[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 25 21:10:38 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fa1b45aa by security tracker role at 2018-09-25T20:10:30Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,453 @@
+CVE-2018-17531
+ RESERVED
+CVE-2018-17530
+ RESERVED
+CVE-2018-17529
+ RESERVED
+CVE-2018-17528
+ RESERVED
+CVE-2018-17527
+ RESERVED
+CVE-2018-17526
+ RESERVED
+CVE-2018-17525
+ RESERVED
+CVE-2018-17524
+ RESERVED
+CVE-2018-17523
+ RESERVED
+CVE-2018-17522
+ RESERVED
+CVE-2018-17521
+ RESERVED
+CVE-2018-17520
+ RESERVED
+CVE-2018-17519
+ RESERVED
+CVE-2018-17518
+ RESERVED
+CVE-2018-17517
+ RESERVED
+CVE-2018-17516
+ RESERVED
+CVE-2018-17515
+ RESERVED
+CVE-2018-17514
+ RESERVED
+CVE-2018-17513
+ RESERVED
+CVE-2018-17512
+ RESERVED
+CVE-2018-17511
+ RESERVED
+CVE-2018-17510
+ RESERVED
+CVE-2018-17509
+ RESERVED
+CVE-2018-17508
+ RESERVED
+CVE-2018-17507
+ RESERVED
+CVE-2018-17506
+ RESERVED
+CVE-2018-17505
+ RESERVED
+CVE-2018-17504
+ RESERVED
+CVE-2018-17503
+ RESERVED
+CVE-2018-17502
+ RESERVED
+CVE-2018-17501
+ RESERVED
+CVE-2018-17500
+ RESERVED
+CVE-2018-17499
+ RESERVED
+CVE-2018-17498
+ RESERVED
+CVE-2018-17497
+ RESERVED
+CVE-2018-17496
+ RESERVED
+CVE-2018-17495
+ RESERVED
+CVE-2018-17494
+ RESERVED
+CVE-2018-17493
+ RESERVED
+CVE-2018-17492
+ RESERVED
+CVE-2018-17491
+ RESERVED
+CVE-2018-17490
+ RESERVED
+CVE-2018-17489
+ RESERVED
+CVE-2018-17488
+ RESERVED
+CVE-2018-17487
+ RESERVED
+CVE-2018-17486
+ RESERVED
+CVE-2018-17485
+ RESERVED
+CVE-2018-17484
+ RESERVED
+CVE-2018-17483
+ RESERVED
+CVE-2018-17482
+ RESERVED
+CVE-2018-17481
+ RESERVED
+CVE-2018-17480
+ RESERVED
+CVE-2018-17479
+ RESERVED
+CVE-2018-17478
+ RESERVED
+CVE-2018-17477
+ RESERVED
+CVE-2018-17476
+ RESERVED
+CVE-2018-17475
+ RESERVED
+CVE-2018-17474
+ RESERVED
+CVE-2018-17473
+ RESERVED
+CVE-2018-17472
+ RESERVED
+CVE-2018-17471
+ RESERVED
+CVE-2018-17470
+ RESERVED
+CVE-2018-17469
+ RESERVED
+CVE-2018-17468
+ RESERVED
+CVE-2018-17467
+ RESERVED
+CVE-2018-17466
+ RESERVED
+CVE-2018-17465
+ RESERVED
+CVE-2018-17464
+ RESERVED
+CVE-2018-17463
+ RESERVED
+CVE-2018-17462
+ RESERVED
+CVE-2018-17461
+ RESERVED
+CVE-2018-17460
+ RESERVED
+CVE-2018-17457
+ RESERVED
+CVE-2018-17456
+ RESERVED
+CVE-2018-17455
+ RESERVED
+CVE-2018-17454
+ RESERVED
+CVE-2018-17453
+ RESERVED
+CVE-2018-17452
+ RESERVED
+CVE-2018-17451
+ RESERVED
+CVE-2018-17450
+ RESERVED
+CVE-2018-17449
+ RESERVED
+CVE-2018-17448
+ RESERVED
+CVE-2018-17447
+ RESERVED
+CVE-2018-17446
+ RESERVED
+CVE-2018-17445
+ RESERVED
+CVE-2018-17444
+ RESERVED
+CVE-2018-17443
+ RESERVED
+CVE-2018-17442
+ RESERVED
+CVE-2018-17441
+ RESERVED
+CVE-2018-17440
+ RESERVED
+CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a ...)
+ TODO: check
+CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of ...)
+ TODO: check
+CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
+ TODO: check
+CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library ...)
+ TODO: check
+CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
+ TODO: check
+CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of ...)
+ TODO: check
+CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
+ TODO: check
+CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...)
+ TODO: check
+CVE-2018-17431
+ RESERVED
+CVE-2018-17430
+ RESERVED
+CVE-2018-17429
+ RESERVED
+CVE-2018-17428
+ RESERVED
+CVE-2018-17427
+ RESERVED
+CVE-2018-17426
+ RESERVED
+CVE-2018-17425
+ RESERVED
+CVE-2018-17424
+ RESERVED
+CVE-2018-17423
+ RESERVED
+CVE-2018-17422
+ RESERVED
+CVE-2018-17421
+ RESERVED
+CVE-2018-17420
+ RESERVED
+CVE-2018-17419
+ RESERVED
+CVE-2018-17418
+ RESERVED
+CVE-2018-17417
+ RESERVED
+CVE-2018-17416
+ RESERVED
+CVE-2018-17415
+ RESERVED
+CVE-2018-17414
+ RESERVED
+CVE-2018-17413
+ RESERVED
+CVE-2018-17412
+ RESERVED
+CVE-2018-17411
+ RESERVED
+CVE-2018-17410
+ RESERVED
+CVE-2018-17409
+ RESERVED
+CVE-2018-17408
+ RESERVED
+CVE-2018-17406
+ RESERVED
+CVE-2018-17405
+ RESERVED
+CVE-2018-17404 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...)
