[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 4 20:10:25 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11eb9623 by security tracker role at 2018-04-04T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,27 @@
+CVE-2018-9285 (Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, ...)
+ TODO: check
+CVE-2018-9284 (authentication.cgi on D-Link DIR-868L devices with Singapore StarHub ...)
+ TODO: check
+CVE-2018-9283
+ RESERVED
+CVE-2018-9282
+ RESERVED
+CVE-2018-9281
+ RESERVED
+CVE-2018-9280
+ RESERVED
+CVE-2018-9279
+ RESERVED
+CVE-2018-9278
+ RESERVED
+CVE-2018-9277
+ RESERVED
+CVE-2018-9276
+ RESERVED
+CVE-2018-9275 (In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) ...)
+ TODO: check
+CVE-2017-18257 (The __get_data_block function in fs/f2fs/data.c in the Linux kernel ...)
+ TODO: check
CVE-2018-1002150 [koji: Dist Repo call missing authorization check]
- koji <unfixed> (bug #894832)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/04/1
@@ -119,10 +143,10 @@ CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzm
NOTE: with xz_decomp is more prominently uncovered.
CVE-2018-9250
RESERVED
-CVE-2018-9249
- RESERVED
-CVE-2018-9248
- RESERVED
+CVE-2018-9249 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ...)
+ TODO: check
+CVE-2018-9248 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via ...)
+ TODO: check
CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in ...)
NOT-FOR-US: Gxlcms QY
CVE-2018-9246
@@ -218,8 +242,8 @@ CVE-2018-9207
RESERVED
CVE-2018-9206
RESERVED
-CVE-2018-9205
- RESERVED
+CVE-2018-9205 (Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php ...)
+ TODO: check
CVE-2018-9204
RESERVED
CVE-2018-9203
@@ -406,8 +430,8 @@ CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted
NOT-FOR-US: DVD X Player Standard
CVE-2018-9127 (Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard ...)
- botan 2.4.0-5 (bug #894648)
-CVE-2018-9126
- RESERVED
+CVE-2018-9126 (The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote ...)
+ TODO: check
CVE-2018-9125
RESERVED
CVE-2018-9124
@@ -420,16 +444,16 @@ CVE-2018-9121 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a
NOT-FOR-US: Crea8social
CVE-2018-9120 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. ...)
NOT-FOR-US: Crea8social
-CVE-2018-9119
- RESERVED
+CVE-2018-9119 (An attacker with physical access to a BrilliantTS FUZE card (MCU ...)
+ TODO: check
CVE-2018-9118
RESERVED
CVE-2018-9117 (WireMock before 2.16.0 contains a vulnerability that allows a remote ...)
NOT-FOR-US: WireMock
CVE-2018-9116 (An XXE vulnerability within WireMock before 2.16.0 allows a remote ...)
NOT-FOR-US: WireMock
-CVE-2018-9115
- RESERVED
+CVE-2018-9115 (Systematic SitaWare 6.4 SP2 does not validate input from other sources ...)
+ TODO: check
CVE-2018-9114
RESERVED
CVE-2018-9113
@@ -600,10 +624,10 @@ CVE-2018-9037
RESERVED
CVE-2018-9036
RESERVED
-CVE-2018-9035
- RESERVED
-CVE-2018-9034
- RESERVED
+CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form ...)
+ TODO: check
+CVE-2018-9034 (Cross-site scripting (XSS) vulnerability in lib/interface.php of the ...)
+ TODO: check
CVE-2018-9033
RESERVED
CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless ...)
@@ -1178,10 +1202,10 @@ CVE-2018-8816
RESERVED
CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in ...)
NOT-FOR-US: Alkacon OpenCMS
-CVE-2018-8814
- RESERVED
-CVE-2018-8813
- RESERVED
+CVE-2018-8814 (Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 ...)
+ TODO: check
+CVE-2018-8813 (Open redirect vulnerability in the login[redirect] parameter login ...)
+ TODO: check
CVE-2018-8812
RESERVED
CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -1498,8 +1522,8 @@ CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has
NOT-FOR-US: Zoho
CVE-2018-8720 (ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name ...)
