[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Sep 27 09:10:27 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9cdfcf6 by security tracker role at 2018-09-27T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an ...)
+	TODO: check
+CVE-2018-17569 (network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an ...)
+	TODO: check
+CVE-2018-17568 (utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an ...)
+	TODO: check
+CVE-2018-17567
+	RESERVED
+CVE-2018-17566 (In ThinkPHP 5.1.24, the inner function delete can be used for SQL ...)
+	TODO: check
+CVE-2018-17565
+	RESERVED
+CVE-2018-17564
+	RESERVED
+CVE-2018-17563
+	RESERVED
+CVE-2018-17562
+	RESERVED
+CVE-2018-17561
+	RESERVED
+CVE-2018-17560
+	RESERVED
+CVE-2018-17559
+	RESERVED
+CVE-2018-17558
+	RESERVED
+CVE-2018-17557
+	RESERVED
+CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media ...)
+	TODO: check
+CVE-2018-17555 (The web component on ARRIS TG2492LG-NA 061213 devices allows remote ...)
+	TODO: check
+CVE-2018-17554
+	RESERVED
 CVE-2018-17553
 	RESERVED
 CVE-2018-17552
@@ -286,10 +320,10 @@ CVE-2018-17413
 	RESERVED
 CVE-2018-17412
 	RESERVED
-CVE-2018-17411
-	RESERVED
-CVE-2018-17410
-	RESERVED
+CVE-2018-17411 (An XML External Entity (XXE) vulnerability exists in iWay Data Quality ...)
+	TODO: check
+CVE-2018-17410 (Horus CMS allows SQL Injection, as demonstrated by a request to the ...)
+	TODO: check
 CVE-2018-17409
 	RESERVED
 CVE-2018-17408
@@ -376,8 +410,8 @@ CVE-2018-17367
 	RESERVED
 CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability ...)
 	NOT-FOR-US: MCMS
-CVE-2018-17365
-	RESERVED
+CVE-2018-17365 (SeaCMS 6.64 allows remote attackers to delete arbitrary files via the ...)
+	TODO: check
 CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via ...)
 	NOT-FOR-US: OTCMS
 CVE-2018-17363
@@ -488,22 +522,22 @@ CVE-2018-17318
 	RESERVED
 CVE-2018-17317 (FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers ...)
 	NOT-FOR-US: FruityWifi
-CVE-2018-17316
-	RESERVED
-CVE-2018-17315
-	RESERVED
-CVE-2018-17314
-	RESERVED
-CVE-2018-17313
-	RESERVED
-CVE-2018-17312
-	RESERVED
-CVE-2018-17311
-	RESERVED
-CVE-2018-17310
-	RESERVED
-CVE-2018-17309
-	RESERVED
+CVE-2018-17316 (On the RICOH MP C6003 printer, HTML Injection and Stored XSS ...)
+	TODO: check
+CVE-2018-17315 (On the RICOH MP C2003 printer, HTML Injection and Stored XSS ...)
+	TODO: check
+CVE-2018-17314 (On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS ...)
+	TODO: check
+CVE-2018-17313 (On the RICOH MP C307 printer, HTML Injection and Stored XSS ...)
+	TODO: check
+CVE-2018-17312 (On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS ...)
+	TODO: check
+CVE-2018-17311 (On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS ...)
+	TODO: check
+CVE-2018-17310 (On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS ...)
+	TODO: check
+CVE-2018-17309 (On the RICOH MP C406Z printer, HTML Injection and Stored XSS ...)
+	TODO: check
 CVE-2018-17308
 	RESERVED
 CVE-2018-17307
@@ -714,8 +748,8 @@ CVE-2018-17217
 	RESERVED
 CVE-2018-17216
 	RESERVED
-CVE-2018-17215
-	RESERVED
+CVE-2018-17215 (An information-disclosure issue was discovered in Postman through ...)
