[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 20 21:16:17 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6c93a63 by security tracker role at 2018-09-20T20:16:08Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2018-17281
+ RESERVED
+CVE-2018-17280
+ RESERVED
+CVE-2018-17279
+ RESERVED
+CVE-2018-17278
+ RESERVED
+CVE-2018-17277
+ RESERVED
+CVE-2018-17276
+ RESERVED
+CVE-2018-17275
+ RESERVED
+CVE-2018-17274
+ RESERVED
+CVE-2018-17273
+ RESERVED
+CVE-2018-17272
+ RESERVED
+CVE-2018-17271
+ RESERVED
+CVE-2018-17270
+ RESERVED
+CVE-2018-17269
+ RESERVED
+CVE-2018-17268
+ RESERVED
+CVE-2018-17267
+ RESERVED
+CVE-2018-17266
+ RESERVED
+CVE-2018-17265
+ RESERVED
+CVE-2018-17264
+ RESERVED
+CVE-2018-17263
+ RESERVED
+CVE-2018-17262
+ RESERVED
+CVE-2018-17261
+ RESERVED
+CVE-2018-17260
+ RESERVED
+CVE-2018-17259
+ RESERVED
+CVE-2018-17258
+ RESERVED
+CVE-2018-17257
+ RESERVED
+CVE-2018-17256
+ RESERVED
+CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter. ...)
+ TODO: check
+CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the ...)
+ TODO: check
+CVE-2018-17253
+ RESERVED
+CVE-2018-17252
+ RESERVED
+CVE-2018-17251
+ RESERVED
+CVE-2018-17250
+ RESERVED
+CVE-2018-17249
+ RESERVED
+CVE-2018-17248
+ RESERVED
+CVE-2018-17247
+ RESERVED
+CVE-2018-17246
+ RESERVED
+CVE-2018-17245
+ RESERVED
+CVE-2018-17244
+ RESERVED
CVE-2018-17243 (Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows ...)
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-17242
@@ -229,6 +305,7 @@ CVE-2018-17142 (The html package (aka x/net/html) through 2018-09-17 in Go misha
TODO: check, in golang-golang-x-net-dev?
CVE-2018-17141
RESERVED
+ {DSA-4298-1}
- hylafax <unfixed> (bug #909161)
NOTE: http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36
CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS ...)
@@ -5745,8 +5822,8 @@ CVE-2018-14798
RESERVED
CVE-2018-14797 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a ...)
NOT-FOR-US: Emerson DeltaV DCS
-CVE-2018-14796
- RESERVED
+CVE-2018-14796 (Tec4Data SmartCooler, all versions prior to firmware 180806, the ...)
+ TODO: check
CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...)
NOT-FOR-US: DeltaV
CVE-2018-14794
@@ -11754,8 +11831,7 @@ CVE-2017-18316
RESERVED
CVE-2017-18315
RESERVED
-CVE-2017-18314
- RESERVED
+CVE-2017-18314 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18313
RESERVED
@@ -11788,11 +11864,9 @@ CVE-2017-18304
CVE-2017-18303
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18302
- RESERVED
+CVE-2017-18302 (In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18301
- RESERVED
+CVE-2017-18301 (In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18300
RESERVED
@@ -13020,8 +13094,8 @@ CVE-2018-11984
RESERVED
CVE-2018-11983
RESERVED
-CVE-2018-11982
- RESERVED
+CVE-2018-11982 (In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, ...)
+ TODO: check
CVE-2018-11981
RESERVED
CVE-2018-11980
@@ -14877,26 +14951,22 @@ CVE-2018-11294 (In all android releases (Android for MSM, Firefox OS for MSM, QR
TODO: check
CVE-2018-11293 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11292
- RESERVED
+CVE-2018-11292 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11291
- RESERVED
-CVE-2018-11290
- RESERVED
+CVE-2018-11291 (In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, ...)
+ TODO: check
+CVE-2018-11290 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11289
RESERVED
CVE-2018-11288
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11287
- RESERVED
+CVE-2018-11287 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11286 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
TODO: check
-CVE-2018-11285
- RESERVED
+CVE-2018-11285 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11284
RESERVED
@@ -14912,8 +14982,8 @@ CVE-2018-11279
RESERVED
CVE-2018-11278 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
TODO: check
-CVE-2018-11277
- RESERVED
+CVE-2018-11277 (In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, ...)
