[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 07 Sep 2018 01:10:41 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ac2e8dd0 by security tracker role at 2018-09-07T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2018-16656
+       RESERVED
+CVE-2018-16655 (Gxlcms 1.0 has XSS via the PATH_INFO to ...)
+       TODO: check
+CVE-2018-16654 (Zurmo 3.2.4 Stable allows XSS via ...)
+       TODO: check
+CVE-2018-16653 (rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name 
parameter. ...)
+       TODO: check
+CVE-2018-16652
+       RESERVED
+CVE-2018-16651 (The admin backend in phpMyFAQ before 2.9.11 allows CSV 
injection in ...)
+       TODO: check
+CVE-2018-16650 (phpMyFAQ before 2.9.11 allows CSRF. ...)
+       TODO: check
+CVE-2018-16649
+       RESERVED
+CVE-2018-16648 (In Artifex MuPDF 1.13.0, the fz_append_byte function in 
fitz/buffer.c ...)
+       TODO: check
+CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in 
...)
+       TODO: check
+CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc 
may cause ...)
+       TODO: check
+CVE-2018-16645 (There is an excessive memory allocation issue in the functions 
...)
+       TODO: check
+CVE-2018-16644 (There is a missing check for length in the functions 
ReadDCMImage of ...)
+       TODO: check
+CVE-2018-16643 (The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in 
...)
+       TODO: check
+CVE-2018-16642 (The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 
allows ...)
+       TODO: check
+CVE-2018-16641 (ImageMagick 7.0.8-6 has a memory leak vulnerability in the ...)
+       TODO: check
+CVE-2018-16640 (ImageMagick 7.0.8-5 has a memory leak vulnerability in the 
function ...)
+       TODO: check
+CVE-2018-16639
+       RESERVED
+CVE-2018-16638
+       RESERVED
+CVE-2018-16637
+       RESERVED
+CVE-2018-16636
+       RESERVED
+CVE-2018-16635
+       RESERVED
+CVE-2018-16634
+       RESERVED
+CVE-2018-16633
+       RESERVED
+CVE-2018-16632
+       RESERVED
+CVE-2018-16631
+       RESERVED
+CVE-2018-16630
+       RESERVED
+CVE-2018-16629
+       RESERVED
+CVE-2018-16628
+       RESERVED
+CVE-2018-16627
+       RESERVED
+CVE-2018-16626
+       RESERVED
+CVE-2018-16625
+       RESERVED
+CVE-2018-16624
+       RESERVED
+CVE-2018-16623
+       RESERVED
+CVE-2018-16622 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+       TODO: check
+CVE-2018-16621
+       RESERVED
+CVE-2018-16620
+       RESERVED
+CVE-2018-16619
+       RESERVED
+CVE-2018-16618
+       RESERVED
+CVE-2018-1000670 (KOHA Library System version 16.11.x (up until 16.11.13) and 
17.05.x ...)
+       TODO: check
+CVE-2018-1000669 (KOHA Library System version 16.11.x (up until 16.11.13) and 
17.05.x ...)
+       TODO: check
 CVE-2018-16617
        RESERVED
 CVE-2018-16616
@@ -52,8 +134,8 @@ CVE-2018-16592
        RESERVED
 CVE-2018-16591
        RESERVED
-CVE-2018-16590
-       RESERVED
+CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use only client-side 
JavaScript for ...)
+       TODO: check
 CVE-2018-16589
        RESERVED
 CVE-2018-16588
@@ -226,8 +308,8 @@ CVE-2018-16519
        RESERVED
 CVE-2018-16518 (A directory traversal vulnerability with remote code execution 
in ...)
        NOT-FOR-US: Prim'X Zed! FREE
-CVE-2018-16517
-       RESERVED
+CVE-2018-16517 (asm/labels.c in Netwide Assembler (NASM) is prone to NULL 
Pointer ...)
+       TODO: check
 CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a 
crafted URL. ...)
