[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 14 21:10:22 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1e8b16f3 by security tracker role at 2018-06-14T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,131 @@
+CVE-2018-12421 (LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a ...)
+ TODO: check
+CVE-2018-12420
+ RESERVED
+CVE-2018-12419
+ RESERVED
+CVE-2018-12418 (Archive.java in Junrar before 1.0.1, as used in Apache Tika and other ...)
+ TODO: check
+CVE-2018-12417
+ RESERVED
+CVE-2018-12416
+ RESERVED
+CVE-2018-12415
+ RESERVED
+CVE-2018-12414
+ RESERVED
+CVE-2018-12413
+ RESERVED
+CVE-2018-12412
+ RESERVED
+CVE-2018-12411
+ RESERVED
+CVE-2018-12410
+ RESERVED
+CVE-2018-12409
+ RESERVED
+CVE-2018-12408
+ RESERVED
+CVE-2018-12407
+ RESERVED
+CVE-2018-12406
+ RESERVED
+CVE-2018-12405
+ RESERVED
+CVE-2018-12404
+ RESERVED
+CVE-2018-12403
+ RESERVED
+CVE-2018-12402
+ RESERVED
+CVE-2018-12401
+ RESERVED
+CVE-2018-12400
+ RESERVED
+CVE-2018-12399
+ RESERVED
+CVE-2018-12398
+ RESERVED
+CVE-2018-12397
+ RESERVED
+CVE-2018-12396
+ RESERVED
+CVE-2018-12395
+ RESERVED
+CVE-2018-12394
+ RESERVED
+CVE-2018-12393
+ RESERVED
+CVE-2018-12392
+ RESERVED
+CVE-2018-12391
+ RESERVED
+CVE-2018-12390
+ RESERVED
+CVE-2018-12389
+ RESERVED
+CVE-2018-12388
+ RESERVED
+CVE-2018-12387
+ RESERVED
+CVE-2018-12386
+ RESERVED
+CVE-2018-12385
+ RESERVED
+CVE-2018-12384
+ RESERVED
+CVE-2018-12383
+ RESERVED
+CVE-2018-12382
+ RESERVED
+CVE-2018-12381
+ RESERVED
+CVE-2018-12380
+ RESERVED
+CVE-2018-12379
+ RESERVED
+CVE-2018-12378
+ RESERVED
+CVE-2018-12377
+ RESERVED
+CVE-2018-12376
+ RESERVED
+CVE-2018-12375
+ RESERVED
+CVE-2018-12374
+ RESERVED
+CVE-2018-12373
+ RESERVED
+CVE-2018-12372
+ RESERVED
+CVE-2018-12371
+ RESERVED
+CVE-2018-12370
+ RESERVED
+CVE-2018-12369
+ RESERVED
+CVE-2018-12368
+ RESERVED
+CVE-2018-12367
+ RESERVED
+CVE-2018-12366
+ RESERVED
+CVE-2018-12365
+ RESERVED
+CVE-2018-12364
+ RESERVED
+CVE-2018-12363
+ RESERVED
+CVE-2018-12362
+ RESERVED
+CVE-2018-12361
+ RESERVED
+CVE-2018-12360
+ RESERVED
+CVE-2018-12359
+ RESERVED
+CVE-2018-12358
+ RESERVED
CVE-2018-XXXX [unauthorised users can hijack rooms when there is no m.room.power_levels event in force]
- matrix-synapse 0.31.2+dfsg-1 (bug #901549)
NOTE: https://github.com/matrix-org/synapse/pull/3397
@@ -520,8 +648,8 @@ CVE-2018-12116
RESERVED
CVE-2018-12115
RESERVED
-CVE-2018-12114
- RESERVED
+CVE-2018-12114 (Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user ...)
+ TODO: check
CVE-2018-12113
RESERVED
CVE-2018-12112 (md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to ...)
@@ -3728,8 +3856,8 @@ CVE-2018-10823
RESERVED
CVE-2018-10822
RESERVED
-CVE-2018-10821
- RESERVED
+CVE-2018-10821 (Cross-site scripting (XSS) vulnerability in backend/pages/modify.php ...)
+ TODO: check
CVE-2018-10820
RESERVED
CVE-2018-10819
@@ -3750,6 +3878,7 @@ CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses cl
NOT-FOR-US: Bitpie application for Android and iOS
CVE-2018-10811 [Missing Initialization of a Variable in IKEv2 Key Derivation]
RESERVED
+ {DSA-4229-1}
- strongswan 5.6.3-1
NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html
NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-10811).html
@@ -8451,8 +8580,8 @@ CVE-2018-8929
RESERVED
CVE-2018-8928
RESERVED
-CVE-2018-8927
- RESERVED
+CVE-2018-8927 (Improper authorization vulnerability in SYNO.Cal.Event in Calendar ...)
+ TODO: check
CVE-2018-8926 (Permissive regular expression vulnerability in synophoto_dsm_user in ...)
NOT-FOR-US: Synology
CVE-2018-8925 (Cross-site request forgery (CSRF) vulnerability in admin/user.php in ...)
@@ -9992,8 +10121,8 @@ CVE-2018-8269
RESERVED
CVE-2018-8268
RESERVED
-CVE-2018-8267
- RESERVED
+CVE-2018-8267 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
CVE-2018-8266
RESERVED
CVE-2018-8265
@@ -10018,114 +10147,114 @@ CVE-2018-8256
RESERVED
CVE-2018-8255
RESERVED
-CVE-2018-8254
- RESERVED
+CVE-2018-8254 (An elevation of privilege vulnerability exists when Microsoft ...)
+ TODO: check
CVE-2018-8253
RESERVED
-CVE-2018-8252
- RESERVED
-CVE-2018-8251
- RESERVED
+CVE-2018-8252 (An elevation of privilege vulnerability exists when Microsoft ...)
+ TODO: check
+CVE-2018-8251 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ TODO: check
CVE-2018-8250
RESERVED
-CVE-2018-8249
- RESERVED
-CVE-2018-8248
- RESERVED
-CVE-2018-8247
- RESERVED
-CVE-2018-8246
- RESERVED
-CVE-2018-8245
- RESERVED
-CVE-2018-8244
- RESERVED
-CVE-2018-8243
- RESERVED
+CVE-2018-8249 (A remote code execution vulnerability exists when Internet Explorer ...)
+ TODO: check
+CVE-2018-8248 (A remote code execution vulnerability exists in Microsoft Excel ...)
+ TODO: check
+CVE-2018-8247 (An elevation of privilege vulnerability exists when Office Web Apps ...)
+ TODO: check
+CVE-2018-8246 (An information disclosure vulnerability exists when Microsoft Excel ...)
+ TODO: check
+CVE-2018-8245 (An elevation of privilege vulnerability exists when Microsoft ...)
+ TODO: check
+CVE-2018-8244 (An elevation of privilege vulnerability exists when Microsoft Outlook ...)
+ TODO: check
+CVE-2018-8243 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
CVE-2018-8242
RESERVED
CVE-2018-8241
RESERVED
CVE-2018-8240
RESERVED
-CVE-2018-8239
- RESERVED
+CVE-2018-8239 (An information disclosure vulnerability exists when the Windows GDI ...)
+ TODO: check
CVE-2018-8238
RESERVED
CVE-2018-8237
RESERVED
-CVE-2018-8236
- RESERVED
-CVE-2018-8235
- RESERVED
-CVE-2018-8234
- RESERVED
-CVE-2018-8233
- RESERVED
+CVE-2018-8236 (A remote code execution vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8235 (A security feature bypass vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8234 (An information disclosure vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8233 (An elevation of privilege vulnerability exists in Windows when the ...)
+ TODO: check
CVE-2018-8232
RESERVED
-CVE-2018-8231
- RESERVED
+CVE-2018-8231 (A remote code execution vulnerability exists when HTTP Protocol Stack ...)
+ TODO: check
CVE-2018-8230
RESERVED
-CVE-2018-8229
- RESERVED
+CVE-2018-8229 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
CVE-2018-8228
RESERVED
-CVE-2018-8227
- RESERVED
-CVE-2018-8226
- RESERVED
-CVE-2018-8225
- RESERVED
-CVE-2018-8224
- RESERVED
+CVE-2018-8227 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
+CVE-2018-8226 (A denial of service vulnerability exists in the HTTP 2.0 protocol ...)
+ TODO: check
+CVE-2018-8225 (A remote code execution vulnerability exists in Windows Domain Name ...)
+ TODO: check
+CVE-2018-8224 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ TODO: check
CVE-2018-8223
RESERVED
CVE-2018-8222
RESERVED
-CVE-2018-8221
- RESERVED
+CVE-2018-8221 (A security feature bypass vulnerability exists in Device Guard that ...)
+ TODO: check
CVE-2018-8220
RESERVED
-CVE-2018-8219
- RESERVED
-CVE-2018-8218
- RESERVED
-CVE-2018-8217
- RESERVED
-CVE-2018-8216
- RESERVED
-CVE-2018-8215
- RESERVED
-CVE-2018-8214
- RESERVED
-CVE-2018-8213
- RESERVED
-CVE-2018-8212
- RESERVED
-CVE-2018-8211
- RESERVED
-CVE-2018-8210
- RESERVED
-CVE-2018-8209
- RESERVED
-CVE-2018-8208
- RESERVED
-CVE-2018-8207
- RESERVED
+CVE-2018-8219 (An elevation of privilege vulnerability exists when Windows Hyper-V ...)
+ TODO: check
+CVE-2018-8218 (A denial of service vulnerability exists when Microsoft Hyper-V ...)
+ TODO: check
+CVE-2018-8217 (A security feature bypass vulnerability exists in Device Guard that ...)
+ TODO: check
+CVE-2018-8216 (A security feature bypass vulnerability exists in Device Guard that ...)
+ TODO: check
+CVE-2018-8215 (A security feature bypass vulnerability exists in Device Guard that ...)
+ TODO: check
+CVE-2018-8214 (An elevation of privilege vulnerability exists in Windows when Desktop ...)
+ TODO: check
+CVE-2018-8213 (A remote code execution vulnerability exists when Windows improperly ...)
+ TODO: check
+CVE-2018-8212 (A security feature bypass vulnerability exists in Device Guard that ...)
+ TODO: check
+CVE-2018-8211 (A security feature bypass vulnerability exists in Device Guard that ...)
+ TODO: check
+CVE-2018-8210 (A remote code execution vulnerability exists when Windows improperly ...)
+ TODO: check
+CVE-2018-8209 (An information disclosure vulnerability exists when Windows allows a ...)
+ TODO: check
+CVE-2018-8208 (An elevation of privilege vulnerability exists in Windows when Desktop ...)
+ TODO: check
+CVE-2018-8207 (An information disclosure vulnerability exists when the Windows kernel ...)
+ TODO: check
CVE-2018-8206
RESERVED
-CVE-2018-8205
- RESERVED
+CVE-2018-8205 (A denial of service vulnerability exists when Windows improperly ...)
+ TODO: check
CVE-2018-8204
RESERVED
CVE-2018-8203
RESERVED
CVE-2018-8202
RESERVED
-CVE-2018-8201
- RESERVED
+CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard that ...)
+ TODO: check
CVE-2018-8200
RESERVED
CVE-2018-8199
@@ -10176,8 +10305,8 @@ CVE-2018-8177 (A remote code execution vulnerability exists in the way that the
NOT-FOR-US: Microsoft
CVE-2018-8176 (A remote code execution vulnerability exists in Microsoft PowerPoint ...)
