[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 27 20:10:43 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e6005c76 by security tracker role at 2018-11-27T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2018-19619
+ RESERVED
+CVE-2018-19618
+ RESERVED
+CVE-2018-19617
+ RESERVED
+CVE-2018-19616
+ RESERVED
+CVE-2018-19615
+ RESERVED
+CVE-2018-19614
+ RESERVED
+CVE-2018-19613
+ RESERVED
+CVE-2018-19612
+ RESERVED
+CVE-2018-19611
+ RESERVED
+CVE-2018-19610
+ RESERVED
+CVE-2018-19609 (ShowDoc 2.4.1 allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CVE-2018-19608
+ RESERVED
CVE-2019-1534
RESERVED
CVE-2019-1533
@@ -7060,8 +7084,7 @@ CVE-2018-17955
RESERVED
CVE-2018-17954
RESERVED
-CVE-2018-17953 [pam: pam_access.so doesn't properly handle ip addresses and subnets filtering]
- RESERVED
+CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rule ...)
- pam <not-affected> (Issue introduced by SUSE specific patch)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1115640
NOTE: Issue introduced by SUSE specific patch (pam-hostnames-in-access_conf.patch)
@@ -9632,6 +9655,7 @@ CVE-2018-16852 [NULL pointer de-reference in Samba AD DC DNS servers]
NOTE: https://www.samba.org/samba/security/CVE-2018-16852.html
CVE-2018-16851 [NULL pointer de-reference in Samba AD DC LDAP server]
RESERVED
+ {DSA-4345-1}
- samba 2:4.9.2+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2018-16851.html
CVE-2018-16850 (postgresql before versions 11.1, 10.6 is vulnerable to a to SQL ...)
@@ -9684,6 +9708,7 @@ CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-bas
NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
CVE-2018-16841 [Double-free in Samba AD DC KDC with PKINIT]
RESERVED
+ {DSA-4345-1}
- samba 2:4.9.2+dfsg-2
[jessie] - samba <not-affected> (Vulnerable code not present)
NOTE: https://www.samba.org/samba/security/CVE-2018-16841.html
@@ -11575,22 +11600,22 @@ CVE-2018-16098
RESERVED
CVE-2018-16097
RESERVED
-CVE-2018-16096
- RESERVED
-CVE-2018-16095
- RESERVED
-CVE-2018-16094
- RESERVED
+CVE-2018-16096 (In System Management Module (SMM) versions prior to 1.06, the SMM web ...)
+ TODO: check
+CVE-2018-16095 (In System Management Module (SMM) versions prior to 1.06, the SMM ...)
+ TODO: check
+CVE-2018-16094 (In System Management Module (SMM) versions prior to 1.06, an internal ...)
+ TODO: check
CVE-2018-16093
RESERVED
-CVE-2018-16092
- RESERVED
-CVE-2018-16091
- RESERVED
-CVE-2018-16090
- RESERVED
-CVE-2018-16089
- RESERVED
+CVE-2018-16092 (In System Management Module (SMM) versions prior to 1.06, the FFDC ...)
+ TODO: check
+CVE-2018-16091 (In System Management Module (SMM) versions prior to 1.06, the SMM ...)
+ TODO: check
+CVE-2018-16090 (In System Management Module (SMM) versions prior to 1.06, the SMM ...)
+ TODO: check
+CVE-2018-16089 (In System Management Module (SMM) versions prior to 1.06, a field in ...)
+ TODO: check
CVE-2018-16088
RESERVED
{DSA-4289-1}
@@ -15239,6 +15264,7 @@ CVE-2018-14630 (moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable
- moodle <removed>
CVE-2018-14629 [Unprivileged adding of CNAME record causing loop in AD Internal DNS server]
RESERVED
+ {DSA-4345-1}
- samba 2:4.9.2+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2018-14629.html
CVE-2018-14628
@@ -18401,8 +18427,8 @@ CVE-2018-13378
RESERVED
CVE-2018-13377
RESERVED
-CVE-2018-13376
- RESERVED
+CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 ...)