+ TODO: check
+CVE-2018-17403 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+ TODO: check
+CVE-2018-17402 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+ TODO: check
+CVE-2018-17401 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+ TODO: check
+CVE-2018-17400 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+ TODO: check
+CVE-2018-17399
+ RESERVED
+CVE-2018-17398
+ RESERVED
+CVE-2018-17397
+ RESERVED
+CVE-2018-17396
+ RESERVED
+CVE-2018-17395
+ RESERVED
+CVE-2018-17394
+ RESERVED
+CVE-2018-17393
+ RESERVED
+CVE-2018-17392
+ RESERVED
+CVE-2018-17391
+ RESERVED
+CVE-2018-17390
+ RESERVED
+CVE-2018-17389
+ RESERVED
+CVE-2018-17388
+ RESERVED
+CVE-2018-17387
+ RESERVED
+CVE-2018-17386
+ RESERVED
+CVE-2018-17385
+ RESERVED
+CVE-2018-17384
+ RESERVED
+CVE-2018-17383
+ RESERVED
+CVE-2018-17382
+ RESERVED
+CVE-2018-17381
+ RESERVED
+CVE-2018-17380
+ RESERVED
+CVE-2018-17379
+ RESERVED
+CVE-2018-17378
+ RESERVED
+CVE-2018-17377
+ RESERVED
+CVE-2018-17376
+ RESERVED
+CVE-2018-17375
+ RESERVED
+CVE-2018-17374
+ RESERVED
+CVE-2018-17373
+ RESERVED
+CVE-2018-17372
+ RESERVED
+CVE-2018-17371
+ RESERVED
+CVE-2018-17370
+ RESERVED
+CVE-2018-17369 (An issue was discovered in springboot_authority through 2017-03-06. ...)
+ TODO: check
+CVE-2018-17368 (An issue was discovered in PublicCMS V4.0.180825. For an invalid login ...)
+ TODO: check
+CVE-2018-17367
+ RESERVED
+CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability ...)
+ TODO: check
+CVE-2018-17365
+ RESERVED
+CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via ...)
+ TODO: check
+CVE-2018-17363
+ RESERVED
+CVE-2018-17362
+ RESERVED
+CVE-2018-17361 (Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers ...)
+ TODO: check
+CVE-2018-17360 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+ TODO: check
+CVE-2018-17359 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+ TODO: check
+CVE-2018-17358 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+ TODO: check
+CVE-2018-17357
+ RESERVED
+CVE-2018-17356
+ RESERVED
+CVE-2018-17355
+ RESERVED
+CVE-2018-17354
+ RESERVED
+CVE-2018-17353
+ RESERVED
+CVE-2018-17352
+ RESERVED
+CVE-2018-17351
+ RESERVED
+CVE-2018-17350
+ RESERVED
+CVE-2018-17349
+ RESERVED
+CVE-2018-17348
+ RESERVED
+CVE-2018-17347
+ RESERVED
+CVE-2018-17346
+ RESERVED
+CVE-2018-17345
+ RESERVED
+CVE-2018-17344
+ RESERVED
+CVE-2018-17343
+ RESERVED
+CVE-2018-17342
+ RESERVED
+CVE-2018-17341 (BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is ...)
+ TODO: check
+CVE-2018-17340
+ RESERVED
+CVE-2018-17339
+ RESERVED
+CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a heap-based ...)
+ TODO: check
+CVE-2018-17337
+ RESERVED
+CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log in ...)
+ TODO: check
+CVE-2018-17335
+ RESERVED
+CVE-2018-17334 (An issue was discovered in libsvg2 through 2012-10-19. A stack-based ...)
+ TODO: check
+CVE-2018-17333 (An issue was discovered in libsvg2 through 2012-10-19. A stack-based ...)
+ TODO: check
+CVE-2018-17332 (An issue was discovered in libsvg2 through 2012-10-19. The ...)
+ TODO: check
+CVE-2018-17331
+ RESERVED
+CVE-2018-17330
+ RESERVED
+CVE-2018-17329
+ RESERVED
+CVE-2018-17328
+ RESERVED
+CVE-2018-17327
+ RESERVED
+CVE-2018-17326
+ RESERVED
+CVE-2018-17325
+ RESERVED
+CVE-2018-17324
+ RESERVED
+CVE-2018-17323
+ RESERVED
+CVE-2018-17322 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2018-17321 (An issue was discovered in SeaCMS 6.64. XSS exists in ...)
+ TODO: check
+CVE-2018-17320 (An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via ...)
+ TODO: check
+CVE-2018-17319
+ RESERVED
+CVE-2018-17318
+ RESERVED
+CVE-2018-17317 (FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers ...)
+ TODO: check
+CVE-2018-17316
+ RESERVED
+CVE-2018-17315
+ RESERVED
+CVE-2018-17314
+ RESERVED
+CVE-2018-17313
+ RESERVED
+CVE-2018-17312
+ RESERVED
+CVE-2018-17311
+ RESERVED
+CVE-2018-17310
+ RESERVED
+CVE-2018-17309
+ RESERVED
+CVE-2018-17308
+ RESERVED
+CVE-2018-17307
+ RESERVED
+CVE-2018-17306
+ RESERVED
+CVE-2018-17305
+ RESERVED
+CVE-2018-17304
+ RESERVED
CVE-2018-17303
RESERVED
CVE-2018-17302 (Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a ...)
@@ -47,13 +497,12 @@ CVE-2018-17283 (Zoho ManageEngine OpManager before 12.3 Build 123196 does not re
CVE-2018-17282 (An issue was discovered in Exiv2 v0.26. The function ...)
- exiv2 <undetermined>
NOTE: https://github.com/Exiv2/exiv2/issues/457
-CVE-2018-17407 [writet1 protection against buffer overflow]
- {DSA-4299-1}
+CVE-2018-17407 (An issue was discovered in t1_check_unusual_charstring functions in ...)
+ {DSA-4299-1 DLA-1514-1}
- texlive-bin 2018.20180907.48586-2 (bug #909317)
NOTE: Fixed by: https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
NOTE: Introduced in: https://github.com/TeX-Live/texlive-source/commit/59cbb8f96b0543c2912d6370ce8021181661e1cf
-CVE-2018-17281 [Remote crash vulnerability in HTTP websocket upgrade (AST-2018-009)]
- RESERVED
+CVE-2018-17281 (There is a stack consumption vulnerability in the ...)
- asterisk 1:13.23.1~dfsg-1 (bug #909554)
NOTE: https://downloads.asterisk.org/pub/security/AST-2018-009.html
NOTE: :https://issues.asterisk.org/jira/browse/ASTERISK-28013
@@ -297,10 +746,10 @@ CVE-2018-17176 (A replay issue was discovered on Neato Botvac Connected 2.2.0 de
CVE-2018-17175 (In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for ...)
- python-marshmallow 3.0.0b14-1 (bug #909140)
NOTE: https://github.com/marshmallow-code/marshmallow/issues/772
-CVE-2018-17174
- RESERVED
-CVE-2018-17173
- RESERVED
+CVE-2018-17174 (A stack-based buffer overflow was discovered in the xtimor NMEA ...)
