[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 24 09:10:30 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
320a19f2 by security tracker role at 2018-10-24T08:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2018-18630
+ RESERVED
+CVE-2018-18629
+ RESERVED
+CVE-2018-18628 (An issue was discovered in Pippo 1.11.0. The function ...)
+ TODO: check
+CVE-2017-18349 (parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in ...)
+ TODO: check
CVE-2018-18627
RESERVED
CVE-2018-18626 (An issue was discovered in PHPYun V4.6. There is a vulnerability that ...)
@@ -351,8 +359,8 @@ CVE-2018-18477
RESERVED
CVE-2018-18476
RESERVED
-CVE-2018-18475
- RESERVED
+CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3 build 123214 allows ...)
+ TODO: check
CVE-2018-18474
RESERVED
CVE-2018-18473
@@ -367,8 +375,8 @@ CVE-2018-18469
RESERVED
CVE-2018-18468
RESERVED
-CVE-2018-18467
- RESERVED
+CVE-2018-18467 (An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is ...)
+ TODO: check
CVE-2018-18466
RESERVED
CVE-2018-18465
@@ -467,8 +475,8 @@ CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its associa
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html
-CVE-2018-18437
- RESERVED
+CVE-2018-18437 (In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, ...)
+ TODO: check
CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the ...)
NOT-FOR-US: JTBC(PHP)
CVE-2018-18435
@@ -587,7 +595,7 @@ CVE-2018-18386 (drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows lo
[stretch] - linux 4.9.82-1+deb9u1
[jessie] - linux 3.16.56-1
NOTE: Fixed by: https://git.kernel.org/linus/966031f340185eddd05affcf72b740549f056348
-CVE-2018-18385 (Asciidoctor v1.5.7.1 allows remote attackers to cause a denial of ...)
+CVE-2018-18385 (Asciidoctor in versions < 1.5.8 allows remote attackers to cause a ...)
- asciidoctor <unfixed> (low)
[stretch] - asciidoctor <no-dsa> (Minor issue)
[jessie] - asciidoctor <no-dsa> (Minor issue)
@@ -1722,8 +1730,8 @@ CVE-2018-17972 (An issue was discovered in the proc_pid_stack function in ...)
NOTE: https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2
CVE-2018-17969 (Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote ...)
NOT-FOR-US: Samsung SCX-6545X V2.00.03.01 03-23-2012 devices
-CVE-2018-17968
- RESERVED
+CVE-2018-17968 (A gambling smart contract implementation for RuletkaIo, an Ethereum ...)
+ TODO: check
CVE-2018-17967 (ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in ...)
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1051
@@ -1934,16 +1942,16 @@ CVE-2018-17879
RESERVED
CVE-2018-17878
RESERVED
-CVE-2018-17877
- RESERVED
+CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ethereum ...)
+ TODO: check
CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version ...)
NOT-FOR-US: Coaster CMS
CVE-2018-17875
RESERVED
CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
NOT-FOR-US: ExpressionEngine
-CVE-2018-17873
- RESERVED
+CVE-2018-17873 (An incorrect access control vulnerability in the FTP configuration of ...)
+ TODO: check
CVE-2018-17872 (Verba Collaboration Compliance and Quality Management Platform before ...)
NOT-FOR-US: Verba Collaboration Compliance and Quality Management Platform
CVE-2018-17871 (Verba Collaboration Compliance and Quality Management Platform before ...)
@@ -2913,16 +2921,16 @@ CVE-2018-17449 [Confidential information disclosure in events API endpoint]
- gitlab <unfixed>
[stretch] - gitlab <not-affected> (Only affects 9.3 and later)
NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
-CVE-2018-17448
- RESERVED
-CVE-2018-17447
- RESERVED
-CVE-2018-17446
- RESERVED
-CVE-2018-17445
- RESERVED
-CVE-2018-17444
- RESERVED
+CVE-2018-17448 (An Incorrect Access Control issue was discovered in Citrix SD-WAN ...)
+ TODO: check
+CVE-2018-17447 (An Information Exposure Through Log Files issue was discovered in ...)
+ TODO: check
+CVE-2018-17446 (A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and ...)
+ TODO: check
+CVE-2018-17445 (A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and ...)
+ TODO: check
+CVE-2018-17444 (A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and ...)
+ TODO: check
CVE-2018-17443 (An issue was discovered on D-Link Central WiFi Manager before v ...)
NOT-FOR-US: D-Link
CVE-2018-17442 (An issue was discovered on D-Link Central WiFi Manager before v ...)
@@ -5825,8 +5833,8 @@ CVE-2018-16237 (An issue was discovered in damiCMS V6.0.1. There is Directory Tr
NOT-FOR-US: damiCMS
CVE-2018-16236 (cPanel through 74 allows XSS via a crafted filename in the logs ...)
NOT-FOR-US: cPanel
-CVE-2018-16235
- RESERVED
+CVE-2018-16235 (Telligent Community 6.x, 7.x, 8.x, 9.x, and 10.x up to 10.1.10.11792 ...)
