Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 44c1a357 by security tracker role at 2018-09-12T20:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,35 @@ +CVE-2018-16966 + RESERVED +CVE-2018-16965 + RESERVED +CVE-2018-16964 + RESERVED +CVE-2018-16963 + RESERVED +CVE-2018-16962 + RESERVED +CVE-2018-16961 + RESERVED +CVE-2018-16960 + RESERVED +CVE-2018-16959 + RESERVED +CVE-2018-16958 + RESERVED +CVE-2018-16957 + RESERVED +CVE-2018-16956 + RESERVED +CVE-2018-16955 + RESERVED +CVE-2018-16954 + RESERVED +CVE-2018-16953 + RESERVED +CVE-2018-16952 + RESERVED +CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 ...) + TODO: check CVE-2018-XXXX [prevent access to repos which are in the process of bring migrated] - gitolite3 <unfixed> (bug #908699) [stretch] - gitolite3 <no-dsa> (Minor issue) @@ -507,14 +539,14 @@ CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding t NOT-FOR-US: CScms CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. ...) NOT-FOR-US: CScms -CVE-2018-16729 - RESERVED -CVE-2018-16728 - RESERVED -CVE-2018-16727 - RESERVED -CVE-2018-16726 - RESERVED +CVE-2018-16729 (Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a ...) + TODO: check +CVE-2018-16728 (feindura 2.0.7 allows XSS via the tags field of a new page created at ...) + TODO: check +CVE-2018-16727 (razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage ...) + TODO: check +CVE-2018-16726 (razorCMS 3.4.7 allows HTML injection via the description of the ...) + TODO: check CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the ...) NOT-FOR-US: baijiacms CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...) @@ -651,7 +683,7 @@ CVE-2018-16660 CVE-2018-16659 RESERVED CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...) - {DSA-4292-1} + {DSA-4292-1 DLA-1503-1} - kamailio 5.1.4-1 (bug #908324) NOTE: https://skalatan.de/blog/advisory-hw-2018-06 NOTE: https://github.com/kamailio/kamailio/commit/ad68e402ece8089f133c10de6ce319f9e28c0692 (master) @@ -788,8 +820,8 @@ CVE-2018-16607 RESERVED CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) ...) NOT-FOR-US: ProConf -CVE-2018-16605 - RESERVED +CVE-2018-16605 (D-Link DIR-600M devices allow XSS via the Hostname and Username fields ...) + TODO: check CVE-2018-16604 (An issue was discovered in Nibbleblog v4.0.5. With an admin's username ...) NOT-FOR-US: Nibbleblog CVE-2018-16603 @@ -1341,10 +1373,10 @@ CVE-2018-16391 (Several buffer overflows when handling responses from a Muscle C NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ CVE-2018-16390 RESERVED -CVE-2018-16389 - RESERVED -CVE-2018-16388 - RESERVED +CVE-2018-16389 (e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the ...) + TODO: check +CVE-2018-16388 (e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers ...) + TODO: check CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF ...) NOT-FOR-US: Elefant CMS CVE-2018-16386 @@ -2743,8 +2775,8 @@ CVE-2018-15836 RESERVED CVE-2018-15835 RESERVED -CVE-2018-15834 - RESERVED +CVE-2018-15834 (In radare2 before 2.9.0, a heap overflow vulnerability exists in the ...) + TODO: check CVE-2018-15833 (In Vanilla before 2.6.1, the polling functionality allows Insecure ...) NOT-FOR-US: Vanilla CVE-2018-15832 @@ -3557,8 +3589,8 @@ CVE-2018-15504 (An issue was discovered in Embedthis GoAhead before 4.0.1 and Ap NOT-FOR-US: Embedthis GoAhead CVE-2018-15503 (The unpack implementation in Swoole version 4.0.4 lacks correct size ...) NOT-FOR-US: Swoole -CVE-2018-15502 - RESERVED +CVE-2018-15502 (Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 ...) + TODO: check CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x ...) {DLA-1477-1} - libgit2 0.27.4+dfsg.1-0.1 (low) @@ -7694,10 +7726,10 @@ CVE-2018-13809 RESERVED CVE-2018-13808 