+ TODO: check
+CVE-2018-17173 (LG SuperSign CMS allows remote attackers to execute arbitrary code via ...)
+ TODO: check
CVE-2018-17172
RESERVED
CVE-2018-17171
@@ -340,6 +789,7 @@ CVE-2018-17155
CVE-2018-17154
RESERVED
CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contains a ...)
+ {DLA-1519-1}
- python3.7 <not-affected> (Fixed before initial upload)
- python3.6 <not-affected> (Fixed before initial upload)
- python3.5 <not-affected> (Fixed before initial upload)
@@ -350,7 +800,7 @@ CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contai
NOTE: Later versions did remove _call_external_zip with
NOTE: https://github.com/python/cpython/commit/a0934b2c1b939fdebee8dc18d49a0f6c52324773
NOTE: which used distutils.spawn.
-CVE-2018-17153 (It was discovered that the Western Digital My Cloud device through ...)
+CVE-2018-17153 (It was discovered that the Western Digital My Cloud device before ...)
NOT-FOR-US: Western Digital My Cloud device
CVE-2018-17152
RESERVED
@@ -376,9 +826,8 @@ CVE-2018-17143 (The html package (aka x/net/html) through 2018-09-17 in Go misha
TODO: check, in golang-golang-x-net-dev?
CVE-2018-17142 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles ...)
TODO: check, in golang-golang-x-net-dev?
-CVE-2018-17141
- RESERVED
- {DSA-4298-1}
+CVE-2018-17141 (HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute ...)
+ {DSA-4298-1 DLA-1515-1}
- hylafax 3:6.0.6-8.1 (bug #909161)
NOTE: http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36
CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS ...)
@@ -447,8 +896,8 @@ CVE-2018-17109
RESERVED
CVE-2018-17108 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...)
NOT-FOR-US: SBIbuddy
-CVE-2018-17107
- RESERVED
+CVE-2018-17107 (In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in ...)
+ TODO: check
CVE-2018-17106 (In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable ...)
NOT-FOR-US: Tinyftpd
CVE-2018-17105
@@ -601,8 +1050,8 @@ CVE-2018-17052
RESERVED
CVE-2018-17051 (K-Net Cisco Configuration Manager through 2014-11-19 has XSS via ...)
NOT-FOR-US: K-Net Cisco Configuration Manager
-CVE-2018-17050
- RESERVED
+CVE-2018-17050 (The mintToken function of a smart contract implementation for PolyAi ...)
+ TODO: check
CVE-2018-17049 (CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback ...)
NOT-FOR-US: CQU-LANKERS
CVE-2018-17048
@@ -697,12 +1146,12 @@ CVE-2018-17005 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR
NOT-FOR-US: TP-Link
CVE-2018-17004 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
NOT-FOR-US: TP-Link
-CVE-2018-17003
- RESERVED
-CVE-2018-17002
- RESERVED
-CVE-2018-17001
- RESERVED
+CVE-2018-17003 (In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been ...)
+ TODO: check
+CVE-2018-17002 (On the RICOH MP 2001 printer, HTML Injection and Stored XSS ...)
+ TODO: check
+CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS ...)
+ TODO: check
CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ...)
- tiff <unfixed> (bug #908778)
- tiff3 <removed>
@@ -779,8 +1228,8 @@ CVE-2018-16967
RESERVED
CVE-2018-16966
RESERVED
-CVE-2018-16965
- RESERVED
+CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML Injection ...)
+ TODO: check
CVE-2018-16964
RESERVED
CVE-2018-16963
@@ -1046,24 +1495,31 @@ CVE-2018-16835
RESERVED
CVE-2018-16834
RESERVED
-CVE-2018-16833
- RESERVED
+CVE-2018-16833 (Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & ...)
+ TODO: check
CVE-2018-16832 (CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to ...)
NOT-FOR-US: xunfeng
CVE-2018-16949 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before ...)
+ {DSA-4302-1 DLA-1513-1}
- openafs 1.8.2-1 (bug #908616)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt
CVE-2018-16948 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before ...)
+ {DSA-4302-1 DLA-1513-1}
- openafs 1.8.2-1 (bug #908616)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
CVE-2018-16947 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before ...)
+ {DSA-4302-1 DLA-1513-1}
- openafs 1.8.2-1 (bug #908616)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
CVE-2018-17458 [function signature mismatch in webassembly]
+ RESERVED
+ {DSA-4297-1}
- chromium-browser 69.0.3497.92-1 (bug #908806)
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
NOTE: Workaround for DSA-4297-1 until CVEs assigned
CVE-2018-17459 [url spoofing in omnibox]
+ RESERVED
+ {DSA-4297-1}
- chromium-browser 69.0.3497.92-1 (bug #908806)
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
NOTE: Workaround for DSA-4297-1 until CVEs assigned
@@ -1107,10 +1563,10 @@ CVE-2018-16824
RESERVED
CVE-2018-16823
RESERVED
-CVE-2018-16822
- RESERVED
-CVE-2018-16821
- RESERVED
+CVE-2018-16822 (SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php ...)
+ TODO: check
+CVE-2018-16821 (SeaCMS 6.64 allows arbitrary directory listing via ...)
+ TODO: check
CVE-2018-16820 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory ...)
NOT-FOR-US: Monstra CMS
CVE-2018-16819 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion ...)
@@ -1165,8 +1621,8 @@ CVE-2018-16795
RESERVED
CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory ...)
NOT-FOR-US: Microsoft ADFS 4.0 Windows Server
-CVE-2018-16793
- RESERVED
+CVE-2018-16793 (Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions ...)
+ TODO: check
CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ...)
{DSA-4294-1 DLA-1504-1}
[experimental] - ghostscript 9.25~dfsg-1~exp1
@@ -1187,12 +1643,12 @@ CVE-2018-16788
RESERVED
CVE-2018-16787
RESERVED
-CVE-2018-16786
- RESERVED
+CVE-2018-16786 (DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg ...)
+ TODO: check
CVE-2018-16785 (XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 ...)
TODO: check
-CVE-2018-16784
- RESERVED
+CVE-2018-16784 (DedeCMS 5.7 SP2 allows XML injection, and resultant remote code ...)
+ TODO: check
CVE-2018-16783
RESERVED
CVE-2018-16782 (libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the ...)
@@ -1622,8 +2078,7 @@ CVE-2018-16599
RESERVED
CVE-2018-16598
RESERVED
-CVE-2018-16597 [overlayfs file truncation without permissions]
- RESERVED
+CVE-2018-16597 (An issue was discovered in the Linux kernel through 4.18.6. Incorrect ...)
