[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 8 21:10:27 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6fdbd0d2 by security tracker role at 2018-03-08T21:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,269 @@
+CVE-2018-7888
+ RESERVED
+CVE-2018-7887
+ RESERVED
+CVE-2018-7886
+ RESERVED
+CVE-2018-7885
+ RESERVED
+CVE-2018-7884
+ RESERVED
+CVE-2018-7883
+ RESERVED
+CVE-2018-7882
+ RESERVED
+CVE-2018-7881
+ RESERVED
+CVE-2018-7880
+ RESERVED
+CVE-2018-7879
+ RESERVED
+CVE-2018-7878
+ RESERVED
+CVE-2018-7877 (There is a heap-based buffer overflow in the getString function of ...)
+ TODO: check
+CVE-2018-7876 (In libming 0.4.8, a memory exhaustion vulnerability was found in the ...)
+ TODO: check
+CVE-2018-7875 (There is a heap-based buffer over-read in the getString function of ...)
+ TODO: check
+CVE-2018-7874 (An invalid memory address dereference was discovered in strlenext in ...)
+ TODO: check
+CVE-2018-7873 (There is a heap-based buffer overflow in the getString function of ...)
+ TODO: check
+CVE-2018-7872 (An invalid memory address dereference was discovered in the function ...)
+ TODO: check
+CVE-2018-7871 (There is a heap-based buffer over-read in the getName function of ...)
+ TODO: check
+CVE-2018-7870 (An invalid memory address dereference was discovered in getString in ...)
+ TODO: check
+CVE-2018-7869 (There is a memory leak triggered in the function dcinit of ...)
+ TODO: check
+CVE-2018-7868 (There is a heap-based buffer over-read in the getName function of ...)
+ TODO: check
+CVE-2018-7867 (There is a heap-based buffer overflow in the getString function of ...)
+ TODO: check
+CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in ...)
+ TODO: check
+CVE-2018-7865
+ RESERVED
+CVE-2018-7864
+ RESERVED
+CVE-2018-7863
+ RESERVED
+CVE-2018-7862
+ RESERVED
+CVE-2018-7861
+ RESERVED
+CVE-2018-7860
+ RESERVED
+CVE-2018-7859
+ RESERVED
+CVE-2018-7858
+ RESERVED
+CVE-2018-7857
+ RESERVED
+CVE-2018-7856
+ RESERVED
+CVE-2018-7855
+ RESERVED
+CVE-2018-7854
+ RESERVED
+CVE-2018-7853
+ RESERVED
+CVE-2018-7852
+ RESERVED
+CVE-2018-7851
+ RESERVED
+CVE-2018-7850
+ RESERVED
+CVE-2018-7849
+ RESERVED
+CVE-2018-7848
+ RESERVED
+CVE-2018-7847
+ RESERVED
+CVE-2018-7846
+ RESERVED
+CVE-2018-7845
+ RESERVED
+CVE-2018-7844
+ RESERVED
+CVE-2018-7843
+ RESERVED
+CVE-2018-7842
+ RESERVED
+CVE-2018-7841
+ RESERVED
+CVE-2018-7840
+ RESERVED
+CVE-2018-7839
+ RESERVED
+CVE-2018-7838
+ RESERVED
+CVE-2018-7837
+ RESERVED
+CVE-2018-7836
+ RESERVED
+CVE-2018-7835
+ RESERVED
+CVE-2018-7834
+ RESERVED
+CVE-2018-7833
+ RESERVED
+CVE-2018-7832
+ RESERVED
+CVE-2018-7831
+ RESERVED
+CVE-2018-7830
+ RESERVED
+CVE-2018-7829
+ RESERVED
+CVE-2018-7828
+ RESERVED
+CVE-2018-7827
+ RESERVED
+CVE-2018-7826
+ RESERVED
+CVE-2018-7825
+ RESERVED
+CVE-2018-7824
+ RESERVED
+CVE-2018-7823
+ RESERVED
+CVE-2018-7822
+ RESERVED
+CVE-2018-7821
+ RESERVED
+CVE-2018-7820
+ RESERVED
+CVE-2018-7819
+ RESERVED
+CVE-2018-7818
+ RESERVED
+CVE-2018-7817
+ RESERVED
+CVE-2018-7816
+ RESERVED
+CVE-2018-7815
+ RESERVED
+CVE-2018-7814
+ RESERVED
+CVE-2018-7813
+ RESERVED
+CVE-2018-7812
+ RESERVED
+CVE-2018-7811
+ RESERVED
+CVE-2018-7810
+ RESERVED
+CVE-2018-7809
+ RESERVED
+CVE-2018-7808
+ RESERVED
+CVE-2018-7807
+ RESERVED
+CVE-2018-7806
+ RESERVED
+CVE-2018-7805
+ RESERVED
+CVE-2018-7804
+ RESERVED
+CVE-2018-7803
+ RESERVED
+CVE-2018-7802
+ RESERVED
+CVE-2018-7801
+ RESERVED
+CVE-2018-7800
+ RESERVED
+CVE-2018-7799
+ RESERVED
+CVE-2018-7798
