[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 30 20:10:28 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c536a39 by security tracker role at 2018-11-30T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,11 @@
+CVE-2018-19780
+ RESERVED
CVE-2018-19779
RESERVED
CVE-2018-19778
RESERVED
-CVE-2018-19777
- RESERVED
+CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an infinite loop in the function ...)
+ TODO: check
CVE-2018-19776
RESERVED
CVE-2018-19775
@@ -3858,8 +3860,8 @@ CVE-2018-19292
RESERVED
CVE-2018-19291 (An issue discovered in DiliCMS 2.4.0. There is a CSRF vulnerability ...)
NOT-FOR-US: DiliCMS
-CVE-2018-19290
- RESERVED
+CVE-2018-19290 (In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax ...)
+ TODO: check
CVE-2018-19289 (An issue was discovered in Valine v1.3.3. It allows HTML injection, ...)
NOT-FOR-US: Valine
CVE-2018-19288 (Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the ...)
@@ -4891,16 +4893,16 @@ CVE-2018-18989
RESERVED
CVE-2018-18988
RESERVED
-CVE-2018-18987
- RESERVED
+CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program populating ...)
+ TODO: check
CVE-2018-18986
RESERVED
CVE-2018-18985
RESERVED
CVE-2018-18984
RESERVED
-CVE-2018-18983
- RESERVED
+CVE-2018-18983 (VT-Designer Version 2.1.7.31 is vulnerable by the program reading the ...)
+ TODO: check
CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application allows ...)
NOT-FOR-US: NUUO CMS
CVE-2018-18981
@@ -5174,8 +5176,8 @@ CVE-2018-18862
RESERVED
CVE-2018-18861 (Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code ...)
NOT-FOR-US: PCMan FTP Server
-CVE-2018-18860
- RESERVED
+CVE-2018-18860 (A local privilege escalation vulnerability has been identified in the ...)
+ TODO: check
CVE-2018-18859 (Multiple local privilege escalation vulnerabilities have been ...)
NOT-FOR-US: LiquidVPN client for macOS
CVE-2018-18858 (Multiple local privilege escalation vulnerabilities have been ...)
@@ -6537,7 +6539,7 @@ CVE-2018-18312 [Heap-buffer-overflow write in S_regatom (regcomp.c)]
NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/9b0464aa670d0a59bda5b75d54f2a6b6f9d1288a
CVE-2018-18311 [Integer overflow leading to buffer overflow and segmentation fault]
RESERVED
- {DSA-4347-1}
+ {DSA-4347-1 DLA-1601-1}
- perl 5.28.1-1
NOTE: https://rt.perl.org/Ticket/Display.html?id=133204
NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
@@ -11143,12 +11145,10 @@ CVE-2018-16479
RESERVED
CVE-2018-16478
RESERVED
-CVE-2018-16477 [Bypass vulnerability in Active Storage]
- RESERVED
+CVE-2018-16477 (A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud ...)
- rails <not-affected> (Only affects >= 5.2.0; vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/5
-CVE-2018-16476 [Broken Access Control vulnerability in Active Job]
- RESERVED
+CVE-2018-16476 (A Broken Access Control vulnerability in Active Job versions >= 4.2.0 ...)
- rails <unfixed> (bug #914847)
[jessie] - rails <not-affected> (only affects >= 4.2.0)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/4
@@ -12098,16 +12098,16 @@ CVE-2018-16099
RESERVED
CVE-2018-16098
RESERVED
-CVE-2018-16097
- RESERVED
+CVE-2018-16097 (LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System ...)
+ TODO: check
CVE-2018-16096 (In System Management Module (SMM) versions prior to 1.06, the SMM web ...)
NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16095 (In System Management Module (SMM) versions prior to 1.06, the SMM ...)
NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16094 (In System Management Module (SMM) versions prior to 1.06, an internal ...)
NOT-FOR-US: Lenovo / System Management Module (SMM)
-CVE-2018-16093
- RESERVED
+CVE-2018-16093 (In versions prior to 5.5, LXCI for VMware allows an authenticated user ...)
+ TODO: check
CVE-2018-16092 (In System Management Module (SMM) versions prior to 1.06, the FFDC ...)
NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16091 (In System Management Module (SMM) versions prior to 1.06, the SMM ...)
@@ -12854,8 +12854,8 @@ CVE-2018-15836 (In verify_signed_hash() in lib/liboswkeys/signatures.c in Opensw
- openswan <removed>
NOTE: https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51
NOTE: https://lists.openswan.org/pipermail/users/2018-August/023761.html
-CVE-2018-15835
- RESERVED
+CVE-2018-15835 (Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID ...)
+ TODO: check
CVE-2018-15834 (In radare2 before 2.9.0, a heap overflow vulnerability exists in the ...)
- radare2 2.9.0+dfsg-1
[stretch] - radare2 <no-dsa> (Minor issue)
@@ -12994,10 +12994,10 @@ CVE-2018-15770
RESERVED
CVE-2018-15769 (RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x ...)
