[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 25 09:10:31 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6527b521 by security tracker role at 2018-10-25T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2018-18649
+ RESERVED
+CVE-2018-18648
+ RESERVED
+CVE-2018-18647
+ RESERVED
+CVE-2018-18646
+ RESERVED
+CVE-2018-18645
+ RESERVED
+CVE-2018-18644
+ RESERVED
+CVE-2018-18643
+ RESERVED
+CVE-2018-18642
+ RESERVED
+CVE-2018-18641
+ RESERVED
+CVE-2018-18640
+ RESERVED
+CVE-2018-18639
+ RESERVED
+CVE-2018-18638 (A command injection vulnerability in the setup API in the Neato Botvac ...)
+ TODO: check
+CVE-2018-18637
+ RESERVED
+CVE-2018-18636 (XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the ...)
+ TODO: check
+CVE-2018-18635 (www/guis/admin/application/controllers/UserController.php in the ...)
+ TODO: check
+CVE-2018-18634
+ RESERVED
+CVE-2018-18633
+ RESERVED
+CVE-2018-18632
+ RESERVED
+CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
+ TODO: check
+CVE-2016-10729 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
+ TODO: check
CVE-2018-XXXX [XSA-278: x86: Nested VT-x usable even when disabled]
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-278.txt
@@ -23,8 +63,8 @@ CVE-2018-18623
RESERVED
CVE-2018-18622 (An issue was discovered in Waimai Super Cms 20150505. There is XSS via ...)
NOT-FOR-US: Waimai Super Cms
-CVE-2018-18621
- RESERVED
+CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! ...)
+ TODO: check
CVE-2018-18620
RESERVED
CVE-2018-18619
@@ -153,12 +193,12 @@ CVE-2018-18570
RESERVED
CVE-2018-18569
RESERVED
-CVE-2018-18568
- RESERVED
-CVE-2018-18567
- RESERVED
-CVE-2018-18566
- RESERVED
+CVE-2018-18568 (Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows ...)
+ TODO: check
+CVE-2018-18567 (AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows ...)
+ TODO: check
+CVE-2018-18566 (The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and ...)
+ TODO: check
CVE-2018-18565
RESERVED
CVE-2018-18564
@@ -192,18 +232,18 @@ CVE-2018-18554
RESERVED
CVE-2018-18553 (Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is ...)
NOT-FOR-US: Leanote
-CVE-2018-18552
- RESERVED
-CVE-2018-18551
- RESERVED
+CVE-2018-18552 (ServersCheck Monitoring Software through 14.3.3 allows local users to ...)
+ TODO: check
+CVE-2018-18551 (ServersCheck Monitoring Software through 14.3.3 has Persistent and ...)
+ TODO: check
CVE-2018-18550 (ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by ...)
NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18549
RESERVED
-CVE-2018-18548
- RESERVED
-CVE-2018-18547
- RESERVED
+CVE-2018-18548 (ajenticp (aka Ajenti Docker control panel) for Ajenti through ...)
+ TODO: check
+CVE-2018-18547 (Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain ...)
+ TODO: check
CVE-2018-18546 (ThinkPHP 3.2.4 has SQL Injection via the order parameter because the ...)
NOT-FOR-US: ThinkPHP
CVE-2018-18545 (Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name ...)
@@ -277,8 +317,8 @@ CVE-2018-18519
RESERVED
CVE-2018-18518
RESERVED
-CVE-2018-18517
- RESERVED
+CVE-2018-18517 (Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before ...)
+ TODO: check
CVE-2018-18516
RESERVED
CVE-2018-18515
@@ -365,8 +405,8 @@ CVE-2018-18478 (Persistent Cross-Site Scripting (XSS) issues in LibreNMS before
NOT-FOR-US: LibreNMS
CVE-2018-18477
RESERVED
-CVE-2018-18476
- RESERVED
+CVE-2018-18476 (mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it ...)
+ TODO: check
CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3 build 123214 allows ...)
NOT-FOR-US: Zoho
CVE-2018-18474
@@ -1627,10 +1667,10 @@ CVE-2018-18016 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCX
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1049
CVE-2018-18015
RESERVED
-CVE-2018-18014
- RESERVED
-CVE-2018-18013
- RESERVED
+CVE-2018-18014 (** DISPUTED *** Lack of authentication in Citrix Xen Mobile through ...)
+ TODO: check
+CVE-2018-18013 (** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening ...)
+ TODO: check
CVE-2018-18012
RESERVED
CVE-2018-18011
@@ -1847,12 +1887,12 @@ CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX Control
NOT-FOR-US: Gigasoft
CVE-2018-17924
RESERVED
-CVE-2018-17923
- RESERVED
+CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
+ TODO: check
CVE-2018-17922
RESERVED
-CVE-2018-17921
- RESERVED
+CVE-2018-17921 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
+ TODO: check
CVE-2018-17920
RESERVED
CVE-2018-17919 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud ...)
@@ -1887,8 +1927,8 @@ CVE-2018-17905
RESERVED
CVE-2018-17904
RESERVED
-CVE-2018-17903
- RESERVED
+CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
+ TODO: check
CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17901 (LAquis SCADA Versions 4.1.0.3870 and prior, when processing project ...)
@@ -7087,10 +7127,10 @@ CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensa
NOT-FOR-US: MensaMax application for Android
CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...)
NOT-FOR-US: MensaMax application for Android
-CVE-2018-15751
- RESERVED
-CVE-2018-15750
- RESERVED
+CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow ...)
