[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 29 21:10:28 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d950e12f by security tracker role at 2018-08-29T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,138 @@
+CVE-2018-558213
+ REJECTED
+ TODO: check
+CVE-2018-16129
+ RESERVED
+CVE-2018-16128
+ RESERVED
+CVE-2018-16127
+ RESERVED
+CVE-2018-16126
+ RESERVED
+CVE-2018-16125
+ RESERVED
+CVE-2018-16124
+ RESERVED
+CVE-2018-16123
+ RESERVED
+CVE-2018-16122
+ RESERVED
+CVE-2018-16121
+ RESERVED
+CVE-2018-16120
+ RESERVED
+CVE-2018-16119
+ RESERVED
+CVE-2018-16118
+ RESERVED
+CVE-2018-16117
+ RESERVED
+CVE-2018-16116
+ RESERVED
+CVE-2018-16115
+ RESERVED
+CVE-2018-16114
+ RESERVED
+CVE-2018-16113
+ RESERVED
+CVE-2018-16112
+ RESERVED
+CVE-2018-16111
+ RESERVED
+CVE-2018-16110
+ RESERVED
+CVE-2018-16109
+ RESERVED
+CVE-2018-16108
+ RESERVED
+CVE-2018-16107
+ RESERVED
+CVE-2018-16106
+ RESERVED
+CVE-2018-16105
+ RESERVED
+CVE-2018-16104
+ RESERVED
+CVE-2018-16103
+ RESERVED
+CVE-2018-16102
+ RESERVED
+CVE-2018-16101
+ RESERVED
+CVE-2018-16100
+ RESERVED
+CVE-2018-16099
+ RESERVED
+CVE-2018-16098
+ RESERVED
+CVE-2018-16097
+ RESERVED
+CVE-2018-16096
+ RESERVED
+CVE-2018-16095
+ RESERVED
+CVE-2018-16094
+ RESERVED
+CVE-2018-16093
+ RESERVED
+CVE-2018-16092
+ RESERVED
+CVE-2018-16091
+ RESERVED
+CVE-2018-16090
+ RESERVED
+CVE-2018-16089
+ RESERVED
+CVE-2018-16088
+ RESERVED
+CVE-2018-16087
+ RESERVED
+CVE-2018-16086
+ RESERVED
+CVE-2018-16085
+ RESERVED
+CVE-2018-16084
+ RESERVED
+CVE-2018-16083
+ RESERVED
+CVE-2018-16082
+ RESERVED
+CVE-2018-16081
+ RESERVED
+CVE-2018-16080
+ RESERVED
+CVE-2018-16079
+ RESERVED
+CVE-2018-16078
+ RESERVED
+CVE-2018-16077
+ RESERVED
+CVE-2018-16076
+ RESERVED
+CVE-2018-16075
+ RESERVED
+CVE-2018-16074
+ RESERVED
+CVE-2018-16073
+ RESERVED
+CVE-2018-16072
+ RESERVED
+CVE-2018-16071
+ RESERVED
+CVE-2018-16070
+ RESERVED
+CVE-2018-16069
+ RESERVED
+CVE-2018-16068
+ RESERVED
+CVE-2018-16067
+ RESERVED
+CVE-2018-16066
+ RESERVED
+CVE-2018-16065
+ RESERVED
+CVE-2018-16064
+ RESERVED
CVE-2018-16063
RESERVED
CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before ...)
@@ -301,8 +436,8 @@ CVE-2018-15914
RESERVED
CVE-2018-15913
RESERVED
-CVE-2018-15912
- RESERVED
+CVE-2018-15912 (An issue was discovered in manjaro-update-system.sh in manjaro-system ...)
+ TODO: check
CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 ...)
- openssh <unfixed> (bug #907503)
[stretch] - openssh <no-dsa> (Minor issue)
@@ -325,8 +460,8 @@ CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are abl
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
NOTE: https://www.kb.cert.org/vuls/id/332928
-CVE-2018-15907
- RESERVED
+CVE-2018-15907 (Technicolor (formerly RCA) TC8305C devices have a Buffer Overflow. ...)
+ TODO: check
CVE-2018-15906
RESERVED
CVE-2018-15905
@@ -427,7 +562,7 @@ CVE-2018-15871 (An invalid memory address dereference was discovered in ...)
CVE-2018-15870 (An invalid memory address dereference was discovered in ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/122
-CVE-2018-15869 (The Amazon Web Services (AWS) CLI version 1.15.85 (and possibly earlier ...)
+CVE-2018-15869 (An Amazon Web Services (AWS) developer who does not specify the ...)
