Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ea636f4 by security tracker role at 2018-03-22T21:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,67 @@
+CVE-2018-8941
+ RESERVED
+CVE-2018-8940
+ RESERVED
+CVE-2018-8939
+ RESERVED
+CVE-2018-8938
+ RESERVED
+CVE-2018-8937
+ RESERVED
+CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile
processor chips ...)
+ TODO: check
+CVE-2018-8935 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro
platforms, ...)
+ TODO: check
+CVE-2018-8934 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro
platforms, ...)
+ TODO: check
+CVE-2018-8933 (The AMD EPYC Server processor chips have insufficient access
control ...)
+ TODO: check
+CVE-2018-8932 (The AMD Ryzen and Ryzen Pro processor chips have insufficient
access ...)
+ TODO: check
+CVE-2018-8931 (The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have
...)
+ TODO: check
+CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile
processor chips ...)
+ TODO: check
+CVE-2018-8929
+ RESERVED
+CVE-2018-8928
+ RESERVED
+CVE-2018-8927
+ RESERVED
+CVE-2018-8926
+ RESERVED
+CVE-2018-8925
+ RESERVED
+CVE-2018-8924
+ RESERVED
+CVE-2018-8923
+ RESERVED
+CVE-2018-8922
+ RESERVED
+CVE-2018-8921
+ RESERVED
+CVE-2018-8920
+ RESERVED
+CVE-2018-8919
+ RESERVED
+CVE-2018-8918
+ RESERVED
+CVE-2018-8917
+ RESERVED
+CVE-2018-8916
+ RESERVED
+CVE-2018-8915
+ RESERVED
+CVE-2018-8914
+ RESERVED
+CVE-2018-8913
+ RESERVED
+CVE-2018-8912
+ RESERVED
+CVE-2018-8911
+ RESERVED
+CVE-2018-8910
+ RESERVED
CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows
attackers to ...)
NOT-FOR-US: Wire application for Android
CVE-2018-8908
@@ -2865,6 +2929,7 @@ CVE-2018-7669
CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read
arbitrary ...)
NOT-FOR-US: TestLink
CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
+ {DLA-1311-1}
- adminer 4.5.0-1 (bug #893668)
[stretch] - adminer <no-dsa> (Minor issue, issue can be mitigated by
upfront application firewalling)
[jessie] - adminer <no-dsa> (Minor issue, issue can be mitigated by
upfront application firewalling)
@@ -3376,48 +3441,48 @@ CVE-2018-7534
RESERVED
CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in
OSIsoft PI ...)
NOT-FOR-US: OSIsoft PI
-CVE-2018-7532
- RESERVED
+CVE-2018-7532 (Unauthentication vulnerabilities have been identified in
Geutebruck ...)
+ TODO: check
CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI
Data ...)
NOT-FOR-US: OSIsoft PI
CVE-2018-7530
RESERVED
CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in
OSIsoft PI ...)
NOT-FOR-US: OSIsoft PI
-CVE-2018-7528
- RESERVED
+CVE-2018-7528 (An SQL injection vulnerability has been identified in
Geutebruck ...)
+ TODO: check
CVE-2018-7527
RESERVED
CVE-2018-7526
RESERVED
CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7524
- RESERVED
+CVE-2018-7524 (A cross-site request forgery vulnerability has been identified
in ...)
+ TODO: check
CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7522
RESERVED
CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free
...)
NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7520
- RESERVED
+CVE-2018-7520 (An improper access control vulnerability has been identified in
...)
+ TODO: check
CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7518
RESERVED
CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7516
- RESERVED
+CVE-2018-7516 (A server-side request forgery vulnerability has been identified
in ...)
+ TODO: check
CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...)
NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7514
RESERVED
CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7512
- RESERVED
+CVE-2018-7512 (A cross-site scripting vulnerability has been identified in
Geutebruck ...)
+ TODO: check
CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple
cases ...)
NOT-FOR-US: Eaton ELCSoft
CVE-2018-7510
@@ -6550,8 +6615,8 @@ CVE-2017-18096
RESERVED
CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before
version ...)
