Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e5b028b by security tracker role at 2018-09-11T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,231 @@
+CVE-2018-16945
+ RESERVED
+CVE-2018-16944
+ RESERVED
+CVE-2018-16943
+ RESERVED
+CVE-2018-16942
+ RESERVED
+CVE-2018-16941
+ RESERVED
+CVE-2018-16940
+ RESERVED
+CVE-2018-16939
+ RESERVED
+CVE-2018-16938
+ RESERVED
+CVE-2018-16937
+ RESERVED
+CVE-2018-16936
+ RESERVED
+CVE-2018-16935
+ RESERVED
+CVE-2018-16934
+ RESERVED
+CVE-2018-16933
+ RESERVED
+CVE-2018-16932
+ RESERVED
+CVE-2018-16931
+ RESERVED
+CVE-2018-16930
+ RESERVED
+CVE-2018-16929
+ RESERVED
+CVE-2018-16928
+ RESERVED
+CVE-2018-16927
+ RESERVED
+CVE-2018-16926
+ RESERVED
+CVE-2018-16925
+ RESERVED
+CVE-2018-16924
+ RESERVED
+CVE-2018-16923
+ RESERVED
+CVE-2018-16922
+ RESERVED
+CVE-2018-16921
+ RESERVED
+CVE-2018-16920
+ RESERVED
+CVE-2018-16919
+ RESERVED
+CVE-2018-16918
+ RESERVED
+CVE-2018-16917
+ RESERVED
+CVE-2018-16916
+ RESERVED
+CVE-2018-16915
+ RESERVED
+CVE-2018-16914
+ RESERVED
+CVE-2018-16913
+ RESERVED
+CVE-2018-16912
+ RESERVED
+CVE-2018-16911
+ RESERVED
+CVE-2018-16910
+ RESERVED
+CVE-2018-16909
+ RESERVED
+CVE-2018-16908
+ RESERVED
+CVE-2018-16907
+ RESERVED
+CVE-2018-16906
+ RESERVED
+CVE-2018-16905
+ RESERVED
+CVE-2018-16904
+ RESERVED
+CVE-2018-16903
+ RESERVED
+CVE-2018-16902
+ RESERVED
+CVE-2018-16901
+ RESERVED
+CVE-2018-16900
+ RESERVED
+CVE-2018-16899
+ RESERVED
+CVE-2018-16898
+ RESERVED
+CVE-2018-16897
+ RESERVED
+CVE-2018-16896
+ RESERVED
+CVE-2018-16895
+ RESERVED
+CVE-2018-16894
+ RESERVED
+CVE-2018-16893
+ RESERVED
+CVE-2018-16892
+ RESERVED
+CVE-2018-16891
+ RESERVED
+CVE-2018-16890
+ RESERVED
+CVE-2018-16889
+ RESERVED
+CVE-2018-16888
+ RESERVED
+CVE-2018-16887
+ RESERVED
+CVE-2018-16886
+ RESERVED
+CVE-2018-16885
+ RESERVED
+CVE-2018-16884
+ RESERVED
+CVE-2018-16883
+ RESERVED
+CVE-2018-16882
+ RESERVED
+CVE-2018-16881
+ RESERVED
+CVE-2018-16880
+ RESERVED
+CVE-2018-16879
+ RESERVED
+CVE-2018-16878
+ RESERVED
+CVE-2018-16877
+ RESERVED
+CVE-2018-16876
+ RESERVED
+CVE-2018-16875
+ RESERVED
+CVE-2018-16874
+ RESERVED
+CVE-2018-16873
+ RESERVED
+CVE-2018-16872
+ RESERVED
+CVE-2018-16871
+ RESERVED
+CVE-2018-16870
+ RESERVED
+CVE-2018-16869
+ RESERVED
+CVE-2018-16868
+ RESERVED
+CVE-2018-16867
+ RESERVED
+CVE-2018-16866
+ RESERVED
+CVE-2018-16865
+ RESERVED
+CVE-2018-16864
+ RESERVED
+CVE-2018-16863
+ RESERVED
+CVE-2018-16862
+ RESERVED
+CVE-2018-16861
+ RESERVED
+CVE-2018-16860
+ RESERVED
+CVE-2018-16859
+ RESERVED
+CVE-2018-16858
+ RESERVED
+CVE-2018-16857
+ RESERVED
+CVE-2018-16856
+ RESERVED
+CVE-2018-16855
+ RESERVED
+CVE-2018-16854
+ RESERVED
+CVE-2018-16853
+ RESERVED
+CVE-2018-16852
+ RESERVED
+CVE-2018-16851
+ RESERVED
+CVE-2018-16850
