[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Oct 1 21:10:52 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92d4961b by security tracker role at 2018-10-01T20:10:39Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
-CVE-2018-17854
-	RESERVED
+CVE-2018-17854 (SIMDComp before 0.1.1 allows remote attackers to cause a denial of ...)
+	TODO: check
 CVE-2018-17853
 	RESERVED
-CVE-2018-17852
-	RESERVED
-CVE-2018-17851
-	RESERVED
-CVE-2018-17850
-	RESERVED
+CVE-2018-17852 (A SQL injection was discovered in WUZHI CMS 4.1.0 in ...)
+	TODO: check
+CVE-2018-17851 (An issue was discovered in JsonCpp 1.8.4. An unhandled exception ...)
+	TODO: check
+CVE-2018-17850 (An issue was discovered in JsonCpp 1.8.4. An unhandled exception ...)
+	TODO: check
 CVE-2018-17849
 	RESERVED
-CVE-2018-17848
-	RESERVED
-CVE-2018-17847
-	RESERVED
-CVE-2018-17846
-	RESERVED
+CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
+	TODO: check
+CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
+	TODO: check
+CVE-2018-17846 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
+	TODO: check
 CVE-2018-17845
 	RESERVED
 CVE-2018-17844
@@ -30,34 +30,34 @@ CVE-2018-17840
 	RESERVED
 CVE-2018-17839
 	RESERVED
-CVE-2018-17838
-	RESERVED
-CVE-2018-17837
-	RESERVED
-CVE-2018-17836
-	RESERVED
-CVE-2018-17835
-	RESERVED
+CVE-2018-17838 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read ...)
+	TODO: check
+CVE-2018-17837 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion ...)
+	TODO: check
+CVE-2018-17836 (An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote ...)
+	TODO: check
+CVE-2018-17835 (An issue was discovered in GetSimple CMS 3.3.15. An administrator can ...)
+	TODO: check
 CVE-2018-17834
 	RESERVED
 CVE-2018-17833
 	RESERVED
-CVE-2018-17832
-	RESERVED
-CVE-2018-17831
-	RESERVED
-CVE-2018-17830
-	RESERVED
+CVE-2018-17832 (XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. ...)
+	TODO: check
+CVE-2018-17831 (In REDAXO before 5.6.3, a critical SQL injection vulnerability has been ...)
+	TODO: check
+CVE-2018-17830 (The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 ...)
+	TODO: check
 CVE-2018-17829
 	RESERVED
-CVE-2018-17828
-	RESERVED
-CVE-2018-17827
-	RESERVED
-CVE-2018-17826
-	RESERVED
-CVE-2018-17825
-	RESERVED
+CVE-2018-17828 (Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers ...)
+	TODO: check
+CVE-2018-17827 (HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by ...)
+	TODO: check
+CVE-2018-17826 (HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add ...)
+	TODO: check
+CVE-2018-17825 (An issue was discovered in AdPlug 2.3.1. There are several double-free ...)
+	TODO: check
 CVE-2018-17824
 	RESERVED
 CVE-2018-17823
@@ -126,10 +126,10 @@ CVE-2018-17794 (An issue was discovered in cplus-dem.c in GNU libiberty, as dist
 	[stretch] - binutils <ignored> (Minor issue)
 	[jessie] - binutils <ignored> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350
-CVE-2015-9268
-	RESERVED
-CVE-2015-9267
-	RESERVED
+CVE-2015-9268 (Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe ...)
+	TODO: check
+CVE-2015-9267 (Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary ...)
+	TODO: check
 CVE-2018-17793 (Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and ...)
 	- python-virtualenv <unfixed> (unimportant)
 	NOTE: https://github.com/pypa/virtualenv/issues/1207
@@ -875,8 +875,8 @@ CVE-2018-17429
 	RESERVED
 CVE-2018-17428
 	RESERVED
-CVE-2018-17427
-	RESERVED
+CVE-2018-17427 (SIMDComp before 0.1.0 allows remote attackers to cause a denial of ...)
+	TODO: check
 CVE-2018-17426
 	RESERVED
 CVE-2018-17425
@@ -1417,6 +1417,7 @@ CVE-2018-17185
 CVE-2018-17184
 	RESERVED
 CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8. The ...)
