[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 25 Oct 2018 01:10:44 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6527b521 by security tracker role at 2018-10-25T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2018-18649
+       RESERVED
+CVE-2018-18648
+       RESERVED
+CVE-2018-18647
+       RESERVED
+CVE-2018-18646
+       RESERVED
+CVE-2018-18645
+       RESERVED
+CVE-2018-18644
+       RESERVED
+CVE-2018-18643
+       RESERVED
+CVE-2018-18642
+       RESERVED
+CVE-2018-18641
+       RESERVED
+CVE-2018-18640
+       RESERVED
+CVE-2018-18639
+       RESERVED
+CVE-2018-18638 (A command injection vulnerability in the setup API in the 
Neato Botvac ...)
+       TODO: check
+CVE-2018-18637
+       RESERVED
+CVE-2018-18636 (XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via 
the ...)
+       TODO: check
+CVE-2018-18635 (www/guis/admin/application/controllers/UserController.php in 
the ...)
+       TODO: check
+CVE-2018-18634
+       RESERVED
+CVE-2018-18633
+       RESERVED
+CVE-2018-18632
+       RESERVED
+CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup 
privileges ...)
+       TODO: check
+CVE-2016-10729 (An issue was discovered in Amanda 3.3.1. A user with backup 
privileges ...)
+       TODO: check
 CVE-2018-XXXX [XSA-278: x86: Nested VT-x usable even when disabled]
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-278.txt
@@ -23,8 +63,8 @@ CVE-2018-18623
        RESERVED
 CVE-2018-18622 (An issue was discovered in Waimai Super Cms 20150505. There is 
XSS via ...)
        NOT-FOR-US: Waimai Super Cms
-CVE-2018-18621
-       RESERVED
+CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via a message body in 
Pronto! ...)
+       TODO: check
 CVE-2018-18620
        RESERVED
 CVE-2018-18619
@@ -153,12 +193,12 @@ CVE-2018-18570
        RESERVED
 CVE-2018-18569
        RESERVED
-CVE-2018-18568
-       RESERVED
-CVE-2018-18567
-       RESERVED
-CVE-2018-18566
-       RESERVED
+CVE-2018-18568 (Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows 
...)
+       TODO: check
+CVE-2018-18567 (AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows 
...)
+       TODO: check
+CVE-2018-18566 (The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 
and ...)
+       TODO: check
 CVE-2018-18565
        RESERVED
 CVE-2018-18564
@@ -192,18 +232,18 @@ CVE-2018-18554
        RESERVED
 CVE-2018-18553 (Leanote 2.6.1 has XSS via the Blog Basic Setting title field, 
which is ...)
        NOT-FOR-US: Leanote
-CVE-2018-18552
-       RESERVED
-CVE-2018-18551
-       RESERVED
+CVE-2018-18552 (ServersCheck Monitoring Software through 14.3.3 allows local 
users to ...)
+       TODO: check
+CVE-2018-18551 (ServersCheck Monitoring Software through 14.3.3 has Persistent 
and ...)
+       TODO: check
 CVE-2018-18550 (ServersCheck Monitoring Software before 14.3.4 allows SQL 
Injection by ...)
        NOT-FOR-US: ServersCheck Monitoring Software
 CVE-2018-18549
        RESERVED
-CVE-2018-18548
-       RESERVED
-CVE-2018-18547
-       RESERVED
+CVE-2018-18548 (ajenticp (aka Ajenti Docker control panel) for Ajenti through 
...)
+       TODO: check
+CVE-2018-18547 (Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ 
domain ...)
+       TODO: check
 CVE-2018-18546 (ThinkPHP 3.2.4 has SQL Injection via the order parameter 
because the ...)
        NOT-FOR-US: ThinkPHP
 CVE-2018-18545 (Fiyo CMS 2.0.7 has XSS via the 
dapur\apps\app_user\edit_user.php name ...)
@@ -277,8 +317,8 @@ CVE-2018-18519
        RESERVED
 CVE-2018-18518
        RESERVED
-CVE-2018-18517
-       RESERVED
+CVE-2018-18517 (Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x 
before ...)
+       TODO: check
 CVE-2018-18516
        RESERVED
 CVE-2018-18515
@@ -365,8 +405,8 @@ CVE-2018-18478 (Persistent Cross-Site Scripting (XSS) 
issues in LibreNMS before
        NOT-FOR-US: LibreNMS
 CVE-2018-18477
        RESERVED
-CVE-2018-18476
-       RESERVED
+CVE-2018-18476 (mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection 
because it ...)
