[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 21 21:10:51 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bf8d6d97 by security tracker role at 2018-08-21T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,121 @@
+CVE-2018-15663
+ RESERVED
+CVE-2018-15662
+ RESERVED
+CVE-2018-15661 (** DISPUTED ** An issue was discovered in the Ola Money (aka ...)
+ TODO: check
+CVE-2018-15660 (** DISPUTED ** An issue was discovered in the Ola Money (aka ...)
+ TODO: check
+CVE-2018-15659
+ RESERVED
+CVE-2018-15658
+ RESERVED
+CVE-2018-15657
+ RESERVED
+CVE-2018-15656
+ RESERVED
+CVE-2018-15655
+ RESERVED
+CVE-2018-15654
+ RESERVED
+CVE-2018-15653
+ RESERVED
+CVE-2018-15652
+ RESERVED
+CVE-2018-15651
+ RESERVED
+CVE-2018-15650
+ RESERVED
+CVE-2018-15649
+ RESERVED
+CVE-2018-15648
+ RESERVED
+CVE-2018-15647
+ RESERVED
+CVE-2018-15646
+ RESERVED
+CVE-2018-15645
+ RESERVED
+CVE-2018-15644
+ RESERVED
+CVE-2018-15643
+ RESERVED
+CVE-2018-15642
+ RESERVED
+CVE-2018-15641
+ RESERVED
+CVE-2018-15640
+ RESERVED
+CVE-2018-15639
+ RESERVED
+CVE-2018-15638
+ RESERVED
+CVE-2018-15637
+ RESERVED
+CVE-2018-15636
+ RESERVED
+CVE-2018-15635
+ RESERVED
+CVE-2018-15634
+ RESERVED
+CVE-2018-15633
+ RESERVED
+CVE-2018-15632
+ RESERVED
+CVE-2018-15631
+ RESERVED
+CVE-2018-15630
+ RESERVED
+CVE-2018-15629
+ RESERVED
+CVE-2018-15628
+ RESERVED
+CVE-2018-15627
+ RESERVED
+CVE-2018-15626
+ RESERVED
+CVE-2018-15625
+ RESERVED
+CVE-2018-15624
+ RESERVED
+CVE-2018-15623
+ RESERVED
+CVE-2018-15622
+ RESERVED
+CVE-2018-15621
+ RESERVED
+CVE-2018-15620
+ RESERVED
+CVE-2018-15619
+ RESERVED
+CVE-2018-15618
+ RESERVED
+CVE-2018-15617
+ RESERVED
+CVE-2018-15616
+ RESERVED
+CVE-2018-15615
+ RESERVED
+CVE-2018-15614
+ RESERVED
+CVE-2018-15613
+ RESERVED
+CVE-2018-15612
+ RESERVED
+CVE-2018-15611
+ RESERVED
+CVE-2018-15610
+ RESERVED
+CVE-2018-15609
+ RESERVED
+CVE-2018-15608
+ RESERVED
+CVE-2018-15607 (In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 ...)
+ TODO: check
+CVE-2018-15606
+ RESERVED
+CVE-2018-15605
+ RESERVED
CVE-2018-XXXX [security issue with the PASS command and duplicate server instances]
- charybdis <unfixed> (bug #906879)
[stretch] - charybdis <not-affected> (Vulnerable code added later)
@@ -239,10 +357,10 @@ CVE-2018-15536
RESERVED
CVE-2018-15535
RESERVED
-CVE-2018-15534
- RESERVED
-CVE-2018-15533
- RESERVED
+CVE-2018-15534 (Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of ...)
+ TODO: check
+CVE-2018-15533 (A reflected cross-site scripting vulnerability exists in Geutebrueck ...)
+ TODO: check
CVE-2018-15532
RESERVED
CVE-2018-15531
@@ -251,8 +369,8 @@ CVE-2018-15530
RESERVED
CVE-2018-15529
RESERVED
-CVE-2018-15528
- RESERVED
+CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System Solutions SSO ...)
+ TODO: check
CVE-2018-15527
RESERVED
CVE-2018-15526
@@ -349,8 +467,8 @@ CVE-2018-15483
RESERVED
CVE-2018-15482 (Certain LG devices based on Android 6.0 through 8.1 have incorrect ...)
NOT-FOR-US: LG devices specific issue
-CVE-2018-15481
- RESERVED
+CVE-2018-15481 (Improper input sanitization within the restricted administration shell ...)
+ TODO: check
CVE-2018-15480
RESERVED
CVE-2018-15479
@@ -604,6 +722,7 @@ CVE-2018-15351 (Denial of service via crafting malicious link and sending it to
CVE-2018-15350 (Router Default Credentials in Kraftway 24F2XG Router firmware version ...)
NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15473 (OpenSSH through 7.7 is prone to a user enumeration vulnerability due to ...)
+ {DLA-1474-1}
- openssh 1:7.7p1-4 (bug #906236)
NOTE: http://www.openwall.com/lists/oss-security/2018/08/15/5
NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
@@ -1794,12 +1913,12 @@ CVE-2018-14797
RESERVED
CVE-2018-14796
RESERVED
-CVE-2018-14795
- RESERVED
+CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...)
