[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 12 21:10:32 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44c1a357 by security tracker role at 2018-09-12T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2018-16966
+ RESERVED
+CVE-2018-16965
+ RESERVED
+CVE-2018-16964
+ RESERVED
+CVE-2018-16963
+ RESERVED
+CVE-2018-16962
+ RESERVED
+CVE-2018-16961
+ RESERVED
+CVE-2018-16960
+ RESERVED
+CVE-2018-16959
+ RESERVED
+CVE-2018-16958
+ RESERVED
+CVE-2018-16957
+ RESERVED
+CVE-2018-16956
+ RESERVED
+CVE-2018-16955
+ RESERVED
+CVE-2018-16954
+ RESERVED
+CVE-2018-16953
+ RESERVED
+CVE-2018-16952
+ RESERVED
+CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 ...)
+ TODO: check
CVE-2018-XXXX [prevent access to repos which are in the process of bring migrated]
- gitolite3 <unfixed> (bug #908699)
[stretch] - gitolite3 <no-dsa> (Minor issue)
@@ -507,14 +539,14 @@ CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding t
NOT-FOR-US: CScms
CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. ...)
NOT-FOR-US: CScms
-CVE-2018-16729
- RESERVED
-CVE-2018-16728
- RESERVED
-CVE-2018-16727
- RESERVED
-CVE-2018-16726
- RESERVED
+CVE-2018-16729 (Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a ...)
+ TODO: check
+CVE-2018-16728 (feindura 2.0.7 allows XSS via the tags field of a new page created at ...)
+ TODO: check
+CVE-2018-16727 (razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage ...)
+ TODO: check
+CVE-2018-16726 (razorCMS 3.4.7 allows HTML injection via the description of the ...)
+ TODO: check
CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the ...)
NOT-FOR-US: baijiacms
CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...)
@@ -651,7 +683,7 @@ CVE-2018-16660
CVE-2018-16659
RESERVED
CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
- {DSA-4292-1}
+ {DSA-4292-1 DLA-1503-1}
- kamailio 5.1.4-1 (bug #908324)
NOTE: https://skalatan.de/blog/advisory-hw-2018-06
NOTE: https://github.com/kamailio/kamailio/commit/ad68e402ece8089f133c10de6ce319f9e28c0692 (master)
@@ -788,8 +820,8 @@ CVE-2018-16607
RESERVED
CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) ...)
NOT-FOR-US: ProConf
-CVE-2018-16605
- RESERVED
+CVE-2018-16605 (D-Link DIR-600M devices allow XSS via the Hostname and Username fields ...)
+ TODO: check
CVE-2018-16604 (An issue was discovered in Nibbleblog v4.0.5. With an admin's username ...)
NOT-FOR-US: Nibbleblog
CVE-2018-16603
@@ -1341,10 +1373,10 @@ CVE-2018-16391 (Several buffer overflows when handling responses from a Muscle C
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16390
RESERVED
-CVE-2018-16389
- RESERVED
-CVE-2018-16388
- RESERVED
+CVE-2018-16389 (e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the ...)
+ TODO: check
+CVE-2018-16388 (e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers ...)
+ TODO: check
CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF ...)
NOT-FOR-US: Elefant CMS
CVE-2018-16386
@@ -2743,8 +2775,8 @@ CVE-2018-15836
RESERVED
CVE-2018-15835
RESERVED
-CVE-2018-15834
- RESERVED
+CVE-2018-15834 (In radare2 before 2.9.0, a heap overflow vulnerability exists in the ...)
+ TODO: check
CVE-2018-15833 (In Vanilla before 2.6.1, the polling functionality allows Insecure ...)
NOT-FOR-US: Vanilla
CVE-2018-15832
@@ -3557,8 +3589,8 @@ CVE-2018-15504 (An issue was discovered in Embedthis GoAhead before 4.0.1 and Ap
NOT-FOR-US: Embedthis GoAhead
CVE-2018-15503 (The unpack implementation in Swoole version 4.0.4 lacks correct size ...)
NOT-FOR-US: Swoole
-CVE-2018-15502
- RESERVED
+CVE-2018-15502 (Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 ...)
+ TODO: check
CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x ...)