+ RESERVED
+CVE-2018-16849
+ RESERVED
+CVE-2018-16848
+ RESERVED
+CVE-2018-16847
+ RESERVED
+CVE-2018-16846
+ RESERVED
+CVE-2018-16845
+ RESERVED
+CVE-2018-16844
+ RESERVED
+CVE-2018-16843
+ RESERVED
+CVE-2018-16842
+ RESERVED
+CVE-2018-16841
+ RESERVED
+CVE-2018-16840
+ RESERVED
+CVE-2018-16839
+ RESERVED
+CVE-2018-16838
+ RESERVED
+CVE-2018-16837
+ RESERVED
+CVE-2018-16836 (Rubedo through 3.4.0 contains a Directory Traversal
vulnerability in ...)
+ TODO: check
+CVE-2018-16835
+ RESERVED
+CVE-2018-16834
+ RESERVED
+CVE-2018-16833
+ RESERVED
+CVE-2018-16832 (CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an
attacker to ...)
+ TODO: check
CVE-2018-XXXX [OpenAFS Security Advisory-2018-003]
- openafs <unfixed> (bug #908616)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt
@@ -31,8 +259,8 @@ CVE-2018-1002001
NOTE: Wordpress plugin
CVE-2018-1002000
NOTE: Wordpress plugin
-CVE-2018-16831
- RESERVED
+CVE-2018-16831 (Smarty before 3.1.33-dev-4 allows attackers to bypass the
trusted_dir ...)
+ TODO: check
CVE-2018-16830
RESERVED
CVE-2018-16829
@@ -240,6 +468,7 @@ CVE-2018-16742 [stack-based buffer overflow with long
arguments in contrib/scrts
NOTE: Upstream removed contrib/scrts in
7d018d471f4c737f77ef281f5859a3b1c9ded42f (1.2.1)
CVE-2018-16741 [shell injection via faxq-helper]
RESERVED
+ {DSA-4291-1}
- mgetty <unfixed>
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
NOTE: Upstream commit: 1a7b3a30f79bae4cfbc6404fe4648689cd0ade62 (1.2.1)
@@ -409,6 +638,7 @@ CVE-2018-16660
CVE-2018-16659
RESERVED
CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP
message ...)
+ {DSA-4292-1}
- kamailio 5.1.4-1 (bug #908324)
NOTE: https://skalatan.de/blog/advisory-hw-2018-06
NOTE:
https://github.com/kamailio/kamailio/commit/ad68e402ece8089f133c10de6ce319f9e28c0692
(master)
@@ -942,7 +1172,7 @@ CVE-2018-16432 (BlueCMS 1.6 allows SQL Injection via the
user_name parameter to
CVE-2018-16431 (admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an
...)
NOT-FOR-US: YFCMF
CVE-2018-16430 (GNU Libextractor through 1.7 has an out-of-bounds read
vulnerability in ...)
- {DSA-4290-1}
+ {DSA-4290-1 DLA-1501-1}
- libextractor <unfixed> (bug #907987)
NOTE: https://gnunet.org/bugs/view.php?id=5405
NOTE:
https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7
@@ -14504,8 +14734,8 @@ CVE-2018-11080
RESERVED
CVE-2018-11079
RESERVED
-CVE-2018-11078
- RESERVED
+CVE-2018-11078 (Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains
an ...)
+ TODO: check
CVE-2018-11077
RESERVED
CVE-2018-11076
@@ -14520,12 +14750,12 @@ CVE-2018-11072
RESERVED
CVE-2018-11071
RESERVED
-CVE-2018-11070
- RESERVED
-CVE-2018-11069
- RESERVED
-CVE-2018-11068
- RESERVED
+CVE-2018-11070 (RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J
...)
