[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 28 21:10:49 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
64953563 by security tracker role at 2018-09-28T20:10:38Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,359 @@
+CVE-2018-17764
+ RESERVED
+CVE-2018-17763
+ RESERVED
+CVE-2018-17762
+ RESERVED
+CVE-2018-17761
+ RESERVED
+CVE-2018-17760
+ RESERVED
+CVE-2018-17759
+ RESERVED
+CVE-2018-17758
+ RESERVED
+CVE-2018-17757
+ RESERVED
+CVE-2018-17756
+ RESERVED
+CVE-2018-17755
+ RESERVED
+CVE-2018-17754
+ RESERVED
+CVE-2018-17753
+ RESERVED
+CVE-2018-17752
+ RESERVED
+CVE-2018-17751
+ RESERVED
+CVE-2018-17750
+ RESERVED
+CVE-2018-17749
+ RESERVED
+CVE-2018-17748
+ RESERVED
+CVE-2018-17747
+ RESERVED
+CVE-2018-17746
+ RESERVED
+CVE-2018-17745
+ RESERVED
+CVE-2018-17744
+ RESERVED
+CVE-2018-17743
+ RESERVED
+CVE-2018-17742
+ RESERVED
+CVE-2018-17741
+ RESERVED
+CVE-2018-17740
+ RESERVED
+CVE-2018-17739
+ RESERVED
+CVE-2018-17738
+ RESERVED
+CVE-2018-17737
+ RESERVED
+CVE-2018-17736
+ RESERVED
+CVE-2018-17735
+ RESERVED
+CVE-2018-17734
+ RESERVED
+CVE-2018-17733
+ RESERVED
+CVE-2018-17732
+ RESERVED
+CVE-2018-17731
+ RESERVED
+CVE-2018-17730
+ RESERVED
+CVE-2018-17729
+ RESERVED
+CVE-2018-17728
+ RESERVED
+CVE-2018-17727
+ RESERVED
+CVE-2018-17726
+ RESERVED
+CVE-2018-17725
+ RESERVED
+CVE-2018-17724
+ RESERVED
+CVE-2018-17723
+ RESERVED
+CVE-2018-17722
+ RESERVED
+CVE-2018-17721
+ RESERVED
+CVE-2018-17720
+ RESERVED
+CVE-2018-17719
+ RESERVED
+CVE-2018-17718
+ RESERVED
+CVE-2018-17717
+ RESERVED
+CVE-2018-17716
+ RESERVED
+CVE-2018-17715
+ RESERVED
+CVE-2018-17714
+ RESERVED
+CVE-2018-17713
+ RESERVED
+CVE-2018-17712
+ RESERVED
+CVE-2018-17711
+ RESERVED
+CVE-2018-17710
+ RESERVED
+CVE-2018-17709
+ RESERVED
+CVE-2018-17708
+ RESERVED
+CVE-2018-17707
+ RESERVED
+CVE-2018-17706
+ RESERVED
+CVE-2018-17705
+ RESERVED
+CVE-2018-17704
+ RESERVED
+CVE-2018-17703
+ RESERVED
+CVE-2018-17702
+ RESERVED
+CVE-2018-17701
+ RESERVED
+CVE-2018-17700
+ RESERVED
+CVE-2018-17699
+ RESERVED
+CVE-2018-17698
+ RESERVED
+CVE-2018-17697
+ RESERVED
+CVE-2018-17696
+ RESERVED
+CVE-2018-17695
+ RESERVED
+CVE-2018-17694
+ RESERVED
+CVE-2018-17693
+ RESERVED
+CVE-2018-17692
+ RESERVED
+CVE-2018-17691
+ RESERVED
+CVE-2018-17690
+ RESERVED
+CVE-2018-17689
+ RESERVED
+CVE-2018-17688
+ RESERVED
+CVE-2018-17687
+ RESERVED
+CVE-2018-17686
+ RESERVED
+CVE-2018-17685
+ RESERVED
+CVE-2018-17684
+ RESERVED
+CVE-2018-17683
+ RESERVED
+CVE-2018-17682
+ RESERVED
+CVE-2018-17681
+ RESERVED
+CVE-2018-17680
+ RESERVED
+CVE-2018-17679
+ RESERVED
+CVE-2018-17678
+ RESERVED
+CVE-2018-17677
+ RESERVED
+CVE-2018-17676
+ RESERVED
+CVE-2018-17675
+ RESERVED
+CVE-2018-17674
+ RESERVED
+CVE-2018-17673
+ RESERVED
+CVE-2018-17672
+ RESERVED
+CVE-2018-17671
+ RESERVED
+CVE-2018-17670
+ RESERVED
+CVE-2018-17669
+ RESERVED
+CVE-2018-17668
+ RESERVED
+CVE-2018-17667
