[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 28 08:10:25 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
04fb4b7f by security tracker role at 2018-11-28T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2956,16 +2956,19 @@ CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX executes commands from the c
NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
NOTE: Introduced by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e3a434468fecca7c14a6bef32050dfa60534fde6
CVE-2018-19477 (psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote ...)
+ {DSA-4346-1}
- ghostscript 9.26~dfsg-1
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb (ghostscript-9.26)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03 (master)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700168
CVE-2018-19476 (psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers ...)
+ {DSA-4346-1}
- ghostscript 9.26~dfsg-1
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a (ghostscript-9.26)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16 (master)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700169
CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote ...)
+ {DSA-4346-1}
- ghostscript 9.26~dfsg-1
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e (ghostscript-9.26)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master)
@@ -3087,6 +3090,7 @@ CVE-2018-19411 (PRTG Network Monitor before 18.2.40.1683 allows an authenticated
CVE-2018-19410 (PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2018-19409 (An issue was discovered in Artifex Ghostscript before 9.26. ...)
+ {DSA-4346-1}
- ghostscript 9.26~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700176
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=661e8d8fb8248c38d67958beda32f3a5876d0c3f
@@ -4428,8 +4432,8 @@ CVE-2018-18984
RESERVED
CVE-2018-18983
RESERVED
-CVE-2018-18982
- RESERVED
+CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application allows ...)
+ TODO: check
CVE-2018-18981
RESERVED
CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 ...)
@@ -7134,12 +7138,12 @@ CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content spoofi
NOT-FOR-US: Zimbra
CVE-2018-17937
RESERVED
-CVE-2018-17936
- RESERVED
+CVE-2018-17936 (NUUO CMS All versions 3.3 and prior the application allows the upload ...)
+ TODO: check
CVE-2018-17935 (All versions of Telecrane F25 Series Radio Controls before 00.0A use ...)
NOT-FOR-US: Telecrane
-CVE-2018-17934
- RESERVED
+CVE-2018-17934 (NUUO CMS All versions 3.3 and prior the application allows external ...)
+ TODO: check
CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may ...)
NOT-FOR-US: VGo Robot
CVE-2018-17932
@@ -8685,8 +8689,8 @@ CVE-2018-17258
RESERVED
CVE-2018-17257
RESERVED
-CVE-2018-17256
- RESERVED
+CVE-2018-17256 (Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS ...)
+ TODO: check
CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter. ...)
NOT-FOR-US: Navigate CMS
CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the ...)
@@ -11540,8 +11544,8 @@ CVE-2018-16132 (The image rendering component (createGenericPreview) of the Open
NOT-FOR-US: Signal app (specific on iOS)
CVE-2018-16131 (The decodeRequest and decodeRequestWith directives in Lightbend Akka ...)
NOT-FOR-US: Lightbend Akka
-CVE-2018-16130
- RESERVED
+CVE-2018-16130 (System command injection in request_mitv in Xiaomi Mi Router 3 version ...)
+ TODO: check
CVE-2018-558213
REJECTED
CVE-2018-16129
@@ -14501,10 +14505,10 @@ CVE-2018-14895
RESERVED
CVE-2018-14894
RESERVED
-CVE-2018-14893
- RESERVED
-CVE-2018-14892
- RESERVED
+CVE-2018-14893 (A system command injection vulnerability in zyshclient in ZyXEL NSA325 ...)
+ TODO: check
+CVE-2018-14892 (Missing protections against Cross-Site Request Forgery in the web ...)
+ TODO: check
CVE-2018-14891 (Management Console in Vectra Networks Cognito Brain and Sensor before ...)
NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
CVE-2018-14890 (Vectra Networks Cognito Brain and Sensor before 4.2 contains a ...)
@@ -18344,8 +18348,8 @@ CVE-2018-13419 (An issue has been found in libsndfile 1.0.28. There is a memory
[stretch] - libsndfile <no-dsa> (Minor issue)
[jessie] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/398
-CVE-2018-13418
- RESERVED
+CVE-2018-13418 (System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 ...)
+ TODO: check
CVE-2018-13417 (In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for ...)
- azureus <removed>
CVE-2018-13416 (In Universal Media Server (UMS) 7.1.0, the XML parsing engine for ...)
