[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 2 21:10:41 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7529bba3 by security tracker role at 2018-10-02T20:10:33Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,16 @@
+CVE-2018-17887
+ RESERVED
+CVE-2018-17886 (An issue was discovered in JEESNS 1.3. The XSS filter in ...)
+ TODO: check
+CVE-2018-17885
+ RESERVED
+CVE-2018-17883
+ RESERVED
CVE-2018-XXXX [arm64/kvm: Privilege escalation by taking control of the KVM hypervisor]
- linux <unfixed>
NOTE: https://git.kernel.org/linus/d26c25a9d19b5976b319af528886f89cf455692d
NOTE: https://git.kernel.org/linus/2a3f93459d689d990b3ecfbe782fec89b97d3279
-CVE-2018-17884
+CVE-2018-17884 (XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook ...)
NOT-FOR-US: WordPress plugin gwolle-gb
CVE-2018-17882
RESERVED
@@ -210,10 +218,10 @@ CVE-2018-17789
RESERVED
CVE-2018-17788
RESERVED
-CVE-2018-17787
- RESERVED
-CVE-2018-17786
- RESERVED
+CVE-2018-17787 (On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 ...)
+ TODO: check
+CVE-2018-17786 (On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, ...)
+ TODO: check
CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal exists via ...)
NOT-FOR-US: blynk-server in Blynk
CVE-2018-17784
@@ -595,26 +603,26 @@ CVE-2018-17598
RESERVED
CVE-2018-17597
RESERVED
-CVE-2018-17596
- RESERVED
-CVE-2018-17595
- RESERVED
-CVE-2018-17594
- RESERVED
-CVE-2018-17593
- RESERVED
+CVE-2018-17596 (In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was ...)
+ TODO: check
+CVE-2018-17595 (In the 5.4.0 version of the Fork CMS software, HTML Injection and ...)
+ TODO: check
+CVE-2018-17594 (AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the ...)
+ TODO: check
+CVE-2018-17593 (AirTies Air 5453 devices with software 1.0.0.18 have XSS via the ...)
+ TODO: check
CVE-2018-17592
RESERVED
-CVE-2018-17591
- RESERVED
-CVE-2018-17590
- RESERVED
-CVE-2018-17589
- RESERVED
-CVE-2018-17588
- RESERVED
-CVE-2018-17587
- RESERVED
+CVE-2018-17591 (AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the ...)
+ TODO: check
+CVE-2018-17590 (AirTies Air 5442 devices with software 1.0.0.18 have XSS via the ...)
+ TODO: check
+CVE-2018-17589 (AirTies Air 5650 devices with software 1.0.0.18 have XSS via the ...)
+ TODO: check
+CVE-2018-17588 (AirTies Air 5021 devices with software 1.0.0.18 have XSS via the ...)
+ TODO: check
+CVE-2018-17587 (AirTies Air 5750 devices with software 1.0.0.18 have XSS via the ...)
+ TODO: check
CVE-2018-17586
RESERVED
CVE-2018-17585
@@ -713,7 +721,7 @@ CVE-2018-17541
RESERVED
CVE-2018-17540 [denial-of-service vulnerability in the gmp plugin]
RESERVED
- {DSA-4309-1}
+ {DSA-4309-1 DLA-1528-1}
- strongswan 5.7.1-1
NOTE: https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
CVE-2018-17539
@@ -1979,8 +1987,7 @@ CVE-2018-16986
RESERVED
CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was ...)
NOT-FOR-US: Lizard
-CVE-2018-16984 [Password hash disclosure to "view only" admin users]
- RESERVED
+CVE-2018-16984 (An issue was discovered in Django 2.1 before 2.1.2, in which ...)
[experimental] - python-django 2:2.1.2-1
- python-django <not-affected> (bug #910016; vulnerable code not present)
NOTE: https://www.djangoproject.com/weblog/2018/oct/01/security-release/
@@ -5020,10 +5027,10 @@ CVE-2018-15755
RESERVED
CVE-2018-15754
RESERVED
-CVE-2018-15753
- RESERVED
-CVE-2018-15752
- RESERVED
+CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...)
+ TODO: check
+CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...)
+ TODO: check
CVE-2018-15751
RESERVED
CVE-2018-15750
@@ -5548,8 +5555,8 @@ CVE-2018-15565 (An issue was discovered in daveismyname simple-cms through 2014-
NOT-FOR-US: simple-cms
CVE-2018-15564 (An issue was discovered in daveismyname simple-cms through 2014-03-11. ...)
