Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e314cb79 by security tracker role at 2018-10-17T20:10:45Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,16 @@
-CVE-2018-18445 [BPF verifier bug leads to out-of-bounds access]
+CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an
out-of-bounds ...)
+ TODO: check
+CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in ...)
+ TODO: check
+CVE-2018-18442
+ RESERVED
+CVE-2018-18441
+ RESERVED
+CVE-2018-18440
+ RESERVED
+CVE-2018-18439
+ RESERVED
+CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x
before ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -146,10 +158,10 @@ CVE-2018-18375 (goform/getProfileList in Orange AirBox
Y858_FL_01.16_04 allows .
NOT-FOR-US: Orange AirBox
CVE-2018-18374 (XSS exists in the MetInfo 6.1.2 admin/index.php page via the
anyid ...)
NOT-FOR-US: MetInfo
-CVE-2018-18373
- RESERVED
-CVE-2018-18372
- RESERVED
+CVE-2018-18373 (In the Schiocco "Support Board - Chat And Help Desk"
plugin 1.2.3 for ...)
+ TODO: check
+CVE-2018-18372 (A Stored XSS vulnerability has been discovered in KAASoft
Library CMS ...)
+ TODO: check
CVE-2018-18371
RESERVED
CVE-2018-18370
@@ -381,8 +393,8 @@ CVE-2018-18264
RESERVED
CVE-2018-18263
RESERVED
-CVE-2018-18262
- RESERVED
+CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
...)
+ TODO: check
CVE-2018-18261
RESERVED
CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been
discovered. ...)
@@ -1254,8 +1266,8 @@ CVE-2018-17966 (ImageMagick 7.0.7-28 has a memory leak
vulnerability in WritePDB
CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak vulnerability in
WriteSGIImage ...)
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1052
-CVE-2018-17964
- RESERVED
+CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via an Add Tags action. ...)
+ TODO: check
CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet
sizes ...)
- qemu <unfixed>
- qemu-kvm <removed>
@@ -5341,8 +5353,8 @@ CVE-2018-16234 (MorningStar WhatWeb 0.4.9 has XSS via
JSON report files. ...)
NOT-FOR-US: MorningStar WhatWeb
CVE-2018-16233 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags
parameter. ...)
NOT-FOR-US: MiniCMS
-CVE-2018-16232
- RESERVED
+CVE-2018-16232 (An authenticated command injection vulnerability exists in
IPFire ...)
+ TODO: check
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f
allows ...)
NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230
@@ -5972,22 +5984,22 @@ CVE-2018-15978
RESERVED
CVE-2018-15977
RESERVED
-CVE-2018-15976
- RESERVED
+CVE-2018-15976 (Adobe Technical Communications Suite versions 1.0.5.1 and
below have ...)
+ TODO: check
CVE-2018-15975
RESERVED
-CVE-2018-15974
- RESERVED
-CVE-2018-15973
- RESERVED
-CVE-2018-15972
- RESERVED
-CVE-2018-15971
- RESERVED
-CVE-2018-15970
- RESERVED
-CVE-2018-15969
- RESERVED
+CVE-2018-15974 (Adobe Framemaker versions 1.0.5.1 and below have an insecure
library ...)
+ TODO: check
+CVE-2018-15973 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
+ TODO: check
+CVE-2018-15972 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
+ TODO: check
+CVE-2018-15971 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
+ TODO: check
+CVE-2018-15970 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
+ TODO: check
+CVE-2018-15969 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
+ TODO: check
CVE-2018-15968 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier,
...)
NOT-FOR-US: Adobe
CVE-2018-15967 (Adobe Flash Player versions 30.0.0.154 and earlier have a
privilege ...)
@@ -6870,8 +6882,8 @@ CVE-2018-15618
RESERVED
CVE-2018-15617
RESERVED
-CVE-2018-15616
- RESERVED
+CVE-2018-15616 (A vulnerability in the Web UI component of Avaya Aura System
Platform ...)
+ TODO: check
CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call
Management ...)
NOT-FOR-US: Avaya
CVE-2018-15614
@@ -7253,8 +7265,8 @@ CVE-2018-15494 (In Dojo Toolkit before 1.14, there is
unescaped string injection
{DLA-1492-1}
- dojo 1.14.1+dfsg1-1 (bug #906540)
NOTE: https://github.com/dojo/dojox/pull/283
-CVE-2018-15493
- RESERVED
+CVE-2018-15493 (vBulletin 5.4.3 has an Open Redirect. ...)
+ TODO: check
CVE-2018-15492 (A vulnerability in the lservnt.exe component of Sentinel
License ...)