NOT-FOR-US: Atlassian Crucible
-CVE-2017-18094
- RESERVED
+CVE-2017-18094 (Various resources in Atlassian Fisheye and Crucible before
version ...)
+ TODO: check
CVE-2017-18093 (Various resources in Atlassian Fisheye and Crucible before
version ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18092 (The print snippet resource in Atlassian Crucible before
version 4.4.3 ...)
@@ -8737,8 +8802,8 @@ CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0
contains an out bounds
NOTE: https://curl.haxx.se/docs/adv_2018-824a.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/0761a51ee0551ad9e5
NOTE: Patch:
https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch
-CVE-2018-5731
- RESERVED
+CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the
scanning ...)
+ TODO: check
CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with
permission ...)
- krb5 <unfixed> (bug #891869)
NOTE: Fixed by:
https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
@@ -9261,22 +9326,22 @@ CVE-2018-5511
RESERVED
CVE-2018-5510
RESERVED
-CVE-2018-5509
- RESERVED
+CVE-2018-5509 (On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a
specifically ...)
+ TODO: check
CVE-2018-5508
RESERVED
CVE-2018-5507
RESERVED
CVE-2018-5506
RESERVED
-CVE-2018-5505
- RESERVED
-CVE-2018-5504
- RESERVED
-CVE-2018-5503
- RESERVED
-CVE-2018-5502
- RESERVED
+CVE-2018-5505 (On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are
both ...)
+ TODO: check
+CVE-2018-5504 (In some circumstances, the Traffic Management Microkernel (TMM)
does ...)
+ TODO: check
+CVE-2018-5503 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1,
TMM may ...)
+ TODO: check
+CVE-2018-5502 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able
to ...)
+ TODO: check
CVE-2018-5501 (In some circumstances, on F5 BIG-IP systems running 13.0.0,
12.1.0 - ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or
11.6.1 - ...)
@@ -9635,8 +9700,8 @@ CVE-2018-5351
RESERVED
CVE-2018-5350
RESERVED
-CVE-2018-5349
- RESERVED
+CVE-2018-5349 (A vulnerability has been found in Heimdal PRO v2.2.190, but it
is most ...)
+ TODO: check
CVE-2018-5348
RESERVED
CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has
unauthenticated ...)
@@ -10023,8 +10088,8 @@ CVE-2018-5227
RESERVED
CVE-2018-5226
RESERVED
-CVE-2018-5225
- RESERVED
+CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version
4.13.0 ...)
+ TODO: check
CVE-2018-5224
RESERVED
CVE-2018-5223
@@ -19272,8 +19337,8 @@ CVE-2018-1450
RESERVED
CVE-2018-1449
RESERVED
-CVE-2018-1448
- RESERVED
+CVE-2018-1448 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1
...)
+ TODO: check
CVE-2018-1447
RESERVED
CVE-2018-1446
@@ -19312,12 +19377,12 @@ CVE-2018-1430
RESERVED
CVE-2018-1429
RESERVED
-CVE-2018-1428
- RESERVED
-CVE-2018-1427
- RESERVED
-CVE-2018-1426
- RESERVED
+CVE-2018-1428 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,
and ...)
+ TODO: check
+CVE-2018-1427 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,
and ...)
+ TODO: check
+CVE-2018-1426 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,
and ...)
+ TODO: check
CVE-2018-1425 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses
weaker ...)
NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1424
@@ -20500,11 +20565,11 @@ CVE-2018-1212
CVE-2018-1211
RESERVED
CVE-2018-1210
- RESERVED
+ REJECTED
CVE-2018-1209
- RESERVED
+ REJECTED
CVE-2018-1208
- RESERVED
+ REJECTED
CVE-2018-1207
RESERVED
CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch
159 and ...)
@@ -22920,8 +22985,8 @@ CVE-2018-0554
RESERVED
CVE-2018-0553
RESERVED
-CVE-2018-0552
- RESERVED
+CVE-2018-0552 (Untrusted search path vulnerability in The installer of
PhishWall ...)
