[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 12 21:10:28 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0d419852 by security tracker role at 2018-06-12T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,79 @@
-CVE-2018-12233 [Slab out of bounds in setxattr]
+CVE-2018-12261 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. All ...)
+ TODO: check
+CVE-2018-12260 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root ...)
+ TODO: check
+CVE-2018-12259 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root ...)
+ TODO: check
+CVE-2018-12258 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom ...)
+ TODO: check
+CVE-2018-12257 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is ...)
+ TODO: check
+CVE-2018-12256
+ RESERVED
+CVE-2018-12255
+ RESERVED
+CVE-2018-12254 (router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for ...)
+ TODO: check
+CVE-2018-12253
+ RESERVED
+CVE-2018-12252
+ RESERVED
+CVE-2018-12251
+ RESERVED
+CVE-2018-12250
+ RESERVED
+CVE-2018-12249 (An issue was discovered in mruby 1.4.1. There is a NULL pointer ...)
+ TODO: check
+CVE-2018-12248 (An issue was discovered in mruby 1.4.1. There is a heap-based buffer ...)
+ TODO: check
+CVE-2018-12247 (An issue was discovered in mruby 1.4.1. There is a NULL pointer ...)
+ TODO: check
+CVE-2018-12246
+ RESERVED
+CVE-2018-12245
+ RESERVED
+CVE-2018-12244
+ RESERVED
+CVE-2018-12243
+ RESERVED
+CVE-2018-12242
+ RESERVED
+CVE-2018-12241
+ RESERVED
+CVE-2018-12240
+ RESERVED
+CVE-2018-12239
+ RESERVED
+CVE-2018-12238
+ RESERVED
+CVE-2018-12237
+ RESERVED
+CVE-2018-12236
+ RESERVED
+CVE-2018-12235
+ RESERVED
+CVE-2018-12234
+ RESERVED
+CVE-2018-12231
+ RESERVED
+CVE-2018-12230
+ RESERVED
+CVE-2018-12229 (Cross-site scripting (XSS) vulnerability in Public Knowledge Project ...)
+ TODO: check
+CVE-2017-18291 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ...)
+ TODO: check
+CVE-2017-18290 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ...)
+ TODO: check
+CVE-2017-18289 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ...)
+ TODO: check
+CVE-2017-18288 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ...)
+ TODO: check
+CVE-2017-18287 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ...)
+ TODO: check
+CVE-2018-12233 (In the ea_get function in fs/jfs/xattr.c in the Linux kernel through ...)
- linux <unfixed>
NOTE: https://lkml.org/lkml/2018/6/2/2
-CVE-2018-12232 [socket: close race condition between sock_close() and sockfs_setattr()]
+CVE-2018-12232 (In net/socket.c in the Linux kernel through 4.17.1, there is a race ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/6d8c50dcb029872b298eea68cc6209c866fd3e14
CVE-2018-12228 (An issue was discovered in Asterisk Open Source 15.x before 15.4.1. ...)
@@ -4262,12 +4334,12 @@ CVE-2018-10511
RESERVED
CVE-2018-10510
RESERVED
-CVE-2018-10509
- RESERVED
-CVE-2018-10508
- RESERVED
-CVE-2018-10507
- RESERVED
+CVE-2018-10509 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow ...)
+ TODO: check
+CVE-2018-10508 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow ...)
+ TODO: check
+CVE-2018-10507 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow ...)
+ TODO: check
CVE-2018-10506 (A out-of-bounds read information disclosure vulnerability in Trend ...)
NOT-FOR-US: Trend Micro
CVE-2018-10505 (A pool corruption privilege escalation vulnerability in Trend Micro ...)
@@ -4336,8 +4408,8 @@ CVE-2018-10474 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: Foxit Reader
CVE-2018-10473 (This vulnerability allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: Foxit Reader
-CVE-2018-10470
- RESERVED
+CVE-2018-10470 (Little Snitch versions 4.0 to 4.0.6 use the ...)
+ TODO: check
CVE-2018-10469 (b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and ...)
NOT-FOR-US: b3log Symphony (aka Sym)
CVE-2018-10468 (The transferFrom function of a smart contract implementation for ...)
@@ -17325,8 +17397,7 @@ CVE-2018-5816
RESERVED
CVE-2018-5815
RESERVED
-CVE-2018-5814
- RESERVED
+CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and ...)
- linux 4.16.12-1
NOTE: https://git.kernel.org/linus/22076557b07c12086eeb16b8ce2b0b735f7a27e7
NOTE: https://git.kernel.org/linus/c171654caa875919be3c533d3518da8be5be966e
@@ -17350,8 +17421,7 @@ CVE-2018-5805
RESERVED
CVE-2018-5804
RESERVED
-CVE-2018-5803 [Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service]
- RESERVED
+CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, ...)
{DSA-4188-1 DSA-4187-1 DLA-1369-1}
- linux 4.15.11-1
NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
@@ -17689,8 +17759,8 @@ CVE-2018-5720 (An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireles
NOT-FOR-US: DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices
CVE-2018-5719
RESERVED
-CVE-2018-5718
- RESERVED
+CVE-2018-5718 (Improper restriction of write operations within the bounds of a memory ...)