NOT-FOR-US: Microsoft
-CVE-2018-8175
- RESERVED
+CVE-2018-8175 (An denial of service vulnerability exists when Windows NT WEBDAV ...)
+ TODO: check
CVE-2018-8174 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft InfoPath ...)
@@ -10188,8 +10317,8 @@ CVE-2018-8171
RESERVED
CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
-CVE-2018-8169
- RESERVED
+CVE-2018-8169 (An elevation of privilege vulnerability exists when the (Human ...)
+ TODO: check
CVE-2018-8168 (An elevation of privilege vulnerability exists when Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2018-8167 (An elevation of privilege vulnerability exists when the Windows Common ...)
@@ -10246,8 +10375,8 @@ CVE-2018-8142 (A security feature bypass exists when Windows incorrectly validat
NOT-FOR-US: Microsoft
CVE-2018-8141 (An information disclosure vulnerability exists when the Windows kernel ...)
NOT-FOR-US: Microsoft
-CVE-2018-8140
- RESERVED
+CVE-2018-8140 (An Elevation of Privilege vulnerability exists when Cortana retrieves ...)
+ TODO: check
CVE-2018-8139 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
CVE-2018-8138
@@ -10284,8 +10413,8 @@ CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft Edg
NOT-FOR-US: Microsoft
CVE-2018-8122 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
-CVE-2018-8121
- RESERVED
+CVE-2018-8121 (An information disclosure vulnerability exists when the Windows kernel ...)
+ TODO: check
CVE-2018-8120 (An elevation of privilege vulnerability exists in Windows when the ...)
NOT-FOR-US: Microsoft
CVE-2018-8119 (A spoofing vulnerability exists when the Azure IoT Device Provisioning ...)
@@ -10300,14 +10429,14 @@ CVE-2018-8115 (A remote code execution vulnerability exists when the Windows Hos
NOT-FOR-US: Microsoft
CVE-2018-8114 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
-CVE-2018-8113
- RESERVED
+CVE-2018-8113 (A security feature bypass vulnerability exists in Internet Explorer ...)
+ TODO: check
CVE-2018-8112 (A security feature bypass vulnerability exists when Microsoft Edge ...)
NOT-FOR-US: Microsoft
-CVE-2018-8111
- RESERVED
-CVE-2018-8110
- RESERVED
+CVE-2018-8111 (A remote code execution vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2018-8110 (A remote code execution vulnerability exists when Microsoft Edge ...)
+ TODO: check
CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect Access Control ...)
{DLA-1331-1}
- mercurial 4.5.2-1 (bug #892964)
@@ -18752,6 +18881,7 @@ CVE-2018-5390
CVE-2018-5389
RESERVED
CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet length ...)
+ {DSA-4229-1}
- strongswan 5.6.3-1
[stretch] - strongswan <no-dsa> (needs root priv for access to the stroke socket)
[jessie] - strongswan <no-dsa> (needs root priv for access to the stroke socket)
@@ -20410,8 +20540,8 @@ CVE-2018-4850 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) C
NOT-FOR-US: SIMATIC
CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video for ...)
NOT-FOR-US: Siveillance VMS Video
-CVE-2018-4848
- RESERVED
+CVE-2018-4848 (A vulnerability has been identified in SCALANCE X-200 IRT (All ...)
+ TODO: check
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS ...)
NOT-FOR-US: SIMATIC WinCC OA Operator iOS App
CVE-2018-4846
@@ -20422,8 +20552,8 @@ CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for An
NOT-FOR-US: SIMATIC
CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All ...)
NOT-FOR-US: SIMATIC
-CVE-2018-4842
- RESERVED
+CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200 IRT (All ...)
+ TODO: check
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions < ...)
NOT-FOR-US: TIM
CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...)
@@ -20440,8 +20570,8 @@ CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic &
NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers ...)
NOT-FOR-US: Desigo
-CVE-2018-4833
- RESERVED
+CVE-2018-4833 (A vulnerability has been identified in RFID 181-EIP (All versions), ...)
