[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 15 21:10:31 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f28d2d46 by security tracker role at 2018-06-15T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,219 @@
+CVE-2018-12498 (spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id ...)
+ TODO: check
+CVE-2018-12497
+ RESERVED
+CVE-2018-12496
+ RESERVED
+CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT ...)
+ TODO: check
+CVE-2018-12494 (An issue discovered in PublicCMS V4.0.20180210. There is a "Directory ...)
+ TODO: check
+CVE-2018-12493 (An issue discovered in PublicCMS V4.0.20180210. There is a "Directory ...)
+ TODO: check
+CVE-2018-12492 (PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the ...)
+ TODO: check
+CVE-2018-12491 (PHPOK 4.9.032 has an arbitrary file upload vulnerability in the ...)
+ TODO: check
+CVE-2018-12490
+ RESERVED
+CVE-2018-12489
+ RESERVED
+CVE-2018-12488
+ RESERVED
+CVE-2018-12487
+ RESERVED
+CVE-2018-12486
+ RESERVED
+CVE-2018-12485
+ RESERVED
+CVE-2018-12484
+ RESERVED
+CVE-2018-12483
+ RESERVED
+CVE-2018-12482
+ RESERVED
+CVE-2018-12481 (The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive ...)
+ TODO: check
+CVE-2018-12480
+ RESERVED
+CVE-2018-12479
+ RESERVED
+CVE-2018-12478
+ RESERVED
+CVE-2018-12477
+ RESERVED
+CVE-2018-12476
+ RESERVED
+CVE-2018-12475
+ RESERVED
+CVE-2018-12474
+ RESERVED
+CVE-2018-12473
+ RESERVED
+CVE-2018-12472
+ RESERVED
+CVE-2018-12471
+ RESERVED
+CVE-2018-12470
+ RESERVED
+CVE-2018-12469
+ RESERVED
+CVE-2018-12468
+ RESERVED
+CVE-2018-12467
+ RESERVED
+CVE-2018-12466
+ RESERVED
+CVE-2018-12465
+ RESERVED
+CVE-2018-12464
+ RESERVED
+CVE-2018-12463
+ RESERVED
+CVE-2018-12462
+ RESERVED
+CVE-2018-12461
+ RESERVED
+CVE-2018-12460 (libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the ...)
+ TODO: check
+CVE-2018-12459 (An inconsistent bits-per-sample value in the ...)
+ TODO: check
+CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function in ...)
+ TODO: check
+CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an admin ...)
+ TODO: check
+CVE-2018-12456
+ RESERVED
+CVE-2018-12455
+ RESERVED
+CVE-2018-12454
+ RESERVED
+CVE-2018-12453
+ RESERVED
+CVE-2018-12452
+ RESERVED
+CVE-2018-12451
+ RESERVED
+CVE-2018-12450
+ RESERVED
+CVE-2018-12449
+ RESERVED
+CVE-2018-12448
+ RESERVED
+CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...)
+ TODO: check
+CVE-2018-12446
+ RESERVED
+CVE-2018-12445
+ RESERVED
+CVE-2018-12444
+ RESERVED
+CVE-2018-12443
+ RESERVED
+CVE-2018-12442
+ RESERVED
+CVE-2018-12441
+ RESERVED
+CVE-2017-18341
+ RESERVED
+CVE-2017-18340
+ RESERVED
+CVE-2017-18339
+ RESERVED
+CVE-2017-18338
+ RESERVED
+CVE-2017-18337
+ RESERVED
+CVE-2017-18336
+ RESERVED
+CVE-2017-18335
+ RESERVED
+CVE-2017-18334
+ RESERVED
+CVE-2017-18333
+ RESERVED
+CVE-2017-18332
+ RESERVED
+CVE-2017-18331
+ RESERVED
+CVE-2017-18330
+ RESERVED
+CVE-2017-18329
+ RESERVED
+CVE-2017-18328
+ RESERVED
+CVE-2017-18327
+ RESERVED
+CVE-2017-18326
+ RESERVED
+CVE-2017-18325
+ RESERVED
+CVE-2017-18324
+ RESERVED
+CVE-2017-18323
+ RESERVED
+CVE-2017-18322
+ RESERVED
+CVE-2017-18321
+ RESERVED
+CVE-2017-18320
+ RESERVED
