Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92d4961b by security tracker role at 2018-10-01T20:10:39Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
-CVE-2018-17854
- RESERVED
+CVE-2018-17854 (SIMDComp before 0.1.1 allows remote attackers to cause a
denial of ...)
+ TODO: check
CVE-2018-17853
RESERVED
-CVE-2018-17852
- RESERVED
-CVE-2018-17851
- RESERVED
-CVE-2018-17850
- RESERVED
+CVE-2018-17852 (A SQL injection was discovered in WUZHI CMS 4.1.0 in ...)
+ TODO: check
+CVE-2018-17851 (An issue was discovered in JsonCpp 1.8.4. An unhandled
exception ...)
+ TODO: check
+CVE-2018-17850 (An issue was discovered in JsonCpp 1.8.4. An unhandled
exception ...)
+ TODO: check
CVE-2018-17849
RESERVED
-CVE-2018-17848
- RESERVED
-CVE-2018-17847
- RESERVED
-CVE-2018-17846
- RESERVED
+CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go
mishandles ...)
+ TODO: check
+CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go
mishandles ...)
+ TODO: check
+CVE-2018-17846 (The html package (aka x/net/html) through 2018-09-25 in Go
mishandles ...)
+ TODO: check
CVE-2018-17845
RESERVED
CVE-2018-17844
@@ -30,34 +30,34 @@ CVE-2018-17840
RESERVED
CVE-2018-17839
RESERVED
-CVE-2018-17838
- RESERVED
-CVE-2018-17837
- RESERVED
-CVE-2018-17836
- RESERVED
-CVE-2018-17835
- RESERVED
+CVE-2018-17838 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file
read ...)
+ TODO: check
+CVE-2018-17837 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file
deletion ...)
+ TODO: check
+CVE-2018-17836 (An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote
...)
+ TODO: check
+CVE-2018-17835 (An issue was discovered in GetSimple CMS 3.3.15. An
administrator can ...)
+ TODO: check
CVE-2018-17834
RESERVED
CVE-2018-17833
RESERVED
-CVE-2018-17832
- RESERVED
-CVE-2018-17831
- RESERVED
-CVE-2018-17830
- RESERVED
+CVE-2018-17832 (XSS exists in WUZHI CMS 2.0 via the index.php v or f
parameter. ...)
+ TODO: check
+CVE-2018-17831 (In REDAXO before 5.6.3, a critical SQL injection vulnerability
has been ...)
+ TODO: check
+CVE-2018-17830 (The $args variable in addons/mediapool/pages/index.php in
REDAXO 5.6.2 ...)
+ TODO: check
CVE-2018-17829
RESERVED
-CVE-2018-17828
- RESERVED
-CVE-2018-17827
- RESERVED
-CVE-2018-17826
- RESERVED
-CVE-2018-17825
- RESERVED
+CVE-2018-17828 (Directory traversal vulnerability in ZZIPlib 0.13.69 allows
attackers ...)
+ TODO: check
+CVE-2018-17827 (HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP
code by ...)
+ TODO: check
+CVE-2018-17826 (HisiPHP 1.0.8 allows CSRF via
admin.php/admin/user/adduser.html to add ...)
+ TODO: check
+CVE-2018-17825 (An issue was discovered in AdPlug 2.3.1. There are several
double-free ...)
+ TODO: check
CVE-2018-17824
RESERVED
CVE-2018-17823
@@ -126,10 +126,10 @@ CVE-2018-17794 (An issue was discovered in cplus-dem.c in
GNU libiberty, as dist
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350
-CVE-2015-9268
- RESERVED
-CVE-2015-9267
- RESERVED
+CVE-2015-9268 (Nullsoft Scriptable Install System (NSIS) before 2.49 has
unsafe ...)
+ TODO: check
+CVE-2015-9267 (Nullsoft Scriptable Install System (NSIS) before 2.49 uses
temporary ...)
+ TODO: check
CVE-2018-17793 (Virtualenv 16.0.0 allows a sandbox escape via "python
$(bash >&2)" and ...)
- python-virtualenv <unfixed> (unimportant)
NOTE: https://github.com/pypa/virtualenv/issues/1207
@@ -875,8 +875,8 @@ CVE-2018-17429
RESERVED
CVE-2018-17428
RESERVED
-CVE-2018-17427
- RESERVED
+CVE-2018-17427 (SIMDComp before 0.1.0 allows remote attackers to cause a
denial of ...)
