Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44c1a357 by security tracker role at 2018-09-12T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2018-16966
+ RESERVED
+CVE-2018-16965
+ RESERVED
+CVE-2018-16964
+ RESERVED
+CVE-2018-16963
+ RESERVED
+CVE-2018-16962
+ RESERVED
+CVE-2018-16961
+ RESERVED
+CVE-2018-16960
+ RESERVED
+CVE-2018-16959
+ RESERVED
+CVE-2018-16958
+ RESERVED
+CVE-2018-16957
+ RESERVED
+CVE-2018-16956
+ RESERVED
+CVE-2018-16955
+ RESERVED
+CVE-2018-16954
+ RESERVED
+CVE-2018-16953
+ RESERVED
+CVE-2018-16952
+ RESERVED
+CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics
STM32F0 ...)
+ TODO: check
CVE-2018-XXXX [prevent access to repos which are in the process of bring
migrated]
- gitolite3 <unfixed> (bug #908699)
[stretch] - gitolite3 <no-dsa> (Minor issue)
@@ -507,14 +539,14 @@ CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by
(for example) adding t
NOT-FOR-US: CScms
CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the
site name. ...)
NOT-FOR-US: CScms
-CVE-2018-16729
- RESERVED
-CVE-2018-16728
- RESERVED
-CVE-2018-16727
- RESERVED
-CVE-2018-16726
- RESERVED
+CVE-2018-16729 (Pluck 4.7.7 allows XSS via an SVG file that contains
Javascript in a ...)
+ TODO: check
+CVE-2018-16728 (feindura 2.0.7 allows XSS via the tags field of a new page
created at ...)
+ TODO: check
+CVE-2018-16727 (razorCMS 3.4.7 allows Stored XSS via the keywords of the
homepage ...)
+ TODO: check
+CVE-2018-16726 (razorCMS 3.4.7 allows HTML injection via the description of
the ...)
+ TODO: check
CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the ...)
NOT-FOR-US: baijiacms
CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection
exists via ...)
@@ -651,7 +683,7 @@ CVE-2018-16660
CVE-2018-16659
RESERVED
CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP
message ...)
- {DSA-4292-1}
+ {DSA-4292-1 DLA-1503-1}
- kamailio 5.1.4-1 (bug #908324)
NOTE: https://skalatan.de/blog/advisory-hw-2018-06
NOTE:
https://github.com/kamailio/kamailio/commit/ad68e402ece8089f133c10de6ce319f9e28c0692
(master)
@@ -788,8 +820,8 @@ CVE-2018-16607
RESERVED
CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference
(IDOR) ...)
NOT-FOR-US: ProConf
-CVE-2018-16605
- RESERVED
+CVE-2018-16605 (D-Link DIR-600M devices allow XSS via the Hostname and
Username fields ...)
+ TODO: check
CVE-2018-16604 (An issue was discovered in Nibbleblog v4.0.5. With an admin's
username ...)
NOT-FOR-US: Nibbleblog
CVE-2018-16603
@@ -1341,10 +1373,10 @@ CVE-2018-16391 (Several buffer overflows when handling
responses from a Muscle C
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16390
RESERVED
-CVE-2018-16389
- RESERVED
-CVE-2018-16388
- RESERVED
+CVE-2018-16389 (e107_admin/banlist.php in e107 2.1.8 allows SQL injection via
the ...)
+ TODO: check
+CVE-2018-16388 (e107_web/js/plupload/upload.php in e107 2.1.8 allows remote
attackers ...)
+ TODO: check
CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is
a CSRF ...)
NOT-FOR-US: Elefant CMS
CVE-2018-16386
@@ -2743,8 +2775,8 @@ CVE-2018-15836
RESERVED
CVE-2018-15835
RESERVED
-CVE-2018-15834
- RESERVED
+CVE-2018-15834 (In radare2 before 2.9.0, a heap overflow vulnerability exists
in the ...)
+ TODO: check
CVE-2018-15833 (In Vanilla before 2.6.1, the polling functionality allows
Insecure ...)
NOT-FOR-US: Vanilla
CVE-2018-15832
@@ -3557,8 +3589,8 @@ CVE-2018-15504 (An issue was discovered in Embedthis
GoAhead before 4.0.1 and Ap
NOT-FOR-US: Embedthis GoAhead
CVE-2018-15503 (The unpack implementation in Swoole version 4.0.4 lacks
correct size ...)
NOT-FOR-US: Swoole
-CVE-2018-15502
- RESERVED
+CVE-2018-15502 (Insecure permissions in Lone Wolf Technologies loadingDOCS
2018-08-13 ...)