        - python-flask-admin <itp> (bug #765509)
 CVE-2018-16514
@@ -756,8 +838,8 @@ CVE-2018-16312
        RESERVED
 CVE-2018-16311
        RESERVED
-CVE-2018-16310
-       RESERVED
+CVE-2018-16310 (Technicolor TG588V V2 devices allow remote attackers to cause 
a denial ...)
+       TODO: check
 CVE-2018-16309
        RESERVED
 CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows 
CSV ...)
@@ -806,8 +888,8 @@ CVE-2018-16287
        RESERVED
 CVE-2018-16286
        RESERVED
-CVE-2018-16285
-       RESERVED
+CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via 
the ...)
+       TODO: check
 CVE-2018-16284
        RESERVED
 CVE-2018-16283
@@ -855,8 +937,8 @@ CVE-2018-16263
        RESERVED
 CVE-2018-16262
        RESERVED
-CVE-2018-16261
-       RESERVED
+CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 
9.0R1, ...)
+       TODO: check
 CVE-2018-16260
        RESERVED
 CVE-2018-16259
@@ -1792,7 +1874,7 @@ CVE-2018-16585 (An issue was discovered in Artifex 
Ghostscript before 9.24. The
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699663
-CVE-2018-15877 (The Plainview Activity Monitor plugin 4.7.11 for WordPress is 
...)
+CVE-2018-15877 (The Plainview Activity Monitor plugin before 20180826 for 
WordPress is ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2018-15876 (An issue was discovered in the ajax-bootmodal-login plugin 
1.4.3 for ...)
        NOT-FOR-US: Wordpress plugin
@@ -1821,8 +1903,8 @@ CVE-2018-15867
        RESERVED
 CVE-2018-15866
        RESERVED
-CVE-2018-15865
-       RESERVED
+CVE-2018-15865 (The Pulse Secure Desktop (macOS) has a Privilege Escalation 
...)
+       TODO: check
 CVE-2018-15864 (Unchecked NULL pointer usage in resolve_keysym in 
xkbcomp/parser.y in ...)
        - libxkbcommon 0.8.2-1 (low; bug #907302)
        [stretch] - libxkbcommon <no-dsa> (Minor issue)
@@ -2099,8 +2181,8 @@ CVE-2018-15751
        RESERVED
 CVE-2018-15750
        RESERVED
-CVE-2018-15749
-       RESERVED
+CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 
has a ...)
+       TODO: check
 CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 
2.70.05.02, ...)
        NOT-FOR-US: Dell 2335dn printers
 CVE-2018-15747
@@ -2162,8 +2244,8 @@ CVE-2018-1999043 (A denial of service vulnerability 
exists in Jenkins 2.137 and
        - jenkins <removed>
 CVE-2018-1999042 (A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 
and ...)
        - jenkins <removed>
-CVE-2018-15726
-       RESERVED
+CVE-2018-15726 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 
has a ...)
+       TODO: check
 CVE-2018-15725
        RESERVED
 CVE-2018-15724
@@ -5501,8 +5583,8 @@ CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 
2.4.7, the CoAP protoco
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14966
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310
        NOTE: https://www.wireshark.org/security/wnpa-sec-2018-42.html
-CVE-2018-14366
-       RESERVED
+CVE-2018-14366 (download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 
8.1R13 ...)
+       TODO: check
 CVE-2018-14365
        RESERVED
 CVE-2018-14364 (GitLab Community and Enterprise Edition before 10.7.7, 10.8.x 
before ...)
@@ -10864,8 +10946,8 @@ CVE-2018-12236
        RESERVED
 CVE-2018-12235
        RESERVED
-CVE-2018-12234
-       RESERVED
+CVE-2018-12234 (A Reflected Cross Site Scripting (XSS) Vulnerability was 
discovered in ...)
+       TODO: check
 CVE-2018-12231
        RESERVED
 CVE-2018-12230 (An wrong logical check identified in the transferFrom function 
of a ...)
