Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c059828 by security tracker role at 2018-08-27T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2018-15910 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers able
to supply ...)
+ TODO: check
+CVE-2018-15909 (In Artifex Ghostscript 9.23 before 2018-08-24, a type
confusion using ...)
+ TODO: check
+CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are
able to ...)
+ TODO: check
+CVE-2018-15907
+ RESERVED
+CVE-2018-15906
+ RESERVED
+CVE-2018-15905
+ RESERVED
+CVE-2018-15904 (A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before
...)
+ TODO: check
+CVE-2018-15903
+ RESERVED
+CVE-2018-15902
+ RESERVED
CVE-2018-15901
RESERVED
CVE-2018-15900
@@ -37,8 +55,8 @@ CVE-2015-9263 (An issue was discovered in post2file.php in
Up.Time Monitoring St
NOT-FOR-US: Up.Time
CVE-2014-10074 (Umbraco before 7.2.0 has a remote PHP code execution
vulnerability ...)
NOT-FOR-US: Umbraco
-CVE-2018-15887
- RESERVED
+CVE-2018-15887 (Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is
prone to ...)
+ TODO: check
CVE-2018-15886
RESERVED
CVE-2018-15885 (Ovation FindMe 1.4-1083-1 is intended to support transmission
of ...)
@@ -248,8 +266,8 @@ CVE-2018-15812
RESERVED
CVE-2018-15811
RESERVED
-CVE-2018-15810
- RESERVED
+CVE-2018-15810 (Visiology Flipbox Software Suite before 2.7.0 allows directory
...)
+ TODO: check
CVE-2018-15809 (AccuPOS 2017.8 is installed with the insecure
"Authenticated Users: ...)
NOT-FOR-US: AccuPOS
CVE-2018-15808 (POSIM EVO 15.13 for Windows includes hardcoded database
credentials for ...)
@@ -482,18 +500,18 @@ CVE-2018-15701
RESERVED
CVE-2018-15700
RESERVED
-CVE-2018-15699
- RESERVED
-CVE-2018-15698
- RESERVED
-CVE-2018-15697
- RESERVED
-CVE-2018-15696
- RESERVED
-CVE-2018-15695
- RESERVED
-CVE-2018-15694
- RESERVED
+CVE-2018-15699 (ASUSTOR Data Master 3.1.5 and below makes an HTTP request for
a ...)
+ TODO: check
+CVE-2018-15698 (ASUSTOR Data Master 3.1.5 and below allows authenticated
remote ...)
+ TODO: check
+CVE-2018-15697 (ASUSTOR Data Master 3.1.5 and below allows authenticated
remote ...)
+ TODO: check
+CVE-2018-15696 (ASUSTOR Data Master 3.1.5 and below allows authenticated
remote ...)
+ TODO: check
+CVE-2018-15695 (ASUSTOR Data Master 3.1.5 and below allows authenticated
remote ...)
+ TODO: check
+CVE-2018-15694 (ASUSTOR Data Master 3.1.5 and below allows authenticated
remote ...)
+ TODO: check
CVE-2018-15693
RESERVED
CVE-2018-15692
@@ -4547,6 +4565,7 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is
possible in the data-target pr
NOTE: https://github.com/twbs/bootstrap/pull/26630
NOTE:
https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628
CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse
data-parent ...)
+ {DLA-1479-1}
- twitter-bootstrap <unfixed>
[jessie] - twitter-bootstrap <not-affected> (Vulnerable code not
present)
- twitter-bootstrap3 <unfixed> (bug #907414)
@@ -12412,8 +12431,7 @@ CVE-2018-10940 (The cdrom_ioctl_media_changed function
in drivers/cdrom/cdrom.c
NOTE: Fixed by:
https://git.kernel.org/linus/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
CVE-2018-10939 (Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8
before ...)
NOT-FOR-US: Zimbra Web Client
-CVE-2018-10938
- RESERVED
+CVE-2018-10938 (A flaw was found in the Linux kernel present since v4.0-rc1
and ...)
- linux 4.13.4-1
NOTE:
https://git.kernel.org/linus/40413955ee265a5e42f710940ec78f5450d49149 (4.13-rc5)
NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/1
@@ -22247,7 +22265,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series:
2.2.9 and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
- {DSA-4259-1 DSA-4219-1 DLA-1352-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1480-1 DLA-1352-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -22260,7 +22278,7 @@ CVE-2018-1000074 (RubyGems version Ruby 2.2 series:
2.2.9 and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
- {DSA-4259-1 DSA-4219-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1480-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -31855,8 +31873,8 @@ CVE-2018-3929 (An exploitable heap corruption exists in
the PowerPoint document
NOT-FOR-US: Microsoft
CVE-2018-3928
RESERVED
-CVE-2018-3927
- RESERVED
+CVE-2018-3927 (An exploitable information disclosure vulnerability exists in
the ...)
+ TODO: check
CVE-2018-3926
RESERVED
CVE-2018-3925 (An exploitable buffer overflow vulnerability exists in the
remote ...)
@@ -31873,8 +31891,8 @@ CVE-2018-3920
RESERVED
CVE-2018-3919 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3918
- RESERVED
+CVE-2018-3918 (An exploitable vulnerability exists in the remote servers of
Samsung ...)
+ TODO: check
CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware
version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3916
@@ -31901,8 +31919,8 @@ CVE-2018-3906
RESERVED
CVE-2018-3905 (An exploitable buffer overflow vulnerability exists in the
camera ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3904
- RESERVED
+CVE-2018-3904 (An exploitable buffer overflow vulnerability exists in the
camera ...)
+ TODO: check
CVE-2018-3903 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware
version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3902 (An exploitable buffer overflow vulnerability exists in the
camera ...)
@@ -31923,8 +31941,8 @@ CVE-2018-3895
RESERVED
CVE-2018-3894
RESERVED
-CVE-2018-3893
- RESERVED
+CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2018-3892
RESERVED
CVE-2018-3891
@@ -38186,8 +38204,8 @@ CVE-2018-1646
RESERVED
CVE-2018-1645
RESERVED
-CVE-2018-1644
- RESERVED
+CVE-2018-1644 (IBM WebSphere Commerce Enterprise, Professional, Express, and
...)
+ TODO: check
CVE-2018-1643
RESERVED
CVE-2018-1642
@@ -42162,8 +42180,8 @@ CVE-2018-0717
RESERVED
CVE-2018-0716
RESERVED
-CVE-2018-0715
- RESERVED
+CVE-2018-0715 (Cross-site scripting vulnerability in QNAP Photo Station
versions ...)
+ TODO: check
CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and
...)
NOT-FOR-US: Helpdesk
CVE-2018-0713
@@ -49535,8 +49553,7 @@ CVE-2017-15141
RESERVED
CVE-2017-15140
RESERVED
-CVE-2017-15139
- RESERVED
+CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to
and ...)
- cinder <unfixed>
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0084
NOTE: https://bugs.launchpad.net/ossn/+bug/1699573
@@ -117498,6 +117515,7 @@ CVE-2016-2339 (An exploitable heap overflow
vulnerability exists in the ...)
CVE-2016-2338
RESERVED
CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class
method. ...)
+ {DLA-1480-1}
- ruby2.3 2.3.0-1
- ruby2.1 <removed> (bug #851161)
[jessie] - ruby2.1 <no-dsa> (Minor problem, only exploitable when used
with Tcl/Tk8.6 and later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c059828f2a1511df2ce9531a7db83061f0c7791
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c059828f2a1511df2ce9531a7db83061f0c7791
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
