Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5071ae5c by security tracker role at 2018-08-07T08:10:11Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the ...)
+ TODO: check
+CVE-2018-15128
+ RESERVED
CVE-2018-15127
RESERVED
CVE-2018-15126
@@ -536,8 +540,8 @@ CVE-2018-14871
RESERVED
CVE-2018-14870
RESERVED
-CVE-2018-14869
- RESERVED
+CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address
line 1, ...)
+ TODO: check
CVE-2018-14868
RESERVED
CVE-2018-14867
@@ -560,8 +564,8 @@ CVE-2018-14859
RESERVED
CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before
V7.0.11 ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2018-14857
- RESERVED
+CVE-2018-14857 (Unrestricted file upload (with remote code execution) in ...)
+ TODO: check
CVE-2018-14856
RESERVED
CVE-2018-14855
@@ -929,8 +933,8 @@ CVE-2018-14718
RESERVED
CVE-2018-14717
RESERVED
-CVE-2018-14716
- RESERVED
+CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the
SEOmatic ...)
+ TODO: check
CVE-2018-14715 (The endCoinFlip function and throwSlammer function of the
smart ...)
NOT-FOR-US: smart contract implementations for Cryptogs
CVE-2018-14714
@@ -3081,8 +3085,8 @@ CVE-2018-13879 (A reflected XSS issue was discovered in
the registration form in
NOT-FOR-US: Rocket.Chat
CVE-2018-13878 (An XSS issue was discovered in
packages/rocketchat-mentions/Mentions.js ...)
NOT-FOR-US: Rocket.Chat
-CVE-2018-13877
- RESERVED
+CVE-2018-13877 (The doPayouts() function of the smart contract implementation
for ...)
+ TODO: check
CVE-2018-13876 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is a ...)
- hdf5 <undetermined>
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
@@ -15044,7 +15048,8 @@ CVE-2018-9156 (** DISPUTED ** An issue was discovered
on AXIS P1354 (IP camera)
NOT-FOR-US: AXIS
CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT
Professional ...)
NOT-FOR-US: Open-AudIT Professional
-CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot
in ...)
+CVE-2018-9154
+ REJECTED
- jasper <removed> (unimportant)
NOTE: Negligable security impact
CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote
attackers ...)
@@ -15988,7 +15993,7 @@ CVE-2018-8804 (WriteEPTImage in coders/ept.c in
ImageMagick 7.0.7-25 Q16 allows
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1025
CVE-2018-8803
RESERVED
-CVE-2018-8802 (SQL injection vulnerability in the management interface in
ePortal ...)
+CVE-2018-8802 (SQL injection vulnerability in the management interface in
ePortal ...)
NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x
before ...)
- gitlab 10.5.6+dfsg-1 (bug #893905)
@@ -20853,12 +20858,12 @@ CVE-2018-7094
RESERVED
CVE-2018-7093
RESERVED
-CVE-2018-7092
- RESERVED
-CVE-2018-7091
- RESERVED
-CVE-2018-7090
- RESERVED
+CVE-2018-7092 (A potential security vulnerability has been identified in HPE
...)
+ TODO: check
+CVE-2018-7091 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has
open ...)
+ TODO: check
+CVE-2018-7090 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has
local ...)
+ TODO: check
CVE-2018-7089
RESERVED
CVE-2018-7088
@@ -20881,28 +20886,28 @@ CVE-2018-7080
RESERVED
CVE-2018-7079
RESERVED
-CVE-2018-7078
- RESERVED
+CVE-2018-7078 (A remote code execution was identified in HPE Integrated
Lights-Out 4 ...)
+ TODO: check
CVE-2018-7077
RESERVED
CVE-2018-7076
RESERVED
-CVE-2018-7075
- RESERVED
-CVE-2018-7074
- RESERVED
-CVE-2018-7073
- RESERVED
-CVE-2018-7072
- RESERVED
-CVE-2018-7071
- RESERVED
-CVE-2018-7070
- RESERVED
-CVE-2018-7069
- RESERVED
-CVE-2018-7068
- RESERVED
+CVE-2018-7075 (A remote cross-site scripting (XSS) vulnerability was
identified in ...)
+ TODO: check
+CVE-2018-7074 (A remote code execution vulnerability was identified in HPE ...)
+ TODO: check
+CVE-2018-7073 (A local arbitrary file modification vulnerability was
identified in ...)
+ TODO: check
+CVE-2018-7072 (A remote bypass of security restrictions vulnerability was
identified ...)
+ TODO: check
+CVE-2018-7071 (HPE has identified a remote access to sensitive information ...)
