[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 11 09:10:30 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34ad66d3 by security tracker role at 2018-07-11T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,46 @@
-CVE-2018-13863 [Regular expression denial of service in decimal128.js]
+CVE-2018-13879 (A reflected XSS issue was discovered in the registration form in ...)
+ TODO: check
+CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js ...)
+ TODO: check
+CVE-2018-13877
+ RESERVED
+CVE-2018-13876 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+ TODO: check
+CVE-2018-13875 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ...)
+ TODO: check
+CVE-2018-13874 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+ TODO: check
+CVE-2018-13873 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+ TODO: check
+CVE-2018-13872 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+ TODO: check
+CVE-2018-13871 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+ TODO: check
+CVE-2018-13870 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+ TODO: check
+CVE-2018-13869 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+ TODO: check
+CVE-2018-13868 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+ TODO: check
+CVE-2018-13867 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ...)
+ TODO: check
+CVE-2018-13866 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+ TODO: check
+CVE-2018-13865 (An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the ...)
+ TODO: check
+CVE-2018-13864
+ RESERVED
+CVE-2018-13862
+ RESERVED
+CVE-2018-13861
+ RESERVED
+CVE-2018-13860
+ RESERVED
+CVE-2018-13859
+ RESERVED
+CVE-2018-13858
+ RESERVED
+CVE-2018-13863 (The MongoDB bson JavaScript module (also known as js-bson) versions ...)
- node-bson <itp> (bug #897282)
NOTE: https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a
CVE-2018-13857
@@ -13709,8 +13751,8 @@ CVE-2018-8358
RESERVED
CVE-2018-8357
RESERVED
-CVE-2018-8356
- RESERVED
+CVE-2018-8356 (A security feature bypass vulnerability exists when Microsoft .NET ...)
+ TODO: check
CVE-2018-8355
RESERVED
CVE-2018-8354
@@ -13767,24 +13809,24 @@ CVE-2018-8329
RESERVED
CVE-2018-8328
RESERVED
-CVE-2018-8327
- RESERVED
-CVE-2018-8326
- RESERVED
-CVE-2018-8325
- RESERVED
-CVE-2018-8324
- RESERVED
-CVE-2018-8323
- RESERVED
+CVE-2018-8327 (A remote code execution vulnerability exists in PowerShell Editor ...)
+ TODO: check
+CVE-2018-8326 (A cross-site-scripting (XSS) vulnerability exists when an open source ...)
+ TODO: check
+CVE-2018-8325 (An information disclosure vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8324 (An information disclosure vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8323 (An elevation of privilege vulnerability exists when Microsoft ...)
+ TODO: check
CVE-2018-8322
RESERVED
CVE-2018-8321
RESERVED
CVE-2018-8320
RESERVED
-CVE-2018-8319
- RESERVED
+CVE-2018-8319 (A Security Feature Bypass vulnerability exists in MSR JavaScript ...)
+ TODO: check
CVE-2018-8318
RESERVED
CVE-2018-8317
@@ -13793,88 +13835,88 @@ CVE-2018-8316
RESERVED
CVE-2018-8315
RESERVED
-CVE-2018-8314
- RESERVED
-CVE-2018-8313
- RESERVED
-CVE-2018-8312
- RESERVED
-CVE-2018-8311
- RESERVED
-CVE-2018-8310
- RESERVED
-CVE-2018-8309
- RESERVED
-CVE-2018-8308
- RESERVED
-CVE-2018-8307
- RESERVED
-CVE-2018-8306
- RESERVED
-CVE-2018-8305
- RESERVED
-CVE-2018-8304
- RESERVED
+CVE-2018-8314 (An elevation of privilege vulnerability exists when Windows fails a ...)
+ TODO: check
+CVE-2018-8313 (An elevation of privilege vulnerability exists in the way that the ...)
+ TODO: check
+CVE-2018-8312 (A remote code execution vulnerability exists when Microsoft Access ...)
+ TODO: check
+CVE-2018-8311 (A remote code execution vulnerability exists when Skype for Business ...)
+ TODO: check
+CVE-2018-8310 (A tampering vulnerability exists when Microsoft Outlook does not ...)
