@@ -33188,20 +33203,20 @@ CVE-2017-14010
RESERVED
CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent
MultiFLEX ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
-CVE-2017-14008
- RESERVED
+CVE-2017-14008 (GE Centricity PACS RA1000, diagnostic image analysis, all
current ...)
+ TODO: check
CVE-2017-14007 (An Insufficient Session Expiration issue was discovered in
ProMinent ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
-CVE-2017-14006
- RESERVED
+CVE-2017-14006 (GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging
systems, all ...)
+ TODO: check
CVE-2017-14005 (An Unverified Password Change issue was discovered in
ProMinent ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
-CVE-2017-14004
- RESERVED
+CVE-2017-14004 (GE GEMNet License server (EchoServer) all current versions are
...)
+ TODO: check
CVE-2017-14003 (An Authentication Bypass by Spoofing issue was discovered in
LAVA ...)
NOT-FOR-US: LAVA Ether-Serial Link
-CVE-2017-14002
- RESERVED
+CVE-2017-14002 (GE Infinia/Infinia with Hawkeye 4 medical imaging systems all
current ...)
+ TODO: check
CVE-2017-14001 (An Improper Neutralization of Special Elements used in an OS
Command ...)
NOT-FOR-US: Asterisk GUI
NOTE: Different from standard asterisk:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+GUI
@@ -50439,8 +50454,8 @@ CVE-2017-8189 (FusionSphere OpenStack
V100R006C00SPC102(NFV)has a path traversal
NOT-FOR-US: Huawei
CVE-2017-8188 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a command
injection ...)
NOT-FOR-US: Huawei
-CVE-2017-8187
- RESERVED
+CVE-2017-8187 (Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a
privilege ...)
+ TODO: check
CVE-2017-8186 (The Bastet of some Huawei mobile phones with software of
earlier than ...)
NOT-FOR-US: Huawei
CVE-2017-8185 (ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions
has a ...)
@@ -50461,8 +50476,8 @@ CVE-2017-8178 (Huawei Email APP Vicky-AL00 smartphones
with software of earlier
NOT-FOR-US: Huawei
CVE-2017-8177 (Huawei APP HiWallet earlier than 5.0.3.100 versions do not
support ...)
NOT-FOR-US: Huawei
-CVE-2017-8176
- RESERVED
+CVE-2017-8176 (Huawei IPTV STB with earlier than IPTV STB
V100R003C01LMYTa6SPC001 ...)
+ TODO: check
CVE-2017-8175 (The Bastet of some Huawei mobile phones with software earlier
than ...)
NOT-FOR-US: Huawei
CVE-2017-8174 (Huawei USG6300 V100R001C30SPC300 and USG6600 with software of
...)
@@ -58531,8 +58546,8 @@ CVE-2017-5738 (Escalation of privilege vulnerability in
admin portal for Intel U
NOT-FOR-US: Intel Unite App
CVE-2017-5737
RESERVED
-CVE-2017-5736
- RESERVED
+CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions
Platform ...)
+ TODO: check
CVE-2017-5735
RESERVED
CVE-2017-5734
@@ -198552,8 +198567,8 @@ CVE-2011-3180 (kiwi before 4.98.08, as used in SUSE
Studio Onsite 1.2 before 1.2
NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before
2.2.1, and ...)
NOT-FOR-US: Novell Messenger
-CVE-2011-3178
- RESERVED
+CVE-2011-3178 (In the web ui of the openbuildservice before 2.3.0 a code
injection of ...)
+ TODO: check
CVE-2011-3177 (The YaST2 network created files with world readable permissions
which ...)
NOT-FOR-US: YaST
CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell
ZENworks ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2207b159d3daf919e2fb3d718386f4dcd8a7d1a
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2207b159d3daf919e2fb3d718386f4dcd8a7d1a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
