[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 10 08:10:25 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a90d052 by security tracker role at 2019-01-10T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,317 @@
-CVE-2019-5882 [Use after free when hidden lines were expired from the scroll buffer]
+CVE-2019-5884 (php/elFinder.class.php in elFinder before 2.1.45 leaks information if ...)
+ TODO: check
+CVE-2019-5883
+ RESERVED
+CVE-2019-5881
+ RESERVED
+CVE-2019-5880
+ RESERVED
+CVE-2019-5879
+ RESERVED
+CVE-2019-5878
+ RESERVED
+CVE-2019-5877
+ RESERVED
+CVE-2019-5876
+ RESERVED
+CVE-2019-5875
+ RESERVED
+CVE-2019-5874
+ RESERVED
+CVE-2019-5873
+ RESERVED
+CVE-2019-5872
+ RESERVED
+CVE-2019-5871
+ RESERVED
+CVE-2019-5870
+ RESERVED
+CVE-2019-5869
+ RESERVED
+CVE-2019-5868
+ RESERVED
+CVE-2019-5867
+ RESERVED
+CVE-2019-5866
+ RESERVED
+CVE-2019-5865
+ RESERVED
+CVE-2019-5864
+ RESERVED
+CVE-2019-5863
+ RESERVED
+CVE-2019-5862
+ RESERVED
+CVE-2019-5861
+ RESERVED
+CVE-2019-5860
+ RESERVED
+CVE-2019-5859
+ RESERVED
+CVE-2019-5858
+ RESERVED
+CVE-2019-5857
+ RESERVED
+CVE-2019-5856
+ RESERVED
+CVE-2019-5855
+ RESERVED
+CVE-2019-5854
+ RESERVED
+CVE-2019-5853
+ RESERVED
+CVE-2019-5852
+ RESERVED
+CVE-2019-5851
+ RESERVED
+CVE-2019-5850
+ RESERVED
+CVE-2019-5849
+ RESERVED
+CVE-2019-5848
+ RESERVED
+CVE-2019-5847
+ RESERVED
+CVE-2019-5846
+ RESERVED
+CVE-2019-5845
+ RESERVED
+CVE-2019-5844
+ RESERVED
+CVE-2019-5843
+ RESERVED
+CVE-2019-5842
+ RESERVED
+CVE-2019-5841
+ RESERVED
+CVE-2019-5840
+ RESERVED
+CVE-2019-5839
+ RESERVED
+CVE-2019-5838
+ RESERVED
+CVE-2019-5837
+ RESERVED
+CVE-2019-5836
+ RESERVED
+CVE-2019-5835
+ RESERVED
+CVE-2019-5834
+ RESERVED
+CVE-2019-5833
+ RESERVED
+CVE-2019-5832
+ RESERVED
+CVE-2019-5831
+ RESERVED
+CVE-2019-5830
+ RESERVED
+CVE-2019-5829
+ RESERVED
+CVE-2019-5828
+ RESERVED
+CVE-2019-5827
+ RESERVED
+CVE-2019-5826
+ RESERVED
+CVE-2019-5825
+ RESERVED
+CVE-2019-5824
+ RESERVED
+CVE-2019-5823
+ RESERVED
+CVE-2019-5822
+ RESERVED
+CVE-2019-5821
+ RESERVED
+CVE-2019-5820
+ RESERVED
+CVE-2019-5819
+ RESERVED
+CVE-2019-5818
+ RESERVED
+CVE-2019-5817
+ RESERVED
+CVE-2019-5816
+ RESERVED
+CVE-2019-5815
+ RESERVED
+CVE-2019-5814
+ RESERVED
+CVE-2019-5813
+ RESERVED
+CVE-2019-5812
+ RESERVED
+CVE-2019-5811
+ RESERVED
+CVE-2019-5810
+ RESERVED
+CVE-2019-5809
+ RESERVED
+CVE-2019-5808
+ RESERVED
+CVE-2019-5807
+ RESERVED
+CVE-2019-5806
+ RESERVED
+CVE-2019-5805
+ RESERVED
+CVE-2019-5804
+ RESERVED
+CVE-2019-5803
+ RESERVED
+CVE-2019-5802
+ RESERVED
+CVE-2019-5801
+ RESERVED