+       TODO: check
 CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3 build 123214 allows 
...)
        NOT-FOR-US: Zoho
 CVE-2018-18474
@@ -1627,10 +1667,10 @@ CVE-2018-18016 (ImageMagick 7.0.7-28 has a memory leak 
vulnerability in WritePCX
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1049
 CVE-2018-18015
        RESERVED
-CVE-2018-18014
-       RESERVED
-CVE-2018-18013
-       RESERVED
+CVE-2018-18014 (** DISPUTED *** Lack of authentication in Citrix Xen Mobile 
through ...)
+       TODO: check
+CVE-2018-18013 (** DISPUTED *** Xen Mobile through 10.8.0 includes a service 
listening ...)
+       TODO: check
 CVE-2018-18012
        RESERVED
 CVE-2018-18011
@@ -1847,12 +1887,12 @@ CVE-2018-17925 (Multiple instances of this 
vulnerability (Unsafe ActiveX Control
        NOT-FOR-US: Gigasoft
 CVE-2018-17924
        RESERVED
-CVE-2018-17923
-       RESERVED
+CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are 
vulnerable to ...)
+       TODO: check
 CVE-2018-17922
        RESERVED
-CVE-2018-17921
-       RESERVED
+CVE-2018-17921 (SAGA1-L8B with any firmware versions prior to A0.10 are 
vulnerable to ...)
+       TODO: check
 CVE-2018-17920
        RESERVED
 CVE-2018-17919 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye 
P2P Cloud ...)
@@ -1887,8 +1927,8 @@ CVE-2018-17905
        RESERVED
 CVE-2018-17904
        RESERVED
-CVE-2018-17903
-       RESERVED
+CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are 
vulnerable to ...)
+       TODO: check
 CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, 
All ...)
        NOT-FOR-US: Yokogawa STARDOM Controllers
 CVE-2018-17901 (LAquis SCADA Versions 4.1.0.3870 and prior, when processing 
project ...)
@@ -7087,10 +7127,10 @@ CVE-2018-15753 (An issue was discovered in the MensaMax 
(aka com.breustedt.mensa
        NOT-FOR-US: MensaMax application for Android
 CVE-2018-15752 (An issue was discovered in the MensaMax (aka 
com.breustedt.mensamax) ...)
        NOT-FOR-US: MensaMax application for Android
-CVE-2018-15751
-       RESERVED
-CVE-2018-15750
-       RESERVED
+CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 
allow ...)
+       TODO: check
+CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack 
Salt before ...)
+       TODO: check
 CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 
has a ...)
        NOT-FOR-US: Pulse Secure Desktop
 CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 
2.70.05.02, ...)
@@ -9215,8 +9255,8 @@ CVE-2018-14814
        RESERVED
 CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer 
overflow ...)
        NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14812
-       RESERVED
+CVE-2018-14812 (An uncontrolled search path element (DLL Hijacking) 
vulnerability has ...)
+       TODO: check
 CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted 
pointer ...)
        NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14810 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and 
prior and ...)
@@ -12936,8 +12976,8 @@ CVE-2018-13344
        RESERVED
 CVE-2018-13343
        RESERVED
-CVE-2018-13342
-       RESERVED
+CVE-2018-13342 (The server API in the Anda app relies on hardcoded 
credentials. ...)
+       TODO: check
 CVE-2018-13341 (Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 
all ...)
        NOT-FOR-US: Creston
 CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add 
request. ...)
@@ -14530,8 +14570,8 @@ CVE-2018-12652
        RESERVED
 CVE-2018-12651
        RESERVED
-CVE-2018-12650
-       RESERVED
+CVE-2018-12650 (Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site 
Scripting ...)
+       TODO: check
 CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php 
in MISP ...)
        NOT-FOR-US: MISP
 CVE-2018-12648 (The WEBP::GetLE32 function in ...)