- linux 4.8.5-1
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1106512
@@ -1724,6 +2179,7 @@ CVE-2018-16556
CVE-2018-16555
RESERVED
CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversal ...)
+ {DSA-4303-1 DLA-1516-1}
- okular <unfixed> (bug #908168)
NOTE: https://bugs.kde.org/show_bug.cgi?id=398096
NOTE: https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47
@@ -2395,8 +2851,8 @@ CVE-2018-16301
RESERVED
CVE-2018-16300
RESERVED
-CVE-2018-16299
- RESERVED
+CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory ...)
+ TODO: check
CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an ...)
NOT-FOR-US: MiniCMS
CVE-2018-16297
@@ -2427,12 +2883,12 @@ CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via t
NOT-FOR-US: Wordpress plugin
CVE-2018-16284
RESERVED
-CVE-2018-16283
- RESERVED
+CVE-2018-16283 (The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows ...)
+ TODO: check
CVE-2018-16282 (A command injection vulnerability in the web server functionality of ...)
NOT-FOR-US: Moxa
-CVE-2018-16281
- RESERVED
+CVE-2018-16281 (The DEISER "Profields - Project Custom Fields" app before 6.0.2 for ...)
+ TODO: check
CVE-2018-16280
RESERVED
CVE-2018-16279
@@ -3181,29 +3637,28 @@ CVE-2018-15969
RESERVED
CVE-2018-15968
RESERVED
-CVE-2018-15967
- RESERVED
+CVE-2018-15967 (Adobe Flash Player versions 30.0.0.154 and earlier have a privilege ...)
NOT-FOR-US: Adobe
CVE-2018-15966
RESERVED
-CVE-2018-15965
- RESERVED
-CVE-2018-15964
- RESERVED
-CVE-2018-15963
- RESERVED
-CVE-2018-15962
- RESERVED
-CVE-2018-15961
- RESERVED
-CVE-2018-15960
- RESERVED
-CVE-2018-15959
- RESERVED
-CVE-2018-15958
- RESERVED
-CVE-2018-15957
- RESERVED
+CVE-2018-15965 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+ TODO: check
+CVE-2018-15964 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+ TODO: check
+CVE-2018-15963 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+ TODO: check
+CVE-2018-15962 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+ TODO: check
+CVE-2018-15961 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+ TODO: check
+CVE-2018-15960 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+ TODO: check
+CVE-2018-15959 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+ TODO: check
+CVE-2018-15958 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+ TODO: check
+CVE-2018-15957 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+ TODO: check
CVE-2018-15956
RESERVED
CVE-2018-15955
@@ -4061,14 +4516,14 @@ CVE-2018-15617
RESERVED
CVE-2018-15616
RESERVED
-CVE-2018-15615
- RESERVED
+CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call Management ...)
+ TODO: check
CVE-2018-15614
RESERVED
-CVE-2018-15613
- RESERVED
-CVE-2018-15612
- RESERVED
+CVE-2018-15613 (A cross-site scripting (XSS) vulnerability in the Runtime Config ...)
+ TODO: check
+CVE-2018-15612 (A CSRF vulnerability in the Runtime Config component of Avaya Aura ...)
+ TODO: check
CVE-2018-15611
RESERVED
CVE-2018-15610 (A vulnerability in the one-X Portal component of Avaya IP Office ...)
@@ -4234,6 +4689,7 @@ CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 to
CVE-2018-1000633 (The Open Microscopy Environment OMERO.web version prior to 5.4.7 ...)
NOT-FOR-US: Open Microscopy Environment
CVE-2018-1000632 (dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection ...)
+ {DLA-1517-1}
- dom4j 2.1.1-1 (low)
[stretch] - dom4j <no-dsa> (Minor issue, will be fixed via spu)
NOTE: https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
@@ -5696,12 +6152,12 @@ CVE-2018-14893
RESERVED
CVE-2018-14892
RESERVED
-CVE-2018-14891
- RESERVED
-CVE-2018-14890
- RESERVED
-CVE-2018-14889
- RESERVED
+CVE-2018-14891 (Management Console in Vectra Networks Cognito Brain and Sensor before ...)
+ TODO: check
+CVE-2018-14890 (Vectra Networks Cognito Brain and Sensor before 4.2 contains a ...)
+ TODO: check
+CVE-2018-14889 (CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 ...)
+ TODO: check
CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin ...)
NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB
CVE-2018-14887
@@ -5858,8 +6314,8 @@ CVE-2018-14827 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A
NOT-FOR-US: Rockwell Automation RSLinx Classic
CVE-2018-14826
RESERVED
-CVE-2018-14825
- RESERVED
+CVE-2018-14825 (On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 ...)
+ TODO: check
CVE-2018-14824
RESERVED
CVE-2018-14823
@@ -6135,12 +6591,12 @@ CVE-2018-14733
CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 ...)
- linux 4.17.14-1
NOTE: https://git.kernel.org/linus/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 (4.18-rc1)
-CVE-2018-14732
- RESERVED
-CVE-2018-14731
- RESERVED
-CVE-2018-14730
- RESERVED
+CVE-2018-14732 (An issue was discovered in lib/Server.js in webpack-dev-server before ...)
+ TODO: check
+CVE-2018-14731 (An issue was discovered in HMRServer.js in Parcel parcel-bundler. ...)
+ TODO: check
+CVE-2018-14730 (An issue was discovered in Browserify-HMR. Attackers are able to steal ...)
+ TODO: check
CVE-2018-14729
RESERVED
CVE-2018-14728 (upload.php in Responsive FileManager 9.13.1 allows SSRF via the url ...)
@@ -6218,14 +6674,14 @@ CVE-2018-14693
RESERVED
CVE-2018-14692
RESERVED
-CVE-2018-14691
- RESERVED
-CVE-2018-14690
- RESERVED
-CVE-2018-14689
- RESERVED
-CVE-2018-14688
- RESERVED
+CVE-2018-14691 (An issue was discovered in Subsonic 6.1.1. The music tags feature is ...)
+ TODO: check
+CVE-2018-14690 (An issue was discovered in Subsonic 6.1.1. The general settings are ...)
+ TODO: check
+CVE-2018-14689 (An issue was discovered in Subsonic 6.1.1. The transcoding settings ...)
+ TODO: check
+CVE-2018-14688 (An issue was discovered in Subsonic 6.1.1. The radio settings are ...)
