[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 28 Sep 2018 01:10:41 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c94f6429 by security tracker role at 2018-09-28T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,43 @@
+CVE-2018-17586
+       RESERVED
+CVE-2018-17585
+       RESERVED
+CVE-2018-17584
+       RESERVED
+CVE-2018-17583
+       RESERVED
+CVE-2018-17582
+       RESERVED
+CVE-2018-17581
+       RESERVED
+CVE-2018-17580
+       RESERVED
+CVE-2018-17579
+       RESERVED
+CVE-2018-17578
+       RESERVED
+CVE-2018-17577
+       RESERVED
+CVE-2018-17576
+       RESERVED
+CVE-2018-17575
+       RESERVED
+CVE-2018-17574
+       RESERVED
+CVE-2018-17573 (The Wp-Insert plugin through 2.4.2 for WordPress allows upload 
of ...)
+       TODO: check
+CVE-2018-17572
+       RESERVED
+CVE-2018-17571 (Vanilla before 2.6.3 allows XSS via the email field of a 
profile. ...)
+       TODO: check
 CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 
has an ...)
        NOT-FOR-US: ViaBTC Exchange Server
 CVE-2018-17569 (network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 
has an ...)
        NOT-FOR-US: ViaBTC Exchange Server
 CVE-2018-17568 (utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has 
an ...)
        NOT-FOR-US: ViaBTC Exchange Server
-CVE-2018-17567
-       RESERVED
+CVE-2018-17567 (Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 
3.8.3 ...)
+       TODO: check
 CVE-2018-17566 (In ThinkPHP 5.1.24, the inner function delete can be used for 
SQL ...)
        TODO: check
 CVE-2018-17565
@@ -346,20 +378,20 @@ CVE-2018-17399
        RESERVED
 CVE-2018-17398
        RESERVED
-CVE-2018-17397
-       RESERVED
+CVE-2018-17397 (SQL Injection exists in the AlphaIndex Dictionaries 1.0 
component for ...)
+       TODO: check
 CVE-2018-17396
        RESERVED
 CVE-2018-17395
        RESERVED
-CVE-2018-17394
-       RESERVED
+CVE-2018-17394 (SQL Injection exists in the Timetable Schedule 3.6.8 component 
for ...)
+       TODO: check
 CVE-2018-17393
        RESERVED
 CVE-2018-17392
        RESERVED
-CVE-2018-17391
-       RESERVED
+CVE-2018-17391 (SQL Injection exists in authors_post.php in Super Cms Blog Pro 
1.0 via ...)
+       TODO: check
 CVE-2018-17390
        RESERVED
 CVE-2018-17389
@@ -370,28 +402,28 @@ CVE-2018-17387
        RESERVED
 CVE-2018-17386
        RESERVED
-CVE-2018-17385
-       RESERVED
-CVE-2018-17384
-       RESERVED
-CVE-2018-17383
-       RESERVED
-CVE-2018-17382
-       RESERVED
+CVE-2018-17385 (SQL Injection exists in the Social Factory 3.8.3 component for 
Joomla! ...)
+       TODO: check
+CVE-2018-17384 (SQL Injection exists in the Swap Factory 2.2.1 component for 
Joomla! ...)
+       TODO: check
+CVE-2018-17383 (SQL Injection exists in the Collection Factory 4.1.9 component 
for ...)
+       TODO: check
+CVE-2018-17382 (SQL Injection exists in the Jobs Factory 2.0.4 component for 
Joomla! ...)
+       TODO: check
 CVE-2018-17381
        RESERVED
-CVE-2018-17380
-       RESERVED
-CVE-2018-17379
-       RESERVED
-CVE-2018-17378
-       RESERVED
-CVE-2018-17377
-       RESERVED
-CVE-2018-17376
-       RESERVED
-CVE-2018-17375
-       RESERVED
+CVE-2018-17380 (SQL Injection exists in the Article Factory Manager 4.3.9 
component ...)
+       TODO: check
+CVE-2018-17379 (SQL Injection exists in the Raffle Factory 3.5.2 component for 
Joomla! ...)
+       TODO: check
+CVE-2018-17378 (SQL Injection exists in the Penny Auction Factory 2.0.4 
component for ...)
