[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 23 21:10:32 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9ded9630 by security tracker role at 2018-10-23T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2018-18627
+ RESERVED
+CVE-2018-18626 (An issue was discovered in PHPYun V4.6. There is a vulnerability that ...)
+ TODO: check
+CVE-2018-18625
+ RESERVED
+CVE-2018-18624
+ RESERVED
+CVE-2018-18623
+ RESERVED
+CVE-2018-18622 (An issue was discovered in Waimai Super Cms 20150505. There is XSS via ...)
+ TODO: check
+CVE-2018-18621
+ RESERVED
+CVE-2018-18620
+ RESERVED
+CVE-2018-18619
+ RESERVED
+CVE-2018-18618
+ RESERVED
+CVE-2018-18617
+ RESERVED
+CVE-2018-18616
+ RESERVED
+CVE-2018-18615
+ RESERVED
+CVE-2018-18614
+ RESERVED
+CVE-2018-18613
+ RESERVED
+CVE-2018-18612
+ RESERVED
+CVE-2018-18611
+ RESERVED
+CVE-2018-18610
+ RESERVED
+CVE-2018-18609
+ RESERVED
+CVE-2018-18608 (DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined ...)
+ TODO: check
+CVE-2018-18607 (An issue was discovered in elf_link_input_bfd in elflink.c in the ...)
+ TODO: check
+CVE-2018-18606 (An issue was discovered in the merge_strings function in merge.c in the ...)
+ TODO: check
+CVE-2018-18605 (A heap-based buffer over-read issue was discovered in the function ...)
+ TODO: check
+CVE-2018-18604
+ RESERVED
+CVE-2018-18603 (360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import ...)
+ TODO: check
+CVE-2018-18602
+ RESERVED
+CVE-2018-18601
+ RESERVED
+CVE-2018-18600
+ RESERVED
+CVE-2018-18599 (Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress ...)
+ TODO: check
+CVE-2018-18598
+ RESERVED
+CVE-2018-18597
+ RESERVED
+CVE-2018-18596
+ RESERVED
+CVE-2018-18595
+ RESERVED
+CVE-2018-18594
+ RESERVED
+CVE-2018-18593
+ RESERVED
+CVE-2018-18592
+ RESERVED
+CVE-2018-18591
+ RESERVED
+CVE-2018-18590
+ RESERVED
+CVE-2018-18589 (A potential Remote Arbitrary Code Execution vulnerability has been ...)
+ TODO: check
+CVE-2018-18588
+ RESERVED
+CVE-2018-18587 (BigProf AppGini 5.70 stores the passwords in the database using the MD5 ...)
+ TODO: check
CVE-2018-18583 (An issue has been found in LuPng through 2017-03-10. It is a heap-based ...)
TODO: check
CVE-2018-18582 (An issue has been found in LuPng through 2017-03-10. It is a heap-based ...)
@@ -617,12 +699,12 @@ CVE-2018-18331
RESERVED
CVE-2018-18330
RESERVED
-CVE-2018-18329
- RESERVED
-CVE-2018-18328
- RESERVED
-CVE-2018-18327
- RESERVED
+CVE-2018-18329 (A KERedirect Untrusted Pointer Dereference Privilege Escalation ...)
+ TODO: check
+CVE-2018-18328 (A KERedirect Untrusted Pointer Dereference Privilege Escalation ...)
+ TODO: check
+CVE-2018-18327 (A KERedirect Untrusted Pointer Dereference Privilege Escalation ...)
+ TODO: check
CVE-2018-18326
RESERVED
CVE-2018-18325
@@ -4212,8 +4294,8 @@ CVE-2018-16839
RESERVED
CVE-2018-16838
RESERVED
-CVE-2018-16837
- RESERVED
+CVE-2018-16837 (Ansible "User" module leaks any data which is passed on as a parameter ...)
+ TODO: check
CVE-2018-16836 (Rubedo through 3.4.0 contains a Directory Traversal vulnerability in ...)
NOT-FOR-US: Rubedo CMS
CVE-2018-16835
@@ -7900,10 +7982,10 @@ CVE-2018-15369 (A vulnerability in the TACACS+ client subsystem of Cisco IOS Sof
NOT-FOR-US: Cisco
CVE-2018-15368 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
NOT-FOR-US: Cisco
-CVE-2018-15367
- RESERVED
-CVE-2018-15366
- RESERVED
+CVE-2018-15367 (A ctl_set KERedirect Untrusted Pointer Dereference Privilege ...)
+ TODO: check
+CVE-2018-15366 (A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation ...)
+ TODO: check
CVE-2018-15365 (A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro ...)
