Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd556c47 by security tracker role at 2018-09-05T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,59 @@
+CVE-2018-16545 (Kaizen Asset Manager (Enterprise Edition) and Training Manager
...)
+ TODO: check
+CVE-2018-16544
+ RESERVED
+CVE-2018-16538
+ RESERVED
+CVE-2018-16537
+ RESERVED
+CVE-2018-16536
+ RESERVED
+CVE-2018-16535
+ RESERVED
+CVE-2018-16534
+ RESERVED
+CVE-2018-16533
+ RESERVED
+CVE-2018-16532
+ RESERVED
+CVE-2018-16531
+ RESERVED
+CVE-2018-16530
+ RESERVED
+CVE-2018-16529
+ RESERVED
+CVE-2018-16528
+ RESERVED
+CVE-2018-16527
+ RESERVED
+CVE-2018-16526
+ RESERVED
+CVE-2018-16525
+ RESERVED
+CVE-2018-16524
+ RESERVED
+CVE-2018-16523
+ RESERVED
+CVE-2018-16522
+ RESERVED
+CVE-2018-16521 (An XML External Entity (XXE) vulnerability exists in HTML Form
Entry ...)
+ TODO: check
+CVE-2018-16520
+ RESERVED
+CVE-2018-16519
+ RESERVED
+CVE-2018-16518 (A directory traversal vulnerability with remote code execution
in ...)
+ TODO: check
+CVE-2018-16517
+ RESERVED
+CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a
crafted URL. ...)
+ TODO: check
+CVE-2018-16514
+ RESERVED
CVE-2018-XXXX [Interger overflow while running jhead]
- jhead <unfixed> (bug #907925)
CVE-2018-16515
+ RESERVED
- matrix-synapse <unfixed> (bug #908044)
NOTE:
https://matrix.org/blog/2018/09/05/pre-disclosure-upcoming-critical-security-fix-for-synapse/
CVE-2018-16512
@@ -1391,7 +1444,7 @@ CVE-2018-15911 (In Artifex Ghostscript 9.23 before
2018-08-24, attackers able to
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665
NOTE: https://www.kb.cert.org/vuls/id/332928
-CVE-2018-15910 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers able
to supply ...)
+CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
NOTE: https://www.kb.cert.org/vuls/id/332928
@@ -1480,27 +1533,27 @@ CVE-2018-15878
RESERVED
CVE-2017-18345 (The Joomanager component through 2.0.0 for Joomla! has an
arbitrary ...)
NOT-FOR-US: Joomla addon
-CVE-2018-16543
+CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and
gsgetresolution ...)
- ghostscript <unfixed>
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670
-CVE-2018-16542
+CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668
-CVE-2018-16541
+CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664
-CVE-2018-16540
+CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661
-CVE-2018-16539
+CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658
-CVE-2018-16513
+CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655
@@ -4451,8 +4504,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem
of the Linux kernel bef
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
-CVE-2018-14618 [Curl_ntlm_core_mk_nt_hash: return error on too long password]
- RESERVED
+CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun
in the ...)
- curl <unfixed>
NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html
NOTE: https://github.com/curl/curl/issues/2756
@@ -5060,7 +5112,7 @@ CVE-2016-10727
(camel/providers/imapx/camel-imapx-server.c in the IMAPx componen
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334842
NOTE:
https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67
CVE-2018-14424 (The daemon in GDM through 3.29.1 does not properly unexport
display ...)
- {DSA-4270-1}
+ {DSA-4270-1 DLA-1494-1}
- gdm3 3.28.2-4
NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/401
NOTE:
https://gitlab.gnome.org/GNOME/gdm/commit/6060db704a19b0db68f2e9e6a2d020c0c78b6bba
@@ -9246,7 +9298,7 @@ CVE-2018-1000552 (Trovebox version <= 4.0.0-rc6
contains a SQL Injection vuln
CVE-2018-1000551 (Trovebox version <= 4.0.0-rc6 contains a PHP Type
juggling ...)
NOT-FOR-US: Trovebox
CVE-2018-1000550 (The Sympa Community Sympa version prior to version 6.2.32
contains a ...)
- {DLA-1441-1}
+ {DSA-4285-1 DLA-1441-1}
- sympa 6.2.32~dfsg-1
NOTE: https://sympa-community.github.io/security/2018-001.html
CVE-2018-1000549 (Wekan version 1.04.0 contains a Email / Username Enumeration
...)
@@ -14285,6 +14337,7 @@ CVE-2018-10860 (perl-archive-zip is vulnerable to a
directory traversal in ...)
NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
NOTE:
https://github.com/redhotpenguin/perl-Archive-Zip/commit/95e1df86327
CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when
decrypting ...)
+ {DLA-1495-1}
- git-annex 6.20180626-1
[stretch] - git-annex 6.20170101-1+deb9u2
NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
@@ -14294,6 +14347,7 @@ CVE-2018-10858 (A heap-buffer overflow was found in the
way samba clients proces
- samba 2:4.8.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html
CVE-2018-10857 (git-annex is vulnerable to a private data exposure and
exfiltration ...)