+ TODO: check
CVE-2018-14687
RESERVED
CVE-2018-14686 (system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted ...)
@@ -6324,20 +6780,18 @@ CVE-2018-14648 [Mishandled search requests in servers/slapd/search.c:do_search()
- 389-ds-base <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1630668
TODO: check, not much detail provided
-CVE-2018-14647
- RESERVED
+CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's hash ...)
+ TODO: check
CVE-2018-14646
RESERVED
-CVE-2018-14645 [hpack: fix improper sign check on the header index value]
- RESERVED
+CVE-2018-14645 (A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, ...)
- haproxy 1.8.13-2
[stretch] - haproxy <not-affected> (Only affects 1.8.x)
[jessie] - haproxy <not-affected> (Only affects 1.8.x)
NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=b4e05a3daa30f657db01ec144a0e48850c48f813
CVE-2018-14644
RESERVED
-CVE-2018-14643
- RESERVED
+CVE-2018-14643 (An authentication bypass flaw was found in the smart_proxy_dynflow ...)
- foreman <itp> (bug #663101)
NOTE: Issue in a foreman component: smart_proxy_dynflow, which might land in separate source.
CVE-2018-14642 (An information leak vulnerability was found in Undertow. If all ...)
@@ -6369,8 +6823,7 @@ CVE-2018-14635 (When using the Linux bridge ml2 driver, non-privileged tenants a
NOTE: https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
CVE-2018-14634
RESERVED
-CVE-2018-14633 [stack-based buffer overflow in chap_server_compute_md5() in iscsi target]
- RESERVED
+CVE-2018-14633 (A security flaw was found in the chap_server_compute_md5() function in ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2018/09/24/2
CVE-2018-14632 (An out of bound write can occur when patching an Openshift object ...)
@@ -7417,8 +7870,8 @@ CVE-2018-14320 (This vulnerability allows remote attackers to disclose sensitive
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-18-1046/
CVE-2018-14319
RESERVED
-CVE-2018-14318
- RESERVED
+CVE-2018-14318 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
CVE-2018-14317 (This vulnerability allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: Foxit Reader
CVE-2018-14316 (This vulnerability allows remote attackers to disclose sensitive ...)
@@ -8557,7 +9010,7 @@ CVE-2018-13820 (A hardcoded passphrase, in CA Unified Infrastructure Management
NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, ...)
NOT-FOR-US: CA Unified Infrastructure Management
-CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...)
+CVE-2018-13818 (** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection ...)
- twig 2.4.4-2 (unimportant)
NOTE: Fixed upstream in 2.4.4
NOTE: Vendor of Twig disputes issue as Twig itself is not a web application and
@@ -10017,8 +10470,8 @@ CVE-2018-13142
RESERVED
CVE-2018-13141
RESERVED
-CVE-2018-13140
- RESERVED
+CVE-2018-13140 (Druide Antidote through 9.5.1 on Windows and Linux allows remote code ...)
+ TODO: check
CVE-2018-13139 (A stack-based buffer overflow in psf_memset in common.c in libsndfile ...)
- libsndfile <unfixed> (unimportant)
NOTE: https://github.com/erikd/libsndfile/issues/397
@@ -10083,8 +10536,8 @@ CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta 1 allows remot
[stretch] - tcpreplay <no-dsa> (Minor issue)
[jessie] - tcpreplay <no-dsa> (Minor issue)
NOTE: https://github.com/appneta/tcpreplay/issues/477
-CVE-2018-13111
- RESERVED
+CVE-2018-13111 (There exists a partial Denial of Service vulnerability in Wanscam ...)
+ TODO: check
CVE-2018-13110 (All ADB broadband gateways / routers based on the Epicentro platform ...)
NOT-FOR-US: ADB broadband gateways / routers
CVE-2018-13109 (All ADB broadband gateways / routers based on the Epicentro platform ...)
@@ -10406,8 +10859,8 @@ CVE-2018-12977 (A SQL injection vulnerability in the SoftExpert (SE) Excellence
NOT-FOR-US: SoftExpert (SE) Excellence Suite
CVE-2018-12976 (In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use ...)
NOT-FOR-US: Go Doc Dot Org
-CVE-2018-12975
- RESERVED
+CVE-2018-12975 (The random() function of the smart contract implementation for ...)
+ TODO: check
CVE-2018-12974
RESERVED
CVE-2018-12973 (An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ...)
@@ -10745,12 +11198,12 @@ CVE-2018-12852
RESERVED
CVE-2018-12851
RESERVED
-CVE-2018-12850
- RESERVED
-CVE-2018-12849
- RESERVED
-CVE-2018-12848
- RESERVED
+CVE-2018-12850 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+ TODO: check
+CVE-2018-12849 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+ TODO: check
+CVE-2018-12848 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+ TODO: check
CVE-2018-12847
RESERVED
CVE-2018-12846
@@ -10765,8 +11218,8 @@ CVE-2018-12842
RESERVED
CVE-2018-12841
RESERVED
-CVE-2018-12840
- RESERVED
+CVE-2018-12840 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+ TODO: check
CVE-2018-12839
RESERVED
CVE-2018-12838
@@ -10843,8 +11296,8 @@ CVE-2018-12803 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30
NOT-FOR-US: Adobe
CVE-2018-12802 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
NOT-FOR-US: Adobe
-CVE-2018-12801
- RESERVED
+CVE-2018-12801 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+ TODO: check
CVE-2018-12800
RESERVED
CVE-2018-12799 (Adobe Acrobat and Reader versions 2018.011.20055 and earlier, ...)
@@ -10889,14 +11342,14 @@ CVE-2018-12780 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30
NOT-FOR-US: Adobe
CVE-2018-12779 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
NOT-FOR-US: Adobe
-CVE-2018-12778
- RESERVED
+CVE-2018-12778 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+ TODO: check
CVE-2018-12777 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
NOT-FOR-US: Adobe
CVE-2018-12776 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
NOT-FOR-US: Adobe
-CVE-2018-12775
- RESERVED
+CVE-2018-12775 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+ TODO: check
CVE-2018-12774 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
NOT-FOR-US: Adobe
CVE-2018-12773 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
@@ -11717,8 +12170,8 @@ CVE-2018-12513
RESERVED
CVE-2018-12512
RESERVED
-CVE-2018-12511
- RESERVED
+CVE-2018-12511 (In the mintToken function of a smart contract implementation for ...)
