[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 30 21:10:28 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af4f73aa by security tracker role at 2018-08-30T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2018-16230
+ RESERVED
+CVE-2018-16229
+ RESERVED
+CVE-2018-16228
+ RESERVED
+CVE-2018-16227
+ RESERVED
+CVE-2018-16226
+ RESERVED
+CVE-2018-16225
+ RESERVED
+CVE-2018-16224
+ RESERVED
+CVE-2018-16223
+ RESERVED
+CVE-2018-16222
+ RESERVED
+CVE-2018-16221
+ RESERVED
+CVE-2018-16220
+ RESERVED
+CVE-2018-16219
+ RESERVED
+CVE-2018-16218
+ RESERVED
+CVE-2018-16217
+ RESERVED
+CVE-2018-16216
+ RESERVED
+CVE-2018-16215
+ RESERVED
+CVE-2018-16214
+ RESERVED
+CVE-2018-16213
+ RESERVED
+CVE-2018-16212
+ RESERVED
+CVE-2018-16211
+ RESERVED
+CVE-2018-16210
+ RESERVED
+CVE-2018-16209
+ RESERVED
+CVE-2018-16208
+ RESERVED
+CVE-2018-16207
+ RESERVED
+CVE-2018-16206
+ RESERVED
+CVE-2018-16205
+ RESERVED
+CVE-2018-16204
+ RESERVED
+CVE-2018-16203
+ RESERVED
+CVE-2018-16202
+ RESERVED
+CVE-2018-16201
+ RESERVED
+CVE-2018-16200
+ RESERVED
+CVE-2018-16199
+ RESERVED
+CVE-2018-16198
+ RESERVED
+CVE-2018-16197
+ RESERVED
+CVE-2018-16196
+ RESERVED
+CVE-2018-16195
+ RESERVED
+CVE-2018-16194
+ RESERVED
+CVE-2018-16193
+ RESERVED
+CVE-2018-16192
+ RESERVED
+CVE-2018-16191
+ RESERVED
+CVE-2018-16190
+ RESERVED
+CVE-2018-16189
+ RESERVED
+CVE-2018-16188
+ RESERVED
+CVE-2018-16187
+ RESERVED
+CVE-2018-16186
+ RESERVED
+CVE-2018-16185
+ RESERVED
+CVE-2018-16184
+ RESERVED
+CVE-2018-16183
+ RESERVED
+CVE-2018-16182
+ RESERVED
+CVE-2018-16181
+ RESERVED
+CVE-2018-16180
+ RESERVED
+CVE-2018-16179
+ RESERVED
+CVE-2018-16178
+ RESERVED
+CVE-2018-16177
+ RESERVED
+CVE-2018-16176
+ RESERVED
+CVE-2018-16175
+ RESERVED
+CVE-2018-16174
+ RESERVED
+CVE-2018-16173
+ RESERVED
+CVE-2018-16172
+ RESERVED
+CVE-2018-16171
+ RESERVED
+CVE-2018-16170
+ RESERVED
+CVE-2018-16169
+ RESERVED
+CVE-2018-16168
+ RESERVED
+CVE-2018-16167
+ RESERVED
+CVE-2018-16166
+ RESERVED
+CVE-2018-16165
+ RESERVED
+CVE-2018-16164
+ RESERVED
+CVE-2018-16163
+ RESERVED
+CVE-2018-16162
+ RESERVED
+CVE-2018-16161
+ RESERVED
+CVE-2018-16160
+ RESERVED
+CVE-2018-16159 (The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL ...)
+ TODO: check
CVE-2018-XXXX [gitlab: Missing Authorization Control API Repository Storage]
- gitlab <not-affected> (Only affects Enterprise edition)
NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
@@ -20,8 +164,8 @@ CVE-2018-XXXX [gitlab: Persistent XSS in Pipeline Tooltip]
NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16158 (Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 ...)
NOT-FOR-US: Eaton Power Xpert Meter
-CVE-2018-16157
- RESERVED
+CVE-2018-16157 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modify ...)
+ TODO: check
CVE-2018-16156
RESERVED
CVE-2018-16155
@@ -72,8 +216,8 @@ CVE-2018-16133 (Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a
NOT-FOR-US: Cybrotech
CVE-2018-16132 (The image rendering component (createGenericPreview) of the Open ...)