+	TODO: check
 CVE-2018-17214
 	RESERVED
 CVE-2018-17213
@@ -1045,8 +1079,8 @@ CVE-2018-17082 (The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32,
 	NOTE: Fixed in 5.6.38, 7.0.32, 7.1.22, 7.2.10, 7.3.0RC1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76582
 	NOTE: https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e
-CVE-2018-17081
-	RESERVED
+CVE-2018-17081 (e107 2.1.9 allows CSRF via ...)
+	TODO: check
 CVE-2018-17080
 	RESERVED
 CVE-2018-17079
@@ -1285,10 +1319,10 @@ CVE-2018-16971 (Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure
 	NOT-FOR-US: Wisetail Learning Ecosystem
 CVE-2018-16970 (Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct ...)
 	NOT-FOR-US: Wisetail Learning Ecosystem
-CVE-2018-16969
-	RESERVED
-CVE-2018-16968
-	RESERVED
+CVE-2018-16969 (Citrix ShareFile StorageZones Controller before 5.4.2 has Information ...)
+	TODO: check
+CVE-2018-16968 (Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory ...)
+	TODO: check
 CVE-2018-16967
 	RESERVED
 CVE-2018-16966
@@ -1876,12 +1910,12 @@ CVE-2018-16715 (An issue was discovered in Absolute Software CTES Windows Agent
 	NOT-FOR-US: Absolute Software CTES Windows Agent
 CVE-2018-16714
 	RESERVED
-CVE-2018-16713
-	RESERVED
-CVE-2018-16712
-	RESERVED
-CVE-2018-16711
-	RESERVED
+CVE-2018-16713 (IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or ...)
+	TODO: check
+CVE-2018-16712 (IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or ...)
+	TODO: check
+CVE-2018-16711 (IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or ...)
+	TODO: check
 CVE-2018-16710 (** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to ...)
 	- octoprint <itp> (bug #718591)
 	NOTE: https://github.com/foosel/OctoPrint/issues/2814
@@ -2164,8 +2198,7 @@ CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use only client-side JavaScrip
 	NOT-FOR-US: FURUNO FELCOM
 CVE-2018-16589
 	RESERVED
-CVE-2018-16588
-	RESERVED
+CVE-2018-16588 (Privilege escalation can occur in the SUSE useradd.c code in useradd, ...)
 	- shadow <not-affected> (SuSE-specific patch)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1106914
 	NOTE: The SUSE specific patch was a first iteration of https://github.com/shadow-maint/shadow/pull/2
@@ -2766,8 +2799,8 @@ CVE-2018-16366 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2018-16365 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
 	NOT-FOR-US: idreamsoft iCMS
-CVE-2018-16364
-	RESERVED
+CVE-2018-16364 (A serialization vulnerability in Zoho ManageEngine Applications ...)
+	TODO: check
 CVE-2018-16363 (The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via ...)
 	NOT-FOR-US: mndpsingh287 File Manager plugin for WordPress
 CVE-2018-16362 (An issue was discovered in the Source Integration plugin before 1.5.9 ...)
@@ -3233,13 +3266,11 @@ CVE-2018-16154
 	RESERVED
 CVE-2018-16153
 	RESERVED
-CVE-2018-16152
-	RESERVED
+CVE-2018-16152 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp ...)
 	{DSA-4305-1 DLA-1522-1}
 	- strongswan 5.7.0-1
 	NOTE: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
-CVE-2018-16151
-	RESERVED
+CVE-2018-16151 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp ...)
 	{DSA-4305-1 DLA-1522-1}
 	- strongswan 5.7.0-1
 	NOTE: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
@@ -3528,8 +3559,8 @@ CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-45.html
-CVE-2018-16055
-	RESERVED
+CVE-2018-16055 (An authenticated command injection vulnerability exists in ...)
+	TODO: check
 CVE-2018-16054
 	RESERVED
 CVE-2018-16053
@@ -4115,8 +4146,8 @@ CVE-2018-15838
 	RESERVED
 CVE-2018-15837
 	RESERVED
-CVE-2018-15836
-	RESERVED
+CVE-2018-15836 (In Openswan before 2.6.50.1, IKEv2 signature verification is ...)
