Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9cdfcf6 by security tracker role at 2018-09-27T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21
has an ...)
+ TODO: check
+CVE-2018-17569 (network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21
has an ...)
+ TODO: check
+CVE-2018-17568 (utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has
an ...)
+ TODO: check
+CVE-2018-17567
+ RESERVED
+CVE-2018-17566 (In ThinkPHP 5.1.24, the inner function delete can be used for
SQL ...)
+ TODO: check
+CVE-2018-17565
+ RESERVED
+CVE-2018-17564
+ RESERVED
+CVE-2018-17563
+ RESERVED
+CVE-2018-17562
+ RESERVED
+CVE-2018-17561
+ RESERVED
+CVE-2018-17560
+ RESERVED
+CVE-2018-17559
+ RESERVED
+CVE-2018-17558
+ RESERVED
+CVE-2018-17557
+ RESERVED
+CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New
Media ...)
+ TODO: check
+CVE-2018-17555 (The web component on ARRIS TG2492LG-NA 061213 devices allows
remote ...)
+ TODO: check
+CVE-2018-17554
+ RESERVED
CVE-2018-17553
RESERVED
CVE-2018-17552
@@ -286,10 +320,10 @@ CVE-2018-17413
RESERVED
CVE-2018-17412
RESERVED
-CVE-2018-17411
- RESERVED
-CVE-2018-17410
- RESERVED
+CVE-2018-17411 (An XML External Entity (XXE) vulnerability exists in iWay Data
Quality ...)
+ TODO: check
+CVE-2018-17410 (Horus CMS allows SQL Injection, as demonstrated by a request
to the ...)
+ TODO: check
CVE-2018-17409
RESERVED
CVE-2018-17408
@@ -376,8 +410,8 @@ CVE-2018-17367
RESERVED
CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF
vulnerability ...)
NOT-FOR-US: MCMS
-CVE-2018-17365
- RESERVED
+CVE-2018-17365 (SeaCMS 6.64 allows remote attackers to delete arbitrary files
via the ...)
+ TODO: check
CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP
code via ...)
NOT-FOR-US: OTCMS
CVE-2018-17363
@@ -488,22 +522,22 @@ CVE-2018-17318
RESERVED
CVE-2018-17317 (FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote
attackers ...)
NOT-FOR-US: FruityWifi
-CVE-2018-17316
- RESERVED
-CVE-2018-17315
- RESERVED
-CVE-2018-17314
- RESERVED
-CVE-2018-17313
- RESERVED
-CVE-2018-17312
- RESERVED
-CVE-2018-17311
- RESERVED
-CVE-2018-17310
- RESERVED
-CVE-2018-17309
- RESERVED
+CVE-2018-17316 (On the RICOH MP C6003 printer, HTML Injection and Stored XSS
...)
+ TODO: check
+CVE-2018-17315 (On the RICOH MP C2003 printer, HTML Injection and Stored XSS
...)
+ TODO: check
+CVE-2018-17314 (On the RICOH Aficio MP 305+ printer, HTML Injection and Stored
XSS ...)
+ TODO: check
+CVE-2018-17313 (On the RICOH MP C307 printer, HTML Injection and Stored XSS
...)
+ TODO: check
+CVE-2018-17312 (On the RICOH Aficio MP 301 printer, HTML Injection and Stored
XSS ...)
+ TODO: check
+CVE-2018-17311 (On the RICOH MP C6503 Plus printer, HTML Injection and Stored
XSS ...)
+ TODO: check
+CVE-2018-17310 (On the RICOH MP C1803 JPN printer, HTML Injection and Stored
XSS ...)
+ TODO: check
+CVE-2018-17309 (On the RICOH MP C406Z printer, HTML Injection and Stored XSS
...)
+ TODO: check
CVE-2018-17308
RESERVED
CVE-2018-17307
@@ -714,8 +748,8 @@ CVE-2018-17217
RESERVED
CVE-2018-17216
RESERVED
-CVE-2018-17215
- RESERVED
+CVE-2018-17215 (An information-disclosure issue was discovered in Postman
through ...)
