[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 13 20:10:37 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78338f42 by security tracker role at 2018-12-13T20:10:29Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,49 @@
+CVE-2018-20144
+ RESERVED
+CVE-2018-20143
+ RESERVED
+CVE-2018-20142
+ RESERVED
+CVE-2018-20141
+ RESERVED
+CVE-2018-20140
+ RESERVED
+CVE-2018-20139
+ RESERVED
+CVE-2018-20138 (PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via ...)
+ TODO: check
+CVE-2018-20137 (XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or ...)
+ TODO: check
+CVE-2018-20136 (XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout ...)
+ TODO: check
+CVE-2018-20135
+ RESERVED
+CVE-2018-20134
+ RESERVED
+CVE-2018-20133
+ RESERVED
+CVE-2018-20132
+ RESERVED
+CVE-2018-20131
+ RESERVED
+CVE-2018-20130
+ RESERVED
+CVE-2018-20129 (An issue was discovered in DedeCMS V5.7 SP2. ...)
+ TODO: check
+CVE-2018-20128 (An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php ...)
+ TODO: check
+CVE-2018-20127 (An issue was discovered in zzzphp cms 1.5.8. del_file in ...)
+ TODO: check
+CVE-2018-20126
+ RESERVED
+CVE-2018-20125
+ RESERVED
+CVE-2018-20124
+ RESERVED
+CVE-2018-20123
+ RESERVED
CVE-2018-20145 [mosquitto acl bypass]
+ RESERVED
- mosquitto 1.5.5-1
[stretch] - mosquitto <not-affected> (Only affects 1.5.x)
[jessie] - mosquitto <not-affected> (Only affects 1.5.x)
@@ -5908,8 +5953,7 @@ CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This iss
NOTE: https://sourceforge.net/p/gnuplot/bugs/2093/
NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source
-CVE-2018-19489 [9pfs: crash due to race condition in renaming files]
- RESERVED
+CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a ...)
- qemu 1:3.1+dfsg-1 (bug #914727)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
@@ -6043,8 +6087,8 @@ CVE-2018-19441
RESERVED
CVE-2018-19440
RESERVED
-CVE-2018-19439
- RESERVED
+CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global ...)
+ TODO: check
CVE-2018-19438
RESERVED
CVE-2018-19443 (The client in Tryton 5.x before 5.0.1 tries to make a connection to the ...)
@@ -6254,8 +6298,7 @@ CVE-2018-19366
RESERVED
CVE-2018-19365
RESERVED
-CVE-2018-19364 [Use-after-free due to race condition while updating fid path]
- RESERVED
+CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while ...)
- qemu 1:3.1+dfsg-1 (bug #914599)
- qemu-kvm <removed>
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b76ef50f62079a2389ba28cacaf6cce68b1a0ed
@@ -7152,8 +7195,8 @@ CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 a
NOTE: https://www.kde.org/info/security/advisory-20181012-1.txt
CVE-2018-19119
RESERVED
-CVE-2018-19118
- RESERVED
+CVE-2018-19118 (Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote ...)
+ TODO: check
CVE-2018-19117
RESERVED
CVE-2018-19116
@@ -7362,8 +7405,7 @@ CVE-2018-19041
RESERVED
CVE-2018-19040
RESERVED
-CVE-2018-19039 [File exfiltration]
- RESERVED
+CVE-2018-19039 (Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated ...)
- grafana <removed>
NOTE: https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
CVE-2018-19038
@@ -7620,10 +7662,10 @@ CVE-2018-18925 (Gogs 0.11.66 allows remote code execution because it does not pr
NOT-FOR-US: Go Git Service
CVE-2018-18924 (The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to ...)
NOT-FOR-US: ProjeQtOr
-CVE-2018-18923
- RESERVED
-CVE-2018-18922
- RESERVED
+CVE-2018-18923 (AbiSoft Ticketly 1.0 is affected by multiple SQL Injection ...)
+ TODO: check
+CVE-2018-18922 (add_user in AbiSoft Ticketly 1.0 allows remote attackers to create ...)
+ TODO: check
CVE-2018-18921
RESERVED
CVE-2018-18920 (Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode ...)