+ TODO: check
CVE-2018-17426
RESERVED
CVE-2018-17425
@@ -1417,6 +1417,7 @@ CVE-2018-17185
CVE-2018-17184
RESERVED
CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8.
The ...)
+ {DSA-4308-1}
- linux 4.18.10-1
NOTE:
https://git.kernel.org/linus/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
NOTE:
https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
@@ -1892,6 +1893,7 @@ CVE-2018-16986
CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address
was ...)
NOT-FOR-US: Lizard
CVE-2018-16984 [Password hash disclosure to "view only" admin users]
+ RESERVED
[experimental] - python-django 2:2.1.2-1
- python-django <not-affected> (bug #910016; vulnerable code not
present)
NOTE: https://www.djangoproject.com/weblog/2018/oct/01/security-release/
@@ -2636,6 +2638,7 @@ CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before
5.1.4, a crafted SIP m
NOTE:
https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d
(5.1)
NOTE:
https://github.com/kamailio/kamailio/commit/f07dabffef98c7088cdbc2bd695a4ae7a241b159
(5.0)
CVE-2018-16658 (An issue was discovered in the Linux kernel before 4.18.6. An
...)
+ {DSA-4308-1}
- linux 4.18.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 (4.19-rc2)
CVE-2018-16656
@@ -3609,6 +3612,7 @@ CVE-2018-16277 (The Image Import function in XWiki
through 10.7 has XSS. ...)
CVE-2018-16275 (OPSWAT MetaDefender before v4.11.2 allows CSV injection. ...)
NOT-FOR-US: OPSWAT MetaDefender
CVE-2018-16276 (An issue was discovered in yurex_read in
drivers/usb/misc/yurex.c in ...)
+ {DSA-4308-1}
- linux 4.17.8-1
NOTE: Fixed by:
https://git.kernel.org/linus/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 (4.18-rc5)
CVE-2018-16274
@@ -5433,10 +5437,12 @@ CVE-2018-15574 (** DISPUTED ** An issue was discovered
in the license editor in
CVE-2018-15573 (** DISPUTED ** An issue was discovered in Reprise License
Manager (RLM) ...)
NOT-FOR-US: Reprise License Manager
CVE-2018-15594 (arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1
mishandles ...)
+ {DSA-4308-1}
- linux 4.17.15-1
NOTE: https://twitter.com/grsecurity/status/1029324426142199808
NOTE:
https://git.kernel.org/linus/5800dc5c19f34e6e03b5adab1282535cb102fafd
CVE-2018-15572 (The spectre_v2_select_mitigation function in
arch/x86/kernel/cpu/bugs.c ...)
+ {DSA-4308-1}
- linux 4.17.15-1
NOTE:
https://git.kernel.org/linus/fdf82a7856b32d905c39afc85e34364491e46346
CVE-2018-15571 (The Export Users to CSV plugin through 1.1.1 for WordPress
allows CSV ...)
@@ -7057,48 +7063,48 @@ CVE-2018-14810
RESERVED
CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14808
- RESERVED
+CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5. Non-administrative
users ...)
+ TODO: check
CVE-2018-14807
RESERVED
CVE-2018-14806
RESERVED
CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the
system ...)
NOT-FOR-US: ABB eSOMS
-CVE-2018-14804
- RESERVED
+CVE-2018-14804 (Emerson AMS Device Manager v12.0 to v13.5. A specially
crafted ...)
+ TODO: check
CVE-2018-14803 (Philips e-Alert Unit (non-medical device), Version R2.1 and
prior. The ...)
NOT-FOR-US: Philips e-Alert Unit
-CVE-2018-14802
- RESERVED
+CVE-2018-14802 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini
(C1), ...)
+ TODO: check
CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70
Cardiographs, all ...)
NOT-FOR-US: Philips PageWriter
CVE-2018-14800
RESERVED
CVE-2018-14799 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70
Cardiographs, all ...)
NOT-FOR-US: Philips PageWriter
-CVE-2018-14798
- RESERVED
+CVE-2018-14798 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini
(C1), ...)
+ TODO: check
CVE-2018-14797 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5
allow a ...)
NOT-FOR-US: Emerson DeltaV DCS
CVE-2018-14796 (Tec4Data SmartCooler, all versions prior to firmware 180806,
the ...)
NOT-FOR-US: Tec4Data SmartCooler
CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is
vulnerable ...)
NOT-FOR-US: DeltaV
-CVE-2018-14794
- RESERVED
+CVE-2018-14794 (Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The
device ...)