{DLA-1477-1}
- libgit2 0.27.4+dfsg.1-0.1 (low)
@@ -7694,10 +7726,10 @@ CVE-2018-13809
RESERVED
CVE-2018-13808
RESERVED
-CVE-2018-13807
- RESERVED
-CVE-2018-13806
- RESERVED
+CVE-2018-13807 (A vulnerability has been identified in SCALANCE X300 (All versions < ...)
+ TODO: check
+CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad Designer (All ...)
+ TODO: check
CVE-2018-13805
RESERVED
CVE-2018-13804
@@ -7710,8 +7742,8 @@ CVE-2018-13801
RESERVED
CVE-2018-13800
RESERVED
-CVE-2018-13799
- RESERVED
+CVE-2018-13799 (A vulnerability has been identified in SIMATIC WinCC OA V3.14 and ...)
+ TODO: check
CVE-2018-13798
RESERVED
CVE-2018-13796 (An issue was discovered in GNU Mailman before 2.1.28. A crafted URL ...)
@@ -8551,10 +8583,10 @@ CVE-2018-13414
RESERVED
CVE-2018-13413
RESERVED
-CVE-2018-13412
- RESERVED
-CVE-2018-13411
- RESERVED
+CVE-2018-13412 (An issue was discovered in the Self Service Portal in Zoho ...)
+ TODO: check
+CVE-2018-13411 (An issue was discovered in Zoho ManageEngine Desktop Central before ...)
+ TODO: check
CVE-2018-13410 (** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line ...)
- zip <unfixed> (unimportant; bug #903196)
NOTE: http://seclists.org/fulldisclosure/2018/Jul/24
@@ -11839,24 +11871,24 @@ CVE-2018-12178
RESERVED
CVE-2018-12177
RESERVED
-CVE-2018-12176
- RESERVED
-CVE-2018-12175
- RESERVED
+CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a ...)
+ TODO: check
+CVE-2018-12175 (Default install directory permissions in Intel Distribution for Python ...)
+ TODO: check
CVE-2018-12174
RESERVED
CVE-2018-12173
RESERVED
CVE-2018-12172
RESERVED
-CVE-2018-12171
- RESERVED
+CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller (BMC) ...)
+ TODO: check
CVE-2018-12170
RESERVED
CVE-2018-12169
RESERVED
-CVE-2018-12168
- RESERVED
+CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing ...)
+ TODO: check
CVE-2018-12167
RESERVED
CVE-2018-12166
@@ -11865,14 +11897,14 @@ CVE-2018-12165
RESERVED
CVE-2018-12164
RESERVED
-CVE-2018-12163
- RESERVED
-CVE-2018-12162
- RESERVED
+CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 ...)
+ TODO: check
+CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for Windows before ...)
+ TODO: check
CVE-2018-12161
RESERVED
-CVE-2018-12160
- RESERVED
+CVE-2018-12160 (DLL injection vulnerability in software installer for Intel Data ...)
+ TODO: check
CVE-2018-12159
RESERVED
CVE-2018-12158
@@ -11889,14 +11921,14 @@ CVE-2018-12153
RESERVED
CVE-2018-12152
RESERVED
-CVE-2018-12151
- RESERVED
-CVE-2018-12150
- RESERVED
-CVE-2018-12149
- RESERVED
-CVE-2018-12148
- RESERVED
+CVE-2018-12151 (Buffer overflow in installer for Intel Extreme Tuning Utility before ...)
+ TODO: check
+CVE-2018-12150 (Escalation of privilege in Installer for Intel Extreme Tuning Utility ...)
+ TODO: check
+CVE-2018-12149 (Buffer overflow in input handling in Intel Extreme Tuning Utility ...)
+ TODO: check
+CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and Support ...)
+ TODO: check
CVE-2018-12147
RESERVED
CVE-2018-12146
@@ -22823,8 +22855,8 @@ CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass vulnerabili
NOT-FOR-US: Huawei
CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than ...)
NOT-FOR-US: Huawei
-CVE-2018-7939
- RESERVED
+CVE-2018-7939 (Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the ...)
+ TODO: check
CVE-2018-7938 (P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 ...)