@@ -8641,7 +8683,7 @@ CVE-2018-18499
RESERVED
CVE-2018-18498
RESERVED
- {DSA-4354-1}
+ {DSA-4354-1 DLA-1605-1}
- firefox <unfixed>
- firefox-esr 60.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18498
@@ -8660,21 +8702,21 @@ CVE-2018-18495
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18495
CVE-2018-18494
RESERVED
- {DSA-4354-1}
+ {DSA-4354-1 DLA-1605-1}
- firefox <unfixed>
- firefox-esr 60.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18494
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18494
CVE-2018-18493
RESERVED
- {DSA-4354-1}
+ {DSA-4354-1 DLA-1605-1}
- firefox <unfixed>
- firefox-esr 60.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18493
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18493
CVE-2018-18492
RESERVED
- {DSA-4354-1}
+ {DSA-4354-1 DLA-1605-1}
- firefox <unfixed>
- firefox-esr 60.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18492
@@ -11316,7 +11358,7 @@ CVE-2018-17467 (Insufficiently quick clearing of stale rendered content in Navig
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17466 (Incorrect texture handling in Angle in Google Chrome prior to ...)
- {DSA-4354-1 DSA-4330-1}
+ {DSA-4354-1 DSA-4330-1 DLA-1605-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
- firefox <unfixed>
@@ -13595,12 +13637,12 @@ CVE-2018-16559
RESERVED
CVE-2018-16558
RESERVED
-CVE-2018-16557
- RESERVED
-CVE-2018-16556
- RESERVED
-CVE-2018-16555
- RESERVED
+CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
+ TODO: check
+CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
+ TODO: check
+CVE-2018-16555 (A vulnerability has been identified in SCALANCE S602 (All versions < ...)
+ TODO: check
CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversal ...)
{DSA-4303-1 DLA-1516-1}
- okular 4:17.12.2-2.1 (bug #908168)
@@ -20649,16 +20691,16 @@ CVE-2018-13817
RESERVED
CVE-2018-13816 (A vulnerability has been identified in TIM 1531 IRC (All version < ...)
TODO: check
-CVE-2018-13815
- RESERVED
-CVE-2018-13814
- RESERVED
-CVE-2018-13813
- RESERVED
-CVE-2018-13812
- RESERVED
-CVE-2018-13811
- RESERVED
+CVE-2018-13815 (A vulnerability has been identified in SIMATIC S7-1200 (All versions), ...)
+ TODO: check
+CVE-2018-13814 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
+ TODO: check
+CVE-2018-13813 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
+ TODO: check
+CVE-2018-13812 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
+ TODO: check
+CVE-2018-13811 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) ...)
+ TODO: check
CVE-2018-13810
RESERVED
CVE-2018-13809
@@ -20671,8 +20713,8 @@ CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad Designe
NOT-FOR-US: Siemens
CVE-2018-13805 (A vulnerability has been identified in SIMATIC ET 200SP Open ...)
NOT-FOR-US: SIMATIC
-CVE-2018-13804
- RESERVED
+CVE-2018-13804 (A vulnerability has been identified in SIMATIC IT LMS (All versions), ...)
+ TODO: check
CVE-2018-13803
RESERVED
CVE-2018-13802 (A vulnerability has been identified in ROX II (All versions < ...)
@@ -24186,7 +24228,7 @@ CVE-2018-12406
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12406
CVE-2018-12405
RESERVED
- {DSA-4354-1}
+ {DSA-4354-1 DLA-1605-1}
- firefox <unfixed>
- firefox-esr 60.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12405
@@ -25158,8 +25200,8 @@ CVE-2018-12078 (The mintToken function of a smart contract implementation for Po
NOT-FOR-US: PolyAI
CVE-2018-12077
RESERVED
-CVE-2018-12076
- RESERVED
+CVE-2018-12076 (A vulnerability in the UPC bar code of the Avanti Markets MarketCard ...)
+ TODO: check
CVE-2018-12075
RESERVED
CVE-2018-12074
@@ -35713,8 +35755,7 @@ CVE-2018-8034 (The host name verification when using TLS with the WebSocket clie
NOTE: https://svn.apache.org/r1833758 (8.5.x)
NOTE: https://svn.apache.org/r1833759 (8.0.x)
NOTE: https://svn.apache.org/r1833760 (7.0.x)
-CVE-2018-8033
- RESERVED
+CVE-2018-8033 (In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine ...)
NOT-FOR-US: Apache OFBiz
CVE-2018-8032 (Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site ...)
- axis 1.4-28 (bug #905328)
@@ -36681,10 +36722,10 @@ CVE-2018-7693
RESERVED
CVE-2018-7692 (Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 ...)
NOT-FOR-US: NetIQ eDirectory
-CVE-2018-7691
- RESERVED
-CVE-2018-7690
- RESERVED
+CVE-2018-7691 (A potential Remote Unauthorized Access in Micro Focus Fortify Software ...)