+CVE-2019-5800
+ RESERVED
+CVE-2019-5799
+ RESERVED
+CVE-2019-5798
+ RESERVED
+CVE-2019-5797
+ RESERVED
+CVE-2019-5796
+ RESERVED
+CVE-2019-5795
+ RESERVED
+CVE-2019-5794
+ RESERVED
+CVE-2019-5793
+ RESERVED
+CVE-2019-5792
+ RESERVED
+CVE-2019-5791
+ RESERVED
+CVE-2019-5790
+ RESERVED
+CVE-2019-5789
+ RESERVED
+CVE-2019-5788
+ RESERVED
+CVE-2019-5787
+ RESERVED
+CVE-2019-5786
+ RESERVED
+CVE-2019-5785
+ RESERVED
+CVE-2019-5784
+ RESERVED
+CVE-2019-5783
+ RESERVED
+CVE-2019-5782
+ RESERVED
+CVE-2019-5781
+ RESERVED
+CVE-2019-5780
+ RESERVED
+CVE-2019-5779
+ RESERVED
+CVE-2019-5778
+ RESERVED
+CVE-2019-5777
+ RESERVED
+CVE-2019-5776
+ RESERVED
+CVE-2019-5775
+ RESERVED
+CVE-2019-5774
+ RESERVED
+CVE-2019-5773
+ RESERVED
+CVE-2019-5772
+ RESERVED
+CVE-2019-5771
+ RESERVED
+CVE-2019-5770
+ RESERVED
+CVE-2019-5769
+ RESERVED
+CVE-2019-5768
+ RESERVED
+CVE-2019-5767
+ RESERVED
+CVE-2019-5766
+ RESERVED
+CVE-2019-5765
+ RESERVED
+CVE-2019-5764
+ RESERVED
+CVE-2019-5763
+ RESERVED
+CVE-2019-5762
+ RESERVED
+CVE-2019-5761
+ RESERVED
+CVE-2019-5760
+ RESERVED
+CVE-2019-5759
+ RESERVED
+CVE-2019-5758
+ RESERVED
+CVE-2019-5757
+ RESERVED
+CVE-2019-5756
+ RESERVED
+CVE-2019-5755
+ RESERVED
+CVE-2019-5754
+ RESERVED
+CVE-2018-20682 (Fork CMS 5.0.6 allows stored XSS via the private/en/settings ...)
+ TODO: check
+CVE-2018-20681 (mate-screensaver before 1.20.2 in MATE Desktop Environment allows ...)
+ TODO: check
+CVE-2018-1000426 (A cross-site scripting vulnerability exists in Jenkins Git Changelog ...)
+ TODO: check
+CVE-2018-1000425 (An insufficiently protected credentials vulnerability exists in ...)
+ TODO: check
+CVE-2018-1000424 (An insufficiently protected credentials vulnerability exists in ...)
+ TODO: check
+CVE-2018-1000423 (An insufficiently protected credentials vulnerability exists in ...)
+ TODO: check
+CVE-2018-1000422 (An improper authorization vulnerability exists in Jenkins Crowd 2 ...)
+ TODO: check
+CVE-2018-1000421 (An improper authorization vulnerability exists in Jenkins Mesos Plugin ...)
+ TODO: check
+CVE-2018-1000420 (An improper authorization vulnerability exists in Jenkins Mesos Plugin ...)
+ TODO: check
+CVE-2018-1000419 (An improper authorization vulnerability exists in Jenkins HipChat ...)
+ TODO: check
+CVE-2018-1000418 (An improper authorization vulnerability exists in Jenkins HipChat ...)
+ TODO: check
+CVE-2018-1000417 (A cross-site request forgery vulnerability exists in Jenkins Email ...)
+ TODO: check
+CVE-2018-1000416 (A reflected cross-site scripting vulnerability exists in Jenkins Job ...)
