[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 6 21:10:45 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae7734d1 by security tracker role at 2018-07-06T20:10:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,103 @@
+CVE-2018-13414
+ RESERVED
+CVE-2018-13413
+ RESERVED
+CVE-2018-13412
+ RESERVED
+CVE-2018-13411
+ RESERVED
+CVE-2018-13410 (** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line ...)
+ TODO: check
+CVE-2018-13409 (An issue was discovered in Jirafeau before 3.4.1. The "search file by ...)
+ TODO: check
+CVE-2018-13408 (An issue was discovered in Jirafeau before 3.4.1. The "search file by ...)
+ TODO: check
+CVE-2018-13407 (A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" ...)
+ TODO: check
+CVE-2018-13406 (An integer overflow in the uvesafb_setcmap function in ...)
+ TODO: check
+CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel through ...)
+ TODO: check
+CVE-2018-13404
+ RESERVED
+CVE-2018-13403
+ RESERVED
+CVE-2018-13402
+ RESERVED
+CVE-2018-13401
+ RESERVED
+CVE-2018-13400
+ RESERVED
+CVE-2018-13399
+ RESERVED
+CVE-2018-13398
+ RESERVED
+CVE-2018-13397
+ RESERVED
+CVE-2018-13396
+ RESERVED
+CVE-2018-13395
+ RESERVED
+CVE-2018-13394
+ RESERVED
+CVE-2018-13393
+ RESERVED
+CVE-2018-13392
+ RESERVED
+CVE-2018-13391
+ RESERVED
+CVE-2018-13390
+ RESERVED
+CVE-2018-13389
+ RESERVED
+CVE-2018-13388
+ RESERVED
+CVE-2018-13387
+ RESERVED
+CVE-2018-13386
+ RESERVED
+CVE-2018-13385
+ RESERVED
+CVE-2018-13384
+ RESERVED
+CVE-2018-13383
+ RESERVED
+CVE-2018-13382
+ RESERVED
+CVE-2018-13381
+ RESERVED
+CVE-2018-13380
+ RESERVED
+CVE-2018-13379
+ RESERVED
+CVE-2018-13378
+ RESERVED
+CVE-2018-13377
+ RESERVED
+CVE-2018-13376
+ RESERVED
+CVE-2018-13375
+ RESERVED
+CVE-2018-13374
+ RESERVED
+CVE-2018-13373
+ RESERVED
+CVE-2018-13372
+ RESERVED
+CVE-2018-13371
+ RESERVED
+CVE-2018-13370
+ RESERVED
+CVE-2018-13369
+ RESERVED
+CVE-2018-13368
+ RESERVED
+CVE-2018-13367
+ RESERVED
+CVE-2018-13366
+ RESERVED
+CVE-2018-13365
+ RESERVED
CVE-2018-13364
RESERVED
CVE-2018-13363
@@ -522,12 +622,12 @@ CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta 1 allows remot
NOTE: https://github.com/appneta/tcpreplay/issues/477
CVE-2018-13111
RESERVED
-CVE-2018-13110
- RESERVED
-CVE-2018-13109
- RESERVED
-CVE-2018-13108
- RESERVED
+CVE-2018-13110 (All ADB broadband gateways / routers based on the Epicentro platform ...)
+ TODO: check
+CVE-2018-13109 (All ADB broadband gateways / routers based on the Epicentro platform ...)
+ TODO: check
+CVE-2018-13108 (All ADB broadband gateways / routers based on the Epicentro platform ...)
+ TODO: check
CVE-2018-13107
RESERVED
CVE-2018-13106 (ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen ...)
@@ -983,7 +1083,7 @@ CVE-2018-12912 (An issue wan discovered in admin\controllers\database.php in Hon
CVE-2018-12911
RESERVED
CVE-2018-12910 (soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup allows ...)
- {DSA-4241-1}
+ {DSA-4241-1 DLA-1416-1}
- libsoup2.4 2.62.2-2
NOTE: https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f
CVE-2018-12909 (** DISPUTED ** Webgrind 1.5 relies on user input to display a file, ...)
