[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 23 21:10:34 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df6f0b1f by security tracker role at 2018-05-23T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-11396 (ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through ...)
+ TODO: check
CVE-2018-11395
RESERVED
CVE-2018-11394
@@ -197,8 +199,8 @@ CVE-2018-11336
RESERVED
CVE-2018-11335
RESERVED
-CVE-2018-11334
- RESERVED
+CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a NULL DACL that allows ...)
+ TODO: check
CVE-2018-11333
RESERVED
CVE-2018-11332
@@ -389,6 +391,7 @@ CVE-2018-11253
CVE-2018-11252
RESERVED
CVE-2018-11251 (In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based ...)
+ {DLA-1381-1}
- imagemagick 8:6.9.9.39+dfsg-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/956
NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fbc6a557b4f63af18b2debe83f817859ef7481
@@ -438,6 +441,7 @@ CVE-2018-11233
CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege Context ...)
NOT-FOR-US: Kubernetes CRI-O
CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop ...)
+ {DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3
NOTE: https://github.com/ImageMagick/ImageMagick/issues/910
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8fcb59e9e1d1189caf2e0f5e39346944dcd6b9d
@@ -447,6 +451,7 @@ CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a ...)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/918
NOTE: https://github.com/ImageMagick/ImageMagick/commit/93d029b70ac766ce0b5d7261a2dd334535f48038
CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop ...)
+ {DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3
NOTE: https://github.com/ImageMagick/ImageMagick/issues/911
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e
@@ -458,8 +463,8 @@ CVE-2017-18269 (An SSE2-optimized memmove implementation for i386 in ...)
CVE-2018-11232 (The etm_setup_aux function in ...)
- linux <not-affected> (Vulnerable code never present in unstable)
NOTE: Fixed by: https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f
-CVE-2018-11231
- RESERVED
+CVE-2018-11231 (In the Divido plugin for OpenCart, there is SQL injection. Attackers ...)
+ TODO: check
CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows ...)
NOT-FOR-US: jbig2enc
CVE-2018-11229
@@ -1805,20 +1810,20 @@ CVE-2018-10656
RESERVED
CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 ...)
NOT-FOR-US: DeviceLock Plug and Play Auditor
-CVE-2018-10654
- RESERVED
-CVE-2018-10653
- RESERVED
-CVE-2018-10652
- RESERVED
-CVE-2018-10651
- RESERVED
-CVE-2018-10650
- RESERVED
-CVE-2018-10649
- RESERVED
-CVE-2018-10648
- RESERVED
+CVE-2018-10654 (There is a Hazelcast Library Java Deserialization Vulnerability in ...)
+ TODO: check
+CVE-2018-10653 (There is an XML External Entity (XXE) Processing Vulnerability in ...)
+ TODO: check
+CVE-2018-10652 (There is a Sensitive Data Leakage issue in Citrix XenMobile Server ...)
+ TODO: check
+CVE-2018-10651 (There are Open Redirect Vulnerabilities in Citrix XenMobile Server ...)
+ TODO: check
+CVE-2018-10650 (There is an Insufficient Path Validation Vulnerability in Citrix ...)
+ TODO: check
+CVE-2018-10649 (There is a Cross-Site Scripting Vulnerability in Citrix XenMobile ...)
+ TODO: check
+CVE-2018-10648 (There are Unauthenticated File Upload Vulnerabilities in Citrix ...)
+ TODO: check
CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation ...)
NOT-FOR-US: SaferVPN
CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege ...)
@@ -2541,20 +2546,20 @@ CVE-2018-10359
RESERVED
CVE-2018-10358
RESERVED
-CVE-2018-10357
- RESERVED
-CVE-2018-10356
- RESERVED
-CVE-2018-10355
- RESERVED
-CVE-2018-10354
- RESERVED
-CVE-2018-10353
- RESERVED
-CVE-2018-10352
- RESERVED
-CVE-2018-10351
- RESERVED
+CVE-2018-10357 (A directory traversal vulnerability in Trend Micro Endpoint ...)
+ TODO: check
+CVE-2018-10356 (A SQL injection remote code execution vulnerability in Trend Micro ...)
+ TODO: check
+CVE-2018-10355 (An authentication weakness vulnerability in Trend Micro Email ...)
+ TODO: check
+CVE-2018-10354 (A command injection remote command execution vulnerability in Trend ...)
+ TODO: check
+CVE-2018-10353 (A SQL injection information disclosure vulnerability in Trend Micro ...)
+ TODO: check
+CVE-2018-10352 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could ...)
+ TODO: check
+CVE-2018-10351 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could ...)
+ TODO: check
CVE-2018-10350
RESERVED
CVE-2018-10349
@@ -6106,8 +6111,8 @@ CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and Sentin
NOT-FOR-US: HASP SRM
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 ...)
NOT-FOR-US: IdentityServer
-CVE-2018-8898
- RESERVED
+CVE-2018-8898 (A flaw in the authentication mechanism in the Login Panel of router ...)
