Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d4c73413 by security tracker role at 2018-10-08T20:10:55Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2018-18067
+ RESERVED
+CVE-2018-18066 (snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8
has a ...)
+ TODO: check
+CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before
5.8 has ...)
+ TODO: check
+CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write
during ...)
+ TODO: check
+CVE-2018-18063
+ RESERVED
+CVE-2018-18062
+ RESERVED
+CVE-2018-18061
+ RESERVED
+CVE-2018-18060
+ RESERVED
+CVE-2018-18059
+ RESERVED
+CVE-2018-18058
+ RESERVED
+CVE-2018-18057
+ RESERVED
+CVE-2018-18056
+ RESERVED
+CVE-2018-1000810 (The Rust Programming Language Standard Library version
1.29.0, 1.28.0, ...)
+ TODO: check
+CVE-2018-1000809 (privacyIDEA version 2.23.1 and earlier contains a Improper
Input ...)
+ TODO: check
+CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before
17.5.0 ...)
+ TODO: check
+CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to
version ...)
+ TODO: check
+CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5,
1.17.6 ...)
+ TODO: check
+CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow
vulnerability in AQL ...)
+ TODO: check
+CVE-2018-1000803 (Gitea version prior to version 1.5.1 contains a CWE-200
vulnerability ...)
+ TODO: check
CVE-2018-18055
RESERVED
CVE-2018-18054
@@ -180,8 +218,8 @@ CVE-2018-17979
RESERVED
CVE-2018-17978
RESERVED
-CVE-2018-17977
- RESERVED
+CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among
XFRM ...)
+ TODO: check
CVE-2018-17976
RESERVED
CVE-2018-17975
@@ -374,8 +412,8 @@ CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds:
Version 11.2 and prior ru
NOT-FOR-US: Carestream Vue RIS, RIS Client Builds
CVE-2018-17890
RESERVED
-CVE-2018-17889
- RESERVED
+CVE-2018-17889 (In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and
prior ...)
+ TODO: check
CVE-2018-17888
RESERVED
CVE-2018-17887
@@ -387,6 +425,7 @@ CVE-2018-17885
CVE-2018-17883
RESERVED
CVE-2018-18021 (arch/arm64/kvm/guest.c in KVM in the Linux kernel before
4.18.12 on the ...)
+ {DSA-4313-1}
- linux 4.18.10-2
[jessie] - linux <ignored> (arm64 not supported in jessie LTS)
NOTE:
https://git.kernel.org/linus/d26c25a9d19b5976b319af528886f89cf455692d
@@ -635,8 +674,8 @@ CVE-2018-17777
RESERVED
CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)"
permission for ...)
NOT-FOR-US: PCProtect Anti-Virus
-CVE-2018-17775
- RESERVED
+CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)"
permission for ...)
+ TODO: check
CVE-2018-17774
RESERVED
CVE-2018-17773
@@ -1338,14 +1377,14 @@ CVE-2018-17445
RESERVED
CVE-2018-17444
RESERVED
-CVE-2018-17443
- RESERVED
-CVE-2018-17442
- RESERVED
-CVE-2018-17441
- RESERVED
-CVE-2018-17440
- RESERVED
+CVE-2018-17443 (An issue was discovered on D-Link Central WiFi Manager before
v ...)
+ TODO: check
+CVE-2018-17442 (An issue was discovered on D-Link Central WiFi Manager before
v ...)
+ TODO: check
+CVE-2018-17441 (An issue was discovered on D-Link Central WiFi Manager before
v ...)
+ TODO: check
+CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before
v ...)
+ TODO: check
CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There
is a ...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
@@ -2235,8 +2274,8 @@ CVE-2018-17062 (An issue was discovered in SeaCMS 6.64.
XSS exists in admin_vide
NOT-FOR-US: SeaCMS
CVE-2018-17061 (BullGuard Safe Browsing before 18.1.355.9 allows XSS on
Google, Bing, ...)
NOT-FOR-US: BullGuard Safe Browsing
-CVE-2018-17060
- RESERVED
+CVE-2018-17060 (Telerik Extensions for ASP.NET MVC (all versions) does not
whitelist ...)