+ TODO: check
CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6
and 0.27.x ...)
{DLA-1477-1}
- libgit2 0.27.4+dfsg.1-0.1 (low)
@@ -7694,10 +7726,10 @@ CVE-2018-13809
RESERVED
CVE-2018-13808
RESERVED
-CVE-2018-13807
- RESERVED
-CVE-2018-13806
- RESERVED
+CVE-2018-13807 (A vulnerability has been identified in SCALANCE X300 (All
versions < ...)
+ TODO: check
+CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad
Designer (All ...)
+ TODO: check
CVE-2018-13805
RESERVED
CVE-2018-13804
@@ -7710,8 +7742,8 @@ CVE-2018-13801
RESERVED
CVE-2018-13800
RESERVED
-CVE-2018-13799
- RESERVED
+CVE-2018-13799 (A vulnerability has been identified in SIMATIC WinCC OA V3.14
and ...)
+ TODO: check
CVE-2018-13798
RESERVED
CVE-2018-13796 (An issue was discovered in GNU Mailman before 2.1.28. A
crafted URL ...)
@@ -8551,10 +8583,10 @@ CVE-2018-13414
RESERVED
CVE-2018-13413
RESERVED
-CVE-2018-13412
- RESERVED
-CVE-2018-13411
- RESERVED
+CVE-2018-13412 (An issue was discovered in the Self Service Portal in Zoho ...)
+ TODO: check
+CVE-2018-13411 (An issue was discovered in Zoho ManageEngine Desktop Central
before ...)
+ TODO: check
CVE-2018-13410 (** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT
command-line ...)
- zip <unfixed> (unimportant; bug #903196)
NOTE: http://seclists.org/fulldisclosure/2018/Jul/24
@@ -11839,24 +11871,24 @@ CVE-2018-12178
RESERVED
CVE-2018-12177
RESERVED
-CVE-2018-12176
- RESERVED
-CVE-2018-12175
- RESERVED
+CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may
allow a ...)
+ TODO: check
+CVE-2018-12175 (Default install directory permissions in Intel Distribution
for Python ...)
+ TODO: check
CVE-2018-12174
RESERVED
CVE-2018-12173
RESERVED
CVE-2018-12172
RESERVED
-CVE-2018-12171
- RESERVED
+CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller
(BMC) ...)
+ TODO: check
CVE-2018-12170
RESERVED
CVE-2018-12169
RESERVED
-CVE-2018-12168
- RESERVED
+CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing
...)
+ TODO: check
CVE-2018-12167
RESERVED
CVE-2018-12166
@@ -11865,14 +11897,14 @@ CVE-2018-12165
RESERVED
CVE-2018-12164
RESERVED
-CVE-2018-12163
- RESERVED
-CVE-2018-12162
- RESERVED
+CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit
4.0 ...)
+ TODO: check
+CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for
Windows before ...)
+ TODO: check
CVE-2018-12161
RESERVED
-CVE-2018-12160
- RESERVED
+CVE-2018-12160 (DLL injection vulnerability in software installer for Intel
Data ...)
+ TODO: check
CVE-2018-12159
RESERVED
CVE-2018-12158
@@ -11889,14 +11921,14 @@ CVE-2018-12153
RESERVED
CVE-2018-12152
RESERVED
-CVE-2018-12151
- RESERVED
-CVE-2018-12150
- RESERVED
-CVE-2018-12149
- RESERVED
-CVE-2018-12148
- RESERVED
+CVE-2018-12151 (Buffer overflow in installer for Intel Extreme Tuning Utility
before ...)
+ TODO: check
+CVE-2018-12150 (Escalation of privilege in Installer for Intel Extreme Tuning
Utility ...)
+ TODO: check
+CVE-2018-12149 (Buffer overflow in input handling in Intel Extreme Tuning
Utility ...)
+ TODO: check
+CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and
Support ...)
+ TODO: check
CVE-2018-12147
RESERVED
CVE-2018-12146
@@ -22823,8 +22855,8 @@ CVE-2018-7941 (Huawei iBMC V200R002C60 have an
authentication bypass vulnerabili
NOT-FOR-US: Huawei
CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier
versions than ...)
NOT-FOR-US: Huawei
-CVE-2018-7939
- RESERVED
+CVE-2018-7939 (Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with
the ...)
+ TODO: check
CVE-2018-7938 (P10 Huawei smartphones with the versions before
Victoria-AL00AC00B217 ...)
NOT-FOR-US: Huawei
CVE-2018-7937 (In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and
...)
