Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b276cd65 by security tracker role at 2018-09-06T08:10:18Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,21 @@ +CVE-2018-16554 + RESERVED +CVE-2018-16553 + RESERVED +CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, ...) + TODO: check +CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by ...) + TODO: check +CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass the ...) + TODO: check +CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via ...) + TODO: check +CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...) + TODO: check +CVE-2018-16547 + RESERVED +CVE-2018-16546 (Amcrest networked devices use the same hardcoded SSL private key across ...) + TODO: check CVE-2018-16545 (Kaizen Asset Manager (Enterprise Edition) and Training Manager ...) TODO: check CVE-2018-16544 @@ -162,8 +180,8 @@ CVE-2018-1000672 REJECTED CVE-2018-1000662 REJECTED -CVE-2015-9266 - RESERVED +CVE-2015-9266 (The web management interface of Ubiquiti airMAX, airFiber, airGateway ...) + TODO: check CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an ...) NOT-FOR-US: baigo CMS CVE-2018-16457 @@ -207,10 +225,10 @@ CVE-2018-16439 CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ...) - hdf5 <undetermined> NOTE: H5L_extern_query@H5Lexternal.c:498-10___out-of-bounds-read -CVE-2018-16437 - RESERVED -CVE-2018-16436 - RESERVED +CVE-2018-16437 (Gxlcms 2.0 has Directory Traversal exploitable by an administrator. ...) + TODO: check +CVE-2018-16436 (Gxlcms 2.0 has SQL Injection exploitable by an administrator. ...) + TODO: check CVE-2018-16435 (Little CMS (aka Little Color Management System) 2.9 has an integer ...) {DSA-4284-1} - lcms2 2.9-3 (bug #907983) @@ -390,8 +408,8 @@ CVE-2018-16382 (Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in ...) - nasm <unfixed> (unimportant; bug #907866) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392503 NOTE: Crash in CLI tool, no security impact -CVE-2018-16381 - RESERVED +CVE-2018-16381 (e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list ...) + TODO: check CVE-2018-16380 (An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF ...) NOT-FOR-US: Ogma CMS CVE-2018-16379 (Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the ...) @@ -436,8 +454,8 @@ CVE-2018-16363 RESERVED CVE-2018-16362 (An issue was discovered in the Source Integration plugin before 1.5.9 ...) NOT-FOR-US: Mantis plugin -CVE-2018-16361 - RESERVED +CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS ...) + TODO: check CVE-2018-16360 RESERVED CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, permits ...) @@ -565,8 +583,8 @@ CVE-2018-16309 RESERVED CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV ...) NOT-FOR-US: Ninja Forms plugin for WordPress -CVE-2018-16307 - RESERVED +CVE-2018-16307 (An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi ...) + TODO: check CVE-2018-16306 RESERVED CVE-2018-16305 @@ -676,8 +694,8 @@ CVE-2018-16254 RESERVED CVE-2018-16253 RESERVED -CVE-2018-16252 - RESERVED +CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML ...) + TODO: check CVE-2018-16251 RESERVED CVE-2018-16250 @@ -904,16 +922,16 @@ CVE-2018-16150 RESERVED CVE-2018-16149 RESERVED -CVE-2018-16148 - RESERVED -CVE-2018-16147 - RESERVED -CVE-2018-16146 - RESERVED -CVE-2018-16145 - RESERVED -CVE-2018-16144 - RESERVED +CVE-2018-16148 (The diagnosticsb2ksy parameter of the /rest endpoint in Opsview ...) + TODO: check +CVE-2018-16147 (The data parameter of the /settings/api/router endpoint in Opsview ...) + TODO: check +CVE-2018-16146 (The web management console of Opsview Monitor 5.4.x before 5.4.2 ...) + TODO: check +CVE-2018-16145 (The /etc/init.d/opsview-reporting-module script that runs at boot time ...) + TODO: check +CVE-2018-16144 (The test connection functionality in the NetAudit section of Opsview ...) + TODO: check CVE-2018-16143 RESERVED CVE-2018-16142 (PHPOK 4.8.278 has a Reflected XSS vulnerability in ...) @@ -1428,10 +1446,10 @@ CVE-2018-15921 RESERVED CVE-2018-15920 RESERVED -CVE-2018-15918 - RESERVED -CVE-2018-15917 - RESERVED +CVE-2018-15918 (An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) ...) + TODO: check +CVE-2018-15917 (Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow ...) + TODO: check CVE-2018-15916 RESERVED CVE-2018-15915 @@ -2036,24 +2054,24 @@ CVE-2018-15686 RESERVED CVE-2018-15685 (GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain ...) - electron <itp> (bug #842420) -CVE-2018-15684 - RESERVED -CVE-2018-15683 - RESERVED -CVE-2018-15682 - RESERVED -CVE-2018-15681 - RESERVED -CVE-2018-15680 - RESERVED -CVE-2018-15679 - RESERVED -CVE-2018-15678 - RESERVED -CVE-2018-15677 - RESERVED -CVE-2018-15676 - RESERVED +CVE-2018-15684 (An issue was discovered in BTITeam XBTIT. PHP error logs are stored in ...) + TODO: check +CVE-2018-15683 (An issue was discovered in BTITeam XBTIT. The "returnto" parameter of ...) + TODO: check +CVE-2018-15682 (An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site ...) + TODO: check +CVE-2018-15681 (An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, ...) + TODO: check +CVE-2018-15680 (An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords ...) + TODO: check +CVE-2018-15679 (An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" ...) + TODO: check +CVE-2018-15678 (An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in ...) + TODO: check +CVE-2018-15677 (The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has ...) + TODO: check +CVE-2018-15676 (An issue was discovered in BTITeam XBTIT. By using String.replace and ...) + TODO: check CVE-2018-15675 RESERVED CVE-2018-15674 @@ -4109,12 +4127,12 @@ CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 thro NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers CVE-2018-14772 RESERVED -CVE-2018-14771 - RESERVED -CVE-2018-14770 - RESERVED -CVE-2018-14769 - RESERVED +CVE-2018-14771 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...) + TODO: check +CVE-2018-14770 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...) + TODO: check +CVE-2018-14769 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. ...) + TODO: check CVE-2018-14768 (Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, ...) NOT-FOR-US: VIVOTEK devices CVE-2018-1999025 (A man in the middle vulnerability exists in Jenkins TraceTronic ...) @@ -4513,6 +4531,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel bef NOTE: https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1 CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the ...) + {DSA-4286-1} - curl <unfixed> NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html NOTE: https://github.com/curl/curl/issues/2756 @@ -21450,7 +21469,7 @@ CVE-2018-8026 (This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3 NOTE: https://issues.apache.org/jira/browse/SOLR-12450 CVE-2018-8025 (CVE-2018-8025 describes an issue in Apache HBase that affects the ...) NOT-FOR-US: Apache HBase -CVE-2018-8024 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's ...) +CVE-2018-8024 (In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it’s possible ...) NOT-FOR-US: Apache Spark CVE-2018-8023 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b276cd6525327a7fb2acbea4b5caa934b9fa30ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b276cd6525327a7fb2acbea4b5caa934b9fa30ca You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits