Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
75451ab8 by security tracker role at 2018-07-19T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,31 @@
+CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles
substrings ...)
+ TODO: check
+CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the ...)
+ TODO: check
+CVE-2018-14401 (CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has
an ...)
+ TODO: check
+CVE-2018-14400
+ RESERVED
+CVE-2018-14399 (libs\classes\attachment.class.php in PHPCMS 9.6.0 allows
remote ...)
+ TODO: check
+CVE-2018-14398
+ RESERVED
+CVE-2018-14397
+ RESERVED
+CVE-2018-14396
+ RESERVED
+CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers
to cause a ...)
+ TODO: check
+CVE-2018-14394 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers
to cause a ...)
+ TODO: check
+CVE-2018-14393
+ RESERVED
+CVE-2018-14392 (The New Threads plugin before 1.2 for MyBB has XSS. ...)
+ TODO: check
+CVE-2018-14391
+ RESERVED
+CVE-2018-14390
+ RESERVED
CVE-2018-1999001 [ jenkins SECURITY-897 ]
NOT-FOR-US: Jenkins
CVE-2018-1999002 [ jenkins SECURITY-914 ]
@@ -60,14 +88,14 @@ CVE-2018-14372
RESERVED
CVE-2018-14371 (The getLocalePrefix function in ResourceManager.java in
Eclipse Mojarra ...)
TODO: check
-CVE-2018-14370
- RESERVED
-CVE-2018-14369
- RESERVED
-CVE-2018-14368
- RESERVED
-CVE-2018-14367
- RESERVED
+CVE-2018-14370 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE
802.11 ...)
+ TODO: check
+CVE-2018-14369 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
+ TODO: check
+CVE-2018-14368 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
+ TODO: check
+CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP
protocol ...)
+ TODO: check
CVE-2018-14366
RESERVED
CVE-2018-14365
@@ -169,18 +197,18 @@ CVE-2018-14345 (An issue was discovered in SDDM through
0.17.0. If configured wi
[stretch] - sddm <not-affected> (Re-use session feature introduced in
0.16.0)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1101450
NOTE:
https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98
-CVE-2018-14344
- RESERVED
-CVE-2018-14343
- RESERVED
-CVE-2018-14342
- RESERVED
-CVE-2018-14341
- RESERVED
-CVE-2018-14340
- RESERVED
-CVE-2018-14339
- RESERVED
+CVE-2018-14344 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
+ TODO: check
+CVE-2018-14343 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
+ TODO: check
+CVE-2018-14342 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
+ TODO: check
+CVE-2018-14341 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
+ TODO: check
+CVE-2018-14340 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, ...)
+ TODO: check
+CVE-2018-14339 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
+ TODO: check
CVE-2018-14338 (samples/geotag.cpp in the example code of Exiv2 0.26 misuses
the ...)
- exiv2 <unfixed> (unimportant)
NOTE: https://github.com/Exiv2/exiv2/issues/382
@@ -765,13 +793,13 @@ CVE-2018-14058
CVE-2018-14057
RESERVED
CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted
lines coming ...)
- {DLA-1427-1}
+ {DSA-4252-1 DLA-1427-1}
- znc 1.7.1-1 (bug #903787)
NOTE:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
NOTE:
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/4
CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../
in a web ...)
- {DLA-1427-1}
+ {DSA-4252-1 DLA-1427-1}
- znc 1.7.1-1 (bug #903788)
NOTE:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/5
@@ -3086,10 +3114,12 @@ CVE-2018-13008 (An issue was discovered in gpmf-parser
1.1.2. There is a heap-ba
CVE-2018-13007 (An issue was discovered in gpmf-parser 1.1.2. There is a
heap-based ...)
NOT-FOR-US: gpmf-parser
CVE-2018-13006 (An issue was discovered in MP4Box in GPAC 0.7.1. There is a
heap-based ...)
