[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 2 09:10:40 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20a1b7b9 by security tracker role at 2018-10-02T08:10:31Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2018-17882
+ RESERVED
+CVE-2018-17881
+ RESERVED
+CVE-2018-17880
+ RESERVED
+CVE-2018-17879
+ RESERVED
+CVE-2018-17878
+ RESERVED
+CVE-2018-17877
+ RESERVED
+CVE-2018-17876
+ RESERVED
+CVE-2018-17875
+ RESERVED
+CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
+ TODO: check
+CVE-2018-17873
+ RESERVED
+CVE-2018-17872
+ RESERVED
+CVE-2018-17871
+ RESERVED
+CVE-2018-17870 (An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" ...)
+ TODO: check
+CVE-2018-17869 (DASAN H660GW devices do not implement any CSRF protection mechanism. ...)
+ TODO: check
+CVE-2018-17868 (DASAN H660GW devices have Stored XSS in the Port Forwarding ...)
+ TODO: check
+CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices allows remote ...)
+ TODO: check
+CVE-2018-17866
+ RESERVED
+CVE-2018-17865
+ RESERVED
+CVE-2018-17864
+ RESERVED
+CVE-2018-17863
+ RESERVED
+CVE-2018-17862
+ RESERVED
+CVE-2018-17861
+ RESERVED
+CVE-2018-17860
+ RESERVED
+CVE-2018-17859
+ RESERVED
+CVE-2018-17858
+ RESERVED
+CVE-2018-17857
+ RESERVED
+CVE-2018-17856
+ RESERVED
+CVE-2018-17855
+ RESERVED
+CVE-2015-9270 (XSS exists in the the-holiday-calendar plugin before 1.11.3 for ...)
+ TODO: check
+CVE-2015-9269 (The export/content.php exportarticle feature in the ...)
+ TODO: check
CVE-2018-17854 (SIMDComp before 0.1.1 allows remote attackers to cause a denial of ...)
NOT-FOR-US: SIMDComp
CVE-2018-17853
@@ -647,6 +707,7 @@ CVE-2018-17541
RESERVED
CVE-2018-17540 [denial-of-service vulnerability in the gmp plugin]
RESERVED
+ {DSA-4309-1}
- strongswan 5.7.1-1
NOTE: https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
CVE-2018-17539
@@ -1956,7 +2017,7 @@ CVE-2018-16967
RESERVED
CVE-2018-16966
RESERVED
-CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML Injection ...)
+CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there ...)
NOT-FOR-US: Zoho
CVE-2018-16964
RESERVED
@@ -3188,9 +3249,9 @@ CVE-2018-16439
CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ...)
- hdf5 <undetermined>
NOTE: H5L_extern_query at H5Lexternal.c:498-10___out-of-bounds-read
-CVE-2018-16437 (Gxlcms 2.0 has Directory Traversal exploitable by an administrator. ...)
+CVE-2018-16437 (Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable ...)
NOT-FOR-US: Gxlcms
-CVE-2018-16436 (Gxlcms 2.0 has SQL Injection exploitable by an administrator. ...)
+CVE-2018-16436 (Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an ...)
NOT-FOR-US: Gxlcms
CVE-2018-16435 (Little CMS (aka Little Color Management System) 2.9 has an integer ...)
{DSA-4289-1 DSA-4284-1 DLA-1496-1}
@@ -5074,12 +5135,12 @@ CVE-2018-15704
RESERVED
CVE-2018-15703
RESERVED
-CVE-2018-15702
- RESERVED
-CVE-2018-15701
- RESERVED
-CVE-2018-15700
- RESERVED
+CVE-2018-15702 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is ...)
+ TODO: check
+CVE-2018-15701 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is ...)
+ TODO: check
+CVE-2018-15700 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is ...)
+ TODO: check
CVE-2018-15699 (ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a ...)
NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15698 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote ...)
@@ -36707,14 +36768,14 @@ CVE-2018-4003
RESERVED
CVE-2018-4002
RESERVED
-CVE-2018-4001
- RESERVED
-CVE-2018-4000
- RESERVED
-CVE-2018-3999
- RESERVED
-CVE-2018-3998
- RESERVED
+CVE-2018-4001 (An exploitable uninitialized pointer vulnerability exists in the ...)
+ TODO: check
+CVE-2018-4000 (An exploitable double-free vulnerability exists in the Office Open XML ...)
+ TODO: check
+CVE-2018-3999 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+ TODO: check
+CVE-2018-3998 (An exploitable heap-based buffer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2018-3997
RESERVED
CVE-2018-3996
@@ -36741,26 +36802,26 @@ CVE-2018-3986
RESERVED
CVE-2018-3985
RESERVED
-CVE-2018-3984
- RESERVED
+CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within the ...)
+ TODO: check
CVE-2018-3983
RESERVED
-CVE-2018-3982
- RESERVED
-CVE-2018-3981
- RESERVED
+CVE-2018-3982 (An exploitable arbitrary write vulnerability exists in the Word ...)
+ TODO: check
+CVE-2018-3981 (An exploitable uninitialized pointer vulnerability exists in the Word ...)
+ TODO: check
CVE-2018-3980
RESERVED
CVE-2018-3979
RESERVED
-CVE-2018-3978
- RESERVED
+CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word ...)
+ TODO: check
CVE-2018-3977
RESERVED
CVE-2018-3976
RESERVED
-CVE-2018-3975
- RESERVED
+CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in the ...)
+ TODO: check
CVE-2018-3974
RESERVED
CVE-2018-3973
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/20a1b7b9732b48aa8e37259a40f8244eaf8eed0c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/20a1b7b9732b48aa8e37259a40f8244eaf8eed0c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181002/f38c8592/attachment.html>
More information about the debian-security-tracker-commits
mailing list