[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 26 21:10:49 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6f2f0dbb by security tracker role at 2018-09-26T20:10:40Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2018-17553
+ RESERVED
+CVE-2018-17552
+ RESERVED
+CVE-2018-17551
+ RESERVED
+CVE-2018-17550
+ RESERVED
+CVE-2018-17549
+ RESERVED
+CVE-2018-17548
+ RESERVED
+CVE-2018-17547
+ RESERVED
+CVE-2018-17546
+ RESERVED
+CVE-2018-17545
+ RESERVED
+CVE-2018-17544
+ RESERVED
+CVE-2018-17543
+ RESERVED
+CVE-2018-17542
+ RESERVED
+CVE-2018-17541
+ RESERVED
+CVE-2018-17540
+ RESERVED
+CVE-2018-17539
+ RESERVED
+CVE-2018-17538 (Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable ...)
+ TODO: check
CVE-2018-17537
RESERVED
CVE-2018-17536
@@ -1279,7 +1311,7 @@ CVE-2018-16958 (An issue was discovered in Oracle WebCenter Interaction Portal 1
NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16957 (The Oracle WebCenter Interaction 10.3.3 search service queryd.exe ...)
NOT-FOR-US: Oracle WebCenter Interaction
-CVE-2018-16956 (The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 ...)
+CVE-2018-16956 (The AjaxControl component of Oracle WebCenter Interaction Portal ...)
NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16955 (The login function of Oracle WebCenter Interaction Portal 10.3.3 is ...)
NOT-FOR-US: Oracle WebCenter Interaction Portal
@@ -1927,8 +1959,8 @@ CVE-2018-16674
RESERVED
CVE-2018-16673
RESERVED
-CVE-2018-16672
- RESERVED
+CVE-2018-16672 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to ...)
+ TODO: check
CVE-2018-16671 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is ...)
NOT-FOR-US: CIRCONTROL CirCarLife
CVE-2018-16670 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is ...)
@@ -2139,6 +2171,7 @@ CVE-2018-16588
NOTE: The SUSE specific patch was a first iteration of https://github.com/shadow-maint/shadow/pull/2
CVE-2018-16587 [Remote File Deletion]
RESERVED
+ {DLA-1521-1}
- otrs2 6.0.11-1
NOTE: https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01
@@ -2146,6 +2179,7 @@ CVE-2018-16587 [Remote File Deletion]
NOTE: OTRS 4: https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843
CVE-2018-16586 [Loading External Image or CSS Resources]
RESERVED
+ {DLA-1521-1}
- otrs2 6.0.11-1
NOTE: https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963
@@ -3201,12 +3235,12 @@ CVE-2018-16153
RESERVED
CVE-2018-16152
RESERVED
- {DSA-4305-1}
+ {DSA-4305-1 DLA-1522-1}
- strongswan 5.7.0-1
NOTE: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
CVE-2018-16151
RESERVED
- {DSA-4305-1}
+ {DSA-4305-1 DLA-1522-1}
- strongswan 5.7.0-1
NOTE: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
CVE-2018-16150
@@ -4570,8 +4604,8 @@ CVE-2018-15607 (In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1255
-CVE-2018-15606
- RESERVED
+CVE-2018-15606 (An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 ...)
+ TODO: check
CVE-2018-15605 (An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site ...)
- phpmyadmin <not-affected> (Vulnerable code introduced later)
NOTE: https://www.phpmyadmin.net/security/PMASA-2018-5/
@@ -6391,8 +6425,8 @@ CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the sys
NOT-FOR-US: ABB eSOMS
CVE-2018-14804
RESERVED
-CVE-2018-14803
- RESERVED
+CVE-2018-14803 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
+ TODO: check
CVE-2018-14802
RESERVED
CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all ...)
@@ -6818,9 +6852,9 @@ CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's
- python3.6 <unfixed>
- python3.5 <unfixed>
- python3.4 <removed>
- [jessie] - python3.4 <postponed> (minor issue)
+ [jessie] - python3.4 <postponed> (minor issue)
- python2.7 <unfixed>
- [jessie] - python2.7 <postponed> (minor issue)
+ [jessie] - python2.7 <postponed> (minor issue)
NOTE: https://bugs.python.org/issue34623
NOTE: master: https://github.com/python/cpython/commit/cb5778f00ce48631c7140f33ba242496aaf7102b
NOTE: 3.7: https://github.com/python/cpython/commit/470a435f3b42c9be5fdb7f7b04f3df5663ba7305
@@ -17520,16 +17554,16 @@ CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be expl
NOT-FOR-US: SEL AcSELerator Architect
CVE-2018-10607 (Martem TELEM GW6 and GWM devices with firmware ...)
NOT-FOR-US: Martem TELEM GW6 and GWM devices
-CVE-2018-10606
- RESERVED
+CVE-2018-10606 (WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based ...)
+ TODO: check
CVE-2018-10605
RESERVED
CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full access to ...)
NOT-FOR-US: SEL Compass
CVE-2018-10603 (Martem TELEM GW6 and GWM devices with firmware ...)
NOT-FOR-US: Martem TELEM GW6 and GWM devices
-CVE-2018-10602
- RESERVED
+CVE-2018-10602 (WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based ...)
