Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
09b61d88 by security tracker role at 2018-09-19T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -143,8 +143,8 @@ CVE-2018-17113
(App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploa
NOT-FOR-US: EasyCMS
CVE-2018-17112
RESERVED
-CVE-2018-17111
- RESERVED
+CVE-2018-17111 (The onlyOwner modifier of a smart contract implementation for
...)
+ TODO: check
CVE-2018-17110 (Simple POS 4.0.24 allows SQL Injection via a
products/get_products/ ...)
NOT-FOR-US: Simple POS
CVE-2018-17109
@@ -252,8 +252,8 @@ CVE-2018-17073 (wernsey/bitmap before 2018-08-18 allows a
NULL pointer dereferen
NOT-FOR-US: bitmap
CVE-2018-17072 (JSON++ through 2016-06-15 has a buffer over-read in yyparse()
in ...)
NOT-FOR-US: JSON++
-CVE-2018-17071
- RESERVED
+CVE-2018-17071 (The fallback function of a simple lottery smart contract ...)
+ TODO: check
CVE-2018-17070 (An issue was discovered in UNL-CMS 7.59. A CSRF attack can
update the ...)
NOT-FOR-US: UNL-CMS
CVE-2018-17069 (An issue was discovered in UNL-CMS 7.59. A CSRF attack can
create new ...)
@@ -809,10 +809,10 @@ CVE-2018-16822
RESERVED
CVE-2018-16821
RESERVED
-CVE-2018-16820
- RESERVED
-CVE-2018-16819
- RESERVED
+CVE-2018-16820 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary
directory ...)
+ TODO: check
+CVE-2018-16819 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary file
deletion ...)
+ TODO: check
CVE-2018-16818
RESERVED
CVE-2018-16817
@@ -861,8 +861,8 @@ CVE-2018-16796 (HiScout GRC Suite before 3.1.5 allows
Unrestricted Upload of Fil
NOT-FOR-US: HiScout GRC Suite
CVE-2018-16795
RESERVED
-CVE-2018-16794
- RESERVED
+CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active
Directory ...)
+ TODO: check
CVE-2018-16793
RESERVED
CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25.
Incorrect ...)
@@ -1138,14 +1138,14 @@ CVE-2018-16673
RESERVED
CVE-2018-16672
RESERVED
-CVE-2018-16671
- RESERVED
-CVE-2018-16670
- RESERVED
-CVE-2018-16669
- RESERVED
-CVE-2018-16668
- RESERVED
+CVE-2018-16671 (An issue was discovered in CIRCONTROL CirCarLife before 4.3.
There is ...)
+ TODO: check
+CVE-2018-16670 (An issue was discovered in CIRCONTROL CirCarLife before 4.3.
There is ...)
+ TODO: check
+CVE-2018-16669 (An issue was discovered in CIRCONTROL Open Charge Point
Protocol ...)
+ TODO: check
+CVE-2018-16668 (An issue was discovered in CIRCONTROL CirCarLife before 4.3.
There is ...)
+ TODO: check
CVE-2018-16667 (An issue was discovered in Contiki-NG through 4.1. There is a
buffer ...)
NOT-FOR-US: Contiki Operating System
CVE-2018-16666 (An issue was discovered in Contiki-NG through 4.1. There is a
...)
@@ -1529,8 +1529,7 @@ CVE-2018-16554 (The ProcessGpsInfo function of the
gpsinfo.c file of jhead 3.00
- jhead <unfixed> (bug #908176)
[stretch] - jhead <no-dsa> (Minor issue)
[jessie] - jhead <no-dsa> (Minor issue)
-CVE-2018-16515 [Synapse: Failures to correctly validate signatures on
transactions and events]
- RESERVED
+CVE-2018-16515 (Matrix Synapse before 0.33.3.1 allows remote attackers to
spoof events ...)
- matrix-synapse 0.33.3.1-1 (bug #908044)
NOTE:
https://matrix.org/blog/2018/09/05/pre-disclosure-upcoming-critical-security-fix-for-synapse/
NOTE:
https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/
@@ -2224,8 +2223,8 @@ CVE-2018-16227
RESERVED
CVE-2018-16226
RESERVED
-CVE-2018-16225
- RESERVED
+CVE-2018-16225 (The QBee MultiSensor Camera through 4.16.4 accepts unencrypted
network ...)
+ TODO: check
CVE-2018-16224
RESERVED
CVE-2018-16223
@@ -4002,8 +4001,8 @@ CVE-2018-15548
RESERVED
CVE-2018-15547
RESERVED
-CVE-2018-15546
- RESERVED
+CVE-2018-15546 (Accusoft PrizmDoc version 13.3 and earlier contains a Stored
...)