+ TODO: check
CVE-2018-17059
RESERVED
CVE-2018-17058
@@ -2915,6 +2954,7 @@ CVE-2018-16759 (The removeXSS function in
App/Common/common.php (called from ...
NOT-FOR-US: EasyCMS
CVE-2018-16758
RESERVED
+ {DSA-4312-1 DLA-1538-1}
- tinc 1.0.35-1
NOTE:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
CVE-2018-16757
@@ -2980,6 +3020,7 @@ CVE-2018-16739
RESERVED
CVE-2018-16738
RESERVED
+ {DSA-4312-1}
- tinc 1.0.35-1
[jessie] - tinc <not-affected> (Only affects 1.0.30 to 1.0.34)
NOTE:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
@@ -2987,6 +3028,7 @@ CVE-2018-16738
NOTE: in place for the Sweet32 attack in tinc 1.0.30.
CVE-2018-16737
RESERVED
+ {DLA-1538-1}
- tinc 1.0.31-1
NOTE:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
CVE-2018-16736 (In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via
the ...)
@@ -4095,20 +4137,20 @@ CVE-2018-16299 (The Localize My Post plugin 1.0 for
WordPress allows Directory .
NOT-FOR-US: Wordpress plugin
CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an ...)
NOT-FOR-US: MiniCMS
-CVE-2018-16297
- RESERVED
-CVE-2018-16296
- RESERVED
-CVE-2018-16295
- RESERVED
-CVE-2018-16294
- RESERVED
-CVE-2018-16293
- RESERVED
-CVE-2018-16292
- RESERVED
-CVE-2018-16291
- RESERVED
+CVE-2018-16297 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-16296 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-16295 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-16294 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-16293 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-16292 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-16291 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
CVE-2018-16290
RESERVED
CVE-2018-16289
@@ -5021,8 +5063,8 @@ CVE-2018-15905
RESERVED
CVE-2018-15904 (A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before
...)
NOT-FOR-US: A10 ACOS Web Application Firewall
-CVE-2018-15903
- RESERVED
+CVE-2018-15903 (The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable
to stored ...)
+ TODO: check
CVE-2018-15902
RESERVED
CVE-2018-15901 (e107 2.1.8 has CSRF in 'usersettings.php' with an impact of
changing ...)
@@ -6516,6 +6558,7 @@ CVE-2018-15470 (An issue was discovered in Xen through
4.11.x. The logic in oxen
- xen <unfixed> (unimportant)
NOTE: https://xenbits.xen.org/xsa/advisory-272.html
CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in ...)
+ {DSA-4313-1}
- linux 4.18.10-2
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-270.html
@@ -7574,8 +7617,8 @@ CVE-2018-14820
RESERVED
CVE-2018-14819 (Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds
read ...)
NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14818
- RESERVED
+CVE-2018-14818 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and
prior and ...)
+ TODO: check
CVE-2018-14817 (Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow
...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14816
@@ -7590,8 +7633,8 @@ CVE-2018-14812
RESERVED
CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted
pointer ...)
NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14810
- RESERVED
+CVE-2018-14810 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and
prior and ...)
+ TODO: check
CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5. Non-administrative
users ...)
@@ -17836,7 +17879,7 @@ CVE-2018-10920 (Improper input validation bug in DNS
resolver component of Knot
NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2
(including patch)
CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an
...)
- {DSA-4271-1}
+ {DSA-4271-1 DLA-1539-1}
- samba 2:4.8.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2018-10919.html
CVE-2018-10918 (A null pointer dereference flaw was found in the way samba
checked ...)
@@ -18104,7 +18147,7 @@ CVE-2018-10859 (git-annex is vulnerable to an
Information Exposure when decrypti
NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
NOTE:
https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients
processed ...)
- {DSA-4271-1}
+ {DSA-4271-1 DLA-1539-1}
- samba 2:4.8.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html
CVE-2018-10857 (git-annex is vulnerable to a private data exposure and
exfiltration ...)