@@ -5256,8 +5356,7 @@ CVE-2018-11306
RESERVED
CVE-2018-11305
RESERVED
-CVE-2018-11304
- RESERVED
+CVE-2018-11304 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11303
RESERVED
@@ -5347,14 +5446,11 @@ CVE-2018-11261
RESERVED
CVE-2018-11260
RESERVED
-CVE-2018-11259
- RESERVED
+CVE-2018-11259 (Due to Improper Access Control of NAND-based EFS in Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11258
- RESERVED
+CVE-2018-11258 (In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11257
- RESERVED
+CVE-2018-11257 (Permissions, Privileges, and Access Controls in TA in Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18283
RESERVED
@@ -5752,8 +5848,8 @@ CVE-2018-11126 (dg-user/?controller=users&action=add in doorGets 7.0 has CSR
NOT-FOR-US: doorGets
CVE-2018-11125
REJECTED
-CVE-2018-11124
- RESERVED
+CVE-2018-11124 (Cross-site scripting (XSS) vulnerability in Attributes functionality ...)
+ TODO: check
CVE-2018-11123
RESERVED
CVE-2018-11122
@@ -6294,8 +6390,7 @@ CVE-2018-10894
RESERVED
CVE-2018-10893
RESERVED
-CVE-2018-10892 [docker: container breakout without selinux in enforcing mode]
- RESERVED
+CVE-2018-10892 (The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby ...)
- docker.io <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598581
CVE-2018-10891
@@ -7302,6 +7397,7 @@ CVE-2018-10526
CVE-2018-10525
RESERVED
CVE-2017-18264 (An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 ...)
+ {DLA-1415-1}
- phpmyadmin 4:4.6.6-2
NOTE: https://www.phpmyadmin.net/security/PMASA-2017-8/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/7232271a379396ca1d4b083af051262057003c41 (4.7-branch)
@@ -11253,8 +11349,8 @@ CVE-2018-8931 (The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have .
NOT-FOR-US: AMD
CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...)
NOT-FOR-US: AMD
-CVE-2018-8929
- RESERVED
+CVE-2018-8929 (Improper restriction of communication channel to intended endpoints ...)
+ TODO: check
CVE-2018-8928 (Cross-site scripting (XSS) vulnerability in Address Book Editor in ...)
NOT-FOR-US: Synology
CVE-2018-8927 (Improper authorization vulnerability in SYNO.Cal.Event in Calendar ...)
@@ -17689,10 +17785,10 @@ CVE-2017-18161
RESERVED
CVE-2017-18160
RESERVED
-CVE-2017-18159
- RESERVED
-CVE-2017-18158
- RESERVED
+CVE-2017-18159 (In Android releases from CAF using the linux kernel (Android for MSM, ...)
+ TODO: check
+CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in Android ...)
+ TODO: check
CVE-2017-18157
RESERVED
CVE-2017-18156
@@ -20293,8 +20389,7 @@ CVE-2018-5909
RESERVED
CVE-2018-5908
RESERVED
-CVE-2018-5907
- RESERVED
+CVE-2018-5907 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5906
RESERVED
@@ -20310,42 +20405,41 @@ CVE-2018-5901
RESERVED
CVE-2018-5900
RESERVED
-CVE-2018-5899
- RESERVED
-CVE-2018-5898
- RESERVED
-CVE-2018-5897
- RESERVED
-CVE-2018-5896
- RESERVED
-CVE-2018-5895
- RESERVED
-CVE-2018-5894
- RESERVED
-CVE-2018-5893
- RESERVED
-CVE-2018-5892
- RESERVED
-CVE-2018-5891
- RESERVED
-CVE-2018-5890
- RESERVED
-CVE-2018-5889
- RESERVED
-CVE-2018-5888
- RESERVED
-CVE-2018-5887
- RESERVED
-CVE-2018-5886
- RESERVED
-CVE-2018-5885
- RESERVED
-CVE-2018-5884
- RESERVED
+CVE-2018-5899 (In Android releases from CAF using the linux kernel (Android for MSM, ...)
+ TODO: check
+CVE-2018-5898 (Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function ...)
+ TODO: check
+CVE-2018-5897 (While reading the data from buffer in dci_process_ctrl_status() there ...)
+ TODO: check
+CVE-2018-5896 (In Android releases from CAF using the linux kernel (Android for MSM, ...)
+ TODO: check
+CVE-2018-5895 (Buffer over-read may happen in wma_process_utf_event() due to improper ...)
+ TODO: check
+CVE-2018-5894 (Improper Validation of Array Index in Multimedia While parsing an mp4 ...)
+ TODO: check
+CVE-2018-5893 (While processing a message from firmware in htt_t2h_msg_handler_fast() ...)
+ TODO: check
+CVE-2018-5892 (The Touch Pal application can collect user behavior data without ...)