+ TODO: check
CVE-2018-13375
RESERVED
CVE-2018-13374
@@ -21527,8 +21553,8 @@ CVE-2018-12243 (The Symantec Messaging Gateway product prior to 10.6.6 may be ..
NOT-FOR-US: Symantec
CVE-2018-12242 (The Symantec Messaging Gateway product prior to 10.6.6 may be ...)
NOT-FOR-US: Symantec
-CVE-2018-12241
- RESERVED
+CVE-2018-12241 (The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is ...)
+ TODO: check
CVE-2018-12240 (The Norton Identity Safe product prior to 5.3.0.976 may be susceptible ...)
NOT-FOR-US: Norton
CVE-2018-12239
@@ -22126,8 +22152,8 @@ CVE-2018-11997
RESERVED
CVE-2018-11996
RESERVED
-CVE-2018-11995
- RESERVED
+CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-11994
RESERVED
CVE-2018-11993
@@ -22204,8 +22230,8 @@ CVE-2018-11958
RESERVED
CVE-2018-11957
RESERVED
-CVE-2018-11956
- RESERVED
+CVE-2018-11956 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-11955
RESERVED
CVE-2018-11954
@@ -22225,14 +22251,14 @@ CVE-2018-11948
RESERVED
CVE-2018-11947
RESERVED
-CVE-2018-11946
- RESERVED
+CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-11945
RESERVED
CVE-2018-11944
RESERVED
-CVE-2018-11943
- RESERVED
+CVE-2018-11943 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-11942
RESERVED
CVE-2018-11941
@@ -22279,34 +22305,34 @@ CVE-2018-11921
RESERVED
CVE-2018-11920
RESERVED
-CVE-2018-11919
- RESERVED
-CVE-2018-11918
- RESERVED
+CVE-2018-11919 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-11918 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-11917
RESERVED
CVE-2018-11916
RESERVED
CVE-2018-11915
RESERVED
-CVE-2018-11914
- RESERVED
-CVE-2018-11913
- RESERVED
-CVE-2018-11912
- RESERVED
-CVE-2018-11911
- RESERVED
-CVE-2018-11910
- RESERVED
-CVE-2018-11909
- RESERVED
-CVE-2018-11908
- RESERVED
-CVE-2018-11907
- RESERVED
-CVE-2018-11906
- RESERVED
+CVE-2018-11914 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-11913 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-11912 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-11911 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-11910 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-11909 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-11908 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-11907 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-11906 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-11905
RESERVED
CVE-2018-11904 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
@@ -22472,8 +22498,8 @@ CVE-2018-11825
RESERVED
CVE-2018-11824 (A stack-based buffer overflow can occur in a firmware routine in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11823
- RESERVED
+CVE-2018-11823 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-11822 (A possible integer overflow may happen in WLAN during memory ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11821 (Possible integer overflow may happen in WLAN during memory allocation ...)
@@ -22698,8 +22724,7 @@ CVE-2018-11768
RESERVED
CVE-2018-11767
RESERVED
-CVE-2018-11766
- RESERVED
+CVE-2018-11766 (In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is ...)
- hadoop <itp> (bug #793644)
CVE-2018-11765
RESERVED
@@ -24086,8 +24111,8 @@ CVE-2018-11268 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11267 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11266
- RESERVED
+CVE-2018-11266 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-11265 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11264
@@ -24096,11 +24121,9 @@ CVE-2018-11263 (In all Android releases (Android for MSM, Firefox OS for MSM, QR
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11262 (In Android for MSM, Firefox OS for MSM, and QRD Android with all ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11261
- RESERVED
+CVE-2018-11261 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11260
- RESERVED
+CVE-2018-11260 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11259 (Due to Improper Access Control of NAND-based EFS in Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
@@ -29871,10 +29894,10 @@ CVE-2018-9086 (In some Lenovo ThinkServer-branded servers, a command injection .
NOT-FOR-US: Lenovo
CVE-2018-9085 (A write protection lock bit was left unset after boot on an older ...)