NOT-FOR-US: ServiceNow ITSM
-CVE-2018-8719
- RESERVED
+CVE-2018-8719 (An issue was discovered in the WP Security Audit Log plugin 3.1.1 for ...)
+ TODO: check
CVE-2018-8718 (Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin ...)
- jenkins-mailer-plugin <removed>
CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux kernel ...)
@@ -6312,12 +6336,12 @@ CVE-2018-6921
RESERVED
CVE-2018-6920
RESERVED
-CVE-2018-6919
- RESERVED
-CVE-2018-6918
- RESERVED
-CVE-2018-6917
- RESERVED
+CVE-2018-6919 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...)
+ TODO: check
+CVE-2018-6918 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...)
+ TODO: check
+CVE-2018-6917 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...)
+ TODO: check
CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: Patch https://www.freebsd.org/security/patches/SA-18:01/ipsec-10.patch
@@ -6433,10 +6457,10 @@ CVE-2018-6876 (The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as u
NOT-FOR-US: libfpx
CVE-2018-6875 (Format String vulnerability in KeepKey version 4.0.0 allows attackers ...)
NOT-FOR-US: KeepKey
-CVE-2018-6874
- RESERVED
-CVE-2018-6873
- RESERVED
+CVE-2018-6874 (CSRF exists in the Auth0 authentication service through 14591 if the ...)
+ TODO: check
+CVE-2018-6873 (The Auth0 authentication service before 2017-10-15 allows privilege ...)
+ TODO: check
CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descriptor ...)
- binutils 2.30-4
[stretch] - binutils <ignored> (Minor issue)
@@ -7635,8 +7659,8 @@ CVE-2017-18098
RESERVED
CVE-2017-18097
RESERVED
-CVE-2017-18096
- RESERVED
+CVE-2017-18096 (The OAuth status rest resource in Atlassian Application Links before ...)
+ TODO: check
CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before version ...)
NOT-FOR-US: Atlassian Crucible
CVE-2017-18094 (Various resources in Atlassian Fisheye and Crucible before version ...)
@@ -17815,7 +17839,7 @@ CVE-2018-2680 (Vulnerability in the Java VM component of Oracle Database Server.
CVE-2018-2679 (Vulnerability in the Oracle Financial Services Profitability ...)
NOT-FOR-US: Oracle Financial Services Applications
CVE-2018-2678 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17823,7 +17847,7 @@ CVE-2018-2678 (Vulnerability in the Java SE, Java SE Embedded, JRockit component
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2677 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17867,7 +17891,7 @@ CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2664 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
CVE-2018-2663 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17926,7 +17950,7 @@ CVE-2018-2643 (Vulnerability in the Oracle Argus Safety component of Oracle Heal
CVE-2018-2642 (Vulnerability in the Oracle Argus Safety component of Oracle Health ...)
NOT-FOR-US: Oracle
CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
[experimental] - openjdk-7 7u171-2.6.13-1
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
@@ -17945,7 +17969,7 @@ CVE-2018-2638 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2637 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17957,7 +17981,7 @@ CVE-2018-2636 (Vulnerability in the Oracle Hospitality Simphony component of Ora
CVE-2018-2635 (Vulnerability in the Oracle Application Object Library component of ...)
NOT-FOR-US: Oracle
CVE-2018-2634 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17965,7 +17989,7 @@ CVE-2018-2634 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2633 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17979,7 +18003,7 @@ CVE-2018-2631 (Vulnerability in the Oracle Transportation Management component o
CVE-2018-2630 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
NOT-FOR-US: Oracle
CVE-2018-2629 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -18010,7 +18034,7 @@ CVE-2018-2620 (Vulnerability in the Primavera Unifier component of Oracle ...)
CVE-2018-2619 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2618 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -18048,7 +18072,7 @@ CVE-2018-2605 (Vulnerability in the PeopleSoft Enterprise PeopleTools component
CVE-2018-2604 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
NOT-FOR-US: Oracle
CVE-2018-2603 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -18056,7 +18080,7 @@ CVE-2018-2603 (Vulnerability in the Java SE, Java SE Embedded, JRockit component
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2602 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -18070,7 +18094,7 @@ CVE-2018-2600 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2599 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -18102,7 +18126,7 @@ CVE-2018-2590 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2589 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2588 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -18137,7 +18161,7 @@ CVE-2018-2581 (Vulnerability in the Java SE component of Oracle Java SE ...)