+ TODO: check
+CVE-2018-1000415 (A cross-site scripting vulnerability exists in Jenkins Rebuilder ...)
+ TODO: check
+CVE-2018-1000414 (A cross-site request forgery vulnerability exists in Jenkins Config ...)
+ TODO: check
+CVE-2018-1000413 (A cross-site scripting vulnerability exists in Jenkins Config File ...)
+ TODO: check
+CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins Jira Plugin ...)
+ TODO: check
+CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins JUnit ...)
+ TODO: check
+CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins 2.145 and ...)
+ TODO: check
+CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and earlier, ...)
+ TODO: check
+CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145 and earlier, ...)
+ TODO: check
+CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145 and ...)
+ TODO: check
+CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and earlier, ...)
+ TODO: check
+CVE-2016-10736 (The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for ...)
+ TODO: check
+CVE-2019-5882 (Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are ...)
- irssi <unfixed> (bug #918865)
NOTE: https://irssi.org/security/irssi_sa_2019_01.txt
NOTE: https://github.com/irssi/irssi/pull/948
NOTE: https://github.com/irssi/irssi//commit/8684ccb45c267fdeaaa779fce9323047aa5a9e38
-CVE-2018-20683 [security issue in optional bundle helper ("rsync" command)]
+CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables ...)
- gitolite3 <unfixed> (bug #918849)
[stretch] - gitolite3 <no-dsa> (Minor issue)
[jessie] - gitolite3 <no-dsa> (Minor issue)
@@ -4636,8 +4944,7 @@ CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP Bas
NOTE: https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a
CVE-2019-3499
RESERVED
-CVE-2019-3498 [Content spoofing possibility in the default 404 page]
- RESERVED
+CVE-2019-3498 (In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before ...)
{DSA-4363-1 DLA-1629-1}
- python-django 1:1.11.18-1 (bug #918230)
NOTE: https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
@@ -5091,6 +5398,7 @@ CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0 allows
CVE-2018-20550
RESERVED
CVE-2018-20549 (There is an illegal WRITE memory access at caca/file.c (function ...)
+ {DLA-1631-1}
- libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652628
NOTE: https://github.com/cacalabs/libcaca/issues/41
@@ -5103,11 +5411,13 @@ CVE-2018-20548 (There is an illegal WRITE memory access at common-image.c (funct
NOTE: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20547 (There is an illegal READ memory access at caca/dither.c (function ...)
+ {DLA-1631-1}
- libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652624
NOTE: https://github.com/cacalabs/libcaca/issues/39
NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
CVE-2018-20546 (There is an illegal READ memory access at caca/dither.c (function ...)
+ {DLA-1631-1}
- libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652622
NOTE: https://github.com/cacalabs/libcaca/issues/38
@@ -5120,6 +5430,7 @@ CVE-2018-20545 (There is an illegal WRITE memory access at common-image.c (funct
NOTE: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20544 (There is floating point exception at caca/dither.c (function ...)
+ {DLA-1631-1}
- libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652627
NOTE: https://github.com/cacalabs/libcaca/issues/36
@@ -23183,92 +23494,90 @@ CVE-2018-16207
RESERVED
CVE-2018-16206
RESERVED
-CVE-2018-16205
- RESERVED
-CVE-2018-16204
- RESERVED
+CVE-2018-16205 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows ...)
+ TODO: check
+CVE-2018-16204 (Cross-site scripting vulnerability in Google XML Sitemaps Version ...)
NOT-FOR-US: WordPress plugin google-sitemap-generator
-CVE-2018-16203
- RESERVED
+CVE-2018-16203 (PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the ...)
NOT-FOR-US: postgresql-pgpoolAdmin
-CVE-2018-16202
- RESERVED
-CVE-2018-16201
- RESERVED
-CVE-2018-16200
- RESERVED
-CVE-2018-16199
- RESERVED
-CVE-2018-16198
- RESERVED
-CVE-2018-16197
- RESERVED
-CVE-2018-16196
- RESERVED
-CVE-2018-16195
- RESERVED
-CVE-2018-16194
- RESERVED
-CVE-2018-16193
- RESERVED
-CVE-2018-16192
- RESERVED
-CVE-2018-16191
- RESERVED
+CVE-2018-16202 (Directory traversal vulnerability in cordova-plugin-ionic-webview ...)
