[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 19 Oct 2018 13:11:10 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c7e147c1 by security tracker role at 2018-10-19T20:10:44Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2018-18528
+       RESERVED
+CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId 
or ...)
+       TODO: check
+CVE-2018-18526
+       RESERVED
+CVE-2018-18525
+       RESERVED
+CVE-2018-18524
+       RESERVED
+CVE-2018-18523
+       RESERVED
+CVE-2018-18522
+       RESERVED
+CVE-2018-18521 (Divide-by-zero vulnerabilities in the function 
arlib_add_symbols() in ...)
+       TODO: check
+CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function 
elf_end in ...)
+       TODO: check
+CVE-2018-18519
+       RESERVED
+CVE-2018-18518
+       RESERVED
+CVE-2018-18517
+       RESERVED
+CVE-2018-18516
+       RESERVED
+CVE-2018-18515
+       RESERVED
+CVE-2018-18514
+       RESERVED
+CVE-2018-18513
+       RESERVED
+CVE-2018-18512
+       RESERVED
+CVE-2018-18511
+       RESERVED
+CVE-2018-18510
+       RESERVED
+CVE-2018-18509
+       RESERVED
+CVE-2018-18508
+       RESERVED
+CVE-2018-18507
+       RESERVED
+CVE-2018-18506
+       RESERVED
+CVE-2018-18505
+       RESERVED
+CVE-2018-18504
+       RESERVED
+CVE-2018-18503
+       RESERVED
+CVE-2018-18502
+       RESERVED
+CVE-2018-18501
+       RESERVED
+CVE-2018-18500
+       RESERVED
+CVE-2018-18499
+       RESERVED
+CVE-2018-18498
+       RESERVED
+CVE-2018-18497
+       RESERVED
+CVE-2018-18496
+       RESERVED
+CVE-2018-18495
+       RESERVED
+CVE-2018-18494
+       RESERVED
+CVE-2018-18493
+       RESERVED
+CVE-2018-18492
+       RESERVED
+CVE-2018-18491
+       RESERVED
 CVE-2018-18490
        RESERVED
 CVE-2018-18489
@@ -236,20 +312,20 @@ CVE-2018-18398
        RESERVED
 CVE-2018-18397
        RESERVED
-CVE-2018-18396
-       RESERVED
-CVE-2018-18395
-       RESERVED
-CVE-2018-18394
-       RESERVED
-CVE-2018-18393
-       RESERVED
-CVE-2018-18392
-       RESERVED
-CVE-2018-18391
-       RESERVED
-CVE-2018-18390
-       RESERVED
+CVE-2018-18396 (Remote Code Execution in Moxa ThingsPro IIoT Gateway and 
Device ...)
+       TODO: check
+CVE-2018-18395 (Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device 
...)
+       TODO: check
+CVE-2018-18394 (Sensitive Information Stored in Clear Text in Moxa ThingsPro 
IIoT ...)
+       TODO: check
+CVE-2018-18393 (Password Management Issue in Moxa ThingsPro IIoT Gateway and 
Device ...)
+       TODO: check
+CVE-2018-18392 (Privilege Escalation via Broken Access Control in Moxa 
ThingsPro IIoT ...)
+       TODO: check
+CVE-2018-18391 (User Privilege Escalation in Moxa ThingsPro IIoT Gateway and 
Device ...)
+       TODO: check
+CVE-2018-18390 (User Enumeration in Moxa ThingsPro IIoT Gateway and Device 
Management ...)
+       TODO: check
 CVE-2018-18389 (Due to incorrect access control in Neo4j Enterprise Database 
Server ...)
        NOT-FOR-US: Neo4J server
 CVE-2018-18388
@@ -3737,7 +3813,7 @@ CVE-2018-16953 (The AjaxView::DisplayResponse() function 
of the portalpages.dll
        NOT-FOR-US: Oracle WebCenter Interaction Portal
 CVE-2018-16952 (The Oracle WebCenter Interaction Portal 10.3.3 does not 
implement ...)
