[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 29 09:10:27 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c96a4ce7 by security tracker role at 2018-08-29T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2018-16063
+ RESERVED
+CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before ...)
+ TODO: check
+CVE-2018-16061
+ RESERVED
+CVE-2018-16060
+ RESERVED
+CVE-2018-16059
+ RESERVED
+CVE-2018-16058
+ RESERVED
+CVE-2018-16057
+ RESERVED
+CVE-2018-16056
+ RESERVED
+CVE-2018-16055
+ RESERVED
+CVE-2018-16054
+ RESERVED
+CVE-2018-16053
+ RESERVED
+CVE-2018-16052
+ RESERVED
CVE-2018-16051
RESERVED
CVE-2018-16050
@@ -318,10 +342,10 @@ CVE-2018-15899 (An issue was discovered in MiniCMS 1.10. There is a post.php?dat
NOT-FOR-US: MiniCMS
CVE-2018-15898
RESERVED
-CVE-2018-15897
- RESERVED
-CVE-2018-15896
- RESERVED
+CVE-2018-15897 (PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers ...)
+ TODO: check
+CVE-2018-15896 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal ...)
+ TODO: check
CVE-2018-15895 (An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because ...)
NOT-FOR-US: iCMS
CVE-2018-15894 (A SQL injection was discovered in ...)
@@ -359,12 +383,12 @@ CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the ...)
NOT-FOR-US: RICOH MP C4504ex devices
CVE-2018-15883
RESERVED
-CVE-2018-15882
- RESERVED
-CVE-2018-15881
- RESERVED
-CVE-2018-15880
- RESERVED
+CVE-2018-15882 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks in ...)
+ TODO: check
+CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks ...)
+ TODO: check
+CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate output ...)
+ TODO: check
CVE-2018-15879
RESERVED
CVE-2018-15878
@@ -2123,8 +2147,8 @@ CVE-2018-15123 (Insecure configuration storage in Zipato Zipabox Smart Home Cont
NOT-FOR-US: Zipato
CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 2018.1.323.2 ...)
NOT-FOR-US: Telerik
-CVE-2018-15121
- RESERVED
+CVE-2018-15121 (An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. ...)
+ TODO: check
CVE-2018-15120 (libpango in Pango before 1.42.4, as used in hexchat and other ...)
- pango1.0 1.42.4-1 (low)
[stretch] - pango1.0 <not-affected> (Vulnerable code not present)
@@ -20077,6 +20101,7 @@ CVE-2018-8039 (It is possible to configure Apache CXF to use the com.sun.net.ssl
CVE-2018-8038 (Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable ...)
NOT-FOR-US: Apache CXF
CVE-2018-8037 (If an async request was completed by the application at the same time ...)
+ {DSA-4281-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.32-1
- tomcat8.0 <not-affected> (Vulnerable code only present in 8.5.5 to 8.5.31 in 8.x series)
@@ -20091,7 +20116,7 @@ CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefu
CVE-2018-8035
RESERVED
CVE-2018-8034 (The host name verification when using TLS with the WebSocket client ...)
- {DLA-1453-1}
+ {DSA-4281-1 DLA-1453-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.32-1
- tomcat8.0 <unfixed> (unimportant)
@@ -32207,8 +32232,8 @@ CVE-2018-3918 (An exploitable vulnerability exists in the remote servers of Sams
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3916
- RESERVED
+CVE-2018-3916 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2018-3915
RESERVED
CVE-2018-3914
@@ -39788,6 +39813,7 @@ CVE-2018-1338 (A carefully crafted (or fuzzed) file can trigger an infinite loop
CVE-2018-1337 (In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was ...)
NOT-FOR-US: Apache LDAP API
CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with ...)
+ {DSA-4281-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.31-1
- tomcat8.0 <unfixed> (unimportant)
@@ -39886,7 +39912,7 @@ CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL
CVE-2018-1306 (The PortletV3AnnotatedDemo Multipart Portlet war file code provided in ...)
NOT-FOR-US: Apache Portals Pluto
CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache ...)
- {DLA-1450-1 DLA-1400-1 DLA-1301-1}
+ {DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.28-1
- tomcat8.0 <unfixed> (unimportant)
@@ -39900,7 +39926,7 @@ CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache
NOTE: https://svn.apache.org/r1823322 (7.0.x)
NOTE: https://svn.apache.org/r1824360 (7.0.x)
CVE-2018-1304 (The URL pattern of "" (the empty string) which exactly maps to the ...)
- {DLA-1450-1 DLA-1400-1 DLA-1301-1}
+ {DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.28-1
- tomcat8.0 <unfixed> (unimportant)
@@ -44847,7 +44873,7 @@ CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4
NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/e0deab303e3d0f7c860bba291410512734f4d6b0
CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 before build 13530 allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
+CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 before build 13530 allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 before build 13530 allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
@@ -48895,8 +48921,7 @@ CVE-2017-15431
RESERVED
CVE-2017-15430 (Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 ...)
TODO: check
-CVE-2017-15429
- RESERVED
+CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in Google ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -49007,8 +49032,7 @@ CVE-2017-15407 (Out-of-bounds Write in the QUIC networking stack in Google Chrom
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15406
- RESERVED
+CVE-2017-15406 (A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -49034,24 +49058,21 @@ CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome
NOTE: Patches from upstream to restrict what filters will be accpeted
NOTE: https://github.com/apple/cups/commit/07428f6a640ff93aa0b4cc69ca372e2cf8490e41 (v2.2.2)
NOTE: https://github.com/apple/cups/commit/1add23375658e9163e5493ee19de7c9f7a9b483b (v2.2.2)
-CVE-2017-15399
- RESERVED
+CVE-2017-15399 (A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a ...)
{DSA-4024-1}
- chromium-browser 62.0.3202.89-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2017-15398
- RESERVED
+CVE-2017-15398 (A stack buffer overflow in the QUIC networking stack in Google Chrome ...)
{DSA-4024-1}
- chromium-browser 62.0.3202.89-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15397 (Inappropriate implementation in ChromeVox in Google Chrome OS prior to ...)
NOT-FOR-US: ChromeVox in Google Chrome OS
-CVE-2017-15396
- RESERVED
+CVE-2017-15396 (A stack buffer overflow in NumberingSystem in International Components ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c96a4ce7131dc4cb6822e74c56b225a31da78f59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c96a4ce7131dc4cb6822e74c56b225a31da78f59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180829/d261e471/attachment.html>
More information about the debian-security-tracker-commits
mailing list