+ TODO: check
+CVE-2018-16201 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
+ TODO: check
+CVE-2018-16200 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
+ TODO: check
+CVE-2018-16199 (Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A ...)
+ TODO: check
+CVE-2018-16198 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
+ TODO: check
+CVE-2018-16197 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
+ TODO: check
+CVE-2018-16196 (Multiple Yokogawa products that contain Vnet/IP Open Communication ...)
+ TODO: check
+CVE-2018-16195 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...)
+ TODO: check
+CVE-2018-16194 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...)
+ TODO: check
+CVE-2018-16193 (Cross-site scripting vulnerability in Aterm WF1200CR and Aterm ...)
+ TODO: check
+CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...)
+ TODO: check
+CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, ...)
+ TODO: check
CVE-2018-16190
RESERVED
CVE-2018-16189
RESERVED
-CVE-2018-16188
- RESERVED
-CVE-2018-16187
- RESERVED
-CVE-2018-16186
- RESERVED
-CVE-2018-16185
- RESERVED
-CVE-2018-16184
- RESERVED
-CVE-2018-16183
- RESERVED
-CVE-2018-16182
- RESERVED
-CVE-2018-16181
- RESERVED
-CVE-2018-16180
- RESERVED
-CVE-2018-16179
- RESERVED
-CVE-2018-16178
- RESERVED
-CVE-2018-16177
- RESERVED
-CVE-2018-16176
- RESERVED
-CVE-2018-16175
- RESERVED
-CVE-2018-16174
- RESERVED
-CVE-2018-16173
- RESERVED
-CVE-2018-16172
- RESERVED
-CVE-2018-16171
- RESERVED
-CVE-2018-16170
- RESERVED
-CVE-2018-16169
- RESERVED
-CVE-2018-16168
- RESERVED
-CVE-2018-16167
- RESERVED
-CVE-2018-16166
- RESERVED
-CVE-2018-16165
- RESERVED
-CVE-2018-16164
- RESERVED
+CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 ...)
+ TODO: check
+CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to ...)
+ TODO: check
+CVE-2018-16186 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, ...)
+ TODO: check
+CVE-2018-16185 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, ...)
+ TODO: check
+CVE-2018-16184 (RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, ...)
+ TODO: check
+CVE-2018-16183 (An unquoted search path vulnerability in some pre-installed ...)
+ TODO: check
+CVE-2018-16182 (Untrusted search path vulnerability in the installer of MARKET SPEED ...)
+ TODO: check
+CVE-2018-16181 (HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and ...)
+ TODO: check
+CVE-2018-16180 (Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier ...)
+ TODO: check
+CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier does not ...)
+ TODO: check
+CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access ...)
+ TODO: check
+CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows10 Fall ...)
+ TODO: check
+CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping Tool ...)
+ TODO: check
+CVE-2018-16175 (SQL injection vulnerability in the LearnPress prior to version 3.1.0 ...)
+ TODO: check
+CVE-2018-16174 (Open redirect vulnerability in LearnPress prior to version 3.1.0 ...)
+ TODO: check
+CVE-2018-16173 (Cross-site scripting vulnerability in LearnPress prior to version ...)
+ TODO: check
+CVE-2018-16172 (Improper countermeasure against clickjacking attack in client ...)
+ TODO: check
+CVE-2018-16171 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to ...)
+ TODO: check
+CVE-2018-16170 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to ...)
+ TODO: check
+CVE-2018-16169 (Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated ...)
+ TODO: check
+CVE-2018-16168 (LogonTracer 1.2.0 and earlier allows remote attackers to conduct ...)
+ TODO: check
+CVE-2018-16167 (LogonTracer 1.2.0 and earlier allows remote attackers to execute ...)
+ TODO: check
+CVE-2018-16166 (LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML ...)
+ TODO: check
+CVE-2018-16165 (Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier ...)