NOT-FOR-US: Sentinel License Manager
CVE-2018-15491 (A vulnerability in the permission and encryption
implementation of ...)
@@ -8457,11 +8469,11 @@ CVE-2018-14919
CVE-2018-14918
RESERVED
CVE-2018-14917
- RESERVED
+ REJECTED
CVE-2018-14916
RESERVED
CVE-2018-14915
- RESERVED
+ REJECTED
CVE-2018-1000223 (soundtouch version up to and including 2.0.0 contains a
Buffer ...)
- soundtouch <unfixed> (bug #905491)
[stretch] - soundtouch <no-dsa> (Minor issue)
@@ -13643,28 +13655,28 @@ CVE-2018-12825 (Adobe Flash Player 30.0.0.134 and
earlier have a security bypass
NOT-FOR-US: Adobe
CVE-2018-12824 (Adobe Flash Player 30.0.0.134 and earlier have an
out-of-bounds read ...)
NOT-FOR-US: Adobe
-CVE-2018-12823
- RESERVED
-CVE-2018-12822
- RESERVED
-CVE-2018-12821
- RESERVED
-CVE-2018-12820
- RESERVED
-CVE-2018-12819
- RESERVED
-CVE-2018-12818
- RESERVED
+CVE-2018-12823 (Adobe Digital Editions versions 4.5.8 and below have a heap
overflow ...)
+ TODO: check
+CVE-2018-12822 (Adobe Digital Editions versions 4.5.8 and below have an use
after free ...)
+ TODO: check
+CVE-2018-12821 (Adobe Digital Editions versions 4.5.8 and below have an out of
bounds ...)
+ TODO: check
+CVE-2018-12820 (Adobe Digital Editions versions 4.5.8 and below have an out of
bounds ...)
+ TODO: check
+CVE-2018-12819 (Adobe Digital Editions versions 4.5.8 and below have an out of
bounds ...)
+ TODO: check
+CVE-2018-12818 (Adobe Digital Editions versions 4.5.8 and below have an out of
bounds ...)
+ TODO: check
CVE-2018-12817
RESERVED
-CVE-2018-12816
- RESERVED
+CVE-2018-12816 (Adobe Digital Editions versions 4.5.8 and below have an out of
bounds ...)
+ TODO: check
CVE-2018-12815 (Adobe Acrobat and Reader 2018.011.20040 and earlier,
2017.011.30080 and ...)
NOT-FOR-US: Adobe
-CVE-2018-12814
- RESERVED
-CVE-2018-12813
- RESERVED
+CVE-2018-12814 (Adobe Digital Editions versions 4.5.8 and below have a heap
overflow ...)
+ TODO: check
+CVE-2018-12813 (Adobe Digital Editions versions 4.5.8 and below have a heap
overflow ...)
+ TODO: check
CVE-2018-12812 (Adobe Acrobat and Reader 2018.011.20038 and earlier,
2017.011.30079 and ...)
NOT-FOR-US: Adobe
CVE-2018-12811 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017
before ...)
@@ -18909,8 +18921,8 @@ CVE-2018-10935 (A flaw was found in the 389 Directory
Server that allows users t
CVE-2018-10934
RESERVED
- wildfly <itp> (bug #752018)
-CVE-2018-10933
- RESERVED
+CVE-2018-10933 (A vulnerability was found in libssh's server-side state
machine before ...)
+ {DSA-4322-1}
- libssh 0.8.4-1 (bug #911149)
NOTE:
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
NOTE: https://bugs.libssh.org/T101
@@ -19382,12 +19394,12 @@ CVE-2018-10826
RESERVED
CVE-2018-10825 (Mimo Baby 2 devices do not use authentication or encryption
for the ...)
NOT-FOR-US: Mimo Baby 2
-CVE-2018-10824
- RESERVED
-CVE-2018-10823
- RESERVED
-CVE-2018-10822
- RESERVED
+CVE-2018-10824 (An issue was discovered on D-Link DWR-116 through 1.06,
DIR-140L ...)
+ TODO: check
+CVE-2018-10823 (An issue was discovered on D-Link DWR-116 through 1.06,
DWR-512 ...)
+ TODO: check
+CVE-2018-10822 (Directory traversal vulnerability in the web interface on
D-Link ...)
+ TODO: check
CVE-2018-10821 (Cross-site scripting (XSS) vulnerability in
backend/pages/modify.php ...)
