[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 28 09:10:26 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c94f6429 by security tracker role at 2018-09-28T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,43 @@
+CVE-2018-17586
+ RESERVED
+CVE-2018-17585
+ RESERVED
+CVE-2018-17584
+ RESERVED
+CVE-2018-17583
+ RESERVED
+CVE-2018-17582
+ RESERVED
+CVE-2018-17581
+ RESERVED
+CVE-2018-17580
+ RESERVED
+CVE-2018-17579
+ RESERVED
+CVE-2018-17578
+ RESERVED
+CVE-2018-17577
+ RESERVED
+CVE-2018-17576
+ RESERVED
+CVE-2018-17575
+ RESERVED
+CVE-2018-17574
+ RESERVED
+CVE-2018-17573 (The Wp-Insert plugin through 2.4.2 for WordPress allows upload of ...)
+ TODO: check
+CVE-2018-17572
+ RESERVED
+CVE-2018-17571 (Vanilla before 2.6.3 allows XSS via the email field of a profile. ...)
+ TODO: check
CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an ...)
NOT-FOR-US: ViaBTC Exchange Server
CVE-2018-17569 (network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an ...)
NOT-FOR-US: ViaBTC Exchange Server
CVE-2018-17568 (utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an ...)
NOT-FOR-US: ViaBTC Exchange Server
-CVE-2018-17567
- RESERVED
+CVE-2018-17567 (Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 ...)
+ TODO: check
CVE-2018-17566 (In ThinkPHP 5.1.24, the inner function delete can be used for SQL ...)
TODO: check
CVE-2018-17565
@@ -346,20 +378,20 @@ CVE-2018-17399
RESERVED
CVE-2018-17398
RESERVED
-CVE-2018-17397
- RESERVED
+CVE-2018-17397 (SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for ...)
+ TODO: check
CVE-2018-17396
RESERVED
CVE-2018-17395
RESERVED
-CVE-2018-17394
- RESERVED
+CVE-2018-17394 (SQL Injection exists in the Timetable Schedule 3.6.8 component for ...)
+ TODO: check
CVE-2018-17393
RESERVED
CVE-2018-17392
RESERVED
-CVE-2018-17391
- RESERVED
+CVE-2018-17391 (SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via ...)
+ TODO: check
CVE-2018-17390
RESERVED
CVE-2018-17389
@@ -370,28 +402,28 @@ CVE-2018-17387
RESERVED
CVE-2018-17386
RESERVED
-CVE-2018-17385
- RESERVED
-CVE-2018-17384
- RESERVED
-CVE-2018-17383
- RESERVED
-CVE-2018-17382
- RESERVED
+CVE-2018-17385 (SQL Injection exists in the Social Factory 3.8.3 component for Joomla! ...)
+ TODO: check
+CVE-2018-17384 (SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! ...)
+ TODO: check
+CVE-2018-17383 (SQL Injection exists in the Collection Factory 4.1.9 component for ...)
+ TODO: check
+CVE-2018-17382 (SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! ...)
+ TODO: check
CVE-2018-17381
RESERVED
-CVE-2018-17380
- RESERVED
-CVE-2018-17379
- RESERVED
-CVE-2018-17378
- RESERVED
-CVE-2018-17377
- RESERVED
-CVE-2018-17376
- RESERVED
-CVE-2018-17375
- RESERVED
+CVE-2018-17380 (SQL Injection exists in the Article Factory Manager 4.3.9 component ...)
+ TODO: check
+CVE-2018-17379 (SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! ...)
+ TODO: check
+CVE-2018-17378 (SQL Injection exists in the Penny Auction Factory 2.0.4 component for ...)
+ TODO: check
+CVE-2018-17377 (SQL Injection exists in the Questions 1.4.3 component for Joomla! via ...)
+ TODO: check
+CVE-2018-17376 (SQL Injection exists in the Reverse Auction Factory 4.3.8 component ...)
+ TODO: check
+CVE-2018-17375 (SQL Injection exists in the Music Collection 3.0.3 component for ...)
+ TODO: check
CVE-2018-17374
RESERVED
CVE-2018-17373
@@ -888,7 +920,7 @@ CVE-2018-17155
CVE-2018-17154
RESERVED
CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contains a ...)
- {DLA-1520-1 DLA-1519-1}
+ {DSA-4306-1 DLA-1520-1 DLA-1519-1}
- python3.7 <not-affected> (Fixed before initial upload)
- python3.6 <not-affected> (Fixed before initial upload)
- python3.5 <not-affected> (Fixed before initial upload)
@@ -1138,10 +1170,10 @@ CVE-2018-17057 (An issue was discovered in TCPDF before 6.2.22. Attackers can tr
NOTE: https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26e
NOTE: Was considered minor for jessie since arbitrary deserialization
NOTE: is still possible using http and https.
-CVE-2018-17056
- RESERVED
-CVE-2018-17055
- RESERVED
+CVE-2018-17056 (Cross-site scripting (XSS) vulnerability in ServiceStack in Progress ...)
+ TODO: check
+CVE-2018-17055 (An arbitrary file upload vulnerability in Progress Sitefinity CMS ...)