+ TODO: check
+CVE-2018-7070 (HPE has identified a remote disclosure of information
vulnerability in ...)
+ TODO: check
+CVE-2018-7069 (HPE has identified a remote unauthenticated access to files ...)
+ TODO: check
+CVE-2018-7068 (HPE has identified a remote HOST header attack vulnerability in
HPE ...)
+ TODO: check
CVE-2018-7067
RESERVED
CVE-2018-7066
@@ -20917,12 +20922,12 @@ CVE-2018-7062
RESERVED
CVE-2018-7061
RESERVED
-CVE-2018-7060
- RESERVED
-CVE-2018-7059
- RESERVED
-CVE-2018-7058
- RESERVED
+CVE-2018-7060 (Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1
is ...)
+ TODO: check
+CVE-2018-7059 (Aruba ClearPass prior to 6.6.9 has a vulnerability in the API
that ...)
+ TODO: check
+CVE-2018-7058 (Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are
affected by ...)
+ TODO: check
CVE-2018-7057 (RoomWizard before 4.4.x allows XSS via the HelpAction.action
pageName ...)
NOT-FOR-US: RoomWizard
CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain
potentially ...)
@@ -26210,8 +26215,7 @@ CVE-2018-5392 [mingw-w64 by default produces
executables that opt in to ASLR, bu
NOTE: https://www.kb.cert.org/vuls/id/307144 (describes workaround)
CVE-2018-5391
RESERVED
-CVE-2018-5390 [Linux Kernel TCP implementation vulnerable to Denial of Service]
- RESERVED
+CVE-2018-5390 (Linux kernel versions 4.9+ can be forced to make very expensive
calls ...)
{DSA-4266-1}
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -42436,17 +42440,17 @@ CVE-2017-16854 (In Open Ticket Request System (OTRS)
through 3.3.20, 4 through 4
NOTE: OTRS-6:
https://github.com/OTRS/otrs/commit/867aba14900f17caacb0285a08b6981bbdbbe016
NOTE: OTRS-5:
https://github.com/OTRS/otrs/commit/8748d040058695fda5c9cfcb2a78d8947ed4188d
NOTE: OTRS-4:
https://github.com/OTRS/otrs/commit/e0deab303e3d0f7c860bba291410512734f4d6b0
-CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 allows SQL injection
via the ...)
+CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 before build 13530
allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 allows SQL injection
via the ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 allows SQL injection
via the ...)
+CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 before build 13530
allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16848 (Zoho ManageEngine Applications Manager 13 allows SQL injection
via the ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 allows SQL injection
via the ...)
+CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 before build 13530
allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection
via the ...)
+CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 before build 13530
allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count'
values ...)
{DSA-4213-1}
@@ -42663,8 +42667,7 @@ CVE-2017-16792 (Stored cross-site scripting (XSS)
vulnerability in "geminab
NOT-FOR-US: geminabox
CVE-2017-16791
RESERVED
-CVE-2017-16790 [Ensure that submitted data are uploaded files]
- RESERVED
+CVE-2017-16790 (An issue was discovered in Symfony before 2.7.38, 2.8.31,
3.2.14, ...)
{DSA-4262-1}
- symfony 3.4.0+dfsg-1
NOTE:
https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
@@ -42977,14 +42980,12 @@ CVE-2017-16656
RESERVED
CVE-2017-16655
RESERVED
-CVE-2017-16654 [Intl bundle readers breaking out of paths]
- RESERVED
+CVE-2017-16654 (An issue was discovered in Symfony before 2.7.38, 2.8.31,
3.2.14, ...)
{DSA-4262-1}
- symfony 3.4.0+dfsg-1
NOTE:
https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
NOTE: https://github.com/symfony/symfony/pull/24994
-CVE-2017-16653 [CSRF protection does not use different tokens for HTTP and
HTTPS]
- RESERVED
+CVE-2017-16653 (An issue was discovered in Symfony before 2.7.38, 2.8.31,
3.2.14, ...)
{DSA-4262-1}
- symfony 3.4.0+dfsg-1
NOTE:
https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
@@ -43318,9 +43319,9 @@ CVE-2017-16544 (In the add_match function in
libbb/lineedit.c in BusyBox through
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE:
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
NOTE:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
-CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection
via ...)
+CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 before build 13500
allows ...)
NOT-FOR-US: Zoho
-CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 allows
Post-authentication ...)
+CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500
allows ...)
NOT-FOR-US: Zoho
CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote
attackers to ...)