CVE-2018-2580 (Vulnerability in the Oracle Applications DBA component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2579 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1 DLA-1339-1}
+ {DSA-4166-1 DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -20407,8 +20431,8 @@ CVE-2018-1471
RESERVED
CVE-2018-1470
RESERVED
-CVE-2018-1469
- RESERVED
+CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow ...)
+ TODO: check
CVE-2018-1468
RESERVED
CVE-2018-1467
@@ -20451,8 +20475,8 @@ CVE-2018-1449
RESERVED
CVE-2018-1448 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 ...)
NOT-FOR-US: IBM
-CVE-2018-1447
- RESERVED
+CVE-2018-1447 (The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect ...)
+ TODO: check
CVE-2018-1446
RESERVED
CVE-2018-1445
@@ -20503,8 +20527,8 @@ CVE-2018-1423
RESERVED
CVE-2018-1422
RESERVED
-CVE-2018-1421
- RESERVED
+CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and ...)
+ TODO: check
CVE-2018-1420
RESERVED
CVE-2018-1419
@@ -23101,8 +23125,8 @@ CVE-2018-0988
RESERVED
CVE-2018-0987
RESERVED
-CVE-2018-0986
- RESERVED
+CVE-2018-0986 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
+ TODO: check
CVE-2018-0985
RESERVED
CVE-2018-0984
@@ -36420,150 +36444,125 @@ CVE-2017-13309
RESERVED
CVE-2017-13308
RESERVED
-CVE-2017-13307
- RESERVED
-CVE-2017-13306
- RESERVED
-CVE-2017-13305
- RESERVED
-CVE-2017-13304
- RESERVED
-CVE-2017-13303
- RESERVED
+CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel pci ...)
+ TODO: check
+CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel mnh ...)
+ TODO: check
+CVE-2017-13305 (A information disclosure vulnerability in the Upstream kernel ...)
+ TODO: check
+CVE-2017-13304 (A information disclosure vulnerability in the Upstream kernel mnh_sm ...)
+ TODO: check
+CVE-2017-13303 (A information disclosure vulnerability in the Broadcom bcmdhd driver. ...)
NOT-FOR-US: Broadcom components for Android
-CVE-2017-13302
- RESERVED
-CVE-2017-13301
- RESERVED
-CVE-2017-13300
- RESERVED
-CVE-2017-13299
- RESERVED
-CVE-2017-13298
- RESERVED
-CVE-2017-13297
- RESERVED
-CVE-2017-13296
- RESERVED
-CVE-2017-13295
- RESERVED
-CVE-2017-13294
- RESERVED
-CVE-2017-13293
- RESERVED
-CVE-2017-13292
- RESERVED
-CVE-2017-13291
- RESERVED
-CVE-2017-13290
- RESERVED
-CVE-2017-13289
- RESERVED
-CVE-2017-13288
- RESERVED
-CVE-2017-13287
- RESERVED
-CVE-2017-13286
- RESERVED
-CVE-2017-13285
- RESERVED
-CVE-2017-13284
- RESERVED
-CVE-2017-13283
- RESERVED
-CVE-2017-13282
- RESERVED
-CVE-2017-13281
- RESERVED
-CVE-2017-13280
- RESERVED
-CVE-2017-13279
- RESERVED
-CVE-2017-13278
- RESERVED
-CVE-2017-13277
- RESERVED
-CVE-2017-13276
- RESERVED
-CVE-2017-13275
- RESERVED
-CVE-2017-13274
- RESERVED
+CVE-2017-13302 (A denial of service vulnerability in the Android system (system ui). ...)
+ TODO: check
+CVE-2017-13301 (A denial of service vulnerability in the Android system (system ui). ...)
+ TODO: check
+CVE-2017-13300 (A denial of service vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-13299 (A other vulnerability in the Android media framework (libavc). ...)
+ TODO: check
+CVE-2017-13298 (A information disclosure vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-13297 (A information disclosure vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-13296 (A information disclosure vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-13295 (A denial of service vulnerability in the Android framework (package ...)
+ TODO: check
+CVE-2017-13294 (A information disclosure vulnerability in the Android framework (aosp ...)
+ TODO: check
+CVE-2017-13293 (In the nfc_hci_cmd_received() function of core.c, there is a possible ...)
+ TODO: check
+CVE-2017-13292 (In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of ...)
+ TODO: check
+CVE-2017-13291 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible ...)
+ TODO: check
+CVE-2017-13290 (In sdp_server_handle_client_req of sdp_server.cc, there is an out of ...)
+ TODO: check
+CVE-2017-13289 (In writeToParcel and createFromParcel of RttManager.java, there is a ...)
+ TODO: check
+CVE-2017-13288 (In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, ...)
+ TODO: check
+CVE-2017-13287 (In createFromParcel of VerifyCredentialResponse.java, there is a ...)
+ TODO: check
+CVE-2017-13286 (In writeToParcel and readFromParcel of OutputConfiguration.java, there ...)
+ TODO: check
+CVE-2017-13285 (In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a ...)
+ TODO: check
+CVE-2017-13284 (In config_set_string of config.cc, it is possible to pair a second BT ...)
+ TODO: check
+CVE-2017-13283 (In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a ...)
+ TODO: check
+CVE-2017-13282 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible ...)
+ TODO: check
+CVE-2017-13281 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible ...)
+ TODO: check
+CVE-2017-13280 (In the FrameSequence_gif::FrameSequence_gif function of ...)
+ TODO: check
+CVE-2017-13279 (In M3UParser::parse of M3UParser.cpp, there is a memory resource ...)
+ TODO: check
+CVE-2017-13278 (In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there ...)
+ TODO: check
+CVE-2017-13277 (In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of ...)
+ TODO: check
+CVE-2017-13276 (In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible ...)
+ TODO: check
+CVE-2017-13275 (In getVSCoverage of CmapCoverage.cpp, there is a possible out of ...)
+ TODO: check
+CVE-2017-13274 (In the getHost() function of UriTest.java, there is the possibility of ...)
+ TODO: check
CVE-2017-13273 (In xt_qtaguid.c, there is a race condition due to insufficient ...)
NOT-FOR-US: Android
-CVE-2017-13272
- RESERVED
+CVE-2017-13272 (In alarm_ready_generic of alarm.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2017-13271
- RESERVED
+CVE-2017-13271 (A elevation of privilege vulnerability in the upstream kernel mnh_sm ...)
NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
-CVE-2017-13270
- RESERVED
+CVE-2017-13270 (A elevation of privilege vulnerability in the upstream kernel mnh_sm ...)
NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
-CVE-2017-13269
- RESERVED
+CVE-2017-13269 (A information disclosure vulnerability in the Android system ...)
NOT-FOR-US: Android
-CVE-2017-13268
- RESERVED
+CVE-2017-13268 (A information disclosure vulnerability in the Android system ...)
NOT-FOR-US: Android
-CVE-2017-13267
- RESERVED
-CVE-2017-13266
- RESERVED
+CVE-2017-13267 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack ...)
+ TODO: check
+CVE-2017-13266 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack ...)
NOT-FOR-US: Android
-CVE-2017-13265
- RESERVED
+CVE-2017-13265 (A elevation of privilege vulnerability in the Android system (OTA ...)
NOT-FOR-US: Android
-CVE-2017-13264
- RESERVED
+CVE-2017-13264 (A other vulnerability in the Android media framework (Avcdec). ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13263
- RESERVED
+CVE-2017-13263 (A elevation of privilege vulnerability in the Android framework. ...)
NOT-FOR-US: Android
-CVE-2017-13262
- RESERVED
+CVE-2017-13262 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2017-13261
- RESERVED
+CVE-2017-13261 (In bnep_process_control_packet of bnep_utils.cc, there is a possible ...)
NOT-FOR-US: Android
-CVE-2017-13260
- RESERVED
+CVE-2017-13260 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2017-13259
- RESERVED
+CVE-2017-13259 (In functionality implemented in sdp_discovery.cc, there are possible ...)
NOT-FOR-US: Android
-CVE-2017-13258
- RESERVED
+CVE-2017-13258 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2017-13257
- RESERVED
+CVE-2017-13257 (In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after ...)
