[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 4 20:11:15 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1ec208f by security tracker role at 2018-12-04T20:11:07Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,39 @@
-CVE-2018-19843
+CVE-2018-19854 (An issue was discovered in the Linux kernel before 4.19.3. ...)
+ TODO: check
+CVE-2018-19853 (An issue was discovered in hitshop through 2014-07-15. There is an ...)
+ TODO: check
+CVE-2018-19852
+ RESERVED
+CVE-2018-19851
RESERVED
-CVE-2018-19842
+CVE-2018-19850
RESERVED
-CVE-2018-19841
+CVE-2018-19849 (An issue was discovered in YzmCMS 5.2. XSS exists via the ...)
+ TODO: check
+CVE-2018-19848
RESERVED
-CVE-2018-19840
+CVE-2018-19847
RESERVED
-CVE-2018-19839
+CVE-2018-19846
RESERVED
-CVE-2018-19838
+CVE-2018-19845
RESERVED
-CVE-2018-19837
+CVE-2018-19844
RESERVED
+CVE-2018-19843 (opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows ...)
+ TODO: check
+CVE-2018-19842 (getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows ...)
+ TODO: check
+CVE-2018-19841 (The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a ...)
+ TODO: check
+CVE-2018-19840 (The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack ...)
+ TODO: check
+CVE-2018-19839 (In LibSass prior to 3.5.5, the function handle_error in ...)
+ TODO: check
+CVE-2018-19838 (In LibSass prior to 3.5.5, functions inside ast.cpp for ...)
+ TODO: check
+CVE-2018-19837 (In LibSass prior to 3.5.5, ...)
+ TODO: check
CVE-2018-19836 (In Metinfo 6.1.3, include/interface/applogin.php allows setting ...)
NOT-FOR-US: Metinfo
CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php ...)
@@ -2614,8 +2636,7 @@ CVE-2018-19593
RESERVED
CVE-2018-19592
RESERVED
-CVE-2018-19591 [Linux if_nametoindex() does not close descriptor]
- RESERVED
+CVE-2018-19591 (In the GNU C Library (aka glibc or libc6) through 2.28, attempting to ...)
- glibc 2.28-1 (bug #914837)
[stretch] - glibc <not-affected> (Vulnerable code introduced later and not backported to stretch)
[jessie] - glibc <not-affected> (Vulnerable code introduced later and not backported to jessie)
@@ -9575,12 +9596,12 @@ CVE-2018-17161
RESERVED
CVE-2018-17160
RESERVED
-CVE-2018-17159
- RESERVED
-CVE-2018-17158
- RESERVED
-CVE-2018-17157
- RESERVED
+CVE-2018-17159 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS ...)
+ TODO: check
+CVE-2018-17158 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...)
+ TODO: check
+CVE-2018-17157 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...)
+ TODO: check
CVE-2018-17156 (In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-EN-18:13.icmp.asc
@@ -10925,20 +10946,20 @@ CVE-2018-16636
RESERVED
CVE-2018-16635
RESERVED
-CVE-2018-16634
- RESERVED
-CVE-2018-16633
- RESERVED
+CVE-2018-16634 (Pluck v4.7.7 allows CSRF via admin.php?action=settings. ...)
+ TODO: check
+CVE-2018-16633 (Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page ...)
+ TODO: check
CVE-2018-16632
RESERVED
-CVE-2018-16631
- RESERVED
+CVE-2018-16631 (Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ ...)
+ TODO: check
CVE-2018-16630
RESERVED
-CVE-2018-16629
- RESERVED
-CVE-2018-16628
- RESERVED
+CVE-2018-16629 (panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG ...)
+ TODO: check
+CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
+ TODO: check
CVE-2018-16627
RESERVED
CVE-2018-16626
@@ -11302,8 +11323,8 @@ CVE-2018-16480
RESERVED
CVE-2018-16479
RESERVED
-CVE-2018-16478
- RESERVED
+CVE-2018-16478 (A Path Traversal in simplehttpserver versions <=0.2.1 allows to list ...)
+ TODO: check
CVE-2018-16477 (A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud ...)
- rails <not-affected> (Only affects >= 5.2.0; vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/5
@@ -22040,36 +22061,36 @@ CVE-2018-12320 (There is a use after free in radare2 2.6.0 in r_anal_bb_free() i
[jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548
NOTE: https://github.com/radare/radare2/issues/10293
-CVE-2018-12319
- RESERVED
-CVE-2018-12318
- RESERVED
-CVE-2018-12317
- RESERVED
-CVE-2018-12316
- RESERVED
-CVE-2018-12315
- RESERVED
-CVE-2018-12314
- RESERVED
-CVE-2018-12313
- RESERVED
-CVE-2018-12312
- RESERVED
-CVE-2018-12311
- RESERVED
-CVE-2018-12310
- RESERVED
-CVE-2018-12309
- RESERVED
-CVE-2018-12308
- RESERVED
-CVE-2018-12307
- RESERVED
-CVE-2018-12306
- RESERVED
-CVE-2018-12305
- RESERVED
+CVE-2018-12319 (Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows ...)