+	{DSA-4308-1}
 	- linux 4.18.10-1
 	NOTE: https://git.kernel.org/linus/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
 	NOTE: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
@@ -1892,6 +1893,7 @@ CVE-2018-16986
 CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was ...)
 	NOT-FOR-US: Lizard
 CVE-2018-16984 [Password hash disclosure to "view only" admin users]
+	RESERVED
 	[experimental] - python-django 2:2.1.2-1
 	- python-django <not-affected> (bug #910016; vulnerable code not present)
 	NOTE: https://www.djangoproject.com/weblog/2018/oct/01/security-release/
@@ -2636,6 +2638,7 @@ CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP m
 	NOTE: https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d (5.1)
 	NOTE: https://github.com/kamailio/kamailio/commit/f07dabffef98c7088cdbc2bd695a4ae7a241b159 (5.0)
 CVE-2018-16658 (An issue was discovered in the Linux kernel before 4.18.6. An ...)
+	{DSA-4308-1}
 	- linux 4.18.6-1
 	NOTE: Fixed by: https://git.kernel.org/linus/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 (4.19-rc2)
 CVE-2018-16656
@@ -3609,6 +3612,7 @@ CVE-2018-16277 (The Image Import function in XWiki through 10.7 has XSS. ...)
 CVE-2018-16275 (OPSWAT MetaDefender before v4.11.2 allows CSV injection. ...)
 	NOT-FOR-US: OPSWAT MetaDefender
 CVE-2018-16276 (An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in ...)
+	{DSA-4308-1}
 	- linux 4.17.8-1
 	NOTE: Fixed by: https://git.kernel.org/linus/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 (4.18-rc5)
 CVE-2018-16274
@@ -5433,10 +5437,12 @@ CVE-2018-15574 (** DISPUTED ** An issue was discovered in the license editor in
 CVE-2018-15573 (** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) ...)
 	NOT-FOR-US: Reprise License Manager
 CVE-2018-15594 (arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles ...)
+	{DSA-4308-1}
 	- linux 4.17.15-1
 	NOTE: https://twitter.com/grsecurity/status/1029324426142199808
 	NOTE: https://git.kernel.org/linus/5800dc5c19f34e6e03b5adab1282535cb102fafd
 CVE-2018-15572 (The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c ...)
+	{DSA-4308-1}
 	- linux 4.17.15-1
 	NOTE: https://git.kernel.org/linus/fdf82a7856b32d905c39afc85e34364491e46346
 CVE-2018-15571 (The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV ...)
@@ -7057,48 +7063,48 @@ CVE-2018-14810
 	RESERVED
 CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
 	NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14808
-	RESERVED
+CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5.  Non-administrative users ...)
+	TODO: check
 CVE-2018-14807
 	RESERVED
 CVE-2018-14806
 	RESERVED
 CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the system ...)
 	NOT-FOR-US: ABB eSOMS
-CVE-2018-14804
-	RESERVED
+CVE-2018-14804 (Emerson AMS Device Manager v12.0 to v13.5.  A specially crafted ...)
+	TODO: check
 CVE-2018-14803 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
 	NOT-FOR-US: Philips e-Alert Unit
-CVE-2018-14802
-	RESERVED
+CVE-2018-14802 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), ...)
+	TODO: check
 CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all ...)
 	NOT-FOR-US: Philips PageWriter
 CVE-2018-14800
 	RESERVED
 CVE-2018-14799 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all ...)
 	NOT-FOR-US: Philips PageWriter
-CVE-2018-14798
-	RESERVED
+CVE-2018-14798 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), ...)
+	TODO: check
 CVE-2018-14797 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a ...)
 	NOT-FOR-US: Emerson DeltaV DCS
 CVE-2018-14796 (Tec4Data SmartCooler, all versions prior to firmware 180806, the ...)
 	NOT-FOR-US: Tec4Data SmartCooler
 CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...)
 	NOT-FOR-US: DeltaV
-CVE-2018-14794
-	RESERVED
+CVE-2018-14794 (Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device ...)
+	TODO: check
 CVE-2018-14793 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...)
 	NOT-FOR-US: DeltaV
 CVE-2018-14792 (WECON PLC Editor version 1.3.3U may allow an attacker to execute code ...)