+ RESERVED
+CVE-2018-17666
+ RESERVED
+CVE-2018-17665
+ RESERVED
+CVE-2018-17664
+ RESERVED
+CVE-2018-17663
+ RESERVED
+CVE-2018-17662
+ RESERVED
+CVE-2018-17661
+ RESERVED
+CVE-2018-17660
+ RESERVED
+CVE-2018-17659
+ RESERVED
+CVE-2018-17658
+ RESERVED
+CVE-2018-17657
+ RESERVED
+CVE-2018-17656
+ RESERVED
+CVE-2018-17655
+ RESERVED
+CVE-2018-17654
+ RESERVED
+CVE-2018-17653
+ RESERVED
+CVE-2018-17652
+ RESERVED
+CVE-2018-17651
+ RESERVED
+CVE-2018-17650
+ RESERVED
+CVE-2018-17649
+ RESERVED
+CVE-2018-17648
+ RESERVED
+CVE-2018-17647
+ RESERVED
+CVE-2018-17646
+ RESERVED
+CVE-2018-17645
+ RESERVED
+CVE-2018-17644
+ RESERVED
+CVE-2018-17643
+ RESERVED
+CVE-2018-17642
+ RESERVED
+CVE-2018-17641
+ RESERVED
+CVE-2018-17640
+ RESERVED
+CVE-2018-17639
+ RESERVED
+CVE-2018-17638
+ RESERVED
+CVE-2018-17637
+ RESERVED
+CVE-2018-17636
+ RESERVED
+CVE-2018-17635
+ RESERVED
+CVE-2018-17634
+ RESERVED
+CVE-2018-17633
+ RESERVED
+CVE-2018-17632
+ RESERVED
+CVE-2018-17631
+ RESERVED
+CVE-2018-17630
+ RESERVED
+CVE-2018-17629
+ RESERVED
+CVE-2018-17628
+ RESERVED
+CVE-2018-17627
+ RESERVED
+CVE-2018-17626
+ RESERVED
+CVE-2018-17625
+ RESERVED
+CVE-2018-17624
+ RESERVED
+CVE-2018-17623
+ RESERVED
+CVE-2018-17622
+ RESERVED
+CVE-2018-17621
+ RESERVED
+CVE-2018-17620
+ RESERVED
+CVE-2018-17619
+ RESERVED
+CVE-2018-17618
+ RESERVED
+CVE-2018-17617
+ RESERVED
+CVE-2018-17616
+ RESERVED
+CVE-2018-17615
+ RESERVED
+CVE-2018-17614
+ RESERVED
+CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is ...)
+ TODO: check
+CVE-2018-17612
+ RESERVED
+CVE-2018-17611 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...)
+ TODO: check
+CVE-2018-17610 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...)
+ TODO: check
+CVE-2018-17609 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...)
+ TODO: check
+CVE-2018-17608 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...)
+ TODO: check
+CVE-2018-17607 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...)
+ TODO: check
+CVE-2018-17606
+ RESERVED
+CVE-2018-17605 (An issue was discovered in the Asset Pipeline plugin before 3.0.4 for ...)
+ TODO: check
+CVE-2018-17604
+ RESERVED
+CVE-2018-17603
+ RESERVED
+CVE-2018-17602
+ RESERVED
+CVE-2018-17601
+ RESERVED
+CVE-2018-17600
+ RESERVED
+CVE-2018-17599
+ RESERVED
+CVE-2018-17598
+ RESERVED
+CVE-2018-17597
+ RESERVED
+CVE-2018-17596
+ RESERVED
+CVE-2018-17595
+ RESERVED
+CVE-2018-17594
+ RESERVED
+CVE-2018-17593
+ RESERVED
+CVE-2018-17592
+ RESERVED
+CVE-2018-17591
+ RESERVED
+CVE-2018-17590
+ RESERVED
+CVE-2018-17589
+ RESERVED
+CVE-2018-17588
+ RESERVED
+CVE-2018-17587
+ RESERVED
CVE-2018-17586
RESERVED
CVE-2018-17585
@@ -6,12 +362,12 @@ CVE-2018-17584
RESERVED
CVE-2018-17583
RESERVED
-CVE-2018-17582
- RESERVED
-CVE-2018-17581
- RESERVED
-CVE-2018-17580
- RESERVED
+CVE-2018-17582 (tcpreplay v4.3.0 contains a heap-based buffer over-read. The ...)