@@ -18467,32 +18471,32 @@ CVE-2018-13363
RESERVED
CVE-2018-13362
RESERVED
-CVE-2018-13361
- RESERVED
-CVE-2018-13360
- RESERVED
-CVE-2018-13359
- RESERVED
-CVE-2018-13358
- RESERVED
-CVE-2018-13357
- RESERVED
-CVE-2018-13356
- RESERVED
-CVE-2018-13355
- RESERVED
-CVE-2018-13354
- RESERVED
-CVE-2018-13353
- RESERVED
-CVE-2018-13352
- RESERVED
-CVE-2018-13351
- RESERVED
-CVE-2018-13350
- RESERVED
-CVE-2018-13349
- RESERVED
+CVE-2018-13361 (User enumeration in usertable.php in TerraMaster TOS version 3.1.03 ...)
+ TODO: check
+CVE-2018-13360 (Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 ...)
+ TODO: check
+CVE-2018-13359 (Cross-site scripting in usertable.php in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13358 (System command injection in ajaxdata.php in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13357 (Cross-site scripting in Control Panel in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13356 (Incorrect access control on ajaxdata.php in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13355 (Cross-site scripting in Control Panel in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13354 (System command injection in logtable.php in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13353 (System command injection in ajaxdata.php in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13352 (Session Exposure in the web application for TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13351 (Cross-site scripting in Control Panel in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13350 (SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows ...)
+ TODO: check
+CVE-2018-13349 (Cross-site scripting in the web application taskbar in TerraMaster TOS ...)
+ TODO: check
CVE-2018-13345
RESERVED
CVE-2018-13344
@@ -18507,26 +18511,26 @@ CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request
NOT-FOR-US: Gleez CMS
CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode ...)
NOT-FOR-US: Imperavi Redactor
-CVE-2018-13338
- RESERVED
-CVE-2018-13337
- RESERVED
-CVE-2018-13336
- RESERVED
-CVE-2018-13335
- RESERVED
-CVE-2018-13334
- RESERVED
-CVE-2018-13333
- RESERVED
-CVE-2018-13332
- RESERVED
-CVE-2018-13331
- RESERVED
-CVE-2018-13330
- RESERVED
-CVE-2018-13329
- RESERVED
+CVE-2018-13338 (System command injection in ajaxdata.php in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13337 (Session Fixation in the web application for TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13336 (System command injection in ajaxdata.php in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13335 (Cross-site scripting in Control Panel in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13334 (Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 ...)
+ TODO: check
+CVE-2018-13333 (Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 ...)
+ TODO: check
+CVE-2018-13332 (Directory Traversal in the explorer application in TerraMaster TOS ...)
+ TODO: check
+CVE-2018-13331 (Cross-site scripting in Control Panel in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13330 (System command injection in ajaxdata.php in TerraMaster TOS version ...)
+ TODO: check
+CVE-2018-13329 (Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 ...)
+ TODO: check
CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart contract ...)
NOT-FOR-US: smart contract
CVE-2018-13327 (The transfer and transferFrom functions of a smart contract ...)
@@ -18551,12 +18555,12 @@ CVE-2018-13318 (System command injection in User.create method in Buffalo TS5600
NOT-FOR-US: Buffalo
CVE-2018-13317 (Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 ...)
NOT-FOR-US: TOTOLINK
-CVE-2018-13316
- RESERVED
+CVE-2018-13316 (System command injection in formAliasIp in TOTOLINK A3002RU version ...)
+ TODO: check
CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK A3002RU ...)
NOT-FOR-US: TOTOLINK
-CVE-2018-13314
- RESERVED
+CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU version ...)
+ TODO: check
CVE-2018-13313
RESERVED
CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version ...)
@@ -18569,10 +18573,10 @@ CVE-2018-13309 (Cross-site scripting in password.htm in TOTOLINK A3002RU version
NOT-FOR-US: TOTOLINK
CVE-2018-13308 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version ...)
NOT-FOR-US: TOTOLINK
-CVE-2018-13307
- RESERVED
-CVE-2018-13306
- RESERVED
+CVE-2018-13307 (System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 ...)
+ TODO: check
+CVE-2018-13306 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...)
