[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 06 Sep 2018 01:10:48 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b276cd65 by security tracker role at 2018-09-06T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2018-16554
+       RESERVED
+CVE-2018-16553
+       RESERVED
+CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, 
...)
+       TODO: check
+CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by ...)
+       TODO: check
+CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass 
the ...)
+       TODO: check
+CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory 
Traversal via ...)
+       TODO: check
+CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a 
memory ...)
+       TODO: check
+CVE-2018-16547
+       RESERVED
+CVE-2018-16546 (Amcrest networked devices use the same hardcoded SSL private 
key across ...)
+       TODO: check
 CVE-2018-16545 (Kaizen Asset Manager (Enterprise Edition) and Training Manager 
...)
        TODO: check
 CVE-2018-16544
@@ -162,8 +180,8 @@ CVE-2018-1000672
        REJECTED
 CVE-2018-1000662
        REJECTED
-CVE-2015-9266
-       RESERVED
+CVE-2015-9266 (The web management interface of Ubiquiti airMAX, airFiber, 
airGateway ...)
+       TODO: check
 CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an ...)
        NOT-FOR-US: baigo CMS
 CVE-2018-16457
@@ -207,10 +225,10 @@ CVE-2018-16439
 CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is an out ...)
        - hdf5 <undetermined>
        NOTE: H5L_extern_query@H5Lexternal.c:498-10___out-of-bounds-read
-CVE-2018-16437
-       RESERVED
-CVE-2018-16436
-       RESERVED
+CVE-2018-16437 (Gxlcms 2.0 has Directory Traversal exploitable by an 
administrator. ...)
+       TODO: check
+CVE-2018-16436 (Gxlcms 2.0 has SQL Injection exploitable by an administrator. 
...)
+       TODO: check
 CVE-2018-16435 (Little CMS (aka Little Color Management System) 2.9 has an 
integer ...)
        {DSA-4284-1}
        - lcms2 2.9-3 (bug #907983)
@@ -390,8 +408,8 @@ CVE-2018-16382 (Netwide Assembler (NASM) 2.14rc15 has a 
buffer over-read in ...)
        - nasm <unfixed> (unimportant; bug #907866)
        NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392503
        NOTE: Crash in CLI tool, no security impact
-CVE-2018-16381
-       RESERVED
+CVE-2018-16381 (e107 2.1.8 has XSS via the 
e107_admin/users.php?mode=main&amp;action=list ...)
+       TODO: check
 CVE-2018-16380 (An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF 
...)
        NOT-FOR-US: Ogma CMS
 CVE-2018-16379 (Ogma CMS 0.4 Beta has XSS via the &quot;Footer Text 
footer&quot; field on the ...)
@@ -436,8 +454,8 @@ CVE-2018-16363
        RESERVED
 CVE-2018-16362 (An issue was discovered in the Source Integration plugin 
before 1.5.9 ...)
        NOT-FOR-US: Mantis plugin
-CVE-2018-16361
-       RESERVED
+CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php 
allows XSS ...)
+       TODO: check
 CVE-2018-16360
        RESERVED
 CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, 
permits ...)
@@ -565,8 +583,8 @@ CVE-2018-16309
        RESERVED
 CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows 
CSV ...)
        NOT-FOR-US: Ninja Forms plugin for WordPress
-CVE-2018-16307
-       RESERVED
+CVE-2018-16307 (An &quot;Out-of-band resource load&quot; issue was discovered 
on Xiaomi MIWiFi ...)
+       TODO: check
 CVE-2018-16306
        RESERVED
 CVE-2018-16305
@@ -676,8 +694,8 @@ CVE-2018-16254
        RESERVED
 CVE-2018-16253
        RESERVED
-CVE-2018-16252
-       RESERVED
+CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has &quot;.elx&quot; 
FileType XML ...)
+       TODO: check
 CVE-2018-16251
        RESERVED
 CVE-2018-16250
@@ -904,16 +922,16 @@ CVE-2018-16150
        RESERVED
 CVE-2018-16149
        RESERVED
-CVE-2018-16148
-       RESERVED
-CVE-2018-16147
-       RESERVED
-CVE-2018-16146
-       RESERVED
-CVE-2018-16145
-       RESERVED
-CVE-2018-16144
-       RESERVED
+CVE-2018-16148 (The diagnosticsb2ksy parameter of the /rest endpoint in 
Opsview ...)
+       TODO: check
+CVE-2018-16147 (The data parameter of the /settings/api/router endpoint in 
Opsview ...)
+       TODO: check
+CVE-2018-16146 (The web management console of Opsview Monitor 5.4.x before 
5.4.2 ...)