+ TODO: check
+CVE-2018-11069 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert
Timing ...)
+ TODO: check
+CVE-2018-11068 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap
Inspection ...)
+ TODO: check
CVE-2018-11067
RESERVED
CVE-2018-11066
@@ -14860,16 +15090,14 @@ CVE-2018-10938 (A flaw was found in the Linux kernel
present since v4.0-rc1 and
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/40413955ee265a5e42f710940ec78f5450d49149 (4.13-rc5)
NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/1
-CVE-2018-10937
- RESERVED
+CVE-2018-10937 (A cross site scripting flaw exists in the tetonic-console
component of ...)
NOT-FOR-US: OpenShift
CVE-2018-10936 (A weakness was found in postgresql-jdbc before version 42.2.5.
It was ...)
- libpgjava 42.2.5-1
[stretch] - libpgjava <no-dsa> (Minor issue)
[jessie] - libpgjava <no-dsa> (Minor issue)
NOTE:
https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e412309
-CVE-2018-10935 [ldapsearch with server side sort allows users to cause a crash]
- RESERVED
+CVE-2018-10935 (A flaw was found in the 389 Directory Server that allows users
to ...)
{DLA-1483-1}
- 389-ds-base 1.4.0.15-1 (bug #906985)
NOTE: https://pagure.io/389-ds-base/issue/49890
@@ -15037,8 +15265,7 @@ CVE-2018-10895 (qutebrowser before version 1.4.1 is
vulnerable to a cross-site r
NOTE: Fixed in:
https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660
(v1.4.1)
CVE-2018-10894 (It was found that SAML authentication in Keycloak 3.4.3.Final
...)
NOT-FOR-US: Keycloak
-CVE-2018-10893 [Insufficient encoding checks for LZ can cause different
integer/buffer overflows]
- RESERVED
+CVE-2018-10893 (Multiple integer overflow and buffer overflow issues were
discovered ...)
- spice-gtk <unfixed> (bug #904161)
[stretch] - spice-gtk <no-dsa> (Minor issue)
[jessie] - spice-gtk <no-dsa> (Minor issue)
@@ -15214,8 +15441,7 @@ CVE-2018-10855 (Ansible 2.5 prior to 2.5.5, and 2.4
prior to 2.4.5, do not honor
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588855
CVE-2018-10854
RESERVED
-CVE-2018-10853 [kvm: guest userspace to guest kernel write]
- RESERVED
+CVE-2018-10853 (A flaw was found in the way Linux kernel KVM hypervisor before
4.18 ...)
{DLA-1423-1 DLA-1422-1}
- linux 4.16.16-1
[stretch] - linux 4.9.110-1
@@ -25645,10 +25871,10 @@ CVE-2018-6978
RESERVED
CVE-2018-6977
RESERVED
-CVE-2018-6976
- RESERVED
-CVE-2018-6975
- RESERVED
+CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data
...)
+ TODO: check
+CVE-2018-6975 (The AirWatch Agent for iOS prior to 5.8.1 contains a data
protection ...)
+ TODO: check
CVE-2018-6974
RESERVED
CVE-2018-6973 (VMware Workstation (14.x before 14.1.3) and Fusion (10.x before
...)
@@ -39055,34 +39281,34 @@ CVE-2018-2467
RESERVED
CVE-2018-2466
RESERVED
-CVE-2018-2465
- RESERVED
-CVE-2018-2464
- RESERVED
-CVE-2018-2463
- RESERVED
-CVE-2018-2462
- RESERVED
-CVE-2018-2461
- RESERVED
-CVE-2018-2460
- RESERVED
-CVE-2018-2459
- RESERVED
-CVE-2018-2458
- RESERVED
-CVE-2018-2457
- RESERVED
+CVE-2018-2465 (SAP HANA (versions 1.0 and 2.0) Extended Application Services
classic ...)
+ TODO: check
+CVE-2018-2464 (SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does
not ...)
+ TODO: check
+CVE-2018-2463 (The Omni Commerce Connect API (OCC) of SAP Hybris Commerce,
versions ...)
+ TODO: check
+CVE-2018-2462 (In certain cases, BEx Web Java Runtime Export Web Service in
SAP ...)
+ TODO: check
+CVE-2018-2461 (Missing authorization check in SAP HCM Fiori "People
Profile" (GBX01 ...)
+ TODO: check
+CVE-2018-2460 (SAP Business One Android application, version 1.2, does not
verify the ...)
+ TODO: check
+CVE-2018-2459 (Users of an SAP Mobile Platform (version 3.0) Offline OData ...)
+ TODO: check
+CVE-2018-2458 (Under certain conditions, Crystal Report using SAP Business
One, ...)
+ TODO: check
+CVE-2018-2457 (Under certain conditions SAP Adaptive Server Enterprise,
version 16.0, ...)
+ TODO: check
CVE-2018-2456
RESERVED
-CVE-2018-2455
- RESERVED
-CVE-2018-2454
- RESERVED
+CVE-2018-2455 (SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16,
6.17, ...)
+ TODO: check
+CVE-2018-2454 (SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16,
6.17, ...)
+ TODO: check
CVE-2018-2453
RESERVED
-CVE-2018-2452
- RESERVED
+CVE-2018-2452 (The logon application of SAP NetWeaver AS Java 7.10 to 7.11,
7.20, ...)
+ TODO: check
CVE-2018-2451 (XS Command-Line Interface (CLI) user sessions with the SAP HANA
...)
NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2450 (SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker
who ...)
@@ -40893,8 +41119,8 @@ CVE-2018-1573
RESERVED
CVE-2018-1572
RESERVED
-CVE-2018-1571
- RESERVED
+CVE-2018-1571 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated
attacker to ...)
+ TODO: check
CVE-2018-1570
RESERVED
CVE-2018-1569
@@ -42831,8 +43057,7 @@ CVE-2018-1128 (It was found that cephx authentication
protocol did not verify ce
[jessie] - ceph <no-dsa> (Intrusive changes)
NOTE: http://tracker.ceph.com/issues/24836
NOTE:
https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
-CVE-2018-1127
- RESERVED
+CVE-2018-1127 (Tendrl API in Red Hat Gluster Storage before 3.4.0 does not ...)
NOT-FOR-US: tendrl-api
CVE-2018-1126 (procps-ng before version 3.3.15 is vulnerable to an incorrect
integer ...)
{DSA-4208-1 DLA-1390-1}
@@ -42908,8 +43133,7 @@ CVE-2018-1115 (postgresql before versions 10.4, 9.6.9
is vulnerable in the admin
- postgresql-9.1 <removed>
[jessie] - postgresql-9.1 <not-affected> (Code not present)
[wheezy] - postgresql-9.1 <not-affected> (Code not present)
-CVE-2018-1114 [File descriptor leak caused by
JarURLConnection.getLastModified() allows attacker to cause a denial of service]
- RESERVED
+CVE-2018-1114 (It was found that URLResource.getLastModified() in Undertow
closes the ...)
- undertow 1.4.25-1 (bug #897247)
NOTE: https://issues.jboss.org/browse/UNDERTOW-1338
NOTE:
https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
@@ -89070,25 +89294,25 @@ CVE-2017-3181 (Multiple TIBCO Products are prone to
multiple unspecified ...)
CVE-2017-3180 (Multiple TIBCO Products are prone to multiple unspecified
cross-site ...)
NOT-FOR-US: TIBCO
CVE-2017-3179
- RESERVED
+ REJECTED
CVE-2017-3178
- RESERVED
+ REJECTED
CVE-2017-3177
- RESERVED
+ REJECTED
CVE-2017-3176
- RESERVED
+ REJECTED
CVE-2017-3175
- RESERVED
+ REJECTED
CVE-2017-3174
- RESERVED
+ REJECTED
CVE-2017-3173
- RESERVED
+ REJECTED
CVE-2017-3172
- RESERVED
+ REJECTED
CVE-2017-3171
- RESERVED
+ REJECTED
CVE-2017-3170
- RESERVED
+ REJECTED
CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_ssl ...)
