[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jun 21 21:10:28 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc0fbc78 by security tracker role at 2018-06-21T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,51 @@
+CVE-2018-12628
+	RESERVED
+CVE-2018-12627
+	RESERVED
+CVE-2018-12626
+	RESERVED
+CVE-2018-12625
+	RESERVED
+CVE-2018-12624
+	RESERVED
+CVE-2018-12623
+	RESERVED
+CVE-2018-12622
+	RESERVED
+CVE-2018-12621
+	RESERVED
+CVE-2018-12620
+	RESERVED
+CVE-2018-12619
+	RESERVED
+CVE-2018-12618
+	RESERVED
+CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in ...)
+	TODO: check
+CVE-2018-12616
+	RESERVED
+CVE-2018-12615 (An issue was discovered in switchGroup() in ...)
+	TODO: check
+CVE-2018-12614
+	RESERVED
+CVE-2018-12613
+	RESERVED
+CVE-2018-12612
+	RESERVED
+CVE-2018-12611
+	RESERVED
+CVE-2018-12610
+	RESERVED
+CVE-2018-12609
+	RESERVED
+CVE-2018-12608
+	RESERVED
+CVE-2018-1000403
+	RESERVED
+CVE-2018-1000402
+	RESERVED
+CVE-2018-1000401
+	RESERVED
 CVE-2018-12607
 	RESERVED
 CVE-2018-12606
@@ -202,8 +250,8 @@ CVE-2018-12528
 	RESERVED
 CVE-2018-12527
 	RESERVED
-CVE-2018-12526
-	RESERVED
+CVE-2018-12526 (Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default ...)
+	TODO: check
 CVE-2018-12525 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboard ...)
 	NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
 CVE-2018-12524 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboard ...)
@@ -4827,7 +4875,7 @@ CVE-2018-10683 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. 
 	- wildfly <itp> (bug #752018)
 CVE-2018-10682 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. It is ...)
 	- wildfly <itp> (bug #752018)
-CVE-2016-10723 [Don't call schedule_timeout_killable() with oom_lock held]
+CVE-2016-10723 (** DISPUTED ** An issue was discovered in the Linux kernel through ...)
 	- linux <unfixed>
 	NOTE: https://patchwork.kernel.org/patch/10395909/
 CVE-2016-10722 (partclone.fat in Partclone before 0.2.88 is prone to a heap-based ...)
@@ -12250,16 +12298,16 @@ CVE-2018-7685
 	RESERVED
 CVE-2018-7684
 	RESERVED
-CVE-2018-7683
-	RESERVED
+CVE-2018-7683 (Micro Focus Solutions Business Manager versions prior to 11.4 might ...)
+	TODO: check
 CVE-2018-7682
 	RESERVED
-CVE-2018-7681
-	RESERVED
-CVE-2018-7680
-	RESERVED
-CVE-2018-7679
-	RESERVED
+CVE-2018-7681 (Micro Focus Solutions Business Manager versions prior to 11.4 allows ...)
+	TODO: check
+CVE-2018-7680 (Micro Focus Solutions Business Manager versions prior to 11.4 can ...)
+	TODO: check
+CVE-2018-7679 (Micro Focus Solutions Business Manager versions prior to 11.4 when ...)
+	TODO: check
 CVE-2018-7678 (A cross site scripting vulnerability exist in the Administration ...)
 	NOT-FOR-US: NetIQ Access Manager
 CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity ...)
@@ -30867,10 +30915,10 @@ CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression 
 	NOT-FOR-US: Spring Cloud SSO Connector
 CVE-2018-1255
 	RESERVED
-CVE-2018-1254
-	RESERVED
-CVE-2018-1253
-	RESERVED
+CVE-2018-1254 (RSA Authentication Manager Security Console, versions 8.3 P1 and ...)
+	TODO: check
+CVE-2018-1253 (RSA Authentication Manager Operation Console, versions 8.3 P1 and ...)