NOT-FOR-US: Signal app (specific on iOS)
-CVE-2018-16131
- RESERVED
+CVE-2018-16131 (The decodeRequest and decodeRequestWith directives in Lightbend Akka ...)
+ TODO: check
CVE-2018-16130
RESERVED
CVE-2018-558213
@@ -954,8 +1098,8 @@ CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to cause
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html
-CVE-2018-15745
- RESERVED
+CVE-2018-15745 (Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory ...)
+ TODO: check
CVE-2018-15744
RESERVED
CVE-2018-15743
@@ -1075,8 +1219,8 @@ CVE-2018-15693
RESERVED
CVE-2018-15692
RESERVED
-CVE-2018-15691
- RESERVED
+CVE-2018-15691 (Insecure deserialization of a specially crafted serialized object, in ...)
+ TODO: check
CVE-2018-15690
RESERVED
CVE-2018-15689
@@ -1632,16 +1776,16 @@ CVE-2018-15482 (Certain LG devices based on Android 6.0 through 8.1 have incorre
NOT-FOR-US: LG devices specific issue
CVE-2018-15481 (Improper input sanitization within the restricted administration shell ...)
NOT-FOR-US: UCOPIA
-CVE-2018-15480
- RESERVED
-CVE-2018-15479
- RESERVED
-CVE-2018-15478
- RESERVED
-CVE-2018-15477
- RESERVED
-CVE-2018-15476
- RESERVED
+CVE-2018-15480 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi ...)
+ TODO: check
+CVE-2018-15479 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi ...)
+ TODO: check
+CVE-2018-15478 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi ...)
+ TODO: check
+CVE-2018-15477 (myStrom WiFi Switch V1 devices before 2.66 did not sanitize a ...)
+ TODO: check
+CVE-2018-15476 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi ...)
+ TODO: check
CVE-2018-15475
RESERVED
CVE-2018-15474
@@ -1854,10 +1998,10 @@ CVE-2018-15366
RESERVED
CVE-2018-15365
RESERVED
-CVE-2018-15364
- RESERVED
-CVE-2018-15363
- RESERVED
+CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information ...)
+ TODO: check
+CVE-2018-15363 (An Out-of-Bounds Read Privilege Escalation vulnerability in Trend ...)
+ TODO: check
CVE-2018-15362
RESERVED
CVE-2018-15361
@@ -2834,16 +2978,16 @@ CVE-2018-14905 (The Web server in 3CX version 15.5.8801.3 is vulnerable to Refle
NOT-FOR-US: 3CX
CVE-2018-14904 (Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple ...)
NOT-FOR-US: Samsung Syncthru Web Service
-CVE-2018-14903
- RESERVED
-CVE-2018-14902
- RESERVED
-CVE-2018-14901
- RESERVED
-CVE-2018-14900
- RESERVED
-CVE-2018-14899
- RESERVED
+CVE-2018-14903 (EPSON WF-2750 printers with firmware JP02I2 do not properly validate ...)
+ TODO: check
+CVE-2018-14902 (The ContentProvider in the EPSON iPrint application 6.6.3 for Android ...)
+ TODO: check
+CVE-2018-14901 (The EPSON iPrint application 6.6.3 for Android contains hard-coded API ...)
+ TODO: check
+CVE-2018-14900 (On EPSON WF-2750 printers with firmware JP02I2, there is no filtering ...)
+ TODO: check
+CVE-2018-14899 (On the EPSON WF-2750 printer with firmware JP02I2, the Web interface ...)
+ TODO: check
CVE-2018-14898
RESERVED
CVE-2018-14897
@@ -3245,21 +3389,27 @@ CVE-2018-14747
CVE-2018-14746
RESERVED
CVE-2018-14955 (The mail message display page in SquirrelMail through 1.4.22 has XSS ...)
+ {DLA-1484-1}
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14954 (The mail message display page in SquirrelMail through 1.4.22 has XSS ...)
+ {DLA-1484-1}
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14953 (The mail message display page in SquirrelMail through 1.4.22 has XSS ...)
+ {DLA-1484-1}
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14952 (The mail message display page in SquirrelMail through 1.4.22 has XSS ...)
+ {DLA-1484-1}
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14951 (The mail message display page in SquirrelMail through 1.4.22 has XSS ...)
+ {DLA-1484-1}
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14950 (The mail message display page in SquirrelMail through 1.4.22 has XSS ...)
