[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 17 21:10:54 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e314cb79 by security tracker role at 2018-10-17T20:10:45Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,16 @@
-CVE-2018-18445 [BPF verifier bug leads to out-of-bounds access]
+CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds ...)
+ TODO: check
+CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in ...)
+ TODO: check
+CVE-2018-18442
+ RESERVED
+CVE-2018-18441
+ RESERVED
+CVE-2018-18440
+ RESERVED
+CVE-2018-18439
+ RESERVED
+CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -146,10 +158,10 @@ CVE-2018-18375 (goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows .
NOT-FOR-US: Orange AirBox
CVE-2018-18374 (XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid ...)
NOT-FOR-US: MetInfo
-CVE-2018-18373
- RESERVED
-CVE-2018-18372
- RESERVED
+CVE-2018-18373 (In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for ...)
+ TODO: check
+CVE-2018-18372 (A Stored XSS vulnerability has been discovered in KAASoft Library CMS ...)
+ TODO: check
CVE-2018-18371
RESERVED
CVE-2018-18370
@@ -381,8 +393,8 @@ CVE-2018-18264
RESERVED
CVE-2018-18263
RESERVED
-CVE-2018-18262
- RESERVED
+CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. ...)
+ TODO: check
CVE-2018-18261
RESERVED
CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. ...)
@@ -1254,8 +1266,8 @@ CVE-2018-17966 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDB
CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage ...)
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1052
-CVE-2018-17964
- RESERVED
+CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via an Add Tags action. ...)
+ TODO: check
CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes ...)
- qemu <unfixed>
- qemu-kvm <removed>
@@ -5341,8 +5353,8 @@ CVE-2018-16234 (MorningStar WhatWeb 0.4.9 has XSS via JSON report files. ...)
NOT-FOR-US: MorningStar WhatWeb
CVE-2018-16233 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. ...)
NOT-FOR-US: MiniCMS
-CVE-2018-16232
- RESERVED
+CVE-2018-16232 (An authenticated command injection vulnerability exists in IPFire ...)
+ TODO: check
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows ...)
NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230
@@ -5972,22 +5984,22 @@ CVE-2018-15978
RESERVED
CVE-2018-15977
RESERVED
-CVE-2018-15976
- RESERVED
+CVE-2018-15976 (Adobe Technical Communications Suite versions 1.0.5.1 and below have ...)
+ TODO: check
CVE-2018-15975
RESERVED
-CVE-2018-15974
- RESERVED
-CVE-2018-15973
- RESERVED
-CVE-2018-15972
- RESERVED
-CVE-2018-15971
- RESERVED
-CVE-2018-15970
- RESERVED
-CVE-2018-15969
- RESERVED
+CVE-2018-15974 (Adobe Framemaker versions 1.0.5.1 and below have an insecure library ...)
+ TODO: check
+CVE-2018-15973 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a ...)
+ TODO: check
+CVE-2018-15972 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a ...)
+ TODO: check
+CVE-2018-15971 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a ...)
+ TODO: check
+CVE-2018-15970 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a ...)
+ TODO: check
+CVE-2018-15969 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a ...)
+ TODO: check
CVE-2018-15968 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, ...)
NOT-FOR-US: Adobe
CVE-2018-15967 (Adobe Flash Player versions 30.0.0.154 and earlier have a privilege ...)
@@ -6870,8 +6882,8 @@ CVE-2018-15618
RESERVED
CVE-2018-15617
RESERVED
-CVE-2018-15616
- RESERVED
+CVE-2018-15616 (A vulnerability in the Web UI component of Avaya Aura System Platform ...)
+ TODO: check
CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call Management ...)
NOT-FOR-US: Avaya
CVE-2018-15614
@@ -7253,8 +7265,8 @@ CVE-2018-15494 (In Dojo Toolkit before 1.14, there is unescaped string injection
{DLA-1492-1}
- dojo 1.14.1+dfsg1-1 (bug #906540)
NOTE: https://github.com/dojo/dojox/pull/283
-CVE-2018-15493
- RESERVED
+CVE-2018-15493 (vBulletin 5.4.3 has an Open Redirect. ...)