NOT-FOR-US: Android
-CVE-2017-13256
- RESERVED
+CVE-2017-13256 (In process_service_search_attr_req of sdp_server.cc, there is an out ...)
NOT-FOR-US: Android
-CVE-2017-13255
- RESERVED
+CVE-2017-13255 (In process_service_attr_req of sdp_server.c, there is an out of bounds ...)
NOT-FOR-US: Android
-CVE-2017-13254
- RESERVED
+CVE-2017-13254 (A other vulnerability in the Android media framework (AACExtractor). ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13253
- RESERVED
+CVE-2017-13253 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13252
- RESERVED
+CVE-2017-13252 (In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13251
- RESERVED
+CVE-2017-13251 (In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13250
- RESERVED
+CVE-2017-13250 (In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13249
- RESERVED
+CVE-2017-13249 (In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13248
- RESERVED
+CVE-2017-13248 (In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there ...)
NOT-FOR-US: Android Media Framework
CVE-2017-13247 (In the Pixel 2 bootloader, there is a missing permission check which ...)
NOT-FOR-US: HTC Android components
@@ -55269,10 +55268,10 @@ CVE-2016-10301
RESERVED
CVE-2016-10300
RESERVED
-CVE-2016-10299
- RESERVED
-CVE-2016-10298
- RESERVED
+CVE-2016-10299 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2016-10298 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
CVE-2016-10297 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared memory ...)
@@ -55332,22 +55331,22 @@ CVE-2015-9016 [blk-mq: fix race between timeout and freeing request]
- linux 4.2.3-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1)
-CVE-2015-9015
- RESERVED
-CVE-2015-9014
- RESERVED
-CVE-2015-9013
- RESERVED
-CVE-2015-9012
- RESERVED
-CVE-2015-9011
- RESERVED
-CVE-2015-9010
- RESERVED
-CVE-2015-9009
- RESERVED
-CVE-2015-9008
- RESERVED
+CVE-2015-9015 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2015-9014 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2015-9013 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2015-9012 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2015-9011 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2015-9010 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2015-9009 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2015-9008 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
CVE-2015-9007 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9006 (In Resource Power Manager (RPM) in all Android releases from CAF using ...)
@@ -55357,26 +55356,20 @@ CVE-2015-9005 (In TrustZone in all Android releases from CAF using the Linux ker
CVE-2015-9004 (kernel/events/core.c in the Linux kernel before 3.19 mishandles ...)
- linux 3.16.7-ckt7-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
-CVE-2014-9959
- RESERVED
+CVE-2014-9959 (An elevation of privilege vulnerability in Qualcomm closed source ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9958
- RESERVED
+CVE-2014-9958 (An elevation of privilege vulnerability in Qualcomm closed source ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2014-9957
- RESERVED
+CVE-2014-9957 (An elevation of privilege vulnerability in Qualcomm closed source ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2014-9956
- RESERVED
+CVE-2014-9956 (An elevation of privilege vulnerability in Qualcomm closed source ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2014-9955
- RESERVED
+CVE-2014-9955 (An elevation of privilege vulnerability in Qualcomm closed source ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2014-9954
- RESERVED
+CVE-2014-9954 (An elevation of privilege vulnerability in Qualcomm closed source ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2014-9953
- RESERVED
+CVE-2014-9953 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
CVE-2014-9952 (In the Secure File System in all Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9951 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
@@ -57936,17 +57929,13 @@ CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
-CVE-2017-6426
- RESERVED
+CVE-2017-6426 (An information disclosure vulnerability in the Qualcomm SPMI driver. ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-6425
- RESERVED
+CVE-2017-6425 (An information disclosure vulnerability in the Qualcomm video driver. ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-6424
- RESERVED
+CVE-2017-6424 (An elevation of privilege vulnerability in the Qualcomm WiFi driver. ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-6423
- RESERVED
+CVE-2017-6423 (An elevation of privilege vulnerability in the Qualcomm kyro L2 ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10242 (A time-of-check time-of-use race condition could potentially exist in ...)
