Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee4723f8 by security tracker role at 2018-09-15T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2018-17059
+ RESERVED
+CVE-2018-17058
+ RESERVED
+CVE-2018-17057 (An issue was discovered in TCPDF before 6.2.22. Attackers can
trigger ...)
+ TODO: check
+CVE-2018-17056
+ RESERVED
+CVE-2018-17055
+ RESERVED
+CVE-2018-17054
+ RESERVED
+CVE-2018-17053
+ RESERVED
+CVE-2018-17052
+ RESERVED
CVE-2018-17051 (K-Net Cisco Configuration Manager through 2014-11-19 has XSS
via ...)
NOT-FOR-US: K-Net Cisco Configuration Manager
CVE-2018-17050
@@ -765,8 +781,8 @@ CVE-2018-16708
RESERVED
CVE-2018-16707
RESERVED
-CVE-2018-16706
- RESERVED
+CVE-2018-16706 (LG SuperSign CMS allows TVs to be rebooted remotely without
...)
+ TODO: check
CVE-2018-16705 (FURUNO FELCOM 250 and 500 devices allow unauthenticated access
to the ...)
NOT-FOR-US: FURUNO FELCOM 250 and 500 devices
CVE-2018-16704 (An issue was discovered in Gleez CMS v1.2.0. Because of an
Insecure ...)
@@ -1786,12 +1802,12 @@ CVE-2018-16290
RESERVED
CVE-2018-16289
RESERVED
-CVE-2018-16288
- RESERVED
-CVE-2018-16287
- RESERVED
-CVE-2018-16286
- RESERVED
+CVE-2018-16288 (LG SuperSign CMS allows reading of arbitrary files via ...)
+ TODO: check
+CVE-2018-16287 (LG SuperSign CMS allows file upload via ...)
+ TODO: check
+CVE-2018-16286 (LG SuperSign CMS allows authentication bypass because the
CAPTCHA ...)
+ TODO: check
CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via
the ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-16284
@@ -1879,8 +1895,8 @@ CVE-2018-16244
RESERVED
CVE-2018-16243
RESERVED
-CVE-2018-16242
- RESERVED
+CVE-2018-16242 (oBike relies on Hangzhou Luoping Smart Locker to lock
bicycles, which ...)
+ TODO: check
CVE-2018-16241
RESERVED
CVE-2018-16240
@@ -5702,8 +5718,7 @@ CVE-2018-14640
RESERVED
CVE-2018-14639
RESERVED
-CVE-2018-14638 [Crash in delete_passwdPolicy when persistent search
connections are terminated unexpectedly]
- RESERVED
+CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The
process ...)
- 389-ds-base <unfixed>
NOTE:
https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73
CVE-2018-14637
@@ -10843,8 +10858,8 @@ CVE-2018-12587 (A cross-site scripting (XSS)
vulnerability was found in valeurad
NOT-FOR-US: valeuraddons German Spelling Dictionary
CVE-2018-12586
RESERVED
-CVE-2018-12585
- RESERVED
+CVE-2018-12585 (An XXE vulnerability in the OPC UA Java and .NET Legacy Stack
can ...)
+ TODO: check
CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in ...)
{DLA-1439-1}
- resiprocate <unfixed> (bug #905495)
@@ -11084,7 +11099,7 @@ CVE-2018-12497
CVE-2018-12496
RESERVED
CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in
DISCOUNT ...)
- {DLA-1499-1}
+ {DSA-4293-1 DLA-1499-1}
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501
NOTE: Fixed by
https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
@@ -12273,8 +12288,8 @@ CVE-2018-12088 (S3QL before 2.27 mishandles
checksumming, and consequently allow
NOTE:
https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020
CVE-2018-12087
RESERVED
-CVE-2018-12086
- RESERVED
+CVE-2018-12086 (Buffer overflow in OPC UA applications allows remote attackers
to ...)
+ TODO: check
CVE-2018-12085 (Liblouis 3.6.0 has a stack-based Buffer Overflow in the
function ...)
- liblouis 3.5.0-4 (bug #901202)
[stretch] - liblouis 3.0.0-3+deb9u4
@@ -13793,13 +13808,13 @@ CVE-2018-11506 (The sr_do_ioctl function in
drivers/scsi/sr_ioctl.c in the Linux
CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows
attackers to ...)
NOT-FOR-US: Werewolf Online application for Android
CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT
2.2.3a ...)
- {DLA-1499-1}
+ {DSA-4293-1 DLA-1499-1}
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
NOTE: POC:
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase
NOTE: Fixed by
https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in
DISCOUNT ...)
- {DLA-1499-1}
+ {DSA-4293-1 DLA-1499-1}
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
NOTE: POC:
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
@@ -13893,7 +13908,7 @@ CVE-2018-11469 (Incorrect caching of responses to
requests including an Authoriz
[jessie] - haproxy <not-affected> (Issue introduced in 1.8.0)
NOTE:
https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06
CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in
DISCOUNT ...)
- {DLA-1499-1}
+ {DSA-4293-1 DLA-1499-1}
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189
NOTE: POC:
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase
@@ -14962,8 +14977,8 @@ CVE-2018-11089
RESERVED
CVE-2018-11088
RESERVED
-CVE-2018-11087
- RESERVED
+CVE-2018-11087 (Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x
versions ...)
+ TODO: check
CVE-2018-11086
RESERVED
CVE-2018-11085
@@ -15020,8 +15035,8 @@ CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1,
contain an authorization
NOT-FOR-US: RSA Archer
CVE-2018-11059 (RSA Archer, versions prior to 6.4.0.1, contain a stored
cross-site ...)
NOT-FOR-US: RSA Archer
-CVE-2018-11058
- RESERVED
+CVE-2018-11058 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in
4.0.x) and ...)
+ TODO: check
CVE-2018-11057 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in
4.0.x) and ...)
NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11056 (RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x),
and RSA ...)
@@ -15803,8 +15818,8 @@ CVE-2018-10816
RESERVED
CVE-2018-10815
RESERVED
-CVE-2018-10814
- RESERVED
+CVE-2018-10814 (Synametrics SynaMan 4.0 build 1488 uses cleartext password
storage for ...)
+ TODO: check
CVE-2018-10813 (In Dedos-web 1.0, the cookie and session secrets used in the
...)
NOT-FOR-US: Dedos-web
CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses
cleartext ...)
@@ -15972,8 +15987,8 @@ CVE-2018-10765
RESERVED
CVE-2018-10764
RESERVED
-CVE-2018-10763
- RESERVED
+CVE-2018-10763 (Multiple cross-site scripting (XSS) vulnerabilities in
Synametrics ...)
+ TODO: check
CVE-2018-10762
REJECTED
CVE-2018-10761
@@ -48209,8 +48224,8 @@ CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows
remote authenticated administ
NOTE:
https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e
CVE-2017-16640
RESERVED
-CVE-2017-16639
- RESERVED
+CVE-2017-16639 (Tor Browser on Windows before 8.0 allows remote attackers to
bypass ...)
+ TODO: check
CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does
not ...)
- libnet-ping-external-perl <removed> (bug #881097)
[wheezy] - libnet-ping-external-perl <ignored> (Package may be removed
from Wheezy, see #881102)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee4723f8d59a7e326a8affed6b46aa1253355de4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee4723f8d59a7e326a8affed6b46aa1253355de4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