+ TODO: check
+CVE-2018-16164 (Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 ...)
+ TODO: check
CVE-2018-16163 (OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass ...)
NOT-FOR-US: OpenDolphin
CVE-2018-16162 (OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain ...)
@@ -67204,22 +67513,22 @@ CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform
- xen 4.8.2+xsa245-0+deb9u1
[wheezy] - xen <not-affected> (arm not supported)
NOTE: https://xenbits.xen.org/xsa/advisory-245.html
-CVE-2018-0705
- RESERVED
-CVE-2018-0704
- RESERVED
-CVE-2018-0703
- RESERVED
-CVE-2018-0702
- RESERVED
+CVE-2018-0705 (Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 ...)
+ TODO: check
+CVE-2018-0704 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 ...)
+ TODO: check
+CVE-2018-0703 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 ...)
+ TODO: check
+CVE-2018-0702 (Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 ...)
+ TODO: check
CVE-2018-0701 (BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to ...)
NOT-FOR-US: BlueStacks App Player
CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular request ...)
NOT-FOR-US: YukiWiki
CVE-2018-0699 (Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier ...)
NOT-FOR-US: YukiWiki
-CVE-2018-0698
- RESERVED
+CVE-2018-0698 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows ...)
+ TODO: check
CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3 and ...)
NOT-FOR-US: Metabase
CVE-2018-0696
@@ -67236,10 +67545,10 @@ CVE-2018-0691 (Multiple +Message Apps (Softbank +Message App for Android prior t
NOT-FOR-US: Softbank +Message App for Android
CVE-2018-0690 (An unvalidated software update vulnerability in Music Center for PC ...)
NOT-FOR-US: Music Center for PC
-CVE-2018-0689
- RESERVED
-CVE-2018-0688
- RESERVED
+CVE-2018-0689 (HTTP header injection vulnerability in SEIKO EPSON printers and ...)
+ TODO: check
+CVE-2018-0688 (Open redirect vulnerability in SEIKO EPSON printers and scanners ...)
+ TODO: check
CVE-2018-0687 (Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun ...)
NOT-FOR-US: NEOJAPAN
CVE-2018-0686 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, ...)
@@ -67258,12 +67567,12 @@ CVE-2018-0680 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlie
NOT-FOR-US: NEOJAPAN
CVE-2018-0679 (Cross-site scripting vulnerability in multiple FXC Inc. network ...)
NOT-FOR-US: FXC
-CVE-2018-0678
- RESERVED
-CVE-2018-0677
- RESERVED
-CVE-2018-0676
- RESERVED
+CVE-2018-0678 (Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows ...)
+ TODO: check
+CVE-2018-0677 (BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with ...)
+ TODO: check
+CVE-2018-0676 (BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the ...)
+ TODO: check
CVE-2018-0675 (AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script ...)
NOT-FOR-US: AttacheCase
CVE-2018-0674 (AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script ...)
@@ -67272,20 +67581,20 @@ CVE-2018-0673 (Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3
NOT-FOR-US: Cybozu Garoon
CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions prior to ...)
- movabletype-opensource <removed>
-CVE-2018-0671
- RESERVED
-CVE-2018-0670
- RESERVED
-CVE-2018-0669
- RESERVED
-CVE-2018-0668
- RESERVED
-CVE-2018-0667
- RESERVED
-CVE-2018-0666
- RESERVED
-CVE-2018-0665
- RESERVED
+CVE-2018-0671 (Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows ...)
+ TODO: check
+CVE-2018-0670 (INplc-RT 3.08 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2018-0669 (INplc-RT 3.08 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2018-0668 (Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2018-0667 (Untrusted search path vulnerability in Installer of INplc SDK Express ...)
+ TODO: check
+CVE-2018-0666 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ...)
+ TODO: check
+CVE-2018-0665 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ...)
+ TODO: check
CVE-2018-0664 (A vulnerability in NoMachine App for Android 5.0.63 and earlier allows ...)
NOT-FOR-US: NoMachine App for Android
CVE-2018-0663 (Multiple I-O DATA network camera products (TS-WRLP firmware ...)
