[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 6 09:10:26 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b276cd65 by security tracker role at 2018-09-06T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2018-16554
+ RESERVED
+CVE-2018-16553
+ RESERVED
+CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, ...)
+ TODO: check
+CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by ...)
+ TODO: check
+CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass the ...)
+ TODO: check
+CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via ...)
+ TODO: check
+CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...)
+ TODO: check
+CVE-2018-16547
+ RESERVED
+CVE-2018-16546 (Amcrest networked devices use the same hardcoded SSL private key across ...)
+ TODO: check
CVE-2018-16545 (Kaizen Asset Manager (Enterprise Edition) and Training Manager ...)
TODO: check
CVE-2018-16544
@@ -162,8 +180,8 @@ CVE-2018-1000672
REJECTED
CVE-2018-1000662
REJECTED
-CVE-2015-9266
- RESERVED
+CVE-2015-9266 (The web management interface of Ubiquiti airMAX, airFiber, airGateway ...)
+ TODO: check
CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an ...)
NOT-FOR-US: baigo CMS
CVE-2018-16457
@@ -207,10 +225,10 @@ CVE-2018-16439
CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ...)
- hdf5 <undetermined>
NOTE: H5L_extern_query at H5Lexternal.c:498-10___out-of-bounds-read
-CVE-2018-16437
- RESERVED
-CVE-2018-16436
- RESERVED
+CVE-2018-16437 (Gxlcms 2.0 has Directory Traversal exploitable by an administrator. ...)
+ TODO: check
+CVE-2018-16436 (Gxlcms 2.0 has SQL Injection exploitable by an administrator. ...)
+ TODO: check
CVE-2018-16435 (Little CMS (aka Little Color Management System) 2.9 has an integer ...)
{DSA-4284-1}
- lcms2 2.9-3 (bug #907983)
@@ -390,8 +408,8 @@ CVE-2018-16382 (Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in ...)
- nasm <unfixed> (unimportant; bug #907866)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392503
NOTE: Crash in CLI tool, no security impact
-CVE-2018-16381
- RESERVED
+CVE-2018-16381 (e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list ...)
+ TODO: check
CVE-2018-16380 (An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF ...)
NOT-FOR-US: Ogma CMS
CVE-2018-16379 (Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the ...)
@@ -436,8 +454,8 @@ CVE-2018-16363
RESERVED
CVE-2018-16362 (An issue was discovered in the Source Integration plugin before 1.5.9 ...)
NOT-FOR-US: Mantis plugin
-CVE-2018-16361
- RESERVED
+CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS ...)
+ TODO: check
CVE-2018-16360
RESERVED
CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, permits ...)
@@ -565,8 +583,8 @@ CVE-2018-16309
RESERVED
CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV ...)
NOT-FOR-US: Ninja Forms plugin for WordPress
-CVE-2018-16307
- RESERVED
+CVE-2018-16307 (An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi ...)
+ TODO: check
CVE-2018-16306
RESERVED
CVE-2018-16305
@@ -676,8 +694,8 @@ CVE-2018-16254
RESERVED
CVE-2018-16253
RESERVED
-CVE-2018-16252
- RESERVED
+CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML ...)
+ TODO: check
CVE-2018-16251
RESERVED
CVE-2018-16250
@@ -904,16 +922,16 @@ CVE-2018-16150
RESERVED
CVE-2018-16149
RESERVED
-CVE-2018-16148
- RESERVED
-CVE-2018-16147
- RESERVED
-CVE-2018-16146
- RESERVED
-CVE-2018-16145
- RESERVED
-CVE-2018-16144
- RESERVED
+CVE-2018-16148 (The diagnosticsb2ksy parameter of the /rest endpoint in Opsview ...)
+ TODO: check
+CVE-2018-16147 (The data parameter of the /settings/api/router endpoint in Opsview ...)