+ TODO: check
CVE-2018-16234 (MorningStar WhatWeb 0.4.9 has XSS via JSON report files. ...)
NOT-FOR-US: MorningStar WhatWeb
CVE-2018-16233 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. ...)
@@ -5843,8 +5851,8 @@ CVE-2018-16228
RESERVED
CVE-2018-16227
RESERVED
-CVE-2018-16226
- RESERVED
+CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice Office ...)
+ TODO: check
CVE-2018-16225 (The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network ...)
NOT-FOR-US: QBee MultiSensor Camera
CVE-2018-16224
@@ -7732,8 +7740,8 @@ CVE-2018-15499 (GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, al
NOT-FOR-US: GEAR Software
CVE-2018-15498
RESERVED
-CVE-2018-15497
- RESERVED
+CVE-2018-15497 (The Mitel MiVoice 5330e VoIP device is affected by memory corruption ...)
+ TODO: check
CVE-2018-15496
RESERVED
CVE-2018-15495 (/filemanager/upload.php in Responsive FileManager before 9.13.3 allows ...)
@@ -9164,8 +9172,8 @@ CVE-2018-14830
RESERVED
CVE-2018-14829 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This ...)
NOT-FOR-US: Rockwell Automation RSLinx Classic
-CVE-2018-14828
- RESERVED
+CVE-2018-14828 (Advantech WebAccess 8.3.1 and earlier has an improper privilege ...)
+ TODO: check
CVE-2018-14827 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A ...)
NOT-FOR-US: Rockwell Automation RSLinx Classic
CVE-2018-14826 (Entes EMG12 versions 2.57 and prior The application uses a web ...)
@@ -9180,16 +9188,16 @@ CVE-2018-14822 (Entes EMG12 versions 2.57 and prior an information exposure thro
NOT-FOR-US: Entes EMG12
CVE-2018-14821 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This ...)
NOT-FOR-US: Rockwell Automation RSLinx Classic
-CVE-2018-14820
- RESERVED
+CVE-2018-14820 (Advantech WebAccess 8.3.1 and earlier has a .dll component that is ...)
+ TODO: check
CVE-2018-14819 (Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14818 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and ...)
NOT-FOR-US: PI Studio HMI
CVE-2018-14817 (Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow ...)
NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14816
- RESERVED
+CVE-2018-14816 (Advantech WebAccess 8.3.1 and earlier has several stack-based buffer ...)
+ TODO: check
CVE-2018-14815 (Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14814
@@ -9208,8 +9216,8 @@ CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5. Non-administrative u
NOT-FOR-US: Emerson AMS Device Manager
CVE-2018-14807 (A stack-based buffer overflow vulnerability in Opto 22 PAC Control ...)
NOT-FOR-US: Opto
-CVE-2018-14806
- RESERVED
+CVE-2018-14806 (Advantech WebAccess 8.3.1 and earlier has a path traversal ...)
+ TODO: check
CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the system ...)
NOT-FOR-US: ABB eSOMS
CVE-2018-14804 (Emerson AMS Device Manager v12.0 to v13.5. A specially crafted ...)
@@ -13935,8 +13943,8 @@ CVE-2018-12903 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity) ...
NOT-FOR-US: CyberArk Endpoint Privilege Manager
CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search bar of ...)
NOT-FOR-US: Easy Magazine
-CVE-2018-12901
- RESERVED
+CVE-2018-12901 (A vulnerability in the conferencing component of Mitel ST 14.2, ...)
+ TODO: check
CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...)
- tiff <unfixed> (bug #902718)
[stretch] - tiff <postponed> (Minor issue, can be fixed along in future DSA)
@@ -28758,18 +28766,18 @@ CVE-2018-7434 (zzcms 8.2 allows remote attackers to discover the full path via a
NOT-FOR-US: zzcms
CVE-2018-7433 (The iThemes Security plugin before 6.9.1 for WordPress does not ...)
NOT-FOR-US: iThemes Security plugin for WordPress
-CVE-2018-7432
- RESERVED
-CVE-2018-7431
- RESERVED
+CVE-2018-7432 (Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x ...)
+ TODO: check
+CVE-2018-7431 (Directory traversal vulnerability in the Splunk Django App in Splunk ...)
+ TODO: check
CVE-2018-7430
RESERVED
-CVE-2018-7429
- RESERVED
+CVE-2018-7429 (Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, ...)
+ TODO: check
CVE-2018-7428
RESERVED
-CVE-2018-7427
- RESERVED
+CVE-2018-7427 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
+ TODO: check
CVE-2018-7426
RESERVED
CVE-2018-7425
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/320a19f26facf422de3015773ca4fcf5b2462765
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/320a19f26facf422de3015773ca4fcf5b2462765
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181024/2dfd20b6/attachment.html>
More information about the debian-security-tracker-commits
mailing list