[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 28 20:10:37 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c22b889f by security tracker role at 2018-12-28T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2018-20579 (Contiki-NG before 4.2 has a stack-based buffer overflow in the push ...)
+ TODO: check
+CVE-2018-20578 (An issue was discovered in NuttX before 7.27. The function ...)
+ TODO: check
+CVE-2018-20577 (Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, ...)
+ TODO: check
+CVE-2018-20576 (Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and ...)
+ TODO: check
+CVE-2018-20575 (Orange Livebox 00.96.320S devices have an undocumented ...)
+ TODO: check
+CVE-2018-20574 (The SingleDocParser::HandleFlowMap function in yaml-cpp (aka ...)
+ TODO: check
+CVE-2018-20573 (The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) ...)
+ TODO: check
+CVE-2018-20572 (WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL ...)
+ TODO: check
+CVE-2018-20571 (DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a ...)
+ TODO: check
+CVE-2018-20570 (jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer ...)
+ TODO: check
+CVE-2018-20569 (user/index.php in Ivan Cordoba Generic Content Management System (CMS) ...)
+ TODO: check
+CVE-2018-20568 (Administrator/index.php in Ivan Cordoba Generic Content Management ...)
+ TODO: check
+CVE-2018-20567 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+ TODO: check
+CVE-2018-20566 (An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full ...)
+ TODO: check
+CVE-2018-20565 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+ TODO: check
+CVE-2018-20564 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+ TODO: check
+CVE-2018-20563 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+ TODO: check
+CVE-2018-20562 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+ TODO: check
+CVE-2018-20561 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+ TODO: check
+CVE-2018-20560 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+ TODO: check
+CVE-2018-20559 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+ TODO: check
+CVE-2018-20558 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+ TODO: check
+CVE-2018-20557 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+ TODO: check
+CVE-2018-20556
+ RESERVED
+CVE-2018-20555
+ RESERVED
+CVE-2018-20554
+ RESERVED
+CVE-2018-20553 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len ...)
+ TODO: check
+CVE-2018-20552 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree ...)
+ TODO: check
+CVE-2018-1000893
+ RESERVED
+CVE-2018-1000892
+ RESERVED
+CVE-2018-1000891
+ RESERVED
CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0 allows ...)
- poppler <unfixed> (low; bug #917525)
[stretch] - poppler <ignored> (Minor issue)
@@ -303,6 +365,7 @@ CVE-2018-20435
CVE-2018-20434
RESERVED
CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in ...)
+ {DLA-1621-1}
- c3p0 0.9.1.2-10 (bug #917257)
[stretch] - c3p0 <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/zhutougg/c3p0/commit/2eb0ea97f745740b18dd45e4a909112d4685f87b
@@ -647,7 +710,7 @@ CVE-2018-1000876 (binutils version 2.32 and earlier contains a Integer Overflow
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC Server and ...)
NOT-FOR-US: BOINC server (src:boinc only covers the client)
-CVE-2018-1000874 (PHP Markdown version 1.2.0 and earlier contains a Cross Site Scripting ...)
+CVE-2018-1000874 (PHP cebe markdown parser version 1.2.0 and earlier contains a Cross ...)
NOT-FOR-US: cebe markdown parser (different from src:php-markdown)
CVE-2018-1000873 (Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper ...)
TODO: check, could affect any of the src-jackson* packages
@@ -11512,8 +11575,8 @@ CVE-2018-18698 (An issue was discovered on Xiaomi Mi A1 ...)
TODO: check
CVE-2018-18697
RESERVED
-CVE-2018-18696
- RESERVED
+CVE-2018-18696 (main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has ...)
+ TODO: check
CVE-2018-18695 (M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with ...)
NOT-FOR-US: M2SOFT Report Designer Viewer
CVE-2018-18694 (admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote ...)
@@ -11573,12 +11636,12 @@ CVE-2018-18669
RESERVED
CVE-2018-18668
RESERVED
-CVE-2018-18667
- RESERVED
-CVE-2018-18666
- RESERVED
-CVE-2018-18665
- RESERVED
+CVE-2018-18667 (The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum ...)
+ TODO: check
+CVE-2018-18666 (The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum ...)
+ TODO: check
+CVE-2018-18665 (The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum ...)
+ TODO: check
CVE-2018-18664
RESERVED
CVE-2018-18663
@@ -14514,8 +14577,8 @@ CVE-2018-17540 (The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow
{DSA-4309-1 DLA-1528-1}
- strongswan 5.7.1-1
NOTE: https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
-CVE-2018-17539
- RESERVED
+CVE-2018-17539 (The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and ...)
+ TODO: check
CVE-2018-17538 (** DISPUTED ** Axon (formerly TASER International) Evidence Sync ...)