NOT-FOR-US: Qualcomm component/driver for Android
@@ -57962,25 +57951,19 @@ CVE-2016-10238 (In QSEE in all Android releases from CAF using the Linux kernel
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10237 (If shared content protection memory were passed as the secure camera ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2016-10236
- RESERVED
+CVE-2016-10236 (An information disclosure vulnerability in the Qualcomm USB driver. ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10235
- RESERVED
+CVE-2016-10235 (A denial of service vulnerability in the Qualcomm WiFi driver. ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10234
- RESERVED
+CVE-2016-10234 (An information disclosure vulnerability in the Qualcomm IPA driver. ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10233
- RESERVED
-CVE-2016-10232
- RESERVED
+CVE-2016-10233 (An elevation of privilege vulnerability in the Qualcomm video driver. ...)
+ TODO: check
+CVE-2016-10232 (An elevation of privilege vulnerability in the Qualcomm video driver. ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10231
- RESERVED
+CVE-2016-10231 (An elevation of privilege vulnerability in the Qualcomm sound codec ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10230
- RESERVED
+CVE-2016-10230 (A remote code execution vulnerability in the Qualcomm crypto driver. ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10229 (udp.c in the Linux kernel before 4.5 allows remote attackers to ...)
- linux 4.5.1-1 (bug #808293)
@@ -65382,22 +65365,22 @@ CVE-2017-3973
REJECTED
CVE-2017-3972 (Infrastructure-based foot printing vulnerability in the web interface ...)
NOT-FOR-US: McAfee
-CVE-2017-3971
- RESERVED
+CVE-2017-3971 (Cryptanalysis vulnerability in the web interface in McAfee Network ...)
+ TODO: check
CVE-2017-3970
RESERVED
-CVE-2017-3969
- RESERVED
+CVE-2017-3969 (Abuse of communication channels vulnerability in the server in McAfee ...)
+ TODO: check
CVE-2017-3968
RESERVED
-CVE-2017-3967
- RESERVED
-CVE-2017-3966
- RESERVED
-CVE-2017-3965
- RESERVED
-CVE-2017-3964
- RESERVED
+CVE-2017-3967 (Target influence via framing vulnerability in the web interface in ...)
+ TODO: check
+CVE-2017-3966 (Exploitation of session variables, resource IDs and other trusted ...)
+ TODO: check
+CVE-2017-3965 (Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability ...)
+ TODO: check
+CVE-2017-3964 (Reflective Cross-Site Scripting (XSS) vulnerability in the web ...)
+ TODO: check
CVE-2017-3963
REJECTED
CVE-2017-3962
@@ -71663,8 +71646,8 @@ CVE-2017-1774 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 disclose
NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2017-1773 (IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker ...)
NOT-FOR-US: IBM DataPower Gateways
-CVE-2017-1772
- RESERVED
+CVE-2017-1772 (IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and ...)
+ TODO: check
CVE-2017-1771
RESERVED
CVE-2017-1770
@@ -71741,8 +71724,8 @@ CVE-2017-1735
RESERVED
CVE-2017-1734
RESERVED
-CVE-2017-1733
- RESERVED
+CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log files ...)
+ TODO: check
CVE-2017-1732
RESERVED
CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...)
@@ -71959,8 +71942,8 @@ CVE-2017-1626
RESERVED
CVE-2017-1625 (IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to ...)
NOT-FOR-US: IBM
-CVE-2017-1624
- RESERVED
+CVE-2017-1624 (IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical ...)
+ TODO: check
CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM QRadar
CVE-2017-1622
@@ -79262,16 +79245,16 @@ CVE-2016-8490
CVE-2016-8489
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2016-8488
- RESERVED
-CVE-2016-8487
- RESERVED
-CVE-2016-8486
- RESERVED
-CVE-2016-8485
- RESERVED
-CVE-2016-8484
- RESERVED
+CVE-2016-8488 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2016-8487 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2016-8486 (An information disclosure vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2016-8485 (An information disclosure vulnerability in Qualcomm closed source ...)
+ TODO: check
+CVE-2016-8484 (An elevation of privilege vulnerability in Qualcomm closed source ...)
+ TODO: check
CVE-2016-8483 (An information disclosure vulnerability in the Qualcomm power driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8482
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11eb96232def940d12eb821f15555024abd17774
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11eb96232def940d12eb821f15555024abd17774
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180404/bbb3f901/attachment-0001.html>
More information about the Secure-testing-commits
mailing list