+ TODO: check
+CVE-2018-8309 (A denial of service vulnerability exists when Windows improperly ...)
+ TODO: check
+CVE-2018-8308 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2018-8307 (A security feature bypass vulnerability exists when Microsoft WordPad ...)
+ TODO: check
+CVE-2018-8306 (A command injection vulnerability exists in the Microsoft Wireless ...)
+ TODO: check
+CVE-2018-8305 (An information disclosure vulnerability exists in Windows Mail Client ...)
+ TODO: check
+CVE-2018-8304 (A denial of service vulnerability exists in Windows Domain Name System ...)
+ TODO: check
CVE-2018-8303
RESERVED
CVE-2018-8302
RESERVED
-CVE-2018-8301
- RESERVED
-CVE-2018-8300
- RESERVED
-CVE-2018-8299
- RESERVED
-CVE-2018-8298
- RESERVED
-CVE-2018-8297
- RESERVED
-CVE-2018-8296
- RESERVED
+CVE-2018-8301 (A remote code execution vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8300 (A remote code execution vulnerability exists in Microsoft SharePoint ...)
+ TODO: check
+CVE-2018-8299 (An elevation of privilege vulnerability exists when Microsoft ...)
+ TODO: check
+CVE-2018-8298 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
+CVE-2018-8297 (An information disclosure vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8296 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
CVE-2018-8295
RESERVED
-CVE-2018-8294
- RESERVED
+CVE-2018-8294 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
CVE-2018-8293
RESERVED
CVE-2018-8292
RESERVED
-CVE-2018-8291
- RESERVED
-CVE-2018-8290
- RESERVED
-CVE-2018-8289
- RESERVED
-CVE-2018-8288
- RESERVED
-CVE-2018-8287
- RESERVED
-CVE-2018-8286
- RESERVED
+CVE-2018-8291 (A remote code execution vulnerability exists in the way the scripting ...)
+ TODO: check
+CVE-2018-8290 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
+CVE-2018-8289 (An information disclosure vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8288 (A remote code execution vulnerability exists in the way the scripting ...)
+ TODO: check
+CVE-2018-8287 (A remote code execution vulnerability exists in the way the scripting ...)
+ TODO: check
+CVE-2018-8286 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
CVE-2018-8285
RESERVED
-CVE-2018-8284
- RESERVED
-CVE-2018-8283
- RESERVED
-CVE-2018-8282
- RESERVED
-CVE-2018-8281
- RESERVED
-CVE-2018-8280
- RESERVED
-CVE-2018-8279
- RESERVED
-CVE-2018-8278
- RESERVED
+CVE-2018-8284 (A remote code execution vulnerability exists when the Microsoft .NET ...)
+ TODO: check
+CVE-2018-8283 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
+CVE-2018-8282 (An elevation of privilege vulnerability exists in Windows when the ...)
+ TODO: check
+CVE-2018-8281 (A remote code execution vulnerability exists in Microsoft Office ...)
+ TODO: check
+CVE-2018-8280 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
+CVE-2018-8279 (A remote code execution vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8278 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
+ TODO: check
CVE-2018-8277
RESERVED
-CVE-2018-8276
- RESERVED
-CVE-2018-8275
- RESERVED
-CVE-2018-8274
- RESERVED
+CVE-2018-8276 (A security feature bypass vulnerability exists in the Microsoft Chakra ...)
+ TODO: check
+CVE-2018-8275 (A remote code execution vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8274 (A remote code execution vulnerability exists when Microsoft Edge ...)
+ TODO: check
CVE-2018-8273
RESERVED
CVE-2018-8272
@@ -13897,12 +13939,12 @@ CVE-2018-8264
RESERVED
CVE-2018-8263
RESERVED
-CVE-2018-8262
- RESERVED
+CVE-2018-8262 (A remote code execution vulnerability exists when Microsoft Edge ...)
+ TODO: check
CVE-2018-8261
RESERVED
-CVE-2018-8260
- RESERVED
+CVE-2018-8260 (A Remote Code Execution vulnerability exists in .NET software when the ...)