+ TODO: check
CVE-2018-15545
RESERVED
CVE-2018-15544
@@ -7860,8 +7859,7 @@ CVE-2018-13984
RESERVED
CVE-2018-13983
RESERVED
-CVE-2018-13982
- RESERVED
+CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before
3.1.33 is ...)
- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
NOTE:
https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe
NOTE:
https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8
@@ -11028,7 +11026,7 @@ CVE-2018-12636 (The iThemes Security
(better-wp-security) plugin before 7.0.3 fo
NOT-FOR-US: Wordpress plugin
CVE-2018-12635 (CirCarLife Scada v4.2.4 allows unauthorized upgrades via
requests to ...)
NOT-FOR-US: CirCarLife Scada
-CVE-2018-12634 (CirCarLife Scada v4.2.4 allows remote attackers to obtain
sensitive ...)
+CVE-2018-12634 (CirCarLife Scada before 4.3 allows remote attackers to obtain
...)
NOT-FOR-US: CirCarLife Scada
CVE-2018-12633 (An issue was discovered in the Linux kernel through 4.17.2.
...)
- linux 4.17.3-1
@@ -15288,8 +15286,8 @@ CVE-2018-11086 (Pivotal Usage Service in Pivotal
Application Service, versions 2
TODO: check
CVE-2018-11085
REJECTED
-CVE-2018-11084
- RESERVED
+CVE-2018-11084 (Cloud Foundry Garden-runC release, versions prior to 1.16.1,
prevents ...)
+ TODO: check
CVE-2018-11083
RESERVED
CVE-2018-11082
@@ -15314,8 +15312,8 @@ CVE-2018-11073
RESERVED
CVE-2018-11072
RESERVED
-CVE-2018-11071
- RESERVED
+CVE-2018-11071 (Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x,
8.0.1.x, ...)
+ TODO: check
CVE-2018-11070 (RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J
...)
NOT-FOR-US: RSA BSAFE Crypto-J
CVE-2018-11069 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert
Timing ...)
@@ -15373,7 +15371,7 @@ CVE-2018-11044 (Pivotal Apps Manager included in
Pivotal Application Service, ve
CVE-2018-11043
RESERVED
CVE-2018-11042
- RESERVED
+ REJECTED
CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to
4.19.0 ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x
prior to ...)
@@ -27223,14 +27221,14 @@ CVE-2018-6695
RESERVED
CVE-2018-6694
RESERVED
-CVE-2018-6693
- RESERVED
+CVE-2018-6693 (An unprivileged user can delete arbitrary files on a Linux
system ...)
+ TODO: check
CVE-2018-6692 (Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in
Belkin ...)
NOT-FOR-US: Belkin Wemo Insight Smart Plug
CVE-2018-6691
RESERVED
-CVE-2018-6690
- RESERVED
+CVE-2018-6690 (Accessing, modifying, or executing executable files
vulnerability in ...)
+ TODO: check
CVE-2018-6689
RESERVED
CVE-2018-6688
@@ -43210,7 +43208,7 @@ CVE-2018-1224
CVE-2018-1223 (Cloud Foundry Container Runtime (kubo-release), versions prior
to ...)
TODO: check
CVE-2018-1222
- RESERVED
+ REJECTED
CVE-2018-1221 (In cf-deployment before 1.14.0 and routing-release before
0.172.0, the ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect
...)
@@ -78458,8 +78456,8 @@ CVE-2017-6915 (CSRF exists in BigTree CMS 4.1.18 with
the colophon parameter to
NOT-FOR-US: BigTree CMS
CVE-2017-6914 (CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id
parameter to ...)
NOT-FOR-US: BigTree CMS
-CVE-2017-6913
- RESERVED
+CVE-2017-6913 (Cross-site scripting (XSS) vulnerability in the Open-Xchange
webmail ...)
+ TODO: check
CVE-2017-6912
RESERVED
CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It
stores ...)
@@ -87309,8 +87307,8 @@ CVE-2017-3914
RESERVED
CVE-2017-3913
RESERVED
-CVE-2017-3912
- RESERVED
+CVE-2017-3912 (Bypassing password security vulnerability in McAfee Application
and ...)
+ TODO: check
CVE-2017-3911
RESERVED
CVE-2017-3910
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/09b61d88350f0a8e903d06d5377c40b3fba8a476
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/09b61d88350f0a8e903d06d5377c40b3fba8a476
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