+       TODO: check
+CVE-2018-16145 (The /etc/init.d/opsview-reporting-module script that runs at 
boot time ...)
+       TODO: check
+CVE-2018-16144 (The test connection functionality in the NetAudit section of 
Opsview ...)
+       TODO: check
 CVE-2018-16143
        RESERVED
 CVE-2018-16142 (PHPOK 4.8.278 has a Reflected XSS vulnerability in ...)
@@ -1428,10 +1446,10 @@ CVE-2018-15921
        RESERVED
 CVE-2018-15920
        RESERVED
-CVE-2018-15918
-       RESERVED
-CVE-2018-15917
-       RESERVED
+CVE-2018-15918 (An issue was discovered in Jorani 0.6.5. SQL Injection 
(error-based) ...)
+       TODO: check
+CVE-2018-15917 (Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 
allow ...)
+       TODO: check
 CVE-2018-15916
        RESERVED
 CVE-2018-15915
@@ -2036,24 +2054,24 @@ CVE-2018-15686
        RESERVED
 CVE-2018-15685 (GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in 
certain ...)
        - electron <itp> (bug #842420)
-CVE-2018-15684
-       RESERVED
-CVE-2018-15683
-       RESERVED
-CVE-2018-15682
-       RESERVED
-CVE-2018-15681
-       RESERVED
-CVE-2018-15680
-       RESERVED
-CVE-2018-15679
-       RESERVED
-CVE-2018-15678
-       RESERVED
-CVE-2018-15677
-       RESERVED
-CVE-2018-15676
-       RESERVED
+CVE-2018-15684 (An issue was discovered in BTITeam XBTIT. PHP error logs are 
stored in ...)
+       TODO: check
+CVE-2018-15683 (An issue was discovered in BTITeam XBTIT. The 
&quot;returnto&quot; parameter of ...)
+       TODO: check
+CVE-2018-15682 (An issue was discovered in BTITeam XBTIT. Due to a lack of 
cross-site ...)
+       TODO: check
+CVE-2018-15681 (An issue was discovered in BTITeam XBTIT 2.5.4. When a user 
logs in, ...)
+       TODO: check
+CVE-2018-15680 (An issue was discovered in BTITeam XBTIT 2.5.4. The hashed 
passwords ...)
+       TODO: check
+CVE-2018-15679 (An issue was discovered in BTITeam XBTIT 2.5.4. The 
&quot;keywords&quot; ...)
+       TODO: check
+CVE-2018-15678 (An issue was discovered in BTITeam XBTIT 2.5.4. The 
&quot;act&quot; parameter in ...)
+       TODO: check
+CVE-2018-15677 (The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 
2.5.4 has ...)
+       TODO: check
+CVE-2018-15676 (An issue was discovered in BTITeam XBTIT. By using 
String.replace and ...)
+       TODO: check
 CVE-2018-15675
        RESERVED
 CVE-2018-15674
@@ -4109,12 +4127,12 @@ CVE-2018-14773 (An issue was discovered in Http 
Foundation in Symfony 2.7.0 thro
        NOTE: 
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
 CVE-2018-14772
        RESERVED
-CVE-2018-14771
-       RESERVED
-CVE-2018-14770
-       RESERVED
-CVE-2018-14769
-       RESERVED
+CVE-2018-14771 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote 
attackers ...)
+       TODO: check
+CVE-2018-14770 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote 
attackers ...)
+       TODO: check
+CVE-2018-14769 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. 
...)
+       TODO: check
 CVE-2018-14768 (Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, 
MS9*, SD9*, ...)
        NOT-FOR-US: VIVOTEK devices
 CVE-2018-1999025 (A man in the middle vulnerability exists in Jenkins 
TraceTronic ...)
@@ -4513,6 +4531,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem 
of the Linux kernel bef
        NOTE: 
https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
        NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
 CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun 
in the ...)
+       {DSA-4286-1}
        - curl <unfixed>
        NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html
        NOTE: https://github.com/curl/curl/issues/2756
@@ -21450,7 +21469,7 @@ CVE-2018-8026 (This vulnerability in Apache Solr 6.0.0 
to 6.6.4 and 7.0.0 to 7.3
        NOTE: https://issues.apache.org/jira/browse/SOLR-12450
 CVE-2018-8025 (CVE-2018-8025 describes an issue in Apache HBase that affects 
the ...)
        NOT-FOR-US: Apache HBase
-CVE-2018-8024 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's 
...)
+CVE-2018-8024 (In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, 
it&#226;&#128;&#153;s possible  ...)
        NOT-FOR-US: Apache Spark
 CVE-2018-8023
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b276cd6525327a7fb2acbea4b5caa934b9fa30ca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b276cd6525327a7fb2acbea4b5caa934b9fa30ca
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to