[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 7 09:10:16 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5071ae5c by security tracker role at 2018-08-07T08:10:11Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the ...)
+ TODO: check
+CVE-2018-15128
+ RESERVED
CVE-2018-15127
RESERVED
CVE-2018-15126
@@ -536,8 +540,8 @@ CVE-2018-14871
RESERVED
CVE-2018-14870
RESERVED
-CVE-2018-14869
- RESERVED
+CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address line 1, ...)
+ TODO: check
CVE-2018-14868
RESERVED
CVE-2018-14867
@@ -560,8 +564,8 @@ CVE-2018-14859
RESERVED
CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2018-14857
- RESERVED
+CVE-2018-14857 (Unrestricted file upload (with remote code execution) in ...)
+ TODO: check
CVE-2018-14856
RESERVED
CVE-2018-14855
@@ -929,8 +933,8 @@ CVE-2018-14718
RESERVED
CVE-2018-14717
RESERVED
-CVE-2018-14716
- RESERVED
+CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the SEOmatic ...)
+ TODO: check
CVE-2018-14715 (The endCoinFlip function and throwSlammer function of the smart ...)
NOT-FOR-US: smart contract implementations for Cryptogs
CVE-2018-14714
@@ -3081,8 +3085,8 @@ CVE-2018-13879 (A reflected XSS issue was discovered in the registration form in
NOT-FOR-US: Rocket.Chat
CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js ...)
NOT-FOR-US: Rocket.Chat
-CVE-2018-13877
- RESERVED
+CVE-2018-13877 (The doPayouts() function of the smart contract implementation for ...)
+ TODO: check
CVE-2018-13876 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
- hdf5 <undetermined>
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
@@ -15044,7 +15048,8 @@ CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera)
NOT-FOR-US: AXIS
CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT Professional ...)
NOT-FOR-US: Open-AudIT Professional
-CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot in ...)
+CVE-2018-9154
+ REJECTED
- jasper <removed> (unimportant)
NOTE: Negligable security impact
CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers ...)
@@ -15988,7 +15993,7 @@ CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1025
CVE-2018-8803
RESERVED
-CVE-2018-8802 (SQL injection vulnerability in the management interface in ePortal ...)
+CVE-2018-8802 (SQL injection vulnerability in the management interface in ePortal ...)
NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...)
- gitlab 10.5.6+dfsg-1 (bug #893905)
@@ -20853,12 +20858,12 @@ CVE-2018-7094
RESERVED
CVE-2018-7093
RESERVED
-CVE-2018-7092
- RESERVED
-CVE-2018-7091
- RESERVED
-CVE-2018-7090
- RESERVED
+CVE-2018-7092 (A potential security vulnerability has been identified in HPE ...)
+ TODO: check
+CVE-2018-7091 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has open ...)
+ TODO: check
+CVE-2018-7090 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has local ...)
+ TODO: check
CVE-2018-7089
RESERVED
CVE-2018-7088
@@ -20881,28 +20886,28 @@ CVE-2018-7080
RESERVED
CVE-2018-7079
RESERVED
-CVE-2018-7078
- RESERVED
+CVE-2018-7078 (A remote code execution was identified in HPE Integrated Lights-Out 4 ...)
+ TODO: check
CVE-2018-7077
RESERVED
CVE-2018-7076
RESERVED
-CVE-2018-7075
- RESERVED
-CVE-2018-7074
- RESERVED
-CVE-2018-7073
- RESERVED
-CVE-2018-7072
- RESERVED
-CVE-2018-7071
- RESERVED
-CVE-2018-7070
- RESERVED
-CVE-2018-7069
- RESERVED
-CVE-2018-7068
- RESERVED
+CVE-2018-7075 (A remote cross-site scripting (XSS) vulnerability was identified in ...)
+ TODO: check
+CVE-2018-7074 (A remote code execution vulnerability was identified in HPE ...)
+ TODO: check
+CVE-2018-7073 (A local arbitrary file modification vulnerability was identified in ...)
+ TODO: check
+CVE-2018-7072 (A remote bypass of security restrictions vulnerability was identified ...)
