[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Nov 2 20:10:42 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2f8500a by security tracker role at 2018-11-02T20:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2018-18906
+	RESERVED
+CVE-2018-18905
+	RESERVED
+CVE-2018-18904
+	RESERVED
+CVE-2018-18903
+	RESERVED
+CVE-2018-18902
+	RESERVED
 CVE-2018-18901
 	RESERVED
 CVE-2018-18900
@@ -2499,28 +2509,28 @@ CVE-2018-17924
 	RESERVED
 CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
 	NOT-FOR-US: SAGA1-L8B
-CVE-2018-17922
-	RESERVED
+CVE-2018-17922 (Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials ...)
+	TODO: check
 CVE-2018-17921 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
 	NOT-FOR-US: SAGA1-L8B
 CVE-2018-17920
 	RESERVED
 CVE-2018-17919 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud ...)
 	NOT-FOR-US: P2P Cloud Server
-CVE-2018-17918
-	RESERVED
+CVE-2018-17918 (Circontrol CirCarLife all versions prior to 4.3.1, authentication to ...)
+	TODO: check
 CVE-2018-17917 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud ...)
 	NOT-FOR-US: P2P Cloud Server
-CVE-2018-17916
-	RESERVED
+CVE-2018-17916 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...)
+	TODO: check
 CVE-2018-17915 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud ...)
 	NOT-FOR-US: P2P Cloud Server
-CVE-2018-17914
-	RESERVED
+CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...)
+	TODO: check
 CVE-2018-17913
 	RESERVED
-CVE-2018-17912
-	RESERVED
+CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when ...)
+	TODO: check
 CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based ...)
 	NOT-FOR-US: LAquis SCADA
 CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to properly ...)
@@ -3471,22 +3481,27 @@ CVE-2018-17478
 	RESERVED
 CVE-2018-17477
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17476
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17475
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17474
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17473
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17472
@@ -3495,42 +3510,52 @@ CVE-2018-17472
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17471
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17470
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17469
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17468
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17467
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17466
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17465
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17464
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17463
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17462
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17461
@@ -4968,6 +4993,7 @@ CVE-2018-16844
 CVE-2018-16843
 	RESERVED
 CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...)
+	{DSA-4331-1}
 	- curl 7.62.0-1
 	NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
@@ -4981,6 +5007,7 @@ CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59.
 	NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
 	NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
 CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun ...)
+	{DSA-4331-1}
 	- curl 7.62.0-1
 	NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
@@ -28310,10 +28337,10 @@ CVE-2018-7801
 	RESERVED
 CVE-2018-7800
 	RESERVED
-CVE-2018-7799
-	RESERVED
-CVE-2018-7798
-	RESERVED
+CVE-2018-7799 (A DLL hijacking vulnerability exists in Schneider Electric Software ...)
+	TODO: check
+CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) ...)
+	TODO: check
 CVE-2018-7797
 	RESERVED
 CVE-2018-7796
@@ -36818,6 +36845,7 @@ CVE-2018-5180 (A use-after-free vulnerability can occur during WebGL operations.
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5180
 CVE-2018-5179
 	RESERVED
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-5178 (A buffer overflow was found during UTF8 to Unicode string conversion ...)
@@ -39842,10 +39870,10 @@ CVE-2018-3937 (An exploitable command injection vulnerability exists in the ...)
 	NOT-FOR-US: Sony
 CVE-2018-3936 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
 	NOT-FOR-US: Antenna House Office Server Document Converter
-CVE-2018-3935
-	RESERVED
-CVE-2018-3934
-	RESERVED
+CVE-2018-3935 (An exploitable code execution vulnerability exists in the UDP network ...)
+	TODO: check
+CVE-2018-3934 (An exploitable code execution vulnerability exists in the firmware ...)
+	TODO: check
 CVE-2018-3933 (An exploitable out-of-bounds write exists in the Microsoft Word ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-3932 (An exploitable stack-based buffer overflow exists in the Microsoft ...)
@@ -39872,8 +39900,8 @@ CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing ...)
 	NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3921 (A memory corruption vulnerability exists in the PSD-parsing ...)
 	NOT-FOR-US: Computerinsel Photoline
-CVE-2018-3920
-	RESERVED
+CVE-2018-3920 (An exploitable code execution vulnerability exists in the firmware ...)