+ TODO: check
+CVE-2018-5891 (While processing modem SSR after IMS is registered, the IMS data ...)
+ TODO: check
+CVE-2018-5890 (If the fdt_totalsize is reported as 0 for the current device tree, it ...)
+ TODO: check
+CVE-2018-5889 (While processing a compressed kernel image, a buffer overflow can ...)
+ TODO: check
+CVE-2018-5888 (While processing the system path, an out of bounds access can occur in ...)
+ TODO: check
+CVE-2018-5887 (While processing the USB StrSerialDescriptor array, an array index out ...)
+ TODO: check
+CVE-2018-5886 (A pointer in an ADSPRPC command is not properly validated in all ...)
+ TODO: check
+CVE-2018-5885 (While loading dynamic fonts, a buffer overflow may occur if the number ...)
+ TODO: check
+CVE-2018-5884 (Improper Access Control in Multimedia in Snapdragon Mobile and ...)
+ TODO: check
CVE-2018-5883
RESERVED
-CVE-2018-5882
- RESERVED
+CVE-2018-5882 (While parsing a Flac file with a corrupted comment block, a buffer ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5881
RESERVED
@@ -20353,24 +20447,19 @@ CVE-2018-5880
RESERVED
CVE-2018-5879
RESERVED
-CVE-2018-5878
- RESERVED
+CVE-2018-5878 (While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5877
RESERVED
-CVE-2018-5876
- RESERVED
+CVE-2018-5876 (While parsing an mp4 file, a buffer overflow can occur in Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5875
- RESERVED
+CVE-2018-5875 (While parsing an mp4 file, an integer overflow leading to a buffer ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5874
- RESERVED
+CVE-2018-5874 (While parsing an mp4 file, a stack-based buffer overflow can occur in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5873
- RESERVED
-CVE-2018-5872
- RESERVED
+CVE-2018-5873 (Due to a race condition when accessing files in all Android releases ...)
+ TODO: check
+CVE-2018-5872 (While parsing over-the-air information elements in all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5871
RESERVED
@@ -20384,38 +20473,31 @@ CVE-2018-5867
RESERVED
CVE-2018-5866
RESERVED
-CVE-2018-5865
- RESERVED
+CVE-2018-5865 (While processing a debug log event from firmware in all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5864
- RESERVED
+CVE-2018-5864 (While processing a WMI_APFIND event in all Android releases from CAF ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5863 (If userspace provides a too-large WPA RSN IE length in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5862
- RESERVED
+CVE-2018-5862 (In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5861
RESERVED
CVE-2018-5860 (In the MDSS driver in all Android releases(Android for MSM, Firefox OS ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5859
- RESERVED
+CVE-2018-5859 (Due to a race condition in the MDSS MDP driver in all Android releases ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5858
- RESERVED
+CVE-2018-5858 (In the audio debugfs in all Android releases from CAF using the Linux ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5857 (In the WCD CPE codec, a Use After Free condition can occur in all ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5856
RESERVED
-CVE-2018-5855
- RESERVED
+CVE-2018-5855 (While padding or shrinking a nested wmi packet in all Android releases ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5853
- RESERVED
+CVE-2018-5853 (A race condition exists in a driver in all Android releases from CAF ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5852
RESERVED
@@ -20445,28 +20527,27 @@ CVE-2018-5840 (Buffer Copy without Checking Size of Input can occur during the D
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5839
RESERVED
-CVE-2018-5838
- RESERVED
+CVE-2018-5838 (Improper Validation of Array Index In the adreno OpenGL driver in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5837
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5836
- RESERVED
-CVE-2018-5835
- RESERVED
-CVE-2018-5834
- RESERVED
+CVE-2018-5836 (In wma_nan_rsp_event_handler() in Android releases from CAF using the ...)
+ TODO: check
+CVE-2018-5835 (If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in ...)
+ TODO: check
+CVE-2018-5834 (In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can ...)
+ TODO: check
CVE-2018-5833
RESERVED
-CVE-2018-5832
- RESERVED
-CVE-2018-5831
- RESERVED
-CVE-2018-5830
- RESERVED
-CVE-2018-5829
- RESERVED
+CVE-2018-5832 (Due to a race condition in a camera driver ioctl handler in Android ...)
+ TODO: check
+CVE-2018-5831 (In the KGSL driver in Android releases from CAF using the linux kernel ...)
+ TODO: check
+CVE-2018-5830 (While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a ...)