@@ -67312,8 +67621,8 @@ CVE-2018-0653 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier
NOT-FOR-US: GROWI
CVE-2018-0652 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier ...)
NOT-FOR-US: GROWI
-CVE-2018-0651
- RESERVED
+CVE-2018-0651 (Buffer overflow in the license management function of YOKOGAWA ...)
+ TODO: check
CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 ...)
NOT-FOR-US: LINE MUSIC for Android
CVE-2018-0649 (Untrusted search path vulnerability in the installers of multiple ...)
@@ -67332,40 +67641,40 @@ CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 ...)
NOT-FOR-US: ORCA (Online Receipt Computer Advantage)
CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 ...)
NOT-FOR-US: FV Flowplayer Video Player
-CVE-2018-0641
- RESERVED
-CVE-2018-0640
- RESERVED
-CVE-2018-0639
- RESERVED
-CVE-2018-0638
- RESERVED
-CVE-2018-0637
- RESERVED
-CVE-2018-0636
- RESERVED
-CVE-2018-0635
- RESERVED
-CVE-2018-0634
- RESERVED
-CVE-2018-0633
- RESERVED
-CVE-2018-0632
- RESERVED
-CVE-2018-0631
- RESERVED
-CVE-2018-0630
- RESERVED
-CVE-2018-0629
- RESERVED
-CVE-2018-0628
- RESERVED
-CVE-2018-0627
- RESERVED
-CVE-2018-0626
- RESERVED
-CVE-2018-0625
- RESERVED
+CVE-2018-0641 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker ...)
+ TODO: check
+CVE-2018-0640 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker ...)
+ TODO: check
+CVE-2018-0639 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
+ TODO: check
+CVE-2018-0638 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
+ TODO: check
+CVE-2018-0637 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
+ TODO: check
+CVE-2018-0636 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
+ TODO: check
+CVE-2018-0635 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
+ TODO: check
+CVE-2018-0634 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...)
+ TODO: check
+CVE-2018-0633 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker ...)
+ TODO: check
+CVE-2018-0632 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker ...)
+ TODO: check
+CVE-2018-0631 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator ...)
+ TODO: check
+CVE-2018-0630 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator ...)
+ TODO: check
+CVE-2018-0629 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator ...)
+ TODO: check
+CVE-2018-0628 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with ...)
+ TODO: check
+CVE-2018-0627 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with ...)
+ TODO: check
+CVE-2018-0626 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with ...)
+ TODO: check
+CVE-2018-0625 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with ...)
+ TODO: check
CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series ...)
NOT-FOR-US: Yayoi
CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series ...)
@@ -68247,8 +68556,8 @@ CVE-2018-0284 (A vulnerability in the local status page functionality of the Cis
NOT-FOR-US: Cisco
CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower System ...)
NOT-FOR-US: Cisco
-CVE-2018-0282
- RESERVED
+CVE-2018-0282 (A vulnerability in the TCP socket code of Cisco IOS and IOS XE ...)
+ TODO: check
CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower System ...)
NOT-FOR-US: Cisco
CVE-2018-0280 (A vulnerability in the Real-Time Transport Protocol (RTP) bitstream ...)
@@ -68458,8 +68767,8 @@ CVE-2018-0183 (A vulnerability in the CLI parser of Cisco IOS XE Software could
NOT-FOR-US: Cisco
CVE-2018-0182 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
NOT-FOR-US: Cisco
-CVE-2018-0181
- RESERVED
+CVE-2018-0181 (A vulnerability in the Redis implementation used by the Cisco Policy ...)
+ TODO: check
CVE-2018-0180 (Multiple vulnerabilities in the Login Enhancements (Login Block) ...)
NOT-FOR-US: Cisco
CVE-2018-0179 (Multiple vulnerabilities in the Login Enhancements (Login Block) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a90d0522841c82348c37c15a128709c36fdb827
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a90d0522841c82348c37c15a128709c36fdb827
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190110/5a80554a/attachment.html>
More information about the debian-security-tracker-commits
mailing list