+ TODO: check
CVE-2018-14793 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is
vulnerable ...)
NOT-FOR-US: DeltaV
CVE-2018-14792 (WECON PLC Editor version 1.3.3U may allow an attacker to
execute code ...)
NOT-FOR-US: WECON
CVE-2018-14791 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5
may ...)
NOT-FOR-US: Emerson DeltaV DCS
-CVE-2018-14790
- RESERVED
+CVE-2018-14790 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini
(C1), ...)
+ TODO: check
CVE-2018-14789 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV
Version ...)
NOT-FOR-US: Philips
-CVE-2018-14788
- RESERVED
+CVE-2018-14788 (Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A
buffer ...)
+ TODO: check
CVE-2018-14787 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV
Version ...)
NOT-FOR-US: Philips
CVE-2018-14786 (Becton, Dickinson and Company (BD) Alaris Plus medical syringe
pumps ...)
@@ -7298,6 +7304,7 @@ CVE-2018-14735 (An Information Exposure issue was
discovered in Hitachi Command
CVE-2018-14733
RESERVED
CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through
4.17.11 ...)
+ {DSA-4308-1}
- linux 4.17.14-1
NOTE:
https://git.kernel.org/linus/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 (4.18-rc1)
CVE-2018-14732 (An issue was discovered in lib/Server.js in webpack-dev-server
before ...)
@@ -7402,6 +7409,7 @@ CVE-2018-14684
CVE-2018-14683
RESERVED
CVE-2018-14678 (An issue was discovered in the Linux kernel through 4.17.11,
as used in ...)
+ {DSA-4308-1}
- linux 4.17.14-1
NOTE: https://xenbits.xen.org/xsa/advisory-274.html
NOTE:
https://git.kernel.org/linus/b3681dd548d06deb2e1573890829dff4b15abf46
@@ -7546,6 +7554,7 @@ CVE-2018-14634 (An integer overflow flaw was found in the
Linux kernel's ...)
[stretch] - linux 4.9.47-1
NOTE: https://www.openwall.com/lists/oss-security/2018/09/25/4
CVE-2018-14633 (A security flaw was found in the chap_server_compute_md5()
function in ...)
+ {DSA-4308-1}
- linux 4.18.10-1
NOTE: https://www.openwall.com/lists/oss-security/2018/09/24/2
CVE-2018-14632 (An out of bound write can occur when patching an Openshift
object ...)
@@ -7606,6 +7615,7 @@ CVE-2018-14618 (curl before version 7.61.1 is vulnerable
to a buffer overrun in
NOTE: https://github.com/curl/curl/issues/2756
NOTE:
https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243
CVE-2018-14617 (An issue was discovered in the Linux kernel through 4.17.10.
There is a ...)
+ {DSA-4308-1}
- linux 4.18.8-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200297
NOTE: https://www.spinics.net/lists/linux-fsdevel/msg130021.html
@@ -7636,6 +7646,7 @@ CVE-2018-14610 (An issue was discovered in the Linux
kernel through 4.17.10. The
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837
NOTE: https://patchwork.kernel.org/patch/10503415/
CVE-2018-14609 (An issue was discovered in the Linux kernel through 4.17.10.
There is ...)
+ {DSA-4308-1}
- linux 4.18.8-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199833
NOTE: https://patchwork.kernel.org/patch/10500521/
@@ -11290,6 +11301,7 @@ CVE-2018-13100 (An issue was discovered in
fs/f2fs/super.c in the Linux kernel t
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200183
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d
CVE-2018-13099 (An issue was discovered in fs/f2fs/inline.c in the Linux
kernel through ...)
+ {DSA-4308-1}
- linux 4.18.10-1
[jessie] - linux-4.9 <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200179
@@ -17178,6 +17190,7 @@ CVE-2018-10940 (The cdrom_ioctl_media_changed function
in drivers/cdrom/cdrom.c
CVE-2018-10939 (Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8
before ...)
NOT-FOR-US: Zimbra Web Client
CVE-2018-10938 (A flaw was found in the Linux kernel present since v4.0-rc1
and ...)
+ {DSA-4308-1}
- linux 4.13.4-1 (unimportant)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/40413955ee265a5e42f710940ec78f5450d49149 (4.13-rc5)
@@ -17343,6 +17356,7 @@ CVE-2018-10903 (A flaw was found in python-cryptography
versions between >=1.