+ TODO: check
+CVE-2018-7071 (HPE has identified a remote access to sensitive information ...)
+ TODO: check
+CVE-2018-7070 (HPE has identified a remote disclosure of information vulnerability in ...)
+ TODO: check
+CVE-2018-7069 (HPE has identified a remote unauthenticated access to files ...)
+ TODO: check
+CVE-2018-7068 (HPE has identified a remote HOST header attack vulnerability in HPE ...)
+ TODO: check
CVE-2018-7067
RESERVED
CVE-2018-7066
@@ -20917,12 +20922,12 @@ CVE-2018-7062
RESERVED
CVE-2018-7061
RESERVED
-CVE-2018-7060
- RESERVED
-CVE-2018-7059
- RESERVED
-CVE-2018-7058
- RESERVED
+CVE-2018-7060 (Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is ...)
+ TODO: check
+CVE-2018-7059 (Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that ...)
+ TODO: check
+CVE-2018-7058 (Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by ...)
+ TODO: check
CVE-2018-7057 (RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName ...)
NOT-FOR-US: RoomWizard
CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain potentially ...)
@@ -26210,8 +26215,7 @@ CVE-2018-5392 [mingw-w64 by default produces executables that opt in to ASLR, bu
NOTE: https://www.kb.cert.org/vuls/id/307144 (describes workaround)
CVE-2018-5391
RESERVED
-CVE-2018-5390 [Linux Kernel TCP implementation vulnerable to Denial of Service]
- RESERVED
+CVE-2018-5390 (Linux kernel versions 4.9+ can be forced to make very expensive calls ...)
{DSA-4266-1}
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -42436,17 +42440,17 @@ CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4
NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/867aba14900f17caacb0285a08b6981bbdbbe016
NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/8748d040058695fda5c9cfcb2a78d8947ed4188d
NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/e0deab303e3d0f7c860bba291410512734f4d6b0
-CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
+CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 before build 13530 allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
+CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 before build 13530 allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16848 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
+CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 before build 13530 allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
+CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 before build 13530 allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...)
{DSA-4213-1}
@@ -42663,8 +42667,7 @@ CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in "geminab
NOT-FOR-US: geminabox
CVE-2017-16791
RESERVED
-CVE-2017-16790 [Ensure that submitted data are uploaded files]
- RESERVED
+CVE-2017-16790 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, ...)
{DSA-4262-1}
- symfony 3.4.0+dfsg-1
NOTE: https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
@@ -42977,14 +42980,12 @@ CVE-2017-16656
RESERVED
CVE-2017-16655
RESERVED
-CVE-2017-16654 [Intl bundle readers breaking out of paths]
- RESERVED
+CVE-2017-16654 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, ...)
{DSA-4262-1}
- symfony 3.4.0+dfsg-1
NOTE: https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
NOTE: https://github.com/symfony/symfony/pull/24994
-CVE-2017-16653 [CSRF protection does not use different tokens for HTTP and HTTPS]
- RESERVED
+CVE-2017-16653 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, ...)
{DSA-4262-1}
- symfony 3.4.0+dfsg-1
NOTE: https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
@@ -43318,9 +43319,9 @@ CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
-CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection via ...)
+CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 before build 13500 allows ...)
NOT-FOR-US: Zoho
-CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 allows Post-authentication ...)
+CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500 allows ...)
NOT-FOR-US: Zoho
CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...)
- firefox-esr <not-affected> (Specific to Tor Browser)
@@ -44062,8 +44063,8 @@ CVE-2017-16254
RESERVED
CVE-2017-16253
RESERVED
-CVE-2017-16252
- RESERVED
+CVE-2017-16252 (Specially crafted commands sent through the PubNub service in Insteon ...)
+ TODO: check
CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST 14.2, ...)
NOT-FOR-US: Mitel
CVE-2017-16250 (A vulnerability in Mitel ST 14.2, release GA28 and earlier, could ...)