NOT-FOR-US: Huawei
CVE-2018-7937 (In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and ...)
@@ -22855,12 +22887,12 @@ CVE-2018-7925
RESERVED
CVE-2018-7924
RESERVED
-CVE-2018-7923
- RESERVED
-CVE-2018-7922
- RESERVED
-CVE-2018-7921
- RESERVED
+CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 ...)
+ TODO: check
+CVE-2018-7922 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 ...)
+ TODO: check
+CVE-2018-7921 (Huawei B315s-22 products with software of 21.318.01.00.26 have an ...)
+ TODO: check
CVE-2018-7920 (Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 ...)
NOT-FOR-US: Huawei
CVE-2018-7919
@@ -22889,8 +22921,8 @@ CVE-2018-7908
RESERVED
CVE-2018-7907
RESERVED
-CVE-2018-7906
- RESERVED
+CVE-2018-7906 (Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), ...)
+ TODO: check
CVE-2018-7905
RESERVED
CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON ...)
@@ -23901,8 +23933,8 @@ CVE-2018-7574
RESERVED
CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP server can ...)
NOT-FOR-US: FTPShell Client
-CVE-2018-7572
- RESERVED
+CVE-2018-7572 (Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to ...)
+ TODO: check
CVE-2018-7571
RESERVED
CVE-2018-7570 (The assign_file_positions_for_non_load_sections function in elf.c in ...)
@@ -26078,8 +26110,8 @@ CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server
NOT-FOR-US: MISP
CVE-2018-6925
RESERVED
-CVE-2018-6924
- RESERVED
+CVE-2018-6924 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, ...)
+ TODO: check
CVE-2018-6923 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip ...)
TODO: check
CVE-2018-6922 (One of the data structures that holds TCP segments in all versions of ...)
@@ -30327,7 +30359,7 @@ CVE-2018-5695 (The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection vi
NOT-FOR-US: WpJobBoard plugin for WordPress
CVE-2018-5694 (The callforward module in User Control Panel (UCP) in Nicolas Gudino ...)
NOT-FOR-US: Nicolas Gudino (aka Asternic) Flash Operator Panel
-CVE-2018-5693 (The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users ...)
+CVE-2018-5693 (The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows ...)
NOT-FOR-US: LinuxMagic MagicSpam extension for Plesk
CVE-2018-5692 (Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, ...)
- piwigo <removed>
@@ -34738,14 +34770,14 @@ CVE-2018-3887 (A memory corruption vulnerability exists in the PCX-parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3886 (A memory corruption vulnerability exists in the PCX-parsing ...)
NOT-FOR-US: Computerinsel Photoline
-CVE-2018-3885
- RESERVED
-CVE-2018-3884
- RESERVED
-CVE-2018-3883
- RESERVED
-CVE-2018-3882
- RESERVED
+CVE-2018-3885 (An exploitable SQL injection vulnerability exists in the authenticated ...)
+ TODO: check
+CVE-2018-3884 (An exploitable SQL injection vulnerability exists in the authenticated ...)
+ TODO: check
+CVE-2018-3883 (An exploitable SQL injection vulnerability exists in the authenticated ...)
+ TODO: check
+CVE-2018-3882 (An exploitable SQL injection vulnerability exists in the authenticated ...)
+ TODO: check
CVE-2018-3881 (An exploitable unauthenticated XML external injection vulnerability ...)
NOT-FOR-US: FocalScope
CVE-2018-3880 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
@@ -35528,8 +35560,8 @@ CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and Tool
NOT-FOR-US: Intel
CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools in ...)
NOT-FOR-US: Intel
-CVE-2018-3686
- RESERVED
+CVE-2018-3686 (Code injection vulnerability in INTEL-SA-00086 Detection Tool before ...)
+ TODO: check
CVE-2018-3685
RESERVED
CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 ...)
@@ -35542,8 +35574,8 @@ CVE-2018-3681
RESERVED
CVE-2018-3680
RESERVED
-CVE-2018-3679
- RESERVED
+CVE-2018-3679 (Escalation of privilege in Reference UI in Intel Data Center Manager ...)
