Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3e5b028b by security tracker role at 2018-09-11T20:10:23Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,231 @@ +CVE-2018-16945 + RESERVED +CVE-2018-16944 + RESERVED +CVE-2018-16943 + RESERVED +CVE-2018-16942 + RESERVED +CVE-2018-16941 + RESERVED +CVE-2018-16940 + RESERVED +CVE-2018-16939 + RESERVED +CVE-2018-16938 + RESERVED +CVE-2018-16937 + RESERVED +CVE-2018-16936 + RESERVED +CVE-2018-16935 + RESERVED +CVE-2018-16934 + RESERVED +CVE-2018-16933 + RESERVED +CVE-2018-16932 + RESERVED +CVE-2018-16931 + RESERVED +CVE-2018-16930 + RESERVED +CVE-2018-16929 + RESERVED +CVE-2018-16928 + RESERVED +CVE-2018-16927 + RESERVED +CVE-2018-16926 + RESERVED +CVE-2018-16925 + RESERVED +CVE-2018-16924 + RESERVED +CVE-2018-16923 + RESERVED +CVE-2018-16922 + RESERVED +CVE-2018-16921 + RESERVED +CVE-2018-16920 + RESERVED +CVE-2018-16919 + RESERVED +CVE-2018-16918 + RESERVED +CVE-2018-16917 + RESERVED +CVE-2018-16916 + RESERVED +CVE-2018-16915 + RESERVED +CVE-2018-16914 + RESERVED +CVE-2018-16913 + RESERVED +CVE-2018-16912 + RESERVED +CVE-2018-16911 + RESERVED +CVE-2018-16910 + RESERVED +CVE-2018-16909 + RESERVED +CVE-2018-16908 + RESERVED +CVE-2018-16907 + RESERVED +CVE-2018-16906 + RESERVED +CVE-2018-16905 + RESERVED +CVE-2018-16904 + RESERVED +CVE-2018-16903 + RESERVED +CVE-2018-16902 + RESERVED +CVE-2018-16901 + RESERVED +CVE-2018-16900 + RESERVED +CVE-2018-16899 + RESERVED +CVE-2018-16898 + RESERVED +CVE-2018-16897 + RESERVED +CVE-2018-16896 + RESERVED +CVE-2018-16895 + RESERVED +CVE-2018-16894 + RESERVED +CVE-2018-16893 + RESERVED +CVE-2018-16892 + RESERVED +CVE-2018-16891 + RESERVED +CVE-2018-16890 + RESERVED +CVE-2018-16889 + RESERVED +CVE-2018-16888 + RESERVED +CVE-2018-16887 + RESERVED +CVE-2018-16886 + RESERVED +CVE-2018-16885 + RESERVED +CVE-2018-16884 + RESERVED +CVE-2018-16883 + RESERVED +CVE-2018-16882 + RESERVED +CVE-2018-16881 + RESERVED +CVE-2018-16880 + RESERVED +CVE-2018-16879 + RESERVED +CVE-2018-16878 + RESERVED +CVE-2018-16877 + RESERVED +CVE-2018-16876 + RESERVED +CVE-2018-16875 + RESERVED +CVE-2018-16874 + RESERVED +CVE-2018-16873 + RESERVED +CVE-2018-16872 + RESERVED +CVE-2018-16871 + RESERVED +CVE-2018-16870 + RESERVED +CVE-2018-16869 + RESERVED +CVE-2018-16868 + RESERVED +CVE-2018-16867 + RESERVED +CVE-2018-16866 + RESERVED +CVE-2018-16865 + RESERVED +CVE-2018-16864 + RESERVED +CVE-2018-16863 + RESERVED +CVE-2018-16862 + RESERVED +CVE-2018-16861 + RESERVED +CVE-2018-16860 + RESERVED +CVE-2018-16859 + RESERVED +CVE-2018-16858 + RESERVED +CVE-2018-16857 + RESERVED +CVE-2018-16856 + RESERVED +CVE-2018-16855 + RESERVED +CVE-2018-16854 + RESERVED +CVE-2018-16853 + RESERVED +CVE-2018-16852 + RESERVED +CVE-2018-16851 + RESERVED +CVE-2018-16850 + RESERVED +CVE-2018-16849 + RESERVED +CVE-2018-16848 + RESERVED +CVE-2018-16847 + RESERVED +CVE-2018-16846 + RESERVED +CVE-2018-16845 + RESERVED +CVE-2018-16844 + RESERVED +CVE-2018-16843 + RESERVED +CVE-2018-16842 + RESERVED +CVE-2018-16841 + RESERVED +CVE-2018-16840 + RESERVED +CVE-2018-16839 + RESERVED +CVE-2018-16838 + RESERVED +CVE-2018-16837 + RESERVED +CVE-2018-16836 (Rubedo through 3.4.0 contains a Directory Traversal vulnerability in ...) + TODO: check +CVE-2018-16835 + RESERVED +CVE-2018-16834 + RESERVED +CVE-2018-16833 + RESERVED +CVE-2018-16832 (CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to ...) + TODO: check CVE-2018-XXXX [OpenAFS Security Advisory-2018-003] - openafs <unfixed> (bug #908616) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt @@ -31,8 +259,8 @@ CVE-2018-1002001 NOTE: Wordpress plugin CVE-2018-1002000 NOTE: Wordpress plugin -CVE-2018-16831 - RESERVED +CVE-2018-16831 (Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir ...) + TODO: check CVE-2018-16830 RESERVED CVE-2018-16829 @@ -240,6 +468,7 @@ CVE-2018-16742 [stack-based buffer overflow with long arguments in contrib/scrts NOTE: Upstream removed contrib/scrts in 7d018d471f4c737f77ef281f5859a3b1c9ded42f (1.2.1) CVE-2018-16741 [shell injection via faxq-helper] RESERVED + {DSA-4291-1} - mgetty <unfixed> NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/ NOTE: Upstream commit: 1a7b3a30f79bae4cfbc6404fe4648689cd0ade62 (1.2.1) @@ -409,6 +638,7 @@ CVE-2018-16660 CVE-2018-16659 RESERVED CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...) + {DSA-4292-1} - kamailio 5.1.4-1 (bug #908324) NOTE: https://skalatan.de/blog/advisory-hw-2018-06 NOTE: https://github.com/kamailio/kamailio/commit/ad68e402ece8089f133c10de6ce319f9e28c0692 (master) @@ -942,7 +1172,7 @@ CVE-2018-16432 (BlueCMS 1.6 allows SQL Injection via the user_name parameter to CVE-2018-16431 (admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an ...) NOT-FOR-US: YFCMF CVE-2018-16430 (GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in ...) - {DSA-4290-1} + {DSA-4290-1 DLA-1501-1} - libextractor <unfixed> (bug #907987) NOTE: https://gnunet.org/bugs/view.php?id=5405 NOTE: https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7 @@ -14504,8 +14734,8 @@ CVE-2018-11080 RESERVED CVE-2018-11079 RESERVED -CVE-2018-11078 - RESERVED +CVE-2018-11078 (Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an ...) + TODO: check CVE-2018-11077 RESERVED CVE-2018-11076 @@ -14520,12 +14750,12 @@ CVE-2018-11072 RESERVED CVE-2018-11071 RESERVED -CVE-2018-11070 - RESERVED -CVE-2018-11069 - RESERVED -CVE-2018-11068 - RESERVED +CVE-2018-11070 (RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J ...) + TODO: check +CVE-2018-11069 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing ...) + TODO: check +CVE-2018-11068 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection ...) + TODO: check CVE-2018-11067 RESERVED CVE-2018-11066 @@ -14860,16 +15090,14 @@ CVE-2018-10938 (A flaw was found in the Linux kernel present since v4.0-rc1 and [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/40413955ee265a5e42f710940ec78f5450d49149 (4.13-rc5) NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/1 -CVE-2018-10937 - RESERVED +CVE-2018-10937 (A cross site scripting flaw exists in the tetonic-console component of ...) NOT-FOR-US: OpenShift CVE-2018-10936 (A weakness was found in postgresql-jdbc before version 42.2.5. It was ...) - libpgjava 42.2.5-1 [stretch] - libpgjava <no-dsa> (Minor issue) [jessie] - libpgjava <no-dsa> (Minor issue) NOTE: https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e412309 -CVE-2018-10935 [ldapsearch with server side sort allows users to cause a crash] - RESERVED +CVE-2018-10935 (A flaw was found in the 389 Directory Server that allows users to ...) {DLA-1483-1} - 389-ds-base 1.4.0.15-1 (bug #906985) NOTE: https://pagure.io/389-ds-base/issue/49890 @@ -15037,8 +15265,7 @@ CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site r NOTE: Fixed in: https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660 (v1.4.1) CVE-2018-10894 (It was found that SAML authentication in Keycloak 3.4.3.Final ...) NOT-FOR-US: Keycloak -CVE-2018-10893 [Insufficient encoding checks for LZ can cause different integer/buffer overflows] - RESERVED +CVE-2018-10893 (Multiple integer overflow and buffer overflow issues were discovered ...) - spice-gtk <unfixed> (bug #904161) [stretch] - spice-gtk <no-dsa> (Minor issue) [jessie] - spice-gtk <no-dsa> (Minor issue) @@ -15214,8 +15441,7 @@ CVE-2018-10855 (Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588855 CVE-2018-10854 RESERVED -CVE-2018-10853 [kvm: guest userspace to guest kernel write] - RESERVED +CVE-2018-10853 (A flaw was found in the way Linux kernel KVM hypervisor before 4.18 ...) {DLA-1423-1 DLA-1422-1} - linux 4.16.16-1 [stretch] - linux 4.9.110-1 @@ -25645,10 +25871,10 @@ CVE-2018-6978 RESERVED CVE-2018-6977 RESERVED -CVE-2018-6976 - RESERVED -CVE-2018-6975 - RESERVED +CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data ...) + TODO: check +CVE-2018-6975 (The AirWatch Agent for iOS prior to 5.8.1 contains a data protection ...) + TODO: check CVE-2018-6974 RESERVED CVE-2018-6973 (VMware Workstation (14.x before 14.1.3) and Fusion (10.x before ...) @@ -39055,34 +39281,34 @@ CVE-2018-2467 RESERVED CVE-2018-2466 RESERVED -CVE-2018-2465 - RESERVED -CVE-2018-2464 - RESERVED -CVE-2018-2463 - RESERVED -CVE-2018-2462 - RESERVED -CVE-2018-2461 - RESERVED -CVE-2018-2460 - RESERVED -CVE-2018-2459 - RESERVED -CVE-2018-2458 - RESERVED -CVE-2018-2457 - RESERVED +CVE-2018-2465 (SAP HANA (versions 1.0 and 2.0) Extended Application Services classic ...) + TODO: check +CVE-2018-2464 (SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not ...) + TODO: check +CVE-2018-2463 (The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions ...) + TODO: check +CVE-2018-2462 (In certain cases, BEx Web Java Runtime Export Web Service in SAP ...) + TODO: check +CVE-2018-2461 (Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 ...) + TODO: check +CVE-2018-2460 (SAP Business One Android application, version 1.2, does not verify the ...) + TODO: check +CVE-2018-2459 (Users of an SAP Mobile Platform (version 3.0) Offline OData ...) + TODO: check +CVE-2018-2458 (Under certain conditions, Crystal Report using SAP Business One, ...) + TODO: check +CVE-2018-2457 (Under certain conditions SAP Adaptive Server Enterprise, version 16.0, ...) + TODO: check CVE-2018-2456 RESERVED -CVE-2018-2455 - RESERVED -CVE-2018-2454 - RESERVED +CVE-2018-2455 (SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, ...) + TODO: check +CVE-2018-2454 (SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, ...) + TODO: check CVE-2018-2453 RESERVED -CVE-2018-2452 - RESERVED +CVE-2018-2452 (The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, ...) + TODO: check CVE-2018-2451 (XS Command-Line Interface (CLI) user sessions with the SAP HANA ...) NOT-FOR-US: SAP HANA Extended Application Services CVE-2018-2450 (SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who ...) @@ -40893,8 +41119,8 @@ CVE-2018-1573 RESERVED CVE-2018-1572 RESERVED -CVE-2018-1571 - RESERVED +CVE-2018-1571 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to ...) + TODO: check CVE-2018-1570 RESERVED CVE-2018-1569 @@ -42831,8 +43057,7 @@ CVE-2018-1128 (It was found that cephx authentication protocol did not verify ce [jessie] - ceph <no-dsa> (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24836 NOTE: https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468 -CVE-2018-1127 - RESERVED +CVE-2018-1127 (Tendrl API in Red Hat Gluster Storage before 3.4.0 does not ...) NOT-FOR-US: tendrl-api CVE-2018-1126 (procps-ng before version 3.3.15 is vulnerable to an incorrect integer ...) {DSA-4208-1 DLA-1390-1} @@ -42908,8 +43133,7 @@ CVE-2018-1115 (postgresql before versions 10.4, 9.6.9 is vulnerable in the admin - postgresql-9.1 <removed> [jessie] - postgresql-9.1 <not-affected> (Code not present) [wheezy] - postgresql-9.1 <not-affected> (Code not present) -CVE-2018-1114 [File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service] - RESERVED +CVE-2018-1114 (It was found that URLResource.getLastModified() in Undertow closes the ...) - undertow 1.4.25-1 (bug #897247) NOTE: https://issues.jboss.org/browse/UNDERTOW-1338 NOTE: https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a @@ -89070,25 +89294,25 @@ CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified ...) CVE-2017-3180 (Multiple TIBCO Products are prone to multiple unspecified cross-site ...) NOT-FOR-US: TIBCO CVE-2017-3179 - RESERVED + REJECTED CVE-2017-3178 - RESERVED + REJECTED CVE-2017-3177 - RESERVED + REJECTED CVE-2017-3176 - RESERVED + REJECTED CVE-2017-3175 - RESERVED + REJECTED CVE-2017-3174 - RESERVED + REJECTED CVE-2017-3173 - RESERVED + REJECTED CVE-2017-3172 - RESERVED + REJECTED CVE-2017-3171 - RESERVED + REJECTED CVE-2017-3170 - RESERVED + REJECTED CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl ...) {DSA-3896-1 DLA-1009-1} - apache2 2.4.25-4 @@ -104622,16 +104846,14 @@ CVE-2016-7076 (sudo before version 1.8.18p1 is vulnerable to a bypass in the sud CVE-2016-7075 (It was found that Kubernetes as used by Openshift Enterprise 3 did not ...) - kubernetes 1.5.5+dfsg-1 (bug #795652) NOTE: https://github.com/kubernetes/kubernetes/issues/34517 -CVE-2016-7074 - RESERVED +CVE-2016-7074 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and ...) {DSA-3764-1 DLA-798-1} - pdns 4.0.2-1 - pdns-recursor 4.0.4-1 [jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected) [wheezy] - pdns-recursor <not-affected> (Only >= 4.0.0 affected) NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ -CVE-2016-7073 - RESERVED +CVE-2016-7073 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and ...) {DSA-3764-1 DLA-798-1} - pdns 4.0.2-1 - pdns-recursor 4.0.4-1 @@ -104644,16 +104866,14 @@ CVE-2016-7072 (An issue has been found in PowerDNS Authoritative Server before 3 NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/ CVE-2016-7071 (It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not ...) NOT-FOR-US: Red Hat CloudForms -CVE-2016-7070 - RESERVED -CVE-2016-7069 [Crafted backend responses can cause a denial of service] - RESERVED +CVE-2016-7070 (A privilege escalation flaw was found in the Ansible Tower. When Tower ...) + TODO: check +CVE-2016-7069 (An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT ...) - dnsdist 1.2.0-1 (low; bug #872854) [stretch] - dnsdist 1.1.0-2+deb9u1 NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html NOTE: https://downloads.powerdns.com/patches/2017-01 -CVE-2016-7068 - RESERVED +CVE-2016-7068 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and ...) {DSA-3764-1 DSA-3763-1 DLA-798-1 DLA-788-1} - pdns 4.0.2-1 - pdns-recursor 4.0.4-1 @@ -104665,8 +104885,7 @@ CVE-2016-7067 (Monit before version 5.20.0 is vulnerable to a cross site request NOTE: https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master NOTE: Although configured only on localhost, the httpd service is started by NOTE: default and accessible. -CVE-2016-7066 - RESERVED +CVE-2016-7066 (It was found that the improper default permissions on /tmp/auth ...) NOT-FOR-US: admin-cli / jboss-cli in Red Hat CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...) NOT-FOR-US: Red Hat JBoss EAP @@ -104732,8 +104951,7 @@ CVE-2016-7049 RESERVED CVE-2016-7048 (The interactive installer in PostgreSQL before 9.3.15, 9.4.x before ...) NOT-FOR-US: interactive installer used in EnterpriseDB-supplied PostgreSQL packages -CVE-2016-7047 - RESERVED +CVE-2016-7047 (A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2016-7046 (Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating ...) - undertow 1.4.3-1 (bug #838600) @@ -125967,8 +126185,7 @@ CVE-2016-0751 (actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack i - ruby-actionpack-3.2 <removed> - ruby-actionpack-2.3 <removed> [wheezy] - ruby-actionpack-2.3 <end-of-life> -CVE-2016-0750 - RESERVED +CVE-2016-0750 (The hotrod java client in infinispan before 9.1.0.Final automatically ...) NOT-FOR-US: Infinispan CVE-2016-0749 (The smartcard interaction in SPICE allows remote attackers to cause a ...) {DSA-3596-1} @@ -126109,8 +126326,8 @@ CVE-2016-0717 REJECTED CVE-2016-0716 REJECTED -CVE-2016-0715 - RESERVED +CVE-2016-0715 (Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, ...) + TODO: check CVE-2016-0714 (The session-persistence implementation in Apache Tomcat 6.x before ...) {DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1} - tomcat9 <itp> (bug #802312) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e5b028bc300b92635061ff52b59a59f32c90cd9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e5b028bc300b92635061ff52b59a59f32c90cd9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits