[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jul 11 09:10:30 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34ad66d3 by security tracker role at 2018-07-11T08:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,46 @@
-CVE-2018-13863 [Regular expression denial of service in decimal128.js]
+CVE-2018-13879 (A reflected XSS issue was discovered in the registration form in ...)
+	TODO: check
+CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js ...)
+	TODO: check
+CVE-2018-13877
+	RESERVED
+CVE-2018-13876 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+	TODO: check
+CVE-2018-13875 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ...)
+	TODO: check
+CVE-2018-13874 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+	TODO: check
+CVE-2018-13873 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+	TODO: check
+CVE-2018-13872 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+	TODO: check
+CVE-2018-13871 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+	TODO: check
+CVE-2018-13870 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+	TODO: check
+CVE-2018-13869 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+	TODO: check
+CVE-2018-13868 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+	TODO: check
+CVE-2018-13867 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ...)
+	TODO: check
+CVE-2018-13866 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
+	TODO: check
+CVE-2018-13865 (An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the ...)
+	TODO: check
+CVE-2018-13864
+	RESERVED
+CVE-2018-13862
+	RESERVED
+CVE-2018-13861
+	RESERVED
+CVE-2018-13860
+	RESERVED
+CVE-2018-13859
+	RESERVED
+CVE-2018-13858
+	RESERVED
+CVE-2018-13863 (The MongoDB bson JavaScript module (also known as js-bson) versions ...)
 	- node-bson <itp> (bug #897282)
 	NOTE: https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a
 CVE-2018-13857
@@ -13709,8 +13751,8 @@ CVE-2018-8358
 	RESERVED
 CVE-2018-8357
 	RESERVED
-CVE-2018-8356
-	RESERVED
+CVE-2018-8356 (A security feature bypass vulnerability exists when Microsoft .NET ...)
+	TODO: check
 CVE-2018-8355
 	RESERVED
 CVE-2018-8354
@@ -13767,24 +13809,24 @@ CVE-2018-8329
 	RESERVED
 CVE-2018-8328
 	RESERVED
-CVE-2018-8327
-	RESERVED
-CVE-2018-8326
-	RESERVED
-CVE-2018-8325
-	RESERVED
-CVE-2018-8324
-	RESERVED
-CVE-2018-8323
-	RESERVED
+CVE-2018-8327 (A remote code execution vulnerability exists in PowerShell Editor ...)
+	TODO: check
+CVE-2018-8326 (A cross-site-scripting (XSS) vulnerability exists when an open source ...)
+	TODO: check
+CVE-2018-8325 (An information disclosure vulnerability exists when Microsoft Edge ...)
+	TODO: check
+CVE-2018-8324 (An information disclosure vulnerability exists when Microsoft Edge ...)
+	TODO: check
+CVE-2018-8323 (An elevation of privilege vulnerability exists when Microsoft ...)
+	TODO: check
 CVE-2018-8322
 	RESERVED
 CVE-2018-8321
 	RESERVED
 CVE-2018-8320
 	RESERVED
-CVE-2018-8319
-	RESERVED
+CVE-2018-8319 (A Security Feature Bypass vulnerability exists in MSR JavaScript ...)
+	TODO: check
 CVE-2018-8318
 	RESERVED
 CVE-2018-8317
@@ -13793,88 +13835,88 @@ CVE-2018-8316
 	RESERVED
 CVE-2018-8315
 	RESERVED
-CVE-2018-8314
-	RESERVED
-CVE-2018-8313
-	RESERVED
-CVE-2018-8312
-	RESERVED
-CVE-2018-8311
-	RESERVED
-CVE-2018-8310
-	RESERVED
-CVE-2018-8309
-	RESERVED
-CVE-2018-8308
-	RESERVED
-CVE-2018-8307
-	RESERVED
-CVE-2018-8306
-	RESERVED
-CVE-2018-8305
-	RESERVED
-CVE-2018-8304
-	RESERVED
+CVE-2018-8314 (An elevation of privilege vulnerability exists when Windows fails a ...)
+	TODO: check
+CVE-2018-8313 (An elevation of privilege vulnerability exists in the way that the ...)
+	TODO: check
+CVE-2018-8312 (A remote code execution vulnerability exists when Microsoft Access ...)
+	TODO: check
+CVE-2018-8311 (A remote code execution vulnerability exists when Skype for Business ...)
+	TODO: check
+CVE-2018-8310 (A tampering vulnerability exists when Microsoft Outlook does not ...)
+	TODO: check
+CVE-2018-8309 (A denial of service vulnerability exists when Windows improperly ...)
