[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Oct 31 20:10:37 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2bf1a0cd by security tracker role at 2018-10-31T20:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2018-18882
+	RESERVED
+CVE-2018-18881
+	RESERVED
+CVE-2018-18880
+	RESERVED
+CVE-2018-18879
+	RESERVED
+CVE-2018-18878
+	RESERVED
+CVE-2018-18877
+	RESERVED
+CVE-2018-18876
+	RESERVED
+CVE-2018-18875
+	RESERVED
+CVE-2018-18874 (nc-cms through 2017-03-10 allows remote attackers to execute arbitrary ...)
+	TODO: check
+CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL pointer ...)
+	TODO: check
+CVE-2018-18872
+	RESERVED
+CVE-2018-18871
+	RESERVED
 CVE-2018-18870
 	RESERVED
 CVE-2018-18869 (EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary ...)
@@ -4884,22 +4908,19 @@ CVE-2018-16844
 	RESERVED
 CVE-2018-16843
 	RESERVED
-CVE-2018-16842 [warning message out-of-buffer read]
-	RESERVED
+CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...)
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
 CVE-2018-16841
 	RESERVED
-CVE-2018-16840 [use-after-free in handle close]
-	RESERVED
+CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59.0 ...)
 	- curl <unfixed>
 	[stretch] - curl <not-affected> (Use-after-free issue introduced later)
 	NOTE: https://curl.haxx.se/docs/CVE-2018-16840.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
 	NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
-CVE-2018-16839 [SASL password overflow via integer overflow]
-	RESERVED
+CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun ...)
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
@@ -8724,28 +8745,28 @@ CVE-2018-15329
 	RESERVED
 CVE-2018-15328
 	RESERVED
-CVE-2018-15327
-	RESERVED
-CVE-2018-15326
-	RESERVED
-CVE-2018-15325
-	RESERVED
-CVE-2018-15324
-	RESERVED
-CVE-2018-15323
-	RESERVED
-CVE-2018-15322
-	RESERVED
-CVE-2018-15321
-	RESERVED
-CVE-2018-15320
-	RESERVED
-CVE-2018-15319
-	RESERVED
-CVE-2018-15318
-	RESERVED
-CVE-2018-15317
-	RESERVED
+CVE-2018-15327 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager ...)
+	TODO: check
+CVE-2018-15326 (In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, ...)
+	TODO: check
+CVE-2018-15325 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage ...)
+	TODO: check
+CVE-2018-15324 (On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when ...)
+	TODO: check
+CVE-2018-15323 (On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain ...)
+	TODO: check
+CVE-2018-15322 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, ...)
+	TODO: check
+CVE-2018-15321 (When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, ...)
+	TODO: check
+CVE-2018-15320 (On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic ...)
+	TODO: check
+CVE-2018-15319 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, ...)
+	TODO: check
+CVE-2018-15318 (In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, if ...)
+	TODO: check
+CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, ...)
+	TODO: check
 CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-15315 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected ...)
@@ -10268,8 +10289,7 @@ CVE-2018-14660
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
-CVE-2018-14659
-	RESERVED
+CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...)
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
@@ -10284,18 +10304,15 @@ CVE-2018-14656 (A missing address check in the callers of the show_opcodes() in
 	NOTE: Fixed by: https://git.kernel.org/linus/342db04ae71273322f0011384a9ed414df8bdae4
 CVE-2018-14655
 	RESERVED
-CVE-2018-14654
-	RESERVED
+CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse ...)
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
-CVE-2018-14653
-	RESERVED
+CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...)
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
-CVE-2018-14652
-	RESERVED
+CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...)
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
@@ -13740,10 +13757,10 @@ CVE-2018-13284
 	RESERVED
 CVE-2018-13283
 	RESERVED
-CVE-2018-13282
-	RESERVED
-CVE-2018-13281
-	RESERVED
+CVE-2018-13282 (Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology ...)
+	TODO: check
+CVE-2018-13281 (Information exposure vulnerability in SYNO.Core.ACL in Synology ...)
+	TODO: check
 CVE-2018-13280 (Use of insufficiently random values vulnerability in ...)
 	NOT-FOR-US: Synology
 CVE-2018-13279
@@ -45779,8 +45796,8 @@ CVE-2018-1853
 	RESERVED
 CVE-2018-1852
 	RESERVED
-CVE-2018-1851
-	RESERVED
+CVE-2018-1851 (IBM WebSphere Application Server Liberty OpenID Connect could allow a ...)
+	TODO: check
 CVE-2018-1850 (IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 ...)
 	NOT-FOR-US: IBM
 CVE-2018-1849
@@ -70101,7 +70118,7 @@ CVE-2017-11108 (tcpdump 4.9.0 allows remote attackers to cause a denial of servi
 	NOTE: Proposed patch: https://github.com/the-tcpdump-group/tcpdump/pull/617
 	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d9e65de3d94698ec90dbca42962a30dd2f0680e1 (4.9.1)
 CVE-2017-11107 (phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the ...)
-	{DLA-1019-1}
+	{DLA-1561-1 DLA-1019-1}
 	- phpldapadmin <unfixed> (bug #867719)
 	NOTE: https://github.com/leenooks/phpLDAPadmin/issues/50
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731
@@ -112443,8 +112460,7 @@ CVE-2016-6345 (RESTEasy allows remote authenticated users to obtain sensitive ..
 	- resteasy3.0 <undetermined>
 CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a ...)
 	NOT-FOR-US: Red Hat JBoss bpm Suite
-CVE-2016-6343
-	RESERVED
+CVE-2016-6343 (JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. ...)
 	NOT-FOR-US: JBoss BPMS
 CVE-2016-6342 (elog 3.1.1 allows remote attackers to post data as any username in the ...)
 	- elog 3.1.2-1-1 (bug #836505)
@@ -115667,8 +115683,7 @@ CVE-2016-5403 (The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows l
 	- qemu 1:2.6+dfsg-3.1 (bug #832619)
 	[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release)
 	- qemu-kvm <removed>
-CVE-2016-5402
-	RESERVED
+CVE-2016-5402 (A code injection flaw was found in the way capacity and utilization ...)
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2016-5401 (Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS ...)
 	NOT-FOR-US: JBoss BPMS business-central
@@ -126436,8 +126451,7 @@ CVE-2016-2123 [Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow R
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2123.html
 CVE-2016-2122
 	RESERVED
-CVE-2016-2121 [weak permissions on sensitive files]
-	RESERVED
+CVE-2016-2121 (A permissions flaw was found in redis, which sets weak permissions on ...)
 	- redis 3:3.2.5-2 (bug #842987)
 	[jessie] - redis <no-dsa> (Minor issue)
 	[wheezy] - redis <no-dsa> (minor issue, details see #842987)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bf1a0cd576c12ac6d5cf9494a374c6ec80d3ed7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bf1a0cd576c12ac6d5cf9494a374c6ec80d3ed7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181031/bba5bdea/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list