- awscli <unfixed> (low; bug #907298)
[stretch] - awscli <no-dsa> (Minor issue)
[jessie] - awscli <no-dsa> (Vulnerable code not present)
@@ -711,8 +846,7 @@ CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 2.70.05.02
NOT-FOR-US: Dell 2335dn printers
CVE-2018-15747
RESERVED
-CVE-2018-15746 [seccomp: blacklist is not applied to all threads]
- RESERVED
+CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to cause a ...)
- qemu <unfixed> (bug #907500)
[stretch] - qemu <no-dsa> (Minor issue; Only enabled by default later, but supported)
- qemu-kvm <removed>
@@ -754,8 +888,8 @@ CVE-2018-15729
RESERVED
CVE-2018-15728 (An issue was discovered in Couchbase Server. Authenticated users can ...)
NOT-FOR-US: Couchbase
-CVE-2018-15727
- RESERVED
+CVE-2018-15727 (Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows ...)
+ TODO: check
CVE-2018-1999047 (A improper authorization vulnerability exists in Jenkins 2.137 and ...)
- jenkins <removed>
CVE-2018-1999046 (A exposure of sensitive information vulnerability exists in Jenkins ...)
@@ -1223,8 +1357,8 @@ CVE-2018-15564 (An issue was discovered in daveismyname simple-cms through 2014-
NOT-FOR-US: simple-cms
CVE-2018-15563
RESERVED
-CVE-2018-15562
- RESERVED
+CVE-2018-15562 (CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or ...)
+ TODO: check
CVE-2018-15561
RESERVED
CVE-2018-15560 (PyCryptodome before 3.6.6 has an integer overflow in the data_len ...)
@@ -2821,8 +2955,8 @@ CVE-2018-14807
RESERVED
CVE-2018-14806
RESERVED
-CVE-2018-14805
- RESERVED
+CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the system ...)
+ TODO: check
CVE-2018-14804
RESERVED
CVE-2018-14803
@@ -2923,8 +3057,8 @@ CVE-2018-14770
RESERVED
CVE-2018-14769
RESERVED
-CVE-2018-14768
- RESERVED
+CVE-2018-14768 (Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, ...)
+ TODO: check
CVE-2018-1999025 (A man in the middle vulnerability exists in Jenkins TraceTronic ...)
NOT-FOR-US: Jenkins plugin
CVE-2018-1999026 (A server-side request forgery vulnerability exists in Jenkins ...)
@@ -7639,22 +7773,17 @@ CVE-2018-12831
RESERVED
CVE-2018-12830
RESERVED
-CVE-2018-12829
- RESERVED
-CVE-2018-12828
- RESERVED
+CVE-2018-12829 (Adobe Creative Cloud Desktop Application before 4.6.1 has an improper ...)
+ TODO: check
+CVE-2018-12828 (Adobe Flash Player 30.0.0.134 and earlier have a "use of a component ...)
NOT-FOR-US: Adobe
-CVE-2018-12827
- RESERVED
+CVE-2018-12827 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read ...)
NOT-FOR-US: Adobe
-CVE-2018-12826
- RESERVED
+CVE-2018-12826 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read ...)
NOT-FOR-US: Adobe
-CVE-2018-12825
- RESERVED
+CVE-2018-12825 (Adobe Flash Player 30.0.0.134 and earlier have a security bypass ...)
NOT-FOR-US: Adobe
-CVE-2018-12824
- RESERVED
+CVE-2018-12824 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read ...)
NOT-FOR-US: Adobe
CVE-2018-12823
RESERVED
@@ -7680,18 +7809,18 @@ CVE-2018-12813
RESERVED
CVE-2018-12812 (Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and ...)
NOT-FOR-US: Adobe
-CVE-2018-12811
- RESERVED
-CVE-2018-12810
- RESERVED
+CVE-2018-12811 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before ...)
+ TODO: check
+CVE-2018-12810 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before ...)
+ TODO: check
CVE-2018-12809 (Adobe Experience Manager versions 6.4 and earlier have a Server-Side ...)
NOT-FOR-US: Adobe
-CVE-2018-12808
- RESERVED
-CVE-2018-12807
- RESERVED
-CVE-2018-12806
- RESERVED
+CVE-2018-12808 (Adobe Acrobat and Reader versions 2018.011.20055 and earlier, ...)
+ TODO: check
+CVE-2018-12807 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an ...)
+ TODO: check
+CVE-2018-12806 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a ...)
+ TODO: check
CVE-2018-12805 (Adobe Connect versions 9.7.5 and earlier have an Insecure Library ...)
NOT-FOR-US: Adobe
CVE-2018-12804 (Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass ...)
@@ -7704,8 +7833,8 @@ CVE-2018-12801
RESERVED
CVE-2018-12800
RESERVED
-CVE-2018-12799
- RESERVED
+CVE-2018-12799 (Adobe Acrobat and Reader versions 2018.011.20055 and earlier, ...)