NOT-FOR-US: simple-cms
-CVE-2018-15563
- RESERVED
+CVE-2018-15563 (_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] ...)
+ TODO: check
CVE-2018-15562 (CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or ...)
NOT-FOR-US: CMS ISWEB
CVE-2018-15561
@@ -13080,8 +13087,8 @@ CVE-2018-12475
RESERVED
CVE-2018-12474
RESERVED
-CVE-2018-12473
- RESERVED
+CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of ...)
+ TODO: check
CVE-2018-12472
RESERVED
CVE-2018-12471
@@ -15052,16 +15059,16 @@ CVE-2018-11754
RESERVED
CVE-2018-11753
RESERVED
-CVE-2018-11752
- RESERVED
+CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH session ...)
+ TODO: check
CVE-2018-11751
RESERVED
-CVE-2018-11750
- RESERVED
+CVE-2018-11750 (Previous releases of the Puppet cisco_ios module did not validate a ...)
+ TODO: check
CVE-2018-11749 (When users are configured to use startTLS with RBAC LDAP, at login ...)
- puppet <not-affected> (RBAC is specific to Puppet Enterprise)
-CVE-2018-11748
- RESERVED
+CVE-2018-11748 (Previous releases of the Puppet device_manager module creates ...)
+ TODO: check
CVE-2018-11747
RESERVED
CVE-2018-11746 (In Puppet Discovery prior to 1.2.0, when running Discovery against ...)
@@ -16939,8 +16946,8 @@ CVE-2018-11074 (RSA Authentication Manager versions prior to 8.3 P3 are affected
TODO: check
CVE-2018-11073 (RSA Authentication Manager versions prior to 8.3 P3 contain a stored ...)
TODO: check
-CVE-2018-11072
- RESERVED
+CVE-2018-11072 (Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection ...)
+ TODO: check
CVE-2018-11071 (Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, ...)
NOT-FOR-US: EMC Isilon OneFS
CVE-2018-11070 (RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J ...)
@@ -16998,7 +17005,7 @@ CVE-2018-11045 (Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0
CVE-2018-11044 (Pivotal Apps Manager included in Pivotal Application Service, versions ...)
NOT-FOR-US: Pivotal
CVE-2018-11043
- RESERVED
+ REJECTED
CVE-2018-11042
REJECTED
CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 ...)
@@ -20960,58 +20967,58 @@ CVE-2018-9516
- linux 4.17.6-1
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=717adfdaf14704fd3ec7fa2c04520c0723247eac
NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
-CVE-2018-9515
- RESERVED
-CVE-2018-9514
- RESERVED
-CVE-2018-9513
- RESERVED
+CVE-2018-9515 (In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible ...)
+ TODO: check
+CVE-2018-9514 (In sdcardfs_open of file.c, there is a possible Use After Free due to ...)
+ TODO: check
+CVE-2018-9513 (In copy_process of fork.c, there is possible memory corruption due to ...)
+ TODO: check
CVE-2018-9512
RESERVED
-CVE-2018-9511
- RESERVED
-CVE-2018-9510
- RESERVED
-CVE-2018-9509
- RESERVED
-CVE-2018-9508
- RESERVED
-CVE-2018-9507
- RESERVED
-CVE-2018-9506
- RESERVED
-CVE-2018-9505
- RESERVED
-CVE-2018-9504
- RESERVED
-CVE-2018-9503
- RESERVED
-CVE-2018-9502
- RESERVED
-CVE-2018-9501
- RESERVED
+CVE-2018-9511 (In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible ...)
+ TODO: check
+CVE-2018-9510 (In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds ...)
+ TODO: check
+CVE-2018-9509 (In smp_proc_master_id of smp_act.cc, there is a possible out of bounds ...)
+ TODO: check
+CVE-2018-9508 (In smp_process_keypress_notification of smp_act.cc, there is a ...)
+ TODO: check
+CVE-2018-9507 (In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of ...)
+ TODO: check
+CVE-2018-9506 (In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound ...)
+ TODO: check
+CVE-2018-9505 (In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds ...)
+ TODO: check
+CVE-2018-9504 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of ...)
+ TODO: check
+CVE-2018-9503 (In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out ...)
+ TODO: check
+CVE-2018-9502 (In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible ...)
+ TODO: check
+CVE-2018-9501 (In the SetupWizard, there is a possible Factory Reset Protection ...)
+ TODO: check
CVE-2018-9500
RESERVED
-CVE-2018-9499
- RESERVED
-CVE-2018-9498
- RESERVED
-CVE-2018-9497
- RESERVED
-CVE-2018-9496
- RESERVED
+CVE-2018-9499 (In readVector of iCrypto.cpp, there is a possible invalid read due to ...)
+ TODO: check
+CVE-2018-9498 (In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds ...)
+ TODO: check
+CVE-2018-9497 (In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s ...)
+ TODO: check
+CVE-2018-9496 (In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a ...)
+ TODO: check
CVE-2018-9495
RESERVED
CVE-2018-9494
RESERVED
-CVE-2018-9493
- RESERVED
-CVE-2018-9492
- RESERVED
-CVE-2018-9491
- RESERVED
-CVE-2018-9490
- RESERVED
+CVE-2018-9493 (In the content provider of the download manager, there is a possible ...)
+ TODO: check
+CVE-2018-9492 (In checkGrantUriPermissionLocked of ActivityManagerService.java, there ...)
+ TODO: check
+CVE-2018-9491 (In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible ...)
+ TODO: check
+CVE-2018-9490 (In CollectValuesOrEntriesImpl of elements.cc, there is possible remote ...)
+ TODO: check
CVE-2018-9489
RESERVED
CVE-2018-9488
@@ -21050,15 +21057,15 @@ CVE-2018-9478
CVE-2018-9477
RESERVED
NOT-FOR-US: Android
-CVE-2018-9476
- RESERVED
+CVE-2018-9476 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible ...)
+ TODO: check
CVE-2018-9475
RESERVED
NOT-FOR-US: Android
CVE-2018-9474
RESERVED
-CVE-2018-9473
- RESERVED
+CVE-2018-9473 (In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a ...)
+ TODO: check
CVE-2018-9472
RESERVED
TODO: potentially libxml?
@@ -21115,8 +21122,8 @@ CVE-2018-9454
CVE-2018-9453
RESERVED
NOT-FOR-US: Android
-CVE-2018-9452
- RESERVED
+CVE-2018-9452 (In getOffsetForHorizontal of Layout.java, there is a possible ...)
+ TODO: check
CVE-2018-9451
RESERVED
NOT-FOR-US: Android
@@ -22175,8 +22182,8 @@ CVE-2018-9071
RESERVED
CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier than ...)
NOT-FOR-US: Lenovo
-CVE-2018-9069
- RESERVED
+CVE-2018-9069 (In some Lenovo IdeaPad consumer notebook models, a race condition in ...)
+ TODO: check
CVE-2018-9068 (The IMM2 First Failure Data Capture function collects management ...)
NOT-FOR-US: IBM
CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 had ...)
@@ -30381,10 +30388,10 @@ CVE-2018-6264
RESERVED
CVE-2018-6263
RESERVED
-CVE-2018-6262
- RESERVED
-CVE-2018-6261
- RESERVED
+CVE-2018-6262 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when ...)
+ TODO: check
+CVE-2018-6261 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when ...)
+ TODO: check
CVE-2018-6260
RESERVED
CVE-2018-6259 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains a ...)
@@ -38689,7 +38696,8 @@ CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-rea
- graphicsmagick 1.3.27-2 (bug #884905)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/530/
-CVE-2017-17781 (In Horde Groupware through 5.2.22, SQL Injection exists via the group ...)
+CVE-2017-17781
+ REJECTED
- php-horde <undetermined>
- php-horde-turba <undetermined>
NOTE: http://code610.blogspot.com/2017/12/modus-operandi-horde-52x.html
@@ -43164,10 +43172,10 @@ CVE-2018-1694
RESERVED
CVE-2018-1693
RESERVED
-CVE-2018-1692
- RESERVED
-CVE-2018-1691
- RESERVED
+CVE-2018-1692 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
+CVE-2018-1691 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
CVE-2018-1690 (IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site ...)
NOT-FOR-US: IBM Rhapsody Model Manager
CVE-2018-1689
@@ -43338,16 +43346,16 @@ CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6
NOT-FOR-US: IBM
CVE-2018-1606
RESERVED
-CVE-2018-1605
- RESERVED
+CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
CVE-2018-1604
RESERVED
CVE-2018-1603
RESERVED
CVE-2018-1602
RESERVED
-CVE-2018-1601
- RESERVED
+CVE-2018-1601 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or ...)
NOT-FOR-US: IBM
CVE-2018-1599 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker ...)
@@ -43362,8 +43370,8 @@ CVE-2018-1595 (IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 cou
NOT-FOR-US: IBM
CVE-2018-1594
RESERVED
-CVE-2018-1593
- RESERVED
+CVE-2018-1593 (IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized ...)
+ TODO: check
CVE-2018-1592
RESERVED
CVE-2018-1591
@@ -43432,10 +43440,10 @@ CVE-2018-1560 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6
NOT-FOR-US: IBM
CVE-2018-1559
RESERVED
-CVE-2018-1558
- RESERVED
-CVE-2018-1557
- RESERVED
+CVE-2018-1558 (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and ...)
+ TODO: check
+CVE-2018-1557 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
CVE-2018-1556 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to ...)
NOT-FOR-US: IBM FileNet Content Manager
CVE-2018-1555 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to ...)
@@ -43504,8 +43512,8 @@ CVE-2018-1524 (IBM Maximo Asset Management 7.6 through 7.6.3 installs with a def
NOT-FOR-US: IBM
CVE-2018-1523 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 ...)
NOT-FOR-US: IBM
-CVE-2018-1522
- RESERVED
+CVE-2018-1522 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
CVE-2018-1521 (IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are ...)
NOT-FOR-US: IBM
CVE-2018-1520
@@ -43530,8 +43538,8 @@ CVE-2018-1511
RESERVED
CVE-2018-1510
RESERVED
-CVE-2018-1509
- RESERVED
+CVE-2018-1509 (IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly ...)
+ TODO: check
CVE-2018-1508
RESERVED
CVE-2018-1507 (IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site ...)
@@ -43552,8 +43560,8 @@ CVE-2018-1500
RESERVED
CVE-2018-1499
RESERVED
-CVE-2018-1498
- RESERVED
+CVE-2018-1498 (IBM Security Guardium EcoSystem 10.5 stores user credentials in plain ...)
+ TODO: check
CVE-2018-1497
RESERVED
CVE-2018-1496 (IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is ...)
@@ -43668,10 +43676,10 @@ CVE-2018-1442 (IBM Application Performance Management - Response Time Monitoring
NOT-FOR-US: IBM
CVE-2018-1441 (IBM Application Performance Management - Response Time Monitoring ...)
NOT-FOR-US: IBM
-CVE-2018-1440
- RESERVED
-CVE-2018-1439
- RESERVED
+CVE-2018-1440 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
+CVE-2018-1439 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
CVE-2018-1438 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
NOT-FOR-US: IBM
CVE-2018-1437 (IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary ...)
@@ -43738,12 +43746,12 @@ CVE-2018-1407 (IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5
NOT-FOR-US: IBM
CVE-2018-1406
RESERVED
-CVE-2018-1405
- RESERVED
-CVE-2018-1404
- RESERVED
-CVE-2018-1403
- RESERVED
+CVE-2018-1405 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
+CVE-2018-1404 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
+CVE-2018-1403 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
CVE-2018-1402
RESERVED
CVE-2018-1401 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site ...)
@@ -43758,8 +43766,8 @@ CVE-2018-1397
RESERVED
CVE-2018-1396 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 ...)
NOT-FOR-US: IBM
-CVE-2018-1395
- RESERVED
+CVE-2018-1395 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
CVE-2018-1394 (Multiple IBM Rational products are vulnerable to cross-site scripting. ...)
NOT-FOR-US: IBM
CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
@@ -95442,8 +95450,8 @@ CVE-2017-1651 (IBM Rational Quality Manager and IBM Rational Collaborative Lifec
NOT-FOR-US: IBM
CVE-2017-1650 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
-CVE-2017-1649
- RESERVED
+CVE-2017-1649 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+ TODO: check
CVE-2017-1648
RESERVED
CVE-2017-1647
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7529bba394d9c2ca0d017d537e25e1ac0230db97
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7529bba394d9c2ca0d017d537e25e1ac0230db97
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181002/c14de24d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list