- firefox-esr <not-affected> (Specific to Tor Browser)
@@ -44062,8 +44063,8 @@ CVE-2017-16254
RESERVED
CVE-2017-16253
RESERVED
-CVE-2017-16252
- RESERVED
+CVE-2017-16252 (Specially crafted commands sent through the PubNub service in
Insteon ...)
+ TODO: check
CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST
14.2, ...)
NOT-FOR-US: Mitel
CVE-2017-16250 (A vulnerability in Mitel ST 14.2, release GA28 and earlier,
could ...)
@@ -66286,14 +66287,14 @@ CVE-2017-9005
RESERVED
CVE-2017-9004
RESERVED
-CVE-2017-9003
- RESERVED
-CVE-2017-9002
- RESERVED
-CVE-2017-9001
- RESERVED
-CVE-2017-9000
- RESERVED
+CVE-2017-9003 (Multiple memory corruption flaws are present in ArubaOS which
could ...)
+ TODO: check
+CVE-2017-9002 (All versions of Aruba ClearPass prior to 6.6.8 contain
reflected ...)
+ TODO: check
+CVE-2017-9001 (Aruba ClearPass 6.6.3 and later includes a feature called
"SSH ...)
+ TODO: check
+CVE-2017-9000 (ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16,
6.5.x ...)
+ TODO: check
CVE-2017-8999
RESERVED
CVE-2017-8998
@@ -66308,18 +66309,18 @@ CVE-2017-8994 (A input validation vulnerability in
HPE Operations Orchestration
NOT-FOR-US: HPE
CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and
...)
NOT-FOR-US: HPE Project and Portfolio Management
-CVE-2017-8992
- RESERVED
-CVE-2017-8991
- RESERVED
-CVE-2017-8990
- RESERVED
-CVE-2017-8989
- RESERVED
-CVE-2017-8988
- RESERVED
-CVE-2017-8987
- RESERVED
+CVE-2017-8992 (HPE has identified a remote privilege escalation vulnerability
in HPE ...)
+ TODO: check
+CVE-2017-8991 (HPE has identified a cross site scripting (XSS) vulnerability
in HPE ...)
+ TODO: check
+CVE-2017-8990 (A remote code execution vulnerability was identified in HPE ...)
+ TODO: check
+CVE-2017-8989 (A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0
on RHEL, ...)
+ TODO: check
+CVE-2017-8988 (A Remote Bypass of Security Restrictions vulnerability was
identified ...)
+ TODO: check
+CVE-2017-8987 (A Unauthenticated Remote Denial of Service vulnerability was
...)
+ TODO: check
CVE-2017-8986
RESERVED
CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a
local ...)
@@ -66356,8 +66357,8 @@ CVE-2017-8970 (A remote unauthenticated disclosure of
information vulnerability
NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-8969 (An improper input validation vulnerability in HPE Insight
Control ...)
NOT-FOR-US: HPE Insight Control
-CVE-2017-8968
- RESERVED
+CVE-2017-8968 (A remote execution of arbitrary code vulnerability has been
identified ...)
+ TODO: check
CVE-2017-8967 (A Deserialization of Untrusted Data vulnerability in Hewlett
Packard ...)
NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8966 (A Deserialization of Untrusted Data vulnerability in Hewlett
Packard ...)
@@ -86033,8 +86034,8 @@ CVE-2017-2656
REJECTED
CVE-2017-2655
REJECTED
-CVE-2017-2654
- RESERVED
+CVE-2017-2654 (jenkins-email-ext before version 2.57.1 is vulnerable to an ...)
+ TODO: check
CVE-2017-2653 (A number of unused delete routes are present in CloudForms
before ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2017-2652 (It was found that there were no permission checks performed in
the ...)
@@ -91912,7 +91913,7 @@ CVE-2016-9500 (Accellion FTP server prior to version
FTA_9_12_220 uses the Accus
NOT-FOR-US: Accellion
CVE-2016-9499 (Accellion FTP server prior to version FTA_9_12_220 only returns
the ...)
NOT-FOR-US: Accellion
-CVE-2016-9498 (ManageEngine Applications Manager 12 and 13, allows
unserialization of ...)
+CVE-2016-9498 (ManageEngine Applications Manager 12 and 13 before build 13200,
allows ...)
NOT-FOR-US: ManageEngine
CVE-2016-9497 (Hughes high-performance broadband satellite modems, models
HN7740S ...)