@@ -22855,12 +22887,12 @@ CVE-2018-7925
RESERVED
CVE-2018-7924
RESERVED
-CVE-2018-7923
- RESERVED
-CVE-2018-7922
- RESERVED
-CVE-2018-7921
- RESERVED
+CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09
...)
+ TODO: check
+CVE-2018-7922 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09
...)
+ TODO: check
+CVE-2018-7921 (Huawei B315s-22 products with software of 21.318.01.00.26 have
an ...)
+ TODO: check
CVE-2018-7920 (Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200
...)
NOT-FOR-US: Huawei
CVE-2018-7919
@@ -22889,8 +22921,8 @@ CVE-2018-7908
RESERVED
CVE-2018-7907
RESERVED
-CVE-2018-7906
- RESERVED
+CVE-2018-7906 (Some Huawei smart phones with software of Leland-AL00
8.0.0.114(C636), ...)
+ TODO: check
CVE-2018-7905
RESERVED
CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a
JSON ...)
@@ -23901,8 +23933,8 @@ CVE-2018-7574
RESERVED
CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP
server can ...)
NOT-FOR-US: FTPShell Client
-CVE-2018-7572
- RESERVED
+CVE-2018-7572 (Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when
configured to ...)
+ TODO: check
CVE-2018-7571
RESERVED
CVE-2018-7570 (The assign_file_positions_for_non_load_sections function in
elf.c in ...)
@@ -26078,8 +26110,8 @@ CVE-2018-6926 (In app/Controller/ServersController.php
in MISP 2.4.87, a server
NOT-FOR-US: MISP
CVE-2018-6925
RESERVED
-CVE-2018-6924
- RESERVED
+CVE-2018-6924 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3,
11.1-RELEASE-p14, ...)
+ TODO: check
CVE-2018-6923 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2,
11.1-RELEASE-p13, ip ...)
TODO: check
CVE-2018-6922 (One of the data structures that holds TCP segments in all
versions of ...)
@@ -30327,7 +30359,7 @@ CVE-2018-5695 (The WpJobBoard plugin 4.4.4 for
WordPress allows SQL injection vi
NOT-FOR-US: WpJobBoard plugin for WordPress
CVE-2018-5694 (The callforward module in User Control Panel (UCP) in Nicolas
Gudino ...)
NOT-FOR-US: Nicolas Gudino (aka Asternic) Flash Operator Panel
-CVE-2018-5693 (The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows
local users ...)
+CVE-2018-5693 (The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk
allows ...)
NOT-FOR-US: LinuxMagic MagicSpam extension for Plesk
CVE-2018-5692 (Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`,
...)
- piwigo <removed>
@@ -34738,14 +34770,14 @@ CVE-2018-3887 (A memory corruption vulnerability
exists in the PCX-parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3886 (A memory corruption vulnerability exists in the PCX-parsing ...)
NOT-FOR-US: Computerinsel Photoline
-CVE-2018-3885
- RESERVED
-CVE-2018-3884
- RESERVED
-CVE-2018-3883
- RESERVED
-CVE-2018-3882
- RESERVED
+CVE-2018-3885 (An exploitable SQL injection vulnerability exists in the
authenticated ...)
+ TODO: check
+CVE-2018-3884 (An exploitable SQL injection vulnerability exists in the
authenticated ...)
+ TODO: check
+CVE-2018-3883 (An exploitable SQL injection vulnerability exists in the
authenticated ...)
+ TODO: check
+CVE-2018-3882 (An exploitable SQL injection vulnerability exists in the
authenticated ...)
+ TODO: check
CVE-2018-3881 (An exploitable unauthenticated XML external injection
vulnerability ...)
NOT-FOR-US: FocalScope
CVE-2018-3880 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
@@ -35528,8 +35560,8 @@ CVE-2018-3688 (Unquoted service paths in Intel Quartus
Prime Programmer and Tool
NOT-FOR-US: Intel
CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools
in ...)
NOT-FOR-US: Intel
-CVE-2018-3686
- RESERVED
+CVE-2018-3686 (Code injection vulnerability in INTEL-SA-00086 Detection Tool
before ...)
+ TODO: check
CVE-2018-3685
RESERVED
CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 -
15.0 ...)
@@ -35542,8 +35574,8 @@ CVE-2018-3681
RESERVED
CVE-2018-3680
RESERVED
-CVE-2018-3679
- RESERVED
+CVE-2018-3679 (Escalation of privilege in Reference UI in Intel Data Center
Manager ...)
+ TODO: check
CVE-2018-3678
RESERVED
CVE-2018-3677
@@ -35562,8 +35594,8 @@ CVE-2018-3671 (Escalation of privilege in Intel Saffron
admin application before
NOT-FOR-US: Intel Saffron admin application
CVE-2018-3670 (Driver module in Intel Smart Sound Technology before version
...)