+ TODO: check
+CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...)
+ TODO: check
CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a ...)
NOT-FOR-US: Pulse Secure Desktop
CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, ...)
@@ -9215,8 +9255,8 @@ CVE-2018-14814
RESERVED
CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow ...)
NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14812
- RESERVED
+CVE-2018-14812 (An uncontrolled search path element (DLL Hijacking) vulnerability has ...)
+ TODO: check
CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14810 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and ...)
@@ -12936,8 +12976,8 @@ CVE-2018-13344
RESERVED
CVE-2018-13343
RESERVED
-CVE-2018-13342
- RESERVED
+CVE-2018-13342 (The server API in the Anda app relies on hardcoded credentials. ...)
+ TODO: check
CVE-2018-13341 (Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all ...)
NOT-FOR-US: Creston
CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. ...)
@@ -14530,8 +14570,8 @@ CVE-2018-12652
RESERVED
CVE-2018-12651
RESERVED
-CVE-2018-12650
- RESERVED
+CVE-2018-12650 (Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting ...)
+ TODO: check
CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php in MISP ...)
NOT-FOR-US: MISP
CVE-2018-12648 (The WEBP::GetLE32 function in ...)
@@ -15473,18 +15513,21 @@ CVE-2018-12398
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12398
CVE-2018-12397
RESERVED
+ {DSA-4324-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12397
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12397
CVE-2018-12396
RESERVED
+ {DSA-4324-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12396
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12396
CVE-2018-12395
RESERVED
+ {DSA-4324-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12395
@@ -15493,12 +15536,14 @@ CVE-2018-12394
RESERVED
CVE-2018-12393
RESERVED
+ {DSA-4324-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12393
CVE-2018-12392
RESERVED
+ {DSA-4324-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392
@@ -15511,12 +15556,14 @@ CVE-2018-12391
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12391
CVE-2018-12390
RESERVED
+ {DSA-4324-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12390
CVE-2018-12389
RESERVED
+ {DSA-4324-1}
- firefox-esr 60.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389
CVE-2018-12388
@@ -17083,8 +17130,8 @@ CVE-2018-11794
RESERVED
CVE-2018-11793
RESERVED
-CVE-2018-11792
- RESERVED
+CVE-2018-11792 (In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER ...)
+ TODO: check
CVE-2018-11791
RESERVED
CVE-2018-11790
@@ -17097,8 +17144,8 @@ CVE-2018-11787 (In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the .
- apache-karaf <itp> (bug #881297)
CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf ...)
- apache-karaf <itp> (bug #881297)
-CVE-2018-11785
- RESERVED
+CVE-2018-11785 (Missing authorization check in Apache Impala before 3.0.1 allows a ...)
+ TODO: check
CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...)
{DLA-1545-1 DLA-1544-1}
- tomcat9 <itp> (bug #802312)
@@ -23715,12 +23762,12 @@ CVE-2018-9283 (An XSS issue was discovered in CremeCRM 1.6.12. It is affected by
NOT-FOR-US: Creme CRM
CVE-2018-9282 (An XSS issue was discovered in Subsonic Media Server 6.1.1. The ...)
NOT-FOR-US: Subsonic Media Server
-CVE-2018-9281
- RESERVED
-CVE-2018-9280
- RESERVED
-CVE-2018-9279
- RESERVED
+CVE-2018-9281 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The ...)
+ TODO: check
+CVE-2018-9280 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The ...)
+ TODO: check
+CVE-2018-9279 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The ...)
+ TODO: check
CVE-2018-9278
RESERVED
CVE-2018-9277
@@ -24636,8 +24683,8 @@ CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, re
NOT-FOR-US: CoverCMS
CVE-2018-8956
RESERVED
-CVE-2018-8955
- RESERVED
+CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded string ...)
+ TODO: check
CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...)
NOT-FOR-US: CA Workload Control Center
CVE-2018-8953 (CA Workload Automation AE before r11.3.6 SP7 allows remote attackers ...)
@@ -79796,22 +79843,22 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all ...)
CVE-2017-7655
RESERVED
CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability ...)
- {DLA-1525-1}
+ {DSA-4325-1 DLA-1525-1}
- mosquitto <unfixed> (bug #911265)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493
NOTE: https://github.com/eclipse/mosquitto/commit/51ec5601c2ec523bf2973fdc1eca77335eafb8de
CVE-2017-7653 (The Eclipse Mosquitto broker up to version 1.4.15 does not reject ...)
- {DLA-1525-1}
+ {DSA-4325-1 DLA-1525-1}
- mosquitto <unfixed> (bug #911266)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113
NOTE: https://github.com/eclipse/mosquitto/commit/729a09310a7a56fbe5933b70b4588049da1a42b4
CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running ...)
- {DLA-1409-1 DLA-1334-1}
+ {DSA-4325-1 DLA-1409-1 DLA-1334-1}
- mosquitto 1.4.15-1
NOTE: Patches: https://mosquitto.org/files/cve/2017-7652
NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
CVE-2017-7651 (In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server ...)
- {DLA-1409-1 DLA-1334-1}
+ {DSA-4325-1 DLA-1409-1 DLA-1334-1}
- mosquitto 1.4.15-1
NOTE: Patches: https://mosquitto.org/files/cve/2017-7651
NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6527b5215ba1fa52b51e868119f5eb4ed688caf9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6527b5215ba1fa52b51e868119f5eb4ed688caf9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181025/52d206cb/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list