@@ -27133,8 +27215,8 @@ CVE-2018-6322 (Panda Global Protection 17.0.1 allows 
local users to gain privile
        NOT-FOR-US: Panda Global Protection
 CVE-2018-6321 (Unquoted Windows search path vulnerability in the 
panda_url_filtering ...)
        NOT-FOR-US: Panda Global Protection
-CVE-2018-6320
-       RESERVED
+CVE-2018-6320 (A vulnerability has been discovered in login.cgi in Pulse 
Secure Pulse ...)
+       TODO: check
 CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a 
special ...)
        NOT-FOR-US: Sophos Tester Tool
 CVE-2018-6318 (In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the 
context ...)
@@ -30074,8 +30156,7 @@ CVE-2018-5392 (mingw-w64 version 5.0.4 by default 
produces executables that opt
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17321
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19011
        NOTE: https://www.kb.cert.org/vuls/id/307144 (describes workaround)
-CVE-2018-5391 [Remote denial of service via improper IP fragment handling]
-       RESERVED
+CVE-2018-5391 (The Linux kernel, versions 3.9+, is vulnerable to a denial of 
service ...)
        {DSA-4272-1 DLA-1466-1}
        - linux 4.17.15-1
        NOTE: Mitigation: Change the default values of 
net.ipv4.ipfrag_high_thresh and
@@ -30086,8 +30167,7 @@ CVE-2018-5390 (Linux kernel versions 4.9+ can be forced 
to make very expensive c
        - linux 4.17.14-1 (bug #905751)
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: https://www.kb.cert.org/vuls/id/962459
-CVE-2018-5389 [low-entropy passphrase in IKEv1 can be brute-forced]
-       RESERVED
+CVE-2018-5389 (The Internet Key Exchange v1 main mode is vulnerable to offline 
...)
        - strongswan <unfixed> (unimportant)
        - libreswan <unfixed> (unimportant)
        - ipsec-tools <unfixed> (unimportant)
@@ -31372,8 +31452,8 @@ CVE-2018-5007 (Adobe Flash Player 30.0.0.113 and 
earlier versions have a Type ..
        NOT-FOR-US: Adobe
 CVE-2018-5006 (Adobe Experience Manager versions 6.4 and earlier have a 
Server-Side ...)
        NOT-FOR-US: Adobe
-CVE-2018-5005
-       RESERVED
+CVE-2018-5005 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 
have a ...)
+       TODO: check
 CVE-2018-5004 (Adobe Experience Manager versions 6.2 and 6.3 have a 
Server-Side ...)
        NOT-FOR-US: Adobe
 CVE-2018-5003 (Adobe Creative Cloud Desktop Application before 4.5.5.342 
(installer) ...)
@@ -46803,8 +46883,8 @@ CVE-2017-16716 (A SQL Injection issue was discovered in 
WebAccess versions prior
        NOT-FOR-US: Advantech WebAccess
 CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 
5110 Version ...)
        NOT-FOR-US: Moxa
-CVE-2017-16714
-       RESERVED
+CVE-2017-16714 (In Ice Qube Thermal Management Center versions prior to 
version 4.13, ...)
+       TODO: check
 CVE-2017-16713
        RESERVED
 CVE-2017-16712
@@ -55047,8 +55127,8 @@ CVE-2017-14028 (A Resource Exhaustion issue was 
discovered in Moxa NPort 5110 Ve
        NOT-FOR-US: Moxa
 CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in 
Korenix JetNet ...)
        NOT-FOR-US: Korenix
-CVE-2017-14026
-       RESERVED
+CVE-2017-14026 (In Ice Qube Thermal Management Center versions prior to 
version 4.13, ...)
+       TODO: check
 CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB 
FOX515T ...)
        NOT-FOR-US: ABB FOX515T
 CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in 
Schneider ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac2e8dd082841bcbd070779e82a9dfd8539d4338

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac2e8dd082841bcbd070779e82a9dfd8539d4338
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to