[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 7 21:10:30 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c932671e by security tracker role at 2018-09-07T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,110 @@
-CVE-2018-16658 [cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status]
+CVE-2018-16710 (** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to ...)
+ TODO: check
+CVE-2018-16709 (Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ...)
+ TODO: check
+CVE-2018-16708
+ RESERVED
+CVE-2018-16707
+ RESERVED
+CVE-2018-16706
+ RESERVED
+CVE-2018-16705
+ RESERVED
+CVE-2018-16704 (An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure ...)
+ TODO: check
+CVE-2018-16703 (A vulnerability in the Gleez CMS 1.2.0 login page could allow an ...)
+ TODO: check
+CVE-2018-16702
+ RESERVED
+CVE-2018-16701
+ RESERVED
+CVE-2018-16700
+ RESERVED
+CVE-2018-16699
+ RESERVED
+CVE-2018-16698
+ RESERVED
+CVE-2018-16697
+ RESERVED
+CVE-2018-16696
+ RESERVED
+CVE-2018-16695
+ RESERVED
+CVE-2018-16694
+ RESERVED
+CVE-2018-16693
+ RESERVED
+CVE-2018-16692
+ RESERVED
+CVE-2018-16691
+ RESERVED
+CVE-2018-16690
+ RESERVED
+CVE-2018-16689
+ RESERVED
+CVE-2018-16688
+ RESERVED
+CVE-2018-16687
+ RESERVED
+CVE-2018-16686
+ RESERVED
+CVE-2018-16685
+ RESERVED
+CVE-2018-16684
+ RESERVED
+CVE-2018-16683
+ RESERVED
+CVE-2018-16682
+ RESERVED
+CVE-2018-16681
+ RESERVED
+CVE-2018-16680
+ RESERVED
+CVE-2018-16679
+ RESERVED
+CVE-2018-16678
+ RESERVED
+CVE-2018-16677
+ RESERVED
+CVE-2018-16676
+ RESERVED
+CVE-2018-16675
+ RESERVED
+CVE-2018-16674
+ RESERVED
+CVE-2018-16673
+ RESERVED
+CVE-2018-16672
+ RESERVED
+CVE-2018-16671
+ RESERVED
+CVE-2018-16670
+ RESERVED
+CVE-2018-16669
+ RESERVED
+CVE-2018-16668
+ RESERVED
+CVE-2018-16667 (An issue was discovered in Contiki-NG through 4.1. There is a buffer ...)
+ TODO: check
+CVE-2018-16666 (An issue was discovered in Contiki-NG through 4.1. There is a ...)
+ TODO: check
+CVE-2018-16665 (An issue was discovered in Contiki-NG through 4.1. There is a buffer ...)
+ TODO: check
+CVE-2018-16664 (An issue was discovered in Contiki-NG through 4.1. There is a buffer ...)
+ TODO: check
+CVE-2018-16663 (An issue was discovered in Contiki-NG through 4.1. There is a ...)
+ TODO: check
+CVE-2018-16662
+ RESERVED
+CVE-2018-16661
+ RESERVED
+CVE-2018-16660
+ RESERVED
+CVE-2018-16659
+ RESERVED
+CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
+ TODO: check
+CVE-2018-16658 (An issue was discovered in the Linux kernel before 4.18.6. An ...)
- linux 4.18.6-1
NOTE: Fixed by: https://git.kernel.org/linus/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 (4.19-rc2)
CVE-2018-16656
@@ -346,6 +452,7 @@ CVE-2018-16514
CVE-2018-XXXX [Buffer Overflow while running jhead]
- jhead <unfixed> (bug #908176)
CVE-2018-16554 [Interger overflow while running jhead]
+ RESERVED
- jhead <unfixed> (bug #907925)
CVE-2018-16515 [Synapse: Failures to correctly validate signatures on transactions and events]
RESERVED
@@ -451,8 +558,8 @@ CVE-2018-16462
RESERVED
CVE-2018-16461
RESERVED
-CVE-2018-16460
- RESERVED
+CVE-2018-16460 (A command Injection in ps package versions <1.0.0 for Node.js allowed ...)
