[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 4 21:10:35 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6e9004c8 by security tracker role at 2018-09-04T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an ...)
+ TODO: check
CVE-2018-16457
RESERVED
CVE-2018-16456
@@ -254,7 +256,7 @@ CVE-2018-16354 (An issue was discovered in FHCRM through 2018-02-11. There is a
NOT-FOR-US: FHCRM
CVE-2018-16353 (An issue was discovered in FHCRM through 2018-02-11. There is a SQL ...)
NOT-FOR-US: FHCRM
-CVE-2018-16352 (There is a PHP code upload vulnerablity in WeaselCMS 0.3.6 via ...)
+CVE-2018-16352 (There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via ...)
NOT-FOR-US: WeaselCMS
CVE-2018-16351
RESERVED
@@ -4215,8 +4217,7 @@ CVE-2018-14629
RESERVED
CVE-2018-14628
RESERVED
-CVE-2018-14627
- RESERVED
+CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not ...)
- wildfly <itp> (bug #752018)
NOTE: https://issues.jboss.org/browse/WFLY-9107
NOTE: https://github.com/wildfly/wildfly/pull/10675
@@ -12860,8 +12861,8 @@ CVE-2018-11264
RESERVED
CVE-2018-11263
RESERVED
-CVE-2018-11262
- RESERVED
+CVE-2018-11262 (In Android for MSM, Firefox OS for MSM, and QRD Android with all ...)
+ TODO: check
CVE-2018-11261
RESERVED
CVE-2018-11260
@@ -13759,25 +13760,20 @@ CVE-2018-10932 (lldptool version 1.0.1 and older can print a raw, unsanitized at
CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its ...)
- cobbler <removed>
NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/9
-CVE-2018-10930
- RESERVED
+CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
NOTE: https://review.gluster.org/21068
-CVE-2018-10929
- RESERVED
+CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
-CVE-2018-10928
- RESERVED
+CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
-CVE-2018-10927
- RESERVED
+CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
-CVE-2018-10926
- RESERVED
+CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
CVE-2018-10925 (It was discovered that PostgreSQL versions before 10.5, 9.6.10, ...)
@@ -13790,15 +13786,13 @@ CVE-2018-10925 (It was discovered that PostgreSQL versions before 10.5, 9.6.10,
- postgresql-9.1 <not-affected> (Only affects PostgreSQL 9.5 onwards)
NOTE: Fixed in 9.5.14, 9.6.10, 10.5
NOTE: https://www.postgresql.org/about/news/1878/
-CVE-2018-10924
- RESERVED
+CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client code ...)
- glusterfs 4.0.1-1
[stretch] - glusterfs <not-affected> (Issue introduced in 3.13.2 and backported to 3.12 series)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1611785
NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4
NOTE: https://review.gluster.org/20723
-CVE-2018-10923
- RESERVED
+CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
NOTE: https://review.gluster.org/21069
@@ -13837,20 +13831,17 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien
[jessie] - postgresql-9.1 <no-dsa> (package only serves as a means for upgrading to Stretch)
NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5
NOTE: https://www.postgresql.org/about/news/1878/
-CVE-2018-10914
- RESERVED
+CVE-2018-10914 (It was found that an attacker could issue a xattr request via ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
NOTE: https://review.gluster.org/21071
-CVE-2018-10913
- RESERVED
+CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
NOTE: https://review.gluster.org/21071
CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop ...)
NOT-FOR-US: Keycloak
-CVE-2018-10911
- RESERVED
+CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
NOTE: https://review.gluster.org/21067
@@ -13867,8 +13858,7 @@ CVE-2018-10909
RESERVED
CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on ...)
NOT-FOR-US: ovirt
-CVE-2018-10907
- RESERVED
+CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
NOTE: https://review.gluster.org/21070
@@ -13880,8 +13870,7 @@ CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount i
NOTE: https://sourceforge.net/p/fuse/mailman/message/36374753/
CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
-CVE-2018-10904
- RESERVED
+CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file ...)
- glusterfs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
NOTE: https://review.gluster.org/21072
@@ -21327,8 +21316,8 @@ CVE-2018-7992 (Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; M
NOT-FOR-US: Huawei
CVE-2018-7991
RESERVED
-CVE-2018-7990
- RESERVED
+CVE-2018-7990 (Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) ...)