+       TODO: check
+CVE-2018-17377 (SQL Injection exists in the Questions 1.4.3 component for 
Joomla! via ...)
+       TODO: check
+CVE-2018-17376 (SQL Injection exists in the Reverse Auction Factory 4.3.8 
component ...)
+       TODO: check
+CVE-2018-17375 (SQL Injection exists in the Music Collection 3.0.3 component 
for ...)
+       TODO: check
 CVE-2018-17374
        RESERVED
 CVE-2018-17373
@@ -888,7 +920,7 @@ CVE-2018-17155
 CVE-2018-17154
        RESERVED
 CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 
contains a ...)
-       {DLA-1520-1 DLA-1519-1}
+       {DSA-4306-1 DLA-1520-1 DLA-1519-1}
        - python3.7 <not-affected> (Fixed before initial upload)
        - python3.6 <not-affected> (Fixed before initial upload)
        - python3.5 <not-affected> (Fixed before initial upload)
@@ -1138,10 +1170,10 @@ CVE-2018-17057 (An issue was discovered in TCPDF before 
6.2.22. Attackers can tr
        NOTE: 
https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26e
        NOTE: Was considered minor for jessie since arbitrary deserialization
        NOTE: is still possible using http and https.
-CVE-2018-17056
-       RESERVED
-CVE-2018-17055
-       RESERVED
+CVE-2018-17056 (Cross-site scripting (XSS) vulnerability in ServiceStack in 
Progress ...)
+       TODO: check
+CVE-2018-17055 (An arbitrary file upload vulnerability in Progress Sitefinity 
CMS ...)
+       TODO: check
 CVE-2018-17054
        RESERVED
 CVE-2018-17053
@@ -2020,8 +2052,8 @@ CVE-2018-16661
        RESERVED
 CVE-2018-16660
        RESERVED
-CVE-2018-16659
-       RESERVED
+CVE-2018-16659 (An issue was discovered in Rausoft ID.prove 2.95. The login 
page ...)
+       TODO: check
 CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP 
message ...)
        {DSA-4292-1 DLA-1503-1}
        - kamailio 5.1.4-1 (bug #908324)
@@ -2203,16 +2235,14 @@ CVE-2018-16588 (Privilege escalation can occur in the 
SUSE useradd.c code in use
        - shadow <not-affected> (SuSE-specific patch)
        NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1106914
        NOTE: The SUSE specific patch was a first iteration of 
https://github.com/shadow-maint/shadow/pull/2
-CVE-2018-16587 [Remote File Deletion]
-       RESERVED
+CVE-2018-16587 (In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 
5.0.x before ...)
        {DLA-1521-1}
        - otrs2 6.0.11-1
        NOTE: 
https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/
        NOTE: OTRS 6: 
https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01
        NOTE: OTRS 5: 
https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711
        NOTE: OTRS 4: 
https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843
-CVE-2018-16586 [Loading External Image or CSS Resources]
-       RESERVED
+CVE-2018-16586 (In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 
5.0.x before ...)
        {DLA-1521-1}
        - otrs2 6.0.11-1
        NOTE: 
https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/
@@ -2996,8 +3026,8 @@ CVE-2018-16279
        RESERVED
 CVE-2018-16278 (phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an ...)
        NOT-FOR-US: phpkaiyuancms PhpOpenSourceCMS (POSCMS)
-CVE-2018-16277
-       RESERVED
+CVE-2018-16277 (The Image Import function in XWiki through 10.7 has XSS. ...)
+       TODO: check
 CVE-2018-16275 (OPSWAT MetaDefender before v4.11.2 allows CSV injection. ...)
        NOT-FOR-US: OPSWAT MetaDefender
 CVE-2018-16276 (An issue was discovered in yurex_read in 
drivers/usb/misc/yurex.c in ...)
@@ -4625,8 +4655,8 @@ CVE-2018-15613 (A cross-site scripting (XSS) 
vulnerability in the Runtime Config
        NOT-FOR-US: Avaya
 CVE-2018-15612 (A CSRF vulnerability in the Runtime Config component of Avaya 
Aura ...)