+ TODO: check
CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...)
{DSA-4201-1 DSA-4196-1}
- linux 4.15.17-1
@@ -7765,8 +7770,8 @@ CVE-2018-8178 (A remote code execution vulnerability exists in the way that Micr
NOT-FOR-US: Microsoft
CVE-2018-8177 (A remote code execution vulnerability exists in the way that the ...)
NOT-FOR-US: Microsoft
-CVE-2018-8176
- RESERVED
+CVE-2018-8176 (A remote code execution vulnerability exists in Microsoft PowerPoint ...)
+ TODO: check
CVE-2018-8175
RESERVED
CVE-2018-8174 (A remote code execution vulnerability exists in the way that the ...)
@@ -10448,8 +10453,8 @@ CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG ..
NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage method ...)
NOT-FOR-US: eQ-3 AG Homematic CCU2
-CVE-2018-7295
- RESERVED
+CVE-2018-7295 (ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on ...)
+ TODO: check
CVE-2018-7294
RESERVED
CVE-2018-7293
@@ -12909,8 +12914,8 @@ CVE-2018-6497
RESERVED
CVE-2018-6496
RESERVED
-CVE-2018-6495
- RESERVED
+CVE-2018-6495 (Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version ...)
+ TODO: check
CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software Web Tier, ...)
NOT-FOR-US: HP
CVE-2018-6493 (SQL Injection in HP Network Operations Management Ultimate, version ...)
@@ -27354,10 +27359,10 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest .
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/7
CVE-2018-1311
RESERVED
-CVE-2018-1310
- RESERVED
-CVE-2018-1309
- RESERVED
+CVE-2018-1310 (Apache NiFi JMS Deserialization issue because of ActiveMQ client ...)
+ TODO: check
+CVE-2018-1309 (Apache NiFi External XML Entity issue in SplitXML processor. Malicious ...)
+ TODO: check
CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 ...)
{DSA-4194-1 DLA-1360-1}
- lucene-solr 3.6.2+dfsg-12 (bug #896604)
@@ -27715,8 +27720,8 @@ CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment versi
NOT-FOR-US: Cloud Foundry
CVE-2018-1194
REJECTED
-CVE-2018-1193
- RESERVED
+CVE-2018-1193 (Cloud Foundry routing-release, versions prior to 0.175.0, lacks ...)
+ TODO: check
CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285; ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an ...)
@@ -28061,40 +28066,35 @@ CVE-2018-1128
CVE-2018-1127
RESERVED
NOT-FOR-US: tendrl-api
-CVE-2018-1126 [0035-proc-alloc.-Use-size_t-not-unsigned-int.patch]
- RESERVED
+CVE-2018-1126 (procps-ng before version 3.3.15 is vulnerable to an incorrect integer ...)
{DSA-4208-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/f1077b7a558a5545837aae068422e58f1f9b1d33
-CVE-2018-1125 [0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch]
- RESERVED
+CVE-2018-1125 (procps-ng before version 3.3.15 is vulnerable to a stack buffer ...)
{DSA-4208-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584
-CVE-2018-1124 [Local Privilege Escalation in libprocps]
- RESERVED
+CVE-2018-1124 (procps-ng before version 3.3.15 is vulnerable to multiple integer ...)
{DSA-4208-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20
-CVE-2018-1123 [Denial of Service in ps]
- RESERVED
+CVE-2018-1123 (procps-ng before version 3.3.15 is vulnerable to a denial of service ...)
{DSA-4208-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/136e3724952827bbae8887a42d9d2b6f658a48ab
-CVE-2018-1122 [Local Privilege Escalation in top]
- RESERVED
+CVE-2018-1122 (procps-ng before version 3.3.15 is vulnerable to a local privilege ...)
{DSA-4208-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
@@ -54745,8 +54745,8 @@ CVE-2017-9319
RESERVED
CVE-2017-9318
RESERVED
-CVE-2017-9317
- RESERVED
+CVE-2017-9317 (Privilege escalation vulnerability found in some Dahua IP devices. ...)
+ TODO: check
CVE-2017-9316 (Firmware upgrade authentication bypass vulnerability was found in ...)
NOT-FOR-US: Dahua
CVE-2017-9315 (Customer of Dahua IP camera or IP PTZ could submit relevant device ...)
@@ -76145,8 +76145,7 @@ CVE-2017-2600 (In jenkins before versions 2.44, 2.32.2 node monitor data could b
CVE-2017-2599 (Jenkins before versions 2.44 and 2.32.2 is vulnerable to an ...)
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2598
- RESERVED
+CVE-2017-2598 (Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode ...)
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2597
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df6f0b1f0acf7a10b8ef8e5fbaf05da1a447b630
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df6f0b1f0acf7a10b8ef8e5fbaf05da1a447b630
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180523/0f6c8bea/attachment.html>
More information about the debian-security-tracker-commits
mailing list