+ TODO: check
CVE-2018-15492 (A vulnerability in the lservnt.exe component of Sentinel License ...)
NOT-FOR-US: Sentinel License Manager
CVE-2018-15491 (A vulnerability in the permission and encryption implementation of ...)
@@ -8457,11 +8469,11 @@ CVE-2018-14919
CVE-2018-14918
RESERVED
CVE-2018-14917
- RESERVED
+ REJECTED
CVE-2018-14916
RESERVED
CVE-2018-14915
- RESERVED
+ REJECTED
CVE-2018-1000223 (soundtouch version up to and including 2.0.0 contains a Buffer ...)
- soundtouch <unfixed> (bug #905491)
[stretch] - soundtouch <no-dsa> (Minor issue)
@@ -13643,28 +13655,28 @@ CVE-2018-12825 (Adobe Flash Player 30.0.0.134 and earlier have a security bypass
NOT-FOR-US: Adobe
CVE-2018-12824 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read ...)
NOT-FOR-US: Adobe
-CVE-2018-12823
- RESERVED
-CVE-2018-12822
- RESERVED
-CVE-2018-12821
- RESERVED
-CVE-2018-12820
- RESERVED
-CVE-2018-12819
- RESERVED
-CVE-2018-12818
- RESERVED
+CVE-2018-12823 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow ...)
+ TODO: check
+CVE-2018-12822 (Adobe Digital Editions versions 4.5.8 and below have an use after free ...)
+ TODO: check
+CVE-2018-12821 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds ...)
+ TODO: check
+CVE-2018-12820 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds ...)
+ TODO: check
+CVE-2018-12819 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds ...)
+ TODO: check
+CVE-2018-12818 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds ...)
+ TODO: check
CVE-2018-12817
RESERVED
-CVE-2018-12816
- RESERVED
+CVE-2018-12816 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds ...)
+ TODO: check
CVE-2018-12815 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
NOT-FOR-US: Adobe
-CVE-2018-12814
- RESERVED
-CVE-2018-12813
- RESERVED
+CVE-2018-12814 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow ...)
+ TODO: check
+CVE-2018-12813 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow ...)
+ TODO: check
CVE-2018-12812 (Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and ...)
NOT-FOR-US: Adobe
CVE-2018-12811 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before ...)
@@ -18909,8 +18921,8 @@ CVE-2018-10935 (A flaw was found in the 389 Directory Server that allows users t
CVE-2018-10934
RESERVED
- wildfly <itp> (bug #752018)
-CVE-2018-10933
- RESERVED
+CVE-2018-10933 (A vulnerability was found in libssh's server-side state machine before ...)
+ {DSA-4322-1}
- libssh 0.8.4-1 (bug #911149)
NOTE: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
NOTE: https://bugs.libssh.org/T101
@@ -19382,12 +19394,12 @@ CVE-2018-10826
RESERVED
CVE-2018-10825 (Mimo Baby 2 devices do not use authentication or encryption for the ...)
NOT-FOR-US: Mimo Baby 2
-CVE-2018-10824
- RESERVED
-CVE-2018-10823
- RESERVED
-CVE-2018-10822
- RESERVED
+CVE-2018-10824 (An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L ...)
+ TODO: check
+CVE-2018-10823 (An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 ...)
+ TODO: check
+CVE-2018-10822 (Directory traversal vulnerability in the web interface on D-Link ...)
+ TODO: check
CVE-2018-10821 (Cross-site scripting (XSS) vulnerability in backend/pages/modify.php ...)
NOT-FOR-US: BlackCatCMS
CVE-2018-10820
@@ -26559,8 +26571,8 @@ CVE-2018-7991 (Huawei smartphones Mate10 with versions earlier before ALP-AL00B
NOT-FOR-US: Huawei
CVE-2018-7990 (Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) ...)
