[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 10 21:10:28 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e990df57 by security tracker role at 2018-09-10T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2018-16802 [further changes in addition to CVE-2018-16509 commits]
+CVE-2018-16804
+ RESERVED
+CVE-2018-16803
+ RESERVED
+CVE-2018-16801
+ RESERVED
+CVE-2018-16800
+ RESERVED
+CVE-2018-16799
+ RESERVED
+CVE-2018-16798
+ RESERVED
+CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.8.7556 ...)
+ TODO: check
+CVE-2018-16796
+ RESERVED
+CVE-2018-16795
+ RESERVED
+CVE-2018-16794
+ RESERVED
+CVE-2018-16793
+ RESERVED
+CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ...)
- ghostscript <unfixed>
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
@@ -184,8 +206,8 @@ CVE-2018-16707
RESERVED
CVE-2018-16706
RESERVED
-CVE-2018-16705
- RESERVED
+CVE-2018-16705 (FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the ...)
+ TODO: check
CVE-2018-16704 (An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure ...)
NOT-FOR-US: Gleez CMS
CVE-2018-16703 (A vulnerability in the Gleez CMS 1.2.0 login page could allow an ...)
@@ -409,8 +431,8 @@ CVE-2018-16610
RESERVED
CVE-2018-16609
RESERVED
-CVE-2018-16608
- RESERVED
+CVE-2018-16608 (In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change ...)
+ TODO: check
CVE-2018-16607
RESERVED
CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) ...)
@@ -443,9 +465,9 @@ CVE-2018-16593
RESERVED
CVE-2018-16592
RESERVED
-CVE-2018-16591
- RESERVED
-CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use only client-side JavaScript for ...)
+CVE-2018-16591 (FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change ...)
+ TODO: check
+CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in ...)
NOT-FOR-US: FURUNO FELCOM
CVE-2018-16589
RESERVED
@@ -796,7 +818,7 @@ CVE-2018-16437 (Gxlcms 2.0 has Directory Traversal exploitable by an administrat
CVE-2018-16436 (Gxlcms 2.0 has SQL Injection exploitable by an administrator. ...)
NOT-FOR-US: Gxlcms
CVE-2018-16435 (Little CMS (aka Little Color Management System) 2.9 has an integer ...)
- {DSA-4284-1 DLA-1496-1}
+ {DSA-4289-1 DSA-4284-1 DLA-1496-1}
- lcms2 2.9-3 (bug #907983)
- lcms <removed>
- chromium-browser 69.0.3497.81-1
@@ -1630,14 +1652,17 @@ CVE-2018-16089
RESERVED
CVE-2018-16088
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16087
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16086
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16085
@@ -2151,8 +2176,8 @@ CVE-2014-10074 (Umbraco before 7.2.0 has a remote PHP code execution vulnerabili
NOT-FOR-US: Umbraco
CVE-2018-15887 (Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to ...)
NOT-FOR-US: ASUS DSL-N12E_C1
-CVE-2018-15886
- RESERVED
+CVE-2018-15886 (Monstra CMS 3.0.4 does not properly restrict modified Snippet content, ...)
+ TODO: check
CVE-2018-15885 (Ovation FindMe 1.4-1083-1 is intended to support transmission of ...)
NOT-FOR-US: Ovation FindMe
CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the ...)
@@ -5106,10 +5131,10 @@ CVE-2018-14638
RESERVED
CVE-2018-14637
RESERVED
-CVE-2018-14636
- RESERVED
-CVE-2018-14635
- RESERVED
+CVE-2018-14636 (Live-migrated instances are briefly able to inspect traffic for other ...)
+ TODO: check
+CVE-2018-14635 (When using the Linux bridge ml2 driver, non-privileged tenants are ...)
+ TODO: check
CVE-2018-14634
RESERVED
CVE-2018-14633
@@ -5130,8 +5155,7 @@ CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does
NOTE: https://github.com/wildfly/wildfly/pull/10675
CVE-2018-14626
RESERVED
-CVE-2018-14625 [use-after-free Read in vhost_transport_send_pkt]
- RESERVED
+CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be able to ...)
- linux <unfixed>
NOTE: https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039
CVE-2018-14624 (A vulnerability was discovered in 389-ds-base through versions ...)
@@ -5156,8 +5180,8 @@ CVE-2018-14621 (An infinite loop vulnerability was found in libtirpc before vers
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=968175
NOTE: Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (0.3.3-rc3)
NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b
-CVE-2018-14620
- RESERVED
+CVE-2018-14620 (The OpenStack RabbitMQ container image insecurely retrieves the ...)
+ TODO: check
CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel before ...)
- linux 4.14.12-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -10160,8 +10184,8 @@ CVE-2018-12610
RESERVED
CVE-2018-12609
RESERVED
-CVE-2018-12608
- RESERVED
+CVE-2018-12608 (An issue was discovered in Docker Moby before 17.06.0. The Docker ...)
+ TODO: check
CVE-2018-1000403 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier ...)
NOT-FOR-US: Jenkins plugin
CVE-2018-1000402 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier ...)
@@ -12428,7 +12452,7 @@ CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer fr
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057
CVE-2018-11775 [Missing TLS Hostname Verification]
RESERVED
- - activemq <unfixed>
+ - activemq <unfixed>
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt
NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d
NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=02971a40e281713a8397d3a1809c164b594abfbb
@@ -34336,10 +34360,10 @@ CVE-2018-3899
RESERVED
CVE-2018-3898
RESERVED
-CVE-2018-3897
- RESERVED
-CVE-2018-3896
- RESERVED
+CVE-2018-3897 (An exploitable buffer overflow vulnerabilities exist in the ...)
+ TODO: check
+CVE-2018-3896 (An exploitable buffer overflow vulnerabilities exist in the ...)
+ TODO: check
CVE-2018-3895 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 Firmware
CVE-2018-3894
@@ -92699,8 +92723,8 @@ CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemi
NOT-FOR-US: IBM WebSphere Application Server
CVE-2017-1680
RESERVED
-CVE-2017-1679
- RESERVED
+CVE-2017-1679 (IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an ...)
+ TODO: check
CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1677 (IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and ...)
@@ -98286,8 +98310,8 @@ CVE-2016-9050 (An exploitable out-of-bounds read vulnerability exists in the cli
NOT-FOR-US: Aerospike Database
CVE-2016-9049 (An exploitable denial-of-service vulnerability exists in the ...)
NOT-FOR-US: Aerospike Database
-CVE-2016-9048
- RESERVED
+CVE-2016-9048 (Multiple exploitable SQL Injection vulnerabilities exists in ...)
+ TODO: check
CVE-2016-9047
RESERVED
CVE-2016-9046
@@ -104467,12 +104491,10 @@ CVE-2016-7080 (The graphic acceleration functions in VMware Tools 9.x and 10.x b
NOT-FOR-US: VMware
CVE-2016-7079 (The graphic acceleration functions in VMware Tools 9.x and 10.x before ...)
NOT-FOR-US: VMware
-CVE-2016-7078
- RESERVED
+CVE-2016-7078 (foreman before version 1.15.0 is vulnerable to an information leak ...)
- foreman <itp> (bug #663101)
NOTE: http://projects.theforeman.org/issues/16982
-CVE-2016-7077
- RESERVED
+CVE-2016-7077 (foreman before 1.14.0 is vulnerable to an information leak. It was ...)
- foreman <itp> (bug #663101)
NOTE: http://projects.theforeman.org/issues/16971
CVE-2016-7076 (sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo ...)