NOT-FOR-US: Axon Evidence Sync
CVE-2018-17537 [Persistent XSS package.json]
@@ -16832,10 +16895,10 @@ CVE-2018-16640 (ImageMagick 7.0.8-5 has a memory leak vulnerability in the funct
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1201
CVE-2018-16639
RESERVED
-CVE-2018-16638
- RESERVED
-CVE-2018-16637
- RESERVED
+CVE-2018-16638 (Evolution CMS 1.4.x allows XSS via the manager/ search parameter. ...)
+ TODO: check
+CVE-2018-16637 (Evolution CMS 1.4.x allows XSS via the page weblink title parameter to ...)
+ TODO: check
CVE-2018-16636 (Nucleus CMS 3.70 allows HTML Injection via the index.php body ...)
NOT-FOR-US: Nucleus CMS
CVE-2018-16635 (Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page ...)
@@ -16844,12 +16907,12 @@ CVE-2018-16634 (Pluck v4.7.7 allows CSRF via admin.php?action=settings. ...)
NOT-FOR-US: Pluck CMS
CVE-2018-16633 (Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page ...)
NOT-FOR-US: Pluck CMS
-CVE-2018-16632
- RESERVED
+CVE-2018-16632 (Mezzanine CMS v4.3.1 allows XSS via the ...)
+ TODO: check
CVE-2018-16631 (Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ ...)
NOT-FOR-US: Subrion CMS
-CVE-2018-16630
- RESERVED
+CVE-2018-16630 (Kirby v2.5.12 allows XSS by using the "site files" Add option to ...)
+ TODO: check
CVE-2018-16629 (panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG ...)
NOT-FOR-US: Subrion CMS
CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
@@ -20138,12 +20201,12 @@ CVE-2018-15337
RESERVED
CVE-2018-15336
RESERVED
-CVE-2018-15335
- RESERVED
-CVE-2018-15334
- RESERVED
-CVE-2018-15333
- RESERVED
+CVE-2018-15335 (When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM ...)
+ TODO: check
+CVE-2018-15334 (A cross-site request forgery (CSRF) vulnerability in the APM webtop ...)
+ TODO: check
+CVE-2018-15333 (On versions 11.2.1. and greater, unrestricted Snapshot File Access ...)
+ TODO: check
CVE-2018-15332 (The svpn component of the F5 BIG-IP APM client prior to version ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-15331 (On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used ...)
@@ -21372,22 +21435,22 @@ CVE-2015-9262 (_XcursorThemeInherits in library.c in libXcursor before 1.1.15 al
NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05
CVE-2018-14777 (An issue was discovered in DataLife Engine (DLE) through 13.0. An ...)
NOT-FOR-US: DataLife Engine
-CVE-2018-1000631
- RESERVED
-CVE-2018-1000630
- RESERVED
-CVE-2018-1000629
- RESERVED
-CVE-2018-1000628
- RESERVED
-CVE-2018-1000627
- RESERVED
-CVE-2018-1000626
- RESERVED
-CVE-2018-1000625
- RESERVED
-CVE-2018-1000624
- RESERVED
+CVE-2018-1000631 (Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker ...)
+ TODO: check
+CVE-2018-1000630 (Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote ...)
+ TODO: check
+CVE-2018-1000629 (Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused ...)
+ TODO: check
+CVE-2018-1000628 (Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass ...)
+ TODO: check
+CVE-2018-1000627 (Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain ...)
+ TODO: check
+CVE-2018-1000626 (Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass ...)
+ TODO: check
+CVE-2018-1000625 (Battelle V2I Hub 2.5.1 contains hard-coded credentials for the ...)
+ TODO: check
+CVE-2018-1000624 (Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by ...)
+ TODO: check
CVE-2018-14776 (Click Studios Passwordstate before 8.3 Build 8397 allows XSS by ...)
NOT-FOR-US: Click Studios Passwordstate
CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a ...)
@@ -41227,8 +41290,8 @@ CVE-2018-7368
RESERVED
CVE-2018-7367
RESERVED
-CVE-2018-7366
- RESERVED
+CVE-2018-7366 (ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions ...)
+ TODO: check
CVE-2018-7365 (All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product ...)
NOT-FOR-US: ZTE
CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product ...)
@@ -48203,10 +48266,10 @@ CVE-2018-5205 (When using incomplete escape codes, Irssi before 1.0.6 may access
[wheezy] - irssi <no-dsa> (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
-CVE-2018-5204
- RESERVED
-CVE-2018-5203
- RESERVED
+CVE-2018-5204 (ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a ...)
+ TODO: check
+CVE-2018-5203 (DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a ...)
+ TODO: check
CVE-2018-5202 (SKCertService 2.5.5 and earlier contains a vulnerability that could ...)
TODO: check
CVE-2018-5201 (Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c22b889fa6dd9eef41b218bca65409d94ad51e77
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c22b889fa6dd9eef41b218bca65409d94ad51e77
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181228/e0d1723b/attachment.html>
More information about the debian-security-tracker-commits
mailing list