[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 10 21:10:26 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0901104 by security tracker role at 2018-05-10T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,35 @@
+CVE-2018-10980
+ RESERVED
+CVE-2018-10979
+ RESERVED
+CVE-2018-10978
+ RESERVED
+CVE-2018-10977 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+ TODO: check
+CVE-2018-10976 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+ TODO: check
+CVE-2018-10975 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+ TODO: check
+CVE-2018-10974 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+ TODO: check
+CVE-2018-10973 (An integer overflow in the transferMulti function of a smart contract ...)
+ TODO: check
+CVE-2018-10972 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The ...)
+ TODO: check
+CVE-2018-10971 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The ...)
+ TODO: check
+CVE-2018-10970
+ RESERVED
+CVE-2018-10969
+ RESERVED
+CVE-2018-10968
+ RESERVED
+CVE-2018-10967
+ RESERVED
+CVE-2018-10966
+ RESERVED
+CVE-2018-10965
+ RESERVED
CVE-2018-10964
RESERVED
CVE-2018-10963 (The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF ...)
@@ -38,13 +70,13 @@ CVE-2018-10947
RESERVED
CVE-2018-10946
RESERVED
-CVE-2017-18267 [FoFiType1C::cvtGlyph: Fix infinite recursion on malformed documents]
+CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler ...)
- poppler <unfixed> (bug #898357)
[wheezy] - poppler <ignored> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=104942
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=60b4fe65bc9dc9b82bbadf0be2e3781be796a13d
-CVE-2017-18266 [Argument injection in xdg-open open_envvar]
+CVE-2017-18266 (The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not ...)
- xdg-utils <unfixed> (bug #898317)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103807
NOTE: Fixed by: https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
@@ -336,8 +368,8 @@ CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFF
- imagemagick <unfixed> (unimportant; bug #898217)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1053
NOTE: https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
-CVE-2018-10803
- RESERVED
+CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add credentials ...)
+ TODO: check
CVE-2018-1000301
RESERVED
CVE-2018-1000300
@@ -587,8 +619,8 @@ CVE-2018-10708
RESERVED
CVE-2018-10707
RESERVED
-CVE-2018-10706
- RESERVED
+CVE-2018-10706 (An integer overflow in the transferMulti function of a smart contract ...)
+ TODO: check
CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), an ...)
TODO: check
CVE-2018-10704
@@ -713,8 +745,8 @@ CVE-2018-10657 (Matrix Synapse before 0.28.1 is prone to a denial of service fla
NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
CVE-2018-10656
RESERVED
-CVE-2018-10655
- RESERVED
+CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 ...)
+ TODO: check
CVE-2018-10654
RESERVED
CVE-2018-10653
@@ -2677,8 +2709,8 @@ CVE-2018-9851 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php
NOT-FOR-US: Gxlcms QY
CVE-2018-9850 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php ...)
NOT-FOR-US: Gxlcms QY
-CVE-2018-9849
- RESERVED
+CVE-2018-9849 (Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before ...)
+ TODO: check
CVE-2018-9848 (In Gxlcms QY v1.0.0713, the upload function in ...)
NOT-FOR-US: Gxlcms QY
CVE-2018-9847 (In Gxlcms QY v1.0.0713, the update function in ...)
@@ -4904,18 +4936,18 @@ CVE-2018-8917
RESERVED
CVE-2018-8916
RESERVED
-CVE-2018-8915
- RESERVED
-CVE-2018-8914
- RESERVED
+CVE-2018-8915 (Cross-site scripting (XSS) vulnerability in Notification Center in ...)
+ TODO: check
+CVE-2018-8914 (SQL injection vulnerability in UPnP DMA in Synology Media Server ...)
+ TODO: check
CVE-2018-8913
RESERVED
CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in ...)
NOT-FOR-US: Synology Note Station
CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview in ...)
NOT-FOR-US: Synology Note Station
-CVE-2018-8910
- RESERVED
+CVE-2018-8910 (Cross-site scripting (XSS) vulnerability in Attachment Preview in ...)
+ TODO: check
CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...)
NOT-FOR-US: Wire application for Android
CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The ...)
@@ -7208,10 +7240,10 @@ CVE-2018-7943
RESERVED
CVE-2018-7942
RESERVED
-CVE-2018-7941
- RESERVED
-CVE-2018-7940
- RESERVED
+CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A ...)
+ TODO: check
+CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than ...)
+ TODO: check
CVE-2018-7939
RESERVED
CVE-2018-7938
@@ -7224,8 +7256,8 @@ CVE-2018-7935
RESERVED
CVE-2018-7934
RESERVED
-CVE-2018-7933
- RESERVED
+CVE-2018-7933 (Huawei home gateway products HiRouter-CD20 and WS5200 with the ...)
+ TODO: check
CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary ...)