+	TODO: check
+CVE-2018-8308 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+	TODO: check
+CVE-2018-8307 (A security feature bypass vulnerability exists when Microsoft WordPad ...)
+	TODO: check
+CVE-2018-8306 (A command injection vulnerability exists in the Microsoft Wireless ...)
+	TODO: check
+CVE-2018-8305 (An information disclosure vulnerability exists in Windows Mail Client ...)
+	TODO: check
+CVE-2018-8304 (A denial of service vulnerability exists in Windows Domain Name System ...)
+	TODO: check
 CVE-2018-8303
 	RESERVED
 CVE-2018-8302
 	RESERVED
-CVE-2018-8301
-	RESERVED
-CVE-2018-8300
-	RESERVED
-CVE-2018-8299
-	RESERVED
-CVE-2018-8298
-	RESERVED
-CVE-2018-8297
-	RESERVED
-CVE-2018-8296
-	RESERVED
+CVE-2018-8301 (A remote code execution vulnerability exists when Microsoft Edge ...)
+	TODO: check
+CVE-2018-8300 (A remote code execution vulnerability exists in Microsoft SharePoint ...)
+	TODO: check
+CVE-2018-8299 (An elevation of privilege vulnerability exists when Microsoft ...)
+	TODO: check
+CVE-2018-8298 (A remote code execution vulnerability exists in the way that the ...)
+	TODO: check
+CVE-2018-8297 (An information disclosure vulnerability exists when Microsoft Edge ...)
+	TODO: check
+CVE-2018-8296 (A remote code execution vulnerability exists in the way that the ...)
+	TODO: check
 CVE-2018-8295
 	RESERVED
-CVE-2018-8294
-	RESERVED
+CVE-2018-8294 (A remote code execution vulnerability exists in the way that the ...)
+	TODO: check
 CVE-2018-8293
 	RESERVED
 CVE-2018-8292
 	RESERVED
-CVE-2018-8291
-	RESERVED
-CVE-2018-8290
-	RESERVED
-CVE-2018-8289
-	RESERVED
-CVE-2018-8288
-	RESERVED
-CVE-2018-8287
-	RESERVED
-CVE-2018-8286
-	RESERVED
+CVE-2018-8291 (A remote code execution vulnerability exists in the way the scripting ...)
+	TODO: check
+CVE-2018-8290 (A remote code execution vulnerability exists in the way that the ...)
+	TODO: check
+CVE-2018-8289 (An information disclosure vulnerability exists when Microsoft Edge ...)
+	TODO: check
+CVE-2018-8288 (A remote code execution vulnerability exists in the way the scripting ...)
+	TODO: check
+CVE-2018-8287 (A remote code execution vulnerability exists in the way the scripting ...)
+	TODO: check
+CVE-2018-8286 (A remote code execution vulnerability exists in the way that the ...)
+	TODO: check
 CVE-2018-8285
 	RESERVED
-CVE-2018-8284
-	RESERVED
-CVE-2018-8283
-	RESERVED
-CVE-2018-8282
-	RESERVED
-CVE-2018-8281
-	RESERVED
-CVE-2018-8280
-	RESERVED
-CVE-2018-8279
-	RESERVED
-CVE-2018-8278
-	RESERVED
+CVE-2018-8284 (A remote code execution vulnerability exists when the Microsoft .NET ...)
+	TODO: check
+CVE-2018-8283 (A remote code execution vulnerability exists in the way that the ...)
+	TODO: check
+CVE-2018-8282 (An elevation of privilege vulnerability exists in Windows when the ...)
+	TODO: check
+CVE-2018-8281 (A remote code execution vulnerability exists in Microsoft Office ...)
+	TODO: check
+CVE-2018-8280 (A remote code execution vulnerability exists in the way that the ...)
+	TODO: check
+CVE-2018-8279 (A remote code execution vulnerability exists when Microsoft Edge ...)
+	TODO: check
+CVE-2018-8278 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
+	TODO: check
 CVE-2018-8277
 	RESERVED
-CVE-2018-8276
-	RESERVED
-CVE-2018-8275
-	RESERVED
-CVE-2018-8274
-	RESERVED
+CVE-2018-8276 (A security feature bypass vulnerability exists in the Microsoft Chakra ...)
+	TODO: check
+CVE-2018-8275 (A remote code execution vulnerability exists when Microsoft Edge ...)
+	TODO: check
+CVE-2018-8274 (A remote code execution vulnerability exists when Microsoft Edge ...)
+	TODO: check
 CVE-2018-8273
 	RESERVED
 CVE-2018-8272
@@ -13897,12 +13939,12 @@ CVE-2018-8264
 	RESERVED
 CVE-2018-8263
 	RESERVED
-CVE-2018-8262
-	RESERVED
+CVE-2018-8262 (A remote code execution vulnerability exists when Microsoft Edge ...)