+ {DLA-1495-1}
- git-annex 6.20180626-1
[stretch] - git-annex 6.20170101-1+deb9u2
NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
@@ -18505,12 +18559,12 @@ CVE-2018-9196
RESERVED
CVE-2018-9195
RESERVED
-CVE-2018-9194
- RESERVED
+CVE-2018-9194 (A plaintext recovery of encrypted messages or a
Man-in-the-middle ...)
+ TODO: check
CVE-2018-9193
RESERVED
-CVE-2018-9192
- RESERVED
+CVE-2018-9192 (A plaintext recovery of encrypted messages or a
Man-in-the-middle ...)
+ TODO: check
CVE-2018-9191
RESERVED
CVE-2018-9190
@@ -40715,8 +40769,8 @@ CVE-2018-1355 (An open redirect vulnerability in
Fortinet FortiManager 6.0.0 and
NOT-FOR-US: Fortinet
CVE-2018-1354 (An improper access control vulnerability in Fortinet
FortiManager ...)
NOT-FOR-US: Fortinet
-CVE-2018-1353
- RESERVED
+CVE-2018-1353 (An information disclosure vulnerability in Fortinet
FortiManager 6.0.1 ...)
+ TODO: check
CVE-2018-1352
RESERVED
CVE-2018-1351 (A Cross-site Scripting (XSS) vulnerability in Fortinet
FortiManager ...)
@@ -57008,7 +57062,8 @@ CVE-2017-13105 (Hi Security Virus Cleaner - Antivirus,
Booster, 3.7.1.1329, ...)
NOT-FOR-US: Hi Security Virus Cleaner - Antivirus, Booster Android
application
CVE-2017-13104 (Uber Technologies, Inc. UberEATS: Uber for Food Delivery,
1.108.10001, ...)
NOT-FOR-US: Uber Technologies, Inc. UberEATS: Uber for Food Delivery
iOS application
-CVE-2017-13103 (Pinterest, 6.37, 2017-10-24, iOS application uses a hard-coded
key for ...)
+CVE-2017-13103
+ REJECTED
NOT-FOR-US: Pinterest iOS application
CVE-2017-13102 (Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0,
2017-08-13, iOS ...)
NOT-FOR-US: Gameloft Asphalt Xtreme: Offroad Rally Racing iOS
application
@@ -57457,7 +57512,7 @@ CVE-2017-12973 (Nimbus JOSE+JWT before 4.39 proceeds
improperly after detection
CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow
check when ...)
NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12976 (git-annex before 6.20170818 allows remote attackers to execute
...)
- {DSA-4010-1 DLA-1144-1}
+ {DSA-4010-1 DLA-1495-1 DLA-1144-1}
- git-annex 6.20170818-1 (bug #873088)
NOTE:
http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471
NOTE:
http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a
@@ -79351,6 +79406,7 @@ CVE-2017-5996 (The agent in Bomgar Remote Support
15.2.x before 15.2.3, 16.1.x b
CVE-2017-5995 (The NetApp ONTAP Select Deploy administration utility 2.0
through ...)
NOT-FOR-US: NetApp ONTAP Select Deploy administration utility
CVE-2017-14431 (Memory leak in Xen 3.3 through 4.8.x allows guest OS users to
cause a ...)
+ {DLA-1493-1}
- xen 4.8.1-1 (bug #856229)
[wheezy] - xen <no-dsa> (Minor issue)
NOTE: https://xenbits.xen.org/xsa/advisory-207.html
@@ -99777,8 +99833,7 @@ CVE-2016-1000234
RESERVED
CVE-2016-1000233
RESERVED
-CVE-2016-1000232
- RESERVED
+CVE-2016-1000232 (NodeJS Tough-Cookie version 2.2.2 contains a Regular
Expression ...)
NOT-FOR-US: nodejs tough-cookie
NOTE: https://nodesecurity.io/advisories/130
CVE-2016-1000231
@@ -106602,8 +106657,7 @@ CVE-2016-6249 (F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1
REST requests which timeout
CVE-2016-1000037
RESERVED
- pagure <itp> (bug #829046)
-CVE-2016-1000030 [X.509 Certificates Improperly Imported]
- RESERVED
+CVE-2016-1000030 (Pidgin version <2.11.0 contains a vulnerability in X.509
Certificates ...)
- pidgin 2.11.0-1 (unimportant)
[jessie] - pidgin 2.11.0-0+deb8u1
NOTE: http://www.pidgin.im/news/security/?id=91
@@ -111440,6 +111494,7 @@ CVE-2016-5026 (hs.py in OnionShare before 0.9.1
allows local users to modify the
[jessie] - onionshare <not-affected> (Vulnerable code not present)
NOTE: Neutralised by kernel hardening (also contrib and non-free not
supported)
CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local
guest OS ...)
+ {DLA-1493-1}
- xen 4.8.0~rc3-1
[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport,
libvirt doesn't have libxl driver enabled)
NOTE: http://xenbits.xen.org/xsa/advisory-178.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd556c470fb83213b48dcb6c78666be95f33a18a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd556c470fb83213b48dcb6c78666be95f33a18a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