        NOT-FOR-US: Avaya
-CVE-2018-15611
-       RESERVED
+CVE-2018-15611 (A vulnerability in the local system administration component 
of Avaya ...)
+       TODO: check
 CVE-2018-15610 (A vulnerability in the one-X Portal component of Avaya IP 
Office ...)
        NOT-FOR-US: Avaya
 CVE-2018-15609
@@ -6113,10 +6143,10 @@ CVE-2018-14959 (An issue was discovered in WeaselCMS 
v0.3.5. CSRF can create new
        NOT-FOR-US: WeaselCMS
 CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update 
the ...)
        NOT-FOR-US: WeaselCMS
-CVE-2018-14957
-       RESERVED
-CVE-2018-14956
-       RESERVED
+CVE-2018-14957 (CMS ISWEB 3.5.3 is vulnerable to directory traversal and local 
file ...)
+       TODO: check
+CVE-2018-14956 (CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. 
An ...)
+       TODO: check
 CVE-2018-14949
        RESERVED
 CVE-2018-14948 (An issue has been found in dilawar sound through 2017-11-27. 
The end of ...)
@@ -6417,8 +6447,8 @@ CVE-2018-14826
        RESERVED
 CVE-2018-14825 (On Honeywell Mobile Computers (CT60 running Android OS 7.1, 
CN80 ...)
        NOT-FOR-US: Honeywell
-CVE-2018-14824
-       RESERVED
+CVE-2018-14824 (Delta Electronics Delta Industrial Automation PMSoft v2.11 or 
prior ...)
+       TODO: check
 CVE-2018-14823 (Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer 
...)
        NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14822
@@ -6871,8 +6901,8 @@ CVE-2018-14652
        RESERVED
 CVE-2018-14651
        RESERVED
-CVE-2018-14650
-       RESERVED
+CVE-2018-14650 (It was discovered that sos-collector does not properly set the 
default ...)
+       TODO: check
 CVE-2018-14649
        RESERVED
        NOT-FOR-US: ceph-iscsi-cli
@@ -6882,6 +6912,7 @@ CVE-2018-14648 [Mishandled search requests in 
servers/slapd/search.c:do_search()
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1630668
        TODO: check, not much detail provided
 CVE-2018-14647 (Python's elementtree C accelerator failed to initialise 
Expat's hash ...)
+       {DSA-4306-1}
        - python3.7 3.7.0-7
        - python3.6 3.6.7~rc1-1
        - python3.5 <unfixed>
@@ -8608,8 +8639,8 @@ CVE-2018-14039
        RESERVED
 CVE-2018-14038
        RESERVED
-CVE-2018-14037
-       RESERVED
+CVE-2018-14037 (Cross-site scripting (XSS) vulnerability in Progress Kendo UI 
Editor ...)
+       TODO: check
 CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect 
Access Control ...)
        - ruby-doorkeeper 4.4.2-1 (bug #903980)
        NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891
@@ -44857,7 +44888,7 @@ CVE-2018-1063 (Context relabeling of filesystems is 
vulnerable to symbolic link
 CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, 
where the ...)
        NOT-FOR-US: ovirt-engine
 CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 
3.7.0 is ...)
-       {DLA-1520-1 DLA-1519-1}
+       {DSA-4306-1 DLA-1520-1 DLA-1519-1}
        - python3.7 3.7.0~b3-1 (low)
        - python3.6 3.6.5~rc1-1 (low)
        - python3.5 3.5.6-1 (low)
@@ -44876,7 +44907,7 @@ CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 
3.5.6rc1, 3.6.5rc1 and 3.7.
        NOTE: 
https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0
 (3.4)
        NOTE: 
https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2
 (2.7)
 CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 
3.7.0 is ...)
-       {DLA-1520-1 DLA-1519-1}
+       {DSA-4306-1 DLA-1520-1 DLA-1519-1}
        - python3.7 3.7.0~b3-1 (low)
        - python3.6 3.6.5~rc1-1 (low)
        - python3.5 3.5.6-1 (low)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c94f64298aba7095feb8a75eb86d2ddae5740825

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c94f64298aba7095feb8a75eb86d2ddae5740825
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to