NOT-FOR-US: Trend Micro
CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information ...)
@@ -12714,12 +12796,12 @@ CVE-2018-13404
RESERVED
CVE-2018-13403
RESERVED
-CVE-2018-13402
- RESERVED
-CVE-2018-13401
- RESERVED
-CVE-2018-13400
- RESERVED
+CVE-2018-13402 (Many resources in Atlassian Jira before version 7.6.9, from version ...)
+ TODO: check
+CVE-2018-13401 (The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, ...)
+ TODO: check
+CVE-2018-13400 (Several administrative resources in Atlassian Jira before version ...)
+ TODO: check
CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and Crucible ...)
NOT-FOR-US: Atlassian
CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye and ...)
@@ -15195,11 +15277,9 @@ CVE-2017-18315
RESERVED
CVE-2017-18314 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18313
- RESERVED
+CVE-2017-18313 (Under certain mode of operations, HLOS may be able get direct or ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18312
- RESERVED
+CVE-2017-18312 (While accessing SafeSwitch services, third party can manipulate a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18311
RESERVED
@@ -15217,45 +15297,33 @@ CVE-2017-18307
RESERVED
CVE-2017-18306
RESERVED
-CVE-2017-18305
- RESERVED
+CVE-2017-18305 (XBL sec mem dump system call allows complete control of EL3 by ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18304
- RESERVED
+CVE-2017-18304 (Insufficient memory allocation in boot due to incorrect size being ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18303
- RESERVED
+CVE-2017-18303 (While processing the sensors registry configuration file, if inputs ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18302 (In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18301 (In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18300
- RESERVED
+CVE-2017-18300 (Secure display content could be accessed by third party trusted ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18299
- RESERVED
+CVE-2017-18299 (Improper translation table consolidation logic leads to resource ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18298
- RESERVED
+CVE-2017-18298 (Lack of Input Validation in SDMX API can lead to NULL pointer access ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18297
- RESERVED
+CVE-2017-18297 (Double memory free while closing TEE SE API Session management in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18296
- RESERVED
+CVE-2017-18296 (Access control on applications is not applied while accessing ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18295
- RESERVED
+CVE-2017-18295 (Possible buffer overflow if input is not null terminated in DSP ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18294
- RESERVED
+CVE-2017-18294 (While reading file class type from ELF header, a buffer overread may ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18293
- RESERVED
+CVE-2017-18293 (When a particular GPIO is protected by blocking access to the ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18292
- RESERVED
+CVE-2017-18292 (Secure app running in non secure space can restart TZ by calling ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-12440 (BoringSSL through 2018-06-14 allows a memory-cache side-channel attack ...)
- boringssl <itp> (bug #823933)
@@ -18418,11 +18486,9 @@ CVE-2018-11258 (In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snap
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11257 (Permissions, Privileges, and Access Controls in TA in Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18283
- RESERVED
+CVE-2017-18283 (Possible memory corruption when Read Val Blob Req is received with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18282
- RESERVED
+CVE-2017-18282 (Non-secure SW can cause SDCC to generate secure bus accesses, which ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18281
RESERVED
@@ -18435,8 +18501,7 @@ CVE-2017-18279
CVE-2017-18278
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18277
- RESERVED
+CVE-2017-18277 (When dynamic memory allocation fails, currently the process sleeps for ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18276
RESERVED
@@ -25539,8 +25604,8 @@ CVE-2018-8571
RESERVED
CVE-2018-8570
RESERVED
-CVE-2018-8569
- RESERVED
+CVE-2018-8569 (A remote code execution vulnerability exists in the Yammer desktop ...)
+ TODO: check
CVE-2018-8568
RESERVED
CVE-2018-8567
@@ -27098,8 +27163,8 @@ CVE-2018-7913
RESERVED
CVE-2018-7912
RESERVED
-CVE-2018-7911
- RESERVED
+CVE-2018-7911 (Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), ...)
+ TODO: check
CVE-2018-7910
RESERVED
CVE-2018-7909
@@ -31085,14 +31150,11 @@ CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in
CVE-2017-18173
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18172
- RESERVED
+CVE-2017-18172 (In a device, with screen size 1440x2560, the check of contiguous ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18171
- RESERVED
+CVE-2017-18171 (Improper input validation for GATT data packet received in Bluetooth ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18170
- RESERVED
+CVE-2017-18170 (Improper input validation in Bluetooth Controller function can lead to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18169 (User process can perform the kernel DOS in ashmem when doing cache ...)
- linux <not-affected> (Android-specific)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ded963024753de1e4c59b81531efc861a97d95b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ded963024753de1e4c59b81531efc861a97d95b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181023/f16afb24/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list