NOT-FOR-US: BlackCatCMS
CVE-2018-10820
@@ -26559,8 +26571,8 @@ CVE-2018-7991 (Huawei smartphones Mate10 with versions
earlier before ALP-AL00B
NOT-FOR-US: Huawei
CVE-2018-7990 (Mate10 Pro Huawei smart phones with the versions before
8.1.0.326(C00) ...)
NOT-FOR-US: Huawei
-CVE-2018-7989
- RESERVED
+CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before
BLA-AL00B ...)
+ TODO: check
CVE-2018-7988
RESERVED
CVE-2018-7987
@@ -26689,8 +26701,8 @@ CVE-2018-7926
RESERVED
CVE-2018-7925
RESERVED
-CVE-2018-7924
- RESERVED
+CVE-2018-7924 (Anne-AL00 Huawei phones with versions earlier than
8.0.0.151(C00) have ...)
+ TODO: check
CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09
...)
NOT-FOR-US: Huawei
CVE-2018-7922 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09
...)
@@ -29407,17 +29419,18 @@ CVE-2018-7113
RESERVED
CVE-2018-7112
RESERVED
-CVE-2018-7111
- RESERVED
-CVE-2018-7110
- RESERVED
+CVE-2018-7111 (A remote unauthorized access vulnerability was identified in
HPE UIoT ...)
+ TODO: check
+CVE-2018-7110 (A remote unauthorized disclosure of information vulnerability
was ...)
+ TODO: check
CVE-2018-7109 (HPE has addressed a remote arbitrary file modification
vulnerability ...)
NOT-FOR-US: HPE
CVE-2018-7108 (HPE StorageWorks XP7 Automation Director (AutoDir) version
8.5.2-02 to ...)
NOT-FOR-US: HPE
CVE-2018-7107 (A potential security vulnerability has been identified in HPE
Device ...)
NOT-FOR-US: HPE
-CVE-2018-7106 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5)
for ...)
+CVE-2018-7106
+ REJECTED
NOT-FOR-US: HPE
CVE-2018-7105 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5)
for ...)
NOT-FOR-US: HPE
@@ -29477,8 +29490,8 @@ CVE-2018-7078 (A remote code execution was identified
in HPE Integrated Lights-O
NOT-FOR-US: HPE
CVE-2018-7077 (A security vulnerability in HPE XP P9000 Command View Advanced
Edition ...)
NOT-FOR-US: HPE
-CVE-2018-7076
- RESERVED
+CVE-2018-7076 (A remote code execution vulnerability was identified in HPE ...)
+ TODO: check
CVE-2018-7075 (A remote cross-site scripting (XSS) vulnerability was
identified in ...)
NOT-FOR-US: HPE
CVE-2018-7074 (A remote code execution vulnerability was identified in HPE ...)
@@ -47910,8 +47923,8 @@ CVE-2017-17178
RESERVED
CVE-2017-17177
RESERVED
-CVE-2017-17176
- RESERVED
+CVE-2017-17176 (The hardware security module of Mate 9 and Mate 9 Pro Huawei
smart ...)
+ TODO: check
CVE-2017-17175 (Short Message Service (SMS) module of Mate 9 Pro Huawei smart
phones ...)
NOT-FOR-US: Huawei
CVE-2017-17174 (Some Huawei products RSE6500 V500R002C00; SoftCo
V200R003C20SPCb00; ...)
@@ -49795,8 +49808,8 @@ CVE-2018-0418 (A vulnerability in the Local Packet
Transport Services (LPTS) fea
NOT-FOR-US: Cisco
CVE-2018-0417
RESERVED
-CVE-2018-0416
- RESERVED
+CVE-2018-0416 (A vulnerability in the web-based interface of Cisco Wireless
LAN ...)
+ TODO: check
CVE-2018-0415 (A vulnerability in the implementation of Extensible
Authentication ...)
NOT-FOR-US: Cisco
CVE-2018-0414 (A vulnerability in the web-based UI of Cisco Secure Access
Control ...)
@@ -49851,8 +49864,8 @@ CVE-2018-0390 (A vulnerability in the web framework of
Cisco Webex could allow a
NOT-FOR-US: Cisco
CVE-2018-0389
RESERVED
-CVE-2018-0388
- RESERVED
+CVE-2018-0388 (A vulnerability in the web-based interface of Cisco Wireless
LAN ...)
+ TODO: check
CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS)
could ...)
NOT-FOR-US: Cisco
CVE-2018-0386 (A vulnerability in Cisco Unified Communications Domain Manager
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e314cb79ac39f15ed2b87327570f2a07cf24784e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e314cb79ac39f15ed2b87327570f2a07cf24784e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