+ TODO: check
CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including ...)
NOT-FOR-US: Philips
CVE-2018-10600 (SEL AcSELerator Architect version 2.2.24.0 and prior allows ...)
@@ -21973,36 +22007,36 @@ CVE-2018-8858
RESERVED
CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, ...)
NOT-FOR-US: Philips Brilliance
-CVE-2018-8856
- RESERVED
+CVE-2018-8856 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
+ TODO: check
CVE-2018-8855 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
NOT-FOR-US: Echelon
-CVE-2018-8854
- RESERVED
+CVE-2018-8854 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
+ TODO: check
CVE-2018-8853 (Philips Brilliance CT devices operate user functions from within a ...)
NOT-FOR-US: Philips Brilliance
-CVE-2018-8852
- RESERVED
+CVE-2018-8852 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. ...)
+ TODO: check
CVE-2018-8851 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
NOT-FOR-US: Echelon
-CVE-2018-8850
- RESERVED
+CVE-2018-8850 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
+ TODO: check
CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician ...)
NOT-FOR-US: Medtronic
-CVE-2018-8848
- RESERVED
+CVE-2018-8848 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
+ TODO: check
CVE-2018-8847 (Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer ...)
NOT-FOR-US: Eaton
-CVE-2018-8846
- RESERVED
+CVE-2018-8846 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
+ TODO: check
CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
NOT-FOR-US: Advantech
-CVE-2018-8844
- RESERVED
+CVE-2018-8844 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
+ TODO: check
CVE-2018-8843 (Rockwell Automation Arena versions 16.10.00 and prior contains a use ...)
NOT-FOR-US: Rockwell
-CVE-2018-8842
- RESERVED
+CVE-2018-8842 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
+ TODO: check
CVE-2018-8841 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
NOT-FOR-US: Advantech
CVE-2018-8840 (A remote attacker could send a carefully crafted packet in InduSoft ...)
@@ -24305,8 +24339,8 @@ CVE-2018-7909
RESERVED
CVE-2018-7908
RESERVED
-CVE-2018-7907
- RESERVED
+CVE-2018-7907 (Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, ...)
+ TODO: check
CVE-2018-7906 (Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), ...)
NOT-FOR-US: Huawei
CVE-2018-7905
@@ -26059,8 +26093,8 @@ CVE-2018-7357
RESERVED
CVE-2018-7356
RESERVED
-CVE-2018-7355
- RESERVED
+CVE-2018-7355 (All versions up to V1.0.0B05 of ZTE MF65 and all versions up to ...)
+ TODO: check
CVE-2018-7354
RESERVED
CVE-2018-7353
@@ -35969,8 +36003,8 @@ CVE-2018-3974
RESERVED
CVE-2018-3973
RESERVED
-CVE-2018-3972
- RESERVED
+CVE-2018-3972 (An exploitable code execution vulnerability exists in the Levin ...)
+ TODO: check
CVE-2018-3971
RESERVED
CVE-2018-3970
@@ -42115,8 +42149,8 @@ CVE-2018-1787
RESERVED
CVE-2018-1786
RESERVED
-CVE-2018-1785
- RESERVED
+CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses ...)
+ TODO: check
CVE-2018-1784
RESERVED
CVE-2018-1783
@@ -42149,8 +42183,8 @@ CVE-2018-1770
RESERVED
CVE-2018-1769
RESERVED
-CVE-2018-1768
- RESERVED
+CVE-2018-1768 (IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive ...)
+ TODO: check
CVE-2018-1767
RESERVED
CVE-2018-1766
@@ -42319,8 +42353,8 @@ CVE-2018-1685 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
TODO: check
CVE-2018-1684
RESERVED
-CVE-2018-1683
- RESERVED
+CVE-2018-1683 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
+ TODO: check
CVE-2018-1682
RESERVED
CVE-2018-1681
@@ -42465,8 +42499,8 @@ CVE-2018-1612 (IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) coul
NOT-FOR-US: IBM
CVE-2018-1611
RESERVED
-CVE-2018-1610
- RESERVED
+CVE-2018-1610 (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through ...)
+ TODO: check
CVE-2018-1609
RESERVED
CVE-2018-1608
@@ -42585,8 +42619,8 @@ CVE-2018-1552
RESERVED
CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 ...)
NOT-FOR-US: IBM
-CVE-2018-1550
- RESERVED
+CVE-2018-1550 (IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt ...)
+ TODO: check
CVE-2018-1549 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 ...)
NOT-FOR-US: IBM
CVE-2018-1548 (IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 ...)
@@ -42595,8 +42629,8 @@ CVE-2018-1547 (IBM Robotic Process Automation with Automation Anywhere 10.0 coul
NOT-FOR-US: IBM
CVE-2018-1546 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker ...)
NOT-FOR-US: IBM API Connect
-CVE-2018-1545
- RESERVED
+CVE-2018-1545 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses ...)
+ TODO: check
CVE-2018-1544 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2018-1543 (IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f2f0dbbb96dfde1591b6307815e56b4cf8a041c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f2f0dbbb96dfde1591b6307815e56b4cf8a041c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180926/4f543bc3/attachment.html>
More information about the debian-security-tracker-commits
mailing list