+	TODO: check
 CVE-2018-8261
 	RESERVED
-CVE-2018-8260
-	RESERVED
+CVE-2018-8260 (A Remote Code Execution vulnerability exists in .NET software when the ...)
+	TODO: check
 CVE-2018-8259
 	RESERVED
 CVE-2018-8258
@@ -13937,16 +13979,16 @@ CVE-2018-8244 (An elevation of privilege vulnerability exists when Microsoft Out
 	NOT-FOR-US: Microsoft
 CVE-2018-8243 (A remote code execution vulnerability exists in the way that the ...)
 	NOT-FOR-US: Microsoft
-CVE-2018-8242
-	RESERVED
+CVE-2018-8242 (A remote code execution vulnerability exists in the way that the ...)
+	TODO: check
 CVE-2018-8241
 	RESERVED
 CVE-2018-8240
 	RESERVED
 CVE-2018-8239 (An information disclosure vulnerability exists when the Windows GDI ...)
 	NOT-FOR-US: Microsoft
-CVE-2018-8238
-	RESERVED
+CVE-2018-8238 (A security feature bypass vulnerability exists when Skype for Business ...)
+	TODO: check
 CVE-2018-8237
 	RESERVED
 CVE-2018-8236 (A remote code execution vulnerability exists when Microsoft Edge ...)
@@ -13957,8 +13999,8 @@ CVE-2018-8234 (An information disclosure vulnerability exists when Microsoft Edg
 	NOT-FOR-US: Microsoft
 CVE-2018-8233 (An elevation of privilege vulnerability exists in Windows when the ...)
 	NOT-FOR-US: Microsoft
-CVE-2018-8232
-	RESERVED
+CVE-2018-8232 (A Tampering vulnerability exists when Microsoft Macro Assembler ...)
+	TODO: check
 CVE-2018-8231 (A remote code execution vulnerability exists when HTTP Protocol Stack ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8230
@@ -13977,8 +14019,8 @@ CVE-2018-8224 (An elevation of privilege vulnerability exists when the Windows k
 	NOT-FOR-US: Microsoft
 CVE-2018-8223
 	RESERVED
-CVE-2018-8222
-	RESERVED
+CVE-2018-8222 (A security feature bypass vulnerability exists in Device Guard that ...)
+	TODO: check
 CVE-2018-8221 (A security feature bypass vulnerability exists in Device Guard that ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8220
@@ -14009,16 +14051,16 @@ CVE-2018-8208 (An elevation of privilege vulnerability exists in Windows when De
 	NOT-FOR-US: Microsoft
 CVE-2018-8207 (An information disclosure vulnerability exists when the Windows kernel ...)
 	NOT-FOR-US: Microsoft
-CVE-2018-8206
-	RESERVED
+CVE-2018-8206 (A denial of service vulnerability exists when Windows improperly ...)
+	TODO: check
 CVE-2018-8205 (A denial of service vulnerability exists when Windows improperly ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8204
 	RESERVED
 CVE-2018-8203
 	RESERVED
-CVE-2018-8202
-	RESERVED
+CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET Framework which ...)
+	TODO: check
 CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard that ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8200
@@ -14077,10 +14119,10 @@ CVE-2018-8174 (A remote code execution vulnerability exists in the way that the 
 	NOT-FOR-US: Microsoft
 CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft InfoPath ...)
 	NOT-FOR-US: Microsoft
-CVE-2018-8172
-	RESERVED
-CVE-2018-8171
-	RESERVED
+CVE-2018-8172 (A remote code execution vulnerability exists in Visual Studio software ...)
+	TODO: check
+CVE-2018-8171 (A Security Feature Bypass vulnerability exists in ASP.NET when the ...)
+	TODO: check
 CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that the ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8169 (An elevation of privilege vulnerability exists when the (Human ...)
@@ -14171,8 +14213,8 @@ CVE-2018-8127 (An information disclosure vulnerability exists when the Windows k
 	NOT-FOR-US: Microsoft
 CVE-2018-8126 (A security feature bypass vulnerability exists when Internet Explorer ...)
 	NOT-FOR-US: Microsoft
-CVE-2018-8125
-	RESERVED
+CVE-2018-8125 (A remote code execution vulnerability exists when Microsoft Edge ...)
+	TODO: check
 CVE-2018-8124 (An elevation of privilege vulnerability exists in Windows when the ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft Edge ...)