+ TODO: check
CVE-2018-17054
RESERVED
CVE-2018-17053
@@ -2020,8 +2052,8 @@ CVE-2018-16661
RESERVED
CVE-2018-16660
RESERVED
-CVE-2018-16659
- RESERVED
+CVE-2018-16659 (An issue was discovered in Rausoft ID.prove 2.95. The login page ...)
+ TODO: check
CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
{DSA-4292-1 DLA-1503-1}
- kamailio 5.1.4-1 (bug #908324)
@@ -2203,16 +2235,14 @@ CVE-2018-16588 (Privilege escalation can occur in the SUSE useradd.c code in use
- shadow <not-affected> (SuSE-specific patch)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1106914
NOTE: The SUSE specific patch was a first iteration of https://github.com/shadow-maint/shadow/pull/2
-CVE-2018-16587 [Remote File Deletion]
- RESERVED
+CVE-2018-16587 (In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before ...)
{DLA-1521-1}
- otrs2 6.0.11-1
NOTE: https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711
NOTE: OTRS 4: https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843
-CVE-2018-16586 [Loading External Image or CSS Resources]
- RESERVED
+CVE-2018-16586 (In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before ...)
{DLA-1521-1}
- otrs2 6.0.11-1
NOTE: https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/
@@ -2996,8 +3026,8 @@ CVE-2018-16279
RESERVED
CVE-2018-16278 (phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an ...)
NOT-FOR-US: phpkaiyuancms PhpOpenSourceCMS (POSCMS)
-CVE-2018-16277
- RESERVED
+CVE-2018-16277 (The Image Import function in XWiki through 10.7 has XSS. ...)
+ TODO: check
CVE-2018-16275 (OPSWAT MetaDefender before v4.11.2 allows CSV injection. ...)
NOT-FOR-US: OPSWAT MetaDefender
CVE-2018-16276 (An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in ...)
@@ -4625,8 +4655,8 @@ CVE-2018-15613 (A cross-site scripting (XSS) vulnerability in the Runtime Config
NOT-FOR-US: Avaya
CVE-2018-15612 (A CSRF vulnerability in the Runtime Config component of Avaya Aura ...)
NOT-FOR-US: Avaya
-CVE-2018-15611
- RESERVED
+CVE-2018-15611 (A vulnerability in the local system administration component of Avaya ...)
+ TODO: check
CVE-2018-15610 (A vulnerability in the one-X Portal component of Avaya IP Office ...)
NOT-FOR-US: Avaya
CVE-2018-15609
@@ -6113,10 +6143,10 @@ CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create new
NOT-FOR-US: WeaselCMS
CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update the ...)
NOT-FOR-US: WeaselCMS
-CVE-2018-14957
- RESERVED
-CVE-2018-14956
- RESERVED
+CVE-2018-14957 (CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file ...)
+ TODO: check
+CVE-2018-14956 (CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An ...)
+ TODO: check
CVE-2018-14949
RESERVED
CVE-2018-14948 (An issue has been found in dilawar sound through 2017-11-27. The end of ...)
@@ -6417,8 +6447,8 @@ CVE-2018-14826
RESERVED
CVE-2018-14825 (On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 ...)
NOT-FOR-US: Honeywell
-CVE-2018-14824
- RESERVED
+CVE-2018-14824 (Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior ...)
+ TODO: check
CVE-2018-14823 (Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14822
@@ -6871,8 +6901,8 @@ CVE-2018-14652
RESERVED
CVE-2018-14651
RESERVED
-CVE-2018-14650
- RESERVED
+CVE-2018-14650 (It was discovered that sos-collector does not properly set the default ...)
+ TODO: check
CVE-2018-14649
RESERVED
NOT-FOR-US: ceph-iscsi-cli
@@ -6882,6 +6912,7 @@ CVE-2018-14648 [Mishandled search requests in servers/slapd/search.c:do_search()
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1630668
TODO: check, not much detail provided
CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's hash ...)
+ {DSA-4306-1}
- python3.7 3.7.0-7
- python3.6 3.6.7~rc1-1
- python3.5 <unfixed>
@@ -8608,8 +8639,8 @@ CVE-2018-14039
RESERVED
CVE-2018-14038
RESERVED
-CVE-2018-14037
- RESERVED
+CVE-2018-14037 (Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor ...)
+ TODO: check
CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...)
- ruby-doorkeeper 4.4.2-1 (bug #903980)
NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891
@@ -44857,7 +44888,7 @@ CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link
CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...)
NOT-FOR-US: ovirt-engine
CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)
- {DLA-1520-1 DLA-1519-1}
+ {DSA-4306-1 DLA-1520-1 DLA-1519-1}
- python3.7 3.7.0~b3-1 (low)
- python3.6 3.6.5~rc1-1 (low)
- python3.5 3.5.6-1 (low)
@@ -44876,7 +44907,7 @@ CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.
NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)
- {DLA-1520-1 DLA-1519-1}
+ {DSA-4306-1 DLA-1520-1 DLA-1519-1}
- python3.7 3.7.0~b3-1 (low)
- python3.6 3.6.5~rc1-1 (low)
- python3.5 3.5.6-1 (low)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c94f64298aba7095feb8a75eb86d2ddae5740825
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c94f64298aba7095feb8a75eb86d2ddae5740825
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180928/2e832860/attachment.html>
More information about the debian-security-tracker-commits
mailing list