+ TODO: check
CVE-2018-12798 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
NOT-FOR-US: Adobe
CVE-2018-12797 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
@@ -7888,8 +8017,8 @@ CVE-2018-12712 (An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.
NOT-FOR-US: Joomla!
CVE-2018-12711 (An XSS issue was discovered in the language switcher module in Joomla! ...)
NOT-FOR-US: Joomla!
-CVE-2018-12710
- RESERVED
+CVE-2018-12710 (An issue was discovered on D-Link DIR-601 2.02NA devices. Being local ...)
+ TODO: check
CVE-2016-10724 (Bitcoin Core before v0.13.0 allows denial of service (memory ...)
- bitcoin 0.13.0-0.1
CVE-2018-12709
@@ -20098,8 +20227,7 @@ CVE-2018-8042 (Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop crede
CVE-2018-8041
RESERVED
NOT-FOR-US: Apache Camel Mail component
-CVE-2018-8040
- RESERVED
+CVE-2018-8040 (Pages that are rendered using the ESI plugin can have access to the ...)
- trafficserver 7.1.4+ds-1
NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/2
NOTE: https://github.com/apache/trafficserver/pull/3926
@@ -20164,8 +20292,7 @@ CVE-2018-8024 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's .
NOT-FOR-US: Apache Spark
CVE-2018-8023
RESERVED
-CVE-2018-8022
- RESERVED
+CVE-2018-8022 (A carefully crafted invalid TLS handshake can cause Apache Traffic ...)
- trafficserver 7.0.0-1
NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/1
NOTE: Only affects 6.x, marking 7.0 as the fixed version
@@ -20248,15 +20375,13 @@ CVE-2018-8006 [Cross-site scripting (XSS) via QueueFilter parameter]
NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=d8c80a9
NOTE: Admin console not enabled in the Debian package, see #702670)
NOTE: Fixed in 5.15.5, 5.16.0
-CVE-2018-8005
- RESERVED
+CVE-2018-8005 (When there are multiple ranges in a range request, Apache Traffic ...)
- trafficserver 7.1.4+ds-1
NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/4
NOTE: https://github.com/apache/trafficserver/pull/3106
NOTE: https://github.com/apache/trafficserver/pull/3124
NOTE: https://github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4
-CVE-2018-8004
- RESERVED
+CVE-2018-8004 (There are multiple HTTP smuggling and cache poisoning issues when ...)
- trafficserver 7.1.4+ds-1
NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/5
NOTE: https://github.com/apache/trafficserver/pull/3192
@@ -24619,12 +24744,12 @@ CVE-2018-6601
RESERVED
CVE-2018-6600
RESERVED
-CVE-2018-6599
- RESERVED
-CVE-2018-6598
- RESERVED
-CVE-2018-6597
- RESERVED
+CVE-2018-6599 (An issue was discovered on Orbic Wonder ...)
+ TODO: check
+CVE-2018-6598 (An issue was discovered on Orbic Wonder ...)
+ TODO: check
+CVE-2018-6597 (The Alcatel A30 device with a build fingerprint of ...)
+ TODO: check
CVE-2018-6596 (webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone ...)
{DSA-4107-1}
- django-anymail 1.3-1 (bug #889450)
@@ -29874,8 +29999,8 @@ CVE-2018-5005
RESERVED
CVE-2018-5004 (Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side ...)
NOT-FOR-US: Adobe
-CVE-2018-5003
- RESERVED
+CVE-2018-5003 (Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) ...)
+ TODO: check
CVE-2018-5002 (Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based ...)
NOT-FOR-US: Adobe
CVE-2018-5001 (Adobe Flash Player versions 29.0.0.171 and earlier have an ...)
@@ -34044,8 +34169,7 @@ CVE-2017-17764 (In all Qualcomm products with Android releases from CAF using th
NOT-FOR-US: Qualcomm component for Android
CVE-2017-17763 (SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share ...)
NOT-FOR-US: SuperBeam
-CVE-2017-17762
- RESERVED
+CVE-2017-17762 (XML external entity (XXE) vulnerability in Episerver 7 patch 4 and ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. The device ...)
NOT-FOR-US: Ichano AtHome IP Camera
@@ -39905,8 +40029,7 @@ CVE-2018-1320
RESERVED
CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that cause ...)
NOT-FOR-US: Apache Allura
-CVE-2018-1318
- RESERVED
+CVE-2018-1318 (Adding method ACLs in remap.config can cause a segfault when the user ...)
- trafficserver 7.1.4+ds-1
NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/3
NOTE: https://github.com/apache/trafficserver/pull/3195
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d950e12f491f849437b82a69b45e7e1b3f641d47
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d950e12f491f849437b82a69b45e7e1b3f641d47
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180829/c500e566/attachment.html>
More information about the debian-security-tracker-commits
mailing list