+	TODO: check
 CVE-2018-15835
 	RESERVED
 CVE-2018-15834 (In radare2 before 2.9.0, a heap overflow vulnerability exists in the ...)
@@ -4880,8 +4911,8 @@ CVE-2018-15533 (A reflected cross-site scripting vulnerability exists in Geutebr
 	NOT-FOR-US: Geutebrueck
 CVE-2018-15532
 	RESERVED
-CVE-2018-15531
-	RESERVED
+CVE-2018-15531 (JavaMelody before 1.74.0 has XXE via parseSoapMethodName in ...)
+	TODO: check
 CVE-2018-15530
 	RESERVED
 CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny ...)
@@ -6385,36 +6416,36 @@ CVE-2018-14825 (On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80
 	NOT-FOR-US: Honeywell
 CVE-2018-14824
 	RESERVED
-CVE-2018-14823
-	RESERVED
+CVE-2018-14823 (Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer ...)
+	TODO: check
 CVE-2018-14822
 	RESERVED
 CVE-2018-14821 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This ...)
 	NOT-FOR-US: Rockwell Automation RSLinx Classic
 CVE-2018-14820
 	RESERVED
-CVE-2018-14819
-	RESERVED
+CVE-2018-14819 (Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read ...)
+	TODO: check
 CVE-2018-14818
 	RESERVED
-CVE-2018-14817
-	RESERVED
+CVE-2018-14817 (Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow ...)
+	TODO: check
 CVE-2018-14816
 	RESERVED
-CVE-2018-14815
-	RESERVED
+CVE-2018-14815 (Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write ...)
+	TODO: check
 CVE-2018-14814
 	RESERVED
-CVE-2018-14813
-	RESERVED
+CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow ...)
+	TODO: check
 CVE-2018-14812
 	RESERVED
-CVE-2018-14811
-	RESERVED
+CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer ...)
+	TODO: check
 CVE-2018-14810
 	RESERVED
-CVE-2018-14809
-	RESERVED
+CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
+	TODO: check
 CVE-2018-14808
 	RESERVED
 CVE-2018-14807
@@ -7933,8 +7964,8 @@ CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow lo
 	NOTE: Neutralised by kernel hardening
 CVE-2018-14328 (Brynamics "Online Trade - Online trading and cryptocurrency investment ...)
 	NOT-FOR-US: Brynamics "Online Trade - Online trading and cryptocurrency investment system"
-CVE-2018-14327
-	RESERVED
+CVE-2018-14327 (The installer for the Alcatel OSPREY3_MINI Modem component on EE ...)
+	TODO: check
 CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP ...)
 	- glassfish <not-affected> (Vulnerable code not included, only builds a few classes)
 CVE-2018-14323
@@ -30186,6 +30217,7 @@ CVE-2018-6120
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2018-6119 (Incorrect security UI in Omnibox in Google Chrome prior to ...)
+	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)	
 CVE-2018-6118
@@ -30564,6 +30596,7 @@ CVE-2018-6056
 	- libv8 <unfixed> (unimportant)
 	NOTE: libv8 not covered by security support
 CVE-2018-6055 (Insufficient policy enforcement in Catalog Service in Google Chrome ...)
+	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)	
 CVE-2018-6054 (Use after free in WebUI in Google Chrome prior to 64.0.3282.119 ...)
@@ -52408,8 +52441,8 @@ CVE-2017-15610 (An issue was discovered in Octopus before 3.17.7. When the speci
 	NOT-FOR-US: Octopus Deploy
 CVE-2017-15609 (Octopus before 3.17.7 allows attackers to obtain sensitive cleartext ...)
 	NOT-FOR-US: Octopus Deploy
-CVE-2017-15608
-	RESERVED
+CVE-2017-15608 (Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change ...)
+	TODO: check
 CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in filesystem-based ...)
 	NOT-FOR-US: Inedo Otter
 CVE-2017-15606



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9cdfcf6c9315c12b5e0107c8eb27dfc78bdd908

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9cdfcf6c9315c12b5e0107c8eb27dfc78bdd908
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180927/ecb75dd9/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list