+ RESERVED
+CVE-2018-7797
+ RESERVED
+CVE-2018-7796
+ RESERVED
+CVE-2018-7795
+ RESERVED
+CVE-2018-7794
+ RESERVED
+CVE-2018-7793
+ RESERVED
+CVE-2018-7792
+ RESERVED
+CVE-2018-7791
+ RESERVED
+CVE-2018-7790
+ RESERVED
+CVE-2018-7789
+ RESERVED
+CVE-2018-7788
+ RESERVED
+CVE-2018-7787
+ RESERVED
+CVE-2018-7786
+ RESERVED
+CVE-2018-7785
+ RESERVED
+CVE-2018-7784
+ RESERVED
+CVE-2018-7783
+ RESERVED
+CVE-2018-7782
+ RESERVED
+CVE-2018-7781
+ RESERVED
+CVE-2018-7780
+ RESERVED
+CVE-2018-7779
+ RESERVED
+CVE-2018-7778
+ RESERVED
+CVE-2018-7777
+ RESERVED
+CVE-2018-7776
+ RESERVED
+CVE-2018-7775
+ RESERVED
+CVE-2018-7774
+ RESERVED
+CVE-2018-7773
+ RESERVED
+CVE-2018-7772
+ RESERVED
+CVE-2018-7771
+ RESERVED
+CVE-2018-7770
+ RESERVED
+CVE-2018-7769
+ RESERVED
+CVE-2018-7768
+ RESERVED
+CVE-2018-7767
+ RESERVED
+CVE-2018-7766
+ RESERVED
+CVE-2018-7765
+ RESERVED
+CVE-2018-7764
+ RESERVED
+CVE-2018-7763
+ RESERVED
+CVE-2018-7762
+ RESERVED
+CVE-2018-7761
+ RESERVED
+CVE-2018-7760
+ RESERVED
+CVE-2018-7759
+ RESERVED
+CVE-2018-7758
+ RESERVED
+CVE-2018-7757 (Memory leak in the sas_smp_get_phy_events function in ...)
+ TODO: check
+CVE-2017-18222 (In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does ...)
+ TODO: check
CVE-2018-7756
RESERVED
CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...)
@@ -334,7 +600,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to
NOTE: https://github.com/zkat/ssri/issues/10
NOTE: https://nodesecurity.io/advisories/565
NOTE: nodejs not covered by security support
-CVE-2018-1000119 (Sinatra rack-protection version 2.0.0.rc3 and earlier contains a ...)
+CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier ...)
- ruby-rack-protection <unfixed> (bug #892250)
NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
@@ -1900,8 +2166,7 @@ CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before upda
NOTE: http://www.kb.cert.org/vuls/id/961909
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
-CVE-2018-7183 [ntpq:decodearr() can write beyond its buffer limit]
- RESERVED
+CVE-2018-7183 (Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 ...)
- ntp <unfixed>
- ntpsec <not-affected> (Issue not present)
NOTE: http://www.kb.cert.org/vuls/id/961909
@@ -7087,8 +7352,8 @@ CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4
NOTE: https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678
NOTE: https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e
NOTE: upstream fixed in 3.2.9, 3.3.6 and 3.4.4
-CVE-2018-5313
- RESERVED
+CVE-2018-5313 (A vulnerability allows local attackers to escalate privilege on Rapid ...)
+ TODO: check
CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...)
- matrixssl <removed>
[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
@@ -8368,12 +8633,12 @@ CVE-2018-4842
RESERVED
CVE-2018-4841
RESERVED
-CVE-2018-4840
- RESERVED
-CVE-2018-4839
- RESERVED
-CVE-2018-4838
- RESERVED
+CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...)
+ TODO: check
+CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...)
+ TODO: check
+CVE-2018-4838 (A vulnerability has been identified in Siemens EN100 Ethernet module ...)
+ TODO: check
CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic < ...)
NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic < ...)
@@ -16522,10 +16787,10 @@ CVE-2018-1445
RESERVED
CVE-2018-1444
RESERVED
-CVE-2018-1443
- RESERVED
-CVE-2018-1442
- RESERVED
+CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single sign-on ...)
+ TODO: check
+CVE-2018-1442 (IBM Application Performance Management - Response Time Monitoring ...)
+ TODO: check
CVE-2018-1441
RESERVED
CVE-2018-1440
@@ -16634,8 +16899,8 @@ CVE-2018-1389
RESERVED
CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies ...)
NOT-FOR-US: IBM WebSphere MQ
-CVE-2018-1387
- RESERVED
+CVE-2018-1387 (IBM Application Performance Management for Monitoring & Diagnostics ...)
+ TODO: check
CVE-2018-1386
RESERVED
CVE-2018-1385
@@ -17703,18 +17968,18 @@ CVE-2018-1222
RESERVED
CVE-2018-1221
RESERVED
-CVE-2018-1220
- RESERVED
-CVE-2018-1219
- RESERVED
+CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect ...)
+ TODO: check
+CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...)
+ TODO: check
CVE-2018-1218
RESERVED
CVE-2018-1217
RESERVED
-CVE-2018-1216
- RESERVED
-CVE-2018-1215
- RESERVED
+CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp Manager ...)
+ TODO: check
+CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Manager ...)
+ TODO: check
CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows ...)
NOT-FOR-US: EMC
CVE-2018-1213
@@ -17783,8 +18048,8 @@ CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines
NOT-FOR-US: EMC
CVE-2018-1183
RESERVED
-CVE-2018-1182
- RESERVED
+CVE-2018-1182 (An issue was discovered in EMC RSA Identity Governance and Lifecycle ...)
+ TODO: check
CVE-2018-1181
RESERVED
CVE-2017-17447
@@ -40751,15 +41016,15 @@ CVE-2017-9977 (AVG AntiVirus for MacOS with scan engine before 4668 might allow
CVE-2017-9976
RESERVED
CVE-2017-9975
- RESERVED
+ REJECTED
CVE-2017-9974
- RESERVED
+ REJECTED
CVE-2017-9973
- RESERVED
+ REJECTED
CVE-2017-9972
- RESERVED
+ REJECTED
CVE-2017-9971
- RESERVED
+ REJECTED
CVE-2017-9970 (A remote code execution vulnerability exists in Schneider Electric's ...)
NOT-FOR-US: Schneider Electric
CVE-2017-9969 (An information disclosure vulnerability exists in Schneider Electric's ...)
@@ -49827,22 +50092,22 @@ CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileg
NOT-FOR-US: Proxifier for Mac
CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka ...)
NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
-CVE-2017-7641
- RESERVED
-CVE-2017-7640
- RESERVED
+CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
+ TODO: check
+CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
+ TODO: check
CVE-2017-7639
RESERVED
-CVE-2017-7638
- RESERVED
+CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
+ TODO: check
CVE-2017-7637
RESERVED
CVE-2017-7636
RESERVED
CVE-2017-7635
RESERVED
-CVE-2017-7634
- RESERVED
+CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Media ...)
+ TODO: check
CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...)
NOT-FOR-US: QNAP
CVE-2017-7632
@@ -54743,8 +55008,8 @@ CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1
NOT-FOR-US: F5 BIG-IP
CVE-2017-6153
RESERVED
-CVE-2017-6152
- RESERVED
+CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the ...)
+ TODO: check
CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - ...)
@@ -67848,8 +68113,8 @@ CVE-2017-1627
RESERVED
CVE-2017-1626
RESERVED
-CVE-2017-1625
- RESERVED
+CVE-2017-1625 (IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to ...)
+ TODO: check
CVE-2017-1624
RESERVED
CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
@@ -134630,13 +134895,11 @@ CVE-2014-7274 (The IMAP-over-SSL implementation in getmail 4.44.0 does not verif
CVE-2014-7273 (The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does ...)
{DSA-3091-1 DLA-106-1}
- getmail4 4.44.0-1 (bug #766670)
-CVE-2014-7272 [multiple vulnerabilities in sddm]
- RESERVED
+CVE-2014-7272 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users ...)
[experimental] - sddm 0.11.0-1
- sddm 0.11.0-2
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
-CVE-2014-7271 [unauthenticated logins as sddm]
- RESERVED
+CVE-2014-7271 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users ...)
[experimental] - sddm 0.11.0-1
- sddm 0.11.0-2
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fdbd0d2903b7393f3c69ff88d966b7f4590f707
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fdbd0d2903b7393f3c69ff88d966b7f4590f707
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180308/b9e7569f/attachment-0001.html>
More information about the Secure-testing-commits
mailing list