NOT-FOR-US: RSA BSAFE Micro Edition Suite
-CVE-2018-15768
- RESERVED
-CVE-2018-15767
- RESERVED
+CVE-2018-15768 (Dell OpenManage Network Manager versions prior to 6.5.0 enabled ...)
+ TODO: check
+CVE-2018-15767 (The Dell OpenManage Network Manager virtual appliance versions prior ...)
+ TODO: check
CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint ...)
NOT-FOR-US: Dell
CVE-2018-15765 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, ...)
@@ -15738,8 +15738,7 @@ CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The p
- 389-ds-base 1.4.0.18-1 (bug #908859)
[jessie] - 389-ds-base <not-affected> (Vulnerable code not present)
NOTE: https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73
-CVE-2018-14637
- RESERVED
+CVE-2018-14637 (The SAML broker consumer endpoint in Keycloak before version ...)
NOT-FOR-US: Keycloak
CVE-2018-14636 (Live-migrated instances are briefly able to inspect traffic for other ...)
- neutron <unfixed> (low)
@@ -30435,8 +30434,8 @@ CVE-2018-9074 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.3
NOT-FOR-US: Lenovo
CVE-2018-9073 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes ...)
NOT-FOR-US: Lenovo Chassis Management Module
-CVE-2018-9072
- RESERVED
+CVE-2018-9072 (In versions prior to 5.5, LXCI for VMware allows an authenticated user ...)
+ TODO: check
CVE-2018-9071 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows ...)
NOT-FOR-US: Lenovo Chassis Management Module
CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier than ...)
@@ -33568,10 +33567,10 @@ CVE-2018-7833
RESERVED
CVE-2018-7832
RESERVED
-CVE-2018-7831
- RESERVED
-CVE-2018-7830
- RESERVED
+CVE-2018-7831 (An Improper Neutralization of Script-Related HTML Tags in a Web Page ...)
+ TODO: check
+CVE-2018-7830 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP ...)
+ TODO: check
CVE-2018-7829
RESERVED
CVE-2018-7828
@@ -33608,18 +33607,18 @@ CVE-2018-7813
RESERVED
CVE-2018-7812
RESERVED
-CVE-2018-7811
- RESERVED
-CVE-2018-7810
- RESERVED
-CVE-2018-7809
- RESERVED
+CVE-2018-7811 (An Unverified Password Change vulnerability exists in the embedded web ...)
+ TODO: check
+CVE-2018-7810 (An Improper Neutralization of Input During Web Page Generation ...)
+ TODO: check
+CVE-2018-7809 (An Unverified Password Change vulnerability exists in the embedded web ...)
+ TODO: check
CVE-2018-7808
RESERVED
-CVE-2018-7807
- RESERVED
-CVE-2018-7806
- RESERVED
+CVE-2018-7807 (Data Center Expert, versions 7.5.0 and earlier, allows for the upload ...)
+ TODO: check
+CVE-2018-7806 (Data Center Operation allows for the upload of a zip file from its ...)
+ TODO: check
CVE-2018-7805
RESERVED
CVE-2018-7804
@@ -45161,8 +45160,8 @@ CVE-2018-3950
RESERVED
CVE-2018-3949
RESERVED
-CVE-2018-3948
- RESERVED
+CVE-2018-3948 (An exploitable denial-of-service vulnerability exists in the ...)
+ TODO: check
CVE-2018-3947 (An exploitable information disclosure vulnerability exists in the ...)
NOT-FOR-US: Yi Home Camera
CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
@@ -51104,10 +51103,10 @@ CVE-2018-1930
RESERVED
CVE-2018-1929
RESERVED
-CVE-2018-1928
- RESERVED
-CVE-2018-1927
- RESERVED
+CVE-2018-1928 (IBM StoredIQ 7.6.0 does not implement proper authorization of user ...)
+ TODO: check
+CVE-2018-1927 (IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which ...)
+ TODO: check
CVE-2018-1926
RESERVED
CVE-2018-1925
@@ -51166,8 +51165,8 @@ CVE-2018-1899
RESERVED
CVE-2018-1898
RESERVED
-CVE-2018-1897
- RESERVED
+CVE-2018-1897 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 ...)
+ TODO: check
CVE-2018-1896
RESERVED
CVE-2018-1895
@@ -55676,8 +55675,8 @@ CVE-2018-0718 (Command injection vulnerability in Music Station 5.1.2 and earlie
NOT-FOR-US: Music Station
CVE-2018-0717
RESERVED
-CVE-2018-0716
- RESERVED
+CVE-2018-0716 (Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS ...)
+ TODO: check
CVE-2018-0715 (Cross-site scripting vulnerability in QNAP Photo Station versions ...)
NOT-FOR-US: QNAP Photo Station
CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c536a399a9d7e956e6ebb375279ee201ca93675
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c536a399a9d7e956e6ebb375279ee201ca93675
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181130/84098f28/attachment.html>
More information about the debian-security-tracker-commits
mailing list