NOT-FOR-US: Huawei
CVE-2018-7931 (Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism ...)
@@ -12442,8 +12474,8 @@ CVE-2018-6256
RESERVED
CVE-2018-6255
RESERVED
-CVE-2018-6254
- RESERVED
+CVE-2018-6254 (In Android before the 2018-05-05 security patch level, NVIDIA Media ...)
+ TODO: check
CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in the DirectX and ...)
- nvidia-graphics-drivers 390.48-1 (bug #894338)
[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -12476,8 +12508,8 @@ CVE-2018-6248 (NVIDIA Windows GPU Display Driver contains a vulnerability in the
NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6247 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA Windows driver
-CVE-2018-6246
- RESERVED
+CVE-2018-6246 (In Android before the 2018-05-05 security patch level, NVIDIA Widevine ...)
+ TODO: check
CVE-2018-6245
RESERVED
CVE-2018-6244
@@ -15592,6 +15624,7 @@ CVE-2018-5184
RESERVED
CVE-2018-5183
RESERVED
+ {DSA-4199-1}
- firefox-esr 52.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
CVE-2018-5182
@@ -15613,6 +15646,7 @@ CVE-2018-5179
RESERVED
CVE-2018-5178
RESERVED
+ {DSA-4199-1}
- firefox-esr 52.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
CVE-2018-5177
@@ -15657,6 +15691,7 @@ CVE-2018-5169
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
CVE-2018-5168
RESERVED
+ {DSA-4199-1}
[experimental] - firefox 60.0-1
- firefox <unfixed>
- firefox-esr 52.8.0esr-1
@@ -15698,6 +15733,7 @@ CVE-2018-5160
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
CVE-2018-5159
RESERVED
+ {DSA-4199-1}
[experimental] - firefox 60.0-1
- firefox <unfixed>
- firefox-esr 52.8.0esr-1
@@ -15705,6 +15741,7 @@ CVE-2018-5159
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5159
CVE-2018-5158
RESERVED
+ {DSA-4199-1}
[experimental] - firefox 60.0-1
- firefox <unfixed>
- firefox-esr 52.8.0esr-1
@@ -15712,6 +15749,7 @@ CVE-2018-5158
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
CVE-2018-5157
RESERVED
+ {DSA-4199-1}
[experimental] - firefox 60.0-1
- firefox <unfixed>
- firefox-esr 52.8.0esr-1
@@ -15721,6 +15759,7 @@ CVE-2018-5156
RESERVED
CVE-2018-5155
RESERVED
+ {DSA-4199-1}
[experimental] - firefox 60.0-1
- firefox <unfixed>
- firefox-esr 52.8.0esr-1
@@ -15728,6 +15767,7 @@ CVE-2018-5155
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5155
CVE-2018-5154
RESERVED
+ {DSA-4199-1}
[experimental] - firefox 60.0-1
- firefox <unfixed>
- firefox-esr 52.8.0esr-1
@@ -15750,6 +15790,7 @@ CVE-2018-5151
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
CVE-2018-5150
RESERVED
+ {DSA-4199-1}
[experimental] - firefox 60.0-1
- firefox <unfixed>
- firefox-esr 52.8.0esr-1
@@ -26732,8 +26773,7 @@ CVE-2018-1132
RESERVED
CVE-2018-1131
RESERVED
-CVE-2018-1130 [dccp: check sk for closed state in dccp_sendmsg()]
- RESERVED
+CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null pointer ...)
- linux 4.15.17-1
NOTE: Fixed by: https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
CVE-2018-1129
@@ -26767,7 +26807,7 @@ CVE-2018-1117
RESERVED
CVE-2018-1116
RESERVED
-CVE-2018-1115 [public execution privileges on pg_rotate_logfile() in adminpack extension]
+CVE-2018-1115 (postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack ...)
- postgresql-10 10.4-1
- postgresql-9.6 <removed>
[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
@@ -63343,16 +63383,16 @@ CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymast
NOT-FOR-US: NVIDIA
CVE-2017-6294
RESERVED
-CVE-2017-6293
- RESERVED
+CVE-2017-6293 (In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 ...)
+ TODO: check
CVE-2017-6292
RESERVED
CVE-2017-6291
RESERVED
CVE-2017-6290
RESERVED
-CVE-2017-6289
- RESERVED
+CVE-2017-6289 (In Android before the 2018-05-05 security patch level, NVIDIA Trusted ...)
+ TODO: check
CVE-2017-6288 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
NOT-FOR-US: Nvidia component for Android
CVE-2017-6287 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
@@ -74744,8 +74784,7 @@ CVE-2017-2602
RESERVED
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2601
- RESERVED
+CVE-2017-2601 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted ...)
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2600
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e09011047001be61193f75035d55c934bf720a9a
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e09011047001be61193f75035d55c934bf720a9a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180510/5ae76986/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list