NOT-FOR-US: Driver module in Intel Smart Sound Technology
-CVE-2018-3669
- RESERVED
+CVE-2018-3669 (A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel
Centrino ...)
+ TODO: check
CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool
(IPDT) ...)
NOT-FOR-US: Intel
CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool)
4.1.0.24 sets ...)
@@ -35588,16 +35620,16 @@ CVE-2018-3661 (Buffer overflow in Intel system
Configuration utilities selview.e
NOT-FOR-US: Intel
CVE-2018-3660
RESERVED
-CVE-2018-3659
- RESERVED
-CVE-2018-3658
- RESERVED
-CVE-2018-3657
- RESERVED
+CVE-2018-3659 (A vulnerability in Intel PTT module in Intel CSME firmware
before ...)
+ TODO: check
+CVE-2018-3658 (Multiple memory leaks in Intel AMT in Intel CSME firmware
versions ...)
+ TODO: check
+CVE-2018-3657 (Multiple buffer overflows in Intel AMT in Intel CSME firmware
versions ...)
+ TODO: check
CVE-2018-3656
RESERVED
-CVE-2018-3655
- RESERVED
+CVE-2018-3655 (A vulnerability in a subsystem in Intel CSME before version
11.21.55, ...)
+ TODO: check
CVE-2018-3654
RESERVED
CVE-2018-3653
@@ -35630,8 +35662,8 @@ CVE-2018-3645 (Escalation of privilege in all versions
of the Intel Remote Keybo
NOT-FOR-US: Intel
CVE-2018-3644
RESERVED
-CVE-2018-3643
- RESERVED
+CVE-2018-3643 (A vulnerability in Power Management Controller firmware in
systems ...)
+ TODO: check
CVE-2018-3642
RESERVED
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote
Keyboard ...)
@@ -35710,8 +35742,8 @@ CVE-2018-3618
RESERVED
CVE-2018-3617
REJECTED
-CVE-2018-3616
- RESERVED
+CVE-2018-3616 (Bleichenbacher-style side channel vulnerability in TLS
implementation ...)
+ TODO: check
CVE-2018-3615 (Systems with microprocessors utilizing speculative execution
and Intel ...)
- intel-microcode 3.20180703.1
NOTE:
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
@@ -40730,8 +40762,8 @@ CVE-2018-1775
RESERVED
CVE-2018-1774
RESERVED
-CVE-2018-1773
- RESERVED
+CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow
an ...)
+ TODO: check
CVE-2018-1772
RESERVED
CVE-2018-1771
@@ -47702,7 +47734,7 @@ CVE-2017-16722
RESERVED
CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance
SCADA ...)
NOT-FOR-US: Geovap Reliance SCADA
-CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions
prior to ...)
+CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions
8.3.2 and ...)
NOT-FOR-US: Advantech WebAccess
CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version
2.2, NPort ...)
NOT-FOR-US: Moxa
@@ -59898,7 +59930,7 @@ CVE-2017-12743
RESERVED
CVE-2017-12742
RESERVED
-CVE-2017-12741 (A vulnerability has been identified in SINAMICS GH150 V4.7 w.
PROFINET ...)
+CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart
(All ...)
NOT-FOR-US: Siemens
CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks
integrity ...)
NOT-FOR-US: Siemens
@@ -94268,14 +94300,14 @@ CVE-2017-1087 (In FreeBSD 10.x before 10.4-STABLE,
10.4-RELEASE-p3, and ...)
CVE-2017-1086 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4,
11.0-RELEASE-p15, ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: kfreebsd not covered by security support
-CVE-2017-1085
- RESERVED
-CVE-2017-1084
- RESERVED
-CVE-2017-1083
- RESERVED
-CVE-2017-1082
- RESERVED
+CVE-2017-1085 (In FreeBSD before 11.2-RELEASE, an application which calls
setrlimit() ...)
+ TODO: check
+CVE-2017-1084 (In FreeBSD before 11.2-RELEASE, multiple issues with the ...)
+ TODO: check
+CVE-2017-1083 (In FreeBSD before 11.2-RELEASE, a stack guard-page is available
but is ...)
+ TODO: check
+CVE-2017-1082 (In FreeBSD 11.x before 11.1-RELEASE and 10.x before
10.4-RELEASE, the ...)
+ TODO: check
CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE,
and ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE:
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/44c1a3578143f7c3a956d457be5527ef04f195eb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/44c1a3578143f7c3a956d457be5527ef04f195eb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