RESERVED -CVE-2018-13807 - RESERVED -CVE-2018-13806 - RESERVED +CVE-2018-13807 (A vulnerability has been identified in SCALANCE X300 (All versions < ...) + TODO: check +CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad Designer (All ...) + TODO: check CVE-2018-13805 RESERVED CVE-2018-13804 @@ -7710,8 +7742,8 @@ CVE-2018-13801 RESERVED CVE-2018-13800 RESERVED -CVE-2018-13799 - RESERVED +CVE-2018-13799 (A vulnerability has been identified in SIMATIC WinCC OA V3.14 and ...) + TODO: check CVE-2018-13798 RESERVED CVE-2018-13796 (An issue was discovered in GNU Mailman before 2.1.28. A crafted URL ...) @@ -8551,10 +8583,10 @@ CVE-2018-13414 RESERVED CVE-2018-13413 RESERVED -CVE-2018-13412 - RESERVED -CVE-2018-13411 - RESERVED +CVE-2018-13412 (An issue was discovered in the Self Service Portal in Zoho ...) + TODO: check +CVE-2018-13411 (An issue was discovered in Zoho ManageEngine Desktop Central before ...) + TODO: check CVE-2018-13410 (** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line ...) - zip <unfixed> (unimportant; bug #903196) NOTE: http://seclists.org/fulldisclosure/2018/Jul/24 @@ -11839,24 +11871,24 @@ CVE-2018-12178 RESERVED CVE-2018-12177 RESERVED -CVE-2018-12176 - RESERVED -CVE-2018-12175 - RESERVED +CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a ...) + TODO: check +CVE-2018-12175 (Default install directory permissions in Intel Distribution for Python ...) + TODO: check CVE-2018-12174 RESERVED CVE-2018-12173 RESERVED CVE-2018-12172 RESERVED -CVE-2018-12171 - RESERVED +CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller (BMC) ...) + TODO: check CVE-2018-12170 RESERVED CVE-2018-12169 RESERVED -CVE-2018-12168 - RESERVED +CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing ...) + TODO: check CVE-2018-12167 RESERVED CVE-2018-12166 @@ -11865,14 +11897,14 @@ CVE-2018-12165 RESERVED CVE-2018-12164 RESERVED -CVE-2018-12163 - RESERVED -CVE-2018-12162 - RESERVED +CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 ...) + TODO: check +CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for Windows before ...) + TODO: check CVE-2018-12161 RESERVED -CVE-2018-12160 - RESERVED +CVE-2018-12160 (DLL injection vulnerability in software installer for Intel Data ...) + TODO: check CVE-2018-12159 RESERVED CVE-2018-12158 @@ -11889,14 +11921,14 @@ CVE-2018-12153 RESERVED CVE-2018-12152 RESERVED -CVE-2018-12151 - RESERVED -CVE-2018-12150 - RESERVED -CVE-2018-12149 - RESERVED -CVE-2018-12148 - RESERVED +CVE-2018-12151 (Buffer overflow in installer for Intel Extreme Tuning Utility before ...) + TODO: check +CVE-2018-12150 (Escalation of privilege in Installer for Intel Extreme Tuning Utility ...) + TODO: check +CVE-2018-12149 (Buffer overflow in input handling in Intel Extreme Tuning Utility ...) + TODO: check +CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and Support ...) + TODO: check CVE-2018-12147 RESERVED CVE-2018-12146 @@ -22823,8 +22855,8 @@ CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass vulnerabili NOT-FOR-US: Huawei CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than ...) NOT-FOR-US: Huawei -CVE-2018-7939 - RESERVED +CVE-2018-7939 (Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the ...) + TODO: check CVE-2018-7938 (P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 ...) NOT-FOR-US: Huawei CVE-2018-7937 (In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and ...) @@ -22855,12 +22887,12 @@ CVE-2018-7925 RESERVED CVE-2018-7924 RESERVED -CVE-2018-7923 - RESERVED -CVE-2018-7922 - RESERVED -CVE-2018-7921 - RESERVED +CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 ...) + TODO: check +CVE-2018-7922 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 ...) + TODO: check +CVE-2018-7921 (Huawei B315s-22 products