+ TODO: check
+CVE-2018-5829 (In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF ...)
+ TODO: check
CVE-2018-5828 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5827 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -26331,8 +26412,8 @@ CVE-2017-17936 (Vanguard Marketplace Digital Products PHP has CSRF via /search.
NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2018-3609 (A vulnerability in the Trend Micro InterScan Messaging Security ...)
NOT-FOR-US: Trend Micro
-CVE-2018-3608
- RESERVED
+CVE-2018-3608 (A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 ...)
+ TODO: check
CVE-2018-3607 (XXXTreeNode method SQL injection remote code execution (RCE) ...)
NOT-FOR-US: Trend Micro
CVE-2018-3606 (XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL ...)
@@ -26805,8 +26886,8 @@ CVE-2018-3599 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3598 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3597
- RESERVED
+CVE-2018-3597 (In the ADSP RPC driver in Android releases from CAF using the linux ...)
+ TODO: check
CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3595
@@ -26825,10 +26906,9 @@ CVE-2018-3589 (In Android before security patch level 2018-04-05 on Qualcomm ...
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3588
RESERVED
-CVE-2018-3587
- RESERVED
-CVE-2018-3586
- RESERVED
+CVE-2018-3587 (In a firmware memory dump feature in all Android releases from CAF ...)
+ TODO: check
+CVE-2018-3586 (An integer overflow to buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3585
RESERVED
@@ -26846,8 +26926,8 @@ CVE-2018-3579 (In the WLAN driver in all Android releases from CAF (Android for
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3578 (Type mismatch for ie_len can cause the WLAN driver to allocate less ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3577
- RESERVED
+CVE-2018-3577 (While processing fragments, when the fragment count becomes very ...)
+ TODO: check
CVE-2018-3576 (improper validation of array index in WiFi driver function ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3575
@@ -26860,11 +26940,10 @@ CVE-2018-3572 (While processing a DSP buffer in an audio driver's event handler,
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3571 (In the KGSL driver in all Android releases from CAF (Android for MSM, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3570
- RESERVED
+CVE-2018-3570 (In the cpuidle driver in all Android releases(Android for MSM, Firefox ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3569
- RESERVED
+CVE-2018-3569 (A buffer over-read can occur during a fast initial link setup (FILS) ...)
+ TODO: check
CVE-2018-3568 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3567 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -26873,8 +26952,8 @@ CVE-2018-3566 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3565 (While sending a probe request indication in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3564
- RESERVED
+CVE-2018-3564 (In the FastRPC driver in Android releases from CAF using the linux ...)
+ TODO: check
CVE-2018-3563 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3562 (Buffer over -read can occur while processing a FILS authentication ...)
@@ -31395,8 +31474,8 @@ CVE-2018-1678
RESERVED
CVE-2018-1677
RESERVED
-CVE-2018-1676
- RESERVED
+CVE-2018-1676 (IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site ...)
+ TODO: check
CVE-2018-1675
RESERVED
CVE-2018-1674
@@ -31505,8 +31584,8 @@ CVE-2018-1623
RESERVED
CVE-2018-1622
RESERVED
-CVE-2018-1621
- RESERVED
+CVE-2018-1621 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ TODO: check
CVE-2018-1620
RESERVED
CVE-2018-1619
@@ -31635,10 +31714,10 @@ CVE-2018-1558
RESERVED
CVE-2018-1557
RESERVED
-CVE-2018-1556
- RESERVED
-CVE-2018-1555
- RESERVED
+CVE-2018-1556 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to ...)
+ TODO: check
+CVE-2018-1555 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to ...)
+ TODO: check
CVE-2018-1554
RESERVED
CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow ...)
@@ -31655,16 +31734,16 @@ CVE-2018-1548
RESERVED
CVE-2018-1547 (IBM Robotic Process Automation with Automation Anywhere 10.0 could ...)
NOT-FOR-US: IBM
-CVE-2018-1546
- RESERVED
+CVE-2018-1546 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker ...)
+ TODO: check
CVE-2018-1545
RESERVED
CVE-2018-1544 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2018-1543 (IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain ...)
NOT-FOR-US: IBM
-CVE-2018-1542
- RESERVED
+CVE-2018-1542 (IBM FileNet Content Manager, IBM Content Foundation, and IBM Case ...)
+ TODO: check
CVE-2018-1541
RESERVED
CVE-2018-1540
@@ -31759,8 +31838,8 @@ CVE-2018-1496 (IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is ..
NOT-FOR-US: IBM Content Navigator
CVE-2018-1495 (IBM FlashSystem V840 and V900 products could allow an authenticated ...)
NOT-FOR-US: IBM
-CVE-2018-1494
- RESERVED
+CVE-2018-1494 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through ...)
+ TODO: check
CVE-2018-1493
RESERVED
CVE-2018-1492
@@ -40706,8 +40785,8 @@ CVE-2017-15858
RESERVED
CVE-2017-15857 (In the camera driver, an out-of-bounds access can occur due to an ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-15856
- RESERVED
+CVE-2017-15856 (Due to a race condition while processing the power stats debug file to ...)
+ TODO: check
CVE-2017-15855 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15854 (The value of fix_param->num_chans is received from firmware and if it ...)
@@ -40716,8 +40795,7 @@ CVE-2017-15853 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15852 (Information leak of the ISPIF base address in Android for MSM, Firefox ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-15851
- RESERVED
+CVE-2017-15851 (Lack of copy_from_user and information leak in function ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15850 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
@@ -40773,8 +40851,8 @@ CVE-2017-15826 (Due to a race condition in MDSS rotator in Android for MSM, Fire
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15825
RESERVED
-CVE-2017-15824
- RESERVED
+CVE-2017-15824 (In Android releases from CAF using the linux kernel (Android for MSM, ...)
+ TODO: check
CVE-2017-15823 (In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15822 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -43701,8 +43779,8 @@ CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Android
CVE-2017-14894 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-14893
- RESERVED
+CVE-2017-14893 (While flashing meta image, a buffer over-read may potentially occur ...)
+ TODO: check
CVE-2017-14892 (In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14891 (In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, ...)
@@ -43743,8 +43821,8 @@ CVE-2017-14874
RESERVED
CVE-2017-14873 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-14872
- RESERVED
+CVE-2017-14872 (While flashing a meta image, a buffer over-read can potentially occur ...)
+ TODO: check
CVE-2017-14871
RESERVED
CVE-2017-14870 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -55284,8 +55362,8 @@ CVE-2017-11090 (In android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11089 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11088
- RESERVED
+CVE-2017-11088 (Improper Input Validation in Linux io-prefetch in Snapdragon Mobile ...)
+ TODO: check
CVE-2017-11087 (libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-11086
@@ -81247,8 +81325,7 @@ CVE-2017-2666
- undertow 1.4.18-1 (bug #864405)
NOTE: https://issues.jboss.org/browse/UNDERTOW-1101
NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
-CVE-2017-2665
- RESERVED
+CVE-2017-2665 (The skyring-setup command creates random password for mongodb skyring ...)
NOT-FOR-US: Red Hat Storage / skyring
CVE-2017-2664
RESERVED
@@ -83244,8 +83321,8 @@ CVE-2017-1797
RESERVED
CVE-2017-1796
RESERVED
-CVE-2017-1795
- RESERVED
+CVE-2017-1795 (IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local ...)
+ TODO: check
CVE-2017-1794
RESERVED
CVE-2017-1793
@@ -83716,8 +83793,8 @@ CVE-2017-1561 (IBM Rational Quality Manager and IBM Rational Collaborative Lifec
NOT-FOR-US: IBM
CVE-2017-1560 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2017-1559
- RESERVED
+CVE-2017-1559 (Multiple IBM Rational products could disclose sensitive information by ...)
+ TODO: check
CVE-2017-1558 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2017-1557 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with ...)
@@ -83816,8 +83893,8 @@ CVE-2017-1511
RESERVED
CVE-2017-1510
RESERVED
-CVE-2017-1509
- RESERVED
+CVE-2017-1509 (IBM Jazz Foundation products could allow an authenticated user to ...)
+ TODO: check
CVE-2017-1508 (IBM Informix Dynamic Server 12.1 could allow a local user logged in ...)
NOT-FOR-US: IBM
CVE-2017-1507 (IBM Jazz Foundation Products could disclose sensitive information ...)
@@ -83858,8 +83935,7 @@ CVE-2017-1490 (An unspecified vulnerability in the Lifecycle Query Engine of Jaz
NOT-FOR-US: IBM
CVE-2017-1489 (IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community ...)
NOT-FOR-US: IBM
-CVE-2017-1488
- RESERVED
+CVE-2017-1488 (An undisclosed vulnerability in Jazz common products exists with ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated attacker to ...)
NOT-FOR-US: IBM
@@ -84177,8 +84253,8 @@ CVE-2017-1331 (IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site
NOT-FOR-US: IBM
CVE-2017-1330
RESERVED
-CVE-2017-1329
- RESERVED
+CVE-2017-1329 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable ...)
+ TODO: check
CVE-2017-1328 (IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to ...)
NOT-FOR-US: IBM
CVE-2017-1327 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
@@ -84339,8 +84415,8 @@ CVE-2017-1250 (IBM Rational Quality Manager and IBM Rational Collaborative Lifec
NOT-FOR-US: IBM
CVE-2017-1249 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. ...)
NOT-FOR-US: IBM
-CVE-2017-1248
- RESERVED
+CVE-2017-1248 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable ...)
+ TODO: check
CVE-2017-1247 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1246
@@ -84351,18 +84427,18 @@ CVE-2017-1244
RESERVED
CVE-2017-1243
RESERVED
-CVE-2017-1242
- RESERVED
+CVE-2017-1242 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable ...)
+ TODO: check
CVE-2017-1241 (An unspecified vulnerability in IBM Jazz Foundation based applications ...)
NOT-FOR-US: IBM
CVE-2017-1240 (IBM Rhapsody DM products could reveal sensitive information in HTTP ...)
NOT-FOR-US: IBM
-CVE-2017-1239
- RESERVED
-CVE-2017-1238
- RESERVED
-CVE-2017-1237
- RESERVED
+CVE-2017-1239 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal ...)
+ TODO: check
+CVE-2017-1238 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable ...)
+ TODO: check
+CVE-2017-1237 (IBM Jazz based applications are vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2017-1236 (IBM WebSphere MQ 9.0.2 could allow an authenticated user to ...)
NOT-FOR-US: IBM
CVE-2017-1235 (IBM WebSphere MQ 8.0 could allow an authenticated user to cause a ...)
@@ -87320,7 +87396,7 @@ CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username or
[jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in serialized ...)
- {DLA-757-1}
+ {DLA-1415-1 DLA-757-1}
- phpmyadmin 4:4.6.5.1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/17b34be (RELEASE_4_6_5)
@@ -96657,23 +96733,25 @@ CVE-2016-6623 (An issue was discovered in phpMyAdmin. An authorized user can cau
[jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-46/
CVE-2016-6622 (An issue was discovered in phpMyAdmin. An unauthenticated user is able ...)
- {DLA-626-1}
+ {DLA-1415-1 DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
CVE-2016-6621 (The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before ...)
- {DLA-834-1}
+ {DLA-1415-1 DLA-834-1}
- phpmyadmin 4:4.6.6-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-44/
NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/12481
CVE-2016-6620 (An issue was discovered in phpMyAdmin. Some data is passed to the PHP ...)
- {DLA-626-1}
+ {DLA-1415-1 DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-43/
CVE-2016-6619 (An issue was discovered in phpMyAdmin. In the user interface ...)
+ {DLA-1415-1}
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-42/
CVE-2016-6618 (An issue was discovered in phpMyAdmin. The transformation feature ...)
+ {DLA-1415-1}
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-41/
@@ -96682,15 +96760,17 @@ CVE-2016-6617 (An issue was discovered in phpMyAdmin. A specially crafted databa
[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
CVE-2016-6616 (An issue was discovered in phpMyAdmin. In the "User group" and ...)
+ {DLA-1415-1}
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Only affects 4.4.x onward)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-39/
CVE-2016-6615 (XSS issues were discovered in phpMyAdmin. This affects navigation pane ...)
+ {DLA-1415-1}
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-38/
CVE-2016-6614 (An issue was discovered in phpMyAdmin involving the %u username ...)
- {DLA-626-1}
+ {DLA-1415-1 DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-37/
CVE-2016-6613 (An issue was discovered in phpMyAdmin. A user can specially craft a ...)
@@ -96714,7 +96794,7 @@ CVE-2016-6610 (A full path disclosure vulnerability was discovered in phpMyAdmin
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-33/
NOTE: Not relevant to packaged version in Debian
CVE-2016-6609 (An issue was discovered in phpMyAdmin. A specially crafted database ...)
- {DLA-626-1}
+ {DLA-1415-1 DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the database ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae7734d1068fea76b572e74cb11ce6d42d4740f5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae7734d1068fea76b572e74cb11ce6d42d4740f5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180706/b44ba4e5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list