+ TODO: check
+CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has ...)
+ TODO: check
+CVE-2018-17580 (A heap-based buffer over-read exists in the function fast_edit_packet() ...)
+ TODO: check
CVE-2018-17579
RESERVED
CVE-2018-17578
@@ -20,15 +376,15 @@ CVE-2018-17577
RESERVED
CVE-2018-17576
RESERVED
-CVE-2018-17575
- RESERVED
-CVE-2018-17574
- RESERVED
+CVE-2018-17575 (SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the ...)
+ TODO: check
+CVE-2018-17574 (An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the ...)
+ TODO: check
CVE-2018-17573 (The Wp-Insert plugin through 2.4.2 for WordPress allows upload of ...)
TODO: check
CVE-2018-17572
RESERVED
-CVE-2018-17571 (Vanilla before 2.6.3 allows XSS via the email field of a profile. ...)
+CVE-2018-17571 (Vanilla before 2.6.1 allows XSS via the email field of a profile. ...)
TODO: check
CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an ...)
NOT-FOR-US: ViaBTC Exchange Server
@@ -94,7 +450,7 @@ CVE-2018-17540
RESERVED
CVE-2018-17539
RESERVED
-CVE-2018-17538 (Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable ...)
+CVE-2018-17538 (** DISPUTED ** Axon (formerly TASER International) Evidence Sync ...)
NOT-FOR-US: Axon Evidence Sync
CVE-2018-17537
RESERVED
@@ -918,10 +1274,10 @@ CVE-2018-17157
RESERVED
CVE-2018-17156
RESERVED
-CVE-2018-17155
- RESERVED
-CVE-2018-17154
- RESERVED
+CVE-2018-17155 (In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, ...)
+ TODO: check
+CVE-2018-17154 (In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and ...)
+ TODO: check
CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contains a ...)
{DSA-4306-1 DLA-1520-1 DLA-1519-1}
- python3.7 <not-affected> (Fixed before initial upload)
@@ -4333,8 +4689,8 @@ CVE-2018-15766
RESERVED
CVE-2018-15765
RESERVED
-CVE-2018-15764
- RESERVED
+CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote ...)
+ TODO: check
CVE-2018-15763
RESERVED
CVE-2018-15762
@@ -5276,8 +5632,8 @@ CVE-2018-15367
RESERVED
CVE-2018-15366
RESERVED
-CVE-2018-15365
- RESERVED
+CVE-2018-15365 (A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro ...)
+ TODO: check
CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information ...)
NOT-FOR-US: Trend Micro
CVE-2018-15363 (An Out-of-Bounds Read Privilege Escalation vulnerability in Trend ...)
@@ -6910,13 +7266,12 @@ CVE-2018-14650 (It was discovered that sos-collector does not properly set the d
CVE-2018-14649
RESERVED
NOT-FOR-US: ceph-iscsi-cli
-CVE-2018-14648 [Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service]
- RESERVED
+CVE-2018-14648 (A flaw was found in 389 Directory Server. A specially crafted search ...)
- 389-ds-base <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1630668
TODO: check, not much detail provided
CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's hash ...)
- {DSA-4306-1}
+ {DSA-4307-1 DSA-4306-1}
- python3.7 3.7.0-7
- python3.6 3.6.7~rc1-1
- python3.5 <unfixed>
@@ -16256,12 +16611,12 @@ CVE-2018-11077
RESERVED
CVE-2018-11076
RESERVED
-CVE-2018-11075
- RESERVED
-CVE-2018-11074
- RESERVED
-CVE-2018-11073
- RESERVED
+CVE-2018-11075 (RSA Authentication Manager versions prior to 8.3 P3 contain a ...)
