Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c749d71b by security tracker role at 2018-10-30T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1140,7 +1140,7 @@ CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code
Execution via PHP code in a
NOT-FOR-US: Advanced HRM
CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in
...)
NOT-FOR-US: Z-BlogPHP
-CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree. admin.php
accepts ...)
+CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree before
4.2.24. ...)
NOT-FOR-US: Bigtree CMS
CVE-2018-18379
RESERVED
@@ -1351,8 +1351,7 @@ CVE-2018-18283
RESERVED
CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error
page. ...)
NOT-FOR-US: Next.js
-CVE-2018-18281 [mremap: properly flush TLB before releasing the page]
- RESERVED
+CVE-2018-18281 (Since Linux kernel version 3.2, the mremap() syscall performs
TLB ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/eb66ae030829605d61fbef1909ce310e29f78821
CVE-2018-18280
@@ -2700,10 +2699,10 @@ CVE-2018-17785 (In blynk-server in Blynk before 0.39.7,
Directory Traversal exis
NOT-FOR-US: blynk-server in Blynk
CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in
SugarCRM ...)
NOT-FOR-US: SugarCRM
-CVE-2018-17783
- RESERVED
-CVE-2018-17782
- RESERVED
+CVE-2018-17783 (A cross-site scripting (XSS) vulnerability in the Edit Filter
page ...)
+ TODO: check
+CVE-2018-17782 (A cross-site scripting (XSS) vulnerability in the Manage
Filters page ...)
+ TODO: check
CVE-2018-17781 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers
to ...)
NOT-FOR-US: Foxit
CVE-2018-17780 (Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0
WP8.1 on ...)
@@ -10599,8 +10598,8 @@ CVE-2018-14560
RESERVED
CVE-2018-14559
RESERVED
-CVE-2018-14558
- RESERVED
+CVE-2018-14558 (An issue was discovered on Tenda AC7 devices with firmware
through ...)
+ TODO: check
CVE-2018-14557
RESERVED
CVE-2018-14556
@@ -20405,6 +20404,7 @@ CVE-2018-10847 (prosody before versions 0.10.2, 0.9.14
is vulnerable to an ...)
NOTE:
https://prosody.im/security/advisory_20180531/issue1147-0.10.1.patch (0.10.1)
NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.9.patch
(0.9.x)
CVE-2018-10846 (A cache-based side channel in GnuTLS implementation that leads
to ...)
+ {DLA-1560-1}
[experimental] - gnutls28 3.6.3-1
- gnutls28 <unfixed>
- gnutls26 <removed>
@@ -20414,6 +20414,7 @@ CVE-2018-10846 (A cache-based side channel in GnuTLS
implementation that leads t
NOTE: instead of correcting the issue.
NOTE: https://eprint.iacr.org/2018/747
CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384
was ...)
+ {DLA-1560-1}
- gnutls28 3.5.19-1
[stretch] - gnutls28 <no-dsa> (Will be fixed via pu)
- gnutls26 <removed>
@@ -20423,6 +20424,7 @@ CVE-2018-10845 (It was found that the GnuTLS
implementation of HMAC-SHA-384 was
NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
NOTE: https://eprint.iacr.org/2018/747
CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256
was ...)
+ {DLA-1560-1}
- gnutls28 3.5.19-1
[stretch] - gnutls28 <no-dsa> (Will be fixed via pu)
- gnutls26 <removed>
@@ -20796,14 +20798,14 @@ CVE-2018-10714
RESERVED
CVE-2018-10713 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An
...)
NOT-FOR-US: D-Link
-CVE-2018-10712
- RESERVED
-CVE-2018-10711
- RESERVED
-CVE-2018-10710
- RESERVED
-CVE-2018-10709
- RESERVED
+CVE-2018-10712 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in
ASRock RGBLED ...)
+ TODO: check
+CVE-2018-10711 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in
ASRock RGBLED ...)
+ TODO: check
+CVE-2018-10710 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in
ASRock RGBLED ...)