+	TODO: check
 CVE-2018-3919 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3918 (An exploitable vulnerability exists in the remote servers of Samsung ...)
@@ -39914,10 +39942,10 @@ CVE-2018-3901
 	RESERVED
 CVE-2018-3900 (An exploitable code execution vulnerability exists in the QR code ...)
 	TODO: check
-CVE-2018-3899
-	RESERVED
-CVE-2018-3898
-	RESERVED
+CVE-2018-3899 (An exploitable code execution vulnerability exists in the QR code ...)
+	TODO: check
+CVE-2018-3898 (An exploitable code execution vulnerability exists in the QR code ...)
+	TODO: check
 CVE-2018-3897 (An exploitable buffer overflow vulnerabilities exist in the ...)
 	NOT-FOR-US: Samsung
 CVE-2018-3896 (An exploitable buffer overflow vulnerabilities exist in the ...)
@@ -39928,12 +39956,12 @@ CVE-2018-3894 (An exploitable buffer overflow vulnerability exists in the ...)
 	NOT-FOR-US: Samsung
 CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3892
-	RESERVED
-CVE-2018-3891
-	RESERVED
-CVE-2018-3890
-	RESERVED
+CVE-2018-3892 (An exploitable firmware downgrade vulnerability exists in the time ...)
+	TODO: check
+CVE-2018-3891 (An exploitable firmware downgrade vulnerability exists in the firmware ...)
+	TODO: check
+CVE-2018-3890 (An exploitable code execution vulnerability exists in the firmware ...)
+	TODO: check
 CVE-2018-3889 (A specially crafted PCX image processed via the application can lead ...)
 	NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3888 (A memory corruption vulnerability exists in the PCX-parsing ...)
@@ -45839,12 +45867,12 @@ CVE-2018-1880
 	RESERVED
 CVE-2018-1879
 	RESERVED
-CVE-2018-1878
-	RESERVED
-CVE-2018-1877
-	RESERVED
-CVE-2018-1876
-	RESERVED
+CVE-2018-1878 (IBM Robotic Process Automation with Automation Anywhere 11 could ...)
+	TODO: check
+CVE-2018-1877 (IBM Robotic Process Automation with Automation Anywhere 11 could store ...)
+	TODO: check
+CVE-2018-1876 (IBM Robotic Process Automation with Automation Anywhere 11 could under ...)
+	TODO: check
 CVE-2018-1875
 	RESERVED
 CVE-2018-1874
@@ -45903,8 +45931,8 @@ CVE-2018-1848
 	RESERVED
 CVE-2018-1847
 	RESERVED
-CVE-2018-1846
-	RESERVED
+CVE-2018-1846 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 ...)
+	TODO: check
 CVE-2018-1845
 	RESERVED
 CVE-2018-1844 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML ...)
@@ -45925,8 +45953,8 @@ CVE-2018-1837
 	RESERVED
 CVE-2018-1836
 	RESERVED
-CVE-2018-1835
-	RESERVED
+CVE-2018-1835 (IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to ...)
+	TODO: check
 CVE-2018-1834
 	RESERVED
 CVE-2018-1833
@@ -46019,8 +46047,8 @@ CVE-2018-1790
 	RESERVED
 CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to ...)
 	NOT-FOR-US: IBM
-CVE-2018-1788
-	RESERVED
+CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly ...)
+	TODO: check
 CVE-2018-1787
 	RESERVED
 CVE-2018-1786
@@ -46491,8 +46519,8 @@ CVE-2018-1554 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scrip
 	NOT-FOR-US: IBM
 CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow ...)
 	NOT-FOR-US: IBM
-CVE-2018-1552
-	RESERVED
+CVE-2018-1552 (IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 ...)
+	TODO: check
 CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 ...)
 	NOT-FOR-US: IBM
 CVE-2018-1550 (IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt ...)
@@ -98614,8 +98642,8 @@ CVE-2017-1611
 	RESERVED
 CVE-2017-1610
 	RESERVED
-CVE-2017-1609
-	RESERVED
+CVE-2017-1609 (IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are ...)
+	TODO: check
 CVE-2017-1608 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...)
 	NOT-FOR-US: IBM
 CVE-2017-1607 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2f8500aaa2462df36ead8128e50189ac35144ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2f8500aaa2462df36ead8128e50189ac35144ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181102/93a6325b/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list