Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7ea636f4 by security tracker role at 2018-03-22T21:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,67 @@ +CVE-2018-8941 + RESERVED +CVE-2018-8940 + RESERVED +CVE-2018-8939 + RESERVED +CVE-2018-8938 + RESERVED +CVE-2018-8937 + RESERVED +CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...) + TODO: check +CVE-2018-8935 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, ...) + TODO: check +CVE-2018-8934 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, ...) + TODO: check +CVE-2018-8933 (The AMD EPYC Server processor chips have insufficient access control ...) + TODO: check +CVE-2018-8932 (The AMD Ryzen and Ryzen Pro processor chips have insufficient access ...) + TODO: check +CVE-2018-8931 (The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have ...) + TODO: check +CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...) + TODO: check +CVE-2018-8929 + RESERVED +CVE-2018-8928 + RESERVED +CVE-2018-8927 + RESERVED +CVE-2018-8926 + RESERVED +CVE-2018-8925 + RESERVED +CVE-2018-8924 + RESERVED +CVE-2018-8923 + RESERVED +CVE-2018-8922 + RESERVED +CVE-2018-8921 + RESERVED +CVE-2018-8920 + RESERVED +CVE-2018-8919 + RESERVED +CVE-2018-8918 + RESERVED +CVE-2018-8917 + RESERVED +CVE-2018-8916 + RESERVED +CVE-2018-8915 + RESERVED +CVE-2018-8914 + RESERVED +CVE-2018-8913 + RESERVED +CVE-2018-8912 + RESERVED +CVE-2018-8911 + RESERVED +CVE-2018-8910 + RESERVED CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...) NOT-FOR-US: Wire application for Android CVE-2018-8908 @@ -2865,6 +2929,7 @@ CVE-2018-7669 CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read arbitrary ...) NOT-FOR-US: TestLink CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...) + {DLA-1311-1} - adminer 4.5.0-1 (bug #893668) [stretch] - adminer <no-dsa> (Minor issue, issue can be mitigated by upfront application firewalling) [jessie] - adminer <no-dsa> (Minor issue, issue can be mitigated by upfront application firewalling) @@ -3376,48 +3441,48 @@ CVE-2018-7534 RESERVED CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in OSIsoft PI ...) NOT-FOR-US: OSIsoft PI -CVE-2018-7532 - RESERVED +CVE-2018-7532 (Unauthentication vulnerabilities have been identified in Geutebruck ...) + TODO: check CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI Data ...) NOT-FOR-US: OSIsoft PI CVE-2018-7530 RESERVED CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in OSIsoft PI ...) NOT-FOR-US: OSIsoft PI -CVE-2018-7528 - RESERVED +CVE-2018-7528 (An SQL injection vulnerability has been identified in Geutebruck ...) + TODO: check CVE-2018-7527 RESERVED CVE-2018-7526 RESERVED CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...) NOT-FOR-US: Omron CX-Supervisor -CVE-2018-7524 - RESERVED +CVE-2018-7524 (A cross-site request forgery vulnerability has been identified in ...) + TODO: check CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7522 RESERVED CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free ...) NOT-FOR-US: Omron CX-Supervisor -CVE-2018-7520 - RESERVED +CVE-2018-7520 (An improper access control vulnerability has been identified in ...) + TODO: check CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7518 RESERVED CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) NOT-FOR-US: Omron CX-Supervisor -CVE-2018-7516 - RESERVED +CVE-2018-7516 (A server-side request forgery vulnerability has been identified in ...) + TODO: check CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7514 RESERVED CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) NOT-FOR-US: Omron CX-Supervisor -CVE-2018-7512 - RESERVED +CVE-2018-7512 (A cross-site scripting vulnerability has been identified in Geutebruck ...) + TODO: check CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases ...) NOT-FOR-US: Eaton ELCSoft CVE-2018-7510 @@ -6550,8 +6615,8 @@ CVE-2017-18096 RESERVED CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before version ...) NOT-FOR-US: Atlassian Crucible -CVE-2017-18094 - RESERVED +CVE-2017-18094 (Various resources in Atlassian Fisheye and Crucible before version ...) + TODO: check CVE-2017-18093 (Various resources in Atlassian Fisheye and Crucible before version ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2017-18092 (The print snippet resource in Atlassian Crucible before version 4.4.3 ...) @@ -8737,8 +8802,8 @@ CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds NOTE: https://curl.haxx.se/docs/adv_2018-824a.html NOTE: Introduced by: https://github.com/curl/curl/commit/0761a51ee0551ad9e5 NOTE: Patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch -CVE-2018-5731 - RESERVED +CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning ...) + TODO: check CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission ...) - krb5 <unfixed> (bug #891869) NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 @@ -9261,22 +9326,22 @@ CVE-2018-5511 RESERVED CVE-2018-5510 RESERVED -CVE-2018-5509 - RESERVED +CVE-2018-5509 (On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically ...) + TODO: check CVE-2018-5508 RESERVED CVE-2018-5507 RESERVED CVE-2018-5506 RESERVED -CVE-2018-5505 - RESERVED -CVE-2018-5504 - RESERVED -CVE-2018-5503 - RESERVED -CVE-2018-5502 - RESERVED +CVE-2018-5505 (On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both ...) + TODO: check +CVE-2018-5504 (In some circumstances, the Traffic Management Microkernel (TMM) does ...) + TODO: check +CVE-2018-5503 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may ...) + TODO: check +CVE-2018-5502 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to ...) + TODO: check CVE-2018-5501 (In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - ...) NOT-FOR-US: F5 BIG-IP CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - ...) @@ -9635,8 +9700,8 @@ CVE-2018-5351 RESERVED CVE-2018-5350 RESERVED -CVE-2018-5349 - RESERVED +CVE-2018-5349 (A vulnerability has been found in Heimdal PRO v2.2.190, but it is most ...) + TODO: check CVE-2018-5348 RESERVED CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has unauthenticated ...) @@ -10023,8 +10088,8 @@ CVE-2018-5227 RESERVED CVE-2018-5226 RESERVED -CVE-2018-5225 - RESERVED +CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 ...) + TODO: check CVE-2018-5224 RESERVED CVE-2018-5223 @@ -19272,8 +19337,8 @@ CVE-2018-1450 RESERVED CVE-2018-1449 RESERVED -CVE-2018-1448 - RESERVED +CVE-2018-1448 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 ...) + TODO: check CVE-2018-1447 RESERVED CVE-2018-1446 @@ -19312,12 +19377,12 @@ CVE-2018-1430 RESERVED CVE-2018-1429 RESERVED -CVE-2018-1428 - RESERVED -CVE-2018-1427 - RESERVED -CVE-2018-1426 - RESERVED +CVE-2018-1428 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...) + TODO: check +CVE-2018-1427 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...) + TODO: check +CVE-2018-1426 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...) + TODO: check CVE-2018-1425 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker ...) NOT-FOR-US: IBM Security Guardium Big Data Intelligence CVE-2018-1424 @@ -20500,11 +20565,11 @@ CVE-2018-1212 CVE-2018-1211 RESERVED CVE-2018-1210 - RESERVED + REJECTED CVE-2018-1209 - RESERVED + REJECTED CVE-2018-1208 - RESERVED + REJECTED CVE-2018-1207 RESERVED CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and ...) @@ -22920,8 +22985,8 @@ CVE-2018-0554 RESERVED CVE-2018-0553 RESERVED -CVE-2018-0552 - RESERVED +CVE-2018-0552 (Untrusted search path vulnerability in The installer of PhishWall ...) + TODO: check CVE-2018-0551 RESERVED CVE-2018-0550 @@ -22940,24 +23005,24 @@ CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier NOT-FOR-US: WinShot CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier ...) NOT-FOR-US: Jtrim installer -CVE-2018-0542 - RESERVED -CVE-2018-0541 - RESERVED -CVE-2018-0540 - RESERVED -CVE-2018-0539 - RESERVED -CVE-2018-0538 - RESERVED -CVE-2018-0537 - RESERVED -CVE-2018-0536 - RESERVED -CVE-2018-0535 - RESERVED -CVE-2018-0534 - RESERVED +CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8 allows an ...) + TODO: check +CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to ...) + TODO: check +CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 allows ...) + TODO: check +CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary ...) + TODO: check +CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an ...) + TODO: check +CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an ...) + TODO: check +CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an ...) + TODO: check +CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows ...) + TODO: check +CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an ...) + TODO: check CVE-2018-0533 RESERVED CVE-2018-0532 @@ -25103,10 +25168,10 @@ CVE-2017-16774 RESERVED CVE-2017-16773 RESERVED -CVE-2017-16772 - RESERVED -CVE-2017-16771 - RESERVED +CVE-2017-16772 (Improper input validation vulnerability in ...) + TODO: check +CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in Synology ...) + TODO: check CVE-2017-16770 (File and directory information exposure vulnerability in ...) NOT-FOR-US: Synology Surveillance Station CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer in ...) @@ -26455,8 +26520,8 @@ CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Bui NOT-FOR-US: OctoberCMS CVE-2017-16243 RESERVED -CVE-2017-16242 - RESERVED +CVE-2017-16242 (An issue was discovered on MECO USB Memory Stick with Fingerprint ...) + TODO: check CVE-2017-1000384 REJECTED CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...) @@ -41392,6 +41457,7 @@ CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0 CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis ...) + {DSA-4113-1} - libvorbis 1.3.5-4.1 (low; bug #870341) [jessie] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream) NOTE: http://seclists.org/fulldisclosure/2017/Jul/82 @@ -70360,10 +70426,10 @@ CVE-2017-1791 RESERVED CVE-2017-1790 RESERVED -CVE-2017-1789 - RESERVED -CVE-2017-1788 - RESERVED +CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an ...) + TODO: check +CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form Login ...) + TODO: check CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed ...) NOT-FOR-US: IBM Publishing Engine CVE-2017-1786 @@ -70584,8 +70650,8 @@ CVE-2017-1679 RESERVED CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) NOT-FOR-US: IBM -CVE-2017-1677 - RESERVED +CVE-2017-1677 (IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and ...) + TODO: check CVE-2017-1676 RESERVED CVE-2017-1675 @@ -70796,8 +70862,8 @@ CVE-2017-1573 RESERVED CVE-2017-1572 RESERVED -CVE-2017-1571 - RESERVED +CVE-2017-1571 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) + TODO: check CVE-2017-1570 (IBM Jazz Foundation products could allow an authenticated user to ...) NOT-FOR-US: IBM CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified ...) @@ -72072,14 +72138,14 @@ CVE-2017-0937 RESERVED CVE-2017-0936 RESERVED -CVE-2017-0935 - RESERVED -CVE-2017-0934 - RESERVED -CVE-2017-0933 - RESERVED -CVE-2017-0932 - RESERVED +CVE-2017-0935 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an ...) + TODO: check +CVE-2017-0934 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an ...) + TODO: check +CVE-2017-0933 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a ...) + TODO: check +CVE-2017-0932 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an ...) + TODO: check CVE-2017-0931 RESERVED CVE-2017-0930 @@ -72114,8 +72180,8 @@ CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an ...) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0921 RESERVED -CVE-2017-0920 - RESERVED +CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...) + TODO: check CVE-2017-0919 RESERVED CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path ...) @@ -72347,8 +72413,8 @@ CVE-2016-9713 RESERVED CVE-2016-9712 RESERVED -CVE-2016-9711 - RESERVED +CVE-2016-9711 (IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) ...) + TODO: check CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow a ...) NOT-FOR-US: IBM CVE-2016-9709 @@ -82286,11 +82352,11 @@ CVE-2016-7115 (Buffer overflow in the handle_packet function in mactelnet.c in t - mactelnet 0.4.4-4 (bug #836320) [jessie] - mactelnet <no-dsa> (Minor issue, can be fixed via point release) NOTE: https://github.com/haakonnessjoen/MAC-Telnet/commit/b69d11727d4f0f8cf719c79e3fb700f55ca03e9a -CVE-2016-7114 (The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4 and ...) +CVE-2016-7114 (A vulnerability has been identified in Firmware variant PROFINET IO ...) NOT-FOR-US: Siemens -CVE-2016-7113 (The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4 and ...) +CVE-2016-7113 (A vulnerability has been identified in Firmware variant PROFINET IO ...) NOT-FOR-US: Siemens -CVE-2016-7112 (The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4 and ...) +CVE-2016-7112 (A vulnerability has been identified in Firmware variant PROFINET IO ...) NOT-FOR-US: Siemens CVE-2015-8960 (The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, ...) NOTE: Vulnerability "in the TLS documentation", not assigned to a specific source/implentation @@ -90760,9 +90826,9 @@ CVE-2014-9774 RESERVED CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java ...) NOT-FOR-US: SAP -CVE-2016-4785 (The integrated web server in the EN100 Ethernet module before 4.27 on ...) +CVE-2016-4785 (A vulnerability has been identified in Firmware variant PROFINET IO ...) NOT-FOR-US: Siemens -CVE-2016-4784 (The integrated web server in the EN100 Ethernet module before 4.27 on ...) +CVE-2016-4784 (A vulnerability has been identified in firmware variant PROFINET IO ...) NOT-FOR-US: Siemens CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before ...) NOT-FOR-US: Lenovo @@ -103820,7 +103886,7 @@ CVE-2016-0747 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does n NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html NOTE: https://github.com/nginx/nginx/commit/4016e6b1da4fbf9c45963211791be124cd7ffb8f (release-1.9.10) NOTE: https://github.com/nginx/nginx/commit/fe89d99796d42b86816e17d9c87ab16964768024 (release-1.9.10) -CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx before 1.8.1 and ...) +CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx 0.6.18 through ...) {DSA-3473-1} - nginx 1.9.10-1 (bug #812806) [squeeze] - nginx <not-affected> (Vulnerable code not present) @@ -114630,7 +114696,7 @@ CVE-2015-5376 (SQL injection vulnerability in the login form in GSI WiNPAT Porta NOT-FOR-US: GSI WiNPAT Portal CVE-2015-5375 (Cross-site scripting (XSS) vulnerability in unspecified dialogs for ...) NOT-FOR-US: Open-Xchange -CVE-2015-5374 (The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and ...) +CVE-2015-5374 (A vulnerability has been identified in Firmware variant PROFINET IO ...) NOT-FOR-US: Siemens CVE-2015-5373 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ea636f4c09ec8208522e20ca3c4a9beca4cd740 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ea636f4c09ec8208522e20ca3c4a9beca4cd740 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits