[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 2 20:10:42 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e2f8500a by security tracker role at 2018-11-02T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2018-18906
+ RESERVED
+CVE-2018-18905
+ RESERVED
+CVE-2018-18904
+ RESERVED
+CVE-2018-18903
+ RESERVED
+CVE-2018-18902
+ RESERVED
CVE-2018-18901
RESERVED
CVE-2018-18900
@@ -2499,28 +2509,28 @@ CVE-2018-17924
RESERVED
CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
NOT-FOR-US: SAGA1-L8B
-CVE-2018-17922
- RESERVED
+CVE-2018-17922 (Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials ...)
+ TODO: check
CVE-2018-17921 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
NOT-FOR-US: SAGA1-L8B
CVE-2018-17920
RESERVED
CVE-2018-17919 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud ...)
NOT-FOR-US: P2P Cloud Server
-CVE-2018-17918
- RESERVED
+CVE-2018-17918 (Circontrol CirCarLife all versions prior to 4.3.1, authentication to ...)
+ TODO: check
CVE-2018-17917 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud ...)
NOT-FOR-US: P2P Cloud Server
-CVE-2018-17916
- RESERVED
+CVE-2018-17916 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...)
+ TODO: check
CVE-2018-17915 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud ...)
NOT-FOR-US: P2P Cloud Server
-CVE-2018-17914
- RESERVED
+CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...)
+ TODO: check
CVE-2018-17913
RESERVED
-CVE-2018-17912
- RESERVED
+CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when ...)
+ TODO: check
CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based ...)
NOT-FOR-US: LAquis SCADA
CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to properly ...)
@@ -3471,22 +3481,27 @@ CVE-2018-17478
RESERVED
CVE-2018-17477
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17476
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17475
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17474
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17473
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17472
@@ -3495,42 +3510,52 @@ CVE-2018-17472
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17471
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17470
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17469
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17468
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17467
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17466
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17465
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17464
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17463
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17462
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17461
@@ -4968,6 +4993,7 @@ CVE-2018-16844
CVE-2018-16843
RESERVED
CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...)
+ {DSA-4331-1}
- curl 7.62.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
@@ -4981,6 +5007,7 @@ CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59.
NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun ...)
+ {DSA-4331-1}
- curl 7.62.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
@@ -28310,10 +28337,10 @@ CVE-2018-7801
RESERVED
CVE-2018-7800
RESERVED
-CVE-2018-7799
- RESERVED
-CVE-2018-7798
- RESERVED
+CVE-2018-7799 (A DLL hijacking vulnerability exists in Schneider Electric Software ...)
+ TODO: check
+CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) ...)
+ TODO: check
CVE-2018-7797
RESERVED
CVE-2018-7796
@@ -36818,6 +36845,7 @@ CVE-2018-5180 (A use-after-free vulnerability can occur during WebGL operations.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5180
CVE-2018-5179
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-5178 (A buffer overflow was found during UTF8 to Unicode string conversion ...)
@@ -39842,10 +39870,10 @@ CVE-2018-3937 (An exploitable command injection vulnerability exists in the ...)
NOT-FOR-US: Sony
CVE-2018-3936 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
NOT-FOR-US: Antenna House Office Server Document Converter
-CVE-2018-3935
- RESERVED
-CVE-2018-3934
- RESERVED
+CVE-2018-3935 (An exploitable code execution vulnerability exists in the UDP network ...)
+ TODO: check
+CVE-2018-3934 (An exploitable code execution vulnerability exists in the firmware ...)
+ TODO: check
CVE-2018-3933 (An exploitable out-of-bounds write exists in the Microsoft Word ...)
NOT-FOR-US: Microsoft
CVE-2018-3932 (An exploitable stack-based buffer overflow exists in the Microsoft ...)
@@ -39872,8 +39900,8 @@ CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3921 (A memory corruption vulnerability exists in the PSD-parsing ...)
NOT-FOR-US: Computerinsel Photoline
-CVE-2018-3920
- RESERVED
+CVE-2018-3920 (An exploitable code execution vulnerability exists in the firmware ...)