NOTE: https://github.com//pyca/cryptography/pull/4342
NOTE:
https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef
CVE-2018-10902 (It was found that the raw midi kernel driver does not protect
against ...)
+ {DSA-4308-1}
- linux 4.17.15-1
NOTE:
https://git.kernel.org/linus/39675f7a7c7e7702f7d5341f1e0d01db746543a0 (4.18-rc6)
CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization
subsystem. The ...)
@@ -18204,8 +18218,8 @@ CVE-2018-10607 (Martem TELEM GW6 and GWM devices with
firmware ...)
NOT-FOR-US: Martem TELEM GW6 and GWM devices
CVE-2018-10606 (WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple
heap-based ...)
TODO: check
-CVE-2018-10605
- RESERVED
+CVE-2018-10605 (Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may
allow ...)
+ TODO: check
CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full
access to ...)
NOT-FOR-US: SEL Compass
CVE-2018-10603 (Martem TELEM GW6 and GWM devices with firmware ...)
@@ -20853,6 +20867,7 @@ CVE-2018-9517
NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
CVE-2018-9516
RESERVED
+ {DSA-4308-1}
- linux 4.17.6-1
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=717adfdaf14704fd3ec7fa2c04520c0723247eac
NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
@@ -21233,6 +21248,7 @@ CVE-2018-9364
RESERVED
CVE-2018-9363 [HID: Bluetooth: hidp: buffer overflow in hidp_process_report]
RESERVED
+ {DSA-4308-1}
- linux 4.17.15-1
CVE-2018-9362
RESERVED
@@ -25357,6 +25373,7 @@ CVE-2017-18222 (In the Linux kernel before 4.12,
Hisilicon Network Subsystem (HN
CVE-2018-7756 (RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit)
devices ...)
NOT-FOR-US: RunExeFile.exe in the installer for DEWESoft X3 SP1 devices
CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...)
+ {DSA-4308-1}
- linux 4.18.10-1
[jessie] - linux-4.9 <unfixed>
NOTE: https://lkml.org/lkml/2018/5/29/495
@@ -29327,9 +29344,11 @@ CVE-2018-6556 (lxc-user-nic when asked to delete a
network interface will ...)
NOTE: Prerequisite:
https://github.com/lxc/lxc/commit/f96f5f3c1341e73ee51c8b49bef4ba571c562d8c
NOTE: Fixed by:
https://github.com/lxc/lxc/commit/5eb45428b312e978fb9e294dde16efb14dd9fa4d
CVE-2018-6555 (The irda_setsockopt function in net/irda/af_irda.c and later in
...)
+ {DSA-4308-1}
- linux 4.17.3-1
NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6554 (Memory leak in the irda_bind function in net/irda/af_irda.c and
later ...)
+ {DSA-4308-1}
- linux 4.17.3-1
NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd
backend due ...)
@@ -43099,8 +43118,8 @@ CVE-2018-1674 (IBM Business Process Manager 8.5 through
8.6 and 18.0.0.0 through
NOT-FOR-US: IBM
CVE-2018-1673
RESERVED
-CVE-2018-1672
- RESERVED
+CVE-2018-1672 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the
...)
+ TODO: check
CVE-2018-1671
RESERVED
CVE-2018-1670
@@ -43603,8 +43622,8 @@ CVE-2018-1422 (IBM Jazz Foundation products (IBM
Rational DOORS Next Generation
NOT-FOR-US: IBM
CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2,
and ...)
NOT-FOR-US: IBM WebSphere DataPower Appliances
-CVE-2018-1420
- RESERVED
+CVE-2018-1420 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access
control ...)
+ TODO: check
CVE-2018-1419 (IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM
module for ...)
NOT-FOR-US: IBM
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to
bypass ...)
@@ -53187,7 +53206,7 @@ CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3,
SQL Injection exists via an
NOT-FOR-US: PHPSUGAR PHP Melody
CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via
the image ...)
NOT-FOR-US: PHPSUGAR PHP Melody
-CVE-2017-15567 (The certificate import component in IDEMIA (formerly Morpho)
...)
+CVE-2017-15567 (** DISPUTED ** The certificate import component in IDEMIA
(formerly ...)
NOT-FOR-US: IDEMIA
CVE-2017-15566 (Insecure SPANK environment variable handling exists in SchedMD
Slurm ...)
{DSA-4023-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/92d4961b30c47162a25ca01de5d73b5a88c77fa4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/92d4961b30c47162a25ca01de5d73b5a88c77fa4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