 	NOT-FOR-US: WECON
 CVE-2018-14791 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may ...)
 	NOT-FOR-US: Emerson DeltaV DCS
-CVE-2018-14790
-	RESERVED
+CVE-2018-14790 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), ...)
+	TODO: check
 CVE-2018-14789 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version ...)
 	NOT-FOR-US: Philips
-CVE-2018-14788
-	RESERVED
+CVE-2018-14788 (Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer ...)
+	TODO: check
 CVE-2018-14787 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version ...)
 	NOT-FOR-US: Philips
 CVE-2018-14786 (Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps ...)
@@ -7298,6 +7304,7 @@ CVE-2018-14735 (An Information Exposure issue was discovered in Hitachi Command
 CVE-2018-14733
 	RESERVED
 CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 ...)
+	{DSA-4308-1}
 	- linux 4.17.14-1
 	NOTE: https://git.kernel.org/linus/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 (4.18-rc1)
 CVE-2018-14732 (An issue was discovered in lib/Server.js in webpack-dev-server before ...)
@@ -7402,6 +7409,7 @@ CVE-2018-14684
 CVE-2018-14683
 	RESERVED
 CVE-2018-14678 (An issue was discovered in the Linux kernel through 4.17.11, as used in ...)
+	{DSA-4308-1}
 	- linux 4.17.14-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-274.html
 	NOTE: https://git.kernel.org/linus/b3681dd548d06deb2e1573890829dff4b15abf46
@@ -7546,6 +7554,7 @@ CVE-2018-14634 (An integer overflow flaw was found in the Linux kernel's ...)
 	[stretch] - linux 4.9.47-1
 	NOTE: https://www.openwall.com/lists/oss-security/2018/09/25/4
 CVE-2018-14633 (A security flaw was found in the chap_server_compute_md5() function in ...)
+	{DSA-4308-1}
 	- linux 4.18.10-1
 	NOTE: https://www.openwall.com/lists/oss-security/2018/09/24/2
 CVE-2018-14632 (An out of bound write can occur when patching an Openshift object ...)
@@ -7606,6 +7615,7 @@ CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in
 	NOTE: https://github.com/curl/curl/issues/2756
 	NOTE: https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243
 CVE-2018-14617 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
+	{DSA-4308-1}
 	- linux 4.18.8-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200297
 	NOTE: https://www.spinics.net/lists/linux-fsdevel/msg130021.html
@@ -7636,6 +7646,7 @@ CVE-2018-14610 (An issue was discovered in the Linux kernel through 4.17.10. The
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837
 	NOTE: https://patchwork.kernel.org/patch/10503415/
 CVE-2018-14609 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
+	{DSA-4308-1}
 	- linux 4.18.8-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199833
 	NOTE: https://patchwork.kernel.org/patch/10500521/
@@ -11290,6 +11301,7 @@ CVE-2018-13100 (An issue was discovered in fs/f2fs/super.c in the Linux kernel t
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200183
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d
 CVE-2018-13099 (An issue was discovered in fs/f2fs/inline.c in the Linux kernel through ...)
+	{DSA-4308-1}
 	- linux 4.18.10-1
 	[jessie] - linux-4.9 <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200179
@@ -17178,6 +17190,7 @@ CVE-2018-10940 (The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c
 CVE-2018-10939 (Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before ...)
 	NOT-FOR-US: Zimbra Web Client
 CVE-2018-10938 (A flaw was found in the Linux kernel present since v4.0-rc1 and ...)
+	{DSA-4308-1}
 	- linux 4.13.4-1 (unimportant)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/40413955ee265a5e42f710940ec78f5450d49149 (4.13-rc5)
@@ -17343,6 +17356,7 @@ CVE-2018-10903 (A flaw was found in python-cryptography versions between >=1.
 	NOTE: https://github.com//pyca/cryptography/pull/4342
 	NOTE: https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef
 CVE-2018-10902 (It was found that the raw midi kernel driver does not protect against ...)
+	{DSA-4308-1}
 	- linux 4.17.15-1
 	NOTE: https://git.kernel.org/linus/39675f7a7c7e7702f7d5341f1e0d01db746543a0 (4.18-rc6)
 CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization subsystem. The ...)
