[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri May 4 21:10:27 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f7fa632 by security tracker role at 2018-05-04T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,59 @@
+CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
+	TODO: check
+CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
+	TODO: check
+CVE-2018-10748 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
+	TODO: check
+CVE-2018-10747 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
+	TODO: check
+CVE-2018-10746 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
+	TODO: check
+CVE-2018-10745
+	RESERVED
+CVE-2018-10744
+	RESERVED
+CVE-2018-10743
+	RESERVED
+CVE-2018-10742
+	RESERVED
+CVE-2018-10741
+	RESERVED
+CVE-2018-10740 (Axublog 1.1.0 allows remote Code Execution as demonstrated by injection ...)
+	TODO: check
+CVE-2018-10739 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
+	TODO: check
+CVE-2018-10738
+	RESERVED
+CVE-2018-10737
+	RESERVED
+CVE-2018-10736
+	RESERVED
+CVE-2018-10735
+	RESERVED
+CVE-2018-10734
+	RESERVED
+CVE-2018-10733 (There is a heap-based buffer over-read in the function ...)
+	TODO: check
+CVE-2018-10732
+	RESERVED
+CVE-2018-10731
+	RESERVED
+CVE-2018-10730
+	RESERVED
+CVE-2018-10729
+	RESERVED
+CVE-2018-10728
+	RESERVED
+CVE-2018-10727
+	RESERVED
+CVE-2018-10726 (** DISPUTED ** A stored XSS vulnerability was found in Datenstrom ...)
+	TODO: check
+CVE-2018-10725
+	RESERVED
+CVE-2018-10724
+	RESERVED
+CVE-2018-10723
+	RESERVED
 CVE-2018-10722 (In Cylance CylancePROTECT before 1470, an unprivileged local user can ...)
 	NOT-FOR-US: Cylance CylancePROTECT
 CVE-2018-10721
@@ -835,7 +891,7 @@ CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remot
 CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent plugin ...)
 	NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
 CVE-2018-1000178 [Implement custom deserializer to add our own sanity checks]
-	{DSA-4189-1}
+	{DSA-4189-1 DLA-1370-1}
 	- quassel 1:0.12.5-1 (bug #896914)
 	NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master)
 	NOTE: https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b (0.12)
@@ -3912,8 +3968,8 @@ CVE-2018-9065
 	RESERVED
 CVE-2018-9064
 	RESERVED
-CVE-2018-9063
-	RESERVED
+CVE-2018-9063 (MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo ...)
+	TODO: check
 CVE-2018-9062
 	RESERVED
 CVE-2018-9061
@@ -4438,46 +4494,46 @@ CVE-2018-8874 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allow
 	NOT-FOR-US: 2345 Security Guard
 CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) ...)
 	NOT-FOR-US: 2345 Security Guard
-CVE-2018-8872
-	RESERVED
+CVE-2018-8872 (In Schneider Electric Triconex Tricon MP model 3008 firmware versions ...)
+	TODO: check
 CVE-2018-8871
 	RESERVED
 CVE-2018-8870
 	RESERVED
-CVE-2018-8869
-	RESERVED
+CVE-2018-8869 (In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for ...)
+	TODO: check
 CVE-2018-8868
 	RESERVED
 CVE-2018-8867
 	RESERVED
 CVE-2018-8866
 	RESERVED
-CVE-2018-8865
-	RESERVED
+CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow ...)
+	TODO: check
 CVE-2018-8864
 	RESERVED
 CVE-2018-8863
 	RESERVED
 CVE-2018-8862
 	RESERVED
-CVE-2018-8861
-	RESERVED
+CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk environment ...)
+	TODO: check
 CVE-2018-8860
 	RESERVED
 CVE-2018-8859
 	RESERVED
 CVE-2018-8858
 	RESERVED
-CVE-2018-8857
-	RESERVED
+CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, ...)
+	TODO: check
 CVE-2018-8856
 	RESERVED
 CVE-2018-8855
 	RESERVED
 CVE-2018-8854
 	RESERVED
-CVE-2018-8853
-	RESERVED
+CVE-2018-8853 (Philips Brilliance CT devices operate user functions from within a ...)
