Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
94d7419b by security tracker role at 2018-08-21T08:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,53 @@
+CVE-2018-15604
+ RESERVED
+CVE-2018-15603 (An issue was discovered in Victor CMS through 2018-05-10.
There is XSS ...)
+ TODO: check
+CVE-2018-15602
+ RESERVED
+CVE-2018-15601 (apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3
performs ...)
+ TODO: check
+CVE-2018-15600
+ RESERVED
+CVE-2018-15599 (The recv_msg_userauth_request function in svr-auth.c in
Dropbear ...)
+ TODO: check
+CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used,
exposes the ...)
+ TODO: check
+CVE-2018-15597
+ RESERVED
+CVE-2018-15596
+ RESERVED
+CVE-2018-1000226 (Cobbler version Verified as present in Cobbler versions
2.6.11+, but ...)
+ TODO: check
+CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions
2.6.11+, but ...)
+ TODO: check
+CVE-2018-1000224 (Godot Engine version All versions prior to 2.1.5, all 3.0
versions ...)
+ TODO: check
+CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability
vulnerability ...)
+ TODO: check
+CVE-2018-1000221 (pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow
...)
+ TODO: check
+CVE-2018-1000220
+ REJECTED
+ TODO: check
+CVE-2018-1000219 (OpenEMR version v5_0_1_4 contains a Cross Site Scripting
(XSS) ...)
+ TODO: check
+CVE-2018-1000218 (OpenEMR version v5_0_1_4 contains a Cross Site Scripting
(XSS) ...)
+ TODO: check
+CVE-2018-1000217 (Dave Gamble cJSON version 1.7.3 and earlier contains a
CWE-416: Use ...)
+ TODO: check
+CVE-2018-1000216 (Dave Gamble cJSON version 1.7.2 and earlier contains a
CWE-415: Double ...)
+ TODO: check
+CVE-2018-1000215 (Dave Gamble cJSON version 1.7.6 and earlier contains a
CWE-772 ...)
+ TODO: check
+CVE-2018-1000214
+ REJECTED
+ TODO: check
+CVE-2018-1000213
+ REJECTED
+ TODO: check
+CVE-2018-1000212
+ REJECTED
+ TODO: check
CVE-2018-15595
RESERVED
CVE-2018-15593
@@ -1462,7 +1512,7 @@ CVE-2018-14916
RESERVED
CVE-2018-14915
RESERVED
-CVE-2018-1000223 [Heap-based buffer overflow in
SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() potentially leading to
code execution]
+CVE-2018-1000223 (soundtouch version up to and including 2.0.0 contains a
Buffer ...)
- soundtouch <unfixed> (bug #905491)
[stretch] - soundtouch <no-dsa> (Minor issue)
[jessie] - soundtouch <no-dsa> (Minor issue)
@@ -3647,12 +3697,12 @@ CVE-2018-14081
RESERVED
CVE-2018-14080
RESERVED
-CVE-2018-14079
- RESERVED
-CVE-2018-14078
- RESERVED
-CVE-2018-14077
- RESERVED
+CVE-2018-14079 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized
remote ...)
+ TODO: check
+CVE-2018-14078 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized
remote ...)
+ TODO: check
+CVE-2018-14077 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized
remote ...)
+ TODO: check
CVE-2018-14076
RESERVED
CVE-2018-14075
@@ -3841,14 +3891,14 @@ CVE-2018-14025
RESERVED
CVE-2018-14024
RESERVED
-CVE-2018-14023
- RESERVED
+CVE-2018-14023 (Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10
allows ...)
+ TODO: check
CVE-2018-14022
RESERVED
CVE-2018-14021
RESERVED
-CVE-2018-14020
- RESERVED
+CVE-2018-14020 (An issue was discovered in the Paymorrow module 1.0.0 before
1.0.2 and ...)
+ TODO: check
CVE-2018-14019
RESERVED
CVE-2018-14018
@@ -7253,8 +7303,8 @@ CVE-2018-12581 (An issue was discovered in
js/designer/move.js in phpMyAdmin bef
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e
CVE-2018-12580 (library/DBTech/Security/Action/Sessions.php in DragonByte
vBSecurity ...)
NOT-FOR-US: DragonByte vBSecurity for vBulletin
-CVE-2018-12579
- RESERVED
+CVE-2018-12579 (An issue was discovered in OXID eShop Enterprise Edition
before 5.3.8, ...)
+ TODO: check
CVE-2018-12578 (There is a heap-based buffer overflow in bmp_compress1_row in
...)
{DLA-1463-1}
- sam2p <removed>
@@ -37363,8 +37413,7 @@ CVE-2018-1658
RESERVED
CVE-2018-1657
RESERVED
-CVE-2018-1656
- RESERVED
+CVE-2018-1656 (The IBM Java Runtime Environment's Diagnostic Tooling Framework
for ...)
NOT-FOR-US: IBM JDK
CVE-2018-1655 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the
rmsock ...)