@@ -33637,14 +33680,14 @@ CVE-2018-5404
RESERVED
CVE-2018-5403
RESERVED
-CVE-2018-5402
- RESERVED
-CVE-2018-5401
- RESERVED
-CVE-2018-5400
- RESERVED
-CVE-2018-5399
- RESERVED
+CVE-2018-5402 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer
Android App ...)
+ TODO: check
+CVE-2018-5401 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer
Android App ...)
+ TODO: check
+CVE-2018-5400 (The Auto-Maskin products utilize an undocumented custom
protocol to ...)
+ TODO: check
+CVE-2018-5399 (The Auto-Maskin DCU 210E firmware contains an undocumented
Dropbear ...)
+ TODO: check
CVE-2018-5398
RESERVED
CVE-2018-5397
@@ -37262,18 +37305,18 @@ CVE-2018-3999 (An exploitable stack-based buffer
overflow vulnerability exists i
TODO: check
CVE-2018-3998 (An exploitable heap-based buffer overflow vulnerability exists
in the ...)
TODO: check
-CVE-2018-3997
- RESERVED
-CVE-2018-3996
- RESERVED
+CVE-2018-3997 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-3996 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
CVE-2018-3995 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
TODO: check
CVE-2018-3994 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
TODO: check
CVE-2018-3993 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
TODO: check
-CVE-2018-3992
- RESERVED
+CVE-2018-3992 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
CVE-2018-3991
RESERVED
CVE-2018-3990
@@ -37366,18 +37409,18 @@ CVE-2018-3947
RESERVED
CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
TODO: check
-CVE-2018-3945
- RESERVED
+CVE-2018-3945 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
CVE-2018-3944 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
TODO: check
CVE-2018-3943 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
TODO: check
-CVE-2018-3942
- RESERVED
-CVE-2018-3941
- RESERVED
-CVE-2018-3940
- RESERVED
+CVE-2018-3942 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-3941 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-3940 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
CVE-2018-3939 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
NOT-FOR-US: Foxit
CVE-2018-3938 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
@@ -43523,16 +43566,16 @@ CVE-2018-1755 (IBM WebSphere Application Server
Liberty could allow a remote att
NOT-FOR-US: IBM
CVE-2018-1754
RESERVED
-CVE-2018-1753
- RESERVED
+CVE-2018-1753 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an
error ...)
+ TODO: check
CVE-2018-1752
RESERVED
CVE-2018-1751
RESERVED
-CVE-2018-1750
- RESERVED
-CVE-2018-1749
- RESERVED
+CVE-2018-1750 (IBM Security Key Lifecycle Manager 3.0 specifies permissions
for a ...)
+ TODO: check
+CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses
incomplete ...)
+ TODO: check
CVE-2018-1748
RESERVED
CVE-2018-1747
@@ -43543,12 +43586,12 @@ CVE-2018-1745
RESERVED
CVE-2018-1744
RESERVED
-CVE-2018-1743
- RESERVED
-CVE-2018-1742
- RESERVED
-CVE-2018-1741
- RESERVED
+CVE-2018-1743 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses
sensitive ...)
+ TODO: check
+CVE-2018-1742 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains
hard-coded ...)
+ TODO: check
+CVE-2018-1741 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not
properly ...)
+ TODO: check
CVE-2018-1740
RESERVED
CVE-2018-1739
@@ -106335,8 +106378,8 @@ CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in
rnd_template.c in Libav 11
NOTE:
https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/
CVE-2016-7476 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM,
AFM, ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2016-7475
- RESERVED
+CVE-2016-7475 (Under some circumstances on BIG-IP 12.0.0-12.1.0,
11.6.0-11.6.1, or ...)
+ TODO: check
CVE-2016-7474 (In some cases the MCPD binary cache in F5 BIG-IP devices may
allow a ...)
NOT-FOR-US: F5 BIG-IP
CVE-2016-7473
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4c73413efc2111f67a46214b78f28b517f6b611
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4c73413efc2111f67a46214b78f28b517f6b611
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