+ TODO: check
CVE-2018-14794
RESERVED
-CVE-2018-14793
- RESERVED
+CVE-2018-14793 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...)
+ TODO: check
CVE-2018-14792
RESERVED
CVE-2018-14791
@@ -2351,6 +2470,7 @@ CVE-2018-14595
CVE-2018-14594
RESERVED
CVE-2018-14593 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x ...)
+ {DLA-1473-1}
- otrs2 6.0.10-1
NOTE: https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/
NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/57cda14db8fdbcbfb8cabb32d85fbc89fde48c62
@@ -8598,8 +8718,7 @@ CVE-2018-12117
RESERVED
CVE-2018-12116
RESERVED
-CVE-2018-12115
- RESERVED
+CVE-2018-12115 (In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when ...)
- nodejs <unfixed> (unimportant)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
NOTE: Nodejs not covered by security support
@@ -11707,8 +11826,7 @@ CVE-2018-10934
- wildfly <itp> (bug #752018)
CVE-2018-10933
RESERVED
-CVE-2018-10932 [improper sanitization of shell-escape codes ]
- RESERVED
+CVE-2018-10932 (lldptool version 1.0.1 and older can print a raw, unsanitized attacker ...)
- lldpad 1.0.1+git20180808.4e642bd-1 (unimportant; bug #905901)
NOTE: https://github.com/intel/openlldp/pull/7
NOTE: https://github.com/intel/openlldp/commit/41feb359a9d0082b0bcf68b1f2b37227f02af4f1
@@ -11816,8 +11934,7 @@ CVE-2018-10903 (A flaw was found in python-cryptography versions between >=1.
[jessie] - python-cryptography <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com//pyca/cryptography/pull/4342
NOTE: https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef
-CVE-2018-10902 [MIDI driver race condition leads to a double-free]
- RESERVED
+CVE-2018-10902 (It was found that the raw midi kernel driver does not protect against ...)
- linux 4.17.15-1
NOTE: https://git.kernel.org/linus/39675f7a7c7e7702f7d5341f1e0d01db746543a0 (4.18-rc6)
CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization subsystem. The ...)
@@ -13849,7 +13966,7 @@ CVE-2018-10141
RESERVED
CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
-CVE-2018-10139 (The PAN-OS response page for GlobalProtect in Palo Alto Networks ...)
+CVE-2018-10139 (The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2018-10138 (The CATALooK.netStore module through 7.2.8 for DNN (formerly ...)
NOT-FOR-US: DNN
@@ -21930,8 +22047,7 @@ CVE-2018-7168
CVE-2018-7167 (Calling Buffer.fill() or Buffer.alloc() with some parameters can lead ...)
- nodejs <unfixed> (unimportant)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#calls-to-buffer-fill-and-or-buffer-alloc-may-hang-cve-2018-7167
-CVE-2018-7166
- RESERVED
+CVE-2018-7166 (In all versions of Node.js 10 prior to 10.9.0, an argument processing ...)
[experimental] - nodejs <unfixed>
- nodejs <not-affected> (Only affects 10.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
@@ -23143,8 +23259,8 @@ CVE-2018-6694
RESERVED
CVE-2018-6693
RESERVED
-CVE-2018-6692
- RESERVED
+CVE-2018-6692 (Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin ...)
+ TODO: check
CVE-2018-6691
RESERVED
CVE-2018-6690
@@ -23682,8 +23798,8 @@ CVE-2018-6559
RESERVED
CVE-2018-6558
RESERVED
-CVE-2018-6557
- RESERVED
+CVE-2018-6557 (The MOTD update script in the base-files package in Ubuntu 18.04 LTS ...)
+ TODO: check
CVE-2018-6556 (lxc-user-nic when asked to delete a network interface will ...)
- lxc <unfixed> (bug #905586)
[stretch] - lxc <not-affected> (Vulnerable code introduced later)
@@ -40105,10 +40221,10 @@ CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, .
NOT-FOR-US: Huawei
CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with Versions ...)
NOT-FOR-US: inputhub driver of HUAWEI P9 Lite mobile phones
-CVE-2017-17312
- RESERVED
-CVE-2017-17311
- RESERVED
+CVE-2017-17312 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...)
+ TODO: check
+CVE-2017-17311 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...)
+ TODO: check
CVE-2017-17310 (Electronic Numbers to URI Mapping (ENUM) module in some Huawei ...)
NOT-FOR-US: Huawei
CVE-2017-17309 (Huawei HG255s-10 V100R001C163B025SP02 has a path traversal ...)
@@ -40119,8 +40235,8 @@ CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141 have
NOT-FOR-US: Huawei
CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141, ...)
NOT-FOR-US: Huawei
-CVE-2017-17305
- RESERVED
+CVE-2017-17305 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...)
+ TODO: check
CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...)
NOT-FOR-US: Huawei
CVE-2017-17303 (Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf8d6d976dee50e7ccce2fb28d455575804261b1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf8d6d976dee50e7ccce2fb28d455575804261b1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180821/6b855b5d/attachment.html>
More information about the debian-security-tracker-commits
mailing list