@@ -27156,8 +27198,7 @@ CVE-2018-3695
 	RESERVED
 CVE-2018-3694
 	RESERVED
-CVE-2018-3693 [speculative bounds check bypass store]
-	RESERVED
+CVE-2018-3693 (Systems with microprocessors utilizing speculative execution and ...)
 	- linux <unfixed>
 	NOTE: https://access.redhat.com/solutions/3523601
 	NOTE: https://01.org/security/advisories/intel-oss-10002
@@ -27169,20 +27210,20 @@ CVE-2018-3690
 	RESERVED
 CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform Software ...)
 	NOT-FOR-US: Intel
-CVE-2018-3688
-	RESERVED
-CVE-2018-3687
-	RESERVED
+CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and Tools in ...)
+	TODO: check
+CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools in ...)
+	TODO: check
 CVE-2018-3686
 	RESERVED
 CVE-2018-3685
 	RESERVED
-CVE-2018-3684
-	RESERVED
-CVE-2018-3683
-	RESERVED
-CVE-2018-3682
-	RESERVED
+CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 ...)
+	TODO: check
+CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 ...)
+	TODO: check
+CVE-2018-3682 (BMC Firmware in Intel server boards, compute modules, and systems ...)
+	TODO: check
 CVE-2018-3681
 	RESERVED
 CVE-2018-3680
@@ -27209,10 +27250,10 @@ CVE-2018-3670
 	RESERVED
 CVE-2018-3669
 	RESERVED
-CVE-2018-3668
-	RESERVED
-CVE-2018-3667
-	RESERVED
+CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) ...)
+	TODO: check
+CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets ...)
+	TODO: check
 CVE-2018-3666
 	RESERVED
 CVE-2018-3665 (System software utilizing Lazy FP state restore technique on systems ...)
@@ -27247,8 +27288,8 @@ CVE-2018-3654
 	RESERVED
 CVE-2018-3653
 	RESERVED
-CVE-2018-3652
-	RESERVED
+CVE-2018-3652 (Existing UEFI setting restrictions for DCI (Direct Connect Interface) ...)
+	TODO: check
 CVE-2018-3651
 	RESERVED
 CVE-2018-3650
@@ -27297,18 +27338,18 @@ CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connec
 	NOT-FOR-US: Intel
 CVE-2018-3633
 	RESERVED
-CVE-2018-3632
-	RESERVED
+CVE-2018-3632 (Memory corruption in Intel Active Management Technology in Intel ...)
+	TODO: check
 CVE-2018-3631
 	RESERVED
 CVE-2018-3630
 	RESERVED
-CVE-2018-3629
-	RESERVED
-CVE-2018-3628
-	RESERVED
-CVE-2018-3627
-	RESERVED
+CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management Technology ...)
+	TODO: check
+CVE-2018-3628 (Buffer overflow in HTTP handler in Intel Active Management Technology ...)
+	TODO: check
+CVE-2018-3627 (Logic bug in Intel Converged Security Management Engine 11.x may allow ...)
+	TODO: check
 CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and ...)
 	NOT-FOR-US: Intel
 CVE-2018-3625
@@ -27323,8 +27364,8 @@ CVE-2018-3621
 	RESERVED
 CVE-2018-3620
 	RESERVED
-CVE-2018-3619
-	RESERVED
+CVE-2018-3619 (Information disclosure vulnerability in storage media in systems with ...)
+	TODO: check
 CVE-2018-3618
 	RESERVED
 CVE-2018-3617
@@ -35832,8 +35873,8 @@ CVE-2018-0951 (A remote code execution vulnerability exists in the way that the 
 	NOT-FOR-US: Microsoft
 CVE-2018-0950 (An information disclosure vulnerability exists when Office renders ...)
 	NOT-FOR-US: Microsoft
-CVE-2018-0949
-	RESERVED
+CVE-2018-0949 (A security feature bypass vulnerability exists when Microsoft Internet ...)
+	TODO: check
 CVE-2018-0948
 	RESERVED
 CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint ...)
@@ -72911,8 +72952,8 @@ CVE-2017-5706 (Multiple buffer overflows in kernel in Intel Server Platform Serv
 	NOT-FOR-US: Intel
 CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability Engine ...)
 	NOT-FOR-US: Intel
-CVE-2017-5704
-	RESERVED
+CVE-2017-5704 (Platform sample code firmware included with 4th Gen Intel Core ...)
+	TODO: check
 CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel ...)
 	NOT-FOR-US: Intel
 CVE-2017-5702



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34ad66d37db2f6b79f037993b28fe16f82ca853d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34ad66d37db2f6b79f037993b28fe16f82ca853d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180711/8832c142/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list