@@ -66286,14 +66287,14 @@ CVE-2017-9005
RESERVED
CVE-2017-9004
RESERVED
-CVE-2017-9003
- RESERVED
-CVE-2017-9002
- RESERVED
-CVE-2017-9001
- RESERVED
-CVE-2017-9000
- RESERVED
+CVE-2017-9003 (Multiple memory corruption flaws are present in ArubaOS which could ...)
+ TODO: check
+CVE-2017-9002 (All versions of Aruba ClearPass prior to 6.6.8 contain reflected ...)
+ TODO: check
+CVE-2017-9001 (Aruba ClearPass 6.6.3 and later includes a feature called "SSH ...)
+ TODO: check
+CVE-2017-9000 (ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x ...)
+ TODO: check
CVE-2017-8999
RESERVED
CVE-2017-8998
@@ -66308,18 +66309,18 @@ CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration
NOT-FOR-US: HPE
CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and ...)
NOT-FOR-US: HPE Project and Portfolio Management
-CVE-2017-8992
- RESERVED
-CVE-2017-8991
- RESERVED
-CVE-2017-8990
- RESERVED
-CVE-2017-8989
- RESERVED
-CVE-2017-8988
- RESERVED
-CVE-2017-8987
- RESERVED
+CVE-2017-8992 (HPE has identified a remote privilege escalation vulnerability in HPE ...)
+ TODO: check
+CVE-2017-8991 (HPE has identified a cross site scripting (XSS) vulnerability in HPE ...)
+ TODO: check
+CVE-2017-8990 (A remote code execution vulnerability was identified in HPE ...)
+ TODO: check
+CVE-2017-8989 (A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, ...)
+ TODO: check
+CVE-2017-8988 (A Remote Bypass of Security Restrictions vulnerability was identified ...)
+ TODO: check
+CVE-2017-8987 (A Unauthenticated Remote Denial of Service vulnerability was ...)
+ TODO: check
CVE-2017-8986
RESERVED
CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local ...)
@@ -66356,8 +66357,8 @@ CVE-2017-8970 (A remote unauthenticated disclosure of information vulnerability
NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-8969 (An improper input validation vulnerability in HPE Insight Control ...)
NOT-FOR-US: HPE Insight Control
-CVE-2017-8968
- RESERVED
+CVE-2017-8968 (A remote execution of arbitrary code vulnerability has been identified ...)
+ TODO: check
CVE-2017-8967 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8966 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
@@ -86033,8 +86034,8 @@ CVE-2017-2656
REJECTED
CVE-2017-2655
REJECTED
-CVE-2017-2654
- RESERVED
+CVE-2017-2654 (jenkins-email-ext before version 2.57.1 is vulnerable to an ...)
+ TODO: check
CVE-2017-2653 (A number of unused delete routes are present in CloudForms before ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2017-2652 (It was found that there were no permission checks performed in the ...)
@@ -91912,7 +91913,7 @@ CVE-2016-9500 (Accellion FTP server prior to version FTA_9_12_220 uses the Accus
NOT-FOR-US: Accellion
CVE-2016-9499 (Accellion FTP server prior to version FTA_9_12_220 only returns the ...)
NOT-FOR-US: Accellion
-CVE-2016-9498 (ManageEngine Applications Manager 12 and 13, allows unserialization of ...)
+CVE-2016-9498 (ManageEngine Applications Manager 12 and 13 before build 13200, allows ...)
NOT-FOR-US: ManageEngine
CVE-2016-9497 (Hughes high-performance broadband satellite modems, models HN7740S ...)
NOT-FOR-US: Hughes
@@ -91926,11 +91927,11 @@ CVE-2016-9493 (The code generated by PHP FormMail Generator prior to 17 December
NOT-FOR-US: PHP FormMail Generator
CVE-2016-9492 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...)
NOT-FOR-US: PHP FormMail Generator
-CVE-2016-9491 (ManageEngine Applications Manager 12 and 13 allows an authenticated ...)
+CVE-2016-9491 (ManageEngine Applications Manager 12 and 13 before build 13690 allows ...)
NOT-FOR-US: ManageEngine
-CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 suffer from a ...)
+CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 before build ...)
NOT-FOR-US: ManageEngine Applications Manager
-CVE-2016-9489 (In ManageEngine Applications Manager 12 and 13, an authenticated user ...)
+CVE-2016-9489 (In ManageEngine Applications Manager 12 and 13 before build 13200, an ...)
NOT-FOR-US: ManageEngine
CVE-2016-9488 (ManageEngine Applications Manager versions 12 and 13 suffer from ...)
NOT-FOR-US: ManageEngine Applications Manager
@@ -95342,10 +95343,10 @@ CVE-2016-8529 (A Remote Arbitrary Command Execution vulnerability in HPE StoreVi
NOT-FOR-US: HPE StoreVirtual
CVE-2016-8528 (A Remote Escalation of Privilege vulnerability in HPE Helion ...)
NOT-FOR-US: HPE Helion Eucalyptus
-CVE-2016-8527
- RESERVED
-CVE-2016-8526
- RESERVED
+CVE-2016-8527 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is ...)
+ TODO: check
+CVE-2016-8526 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is ...)
+ TODO: check
CVE-2016-8525 (A Remote Disclosure of Information vulnerability in HPE iMC PLAT ...)
NOT-FOR-US: HPE iMC PLAT
CVE-2016-8524
@@ -109372,30 +109373,26 @@ CVE-2016-4408
RESERVED
CVE-2016-4407 (The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not ...)
NOT-FOR-US: SAP
-CVE-2016-4406
- RESERVED
+CVE-2016-4406 (A remote cross site scripting vulnerability was identified in HPE iLO ...)
NOT-FOR-US: HPE iLO
-CVE-2016-4405
- RESERVED
-CVE-2016-4404
- RESERVED
+CVE-2016-4405 (A remote code execution vulnerability was identified in HP Business ...)
+ TODO: check
+CVE-2016-4404 (A security vulnerability was identified in the Filter SDK component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
-CVE-2016-4403
- RESERVED
+CVE-2016-4403 (A security vulnerability was identified in the Filter SDK component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
-CVE-2016-4402
- RESERVED
+CVE-2016-4402 (A security vulnerability was identified in the Filter SDK component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4401
RESERVED
-CVE-2016-4400
- RESERVED
-CVE-2016-4399
- RESERVED
-CVE-2016-4398
- RESERVED
-CVE-2016-4397
- RESERVED
+CVE-2016-4400 (A security vulnerability was identified in HP Network Node Manager i ...)
+ TODO: check
+CVE-2016-4399 (A security vulnerability was identified in HP Network Node Manager i ...)
+ TODO: check
+CVE-2016-4398 (A remote arbitrary code execution vulnerability was identified in HP ...)
+ TODO: check
+CVE-2016-4397 (A local code execution security vulnerability was identified in HP ...)
+ TODO: check
CVE-2016-4396 (HPE System Management Homepage before v7.6 allows remote attackers to ...)
NOT-FOR-US: HPE System Management Homepage
CVE-2016-4395 (HPE System Management Homepage before v7.6 allows remote attackers to ...)
@@ -109404,10 +109401,10 @@ CVE-2016-4394 (HPE System Management Homepage before v7.6 allows remote attacker
NOT-FOR-US: HPE System Management Homepage
CVE-2016-4393 (HPE System Management Homepage before v7.6 allows "remote ...)
NOT-FOR-US: HPE System Management Homepage
-CVE-2016-4392
- RESERVED
-CVE-2016-4391
- RESERVED
+CVE-2016-4392 (A remote cross site scripting vulnerability has been identified in HP ...)
+ TODO: check
+CVE-2016-4391 (A remote code execution security vulnerability has been identified in ...)
+ TODO: check
CVE-2016-4390 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote ...)
NOT-FOR-US: HPE KeyView
CVE-2016-4389 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5071ae5c52b81cce20355bd196c29c7dc3e31cf0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5071ae5c52b81cce20355bd196c29c7dc3e31cf0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180807/a3c01bfe/attachment.html>
More information about the debian-security-tracker-commits
mailing list