[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Dec 20 20:10:35 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e33b04e by security tracker role at 2018-12-20T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,151 @@
-CVE-2018-20307
+CVE-2018-20317
 	RESERVED
-CVE-2018-20306
+CVE-2018-20316
 	RESERVED
+CVE-2018-20315
+	RESERVED
+CVE-2018-20314
+	RESERVED
+CVE-2018-20313
+	RESERVED
+CVE-2018-20312
+	RESERVED
+CVE-2018-20311
+	RESERVED
+CVE-2018-20310
+	RESERVED
+CVE-2018-20309
+	RESERVED
+CVE-2018-20308
+	RESERVED
+CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a Directory ...)
+	TODO: check
+CVE-2018-1000881 (Traccar Traccar Server version 4.0 and earlier contains a CWE-94: ...)
+	TODO: check
+CVE-2018-1000880 (libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 ...)
+	TODO: check
+CVE-2018-1000879 (libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 ...)
+	TODO: check
+CVE-2018-1000878 (libarchive version commit 416694915449219d505531b1096384f3237dd6cc ...)
+	TODO: check
+CVE-2018-1000877 (libarchive version commit 416694915449219d505531b1096384f3237dd6cc ...)
+	TODO: check
+CVE-2018-1000876 (binutils version 2.32 and earlier contains a Integer Overflow ...)
+	TODO: check
+CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC Server and ...)
+	TODO: check
+CVE-2018-1000874 (PHP Markdown version 1.2.0 and earlier contains a Cross Site Scripting ...)
+	TODO: check
+CVE-2018-1000873 (Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper ...)
+	TODO: check
+CVE-2018-1000872 (OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: ...)
+	TODO: check
+CVE-2018-1000871 (HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL ...)
+	TODO: check
+CVE-2018-1000870 (PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in ...)
+	TODO: check
+CVE-2018-1000869 (phpIPAM version 1.3.2 contains a CWE-89 vulnerability in ...)
+	TODO: check
+CVE-2018-1000868 (WeBid version up to current version 1.2.2 contains a Cross Site ...)
+	TODO: check
+CVE-2018-1000867 (WeBid version up to current version 1.2.2 contains a SQL Injection ...)
+	TODO: check
+CVE-2018-1000860 (phpipam version 1.3.2 and earlier contains a Cross Site Scripting ...)
+	TODO: check
+CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery ...)
+	TODO: check
+CVE-2018-1000857 (log-user-session version 0.7 and earlier contains a Directory ...)
+	TODO: check
+CVE-2018-1000856 (DomainMOD version 4.09.03 and above. Also verified in the latest ...)
+	TODO: check
+CVE-2018-1000855 (easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) ...)
+	TODO: check
+CVE-2018-1000854 (esigate.org esigate version 5.2 and earlier contains a CWE-74: ...)
+	TODO: check
+CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released version before commit ...)
+	TODO: check
+CVE-2018-1000851 (Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a ...)
+	TODO: check
+CVE-2018-1000850 (Square Retrofit version versions from (including) 2.0 and 2.5.0 ...)
+	TODO: check
+CVE-2018-1000849 (Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 ...)
+	TODO: check
+CVE-2018-1000848 (Wampserver version prior to version 3.1.5 contains a Cross Site ...)
+	TODO: check
+CVE-2018-1000847 (FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) ...)
+	TODO: check
+CVE-2018-1000846 (FreshDNS version 1.0.3 and earlier contains a Cross ite Request ...)
+	TODO: check
+CVE-2018-1000845 (Avahi version 0.7 contains a Incorrect Access Control vulnerability in ...)
+	TODO: check
+CVE-2018-1000844 (Square Open Source Retrofit version Prior to commit ...)
+	TODO: check
+CVE-2018-1000843 (Luigi version prior to version 2.8.0; after commit ...)
+	TODO: check
+CVE-2018-1000842 (FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, ...)
+	TODO: check
+CVE-2018-1000841 (Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) ...)
+	TODO: check
+CVE-2018-1000840 (Processing Foundation Processing version 3.4 and earlier contains a ...)
+	TODO: check
+CVE-2018-1000839 (LH-EHR version REL-2_0_0 contains a Arbitrary File Upload ...)
+	TODO: check
+CVE-2018-1000838 (autopsy version <= 4.9.0 contains a XML External Entity (XXE) ...)
+	TODO: check
+CVE-2018-1000837 (UML Designer version <= 8.0.0 contains a XML External Entity (XXE) ...)
+	TODO: check
+CVE-2018-1000836 (bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML ...)
+	TODO: check
+CVE-2018-1000835 (KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity ...)
+	TODO: check
+CVE-2018-1000834 (runelite version <= runelite-parent-1.4.23 contains a XML External ...)
+	TODO: check
+CVE-2018-1000833 (ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in ...)
+	TODO: check
+CVE-2018-1000832 (ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in ...)
+	TODO: check
+CVE-2018-1000831 (K9Mail version <= v5.600 contains a XML External Entity (XXE) ...)