+ {DLA-1432-1}
- gpac <unfixed> (bug #902782)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
CVE-2018-13005 (An issue was discovered in MP4Box in GPAC 0.7.1. The function
urn_Read ...)
+ {DLA-1432-1}
- gpac <unfixed> (bug #902782)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1088
@@ -7014,6 +7044,7 @@ CVE-2018-11531 (Exiv2 0.26 has a heap-based buffer
overflow in getData in previe
CVE-2018-11530
RESERVED
CVE-2018-11529 (VideoLAN VLC media player 2.2.x is prone to a use after free
...)
+ {DSA-4251-1}
- vlc 3.0.3-1-1
NOTE:
https://github.com/videolan/vlc-3.0/commit/c472668ff873cfe29281822b4548715fb7bb0368
NOTE:
https://github.com/videolan/vlc-3.0/commit/d2dadb37e7acc25ae08df71e563855d6e17b5b42
@@ -8699,6 +8730,7 @@ CVE-2018-10887 (A flaw was found in libgit2 before
version 0.27.3. It has been .
NOTE:
https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
NOTE:
https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
CVE-2018-10886 (ant before version 1.9.12 unzip and untar targets allows the
...)
+ {DLA-1431-1}
- ant 1.10.4-1
NOTE: Fixed upstream in 1.9.12 and 1.10.4
NOTE:
https://github.com/apache/ant/commit/e56e54565804991c62ec76dad385d2bdda8972a7
@@ -38742,40 +38774,40 @@ CVE-2018-0405
RESERVED
CVE-2018-0404
RESERVED
-CVE-2018-0403
- RESERVED
-CVE-2018-0402
- RESERVED
-CVE-2018-0401
- RESERVED
-CVE-2018-0400
- RESERVED
-CVE-2018-0399
- RESERVED
-CVE-2018-0398
- RESERVED
+CVE-2018-0403 (Multiple vulnerabilities in the web-based management interface
of Cisco ...)
+ TODO: check
+CVE-2018-0402 (Multiple vulnerabilities in the web-based management interface
of Cisco ...)
+ TODO: check
+CVE-2018-0401 (Multiple vulnerabilities in the web-based management interface
of Cisco ...)
+ TODO: check
+CVE-2018-0400 (Multiple vulnerabilities in the web-based management interface
of Cisco ...)
+ TODO: check
+CVE-2018-0399 (Multiple vulnerabilities in the web-based management interface
of Cisco ...)
+ TODO: check
+CVE-2018-0398 (Multiple vulnerabilities in the web-based management interface
of Cisco ...)
+ TODO: check
CVE-2018-0397
RESERVED
-CVE-2018-0396
- RESERVED
+CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified ...)
+ TODO: check
CVE-2018-0395
RESERVED
-CVE-2018-0394
- RESERVED
-CVE-2018-0393
- RESERVED
-CVE-2018-0392
- RESERVED
+CVE-2018-0394 (A vulnerability in the web upload function of Cisco Cloud
Services ...)
+ TODO: check
+CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy
Builder ...)
+ TODO: check
+CVE-2018-0392 (A vulnerability in the CLI of Cisco Policy Suite could allow an
...)
+ TODO: check
CVE-2018-0391
RESERVED
-CVE-2018-0390
- RESERVED
+CVE-2018-0390 (A vulnerability in the web framework of Cisco Webex could allow
an ...)
+ TODO: check
CVE-2018-0389
RESERVED
CVE-2018-0388
RESERVED
-CVE-2018-0387
- RESERVED
+CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS)
could ...)
+ TODO: check
CVE-2018-0386
RESERVED
CVE-2018-0385 (A vulnerability in the detection engine parsing of Security
Socket ...)
@@ -38788,24 +38820,24 @@ CVE-2018-0382
RESERVED
CVE-2018-0381
RESERVED
-CVE-2018-0380
- RESERVED
-CVE-2018-0379
- RESERVED
+CVE-2018-0380 (Multiple vulnerabilities exist in the Cisco Webex Network
Recording ...)