+ TODO: check
+CVE-2018-16146 (The web management console of Opsview Monitor 5.4.x before 5.4.2 ...)
+ TODO: check
+CVE-2018-16145 (The /etc/init.d/opsview-reporting-module script that runs at boot time ...)
+ TODO: check
+CVE-2018-16144 (The test connection functionality in the NetAudit section of Opsview ...)
+ TODO: check
CVE-2018-16143
RESERVED
CVE-2018-16142 (PHPOK 4.8.278 has a Reflected XSS vulnerability in ...)
@@ -1428,10 +1446,10 @@ CVE-2018-15921
RESERVED
CVE-2018-15920
RESERVED
-CVE-2018-15918
- RESERVED
-CVE-2018-15917
- RESERVED
+CVE-2018-15918 (An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) ...)
+ TODO: check
+CVE-2018-15917 (Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow ...)
+ TODO: check
CVE-2018-15916
RESERVED
CVE-2018-15915
@@ -2036,24 +2054,24 @@ CVE-2018-15686
RESERVED
CVE-2018-15685 (GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain ...)
- electron <itp> (bug #842420)
-CVE-2018-15684
- RESERVED
-CVE-2018-15683
- RESERVED
-CVE-2018-15682
- RESERVED
-CVE-2018-15681
- RESERVED
-CVE-2018-15680
- RESERVED
-CVE-2018-15679
- RESERVED
-CVE-2018-15678
- RESERVED
-CVE-2018-15677
- RESERVED
-CVE-2018-15676
- RESERVED
+CVE-2018-15684 (An issue was discovered in BTITeam XBTIT. PHP error logs are stored in ...)
+ TODO: check
+CVE-2018-15683 (An issue was discovered in BTITeam XBTIT. The "returnto" parameter of ...)
+ TODO: check
+CVE-2018-15682 (An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site ...)
+ TODO: check
+CVE-2018-15681 (An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, ...)
+ TODO: check
+CVE-2018-15680 (An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords ...)
+ TODO: check
+CVE-2018-15679 (An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" ...)
+ TODO: check
+CVE-2018-15678 (An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in ...)
+ TODO: check
+CVE-2018-15677 (The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has ...)
+ TODO: check
+CVE-2018-15676 (An issue was discovered in BTITeam XBTIT. By using String.replace and ...)
+ TODO: check
CVE-2018-15675
RESERVED
CVE-2018-15674
@@ -4109,12 +4127,12 @@ CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 thro
NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
CVE-2018-14772
RESERVED
-CVE-2018-14771
- RESERVED
-CVE-2018-14770
- RESERVED
-CVE-2018-14769
- RESERVED
+CVE-2018-14771 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...)
+ TODO: check
+CVE-2018-14770 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...)
+ TODO: check
+CVE-2018-14769 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. ...)
+ TODO: check
CVE-2018-14768 (Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, ...)
NOT-FOR-US: VIVOTEK devices
CVE-2018-1999025 (A man in the middle vulnerability exists in Jenkins TraceTronic ...)
@@ -4513,6 +4531,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel bef
NOTE: https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the ...)
+ {DSA-4286-1}
- curl <unfixed>
NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html
NOTE: https://github.com/curl/curl/issues/2756
@@ -21450,7 +21469,7 @@ CVE-2018-8026 (This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3
NOTE: https://issues.apache.org/jira/browse/SOLR-12450
CVE-2018-8025 (CVE-2018-8025 describes an issue in Apache HBase that affects the ...)
NOT-FOR-US: Apache HBase
-CVE-2018-8024 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's ...)
+CVE-2018-8024 (In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it’s possible ...)
NOT-FOR-US: Apache Spark
CVE-2018-8023
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b276cd6525327a7fb2acbea4b5caa934b9fa30ca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b276cd6525327a7fb2acbea4b5caa934b9fa30ca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180906/aeecab46/attachment.html>
More information about the debian-security-tracker-commits
mailing list