+ TODO: check
CVE-2018-3919 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3918 (An exploitable vulnerability exists in the remote servers of Samsung ...)
@@ -39914,10 +39942,10 @@ CVE-2018-3901
RESERVED
CVE-2018-3900 (An exploitable code execution vulnerability exists in the QR code ...)
TODO: check
-CVE-2018-3899
- RESERVED
-CVE-2018-3898
- RESERVED
+CVE-2018-3899 (An exploitable code execution vulnerability exists in the QR code ...)
+ TODO: check
+CVE-2018-3898 (An exploitable code execution vulnerability exists in the QR code ...)
+ TODO: check
CVE-2018-3897 (An exploitable buffer overflow vulnerabilities exist in the ...)
NOT-FOR-US: Samsung
CVE-2018-3896 (An exploitable buffer overflow vulnerabilities exist in the ...)
@@ -39928,12 +39956,12 @@ CVE-2018-3894 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung
CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3892
- RESERVED
-CVE-2018-3891
- RESERVED
-CVE-2018-3890
- RESERVED
+CVE-2018-3892 (An exploitable firmware downgrade vulnerability exists in the time ...)
+ TODO: check
+CVE-2018-3891 (An exploitable firmware downgrade vulnerability exists in the firmware ...)
+ TODO: check
+CVE-2018-3890 (An exploitable code execution vulnerability exists in the firmware ...)
+ TODO: check
CVE-2018-3889 (A specially crafted PCX image processed via the application can lead ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3888 (A memory corruption vulnerability exists in the PCX-parsing ...)
@@ -45839,12 +45867,12 @@ CVE-2018-1880
RESERVED
CVE-2018-1879
RESERVED
-CVE-2018-1878
- RESERVED
-CVE-2018-1877
- RESERVED
-CVE-2018-1876
- RESERVED
+CVE-2018-1878 (IBM Robotic Process Automation with Automation Anywhere 11 could ...)
+ TODO: check
+CVE-2018-1877 (IBM Robotic Process Automation with Automation Anywhere 11 could store ...)
+ TODO: check
+CVE-2018-1876 (IBM Robotic Process Automation with Automation Anywhere 11 could under ...)
+ TODO: check
CVE-2018-1875
RESERVED
CVE-2018-1874
@@ -45903,8 +45931,8 @@ CVE-2018-1848
RESERVED
CVE-2018-1847
RESERVED
-CVE-2018-1846
- RESERVED
+CVE-2018-1846 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 ...)
+ TODO: check
CVE-2018-1845
RESERVED
CVE-2018-1844 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML ...)
@@ -45925,8 +45953,8 @@ CVE-2018-1837
RESERVED
CVE-2018-1836
RESERVED
-CVE-2018-1835
- RESERVED
+CVE-2018-1835 (IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to ...)
+ TODO: check
CVE-2018-1834
RESERVED
CVE-2018-1833
@@ -46019,8 +46047,8 @@ CVE-2018-1790
RESERVED
CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to ...)
NOT-FOR-US: IBM
-CVE-2018-1788
- RESERVED
+CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly ...)
+ TODO: check
CVE-2018-1787
RESERVED
CVE-2018-1786
@@ -46491,8 +46519,8 @@ CVE-2018-1554 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scrip
NOT-FOR-US: IBM
CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow ...)
NOT-FOR-US: IBM
-CVE-2018-1552
- RESERVED
+CVE-2018-1552 (IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 ...)
+ TODO: check
CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 ...)
NOT-FOR-US: IBM
CVE-2018-1550 (IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt ...)
@@ -98614,8 +98642,8 @@ CVE-2017-1611
RESERVED
CVE-2017-1610
RESERVED
-CVE-2017-1609
- RESERVED
+CVE-2017-1609 (IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are ...)
+ TODO: check
CVE-2017-1608 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...)
NOT-FOR-US: IBM
CVE-2017-1607 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2f8500aaa2462df36ead8128e50189ac35144ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2f8500aaa2462df36ead8128e50189ac35144ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181102/93a6325b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list