@@ -15473,18 +15513,21 @@ CVE-2018-12398
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12398
 CVE-2018-12397
        RESERVED
+       {DSA-4324-1}
        - firefox-esr 60.3.0esr-1
        - firefox 63.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12397
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12397
 CVE-2018-12396
        RESERVED
+       {DSA-4324-1}
        - firefox-esr 60.3.0esr-1
        - firefox 63.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12396
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12396
 CVE-2018-12395
        RESERVED
+       {DSA-4324-1}
        - firefox-esr 60.3.0esr-1
        - firefox 63.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12395
@@ -15493,12 +15536,14 @@ CVE-2018-12394
        RESERVED
 CVE-2018-12393
        RESERVED
+       {DSA-4324-1}
        - firefox-esr 60.3.0esr-1
        - firefox 63.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12393
 CVE-2018-12392
        RESERVED
+       {DSA-4324-1}
        - firefox-esr 60.3.0esr-1
        - firefox 63.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392
@@ -15511,12 +15556,14 @@ CVE-2018-12391
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12391
 CVE-2018-12390
        RESERVED
+       {DSA-4324-1}
        - firefox-esr 60.3.0esr-1
        - firefox 63.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12390
 CVE-2018-12389
        RESERVED
+       {DSA-4324-1}
        - firefox-esr 60.3.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389
 CVE-2018-12388
@@ -17083,8 +17130,8 @@ CVE-2018-11794
        RESERVED
 CVE-2018-11793
        RESERVED
-CVE-2018-11792
-       RESERVED
+CVE-2018-11792 (In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME 
required ALTER ...)
+       TODO: check
 CVE-2018-11791
        RESERVED
 CVE-2018-11790
@@ -17097,8 +17144,8 @@ CVE-2018-11787 (In Apache Karaf version prior to 3.0.9, 
4.0.9, 4.1.1, when the .
        - apache-karaf <itp> (bug #881297)
 CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, if the sshd service in 
Karaf ...)
        - apache-karaf <itp> (bug #881297)
-CVE-2018-11785
-       RESERVED
+CVE-2018-11785 (Missing authorization check in Apache Impala before 3.0.1 
allows a ...)
+       TODO: check
 CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 
9.0.11, ...)
        {DLA-1545-1 DLA-1544-1}
        - tomcat9 <itp> (bug #802312)
@@ -23715,12 +23762,12 @@ CVE-2018-9283 (An XSS issue was discovered in 
CremeCRM 1.6.12. It is affected by
        NOT-FOR-US: Creme CRM
 CVE-2018-9282 (An XSS issue was discovered in Subsonic Media Server 6.1.1. The 
...)
        NOT-FOR-US: Subsonic Media Server
-CVE-2018-9281
-       RESERVED
-CVE-2018-9280
-       RESERVED
-CVE-2018-9279
-       RESERVED
+CVE-2018-9281 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The 
...)
+       TODO: check
+CVE-2018-9280 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The 
...)
+       TODO: check
+CVE-2018-9279 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The 
...)
+       TODO: check
 CVE-2018-9278
        RESERVED
 CVE-2018-9277
@@ -24636,8 +24683,8 @@ CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth 
input box to index.php, re
        NOT-FOR-US: CoverCMS
 CVE-2018-8956
        RESERVED
-CVE-2018-8955
-       RESERVED
+CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded 
string ...)
+       TODO: check
 CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote 
attackers to ...)
        NOT-FOR-US: CA Workload Control Center
 CVE-2018-8953 (CA Workload Automation AE before r11.3.6 SP7 allows remote 
attackers ...)
@@ -79796,22 +79843,22 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and 
older, 9.3.x (all ...)
 CVE-2017-7655
        RESERVED
 CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak 
vulnerability ...)
-       {DLA-1525-1}
+       {DSA-4325-1 DLA-1525-1}
        - mosquitto <unfixed> (bug #911265)
        NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493
        NOTE: 
https://github.com/eclipse/mosquitto/commit/51ec5601c2ec523bf2973fdc1eca77335eafb8de
 CVE-2017-7653 (The Eclipse Mosquitto broker up to version 1.4.15 does not 
reject ...)
-       {DLA-1525-1}
+       {DSA-4325-1 DLA-1525-1}
        - mosquitto <unfixed> (bug #911266)
        NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113
        NOTE: 
https://github.com/eclipse/mosquitto/commit/729a09310a7a56fbe5933b70b4588049da1a42b4
 CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set 
running ...)
-       {DLA-1409-1 DLA-1334-1}
+       {DSA-4325-1 DLA-1409-1 DLA-1334-1}
        - mosquitto 1.4.15-1
        NOTE: Patches: https://mosquitto.org/files/cve/2017-7652
        NOTE: 
http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
 CVE-2017-7651 (In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto 
server ...)
-       {DLA-1409-1 DLA-1334-1}
+       {DSA-4325-1 DLA-1409-1 DLA-1334-1}
        - mosquitto 1.4.15-1
        NOTE: Patches: https://mosquitto.org/files/cve/2017-7651
        NOTE: 
http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6527b5215ba1fa52b51e868119f5eb4ed688caf9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6527b5215ba1fa52b51e868119f5eb4ed688caf9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to