+ TODO: check
+CVE-2018-12318 (Information disclosure in the SNMP settings page in ASUSTOR ADM ...)
+ TODO: check
+CVE-2018-12317 (OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows ...)
+ TODO: check
+CVE-2018-12316 (OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows ...)
+ TODO: check
+CVE-2018-12315 (Missing verification of a password in ASUSTOR ADM version 3.1.1 allows ...)
+ TODO: check
+CVE-2018-12314 (Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version ...)
+ TODO: check
+CVE-2018-12313 (OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows ...)
+ TODO: check
+CVE-2018-12312 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows ...)
+ TODO: check
+CVE-2018-12311 (Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM ...)
+ TODO: check
+CVE-2018-12310 (Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 ...)
+ TODO: check
+CVE-2018-12309 (Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows ...)
+ TODO: check
+CVE-2018-12308 (Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 ...)
+ TODO: check
+CVE-2018-12307 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows ...)
+ TODO: check
+CVE-2018-12306 (Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 ...)
+ TODO: check
+CVE-2018-12305 (Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 ...)
+ TODO: check
CVE-2018-12304
RESERVED
CVE-2018-12303
@@ -24617,10 +24638,10 @@ CVE-2018-11350 (An issue was discovered in Jirafeau before 3.4.1. The file "
NOT-FOR-US: Jirafeau
CVE-2018-11349 (The administration panel of Jirafeau before 3.4.1 is vulnerable to ...)
NOT-FOR-US: Jirafeau
-CVE-2018-11348
- RESERVED
-CVE-2018-11347
- RESERVED
+CVE-2018-11348 (Two XSS vulnerabilities are located in the profile edition page of the ...)
+ TODO: check
+CVE-2018-11347 (The YunoHost 2.7.2 through 2.7.14 web application is affected by one ...)
+ TODO: check
CVE-2018-11346 (An insecure direct object reference vulnerability in download.cgi in ...)
NOT-FOR-US: ASUSTOR
CVE-2018-11345 (An unrestricted file upload vulnerability in upload.cgi in ASUSTOR ...)
@@ -33371,8 +33392,8 @@ CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before BLA-AL00B
NOT-FOR-US: Huawei
CVE-2018-7988 (There is a Factory Reset Protection (FRP) bypass vulnerability on ...)
NOT-FOR-US: Huawei
-CVE-2018-7987
- RESERVED
+CVE-2018-7987 (There is an out-of-bounds write vulnerability on Huawei P20 ...)
+ TODO: check
CVE-2018-7986
RESERVED
CVE-2018-7985
@@ -33433,8 +33454,8 @@ CVE-2018-7958 (There is an anonymous TLS cipher suites supported vulnerability i
NOT-FOR-US: Huawei
CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an ...)
NOT-FOR-US: Huawei
-CVE-2018-7956
- RESERVED
+CVE-2018-7956 (Huawei VIP App is a mobile app for Malaysia customers that purchased ...)
+ TODO: check
CVE-2018-7955
RESERVED
CVE-2018-7954
@@ -36506,12 +36527,10 @@ CVE-2018-6984
RESERVED
CVE-2018-6983 (VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and ...)
NOT-FOR-US: VMware
-CVE-2018-6982
- RESERVED
+CVE-2018-6982 (VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 ...)
NOT-FOR-US: VMware
NOTE: https://seclists.org/bugtraq/2018/Nov/12
-CVE-2018-6981
- RESERVED
+CVE-2018-6981 (VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 ...)
NOT-FOR-US: VMware
NOTE: https://seclists.org/bugtraq/2018/Nov/12
CVE-2018-6980 (VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before ...)
@@ -37077,6 +37096,7 @@ CVE-2018-6796 (PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Sto
CVE-2018-6795 (PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every ...)
NOT-FOR-US: PHP Scripts Mall Naukri Clone Script
CVE-2018-6794 (Suricata before 4.0.4 is prone to an HTTP detection bypass ...)
+ {DLA-1603-1}
- suricata 1:4.0.4-1 (bug #889842)
[stretch] - suricata <no-dsa> (Minor issue)
[wheezy] - suricata <no-dsa> (Minor issue)
@@ -39188,8 +39208,7 @@ CVE-2018-6153
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6152
- RESERVED
+CVE-2018-6152 (The implementation of the Page.downloadBehavior backend ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -39394,14 +39413,12 @@ CVE-2018-6117
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6116
- RESERVED
+CVE-2018-6116 (A nullptr dereference in WebAssembly in Google Chrome prior to ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6115
- RESERVED
+CVE-2018-6115 (Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file ...)