+ TODO: check
CVE-2018-0551
RESERVED
CVE-2018-0550
@@ -22940,24 +23005,24 @@ CVE-2018-0544 (Untrusted search path vulnerability in
WinShot 1.53a and earlier
NOT-FOR-US: WinShot
CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier
...)
NOT-FOR-US: Jtrim installer
-CVE-2018-0542
- RESERVED
-CVE-2018-0541
- RESERVED
-CVE-2018-0540
- RESERVED
-CVE-2018-0539
- RESERVED
-CVE-2018-0538
- RESERVED
-CVE-2018-0537
- RESERVED
-CVE-2018-0536
- RESERVED
-CVE-2018-0535
- RESERVED
-CVE-2018-0534
- RESERVED
+CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8
allows an ...)
+ TODO: check
+CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker
to ...)
+ TODO: check
+CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0
allows ...)
+ TODO: check
+CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute
arbitrary ...)
+ TODO: check
+CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24
allows an ...)
+ TODO: check
+CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24
allows an ...)
+ TODO: check
+CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24
allows an ...)
+ TODO: check
+CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c
allows ...)
+ TODO: check
+CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5
allows an ...)
+ TODO: check
CVE-2018-0533
RESERVED
CVE-2018-0532
@@ -25103,10 +25168,10 @@ CVE-2017-16774
RESERVED
CVE-2017-16773
RESERVED
-CVE-2017-16772
- RESERVED
-CVE-2017-16771
- RESERVED
+CVE-2017-16772 (Improper input validation vulnerability in ...)
+ TODO: check
+CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in
Synology ...)
+ TODO: check
CVE-2017-16770 (File and directory information exposure vulnerability in ...)
NOT-FOR-US: Synology Surveillance Station
CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer
in ...)
@@ -26455,8 +26520,8 @@ CVE-2017-16244 (Cross-Site Request Forgery exists in
OctoberCMS 1.0.426 (aka Bui
NOT-FOR-US: OctoberCMS
CVE-2017-16243
RESERVED
-CVE-2017-16242
- RESERVED
+CVE-2017-16242 (An issue was discovered on MECO USB Memory Stick with
Fingerprint ...)
+ TODO: check
CVE-2017-1000384
REJECTED
CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely)
ignores ...)
@@ -41392,6 +41457,7 @@ CVE-2017-11334 (The address_space_write_continue
function in exec.c in QEMU (aka
NOTE:
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece
NOTE:
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
libvorbis ...)
+ {DSA-4113-1}
- libvorbis 1.3.5-4.1 (low; bug #870341)
[jessie] - libvorbis <postponed> (Minor issue, can be revisited once
fixed upstream)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
@@ -70360,10 +70426,10 @@ CVE-2017-1791
RESERVED
CVE-2017-1790
RESERVED
-CVE-2017-1789
- RESERVED
-CVE-2017-1788
- RESERVED
+CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an ...)
+ TODO: check
+CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form
Login ...)
+ TODO: check
CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed
...)
NOT-FOR-US: IBM Publishing Engine
CVE-2017-1786
@@ -70584,8 +70650,8 @@ CVE-2017-1679
RESERVED
CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is
vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2017-1677
- RESERVED
+CVE-2017-1677 (IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux,
UNIX and ...)
+ TODO: check
CVE-2017-1676
RESERVED
CVE-2017-1675
@@ -70796,8 +70862,8 @@ CVE-2017-1573
RESERVED
CVE-2017-1572
RESERVED
-CVE-2017-1571
- RESERVED
+CVE-2017-1571 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
+ TODO: check
CVE-2017-1570 (IBM Jazz Foundation products could allow an authenticated user
to ...)
NOT-FOR-US: IBM
CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified ...)
@@ -72072,14 +72138,14 @@ CVE-2017-0937
RESERVED
CVE-2017-0936
RESERVED
-CVE-2017-0935
- RESERVED
-CVE-2017-0934
- RESERVED
-CVE-2017-0933
- RESERVED
-CVE-2017-0932
- RESERVED
+CVE-2017-0935 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from
an ...)
+ TODO: check
+CVE-2017-0934 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an
...)
+ TODO: check
+CVE-2017-0933 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a
...)
+ TODO: check
+CVE-2017-0932 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from
an ...)
