[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 10 09:11:08 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
56f1cc3f by security tracker role at 2018-10-10T08:10:55Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2018-18203
+ RESERVED
+CVE-2018-18202 (The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 ...)
+ TODO: check
+CVE-2018-18201 (qibosoft V7.0 allows CSRF via ...)
+ TODO: check
+CVE-2018-18200 (There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. ...)
+ TODO: check
+CVE-2018-18199 (Mediamanager in REDAXO before 5.6.4 has XSS. ...)
+ TODO: check
+CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index.php in ...)
+ TODO: check
+CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] ...)
+ TODO: check
+CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
+ TODO: check
+CVE-2018-18195 (An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero ...)
+ TODO: check
+CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
+ TODO: check
+CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[] ...)
+ TODO: check
+CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a ...)
+ TODO: check
+CVE-2018-18189
+ RESERVED
CVE-2018-18188
RESERVED
CVE-2018-18187
@@ -198,12 +228,12 @@ CVE-2018-18090
RESERVED
CVE-2018-18089
RESERVED
-CVE-2018-18088
- RESERVED
-CVE-2018-18087
- RESERVED
-CVE-2018-18086
- RESERVED
+CVE-2018-18088 (OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the ...)
+ TODO: check
+CVE-2018-18087 (The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user ...)
+ TODO: check
+CVE-2018-18086 (EmpireCMS v7.5 has an arbitrary file upload vulnerability in the ...)
+ TODO: check
CVE-2018-18085
RESERVED
CVE-2018-18084 (An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ...)
@@ -250,6 +280,7 @@ CVE-2018-18066 (snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 ha
NOTE: issue, but might still not be just a duplicate but an independent issue fixed with
NOTE: same commit.
CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has ...)
+ {DLA-1540-1}
- net-snmp <unfixed> (bug #910638)
NOTE: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
NOTE: https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
@@ -516,13 +547,11 @@ CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGI
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1052
CVE-2018-17964
RESERVED
-CVE-2018-17963 [net: ignore packets with large size]
- RESERVED
+CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes ...)
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
-CVE-2018-17962 [pcnet: integer overflow leads to buffer overflow]
- RESERVED
+CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because ...)
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
@@ -537,8 +566,7 @@ CVE-2018-17960
RESERVED
CVE-2018-17959
RESERVED
-CVE-2018-17958 [rtl8139: integer overflow leads to buffer overflow]
- RESERVED
+CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c ...)
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
@@ -738,8 +766,8 @@ CVE-2018-17868 (DASAN H660GW devices have Stored XSS in the Port Forwarding ...)
NOT-FOR-US: DASAN H660GW devices
CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices allows remote ...)
NOT-FOR-US: DASAN H660GW device
-CVE-2018-17866
- RESERVED
+CVE-2018-17866 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2018-17865
RESERVED
CVE-2018-17864
@@ -752,16 +780,16 @@ CVE-2018-17861
RESERVED
CVE-2018-17860
RESERVED
-CVE-2018-17859
- RESERVED
-CVE-2018-17858
- RESERVED
-CVE-2018-17857
- RESERVED
-CVE-2018-17856
- RESERVED
-CVE-2018-17855
- RESERVED
+CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...)
+ TODO: check
+CVE-2018-17858 (An issue was discovered in Joomla! before 3.8.13. com_installer actions ...)
+ TODO: check
+CVE-2018-17857 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks on ...)
+ TODO: check
+CVE-2018-17856 (An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate ...)
+ TODO: check
+CVE-2018-17855 (An issue was discovered in Joomla! before 3.8.13. If an attacker gets ...)
+ TODO: check
CVE-2015-9271 (The VideoWhisper videowhisper-video-conference-integration plugin ...)
NOT-FOR-US: WordPress plugin videowhisper-video-conference-integration
CVE-2015-9270 (XSS exists in the the-holiday-calendar plugin before 1.11.3 for ...)
@@ -15738,8 +15766,8 @@ CVE-2018-11797 (In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a caref
[stretch] - libpdfbox-java <no-dsa> (Minor issue)
- libpdfbox2-java 2.0.12-1 (bug #910391)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/05/4
-CVE-2018-11796
- RESERVED
+CVE-2018-11796 (In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion ...)
+ TODO: check
CVE-2018-11795
RESERVED
CVE-2018-11794
@@ -19098,16 +19126,16 @@ CVE-2018-10616 (ABB Panel Builder 800 all versions has an improper input validat
NOT-FOR-US: ABB Panel Builder 800
CVE-2018-10615 (Directory traversal may lead to files being exfiltrated or deleted on ...)
NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
-CVE-2018-10614
- RESERVED
+CVE-2018-10614 (An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be ...)
+ TODO: check
CVE-2018-10613 (Multiple variants of XML External Entity (XXE) attacks may be used to ...)
NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10612
RESERVED
CVE-2018-10611 (Java remote method invocation (RMI) input port in GE MDS PulseNET and ...)
NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
-CVE-2018-10610
- RESERVED
+CVE-2018-10610 (An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and ...)
+ TODO: check
CVE-2018-10609 (Martem TELEM GW6 and GWM devices with firmware ...)
NOT-FOR-US: Martem TELEM GW6 and GWM devices
CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited ...)
@@ -26753,12 +26781,12 @@ CVE-2018-7635 (Whale Browser before 1.0.41.8 displays no URL information but onl
NOT-FOR-US: Whale Browser
CVE-2018-7634 (An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack ...)
NOT-FOR-US: Enalean Tuleap
-CVE-2018-7633
- RESERVED
-CVE-2018-7632
- RESERVED
-CVE-2018-7631
- RESERVED
+CVE-2018-7633 (Code injection in the /ui/login form Language parameter in Epicentro ...)
+ TODO: check
+CVE-2018-7632 (Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to ...)
+ TODO: check
+CVE-2018-7631 (Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to ...)
+ TODO: check
CVE-2018-7630
RESERVED
CVE-2018-7629
@@ -28903,8 +28931,8 @@ CVE-2018-6979 (The VMware Workspace ONE Unified Endpoint Management Console (A/W
TODO: check
CVE-2018-6978
RESERVED
-CVE-2018-6977
- RESERVED
+CVE-2018-6977 (VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion ...)
+ TODO: check
CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data ...)
NOT-FOR-US: VMware
CVE-2018-6975 (The AirWatch Agent for iOS prior to 5.8.1 contains a data protection ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/56f1cc3f4561f9e092a3d50fbf2621633bc4b78f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/56f1cc3f4561f9e092a3d50fbf2621633bc4b78f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181010/6c5c9b4f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list