+ TODO: check
CVE-2018-5717 (Memory write mechanism in NCR S2 Dispenser controller before firmware ...)
NOT-FOR-US: NCR S2 Dispenser controller
CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This ...)
@@ -26613,16 +26683,16 @@ CVE-2018-2430
RESERVED
CVE-2018-2429
RESERVED
-CVE-2018-2428
- RESERVED
+CVE-2018-2428 (Under certain conditions SAP UI5 Handler allows an attacker to access ...)
+ TODO: check
CVE-2018-2427
RESERVED
CVE-2018-2426
RESERVED
-CVE-2018-2425
- RESERVED
-CVE-2018-2424
- RESERVED
+CVE-2018-2425 (Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA ...)
+ TODO: check
+CVE-2018-2424 (SAP UI5 did not validate user input before adding it to the DOM ...)
+ TODO: check
CVE-2018-2423 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, ...)
NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2422 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, ...)
@@ -30109,8 +30179,8 @@ CVE-2018-1153
RESERVED
CVE-2018-1152
RESERVED
-CVE-2018-1151
- RESERVED
+CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and TV Live ...)
+ TODO: check
CVE-2018-1150
RESERVED
CVE-2018-1149
@@ -30387,8 +30457,8 @@ CVE-2018-1105
RESERVED
CVE-2018-1104 (Ansible Tower through version 3.2.3 has a vulnerability that allows ...)
NOT-FOR-US: Ansible Tower
-CVE-2018-1103
- RESERVED
+CVE-2018-1103 (Openshift Enterprise source-to-image before version 1.1.10 is ...)
+ TODO: check
CVE-2018-1102 (A flaw was found in source-to-image function as shipped with Openshift ...)
NOT-FOR-US: source-to-image in OpenShift
CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management of ...)
@@ -30509,8 +30579,7 @@ CVE-2018-1077 (Spacewalk 2.6 contains an API which has an XXE flaw allowing for
NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2018-1076
RESERVED
-CVE-2018-1075
- RESERVED
+CVE-2018-1075 (ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered ...)
NOT-FOR-US: ovirt-engine
CVE-2018-1074 (ovirt-engine API and administration web portal before versions ...)
NOT-FOR-US: ovirt-engine
@@ -30526,8 +30595,7 @@ CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer .
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531
-CVE-2018-1070
- RESERVED
+CVE-2018-1070 (routing before version 3.10 is vulnerable to an improper input ...)
NOT-FOR-US: OpenShift (Routing configuration)
CVE-2018-1069 (Red Hat OpenShift Enterprise version 3.7 is vulnerable to access ...)
NOT-FOR-US: OpenShift
@@ -32038,15 +32106,14 @@ CVE-2018-0733 (Because of an implementation bug the PA-RISC CRYPTO_memcmp functi
- openssl1.0 <not-affected> (Only affects OpenSSL 1.1.0)
NOTE: Issue specific to HP-UX
NOTE: https://www.openssl.org/news/secadv/20180327.txt
-CVE-2018-0732 [Client DoS due to large DH parameter]
- RESERVED
+CVE-2018-0732 (During key agreement in a TLS handshake using a DH(E) based ...)
- openssl <unfixed> (low)
[stretch] - openssl <postponed> (Minor issue, can be fixed along with next OpenSSL security release)
[jessie] - openssl <postponed> (Minor issue, can be fixed along with next OpenSSL security release)
- openssl1.0 <unfixed> (low)
[stretch] - openssl1.0 <postponed> (Minor issue, can be fixed along with next OpenSSL security release)
- NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
- NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=3984ef0b72831da8b3ece4745cac4f8575b19098
+ NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
+ NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=3984ef0b72831da8b3ece4745cac4f8575b19098
NOTE: https://www.openssl.org/news/secadv/20180612.txt
CVE-2018-0731
RESERVED
@@ -73725,12 +73792,12 @@ CVE-2017-3964 (Reflective Cross-Site Scripting (XSS) vulnerability in the web ..
NOT-FOR-US: McAfee
CVE-2017-3963
REJECTED
-CVE-2017-3962
- RESERVED
+CVE-2017-3962 (Password recovery exploitation vulnerability in the ...)
+ TODO: check
CVE-2017-3961 (Cross-Site Scripting (XSS) vulnerability in the web interface in ...)
NOT-FOR-US: McAfee
-CVE-2017-3960
- RESERVED
+CVE-2017-3960 (Exploitation of Authorization vulnerability in the web interface in ...)
+ TODO: check
CVE-2017-3959
REJECTED
CVE-2017-3958
@@ -205172,8 +205239,8 @@ CVE-2011-4184
RESERVED
CVE-2011-4183
RESERVED
-CVE-2011-4182
- RESERVED
+CVE-2011-4182 (Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise ...)
+ TODO: check
CVE-2011-4181 (A vulnerability in open build service allows remote attackers to gain ...)
- open-build-service <not-affected> (Fixed before initial upload to Debian)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=734003
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d419852e550089443a954ee012ba0fe689f726e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d419852e550089443a954ee012ba0fe689f726e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180612/2baf8398/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list