+ TODO: check
CVE-2018-12510
RESERVED
CVE-2018-12509
@@ -12127,6 +12580,7 @@ CVE-2018-12386
RESERVED
CVE-2018-12385
RESERVED
+ {DSA-4304-1}
- firefox 62.0.2-1
- firefox-esr 60.2.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/#CVE-2018-12385
@@ -12142,6 +12596,7 @@ CVE-2018-12384 [ServerHello.random is all zero when handling a v2-compatible Cli
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089
CVE-2018-12383
RESERVED
+ {DSA-4304-1}
- firefox 62.0-1
- firefox-esr 60.2.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12383
@@ -12753,8 +13208,8 @@ CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller (B
NOT-FOR-US: Intel Baseboard Management Controller firmware
CVE-2018-12170
RESERVED
-CVE-2018-12169
- RESERVED
+CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Processor, ...)
+ TODO: check
CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing ...)
NOT-FOR-US: Intel
CVE-2018-12167
@@ -14188,8 +14643,8 @@ CVE-2018-11616 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: Tencent Foxmail
CVE-2018-11615 (This vulnerability allows remote attackers to deny service on ...)
NOT-FOR-US: mosca
-CVE-2018-11614
- RESERVED
+CVE-2018-11614 (This vulnerability allows remote attackers to escalate privileges on ...)
+ TODO: check
CVE-2018-11613
RESERVED
CVE-2018-11612
@@ -14937,8 +15392,8 @@ CVE-2018-11354 (In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-26.html
CVE-2018-11353
RESERVED
-CVE-2018-11352
- RESERVED
+CVE-2018-11352 (The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site ...)
+ TODO: check
CVE-2018-11351 (script.php in Jirafeau before 3.4.1 is affected by two stored ...)
NOT-FOR-US: Jirafeau
CVE-2018-11350 (An issue was discovered in Jirafeau before 3.4.1. The file "search by ...)
@@ -15220,10 +15675,10 @@ CVE-2018-11243 (PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote
NOTE: https://github.com/upx/upx/issues/207
CVE-2018-11242 (An issue was discovered in the MakeMyTrip application 7.2.4 for ...)
NOT-FOR-US: MakeMyTrip application for Android
-CVE-2018-11241
- RESERVED
-CVE-2018-11240
- RESERVED
+CVE-2018-11241 (An issue was discovered on SoftCase T-Router build 20112017 devices. A ...)
+ TODO: check
+CVE-2018-11240 (An issue was discovered on SoftCase T-Router build 20112017 devices. ...)
+ TODO: check
CVE-2018-11239 (An integer overflow in the _transfer function of a smart contract ...)
NOT-FOR-US: Hexagon (HXG)
CVE-2018-11238
@@ -16336,7 +16791,7 @@ CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any
NOTE: http://tracker.ceph.com/issues/24838
NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
CVE-2018-10860 (perl-archive-zip is vulnerable to a directory traversal in ...)
- {DLA-1440-1}
+ {DSA-4300-1 DLA-1440-1}
- libarchive-zip-perl 1.62-1 (bug #902882)
NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/commit/95e1df86327
@@ -17326,20 +17781,20 @@ CVE-2018-10504 (The WebDorado "Form Maker by WD" plugin before 1.12.24
NOT-FOR-US: Wordpress plugin
CVE-2018-10503 (An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. ...)
NOT-FOR-US: baijiacms
-CVE-2018-10502
- RESERVED
-CVE-2018-10501
- RESERVED
-CVE-2018-10500
- RESERVED
-CVE-2018-10499
- RESERVED
-CVE-2018-10498
- RESERVED
-CVE-2018-10497
- RESERVED
-CVE-2018-10496
- RESERVED
+CVE-2018-10502 (This vulnerability allows local attackers to escalate privileges on ...)
+ TODO: check
+CVE-2018-10501 (This vulnerability allows local attackers to escalate privileges on ...)
+ TODO: check
+CVE-2018-10500 (This vulnerability allows local attackers to escalate privileges on ...)
+ TODO: check
+CVE-2018-10499 (This vulnerability allows local attackers to execute arbitrary code on ...)
+ TODO: check
+CVE-2018-10498 (This vulnerability allows local attackers to disclose sensitive ...)
+ TODO: check
+CVE-2018-10497 (This vulnerability allows local attackers to escalate privileges on ...)
+ TODO: check
+CVE-2018-10496 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
CVE-2018-10495 (This vulnerability allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: Foxit Reader
CVE-2018-10494 (This vulnerability allows remote attackers to execute arbitrary code ...)
@@ -18625,6 +19080,7 @@ CVE-2017-18260 (Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabi
CVE-2017-18259 (Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in ...)
- dolibarr <removed>
CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...)
+ {DLA-1518-1}
- mbedtls 2.8.0-1
[stretch] - mbedtls <no-dsa> (Minor issue)
- polarssl <removed>
@@ -18633,6 +19089,7 @@ CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a
NOTE: https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...)
+ {DLA-1518-1}
- mbedtls 2.8.0-1
[stretch] - mbedtls <no-dsa> (Minor issue)
- polarssl <removed>
@@ -20257,8 +20714,8 @@ CVE-2018-9284 (authentication.cgi on D-Link DIR-868L devices with Singapore Star
NOT-FOR-US: D-Link
CVE-2018-9283 (An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 ...)
NOT-FOR-US: Creme CRM
-CVE-2018-9282
- RESERVED
+CVE-2018-9282 (An XSS issue was discovered in Subsonic Media Server 6.1.1. The ...)
+ TODO: check
CVE-2018-9281
RESERVED
CVE-2018-9280
@@ -23483,8 +23940,7 @@ CVE-2018-8025 (CVE-2018-8025 describes an issue in Apache HBase that affects the
NOT-FOR-US: Apache HBase
CVE-2018-8024 (In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible ...)
NOT-FOR-US: Apache Spark
-CVE-2018-8023
- RESERVED
+CVE-2018-8023 (Apache Mesos can be configured to require authentication to call the ...)
- apache-mesos <itp> (bug #760315)
CVE-2018-8022 (A carefully crafted invalid TLS handshake can cause Apache Traffic ...)
- trafficserver 7.0.0-1
@@ -27575,8 +28031,8 @@ CVE-2018-6702
RESERVED
CVE-2018-6701
RESERVED
-CVE-2018-6700
- RESERVED
+CVE-2018-6700 (DLL Search Order Hijacking vulnerability in Microsoft Windows Client ...)
+ TODO: check
CVE-2018-6699
RESERVED
CVE-2018-6698
@@ -27611,8 +28067,8 @@ CVE-2018-6684
RESERVED
CVE-2018-6683 (Exploiting Incorrectly Configured Access Control Security Levels ...)