{DSA-3896-1 DLA-1009-1}
- apache2 2.4.25-4
@@ -104622,16 +104846,14 @@ CVE-2016-7076 (sudo before version 1.8.18p1 is
vulnerable to a bypass in the sud
CVE-2016-7075 (It was found that Kubernetes as used by Openshift Enterprise 3
did not ...)
- kubernetes 1.5.5+dfsg-1 (bug #795652)
NOTE: https://github.com/kubernetes/kubernetes/issues/34517
-CVE-2016-7074
- RESERVED
+CVE-2016-7074 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2,
and ...)
{DSA-3764-1 DLA-798-1}
- pdns 4.0.2-1
- pdns-recursor 4.0.4-1
[jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
[wheezy] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
-CVE-2016-7073
- RESERVED
+CVE-2016-7073 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2,
and ...)
{DSA-3764-1 DLA-798-1}
- pdns 4.0.2-1
- pdns-recursor 4.0.4-1
@@ -104644,16 +104866,14 @@ CVE-2016-7072 (An issue has been found in PowerDNS
Authoritative Server before 3
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
CVE-2016-7071 (It was found that the CloudForms before 5.6.2.2, and 5.7.0.7
did not ...)
NOT-FOR-US: Red Hat CloudForms
-CVE-2016-7070
- RESERVED
-CVE-2016-7069 [Crafted backend responses can cause a denial of service]
- RESERVED
+CVE-2016-7070 (A privilege escalation flaw was found in the Ansible Tower.
When Tower ...)
+ TODO: check
+CVE-2016-7069 (An issue has been found in dnsdist before 1.2.0 in the way
EDNS0 OPT ...)
- dnsdist 1.2.0-1 (low; bug #872854)
[stretch] - dnsdist 1.1.0-2+deb9u1
NOTE:
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html
NOTE: https://downloads.powerdns.com/patches/2017-01
-CVE-2016-7068
- RESERVED
+CVE-2016-7068 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2,
and ...)
{DSA-3764-1 DSA-3763-1 DLA-798-1 DLA-788-1}
- pdns 4.0.2-1
- pdns-recursor 4.0.4-1
@@ -104665,8 +104885,7 @@ CVE-2016-7067 (Monit before version 5.20.0 is
vulnerable to a cross site request
NOTE:
https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
NOTE: Although configured only on localhost, the httpd service is
started by
NOTE: default and accessible.
-CVE-2016-7066
- RESERVED
+CVE-2016-7066 (It was found that the improper default permissions on /tmp/auth
...)
NOT-FOR-US: admin-cli / jboss-cli in Red Hat
CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application
Platform (EAP) ...)
NOT-FOR-US: Red Hat JBoss EAP
@@ -104732,8 +104951,7 @@ CVE-2016-7049
RESERVED
CVE-2016-7048 (The interactive installer in PostgreSQL before 9.3.15, 9.4.x
before ...)
NOT-FOR-US: interactive installer used in EnterpriseDB-supplied
PostgreSQL packages
-CVE-2016-7047
- RESERVED
+CVE-2016-7047 (A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1
and ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2016-7046 (Red Hat JBoss Enterprise Application Platform (EAP) 7, when
operating ...)
- undertow 1.4.3-1 (bug #838600)
@@ -125967,8 +126185,7 @@ CVE-2016-0751
(actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack i
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
[wheezy] - ruby-actionpack-2.3 <end-of-life>
-CVE-2016-0750
- RESERVED
+CVE-2016-0750 (The hotrod java client in infinispan before 9.1.0.Final
automatically ...)
NOT-FOR-US: Infinispan
CVE-2016-0749 (The smartcard interaction in SPICE allows remote attackers to
cause a ...)
{DSA-3596-1}
@@ -126109,8 +126326,8 @@ CVE-2016-0717
REJECTED
CVE-2016-0716
REJECTED
-CVE-2016-0715
- RESERVED
+CVE-2016-0715 (Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through
1.4.5, ...)
+ TODO: check
CVE-2016-0714 (The session-persistence implementation in Apache Tomcat 6.x
before ...)
{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e5b028bc300b92635061ff52b59a59f32c90cd9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e5b028bc300b92635061ff52b59a59f32c90cd9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