NOT-FOR-US: Huawei
-CVE-2018-7989
- RESERVED
+CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before BLA-AL00B ...)
+ TODO: check
CVE-2018-7988
RESERVED
CVE-2018-7987
@@ -26689,8 +26701,8 @@ CVE-2018-7926
RESERVED
CVE-2018-7925
RESERVED
-CVE-2018-7924
- RESERVED
+CVE-2018-7924 (Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have ...)
+ TODO: check
CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 ...)
NOT-FOR-US: Huawei
CVE-2018-7922 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 ...)
@@ -29407,17 +29419,18 @@ CVE-2018-7113
RESERVED
CVE-2018-7112
RESERVED
-CVE-2018-7111
- RESERVED
-CVE-2018-7110
- RESERVED
+CVE-2018-7111 (A remote unauthorized access vulnerability was identified in HPE UIoT ...)
+ TODO: check
+CVE-2018-7110 (A remote unauthorized disclosure of information vulnerability was ...)
+ TODO: check
CVE-2018-7109 (HPE has addressed a remote arbitrary file modification vulnerability ...)
NOT-FOR-US: HPE
CVE-2018-7108 (HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to ...)
NOT-FOR-US: HPE
CVE-2018-7107 (A potential security vulnerability has been identified in HPE Device ...)
NOT-FOR-US: HPE
-CVE-2018-7106 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for ...)
+CVE-2018-7106
+ REJECTED
NOT-FOR-US: HPE
CVE-2018-7105 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for ...)
NOT-FOR-US: HPE
@@ -29477,8 +29490,8 @@ CVE-2018-7078 (A remote code execution was identified in HPE Integrated Lights-O
NOT-FOR-US: HPE
CVE-2018-7077 (A security vulnerability in HPE XP P9000 Command View Advanced Edition ...)
NOT-FOR-US: HPE
-CVE-2018-7076
- RESERVED
+CVE-2018-7076 (A remote code execution vulnerability was identified in HPE ...)
+ TODO: check
CVE-2018-7075 (A remote cross-site scripting (XSS) vulnerability was identified in ...)
NOT-FOR-US: HPE
CVE-2018-7074 (A remote code execution vulnerability was identified in HPE ...)
@@ -47910,8 +47923,8 @@ CVE-2017-17178
RESERVED
CVE-2017-17177
RESERVED
-CVE-2017-17176
- RESERVED
+CVE-2017-17176 (The hardware security module of Mate 9 and Mate 9 Pro Huawei smart ...)
+ TODO: check
CVE-2017-17175 (Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones ...)
NOT-FOR-US: Huawei
CVE-2017-17174 (Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; ...)
@@ -49795,8 +49808,8 @@ CVE-2018-0418 (A vulnerability in the Local Packet Transport Services (LPTS) fea
NOT-FOR-US: Cisco
CVE-2018-0417
RESERVED
-CVE-2018-0416
- RESERVED
+CVE-2018-0416 (A vulnerability in the web-based interface of Cisco Wireless LAN ...)
+ TODO: check
CVE-2018-0415 (A vulnerability in the implementation of Extensible Authentication ...)
NOT-FOR-US: Cisco
CVE-2018-0414 (A vulnerability in the web-based UI of Cisco Secure Access Control ...)
@@ -49851,8 +49864,8 @@ CVE-2018-0390 (A vulnerability in the web framework of Cisco Webex could allow a
NOT-FOR-US: Cisco
CVE-2018-0389
RESERVED
-CVE-2018-0388
- RESERVED
+CVE-2018-0388 (A vulnerability in the web-based interface of Cisco Wireless LAN ...)
+ TODO: check
CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS) could ...)
NOT-FOR-US: Cisco
CVE-2018-0386 (A vulnerability in Cisco Unified Communications Domain Manager ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e314cb79ac39f15ed2b87327570f2a07cf24784e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e314cb79ac39f15ed2b87327570f2a07cf24784e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181017/484c3d3b/attachment.html>
More information about the debian-security-tracker-commits
mailing list