+ TODO: check
CVE-2018-13305 (In FFmpeg 4.0.1, due to a missing check for negative values of the ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <undetermined>
@@ -19218,10 +19222,10 @@ CVE-2018-13025 (protected/apps/admin/controller/photoController.php in YXcms 1.4
NOT-FOR-US: YXcms
CVE-2018-13024 (Metinfo v6.0.0 allows remote attackers to write code into a .php file, ...)
NOT-FOR-US: Metinfo
-CVE-2018-13023
- RESERVED
-CVE-2018-13022
- RESERVED
+CVE-2018-13023 (System command injection vulnerability in wifi_access in Xiaomi Mi ...)
+ TODO: check
+CVE-2018-13022 (Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi ...)
+ TODO: check
CVE-2018-13021 (An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script ...)
NOT-FOR-US: HongCMS
CVE-2018-13020
@@ -27266,8 +27270,8 @@ CVE-2018-10144
RESERVED
CVE-2018-10143
RESERVED
-CVE-2018-10142
- RESERVED
+CVE-2018-10142 (The Expedition Migration tool 1.0.106 and earlier may allow an ...)
+ TODO: check
CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 ...)
@@ -32690,8 +32694,8 @@ CVE-2018-7990 (Mate10 Pro Huawei smart phones with the versions before 8.1.0.326
NOT-FOR-US: Huawei
CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before BLA-AL00B ...)
NOT-FOR-US: Huawei
-CVE-2018-7988
- RESERVED
+CVE-2018-7988 (There is a Factory Reset Protection (FRP) bypass vulnerability on ...)
+ TODO: check
CVE-2018-7987
RESERVED
CVE-2018-7986
@@ -32712,8 +32716,8 @@ CVE-2018-7979
RESERVED
CVE-2018-7978
RESERVED
-CVE-2018-7977
- RESERVED
+CVE-2018-7977 (There is an information leakage vulnerability on several Huawei ...)
+ TODO: check
CVE-2018-7976 (There is a stored cross-site scripting (XSS) vulnerability in Huawei ...)
NOT-FOR-US: Huawei
CVE-2018-7975
@@ -32744,14 +32748,14 @@ CVE-2018-7963
RESERVED
CVE-2018-7962
RESERVED
-CVE-2018-7961
- RESERVED
-CVE-2018-7960
- RESERVED
-CVE-2018-7959
- RESERVED
-CVE-2018-7958
- RESERVED
+CVE-2018-7961 (There is a smart SMS verification code vulnerability in some Huawei ...)
+ TODO: check
+CVE-2018-7960 (There is a SRTP icon display vulnerability in Huawei eSpace product. ...)
+ TODO: check
+CVE-2018-7959 (There is a short key vulnerability in Huawei eSpace product. An ...)
+ TODO: check
+CVE-2018-7958 (There is an anonymous TLS cipher suites supported vulnerability in ...)
+ TODO: check
CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an ...)
NOT-FOR-US: Huawei
CVE-2018-7956
@@ -32774,8 +32778,8 @@ CVE-2018-7948
RESERVED
CVE-2018-7947 (Huawei mobile phones with versions earlier before Emily-AL00A ...)
NOT-FOR-US: Huawei
-CVE-2018-7946
- RESERVED
+CVE-2018-7946 (There is an information leak vulnerability in some Huawei smartphones. ...)
+ TODO: check
CVE-2018-7945
RESERVED
CVE-2018-7944 (Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and ...)
@@ -55167,12 +55171,12 @@ CVE-2018-0723
RESERVED
CVE-2018-0722
RESERVED
-CVE-2018-0721
- RESERVED
+CVE-2018-0721 (Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and ...)
+ TODO: check
CVE-2018-0720
RESERVED
-CVE-2018-0719
- RESERVED
+CVE-2018-0719 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.2.6 build ...)
+ TODO: check
CVE-2018-0718 (Command injection vulnerability in Music Station 5.1.2 and earlier ...)
NOT-FOR-US: Music Station
CVE-2018-0717
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04fb4b7f9ff851df4ec33f15eff3aa1fc475cacb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04fb4b7f9ff851df4ec33f15eff3aa1fc475cacb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181128/a8677200/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list