+ TODO: check
+CVE-2018-10709 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in
ASRock RGBLED ...)
+ TODO: check
CVE-2018-10708
RESERVED
CVE-2018-10707
@@ -21265,8 +21267,8 @@ CVE-2018-10534 (The
_bfd_XX_bfd_copy_private_bfd_data_common function in peXXige
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aa4a8c2a2a67545e90c877162c53cc9de42dc8b4
CVE-2018-10533
RESERVED
-CVE-2018-10532
- RESERVED
+CVE-2018-10532 (An issue was discovered on EE 4GEE HH70VB-2BE8GB3
HH70_E1_02.00_19 ...)
+ TODO: check
CVE-2018-10531
RESERVED
CVE-2018-10530
@@ -49935,8 +49937,7 @@ CVE-2018-0735 (The OpenSSL ECDSA signature algorithm
has been shown to be vulner
NOTE: https://www.openssl.org/news/secadv/20181029.txt
NOTE: OpenSSL_1_1_1-stable:
https://git.openssl.org/?p=openssl.git;a=commit;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
NOTE: OpenSSL_1_1_0-stable:
https://git.openssl.org/?p=openssl.git;a=commit;h=56fb454d281a023b3f950d969693553d3f3ceea1
-CVE-2018-0734 [Timing vulnerability in DSA signature generation]
- RESERVED
+CVE-2018-0734 (The OpenSSL DSA signature algorithm has been shown to be
vulnerable to ...)
- openssl <unfixed>
[stretch] - openssl <postponed> (Wait for next DSA and upstream release)
- openssl1.0 <unfixed>
@@ -76460,8 +76461,8 @@ CVE-2017-8932 (A bug in the standard library ScalarMult
implementation of curve
NOTE: Upstream patch: https://golang.org/cl/41070
NOTE: Fix for 1.7: https://go-review.googlesource.com/c/43773
NOTE: Fix for 1.8: https://go-review.googlesource.com/c/43770
-CVE-2017-8931
- RESERVED
+CVE-2017-8931 (Bitdefender GravityZone VMware appliance before 6.2.1-35 might
allow ...)
+ TODO: check
CVE-2017-8930 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Simple ...)
NOT-FOR-US: Simple Invoices
CVE-2017-8929 (The sized_string_cmp function in libyara/sizedstr.c in YARA
3.5.0 ...)
@@ -137272,8 +137273,8 @@ CVE-2015-7268 (Samsung 850 Pro and PM851 solid-state
drives and Seagate ST500LT0
NOT-FOR-US: Samsung
CVE-2015-7267 (Samsung 850 Pro and PM851 solid-state drives and Seagate
ST500LT015 ...)
NOT-FOR-US: Samsung
-CVE-2015-7266
- RESERVED
+CVE-2015-7266 (The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol
...)
+ TODO: check
CVE-2015-7265 (Facebook Proxygen before 2015-11-09 mismanages
HTTPMessage.request ...)
NOT-FOR-US: Facebook Proxygen
CVE-2015-7264 (The SPDY/2 codec in Facebook Proxygen before 2015-11-09
truncates a ...)
@@ -143148,8 +143149,7 @@ CVE-2015-5160 (libvirt before 2.2 includes Ceph
credentials on the qemu command
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1182074 (not yet
opened)
NOTE:
https://www.redhat.com/archives/libvir-list/2011-November/msg00853.html
NOTE: Needs changes in QEMU for passing passwords. Affects at least
iSCSI and rbd/ceph.
-CVE-2015-5159
- RESERVED
+CVE-2015-5159 (python-kdcproxy before 0.3.2 allows remote attackers to cause a
denial ...)
NOT-FOR-US: kdcproxy
CVE-2015-5158 (Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when
built ...)
- qemu 1:2.4+dfsg-1a (bug #793388)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c749d71b098519631a163bb1777890f464ddfc20
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c749d71b098519631a163bb1777890f464ddfc20
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