+ TODO: check
+CVE-2018-7690 (A potential Remote Unauthorized Access in Micro Focus Fortify Software ...)
+ TODO: check
CVE-2018-7689 (Lack of permission checks in the InitializeDevelPackage function in ...)
- open-build-service <unfixed> (low; bug #903797)
[stretch] - open-build-service <no-dsa> (Minor issue)
@@ -53873,10 +53914,10 @@ CVE-2018-1889
RESERVED
CVE-2018-1888
RESERVED
-CVE-2018-1887
- RESERVED
-CVE-2018-1886
- RESERVED
+CVE-2018-1887 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
+ TODO: check
+CVE-2018-1886 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
+ TODO: check
CVE-2018-1885
RESERVED
CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and ...)
@@ -54005,24 +54046,24 @@ CVE-2018-1823
RESERVED
CVE-2018-1822 (IBM FlashSystem 900 product GUI allows a specially crafted attack to ...)
NOT-FOR-US: IBM
-CVE-2018-1821
- RESERVED
+CVE-2018-1821 (IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is ...)
+ TODO: check
CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2018-1819 (IBM Financial Transaction Manager for Digital Payments for ...)
NOT-FOR-US: IBM
-CVE-2018-1818
- RESERVED
-CVE-2018-1817
- RESERVED
+CVE-2018-1818 (IBM Security Guardium 10 and 10.5 contains hard-coded credentials, ...)
+ TODO: check
+CVE-2018-1817 (IBM Security Guardium 10 and 10.5 is vulnerable to cross-site ...)
+ TODO: check
CVE-2018-1816
RESERVED
-CVE-2018-1815
- RESERVED
-CVE-2018-1814
- RESERVED
-CVE-2018-1813
- RESERVED
+CVE-2018-1815 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
+ TODO: check
+CVE-2018-1814 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
+ TODO: check
+CVE-2018-1813 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
+ TODO: check
CVE-2018-1812 (IBM Robotic Process Automation with Automation Anywhere Enterprise 10 ...)
NOT-FOR-US: IBM
CVE-2018-1811
@@ -54037,12 +54078,12 @@ CVE-2018-1807
RESERVED
CVE-2018-1806
RESERVED
-CVE-2018-1805
- RESERVED
-CVE-2018-1804
- RESERVED
-CVE-2018-1803
- RESERVED
+CVE-2018-1805 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
+ TODO: check
+CVE-2018-1804 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
+ TODO: check
+CVE-2018-1803 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
+ TODO: check
CVE-2018-1802 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2018-1801
@@ -54167,8 +54208,8 @@ CVE-2018-1742 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-
NOT-FOR-US: IBM
CVE-2018-1741 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly ...)
NOT-FOR-US: IBM
-CVE-2018-1740
- RESERVED
+CVE-2018-1740 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
+ TODO: check
CVE-2018-1739
RESERVED
CVE-2018-1738 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an ...)
@@ -54313,12 +54354,12 @@ CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5
NOT-FOR-US: IBM
CVE-2018-1668
RESERVED
-CVE-2018-1667
- RESERVED
+CVE-2018-1667 (IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through ...)
+ TODO: check
CVE-2018-1666
RESERVED
-CVE-2018-1665
- RESERVED
+CVE-2018-1665 (IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through ...)
+ TODO: check
CVE-2018-1664 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...)
NOT-FOR-US: IBM
CVE-2018-1663 (IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow ...)
@@ -54341,8 +54382,8 @@ CVE-2018-1655 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rm
NOT-FOR-US: IBM AIX
CVE-2018-1654 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and ...)
NOT-FOR-US: IBM
-CVE-2018-1653
- RESERVED
+CVE-2018-1653 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, ...)
+ TODO: check
CVE-2018-1652 (IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through ...)
NOT-FOR-US: IBM
CVE-2018-1651
@@ -107392,8 +107433,8 @@ CVE-2017-1270 (IBM Security Guardium 10.0 does not renew a session variable afte
NOT-FOR-US: IBM Security Guardium
CVE-2017-1269 (IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A ...)
NOT-FOR-US: IBM
-CVE-2017-1268
- RESERVED
+CVE-2017-1268 (IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash ...)
+ TODO: check
CVE-2017-1267 (IBM Security Guardium 10.0 and 10.1 processes patches, image backups ...)
NOT-FOR-US: IBM
CVE-2017-1266 (IBM Security Guardium 10.0 specifies permissions for a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78338f42d83f903923302d81f86474e24d6c4fc1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78338f42d83f903923302d81f86474e24d6c4fc1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181213/1ac06b55/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list