        NOT-FOR-US: Oracle WebCenter Interaction Portal
-CVE-2017-18348
+CVE-2017-18348 (Splunk Enterprise 6.6.x, when configured to run as root but 
drop ...)
        NOT-FOR-US: Splunk
 CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics 
STM32F0 ...)
        NOT-FOR-US: STMicroelectronics STM32F0 series devices
@@ -5338,7 +5414,7 @@ CVE-2018-16312
        RESERVED
 CVE-2018-16311
        RESERVED
-CVE-2018-16310 (Technicolor TG588V V2 devices allow remote attackers to cause 
a denial ...)
+CVE-2018-16310 (** DISPUTED ** Technicolor TG588V V2 devices allow remote 
attackers ...)
        NOT-FOR-US: Technicolor
 CVE-2018-16309
        REJECTED
@@ -6285,7 +6361,7 @@ CVE-2018-15908 (In Artifex Ghostscript 9.23 before 
2018-08-23, attackers are abl
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657
        NOTE: https://www.kb.cert.org/vuls/id/332928
-CVE-2018-15907 (Technicolor (formerly RCA) TC8305C devices allow remote 
attackers to ...)
+CVE-2018-15907 (** DISPUTED ** Technicolor (formerly RCA) TC8305C devices 
allow ...)
        NOT-FOR-US: Technicolor (formerly RCA) TC8305C devices
 CVE-2018-15906
        RESERVED
@@ -6524,7 +6600,7 @@ CVE-2018-15853 (Endless recursion exists in 
xkbcomp/expr.c in xkbcommon and ...)
        [jessie] - libxkbcommon <no-dsa> (Minor issue)
        NOTE: 
https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
        NOTE: 
https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
-CVE-2018-15852 (Technicolor TC7200.20 devices allow remote attackers to cause 
a denial ...)
+CVE-2018-15852 (** DISPUTED ** Technicolor TC7200.20 devices allow remote 
attackers ...)
        NOT-FOR-US: Technicolor
 CVE-2018-15851 (An issue was discovered in Flexo CMS v0.1.6. There is a CSRF 
...)
        NOT-FOR-US: Flexo CMS
@@ -7764,16 +7840,16 @@ CVE-2018-15318
        RESERVED
 CVE-2018-15317
        RESERVED
-CVE-2018-15316
-       RESERVED
-CVE-2018-15315
-       RESERVED
-CVE-2018-15314
-       RESERVED
-CVE-2018-15313
-       RESERVED
-CVE-2018-15312
-       RESERVED
+CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, 
and/or Edge ...)
+       TODO: check
+CVE-2018-15315 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a 
reflected ...)
+       TODO: check
+CVE-2018-15314 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is 
a ...)
+       TODO: check
+CVE-2018-15313 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is 
a ...)
+       TODO: check
+CVE-2018-15312 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected 
...)
+       TODO: check
 CVE-2018-15311 (When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 
11.6.0-11.6.3.2, or ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2018-15310 (A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, ...)
@@ -38497,8 +38573,8 @@ CVE-2018-4015
        RESERVED
 CVE-2018-4014
        RESERVED
-CVE-2018-4013
-       RESERVED
+CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP 
...)
+       TODO: check
 CVE-2018-4012
        RESERVED
 CVE-2018-4011
@@ -309720,7 +309796,7 @@ CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on 
Solaris 8 allows remote ...
        NOT-FOR-US: InfoVista PortalSE
 CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 
on ...)
        NOT-FOR-US: InfoVista PortalSE
-CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versoins before 0.8, 
allows ...)
+CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versions before 0.8, 
allows ...)
        NOT-FOR-US: Michael Salzer Guestbox
 CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael 
Salzer ...)
        NOT-FOR-US: Michael Salzer Guestbox



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7e147c1e68cce7068d260373e68bc2d35487547

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7e147c1e68cce7068d260373e68bc2d35487547
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to