+ TODO: check
CVE-2018-17214
RESERVED
CVE-2018-17213
@@ -1045,8 +1079,8 @@ CVE-2018-17082 (The Apache2 component in PHP before
5.6.38, 7.0.x before 7.0.32,
NOTE: Fixed in 5.6.38, 7.0.32, 7.1.22, 7.2.10, 7.3.0RC1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76582
NOTE:
https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e
-CVE-2018-17081
- RESERVED
+CVE-2018-17081 (e107 2.1.9 allows CSRF via ...)
+ TODO: check
CVE-2018-17080
RESERVED
CVE-2018-17079
@@ -1285,10 +1319,10 @@ CVE-2018-16971 (Wisetail Learning Ecosystem (LE)
through v4.11.6 allows insecure
NOT-FOR-US: Wisetail Learning Ecosystem
CVE-2018-16970 (Wisetail Learning Ecosystem (LE) through v4.11.6 allows
insecure direct ...)
NOT-FOR-US: Wisetail Learning Ecosystem
-CVE-2018-16969
- RESERVED
-CVE-2018-16968
- RESERVED
+CVE-2018-16969 (Citrix ShareFile StorageZones Controller before 5.4.2 has
Information ...)
+ TODO: check
+CVE-2018-16968 (Citrix ShareFile StorageZones Controller before 5.4.2 allows
Directory ...)
+ TODO: check
CVE-2018-16967
RESERVED
CVE-2018-16966
@@ -1876,12 +1910,12 @@ CVE-2018-16715 (An issue was discovered in Absolute
Software CTES Windows Agent
NOT-FOR-US: Absolute Software CTES Windows Agent
CVE-2018-16714
RESERVED
-CVE-2018-16713
- RESERVED
-CVE-2018-16712
- RESERVED
-CVE-2018-16711
- RESERVED
+CVE-2018-16713 (IObit Advanced SystemCare, which includes
Monitor_win10_x64.sys or ...)
+ TODO: check
+CVE-2018-16712 (IObit Advanced SystemCare, which includes
Monitor_win10_x64.sys or ...)
+ TODO: check
+CVE-2018-16711 (IObit Advanced SystemCare, which includes
Monitor_win10_x64.sys or ...)
+ TODO: check
CVE-2018-16710 (** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers
to ...)
- octoprint <itp> (bug #718591)
NOTE: https://github.com/foosel/OctoPrint/issues/2814
@@ -2164,8 +2198,7 @@ CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use
only client-side JavaScrip
NOT-FOR-US: FURUNO FELCOM
CVE-2018-16589
RESERVED
-CVE-2018-16588
- RESERVED
+CVE-2018-16588 (Privilege escalation can occur in the SUSE useradd.c code in
useradd, ...)
- shadow <not-affected> (SuSE-specific patch)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1106914
NOTE: The SUSE specific patch was a first iteration of
https://github.com/shadow-maint/shadow/pull/2
@@ -2766,8 +2799,8 @@ CVE-2018-16366 (An issue discovered in idreamsoft iCMS
V7.0.10. ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-16365 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2018-16364
- RESERVED
+CVE-2018-16364 (A serialization vulnerability in Zoho ManageEngine
Applications ...)
+ TODO: check
CVE-2018-16363 (The mndpsingh287 File Manager plugin V2.9 for WordPress has
XSS via ...)
NOT-FOR-US: mndpsingh287 File Manager plugin for WordPress
CVE-2018-16362 (An issue was discovered in the Source Integration plugin
before 1.5.9 ...)
@@ -3233,13 +3266,11 @@ CVE-2018-16154
RESERVED
CVE-2018-16153
RESERVED
-CVE-2018-16152
- RESERVED
+CVE-2018-16152 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in
the gmp ...)
{DSA-4305-1 DLA-1522-1}
- strongswan 5.7.0-1
NOTE:
https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
-CVE-2018-16151
- RESERVED
+CVE-2018-16151 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in
the gmp ...)
{DSA-4305-1 DLA-1522-1}
- strongswan 5.7.0-1
NOTE:
https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
@@ -3528,8 +3559,8 @@ CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to
2.4.8, and 2.2.0 to 2.2.16
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-45.html
-CVE-2018-16055
- RESERVED
+CVE-2018-16055 (An authenticated command injection vulnerability exists in ...)