+ TODO: check
CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All ...)
NOT-FOR-US: Siemens
CVE-2018-4831
@@ -31159,8 +31289,8 @@ CVE-2017-17311
RESERVED
CVE-2017-17310 (Electronic Numbers to URI Mapping (ENUM) module in some Huawei ...)
NOT-FOR-US: Huawei
-CVE-2017-17309
- RESERVED
+CVE-2017-17309 (Huawei HG255s-10 V100R001C163B025SP02 has a path traversal ...)
+ TODO: check
CVE-2017-17308 (SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, ...)
NOT-FOR-US: Huawei
CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an ...)
@@ -31431,10 +31561,10 @@ CVE-2017-17175
RESERVED
CVE-2017-17174
RESERVED
-CVE-2017-17173
- RESERVED
-CVE-2017-17172
- RESERVED
+CVE-2017-17173 (Due to insufficient parameters verification GPU driver of Mate 9 Pro ...)
+ TODO: check
+CVE-2017-17172 (Huawei smart phones LYO-L21 with software LYO-L21C479B107, ...)
+ TODO: check
CVE-2017-17171 (Some Huawei smart phones have the denial of service (DoS) ...)
NOT-FOR-US: Huawei
CVE-2017-17170 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...)
@@ -31634,16 +31764,16 @@ CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open Source
- asterisk 1:13.18.3~dfsg-1 (bug #883342)
NOTE: http://downloads.digium.com/pub/security/AST-2017-013.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27452
-CVE-2018-1040
- RESERVED
+CVE-2018-1040 (A denial of service vulnerability exists in the way that the Windows ...)
+ TODO: check
CVE-2018-1039 (A security feature bypass vulnerability exists in .Net Framework which ...)
NOT-FOR-US: Microsoft
CVE-2018-1038 (The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 ...)
NOT-FOR-US: Microsoft
CVE-2018-1037 (An information disclosure vulnerability exists when Visual Studio ...)
NOT-FOR-US: Microsoft
-CVE-2018-1036
- RESERVED
+CVE-2018-1036 (An elevation of privilege vulnerability exists when NTFS improperly ...)
+ TODO: check
CVE-2018-1035 (A security feature bypass vulnerability exists in Windows which could ...)
NOT-FOR-US: Microsoft
CVE-2018-1034 (An elevation of privilege vulnerability exists when Microsoft ...)
@@ -31750,16 +31880,16 @@ CVE-2018-0984
RESERVED
CVE-2018-0983 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and ...)
NOT-FOR-US: Microsoft
-CVE-2018-0982
- RESERVED
+CVE-2018-0982 (An elevation of privilege vulnerability exists in the way that the ...)
+ TODO: check
CVE-2018-0981 (An information disclosure vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
CVE-2018-0980 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
CVE-2018-0979 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
-CVE-2018-0978
- RESERVED
+CVE-2018-0978 (A remote code execution vulnerability exists when Internet Explorer ...)
+ TODO: check
CVE-2018-0977 (The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, ...)
NOT-FOR-US: Microsoft
CVE-2018-0976 (A denial of service vulnerability exists in Remote Desktop Protocol ...)
@@ -31972,8 +32102,8 @@ CVE-2018-0873 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607,
NOT-FOR-US: Microsoft
CVE-2018-0872 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
NOT-FOR-US: Microsoft
-CVE-2018-0871
- RESERVED
+CVE-2018-0871 (An information disclosure vulnerability exists when Edge improperly ...)
+ TODO: check
CVE-2018-0870 (A remote code execution vulnerability exists when Internet Explorer ...)
NOT-FOR-US: Microsoft
CVE-2018-0869 (SharePoint Server 2016 allows an elevation of privilege vulnerability ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e8b16f316ffa7539156e1641f37dee5bd250a39
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e8b16f316ffa7539156e1641f37dee5bd250a39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180614/f2a84115/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list