[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Oct 19 21:10:54 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c7e147c1 by security tracker role at 2018-10-19T20:10:44Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2018-18528
+	RESERVED
+CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or ...)
+	TODO: check
+CVE-2018-18526
+	RESERVED
+CVE-2018-18525
+	RESERVED
+CVE-2018-18524
+	RESERVED
+CVE-2018-18523
+	RESERVED
+CVE-2018-18522
+	RESERVED
+CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...)
+	TODO: check
+CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end in ...)
+	TODO: check
+CVE-2018-18519
+	RESERVED
+CVE-2018-18518
+	RESERVED
+CVE-2018-18517
+	RESERVED
+CVE-2018-18516
+	RESERVED
+CVE-2018-18515
+	RESERVED
+CVE-2018-18514
+	RESERVED
+CVE-2018-18513
+	RESERVED
+CVE-2018-18512
+	RESERVED
+CVE-2018-18511
+	RESERVED
+CVE-2018-18510
+	RESERVED
+CVE-2018-18509
+	RESERVED
+CVE-2018-18508
+	RESERVED
+CVE-2018-18507
+	RESERVED
+CVE-2018-18506
+	RESERVED
+CVE-2018-18505
+	RESERVED
+CVE-2018-18504
+	RESERVED
+CVE-2018-18503
+	RESERVED
+CVE-2018-18502
+	RESERVED
+CVE-2018-18501
+	RESERVED
+CVE-2018-18500
+	RESERVED
+CVE-2018-18499
+	RESERVED
+CVE-2018-18498
+	RESERVED
+CVE-2018-18497
+	RESERVED
+CVE-2018-18496
+	RESERVED
+CVE-2018-18495
+	RESERVED
+CVE-2018-18494
+	RESERVED
+CVE-2018-18493
+	RESERVED
+CVE-2018-18492
+	RESERVED
+CVE-2018-18491
+	RESERVED
 CVE-2018-18490
 	RESERVED
 CVE-2018-18489
@@ -236,20 +312,20 @@ CVE-2018-18398
 	RESERVED
 CVE-2018-18397
 	RESERVED
-CVE-2018-18396
-	RESERVED
-CVE-2018-18395
-	RESERVED
-CVE-2018-18394
-	RESERVED
-CVE-2018-18393
-	RESERVED
-CVE-2018-18392
-	RESERVED
-CVE-2018-18391
-	RESERVED
-CVE-2018-18390
-	RESERVED
+CVE-2018-18396 (Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device ...)
+	TODO: check
+CVE-2018-18395 (Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device ...)
+	TODO: check
+CVE-2018-18394 (Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT ...)
+	TODO: check
+CVE-2018-18393 (Password Management Issue in Moxa ThingsPro IIoT Gateway and Device ...)
+	TODO: check
+CVE-2018-18392 (Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT ...)
+	TODO: check
+CVE-2018-18391 (User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device ...)
+	TODO: check
+CVE-2018-18390 (User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management ...)
+	TODO: check
 CVE-2018-18389 (Due to incorrect access control in Neo4j Enterprise Database Server ...)
 	NOT-FOR-US: Neo4J server
 CVE-2018-18388
@@ -3737,7 +3813,7 @@ CVE-2018-16953 (The AjaxView::DisplayResponse() function of the portalpages.dll
 	NOT-FOR-US: Oracle WebCenter Interaction Portal
 CVE-2018-16952 (The Oracle WebCenter Interaction Portal 10.3.3 does not implement ...)
 	NOT-FOR-US: Oracle WebCenter Interaction Portal
-CVE-2017-18348
+CVE-2017-18348 (Splunk Enterprise 6.6.x, when configured to run as root but drop ...)
 	NOT-FOR-US: Splunk
 CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 ...)
 	NOT-FOR-US: STMicroelectronics STM32F0 series devices
@@ -5338,7 +5414,7 @@ CVE-2018-16312
 	RESERVED
 CVE-2018-16311
 	RESERVED
-CVE-2018-16310 (Technicolor TG588V V2 devices allow remote attackers to cause a denial ...)
+CVE-2018-16310 (** DISPUTED ** Technicolor TG588V V2 devices allow remote attackers ...)
 	NOT-FOR-US: Technicolor
 CVE-2018-16309
 	REJECTED
@@ -6285,7 +6361,7 @@ CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are abl
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657
 	NOTE: https://www.kb.cert.org/vuls/id/332928
-CVE-2018-15907 (Technicolor (formerly RCA) TC8305C devices allow remote attackers to ...)
+CVE-2018-15907 (** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow ...)
 	NOT-FOR-US: Technicolor (formerly RCA) TC8305C devices
 CVE-2018-15906
 	RESERVED
@@ -6524,7 +6600,7 @@ CVE-2018-15853 (Endless recursion exists in xkbcomp/expr.c in xkbcommon and ...)
 	[jessie] - libxkbcommon <no-dsa> (Minor issue)
 	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
 	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
-CVE-2018-15852 (Technicolor TC7200.20 devices allow remote attackers to cause a denial ...)
+CVE-2018-15852 (** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers ...)
 	NOT-FOR-US: Technicolor
 CVE-2018-15851 (An issue was discovered in Flexo CMS v0.1.6. There is a CSRF ...)
 	NOT-FOR-US: Flexo CMS
@@ -7764,16 +7840,16 @@ CVE-2018-15318
 	RESERVED
 CVE-2018-15317
 	RESERVED
-CVE-2018-15316
-	RESERVED
-CVE-2018-15315
-	RESERVED
-CVE-2018-15314
-	RESERVED
-CVE-2018-15313
-	RESERVED
-CVE-2018-15312
-	RESERVED
+CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge ...)
+	TODO: check
+CVE-2018-15315 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected ...)
+	TODO: check
+CVE-2018-15314 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a ...)
+	TODO: check
+CVE-2018-15313 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a ...)
+	TODO: check
+CVE-2018-15312 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected ...)
+	TODO: check
 CVE-2018-15311 (When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-15310 (A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, ...)
@@ -38497,8 +38573,8 @@ CVE-2018-4015
 	RESERVED
 CVE-2018-4014
 	RESERVED
-CVE-2018-4013
-	RESERVED
+CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP ...)
+	TODO: check
 CVE-2018-4012
 	RESERVED
 CVE-2018-4011
@@ -309720,7 +309796,7 @@ CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote ...
 	NOT-FOR-US: InfoVista PortalSE
 CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on ...)
 	NOT-FOR-US: InfoVista PortalSE
-CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versoins before 0.8, allows ...)
+CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows ...)
 	NOT-FOR-US: Michael Salzer Guestbox
 CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer ...)
 	NOT-FOR-US: Michael Salzer Guestbox



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7e147c1e68cce7068d260373e68bc2d35487547

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7e147c1e68cce7068d260373e68bc2d35487547
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181019/18d1e18a/attachment.html>

More information about the debian-security-tracker-commits mailing list