with software of 21.318.01.00.26 have an ...) + TODO: check CVE-2018-7920 (Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 ...) NOT-FOR-US: Huawei CVE-2018-7919 @@ -22889,8 +22921,8 @@ CVE-2018-7908 RESERVED CVE-2018-7907 RESERVED -CVE-2018-7906 - RESERVED +CVE-2018-7906 (Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), ...) + TODO: check CVE-2018-7905 RESERVED CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON ...) @@ -23901,8 +23933,8 @@ CVE-2018-7574 RESERVED CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP server can ...) NOT-FOR-US: FTPShell Client -CVE-2018-7572 - RESERVED +CVE-2018-7572 (Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to ...) + TODO: check CVE-2018-7571 RESERVED CVE-2018-7570 (The assign_file_positions_for_non_load_sections function in elf.c in ...) @@ -26078,8 +26110,8 @@ CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server NOT-FOR-US: MISP CVE-2018-6925 RESERVED -CVE-2018-6924 - RESERVED +CVE-2018-6924 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, ...) + TODO: check CVE-2018-6923 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip ...) TODO: check CVE-2018-6922 (One of the data structures that holds TCP segments in all versions of ...) @@ -30327,7 +30359,7 @@ CVE-2018-5695 (The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection vi NOT-FOR-US: WpJobBoard plugin for WordPress CVE-2018-5694 (The callforward module in User Control Panel (UCP) in Nicolas Gudino ...) NOT-FOR-US: Nicolas Gudino (aka Asternic) Flash Operator Panel -CVE-2018-5693 (The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users ...) +CVE-2018-5693 (The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows ...) NOT-FOR-US: LinuxMagic MagicSpam extension for Plesk CVE-2018-5692 (Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, ...) - piwigo <removed> @@ -34738,14 +34770,14 @@ CVE-2018-3887 (A memory corruption vulnerability exists in the PCX-parsing ...) NOT-FOR-US: Computerinsel Photoline CVE-2018-3886 (A memory corruption vulnerability exists in the PCX-parsing ...) NOT-FOR-US: Computerinsel Photoline -CVE-2018-3885 - RESERVED -CVE-2018-3884 - RESERVED -CVE-2018-3883 - RESERVED -CVE-2018-3882 - RESERVED +CVE-2018-3885 (An exploitable SQL injection vulnerability exists in the authenticated ...) + TODO: check +CVE-2018-3884 (An exploitable SQL injection vulnerability exists in the authenticated ...) + TODO: check +CVE-2018-3883 (An exploitable SQL injection vulnerability exists in the authenticated ...) + TODO: check +CVE-2018-3882 (An exploitable SQL injection vulnerability exists in the authenticated ...) + TODO: check CVE-2018-3881 (An exploitable unauthenticated XML external injection vulnerability ...) NOT-FOR-US: FocalScope CVE-2018-3880 (An exploitable stack-based buffer overflow vulnerability exists in the ...) @@ -35528,8 +35560,8 @@ CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and Tool NOT-FOR-US: Intel CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools in ...) NOT-FOR-US: Intel -CVE-2018-3686 - RESERVED +CVE-2018-3686 (Code injection vulnerability in INTEL-SA-00086 Detection Tool before ...) + TODO: check CVE-2018-3685 RESERVED CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 ...) @@ -35542,8 +35574,8 @@ CVE-2018-3681 RESERVED CVE-2018-3680 RESERVED -CVE-2018-3679 - RESERVED +CVE-2018-3679 (Escalation of privilege in Reference UI in Intel Data Center Manager ...) + TODO: check CVE-2018-3678 RESERVED CVE-2018-3677 @@ -35562,8 +35594,8 @@ CVE-2018-3671 (Escalation of privilege in Intel Saffron admin application before NOT-FOR-US: Intel Saffron admin application CVE-2018-3670 (Driver module in Intel Smart Sound Technology before version ...) NOT-FOR-US: Driver module in Intel Smart