+ TODO: check
CVE-2018-8259
RESERVED
CVE-2018-8258
@@ -13937,16 +13979,16 @@ CVE-2018-8244 (An elevation of privilege vulnerability exists when Microsoft Out
NOT-FOR-US: Microsoft
CVE-2018-8243 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
-CVE-2018-8242
- RESERVED
+CVE-2018-8242 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
CVE-2018-8241
RESERVED
CVE-2018-8240
RESERVED
CVE-2018-8239 (An information disclosure vulnerability exists when the Windows GDI ...)
NOT-FOR-US: Microsoft
-CVE-2018-8238
- RESERVED
+CVE-2018-8238 (A security feature bypass vulnerability exists when Skype for Business ...)
+ TODO: check
CVE-2018-8237
RESERVED
CVE-2018-8236 (A remote code execution vulnerability exists when Microsoft Edge ...)
@@ -13957,8 +13999,8 @@ CVE-2018-8234 (An information disclosure vulnerability exists when Microsoft Edg
NOT-FOR-US: Microsoft
CVE-2018-8233 (An elevation of privilege vulnerability exists in Windows when the ...)
NOT-FOR-US: Microsoft
-CVE-2018-8232
- RESERVED
+CVE-2018-8232 (A Tampering vulnerability exists when Microsoft Macro Assembler ...)
+ TODO: check
CVE-2018-8231 (A remote code execution vulnerability exists when HTTP Protocol Stack ...)
NOT-FOR-US: Microsoft
CVE-2018-8230
@@ -13977,8 +14019,8 @@ CVE-2018-8224 (An elevation of privilege vulnerability exists when the Windows k
NOT-FOR-US: Microsoft
CVE-2018-8223
RESERVED
-CVE-2018-8222
- RESERVED
+CVE-2018-8222 (A security feature bypass vulnerability exists in Device Guard that ...)
+ TODO: check
CVE-2018-8221 (A security feature bypass vulnerability exists in Device Guard that ...)
NOT-FOR-US: Microsoft
CVE-2018-8220
@@ -14009,16 +14051,16 @@ CVE-2018-8208 (An elevation of privilege vulnerability exists in Windows when De
NOT-FOR-US: Microsoft
CVE-2018-8207 (An information disclosure vulnerability exists when the Windows kernel ...)
NOT-FOR-US: Microsoft
-CVE-2018-8206
- RESERVED
+CVE-2018-8206 (A denial of service vulnerability exists when Windows improperly ...)
+ TODO: check
CVE-2018-8205 (A denial of service vulnerability exists when Windows improperly ...)
NOT-FOR-US: Microsoft
CVE-2018-8204
RESERVED
CVE-2018-8203
RESERVED
-CVE-2018-8202
- RESERVED
+CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET Framework which ...)
+ TODO: check
CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard that ...)
NOT-FOR-US: Microsoft
CVE-2018-8200
@@ -14077,10 +14119,10 @@ CVE-2018-8174 (A remote code execution vulnerability exists in the way that the
NOT-FOR-US: Microsoft
CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft InfoPath ...)
NOT-FOR-US: Microsoft
-CVE-2018-8172
- RESERVED
-CVE-2018-8171
- RESERVED
+CVE-2018-8172 (A remote code execution vulnerability exists in Visual Studio software ...)
+ TODO: check
+CVE-2018-8171 (A Security Feature Bypass vulnerability exists in ASP.NET when the ...)
+ TODO: check
CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
CVE-2018-8169 (An elevation of privilege vulnerability exists when the (Human ...)
@@ -14171,8 +14213,8 @@ CVE-2018-8127 (An information disclosure vulnerability exists when the Windows k
NOT-FOR-US: Microsoft
CVE-2018-8126 (A security feature bypass vulnerability exists when Internet Explorer ...)
NOT-FOR-US: Microsoft
-CVE-2018-8125
- RESERVED
+CVE-2018-8125 (A remote code execution vulnerability exists when Microsoft Edge ...)
+ TODO: check
CVE-2018-8124 (An elevation of privilege vulnerability exists in Windows when the ...)
NOT-FOR-US: Microsoft
CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft Edge ...)
@@ -27156,8 +27198,7 @@ CVE-2018-3695
RESERVED
CVE-2018-3694
RESERVED
-CVE-2018-3693 [speculative bounds check bypass store]
- RESERVED
+CVE-2018-3693 (Systems with microprocessors utilizing speculative execution and ...)
- linux <unfixed>
NOTE: https://access.redhat.com/solutions/3523601
NOTE: https://01.org/security/advisories/intel-oss-10002
@@ -27169,20 +27210,20 @@ CVE-2018-3690
RESERVED
CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform Software ...)
NOT-FOR-US: Intel
-CVE-2018-3688
- RESERVED
-CVE-2018-3687
- RESERVED
+CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and Tools in ...)
+ TODO: check
+CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools in ...)
+ TODO: check
CVE-2018-3686
RESERVED
CVE-2018-3685
RESERVED
-CVE-2018-3684
- RESERVED
-CVE-2018-3683
- RESERVED
-CVE-2018-3682
- RESERVED
+CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 ...)
+ TODO: check
+CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 ...)
+ TODO: check
+CVE-2018-3682 (BMC Firmware in Intel server boards, compute modules, and systems ...)
+ TODO: check
CVE-2018-3681
RESERVED
CVE-2018-3680
@@ -27209,10 +27250,10 @@ CVE-2018-3670
RESERVED
CVE-2018-3669
RESERVED
-CVE-2018-3668
- RESERVED
-CVE-2018-3667
- RESERVED
+CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) ...)
+ TODO: check
+CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets ...)
+ TODO: check
CVE-2018-3666
RESERVED
CVE-2018-3665 (System software utilizing Lazy FP state restore technique on systems ...)
@@ -27247,8 +27288,8 @@ CVE-2018-3654
RESERVED
CVE-2018-3653
RESERVED
-CVE-2018-3652
- RESERVED
+CVE-2018-3652 (Existing UEFI setting restrictions for DCI (Direct Connect Interface) ...)
+ TODO: check
CVE-2018-3651
RESERVED
CVE-2018-3650
@@ -27297,18 +27338,18 @@ CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connec
NOT-FOR-US: Intel
CVE-2018-3633
RESERVED
-CVE-2018-3632
- RESERVED
+CVE-2018-3632 (Memory corruption in Intel Active Management Technology in Intel ...)
+ TODO: check
CVE-2018-3631
RESERVED
CVE-2018-3630
RESERVED
-CVE-2018-3629
- RESERVED
-CVE-2018-3628
- RESERVED
-CVE-2018-3627
- RESERVED
+CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management Technology ...)
+ TODO: check
+CVE-2018-3628 (Buffer overflow in HTTP handler in Intel Active Management Technology ...)
+ TODO: check
+CVE-2018-3627 (Logic bug in Intel Converged Security Management Engine 11.x may allow ...)
+ TODO: check
CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and ...)
NOT-FOR-US: Intel
CVE-2018-3625
@@ -27323,8 +27364,8 @@ CVE-2018-3621
RESERVED
CVE-2018-3620
RESERVED
-CVE-2018-3619
- RESERVED
+CVE-2018-3619 (Information disclosure vulnerability in storage media in systems with ...)
+ TODO: check
CVE-2018-3618
RESERVED
CVE-2018-3617
@@ -35832,8 +35873,8 @@ CVE-2018-0951 (A remote code execution vulnerability exists in the way that the
NOT-FOR-US: Microsoft
CVE-2018-0950 (An information disclosure vulnerability exists when Office renders ...)
NOT-FOR-US: Microsoft
-CVE-2018-0949
- RESERVED
+CVE-2018-0949 (A security feature bypass vulnerability exists when Microsoft Internet ...)
+ TODO: check
CVE-2018-0948
RESERVED
CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint ...)
@@ -72911,8 +72952,8 @@ CVE-2017-5706 (Multiple buffer overflows in kernel in Intel Server Platform Serv
NOT-FOR-US: Intel
CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability Engine ...)
NOT-FOR-US: Intel
-CVE-2017-5704
- RESERVED
+CVE-2017-5704 (Platform sample code firmware included with 4th Gen Intel Core ...)
+ TODO: check
CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel ...)
NOT-FOR-US: Intel
CVE-2017-5702
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34ad66d37db2f6b79f037993b28fe16f82ca853d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34ad66d37db2f6b79f037993b28fe16f82ca853d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180711/8832c142/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list