- chromium-browser <not-affected> (windows specific)
CVE-2018-6114
RESERVED
@@ -39439,14 +39456,12 @@ CVE-2018-6109
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6108
- RESERVED
+CVE-2018-6108 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6107
- RESERVED
+CVE-2018-6107 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -39457,32 +39472,27 @@ CVE-2018-6106
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6105
- RESERVED
+CVE-2018-6105 (Incorrect handling of confusable characters in Omnibox in Google ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6104
- RESERVED
+CVE-2018-6104 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6103
- RESERVED
+CVE-2018-6103 (A stagnant permission prompt in Prompts in Google Chrome prior to ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6102
- RESERVED
+CVE-2018-6102 (Missing confusable characters in Internationalization in Google Chrome ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6101
- RESERVED
+CVE-2018-6101 (A lack of host validation in DevTools in Google Chrome prior to ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -39493,14 +39503,12 @@ CVE-2018-6100
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6099
- RESERVED
+CVE-2018-6099 (A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.106 ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6098
- RESERVED
+CVE-2018-6098 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -39517,14 +39525,12 @@ CVE-2018-6096
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6095
- RESERVED
+CVE-2018-6095 (Inappropriate dismissal of file picker on keyboard events in Blink in ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6094
- RESERVED
+CVE-2018-6094 (Inline metadata in GarbageCollection in Google Chrome prior to ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -39535,8 +39541,7 @@ CVE-2018-6093
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6092
- RESERVED
+CVE-2018-6092 (An integer overflow on 32-bit systems in WebAssembly in Google Chrome ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -39547,38 +39552,32 @@ CVE-2018-6091
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6090
- RESERVED
+CVE-2018-6090 (An integer overflow that lead to a heap buffer-overflow in Skia in ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6089
- RESERVED
+CVE-2018-6089 (A lack of CORS checks, after a Service Worker redirected to a ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6088
- RESERVED
+CVE-2018-6088 (An iterator-invalidation bug in PDFium in Google Chrome prior to ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6087
- RESERVED
+CVE-2018-6087 (A use-after-free in WebAssembly in Google Chrome prior to ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6086
- RESERVED
+CVE-2018-6086 (A double-eviction in the Incognito mode cache that lead to a ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6085
- RESERVED
+CVE-2018-6085 (Re-entry of a destructor in Networking Disk Cache in Google Chrome ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -56598,8 +56597,8 @@ CVE-2018-0470 (A vulnerability in the web framework of Cisco IOS XE Software cou
NOT-FOR-US: Cisco
CVE-2018-0469 (A vulnerability in the web user interface of Cisco IOS XE Software ...)
NOT-FOR-US: Cisco
-CVE-2018-0468
- RESERVED
+CVE-2018-0468 (A vulnerability in the configuration of a local database installed as ...)
+ TODO: check
CVE-2018-0467 (A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE ...)
NOT-FOR-US: Cisco
CVE-2018-0466 (A vulnerability in the Open Shortest Path First version 3 (OSPFv3) ...)
@@ -62539,6 +62538,7 @@ CVE-2017-15379 (An authentication bypass exists in the E-Sic 1.0 /index (aka log
CVE-2017-15378 (SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the ...)
NOT-FOR-US: E-Sic
CVE-2017-15377 (In Suricata before 4.x, it was possible to trigger lots of redundant ...)
+ {DLA-1603-1}
- suricata 1:4.0.0-1 (low)
[stretch] - suricata <no-dsa> (Minor issue)
[wheezy] - suricata <no-dsa> (Minor issue)
@@ -90072,7 +90072,7 @@ CVE-2017-XXXX [dns: out of bound memory read]
NOTE: https://redmine.openinfosecfoundation.org/issues/2022
NOTE: Fixed by: https://github.com/inliniac/suricata/commit/20990f7a7eb7939946a275dfc9a95426b0080a19 (3.2.1)
CVE-2017-7177 (Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused ...)
- {DLA-865-1}
+ {DLA-1603-1 DLA-865-1}
- suricata 3.2.1-1 (bug #856649)
NOTE: https://redmine.openinfosecfoundation.org/issues/2019
NOTE: Fixed by: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8 (3.2.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1ec208fa9cffadb86e05458d142b974124f9b2b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1ec208fa9cffadb86e05458d142b974124f9b2b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181204/95dd0cc1/attachment.html>
More information about the debian-security-tracker-commits
mailing list