NOT-FOR-US: Hughes
@@ -91926,11 +91927,11 @@ CVE-2016-9493 (The code generated by PHP FormMail
Generator prior to 17 December
NOT-FOR-US: PHP FormMail Generator
CVE-2016-9492 (The code generated by PHP FormMail Generator prior to 17
December 2016 ...)
NOT-FOR-US: PHP FormMail Generator
-CVE-2016-9491 (ManageEngine Applications Manager 12 and 13 allows an
authenticated ...)
+CVE-2016-9491 (ManageEngine Applications Manager 12 and 13 before build 13690
allows ...)
NOT-FOR-US: ManageEngine
-CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 suffer
from a ...)
+CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 before
build ...)
NOT-FOR-US: ManageEngine Applications Manager
-CVE-2016-9489 (In ManageEngine Applications Manager 12 and 13, an
authenticated user ...)
+CVE-2016-9489 (In ManageEngine Applications Manager 12 and 13 before build
13200, an ...)
NOT-FOR-US: ManageEngine
CVE-2016-9488 (ManageEngine Applications Manager versions 12 and 13 suffer
from ...)
NOT-FOR-US: ManageEngine Applications Manager
@@ -95342,10 +95343,10 @@ CVE-2016-8529 (A Remote Arbitrary Command Execution
vulnerability in HPE StoreVi
NOT-FOR-US: HPE StoreVirtual
CVE-2016-8528 (A Remote Escalation of Privilege vulnerability in HPE Helion
...)
NOT-FOR-US: HPE Helion Eucalyptus
-CVE-2016-8527
- RESERVED
-CVE-2016-8526
- RESERVED
+CVE-2016-8527 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is
...)
+ TODO: check
+CVE-2016-8526 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is
...)
+ TODO: check
CVE-2016-8525 (A Remote Disclosure of Information vulnerability in HPE iMC
PLAT ...)
NOT-FOR-US: HPE iMC PLAT
CVE-2016-8524
@@ -109372,30 +109373,26 @@ CVE-2016-4408
RESERVED
CVE-2016-4407 (The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38
does not ...)
NOT-FOR-US: SAP
-CVE-2016-4406
- RESERVED
+CVE-2016-4406 (A remote cross site scripting vulnerability was identified in
HPE iLO ...)
NOT-FOR-US: HPE iLO
-CVE-2016-4405
- RESERVED
-CVE-2016-4404
- RESERVED
+CVE-2016-4405 (A remote code execution vulnerability was identified in HP
Business ...)
+ TODO: check
+CVE-2016-4404 (A security vulnerability was identified in the Filter SDK
component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
-CVE-2016-4403
- RESERVED
+CVE-2016-4403 (A security vulnerability was identified in the Filter SDK
component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
-CVE-2016-4402
- RESERVED
+CVE-2016-4402 (A security vulnerability was identified in the Filter SDK
component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4401
RESERVED
-CVE-2016-4400
- RESERVED
-CVE-2016-4399
- RESERVED
-CVE-2016-4398
- RESERVED
-CVE-2016-4397
- RESERVED
+CVE-2016-4400 (A security vulnerability was identified in HP Network Node
Manager i ...)
+ TODO: check
+CVE-2016-4399 (A security vulnerability was identified in HP Network Node
Manager i ...)
+ TODO: check
+CVE-2016-4398 (A remote arbitrary code execution vulnerability was identified
in HP ...)
+ TODO: check
+CVE-2016-4397 (A local code execution security vulnerability was identified in
HP ...)
+ TODO: check
CVE-2016-4396 (HPE System Management Homepage before v7.6 allows remote
attackers to ...)
NOT-FOR-US: HPE System Management Homepage
CVE-2016-4395 (HPE System Management Homepage before v7.6 allows remote
attackers to ...)
@@ -109404,10 +109401,10 @@ CVE-2016-4394 (HPE System Management Homepage
before v7.6 allows remote attacker
NOT-FOR-US: HPE System Management Homepage
CVE-2016-4393 (HPE System Management Homepage before v7.6 allows "remote
...)
NOT-FOR-US: HPE System Management Homepage
-CVE-2016-4392
- RESERVED
-CVE-2016-4391
- RESERVED
+CVE-2016-4392 (A remote cross site scripting vulnerability has been identified
in HP ...)
+ TODO: check
+CVE-2016-4391 (A remote code execution security vulnerability has been
identified in ...)
+ TODO: check
CVE-2016-4390 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote
...)
NOT-FOR-US: HPE KeyView
CVE-2016-4389 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5071ae5c52b81cce20355bd196c29c7dc3e31cf0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5071ae5c52b81cce20355bd196c29c7dc3e31cf0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
