Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20a1b7b9 by security tracker role at 2018-10-02T08:10:31Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2018-17882
+ RESERVED
+CVE-2018-17881
+ RESERVED
+CVE-2018-17880
+ RESERVED
+CVE-2018-17879
+ RESERVED
+CVE-2018-17878
+ RESERVED
+CVE-2018-17877
+ RESERVED
+CVE-2018-17876
+ RESERVED
+CVE-2018-17875
+ RESERVED
+CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
+ TODO: check
+CVE-2018-17873
+ RESERVED
+CVE-2018-17872
+ RESERVED
+CVE-2018-17871
+ RESERVED
+CVE-2018-17870 (An issue was discovered in BTITeam XBTIT 2.5.4. The
"returnto" ...)
+ TODO: check
+CVE-2018-17869 (DASAN H660GW devices do not implement any CSRF protection
mechanism. ...)
+ TODO: check
+CVE-2018-17868 (DASAN H660GW devices have Stored XSS in the Port Forwarding
...)
+ TODO: check
+CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices
allows remote ...)
+ TODO: check
+CVE-2018-17866
+ RESERVED
+CVE-2018-17865
+ RESERVED
+CVE-2018-17864
+ RESERVED
+CVE-2018-17863
+ RESERVED
+CVE-2018-17862
+ RESERVED
+CVE-2018-17861
+ RESERVED
+CVE-2018-17860
+ RESERVED
+CVE-2018-17859
+ RESERVED
+CVE-2018-17858
+ RESERVED
+CVE-2018-17857
+ RESERVED
+CVE-2018-17856
+ RESERVED
+CVE-2018-17855
+ RESERVED
+CVE-2015-9270 (XSS exists in the the-holiday-calendar plugin before 1.11.3 for
...)
+ TODO: check
+CVE-2015-9269 (The export/content.php exportarticle feature in the ...)
+ TODO: check
CVE-2018-17854 (SIMDComp before 0.1.1 allows remote attackers to cause a
denial of ...)
NOT-FOR-US: SIMDComp
CVE-2018-17853
@@ -647,6 +707,7 @@ CVE-2018-17541
RESERVED
CVE-2018-17540 [denial-of-service vulnerability in the gmp plugin]
RESERVED
+ {DSA-4309-1}
- strongswan 5.7.1-1
NOTE:
https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
CVE-2018-17539
@@ -1956,7 +2017,7 @@ CVE-2018-16967
RESERVED
CVE-2018-16966
RESERVED
-CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML
Injection ...)
+CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109,
there ...)
NOT-FOR-US: Zoho
CVE-2018-16964
RESERVED
@@ -3188,9 +3249,9 @@ CVE-2018-16439
CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is an out ...)
- hdf5 <undetermined>
NOTE: [email protected]:498-10___out-of-bounds-read
-CVE-2018-16437 (Gxlcms 2.0 has Directory Traversal exploitable by an
administrator. ...)
+CVE-2018-16437 (Gxlcms 2.0 before bug fix 20180915 has Directory Traversal
exploitable ...)
NOT-FOR-US: Gxlcms
-CVE-2018-16436 (Gxlcms 2.0 has SQL Injection exploitable by an administrator.
...)
+CVE-2018-16436 (Gxlcms 2.0 before bug fix 20180915 has SQL Injection
exploitable by an ...)
NOT-FOR-US: Gxlcms
CVE-2018-16435 (Little CMS (aka Little Color Management System) 2.9 has an
integer ...)
{DSA-4289-1 DSA-4284-1 DLA-1496-1}
@@ -5074,12 +5135,12 @@ CVE-2018-15704
RESERVED
CVE-2018-15703
RESERVED
-CVE-2018-15702
- RESERVED
-CVE-2018-15701
- RESERVED
-CVE-2018-15700
- RESERVED
+CVE-2018-15702 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is
...)
+ TODO: check
+CVE-2018-15701 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is
...)
+ TODO: check
+CVE-2018-15700 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is
...)
+ TODO: check
CVE-2018-15699 (ASUSTOR Data Master 3.1.5 and below makes an HTTP request for
a ...)
NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15698 (ASUSTOR Data Master 3.1.5 and below allows authenticated
remote ...)
@@ -36707,14 +36768,14 @@ CVE-2018-4003
RESERVED
CVE-2018-4002
RESERVED
-CVE-2018-4001
- RESERVED
-CVE-2018-4000
- RESERVED
-CVE-2018-3999
- RESERVED
-CVE-2018-3998
- RESERVED
+CVE-2018-4001 (An exploitable uninitialized pointer vulnerability exists in
the ...)
+ TODO: check
+CVE-2018-4000 (An exploitable double-free vulnerability exists in the Office
Open XML ...)
+ TODO: check
+CVE-2018-3999 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
+ TODO: check
+CVE-2018-3998 (An exploitable heap-based buffer overflow vulnerability exists
in the ...)
+ TODO: check
CVE-2018-3997
RESERVED
CVE-2018-3996
@@ -36741,26 +36802,26 @@ CVE-2018-3986
RESERVED
CVE-2018-3985
RESERVED
-CVE-2018-3984
- RESERVED
+CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within
the ...)
+ TODO: check
CVE-2018-3983
RESERVED
-CVE-2018-3982
- RESERVED
-CVE-2018-3981
- RESERVED
+CVE-2018-3982 (An exploitable arbitrary write vulnerability exists in the Word
...)
+ TODO: check
+CVE-2018-3981 (An exploitable uninitialized pointer vulnerability exists in
the Word ...)
+ TODO: check
CVE-2018-3980
RESERVED
CVE-2018-3979
RESERVED
-CVE-2018-3978
- RESERVED
+CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the
Word ...)
+ TODO: check
CVE-2018-3977
RESERVED
CVE-2018-3976
RESERVED
-CVE-2018-3975
- RESERVED
+CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in
the ...)
+ TODO: check
CVE-2018-3974
RESERVED
CVE-2018-3973
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/20a1b7b9732b48aa8e37259a40f8244eaf8eed0c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/20a1b7b9732b48aa8e37259a40f8244eaf8eed0c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