NOT-FOR-US: McAfee
-CVE-2018-6682
- RESERVED
+CVE-2018-6682 (Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and ...)
+ TODO: check
CVE-2018-6681 (Abuse of Functionality vulnerability in the web interface in McAfee ...)
NOT-FOR-US: McAfee
CVE-2018-6680
@@ -29650,8 +30106,8 @@ CVE-2018-6120
- chromium-browser 66.0.3359.181-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6119
- RESERVED
+CVE-2018-6119 (Incorrect security UI in Omnibox in Google Chrome prior to ...)
+ TODO: check
CVE-2018-6118
RESERVED
{DSA-4237-1}
@@ -30027,64 +30483,54 @@ CVE-2018-6056
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2018-6055
- RESERVED
-CVE-2018-6054
- RESERVED
+CVE-2018-6055 (Insufficient policy enforcement in Catalog Service in Google Chrome ...)
+ TODO: check
+CVE-2018-6054 (Use after free in WebUI in Google Chrome prior to 64.0.3282.119 ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6053
- RESERVED
+CVE-2018-6053 (Inappropriate implementation in New Tab Page in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6052
- RESERVED
+CVE-2018-6052 (Lack of support for a non standard no-referrer policy value in Blink ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6051
- RESERVED
+CVE-2018-6051 (XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6050
- RESERVED
+CVE-2018-6050 (Incorrect security UI in Omnibox in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6049
- RESERVED
+CVE-2018-6049 (Incorrect security UI in permissions prompt in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6048
- RESERVED
+CVE-2018-6048 (Insufficient policy enforcement in Blink in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6047
- RESERVED
+CVE-2018-6047 (Insufficient policy enforcement in WebGL in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6046
- RESERVED
+CVE-2018-6046 (Insufficient data validation in DevTools in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6045
- RESERVED
+CVE-2018-6045 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -30094,80 +30540,67 @@ CVE-2018-6044
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6043
- RESERVED
+CVE-2018-6043 (Insufficient data validation in External Protocol Handler in Google ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6042
- RESERVED
+CVE-2018-6042 (Incorrect security UI in Omnibox in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6041
- RESERVED
+CVE-2018-6041 (Incorrect security UI in navigation in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6040
- RESERVED
+CVE-2018-6040 (Insufficient policy enforcement in Blink in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6039
- RESERVED
+CVE-2018-6039 (Insufficient data validation in DevTools in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6038
- RESERVED
+CVE-2018-6038 (Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6037
- RESERVED
+CVE-2018-6037 (Inappropriate implementation in autofill in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6036
- RESERVED
+CVE-2018-6036 (Insufficient data validation in V8 in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6035
- RESERVED
+CVE-2018-6035 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6034
- RESERVED
+CVE-2018-6034 (Insufficient data validation in WebGL in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6033
- RESERVED
+CVE-2018-6033 (Insufficient data validation in Downloads in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6032
- RESERVED
+CVE-2018-6032 (Insufficient policy enforcement in Blink in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6031
- RESERVED
+CVE-2018-6031 (Use after free in PDFium in Google Chrome prior to 64.0.3282.119 ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -35605,12 +36038,12 @@ CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware vers
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3916 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung
-CVE-2018-3915
- RESERVED
-CVE-2018-3914
- RESERVED
-CVE-2018-3913
- RESERVED
+CVE-2018-3915 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+ TODO: check
+CVE-2018-3914 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+ TODO: check
+CVE-2018-3913 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in the ...)
@@ -35623,8 +36056,8 @@ CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of video-c
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250-Firmware
CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of video-core's ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3906
- RESERVED
+CVE-2018-3906 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2018-3905 (An exploitable buffer overflow vulnerability exists in the camera ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3904 (An exploitable buffer overflow vulnerability exists in the camera ...)
@@ -35647,8 +36080,8 @@ CVE-2018-3896 (An exploitable buffer overflow vulnerabilities exist in the ...)
NOT-FOR-US: Samsung
CVE-2018-3895 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 Firmware
-CVE-2018-3894
- RESERVED
+CVE-2018-3894 (An exploitable buffer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3892
@@ -35681,16 +36114,16 @@ CVE-2018-3879 (An exploitable JSON injection vulnerability exists in the credent
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3878 (Multiple exploitable buffer overflow vulnerabilities exist in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3877
- RESERVED
-CVE-2018-3876
- RESERVED
+CVE-2018-3877 (An exploitable buffer overflow vulnerability exists in the credentials ...)
+ TODO: check
+CVE-2018-3876 (An exploitable buffer overflow vulnerability exists in the credentials ...)
+ TODO: check
CVE-2018-3875 (An exploitable buffer overflow vulnerability exists in the credentials ...)
NOT-FOR-US: Samsung
-CVE-2018-3874
- RESERVED
-CVE-2018-3873
- RESERVED
+CVE-2018-3874 (An exploitable buffer overflow vulnerability exists in the credentials ...)
+ TODO: check
+CVE-2018-3873 (An exploitable buffer overflow vulnerability exists in the credentials ...)
+ TODO: check
CVE-2018-3872 (An exploitable buffer overflow vulnerability exists in the credentials ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing ...)
@@ -41785,10 +42218,10 @@ CVE-2018-1713
RESERVED
CVE-2018-1712 (IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is ...)
NOT-FOR-US: IBM
-CVE-2018-1711
- RESERVED
-CVE-2018-1710
- RESERVED
+CVE-2018-1711 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
+CVE-2018-1710 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) ...)
+ TODO: check
CVE-2018-1709
RESERVED
CVE-2018-1708
@@ -41837,8 +42270,8 @@ CVE-2018-1687
RESERVED
CVE-2018-1686
RESERVED
-CVE-2018-1685
- RESERVED
+CVE-2018-1685 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2018-1684
RESERVED
CVE-2018-1683
@@ -41869,8 +42302,8 @@ CVE-2018-1671
RESERVED
CVE-2018-1670
RESERVED
-CVE-2018-1669
- RESERVED
+CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...)
+ TODO: check
CVE-2018-1668
RESERVED
CVE-2018-1667
@@ -41879,8 +42312,8 @@ CVE-2018-1666
RESERVED
CVE-2018-1665
RESERVED
-CVE-2018-1664
- RESERVED
+CVE-2018-1664 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...)
