[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Sep 10 09:10:29 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d1750ac by security tracker role at 2018-09-10T08:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2018-16792
+	RESERVED
+CVE-2018-16791
+	RESERVED
+CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in ...)
+	TODO: check
+CVE-2018-16789
+	RESERVED
+CVE-2018-16788
+	RESERVED
+CVE-2018-16787
+	RESERVED
+CVE-2018-16786
+	RESERVED
+CVE-2018-16785
+	RESERVED
+CVE-2018-16784
+	RESERVED
+CVE-2018-16783
+	RESERVED
+CVE-2018-16782 (libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the ...)
+	TODO: check
+CVE-2018-16781 (ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause ...)
+	TODO: check
+CVE-2018-16780 (Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. ...)
+	TODO: check
+CVE-2018-16779 (BlogCMS through 2016-10-25 has XSS via a comment. ...)
+	TODO: check
+CVE-2018-16778
+	RESERVED
+CVE-2018-16777
+	RESERVED
+CVE-2018-16776 (wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" ...)
+	TODO: check
+CVE-2018-16775 (An issue was discovered in Victor CMS through 2018-05-10. There is XSS ...)
+	TODO: check
+CVE-2018-16774 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file ...)
+	TODO: check
+CVE-2018-16773 (EasyCMS 1.5 allows XSS via the ...)
+	TODO: check
+CVE-2018-16772 (Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered ...)
+	TODO: check
+CVE-2018-16771 (Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided ...)
+	TODO: check
+CVE-2018-16770 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
+	TODO: check
+CVE-2018-16769 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
+	TODO: check
+CVE-2018-16768 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
+	TODO: check
+CVE-2018-16767 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
+	TODO: check
+CVE-2018-16766 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
+	TODO: check
+CVE-2018-16765 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
+	TODO: check
+CVE-2018-16764 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
+	TODO: check
+CVE-2018-16763 (FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter ...)
+	TODO: check
+CVE-2018-16762 (FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or ...)
+	TODO: check
+CVE-2018-16761 (Eventum before 3.4.0 has an open redirect vulnerability. ...)
+	TODO: check
+CVE-2018-16760
+	RESERVED
+CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from ...)
+	TODO: check
 CVE-2018-16758
 	RESERVED
 CVE-2018-16757
@@ -29050,7 +29118,7 @@ CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121
 CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute ...)
 	NOT-FOR-US: pfSense
 CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of ...)
-	{DLA-1257-1}
+	{DLA-1500-1 DLA-1257-1}
 	- openssh 1:7.4p1-1
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
 	NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
@@ -49750,6 +49818,7 @@ CVE-2017-15909 (D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded pass
 CVE-2017-15907 (SQL injection vulnerability in phpCollab 2.5.1 and earlier allows ...)
 	NOT-FOR-US: phpCollab
 CVE-2017-15906 (The process_open function in sftp-server.c in OpenSSH before 7.6 does ...)
+	{DLA-1500-1}
 	- openssh 1:7.6p1-1 (low)
 	[stretch] - openssh 1:7.4p1-10+deb9u3
 	[wheezy] - openssh <no-dsa> (Minor issue)
@@ -86954,12 +87023,14 @@ CVE-2016-10013 (Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to
 	- xen 4.8.0-1 (bug #848713)
 	NOTE: https://xenbits.xen.org/xsa/advisory-204.html
 CVE-2016-10012 (The shared memory manager (associated with pre-authentication ...)
+	{DLA-1500-1}
 	- openssh 1:7.4p1-1 (low; bug #848717)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
 	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.165&r2=1.166
 	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.h.diff?r1=1.19&r2=1.20
 CVE-2016-10011 (authfile.c in sshd in OpenSSH before 7.4 does not properly consider ...)