+CVE-2017-18319
+ RESERVED
+CVE-2017-18318
+ RESERVED
+CVE-2017-18317
+ RESERVED
+CVE-2017-18316
+ RESERVED
+CVE-2017-18315
+ RESERVED
+CVE-2017-18314
+ RESERVED
+CVE-2017-18313
+ RESERVED
+CVE-2017-18312
+ RESERVED
+CVE-2017-18311
+ RESERVED
+CVE-2017-18310
+ RESERVED
+CVE-2017-18309
+ RESERVED
+CVE-2017-18308
+ RESERVED
+CVE-2017-18307
+ RESERVED
+CVE-2017-18306
+ RESERVED
+CVE-2017-18305
+ RESERVED
+CVE-2017-18304
+ RESERVED
+CVE-2017-18303
+ RESERVED
+CVE-2017-18302
+ RESERVED
+CVE-2017-18301
+ RESERVED
+CVE-2017-18300
+ RESERVED
+CVE-2017-18299
+ RESERVED
+CVE-2017-18298
+ RESERVED
+CVE-2017-18297
+ RESERVED
+CVE-2017-18296
+ RESERVED
+CVE-2017-18295
+ RESERVED
+CVE-2017-18294
+ RESERVED
+CVE-2017-18293
+ RESERVED
+CVE-2017-18292
+ RESERVED
CVE-2018-12440 (BoringSSL through 2018-06-14 allows a memory-cache side-channel attack ...)
- boringssl <itp> (bug #823933)
CVE-2018-12439 (MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack ...)
@@ -10,7 +226,7 @@ CVE-2018-12436 (wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a ...)
- wolfssl <unfixed> (bug #901627)
NOTE: https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca
NOTE: https://www.wolfssl.com/wolfssh-and-rohnp/
-CVE-2018-12435 (Botan through 2.6.0 allows a memory-cache side-channel attack on ECDSA ...)
+CVE-2018-12435 (Botan 2.5.0 through 2.6.0 allows a memory-cache side-channel attack on ...)
- botan <unfixed> (bug #901619)
- botan1.10 <not-affected> (Issue introduced in 2.5.0)
NOTE: https://github.com/randombit/botan/pull/1604
@@ -37,8 +253,8 @@ CVE-2018-12425
RESERVED
CVE-2018-12424
RESERVED
-CVE-2018-12422
- RESERVED
+CVE-2018-12422 (addressbook/backends/ldap/e-book-backend-ldap.c in ...)
+ TODO: check
CVE-2018-12421 (LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a ...)
NOT-FOR-US: LTB Self Service Password
CVE-2018-12420 (IceHrm before 23.0.1.OS has a risky usage of a hashed password in a ...)
@@ -859,9 +1075,9 @@ CVE-2018-XXXX [OVE-20180430-0001: mpatch: be more careful about parsing binary p
- mercurial 4.6.1-1 (bug #901050)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
-CVE-2018-12049 (A remote attacker can bypass the System Manager Mode on the Canon ...)
+CVE-2018-12049 (** DISPUTED ** A remote attacker can bypass the System Manager Mode on ...)
NOT-FOR-US: Canon
-CVE-2018-12048 (A remote attacker can bypass the Management Mode on the Canon LBP7110Cw ...)
+CVE-2018-12048 (** DISPUTED ** A remote attacker can bypass the Management Mode on the ...)
NOT-FOR-US: Canon
CVE-2018-12047 (xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters ...)
NOT-FOR-US: Ximdex
@@ -888,18 +1104,18 @@ CVE-2018-12037
RESERVED
CVE-2018-12036 (OWASP Dependency-Check before 3.2.0 allows attackers to write to ...)
NOT-FOR-US: OWASP Dependency-Check
-CVE-2018-12035
- RESERVED
-CVE-2018-12034
- RESERVED
+CVE-2018-12035 (In YARA 3.7.1 and prior, parsing a specially crafted compiled rule ...)
+ TODO: check
+CVE-2018-12034 (In YARA 3.7.1 and prior, parsing a specially crafted compiled rule ...)
+ TODO: check
CVE-2018-12033
RESERVED
CVE-2018-12032
RESERVED
CVE-2018-12031 (Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an ...)
NOT-FOR-US: Eaton Intelligent Power Manager
-CVE-2018-12030
- RESERVED
+CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
+ TODO: check
CVE-2018-12029
RESERVED
CVE-2018-12028
@@ -1656,7 +1872,7 @@ CVE-2018-11712 (WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in
NOTE: https://trac.webkit.org/changeset/230886/webkit
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
-CVE-2018-11711 (A remote attacker can bypass the System Manager Mode on the Canon MF210 ...)
+CVE-2018-11711 (** DISPUTED ** A remote attacker can bypass the System Manager Mode on ...)
NOT-FOR-US: Canon MF210 and MF220 web interface
CVE-2018-11710 (soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers ...)
- libopenmpt 0.3.9-1
@@ -1728,7 +1944,7 @@ CVE-2018-11693 (An issue was discovered in LibSaas through 3.5.4. An out-of-boun
- libsass <unfixed>
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2661
-CVE-2018-11692 (An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and ...)
+CVE-2018-11692 (** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, ...)
NOT-FOR-US: Canon devices
CVE-2018-11691
RESERVED
@@ -14866,10 +15082,10 @@ CVE-2018-6674 (Privilege Escalation vulnerability in Microsoft Windows client in
NOT-FOR-US: McAfee
CVE-2018-6673
RESERVED
-CVE-2018-6672
- RESERVED
-CVE-2018-6671
- RESERVED
+CVE-2018-6672 (Information disclosure vulnerability in McAfee ePolicy Orchestrator ...)
+ TODO: check
+CVE-2018-6671 (Application Protection Bypass vulnerability in McAfee ePolicy ...)
+ TODO: check
CVE-2018-6670 (External Entity Attack vulnerability in the ePO extension in McAfee ...)
NOT-FOR-US: McAfee
CVE-2018-6669
@@ -17724,14 +17940,14 @@ CVE-2018-5859
RESERVED
CVE-2018-5858
RESERVED
-CVE-2018-5857
- RESERVED
+CVE-2018-5857 (In the WCD CPE codec, a Use After Free condition can occur in all ...)
+ TODO: check
CVE-2018-5856
RESERVED
CVE-2018-5855
RESERVED
-CVE-2018-5854
- RESERVED
+CVE-2018-5854 (In fastboot, a stack-based buffer overflow can occur in all Android ...)
+ TODO: check
CVE-2018-5853
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -29100,8 +29316,8 @@ CVE-2018-1462 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize
NOT-FOR-US: IBM
CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
NOT-FOR-US: IBM
-CVE-2018-1460
- RESERVED
+CVE-2018-1460 (IBM Netezza Platform Software (IBM PureData System for Analytics ...)
+ TODO: check
CVE-2018-1459 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2018-1458
@@ -29182,8 +29398,8 @@ CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, a
NOT-FOR-US: IBM WebSphere DataPower Appliances
CVE-2018-1420
RESERVED
-CVE-2018-1419
- RESERVED
+CVE-2018-1419 (IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for ...)
+ TODO: check
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass ...)
NOT-FOR-US: IBM
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java ...)
@@ -30975,8 +31191,7 @@ CVE-2018-1086 (pcs before versions 0.9.164 and 0.10 is vulnerable to a debug ...
{DSA-4169-1}
- pcs 0.9.164-1 (bug #895313)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2
-CVE-2018-1085
- RESERVED
+CVE-2018-1085 (openshift-ansible before versions 3.9.23, 3.7.46 deploys a ...)
NOT-FOR-US: openshift-ansible
CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer overflow in ...)
{DSA-4174-1}
@@ -45570,7 +45785,7 @@ CVE-2017-13220 (An elevation of privilege vulnerability in the Upstream kernel b
NOTE: https://git.kernel.org/linus/51bda2bca53b265715ca1852528f38dc67429d9a
CVE-2017-13219 (A denial of service vulnerability in the Upstream kernel synaptics ...)
NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
-CVE-2017-13218 (Access to CNTVCT_EL0 could be used for side channel attacks. This ...)
+CVE-2017-13218 (Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, ...)
NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds write ...)
NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f28d2d469b0939cc44a6a5deec2e3fc35c96edbf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f28d2d469b0939cc44a6a5deec2e3fc35c96edbf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180615/7ed507e8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list