@@ -104484,8 +104506,7 @@ CVE-2016-7076 (sudo before version 1.8.18p1 is vulnerable to a bypass in the sud
NOTE: https://www.sudo.ws/repos/sudo/rev/7b8357b0a358
NOTE: https://www.sudo.ws/repos/sudo/rev/167a518d8129
NOTE: Might need as well: https://bugzilla.sudo.ws/show_bug.cgi?id=761
-CVE-2016-7075
- RESERVED
+CVE-2016-7075 (It was found that Kubernetes as used by Openshift Enterprise 3 did not ...)
- kubernetes 1.5.5+dfsg-1 (bug #795652)
NOTE: https://github.com/kubernetes/kubernetes/issues/34517
CVE-2016-7074
@@ -104504,13 +104525,11 @@ CVE-2016-7073
[jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
[wheezy] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
-CVE-2016-7072
- RESERVED
+CVE-2016-7072 (An issue has been found in PowerDNS Authoritative Server before 3.4.11 ...)
{DSA-3764-1 DLA-798-1}
- pdns 4.0.2-1
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
-CVE-2016-7071
- RESERVED
+CVE-2016-7071 (It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2016-7070
RESERVED
@@ -104526,8 +104545,7 @@ CVE-2016-7068
- pdns 4.0.2-1
- pdns-recursor 4.0.4-1
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
-CVE-2016-7067 [CSRF]
- RESERVED
+CVE-2016-7067 (Monit before version 5.20.0 is vulnerable to a cross site request ...)
{DLA-732-1}
- monit 1:5.20.0-1
[jessie] - monit <no-dsa> (Minor issue)
@@ -104545,8 +104563,7 @@ CVE-2016-7063
RESERVED
CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage ...)
NOT-FOR-US: Red Hat rhscon-core
-CVE-2016-7061
- RESERVED
+CVE-2016-7061 (An information disclosure vulnerability was found in JBoss Enterprise ...)
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2016-7060 (The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does ...)
NOT-FOR-US: Red Hat QCI
@@ -104556,8 +104573,7 @@ CVE-2016-7058
REJECTED
CVE-2016-7057
REJECTED
-CVE-2016-7056 [ECDSA P-256 timing attack key recovery]
- RESERVED
+CVE-2016-7056 (A timing attack flaw was found in OpenSSL 1.0.1u and before that could ...)
{DSA-3773-1 DLA-814-1}
- openssl 1.0.2a-1
- openssl1.0 <not-affected> (Fixed before initial upload to Debian)
@@ -104627,8 +104643,7 @@ CVE-2016-7042 (The proc_keys_show function in security/keys/proc.c in the Linux
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373966
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373499
NOTE: https://git.kernel.org/linus/03dab869b7b239c4e013ec82aea22e181e441cfc
-CVE-2016-7041
- RESERVED
+CVE-2016-7041 (Drools Workbench contains a path traversal vulnerability. The ...)
NOT-FOR-US: JBoss Drolls Workbench
CVE-2016-7040 (Red Hat CloudForms Management Engine 4.1 does not properly handle ...)
NOT-FOR-US: Red Hat CloudForms
@@ -104645,8 +104660,7 @@ CVE-2016-7037 (The verify function in Encryption/Symmetric.php in Malcolm Fell j
NOT-FOR-US: Malcolm Fell jwt
CVE-2016-7036 (python-jose before 1.3.2 allows attackers to have unspecified impact ...)
NOT-FOR-US: Python jose
-CVE-2016-7035 [improper IPC guarding]
- RESERVED
+CVE-2016-7035 (An authorization flaw was found in Pacemaker before 1.1.16, where it ...)
- pacemaker 1.1.15-3 (bug #843041)
[wheezy] - pacemaker <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1166/commits/5a20855d6054ebaae590c09262b328d957cc1fc2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e990df57967ffa6f06303e9d91e39eecb6ba586c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e990df57967ffa6f06303e9d91e39eecb6ba586c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180910/4495d9a1/attachment.html>
More information about the debian-security-tracker-commits
mailing list