Sound Technology -CVE-2018-3669 - RESERVED +CVE-2018-3669 (A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino ...) + TODO: check CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) ...) NOT-FOR-US: Intel CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets ...) @@ -35588,16 +35620,16 @@ CVE-2018-3661 (Buffer overflow in Intel system Configuration utilities selview.e NOT-FOR-US: Intel CVE-2018-3660 RESERVED -CVE-2018-3659 - RESERVED -CVE-2018-3658 - RESERVED -CVE-2018-3657 - RESERVED +CVE-2018-3659 (A vulnerability in Intel PTT module in Intel CSME firmware before ...) + TODO: check +CVE-2018-3658 (Multiple memory leaks in Intel AMT in Intel CSME firmware versions ...) + TODO: check +CVE-2018-3657 (Multiple buffer overflows in Intel AMT in Intel CSME firmware versions ...) + TODO: check CVE-2018-3656 RESERVED -CVE-2018-3655 - RESERVED +CVE-2018-3655 (A vulnerability in a subsystem in Intel CSME before version 11.21.55, ...) + TODO: check CVE-2018-3654 RESERVED CVE-2018-3653 @@ -35630,8 +35662,8 @@ CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote Keybo NOT-FOR-US: Intel CVE-2018-3644 RESERVED -CVE-2018-3643 - RESERVED +CVE-2018-3643 (A vulnerability in Power Management Controller firmware in systems ...) + TODO: check CVE-2018-3642 RESERVED CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard ...) @@ -35710,8 +35742,8 @@ CVE-2018-3618 RESERVED CVE-2018-3617 REJECTED -CVE-2018-3616 - RESERVED +CVE-2018-3616 (Bleichenbacher-style side channel vulnerability in TLS implementation ...) + TODO: check CVE-2018-3615 (Systems with microprocessors utilizing speculative execution and Intel ...) - intel-microcode 3.20180703.1 NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault @@ -40730,8 +40762,8 @@ CVE-2018-1775 RESERVED CVE-2018-1774 RESERVED -CVE-2018-1773 - RESERVED +CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an ...) + TODO: check CVE-2018-1772 RESERVED CVE-2018-1771 @@ -47702,7 +47734,7 @@ CVE-2017-16722 RESERVED CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA ...) NOT-FOR-US: Geovap Reliance SCADA -CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions prior to ...) +CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions 8.3.2 and ...) NOT-FOR-US: Advantech WebAccess CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort ...) NOT-FOR-US: Moxa @@ -59898,7 +59930,7 @@ CVE-2017-12743 RESERVED CVE-2017-12742 RESERVED -CVE-2017-12741 (A vulnerability has been identified in SINAMICS GH150 V4.7 w. PROFINET ...) +CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart (All ...) NOT-FOR-US: Siemens CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...) NOT-FOR-US: Siemens @@ -94268,14 +94300,14 @@ CVE-2017-1087 (In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and ...) CVE-2017-1086 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, ...) - kfreebsd-10 <unfixed> (unimportant) NOTE: kfreebsd not covered by security support -CVE-2017-1085 - RESERVED -CVE-2017-1084 - RESERVED -CVE-2017-1083 - RESERVED -CVE-2017-1082 - RESERVED +CVE-2017-1085 (In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() ...) + TODO: check +CVE-2017-1084 (In FreeBSD before 11.2-RELEASE, multiple issues with the ...) + TODO: check +CVE-2017-1083 (In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is ...) + TODO: check +CVE-2017-1082 (In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the ...) + TODO: check CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and ...) - kfreebsd-10 <unfixed> (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44c1a3578143f7c3a956d457be5527ef04f195eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44c1a3578143f7c3a956d457be5527ef04f195eb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits