[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 29 20:10:35 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc4cb7e0 by security tracker role at 2018-10-29T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1027,8 +1027,8 @@ CVE-2018-18389 (Due to incorrect access control in Neo4j Enterprise Database Ser
NOT-FOR-US: Neo4J server
CVE-2018-18388
RESERVED
-CVE-2018-18387
- RESERVED
+CVE-2018-18387 (playSMS through 1.4.2 allows Privilege Escalation through Daemon ...)
+ TODO: check
CVE-2018-18386 (drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local ...)
- linux 4.14.12-1
[stretch] - linux 4.9.82-1+deb9u1
@@ -2308,12 +2308,12 @@ CVE-2018-17912
RESERVED
CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based ...)
NOT-FOR-US: LAquis SCADA
-CVE-2018-17910
- RESERVED
+CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to properly ...)
+ TODO: check
CVE-2018-17909
RESERVED
-CVE-2018-17908
- RESERVED
+CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the ...)
+ TODO: check
CVE-2018-17907
RESERVED
CVE-2018-17906
@@ -17288,68 +17288,64 @@ CVE-2018-11886 (In all android releases (Android for MSM, Firefox OS for MSM, QR
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11885
RESERVED
-CVE-2018-11884
- RESERVED
+CVE-2018-11884 (Improper input validation leads to buffer overflow while processing ...)
+ TODO: check
CVE-2018-11883 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11882
- RESERVED
+CVE-2018-11882 (Incorrect bound check can lead to potential buffer overwrite in WLAN ...)
+ TODO: check
CVE-2018-11881
RESERVED
-CVE-2018-11880
- RESERVED
-CVE-2018-11879
- RESERVED
+CVE-2018-11880 (Incorrect bound check can lead to potential buffer overwrite in WLAN ...)
+ TODO: check
+CVE-2018-11879 (When the buffer length passed is very large, bounds check could be ...)
+ TODO: check
CVE-2018-11878 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11877
- RESERVED
-CVE-2018-11876
- RESERVED
-CVE-2018-11875
- RESERVED
-CVE-2018-11874
- RESERVED
-CVE-2018-11873
- RESERVED
-CVE-2018-11872
- RESERVED
-CVE-2018-11871
- RESERVED
-CVE-2018-11870
- RESERVED
+CVE-2018-11877 (When the buffer length passed is very large in WLAN, bounds check ...)
+ TODO: check
+CVE-2018-11876 (Lack of input validation while copying to buffer in WLAN will lead to ...)
+ TODO: check
+CVE-2018-11875 (Lack of check of buffer size before copying in a WLAN function can ...)
+ TODO: check
+CVE-2018-11874 (Buffer overflow if the length of passphrase is more than 32 when ...)
+ TODO: check
+CVE-2018-11873 (Improper input validation leads to buffer overwrite in the WLAN ...)
+ TODO: check
+CVE-2018-11872 (Improper input validation leads to buffer overwrite in the WLAN ...)
+ TODO: check
+CVE-2018-11871 (Buffer overwrite can happen in WLAN function while processing set pdev ...)
+ TODO: check
+CVE-2018-11870 (Buffer overwrite can occur when the legacy rates count received from ...)
+ TODO: check
CVE-2018-11869 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11868 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11867
- RESERVED
-CVE-2018-11866
- RESERVED
+CVE-2018-11867 (Lack of buffer length check before copying in WLAN function while ...)
+ TODO: check
+CVE-2018-11866 (Integer overflow may happen in WLAN when calculating an internal ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11865
- RESERVED
+CVE-2018-11865 (Integer overflow may happen when calculating an internal structure ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11864
RESERVED
CVE-2018-11863 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11862
- RESERVED
-CVE-2018-11861
- RESERVED
+CVE-2018-11862 (Buffer overflow can happen in WLAN module due to lack of validation of ...)
+ TODO: check
+CVE-2018-11861 (Buffer overflow can happen in WLAN function due to lack of validation ...)
+ TODO: check
CVE-2018-11860 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11859
- RESERVED
-CVE-2018-11858
- RESERVED
+CVE-2018-11859 (Buffer overwrite can happen in WLAN due to lack of validation of the ...)
+ TODO: check
+CVE-2018-11858 (When processing IE set command, buffer overwrite may occur due to lack ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11857
- RESERVED
+CVE-2018-11857 (Improper input validation in WLAN encrypt/decrypt module can lead to a ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11856
- RESERVED
+CVE-2018-11856 (Improper input validation leads to buffer overwrite in the WLAN ...)
