[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Nov 1 08:10:28 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67e101b7 by security tracker role at 2018-11-01T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php ...)
+	TODO: check
+CVE-2018-18891 (MiniCMS 1.10 allows file deletion via ...)
+	TODO: check
+CVE-2018-18890 (MiniCMS 1.10 allows full path disclosure via ...)
+	TODO: check
+CVE-2018-18889
+	RESERVED
+CVE-2018-18888 (An issue was discovered in laravelCMS through 2018-04-02. ...)
+	TODO: check
+CVE-2018-18887 (S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type ...)
+	TODO: check
+CVE-2018-18886
+	RESERVED
+CVE-2018-18885
+	RESERVED
+CVE-2018-18884
+	RESERVED
 CVE-2018-18882
 	RESERVED
 CVE-2018-18881
@@ -583,7 +601,7 @@ CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup priv
 	TODO: check
 CVE-2016-10729 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
 	TODO: check
-CVE-2018-18883 [XSA-278: x86: Nested VT-x usable even when disabled]
+CVE-2018-18883 (An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 ...)
 	- xen <unfixed>
 	[stretch] - xen <not-affected> (Only affects 4.9 and later)
 	[jessie] - xen <not-affected> (Only affects 4.9 and later)
@@ -5417,6 +5435,7 @@ CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in ...)
 	[jessie] - mupdf <ignored> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699686
 CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause ...)
+	{DLA-1562-1}
 	- poppler <unfixed> (low; bug #909802)
 	[stretch] - poppler <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
@@ -7830,12 +7849,12 @@ CVE-2018-15709
 	RESERVED
 CVE-2018-15708
 	RESERVED
-CVE-2018-15707
-	RESERVED
-CVE-2018-15706
-	RESERVED
-CVE-2018-15705
-	RESERVED
+CVE-2018-15707 (Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site ...)
+	TODO: check
+CVE-2018-15706 (WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote ...)
+	TODO: check
+CVE-2018-15705 (WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote ...)
+	TODO: check
 CVE-2018-15704 (Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2018-15703 (Advantech WebAccess 8.3.2 and below is vulnerable to multiple ...)
@@ -10283,8 +10302,7 @@ CVE-2018-14663
 	RESERVED
 CVE-2018-14662
 	RESERVED
-CVE-2018-14661
-	RESERVED
+CVE-2018-14661 (It was found that usage of snprintf function in feature/locks ...)
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
@@ -10320,8 +10338,7 @@ CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulne
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
-CVE-2018-14651
-	RESERVED
+CVE-2018-14651 (It was found that the fix for CVE-2018-10927, CVE-2018-10928, ...)
 	- glusterfs <unfixed>
 	[stretch] - glusterfs <not-affected> (Incomplete fixes for CVE-2018-109{26,27,28,29,30} not applied)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
@@ -12221,6 +12238,7 @@ CVE-2018-13990
 CVE-2018-13989 (Grundig Smart Inter at ctive TV 3.0 devices allow CSRF attacks via a POST ...)
 	NOT-FOR-US: Grundig Smart Inter at ctive TV 3.0 devices
 CVE-2018-13988 (Poppler through 0.62 contains an out of bounds read vulnerability due ...)
+	{DLA-1562-1}
 	- poppler 0.69.0-2 (low; bug #904922)
 	[stretch] - poppler <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1602838
@@ -17870,8 +17888,7 @@ CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML parsers were not configured
 	NOTE: CVE-2018-11796.
 CVE-2018-11760
 	RESERVED
-CVE-2018-11759 [Apache Tomcat JK (mod_jk) Connector path traversal]
-	RESERVED
+CVE-2018-11759 (The Apache Web Server (httpd) specific code that normalised the ...)
 	- libapache-mod-jk 1:1.2.46-1
 	NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.46
 CVE-2018-11758 (This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, ...)
@@ -20073,6 +20090,7 @@ CVE-2018-10947
 CVE-2018-10946
 	RESERVED
 CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler ...)
+	{DLA-1562-1}
 	[experimental] - poppler 0.65.0-1
 	- poppler 0.69.0-2 (bug #898357)
 	[stretch] - poppler <no-dsa> (Minor issue)
@@ -20786,6 +20804,7 @@ CVE-2018-10770 (download.rsp on ShenZhen Anni "5 in 1 XVR" devices all
 CVE-2018-10769 (The transferProxy and approveProxy functions of a smart contract ...)
 	NOT-FOR-US: smart contract
 CVE-2018-10768 (There is a NULL pointer dereference in the AnnotPath::getCoordsLength ...)
+	{DLA-1562-1}
 	- poppler 0.38.0-2
 	[wheezy] - poppler <not-affected> (Vulnerable code is not present)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=106408
@@ -112513,8 +112532,7 @@ CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for re
 	- openvpn <unfixed> (unimportant)
 	NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32
 	NOTE: This is a generic cryptographic weakness, not a vulnerability in OpenVPN per se
-CVE-2016-6328
-	RESERVED
+CVE-2016-6328 (A vulnerability was found in libexif. An integer overflow when parsing ...)
 	- libexif 0.6.21-2.1 (bug #873022)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	[jessie] - libexif <no-dsa> (Minor issue)
@@ -126439,8 +126457,7 @@ CVE-2016-2126 (Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevat
 	- samba 2:4.5.2+dfsg-2
 	[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2126.html
-CVE-2016-2125 [Unconditional privilege delegation to Kerberos servers in trusted realms]
-	RESERVED
+CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always ...)
 	{DSA-3740-1 DLA-776-1}
 	- samba 2:4.5.2+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67e101b7065a19884938196499f60990a6f41936

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67e101b7065a19884938196499f60990a6f41936
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181101/8a58809c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list