NOT-FOR-US: IBM
-CVE-2018-9084
- RESERVED
-CVE-2018-9083
- RESERVED
+CVE-2018-9084 (In System Management Module (SMM) versions prior to 1.06, if an ...)
+ TODO: check
+CVE-2018-9083 (In System Management Module (SMM) versions prior to 1.06, the SMM ...)
+ TODO: check
CVE-2018-9082 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
NOT-FOR-US: Lenovo
CVE-2018-9081 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
@@ -35793,8 +35816,8 @@ CVE-2018-6985
RESERVED
CVE-2018-6984
RESERVED
-CVE-2018-6983
- RESERVED
+CVE-2018-6983 (VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and ...)
+ TODO: check
CVE-2018-6982
RESERVED
NOT-FOR-US: VMware
@@ -38096,14 +38119,14 @@ CVE-2018-6268
RESERVED
CVE-2018-6267
RESERVED
-CVE-2018-6266
- RESERVED
-CVE-2018-6265
- RESERVED
+CVE-2018-6266 (NVIDIA GeForce Experience contains a vulnerability in all versions ...)
+ TODO: check
+CVE-2018-6265 (NVIDIA GeForce Experience contains a vulnerability in all versions ...)
+ TODO: check
CVE-2018-6264
RESERVED
-CVE-2018-6263
- RESERVED
+CVE-2018-6263 (NVIDIA GeForce Experience contains a vulnerability in all versions ...)
+ TODO: check
CVE-2018-6262 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when ...)
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6261 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when ...)
@@ -39477,8 +39500,8 @@ CVE-2018-5921 (A potential security vulnerability has been identified with certa
NOT-FOR-US: HP printers
CVE-2018-5920
RESERVED
-CVE-2018-5919
- RESERVED
+CVE-2018-5919 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-5918
RESERVED
CVE-2018-5917
@@ -39495,20 +39518,20 @@ CVE-2018-5912
RESERVED
CVE-2018-5911
RESERVED
-CVE-2018-5910
- RESERVED
-CVE-2018-5909
- RESERVED
-CVE-2018-5908
- RESERVED
+CVE-2018-5910 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-5909 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
+CVE-2018-5908 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-5907 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5906
- RESERVED
+CVE-2018-5906 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-5905 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5904
- RESERVED
+CVE-2018-5904 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-5903
RESERVED
CVE-2018-5902
@@ -39596,8 +39619,8 @@ CVE-2018-5863 (If userspace provides a too-large WPA RSN IE length in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5862 (In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5861
- RESERVED
+CVE-2018-5861 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-5860 (In the MDSS driver in all Android releases(Android for MSM, Firefox OS ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5859 (Due to a race condition in the MDSS MDP driver in all Android releases ...)
@@ -39606,8 +39629,8 @@ CVE-2018-5858 (In the audio debugfs in all Android releases from CAF using the L
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5857 (In the WCD CPE codec, a Use After Free condition can occur in all ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5856
- RESERVED
+CVE-2018-5856 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-5855 (While padding or shrinking a nested wmi packet in all Android releases ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all Android ...)
@@ -42584,7 +42607,7 @@ CVE-2018-4850 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) C
NOT-FOR-US: SIMATIC
CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video for ...)
NOT-FOR-US: Siveillance VMS Video
-CVE-2018-4848 (A vulnerability has been identified in SCALANCE X-200 IRT (All ...)
+CVE-2018-4848 (A vulnerability has been identified in SCALANCE X-200 (All versions < ...)
NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS ...)
NOT-FOR-US: SIMATIC WinCC OA Operator iOS App
@@ -75153,8 +75176,8 @@ CVE-2017-11080 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11079 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11078
- RESERVED
+CVE-2017-11078 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2017-11077
RESERVED
CVE-2017-11076
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e6005c76e91b52aa0ef2b8513557d9ec367002d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e6005c76e91b52aa0ef2b8513557d9ec367002d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181127/cce9d6dc/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list