NOT-FOR-US: IBM AIX
@@ -37642,8 +37691,7 @@ CVE-2018-1519
RESERVED
CVE-2018-1518
RESERVED
-CVE-2018-1517
- RESERVED
+CVE-2018-1517 (A flaw in the java.math component in IBM SDK, Java Technology
Edition ...)
NOT-FOR-US: IBM JDK
CVE-2018-1516
RESERVED
@@ -37889,8 +37937,8 @@ CVE-2018-1396 (IBM Rational Quality Manager 5.0 through
5.0.2 and 6.0 through 6.
NOT-FOR-US: IBM
CVE-2018-1395
RESERVED
-CVE-2018-1394
- RESERVED
+CVE-2018-1394 (Multiple IBM Rational products are vulnerable to cross-site
scripting. ...)
+ TODO: check
CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for
Multi-Platform ...)
NOT-FOR-US: IBM
CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH
Services for ...)
@@ -41848,8 +41896,7 @@ CVE-2018-0503
RESERVED
CVE-2018-0502
RESERVED
-CVE-2018-0501
- RESERVED
+CVE-2018-0501 (The mirror:// method implementation in Advanced Package Tool
(APT) ...)
- apt 1.6.4
[stretch] - apt <not-affected> (Vulnerable code introduced in
1.6~alpha6)
[jessie] - apt <not-affected> (Vulnerable code introduced in 1.6~alpha6)
@@ -44037,16 +44084,16 @@ CVE-2017-16750
RESERVED
CVE-2017-16749 (A Use-after-Free issue was discovered in Delta Electronics
Delta ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
-CVE-2017-16748
- RESERVED
+CVE-2017-16748 (An attacker can log into the local Niagara platform (Niagara
AX ...)
+ TODO: check
CVE-2017-16747 (An Out-of-bounds Write issue was discovered in Delta
Electronics Delta ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
CVE-2017-16746
RESERVED
CVE-2017-16745 (A Type Confusion issue was discovered in Delta Electronics
Delta ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
-CVE-2017-16744
- RESERVED
+CVE-2017-16744 (A path traversal vulnerability in Tridium Niagara AX Versions
3.8 and ...)
+ TODO: check
CVE-2017-16743 (An Improper Authorization issue was discovered in PHOENIX
CONTACT FL ...)
NOT-FOR-US: PHOENIX CONTACT FL SWITCH
CVE-2017-16742
@@ -89332,8 +89379,8 @@ CVE-2017-1755 (IBM Security Identity Governance Virtual
Appliance 5.2 through 5.
NOT-FOR-US: IBM
CVE-2017-1754
RESERVED
-CVE-2017-1753
- RESERVED
+CVE-2017-1753 (Multiple IBM Rational products are vulnerable to HTML
injection. A ...)
+ TODO: check
CVE-2017-1752 (IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated
...)
NOT-FOR-US: IBM UrbanCode Deploy
CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0
is ...)
@@ -101387,8 +101434,7 @@ CVE-2016-7050 (SerializableProvider in RESTEasy in
Red Hat Enterprise Linux Desk
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378613
CVE-2016-7049
RESERVED
-CVE-2016-7048
- RESERVED
+CVE-2016-7048 (The interactive installer in PostgreSQL before 9.3.15, 9.4.x
before ...)
NOT-FOR-US: interactive installer used in EnterpriseDB-supplied
PostgreSQL packages
CVE-2016-7047
RESERVED
@@ -134055,8 +134101,7 @@ CVE-2015-5244 (The NSSCipherSuite option with
ciphersuites enabled in mod_nss be
[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced
in 1.0.11)
NOTE: Introduced in
https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8
(1.0.11)
NOTE: Fixed by
https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=34e1ccecb4a7d5054dba2f92b403af9b6ae1e110
(1.0.12)
-CVE-2015-5243
- RESERVED
+CVE-2015-5243 (phpWhois allows remote attackers to execute arbitrary code via
a ...)
NOT-FOR-US: phpWhois
CVE-2015-5242 (OpenStack Swift-on-File (aka Swiftonfile) does not properly
restrict ...)
NOT-FOR-US: swiftonfile
@@ -134379,8 +134424,7 @@ CVE-2015-5161 (The Zend_Xml_Security::scan in ZendXml
before 1.0.1 and Zend Fram
- php-zend-xml 1.0.1-1
NOTE: http://framework.zend.com/security/advisory/ZF2015-06
NOTE: Root issue already fixed in PHP 5.6.6, so this one is not
relevant starting with Jessie
-CVE-2015-5160 [Ceph id/key leaked in the process list]
- RESERVED
+CVE-2015-5160 (libvirt before 2.2 includes Ceph credentials on the qemu
command line ...)
- libvirt 2.2.0-1 (low; bug #796111)
[jessie] - libvirt <no-dsa> (Minor issue; needs changes first in QEMU)
[wheezy] - libvirt <no-dsa> (Minor issue; needs changes first in QEMU)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/94d7419b6dc065ddf74c9ed521c11e7299067c24
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/94d7419b6dc065ddf74c9ed521c11e7299067c24
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
