[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 7 09:10:25 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ac2e8dd0 by security tracker role at 2018-09-07T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2018-16656
+ RESERVED
+CVE-2018-16655 (Gxlcms 1.0 has XSS via the PATH_INFO to ...)
+ TODO: check
+CVE-2018-16654 (Zurmo 3.2.4 Stable allows XSS via ...)
+ TODO: check
+CVE-2018-16653 (rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. ...)
+ TODO: check
+CVE-2018-16652
+ RESERVED
+CVE-2018-16651 (The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in ...)
+ TODO: check
+CVE-2018-16650 (phpMyFAQ before 2.9.11 allows CSRF. ...)
+ TODO: check
+CVE-2018-16649
+ RESERVED
+CVE-2018-16648 (In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c ...)
+ TODO: check
+CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in ...)
+ TODO: check
+CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause ...)
+ TODO: check
+CVE-2018-16645 (There is an excessive memory allocation issue in the functions ...)
+ TODO: check
+CVE-2018-16644 (There is a missing check for length in the functions ReadDCMImage of ...)
+ TODO: check
+CVE-2018-16643 (The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in ...)
+ TODO: check
+CVE-2018-16642 (The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows ...)
+ TODO: check
+CVE-2018-16641 (ImageMagick 7.0.8-6 has a memory leak vulnerability in the ...)
+ TODO: check
+CVE-2018-16640 (ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ...)
+ TODO: check
+CVE-2018-16639
+ RESERVED
+CVE-2018-16638
+ RESERVED
+CVE-2018-16637
+ RESERVED
+CVE-2018-16636
+ RESERVED
+CVE-2018-16635
+ RESERVED
+CVE-2018-16634
+ RESERVED
+CVE-2018-16633
+ RESERVED
+CVE-2018-16632
+ RESERVED
+CVE-2018-16631
+ RESERVED
+CVE-2018-16630
+ RESERVED
+CVE-2018-16629
+ RESERVED
+CVE-2018-16628
+ RESERVED
+CVE-2018-16627
+ RESERVED
+CVE-2018-16626
+ RESERVED
+CVE-2018-16625
+ RESERVED
+CVE-2018-16624
+ RESERVED
+CVE-2018-16623
+ RESERVED
+CVE-2018-16622 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2018-16621
+ RESERVED
+CVE-2018-16620
+ RESERVED
+CVE-2018-16619
+ RESERVED
+CVE-2018-16618
+ RESERVED
+CVE-2018-1000670 (KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x ...)
+ TODO: check
+CVE-2018-1000669 (KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x ...)
+ TODO: check
CVE-2018-16617
RESERVED
CVE-2018-16616
@@ -52,8 +134,8 @@ CVE-2018-16592
RESERVED
CVE-2018-16591
RESERVED
-CVE-2018-16590
- RESERVED
+CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use only client-side JavaScript for ...)
+ TODO: check
CVE-2018-16589
RESERVED
CVE-2018-16588
@@ -226,8 +308,8 @@ CVE-2018-16519
RESERVED
CVE-2018-16518 (A directory traversal vulnerability with remote code execution in ...)
NOT-FOR-US: Prim'X Zed! FREE
-CVE-2018-16517
- RESERVED
+CVE-2018-16517 (asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer ...)
+ TODO: check
CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. ...)
- python-flask-admin <itp> (bug #765509)
CVE-2018-16514
@@ -756,8 +838,8 @@ CVE-2018-16312
RESERVED
CVE-2018-16311
RESERVED
-CVE-2018-16310
- RESERVED
+CVE-2018-16310 (Technicolor TG588V V2 devices allow remote attackers to cause a denial ...)
+ TODO: check
CVE-2018-16309
RESERVED
CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV ...)
@@ -806,8 +888,8 @@ CVE-2018-16287
RESERVED
CVE-2018-16286
RESERVED
-CVE-2018-16285
- RESERVED
+CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via the ...)
+ TODO: check
CVE-2018-16284
RESERVED
CVE-2018-16283
@@ -855,8 +937,8 @@ CVE-2018-16263
RESERVED
CVE-2018-16262
RESERVED
-CVE-2018-16261
- RESERVED
+CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, ...)
+ TODO: check
CVE-2018-16260
RESERVED
CVE-2018-16259
@@ -1792,7 +1874,7 @@ CVE-2018-16585 (An issue was discovered in Artifex Ghostscript before 9.24. The
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699663
-CVE-2018-15877 (The Plainview Activity Monitor plugin 4.7.11 for WordPress is ...)
+CVE-2018-15877 (The Plainview Activity Monitor plugin before 20180826 for WordPress is ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-15876 (An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for ...)
NOT-FOR-US: Wordpress plugin
@@ -1821,8 +1903,8 @@ CVE-2018-15867
RESERVED
CVE-2018-15866
RESERVED
-CVE-2018-15865
- RESERVED
+CVE-2018-15865 (The Pulse Secure Desktop (macOS) has a Privilege Escalation ...)