+ TODO: check
CVE-2018-7989
RESERVED
CVE-2018-7988
@@ -21431,12 +21420,12 @@ CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions
NOT-FOR-US: Huawei
CVE-2018-7939
RESERVED
-CVE-2018-7938
- RESERVED
-CVE-2018-7937
- RESERVED
-CVE-2018-7936
- RESERVED
+CVE-2018-7938 (P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 ...)
+ TODO: check
+CVE-2018-7937 (In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and ...)
+ TODO: check
+CVE-2018-7936 (Mate 10 Pro Huawei smart phones with the versions before BLA-L29 ...)
+ TODO: check
CVE-2018-7935
RESERVED
CVE-2018-7934 (Some Huawei mobile phone with the versions before BLA-L29 ...)
@@ -24685,8 +24674,8 @@ CVE-2018-6925
RESERVED
CVE-2018-6924
RESERVED
-CVE-2018-6923
- RESERVED
+CVE-2018-6923 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip ...)
+ TODO: check
CVE-2018-6922 (One of the data structures that holds TCP segments in all versions of ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://www.kb.cert.org/vuls/id/962459
@@ -25827,12 +25816,10 @@ CVE-2018-6556 (lxc-user-nic when asked to delete a network interface will ...)
NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
NOTE: Prerequisite: https://github.com/lxc/lxc/commit/f96f5f3c1341e73ee51c8b49bef4ba571c562d8c
NOTE: Fixed by: https://github.com/lxc/lxc/commit/5eb45428b312e978fb9e294dde16efb14dd9fa4d
-CVE-2018-6555
- RESERVED
+CVE-2018-6555 (The irda_setsockopt function in net/irda/af_irda.c and later in ...)
- linux 4.17.3-1
NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
-CVE-2018-6554
- RESERVED
+CVE-2018-6554 (Memory leak in the irda_bind function in net/irda/af_irda.c and later ...)
- linux 4.17.3-1
NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd backend due ...)
@@ -37936,7 +37923,7 @@ CVE-2018-2450 (SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker w
NOT-FOR-US: SAP MaxDB
CVE-2018-2449 (SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - ...)
NOT-FOR-US: SAP SRM MDM Catalog
-CVE-2018-2448 (Admin tools in SAP BusinessObjects Business Intelligence Platform, ...)
+CVE-2018-2448 (Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, ...)
NOT-FOR-US: SAP BusinessObjects Business Intelligence Platform
CVE-2018-2447 (SAP BusinessObjects Business Intelligence (Launchpad Web ...)
NOT-FOR-US: SAP BusinessObjects Business Intelligence
@@ -43705,14 +43692,14 @@ CVE-2018-0677
RESERVED
CVE-2018-0676
RESERVED
-CVE-2018-0675
- RESERVED
-CVE-2018-0674
- RESERVED
+CVE-2018-0675 (AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script ...)
+ TODO: check
+CVE-2018-0674 (AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script ...)
+ TODO: check
CVE-2018-0673
RESERVED
-CVE-2018-0672
- RESERVED
+CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions prior to ...)
+ TODO: check
CVE-2018-0671
RESERVED
CVE-2018-0670
@@ -43727,8 +43714,8 @@ CVE-2018-0666
RESERVED
CVE-2018-0665
RESERVED
-CVE-2018-0664
- RESERVED
+CVE-2018-0664 (A vulnerability in NoMachine App for Android 5.0.63 and earlier allows ...)
+ TODO: check
CVE-2018-0663
RESERVED
CVE-2018-0662
@@ -43743,8 +43730,8 @@ CVE-2018-0658
RESERVED
CVE-2018-0657
RESERVED
-CVE-2018-0656
- RESERVED
+CVE-2018-0656 (Untrusted search path vulnerability in The installer of Digital Paper ...)
+ TODO: check
CVE-2018-0655
RESERVED
CVE-2018-0654
@@ -43763,8 +43750,8 @@ CVE-2018-0648
RESERVED
CVE-2018-0647
RESERVED
-CVE-2018-0646
- RESERVED
+CVE-2018-0646 (Directory traversal vulnerability in Explzh v.7.58 and earlier allows ...)
+ TODO: check
CVE-2018-0645
RESERVED
CVE-2018-0644
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e9004c8935ef89e506d5216184080f6d08c46ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e9004c8935ef89e506d5216184080f6d08c46ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180904/aa3fa8e8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list