+ TODO: check
CVE-2017-0931
RESERVED
CVE-2017-0930
@@ -72114,8 +72180,8 @@ CVE-2017-0922 (Gitlab Enterprise Edition version 10.3
is vulnerable to an ...)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0921
RESERVED
-CVE-2017-0920
- RESERVED
+CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6,
and ...)
+ TODO: check
CVE-2017-0919
RESERVED
CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path
...)
@@ -72347,8 +72413,8 @@ CVE-2016-9713
RESERVED
CVE-2016-9712
RESERVED
-CVE-2016-9711
- RESERVED
+CVE-2016-9711 (IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0)
...)
+ TODO: check
CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow
a ...)
NOT-FOR-US: IBM
CVE-2016-9709
@@ -82286,11 +82352,11 @@ CVE-2016-7115 (Buffer overflow in the handle_packet
function in mactelnet.c in t
- mactelnet 0.4.4-4 (bug #836320)
[jessie] - mactelnet <no-dsa> (Minor issue, can be fixed via point
release)
NOTE:
https://github.com/haakonnessjoen/MAC-Telnet/commit/b69d11727d4f0f8cf719c79e3fb700f55ca03e9a
-CVE-2016-7114 (The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4
and ...)
+CVE-2016-7114 (A vulnerability has been identified in Firmware variant
PROFINET IO ...)
NOT-FOR-US: Siemens
-CVE-2016-7113 (The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4
and ...)
+CVE-2016-7113 (A vulnerability has been identified in Firmware variant
PROFINET IO ...)
NOT-FOR-US: Siemens
-CVE-2016-7112 (The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4
and ...)
+CVE-2016-7112 (A vulnerability has been identified in Firmware variant
PROFINET IO ...)
NOT-FOR-US: Siemens
CVE-2015-8960 (The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, ...)
NOTE: Vulnerability "in the TLS documentation", not assigned to a
specific source/implentation
@@ -90760,9 +90826,9 @@ CVE-2014-9774
RESERVED
CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java
...)
NOT-FOR-US: SAP
-CVE-2016-4785 (The integrated web server in the EN100 Ethernet module before
4.27 on ...)
+CVE-2016-4785 (A vulnerability has been identified in Firmware variant
PROFINET IO ...)
NOT-FOR-US: Siemens
-CVE-2016-4784 (The integrated web server in the EN100 Ethernet module before
4.27 on ...)
+CVE-2016-4784 (A vulnerability has been identified in firmware variant
PROFINET IO ...)
NOT-FOR-US: Siemens
CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit
before ...)
NOT-FOR-US: Lenovo
@@ -103820,7 +103886,7 @@ CVE-2016-0747 (The resolver in nginx before 1.8.1 and
1.9.x before 1.9.10 does n
NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
NOTE:
https://github.com/nginx/nginx/commit/4016e6b1da4fbf9c45963211791be124cd7ffb8f
(release-1.9.10)
NOTE:
https://github.com/nginx/nginx/commit/fe89d99796d42b86816e17d9c87ab16964768024
(release-1.9.10)
-CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx before
1.8.1 and ...)
+CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx 0.6.18
through ...)
{DSA-3473-1}
- nginx 1.9.10-1 (bug #812806)
[squeeze] - nginx <not-affected> (Vulnerable code not present)
@@ -114630,7 +114696,7 @@ CVE-2015-5376 (SQL injection vulnerability in the
login form in GSI WiNPAT Porta
NOT-FOR-US: GSI WiNPAT Portal
CVE-2015-5375 (Cross-site scripting (XSS) vulnerability in unspecified dialogs
for ...)
NOT-FOR-US: Open-Xchange
-CVE-2015-5374 (The EN100 module with firmware before 4.25 for Siemens SIPROTEC
4 and ...)
+CVE-2015-5374 (A vulnerability has been identified in Firmware variant
PROFINET IO ...)
NOT-FOR-US: Siemens
CVE-2015-5373
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ea636f4c09ec8208522e20ca3c4a9beca4cd740
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ea636f4c09ec8208522e20ca3c4a9beca4cd740
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