+ TODO: check
CVE-2018-3678
RESERVED
CVE-2018-3677
@@ -35562,8 +35594,8 @@ CVE-2018-3671 (Escalation of privilege in Intel Saffron admin application before
NOT-FOR-US: Intel Saffron admin application
CVE-2018-3670 (Driver module in Intel Smart Sound Technology before version ...)
NOT-FOR-US: Driver module in Intel Smart Sound Technology
-CVE-2018-3669
- RESERVED
+CVE-2018-3669 (A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino ...)
+ TODO: check
CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) ...)
NOT-FOR-US: Intel
CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets ...)
@@ -35588,16 +35620,16 @@ CVE-2018-3661 (Buffer overflow in Intel system Configuration utilities selview.e
NOT-FOR-US: Intel
CVE-2018-3660
RESERVED
-CVE-2018-3659
- RESERVED
-CVE-2018-3658
- RESERVED
-CVE-2018-3657
- RESERVED
+CVE-2018-3659 (A vulnerability in Intel PTT module in Intel CSME firmware before ...)
+ TODO: check
+CVE-2018-3658 (Multiple memory leaks in Intel AMT in Intel CSME firmware versions ...)
+ TODO: check
+CVE-2018-3657 (Multiple buffer overflows in Intel AMT in Intel CSME firmware versions ...)
+ TODO: check
CVE-2018-3656
RESERVED
-CVE-2018-3655
- RESERVED
+CVE-2018-3655 (A vulnerability in a subsystem in Intel CSME before version 11.21.55, ...)
+ TODO: check
CVE-2018-3654
RESERVED
CVE-2018-3653
@@ -35630,8 +35662,8 @@ CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote Keybo
NOT-FOR-US: Intel
CVE-2018-3644
RESERVED
-CVE-2018-3643
- RESERVED
+CVE-2018-3643 (A vulnerability in Power Management Controller firmware in systems ...)
+ TODO: check
CVE-2018-3642
RESERVED
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
@@ -35710,8 +35742,8 @@ CVE-2018-3618
RESERVED
CVE-2018-3617
REJECTED
-CVE-2018-3616
- RESERVED
+CVE-2018-3616 (Bleichenbacher-style side channel vulnerability in TLS implementation ...)
+ TODO: check
CVE-2018-3615 (Systems with microprocessors utilizing speculative execution and Intel ...)
- intel-microcode 3.20180703.1
NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
@@ -40730,8 +40762,8 @@ CVE-2018-1775
RESERVED
CVE-2018-1774
RESERVED
-CVE-2018-1773
- RESERVED
+CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an ...)
+ TODO: check
CVE-2018-1772
RESERVED
CVE-2018-1771
@@ -47702,7 +47734,7 @@ CVE-2017-16722
RESERVED
CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA ...)
NOT-FOR-US: Geovap Reliance SCADA
-CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions prior to ...)
+CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions 8.3.2 and ...)
NOT-FOR-US: Advantech WebAccess
CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort ...)
NOT-FOR-US: Moxa
@@ -59898,7 +59930,7 @@ CVE-2017-12743
RESERVED
CVE-2017-12742
RESERVED
-CVE-2017-12741 (A vulnerability has been identified in SINAMICS GH150 V4.7 w. PROFINET ...)
+CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart (All ...)
NOT-FOR-US: Siemens
CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...)
NOT-FOR-US: Siemens
@@ -94268,14 +94300,14 @@ CVE-2017-1087 (In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and ...)
CVE-2017-1086 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: kfreebsd not covered by security support
-CVE-2017-1085
- RESERVED
-CVE-2017-1084
- RESERVED
-CVE-2017-1083
- RESERVED
-CVE-2017-1082
- RESERVED
+CVE-2017-1085 (In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() ...)
+ TODO: check
+CVE-2017-1084 (In FreeBSD before 11.2-RELEASE, multiple issues with the ...)
+ TODO: check
+CVE-2017-1083 (In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is ...)
+ TODO: check
+CVE-2017-1082 (In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the ...)
+ TODO: check
CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44c1a3578143f7c3a956d457be5527ef04f195eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44c1a3578143f7c3a956d457be5527ef04f195eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180912/44ea4269/attachment.html>
More information about the debian-security-tracker-commits
mailing list