+ TODO: check
CVE-2018-16459 (An unescaped payload in exceljs <v1.6 allows a possible XSS via cell ...)
NOT-FOR-US: exceljs
CVE-2018-1000672
@@ -33751,8 +33858,8 @@ CVE-2018-4012
RESERVED
CVE-2018-4011
RESERVED
-CVE-2018-4010
- RESERVED
+CVE-2018-4010 (An exploitable code execution vulnerability exists in the connect ...)
+ TODO: check
CVE-2018-4009
RESERVED
CVE-2018-4008
@@ -33867,8 +33974,8 @@ CVE-2018-3954
RESERVED
CVE-2018-3953
RESERVED
-CVE-2018-3952
- RESERVED
+CVE-2018-3952 (An exploitable code execution vulnerability exists in the connect ...)
+ TODO: check
CVE-2018-3951
RESERVED
CVE-2018-3950
@@ -39961,8 +40068,8 @@ CVE-2018-1791
RESERVED
CVE-2018-1790
RESERVED
-CVE-2018-1789
- RESERVED
+CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to ...)
+ TODO: check
CVE-2018-1788
RESERVED
CVE-2018-1787
@@ -40025,10 +40132,10 @@ CVE-2018-1759
RESERVED
CVE-2018-1758
RESERVED
-CVE-2018-1757
- RESERVED
-CVE-2018-1756
- RESERVED
+CVE-2018-1757 (IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 ...)
+ TODO: check
+CVE-2018-1756 (IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is ...)
+ TODO: check
CVE-2018-1755 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
NOT-FOR-US: IBM
CVE-2018-1754
@@ -40405,8 +40512,8 @@ CVE-2018-1569
RESERVED
CVE-2018-1568
RESERVED
-CVE-2018-1567
- RESERVED
+CVE-2018-1567 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow ...)
+ TODO: check
CVE-2018-1566 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2018-1565 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
@@ -44386,50 +44493,50 @@ CVE-2018-0665
RESERVED
CVE-2018-0664 (A vulnerability in NoMachine App for Android 5.0.63 and earlier allows ...)
NOT-FOR-US: NoMachine App for Android
-CVE-2018-0663
- RESERVED
-CVE-2018-0662
- RESERVED
-CVE-2018-0661
- RESERVED
-CVE-2018-0660
- RESERVED
-CVE-2018-0659
- RESERVED
-CVE-2018-0658
- RESERVED
-CVE-2018-0657
- RESERVED
+CVE-2018-0663 (Multiple I-O DATA network camera products (TS-WRLP firmware ...)
+ TODO: check
+CVE-2018-0662 (Multiple I-O DATA network camera products (TS-WRLP firmware ...)
+ TODO: check
+CVE-2018-0661 (Multiple I-O DATA network camera products (TS-WRLP firmware ...)
+ TODO: check
+CVE-2018-0660 (Directory traversal vulnerability in ver.2.8.4.0 and earlier and ...)
+ TODO: check
+CVE-2018-0659 (Directory traversal vulnerability in ver.2.8.4.0 and earlier and ...)
+ TODO: check
+CVE-2018-0658 (Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 ...)
+ TODO: check
+CVE-2018-0657 (Cross-site scripting vulnerability in EC-CUBE Payment Module and ...)
+ TODO: check
CVE-2018-0656 (Untrusted search path vulnerability in The installer of Digital Paper ...)
NOT-FOR-US: Digital Paper App
-CVE-2018-0655
- RESERVED
-CVE-2018-0654
- RESERVED
-CVE-2018-0653
- RESERVED
-CVE-2018-0652
- RESERVED
+CVE-2018-0655 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier ...)
+ TODO: check
+CVE-2018-0654 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier ...)
+ TODO: check
+CVE-2018-0653 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier ...)
+ TODO: check
+CVE-2018-0652 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier ...)
+ TODO: check
CVE-2018-0651
RESERVED
-CVE-2018-0650
- RESERVED
-CVE-2018-0649
- RESERVED
-CVE-2018-0648
- RESERVED
-CVE-2018-0647
- RESERVED
+CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 ...)