+ {DLA-1484-1}
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14745
@@ -3524,15 +3674,13 @@ CVE-2018-14624
RESERVED
CVE-2018-14623
RESERVED
-CVE-2018-14622 [Segmentation fault in makefd_xprt return value in svc_vc.c]
- RESERVED
+CVE-2018-14622 (A null-pointer dereference vulnerability was found in libtirpc before ...)
[experimental] - libtirpc 1.0.2-0.1
- libtirpc <unfixed> (bug #907608)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1620293
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=968175
NOTE: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
-CVE-2018-14621 [Infinite loop in EMFILE case in svc_vc.c]
- RESERVED
+CVE-2018-14621 (An infinite loop vulnerability was found in libtirpc before version ...)
- libtirpc <not-affected> (Vulnerable code not in a released version)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1620290
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=968175
@@ -3540,8 +3688,7 @@ CVE-2018-14621 [Infinite loop in EMFILE case in svc_vc.c]
NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b
CVE-2018-14620
RESERVED
-CVE-2018-14619 [crash (possible privesc) in kernel crypto subsystem]
- RESERVED
+CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel before ...)
- linux 4.14.12-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -4210,7 +4357,7 @@ CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the ...)
NOT-FOR-US: axmldec
CVE-2018-14401 (CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an ...)
NOT-FOR-US: AXML Parser
-CVE-2018-14400 (In pycparser, a pickle.load call (within the read_pickle function of ...)
+CVE-2018-14400 (In PLY (aka Python Lex-Yacc) 3.11, as used in pycparser and other ...)
- ply <unfixed> (unimportant)
NOTE: https://github.com/eliben/pycparser/issues/273
NOTE: Negligible and unexploitable vulnerability for those unsing the library as intended.
@@ -4534,8 +4681,8 @@ CVE-2018-14319
RESERVED
CVE-2018-14318
RESERVED
-CVE-2018-14317
- RESERVED
+CVE-2018-14317 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
CVE-2018-14316 (This vulnerability allows remote attackers to disclose sensitive ...)
NOT-FOR-US: Foxit Reader
CVE-2018-14315 (This vulnerability allows remote attackers to execute arbitrary code ...)
@@ -5652,22 +5799,22 @@ CVE-2018-13828
RESERVED
CVE-2018-13827
RESERVED
-CVE-2018-13826
- RESERVED
-CVE-2018-13825
- RESERVED
-CVE-2018-13824
- RESERVED
-CVE-2018-13823
- RESERVED
-CVE-2018-13822
- RESERVED
-CVE-2018-13821
- RESERVED
-CVE-2018-13820
- RESERVED
-CVE-2018-13819
- RESERVED
+CVE-2018-13826 (An XML external entity vulnerability in the XOG functionality, in CA ...)
+ TODO: check
+CVE-2018-13825 (Insufficient input validation in the gridExcelExport functionality, in ...)
+ TODO: check
+CVE-2018-13824 (Insufficient input sanitization of two parameters in CA PPM 14.3 and ...)
+ TODO: check
+CVE-2018-13823 (An XML external entity vulnerability in the XOG functionality, in CA ...)
+ TODO: check
+CVE-2018-13822 (Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, ...)
+ TODO: check
+CVE-2018-13821 (A lack of authentication, in CA Unified Infrastructure Management ...)
+ TODO: check
+CVE-2018-13820 (A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, ...)
+ TODO: check
+CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, ...)
+ TODO: check
CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...)
- twig 2.4.4-2
NOTE: Fixed upstream in 2.4.4
@@ -10884,12 +11031,12 @@ CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code'
NOT-FOR-US: WUZHI CMS
CVE-2018-11721
RESERVED
-CVE-2018-11720
- RESERVED
-CVE-2018-11719
- RESERVED
-CVE-2018-11718
- RESERVED
+CVE-2018-11720 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory ...)
+ TODO: check
+CVE-2018-11719 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. ...)
+ TODO: check
+CVE-2018-11718 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. ...)
+ TODO: check
CVE-2017-18286 (nZEDb v0.7.3.3 has XSS in the 404 error page. ...)
NOT-FOR-US: nZEDb
CVE-2016-1000352 (In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES ...)
@@ -11204,10 +11351,10 @@ CVE-2018-11618 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: Foxit Reader
CVE-2018-11617 (This vulnerability allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: Foxit Reader
-CVE-2018-11616
- RESERVED
-CVE-2018-11615
- RESERVED
+CVE-2018-11616 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-11615 (This vulnerability allows remote attackers to deny service on ...)