+	TODO: check
+CVE-2018-1000830 (XR3Player version <= V3.124 contains a XML External Entity (XXE) ...)
+	TODO: check
+CVE-2018-1000829 (Anyplace version before commit 80359b4 contains a XML External Entity ...)
+	TODO: check
+CVE-2018-1000828 (FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML ...)
+	TODO: check
+CVE-2018-1000827 (Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in ...)
+	TODO: check
+CVE-2018-1000826 (Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) ...)
+	TODO: check
+CVE-2018-1000825 (FreeCol version <= nightly-2018-08-22 contains a XML External Entity ...)
+	TODO: check
+CVE-2018-1000824 (MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in ...)
+	TODO: check
+CVE-2018-1000823 (exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) ...)
+	TODO: check
+CVE-2018-1000822 (codelibs fess version before commit faa265b contains a XML External ...)
+	TODO: check
+CVE-2018-1000821 (MicroMathematics version before commit 5c05ac8 contains a XML External ...)
+	TODO: check
+CVE-2018-1000820 (neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c ...)
+	TODO: check
+CVE-2018-1000817 (Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to ...)
+	TODO: check
+CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site ...)
+	TODO: check
+CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains ...)
+	TODO: check
+CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a ...)
+	TODO: check
+CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site ...)
+	TODO: check
+CVE-2018-1000812 (&#xc1;rtica Soluciones Tecnol&#xf3;gicas Integria IMS version 5.0 MR56 ...)
+	TODO: check
+CVE-2018-1000811 (bludit version 3.0.0 contains a Unrestricted Upload of File with ...)
+	TODO: check
+CVE-2018-20307 (Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and ...)
+	TODO: check
+CVE-2018-20306 (A stored cross-site scripting (XSS) vulnerability in the web ...)
+	TODO: check
 CVE-2018-20305 (D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code ...)
 	NOT-FOR-US: D-Link
 CVE-2018-20304 (wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows ...)
@@ -10,8 +154,8 @@ CVE-2018-20303 (In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory tra
 	NOT-FOR-US: Go Git Service
 CVE-2018-20302 (An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the ...)
 	TODO: check
-CVE-2018-20301
-	RESERVED
+CVE-2018-20301 (An issue was discovered in Steve Pallen Coherence before 0.5.2 that is ...)
+	TODO: check
 CVE-2018-20300 (Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code ...)
 	NOT-FOR-US: Empire CMS
 CVE-2018-20299 (An issue was discovered in several Bosch Smart Home cameras (360 degree ...)
@@ -9392,10 +9536,10 @@ CVE-2018-19236
 	RESERVED
 CVE-2018-19235
 	RESERVED
-CVE-2018-19234
-	RESERVED
-CVE-2018-19233
-	RESERVED
+CVE-2018-19234 (The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise ...)
+	TODO: check
+CVE-2018-19233 (COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users ...)
+	TODO: check
 CVE-2018-19232
 	RESERVED
 CVE-2018-19231
@@ -23169,7 +23313,7 @@ CVE-2018-13844 (An issue has been found in HTSlib 1.8. It is a memory leak in fa
 	[stretch] - htslib <no-dsa> (Minor issue)
 	[jessie] - htslib <no-dsa> (Minor issue)
 	NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403675330
-CVE-2018-13843 (An issue has been found in HTSlib 1.8. It is a memory leak in ...)
+CVE-2018-13843 (** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory ...)
 	- htslib 1.9-2 (low)
 	[stretch] - htslib <no-dsa> (Minor issue)
 	[jessie] - htslib <no-dsa> (Minor issue)
@@ -27967,18 +28111,18 @@ CVE-2018-11990
 	RESERVED
 CVE-2018-11989
 	RESERVED
-CVE-2018-11988
-	RESERVED
-CVE-2018-11987
-	RESERVED
-CVE-2018-11986
-	RESERVED
-CVE-2018-11985
-	RESERVED
-CVE-2018-11984
-	RESERVED
-CVE-2018-11983
-	RESERVED
+CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
+CVE-2018-11987 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
+CVE-2018-11986 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
+CVE-2018-11985 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
+CVE-2018-11984 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
+CVE-2018-11983 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
 CVE-2018-11982 (In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, ...)
 	NOT-FOR-US: Snapdragon
 CVE-2018-11981
@@ -28013,18 +28157,18 @@ CVE-2018-11967
 	RESERVED
 CVE-2018-11966
 	RESERVED
-CVE-2018-11965
-	RESERVED
-CVE-2018-11964
-	RESERVED
-CVE-2018-11963
-	RESERVED
+CVE-2018-11965 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
+CVE-2018-11964 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
+CVE-2018-11963 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
 CVE-2018-11962
 	RESERVED
-CVE-2018-11961
-	RESERVED
-CVE-2018-11960
-	RESERVED
+CVE-2018-11961 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
+CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
 CVE-2018-11959
 	RESERVED
 CVE-2018-11958
@@ -36915,8 +37059,8 @@ CVE-2018-8655
 	RESERVED
 CVE-2018-8654
 	RESERVED
-CVE-2018-8653
-	RESERVED
+CVE-2018-8653 (A remote code execution vulnerability exists in the way that the ...)