+ TODO: check
+CVE-2018-0649 (Untrusted search path vulnerability in the installers of multiple ...)
+ TODO: check
+CVE-2018-0648 (Untrusted search path vulnerability in installer of ChatWork Desktop ...)
+ TODO: check
+CVE-2018-0647 (Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware ...)
+ TODO: check
CVE-2018-0646 (Directory traversal vulnerability in Explzh v.7.58 and earlier allows ...)
NOT-FOR-US: Explzh
-CVE-2018-0645
- RESERVED
-CVE-2018-0644
- RESERVED
-CVE-2018-0643
- RESERVED
-CVE-2018-0642
- RESERVED
+CVE-2018-0645 (MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via ...)
+ TODO: check
+CVE-2018-0644 (Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer ...)
+ TODO: check
+CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 ...)
+ TODO: check
+CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 ...)
+ TODO: check
CVE-2018-0641
RESERVED
CVE-2018-0640
@@ -44464,10 +44571,10 @@ CVE-2018-0626
RESERVED
CVE-2018-0625
RESERVED
-CVE-2018-0624
- RESERVED
-CVE-2018-0623
- RESERVED
+CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series ...)
+ TODO: check
+CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series ...)
+ TODO: check
CVE-2018-0622 (The DHC Online Shop App for Android version 3.2.0 and earlier does not ...)
NOT-FOR-US: DHC Online Shop App for Android
CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY ...)
@@ -89849,14 +89956,14 @@ CVE-2017-2797 (An exploitable heap overflow vulnerability exists in the ...)
NOT-FOR-US: AntennaHouse
CVE-2017-2796
RESERVED
-CVE-2017-2795
- RESERVED
+CVE-2017-2795 (An exploitable heap corruption vulnerability exists in the Txo ...)
+ TODO: check
CVE-2017-2794 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
NOT-FOR-US: AntennaHouse
CVE-2017-2793 (An exploitable heap corruption vulnerability exists in the ...)
NOT-FOR-US: AntennaHouse
-CVE-2017-2792
- RESERVED
+CVE-2017-2792 (An exploitable heap corruption vulnerability exists in the iBldDirInfo ...)
+ TODO: check
CVE-2017-2791 (JustSystems Ichitaro 2016 Trial contains a vulnerability that exists ...)
NOT-FOR-US: JustSystems Ichitaro 2016 Trial
CVE-2017-2790 (When processing a record type of 0x3c from a Workbook stream from an ...)
@@ -93457,10 +93564,10 @@ CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to
NOT-FOR-US: IBM
CVE-2017-1116 (IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive ...)
NOT-FOR-US: IBM
-CVE-2017-1115
- RESERVED
-CVE-2017-1114
- RESERVED
+CVE-2017-1115 (IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A ...)
+ TODO: check
+CVE-2017-1114 (IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2017-1113 (IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1112
@@ -97924,8 +98031,8 @@ CVE-2016-9046
RESERVED
CVE-2016-9045
RESERVED
-CVE-2016-9044
- RESERVED
+CVE-2016-9044 (An exploitable command execution vulnerability exists in Information ...)
+ TODO: check
CVE-2016-9043 (An out of bound write vulnerability exists in the EMF parsing ...)
NOT-FOR-US: CorelDRAW X8
CVE-2016-9042 (An exploitable denial of service vulnerability exists in the origin ...)
@@ -97940,8 +98047,8 @@ CVE-2016-9042 (An exploitable denial of service vulnerability exists in the orig
NOTE: http://pkgs.fedoraproject.org/cgit/rpms/ntp.git/tree/ntp-4.2.6p5-cve-2015-8138.patch?h=f24
CVE-2016-9041
REJECTED
-CVE-2016-9040
- RESERVED
+CVE-2016-9040 (An exploitable denial of service exists in the the Joyent SmartOS OS ...)
+ TODO: check
CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS ...)
NOT-FOR-US: Joyent
CVE-2016-9038 (An exploitable double fetch vulnerability exists in the SboxDrv.sys ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c932671e1a90af97c8eae80d19e2c61f49378c86
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c932671e1a90af97c8eae80d19e2c61f49378c86
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180907/1c8f5e93/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list