+	{DLA-1500-1}
 	- openssh 1:7.4p1-1 (low; bug #848716)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
@@ -86970,6 +87041,7 @@ CVE-2016-10010 (sshd in OpenSSH before 7.4, when privilege separation is not use
 	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/serverloop.c.diff?r1=1.188&r2=1.189
 	NOTE: Privilege separation is enabled in the Debian package
 CVE-2016-10009 (Untrusted search path vulnerability in ssh-agent.c in ssh-agent in ...)
+	{DLA-1500-1}
 	- openssh 1:7.4p1-1 (low; bug #848714)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
@@ -106233,7 +106305,7 @@ CVE-2016-6518 (Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, a
 CVE-2016-6517 (Directory traversal vulnerability in Liferay 5.1.0 allows remote ...)
 	NOT-FOR-US: Liferay
 CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH before ...)
-	{DLA-594-1}
+	{DLA-1500-1 DLA-594-1}
 	- openssh 1:7.3p1-1 (bug #833823)
 	NOTE: Fixed by: https://anongit.mindrot.org/openssh.git/commit/?id=fcd135c9df440bcd2d5870405ad3311743d78d97
 CVE-2016-6514
@@ -117912,6 +117984,7 @@ CVE-2016-3116 (CRLF injection vulnerability in Dropbear SSH before 2016.72 allow
 	NOTE: https://matt.ucc.asn.au/dropbear/CHANGES
 	NOTE: Fixed in 2016.72 upstream
 CVE-2016-3115 (Multiple CRLF injection vulnerabilities in session.c in sshd in ...)
+	{DLA-1500-1}
 	- openssh 1:7.2p2-1
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	NOTE: http://www.openssh.com/txt/x11fwd.adv
@@ -122254,6 +122327,7 @@ CVE-2016-1717 (The Disk Images component in Apple iOS before 9.2.1, OS X before
 CVE-2016-1716 (AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local ...)
 	NOT-FOR-US: Apple
 CVE-2016-1908 (The client in OpenSSH before 7.2 mishandles failed cookie generation ...)
+	{DLA-1500-1}
 	- openssh 1:7.2p1-1
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	[squeeze] - openssh <no-dsa> (Minor issue)
@@ -134906,12 +134980,14 @@ CVE-2015-6565 (sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for T
 	NOTE: Issue introduced with https://anongit.mindrot.org/openssh.git/commit/?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2 (V_6_8_P1)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/12/1
 CVE-2015-6563 (The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD ...)
+	{DLA-1500-1}
 	- openssh 1:6.9p1-1 (bug #795711)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	[squeeze] - openssh <no-dsa> (Minor issue)
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
 CVE-2015-6564 (Use-after-free vulnerability in the mm_answer_pam_free_ctx function in ...)
+	{DLA-1500-1}
 	- openssh 1:6.9p1-1 (bug #795711)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	[squeeze] - openssh <no-dsa> (Minor issue)
@@ -136022,7 +136098,7 @@ CVE-2015-5602 (sudoedit in Sudo before 1.8.15 allows local users to gain privile
 CVE-2015-5601
 	RESERVED
 CVE-2015-5600 (The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH ...)
-	{DLA-288-1}
+	{DLA-1500-1 DLA-288-1}
 	- openssh 1:6.9p1-1 (bug #793616)
 	[wheezy] - openssh <no-dsa> (Minor issue; not in default configurations)
 	NOTE: http://seclists.org/fulldisclosure/2015/Jul/92
@@ -137734,7 +137810,7 @@ CVE-2015-5146 (ntpd in ntp before 4.2.8p3 with remote configuration enabled allo
 	[squeeze] - ntp <no-dsa> (Minor issue)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
 CVE-2015-5352 (The x11_open_helper function in channels.c in ssh in OpenSSH before ...)
-	{DLA-288-1}
+	{DLA-1500-1 DLA-288-1}
 	- openssh 1:6.9p1-1 (bug #790798)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d1750accfe2be76a84f3b4f5807fa4933c9e4ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d1750accfe2be76a84f3b4f5807fa4933c9e4ff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180910/fc930f68/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list