+ TODO: check
CVE-2018-15864 (Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
[stretch] - libxkbcommon <no-dsa> (Minor issue)
@@ -2099,8 +2181,8 @@ CVE-2018-15751
RESERVED
CVE-2018-15750
RESERVED
-CVE-2018-15749
- RESERVED
+CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a ...)
+ TODO: check
CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, ...)
NOT-FOR-US: Dell 2335dn printers
CVE-2018-15747
@@ -2162,8 +2244,8 @@ CVE-2018-1999043 (A denial of service vulnerability exists in Jenkins 2.137 and
- jenkins <removed>
CVE-2018-1999042 (A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and ...)
- jenkins <removed>
-CVE-2018-15726
- RESERVED
+CVE-2018-15726 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a ...)
+ TODO: check
CVE-2018-15725
RESERVED
CVE-2018-15724
@@ -5501,8 +5583,8 @@ CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protoco
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14966
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-42.html
-CVE-2018-14366
- RESERVED
+CVE-2018-14366 (download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 ...)
+ TODO: check
CVE-2018-14365
RESERVED
CVE-2018-14364 (GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before ...)
@@ -10864,8 +10946,8 @@ CVE-2018-12236
RESERVED
CVE-2018-12235
RESERVED
-CVE-2018-12234
- RESERVED
+CVE-2018-12234 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
+ TODO: check
CVE-2018-12231
RESERVED
CVE-2018-12230 (An wrong logical check identified in the transferFrom function of a ...)
@@ -27133,8 +27215,8 @@ CVE-2018-6322 (Panda Global Protection 17.0.1 allows local users to gain privile
NOT-FOR-US: Panda Global Protection
CVE-2018-6321 (Unquoted Windows search path vulnerability in the panda_url_filtering ...)
NOT-FOR-US: Panda Global Protection
-CVE-2018-6320
- RESERVED
+CVE-2018-6320 (A vulnerability has been discovered in login.cgi in Pulse Secure Pulse ...)
+ TODO: check
CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special ...)
NOT-FOR-US: Sophos Tester Tool
CVE-2018-6318 (In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context ...)
@@ -30074,8 +30156,7 @@ CVE-2018-5392 (mingw-w64 version 5.0.4 by default produces executables that opt
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17321
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19011
NOTE: https://www.kb.cert.org/vuls/id/307144 (describes workaround)
-CVE-2018-5391 [Remote denial of service via improper IP fragment handling]
- RESERVED
+CVE-2018-5391 (The Linux kernel, versions 3.9+, is vulnerable to a denial of service ...)
{DSA-4272-1 DLA-1466-1}
- linux 4.17.15-1
NOTE: Mitigation: Change the default values of net.ipv4.ipfrag_high_thresh and
@@ -30086,8 +30167,7 @@ CVE-2018-5390 (Linux kernel versions 4.9+ can be forced to make very expensive c
- linux 4.17.14-1 (bug #905751)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.kb.cert.org/vuls/id/962459
-CVE-2018-5389 [low-entropy passphrase in IKEv1 can be brute-forced]
- RESERVED
+CVE-2018-5389 (The Internet Key Exchange v1 main mode is vulnerable to offline ...)
- strongswan <unfixed> (unimportant)
- libreswan <unfixed> (unimportant)
- ipsec-tools <unfixed> (unimportant)
@@ -31372,8 +31452,8 @@ CVE-2018-5007 (Adobe Flash Player 30.0.0.113 and earlier versions have a Type ..
NOT-FOR-US: Adobe
CVE-2018-5006 (Adobe Experience Manager versions 6.4 and earlier have a Server-Side ...)
NOT-FOR-US: Adobe
-CVE-2018-5005
- RESERVED
+CVE-2018-5005 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a ...)
+ TODO: check
CVE-2018-5004 (Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side ...)
NOT-FOR-US: Adobe
CVE-2018-5003 (Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) ...)
@@ -46803,8 +46883,8 @@ CVE-2017-16716 (A SQL Injection issue was discovered in WebAccess versions prior
NOT-FOR-US: Advantech WebAccess
CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Version ...)
NOT-FOR-US: Moxa
-CVE-2017-16714
- RESERVED
+CVE-2017-16714 (In Ice Qube Thermal Management Center versions prior to version 4.13, ...)
+ TODO: check
CVE-2017-16713
RESERVED
CVE-2017-16712
@@ -55047,8 +55127,8 @@ CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Ve
NOT-FOR-US: Moxa
CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...)
NOT-FOR-US: Korenix
-CVE-2017-14026
- RESERVED
+CVE-2017-14026 (In Ice Qube Thermal Management Center versions prior to version 4.13, ...)
+ TODO: check
CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB FOX515T ...)
NOT-FOR-US: ABB FOX515T
CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in Schneider ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac2e8dd082841bcbd070779e82a9dfd8539d4338
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac2e8dd082841bcbd070779e82a9dfd8539d4338
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180907/f5b675eb/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list