+ TODO: check
+CVE-2018-0379 (Multiple vulnerabilities exist in the Cisco Webex Network
Recording ...)
+ TODO: check
CVE-2018-0378
RESERVED
-CVE-2018-0377
- RESERVED
-CVE-2018-0376
- RESERVED
-CVE-2018-0375
- RESERVED
-CVE-2018-0374
- RESERVED
+CVE-2018-0377 (A vulnerability in the Open Systems Gateway initiative (OSGi)
interface ...)
+ TODO: check
+CVE-2018-0376 (A vulnerability in the Policy Builder interface of Cisco Policy
Suite ...)
+ TODO: check
+CVE-2018-0375 (A vulnerability in the Cluster Manager of Cisco Policy Suite
before ...)
+ TODO: check
+CVE-2018-0374 (A vulnerability in the Policy Builder database of Cisco Policy
Suite ...)
+ TODO: check
CVE-2018-0373 (A vulnerability in vpnva-6.sys for 32-bit Windows and
vpnva64-6.sys for ...)
NOT-FOR-US: Cisco
-CVE-2018-0372
- RESERVED
+CVE-2018-0372 (A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000
Series ...)
+ TODO: check
CVE-2018-0371 (A vulnerability in the Web Admin Interface of Cisco Meeting
Server ...)
NOT-FOR-US: Cisco
CVE-2018-0370 (A vulnerability in the detection engine of Cisco Firepower
System ...)
@@ -38850,26 +38882,26 @@ CVE-2018-0353 (A vulnerability in traffic-monitoring
functions in Cisco Web Secu
NOT-FOR-US: Cisco
CVE-2018-0352 (A vulnerability in the Disk Check Tool (disk-check.sh) for
Cisco Wide ...)
NOT-FOR-US: Cisco
-CVE-2018-0351
- RESERVED
-CVE-2018-0350
- RESERVED
-CVE-2018-0349
- RESERVED
-CVE-2018-0348
- RESERVED
-CVE-2018-0347
- RESERVED
-CVE-2018-0346
- RESERVED
-CVE-2018-0345
- RESERVED
-CVE-2018-0344
- RESERVED
-CVE-2018-0343
- RESERVED
-CVE-2018-0342
- RESERVED
+CVE-2018-0351 (A vulnerability in the command-line tcpdump utility in the
Cisco SD-WAN ...)
+ TODO: check
+CVE-2018-0350 (A vulnerability in the VPN subsystem configuration in the Cisco
SD-WAN ...)
+ TODO: check
+CVE-2018-0349 (A vulnerability in the Cisco SD-WAN Solution could allow an ...)
+ TODO: check
+CVE-2018-0348 (A vulnerability in the CLI of the Cisco SD-WAN Solution could
allow an ...)
+ TODO: check
+CVE-2018-0347 (A vulnerability in the Zero Touch Provisioning (ZTP) subsystem
of the ...)
+ TODO: check
+CVE-2018-0346 (A vulnerability in the Zero Touch Provisioning service of the
Cisco ...)
+ TODO: check
+CVE-2018-0345 (A vulnerability in the configuration and management database of
the ...)
+ TODO: check
+CVE-2018-0344 (A vulnerability in the vManage dashboard for the configuration
and ...)
+ TODO: check
+CVE-2018-0343 (A vulnerability in the configuration and management service of
the ...)
+ TODO: check
+CVE-2018-0342 (A vulnerability in the configuration and monitoring service of
the ...)
+ TODO: check
CVE-2018-0341 (A vulnerability in the web-based UI of Cisco IP Phone 6800,
7800, and ...)
NOT-FOR-US: Cisco
CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/75451ab8badb77422fa221f2082eaa8d6fb5ba6f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/75451ab8badb77422fa221f2082eaa8d6fb5ba6f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