+ TODO: check
+CVE-2018-11074 (RSA Authentication Manager versions prior to 8.3 P3 are affected by a ...)
+ TODO: check
+CVE-2018-11073 (RSA Authentication Manager versions prior to 8.3 P3 contain a stored ...)
+ TODO: check
CVE-2018-11072
RESERVED
CVE-2018-11071 (Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, ...)
@@ -27603,8 +27958,8 @@ CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel
NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server ...)
NOT-FOR-US: MISP
-CVE-2018-6925
- RESERVED
+CVE-2018-6925 (In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, ...)
+ TODO: check
CVE-2018-6924 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, ...)
TODO: check
CVE-2018-6923 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip ...)
@@ -32489,8 +32844,8 @@ CVE-2018-5395
RESERVED
CVE-2018-5394
RESERVED
-CVE-2018-5393
- RESERVED
+CVE-2018-5393 (The TP-LINK EAP Controller is TP-LINK's software for remotely ...)
+ TODO: check
CVE-2018-5392 (mingw-w64 version 5.0.4 by default produces executables that opt in to ...)
- mingw-w64 <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/mingw-w64/mailman/message/31034877/
@@ -42386,12 +42741,12 @@ CVE-2018-1706
RESERVED
CVE-2018-1705 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...)
NOT-FOR-US: IBM Platform Symphony
-CVE-2018-1704
- RESERVED
+CVE-2018-1704 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...)
+ TODO: check
CVE-2018-1703
RESERVED
-CVE-2018-1702
- RESERVED
+CVE-2018-1702 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...)
+ TODO: check
CVE-2018-1701
RESERVED
CVE-2018-1700
@@ -44108,18 +44463,18 @@ CVE-2018-1253 (RSA Authentication Manager Operation Console, versions 8.3 P1 and
NOT-FOR-US: RSA Authentication Manager Operation Console
CVE-2018-1252 (RSA Web Threat Detection versions prior to 6.4, contain an SQL ...)
NOT-FOR-US: RSA Web Threat Detection
-CVE-2018-1251
- RESERVED
-CVE-2018-1250
- RESERVED
+CVE-2018-1251 (Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 ...)
+ TODO: check
+CVE-2018-1250 (Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 ...)
+ TODO: check
CVE-2018-1249 (Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use ...)
NOT-FOR-US: EMC
CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console and ...)
NOT-FOR-US: RSA Authentication Mamager
CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and earlier, ...)
NOT-FOR-US: RSA Authentication Manager
-CVE-2018-1246
- RESERVED
+CVE-2018-1246 (Dell EMC Unity and UnityVSA contains reflected cross-site scripting ...)
+ TODO: check
CVE-2018-1245 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 ...)
NOT-FOR-US: RSA
CVE-2018-1244 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 ...)
@@ -44892,7 +45247,7 @@ CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link
CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...)
NOT-FOR-US: ovirt-engine
CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)
- {DSA-4306-1 DLA-1520-1 DLA-1519-1}
+ {DSA-4307-1 DSA-4306-1 DLA-1520-1 DLA-1519-1}
- python3.7 3.7.0~b3-1 (low)
- python3.6 3.6.5~rc1-1 (low)
- python3.5 3.5.6-1 (low)
@@ -44911,7 +45266,7 @@ CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.
NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)
- {DSA-4306-1 DLA-1520-1 DLA-1519-1}
+ {DSA-4307-1 DSA-4306-1 DLA-1520-1 DLA-1519-1}
- python3.7 3.7.0~b3-1 (low)
- python3.6 3.6.5~rc1-1 (low)
- python3.5 3.5.6-1 (low)
@@ -48647,7 +49002,7 @@ CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Address
CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...)
NOT-FOR-US: EllisLab ExpressionEngine
CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...)
- {DLA-1520-1 DLA-1519-1 DLA-1190-1 DLA-1189-1}
+ {DSA-4307-1 DLA-1520-1 DLA-1519-1 DLA-1190-1 DLA-1189-1}
- python3.5 3.5.5-1
- python3.4 <removed>
- python2.7 2.7.13-4
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/649535637331b169fc3d384a72171c6cb42e00e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/649535637331b169fc3d384a72171c6cb42e00e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180928/427c1a6c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list