+ TODO: check
CVE-2018-11614
RESERVED
CVE-2018-11613
@@ -13013,14 +13160,14 @@ CVE-2018-10938 (A flaw was found in the Linux kernel present since v4.0-rc1 and
CVE-2018-10937
RESERVED
NOT-FOR-US: OpenShift
-CVE-2018-10936 [added server hostname verification for non-default SSL factories in sslmode=verify-full]
- RESERVED
+CVE-2018-10936 (A weakness was found in postgresql-jdbc before version 42.2.5. It was ...)
- libpgjava 42.2.5-1
[stretch] - libpgjava <no-dsa> (Minor issue)
[jessie] - libpgjava <no-dsa> (Minor issue)
NOTE: https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e412309
CVE-2018-10935 [ldapsearch with server side sort allows users to cause a crash]
RESERVED
+ {DLA-1483-1}
- 389-ds-base 1.4.0.15-1 (bug #906985)
NOTE: https://pagure.io/389-ds-base/issue/49890
CVE-2018-10934
@@ -13273,6 +13420,7 @@ CVE-2018-10872 (A flaw was found in the way the Linux kernel handled exceptions
- linux <not-affected> (Red Hat specific CVE-2018-8897 regression in RHEL 6.10)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596094
CVE-2018-10871 (389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a ...)
+ {DLA-1483-1}
[experimental] - 389-ds-base 1.4.0.13-1
- 389-ds-base 1.4.0.15-1
NOTE: https://pagure.io/389-ds-base/issue/49789
@@ -14258,10 +14406,10 @@ CVE-2018-10516 (In CMS Made Simple (CMSMS) through 2.2.7, the "file rename&
NOT-FOR-US: CMS Made Simple
CVE-2018-10515 (In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation ...)
NOT-FOR-US: CMS Made Simple
-CVE-2018-10514
- RESERVED
-CVE-2018-10513
- RESERVED
+CVE-2018-10514 (A Missing Impersonation Privilege Escalation vulnerability in Trend ...)
+ TODO: check
+CVE-2018-10513 (A Deserialization of Untrusted Data Privilege Escalation vulnerability ...)
+ TODO: check
CVE-2018-10512 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) ...)
NOT-FOR-US: Trend Micro
CVE-2018-10511 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) ...)
@@ -125388,8 +125536,8 @@ CVE-2016-0375 (JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x throu
NOT-FOR-US: IBM
CVE-2016-0374 (The builder tools in IBM TRIRIGA Application Platform 3.3 before ...)
NOT-FOR-US: IBM
-CVE-2016-0373
- RESERVED
+CVE-2016-0373 (IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated ...)
+ TODO: check
CVE-2016-0372 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, ...)
NOT-FOR-US: IBM
CVE-2016-0371 (The Tivoli Storage Manager (TSM) password may be displayed in plain ...)
@@ -125666,8 +125814,8 @@ CVE-2016-0236 (IBM Security Guardium Database Activity Monitor 8.2 before p310,
NOT-FOR-US: IBM
CVE-2016-0235 (IBM Security Guardium Database Activity Monitor 10 allows local users ...)
NOT-FOR-US: IBM
-CVE-2016-0234
- RESERVED
+CVE-2016-0234 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user ...)
+ TODO: check
CVE-2016-0233 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, ...)
NOT-FOR-US: IBM
CVE-2016-0232 (IBM Financial Transaction Manager (FTM) for ACH Services, Check ...)
@@ -125724,8 +125872,8 @@ CVE-2016-0207 (IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.
NOT-FOR-US: IBM Algorithmics One-Algo Risk Application
CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated attacker to ...)
NOT-FOR-US: IBM
-CVE-2016-0205
- RESERVED
+CVE-2016-0205 (A vulnerability has been identified in IBM Cloud Orchestrator 2.3, ...)
+ TODO: check
CVE-2016-0204 (Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before ...)
NOT-FOR-US: IBM
CVE-2016-0203 (A vulnerability has been identified in the IBM Cloud Orchestrator task ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af4f73aa4317478b4804105cb7b5dce9633fd569
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af4f73aa4317478b4804105cb7b5dce9633fd569
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180830/a882ce2f/attachment.html>
More information about the debian-security-tracker-commits
mailing list