+ TODO: check
CVE-2018-11276 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11275 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
@@ -14928,12 +14998,12 @@ CVE-2018-11271
RESERVED
CVE-2018-11270 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11269
- RESERVED
-CVE-2018-11268
- RESERVED
-CVE-2018-11267
- RESERVED
+CVE-2018-11269 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
+ TODO: check
+CVE-2018-11268 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
+ TODO: check
+CVE-2018-11267 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
+ TODO: check
CVE-2018-11266
RESERVED
CVE-2018-11265 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
@@ -14965,8 +15035,7 @@ CVE-2017-18282
CVE-2017-18281
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18280
- RESERVED
+CVE-2017-18280 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18279
RESERVED
@@ -15841,22 +15910,27 @@ CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its .
- cobbler <removed>
NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/9
CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
@@ -15878,6 +15952,7 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client
NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4
NOTE: https://review.gluster.org/20723
CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e
@@ -15917,16 +15992,19 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien
NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5
NOTE: https://www.postgresql.org/about/news/1878/
CVE-2018-10914 (It was found that an attacker could issue a xattr request via ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop ...)
NOT-FOR-US: Keycloak
CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
@@ -15944,6 +16022,7 @@ CVE-2018-10909
CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on ...)
NOT-FOR-US: ovirt
CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7
@@ -15956,6 +16035,7 @@ CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount i
CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file ...)
+ {DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd
@@ -28154,18 +28234,18 @@ CVE-2018-6507
RESERVED
CVE-2018-6506 (Cross-Site Scripting (XSS) exists in the Add Forum feature in the ...)
NOT-FOR-US: miniBB
-CVE-2018-6505
- RESERVED
-CVE-2018-6504
- RESERVED
-CVE-2018-6503
- RESERVED
-CVE-2018-6502
- RESERVED
-CVE-2018-6501
- RESERVED
-CVE-2018-6500
- RESERVED
+CVE-2018-6505 (A potential Unauthenticated File Download vulnerability has been ...)
+ TODO: check
+CVE-2018-6504 (A potential Cross-Site Request Forgery (CSRF) vulnerability has been ...)
+ TODO: check
+CVE-2018-6503 (A potential Access Control vulnerability has been identified in ...)
+ TODO: check
+CVE-2018-6502 (A potential Reflected Cross-Site Scripting (XSS) Security ...)
+ TODO: check
+CVE-2018-6501 (Potential security vulnerability of Insufficient Access Controls has ...)
+ TODO: check
+CVE-2018-6500 (A potential Directory Traversal Security vulnerability has been ...)
+ TODO: check
CVE-2018-6499 (Remote Code Execution in the following products Hybrid Cloud ...)
NOT-FOR-US: Hybrid Cloud Management Containerized Suite
CVE-2018-6498 (Remote Code Execution in the following products Hybrid Cloud ...)
@@ -30417,8 +30497,7 @@ CVE-2018-5873 (An issue was discovered in the __ns_get_path function in fs/nsfs.
NOTE: Fixed by: https://git.kernel.org/linus/073c516ff73557a8f7315066856c04b50383ac34
CVE-2018-5872 (While parsing over-the-air information elements in all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5871
- RESERVED
+CVE-2018-5871 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5870
RESERVED
@@ -30487,8 +30566,7 @@ CVE-2018-5839
RESERVED
CVE-2018-5838 (Improper Validation of Array Index In the adreno OpenGL driver in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5837
- RESERVED
+CVE-2018-5837 (In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5836 (In wma_nan_rsp_event_handler() in Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm components for Android
@@ -35512,10 +35590,10 @@ CVE-2018-3867 (An exploitable stack-based buffer overflow vulnerability exists i
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3866 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3865
- RESERVED
-CVE-2018-3864
- RESERVED
+CVE-2018-3865 (An exploitable buffer overflow vulnerability exists in the Samsung ...)
+ TODO: check
+CVE-2018-3864 (An exploitable buffer overflow vulnerability exists in the Samsung ...)
+ TODO: check
CVE-2018-3863 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3862 (A specially crafted TIFF image processed via the application can lead ...)
@@ -41413,8 +41491,8 @@ CVE-2018-1802
RESERVED
CVE-2018-1801
RESERVED
-CVE-2018-1800
- RESERVED
+CVE-2018-1800 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could ...)
+ TODO: check
CVE-2018-1799
RESERVED
CVE-2018-1798
@@ -41665,8 +41743,8 @@ CVE-2018-1676 (IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross
NOT-FOR-US: IBM Planning Analytics
CVE-2018-1675
RESERVED
-CVE-2018-1674
- RESERVED
+CVE-2018-1674 (IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through ...)
+ TODO: check
CVE-2018-1673
RESERVED
CVE-2018-1672
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6c93a63725199657f6f2f0a877db249ce4d3087
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6c93a63725199657f6f2f0a877db249ce4d3087
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180920/1641a5f0/attachment.html>
More information about the debian-security-tracker-commits
mailing list