+	TODO: check
 CVE-2018-1252 (RSA Web Threat Detection versions prior to 6.4, contain an SQL ...)
 	NOT-FOR-US: RSA Web Threat Detection
 CVE-2018-1251
@@ -33232,8 +33280,8 @@ CVE-2018-0714
 	RESERVED
 CVE-2018-0713
 	RESERVED
-CVE-2018-0712
-	RESERVED
+CVE-2018-0712 (Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build ...)
+	TODO: check
 CVE-2018-0711 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build ...)
 	NOT-FOR-US: QNAP
 CVE-2018-0710
@@ -34114,12 +34162,12 @@ CVE-2018-0375
 	RESERVED
 CVE-2018-0374
 	RESERVED
-CVE-2018-0373
-	RESERVED
+CVE-2018-0373 (A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for ...)
+	TODO: check
 CVE-2018-0372
 	RESERVED
-CVE-2018-0371
-	RESERVED
+CVE-2018-0371 (A vulnerability in the Web Admin Interface of Cisco Meeting Server ...)
+	TODO: check
 CVE-2018-0370
 	RESERVED
 CVE-2018-0369
@@ -34130,22 +34178,22 @@ CVE-2018-0367
 	RESERVED
 CVE-2018-0366
 	RESERVED
-CVE-2018-0365
-	RESERVED
-CVE-2018-0364
-	RESERVED
-CVE-2018-0363
-	RESERVED
-CVE-2018-0362
-	RESERVED
+CVE-2018-0365 (A vulnerability in the web-based management interface of Cisco ...)
+	TODO: check
+CVE-2018-0364 (A vulnerability in the web-based management interface of Cisco Unified ...)
+	TODO: check
+CVE-2018-0363 (A vulnerability in the web-based management interface of Cisco Unified ...)
+	TODO: check
+CVE-2018-0362 (A vulnerability in BIOS authentication management of Cisco 5000 Series ...)
+	TODO: check
 CVE-2018-0361
 	RESERVED
 CVE-2018-0360
 	RESERVED
-CVE-2018-0359
-	RESERVED
-CVE-2018-0358
-	RESERVED
+CVE-2018-0359 (A vulnerability in the session identification management functionality ...)
+	TODO: check
+CVE-2018-0358 (A vulnerability in the file descriptor handling of Cisco TelePresence ...)
+	TODO: check
 CVE-2018-0357 (A vulnerability in the web framework of Cisco WebEx could allow an ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0356 (A vulnerability in the web framework of Cisco WebEx could allow an ...)
@@ -34186,8 +34234,8 @@ CVE-2018-0339 (A vulnerability in the web-based management interface of Cisco Id
 	NOT-FOR-US: Cisco
 CVE-2018-0338 (A vulnerability in the role-based access-checking mechanisms of Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2018-0337
-	RESERVED
+CVE-2018-0337 (A vulnerability in the role-based access-checking mechanisms of Cisco ...)
+	TODO: check
 CVE-2018-0336 (A vulnerability in the batch provisioning feature of Cisco Prime ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0335 (A vulnerability in the web portal authentication process of Cisco Prime ...)
@@ -34198,8 +34246,8 @@ CVE-2018-0333 (A vulnerability in the VPN configuration management of Cisco Fire
 	NOT-FOR-US: Cisco
 CVE-2018-0332 (A vulnerability in the Session Initiation Protocol (SIP) ingress packet ...)
 	TODO: check
-CVE-2018-0331
-	RESERVED
+CVE-2018-0331 (A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) ...)
+	TODO: check
 CVE-2018-0330 (A vulnerability in the NX-API management application programming ...)
 	TODO: check
 CVE-2018-0329 (A vulnerability in the default configuration of the Simple Network ...)
@@ -34234,38 +34282,38 @@ CVE-2018-0315 (A vulnerability in the authentication, authorization, and account
 	TODO: check
 CVE-2018-0314 (A vulnerability in the Cisco Fabric Services (CFS) component of Cisco ...)
 	TODO: check
-CVE-2018-0313
-	RESERVED
+CVE-2018-0313 (A vulnerability in the NX-API feature of Cisco NX-OS Software could ...)
+	TODO: check
 CVE-2018-0312 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...)
 	TODO: check
-CVE-2018-0311
-	RESERVED
-CVE-2018-0310
-	RESERVED
-CVE-2018-0309
-	RESERVED
+CVE-2018-0311 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...)
+	TODO: check
+CVE-2018-0310 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...)
+	TODO: check
+CVE-2018-0309 (A vulnerability in the implementation of a specific CLI command and the ...)
+	TODO: check
 CVE-2018-0308 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...)
 	TODO: check
 CVE-2018-0307 (A vulnerability in the CLI of Cisco NX-OS Software could allow an ...)
 	TODO: check
-CVE-2018-0306
-	RESERVED
-CVE-2018-0305
-	RESERVED
+CVE-2018-0306 (A vulnerability in the CLI parser of Cisco NX-OS Software could allow ...)
+	TODO: check
+CVE-2018-0305 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...)
+	TODO: check
 CVE-2018-0304 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...)
 	TODO: check
-CVE-2018-0303
-	RESERVED
-CVE-2018-0302
-	RESERVED
+CVE-2018-0303 (A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS ...)
+	TODO: check
+CVE-2018-0302 (A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS ...)
+	TODO: check
 CVE-2018-0301 (A vulnerability in the NX-API feature of Cisco NX-OS Software could ...)
 	TODO: check
-CVE-2018-0300
-	RESERVED
-CVE-2018-0299
-	RESERVED
-CVE-2018-0298
-	RESERVED
+CVE-2018-0300 (A vulnerability in the process of uploading new application images to ...)
+	TODO: check
+CVE-2018-0299 (A vulnerability in the Simple Network Management Protocol (SNMP) ...)
+	TODO: check
+CVE-2018-0298 (A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric ...)
+	TODO: check
 CVE-2018-0297 (A vulnerability in the detection engine of Cisco Firepower Threat ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0296 (A vulnerability in the web interface of the Cisco Adaptive Security ...)
@@ -46526,8 +46574,8 @@ CVE-2017-13074
 	RESERVED
 CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo ...)
 	NOT-FOR-US: NAP NAS application Photo Station
-CVE-2017-13072
-	RESERVED
+CVE-2017-13072 (Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS ...)
+	TODO: check
 CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern ...)
 	NOT-FOR-US: QNAP
 CVE-2017-13070 (A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version ...)
@@ -79039,8 +79087,7 @@ CVE-2017-2673 [federated user gets wrong role]
 	[jessie] - keystone <not-affected> (Vulnerable code not present)
 	[wheezy] - keystone <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.launchpad.net/keystone/+bug/1677723
-CVE-2017-2672
-	RESERVED
+CVE-2017-2672 (A flaw was found in foreman before version 1.15 in the logging of ...)
 	- foreman <itp> (bug #663101)
 CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel ...)
 	{DLA-922-1}
@@ -79054,8 +79101,7 @@ CVE-2017-2670
 	- undertow 1.4.18-1 (bug #864405)
 	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
 	NOTE: https://issues.jboss.org/browse/UNDERTOW-1035
-CVE-2017-2669 [auth: Do not double-expand key in passdb dict when authenticating]
-	RESERVED
+CVE-2017-2669 (Dovecot before version 2.2.29 is vulnerable to a denial of service. ...)
 	- dovecot 1:2.2.27-3 (bug #860049)
 	[jessie] - dovecot <not-affected> (Vulnerable code not present)
 	[wheezy] - dovecot <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc0fbc782118d456086c1cb804236cc42e44d3a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc0fbc782118d456086c1cb804236cc42e44d3a5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180621/ae2a2845/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list