+ TODO: check
CVE-2018-11855
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -19049,8 +19045,7 @@ CVE-2017-18283 (Possible memory corruption when Read Val Blob Req is received wi
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18282 (Non-secure SW can cause SDCC to generate secure bus accesses, which ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18281
- RESERVED
+CVE-2017-18281 (A bool variable in Video function, which gets typecasted to int before ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18280 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, ...)
NOT-FOR-US: Qualcomm components for Android
@@ -19776,7 +19771,7 @@ CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM g
- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
NOTE: https://xenbits.xen.org/xsa/advisory-261.html
CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
- {DSA-4201-1 DLA-1383-1}
+ {DSA-4201-1 DLA-1559-1 DLA-1383-1}
- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
NOTE: https://xenbits.xen.org/xsa/advisory-262.html
CVE-2018-10980
@@ -21397,7 +21392,7 @@ CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV gu
[wheezy] - xen <not-affected> (Regression for XSA-254 which was not applied in wheezy)
NOTE: https://xenbits.xen.org/xsa/advisory-259.html
CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
- {DSA-4201-1}
+ {DSA-4201-1 DLA-1559-1}
- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
[wheezy] - xen <not-affected> (No QMP support in wheezy)
NOTE: https://xenbits.xen.org/xsa/advisory-258.html
@@ -45748,10 +45743,10 @@ CVE-2018-1769
RESERVED
CVE-2018-1768 (IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive ...)
NOT-FOR-US: IBM
-CVE-2018-1767
- RESERVED
-CVE-2018-1766
- RESERVED
+CVE-2018-1767 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor ...)
+ TODO: check
+CVE-2018-1766 (IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are ...)
+ TODO: check
CVE-2018-1765
RESERVED
CVE-2018-1764
@@ -46522,8 +46517,8 @@ CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. Th
NOT-FOR-US: IBM API Connect
CVE-2018-1381
RESERVED
-CVE-2018-1380
- RESERVED
+CVE-2018-1380 (IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, ...)
+ TODO: check
CVE-2018-1379
RESERVED
CVE-2018-1378
@@ -49835,8 +49830,7 @@ CVE-2018-0737 (The OpenSSL RSA Key generation algorithm has been shown to be ...
NOTE: https://eprint.iacr.org/2018/367
CVE-2018-0736
RESERVED
-CVE-2018-0735 [Timing vulnerability in ECDSA signature generation]
- RESERVED
+CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be vulnerable ...)
- openssl <unfixed>
- openssl1.0 <unfixed>
NOTE: https://www.openssl.org/news/secadv/20181029.txt
@@ -50037,11 +50031,11 @@ CVE-2017-17028 (A buffer overflow vulnerability in external device function in Q
CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS version ...)
NOT-FOR-US: QNAP QTS
CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS ...)
- {DSA-4050-1 DLA-1230-1}
+ {DSA-4050-1 DLA-1559-1 DLA-1230-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-247.html
CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS ...)
- {DSA-4050-1 DLA-1230-1}
+ {DSA-4050-1 DLA-1559-1 DLA-1230-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-246.html
CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform ...)
@@ -56879,16 +56873,16 @@ CVE-2017-15291 (Cross-site scripting (XSS) vulnerability in the Wireless MAC Fil
CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before ...)
NOT-FOR-US: Mirasys Video Management System
CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest ...)
- {DSA-4050-1}
+ {DSA-4050-1 DLA-1559-1}
- xen 4.8.2+xsa245-0+deb9u1
[wheezy] - xen <ignored> (minor issue)
NOTE: https://xenbits.xen.org/xsa/advisory-244.html
CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
- {DSA-4050-1 DLA-1181-1}
+ {DSA-4050-1 DLA-1559-1 DLA-1181-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-243.html
CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
- {DSA-4050-1 DLA-1181-1}
+ {DSA-4050-1 DLA-1559-1 DLA-1181-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-242.html
CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
@@ -56896,7 +56890,7 @@ CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV gue
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-241.html
CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
- {DSA-4050-1 DLA-1181-1}
+ {DSA-4050-1 DLA-1559-1 DLA-1181-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-240.html
CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc4cb7e012ce876d5b6574ab2ee291b3c0c43580
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc4cb7e012ce876d5b6574ab2ee291b3c0c43580
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181029/b93fd697/attachment.html>
More information about the debian-security-tracker-commits
mailing list