+ TODO: check
CVE-2018-1663
RESERVED
CVE-2018-1662
@@ -41889,8 +42322,8 @@ CVE-2018-1661
RESERVED
CVE-2018-1660
RESERVED
-CVE-2018-1659
- RESERVED
+CVE-2018-1659 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
+ TODO: check
CVE-2018-1658
RESERVED
CVE-2018-1657
@@ -41993,8 +42426,8 @@ CVE-2018-1609
RESERVED
CVE-2018-1608
RESERVED
-CVE-2018-1607
- RESERVED
+CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
+ TODO: check
CVE-2018-1606
RESERVED
CVE-2018-1605
@@ -42031,8 +42464,8 @@ CVE-2018-1590
RESERVED
CVE-2018-1589
RESERVED
-CVE-2018-1588
- RESERVED
+CVE-2018-1588 (IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 ...)
+ TODO: check
CVE-2018-1587 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
NOT-FOR-US: IBM Rational Rhapsody Design Manager
CVE-2018-1586
@@ -42087,8 +42520,8 @@ CVE-2018-1562
RESERVED
CVE-2018-1561
RESERVED
-CVE-2018-1560
- RESERVED
+CVE-2018-1560 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
+ TODO: check
CVE-2018-1559
RESERVED
CVE-2018-1558
@@ -42129,8 +42562,8 @@ CVE-2018-1541
RESERVED
CVE-2018-1540
RESERVED
-CVE-2018-1539
- RESERVED
+CVE-2018-1539 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
+ TODO: check
CVE-2018-1538
RESERVED
CVE-2018-1537
@@ -44305,6 +44738,7 @@ CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link
CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...)
NOT-FOR-US: ovirt-engine
CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)
+ {DLA-1519-1}
- python3.7 3.7.0~b3-1 (low)
- python3.6 3.6.5~rc1-1 (low)
- python3.5 3.5.6-1 (low)
@@ -44325,6 +44759,7 @@ CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.
NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)
+ {DLA-1519-1}
- python3.7 3.7.0~b3-1 (low)
- python3.6 3.6.5~rc1-1 (low)
- python3.5 3.5.6-1 (low)
@@ -46378,16 +46813,19 @@ CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbit
NOT-FOR-US: Nootka
CVE-2018-0505 [mediawiki: BotPasswords can bypass CentralAuth's account lock]
RESERVED
+ {DSA-4301-1}
- mediawiki 1:1.31.1-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
NOTE: https://phabricator.wikimedia.org/T194605
CVE-2018-0504 [mediawiki: Information disclosure in Special:Redirect/logid]
RESERVED
+ {DSA-4301-1}
- mediawiki 1:1.31.1-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
NOTE: https://phabricator.wikimedia.org/T187638
CVE-2018-0503 [mediawiki: wgRateLimits entry for 'user' overrides 'newbie']
RESERVED
+ {DSA-4301-1}
- mediawiki 1:1.31.1-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
NOTE: https://phabricator.wikimedia.org/T169545
@@ -46413,12 +46851,12 @@ CVE-2018-0499 (A cross-site scripting vulnerability in ...)
[jessie] - xapian-core <not-affected> (vulnerable code not present)
NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
CVE-2018-0498 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...)
- {DSA-4296-1}
+ {DSA-4296-1 DLA-1518-1}
- mbedtls 2.12.0-1 (bug #904821)
- polarssl <removed>
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...)
- {DSA-4296-1}
+ {DSA-4296-1 DLA-1518-1}
- mbedtls 2.12.0-1 (bug #904821)
- polarssl <removed>
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
@@ -48057,7 +48495,7 @@ CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Address
CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...)
NOT-FOR-US: EllisLab ExpressionEngine
CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...)
- {DLA-1190-1 DLA-1189-1}
+ {DLA-1519-1 DLA-1190-1 DLA-1189-1}
- python3.5 3.5.5-1
- python3.4 <removed>
- python2.7 2.7.13-4
@@ -82804,7 +83242,7 @@ CVE-2017-5641 (Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did
CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala daemon ...)
NOT-FOR-US: Impala
CVE-2017-5639
- RESERVED
+ REJECTED
CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10)
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045
@@ -129998,8 +130436,8 @@ CVE-2015-8300 (Polycom BToE Connector before 3.0.0 uses weak permissions (Everyo
NOT-FOR-US: Polycom BToE Connector
CVE-2015-8299 (Buffer overflow in the Group messages monitor (Falcon) in KNX ETS ...)
NOT-FOR-US: Falcon
-CVE-2015-8298
- RESERVED
+CVE-2015-8298 (Multiple SQL injection vulnerabilities in the login page in RXTEC ...)
+ TODO: check
CVE-2015-8297
REJECTED
CVE-2015-8296
@@ -166237,7 +166675,7 @@ CVE-2014-5004 (lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the dat
NOT-FOR-US: Ruby Gem brbackup
CVE-2014-5003 (chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in ...)
NOT-FOR-US: Ruby Gem ciborg
-CVE-2014-5002 (The lynx gem 0.2.0 for Ruby places the configured password on command ...)
+CVE-2014-5002 (** DISPUTED ** The lynx gem 0.2.0 for Ruby places the configured ...)
NOT-FOR-US: Ruby Gem lynx
CVE-2014-5001 (lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database ...)
NOT-FOR-US: Ruby Gem kcapifony
@@ -178738,8 +179176,7 @@ CVE-2013-7205 (Off-by-one error in the process_cgivars function in ...)
[squeeze] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
NOTE: additional changed files for nagios3, cf. CVE-2013-7108
-CVE-2013-7203
- RESERVED
+CVE-2013-7203 (gitolite before commit fa06a34 might allow local users to read ...)
- gitolite3 3.5.3.1-1
NOTE: http://marc.info/?l=oss-security&m=138783069700756&w=2
CVE-2013-7191 (Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot ...)
@@ -186981,8 +187418,7 @@ CVE-2013-4453 (Cross-site scripting (XSS) vulnerability in templates/login.php i
[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
CVE-2013-4452 (Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions ...)
NOT-FOR-US: JBoss Operation Network
-CVE-2013-4451 [world writable files]
- RESERVED
+CVE-2013-4451 (gitolite commit fa06a34 through 3.5.3 might allow attackers to have ...)
- gitolite <not-affected> (vulnerable code introduced for v3.5.3)
- gitolite3 <not-affected> (vulnerable code introduced for v3.5.3)
CVE-2013-4450 (The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa1b45aa03cb3c1ba2fb3ef2f3a35aefeb96b387
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa1b45aa03cb3c1ba2fb3ef2f3a35aefeb96b387
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180925/c456dc1b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list