+	TODO: check
 CVE-2018-8652 (A Cross-site Scripting (XSS) vulnerability exists when Windows Azure ...)
 	NOT-FOR-US: Windows Azure Pack Rollup
 CVE-2018-8651 (A cross site scripting vulnerability exists when Microsoft Dynamics ...)
@@ -40379,8 +40523,8 @@ CVE-2018-7367
 	RESERVED
 CVE-2018-7366
 	RESERVED
-CVE-2018-7365
-	RESERVED
+CVE-2018-7365 (All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product ...)
+	TODO: check
 CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product ...)
 	NOT-FOR-US: ZTE
 CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
@@ -42475,8 +42619,8 @@ CVE-2018-6671 (Application Protection Bypass vulnerability in McAfee ePolicy ...
 	NOT-FOR-US: McAfee
 CVE-2018-6670 (External Entity Attack vulnerability in the ePO extension in McAfee ...)
 	NOT-FOR-US: McAfee
-CVE-2018-6669
-	RESERVED
+CVE-2018-6669 (A whitelist bypass vulnerability in McAfee Application Control / ...)
+	TODO: check
 CVE-2018-6668
 	RESERVED
 CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user ...)
@@ -47339,12 +47483,12 @@ CVE-2018-5202
 	RESERVED
 CVE-2018-5201
 	RESERVED
-CVE-2018-5200
-	RESERVED
-CVE-2018-5199
-	RESERVED
-CVE-2018-5198
-	RESERVED
+CVE-2018-5200 (KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow ...)
+	TODO: check
+CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to insufficient domain validation, It ...)
+	TODO: check
+CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race condition when calling the ...)
+	TODO: check
 CVE-2018-5197
 	RESERVED
 CVE-2018-5196
@@ -56321,8 +56465,8 @@ CVE-2018-1975
 	RESERVED
 CVE-2018-1974
 	RESERVED
-CVE-2018-1973
-	RESERVED
+CVE-2018-1973 (IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited ...)
+	TODO: check
 CVE-2018-1972
 	RESERVED
 CVE-2018-1971
@@ -56699,8 +56843,8 @@ CVE-2018-1786 (IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorr
 	NOT-FOR-US: IBM Spectrum Protect
 CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses ...)
 	NOT-FOR-US: IBM
-CVE-2018-1784
-	RESERVED
+CVE-2018-1784 (IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection ...)
+	TODO: check
 CVE-2018-1783 (IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, ...)
 	NOT-FOR-US: IBM
 CVE-2018-1782 (IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, ...)
@@ -56711,8 +56855,8 @@ CVE-2018-1780 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
 	NOT-FOR-US: IBM
 CVE-2018-1779 (IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated ...)
 	NOT-FOR-US: IBM
-CVE-2018-1778
-	RESERVED
+CVE-2018-1778 (IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) ...)
+	TODO: check
 CVE-2018-1777 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
 	NOT-FOR-US: IBM
 CVE-2018-1776
@@ -56725,8 +56869,8 @@ CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow a
 	NOT-FOR-US: IBM
 CVE-2018-1772
 	RESERVED
-CVE-2018-1771
-	RESERVED
+CVE-2018-1771 (IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands ...)
+	TODO: check
 CVE-2018-1770 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
 	NOT-FOR-US: IBM
 CVE-2018-1769
@@ -56913,8 +57057,8 @@ CVE-2018-1679 (IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 co
 	NOT-FOR-US: IBM
 CVE-2018-1678
 	RESERVED
-CVE-2018-1677
-	RESERVED
+CVE-2018-1677 (IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and ...)
+	TODO: check
 CVE-2018-1676 (IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM Planning Analytics
 CVE-2018-1675
@@ -56945,8 +57089,8 @@ CVE-2018-1663 (IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could a
 	NOT-FOR-US: IBM
 CVE-2018-1662
 	RESERVED
-CVE-2018-1661
-	RESERVED
+CVE-2018-1661 (IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to ...)
+	TODO: check
 CVE-2018-1660 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2018-1659 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
@@ -58884,6 +59028,7 @@ CVE-2018-1161 (This vulnerability allows remote attackers to execute arbitrary c
 	NOT-FOR-US: Quest NetVault Backup
 CVE-2018-1160 [Unauthenticated remote code execution in Netatalk]
 	RESERVED
+	{DSA-4356-1}
 	- netatalk <unfixed> (bug #916930)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13711
 CVE-2018-1159 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory ...)
@@ -84853,8 +84998,8 @@ CVE-2017-9706 (In Android for MSM, Firefox OS for MSM, QRD Android, with all And
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-9705 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-9704
-	RESERVED
+CVE-2017-9704 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+	TODO: check
 CVE-2017-9703 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e33b04e5f4e02dfebc28e2aac1faffa4ea1cec6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e33b04e5f4e02dfebc28e2aac1faffa4ea1cec6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181220/67b6edd4/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list