+ TODO: check
CVE-2018-16054
RESERVED
CVE-2018-16053
@@ -4115,8 +4146,8 @@ CVE-2018-15838
RESERVED
CVE-2018-15837
RESERVED
-CVE-2018-15836
- RESERVED
+CVE-2018-15836 (In Openswan before 2.6.50.1, IKEv2 signature verification is
...)
+ TODO: check
CVE-2018-15835
RESERVED
CVE-2018-15834 (In radare2 before 2.9.0, a heap overflow vulnerability exists
in the ...)
@@ -4880,8 +4911,8 @@ CVE-2018-15533 (A reflected cross-site scripting
vulnerability exists in Geutebr
NOT-FOR-US: Geutebrueck
CVE-2018-15532
RESERVED
-CVE-2018-15531
- RESERVED
+CVE-2018-15531 (JavaMelody before 1.74.0 has XXE via parseSoapMethodName in
...)
+ TODO: check
CVE-2018-15530
RESERVED
CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny
...)
@@ -6385,36 +6416,36 @@ CVE-2018-14825 (On Honeywell Mobile Computers (CT60
running Android OS 7.1, CN80
NOT-FOR-US: Honeywell
CVE-2018-14824
RESERVED
-CVE-2018-14823
- RESERVED
+CVE-2018-14823 (Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer
...)
+ TODO: check
CVE-2018-14822
RESERVED
CVE-2018-14821 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior.
This ...)
NOT-FOR-US: Rockwell Automation RSLinx Classic
CVE-2018-14820
RESERVED
-CVE-2018-14819
- RESERVED
+CVE-2018-14819 (Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds
read ...)
+ TODO: check
CVE-2018-14818
RESERVED
-CVE-2018-14817
- RESERVED
+CVE-2018-14817 (Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow
...)
+ TODO: check
CVE-2018-14816
RESERVED
-CVE-2018-14815
- RESERVED
+CVE-2018-14815 (Fuji Electric V-Server 4.0.3.0 and prior, Several
out-of-bounds write ...)
+ TODO: check
CVE-2018-14814
RESERVED
-CVE-2018-14813
- RESERVED
+CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer
overflow ...)
+ TODO: check
CVE-2018-14812
RESERVED
-CVE-2018-14811
- RESERVED
+CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted
pointer ...)
+ TODO: check
CVE-2018-14810
RESERVED
-CVE-2018-14809
- RESERVED
+CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
+ TODO: check
CVE-2018-14808
RESERVED
CVE-2018-14807
@@ -7933,8 +7964,8 @@ CVE-2018-14329 (In HTSlib 1.8, a race condition in
cram/cram_io.c might allow lo
NOTE: Neutralised by kernel hardening
CVE-2018-14328 (Brynamics "Online Trade - Online trading and
cryptocurrency investment ...)
NOT-FOR-US: Brynamics "Online Trade - Online trading and cryptocurrency
investment system"
-CVE-2018-14327
- RESERVED
+CVE-2018-14327 (The installer for the Alcatel OSPREY3_MINI Modem component on
EE ...)
+ TODO: check
CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0
has TCP ...)
- glassfish <not-affected> (Vulnerable code not included, only builds a
few classes)
CVE-2018-14323
@@ -30186,6 +30217,7 @@ CVE-2018-6120
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6119 (Incorrect security UI in Omnibox in Google Chrome prior to ...)
+ {DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6118
@@ -30564,6 +30596,7 @@ CVE-2018-6056
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
CVE-2018-6055 (Insufficient policy enforcement in Catalog Service in Google
Chrome ...)
+ {DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6054 (Use after free in WebUI in Google Chrome prior to 64.0.3282.119
...)
@@ -52408,8 +52441,8 @@ CVE-2017-15610 (An issue was discovered in Octopus
before 3.17.7. When the speci
NOT-FOR-US: Octopus Deploy
CVE-2017-15609 (Octopus before 3.17.7 allows attackers to obtain sensitive
cleartext ...)
NOT-FOR-US: Octopus Deploy
-CVE-2017-15608
- RESERVED
+CVE-2017-15608 (Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker
to change ...)
+ TODO: check
CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in
filesystem-based ...)
NOT-FOR-US: Inedo Otter
CVE-2017-15606
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9cdfcf6c9315c12b5e0107c8eb27dfc78bdd908
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9cdfcf6c9315c12b5e0107c8eb27dfc78bdd908
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