+	TODO: check
 CVE-2018-8852
 	RESERVED
 CVE-2018-8851
@@ -7915,8 +7971,8 @@ CVE-2018-7524 (A cross-site request forgery vulnerability has been identified in
 	NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
 	NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7522
-	RESERVED
+CVE-2018-7522 (In Schneider Electric Triconex Tricon MP model 3008 firmware versions ...)
+	TODO: check
 CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free ...)
 	NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7520 (An improper access control vulnerability has been identified in ...)
@@ -7941,12 +7997,12 @@ CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple c
 	NOT-FOR-US: Eaton ELCSoft
 CVE-2018-7510
 	RESERVED
-CVE-2018-7509
-	RESERVED
+CVE-2018-7509 (WPLSoft in Delta Electronics versions 2.45.0 and prior writes data ...)
+	TODO: check
 CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web API ...)
 	NOT-FOR-US: OSIsoft PI
-CVE-2018-7507
-	RESERVED
+CVE-2018-7507 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a ...)
+	TODO: check
 CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 and ...)
 	NOT-FOR-US: Moxa
 CVE-2018-7505
@@ -7971,8 +8027,8 @@ CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI Vision
 	NOT-FOR-US: OSIsoft PI
 CVE-2018-7495
 	RESERVED
-CVE-2018-7494
-	RESERVED
+CVE-2018-7494 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a ...)
+	TODO: check
 CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege ...)
 	NOT-FOR-US: CactusVPN for macOS
 CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel ...)
@@ -14240,12 +14296,12 @@ CVE-2018-5450
 	RESERVED
 CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell ...)
 	NOT-FOR-US: Moxa
-CVE-2018-5448
-	RESERVED
+CVE-2018-5448 (All versions of the Medtronic 2090 Carelink Programmer are affected by ...)
+	TODO: check
 CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari PCS-9611 ...)
 	NOT-FOR-US: Nari PCS-9611 relay
-CVE-2018-5446
-	RESERVED
+CVE-2018-5446 (All versions of the Medtronic 2090 Carelink Programmer are affected by ...)
+	TODO: check
 CVE-2018-5445 (A Path Traversal issue was discovered in Advantech WebAccess/SCADA ...)
 	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2018-5444
@@ -24354,7 +24410,8 @@ CVE-2018-1473 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scrip
 	NOT-FOR-US: IBM
 CVE-2018-1472
 	RESERVED
-CVE-2018-1471 (IBM BigFix Platform 9.2 and 9.5 stores user credentials in plain in ...)
+CVE-2018-1471
+	REJECTED
 	NOT-FOR-US: IBM
 CVE-2018-1470
 	RESERVED
@@ -59978,7 +60035,7 @@ CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails
 	NOTE: Fixed by: https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a
 	NOTE: Introduced by: https://0xacab.org/mat/mat/commit/0d1fe2555e90db35eeb531a1b6026ff64f1f5ae5
 CVE-2017-7176
-	RESERVED
+	REJECTED
 CVE-2017-7175 (NfSen before 1.3.8 allows remote attackers to execute arbitrary OS ...)
 	NOT-FOR-US: NfSen
 CVE-2017-7174 (The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 ...)
@@ -70032,8 +70089,8 @@ CVE-2017-3777
 	REJECTED
 CVE-2017-3776 (Lenovo Help Android mobile app versions earlier than 6.1.2.0327 ...)
 	NOT-FOR-US: Lenovo Help Android mobile app
-CVE-2017-3775
-	RESERVED
+CVE-2017-3775 (Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode ...)
+	TODO: check
 CVE-2017-3774 (A stack overflow vulnerability was discovered within the web ...)
 	NOT-FOR-US: IBM
 CVE-2017-3773
@@ -75870,8 +75927,8 @@ CVE-2017-1745
 	RESERVED
 CVE-2017-1744
 	RESERVED
-CVE-2017-1743
-	RESERVED
+CVE-2017-1743 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+	TODO: check
 CVE-2017-1742
 	RESERVED
 CVE-2017-1741 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f7fa632b2413f0f9c1685ab9e478f4bcac14562

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f7fa632b2413f0f9c1685ab9e478f4bcac14562
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180504/2262f989/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list