@@ -18204,8 +18218,8 @@ CVE-2018-10607 (Martem TELEM GW6 and GWM devices with firmware ...)
 	NOT-FOR-US: Martem TELEM GW6 and GWM devices
 CVE-2018-10606 (WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based ...)
 	TODO: check
-CVE-2018-10605
-	RESERVED
+CVE-2018-10605 (Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow ...)
+	TODO: check
 CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full access to ...)
 	NOT-FOR-US: SEL Compass
 CVE-2018-10603 (Martem TELEM GW6 and GWM devices with firmware ...)
@@ -20853,6 +20867,7 @@ CVE-2018-9517
 	NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
 CVE-2018-9516
 	RESERVED
+	{DSA-4308-1}
 	- linux 4.17.6-1
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=717adfdaf14704fd3ec7fa2c04520c0723247eac
 	NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
@@ -21233,6 +21248,7 @@ CVE-2018-9364
 	RESERVED
 CVE-2018-9363 [HID: Bluetooth: hidp: buffer overflow in hidp_process_report]
 	RESERVED
+	{DSA-4308-1}
 	- linux 4.17.15-1
 CVE-2018-9362
 	RESERVED
@@ -25357,6 +25373,7 @@ CVE-2017-18222 (In the Linux kernel before 4.12, Hisilicon Network Subsystem (HN
 CVE-2018-7756 (RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices ...)
 	NOT-FOR-US: RunExeFile.exe in the installer for DEWESoft X3 SP1 devices
 CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...)
+	{DSA-4308-1}
 	- linux 4.18.10-1
 	[jessie] - linux-4.9 <unfixed>
 	NOTE: https://lkml.org/lkml/2018/5/29/495
@@ -29327,9 +29344,11 @@ CVE-2018-6556 (lxc-user-nic when asked to delete a network interface will ...)
 	NOTE: Prerequisite: https://github.com/lxc/lxc/commit/f96f5f3c1341e73ee51c8b49bef4ba571c562d8c
 	NOTE: Fixed by: https://github.com/lxc/lxc/commit/5eb45428b312e978fb9e294dde16efb14dd9fa4d
 CVE-2018-6555 (The irda_setsockopt function in net/irda/af_irda.c and later in ...)
+	{DSA-4308-1}
 	- linux 4.17.3-1
 	NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
 CVE-2018-6554 (Memory leak in the irda_bind function in net/irda/af_irda.c and later ...)
+	{DSA-4308-1}
 	- linux 4.17.3-1
 	NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
 CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd backend due ...)
@@ -43099,8 +43118,8 @@ CVE-2018-1674 (IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through
 	NOT-FOR-US: IBM
 CVE-2018-1673
 	RESERVED
-CVE-2018-1672
-	RESERVED
+CVE-2018-1672 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the ...)
+	TODO: check
 CVE-2018-1671
 	RESERVED
 CVE-2018-1670
@@ -43603,8 +43622,8 @@ CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next Generation
 	NOT-FOR-US: IBM
 CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and ...)
 	NOT-FOR-US: IBM WebSphere DataPower Appliances
-CVE-2018-1420
-	RESERVED
+CVE-2018-1420 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control ...)
+	TODO: check
 CVE-2018-1419 (IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for ...)
 	NOT-FOR-US: IBM
 CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass ...)
@@ -53187,7 +53206,7 @@ CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an
 	NOT-FOR-US: PHPSUGAR PHP Melody
 CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image ...)
 	NOT-FOR-US: PHPSUGAR PHP Melody
-CVE-2017-15567 (The certificate import component in IDEMIA (formerly Morpho) ...)
+CVE-2017-15567 (** DISPUTED ** The certificate import component in IDEMIA (formerly ...)
 	NOT-FOR-US: IDEMIA
 CVE-2017-15566 (Insecure SPANK environment variable handling exists in SchedMD Slurm ...)
 	{DSA-4023-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92d4961b30c47162a25ca01de5d73b5a88c77fa4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92d4961b30c47162a25ca01de5d73b5a88c77fa4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181001/eb05c931/attachment.html>

More information about the debian-security-tracker-commits mailing list